Bug 241128

Summary:	net-print/cups group authorisation fails with duplicated groups
Product:	Gentoo Linux	Reporter:	Daniel Solano Gómez <gentoo>
Component:	[OLD] Printing	Assignee:	Printing Team <printing>
Status:	RESOLVED UPSTREAM
Severity:	major
Priority:	High
Version:	unspecified
Hardware:	AMD64
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---
Attachments:	Change group authorisation logic to use iterative getgrent() calls instead of getgrnam() Patches the ebuild to include new group authorisation patch.

Description Daniel Solano Gómez 2008-10-10 16:02:40 UTC

CUPS has the ability to authorise people based upon group membership by using a configuration directive similar to 'Require group lpadmin'.  However, if a group is defined both in '/etc/group' and in LDAP, CUPS will only use the first instance.

The cause of this problem is that the 'getgrnam()' system call only returns one entry, even though multiple entries may fit the search criterion.  Iterating through the entries returned by 'getgrent()' allows the program to verify against all groups.

I have attached a patch that changes the authorisation code.  I have also submitted the patch upstream (http://cups.org/str.php?L2967).

Comment 1 Daniel Solano Gómez 2008-10-10 16:04:14 UTC

Created attachment 167880 [details, diff]
Change group authorisation logic to use iterative getgrent() calls instead of getgrnam()

Comment 2 Daniel Solano Gómez 2008-10-10 16:06:28 UTC

Created attachment 167884 [details, diff]
Patches the ebuild to include new group authorisation patch.

Comment 3 Timo Gurr (RETIRED) gentoo-dev

2010-06-22 22:02:06 UTC

Thanks for taking this upstream, resolving as upstream (even though that means we've to wait for >=cups-1.5 for this to happen).