Date: Mon, 30 Jun 2014 15:33:09 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 191515] New: print/cups-base: cupsd incorrectly requests peer's credentials Message-ID: <bug-191515-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=191515 Bug ID: 191515 Summary: print/cups-base: cupsd incorrectly requests peer's credentials Product: Ports Tree Version: Latest Hardware: Any OS: Any Status: Needs Triage Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: KOT@MATPOCKuH.Ru To receive peer's credentials in scheduler/auth.c uses this code: if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &peercred, &peersize)) But on FreeBSD getsockopt() can't return peer's credentials. As result cupsd can't verify peer's credentials and some applications like cups-browsed will fail to communicate with cupsd. In /var/log/cups/messages I see messages like this: E [30/Jun/2014:19:24:32 +0400] [Client 11] Invalid peer credentials for "root" - got 556557241, expected 0! To fix this problem I used this simple and dumb patch: --- scheduler/auth.c.orig 2014-06-30 19:17:02.796524975 +0400 +++ scheduler/auth.c 2014-06-30 19:18:00.818031410 +0400 @@ -559,7 +559,7 @@ # ifdef __APPLE__ if (getsockopt(con->http.fd, 0, LOCAL_PEERCRED, &peercred, &peersize)) # else - if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &peercred, &peersize)) + if (getpeereid(con->http.fd, &(peercred.cr_uid), &(peercred.cr_groups[0]))) # endif /* __APPLE__ */ { cupsdLogMessage(CUPSD_LOG_ERROR, But this solution may be incomplete. Also required escalation of this problem to Apple. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-191515-13>