]>
git.ipfire.org Git - thirdparty/cups.git/blob - scheduler/cert.c
2 * "$Id: cert.c 4966 2006-01-23 00:41:22Z mike $"
4 * Authentication certificate routines for the Common UNIX
5 * Printing System (CUPS).
7 * Copyright 1997-2005 by Easy Software Products.
9 * These coded instructions, statements, and computer programs are the
10 * property of Easy Software Products and are protected by Federal
11 * copyright law. Distribution and use rights are outlined in the file
12 * "LICENSE.txt" which should have been included with this file. If this
13 * file is missing or damaged please contact Easy Software Products
16 * Attn: CUPS Licensing Information
17 * Easy Software Products
18 * 44141 Airport View Drive, Suite 204
19 * Hollywood, Maryland 20636 USA
21 * Voice: (301) 373-9600
22 * EMail: cups-info@cups.org
23 * WWW: http://www.cups.org
27 * cupsdAddCert() - Add a certificate.
28 * cupsdDeleteCert() - Delete a single certificate.
29 * cupsdDeleteAllCerts() - Delete all certificates...
30 * cupsdFindCert() - Find a certificate.
31 * cupsdInitCerts() - Initialize the certificate "system" and root
36 * Include necessary headers...
42 # include <membership.h>
43 #endif /* HAVE_ACL_INIT */
47 * 'cupsdAddCert()' - Add a certificate.
51 cupsdAddCert(int pid
, /* I - Process ID */
52 const char *username
) /* I - Username */
54 int i
; /* Looping var */
55 cupsd_cert_t
*cert
; /* Current certificate */
56 int fd
; /* Certificate file */
57 char filename
[1024]; /* Certificate filename */
58 static const char hex
[] = "0123456789ABCDEF";
59 /* Hex constants... */
62 cupsdLogMessage(CUPSD_LOG_DEBUG2
,
63 "cupsdAddCert: adding certificate for pid %d", pid
);
66 * Allocate memory for the certificate...
69 if ((cert
= calloc(sizeof(cupsd_cert_t
), 1)) == NULL
)
73 * Fill in the certificate information...
77 strlcpy(cert
->username
, username
, sizeof(cert
->username
));
79 for (i
= 0; i
< 32; i
++)
80 cert
->certificate
[i
] = hex
[random() & 15];
83 * Save the certificate to a file readable only by the User and Group
84 * (or root and SystemGroup for PID == 0)...
87 snprintf(filename
, sizeof(filename
), "%s/certs/%d", StateDir
, pid
);
90 if ((fd
= open(filename
, O_WRONLY
| O_CREAT
| O_EXCL
, 0400)) < 0)
92 cupsdLogMessage(CUPSD_LOG_ERROR
,
93 "cupsdAddCert: Unable to create certificate file %s - %s",
94 filename
, strerror(errno
));
102 acl_t acl
; /* ACL information */
103 acl_entry_t entry
; /* ACL entry */
104 acl_permset_t permset
; /* Permissions */
105 uuid_t group
; /* Group ID */
106 #endif /* HAVE_ACL_INIT */
110 * Root certificate...
114 fchown(fd
, RunUser
, SystemGroupIDs
[0]);
117 if (NumSystemGroups
> 1)
120 * Set POSIX ACLs for the root certificate so that all system
121 * groups can access it...
124 acl
= acl_init(NumSystemGroups
- 1);
126 for (i
= 1; i
< NumSystemGroups
; i
++)
129 * Add each group ID to the ACL...
132 acl_create_entry(&acl
, &entry
);
133 acl_get_permset(entry
, &permset
);
134 acl_add_perm(permset
, ACL_READ_DATA
);
135 acl_set_tag_type(entry
, ACL_EXTENDED_ALLOW
);
136 mbr_gid_to_uuid((gid_t
)SystemGroupIDs
[i
], group
);
137 acl_set_qualifier(entry
, &group
);
138 acl_set_permset(entry
, permset
);
141 if (acl_set_fd(fd
, acl
))
142 cupsdLogMessage(CUPSD_LOG_ERROR
,
143 "Unable to set ACLs on root certificate \"%s\" - %s",
144 filename
, strerror(errno
));
147 #endif /* HAVE_ACL_INIT */
149 RootCertTime
= time(NULL
);
158 fchown(fd
, User
, Group
);
161 DEBUG_printf(("ADD pid=%d, username=%s, cert=%s\n", pid
, username
,
164 write(fd
, cert
->certificate
, strlen(cert
->certificate
));
168 * Insert the certificate at the front of the list...
177 * 'cupsdDeleteCert()' - Delete a single certificate.
181 cupsdDeleteCert(int pid
) /* I - Process ID */
183 cupsd_cert_t
*cert
, /* Current certificate */
184 *prev
; /* Previous certificate */
185 char filename
[1024]; /* Certificate file */
188 for (prev
= NULL
, cert
= Certs
; cert
!= NULL
; prev
= cert
, cert
= cert
->next
)
189 if (cert
->pid
== pid
)
192 * Remove this certificate from the list...
195 cupsdLogMessage(CUPSD_LOG_DEBUG2
,
196 "cupsdDeleteCert: removing certificate for pid %d", pid
);
198 DEBUG_printf(("DELETE pid=%d, username=%s, cert=%s\n", cert
->pid
,
199 cert
->username
, cert
->certificate
));
204 prev
->next
= cert
->next
;
209 * Delete the file and return...
212 snprintf(filename
, sizeof(filename
), "%s/certs/%d", StateDir
, pid
);
213 if (unlink(filename
))
214 cupsdLogMessage(CUPSD_LOG_ERROR
,
215 "cupsdDeleteCert: Unable to remove %s!\n", filename
);
223 * 'cupsdDeleteAllCerts()' - Delete all certificates...
227 cupsdDeleteAllCerts(void)
229 cupsd_cert_t
*cert
, /* Current certificate */
230 *next
; /* Next certificate */
231 char filename
[1024]; /* Certificate file */
235 * Loop through each certificate, deleting them...
238 for (cert
= Certs
; cert
!= NULL
; cert
= next
)
244 snprintf(filename
, sizeof(filename
), "%s/certs/%d", StateDir
, cert
->pid
);
245 if (unlink(filename
))
246 cupsdLogMessage(CUPSD_LOG_ERROR
,
247 "cupsdDeleteAllCerts: Unable to remove %s!\n", filename
);
262 * 'cupsdFindCert()' - Find a certificate.
265 const char * /* O - Matching username or NULL */
266 cupsdFindCert(const char *certificate
) /* I - Certificate */
268 cupsd_cert_t
*cert
; /* Current certificate */
271 DEBUG_printf(("cupsdFindCert(certificate=%s)\n", certificate
));
272 for (cert
= Certs
; cert
!= NULL
; cert
= cert
->next
)
273 if (!strcasecmp(certificate
, cert
->certificate
))
275 DEBUG_printf((" returning %s...\n", cert
->username
));
276 return (cert
->username
);
279 DEBUG_puts(" certificate not found!");
286 * 'cupsdInitCerts()' - Initialize the certificate "system" and root
293 cups_file_t
*fp
; /* /dev/random file */
294 unsigned seed
; /* Seed for random number generator */
295 struct timeval tod
; /* Time of day */
299 * Initialize the random number generator using the random device or
300 * the current time, as available...
303 if ((fp
= cupsFileOpen("/dev/urandom", "rb")) == NULL
)
306 * Get the time in usecs and use it as the initial seed...
309 gettimeofday(&tod
, NULL
);
311 seed
= (unsigned)(tod
.tv_sec
+ tod
.tv_usec
);
316 * Read 4 random characters from the random device and use
317 * them as the seed...
320 seed
= cupsFileGetChar(fp
);
321 seed
= (seed
<< 8) | cupsFileGetChar(fp
);
322 seed
= (seed
<< 8) | cupsFileGetChar(fp
);
323 seed
= (seed
<< 8) | cupsFileGetChar(fp
);
331 * Create a root certificate and return...
335 cupsdAddCert(0, "root");
340 * End of "$Id: cert.c 4966 2006-01-23 00:41:22Z mike $".