A reader reported the PGP security was not working. Pleae find attached a set of patches to fix this. Please test the patches and see if they fix your particular problem.
Patrick Powell Astart Technologies [EMAIL PROTECTED] 6741 Convoy Court Network and System San Diego, CA 92111 Consulting 858-874-6543 FAX 858-751-2435 LPRng - Print Spooler (http://www.lprng.com) *** common/sendauth.c 2003/09/15 20:56:46 1.58 --- common/sendauth.c 2003/09/29 22:53:49 *************** *** 8,14 **** ***************************************************************************/ static char *const _id = ! "$Id: sendauth.c,v 1.58 2003/09/15 20:56:46 papowell Exp $"; #include "lp.h" #include "user_auth.h" --- 8,14 ---- ***************************************************************************/ static char *const _id = ! "$Id: sendauth.c,v 1.58 2003/09/15 20:56:46 papowell Exp papowell $"; #include "lp.h" #include "user_auth.h" *************** *** 277,283 **** if( security->name == 0 ){ security = 0; SNPRINTF(error, errlen) ! "Send_auth_transfer: '%s' security not supported", name ); goto error; } } else { --- 277,283 ---- if( security->name == 0 ){ security = 0; SNPRINTF(error, errlen) ! "Fix_send_auth: '%s' security not supported", name ); goto error; } } else { *************** *** 306,312 **** if(!from)from = Find_str_value(info,"server_principal",Value_sep); if( from == 0 && safestrcmp(tag,"kerberos") && safestrcmp(tag,"none") ){ SNPRINTF(error, errlen) ! "Send_auth_transfer: '%s' security missing '%s_id' info", tag, tag ); goto error; } Set_str_value(info,FROM,from); --- 306,312 ---- if(!from)from = Find_str_value(info,"server_principal",Value_sep); if( from == 0 && safestrcmp(tag,"kerberos") && safestrcmp(tag,"none") ){ SNPRINTF(error, errlen) ! "Fix_send_auth: '%s' security missing '%s_id' info", tag, tag ); goto error; } Set_str_value(info,FROM,from); *************** *** 320,326 **** && !(client = Find_str_value(info,"default_client_name",Value_sep)) && safestrcmp(tag,"none") ){ SNPRINTF(error, errlen) ! "Send_auth_transfer: security '%s' missing authenticated client", tag ); goto error; } Set_str_value(info,CLIENT,client); --- 320,326 ---- && !(client = Find_str_value(info,"default_client_name",Value_sep)) && safestrcmp(tag,"none") ){ SNPRINTF(error, errlen) ! "Fix_send_auth: security '%s' missing authenticated client", tag ); goto error; } Set_str_value(info,CLIENT,client); *************** *** 329,335 **** if( destination == 0 && safestrcmp(tag, "kerberos") && safestrcmp(tag, "none")){ SNPRINTF(error, errlen) ! "Send_auth_transfer: '%s' security missing '%s_forward_id' info", tag, tag ); goto error; } } else { --- 329,335 ---- if( destination == 0 && safestrcmp(tag, "kerberos") && safestrcmp(tag, "none")){ SNPRINTF(error, errlen) ! "Fix_send_auth: '%s' security missing '%s_forward_id' info", tag, tag ); goto error; } } else { *************** *** 344,364 **** if( destination == 0 && safestrcmp(tag, "kerberos") && safestrcmp(tag, "none") ){ SNPRINTF(error, errlen) ! "Send_auth_transfer: '%s' security missing '%s_id' info", tag, tag ); goto error; } } Set_str_value(info,DESTINATION,destination); ! DEBUG1("Send_auth_transfer: pr '%s', key '%s', from '%s'," " destination '%s'", RemotePrinter_DYN,key, from, tag); SNPRINTF( buffer, sizeof(buffer)) "%c%s %s %s %s", REQ_SECURE,RemotePrinter_DYN,key, from, tag ); Set_str_value(info,CMD,buffer); ! DEBUG1("Send_auth_transfer: sending '%s'", buffer ); error: if( error[0] ) security = 0; --- 344,364 ---- if( destination == 0 && safestrcmp(tag, "kerberos") && safestrcmp(tag, "none") ){ SNPRINTF(error, errlen) ! "Fix_send_auth: '%s' security missing destination '%s_id' info", tag, tag ); goto error; } } Set_str_value(info,DESTINATION,destination); ! DEBUG1("Fix_send_auth: pr '%s', key '%s', from '%s'," " destination '%s'", RemotePrinter_DYN,key, from, tag); SNPRINTF( buffer, sizeof(buffer)) "%c%s %s %s %s", REQ_SECURE,RemotePrinter_DYN,key, from, tag ); Set_str_value(info,CMD,buffer); ! DEBUG1("Fix_send_auth: sending '%s'", buffer ); error: if( error[0] ) security = 0; *** common/user_auth.c 2003/09/15 20:56:46 1.27 --- common/user_auth.c 2003/09/30 00:46:37 *************** *** 1027,1035 **** * Pgp encode and decode a file ***************************************************************************/ ! int Pgp_get_pgppassfd( struct line_list *info, char *error, int errlen ) { ! char *s; int pgppassfd = -1; struct stat statb; --- 1027,1035 ---- * Pgp encode and decode a file ***************************************************************************/ ! int Pgp_get_pgppassfd( char **pgppass, struct line_list *info, char *error, int errlen ) { ! char *s, *t; int pgppassfd = -1; struct stat statb; *************** *** 1039,1057 **** char *passphrasefile = Find_str_value(info,"passphrasefile",Value_sep); if( (s = getenv( "PGPPASS" )) ){ DEBUG1("Pgp_get_pgppassfd: PGPPASS '%s'", s ); } else if( (s = getenv( "PGPPASSFD" )) ){ ! pgppassfd = atoi(s); ! if( pgppassfd <= 0 || fstat(pgppassfd, &statb ) ){ Errorcode = JABORT; ! DIEMSG("PGPASSFD '%s' not file", s); } } else if( (s = getenv( "PGPPASSFILE" ) ) ){ if( (pgppassfd = Checkread( s, &statb )) < 0 ){ Errorcode = JABORT; DIEMSG("PGP phrasefile '%s' not opened - %s\n", s, Errormsg(errno) ); } ! DEBUG1("Pgp_get_pgppassfd: PGPPASSFD file '%s', size %0.0f, fd %d", s, (double)statb.st_size, pgppassfd ); } else if( (s = getenv("HOME")) && passphrasefile ){ char *path; --- 1039,1061 ---- char *passphrasefile = Find_str_value(info,"passphrasefile",Value_sep); if( (s = getenv( "PGPPASS" )) ){ DEBUG1("Pgp_get_pgppassfd: PGPPASS '%s'", s ); + *pgppass = s; } else if( (s = getenv( "PGPPASSFD" )) ){ ! t = 0; ! char buffer[128]; ! pgppassfd = strtol(s,&t,10); ! if( pgppassfd <= 0 || !t || *t || fstat(pgppassfd, &statb) ){ Errorcode = JABORT; ! DIEMSG("PGPASSFD '%s' not active file descriptor", s); } + /* we read the password and put into a file */ } else if( (s = getenv( "PGPPASSFILE" ) ) ){ if( (pgppassfd = Checkread( s, &statb )) < 0 ){ Errorcode = JABORT; DIEMSG("PGP phrasefile '%s' not opened - %s\n", s, Errormsg(errno) ); } ! DEBUG1("Pgp_get_pgppassfd: PGPPASSFILE file '%s', size %0.0f, fd %d", s, (double)statb.st_size, pgppassfd ); } else if( (s = getenv("HOME")) && passphrasefile ){ char *path; *************** *** 1069,1075 **** } } else { char *server_passphrasefile = Find_str_value(info,"server_passphrasefile",Value_sep); ! if(DEBUGL1)Dump_line_list("Pgp_get_pgppassfd: info", info); if( !server_passphrasefile ){ SNPRINTF(error,errlen) "Pgp_get_pgppassfd: no 'pgp_server_passphrasefile' value\n" ); --- 1073,1079 ---- } } else { char *server_passphrasefile = Find_str_value(info,"server_passphrasefile",Value_sep); ! if(DEBUGL1)Dump_line_list("Pgp_get_pgppassfd: info - need server_passphrasefile", info); if( !server_passphrasefile ){ SNPRINTF(error,errlen) "Pgp_get_pgppassfd: no 'pgp_server_passphrasefile' value\n" ); *************** *** 1080,1085 **** --- 1084,1090 ---- server_passphrasefile, Errormsg(errno) ); } } + DEBUG1("Pgp_get_pgppassfd: pgppassfd %d", pgppassfd ); return(pgppassfd); } *************** *** 1112,1122 **** error_fd[0] = error_fd[1] = -1; error[0] = 0; ! pgppassfd = Pgp_get_pgppassfd( info, error, errlen ); if( error[0] ){ status = JFAIL; goto error; } /* run the PGP decoder */ if( pipe(error_fd) == -1 ){ --- 1117,1140 ---- error_fd[0] = error_fd[1] = -1; error[0] = 0; ! s = 0; ! pgppassfd = Pgp_get_pgppassfd( &s, info, error, errlen ); if( error[0] ){ status = JFAIL; goto error; } + Set_str_value(&env,"PGPPASSFILE",0); + Set_str_value(&env,"PGPPASSFD",0); + if( Is_server ){ + if( pgppassfd <= 0 ){ + SNPRINTF(error, errlen) "Pgp_decode: no server key file!"); + status = JFAIL; + goto error; + } + Set_str_value(&env,"PGPPASS",0); + } else if( s ){ + Set_str_value(&env,"PGPPASS",s); + } /* run the PGP decoder */ if( pipe(error_fd) == -1 ){ *************** *** 1262,1271 **** pgppassfd = error_fd[0] = error_fd[1] = -1; error[0] = 0; ! pgppassfd = Pgp_get_pgppassfd( info, error, errlen ); if( error[0] ){ status = JFAIL; goto error; } pgpfile = safestrdup2(tempfile,".pgp",__FILE__,__LINE__); --- 1280,1303 ---- pgppassfd = error_fd[0] = error_fd[1] = -1; error[0] = 0; ! s = 0; ! pgppassfd = Pgp_get_pgppassfd( &s, info, error, errlen ); if( error[0] ){ status = JFAIL; goto error; + } + Set_decimal_value(&env,"PGPPASSFD",files.count); + Set_str_value(&env,"PGPPASSFILE",0); + Set_str_value(&env,"PGPPASSFD",0); + if( Is_server ){ + if( pgppassfd <= 0 ){ + SNPRINTF(error, errlen) "Pgp_decode: no server key file!"); + status = JFAIL; + goto error; + } + Set_str_value(&env,"PGPPASS",0); + } else if( s ){ + Set_str_value(&env,"PGPPASS",s); } pgpfile = safestrdup2(tempfile,".pgp",__FILE__,__LINE__); *** common/vars.c 2003/09/15 20:56:46 1.58 --- common/vars.c 2003/09/30 00:15:03 *************** *** 8,14 **** ***************************************************************************/ static char *const _id = ! "$Id: vars.c,v 1.58 2003/09/15 20:56:46 papowell Exp $"; /* force local definitions */ --- 8,14 ---- ***************************************************************************/ static char *const _id = ! "$Id: vars.c,v 1.58 2003/09/15 20:56:46 papowell Exp papowell $"; /* force local definitions */ *************** *** 385,391 **** /* orginate connections from these ports */ { "originate_port", 0, STRING_K, &Originate_port_DYN,0,0,"=512 1023"}, /* pass these environment variables to filters (clients and lpd)*/ ! { "pass_env", 0, STRING_K, &Pass_env_DYN,0,0,"=PGPPASS,PGPPATH,PGPPASSFD,LANG,LC_CTYPE,LC_NUMERIC,LC_TIME,LC_COLLATE,LC_MONETARY,LC_MESSAGES,LC_PAPER,LC_NAME,LC_ADDRESS,LC_TELEPHONE,LC_MEASUREMENT,LC_IDENTIFICATION,LC_ALL" }, /* make sure these printcap entries are in PRINTCAP_ENTRY filter environment variable */ { "pc_entries_required", 0, STRING_K, &Pc_entries_required_DYN,0,0,"=ppd" }, /* lpd.perms file */ --- 385,391 ---- /* orginate connections from these ports */ { "originate_port", 0, STRING_K, &Originate_port_DYN,0,0,"=512 1023"}, /* pass these environment variables to filters (clients and lpd)*/ ! { "pass_env", 0, STRING_K, &Pass_env_DYN,0,0,"=LANG,LC_CTYPE,LC_NUMERIC,LC_TIME,LC_COLLATE,LC_MONETARY,LC_MESSAGES,LC_PAPER,LC_NAME,LC_ADDRESS,LC_TELEPHONE,LC_MEASUREMENT,LC_IDENTIFICATION,LC_ALL" }, /* make sure these printcap entries are in PRINTCAP_ENTRY filter environment variable */ { "pc_entries_required", 0, STRING_K, &Pc_entries_required_DYN,0,0,"=ppd" }, /* lpd.perms file */ *** include/user_auth.h 2003/09/15 20:56:48 1.27 --- include/user_auth.h 2003/09/30 00:35:02 *************** *** 106,112 **** char *errmsg, int errlen, struct line_list *header_info, struct security *security, char *tempfile ); ! int Pgp_get_pgppassfd( struct line_list *info, char *error, int errlen ); int Pgp_decode(int transfer_timeout, struct line_list *info, char *tempfile, char *pgpfile, struct line_list *pgp_info, char *buffer, int bufflen, char *error, int errlen, char *esc_to_id, struct line_list *from_info, --- 106,112 ---- char *errmsg, int errlen, struct line_list *header_info, struct security *security, char *tempfile ); ! int Pgp_get_pgppassfd( char **pgppass, struct line_list *info, char *error, int errlen ); int Pgp_decode(int transfer_timeout, struct line_list *info, char *tempfile, char *pgpfile, struct line_list *pgp_info, char *buffer, int bufflen, char *error, int errlen, char *esc_to_id, struct line_list *from_info, ----------------------------------------------------------------------------- YOU MUST BE A LIST MEMBER IN ORDER TO POST TO THE LPRNG MAILING LIST The address you post from MUST be your subscription address If you need help, send email to [EMAIL PROTECTED] (or lprng-requests or lprng-digest-requests) with the word 'help' in the body. For the impatient, to subscribe to a list with name LIST, send mail to [EMAIL PROTECTED] with: | example: subscribe LIST <mailaddr> | subscribe lprng-digest [EMAIL PROTECTED] unsubscribe LIST <mailaddr> | unsubscribe lprng [EMAIL PROTECTED] If you have major problems, send email to [EMAIL PROTECTED] with the word LPRNGLIST in the SUBJECT line. -----------------------------------------------------------------------------
