diff --git a/conf/cupsd.conf.in b/conf/cupsd.conf.in
index 31ecacb110..fe1ec28fdb 100644
--- a/conf/cupsd.conf.in
+++ b/conf/cupsd.conf.in
@@ -3,8 +3,7 @@
# complete description of this file.
#
-# Log general information in error_log - change "@CUPS_LOG_LEVEL@" to "debug"
-# for troubleshooting...
+# Set LogLevel to debug for turning on troubleshooting
LogLevel @CUPS_LOG_LEVEL@
@CUPS_PAGE_LOG_FORMAT@
@@ -31,26 +30,35 @@ WebInterface @CUPS_WEBIF@
# Timeout after cupsd exits if idle (applied only if cupsd runs on-demand - with -l)
IdleExitTimeout @EXIT_TIMEOUT@
-# Restrict access to the server...
+# Access to the server root (/):
+# - default action defined by 'Order', see 'man cupsd.conf'
+# - use 'Allow'/'Deny' for configuring access
+# - allowing access is required for printer sharing or remote administration
Order allow,deny
-# Restrict access to the admin pages...
+# Access to the admin pages:
+# - default action defined by Order', see 'man cupsd.conf'
+# - use 'Allow'/'Deny' for configuring access
AuthType Default
Require user @SYSTEM
Order allow,deny
-# Restrict access to configuration files...
+# Access to the configuration files:
+# - default action defined by Order', see 'man cupsd.conf'
+# - use 'Allow'/'Deny' for configuring access
AuthType Default
Require user @SYSTEM
Order allow,deny
-# Restrict access to log files...
+# Access to the log files:
+# - default action defined by Order', see 'man cupsd.conf'
+# - use 'Allow'/'Deny' for configuring access
AuthType Default
Require user @SYSTEM
diff --git a/cups/adminutil.c b/cups/adminutil.c
index dadf5c438c..71cfe388cd 100644
--- a/cups/adminutil.c
+++ b/cups/adminutil.c
@@ -698,9 +698,14 @@ cupsAdminSetServerSettings(
if (server_port <= 0)
server_port = IPP_PORT;
- while (cupsFileGetConf(cupsd, line, sizeof(line), &value, &linenum))
+ while (_cupsFileGetConfAndComments(cupsd, line, sizeof(line), &value, &linenum))
{
- if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")) &&
+ /*
+ * Preserve empty lines...
+ */
+ if (!line[0])
+ cupsFilePuts(temp, "\n");
+ else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")) &&
(remote_admin >= 0 || remote_any >= 0 || share_printers >= 0))
{
if (!wrote_port_listen)
@@ -709,13 +714,10 @@ cupsAdminSetServerSettings(
if (remote_admin > 0 || remote_any > 0 || share_printers > 0)
{
- cupsFilePuts(temp, "# Allow remote access\n");
cupsFilePrintf(temp, "Port %d\n", server_port);
}
else
{
- cupsFilePuts(temp, "# Only listen for connections from the local "
- "machine.\n");
cupsFilePrintf(temp, "Listen localhost:%d\n", server_port);
}
@@ -749,7 +751,6 @@ cupsAdminSetServerSettings(
localp = cupsGetOption("BrowseLocalProtocols", cupsd_num_settings,
cupsd_settings);
- cupsFilePuts(temp, "# Share local printers on the local network.\n");
cupsFilePuts(temp, "Browsing On\n");
if (!localp)
@@ -763,7 +764,6 @@ cupsAdminSetServerSettings(
}
else
{
- cupsFilePuts(temp, "# Disable printer sharing.\n");
cupsFilePuts(temp, "Browsing Off\n");
}
}
@@ -774,13 +774,10 @@ cupsAdminSetServerSettings(
if (debug_logging)
{
- cupsFilePuts(temp,
- "# Show troubleshooting information in error_log.\n");
cupsFilePuts(temp, "LogLevel debug\n");
}
else
{
- cupsFilePuts(temp, "# Show general information in error_log.\n");
cupsFilePuts(temp, "LogLevel " CUPS_DEFAULT_LOG_LEVEL "\n");
}
}
@@ -800,9 +797,7 @@ cupsAdminSetServerSettings(
wrote_policy = 1;
if (!user_cancel_any)
- cupsFilePuts(temp, " # Only the owner or an administrator can "
- "cancel a job...\n"
- " \n"
+ cupsFilePuts(temp, " \n"
" Order deny,allow\n"
" Require user @OWNER "
CUPS_DEFAULT_PRINTOPERATOR_AUTH "\n"
@@ -837,11 +832,6 @@ cupsAdminSetServerSettings(
{
wrote_admin_location = 1;
- if (remote_admin)
- cupsFilePuts(temp, " # Allow remote administration...\n");
- else
- cupsFilePuts(temp, " # Restrict access to the admin pages...\n");
-
cupsFilePuts(temp, " Order allow,deny\n");
if (remote_admin)
@@ -856,13 +846,6 @@ cupsAdminSetServerSettings(
{
wrote_conf_location = 1;
- if (remote_admin)
- cupsFilePuts(temp, " # Allow remote access to the configuration "
- "files...\n");
- else
- cupsFilePuts(temp, " # Restrict access to the configuration "
- "files...\n");
-
cupsFilePuts(temp, " Order allow,deny\n");
if (remote_admin)
@@ -877,13 +860,6 @@ cupsAdminSetServerSettings(
{
wrote_log_location = 1;
- if (remote_admin)
- cupsFilePuts(temp, " # Allow remote access to the log "
- "files...\n");
- else
- cupsFilePuts(temp, " # Restrict access to the log "
- "files...\n");
-
cupsFilePuts(temp, " Order allow,deny\n");
if (remote_admin)
@@ -899,18 +875,6 @@ cupsAdminSetServerSettings(
{
wrote_root_location = 1;
- if (remote_admin > 0 && share_printers > 0)
- cupsFilePuts(temp, " # Allow shared printing and remote "
- "administration...\n");
- else if (remote_admin > 0)
- cupsFilePuts(temp, " # Allow remote administration...\n");
- else if (share_printers > 0)
- cupsFilePuts(temp, " # Allow shared printing...\n");
- else if (remote_any > 0)
- cupsFilePuts(temp, " # Allow remote access...\n");
- else
- cupsFilePuts(temp, " # Restrict access to the server...\n");
-
cupsFilePuts(temp, " Order allow,deny\n");
if (remote_admin > 0 || remote_any > 0 || share_printers > 0)
@@ -991,9 +955,7 @@ cupsAdminSetServerSettings(
wrote_policy = 1;
if (!user_cancel_any)
- cupsFilePuts(temp, " # Only the owner or an administrator can cancel "
- "a job...\n"
- " \n"
+ cupsFilePuts(temp, " \n"
" Order deny,allow\n"
" Require user @OWNER "
CUPS_DEFAULT_PRINTOPERATOR_AUTH "\n"
@@ -1069,12 +1031,10 @@ cupsAdminSetServerSettings(
{
if (share_printers > 0)
{
- cupsFilePuts(temp, "# Share local printers on the local network.\n");
cupsFilePuts(temp, "Browsing On\n");
}
else
{
- cupsFilePuts(temp, "# Disable printer sharing and shared printers.\n");
cupsFilePuts(temp, "Browsing Off\n");
}
}
@@ -1083,12 +1043,10 @@ cupsAdminSetServerSettings(
{
if (debug_logging)
{
- cupsFilePuts(temp, "# Show troubleshooting information in error_log.\n");
cupsFilePuts(temp, "LogLevel debug\n");
}
else
{
- cupsFilePuts(temp, "# Show general information in error_log.\n");
cupsFilePuts(temp, "LogLevel " CUPS_DEFAULT_LOG_LEVEL "\n");
}
}
@@ -1098,13 +1056,10 @@ cupsAdminSetServerSettings(
{
if (remote_admin > 0 || remote_any > 0 || share_printers > 0)
{
- cupsFilePuts(temp, "# Allow remote access\n");
cupsFilePrintf(temp, "Port %d\n", ippPort());
}
else
{
- cupsFilePuts(temp,
- "# Only listen for connections from the local machine.\n");
cupsFilePrintf(temp, "Listen localhost:%d\n", ippPort());
}
@@ -1117,18 +1072,6 @@ cupsAdminSetServerSettings(
if (!wrote_root_location &&
(remote_admin >= 0 || remote_any >= 0 || share_printers >= 0))
{
- if (remote_admin > 0 && share_printers > 0)
- cupsFilePuts(temp,
- "# Allow shared printing and remote administration...\n");
- else if (remote_admin > 0)
- cupsFilePuts(temp, "# Allow remote administration...\n");
- else if (share_printers > 0)
- cupsFilePuts(temp, "# Allow shared printing...\n");
- else if (remote_any > 0)
- cupsFilePuts(temp, "# Allow remote access...\n");
- else
- cupsFilePuts(temp, "# Restrict access to the server...\n");
-
cupsFilePuts(temp, "\n"
" Order allow,deny\n");
@@ -1140,11 +1083,6 @@ cupsAdminSetServerSettings(
if (!wrote_admin_location && remote_admin >= 0)
{
- if (remote_admin)
- cupsFilePuts(temp, "# Allow remote administration...\n");
- else
- cupsFilePuts(temp, "# Restrict access to the admin pages...\n");
-
cupsFilePuts(temp, "\n"
" Order allow,deny\n");
@@ -1156,12 +1094,6 @@ cupsAdminSetServerSettings(
if (!wrote_conf_location && remote_admin >= 0)
{
- if (remote_admin)
- cupsFilePuts(temp,
- "# Allow remote access to the configuration files...\n");
- else
- cupsFilePuts(temp, "# Restrict access to the configuration files...\n");
-
cupsFilePuts(temp, "\n"
" AuthType Default\n"
" Require user @SYSTEM\n"
@@ -1175,12 +1107,6 @@ cupsAdminSetServerSettings(
if (!wrote_log_location && remote_admin >= 0)
{
- if (remote_admin)
- cupsFilePuts(temp,
- "# Allow remote access to the log files...\n");
- else
- cupsFilePuts(temp, "# Restrict access to the log files...\n");
-
cupsFilePuts(temp, "\n"
" AuthType Default\n"
" Require user @SYSTEM\n"
@@ -1195,8 +1121,6 @@ cupsAdminSetServerSettings(
if (!wrote_policy && user_cancel_any >= 0)
{
cupsFilePuts(temp, "\n"
- " # Job-related operations must be done by the owner "
- "or an administrator...\n"
" \n"
- " # All administration operations require an "
- "administrator to authenticate...\n"
" \n");
if (!user_cancel_any)
- cupsFilePuts(temp, " # Only the owner or an administrator can cancel "
- "a job...\n"
- " \n"
+ cupsFilePuts(temp, " \n"
" Order deny,allow\n"
" Require user @OWNER "
CUPS_DEFAULT_PRINTOPERATOR_AUTH "\n"
diff --git a/cups/file.c b/cups/file.c
index 2fd0780804..f6fcda5b91 100644
--- a/cups/file.c
+++ b/cups/file.c
@@ -335,6 +335,173 @@ _cupsFileCheckFilter(
#endif /* !_WIN32 */
+/*
+ * '_cupsFileStripComment' - Strip inline comments from a line of text..
+ */
+
+char *_cupsFileStripComment(char *buf)
+{
+ /*
+ * Range check input...
+ */
+ DEBUG_printf(("2cupsFileStripComment(buf=%p)", (void *)buf));
+
+ /*
+ * Find the first '#' character
+ */
+ char *ptr = strchr(buf, '#');
+
+ if (!ptr)
+ return buf;
+
+ if (ptr != buf && ptr[-1] == '\\')
+ {
+ /*
+ * Check if the '#' character is escaped by a backslash
+ */
+ _cups_strcpy(ptr - 1, ptr);
+ return _cupsFileStripComment(buf);
+ }
+
+ while (ptr > buf)
+ {
+ if (!_cups_isspace(ptr[-1]))
+ {
+ *ptr = '\0';
+ break;
+ }
+
+ if (ptr != buf && *(ptr - 1) == '\\')
+ {
+ /*
+ * Check if the '#' character is escaped by a backslash
+ */
+ _cups_strcpy(ptr - 1, ptr);
+ return _cupsFileStripComment(buf);
+ }
+ else
+ ptr--;
+ }
+
+ return buf;
+}
+
+
+/*
+ * '_cupsFileGetConfAndComments()' - Get line and comments from a configuration file.
+ */
+
+char * /* O - Line read or @code NULL@ on end of file or error */
+_cupsFileGetConfAndComments(cups_file_t *fp, /* I - CUPS file */
+ char *buf, /* O - String buffer */
+ size_t buflen, /* I - Size of string buffer */
+ char **value, /* O - Pointer to value */
+ int *linenum) /* IO - Current line number */
+{
+ char *ptr; /* Pointer into line */
+
+
+ /*
+ * Range check input...
+ */
+
+ DEBUG_printf(("2cupsFileGetConfAndComments(fp=%p, buf=%p, buflen=" CUPS_LLFMT
+ ", value=%p, linenum=%p)", (void *)fp, (void *)buf, CUPS_LLCAST buflen, (void *)value, (void *)linenum));
+
+ if (!fp || (fp->mode != 'r' && fp->mode != 's') ||
+ !buf || buflen < 2 || !value)
+ {
+ if (value)
+ *value = NULL;
+
+ return (NULL);
+ }
+
+ /*
+ * Read the next line...
+ */
+
+ *value = NULL;
+
+ while (cupsFileGets(fp, buf, buflen))
+ {
+ (*linenum) ++;
+
+ /*
+ * Remove the inline comment...
+ */
+ _cupsFileStripComment(buf);
+
+ /*
+ * Strip leading whitespace...
+ */
+
+ for (ptr = buf; _cups_isspace(*ptr); ptr ++);
+
+ if (ptr > buf)
+ _cups_strcpy(buf, ptr);
+
+ /*
+ * Return the comment if any...
+ */
+
+ if (!buf[0] || buf[0] == '#')
+ return buf;
+
+ /*
+ * Otherwise grab any value and return...
+ */
+
+ for (ptr = buf; *ptr; ptr ++)
+ if (_cups_isspace(*ptr))
+ break;
+
+ if (*ptr)
+ {
+ /*
+ * Have a value, skip any other spaces...
+ */
+
+ while (_cups_isspace(*ptr))
+ *ptr++ = '\0';
+
+ if (*ptr)
+ *value = ptr;
+
+ /*
+ * Strip trailing whitespace and > for lines that begin with <...
+ */
+
+ ptr += strlen(ptr) - 1;
+
+ if (buf[0] == '<' && *ptr == '>')
+ *ptr-- = '\0';
+ else if (buf[0] == '<' && *ptr != '>')
+ {
+ /*
+ * Syntax error...
+ */
+
+ *value = NULL;
+ return (buf);
+ }
+
+ while (ptr > *value && _cups_isspace(*ptr))
+ *ptr-- = '\0';
+ }
+
+ /*
+ * Return the line...
+ */
+
+ return (buf);
+
+ }
+
+ return (NULL);
+}
+
+
/*
* 'cupsFileClose()' - Close a CUPS file.
*
diff --git a/cups/file.h b/cups/file.h
index 49ca58a0c4..644ac22f80 100644
--- a/cups/file.h
+++ b/cups/file.h
@@ -59,6 +59,8 @@ typedef struct _cups_file_s cups_file_t;/**** CUPS file type ****/
* Prototypes...
*/
+extern char *_cupsFileStripComment(char *buf) _CUPS_PRIVATE;
+extern char *_cupsFileGetConfAndComments(cups_file_t *fp, char *buf, size_t buflen, char **value, int *linenum) _CUPS_PRIVATE;
extern int cupsFileClose(cups_file_t *fp) _CUPS_API_1_2;
extern int cupsFileCompression(cups_file_t *fp) _CUPS_API_1_2;
extern int cupsFileEOF(cups_file_t *fp) _CUPS_API_1_2;