Attachment #24259 for bug #61517

View | Details | Raw Unified | Return to bug 61517
Collapse All | Expand All




 *   SendHeader()          - Send an HTTP request.
 *   UpdateCGI()           - Read status messages from CGI scripts and programs.
 *   WriteClient()         - Write data to a client as needed.
 *   SanitizeURI()         - Remove any username and password from a uri.
 *   check_if_modified()   - Decode an "If-Modified-Since" line.
 *   decode_auth()         - Decode an authorization string.
 *   get_file()            - Get a filename and state info.



/*
 * 'SanitizeURI()' - Remove any username and password from a uri.
 */

char *					/* O - sanitized uri */
SanitizeURI(char *buf,			/* O - buffer for sanitized uri */
	    int bufsize,		/* I - buffer size */
	    const char *uri)		/* I - uri to sanitize */
{
  char	method[HTTP_MAX_URI],		/* Method portion of URI */
	username[HTTP_MAX_URI],		/* Username portion of URI */
	host[HTTP_MAX_URI],		/* Host portion of URI */
	resource[HTTP_MAX_URI];		/* Resource portion of URI */
  int	port;				/* Port portion of URI */


  httpSeparate3(uri, method, sizeof(method), username, sizeof(username), 
		host, sizeof(host), &port, resource, sizeof(resource), 0);

  if (port)
    snprintf(buf, bufsize, "%s://%s:%d%s", method, host, port, resource);
  else
    snprintf(buf, bufsize, "%s://%s%s", method, host, resource);

  return buf;
}


/*
 * 'check_if_modified()' - Decode an "If-Modified-Since" line.
 */


Lines 112-117 Link Here

(-)client.h (+1 lines)
112	extern void StopListening(void);	112	extern void StopListening(void);
113	extern void UpdateCGI(void);	113	extern void UpdateCGI(void);
114	extern int WriteClient(client_t *con);	114	extern int WriteClient(client_t *con);
		115	extern char SanitizeURI(char buf, int bufsize, const char *uri);
115		116
116	/*	117	/*
117	* End of "$Id$".	118	* End of "$Id$".

Lines 1035-1042 Link Here

(-)ipp.c (-2 / +8 lines)
1035	/* Username portion of URI */	1035	/* Username portion of URI */
1036	host[HTTP_MAX_URI],	1036	host[HTTP_MAX_URI],
1037	/* Host portion of URI */	1037	/* Host portion of URI */
1038	resource[HTTP_MAX_URI];	1038	resource[HTTP_MAX_URI],
1039	/* Resource portion of URI */	1039	/* Resource portion of URI */
		1040	old_device_uri[HTTP_MAX_URI],
		1041	/* Sanitized old URI */
		1042	new_device_uri[HTTP_MAX_URI];
		1043	/* Sanitized new URI */
1040	int port; /* Port portion of URI */	1044	int port; /* Port portion of URI */
1041	printer_t printer; / Printer/class */	1045	printer_t printer; / Printer/class */
1042	ipp_attribute_t attr; / Printer attribute */	1046	ipp_attribute_t attr; / Printer attribute */
Lines 1222-1228 Link Here
1222	}	1226	}
1223		1227
1224	LogMessage(L_INFO, "Setting %s device-uri to \"%s\" (was \"%s\".)",	1228	LogMessage(L_INFO, "Setting %s device-uri to \"%s\" (was \"%s\".)",
1225	printer->name, attr->values[0].string.text, printer->device_uri);	1229	printer->name,
		1230	SanitizeURI(new_device_uri, sizeof(new_device_uri), attr->values[0].string.text),
		1231	SanitizeURI(old_device_uri, sizeof(old_device_uri), printer->device_uri));
1226		1232
1227	SetString(&printer->device_uri, attr->values[0].string.text);	1233	SetString(&printer->device_uri, attr->values[0].string.text);
1228	}	1234	}

Lines 1202-1207 Link Here

(-)job.c (-2 / +12 lines)
1202	classification[1024], /* CLASSIFICATION environment variable */	1202	classification[1024], /* CLASSIFICATION environment variable */
1203	content_type[1024], /* CONTENT_TYPE environment variable */	1203	content_type[1024], /* CONTENT_TYPE environment variable */
1204	device_uri[1024], /* DEVICE_URI environment variable */	1204	device_uri[1024], /* DEVICE_URI environment variable */
		1205	device_uri2[1024], /* Sanitized device uri */
1205	ppd[1024], /* PPD environment variable */	1206	ppd[1024], /* PPD environment variable */
1206	class_name[255], /* CLASS environment variable */	1207	class_name[255], /* CLASS environment variable */
1207	printer_name[255], /* PRINTER environment variable */	1208	printer_name[255], /* PRINTER environment variable */
Lines 1689-1694 Link Here
1689	attr->values[0].string.text);	1690	attr->values[0].string.text);
1690	}	1691	}
1691		1692
		1693	/*
		1694	* Create a sanitized version of the device uri for logging purposes
		1695	*/
		1696
		1697	SanitizeURI(device_uri2, sizeof(device_uri2), printer->device_uri);
		1698
1692	snprintf(path, sizeof(path), "PATH=%s/filter:/bin:/usr/bin", ServerBin);	1699	snprintf(path, sizeof(path), "PATH=%s/filter:/bin:/usr/bin", ServerBin);
1693	snprintf(content_type, sizeof(content_type), "CONTENT_TYPE=%s/%s",	1700	snprintf(content_type, sizeof(content_type), "CONTENT_TYPE=%s/%s",
1694	current->filetypes[current->current_file]->super,	1701	current->filetypes[current->current_file]->super,
Lines 1802-1807 Link Here
1802	envp[envc] = NULL;	1809	envp[envc] = NULL;
1803		1810
1804	for (i = 0; i < envc; i ++)	1811	for (i = 0; i < envc; i ++)
		1812	if (!strncmp(envp[i], "DEVICE_URI=", 11))
		1813	LogMessage(L_DEBUG, "StartJob: envp[%d]=\"DEVICE_URI=%s\"", i, device_uri2);
		1814	else
1805	LogMessage(L_DEBUG, "StartJob: envp[%d]=\"%s\"", i, envp[i]);	1815	LogMessage(L_DEBUG, "StartJob: envp[%d]=\"%s\"", i, envp[i]);
1806		1816
1807	current->current_file ++;	1817	current->current_file ++;
Lines 1908-1917 Link Here
1908	if (filterfds[slot][1] < 0)	1918	if (filterfds[slot][1] < 0)
1909	{	1919	{
1910	LogMessage(L_ERROR, "Unable to open output file \"%s\" - %s.",	1920	LogMessage(L_ERROR, "Unable to open output file \"%s\" - %s.",
1911	printer->device_uri, strerror(errno));	1921	device_uri2, strerror(errno));
1912	snprintf(printer->state_message, sizeof(printer->state_message),	1922	snprintf(printer->state_message, sizeof(printer->state_message),
1913	"Unable to open output file \"%s\" - %s.",	1923	"Unable to open output file \"%s\" - %s.",
1914	printer->device_uri, strerror(errno));	1924	device_uri2, strerror(errno));
1915		1925
1916	AddPrinterHistory(printer);	1926	AddPrinterHistory(printer);
1917		1927




SetPrinterAttrs(printer_t *p)		/* I - Printer to setup */
{
  char		uri[HTTP_MAX_URI];	/* URI for printer */
  char		resource[HTTP_MAX_URI];	/* Resource portion of URI */
		username[HTTP_MAX_URI],	/* Username portion of URI */
		host[HTTP_MAX_URI],	/* Host portion of URI */
		resource[HTTP_MAX_URI];	/* Resource portion of URI */
  int		port;			/* Port portion of URI */
  int		i;			/* Looping var */
  char		filename[1024];		/* Name of PPD file */
  int		num_media;		/* Number of media options */

        * http://..., ipp://..., etc.
	*/

	SanitizeURI(uri, sizeof(uri), p->device_uri);
	if (port)
	  snprintf(uri, sizeof(uri), "%s://%s:%d%s", method, host, port,
	           resource);
	else
	  snprintf(uri, sizeof(uri), "%s://%s%s", method, host, resource);
      }
      else
      {

Return to bug 61517

Lines 1150-1160 Link Here

(-)printers.c (-11 / +2 lines)
1150	SetPrinterAttrs(printer_t p) / I - Printer to setup */	1150	SetPrinterAttrs(printer_t p) / I - Printer to setup */
1151	{	1151	{
1152	char uri[HTTP_MAX_URI]; /* URI for printer */	1152	char uri[HTTP_MAX_URI]; /* URI for printer */
1153	char method[HTTP_MAX_URI], /* Method portion of URI */	1153	char resource[HTTP_MAX_URI]; /* Resource portion of URI */
1154	username[HTTP_MAX_URI], /* Username portion of URI */
1155	host[HTTP_MAX_URI], /* Host portion of URI */
1156	resource[HTTP_MAX_URI]; /* Resource portion of URI */
1157	int port; /* Port portion of URI */
1158	int i; /* Looping var */	1154	int i; /* Looping var */
1159	char filename[1024]; /* Name of PPD file */	1155	char filename[1024]; /* Name of PPD file */
1160	int num_media; /* Number of media options */	1156	int num_media; /* Number of media options */
Lines 1360-1371 Link Here
1360	* http://..., ipp://..., etc.	1356	* http://..., ipp://..., etc.
1361	*/	1357	*/
1362		1358
1363	httpSeparate(p->device_uri, method, username, host, &port, resource);	1359	SanitizeURI(uri, sizeof(uri), p->device_uri);
1364	if (port)
1365	snprintf(uri, sizeof(uri), "%s://%s:%d%s", method, host, port,
1366	resource);
1367	else
1368	snprintf(uri, sizeof(uri), "%s://%s%s", method, host, resource);
1369	}	1360	}
1370	else	1361	else
1371	{	1362	{

Lines 35-40 Link Here

(-)client.c (+29 lines)
35	* SendHeader() - Send an HTTP request.	35	* SendHeader() - Send an HTTP request.
36	* UpdateCGI() - Read status messages from CGI scripts and programs.	36	* UpdateCGI() - Read status messages from CGI scripts and programs.
37	* WriteClient() - Write data to a client as needed.	37	* WriteClient() - Write data to a client as needed.
		38	* SanitizeURI() - Remove any username and password from a uri.
38	* check_if_modified() - Decode an "If-Modified-Since" line.	39	* check_if_modified() - Decode an "If-Modified-Since" line.
39	* decode_auth() - Decode an authorization string.	40	* decode_auth() - Decode an authorization string.
40	* get_file() - Get a filename and state info.	41	* get_file() - Get a filename and state info.
Lines 2486-2491 Link Here
2486		2487
2487		2488
2488	/*	2489	/*
		2490	* 'SanitizeURI()' - Remove any username and password from a uri.
		2491	*/
		2492
		2493	char * /* O - sanitized uri */
		2494	SanitizeURI(char buf, / O - buffer for sanitized uri */
		2495	int bufsize, /* I - buffer size */
		2496	const char uri) / I - uri to sanitize */
		2497	{
		2498	char method[HTTP_MAX_URI], /* Method portion of URI */
		2499	username[HTTP_MAX_URI], /* Username portion of URI */
		2500	host[HTTP_MAX_URI], /* Host portion of URI */
		2501	resource[HTTP_MAX_URI]; /* Resource portion of URI */
		2502	int port; /* Port portion of URI */
		2503
		2504
		2505	httpSeparate3(uri, method, sizeof(method), username, sizeof(username),
		2506	host, sizeof(host), &port, resource, sizeof(resource), 0);
		2507
		2508	if (port)
		2509	snprintf(buf, bufsize, "%s://%s:%d%s", method, host, port, resource);
		2510	else
		2511	snprintf(buf, bufsize, "%s://%s%s", method, host, resource);
		2512
		2513	return buf;
		2514	}
		2515
		2516
		2517	/*
2489	* 'check_if_modified()' - Decode an "If-Modified-Since" line.	2518	* 'check_if_modified()' - Decode an "If-Modified-Since" line.
2490	*/	2519	*/
2491		2520