-
Notifications
You must be signed in to change notification settings - Fork 464
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for configuring separate access control for web interface #2625
Comments
CUPS.org User: mike Pushing to 1.5. |
CUPS.org User: mike We should also add support for limiting PUT access to the domain socket. |
CUPS.org User: mike Also add an "allowed filename" directive for GET/PUT accesses to /admin/conf. |
CUPS.org User: mike and to /admin/log, to the extent that it is possible to entirely disable read access or limit to the domain socket only. |
CUPS.org User: mike and maybe a "web interface enabled but require authentication for any CGI" mode? |
CUPS.org User: mike Fixed in Subversion repository. |
"str2625.patch": Index: conf/cupsd.conf.in--- conf/cupsd.conf.in (revision 9395) Default authentication type, when authentication is required...DefaultAuthType Basic +# Web interface setting... Restrict access to the server...Order allow,denyIndex: config-scripts/cups-defaults.m4--- config-scripts/cups-defaults.m4 (revision 9395) AC_SUBST(FONTS) +dnl Web interface...
+ CUPS 1.5WebInterface+ + Examples+ +
+ + Description+ + The + Index: cups/http.h--- cups/http.h (revision 9395) HTTP_AUTHORIZATION_CANCELED = 1000, /* User canceled authorization @SInCE CUPS 1.4@ */
typedef enum http_uri_status_e /**** URI separation status @SInCE CUPS 1.2@ ****/ Index: cups/http-support.c--- cups/http-support.c (revision 9395)
default : Index: man/cupsd.conf.man.in--- man/cupsd.conf.man.in (revision 9395) Index: scheduler/conf.c--- scheduler/conf.c (revision 9395)
@@ -632,6 +633,7 @@
BrowseInterval = DEFAULT_INTERVAL; Index: scheduler/conf.h--- scheduler/conf.h (revision 9395)
@@ -1580,6 +1594,20 @@
@@ -2421,17 +2499,17 @@
httpFlushWrite(HTTP(con)); con->http.data_encoding = HTTP_ENCODE_FIELDS; |
Version: 1.5-feature
CUPS.org User: mike
Currently there is no way to share printers but not also grant access to the whole web interface.
At a minimum, the user should be able to turn off all HTTP functionality except for IPP requests and GET requests for PPD files.
The text was updated successfully, but these errors were encountered: