]>
Commit | Line | Data |
---|---|---|
ef416fc2 | 1 | /* |
f301802f | 2 | * "$Id: auth.c 5558 2006-05-21 13:58:56Z mike $" |
ef416fc2 | 3 | * |
4 | * Authentication functions for the Common UNIX Printing System (CUPS). | |
5 | * | |
6 | * Copyright 1997-2006 by Easy Software Products. | |
7 | * | |
8 | * These coded instructions, statements, and computer programs are the | |
9 | * property of Easy Software Products and are protected by Federal | |
10 | * copyright law. Distribution and use rights are outlined in the file | |
11 | * "LICENSE.txt" which should have been included with this file. If this | |
12 | * file is missing or damaged please contact Easy Software Products | |
13 | * at: | |
14 | * | |
15 | * Attn: CUPS Licensing Information | |
16 | * Easy Software Products | |
17 | * 44141 Airport View Drive, Suite 204 | |
18 | * Hollywood, Maryland 20636 USA | |
19 | * | |
20 | * Voice: (301) 373-9600 | |
21 | * EMail: cups-info@cups.org | |
22 | * WWW: http://www.cups.org | |
23 | * | |
24 | * This file is subject to the Apple OS-Developed Software exception. | |
25 | * | |
26 | * Contents: | |
27 | * | |
28 | * cupsDoAuthentication() - Authenticate a request. | |
29 | * cups_local_auth() - Get the local authorization certificate if | |
30 | * available/applicable... | |
31 | */ | |
32 | ||
33 | /* | |
34 | * Include necessary headers... | |
35 | */ | |
36 | ||
37 | #include "globals.h" | |
38 | #include "debug.h" | |
39 | #include <stdlib.h> | |
40 | #include <ctype.h> | |
41 | #include <errno.h> | |
42 | #include <fcntl.h> | |
43 | #include <sys/stat.h> | |
44 | #if defined(WIN32) || defined(__EMX__) | |
45 | # include <io.h> | |
46 | #else | |
47 | # include <unistd.h> | |
48 | #endif /* WIN32 || __EMX__ */ | |
49 | ||
50 | ||
51 | /* | |
52 | * Local functions... | |
53 | */ | |
54 | ||
55 | static int cups_local_auth(http_t *http); | |
56 | ||
57 | ||
58 | /* | |
59 | * 'cupsDoAuthentication()' - Authenticate a request. | |
60 | * | |
61 | * This function should be called in response to a HTTP_UNAUTHORIZED | |
62 | * status, prior to resubmitting your request. | |
63 | * | |
64 | * @since CUPS 1.1.20@ | |
65 | */ | |
66 | ||
67 | int /* O - 0 on success, -1 on error */ | |
68 | cupsDoAuthentication(http_t *http, /* I - HTTP connection to server */ | |
69 | const char *method,/* I - Request method (GET, POST, PUT) */ | |
70 | const char *resource) | |
71 | /* I - Resource path */ | |
72 | { | |
73 | const char *password; /* Password string */ | |
74 | char prompt[1024], /* Prompt for user */ | |
75 | realm[HTTP_MAX_VALUE], /* realm="xyz" string */ | |
76 | nonce[HTTP_MAX_VALUE], /* nonce="xyz" string */ | |
77 | encode[512]; /* Encoded username:password */ | |
78 | ||
79 | ||
80 | DEBUG_printf(("cupsDoAuthentication(http=%p, method=\"%s\", resource=\"%s\")\n", | |
81 | http, method, resource)); | |
82 | DEBUG_printf(("cupsDoAuthentication: digest_tries=%d, userpass=\"%s\"\n", | |
83 | http->digest_tries, http->userpass)); | |
84 | ||
85 | /* | |
86 | * Clear the current authentication string... | |
87 | */ | |
88 | ||
89 | http->authstring[0] = '\0'; | |
90 | ||
91 | /* | |
92 | * See if we can do local authentication... | |
93 | */ | |
94 | ||
d6ae789d | 95 | if (http->digest_tries < 3 && !cups_local_auth(http)) |
ef416fc2 | 96 | { |
97 | DEBUG_printf(("cupsDoAuthentication: authstring=\"%s\"\n", http->authstring)); | |
d6ae789d | 98 | |
99 | if (http->status == HTTP_UNAUTHORIZED) | |
100 | http->digest_tries ++; | |
101 | ||
ef416fc2 | 102 | return (0); |
103 | } | |
104 | ||
105 | /* | |
106 | * Nope, see if we should retry the current username:password... | |
107 | */ | |
108 | ||
109 | if (http->digest_tries > 1 || !http->userpass[0]) | |
110 | { | |
111 | /* | |
112 | * Nope - get a new password from the user... | |
113 | */ | |
114 | ||
f301802f | 115 | snprintf(prompt, sizeof(prompt), _("Password for %s on %s? "), cupsUser(), |
116 | http->hostname[0] == '/' ? "localhost" : http->hostname); | |
ef416fc2 | 117 | |
118 | http->digest_tries = strncasecmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], | |
119 | "Digest", 5) != 0; | |
120 | http->userpass[0] = '\0'; | |
121 | ||
122 | if ((password = cupsGetPassword(prompt)) == NULL) | |
123 | return (-1); | |
124 | ||
125 | if (!password[0]) | |
126 | return (-1); | |
127 | ||
128 | snprintf(http->userpass, sizeof(http->userpass), "%s:%s", cupsUser(), | |
129 | password); | |
130 | } | |
131 | else if (http->status == HTTP_UNAUTHORIZED) | |
132 | http->digest_tries ++; | |
133 | ||
134 | /* | |
135 | * Got a password; encode it for the server... | |
136 | */ | |
137 | ||
138 | if (strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Digest", 6)) | |
139 | { | |
140 | /* | |
141 | * Basic authentication... | |
142 | */ | |
143 | ||
144 | httpEncode64_2(encode, sizeof(encode), http->userpass, | |
145 | strlen(http->userpass)); | |
146 | snprintf(http->authstring, sizeof(http->authstring), "Basic %s", encode); | |
147 | } | |
148 | else | |
149 | { | |
150 | /* | |
151 | * Digest authentication... | |
152 | */ | |
153 | ||
154 | httpGetSubField(http, HTTP_FIELD_WWW_AUTHENTICATE, "realm", realm); | |
155 | httpGetSubField(http, HTTP_FIELD_WWW_AUTHENTICATE, "nonce", nonce); | |
156 | ||
157 | httpMD5(cupsUser(), realm, strchr(http->userpass, ':') + 1, encode); | |
158 | httpMD5Final(nonce, method, resource, encode); | |
159 | snprintf(http->authstring, sizeof(http->authstring), | |
160 | "Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", " | |
161 | "uri=\"%s\", response=\"%s\"", cupsUser(), realm, nonce, | |
162 | resource, encode); | |
163 | } | |
164 | ||
165 | DEBUG_printf(("cupsDoAuthentication: authstring=\"%s\"\n", http->authstring)); | |
166 | ||
167 | return (0); | |
168 | } | |
169 | ||
170 | ||
171 | /* | |
172 | * 'cups_local_auth()' - Get the local authorization certificate if | |
173 | * available/applicable... | |
174 | */ | |
175 | ||
176 | static int /* O - 0 if available, -1 if not */ | |
177 | cups_local_auth(http_t *http) /* I - HTTP connection to server */ | |
178 | { | |
179 | #if defined(WIN32) || defined(__EMX__) | |
180 | /* | |
181 | * Currently WIN32 and OS-2 do not support the CUPS server... | |
182 | */ | |
183 | ||
184 | return (-1); | |
185 | #else | |
186 | int pid; /* Current process ID */ | |
187 | FILE *fp; /* Certificate file */ | |
188 | char filename[1024], /* Certificate filename */ | |
189 | certificate[33]; /* Certificate string */ | |
190 | _cups_globals_t *cg = _cupsGlobals(); /* Global data */ | |
191 | ||
192 | ||
193 | DEBUG_printf(("cups_local_auth(http=%p) hostaddr=%s, hostname=\"%s\"\n", | |
194 | http, httpAddrString(http->hostaddr, filename, sizeof(filename)), http->hostname)); | |
195 | ||
196 | /* | |
197 | * See if we are accessing localhost... | |
198 | */ | |
199 | ||
200 | if (!httpAddrLocalhost(http->hostaddr) && | |
201 | strcasecmp(http->hostname, "localhost") != 0) | |
202 | { | |
203 | DEBUG_puts("cups_local_auth: Not a local connection!"); | |
204 | return (-1); | |
205 | } | |
206 | ||
207 | /* | |
208 | * Try opening a certificate file for this PID. If that fails, | |
209 | * try the root certificate... | |
210 | */ | |
211 | ||
212 | pid = getpid(); | |
213 | snprintf(filename, sizeof(filename), "%s/certs/%d", cg->cups_statedir, pid); | |
214 | if ((fp = fopen(filename, "r")) == NULL && pid > 0) | |
215 | { | |
216 | DEBUG_printf(("cups_local_auth: Unable to open file %s: %s\n", | |
217 | filename, strerror(errno))); | |
218 | ||
219 | snprintf(filename, sizeof(filename), "%s/certs/0", cg->cups_statedir); | |
220 | fp = fopen(filename, "r"); | |
221 | } | |
222 | ||
223 | if (fp == NULL) | |
224 | { | |
225 | DEBUG_printf(("cups_local_auth: Unable to open file %s: %s\n", | |
226 | filename, strerror(errno))); | |
227 | return (-1); | |
228 | } | |
229 | ||
230 | /* | |
231 | * Read the certificate from the file... | |
232 | */ | |
233 | ||
234 | fgets(certificate, sizeof(certificate), fp); | |
235 | fclose(fp); | |
236 | ||
237 | /* | |
238 | * Set the authorization string and return... | |
239 | */ | |
240 | ||
241 | snprintf(http->authstring, sizeof(http->authstring), "Local %s", certificate); | |
242 | ||
243 | DEBUG_printf(("cups_local_auth: Returning authstring = \"%s\"\n", | |
244 | http->authstring)); | |
245 | ||
246 | return (0); | |
247 | #endif /* WIN32 || __EMX__ */ | |
248 | } | |
249 | ||
250 | ||
251 | /* | |
f301802f | 252 | * End of "$Id: auth.c 5558 2006-05-21 13:58:56Z mike $". |
ef416fc2 | 253 | */ |