pappl
pappl copied to clipboard
michaelrsweet
dnssd.c: Enable service registration on loopback only
In case users would like to prevent sharing services from printer applications to local network, restrict it to localhost and let CUPS do the sharing.
This can be done by setting listen-hostname in PAPPL API - this prevents accessing the public addresses, but the service is still published on those public addresses. This can be prevented if the machine hostname is changed to localhost, but that's not desired on machines IIUC.
The PR does the following:
- introduced new pappl system member reghost, which is used for saving listen-hostname,
- new public accessors for that member, papplSystemSetRegHostName() and papplSystemGetRegHostName() - user can set the member to localhost or to the current hostname
- dnssd functions will check this member, and if it is localhost, it will use loopback index
- in case of Avahi it passes NULL as hostname to let Avahi decide what hostname to use (in case of hostname conflicts - and Avahi forbids using localhost if it is not FQDN)
The result is that if reghost is set to localhost, the service is published on .local address, but resolved to loopback because CUPS uses DNS-SD names in URIs.
PAPPL 2.x version requires CUPS PR https://github.com/OpenPrinting/cups/pull/902 to have it working.
@michaelrsweet
I'm not comfortable separating the "registration hostname" from the "listen hostname".
Hmm... I meant registration hostname to be exactly the listen hostname - and we have to save the 'listen hostname' somewhere to have a way how to decide which net interface to use for advertising, because papplSystemAddListeners() saves only ports and socket fds, and system->hostname serves different purpose (setting machine's hostname).
With your feedback, I guess you mean I can save the listen hostname into system struct in papplSystemAddListeners() instead of having public functions for setting them - if there is no public functions to access them, it prevents possible separation.
I support changing things to correctly advertise for the loopback interface but not for separating the hostname configurations.
It currently requires changing machine's hostname to change the scope where the service will be advertised (which is IMHO undesired) - IMO we have to separate server hostname and listen hostname configurations (if you meant them) and have a way where to save listen hostname, or remove the server hostname functionality to change machine's hostname (keep the hostname only internally and do not change /etc/hostname).
WDYT?
I've removed public accessors and renamed reghost to listen_hostname - it is set only when papplSystemAddListeners() is called.
I set the PR to [WIP], until it is clear how I should change it.
@michaelrsweet ad saving listen-hostname - Or did you mean to save listen-hostname into system->hostname in papplSystemAddListeners()? That's another way how I imagine to keep the hostnames in sync, but I'm not sure if it is a right call (yeah, if I assign the pointer directly without calling accessor papplSystemSetHostName(), the machine's hostname is not changed, so it could work, but I'm not sure if it is correct thing to do there).
Ignore the review request for now, I rewrite it to use system->hostname. Once it is ready, I remove the [WIP].