Removed support for legacy CUPS browsing and for LDAP

Legacy CUPS browsing is not needed any more. this functionality got
removed from CUPS with version 1.6, more than a decade ago. In
cups-browsed it was implemented as a legacy support layer for servers
or clients running long-term-support enterprise distributions still
using CUPS 1.5.x or older. Now the support life of all these
distributions should have expired and so this legacy support by
cups-browsed is not needed any more.

In addition, the legacy CUPS browsing implementation in cups-browsed
was listening for UDP packaets on port 631 and by default it accepted
packets from any source, making it easy for attackers to set up forged
printers which could make use of vulnerabilities of CUPS or just find
out about the identity and properties of clients. This is
CVE-2024-47176:

    https://ubuntu.com/security/CVE-2024-47176
    GHSA-rj88-6mr5-rcw8
    https://openprinting.github.io/OpenPrinting-News-Flash-cups-browsed-Remote-Code-Execution-vulnerability/

The removal of the legacy CUPS browsing support removes also this
vulnerability.

The LDAP implementation in cups-browsed does not follow the LDAP
printer schema RFC 7612 and is therefore of very limited use.

INSTALL

@@ -111,5 +111,4 @@ PACKAGING THE SOFTWARE FOR OPERATING SYSTEM DISTRIBUTIONS
     `--enable-auto-setup-driverless-only` then.
 
     Otherwise cups-browsed is only needed for more advanced setups,
-    like printer clusters or support for legacy CUPS (< 1.6.x) on
-    remote servers or clients.
+    like printer clusters.

README.md

@@ -26,15 +26,6 @@ cups-browsed has the following functionality:
   several print dialogs use old CUPS APIs and therefore require
   permanent local queues to see such printers.
 
-- Auto-discover shared printers on remote CUPS servers running CUPS
-  1.5.x or older via legacy CUPS browsing. This is intended for
-  settings with print servers running long-term-support enterprise
-  distributions.
-
-- Broadcast shared local printers using legacy CUPS browsing (of CUPS
-  1.5.x) for settings with printing clients running long-term-support
-  enterprise distributions.
-
 - Creating printer clusters where jobs are printed to one single queue
   and get automatically passed on to a suitable member printer.
 
@@ -63,8 +54,8 @@ cups-browsed has the following functionality:
 
 - Highly configurable: Which printers are considered? For which type
   of printers queues are created? Cluster types and member printers?
-  which names auto-created queues should get? DNS-SD and/or legacy
-  browsing? ...
+  which names auto-created queues should get? DNS-SD and/or
+  BrowsePoll? ...
 
 - Multi-threading allows several tasks to be done in parallel and
   assures responsiveness of the daemon when there is a large amount of
@@ -154,43 +145,33 @@ Most of this is still valid for the current cups-browsed.
 ### HELPER DAEMON FOR BROWSING REMOTE CUPS PRINTERS AND IPP NETWORK PRINTERS
 
 From version 1.6.0 on in CUPS the CUPS broadcasting/browsing
-facility was dropped, in favour of Bonjour-based broadcasting of
-shared printers. This is done as Bonjour broadcasting of shared
+facility was dropped, in favour of DNS-SD-based broadcasting of
+shared printers. This is done as DNS-SD broadcasting of shared
 printers is a standard, established by the PWG (Printing Working
 Group, http://www.pwg.org/), and most other network services
 (shared file systems, shared media files/streams, remote desktop
-services, ...) are also broadcasted via Bonjour.
+services, ...) are also broadcasted via DNS-SD.
 
 Problem is that CUPS only broadcasts its shared printers but does
 not browse broadcasts of other CUPS servers to make the shared
 remote printers available locally without any configuration
 efforts. This is a regression compared to the old CUPS
 broadcasting/browsing. The intention of CUPS upstream is that the
-application's print dialogs browse the Bonjour broadcasts as an
+application's print dialogs browse the DNS-SD broadcasts as an
 AirPrint-capable iPhone does, but it will take its time until all
 toolkit developers add the needed functionality, and programs
 using old toolkits or no toolkits at all, or the command line stay
 uncovered.
 
-The solution is cups-browsed, a helper daemon running in parallel
-to the CUPS daemon which listens to Bonjour broadcasts of shared
-CUPS printers on remote machines in the local network via Avahi,
-and can also listen for (and send) CUPS Browsing broadcasts. For
-each reported remote printer it creates a local raw queue pointing
-to the remote printer so that the printer appears in local print
-dialogs and is also available for printing via the command
-line. As with the former CUPS broadcasting/browsing with this
-queue the driver on the server is used and the local print dialogs
-give access to all options of the server-side printer driver.
-
-Note that CUPS broadcasting/browsing is available for legacy
-support, to let the local CUPS daemon work seamlessly together
-with remote CUPS daemons of version 1.5.x and older which only
-support CUPS broadcasting/browsing. In networks with only CUPS
-1.6.x servers (or Ubuntu or Fedora/Red Hat servers with CUPS
-1.5.x) please use the native Bonjour broadcasting of your servers
-and cups-browsed, configured for Bonjour browsing only on the
-clients.
+The solution is cups-browsed, a helper daemon running in parallel to
+the CUPS daemon which listens to DNS-SD broadcasts of shared CUPS
+printers on remote machines in the local network via Avahi. For each
+reported remote printer it creates a local raw queue pointing to the
+remote printer so that the printer appears in local print dialogs and
+is also available for printing via the command line. As with the
+former CUPS broadcasting/browsing with this queue the driver on the
+server is used and the local print dialogs give access to all options
+of the server-side printer driver.
 
 Also high availability with redundant print servers and load
 balancing is supported. If there is more than one server providing
@@ -301,7 +282,7 @@ up. cups-browsed is also robust against any shutdown and restart
 of avahi-daemon.
 
 Here is some info on how cups-browsed works internally (first concept of a
-daemon which does only Bonjour browsing):
+daemon which does only DNS-SD browsing):
 
     - Daemon start
       o Wait for CUPS daemon if it is not running
@@ -357,7 +338,7 @@ appears, create new queue as <original name>@<server name without
 of the others by one with simple name (mark old queue disappeared
 with timeout now-1 sec and create new queue with simple name).
 
-Fill description of the created CUPS queue with the Bonjour
+Fill description of the created CUPS queue with the DNS-SD
 service name (= original description) and location with the server
 name without .local.
 

configure.ac

@@ -300,50 +300,6 @@ fi
 AC_SUBST(AVAHI_LIBS)
 AC_SUBST(AVAHI_CFLAGS)
 
-dnl
-dnl   LDAP configuration stuff for CUPS.
-dnl
-dnl   Copyright 2007-2011 by Apple Inc.
-dnl   Copyright 2003-2006 by Easy Software Products, all rights reserved.
-dnl
-dnl   These coded instructions, statements, and computer programs are the
-dnl   property of Apple Inc. and are protected by Federal copyright
-dnl   law.  Distribution and use rights are outlined in the file "COPYING"
-dnl   which should have been included with this file.
-dnl
-
-AC_ARG_ENABLE([ldap], [AS_HELP_STRING([--disable-ldap], [disable LDAP support.])],
-        [enable_ldap="$enableval"],
-        [enable_ldap=yes]
-)
-AC_ARG_WITH([ldap-libs], [AS_HELP_STRING([--with-ldap-libs], [set directory for LDAP library.])],
-    LDFLAGS="-L$withval $LDFLAGS"
-    DSOFLAGS="-L$withval $DSOFLAGS",)
-AC_ARG_WITH([ldap-includes], [AS_HELP_STRING([--with-ldap-includes], [set directory for LDAP includes.])],
-    CFLAGS="-I$withval $CFLAGS"
-    CPPFLAGS="-I$withval $CPPFLAGS",)
-
-if test x$enable_ldap != xno; then
-
-    AC_CHECK_HEADER([ldap.h], [
-	AC_SEARCH_LIBS([ldap_initialize], [ldap], [
-	    AC_DEFINE([HAVE_LDAP], [], [Define if LDAP support should be enabled])
-	    AC_DEFINE([HAVE_OPENLDAP], [], [If LDAP support is that of OpenLDAP])
-	    AC_CHECK_LIB([ldap], [ldap_start_tls],
-		AC_DEFINE([HAVE_LDAP_SSL], [], [If LDAP has SSL/TLS support enabled]))],[
-
-	    AC_CHECK_LIB([ldap], [ldap_init], [
-		AC_DEFINE([HAVE_LDAP], [], [Define if LDAP support should be enabled])
-		AC_DEFINE([HAVE_MOZILLA_LDAP], [], [If LDAP support is that of Mozilla])
-		AC_CHECK_HEADERS([ldap_ssl.h], [], [], [#include <ldap.h>])
-		AC_CHECK_LIB([ldap], [ldapssl_init],
-		    AC_DEFINE([HAVE_LDAP_SSL], [], [If LDAP has SSL/TLS support enabled]))])]
-	)
-	AC_CHECK_LIB([ldap], [ldap_set_rebind_proc], AC_DEFINE([HAVE_LDAP_REBIND_PROC], [], [If libldap implements ldap_set_rebind_proc]))
-    ])
-
-fi
-
 PKG_CHECK_MODULES(GLIB, [glib-2.0 >= 2.30.2])
 AC_SUBST(GLIB_CFLAGS)
 AC_SUBST(GLIB_LIBS)
@@ -487,7 +443,7 @@ Environment settings:
 Build configuration:
 	cups-config:                               ${with_cups_config}
 	init directory:                            ${INITDDIR}
-	cups dom socket:                           ${CUPS_DEFAULT_DOMAINSOCKET}
+	cups domain socket:                        ${CUPS_DEFAULT_DOMAINSOCKET}
 	avahi:                                     ${enable_avahi}
 	browsing:                                  ${with_browseremoteprotocols}
 	local queue naming for remote CUPS queues: ${REMOTE_CUPS_LOCAL_QUEUE_NAMING}

daemon/cups-browsed.8

@@ -16,20 +16,14 @@
 .fam T
 .fi
 .SH DESCRIPTION
-\fBcups-browsed\fP has four independently switchable functions:
+\fBcups-browsed\fP has two independently switchable functions:
 .IP 1. 4
-Browse Bonjour broadcasts of remote printers and create/remove local
-raw queues pointing to these printers.
+Browse DNS-SD broadcasts of remote printers and create/remove local
+CUPS queues pointing to these printers.
 .IP 2. 4
-Browse CUPS broadcasts of remote printers and create/remove local raw
-queues pointing to these printers.
-.IP 3. 4
-Browse an LDAP server for printers and create/remove local raw
-queues pointing to these printers.
-.IP 4. 4
-Broadcast local queues with the CUPS protocol.
+Find shared printers on given CUPS servers and create local CUPS queues
+pointing to them.
 .PP
-Note that 2. and 4. are only to allow communication with legacy CUPS servers (1.5.x or older) on the remote machine(s). The standard method to broadcast for shared/network printers to broadcast their presence is Bonjour. The CUPS broadcasting/browsing protocol is deprecated.
 
 cups-browsed can be run permanently (from system boot to shutdown) or on-demand (for example to save resources on mobile devices). For running it on-demand an auto-shutdown feature can be activated to let cups-browsed terminate when it does not have queues any more to take care of.
 
@@ -76,28 +70,8 @@ Display usage and version info and do not start the daemon.
 \fISIGUSR2\f1: Switches cups-browsed into auto shutdown mode.
 
 .SH NOTES
-Please take references to cups 1.6.x to include newer versions.
-Similarly, cups 1.5.x is intended to encompass older versions too.
-.PP
-In environments with only cups 1.6.x servers and clients (plus
-\fBcups-browsed\fP on either server or client or both) the function described in 1.
-enables the automatic discovery of remote queues and their display in
-printing dialogues of applications and with command line tools.
-.PP
-The facility provided by 3. allows printers that are registered in an LDAP
-server to be added as local queues. CUPS servers 1.5.x are able to automatically
-register printers in LDAP. The facility provided by \fBcups-browsed\fP allows
-a filter string to further limit the printers that are browsed from LDAP.
-.PP
-The facility provided by 4. means that servers running cups 1.6.x plus
-\fBcups-browsed\fP can broadcast their local queues so that clients with cups
-1.5.x get these queues automatically available. The outcome of 2. is
-that clients running cups 1.6.x plus \fBcups-browsed\fP can use the CUPS
-broadcasts from servers with cups 1.5.x. As with browsing of Bonjour
-broadcasts, the created local raw queues are available to applications
-and command line tools.
-.PP
 This manual page was written for the Debian Project, but it may be used by others.
+
 .SH SEE ALSO
 
 \fBcups-browsed.conf\fP(5)