To receive peer's credentials in scheduler/auth.c uses this code: if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &peercred, &peersize)) But on FreeBSD getsockopt() can't return peer's credentials. As result cupsd can't verify peer's credentials and some applications like cups-browsed will fail to communicate with cupsd. In /var/log/cups/messages I see messages like this: E [30/Jun/2014:19:24:32 +0400] [Client 11] Invalid peer credentials for "root" - got 556557241, expected 0! To fix this problem I used this simple and dumb patch: --- scheduler/auth.c.orig 2014-06-30 19:17:02.796524975 +0400 +++ scheduler/auth.c 2014-06-30 19:18:00.818031410 +0400 @@ -559,7 +559,7 @@ # ifdef __APPLE__ if (getsockopt(con->http.fd, 0, LOCAL_PEERCRED, &peercred, &peersize)) # else - if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &peercred, &peersize)) + if (getpeereid(con->http.fd, &(peercred.cr_uid), &(peercred.cr_groups[0]))) # endif /* __APPLE__ */ { cupsdLogMessage(CUPSD_LOG_ERROR, But this solution may be incomplete. Also required escalation of this problem to Apple.
I can confirm I am getting this error too on 9.2-RELEASE-p9 and latest 2014-07-08 ports with cups-base-1.7.3 (where cupsd.conf and cups-browsed.conf where split out). --snip-- E [08/Jul/2014:17:24:15 +0200] [Client 13] Invalid peer credentials for "root" - got 8, expected 0! E [08/Jul/2014:17:24:15 +0200] [Client 13] Invalid peer credentials for "root" - got 8, expected 0! E [08/Jul/2014:17:24:15 +0200] [Client 13] Invalid peer credentials for "root" - got 8, expected 0! E [08/Jul/2014:17:24:15 +0200] [Client 13] Invalid peer credentials for "root" - got 8, expected 0! E [08/Jul/2014:17:24:15 +0200] [Client 13] Invalid peer credentials for "root" - got 8, expected 0! --snip--
cups isn't maintained by anyone. If you are confident in your suggested patch now, I'd submit it as an attachment. I don't think anyone is going to evaluate a suggestion but they might commit a simple patch.
Created attachment 145814 [details] Workaround to fix a problem Please place attached file as print/cups-base/files/patch-auth.c
Created attachment 148622 [details] patch to scheduler/auth.c I tried the patch, and it does indeed solve the problem. The reason is however not that getsockopt does not work. The "__APPLE__" variant of the call does work: if (getsockopt(con->http.fd, 0, LOCAL_PEERCRED, &peercred, &peersize)) it is rather that "SOL_SOCKET" does not work, but apparently does not return an error, but just does not touch "peercred", leaving whatever was there before. I therefore propose a different patch - see attachment!
Can a ports committer please consider committing this very simple patch that solves the issue (also in attachment)? --- scheduler/auth.c.orig 2014-01-06 23:21:15.000000000 +0100 +++ scheduler/auth.c 2014-10-24 19:09:55.000000000 +0200 @@ -556,7 +556,7 @@ peersize = sizeof(peercred); -# ifdef __APPLE__ +# if defined(__APPLE__) || defined(__FreeBSD__) if (getsockopt(con->http.fd, 0, LOCAL_PEERCRED, &peercred, &peersize)) # else if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &peercred, &peersize)) @@ -1155,7 +1155,7 @@ peersize = sizeof(peercred); -# ifdef __APPLE__ +# if defined(__APPLE__) || defined(__FreeBSD__) if (getsockopt(con->http.fd, 0, LOCAL_PEERCRED, &peercred, &peersize)) # else if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &peercred,
A commit references this bug: Author: tijl Date: Fri Nov 7 13:03:11 UTC 2014 New revision: 372260 URL: https://svnweb.freebsd.org/changeset/ports/372260 Log: - Let the rc script require the mdnsd or avahi_daemon rc scripts [1] - Fix two getsockopt calls so they return peer credentials correctly [2] PR: 194856 [1], 191515 [2] Submitted by: Adrian Waters <draenan@gmail.com> [1] Submitted by: Bengt Ahlgren <bengta@sics.se> [2] Changes: head/print/cups-base/Makefile head/print/cups-base/files/cupsd.in head/print/cups-base/files/patch-scheduler__auth.c