Bind to datagram socket as well in systemd cups.socket unit file, to prevent that port being stolen by another service (bug #760070).

2011-12-08 16:31:26 +00:00 · 2011-12-08 16:31:26 +00:00 · 843ebb9de0
commit 843ebb9de0
parent 1d347acd8b
2 changed files with 171 additions and 29 deletions
--- a/cups-systemd-socket.patch
+++ b/cups-systemd-socket.patch
@ -1,6 +1,6 @@
 diff -up cups-1.5.0/config.h.in.systemd-socket cups-1.5.0/config.h.in
--- cups-1.5.0/config.h.in.systemd-socket	2011-10-18 15:32:40.741672460 +0100
-+++ cups-1.5.0/config.h.in	2011-10-18 15:32:40.843670530 +0100
+--- cups-1.5.0/config.h.in.systemd-socket	2011-12-08 17:21:46.397159342 +0000
+++ cups-1.5.0/config.h.in	2011-12-08 17:21:46.500157383 +0000
@@ -503,6 +503,13 @@
 
 
@ -16,8 +16,8 @@ diff -up cups-1.5.0/config.h.in.systemd-socket cups-1.5.0/config.h.in
  */
 
 diff -up cups-1.5.0/config-scripts/cups-systemd.m4.systemd-socket cups-1.5.0/config-scripts/cups-systemd.m4
--- cups-1.5.0/config-scripts/cups-systemd.m4.systemd-socket	2011-10-18 15:32:40.844670511 +0100
-+++ cups-1.5.0/config-scripts/cups-systemd.m4	2011-10-18 15:33:16.861989058 +0100
+--- cups-1.5.0/config-scripts/cups-systemd.m4.systemd-socket	2011-12-08 17:21:46.501157363 +0000
+++ cups-1.5.0/config-scripts/cups-systemd.m4	2011-12-08 17:21:46.501157363 +0000
@@ -0,0 +1,36 @@
 +dnl
 +dnl "$Id$"
@ -57,7 +57,7 @@ diff -up cups-1.5.0/config-scripts/cups-systemd.m4.systemd-socket cups-1.5.0/con
 +dnl
 diff -up cups-1.5.0/configure.in.systemd-socket cups-1.5.0/configure.in
 --- cups-1.5.0/configure.in.systemd-socket	2010-11-20 01:03:46.000000000 +0000
-+++ cups-1.5.0/configure.in	2011-10-18 15:32:40.844670511 +0100
+++ cups-1.5.0/configure.in	2011-12-08 17:21:46.501157363 +0000
@@ -37,6 +37,7 @@ sinclude(config-scripts/cups-pam.m4)
 sinclude(config-scripts/cups-largefile.m4)
 sinclude(config-scripts/cups-dnssd.m4)
@ -77,8 +77,8 @@ diff -up cups-1.5.0/configure.in.systemd-socket cups-1.5.0/configure.in
 	  doc/help/ref-cupsd-conf.html
 	  doc/help/standard.html
 diff -up cups-1.5.0/cups/usersys.c.systemd-socket cups-1.5.0/cups/usersys.c
--- cups-1.5.0/cups/usersys.c.systemd-socket	2011-10-18 15:32:40.645674277 +0100
-+++ cups-1.5.0/cups/usersys.c	2011-10-18 15:32:40.845670492 +0100
+--- cups-1.5.0/cups/usersys.c.systemd-socket	2011-12-08 17:21:46.312160958 +0000
+++ cups-1.5.0/cups/usersys.c	2011-12-08 17:21:46.502157344 +0000
@@ -770,7 +770,7 @@ cups_read_client_conf(
     struct stat	sockinfo;		/* Domain socket information */
 
@ -89,8 +89,8 @@ diff -up cups-1.5.0/cups/usersys.c.systemd-socket cups-1.5.0/cups/usersys.c
     else
 #endif /* CUPS_DEFAULT_DOMAINSOCKET */
 diff -up cups-1.5.0/data/cups.path.in.systemd-socket cups-1.5.0/data/cups.path.in
--- cups-1.5.0/data/cups.path.in.systemd-socket	2011-10-18 15:32:40.846670473 +0100
-+++ cups-1.5.0/data/cups.path.in	2011-10-18 15:32:40.846670473 +0100
+--- cups-1.5.0/data/cups.path.in.systemd-socket	2011-12-08 17:21:46.503157325 +0000
+++ cups-1.5.0/data/cups.path.in	2011-12-08 17:21:46.503157325 +0000
@@ -0,0 +1,8 @@
 +[Unit]
 +Description=CUPS Printer Service Spool
@ -101,8 +101,8 @@ diff -up cups-1.5.0/data/cups.path.in.systemd-socket cups-1.5.0/data/cups.path.i
 +[Install]
 +WantedBy=multi-user.target
 diff -up cups-1.5.0/data/cups.service.in.systemd-socket cups-1.5.0/data/cups.service.in
--- cups-1.5.0/data/cups.service.in.systemd-socket	2011-10-18 15:32:40.846670473 +0100
-+++ cups-1.5.0/data/cups.service.in	2011-10-18 15:32:40.846670473 +0100
+--- cups-1.5.0/data/cups.service.in.systemd-socket	2011-12-08 17:21:46.503157325 +0000
+++ cups-1.5.0/data/cups.service.in	2011-12-08 17:21:46.503157325 +0000
@@ -0,0 +1,9 @@
 +[Unit]
 +Description=CUPS Printing Service
@ -114,22 +114,23 @@ diff -up cups-1.5.0/data/cups.service.in.systemd-socket cups-1.5.0/data/cups.ser
 +Also=cups.socket cups.path
 +WantedBy=printer.target
 diff -up cups-1.5.0/data/cups.socket.in.systemd-socket cups-1.5.0/data/cups.socket.in
--- cups-1.5.0/data/cups.socket.in.systemd-socket	2011-10-18 15:32:40.847670454 +0100
-+++ cups-1.5.0/data/cups.socket.in	2011-10-18 15:32:40.847670454 +0100
-@@ -0,0 +1,10 @@
+--- cups-1.5.0/data/cups.socket.in.systemd-socket	2011-12-08 17:21:46.504157306 +0000
+++ cups-1.5.0/data/cups.socket.in	2011-12-08 17:21:46.504157306 +0000
+@@ -0,0 +1,11 @@
 +[Unit]
 +Description=CUPS Printing Service Sockets
 +
 +[Socket]
 +ListenStream=@CUPS_DEFAULT_DOMAINSOCKET@
 +ListenStream=631
+ListenDatagram=0.0.0.0:631
 +BindIPv6Only=ipv6-only
 +
 +[Install]
 +WantedBy=sockets.target
 diff -up cups-1.5.0/data/Makefile.systemd-socket cups-1.5.0/data/Makefile
 --- cups-1.5.0/data/Makefile.systemd-socket	2011-05-12 06:21:56.000000000 +0100
-+++ cups-1.5.0/data/Makefile	2011-10-18 15:32:40.847670454 +0100
+++ cups-1.5.0/data/Makefile	2011-12-08 17:21:46.504157306 +0000
@@ -112,6 +112,12 @@ install-data:
 		$(INSTALL_DATA) $$file $(DATADIR)/ppdc; \
 	done
@ -154,8 +155,8 @@ diff -up cups-1.5.0/data/Makefile.systemd-socket cups-1.5.0/data/Makefile
 
 #
 diff -up cups-1.5.0/Makedefs.in.systemd-socket cups-1.5.0/Makedefs.in
--- cups-1.5.0/Makedefs.in.systemd-socket	2011-10-18 15:32:40.719672876 +0100
-+++ cups-1.5.0/Makedefs.in	2011-10-18 15:32:40.848670435 +0100
+--- cups-1.5.0/Makedefs.in.systemd-socket	2011-12-08 17:21:46.375159760 +0000
+++ cups-1.5.0/Makedefs.in	2011-12-08 17:21:46.505157287 +0000
@@ -143,6 +143,7 @@ CXXFLAGS	=	@CPPFLAGS@ @CXXFLAGS@
 CXXLIBS		=	@CXXLIBS@
 DBUS_NOTIFIER	=	@DBUS_NOTIFIER@
@ -182,7 +183,7 @@ diff -up cups-1.5.0/Makedefs.in.systemd-socket cups-1.5.0/Makedefs.in
 #
 diff -up cups-1.5.0/scheduler/client.h.systemd-socket cups-1.5.0/scheduler/client.h
 --- cups-1.5.0/scheduler/client.h.systemd-socket	2011-03-25 21:25:38.000000000 +0000
-+++ cups-1.5.0/scheduler/client.h	2011-10-18 15:32:40.848670435 +0100
+++ cups-1.5.0/scheduler/client.h	2011-12-08 17:21:46.505157287 +0000
@@ -75,6 +75,9 @@ typedef struct
   int			fd;		/* File descriptor for this server */
   http_addr_t		address;	/* Bind address of socket */
@ -193,9 +194,99 @@ diff -up cups-1.5.0/scheduler/client.h.systemd-socket cups-1.5.0/scheduler/clien
 } cupsd_listener_t;
 
 
+diff -up cups-1.5.0/scheduler/dirsvc.c.systemd-socket cups-1.5.0/scheduler/dirsvc.c
+--- cups-1.5.0/scheduler/dirsvc.c.systemd-socket	2011-12-08 17:21:46.452158297 +0000
+++ cups-1.5.0/scheduler/dirsvc.c	2011-12-08 17:21:46.510157192 +0000
+@@ -1512,7 +1512,7 @@ cupsdStartBrowsing(void)
+       }
+     }
+ 
+-    if (BrowseSocket >= 0)
+    if (BrowseSocket >= 0 && !BrowseSocketIsSystemd)
+     {
+      /*
+       * Bind the socket to browse port...
+@@ -1556,13 +1556,17 @@ cupsdStartBrowsing(void)
+ 	cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to set broadcast mode - %s.",
+ 			strerror(errno));
+ 
+	if (!BrowseSocketIsSystemd)
+	{
+ #ifdef WIN32
+-	closesocket(BrowseSocket);
+	  closesocket(BrowseSocket);
+ #else
+-	close(BrowseSocket);
+	  close(BrowseSocket);
+ #endif /* WIN32 */
+ 
+-	BrowseSocket = -1;
+	  BrowseSocket = -1;
+	}
+
+ 	BrowseLocalProtocols &= ~BROWSE_CUPS;
+ 	BrowseRemoteProtocols &= ~BROWSE_CUPS;
+ 
+@@ -1885,15 +1889,22 @@ cupsdStopBrowsing(void)
+   if (((BrowseLocalProtocols | BrowseRemoteProtocols) & BROWSE_CUPS) &&
+       BrowseSocket >= 0)
+   {
+-   /*
+-    * Close the socket and remove it from the input selection set.
+-    */
+    if (!BrowseSocketIsSystemd)
+    {
+     /*
+      * Close the socket.
+      */
+ 
+ #ifdef WIN32
+-    closesocket(BrowseSocket);
+      closesocket(BrowseSocket);
+ #else
+-    close(BrowseSocket);
+      close(BrowseSocket);
+ #endif /* WIN32 */
+    }
+
+   /*
+    * Remove it from the input selection set.
+    */
+ 
+     cupsdRemoveSelect(BrowseSocket);
+     BrowseSocket = -1;
+@@ -5683,11 +5694,14 @@ update_cups_browse(void)
+                       strerror(errno));
+       cupsdLogMessage(CUPSD_LOG_ERROR, "CUPS browsing turned off.");
+ 
+      if (!BrowseSocketIsSystemd)
+      {
+ #ifdef WIN32
+-      closesocket(BrowseSocket);
+	closesocket(BrowseSocket);
+ #else
+-      close(BrowseSocket);
+	close(BrowseSocket);
+ #endif /* WIN32 */
+      }
+ 
+       cupsdRemoveSelect(BrowseSocket);
+       BrowseSocket = -1;
+diff -up cups-1.5.0/scheduler/dirsvc.h.systemd-socket cups-1.5.0/scheduler/dirsvc.h
+--- cups-1.5.0/scheduler/dirsvc.h.systemd-socket	2011-12-08 17:21:46.454158257 +0000
+++ cups-1.5.0/scheduler/dirsvc.h	2011-12-08 17:21:46.511157174 +0000
+@@ -100,6 +100,8 @@ VAR int			Browsing	VALUE(TRUE),
+ 					/* Short names for remote printers? */
+ 			BrowseSocket	VALUE(-1),
+ 					/* Socket for browsing */
+			BrowseSocketIsSystemd	VALUE(0),
+					/* BrowseSocket is systemd-provided? */
+ 			BrowsePort	VALUE(IPP_PORT),
+ 					/* Port number for broadcasts */
+ 			BrowseInterval	VALUE(DEFAULT_INTERVAL),
 diff -up cups-1.5.0/scheduler/listen.c.systemd-socket cups-1.5.0/scheduler/listen.c
 --- cups-1.5.0/scheduler/listen.c.systemd-socket	2011-04-16 00:38:13.000000000 +0100
-+++ cups-1.5.0/scheduler/listen.c	2011-10-18 15:32:40.849670416 +0100
+++ cups-1.5.0/scheduler/listen.c	2011-12-08 17:21:46.512157155 +0000
@@ -401,7 +401,11 @@ cupsdStopListening(void)
        lis;
        lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
@ -210,8 +301,8 @@ diff -up cups-1.5.0/scheduler/listen.c.systemd-socket cups-1.5.0/scheduler/liste
 #ifdef WIN32
       closesocket(lis->fd);
 diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c
--- cups-1.5.0/scheduler/main.c.systemd-socket	2011-10-18 15:32:40.802671306 +0100
-+++ cups-1.5.0/scheduler/main.c	2011-10-18 15:32:40.851670379 +0100
+--- cups-1.5.0/scheduler/main.c.systemd-socket	2011-12-08 17:21:46.467158009 +0000
+++ cups-1.5.0/scheduler/main.c	2011-12-08 17:23:05.944645297 +0000
@@ -26,6 +26,8 @@
  *   launchd_checkin()     - Check-in with launchd and collect the listening
  *                           fds.
@ -272,7 +363,7 @@ diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c
        /*
         * Startup the server...
         */
-@@ -1584,6 +1609,100 @@ launchd_checkout(void)
+@@ -1584,6 +1609,147 @@ launchd_checkout(void)
 }
 #endif /* HAVE_LAUNCHD */
 
@ -304,14 +395,61 @@ diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c
 +    char s[256];
 +
 +    r = sd_is_socket(fd, AF_UNSPEC, SOCK_STREAM, 1);
-+    if (r < 0) {
+    if (r < 0)
+    {
 +      cupsdLogMessage(CUPSD_LOG_ERROR,
 +             "systemd_checkin: Unable to verify socket type - %s",
 +             strerror(-r));
 +      continue;
 +    }
 +
-+    if (!r) {
+    if (!r)
+    {
+      cupsdLogMessage(CUPSD_LOG_ERROR,
+		      "Browsing=%d", Browsing);
+      cupsdLogMessage(CUPSD_LOG_ERROR,
+		      "BrowseLocalProtocols=%x", BrowseLocalProtocols);
+      cupsdLogMessage(CUPSD_LOG_ERROR,
+		      "BrowseRemoteProtocols=%x", BrowseRemoteProtocols);
+      cupsdLogMessage(CUPSD_LOG_ERROR,
+		      "BROWSE_CUPS=%x", BROWSE_CUPS);
+      if (Browsing &&
+	  ((BrowseLocalProtocols | BrowseRemoteProtocols) & BROWSE_CUPS))
+      {
+	r = sd_is_socket(fd, AF_UNSPEC, SOCK_DGRAM, 0);
+	if (r < 0)
+	{
+	  cupsdLogMessage(CUPSD_LOG_ERROR,
+			  "systemd_checkin: Unable to verify socket type - %s",
+			  strerror(-r));
+	  continue;
+	}
+
+	if (r)
+	{
+	 /*
+	  * This is the browse socket.
+	  */
+
+	  char addrstr[256];
+	  if (getsockname(fd, (struct sockaddr*) &addr, &addrlen))
+	  {
+	    cupsdLogMessage(CUPSD_LOG_ERROR,
+			    "systemd_checkin: Unable to get local address - %s",
+			    strerror(errno));
+	    continue;
+	  }
+
+	  httpAddrString (&addr, addrstr, sizeof (addrstr));
+	  BrowseSocket = fd;
+	  BrowseSocketIsSystemd = 1;
+	  cupsdLogMessage(CUPSD_LOG_DEBUG,
+			  "systemd_checkin: Matched browse (port %d) with fd %d:%s...",
+			  BrowsePort, fd, addrstr);
+	  continue;
+	}
+
+      }
 +      cupsdLogMessage(CUPSD_LOG_ERROR,
 +             "systemd_checkin: Socket not of the right type");
 +      continue;
@ -325,7 +463,7 @@ diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c
 +      continue;
 +    }
 +
-+     /*
+   /*
 +    * Try to match the systemd socket address to one of the listeners...
 +    */
 +
@ -333,7 +471,7 @@ diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c
 +       lis;
 +       lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
 +      if (httpAddrEqual(&lis->address, &addr))
-+      break;
+	break;
 +
 +    if (lis)
 +    {
@ -374,8 +512,8 @@ diff -up cups-1.5.0/scheduler/main.c.systemd-socket cups-1.5.0/scheduler/main.c
 /*
  * 'parent_handler()' - Catch USR1/CHLD signals...
 diff -up cups-1.5.0/scheduler/Makefile.systemd-socket cups-1.5.0/scheduler/Makefile
--- cups-1.5.0/scheduler/Makefile.systemd-socket	2011-10-18 15:32:40.817671022 +0100
-+++ cups-1.5.0/scheduler/Makefile	2011-10-18 15:32:40.852670360 +0100
+--- cups-1.5.0/scheduler/Makefile.systemd-socket	2011-12-08 17:21:46.477157820 +0000
+++ cups-1.5.0/scheduler/Makefile	2011-12-08 17:21:46.515157096 +0000
@@ -382,7 +382,7 @@ cupsd:	$(CUPSDOBJS) $(LIBCUPSMIME) ../cu
 	$(CC) $(LDFLAGS) -o cupsd $(CUPSDOBJS) -L. -lcupsmime \
 		$(LIBZ) $(SSLLIBS) $(LIBSLP) $(LIBLDAP) $(PAMLIBS) \
--- a/cups.spec
+++ b/cups.spec
@ -13,7 +13,7 @@
 Summary: Common Unix Printing System
 Name: cups
 Version: 1.5.0
-Release: 22%{?dist}
+Release: 23%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source: http://ftp.easysw.com/pub/cups/%{version}/cups-%{version}-source.tar.bz2
@ -660,6 +660,10 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/man1/ipptool.1.gz

 %changelog
+* Fri Dec  9 2011 Tim Waugh <twaugh@redhat.com> 1:1.5.0-23
+- Bind to datagram socket as well in systemd cups.socket unit file, to
+  prevent that port being stolen by another service (bug #760070).
+
 * Fri Nov 11 2011 Tim Waugh <twaugh@redhat.com> 1:1.5.0-22
 - Fixed trigger (bug #748841).