diff options
-rw-r--r-- | docs-xml/smbdotconf/printing/cupsencrypt.xml | 25 | ||||
-rw-r--r-- | source3/configure.in | 1 | ||||
-rw-r--r-- | source3/include/proto.h | 1 | ||||
-rw-r--r-- | source3/param/loadparm.c | 34 | ||||
-rw-r--r-- | source3/printing/print_cups.c | 5 | ||||
-rw-r--r-- | source3/smbd/dosmode.c | 12 |
6 files changed, 74 insertions, 4 deletions
diff --git a/docs-xml/smbdotconf/printing/cupsencrypt.xml b/docs-xml/smbdotconf/printing/cupsencrypt.xml new file mode 100644 index 0000000000..f93b1c5935 --- /dev/null +++ b/docs-xml/smbdotconf/printing/cupsencrypt.xml @@ -0,0 +1,25 @@ +<samba:parameter name="cups encrypt" + context="G" + type="enum" + advanced="1" print="1" + xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> +<description> + <para> + This parameter is only applicable if <smbconfoption name="printing"/> + is set to <constant>cups</constant> and if you use CUPS newer than + 1.0.x.It is used to define whether or not Samba should use encryption + when talking to the CUPS server. Possible values are + <emphasis>auto</emphasis>, <emphasis>yes</emphasis> and + <emphasis>no</emphasis> + </para> + + <para> + When set to auto we will try to do a TLS handshake on each CUPS + connection setup. If that fails, we will fall back to unencrypted + operation. + </para> + +</description> + +<value type="default">"no"</value> +</samba:parameter> diff --git a/source3/configure.in b/source3/configure.in index 1cf8d9ca4a..0850bf5a7f 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -788,6 +788,7 @@ if test x$enable_cups != xno; then x"$ac_cv_header_cups_language_h" = xyes; then AC_DEFINE(HAVE_CUPS,1,[Whether we have CUPS]) samba_cv_HAVE_CUPS=yes + AC_CHECK_LIB_EXT(cups, PRINT_LIBS, httpConnectEncrypt) else AC_MSG_WARN([cups-config around but cups-devel not installed]) CFLAGS=$ac_save_CFLAGS diff --git a/source3/include/proto.h b/source3/include/proto.h index 77be0aba09..2e76764e01 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4125,6 +4125,7 @@ const char **lp_admin_users(int ); const char **lp_svcctl_list(void); char *lp_cups_options(int ); char *lp_cups_server(void); +int lp_cups_encrypt(void); char *lp_iprint_server(void); int lp_cups_connection_timeout(void); const char *lp_ctdbd_socket(void); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 66fb8bf1bc..8da1f6348f 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -54,6 +54,10 @@ #include "includes.h" #include "printing.h" +#ifdef HAVE_HTTPCONNECTENCRYPT +#include <cups/http.h> +#endif + bool bLoaded = False; extern enum protocol_types Protocol; @@ -257,6 +261,7 @@ struct global { int ldap_debug_threshold; int iAclCompat; char *szCupsServer; + int CupsEncrypt; char *szIPrintServer; char *ctdbdSocket; char **szClusterAddresses; @@ -774,6 +779,8 @@ static const struct enum_list enum_case[] = { {-1, NULL} }; + + static const struct enum_list enum_bool_auto[] = { {False, "No"}, {False, "False"}, @@ -2628,6 +2635,16 @@ static struct parm_struct parm_table[] = { .flags = FLAG_ADVANCED | FLAG_PRINT | FLAG_GLOBAL, }, { + .label = "cups encrypt", + .type = P_ENUM, + .p_class = P_GLOBAL, + .ptr = &Globals.CupsEncrypt, + .special = NULL, + .enum_list = enum_bool_auto, + .flags = FLAG_ADVANCED | FLAG_PRINT | FLAG_GLOBAL, + }, + { + .label = "cups connection timeout", .type = P_INTEGER, .p_class = P_GLOBAL, @@ -5471,6 +5488,23 @@ FN_LOCAL_LIST(lp_admin_users, szAdminUsers) FN_GLOBAL_LIST(lp_svcctl_list, &Globals.szServicesList) FN_LOCAL_STRING(lp_cups_options, szCupsOptions) FN_GLOBAL_STRING(lp_cups_server, &Globals.szCupsServer) +int lp_cups_encrypt(void) +{ +#ifdef HAVE_HTTPCONNECTENCRYPT + switch (Globals.CupsEncrypt) { + case Auto: + Globals.CupsEncrypt = HTTP_ENCRYPT_REQUIRED; + break; + case True: + Globals.CupsEncrypt = HTTP_ENCRYPT_ALWAYS; + break; + case False: + Globals.CupsEncrypt = HTTP_ENCRYPT_NEVER; + break; + } +#endif + return Globals.CupsEncrypt; +} FN_GLOBAL_STRING(lp_iprint_server, &Globals.szIPrintServer) FN_GLOBAL_INTEGER(lp_cups_connection_timeout, &Globals.cups_connection_timeout) FN_GLOBAL_CONST_STRING(lp_ctdbd_socket, &Globals.ctdbdSocket) diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c index 8e792a944a..7edfb5edbe 100644 --- a/source3/printing/print_cups.c +++ b/source3/printing/print_cups.c @@ -93,7 +93,12 @@ static http_t *cups_connect(TALLOC_CTX *frame) alarm(timeout); } +#ifdef HAVE_HTTPCONNECTENCRYPT + http = httpConnectEncrypt(server, port, lp_cups_encrypt()); +#else http = httpConnect(server, port); +#endif + CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN); alarm(0); diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 555718bd83..5ae7151303 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -325,8 +325,10 @@ uint32 dos_mode_msdfs(connection_struct *conn, const char *path,SMB_STRUCT_STAT } else { p = path; } - - if (p[0] == '.' && p[1] != '.' && p[1] != 0) { + + /* Only . and .. are not hidden. */ + if (p[0] == '.' && !((p[1] == '\0') || + (p[1] == '.' && p[2] == '\0'))) { result |= aHIDDEN; } } @@ -484,8 +486,10 @@ uint32 dos_mode(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf) } else { p = path; } - - if (p[0] == '.' && p[1] != '.' && p[1] != 0) { + + /* Only . and .. are not hidden. */ + if (p[0] == '.' && !((p[1] == '\0') || + (p[1] == '.' && p[2] == '\0'))) { result |= aHIDDEN; } } |