]>
Commit | Line | Data |
---|---|---|
ef416fc2 | 1 | /* |
75bd9771 | 2 | * "$Id: auth.h 7317 2008-02-15 22:29:27Z mike $" |
ef416fc2 | 3 | * |
10d09e33 | 4 | * Authorization definitions for the CUPS scheduler. |
ef416fc2 | 5 | * |
10d09e33 | 6 | * Copyright 2007-2010 by Apple Inc. |
bd7854cb | 7 | * Copyright 1997-2006 by Easy Software Products, all rights reserved. |
ef416fc2 | 8 | * |
9 | * These coded instructions, statements, and computer programs are the | |
bc44d920 | 10 | * property of Apple Inc. and are protected by Federal copyright |
11 | * law. Distribution and use rights are outlined in the file "LICENSE.txt" | |
12 | * which should have been included with this file. If this file is | |
13 | * file is missing or damaged, see the license at "http://www.cups.org/". | |
ef416fc2 | 14 | */ |
15 | ||
16 | /* | |
17 | * Include necessary headers... | |
18 | */ | |
19 | ||
20 | #include <pwd.h> | |
21 | ||
22 | ||
23 | /* | |
24 | * HTTP authorization types and levels... | |
25 | */ | |
26 | ||
5bd77a73 MS |
27 | #define CUPSD_AUTH_DEFAULT -1 /* Use DefaultAuthType */ |
28 | #define CUPSD_AUTH_NONE 0 /* No authentication */ | |
29 | #define CUPSD_AUTH_BASIC 1 /* Basic authentication */ | |
30 | #define CUPSD_AUTH_DIGEST 2 /* Digest authentication */ | |
31 | #define CUPSD_AUTH_BASICDIGEST 3 /* Basic authentication w/passwd.md5 */ | |
32 | #define CUPSD_AUTH_NEGOTIATE 4 /* Kerberos authentication */ | |
33 | ||
34 | #define CUPSD_AUTH_ANON 0 /* Anonymous access */ | |
35 | #define CUPSD_AUTH_USER 1 /* Must have a valid username/password */ | |
36 | #define CUPSD_AUTH_GROUP 2 /* Must also be in a named group */ | |
37 | ||
38 | #define CUPSD_AUTH_ALLOW 0 /* Allow access */ | |
39 | #define CUPSD_AUTH_DENY 1 /* Deny access */ | |
40 | ||
41 | #define CUPSD_AUTH_NAME 0 /* Authorize host by name */ | |
42 | #define CUPSD_AUTH_IP 1 /* Authorize host by IP */ | |
43 | #define CUPSD_AUTH_INTERFACE 2 /* Authorize host by interface */ | |
44 | ||
45 | #define CUPSD_AUTH_SATISFY_ALL 0 /* Satisfy both address and auth */ | |
46 | #define CUPSD_AUTH_SATISFY_ANY 1 /* Satisfy either address or auth */ | |
47 | ||
48 | #define CUPSD_AUTH_LIMIT_DELETE 1 /* Limit DELETE requests */ | |
49 | #define CUPSD_AUTH_LIMIT_GET 2 /* Limit GET requests */ | |
50 | #define CUPSD_AUTH_LIMIT_HEAD 4 /* Limit HEAD requests */ | |
51 | #define CUPSD_AUTH_LIMIT_OPTIONS 8 /* Limit OPTIONS requests */ | |
52 | #define CUPSD_AUTH_LIMIT_POST 16 /* Limit POST requests */ | |
53 | #define CUPSD_AUTH_LIMIT_PUT 32 /* Limit PUT requests */ | |
54 | #define CUPSD_AUTH_LIMIT_TRACE 64 /* Limit TRACE requests */ | |
55 | #define CUPSD_AUTH_LIMIT_ALL 127 /* Limit all requests */ | |
56 | #define CUPSD_AUTH_LIMIT_IPP 128 /* Limit IPP requests */ | |
ef416fc2 | 57 | |
58 | #define IPP_ANY_OPERATION (ipp_op_t)0 | |
59 | /* Any IPP operation */ | |
60 | #define IPP_BAD_OPERATION (ipp_op_t)-1 | |
61 | /* No IPP operation */ | |
62 | ||
63 | ||
64 | /* | |
65 | * HTTP access control structures... | |
66 | */ | |
67 | ||
68 | typedef struct | |
69 | { | |
70 | unsigned address[4], /* IP address */ | |
71 | netmask[4]; /* IP netmask */ | |
72 | } cupsd_ipmask_t; | |
73 | ||
74 | typedef struct | |
75 | { | |
76 | int length; /* Length of name */ | |
77 | char *name; /* Name string */ | |
78 | } cupsd_namemask_t; | |
79 | ||
80 | typedef struct | |
81 | { | |
82 | int type; /* Mask type */ | |
83 | union | |
84 | { | |
85 | cupsd_namemask_t name; /* Host/Domain name */ | |
86 | cupsd_ipmask_t ip; /* IP address/network */ | |
87 | } mask; /* Mask data */ | |
88 | } cupsd_authmask_t; | |
89 | ||
90 | typedef struct | |
91 | { | |
bd7854cb | 92 | char *location; /* Location of resource */ |
ef416fc2 | 93 | ipp_op_t op; /* IPP operation */ |
94 | int limit, /* Limit for these types of requests */ | |
95 | length, /* Length of location string */ | |
96 | order_type, /* Allow or Deny */ | |
97 | type, /* Type of authentication */ | |
98 | level, /* Access level required */ | |
99 | satisfy; /* Satisfy any or all limits? */ | |
10d09e33 MS |
100 | cups_array_t *names, /* User or group names */ |
101 | *allow, /* Allow lines */ | |
102 | *deny; /* Deny lines */ | |
ef416fc2 | 103 | http_encryption_t encryption; /* To encrypt or not to encrypt... */ |
104 | } cupsd_location_t; | |
105 | ||
106 | typedef struct cupsd_client_s cupsd_client_t; | |
107 | ||
108 | ||
109 | /* | |
110 | * Globals... | |
111 | */ | |
112 | ||
bd7854cb | 113 | VAR cups_array_t *Locations VALUE(NULL); |
ef416fc2 | 114 | /* Authorization locations */ |
5bd77a73 | 115 | VAR int DefaultAuthType VALUE(CUPSD_AUTH_BASIC); |
ef416fc2 | 116 | /* Default AuthType, if not specified */ |
4744bd90 | 117 | #ifdef HAVE_SSL |
118 | VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED); | |
119 | /* Default encryption for authentication */ | |
120 | #endif /* HAVE_SSL */ | |
ef416fc2 | 121 | |
122 | ||
123 | /* | |
124 | * Prototypes... | |
125 | */ | |
126 | ||
10d09e33 MS |
127 | extern int cupsdAddIPMask(cups_array_t **masks, |
128 | const unsigned address[4], | |
129 | const unsigned netmask[4]); | |
130 | extern void cupsdAddLocation(cupsd_location_t *loc); | |
ef416fc2 | 131 | extern void cupsdAddName(cupsd_location_t *loc, char *name); |
10d09e33 | 132 | extern int cupsdAddNameMask(cups_array_t **masks, char *name); |
ef416fc2 | 133 | extern void cupsdAuthorize(cupsd_client_t *con); |
080811b1 MS |
134 | extern int cupsdCheckAccess(unsigned ip[4], char *name, |
135 | int namelen, cupsd_location_t *loc); | |
ef416fc2 | 136 | extern int cupsdCheckAuth(unsigned ip[4], char *name, int namelen, |
10d09e33 | 137 | cups_array_t *masks); |
ef416fc2 | 138 | extern int cupsdCheckGroup(const char *username, |
139 | struct passwd *user, | |
140 | const char *groupname); | |
e07d4801 MS |
141 | #ifdef HAVE_GSSAPI |
142 | extern krb5_ccache cupsdCopyKrb5Creds(cupsd_client_t *con); | |
143 | #endif /* HAVE_GSSAPI */ | |
10d09e33 | 144 | extern cupsd_location_t *cupsdCopyLocation(cupsd_location_t *loc); |
ef416fc2 | 145 | extern void cupsdDeleteAllLocations(void); |
ef416fc2 | 146 | extern cupsd_location_t *cupsdFindBest(const char *path, http_state_t state); |
147 | extern cupsd_location_t *cupsdFindLocation(const char *location); | |
10d09e33 | 148 | extern void cupsdFreeLocation(cupsd_location_t *loc); |
ef416fc2 | 149 | extern http_status_t cupsdIsAuthorized(cupsd_client_t *con, const char *owner); |
10d09e33 | 150 | extern cupsd_location_t *cupsdNewLocation(const char *location); |
ef416fc2 | 151 | |
152 | ||
153 | /* | |
75bd9771 | 154 | * End of "$Id: auth.h 7317 2008-02-15 22:29:27Z mike $". |
ef416fc2 | 155 | */ |