]> git.ipfire.org Git - thirdparty/cups.git/blame - scheduler/conf.c
projects / thirdparty / cups.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Drop lppasswd and (server-side) Digest authentication (STR #4321)
[thirdparty/cups.git] / scheduler / conf.c
CommitLineData
ef416fc2 1/*
f2d18633 2 * "$Id$"
ef416fc2 3 *
da003234 4 * Configuration routines for the CUPS scheduler.
ef416fc2 5 *
8fe0183a 6 * Copyright 2007-2014 by Apple Inc.
da003234 7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
ef416fc2 8 *
da003234
MS		 9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
ef416fc2 14 */
15
16/*
17 * Include necessary headers...
18 */
19
20#include "cupsd.h"
21#include <stdarg.h>
22#include <grp.h>
23#include <sys/utsname.h>
b94498cf 24#include <syslog.h>
ef416fc2 25
97c9a8d7
MS		 26#ifdef HAVE_LIBPAPER
27# include <paper.h>
28#endif /* HAVE_LIBPAPER */
29
ef416fc2 30
31/*
32 * Possibly missing network definitions...
33 */
34
35#ifndef INADDR_NONE
36# define INADDR_NONE 0xffffffff
37#endif /* !INADDR_NONE */
38
39
40/*
41 * Configuration variable structure...
42 */
43
44typedef enum
45{
46 CUPSD_VARTYPE_INTEGER, /* Integer option */
82cc1f9a 47 CUPSD_VARTYPE_TIME, /* Time interval option */
ef416fc2 48 CUPSD_VARTYPE_STRING, /* String option */
76cd9e37 49 CUPSD_VARTYPE_BOOLEAN, /* Boolean option */
7e86f2f6
MS		 50 CUPSD_VARTYPE_PATHNAME, /* File/directory name option */
51 CUPSD_VARTYPE_PERM /* File/directory permissions */
ef416fc2 52} cupsd_vartype_t;
53
54typedef struct
55{
a2326b5b 56 const char *name; /* Name of variable */
ef416fc2 57 void *ptr; /* Pointer to variable */
58 cupsd_vartype_t type; /* Type (int, string, address) */
59} cupsd_var_t;
60
61
62/*
63 * Local globals...
64 */
65
c41769ff 66static const cupsd_var_t cupsd_vars[] =
ef416fc2 67{
ef416fc2 68 { "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN },
37e7e6e0 69#if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
f3c17241 70 { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_STRING },
37e7e6e0 71#endif /* HAVE_DNSSD || HAVE_AVAHI */
b19ccc9e 72 { "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN },
ef416fc2 73 { "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN },
ef416fc2 74 { "Classification", &Classification, CUPSD_VARTYPE_STRING },
75 { "ClassifyOverride", &ClassifyOverride, CUPSD_VARTYPE_BOOLEAN },
ef416fc2 76 { "DefaultLanguage", &DefaultLanguage, CUPSD_VARTYPE_STRING },
82cc1f9a 77 { "DefaultLeaseDuration", &DefaultLeaseDuration, CUPSD_VARTYPE_TIME },
c5571a1d 78 { "DefaultPaperSize", &DefaultPaperSize, CUPSD_VARTYPE_STRING },
ef416fc2 79 { "DefaultPolicy", &DefaultPolicy, CUPSD_VARTYPE_STRING },
fa73b229 80 { "DefaultShared", &DefaultShared, CUPSD_VARTYPE_BOOLEAN },
82cc1f9a 81 { "DirtyCleanInterval", &DirtyCleanInterval, CUPSD_VARTYPE_TIME },
323c5de1 82 { "ErrorPolicy", &ErrorPolicy, CUPSD_VARTYPE_STRING },
ef416fc2 83 { "FilterLimit", &FilterLimit, CUPSD_VARTYPE_INTEGER },
84 { "FilterNice", &FilterNice, CUPSD_VARTYPE_INTEGER },
dcb445bc
MS		 85#ifdef HAVE_GSSAPI
86 { "GSSServiceName", &GSSServiceName, CUPSD_VARTYPE_STRING },
87#endif /* HAVE_GSSAPI */
1720786e
MS		 88#if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
89 { "IdleExitTimeout", &IdleExitTimeout, CUPSD_VARTYPE_TIME },
90#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
82cc1f9a 91 { "JobKillDelay", &JobKillDelay, CUPSD_VARTYPE_TIME },
ef416fc2 92 { "JobRetryLimit", &JobRetryLimit, CUPSD_VARTYPE_INTEGER },
82cc1f9a
MS		 93 { "JobRetryInterval", &JobRetryInterval, CUPSD_VARTYPE_TIME },
94 { "KeepAliveTimeout", &KeepAliveTimeout, CUPSD_VARTYPE_TIME },
ef416fc2 95 { "KeepAlive", &KeepAlive, CUPSD_VARTYPE_BOOLEAN },
f7deaa1a 96#ifdef HAVE_LAUNCHD
1720786e 97 { "LaunchdTimeout", &IdleExitTimeout, CUPSD_VARTYPE_TIME },
f7deaa1a 98#endif /* HAVE_LAUNCHD */
ef416fc2 99 { "LimitRequestBody", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
100 { "ListenBackLog", &ListenBackLog, CUPSD_VARTYPE_INTEGER },
178cb736 101 { "LogDebugHistory", &LogDebugHistory, CUPSD_VARTYPE_INTEGER },
ef416fc2 102 { "MaxActiveJobs", &MaxActiveJobs, CUPSD_VARTYPE_INTEGER },
103 { "MaxClients", &MaxClients, CUPSD_VARTYPE_INTEGER },
104 { "MaxClientsPerHost", &MaxClientsPerHost, CUPSD_VARTYPE_INTEGER },
105 { "MaxCopies", &MaxCopies, CUPSD_VARTYPE_INTEGER },
106 { "MaxEvents", &MaxEvents, CUPSD_VARTYPE_INTEGER },
82cc1f9a 107 { "MaxHoldTime", &MaxHoldTime, CUPSD_VARTYPE_TIME },
ef416fc2 108 { "MaxJobs", &MaxJobs, CUPSD_VARTYPE_INTEGER },
109 { "MaxJobsPerPrinter", &MaxJobsPerPrinter, CUPSD_VARTYPE_INTEGER },
110 { "MaxJobsPerUser", &MaxJobsPerUser, CUPSD_VARTYPE_INTEGER },
dcb445bc 111 { "MaxJobTime", &MaxJobTime, CUPSD_VARTYPE_INTEGER },
82cc1f9a 112 { "MaxLeaseDuration", &MaxLeaseDuration, CUPSD_VARTYPE_TIME },
ef416fc2 113 { "MaxLogSize", &MaxLogSize, CUPSD_VARTYPE_INTEGER },
ef416fc2 114 { "MaxRequestSize", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
115 { "MaxSubscriptions", &MaxSubscriptions, CUPSD_VARTYPE_INTEGER },
116 { "MaxSubscriptionsPerJob", &MaxSubscriptionsPerJob, CUPSD_VARTYPE_INTEGER },
117 { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER },
118 { "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER },
82cc1f9a 119 { "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_TIME },
01ce6322 120 { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING },
82cc1f9a
MS		 121 { "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_TIME },
122 { "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_TIME },
82cc1f9a 123 { "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_TIME },
ef416fc2 124 { "RIPCache", &RIPCache, CUPSD_VARTYPE_STRING },
82cc1f9a 125 { "RootCertDuration", &RootCertDuration, CUPSD_VARTYPE_TIME },
ef416fc2 126 { "ServerAdmin", &ServerAdmin, CUPSD_VARTYPE_STRING },
c41769ff
MS		 127 { "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
128 { "StrictConformance", &StrictConformance, CUPSD_VARTYPE_BOOLEAN },
129 { "Timeout", &Timeout, CUPSD_VARTYPE_TIME },
130 { "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN }
131};
132static const cupsd_var_t cupsfiles_vars[] =
133{
134 { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
135 { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
7e86f2f6 136 { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_PERM },
c41769ff
MS		 137 { "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
138 { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
139 { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
140 { "FileDevice", &FileDevice, CUPSD_VARTYPE_BOOLEAN },
141 { "FontPath", &FontPath, CUPSD_VARTYPE_STRING },
7e86f2f6 142 { "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_PERM },
c41769ff
MS		 143 { "LPDConfigFile", &LPDConfigFile, CUPSD_VARTYPE_STRING },
144 { "PageLog", &PageLog, CUPSD_VARTYPE_STRING },
145 { "Printcap", &Printcap, CUPSD_VARTYPE_STRING },
cb7f98ee 146 { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
c41769ff 147 { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
76cd9e37 148 { "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME },
ef416fc2 149#ifdef HAVE_SSL
72d05bc9 150 { "ServerKeychain", &ServerKeychain, CUPSD_VARTYPE_PATHNAME },
ef416fc2 151#endif /* HAVE_SSL */
76cd9e37 152 { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME },
2e4ff8af 153 { "SMBConfigFile", &SMBConfigFile, CUPSD_VARTYPE_STRING },
ef416fc2 154 { "StateDir", &StateDir, CUPSD_VARTYPE_STRING },
8a259669 155 { "SyncOnClose", &SyncOnClose, CUPSD_VARTYPE_BOOLEAN },
f7deaa1a 156#ifdef HAVE_AUTHORIZATION_H
157 { "SystemGroupAuthKey", &SystemGroupAuthKey, CUPSD_VARTYPE_STRING },
158#endif /* HAVE_AUTHORIZATION_H */
c41769ff 159 { "TempDir", &TempDir, CUPSD_VARTYPE_PATHNAME }
ef416fc2 160};
ef416fc2 161
c41769ff
MS		 162static int default_auth_type = CUPSD_AUTH_AUTO;
163 /* Default AuthType, if not specified */
ef416fc2 164
ac884b6a 165static const unsigned ones[4] =
ef416fc2 166 {
167 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff
168 };
ac884b6a 169static const unsigned zeros[4] =
ef416fc2 170 {
171 0x00000000, 0x00000000, 0x00000000, 0x00000000
172 };
173
174
175/*
176 * Local functions...
177 */
e07d4801 178
ef416fc2 179static http_addrlist_t *get_address(const char *value, int defport);
180static int get_addr_and_mask(const char *value, unsigned *ip,
181 unsigned *mask);
eac3a0a0 182static void mime_error_cb(void *ctx, const char *message);
ef416fc2 183static int parse_aaa(cupsd_location_t *loc, char *line,
184 char *value, int linenum);
49d87452 185static int parse_fatal_errors(const char *s);
bd7854cb 186static int parse_groups(const char *s);
187static int parse_protocols(const char *s);
c41769ff
MS		 188static int parse_variable(const char *filename, int linenum,
189 const char *line, const char *value,
190 size_t num_vars,
191 const cupsd_var_t *vars);
192static int read_cupsd_conf(cups_file_t *fp);
193static int read_cups_files_conf(cups_file_t *fp);
ef416fc2 194static int read_location(cups_file_t *fp, char *name, int linenum);
195static int read_policy(cups_file_t *fp, char *name, int linenum);
10d09e33 196static void set_policy_defaults(cupsd_policy_t *pol);
ef416fc2 197
198
e07d4801
MS		 199/*
200 * 'cupsdAddAlias()' - Add a host alias.
201 */
202
203void
204cupsdAddAlias(cups_array_t *aliases, /* I - Array of aliases */
205 const char *name) /* I - Name to add */
206{
207 cupsd_alias_t *a; /* New alias */
208 size_t namelen; /* Length of name */
209
210
211 namelen = strlen(name);
212
213 if ((a = (cupsd_alias_t *)malloc(sizeof(cupsd_alias_t) + namelen)) == NULL)
214 return;
215
216 a->namelen = namelen;
5a9febac 217 memcpy(a->name, name, namelen + 1); /* OK since a->name is allocated */
e07d4801
MS		 218
219 cupsArrayAdd(aliases, a);
220}
221
222
b94498cf 223/*
224 * 'cupsdCheckPermissions()' - Fix the mode and ownership of a file or directory.
225 */
226
227int /* O - 0 on success, -1 on error, 1 on warning */
228cupsdCheckPermissions(
229 const char *filename, /* I - File/directory name */
230 const char *suffix, /* I - Additional file/directory name */
7e86f2f6
MS		 231 mode_t mode, /* I - Permissions */
232 uid_t user, /* I - Owner */
233 gid_t group, /* I - Group */
b94498cf 234 int is_dir, /* I - 1 = directory, 0 = file */
235 int create_dir) /* I - 1 = create directory, -1 = create w/o logging, 0 = not */
236{
237 int dir_created = 0; /* Did we create a directory? */
238 char pathname[1024]; /* File name with prefix */
239 struct stat fileinfo; /* Stat buffer */
49d87452 240 int is_symlink; /* Is "filename" a symlink? */
b94498cf 241
242
243 /*
244 * Prepend the given root to the filename before testing it...
245 */
246
247 if (suffix)
248 {
249 snprintf(pathname, sizeof(pathname), "%s/%s", filename, suffix);
250 filename = pathname;
251 }
252
253 /*
254 * See if we can stat the file/directory...
255 */
256
49d87452 257 if (lstat(filename, &fileinfo))
b94498cf 258 {
259 if (errno == ENOENT && create_dir)
260 {
261 if (create_dir > 0)
262 cupsdLogMessage(CUPSD_LOG_DEBUG, "Creating missing directory \"%s\"",
263 filename);
264
265 if (mkdir(filename, mode))
266 {
267 if (create_dir > 0)
268 cupsdLogMessage(CUPSD_LOG_ERROR,
269 "Unable to create directory \"%s\" - %s", filename,
270 strerror(errno));
271 else
272 syslog(LOG_ERR, "Unable to create directory \"%s\" - %s", filename,
273 strerror(errno));
274
275 return (-1);
276 }
277
d1c13e16
MS		 278 dir_created = 1;
279 fileinfo.st_mode = mode | S_IFDIR;
b94498cf 280 }
281 else
282 return (create_dir ? -1 : 1);
283 }
284
49d87452
MS		 285 if ((is_symlink = S_ISLNK(fileinfo.st_mode)) != 0)
286 {
287 if (stat(filename, &fileinfo))
288 {
289 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is a bad symlink - %s",
290 filename, strerror(errno));
291 return (-1);
292 }
293 }
294
b94498cf 295 /*
49d87452 296 * Make sure it's a regular file or a directory as needed...
b94498cf 297 */
298
299 if (!dir_created && !is_dir && !S_ISREG(fileinfo.st_mode))
300 {
c8fef167 301 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a regular file.", filename);
b94498cf 302 return (-1);
303 }
304
305 if (!dir_created && is_dir && !S_ISDIR(fileinfo.st_mode))
306 {
307 if (create_dir >= 0)
c8fef167 308 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a directory.", filename);
b94498cf 309 else
c8fef167 310 syslog(LOG_ERR, "\"%s\" is not a directory.", filename);
b94498cf 311
312 return (-1);
313 }
314
49d87452
MS		 315 /*
316 * If the filename is a symlink, do not change permissions (STR #2937)...
317 */
318
319 if (is_symlink)
320 return (0);
321
b94498cf 322 /*
323 * Fix owner, group, and mode as needed...
324 */
325
326 if (dir_created || fileinfo.st_uid != user || fileinfo.st_gid != group)
327 {
328 if (create_dir >= 0)
329 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing ownership of \"%s\"",
330 filename);
331
332 if (chown(filename, user, group) && !getuid())
333 {
334 if (create_dir >= 0)
335 cupsdLogMessage(CUPSD_LOG_ERROR,
336 "Unable to change ownership of \"%s\" - %s", filename,
337 strerror(errno));
338 else
339 syslog(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename,
340 strerror(errno));
341
342 return (1);
343 }
344 }
345
346 if (dir_created || (fileinfo.st_mode & 07777) != mode)
347 {
348 if (create_dir >= 0)
349 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing access permissions of \"%s\"",
350 filename);
351
352 if (chmod(filename, mode))
353 {
354 if (create_dir >= 0)
355 cupsdLogMessage(CUPSD_LOG_ERROR,
356 "Unable to change permissions of \"%s\" - %s", filename,
357 strerror(errno));
358 else
359 syslog(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename,
360 strerror(errno));
361
362 return (1);
363 }
364 }
365
366 /*
367 * Everything is OK...
368 */
369
370 return (0);
371}
372
373
dcb445bc
MS		 374/*
375 * 'cupsdDefaultAuthType()' - Get the default AuthType.
376 *
377 * When the default_auth_type is "auto", this function tries to get the GSS
378 * credentials for the server. If that succeeds we use Kerberos authentication,
379 * otherwise we do a fallback to Basic authentication against the local user
380 * accounts.
381 */
382
383int /* O - Default AuthType value */
384cupsdDefaultAuthType(void)
385{
386#ifdef HAVE_GSSAPI
387 OM_uint32 major_status, /* Major status code */
388 minor_status; /* Minor status code */
389 gss_name_t server_name; /* Server name */
390 gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
391 /* Service name token */
392 char buf[1024]; /* Service name buffer */
393#endif /* HAVE_GSSAPI */
394
395
396 /*
397 * If we have already determined the correct default AuthType, use it...
398 */
399
400 if (default_auth_type != CUPSD_AUTH_AUTO)
401 return (default_auth_type);
402
403#ifdef HAVE_GSSAPI
404# ifdef __APPLE__
405 /*
406 * If the weak-linked GSSAPI/Kerberos library is not present, don't try
407 * to use it...
408 */
409
410 if (gss_init_sec_context == NULL)
411 return (default_auth_type = CUPSD_AUTH_BASIC);
412# endif /* __APPLE__ */
413
414 /*
415 * Try to obtain the server's GSS credentials (GSSServiceName@servername). If
416 * that fails we must use Basic...
417 */
418
419 snprintf(buf, sizeof(buf), "%s@%s", GSSServiceName, ServerName);
420
421 token.value = buf;
422 token.length = strlen(buf);
423 server_name = GSS_C_NO_NAME;
424 major_status = gss_import_name(&minor_status, &token,
425 GSS_C_NT_HOSTBASED_SERVICE,
426 &server_name);
427
428 memset(&token, 0, sizeof(token));
429
430 if (GSS_ERROR(major_status))
431 {
432 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
433 "cupsdDefaultAuthType: gss_import_name(%s) failed", buf);
434 return (default_auth_type = CUPSD_AUTH_BASIC);
435 }
436
437 major_status = gss_display_name(&minor_status, server_name, &token, NULL);
438
439 if (GSS_ERROR(major_status))
440 {
441 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
442 "cupsdDefaultAuthType: gss_display_name(%s) failed",
443 buf);
444 return (default_auth_type = CUPSD_AUTH_BASIC);
445 }
446
447 cupsdLogMessage(CUPSD_LOG_DEBUG,
448 "cupsdDefaultAuthType: Attempting to acquire Kerberos "
449 "credentials for %s...", (char *)token.value);
450
451 ServerCreds = GSS_C_NO_CREDENTIAL;
452 major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE,
453 GSS_C_NO_OID_SET, GSS_C_ACCEPT,
454 &ServerCreds, NULL, NULL);
455 if (GSS_ERROR(major_status))
456 {
457 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
458 "cupsdDefaultAuthType: gss_acquire_cred(%s) failed",
459 (char *)token.value);
460 gss_release_name(&minor_status, &server_name);
461 gss_release_buffer(&minor_status, &token);
462 return (default_auth_type = CUPSD_AUTH_BASIC);
463 }
464
465 cupsdLogMessage(CUPSD_LOG_DEBUG,
466 "cupsdDefaultAuthType: Kerberos credentials acquired "
467 "successfully for %s.", (char *)token.value);
468
469 gss_release_name(&minor_status, &server_name);
470 gss_release_buffer(&minor_status, &token);
471
472 HaveServerCreds = 1;
473
474 return (default_auth_type = CUPSD_AUTH_NEGOTIATE);
475
476#else
477 /*
478 * No Kerberos support compiled in so just use Basic all the time...
479 */
480
481 return (default_auth_type = CUPSD_AUTH_BASIC);
482#endif /* HAVE_GSSAPI */
483}
484
485
e07d4801
MS		 486/*
487 * 'cupsdFreeAliases()' - Free all of the alias entries.
488 */
489
490void
491cupsdFreeAliases(cups_array_t *aliases) /* I - Array of aliases */
492{
493 cupsd_alias_t *a; /* Current alias */
494
495
496 for (a = (cupsd_alias_t *)cupsArrayFirst(aliases);
497 a;
498 a = (cupsd_alias_t *)cupsArrayNext(aliases))
499 free(a);
500
501 cupsArrayDelete(aliases);
502}
503
504
ef416fc2 505/*
506 * 'cupsdReadConfiguration()' - Read the cupsd.conf file.
507 */
508
509int /* O - 1 on success, 0 otherwise */
510cupsdReadConfiguration(void)
511{
512 int i; /* Looping var */
513 cups_file_t *fp; /* Configuration file */
514 int status; /* Return status */
515 char temp[1024], /* Temporary buffer */
dd1abb6b 516 mimedir[1024], /* MIME directory */
ef416fc2 517 *slash; /* Directory separator */
ef416fc2 518 cups_lang_t *language; /* Language */
519 struct passwd *user; /* Default user */
520 struct group *group; /* Default group */
521 char *old_serverroot, /* Old ServerRoot */
522 *old_requestroot; /* Old RequestRoot */
f11a948a 523 int old_remote_port; /* Old RemotePort */
b423cd4c 524 const char *tmpdir; /* TMPDIR environment variable */
525 struct stat tmpinfo; /* Temporary directory info */
2e4ff8af 526 cupsd_policy_t *p; /* Policy */
b423cd4c 527
ef416fc2 528
ef416fc2 529 /*
530 * Save the old root paths...
531 */
532
533 old_serverroot = NULL;
534 cupsdSetString(&old_serverroot, ServerRoot);
535 old_requestroot = NULL;
536 cupsdSetString(&old_requestroot, RequestRoot);
537
538 /*
539 * Reset the server configuration data...
540 */
541
542 cupsdDeleteAllLocations();
543
bd7854cb 544 cupsdDeleteAllListeners();
ef416fc2 545
f11a948a
MS		 546 old_remote_port = RemotePort;
547 RemotePort = 0;
d1c13e16 548
ef416fc2 549 /*
550 * String options...
551 */
552
e07d4801
MS		 553 cupsdFreeAliases(ServerAlias);
554 ServerAlias = NULL;
555
d1c13e16
MS		 556 cupsdClearString(&ServerName);
557 cupsdClearString(&ServerAdmin);
ef416fc2 558 cupsdSetString(&ServerBin, CUPS_SERVERBIN);
559 cupsdSetString(&RequestRoot, CUPS_REQUESTS);
560 cupsdSetString(&CacheDir, CUPS_CACHEDIR);
561 cupsdSetString(&DataDir, CUPS_DATADIR);
562 cupsdSetString(&DocumentRoot, CUPS_DOCROOT);
563 cupsdSetString(&AccessLog, CUPS_LOGDIR "/access_log");
a4845881 564 cupsdClearString(&ErrorLog);
ef416fc2 565 cupsdSetString(&PageLog, CUPS_LOGDIR "/page_log");
01ce6322 566 cupsdSetString(&PageLogFormat,
0268488e 567 "%p %u %j %T %P %C %{job-billing} "
01ce6322 568 "%{job-originating-host-name} %{job-name} %{media} %{sides}");
e53920b9 569 cupsdSetString(&Printcap, CUPS_DEFAULT_PRINTCAP);
ef416fc2 570 cupsdSetString(&FontPath, CUPS_FONTPATH);
571 cupsdSetString(&RemoteRoot, "remroot");
db8b865d 572 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d IPP/2.1", CUPS_VERSION_MAJOR,
771bd8cb 573 CUPS_VERSION_MINOR);
ef416fc2 574 cupsdSetString(&StateDir, CUPS_STATEDIR);
575
ed486911 576 if (!strcmp(CUPS_DEFAULT_PRINTCAP, "/etc/printers.conf"))
577 PrintcapFormat = PRINTCAP_SOLARIS;
0af14961
MS		 578 else if (!strcmp(CUPS_DEFAULT_PRINTCAP,
579 "/Library/Preferences/org.cups.printers.plist"))
580 PrintcapFormat = PRINTCAP_PLIST;
ed486911 581 else
582 PrintcapFormat = PRINTCAP_BSD;
583
ef416fc2 584 strlcpy(temp, ConfigurationFile, sizeof(temp));
585 if ((slash = strrchr(temp, '/')) != NULL)
586 *slash = '\0';
587
588 cupsdSetString(&ServerRoot, temp);
589
590 cupsdClearString(&Classification);
591 ClassifyOverride = 0;
592
593#ifdef HAVE_SSL
72d05bc9 594# ifdef HAVE_GNUTLS
097488cf 595 cupsdSetString(&ServerKeychain, "ssl");
72d05bc9
MS		 596# else
597 cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain");
598# endif /* HAVE_GNUTLS */
ef416fc2 599#endif /* HAVE_SSL */
600
601 language = cupsLangDefault();
602
603 if (!strcmp(language->language, "C") || !strcmp(language->language, "POSIX"))
604 cupsdSetString(&DefaultLanguage, "en");
605 else
606 cupsdSetString(&DefaultLanguage, language->language);
607
c5571a1d
MS		 608 cupsdClearString(&DefaultPaperSize);
609
eac3a0a0 610 cupsdSetString(&RIPCache, "128m");
ef416fc2 611
b423cd4c 612 cupsdSetString(&TempDir, NULL);
ef416fc2 613
dcb445bc
MS		 614#ifdef HAVE_GSSAPI
615 cupsdSetString(&GSSServiceName, CUPS_DEFAULT_GSSSERVICENAME);
616
617 if (HaveServerCreds)
618 {
619 OM_uint32 minor_status; /* Minor status code */
620
621 gss_release_cred(&minor_status, &ServerCreds);
622
623 HaveServerCreds = 0;
624 }
625
626 ServerCreds = GSS_C_NO_CREDENTIAL;
627#endif /* HAVE_GSSAPI */
628
ef416fc2 629 /*
630 * Find the default user...
631 */
632
633 if ((user = getpwnam(CUPS_DEFAULT_USER)) != NULL)
634 User = user->pw_uid;
635 else
636 {
637 /*
638 * Use the (historical) NFS nobody user ID (-2 as a 16-bit twos-
639 * complement number...)
640 */
641
642 User = 65534;
643 }
644
645 endpwent();
646
647 /*
d6ae789d 648 * Find the default group...
ef416fc2 649 */
650
d6ae789d 651 group = getgrnam(CUPS_DEFAULT_GROUP);
ef416fc2 652 endgrent();
653
d6ae789d 654 if (group)
ef416fc2 655 Group = group->gr_gid;
656 else
657 {
658 /*
d6ae789d 659 * Fallback to group "nobody"...
ef416fc2 660 */
661
d6ae789d 662 group = getgrnam("nobody");
663 endgrent();
664
665 if (group)
666 Group = group->gr_gid;
667 else
668 {
669 /*
670 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
671 * complement number...)
672 */
673
674 Group = 65534;
675 }
ef416fc2 676 }
677
678 /*
679 * Numeric options...
680 */
681
dfd5680b
MS		 682 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
683 ConfigFilePerm = CUPS_DEFAULT_CONFIG_FILE_PERM;
684 FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS);
6961465f 685 default_auth_type = CUPSD_AUTH_BASIC;
4744bd90 686#ifdef HAVE_SSL
dfd5680b 687 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
4744bd90 688#endif /* HAVE_SSL */
dfd5680b 689 DirtyCleanInterval = DEFAULT_KEEPALIVE;
238c3832 690 JobKillDelay = DEFAULT_TIMEOUT;
dfd5680b
MS		 691 JobRetryLimit = 5;
692 JobRetryInterval = 300;
693 FileDevice = FALSE;
694 FilterLevel = 0;
695 FilterLimit = 0;
696 FilterNice = 0;
697 HostNameLookups = FALSE;
dfd5680b
MS		 698 KeepAlive = TRUE;
699 KeepAliveTimeout = DEFAULT_KEEPALIVE;
700 ListenBackLog = SOMAXCONN;
178cb736 701 LogDebugHistory = 200;
dfd5680b
MS		 702 LogFilePerm = CUPS_DEFAULT_LOG_FILE_PERM;
703 LogLevel = CUPSD_LOG_WARN;
704 LogTimeFormat = CUPSD_TIME_STANDARD;
705 MaxClients = 100;
706 MaxClientsPerHost = 0;
707 MaxLogSize = 1024 * 1024;
dfd5680b
MS		 708 MaxRequestSize = 0;
709 MultipleOperationTimeout = DEFAULT_TIMEOUT;
a29fd7dd 710 NumSystemGroups = 0;
dfd5680b
MS		 711 ReloadTimeout = DEFAULT_KEEPALIVE;
712 RootCertDuration = 300;
8fe0183a 713 Sandboxing = CUPSD_SANDBOXING_STRICT;
a29fd7dd 714 StrictConformance = FALSE;
8a259669 715 SyncOnClose = FALSE;
dfd5680b 716 Timeout = DEFAULT_TIMEOUT;
229681c1 717 WebInterface = CUPS_DEFAULT_WEBIF;
dfd5680b 718
dfd5680b 719 BrowseLocalProtocols = parse_protocols(CUPS_DEFAULT_BROWSE_LOCAL_PROTOCOLS);
dfd5680b
MS		 720 BrowseWebIF = FALSE;
721 Browsing = CUPS_DEFAULT_BROWSING;
722 DefaultShared = CUPS_DEFAULT_DEFAULT_SHARED;
ef416fc2 723
37e7e6e0 724#if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
f3c17241 725 cupsdSetString(&DNSSDSubTypes, "_cups,_print");
37e7e6e0 726#endif /* HAVE_DNSSD || HAVE_AVAHI */
84315f46 727
2e4ff8af
MS		 728 cupsdSetString(&LPDConfigFile, CUPS_DEFAULT_LPD_CONFIG_FILE);
729 cupsdSetString(&SMBConfigFile, CUPS_DEFAULT_SMB_CONFIG_FILE);
730
323c5de1 731 cupsdSetString(&ErrorPolicy, "stop-printer");
732
ef416fc2 733 JobHistory = DEFAULT_HISTORY;
734 JobFiles = DEFAULT_FILES;
735 JobAutoPurge = 0;
3e7fe0ca 736 MaxHoldTime = 0;
ef416fc2 737 MaxJobs = 500;
738 MaxActiveJobs = 0;
739 MaxJobsPerUser = 0;
740 MaxJobsPerPrinter = 0;
dcb445bc 741 MaxJobTime = 3 * 60 * 60; /* 3 hours */
f7deaa1a 742 MaxCopies = CUPS_DEFAULT_MAX_COPIES;
ef416fc2 743
744 cupsdDeleteAllPolicies();
745 cupsdClearString(&DefaultPolicy);
746
f7deaa1a 747#ifdef HAVE_AUTHORIZATION_H
6961465f 748 cupsdSetString(&SystemGroupAuthKey, CUPS_DEFAULT_SYSTEM_AUTHKEY);
f7deaa1a 749#endif /* HAVE_AUTHORIZATION_H */
750
ef416fc2 751 MaxSubscriptions = 100;
752 MaxSubscriptionsPerJob = 0;
753 MaxSubscriptionsPerPrinter = 0;
754 MaxSubscriptionsPerUser = 0;
755 DefaultLeaseDuration = 86400;
756 MaxLeaseDuration = 0;
757
1720786e
MS		 758#if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
759 IdleExitTimeout = 60;
760#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
a4d04587 761
0268488e
MS		 762 /*
763 * Setup environment variables...
764 */
765
766 cupsdInitEnv();
767
ef416fc2 768 /*
c41769ff
MS		 769 * Read the cups-files.conf file...
770 */
771
772 if ((fp = cupsFileOpen(CupsFilesFile, "r")) != NULL)
773 {
774 status = read_cups_files_conf(fp);
775
776 cupsFileClose(fp);
777
778 if (!status)
cb7f98ee
MS		 779 {
780 if (TestConfigFile)
781 printf("\"%s\" contains errors.\n", CupsFilesFile);
782 else
783 syslog(LOG_LPR, "Unable to read \"%s\" due to errors.",
784 CupsFilesFile);
785
c41769ff 786 return (0);
cb7f98ee 787 }
c41769ff
MS		 788 }
789 else if (errno == ENOENT)
790 cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile);
791 else
792 {
cb7f98ee
MS		 793 syslog(LOG_LPR, "Unable to open \"%s\": %s", CupsFilesFile,
794 strerror(errno));
c41769ff
MS		 795 return (0);
796 }
797
798 if (!ErrorLog)
799 cupsdSetString(&ErrorLog, CUPS_LOGDIR "/error_log");
800
801 /*
802 * Read the cupsd.conf file...
ef416fc2 803 */
804
805 if ((fp = cupsFileOpen(ConfigurationFile, "r")) == NULL)
c41769ff 806 {
cb7f98ee
MS		 807 syslog(LOG_LPR, "Unable to open \"%s\": %s", ConfigurationFile,
808 strerror(errno));
ef416fc2 809 return (0);
c41769ff 810 }
ef416fc2 811
c41769ff 812 status = read_cupsd_conf(fp);
ef416fc2 813
814 cupsFileClose(fp);
815
816 if (!status)
cb7f98ee
MS		 817 {
818 if (TestConfigFile)
819 printf("\"%s\" contains errors.\n", ConfigurationFile);
820 else
821 syslog(LOG_LPR, "Unable to read \"%s\" due to errors.",
822 ConfigurationFile);
823
ef416fc2 824 return (0);
cb7f98ee 825 }
ef416fc2 826
4744bd90 827 RunUser = getuid();
ef416fc2 828
d1c13e16 829 cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
f11a948a 830 RemotePort ? "enabled" : "disabled");
d1c13e16 831
5a6b583a
MS		 832 if (!RemotePort)
833 BrowseLocalProtocols = 0; /* Disable sharing - no remote access */
834
8ca02f3c 835 /*
836 * See if the ServerName is an IP address...
837 */
838
f11a948a
MS		 839 if (ServerName)
840 {
841 if (!ServerAlias)
842 ServerAlias = cupsArrayNew(NULL, NULL);
843
844 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", ServerName);
845 }
846 else
d1c13e16 847 {
e07d4801 848 if (gethostname(temp, sizeof(temp)))
d1c13e16
MS		 849 {
850 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get hostname: %s",
851 strerror(errno));
852 strlcpy(temp, "localhost", sizeof(temp));
853 }
854
855 cupsdSetString(&ServerName, temp);
e07d4801
MS		 856
857 if (!ServerAlias)
858 ServerAlias = cupsArrayNew(NULL, NULL);
859
860 cupsdAddAlias(ServerAlias, temp);
861 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
862
f11a948a 863 if (HostNameLookups || RemotePort)
e07d4801
MS		 864 {
865 struct hostent *host; /* Host entry to get FQDN */
866
867 if ((host = gethostbyname(temp)) != NULL)
868 {
88f9aafc 869 if (_cups_strcasecmp(temp, host->h_name))
e07d4801
MS		 870 {
871 cupsdSetString(&ServerName, host->h_name);
872 cupsdAddAlias(ServerAlias, host->h_name);
873 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
874 host->h_name);
875 }
876
877 if (host->h_aliases)
878 {
879 for (i = 0; host->h_aliases[i]; i ++)
88f9aafc 880 if (_cups_strcasecmp(temp, host->h_aliases[i]))
e07d4801
MS		 881 {
882 cupsdAddAlias(ServerAlias, host->h_aliases[i]);
883 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
884 host->h_aliases[i]);
885 }
886 }
887 }
888 }
889
890 /*
891 * Make sure we have the base hostname added as an alias, too!
892 */
893
894 if ((slash = strchr(temp, '.')) != NULL)
895 {
896 *slash = '\0';
897 cupsdAddAlias(ServerAlias, temp);
898 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
899 }
d1c13e16
MS		 900 }
901
8ca02f3c 902 for (slash = ServerName; isdigit(*slash & 255) || *slash == '.'; slash ++);
903
904 ServerNameIsIP = !*slash;
905
d1c13e16
MS		 906 /*
907 * Make sure ServerAdmin is initialized...
908 */
909
910 if (!ServerAdmin)
911 cupsdSetStringf(&ServerAdmin, "root@%s", ServerName);
912
ef416fc2 913 /*
914 * Use the default system group if none was supplied in cupsd.conf...
915 */
916
917 if (NumSystemGroups == 0)
bd7854cb 918 {
919 if (!parse_groups(CUPS_DEFAULT_SYSTEM_GROUPS))
920 {
921 /*
922 * Find the group associated with GID 0...
923 */
924
925 group = getgrgid(0);
926 endgrent();
927
928 if (group != NULL)
929 cupsdSetString(&SystemGroups[0], group->gr_name);
930 else
931 cupsdSetString(&SystemGroups[0], "unknown");
932
933 SystemGroupIDs[0] = 0;
934 NumSystemGroups = 1;
935 }
936 }
ef416fc2 937
cb7f98ee
MS		 938 /*
939 * Make sure ConfigFilePerm and LogFilePerm have sane values...
940 */
941
942 ConfigFilePerm &= 0664;
943 LogFilePerm &= 0664;
944
ef416fc2 945 /*
946 * Open the system log for cupsd if necessary...
947 */
948
949#ifdef HAVE_VSYSLOG
950 if (!strcmp(AccessLog, "syslog") ||
951 !strcmp(ErrorLog, "syslog") ||
952 !strcmp(PageLog, "syslog"))
953 openlog("cupsd", LOG_PID | LOG_NOWAIT | LOG_NDELAY, LOG_LPR);
954#endif /* HAVE_VSYSLOG */
955
22c9029b
MS		 956 /*
957 * Make sure each of the log files exists and gets rotated as necessary...
958 */
959
eac3a0a0 960 if (strcmp(AccessLog, "syslog"))
22c9029b
MS		 961 cupsdCheckLogFile(&AccessFile, AccessLog);
962
eac3a0a0 963 if (strcmp(ErrorLog, "syslog"))
22c9029b
MS		 964 cupsdCheckLogFile(&ErrorFile, ErrorLog);
965
eac3a0a0 966 if (strcmp(PageLog, "syslog"))
22c9029b
MS		 967 cupsdCheckLogFile(&PageFile, PageLog);
968
ef416fc2 969 /*
970 * Log the configuration file that was used...
971 */
972
973 cupsdLogMessage(CUPSD_LOG_INFO, "Loaded configuration file \"%s\"",
974 ConfigurationFile);
975
976 /*
977 * Validate the Group and SystemGroup settings - they cannot be the same,
978 * otherwise the CGI programs will be able to authenticate as root without
979 * a password!
980 */
981
982 if (!RunUser)
983 {
984 for (i = 0; i < NumSystemGroups; i ++)
985 if (Group == SystemGroupIDs[i])
986 break;
987
988 if (i < NumSystemGroups)
989 {
990 /*
991 * Log the error and reset the group to a safe value...
992 */
993
994 cupsdLogMessage(CUPSD_LOG_NOTICE,
c8fef167 995 "Group and SystemGroup cannot use the same groups.");
ef416fc2 996 cupsdLogMessage(CUPSD_LOG_INFO, "Resetting Group to \"nobody\"...");
997
998 group = getgrnam("nobody");
999 endgrent();
1000
1001 if (group != NULL)
1002 Group = group->gr_gid;
1003 else
1004 {
1005 /*
1006 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
1007 * complement number...)
1008 */
1009
1010 Group = 65534;
1011 }
1012 }
1013 }
1014
1015 /*
1016 * Check that we have at least one listen/port line; if not, report this
1017 * as an error and exit!
1018 */
1019
bd7854cb 1020 if (cupsArrayCount(Listeners) == 0)
ef416fc2 1021 {
1022 /*
1023 * No listeners!
1024 */
1025
1026 cupsdLogMessage(CUPSD_LOG_EMERG,
49d87452 1027 "No valid Listen or Port lines were found in the "
c8fef167 1028 "configuration file.");
ef416fc2 1029
1030 /*
1031 * Commit suicide...
1032 */
1033
1034 cupsdEndProcess(getpid(), 0);
1035 }
1036
1037 /*
1038 * Set the default locale using the language and charset...
1039 */
1040
f8b3a85b 1041 cupsdSetStringf(&DefaultLocale, "%s.UTF-8", DefaultLanguage);
ef416fc2 1042
1043 /*
1044 * Update all relative filenames to include the full path from ServerRoot...
1045 */
1046
1047 if (DocumentRoot[0] != '/')
1048 cupsdSetStringf(&DocumentRoot, "%s/%s", ServerRoot, DocumentRoot);
1049
1050 if (RequestRoot[0] != '/')
1051 cupsdSetStringf(&RequestRoot, "%s/%s", ServerRoot, RequestRoot);
1052
1053 if (ServerBin[0] != '/')
1054 cupsdSetStringf(&ServerBin, "%s/%s", ServerRoot, ServerBin);
1055
1056 if (StateDir[0] != '/')
1057 cupsdSetStringf(&StateDir, "%s/%s", ServerRoot, StateDir);
1058
1059 if (CacheDir[0] != '/')
1060 cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir);
1061
1062#ifdef HAVE_SSL
72d05bc9
MS		 1063 if (ServerKeychain[0] != '/')
1064 cupsdSetStringf(&ServerKeychain, "%s/%s", ServerRoot, ServerKeychain);
097488cf 1065
5bc8ea66 1066 cupsdLogMessage(CUPSD_LOG_DEBUG, "Using keychain \"%s\" for server name \"%s\".", ServerKeychain, ServerName);
097488cf 1067 cupsSetServerCredentials(ServerKeychain, ServerName, 1);
ef416fc2 1068#endif /* HAVE_SSL */
1069
1070 /*
1071 * Make sure that directories and config files are owned and
1072 * writable by the user and group in the cupsd.conf file...
1073 */
1074
ae71f5de
MS		 1075 snprintf(temp, sizeof(temp), "%s/rss", CacheDir);
1076
49d87452
MS		 1077 if ((cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser,
1078 Group, 1, 1) < 0 ||
1079 cupsdCheckPermissions(CacheDir, NULL, 0775, RunUser,
1080 Group, 1, 1) < 0 ||
1081 cupsdCheckPermissions(temp, NULL, 0775, RunUser,
1082 Group, 1, 1) < 0 ||
1083 cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
1084 Group, 1, 1) < 0 ||
1085 cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
1086 SystemGroupIDs[0], 1, 1) < 0 ||
ef55b745 1087 cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
49d87452
MS		 1088 Group, 1, 0) < 0 ||
1089 cupsdCheckPermissions(ServerRoot, "ppd", 0755, RunUser,
1090 Group, 1, 1) < 0 ||
1091 cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser,
1092 Group, 1, 0) < 0 ||
cb7f98ee
MS		 1093 cupsdCheckPermissions(ConfigurationFile, NULL, ConfigFilePerm, RunUser,
1094 Group, 0, 0) < 0 ||
1095 cupsdCheckPermissions(CupsFilesFile, NULL, ConfigFilePerm, RunUser,
49d87452
MS		 1096 Group, 0, 0) < 0 ||
1097 cupsdCheckPermissions(ServerRoot, "classes.conf", 0600, RunUser,
1098 Group, 0, 0) < 0 ||
1099 cupsdCheckPermissions(ServerRoot, "printers.conf", 0600, RunUser,
1100 Group, 0, 0) < 0 ||
1101 cupsdCheckPermissions(ServerRoot, "passwd.md5", 0600, User,
1102 Group, 0, 0) < 0) &&
1103 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
d09495fa 1104 return (0);
ef416fc2 1105
b423cd4c 1106 /*
1107 * Update TempDir to the default if it hasn't been set already...
1108 */
1109
0fa6c7fa
MS		 1110#ifdef __APPLE__
1111 if (TempDir && !RunUser &&
1112 (!strncmp(TempDir, "/private/tmp", 12) || !strncmp(TempDir, "/tmp", 4)))
1113 {
1114 cupsdLogMessage(CUPSD_LOG_ERROR, "Cannot use %s for TempDir.", TempDir);
1115 cupsdClearString(&TempDir);
1116 }
1117#endif /* __APPLE__ */
1118
b423cd4c 1119 if (!TempDir)
1120 {
9c80ffa2
MS		 1121#ifdef __APPLE__
1122 if ((tmpdir = getenv("TMPDIR")) != NULL &&
0fa6c7fa 1123 strncmp(tmpdir, "/private/tmp", 12) && strncmp(tmpdir, "/tmp", 4))
9c80ffa2 1124#else
b423cd4c 1125 if ((tmpdir = getenv("TMPDIR")) != NULL)
9c80ffa2 1126#endif /* __APPLE__ */
b423cd4c 1127 {
1128 /*
1129 * TMPDIR is defined, see if it is OK for us to use...
1130 */
1131
1132 if (stat(tmpdir, &tmpinfo))
1133 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to access TMPDIR (%s): %s",
1134 tmpdir, strerror(errno));
1135 else if (!S_ISDIR(tmpinfo.st_mode))
c8fef167 1136 cupsdLogMessage(CUPSD_LOG_ERROR, "TMPDIR (%s) is not a directory.",
b423cd4c 1137 tmpdir);
1138 else if ((tmpinfo.st_uid != User || !(tmpinfo.st_mode & S_IWUSR)) &&
1139 (tmpinfo.st_gid != Group || !(tmpinfo.st_mode & S_IWGRP)) &&
1140 !(tmpinfo.st_mode & S_IWOTH))
1141 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 1142 "TMPDIR (%s) has the wrong permissions.", tmpdir);
b423cd4c 1143 else
1144 cupsdSetString(&TempDir, tmpdir);
b423cd4c 1145 }
0fa6c7fa 1146 }
b423cd4c 1147
0fa6c7fa
MS		 1148 if (!TempDir)
1149 {
1150 cupsdLogMessage(CUPSD_LOG_INFO, "Using default TempDir of %s/tmp...",
1151 RequestRoot);
1152 cupsdSetStringf(&TempDir, "%s/tmp", RequestRoot);
b423cd4c 1153 }
1154
878389c8
MS		 1155 setenv("TMPDIR", TempDir, 1);
1156
ef416fc2 1157 /*
b94498cf 1158 * Make sure the temporary directory has the right permissions...
ef416fc2 1159 */
1160
ef416fc2 1161 if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)) ||
1162 access(TempDir, 0))
1163 {
1164 /*
1165 * Update ownership and permissions if the CUPS temp directory
1166 * is under the spool directory or does not exist...
1167 */
1168
49d87452
MS		 1169 if (cupsdCheckPermissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0 &&
1170 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
d09495fa 1171 return (0);
ef416fc2 1172 }
1173
ef416fc2 1174 /*
0268488e 1175 * Update environment variables...
ef416fc2 1176 */
1177
0268488e 1178 cupsdUpdateEnv();
ef416fc2 1179
c5571a1d
MS		 1180 /*
1181 * Update default paper size setting as needed...
1182 */
1183
1184 if (!DefaultPaperSize)
1185 {
1186#ifdef HAVE_LIBPAPER
1187 char *paper_result; /* Paper size name from libpaper */
1188
1189 if ((paper_result = systempapername()) != NULL)
1190 cupsdSetString(&DefaultPaperSize, paper_result);
1191 else
1192#endif /* HAVE_LIBPAPER */
1193 if (!DefaultLanguage ||
88f9aafc
MS		 1194 !_cups_strcasecmp(DefaultLanguage, "C") ||
1195 !_cups_strcasecmp(DefaultLanguage, "POSIX") ||
1196 !_cups_strcasecmp(DefaultLanguage, "en") ||
1197 !_cups_strncasecmp(DefaultLanguage, "en.", 3) ||
1198 !_cups_strncasecmp(DefaultLanguage, "en_US", 5) ||
1199 !_cups_strncasecmp(DefaultLanguage, "en_CA", 5) ||
1200 !_cups_strncasecmp(DefaultLanguage, "fr_CA", 5))
c5571a1d
MS		 1201 {
1202 /*
1203 * These are the only locales that will default to "letter" size...
1204 */
1205
1206 cupsdSetString(&DefaultPaperSize, "Letter");
1207 }
1208 else
1209 cupsdSetString(&DefaultPaperSize, "A4");
1210 }
1211
1212 /*
1213 * Update classification setting as needed...
1214 */
1215
88f9aafc 1216 if (Classification && !_cups_strcasecmp(Classification, "none"))
c5571a1d
MS		 1217 cupsdClearString(&Classification);
1218
1219 if (Classification)
1220 cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
1221
ef416fc2 1222 /*
1223 * Check the MaxClients setting, and then allocate memory for it...
1224 */
1225
1226 if (MaxClients > (MaxFDs / 3) || MaxClients <= 0)
1227 {
1228 if (MaxClients > 0)
49d87452
MS		 1229 cupsdLogMessage(CUPSD_LOG_INFO,
1230 "MaxClients limited to 1/3 (%d) of the file descriptor "
1231 "limit (%d)...",
1232 MaxFDs / 3, MaxFDs);
ef416fc2 1233
1234 MaxClients = MaxFDs / 3;
1235 }
1236
bd7854cb 1237 cupsdLogMessage(CUPSD_LOG_INFO, "Configured for up to %d clients.",
1238 MaxClients);
ef416fc2 1239
1240 /*
1241 * Check the MaxActiveJobs setting; limit to 1/3 the available
1242 * file descriptors, since we need a pipe for each job...
1243 */
1244
1245 if (MaxActiveJobs > (MaxFDs / 3))
1246 MaxActiveJobs = MaxFDs / 3;
1247
ef416fc2 1248 /*
1249 * Update the MaxClientsPerHost value, as needed...
1250 */
1251
1252 if (MaxClientsPerHost <= 0)
1253 MaxClientsPerHost = MaxClients;
1254
1255 if (MaxClientsPerHost > MaxClients)
1256 MaxClientsPerHost = MaxClients;
1257
1258 cupsdLogMessage(CUPSD_LOG_INFO,
1259 "Allowing up to %d client connections per host.",
1260 MaxClientsPerHost);
1261
1262 /*
1263 * Update the default policy, as needed...
1264 */
1265
1266 if (DefaultPolicy)
1267 DefaultPolicyPtr = cupsdFindPolicy(DefaultPolicy);
1268 else
1269 DefaultPolicyPtr = NULL;
1270
1271 if (!DefaultPolicyPtr)
1272 {
ef416fc2 1273 cupsd_location_t *po; /* New policy operation */
1274
1275
1276 if (DefaultPolicy)
c8fef167 1277 cupsdLogMessage(CUPSD_LOG_ERROR, "Default policy \"%s\" not found.",
ef416fc2 1278 DefaultPolicy);
1279
e1d6a774 1280 cupsdSetString(&DefaultPolicy, "default");
1281
ef416fc2 1282 if ((DefaultPolicyPtr = cupsdFindPolicy("default")) != NULL)
1283 cupsdLogMessage(CUPSD_LOG_INFO,
c8fef167 1284 "Using policy \"default\" as the default.");
ef416fc2 1285 else
1286 {
1287 cupsdLogMessage(CUPSD_LOG_INFO,
1288 "Creating CUPS default administrative policy:");
1289
1290 DefaultPolicyPtr = p = cupsdAddPolicy("default");
1291
1292 cupsdLogMessage(CUPSD_LOG_INFO, "<Policy default>");
10d09e33
MS		 1293
1294 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateAccess default");
1295 cupsdAddString(&(p->job_access), "@OWNER");
1296 cupsdAddString(&(p->job_access), "@SYSTEM");
1297
1298 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateValues default");
1299 cupsdAddString(&(p->job_attrs), "job-name");
1300 cupsdAddString(&(p->job_attrs), "job-originating-host-name");
1301 cupsdAddString(&(p->job_attrs), "job-originating-user-name");
1302
1303 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateAccess default");
1304 cupsdAddString(&(p->sub_access), "@OWNER");
1305 cupsdAddString(&(p->sub_access), "@SYSTEM");
1306
1307 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateValues default");
1308 cupsdAddString(&(p->job_attrs), "notify-events");
1309 cupsdAddString(&(p->job_attrs), "notify-pull-method");
1310 cupsdAddString(&(p->job_attrs), "notify-recipient-uri");
1311 cupsdAddString(&(p->job_attrs), "notify-subscriber-user-name");
1312 cupsdAddString(&(p->job_attrs), "notify-user-data");
1313
c7017ecc
MS		 1314 cupsdLogMessage(CUPSD_LOG_INFO,
1315 "<Limit Create-Job Print-Job Print-URI Validate-Job>");
1316 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1317
1318 po = cupsdAddPolicyOp(p, NULL, IPP_CREATE_JOB);
1319 po->order_type = CUPSD_AUTH_ALLOW;
1320
1321 cupsdAddPolicyOp(p, po, IPP_PRINT_JOB);
1322 cupsdAddPolicyOp(p, po, IPP_PRINT_URI);
1323 cupsdAddPolicyOp(p, po, IPP_VALIDATE_JOB);
1324
1325 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1326
ef416fc2 1327 cupsdLogMessage(CUPSD_LOG_INFO,
1328 "<Limit Send-Document Send-URI Cancel-Job Hold-Job "
1329 "Release-Job Restart-Job Purge-Jobs "
1330 "Set-Job-Attributes Create-Job-Subscription "
1331 "Renew-Subscription Cancel-Subscription "
1332 "Get-Notifications Reprocess-Job Cancel-Current-Job "
10d09e33 1333 "Suspend-Current-Job Resume-Job "
aaf19ab0 1334 "Cancel-My-Jobs Close-Job CUPS-Move-Job "
2e4ff8af 1335 "CUPS-Authenticate-Job CUPS-Get-Document>");
ef416fc2 1336 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1337
1338 po = cupsdAddPolicyOp(p, NULL, IPP_SEND_DOCUMENT);
5bd77a73
MS		 1339 po->order_type = CUPSD_AUTH_ALLOW;
1340 po->level = CUPSD_AUTH_USER;
ef416fc2 1341
1342 cupsdAddName(po, "@OWNER");
1343 cupsdAddName(po, "@SYSTEM");
1344 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @OWNER @SYSTEM");
1345
1346 cupsdAddPolicyOp(p, po, IPP_SEND_URI);
1347 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOB);
1348 cupsdAddPolicyOp(p, po, IPP_HOLD_JOB);
1349 cupsdAddPolicyOp(p, po, IPP_RELEASE_JOB);
1350 cupsdAddPolicyOp(p, po, IPP_RESTART_JOB);
1351 cupsdAddPolicyOp(p, po, IPP_PURGE_JOBS);
1352 cupsdAddPolicyOp(p, po, IPP_SET_JOB_ATTRIBUTES);
1353 cupsdAddPolicyOp(p, po, IPP_CREATE_JOB_SUBSCRIPTION);
1354 cupsdAddPolicyOp(p, po, IPP_RENEW_SUBSCRIPTION);
1355 cupsdAddPolicyOp(p, po, IPP_CANCEL_SUBSCRIPTION);
1356 cupsdAddPolicyOp(p, po, IPP_GET_NOTIFICATIONS);
1357 cupsdAddPolicyOp(p, po, IPP_REPROCESS_JOB);
1358 cupsdAddPolicyOp(p, po, IPP_CANCEL_CURRENT_JOB);
1359 cupsdAddPolicyOp(p, po, IPP_SUSPEND_CURRENT_JOB);
1360 cupsdAddPolicyOp(p, po, IPP_RESUME_JOB);
aaf19ab0
MS		 1361 cupsdAddPolicyOp(p, po, IPP_CANCEL_MY_JOBS);
1362 cupsdAddPolicyOp(p, po, IPP_CLOSE_JOB);
ef416fc2 1363 cupsdAddPolicyOp(p, po, CUPS_MOVE_JOB);
1364 cupsdAddPolicyOp(p, po, CUPS_AUTHENTICATE_JOB);
2e4ff8af 1365 cupsdAddPolicyOp(p, po, CUPS_GET_DOCUMENT);
ef416fc2 1366
1367 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1368
1369 cupsdLogMessage(CUPSD_LOG_INFO,
1370 "<Limit Pause-Printer Resume-Printer "
1371 "Set-Printer-Attributes Enable-Printer "
1372 "Disable-Printer Pause-Printer-After-Current-Job "
1373 "Hold-New-Jobs Release-Held-New-Jobs "
1374 "Deactivate-Printer Activate-Printer Restart-Printer "
1375 "Shutdown-Printer Startup-Printer Promote-Job "
10d09e33 1376 "Schedule-Job-After Cancel-Jobs CUPS-Add-Printer "
ef416fc2 1377 "CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class "
1378 "CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>");
1379 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
bc44d920 1380 cupsdLogMessage(CUPSD_LOG_INFO, "AuthType Default");
ef416fc2 1381
1382 po = cupsdAddPolicyOp(p, NULL, IPP_PAUSE_PRINTER);
5bd77a73
MS		 1383 po->order_type = CUPSD_AUTH_ALLOW;
1384 po->type = CUPSD_AUTH_DEFAULT;
1385 po->level = CUPSD_AUTH_USER;
ef416fc2 1386
1387 cupsdAddName(po, "@SYSTEM");
1388 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @SYSTEM");
1389
1390 cupsdAddPolicyOp(p, po, IPP_RESUME_PRINTER);
1391 cupsdAddPolicyOp(p, po, IPP_SET_PRINTER_ATTRIBUTES);
1392 cupsdAddPolicyOp(p, po, IPP_ENABLE_PRINTER);
1393 cupsdAddPolicyOp(p, po, IPP_DISABLE_PRINTER);
1394 cupsdAddPolicyOp(p, po, IPP_PAUSE_PRINTER_AFTER_CURRENT_JOB);
1395 cupsdAddPolicyOp(p, po, IPP_HOLD_NEW_JOBS);
1396 cupsdAddPolicyOp(p, po, IPP_RELEASE_HELD_NEW_JOBS);
1397 cupsdAddPolicyOp(p, po, IPP_DEACTIVATE_PRINTER);
1398 cupsdAddPolicyOp(p, po, IPP_ACTIVATE_PRINTER);
1399 cupsdAddPolicyOp(p, po, IPP_RESTART_PRINTER);
1400 cupsdAddPolicyOp(p, po, IPP_SHUTDOWN_PRINTER);
1401 cupsdAddPolicyOp(p, po, IPP_STARTUP_PRINTER);
1402 cupsdAddPolicyOp(p, po, IPP_PROMOTE_JOB);
1403 cupsdAddPolicyOp(p, po, IPP_SCHEDULE_JOB_AFTER);
10d09e33 1404 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOBS);
ef416fc2 1405 cupsdAddPolicyOp(p, po, CUPS_ADD_PRINTER);
1406 cupsdAddPolicyOp(p, po, CUPS_DELETE_PRINTER);
1407 cupsdAddPolicyOp(p, po, CUPS_ADD_CLASS);
1408 cupsdAddPolicyOp(p, po, CUPS_DELETE_CLASS);
1409 cupsdAddPolicyOp(p, po, CUPS_ACCEPT_JOBS);
1410 cupsdAddPolicyOp(p, po, CUPS_REJECT_JOBS);
1411 cupsdAddPolicyOp(p, po, CUPS_SET_DEFAULT);
1412
1413 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1414
1415 cupsdLogMessage(CUPSD_LOG_INFO, "<Limit All>");
1416 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1417
1418 po = cupsdAddPolicyOp(p, NULL, IPP_ANY_OPERATION);
5bd77a73 1419 po->order_type = CUPSD_AUTH_ALLOW;
ef416fc2 1420
1421 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1422 cupsdLogMessage(CUPSD_LOG_INFO, "</Policy>");
1423 }
1424 }
1425
bd7854cb 1426 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: NumPolicies=%d",
2e4ff8af
MS		 1427 cupsArrayCount(Policies));
1428 for (i = 0, p = (cupsd_policy_t *)cupsArrayFirst(Policies);
1429 p;
1430 i ++, p = (cupsd_policy_t *)cupsArrayNext(Policies))
bd7854cb 1431 cupsdLogMessage(CUPSD_LOG_DEBUG2,
2e4ff8af 1432 "cupsdReadConfiguration: Policies[%d]=\"%s\"", i, p->name);
ef416fc2 1433
1434 /*
1435 * If we are doing a full reload or the server root has changed, flush
1436 * the jobs, printers, etc. and start from scratch...
1437 */
1438
1439 if (NeedReload == RELOAD_ALL ||
f11a948a 1440 old_remote_port != RemotePort ||
ef416fc2 1441 !old_serverroot || !ServerRoot || strcmp(old_serverroot, ServerRoot) ||
1442 !old_requestroot || !RequestRoot || strcmp(old_requestroot, RequestRoot))
1443 {
fa73b229 1444 mime_type_t *type; /* Current type */
1445 char mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE];
1446 /* MIME type name */
1447
1448
ef416fc2 1449 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload is required.");
1450
1451 /*
1452 * Free all memory...
1453 */
1454
1455 cupsdDeleteAllSubscriptions();
1456 cupsdFreeAllJobs();
ef416fc2 1457 cupsdDeleteAllPrinters();
1458
1459 DefaultPrinter = NULL;
1460
1461 if (MimeDatabase != NULL)
1462 mimeDelete(MimeDatabase);
1463
1464 if (NumMimeTypes)
1465 {
1466 for (i = 0; i < NumMimeTypes; i ++)
757d2cad 1467 _cupsStrFree(MimeTypes[i]);
ef416fc2 1468
1469 free(MimeTypes);
1470 }
1471
1472 /*
1473 * Read the MIME type and conversion database...
1474 */
1475
1476 snprintf(temp, sizeof(temp), "%s/filter", ServerBin);
dd1abb6b 1477 snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir);
ef416fc2 1478
eac3a0a0
MS		 1479 MimeDatabase = mimeNew();
1480 mimeSetErrorCallback(MimeDatabase, mime_error_cb, NULL);
1481
1482 MimeDatabase = mimeLoadTypes(MimeDatabase, mimedir);
75bd9771
MS		 1483 MimeDatabase = mimeLoadTypes(MimeDatabase, ServerRoot);
1484 MimeDatabase = mimeLoadFilters(MimeDatabase, mimedir, temp);
1485 MimeDatabase = mimeLoadFilters(MimeDatabase, ServerRoot, temp);
ef416fc2 1486
1487 if (!MimeDatabase)
1488 {
1489 cupsdLogMessage(CUPSD_LOG_EMERG,
c8fef167 1490 "Unable to load MIME database from \"%s\" or \"%s\".",
75bd9771 1491 mimedir, ServerRoot);
49d87452
MS		 1492 if (FatalErrors & CUPSD_FATAL_CONFIG)
1493 return (0);
ef416fc2 1494 }
1495
1496 cupsdLogMessage(CUPSD_LOG_INFO,
75bd9771
MS		 1497 "Loaded MIME database from \"%s\" and \"%s\": %d types, "
1498 "%d filters...", mimedir, ServerRoot,
1499 mimeNumTypes(MimeDatabase), mimeNumFilters(MimeDatabase));
ef416fc2 1500
1501 /*
1502 * Create a list of MIME types for the document-format-supported
1503 * attribute...
1504 */
1505
fa73b229 1506 NumMimeTypes = mimeNumTypes(MimeDatabase);
ef416fc2 1507 if (!mimeType(MimeDatabase, "application", "octet-stream"))
1508 NumMimeTypes ++;
1509
7e86f2f6 1510 if ((MimeTypes = calloc((size_t)NumMimeTypes, sizeof(const char *))) == NULL)
ef416fc2 1511 {
91c84a35 1512 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 1513 "Unable to allocate memory for %d MIME types.",
91c84a35
MS		 1514 NumMimeTypes);
1515 NumMimeTypes = 0;
ef416fc2 1516 }
91c84a35
MS		 1517 else
1518 {
1519 for (i = 0, type = mimeFirstType(MimeDatabase);
1520 type;
1521 i ++, type = mimeNextType(MimeDatabase))
1522 {
1523 snprintf(mimetype, sizeof(mimetype), "%s/%s", type->super, type->type);
1524
1525 MimeTypes[i] = _cupsStrAlloc(mimetype);
1526 }
ef416fc2 1527
91c84a35
MS		 1528 if (i < NumMimeTypes)
1529 MimeTypes[i] = _cupsStrAlloc("application/octet-stream");
1530 }
bd7854cb 1531
1532 if (LogLevel == CUPSD_LOG_DEBUG2)
1533 {
1534 mime_filter_t *filter; /* Current filter */
1535
1536
1537 for (type = mimeFirstType(MimeDatabase);
1538 type;
1539 type = mimeNextType(MimeDatabase))
1540 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: type %s/%s",
1541 type->super, type->type);
1542
1543 for (filter = mimeFirstFilter(MimeDatabase);
1544 filter;
1545 filter = mimeNextFilter(MimeDatabase))
1546 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1547 "cupsdReadConfiguration: filter %s/%s to %s/%s %d %s",
1548 filter->src->super, filter->src->type,
1549 filter->dst->super, filter->dst->type,
1550 filter->cost, filter->filter);
1551 }
ef416fc2 1552
1553 /*
1554 * Load banners...
1555 */
1556
1557 snprintf(temp, sizeof(temp), "%s/banners", DataDir);
1558 cupsdLoadBanners(temp);
1559
1560 /*
1561 * Load printers and classes...
1562 */
1563
1564 cupsdLoadAllPrinters();
1565 cupsdLoadAllClasses();
ef416fc2 1566
1567 cupsdCreateCommonData();
1568
68b10830
MS		 1569 /*
1570 * Update the printcap file as needed...
1571 */
1572
1573 if (Printcap && *Printcap && access(Printcap, 0))
1574 cupsdWritePrintcap();
1575
ef416fc2 1576 /*
1577 * Load queued jobs...
1578 */
1579
1580 cupsdLoadAllJobs();
1581
1582 /*
1583 * Load subscriptions...
1584 */
1585
1586 cupsdLoadAllSubscriptions();
1587
1588 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload complete.");
1589 }
1590 else
1591 {
1592 /*
1593 * Not a full reload, so recreate the common printer attributes...
1594 */
1595
1596 cupsdCreateCommonData();
1597
82cc1f9a
MS		 1598 /*
1599 * Update all jobs as needed...
1600 */
1601
1602 cupsdUpdateJobs();
1603
ef416fc2 1604 /*
1605 * Update all printers as needed...
1606 */
1607
1608 cupsdUpdatePrinters();
3dfe78b3 1609 cupsdMarkDirty(CUPSD_DIRTY_PRINTCAP);
ef416fc2 1610
1611 cupsdLogMessage(CUPSD_LOG_INFO, "Partial reload complete.");
1612 }
1613
1614 /*
1615 * Reset the reload state...
1616 */
1617
1618 NeedReload = RELOAD_NONE;
1619
1620 cupsdClearString(&old_serverroot);
1621 cupsdClearString(&old_requestroot);
1622
ef416fc2 1623 return (1);
1624}
1625
1626
1627/*
1628 * 'get_address()' - Get an address + port number from a line.
1629 */
1630
1631static http_addrlist_t * /* O - Pointer to list if address good, NULL if bad */
1632get_address(const char *value, /* I - Value string */
1633 int defport) /* I - Default port */
1634{
1635 char buffer[1024], /* Hostname + port number buffer */
1636 defpname[255], /* Default port name */
1637 *hostname, /* Hostname or IP */
1638 *portname; /* Port number or name */
1639 http_addrlist_t *addrlist; /* Address list */
1640
1641
1642 /*
1643 * Check for an empty value...
1644 */
1645
1646 if (!*value)
1647 {
c8fef167 1648 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad (empty) address.");
ef416fc2 1649 return (NULL);
1650 }
1651
1652 /*
1653 * Grab a hostname and port number; if there is no colon and the port name
1654 * is only digits, then we have a port number by itself...
1655 */
1656
1657 strlcpy(buffer, value, sizeof(buffer));
1658
1659 if ((portname = strrchr(buffer, ':')) != NULL && !strchr(portname, ']'))
1660 {
1661 *portname++ = '\0';
1662 hostname = buffer;
1663 }
1664 else
1665 {
1666 for (portname = buffer; isdigit(*portname & 255); portname ++);
1667
1668 if (*portname)
1669 {
1670 /*
1671 * Use the default port...
1672 */
1673
1674 sprintf(defpname, "%d", defport);
1675 portname = defpname;
1676 hostname = buffer;
1677 }
1678 else
1679 {
1680 /*
1681 * The buffer contains just a port number...
1682 */
1683
1684 portname = buffer;
1685 hostname = NULL;
1686 }
1687 }
1688
1689 if (hostname && !strcmp(hostname, "*"))
1690 hostname = NULL;
1691
1692 /*
1693 * Now lookup the address using httpAddrGetList()...
1694 */
1695
1696 if ((addrlist = httpAddrGetList(hostname, AF_UNSPEC, portname)) == NULL)
c8fef167 1697 cupsdLogMessage(CUPSD_LOG_ERROR, "Hostname lookup for \"%s\" failed.",
ef416fc2 1698 hostname ? hostname : "(nil)");
1699
1700 return (addrlist);
1701}
1702
1703
1704/*
1705 * 'get_addr_and_mask()' - Get an IP address and netmask.
1706 */
1707
1708static int /* O - 1 on success, 0 on failure */
1709get_addr_and_mask(const char *value, /* I - String from config file */
1710 unsigned *ip, /* O - Address value */
1711 unsigned *mask) /* O - Mask value */
1712{
1713 int i, j, /* Looping vars */
1714 family, /* Address family */
1715 ipcount; /* Count of fields in address */
1716 unsigned ipval; /* Value */
1717 const char *maskval, /* Pointer to start of mask value */
1718 *ptr, /* Pointer into value */
1719 *ptr2; /* ... */
ef416fc2 1720
1721
1722 /*
1723 * Get the address...
1724 */
1725
b86bc4cf 1726 ip[0] = ip[1] = ip[2] = ip[3] = 0x00000000;
ed486911 1727 mask[0] = mask[1] = mask[2] = mask[3] = 0xffffffff;
ef416fc2 1728
1729 if ((maskval = strchr(value, '/')) != NULL)
1730 maskval ++;
1731 else
1732 maskval = value + strlen(value);
1733
1734#ifdef AF_INET6
1735 /*
1736 * Check for an IPv6 address...
1737 */
1738
1739 if (*value == '[')
1740 {
1741 /*
88f9aafc 1742 * Parse hexadecimal IPv6/IPv4 address...
ef416fc2 1743 */
1744
1745 family = AF_INET6;
1746
1747 for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
1748 {
1749 if (*ptr == ']')
1750 break;
1751 else if (!strncmp(ptr, "::", 2))
1752 {
1753 for (ptr2 = strchr(ptr + 2, ':'), j = 0;
1754 ptr2;
1755 ptr2 = strchr(ptr2 + 1, ':'), j ++);
1756
88f9aafc
MS		 1757 i = 6 - j;
1758 ptr += 2;
1759 }
1760 else if (isdigit(*ptr & 255) && strchr(ptr + 1, '.') && i >= 6)
1761 {
1762 /*
1763 * Read IPv4 dotted quad...
1764 */
1765
1766 unsigned val[4] = { 0, 0, 0, 0 };
1767 /* IPv4 address values */
1768
1769 ipcount = sscanf(ptr, "%u.%u.%u.%u", val + 0, val + 1, val + 2,
1770 val + 3);
1771
1772 /*
1773 * Range check the IP numbers...
1774 */
1775
1776 for (i = 0; i < ipcount; i ++)
1777 if (val[i] > 255)
1778 return (0);
1779
1780 /*
1781 * Merge everything into a 32-bit IPv4 address in ip[3]...
1782 */
1783
da003234
MS		 1784 ip[3] = ((((((unsigned)val[0] << 8) | (unsigned)val[1]) << 8) |
1785 (unsigned)val[2]) << 8) | (unsigned)val[3];
88f9aafc
MS		 1786
1787 if (ipcount < 4)
1788 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1789
1790 /*
1791 * If the leading words are all 0's then this is an IPv4 address...
1792 */
1793
1794 if (!val[0] && !val[1] && !val[2])
1795 family = AF_INET;
1796
1797 while (isdigit(*ptr & 255) || *ptr == '.')
1798 ptr ++;
1799 break;
ef416fc2 1800 }
1801 else if (isxdigit(*ptr & 255))
1802 {
1803 ipval = strtoul(ptr, (char **)&ptr, 16);
1804
88f9aafc
MS		 1805 if (*ptr == ':' && ptr[1] != ':')
1806 ptr ++;
1807
ef416fc2 1808 if (ipval > 0xffff)
1809 return (0);
1810
1811 if (i & 1)
ed486911 1812 ip[i / 2] |= ipval;
ef416fc2 1813 else
ed486911 1814 ip[i / 2] |= ipval << 16;
ef416fc2 1815 }
1816 else
1817 return (0);
ef416fc2 1818 }
1819
ed486911 1820 if (*ptr != ']')
1821 return (0);
1822
1823 ptr ++;
ef416fc2 1824
1825 if (*ptr && *ptr != '/')
1826 return (0);
1827 }
1828 else
1829#endif /* AF_INET6 */
1830 {
1831 /*
1832 * Parse dotted-decimal IPv4 address...
1833 */
1834
88f9aafc 1835 unsigned val[4] = { 0, 0, 0, 0 }; /* IPv4 address values */
ef416fc2 1836
ef416fc2 1837
ed486911 1838 family = AF_INET;
1839 ipcount = sscanf(value, "%u.%u.%u.%u", val + 0, val + 1, val + 2, val + 3);
1840
ef416fc2 1841 /*
ed486911 1842 * Range check the IP numbers...
ef416fc2 1843 */
1844
ed486911 1845 for (i = 0; i < ipcount; i ++)
1846 if (val[i] > 255)
1847 return (0);
ef416fc2 1848
ed486911 1849 /*
1850 * Merge everything into a 32-bit IPv4 address in ip[3]...
1851 */
ef416fc2 1852
da003234
MS		 1853 ip[3] = ((((((unsigned)val[0] << 8) | (unsigned)val[1]) << 8) |
1854 (unsigned)val[2]) << 8) | (unsigned)val[3];
ef416fc2 1855
ed486911 1856 if (ipcount < 4)
1857 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1858 }
ef416fc2 1859
ed486911 1860 if (*maskval)
1861 {
1862 /*
1863 * Get the netmask value(s)...
1864 */
1865
1866 memset(mask, 0, sizeof(unsigned) * 4);
ef416fc2 1867
ef416fc2 1868 if (strchr(maskval, '.'))
1869 {
1870 /*
1871 * Get dotted-decimal mask...
1872 */
1873
ed486911 1874 if (family != AF_INET)
1875 return (0);
1876
88f9aafc
MS		 1877 if (sscanf(maskval, "%u.%u.%u.%u", mask + 0, mask + 1, mask + 2,
1878 mask + 3) != 4)
ef416fc2 1879 return (0);
1880
da003234
MS		 1881 mask[3] |= (((((unsigned)mask[0] << 8) | (unsigned)mask[1]) << 8) |
1882 (unsigned)mask[2]) << 8;
ef416fc2 1883 mask[0] = mask[1] = mask[2] = 0;
1884 }
1885 else
1886 {
1887 /*
1888 * Get address/bits format...
1889 */
1890
1891 i = atoi(maskval);
1892
1893#ifdef AF_INET6
1894 if (family == AF_INET6)
1895 {
ed486911 1896 if (i > 128)
1897 return (0);
1898
ef416fc2 1899 i = 128 - i;
1900
1901 if (i <= 96)
1902 mask[0] = 0xffffffff;
1903 else
1904 mask[0] = (0xffffffff << (i - 96)) & 0xffffffff;
1905
1906 if (i <= 64)
1907 mask[1] = 0xffffffff;
1908 else if (i >= 96)
1909 mask[1] = 0;
1910 else
1911 mask[1] = (0xffffffff << (i - 64)) & 0xffffffff;
1912
1913 if (i <= 32)
1914 mask[2] = 0xffffffff;
1915 else if (i >= 64)
1916 mask[2] = 0;
1917 else
1918 mask[2] = (0xffffffff << (i - 32)) & 0xffffffff;
1919
1920 if (i == 0)
1921 mask[3] = 0xffffffff;
1922 else if (i >= 32)
1923 mask[3] = 0;
1924 else
1925 mask[3] = (0xffffffff << i) & 0xffffffff;
1926 }
1927 else
1928#endif /* AF_INET6 */
1929 {
ed486911 1930 if (i > 32)
1931 return (0);
ef416fc2 1932
1933 mask[0] = 0xffffffff;
1934 mask[1] = 0xffffffff;
1935 mask[2] = 0xffffffff;
1936
ed486911 1937 if (i < 32)
1938 mask[3] = (0xffffffff << (32 - i)) & 0xffffffff;
ef416fc2 1939 else
1940 mask[3] = 0xffffffff;
1941 }
1942 }
1943 }
ef416fc2 1944
1945 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1946 "get_addr_and_mask(value=\"%s\", "
b86bc4cf 1947 "ip=[%08x:%08x:%08x:%08x], mask=[%08x:%08x:%08x:%08x])",
ef416fc2 1948 value, ip[0], ip[1], ip[2], ip[3], mask[0], mask[1], mask[2],
1949 mask[3]);
1950
1951 /*
1952 * Check for a valid netmask; no fallback like in CUPS 1.1.x!
1953 */
1954
1955 if ((ip[0] & ~mask[0]) != 0 ||
1956 (ip[1] & ~mask[1]) != 0 ||
1957 (ip[2] & ~mask[2]) != 0 ||
1958 (ip[3] & ~mask[3]) != 0)
1959 return (0);
1960
1961 return (1);
1962}
1963
1964
eac3a0a0
MS		 1965/*
1966 * 'mime_error_cb()' - Log a MIME error.
1967 */
1968
1969static void
1970mime_error_cb(void *ctx, /* I - Context pointer (unused) */
1971 const char *message) /* I - Message */
1972{
321d8d57
MS		 1973 (void)ctx;
1974
eac3a0a0
MS		 1975 cupsdLogMessage(CUPSD_LOG_ERROR, "%s", message);
1976}
1977
1978
ef416fc2 1979/*
1980 * 'parse_aaa()' - Parse authentication, authorization, and access control lines.
1981 */
1982
1983static int /* O - 1 on success, 0 on failure */
1984parse_aaa(cupsd_location_t *loc, /* I - Location */
1985 char *line, /* I - Line from file */
1986 char *value, /* I - Start of value data */
1987 int linenum) /* I - Current line number */
1988{
1989 char *valptr; /* Pointer into value */
1990 unsigned ip[4], /* IP address components */
1991 mask[4]; /* IP netmask components */
1992
1993
88f9aafc 1994 if (!_cups_strcasecmp(line, "Encryption"))
ef416fc2 1995 {
1996 /*
1997 * "Encryption xxx" - set required encryption level...
1998 */
1999
88f9aafc 2000 if (!_cups_strcasecmp(value, "never"))
ef416fc2 2001 loc->encryption = HTTP_ENCRYPT_NEVER;
88f9aafc 2002 else if (!_cups_strcasecmp(value, "always"))
ef416fc2 2003 {
2004 cupsdLogMessage(CUPSD_LOG_ERROR,
2005 "Encryption value \"%s\" on line %d is invalid in this "
2006 "context. Using \"required\" instead.", value, linenum);
2007
2008 loc->encryption = HTTP_ENCRYPT_REQUIRED;
2009 }
88f9aafc 2010 else if (!_cups_strcasecmp(value, "required"))
ef416fc2 2011 loc->encryption = HTTP_ENCRYPT_REQUIRED;
88f9aafc 2012 else if (!_cups_strcasecmp(value, "ifrequested"))
ef416fc2 2013 loc->encryption = HTTP_ENCRYPT_IF_REQUESTED;
2014 else
2015 {
2016 cupsdLogMessage(CUPSD_LOG_ERROR,
2017 "Unknown Encryption value %s on line %d.", value, linenum);
2018 return (0);
2019 }
2020 }
88f9aafc 2021 else if (!_cups_strcasecmp(line, "Order"))
ef416fc2 2022 {
2023 /*
2024 * "Order Deny,Allow" or "Order Allow,Deny"...
2025 */
2026
88f9aafc 2027 if (!_cups_strncasecmp(value, "deny", 4))
5bd77a73 2028 loc->order_type = CUPSD_AUTH_ALLOW;
88f9aafc 2029 else if (!_cups_strncasecmp(value, "allow", 5))
5bd77a73 2030 loc->order_type = CUPSD_AUTH_DENY;
ef416fc2 2031 else
2032 {
2033 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown Order value %s on line %d.",
2034 value, linenum);
2035 return (0);
2036 }
2037 }
88f9aafc 2038 else if (!_cups_strcasecmp(line, "Allow") || !_cups_strcasecmp(line, "Deny"))
ef416fc2 2039 {
2040 /*
2041 * Allow [From] host/ip...
2042 * Deny [From] host/ip...
2043 */
2044
0af14961 2045 while (*value)
ef416fc2 2046 {
88f9aafc 2047 if (!_cups_strncasecmp(value, "from", 4))
0af14961
MS		 2048 {
2049 /*
2050 * Strip leading "from"...
2051 */
ef416fc2 2052
0af14961 2053 value += 4;
ef416fc2 2054
88f9aafc 2055 while (_cups_isspace(*value))
0af14961 2056 value ++;
ef416fc2 2057
0af14961
MS		 2058 if (!*value)
2059 break;
2060 }
ef416fc2 2061
ef416fc2 2062 /*
0af14961 2063 * Find the end of the value...
ef416fc2 2064 */
2065
88f9aafc 2066 for (valptr = value; *valptr && !_cups_isspace(*valptr); valptr ++);
0af14961 2067
88f9aafc 2068 while (_cups_isspace(*valptr))
0af14961
MS		 2069 *valptr++ = '\0';
2070
ef416fc2 2071 /*
0af14961
MS		 2072 * Figure out what form the allow/deny address takes:
2073 *
2074 * All
2075 * None
2076 * *.domain.com
2077 * .domain.com
2078 * host.domain.com
2079 * nnn.*
2080 * nnn.nnn.*
2081 * nnn.nnn.nnn.*
2082 * nnn.nnn.nnn.nnn
2083 * nnn.nnn.nnn.nnn/mm
2084 * nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
ef416fc2 2085 */
2086
88f9aafc 2087 if (!_cups_strcasecmp(value, "all"))
0af14961
MS		 2088 {
2089 /*
2090 * All hosts...
2091 */
2092
88f9aafc 2093 if (!_cups_strcasecmp(line, "Allow"))
10d09e33 2094 cupsdAddIPMask(&(loc->allow), zeros, zeros);
0af14961 2095 else
10d09e33 2096 cupsdAddIPMask(&(loc->deny), zeros, zeros);
0af14961 2097 }
88f9aafc 2098 else if (!_cups_strcasecmp(value, "none"))
0af14961
MS		 2099 {
2100 /*
2101 * No hosts...
2102 */
2103
88f9aafc 2104 if (!_cups_strcasecmp(line, "Allow"))
10d09e33 2105 cupsdAddIPMask(&(loc->allow), ones, zeros);
0af14961 2106 else
10d09e33 2107 cupsdAddIPMask(&(loc->deny), ones, zeros);
0af14961 2108 }
ed486911 2109#ifdef AF_INET6
ef55b745 2110 else if (value[0] == '*' || value[0] == '.' ||
0af14961 2111 (!isdigit(value[0] & 255) && value[0] != '['))
ed486911 2112#else
0af14961 2113 else if (value[0] == '*' || value[0] == '.' || !isdigit(value[0] & 255))
ed486911 2114#endif /* AF_INET6 */
0af14961
MS		 2115 {
2116 /*
2117 * Host or domain name...
2118 */
ef416fc2 2119
0af14961
MS		 2120 if (value[0] == '*')
2121 value ++;
ef416fc2 2122
88f9aafc 2123 if (!_cups_strcasecmp(line, "Allow"))
10d09e33 2124 cupsdAddNameMask(&(loc->allow), value);
0af14961 2125 else
10d09e33 2126 cupsdAddNameMask(&(loc->deny), value);
0af14961 2127 }
ef416fc2 2128 else
ef416fc2 2129 {
0af14961
MS		 2130 /*
2131 * One of many IP address forms...
2132 */
2133
2134 if (!get_addr_and_mask(value, ip, mask))
2135 {
2136 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d.",
2137 value, linenum);
2138 return (0);
2139 }
2140
88f9aafc 2141 if (!_cups_strcasecmp(line, "Allow"))
10d09e33 2142 cupsdAddIPMask(&(loc->allow), ip, mask);
0af14961 2143 else
10d09e33 2144 cupsdAddIPMask(&(loc->deny), ip, mask);
ef416fc2 2145 }
2146
0af14961
MS		 2147 /*
2148 * Advance to next value...
2149 */
2150
2151 value = valptr;
ef416fc2 2152 }
2153 }
88f9aafc 2154 else if (!_cups_strcasecmp(line, "AuthType"))
ef416fc2 2155 {
2156 /*
bc44d920 2157 * AuthType {none,basic,digest,basicdigest,negotiate,default}
ef416fc2 2158 */
2159
88f9aafc 2160 if (!_cups_strcasecmp(value, "none"))
ef416fc2 2161 {
5bd77a73
MS		 2162 loc->type = CUPSD_AUTH_NONE;
2163 loc->level = CUPSD_AUTH_ANON;
ef416fc2 2164 }
88f9aafc 2165 else if (!_cups_strcasecmp(value, "basic"))
ef416fc2 2166 {
5bd77a73 2167 loc->type = CUPSD_AUTH_BASIC;
ef416fc2 2168
5bd77a73
MS		 2169 if (loc->level == CUPSD_AUTH_ANON)
2170 loc->level = CUPSD_AUTH_USER;
ef416fc2 2171 }
88f9aafc 2172 else if (!_cups_strcasecmp(value, "default"))
bc44d920 2173 {
5bd77a73 2174 loc->type = CUPSD_AUTH_DEFAULT;
bc44d920 2175
5bd77a73
MS		 2176 if (loc->level == CUPSD_AUTH_ANON)
2177 loc->level = CUPSD_AUTH_USER;
ef416fc2 2178 }
f7deaa1a 2179#ifdef HAVE_GSSAPI
88f9aafc 2180 else if (!_cups_strcasecmp(value, "negotiate"))
f7deaa1a 2181 {
5bd77a73 2182 loc->type = CUPSD_AUTH_NEGOTIATE;
f7deaa1a 2183
5bd77a73
MS		 2184 if (loc->level == CUPSD_AUTH_ANON)
2185 loc->level = CUPSD_AUTH_USER;
f7deaa1a 2186 }
2187#endif /* HAVE_GSSAPI */
ef416fc2 2188 else
2189 {
2190 cupsdLogMessage(CUPSD_LOG_WARN,
2191 "Unknown authorization type %s on line %d.",
2192 value, linenum);
2193 return (0);
2194 }
2195 }
88f9aafc 2196 else if (!_cups_strcasecmp(line, "AuthClass"))
ef416fc2 2197 {
2198 /*
2199 * AuthClass anonymous, user, system, group
2200 */
2201
88f9aafc 2202 if (!_cups_strcasecmp(value, "anonymous"))
ef416fc2 2203 {
5bd77a73
MS		 2204 loc->type = CUPSD_AUTH_NONE;
2205 loc->level = CUPSD_AUTH_ANON;
ef416fc2 2206
2207 cupsdLogMessage(CUPSD_LOG_WARN,
2208 "\"AuthClass %s\" is deprecated; consider removing "
2209 "it from line %d.",
2210 value, linenum);
2211 }
88f9aafc 2212 else if (!_cups_strcasecmp(value, "user"))
ef416fc2 2213 {
5bd77a73 2214 loc->level = CUPSD_AUTH_USER;
ef416fc2 2215
2216 cupsdLogMessage(CUPSD_LOG_WARN,
2217 "\"AuthClass %s\" is deprecated; consider using "
2218 "\"Require valid-user\" on line %d.",
2219 value, linenum);
2220 }
88f9aafc 2221 else if (!_cups_strcasecmp(value, "group"))
ef416fc2 2222 {
5bd77a73 2223 loc->level = CUPSD_AUTH_GROUP;
ef416fc2 2224
2225 cupsdLogMessage(CUPSD_LOG_WARN,
2226 "\"AuthClass %s\" is deprecated; consider using "
09a101d6 2227 "\"Require user @groupname\" on line %d.",
ef416fc2 2228 value, linenum);
2229 }
88f9aafc 2230 else if (!_cups_strcasecmp(value, "system"))
ef416fc2 2231 {
5bd77a73 2232 loc->level = CUPSD_AUTH_GROUP;
ef416fc2 2233
2234 cupsdAddName(loc, "@SYSTEM");
2235
2236 cupsdLogMessage(CUPSD_LOG_WARN,
2237 "\"AuthClass %s\" is deprecated; consider using "
09a101d6 2238 "\"Require user @SYSTEM\" on line %d.",
ef416fc2 2239 value, linenum);
2240 }
2241 else
2242 {
2243 cupsdLogMessage(CUPSD_LOG_WARN,
2244 "Unknown authorization class %s on line %d.",
2245 value, linenum);
2246 return (0);
2247 }
2248 }
88f9aafc 2249 else if (!_cups_strcasecmp(line, "AuthGroupName"))
ef416fc2 2250 {
2251 cupsdAddName(loc, value);
2252
2253 cupsdLogMessage(CUPSD_LOG_WARN,
2254 "\"AuthGroupName %s\" directive is deprecated; consider "
09a101d6 2255 "using \"Require user @%s\" on line %d.",
ef416fc2 2256 value, value, linenum);
2257 }
88f9aafc 2258 else if (!_cups_strcasecmp(line, "Require"))
ef416fc2 2259 {
2260 /*
2261 * Apache synonym for AuthClass and AuthGroupName...
2262 *
2263 * Get initial word:
2264 *
2265 * Require valid-user
2266 * Require group names
2267 * Require user names
2268 */
2269
88f9aafc 2270 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
ef416fc2 2271
2272 if (*valptr)
2273 *valptr++ = '\0';
2274
88f9aafc
MS		 2275 if (!_cups_strcasecmp(value, "valid-user") ||
2276 !_cups_strcasecmp(value, "user"))
5bd77a73 2277 loc->level = CUPSD_AUTH_USER;
88f9aafc 2278 else if (!_cups_strcasecmp(value, "group"))
5bd77a73 2279 loc->level = CUPSD_AUTH_GROUP;
ef416fc2 2280 else
2281 {
2282 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Require type %s on line %d.",
2283 value, linenum);
2284 return (0);
2285 }
2286
2287 /*
2288 * Get the list of names from the line...
2289 */
2290
2291 for (value = valptr; *value;)
2292 {
88f9aafc 2293 while (_cups_isspace(*value))
ef416fc2 2294 value ++;
2295
f7deaa1a 2296#ifdef HAVE_AUTHORIZATION_H
2297 if (!strncmp(value, "@AUTHKEY(", 9))
2298 {
2299 /*
2300 * Grab "@AUTHKEY(name)" value...
2301 */
2302
2303 for (valptr = value + 9; *valptr != ')' && *valptr; valptr ++);
2304
2305 if (*valptr)
2306 *valptr++ = '\0';
2307 }
2308 else
2309#endif /* HAVE_AUTHORIZATION_H */
ef416fc2 2310 if (*value == '\"' || *value == '\'')
2311 {
2312 /*
2313 * Grab quoted name...
2314 */
2315
2316 for (valptr = value + 1; *valptr != *value && *valptr; valptr ++);
2317
2318 value ++;
2319 }
2320 else
2321 {
2322 /*
2323 * Grab literal name.
2324 */
2325
88f9aafc 2326 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
ef416fc2 2327 }
2328
2329 if (*valptr)
2330 *valptr++ = '\0';
2331
2332 cupsdAddName(loc, value);
2333
88f9aafc 2334 for (value = valptr; _cups_isspace(*value); value ++);
ef416fc2 2335 }
2336 }
88f9aafc 2337 else if (!_cups_strcasecmp(line, "Satisfy"))
ef416fc2 2338 {
88f9aafc 2339 if (!_cups_strcasecmp(value, "all"))
5bd77a73 2340 loc->satisfy = CUPSD_AUTH_SATISFY_ALL;
88f9aafc 2341 else if (!_cups_strcasecmp(value, "any"))
5bd77a73 2342 loc->satisfy = CUPSD_AUTH_SATISFY_ANY;
ef416fc2 2343 else
2344 {
2345 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Satisfy value %s on line %d.",
2346 value, linenum);
2347 return (0);
2348 }
2349 }
2350 else
2351 return (0);
2352
2353 return (1);
2354}
2355
2356
49d87452
MS		 2357/*
2358 * 'parse_fatal_errors()' - Parse FatalErrors values in a string.
2359 */
2360
2361static int /* O - FatalErrors bits */
2362parse_fatal_errors(const char *s) /* I - FatalErrors string */
2363{
2364 int fatal; /* FatalErrors bits */
2365 char value[1024], /* Value string */
2366 *valstart, /* Pointer into value */
2367 *valend; /* End of value */
2368
2369
2370 /*
2371 * Empty FatalErrors line yields NULL pointer...
2372 */
2373
2374 if (!s)
2375 return (CUPSD_FATAL_NONE);
2376
2377 /*
2378 * Loop through the value string,...
2379 */
2380
2381 strlcpy(value, s, sizeof(value));
2382
2383 fatal = CUPSD_FATAL_NONE;
2384
2385 for (valstart = value; *valstart;)
2386 {
2387 /*
2388 * Get the current space/comma-delimited kind name...
2389 */
2390
2391 for (valend = valstart; *valend; valend ++)
88f9aafc 2392 if (_cups_isspace(*valend) || *valend == ',')
49d87452
MS		 2393 break;
2394
2395 if (*valend)
2396 *valend++ = '\0';
2397
2398 /*
2399 * Add the error to the bitmask...
2400 */
2401
88f9aafc 2402 if (!_cups_strcasecmp(valstart, "all"))
49d87452 2403 fatal = CUPSD_FATAL_ALL;
88f9aafc 2404 else if (!_cups_strcasecmp(valstart, "browse"))
49d87452 2405 fatal |= CUPSD_FATAL_BROWSE;
88f9aafc 2406 else if (!_cups_strcasecmp(valstart, "-browse"))
49d87452 2407 fatal &= ~CUPSD_FATAL_BROWSE;
88f9aafc 2408 else if (!_cups_strcasecmp(valstart, "config"))
49d87452 2409 fatal |= CUPSD_FATAL_CONFIG;
88f9aafc 2410 else if (!_cups_strcasecmp(valstart, "-config"))
49d87452 2411 fatal &= ~CUPSD_FATAL_CONFIG;
88f9aafc 2412 else if (!_cups_strcasecmp(valstart, "listen"))
49d87452 2413 fatal |= CUPSD_FATAL_LISTEN;
88f9aafc 2414 else if (!_cups_strcasecmp(valstart, "-listen"))
49d87452 2415 fatal &= ~CUPSD_FATAL_LISTEN;
88f9aafc 2416 else if (!_cups_strcasecmp(valstart, "log"))
49d87452 2417 fatal |= CUPSD_FATAL_LOG;
88f9aafc 2418 else if (!_cups_strcasecmp(valstart, "-log"))
49d87452 2419 fatal &= ~CUPSD_FATAL_LOG;
88f9aafc 2420 else if (!_cups_strcasecmp(valstart, "permissions"))
49d87452 2421 fatal |= CUPSD_FATAL_PERMISSIONS;
88f9aafc 2422 else if (!_cups_strcasecmp(valstart, "-permissions"))
49d87452 2423 fatal &= ~CUPSD_FATAL_PERMISSIONS;
88f9aafc 2424 else if (_cups_strcasecmp(valstart, "none"))
49d87452 2425 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 2426 "Unknown FatalErrors kind \"%s\" ignored.", valstart);
49d87452
MS		 2427
2428 for (valstart = valend; *valstart; valstart ++)
88f9aafc 2429 if (!_cups_isspace(*valstart) || *valstart != ',')
49d87452
MS		 2430 break;
2431 }
2432
2433 return (fatal);
2434}
2435
2436
bd7854cb 2437/*
2438 * 'parse_groups()' - Parse system group names in a string.
2439 */
2440
2441static int /* O - 1 on success, 0 on failure */
2442parse_groups(const char *s) /* I - Space-delimited groups */
2443{
2444 int status; /* Return status */
2445 char value[1024], /* Value string */
2446 *valstart, /* Pointer into value */
2447 *valend, /* End of value */
2448 quote; /* Quote character */
2449 struct group *group; /* Group */
2450
2451
2452 /*
2453 * Make a copy of the string and parse out the groups...
2454 */
2455
2456 strlcpy(value, s, sizeof(value));
2457
2458 status = 1;
2459 valstart = value;
2460
2461 while (*valstart && NumSystemGroups < MAX_SYSTEM_GROUPS)
2462 {
2463 if (*valstart == '\'' || *valstart == '\"')
2464 {
2465 /*
2466 * Scan quoted name...
2467 */
2468
2469 quote = *valstart++;
2470
2471 for (valend = valstart; *valend; valend ++)
2472 if (*valend == quote)
2473 break;
2474 }
2475 else
2476 {
2477 /*
2478 * Scan space or comma-delimited name...
2479 */
2480
2481 for (valend = valstart; *valend; valend ++)
88f9aafc 2482 if (_cups_isspace(*valend) || *valend == ',')
bd7854cb 2483 break;
2484 }
2485
2486 if (*valend)
2487 *valend++ = '\0';
2488
2489 group = getgrnam(valstart);
2490 if (group)
2491 {
2492 cupsdSetString(SystemGroups + NumSystemGroups, valstart);
2493 SystemGroupIDs[NumSystemGroups] = group->gr_gid;
2494
2495 NumSystemGroups ++;
2496 }
2497 else
2498 status = 0;
2499
2500 endgrent();
2501
2502 valstart = valend;
2503
88f9aafc 2504 while (*valstart == ',' || _cups_isspace(*valstart))
bd7854cb 2505 valstart ++;
2506 }
2507
2508 return (status);
2509}
2510
2511
2512/*
2513 * 'parse_protocols()' - Parse browse protocols in a string.
2514 */
2515
2516static int /* O - Browse protocol bits */
2517parse_protocols(const char *s) /* I - Space-delimited protocols */
2518{
2519 int protocols; /* Browse protocol bits */
2520 char value[1024], /* Value string */
2521 *valstart, /* Pointer into value */
2522 *valend; /* End of value */
2523
2524
d09495fa 2525 /*
2526 * Empty protocol line yields NULL pointer...
2527 */
2528
2529 if (!s)
2530 return (0);
2531
bd7854cb 2532 /*
2533 * Loop through the value string,...
2534 */
2535
2536 strlcpy(value, s, sizeof(value));
2537
2538 protocols = 0;
2539
2540 for (valstart = value; *valstart;)
2541 {
2542 /*
2543 * Get the current space/comma-delimited protocol name...
2544 */
2545
2546 for (valend = valstart; *valend; valend ++)
88f9aafc 2547 if (_cups_isspace(*valend) || *valend == ',')
bd7854cb 2548 break;
2549
2550 if (*valend)
2551 *valend++ = '\0';
2552
2553 /*
2554 * Add the protocol to the bitmask...
2555 */
2556
a2326b5b
MS		 2557 if (!_cups_strcasecmp(valstart, "dnssd") ||
2558 !_cups_strcasecmp(valstart, "dns-sd") ||
2559 !_cups_strcasecmp(valstart, "bonjour"))
bd7854cb 2560 protocols |= BROWSE_DNSSD;
88f9aafc 2561 else if (!_cups_strcasecmp(valstart, "all"))
bd7854cb 2562 protocols |= BROWSE_ALL;
88f9aafc 2563 else if (_cups_strcasecmp(valstart, "none"))
a41f09e2 2564 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 2565 "Unknown browse protocol \"%s\" ignored.", valstart);
bd7854cb 2566
2567 for (valstart = valend; *valstart; valstart ++)
88f9aafc 2568 if (!_cups_isspace(*valstart) || *valstart != ',')
bd7854cb 2569 break;
2570 }
2571
2572 return (protocols);
2573}
2574
2575
ef416fc2 2576/*
c41769ff 2577 * 'parse_variable()' - Parse a variable line.
ef416fc2 2578 */
2579
2580static int /* O - 1 on success, 0 on failure */
c41769ff
MS		 2581parse_variable(
2582 const char *filename, /* I - Name of configuration file */
2583 int linenum, /* I - Line in configuration file */
2584 const char *line, /* I - Line from configuration file */
2585 const char *value, /* I - Value from configuration file */
2586 size_t num_vars, /* I - Number of variables */
2587 const cupsd_var_t *vars) /* I - Variables */
2588{
2589 size_t i; /* Looping var */
2590 const cupsd_var_t *var; /* Variables */
2591 char temp[1024]; /* Temporary string */
2592
2593
2594 for (i = num_vars, var = vars; i > 0; i --, var ++)
2595 if (!_cups_strcasecmp(line, var->name))
2596 break;
2597
2598 if (i == 0)
2599 {
2600 /*
2601 * Unknown directive! Output an error message and continue...
2602 */
2603
2604 if (!value)
2605 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.",
2606 line, linenum, filename);
2607 else
2608 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
2609 line, linenum, filename);
2610
2611 return (0);
2612 }
2613
2614 switch (var->type)
2615 {
2616 case CUPSD_VARTYPE_INTEGER :
2617 if (!value)
2618 {
2619 cupsdLogMessage(CUPSD_LOG_ERROR,
2620 "Missing integer value for %s on line %d of %s.",
2621 line, linenum, filename);
2622 return (0);
2623 }
2624 else if (!isdigit(*value & 255))
2625 {
2626 cupsdLogMessage(CUPSD_LOG_ERROR,
2627 "Bad integer value for %s on line %d of %s.",
2628 line, linenum, filename);
2629 return (0);
2630 }
2631 else
2632 {
2633 int n; /* Number */
2634 char *units; /* Units */
2635
2636 n = strtol(value, &units, 0);
2637
2638 if (units && *units)
2639 {
2640 if (tolower(units[0] & 255) == 'g')
2641 n *= 1024 * 1024 * 1024;
2642 else if (tolower(units[0] & 255) == 'm')
2643 n *= 1024 * 1024;
2644 else if (tolower(units[0] & 255) == 'k')
2645 n *= 1024;
2646 else if (tolower(units[0] & 255) == 't')
2647 n *= 262144;
2648 else
2649 {
2650 cupsdLogMessage(CUPSD_LOG_ERROR,
2651 "Unknown integer value for %s on line %d of %s.",
2652 line, linenum, filename);
2653 return (0);
2654 }
2655 }
2656
2657 if (n < 0)
2658 {
2659 cupsdLogMessage(CUPSD_LOG_ERROR,
2660 "Bad negative integer value for %s on line %d of "
2661 "%s.", line, linenum, filename);
2662 return (0);
2663 }
2664 else
2665 {
2666 *((int *)var->ptr) = n;
2667 }
2668 }
2669 break;
2670
7e86f2f6
MS		 2671 case CUPSD_VARTYPE_PERM :
2672 if (!value)
2673 {
2674 cupsdLogMessage(CUPSD_LOG_ERROR,
2675 "Missing permissions value for %s on line %d of %s.",
2676 line, linenum, filename);
2677 return (0);
2678 }
2679 else if (!isdigit(*value & 255))
2680 {
2681 /* TODO: Add chmod UGO syntax support */
2682 cupsdLogMessage(CUPSD_LOG_ERROR,
2683 "Bad permissions value for %s on line %d of %s.",
2684 line, linenum, filename);
2685 return (0);
2686 }
2687 else
2688 {
2689 int n = strtol(value, NULL, 8);
2690 /* Permissions value */
2691
2692 if (n < 0)
2693 {
2694 cupsdLogMessage(CUPSD_LOG_ERROR,
2695 "Bad negative permissions value for %s on line %d of "
2696 "%s.", line, linenum, filename);
2697 return (0);
2698 }
2699 else
2700 {
2701 *((mode_t *)var->ptr) = (mode_t)n;
2702 }
2703 }
2704 break;
2705
c41769ff
MS		 2706 case CUPSD_VARTYPE_TIME :
2707 if (!value)
2708 {
2709 cupsdLogMessage(CUPSD_LOG_ERROR,
2710 "Missing time interval value for %s on line %d of "
2711 "%s.", line, linenum, filename);
2712 return (0);
2713 }
2714 else if (!_cups_strncasecmp(line, "PreserveJob", 11) &&
2715 (!_cups_strcasecmp(value, "true") ||
2716 !_cups_strcasecmp(value, "on") ||
2717 !_cups_strcasecmp(value, "enabled") ||
2718 !_cups_strcasecmp(value, "yes")))
2719 {
2720 *((int *)var->ptr) = INT_MAX;
2721 }
2722 else if (!_cups_strcasecmp(value, "false") ||
2723 !_cups_strcasecmp(value, "off") ||
2724 !_cups_strcasecmp(value, "disabled") ||
2725 !_cups_strcasecmp(value, "no"))
2726 {
2727 *((int *)var->ptr) = 0;
2728 }
2729 else if (!isdigit(*value & 255))
2730 {
2731 cupsdLogMessage(CUPSD_LOG_ERROR,
2732 "Unknown time interval value for %s on line %d of "
2733 "%s.", line, linenum, filename);
2734 return (0);
2735 }
2736 else
2737 {
2738 double n; /* Number */
2739 char *units; /* Units */
2740
2741 n = strtod(value, &units);
2742
2743 if (units && *units)
2744 {
2745 if (tolower(units[0] & 255) == 'w')
2746 n *= 7 * 24 * 60 * 60;
2747 else if (tolower(units[0] & 255) == 'd')
2748 n *= 24 * 60 * 60;
2749 else if (tolower(units[0] & 255) == 'h')
2750 n *= 60 * 60;
2751 else if (tolower(units[0] & 255) == 'm')
2752 n *= 60;
2753 else
2754 {
2755 cupsdLogMessage(CUPSD_LOG_ERROR,
2756 "Unknown time interval value for %s on line "
2757 "%d of %s.", line, linenum, filename);
2758 return (0);
2759 }
2760 }
2761
2762 if (n < 0.0 || n > INT_MAX)
2763 {
2764 cupsdLogMessage(CUPSD_LOG_ERROR,
2765 "Bad time value for %s on line %d of %s.",
2766 line, linenum, filename);
2767 return (0);
2768 }
2769 else
2770 {
2771 *((int *)var->ptr) = (int)n;
2772 }
2773 }
2774 break;
2775
2776 case CUPSD_VARTYPE_BOOLEAN :
2777 if (!value)
2778 {
2779 cupsdLogMessage(CUPSD_LOG_ERROR,
2780 "Missing boolean value for %s on line %d of %s.",
2781 line, linenum, filename);
2782 return (0);
2783 }
2784 else if (!_cups_strcasecmp(value, "true") ||
2785 !_cups_strcasecmp(value, "on") ||
2786 !_cups_strcasecmp(value, "enabled") ||
2787 !_cups_strcasecmp(value, "yes") ||
2788 atoi(value) != 0)
2789 {
2790 *((int *)var->ptr) = TRUE;
2791 }
2792 else if (!_cups_strcasecmp(value, "false") ||
2793 !_cups_strcasecmp(value, "off") ||
2794 !_cups_strcasecmp(value, "disabled") ||
2795 !_cups_strcasecmp(value, "no") ||
2796 !_cups_strcasecmp(value, "0"))
2797 {
2798 *((int *)var->ptr) = FALSE;
2799 }
2800 else
2801 {
2802 cupsdLogMessage(CUPSD_LOG_ERROR,
2803 "Unknown boolean value %s on line %d of %s.",
2804 value, linenum, filename);
2805 return (0);
2806 }
2807 break;
2808
2809 case CUPSD_VARTYPE_PATHNAME :
2810 if (!value)
2811 {
2812 cupsdLogMessage(CUPSD_LOG_ERROR,
2813 "Missing pathname value for %s on line %d of %s.",
2814 line, linenum, filename);
2815 return (0);
2816 }
2817
2818 if (value[0] == '/')
2819 strlcpy(temp, value, sizeof(temp));
2820 else
2821 snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value);
2822
2823 if (access(temp, 0))
2824 {
2825 cupsdLogMessage(CUPSD_LOG_ERROR,
2826 "File or directory for \"%s %s\" on line %d of %s "
2827 "does not exist.", line, value, linenum, filename);
2828 return (0);
2829 }
2830
2831 cupsdSetString((char **)var->ptr, temp);
2832 break;
2833
2834 case CUPSD_VARTYPE_STRING :
2835 cupsdSetString((char **)var->ptr, value);
2836 break;
2837 }
2838
2839 return (1);
2840}
2841
2842
2843/*
2844 * 'read_cupsd_conf()' - Read the cupsd.conf configuration file.
2845 */
2846
2847static int /* O - 1 on success, 0 on failure */
2848read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
ef416fc2 2849{
ef416fc2 2850 int linenum; /* Current line number */
2851 char line[HTTP_MAX_BUFFER],
2852 /* Line from file */
2853 temp[HTTP_MAX_BUFFER],
2854 /* Temporary buffer for value */
ef416fc2 2855 *value, /* Pointer to value */
bd7854cb 2856 *valueptr; /* Pointer into value */
ef416fc2 2857 int valuelen; /* Length of value */
ef416fc2 2858 http_addrlist_t *addrlist, /* Address list */
2859 *addr; /* Current address */
ef416fc2 2860 cups_file_t *incfile; /* Include file */
2861 char incname[1024]; /* Include filename */
ef416fc2 2862
2863
2864 /*
2865 * Loop through each line in the file...
2866 */
2867
2868 linenum = 0;
2869
2870 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
2871 {
2872 /*
2873 * Decode the directive...
2874 */
2875
88f9aafc 2876 if (!_cups_strcasecmp(line, "Include") && value)
ef416fc2 2877 {
2878 /*
2879 * Include filename
2880 */
2881
2882 if (value[0] == '/')
2883 strlcpy(incname, value, sizeof(incname));
2884 else
2885 snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value);
2886
2887 if ((incfile = cupsFileOpen(incname, "rb")) == NULL)
2888 cupsdLogMessage(CUPSD_LOG_ERROR,
2889 "Unable to include config file \"%s\" - %s",
2890 incname, strerror(errno));
2891 else
2892 {
c41769ff 2893 read_cupsd_conf(incfile);
ef416fc2 2894 cupsFileClose(incfile);
2895 }
2896 }
88f9aafc 2897 else if (!_cups_strcasecmp(line, "<Location") && value)
ef416fc2 2898 {
2899 /*
2900 * <Location path>
2901 */
2902
c934a06c
MS		 2903 linenum = read_location(fp, value, linenum);
2904 if (linenum == 0)
2905 return (0);
ef416fc2 2906 }
88f9aafc 2907 else if (!_cups_strcasecmp(line, "<Policy") && value)
ef416fc2 2908 {
2909 /*
2910 * <Policy name>
2911 */
2912
c934a06c
MS		 2913 linenum = read_policy(fp, value, linenum);
2914 if (linenum == 0)
2915 return (0);
ef416fc2 2916 }
88f9aafc 2917 else if (!_cups_strcasecmp(line, "FaxRetryInterval") && value)
ef416fc2 2918 {
c934a06c
MS		 2919 JobRetryInterval = atoi(value);
2920 cupsdLogMessage(CUPSD_LOG_WARN,
2921 "FaxRetryInterval is deprecated; use "
2922 "JobRetryInterval on line %d.", linenum);
ef416fc2 2923 }
88f9aafc 2924 else if (!_cups_strcasecmp(line, "FaxRetryLimit") && value)
ef416fc2 2925 {
c934a06c
MS		 2926 JobRetryLimit = atoi(value);
2927 cupsdLogMessage(CUPSD_LOG_WARN,
2928 "FaxRetryLimit is deprecated; use "
2929 "JobRetryLimit on line %d.", linenum);
ef416fc2 2930 }
f99f3698 2931 else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")
ef416fc2 2932#ifdef HAVE_SSL
88f9aafc 2933 || !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen")
ef416fc2 2934#endif /* HAVE_SSL */
f99f3698 2935 ) && value)
ef416fc2 2936 {
2937 /*
2938 * Add listening address(es) to the list...
2939 */
2940
2941 cupsd_listener_t *lis; /* New listeners array */
2942
2943
2944 /*
2945 * Get the address list...
2946 */
2947
2948 addrlist = get_address(value, IPP_PORT);
2949
2950 if (!addrlist)
2951 {
2952 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad %s address %s at line %d.", line,
2953 value, linenum);
2954 continue;
2955 }
2956
2957 /*
2958 * Add each address...
2959 */
2960
2961 for (addr = addrlist; addr; addr = addr->next)
2962 {
49d87452
MS		 2963 /*
2964 * See if this address is already present...
2965 */
2966
2967 for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners);
2968 lis;
2969 lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
2970 if (httpAddrEqual(&(addr->addr), &(lis->address)) &&
a469f8a5 2971 httpAddrPort(&(addr->addr)) == httpAddrPort(&(lis->address)))
49d87452
MS		 2972 break;
2973
2974 if (lis)
2975 {
2976 httpAddrString(&lis->address, temp, sizeof(temp));
2977 cupsdLogMessage(CUPSD_LOG_WARN,
c8fef167 2978 "Duplicate listen address \"%s\" ignored.", temp);
49d87452
MS		 2979 continue;
2980 }
2981
ef416fc2 2982 /*
2983 * Allocate another listener...
2984 */
2985
bd7854cb 2986 if (!Listeners)
2987 Listeners = cupsArrayNew(NULL, NULL);
ef416fc2 2988
bd7854cb 2989 if (!Listeners)
ef416fc2 2990 {
2991 cupsdLogMessage(CUPSD_LOG_ERROR,
2992 "Unable to allocate %s at line %d - %s.",
2993 line, linenum, strerror(errno));
2994 break;
2995 }
2996
bd7854cb 2997 if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
2998 {
2999 cupsdLogMessage(CUPSD_LOG_ERROR,
3000 "Unable to allocate %s at line %d - %s.",
3001 line, linenum, strerror(errno));
3002 break;
3003 }
3004
3005 cupsArrayAdd(Listeners, lis);
ef416fc2 3006
3007 /*
3008 * Copy the current address and log it...
3009 */
3010
ef416fc2 3011 memcpy(&(lis->address), &(addr->addr), sizeof(lis->address));
a4d04587 3012 lis->fd = -1;
ef416fc2 3013
3014#ifdef HAVE_SSL
88f9aafc 3015 if (!_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen"))
ef416fc2 3016 lis->encryption = HTTP_ENCRYPT_ALWAYS;
3017#endif /* HAVE_SSL */
3018
a4d04587 3019 httpAddrString(&lis->address, temp, sizeof(temp));
3020
ef416fc2 3021#ifdef AF_LOCAL
3022 if (lis->address.addr.sa_family == AF_LOCAL)
3023 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s (Domain)", temp);
3024 else
3025#endif /* AF_LOCAL */
22c9029b 3026 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s:%d (IPv%d)", temp,
a469f8a5 3027 httpAddrPort(&(lis->address)),
5ec1fd3d 3028 httpAddrFamily(&(lis->address)) == AF_INET ? 4 : 6);
d1c13e16
MS		 3029
3030 if (!httpAddrLocalhost(&(lis->address)))
a469f8a5 3031 RemotePort = httpAddrPort(&(lis->address));
ef416fc2 3032 }
3033
3034 /*
3035 * Free the list...
3036 */
3037
3038 httpAddrFreeList(addrlist);
3039 }
88f9aafc 3040 else if (!_cups_strcasecmp(line, "BrowseProtocols") ||
a2326b5b 3041 !_cups_strcasecmp(line, "BrowseLocalProtocols"))
ef416fc2 3042 {
3043 /*
bd7854cb 3044 * "BrowseProtocols name [... name]"
3045 * "BrowseLocalProtocols name [... name]"
ef416fc2 3046 */
3047
bd7854cb 3048 int protocols = parse_protocols(value);
ef416fc2 3049
bd7854cb 3050 if (protocols < 0)
ef416fc2 3051 {
bd7854cb 3052 cupsdLogMessage(CUPSD_LOG_ERROR,
3053 "Unknown browse protocol \"%s\" on line %d.",
3054 value, linenum);
3055 break;
ef416fc2 3056 }
bd7854cb 3057
a2326b5b 3058 BrowseLocalProtocols = protocols;
ef416fc2 3059 }
c41769ff 3060 else if (!_cups_strcasecmp(line, "DefaultAuthType") && value)
ef416fc2 3061 {
3062 /*
c41769ff 3063 * DefaultAuthType {basic,digest,basicdigest,negotiate}
ef416fc2 3064 */
3065
88f9aafc 3066 if (!_cups_strcasecmp(value, "none"))
dcb445bc 3067 default_auth_type = CUPSD_AUTH_NONE;
88f9aafc 3068 else if (!_cups_strcasecmp(value, "basic"))
dcb445bc 3069 default_auth_type = CUPSD_AUTH_BASIC;
f7deaa1a 3070#ifdef HAVE_GSSAPI
88f9aafc 3071 else if (!_cups_strcasecmp(value, "negotiate"))
dcb445bc 3072 default_auth_type = CUPSD_AUTH_NEGOTIATE;
f7deaa1a 3073#endif /* HAVE_GSSAPI */
dcb445bc
MS		 3074 else if (!_cups_strcasecmp(value, "auto"))
3075 default_auth_type = CUPSD_AUTH_AUTO;
ef416fc2 3076 else
3077 {
3078 cupsdLogMessage(CUPSD_LOG_WARN,
3079 "Unknown default authorization type %s on line %d.",
3080 value, linenum);
49d87452
MS		 3081 if (FatalErrors & CUPSD_FATAL_CONFIG)
3082 return (0);
ef416fc2 3083 }
3084 }
4744bd90 3085#ifdef HAVE_SSL
88f9aafc 3086 else if (!_cups_strcasecmp(line, "DefaultEncryption"))
4744bd90 3087 {
3088 /*
3089 * DefaultEncryption {Never,IfRequested,Required}
3090 */
3091
88f9aafc 3092 if (!value || !_cups_strcasecmp(value, "never"))
4744bd90 3093 DefaultEncryption = HTTP_ENCRYPT_NEVER;
88f9aafc 3094 else if (!_cups_strcasecmp(value, "required"))
4744bd90 3095 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
88f9aafc 3096 else if (!_cups_strcasecmp(value, "ifrequested"))
4744bd90 3097 DefaultEncryption = HTTP_ENCRYPT_IF_REQUESTED;
3098 else
3099 {
3100 cupsdLogMessage(CUPSD_LOG_WARN,
3101 "Unknown default encryption %s on line %d.",
3102 value, linenum);
49d87452
MS		 3103 if (FatalErrors & CUPSD_FATAL_CONFIG)
3104 return (0);
4744bd90 3105 }
3106 }
3107#endif /* HAVE_SSL */
88f9aafc 3108 else if (!_cups_strcasecmp(line, "HostNameLookups") && value)
ef416fc2 3109 {
3110 /*
3111 * Do hostname lookups?
3112 */
3113
88f9aafc
MS		 3114 if (!_cups_strcasecmp(value, "off") || !_cups_strcasecmp(value, "no") ||
3115 !_cups_strcasecmp(value, "false"))
ef416fc2 3116 HostNameLookups = 0;
88f9aafc
MS		 3117 else if (!_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "yes") ||
3118 !_cups_strcasecmp(value, "true"))
ef416fc2 3119 HostNameLookups = 1;
88f9aafc 3120 else if (!_cups_strcasecmp(value, "double"))
ef416fc2 3121 HostNameLookups = 2;
3122 else
3123 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown HostNameLookups %s on line %d.",
3124 value, linenum);
3125 }
88f9aafc 3126 else if (!_cups_strcasecmp(line, "AccessLogLevel") && value)
1f0275e3
MS		 3127 {
3128 /*
3129 * Amount of logging to do to access log...
3130 */
3131
88f9aafc 3132 if (!_cups_strcasecmp(value, "all"))
1f0275e3 3133 AccessLogLevel = CUPSD_ACCESSLOG_ALL;
88f9aafc 3134 else if (!_cups_strcasecmp(value, "actions"))
1f0275e3 3135 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
88f9aafc 3136 else if (!_cups_strcasecmp(value, "config"))
1f0275e3
MS		 3137 AccessLogLevel = CUPSD_ACCESSLOG_CONFIG;
3138 else
3139 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown AccessLogLevel %s on line %d.",
3140 value, linenum);
3141 }
88f9aafc 3142 else if (!_cups_strcasecmp(line, "LogLevel") && value)
ef416fc2 3143 {
3144 /*
1f0275e3 3145 * Amount of logging to do to error log...
ef416fc2 3146 */
3147
88f9aafc 3148 if (!_cups_strcasecmp(value, "debug2"))
ef416fc2 3149 LogLevel = CUPSD_LOG_DEBUG2;
88f9aafc 3150 else if (!_cups_strcasecmp(value, "debug"))
ef416fc2 3151 LogLevel = CUPSD_LOG_DEBUG;
88f9aafc 3152 else if (!_cups_strcasecmp(value, "info"))
ef416fc2 3153 LogLevel = CUPSD_LOG_INFO;
88f9aafc 3154 else if (!_cups_strcasecmp(value, "notice"))
ef416fc2 3155 LogLevel = CUPSD_LOG_NOTICE;
88f9aafc 3156 else if (!_cups_strcasecmp(value, "warn"))
ef416fc2 3157 LogLevel = CUPSD_LOG_WARN;
88f9aafc 3158 else if (!_cups_strcasecmp(value, "error"))
ef416fc2 3159 LogLevel = CUPSD_LOG_ERROR;
88f9aafc 3160 else if (!_cups_strcasecmp(value, "crit"))
ef416fc2 3161 LogLevel = CUPSD_LOG_CRIT;
88f9aafc 3162 else if (!_cups_strcasecmp(value, "alert"))
ef416fc2 3163 LogLevel = CUPSD_LOG_ALERT;
88f9aafc 3164 else if (!_cups_strcasecmp(value, "emerg"))
ef416fc2 3165 LogLevel = CUPSD_LOG_EMERG;
88f9aafc 3166 else if (!_cups_strcasecmp(value, "none"))
ef416fc2 3167 LogLevel = CUPSD_LOG_NONE;
3168 else
3169 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogLevel %s on line %d.",
3170 value, linenum);
3171 }
88f9aafc 3172 else if (!_cups_strcasecmp(line, "LogTimeFormat") && value)
dfd5680b
MS		 3173 {
3174 /*
3175 * Amount of logging to do to error log...
3176 */
3177
88f9aafc 3178 if (!_cups_strcasecmp(value, "standard"))
dfd5680b 3179 LogTimeFormat = CUPSD_TIME_STANDARD;
88f9aafc 3180 else if (!_cups_strcasecmp(value, "usecs"))
dfd5680b
MS		 3181 LogTimeFormat = CUPSD_TIME_USECS;
3182 else
3183 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogTimeFormat %s on line %d.",
3184 value, linenum);
3185 }
88f9aafc 3186 else if (!_cups_strcasecmp(line, "ServerTokens") && value)
ef416fc2 3187 {
3188 /*
3189 * Set the string used for the Server header...
3190 */
3191
3192 struct utsname plat; /* Platform info */
3193
3194
3195 uname(&plat);
3196
88f9aafc 3197 if (!_cups_strcasecmp(value, "ProductOnly"))
db8b865d 3198 cupsdSetString(&ServerHeader, "CUPS IPP");
88f9aafc 3199 else if (!_cups_strcasecmp(value, "Major"))
db8b865d 3200 cupsdSetStringf(&ServerHeader, "CUPS/%d IPP/2", CUPS_VERSION_MAJOR);
88f9aafc 3201 else if (!_cups_strcasecmp(value, "Minor"))
db8b865d 3202 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d IPP/2.1", CUPS_VERSION_MAJOR,
771bd8cb 3203 CUPS_VERSION_MINOR);
88f9aafc 3204 else if (!_cups_strcasecmp(value, "Minimal"))
db8b865d 3205 cupsdSetString(&ServerHeader, CUPS_MINIMAL " IPP/2.1");
88f9aafc 3206 else if (!_cups_strcasecmp(value, "OS"))
db8b865d
MS		 3207 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s %s) IPP/2.1",
3208 plat.sysname, plat.release);
88f9aafc 3209 else if (!_cups_strcasecmp(value, "Full"))
db8b865d
MS		 3210 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s %s; %s) IPP/2.1",
3211 plat.sysname, plat.release, plat.machine);
88f9aafc 3212 else if (!_cups_strcasecmp(value, "None"))
ef416fc2 3213 cupsdClearString(&ServerHeader);
3214 else
3215 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d.",
3216 value, linenum);
3217 }
88f9aafc 3218 else if (!_cups_strcasecmp(line, "PassEnv") && value)
ef416fc2 3219 {
3220 /*
3221 * PassEnv variable [... variable]
3222 */
3223
3224 for (; *value;)
3225 {
3226 for (valuelen = 0; value[valuelen]; valuelen ++)
88f9aafc 3227 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
ef416fc2 3228 break;
3229
3230 if (value[valuelen])
3231 {
3232 value[valuelen] = '\0';
3233 valuelen ++;
3234 }
3235
3236 cupsdSetEnv(value, NULL);
3237
3238 for (value += valuelen; *value; value ++)
88f9aafc 3239 if (!_cups_isspace(*value) || *value != ',')
ef416fc2 3240 break;
3241 }
3242 }
88f9aafc 3243 else if (!_cups_strcasecmp(line, "ServerAlias") && value)
e07d4801 3244 {
88f9aafc
MS		 3245 /*
3246 * ServerAlias name [... name]
3247 */
3248
e07d4801
MS		 3249 if (!ServerAlias)
3250 ServerAlias = cupsArrayNew(NULL, NULL);
3251
88f9aafc
MS		 3252 for (; *value;)
3253 {
3254 for (valuelen = 0; value[valuelen]; valuelen ++)
3255 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3256 break;
3257
3258 if (value[valuelen])
3259 {
3260 value[valuelen] = '\0';
3261 valuelen ++;
3262 }
3263
3264 cupsdAddAlias(ServerAlias, value);
3265
3266 for (value += valuelen; *value; value ++)
3267 if (!_cups_isspace(*value) || *value != ',')
3268 break;
3269 }
e07d4801 3270 }
88f9aafc 3271 else if (!_cups_strcasecmp(line, "SetEnv") && value)
ef416fc2 3272 {
3273 /*
3274 * SetEnv variable value
3275 */
3276
3277 for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
3278
3279 if (*valueptr)
3280 {
3281 /*
3282 * Found a value...
3283 */
3284
3285 while (isspace(*valueptr & 255))
3286 *valueptr++ = '\0';
3287
3288 cupsdSetEnv(value, valueptr);
3289 }
3290 else
3291 cupsdLogMessage(CUPSD_LOG_ERROR,
3292 "Missing value for SetEnv directive on line %d.",
3293 linenum);
3294 }
cb7f98ee
MS		 3295 else if (!_cups_strcasecmp(line, "AccessLog") ||
3296 !_cups_strcasecmp(line, "CacheDir") ||
3297 !_cups_strcasecmp(line, "ConfigFilePerm") ||
3298 !_cups_strcasecmp(line, "DataDir") ||
3299 !_cups_strcasecmp(line, "DocumentRoot") ||
3300 !_cups_strcasecmp(line, "ErrorLog") ||
3301 !_cups_strcasecmp(line, "FatalErrors") ||
3302 !_cups_strcasecmp(line, "FileDevice") ||
3303 !_cups_strcasecmp(line, "FontPath") ||
3304 !_cups_strcasecmp(line, "Group") ||
3305 !_cups_strcasecmp(line, "LogFilePerm") ||
3306 !_cups_strcasecmp(line, "LPDConfigFile") ||
3307 !_cups_strcasecmp(line, "PageLog") ||
3308 !_cups_strcasecmp(line, "Printcap") ||
3309 !_cups_strcasecmp(line, "PrintcapFormat") ||
3310 !_cups_strcasecmp(line, "RemoteRoot") ||
3311 !_cups_strcasecmp(line, "RequestRoot") ||
3312 !_cups_strcasecmp(line, "ServerBin") ||
3313 !_cups_strcasecmp(line, "ServerCertificate") ||
3314 !_cups_strcasecmp(line, "ServerKey") ||
097488cf 3315 !_cups_strcasecmp(line, "ServerKeychain") ||
cb7f98ee
MS		 3316 !_cups_strcasecmp(line, "ServerRoot") ||
3317 !_cups_strcasecmp(line, "SMBConfigFile") ||
3318 !_cups_strcasecmp(line, "StateDir") ||
3319 !_cups_strcasecmp(line, "SystemGroup") ||
3320 !_cups_strcasecmp(line, "SystemGroupAuthKey") ||
3321 !_cups_strcasecmp(line, "TempDir") ||
3322 !_cups_strcasecmp(line, "User"))
3323 {
6961465f 3324 cupsdLogMessage(CUPSD_LOG_INFO,
cb7f98ee
MS		 3325 "Please move \"%s%s%s\" on line %d of %s to the %s file; "
3326 "this will become an error in a future release.",
3327 line, value ? " " : "", value ? value : "", linenum,
3328 ConfigurationFile, CupsFilesFile);
3329 }
ef416fc2 3330 else
c41769ff
MS		 3331 parse_variable(ConfigurationFile, linenum, line, value,
3332 sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars);
3333 }
3334
3335 return (1);
3336}
3337
3338
3339/*
3340 * 'read_cups_files_conf()' - Read the cups-files.conf configuration file.
3341 */
3342
3343static int /* O - 1 on success, 0 on failure */
3344read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
3345{
3346 int linenum; /* Current line number */
3347 char line[HTTP_MAX_BUFFER], /* Line from file */
3348 *value; /* Value from line */
3349 struct group *group; /* Group */
3350
3351
3352 /*
3353 * Loop through each line in the file...
3354 */
3355
3356 linenum = 0;
3357
3358 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3359 {
3360 if (!_cups_strcasecmp(line, "FatalErrors"))
3361 FatalErrors = parse_fatal_errors(value);
3362 else if (!_cups_strcasecmp(line, "Group") && value)
ef416fc2 3363 {
3364 /*
c41769ff 3365 * Group ID to run as...
ef416fc2 3366 */
3367
c41769ff 3368 if (isdigit(value[0]))
7e86f2f6 3369 Group = (gid_t)atoi(value);
c41769ff 3370 else
ef416fc2 3371 {
c41769ff
MS		 3372 endgrent();
3373 group = getgrnam(value);
ef416fc2 3374
c41769ff
MS		 3375 if (group != NULL)
3376 Group = group->gr_gid;
c934a06c 3377 else
c41769ff
MS		 3378 {
3379 cupsdLogMessage(CUPSD_LOG_ERROR,
3380 "Unknown Group \"%s\" on line %d of %s.", value,
3381 linenum, CupsFilesFile);
3382 if (FatalErrors & CUPSD_FATAL_CONFIG)
3383 return (0);
3384 }
ef416fc2 3385 }
c41769ff
MS		 3386 }
3387 else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
3388 {
3389 /*
3390 * Format of printcap file?
3391 */
ef416fc2 3392
c41769ff
MS		 3393 if (!_cups_strcasecmp(value, "bsd"))
3394 PrintcapFormat = PRINTCAP_BSD;
3395 else if (!_cups_strcasecmp(value, "plist"))
3396 PrintcapFormat = PRINTCAP_PLIST;
3397 else if (!_cups_strcasecmp(value, "solaris"))
3398 PrintcapFormat = PRINTCAP_SOLARIS;
3399 else
ef416fc2 3400 {
c41769ff
MS		 3401 cupsdLogMessage(CUPSD_LOG_ERROR,
3402 "Unknown PrintcapFormat \"%s\" on line %d of %s.",
3403 value, linenum, CupsFilesFile);
3404 if (FatalErrors & CUPSD_FATAL_CONFIG)
3405 return (0);
3406 }
3407 }
8fe0183a
MS		 3408 else if (!_cups_strcasecmp(line, "Sandboxing") && value)
3409 {
3410 /*
3411 * Level of sandboxing?
3412 */
3413
3414 if (!_cups_strcasecmp(value, "off"))
3415 {
3416 Sandboxing = CUPSD_SANDBOXING_OFF;
3417 cupsdLogMessage(CUPSD_LOG_WARN, "Disabling sandboxing is not recommended (line %d of %s)", linenum, CupsFilesFile);
3418 }
3419 else if (!_cups_strcasecmp(value, "relaxed"))
3420 Sandboxing = CUPSD_SANDBOXING_RELAXED;
3421 else if (!_cups_strcasecmp(value, "strict"))
3422 Sandboxing = CUPSD_SANDBOXING_STRICT;
3423 else
3424 {
3425 cupsdLogMessage(CUPSD_LOG_ERROR,
3426 "Unknown Sandboxing \"%s\" on line %d of %s.",
3427 value, linenum, CupsFilesFile);
3428 if (FatalErrors & CUPSD_FATAL_CONFIG)
3429 return (0);
3430 }
3431 }
c41769ff
MS		 3432 else if (!_cups_strcasecmp(line, "SystemGroup") && value)
3433 {
3434 /*
3435 * SystemGroup (admin) group(s)...
3436 */
82cc1f9a 3437
c41769ff
MS		 3438 if (!parse_groups(value))
3439 {
3440 cupsdLogMessage(CUPSD_LOG_ERROR,
3441 "Unknown SystemGroup \"%s\" on line %d of %s.", value,
3442 linenum, CupsFilesFile);
3443 if (FatalErrors & CUPSD_FATAL_CONFIG)
3444 return (0);
3445 }
3446 }
3447 else if (!_cups_strcasecmp(line, "User") && value)
3448 {
3449 /*
3450 * User ID to run as...
3451 */
ef416fc2 3452
c41769ff
MS		 3453 if (isdigit(value[0] & 255))
3454 {
3455 int uid = atoi(value);
c934a06c 3456
c41769ff
MS		 3457 if (!uid)
3458 {
3459 cupsdLogMessage(CUPSD_LOG_ERROR,
3460 "Will not use User 0 as specified on line %d of %s "
3461 "for security reasons. You must use a non-"
3462 "privileged account instead.",
3463 linenum, CupsFilesFile);
3464 if (FatalErrors & CUPSD_FATAL_CONFIG)
3465 return (0);
3466 }
3467 else
7e86f2f6 3468 User = (uid_t)atoi(value);
c41769ff
MS		 3469 }
3470 else
3471 {
3472 struct passwd *p; /* Password information */
76cd9e37 3473
c41769ff
MS		 3474 endpwent();
3475 p = getpwnam(value);
76cd9e37 3476
c41769ff
MS		 3477 if (p)
3478 {
3479 if (!p->pw_uid)
3480 {
3481 cupsdLogMessage(CUPSD_LOG_ERROR,
3482 "Will not use User %s (UID=0) as specified on line "
3483 "%d of %s for security reasons. You must use a "
3484 "non-privileged account instead.",
3485 value, linenum, CupsFilesFile);
3486 if (FatalErrors & CUPSD_FATAL_CONFIG)
3487 return (0);
3488 }
3489 else
3490 User = p->pw_uid;
3491 }
3492 else
3493 {
3494 cupsdLogMessage(CUPSD_LOG_ERROR,
3495 "Unknown User \"%s\" on line %d of %s.",
3496 value, linenum, CupsFilesFile);
3497 if (FatalErrors & CUPSD_FATAL_CONFIG)
3498 return (0);
3499 }
ef416fc2 3500 }
3501 }
097488cf
MS		 3502 else if (!_cups_strcasecmp(line, "ServerCertificate") ||
3503 !_cups_strcasecmp(line, "ServerKey"))
3504 {
3505 cupsdLogMessage(CUPSD_LOG_INFO,
3506 "The \"%s\" directive on line %d of %s is no longer "
3507 "supported; this will become an error in a future "
3508 "release.",
3509 line, linenum, CupsFilesFile);
3510 }
c41769ff
MS		 3511 else if (!parse_variable(CupsFilesFile, linenum, line, value,
3512 sizeof(cupsfiles_vars) / sizeof(cupsfiles_vars[0]),
3513 cupsfiles_vars) &&
3514 (FatalErrors & CUPSD_FATAL_CONFIG))
3515 return (0);
ef416fc2 3516 }
3517
3518 return (1);
3519}
3520
3521
3522/*
3523 * 'read_location()' - Read a <Location path> definition.
3524 */
3525
3526static int /* O - New line number or 0 on error */
3527read_location(cups_file_t *fp, /* I - Configuration file */
3528 char *location, /* I - Location name/path */
3529 int linenum) /* I - Current line number */
3530{
3531 cupsd_location_t *loc, /* New location */
3532 *parent; /* Parent location */
3533 char line[HTTP_MAX_BUFFER],
3534 /* Line buffer */
3535 *value, /* Value for directive */
3536 *valptr; /* Pointer into value */
3537
3538
c8fef167
MS		 3539 if ((parent = cupsdFindLocation(location)) != NULL)
3540 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Location %s> on line %d.",
3541 location, linenum);
3542 else if ((parent = cupsdNewLocation(location)) == NULL)
ef416fc2 3543 return (0);
c8fef167
MS		 3544 else
3545 {
3546 cupsdAddLocation(parent);
ef416fc2 3547
c8fef167
MS		 3548 parent->limit = CUPSD_AUTH_LIMIT_ALL;
3549 }
10d09e33 3550
c8fef167 3551 loc = parent;
ef416fc2 3552
3553 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3554 {
3555 /*
3556 * Decode the directive...
3557 */
3558
88f9aafc 3559 if (!_cups_strcasecmp(line, "</Location>"))
ef416fc2 3560 return (linenum);
88f9aafc
MS		 3561 else if (!_cups_strcasecmp(line, "<Limit") ||
3562 !_cups_strcasecmp(line, "<LimitExcept"))
ef416fc2 3563 {
3564 if (!value)
3565 {
3566 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
49d87452
MS		 3567 if (FatalErrors & CUPSD_FATAL_CONFIG)
3568 return (0);
b19ccc9e
MS		 3569 else
3570 continue;
ef416fc2 3571 }
ef55b745 3572
10d09e33 3573 if ((loc = cupsdCopyLocation(parent)) == NULL)
ef416fc2 3574 return (0);
3575
10d09e33
MS		 3576 cupsdAddLocation(loc);
3577
ef416fc2 3578 loc->limit = 0;
3579 while (*value)
3580 {
3581 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3582
3583 if (*valptr)
3584 *valptr++ = '\0';
3585
3586 if (!strcmp(value, "ALL"))
5bd77a73 3587 loc->limit = CUPSD_AUTH_LIMIT_ALL;
ef416fc2 3588 else if (!strcmp(value, "GET"))
5bd77a73 3589 loc->limit |= CUPSD_AUTH_LIMIT_GET;
ef416fc2 3590 else if (!strcmp(value, "HEAD"))
5bd77a73 3591 loc->limit |= CUPSD_AUTH_LIMIT_HEAD;
ef416fc2 3592 else if (!strcmp(value, "OPTIONS"))
5bd77a73 3593 loc->limit |= CUPSD_AUTH_LIMIT_OPTIONS;
ef416fc2 3594 else if (!strcmp(value, "POST"))
5bd77a73 3595 loc->limit |= CUPSD_AUTH_LIMIT_POST;
ef416fc2 3596 else if (!strcmp(value, "PUT"))
5bd77a73 3597 loc->limit |= CUPSD_AUTH_LIMIT_PUT;
ef416fc2 3598 else if (!strcmp(value, "TRACE"))
5bd77a73 3599 loc->limit |= CUPSD_AUTH_LIMIT_TRACE;
ef416fc2 3600 else
c8fef167 3601 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown request type %s on line %d.",
ef416fc2 3602 value, linenum);
3603
3604 for (value = valptr; isspace(*value & 255); value ++);
3605 }
3606
88f9aafc 3607 if (!_cups_strcasecmp(line, "<LimitExcept"))
5bd77a73 3608 loc->limit = CUPSD_AUTH_LIMIT_ALL ^ loc->limit;
ef416fc2 3609
3610 parent->limit &= ~loc->limit;
3611 }
88f9aafc
MS		 3612 else if (!_cups_strcasecmp(line, "</Limit>") ||
3613 !_cups_strcasecmp(line, "</LimitExcept>"))
ef416fc2 3614 loc = parent;
f99f3698
MS		 3615 else if (!value)
3616 {
3617 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d.", linenum);
3618 if (FatalErrors & CUPSD_FATAL_CONFIG)
3619 return (0);
3620 }
ef416fc2 3621 else if (!parse_aaa(loc, line, value, linenum))
3622 {
3623 cupsdLogMessage(CUPSD_LOG_ERROR,
3624 "Unknown Location directive %s on line %d.",
3625 line, linenum);
49d87452
MS		 3626 if (FatalErrors & CUPSD_FATAL_CONFIG)
3627 return (0);
ef416fc2 3628 }
3629 }
3630
3631 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 3632 "Unexpected end-of-file at line %d while reading location.",
ef416fc2 3633 linenum);
3634
49d87452 3635 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
ef416fc2 3636}
3637
3638
3639/*
3640 * 'read_policy()' - Read a <Policy name> definition.
3641 */
3642
3643static int /* O - New line number or 0 on error */
3644read_policy(cups_file_t *fp, /* I - Configuration file */
3645 char *policy, /* I - Location name/path */
3646 int linenum) /* I - Current line number */
3647{
3648 int i; /* Looping var */
3649 cupsd_policy_t *pol; /* Policy */
3650 cupsd_location_t *op; /* Policy operation */
3651 int num_ops; /* Number of IPP operations */
3652 ipp_op_t ops[100]; /* Operations */
3653 char line[HTTP_MAX_BUFFER],
3654 /* Line buffer */
3655 *value, /* Value for directive */
3656 *valptr; /* Pointer into value */
3657
3658
3659 /*
3660 * Create the policy...
3661 */
3662
c8fef167
MS		 3663 if ((pol = cupsdFindPolicy(policy)) != NULL)
3664 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Policy %s> on line %d.",
3665 policy, linenum);
3666 else if ((pol = cupsdAddPolicy(policy)) == NULL)
ef416fc2 3667 return (0);
3668
3669 /*
3670 * Read from the file...
3671 */
3672
3673 op = NULL;
3674 num_ops = 0;
3675
3676 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3677 {
3678 /*
3679 * Decode the directive...
3680 */
3681
88f9aafc 3682 if (!_cups_strcasecmp(line, "</Policy>"))
ef416fc2 3683 {
3684 if (op)
3685 cupsdLogMessage(CUPSD_LOG_WARN,
c8fef167 3686 "Missing </Limit> before </Policy> on line %d.",
ef416fc2 3687 linenum);
3688
10d09e33 3689 set_policy_defaults(pol);
2e4ff8af 3690
ef416fc2 3691 return (linenum);
3692 }
88f9aafc 3693 else if (!_cups_strcasecmp(line, "<Limit") && !op)
ef416fc2 3694 {
3695 if (!value)
3696 {
3697 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
49d87452
MS		 3698 if (FatalErrors & CUPSD_FATAL_CONFIG)
3699 return (0);
b19ccc9e
MS		 3700 else
3701 continue;
ef416fc2 3702 }
ef55b745 3703
ef416fc2 3704 /*
3705 * Scan for IPP operation names...
3706 */
3707
3708 num_ops = 0;
3709
3710 while (*value)
3711 {
3712 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3713
3714 if (*valptr)
3715 *valptr++ = '\0';
3716
3717 if (num_ops < (int)(sizeof(ops) / sizeof(ops[0])))
3718 {
88f9aafc 3719 if (!_cups_strcasecmp(value, "All"))
ef416fc2 3720 ops[num_ops] = IPP_ANY_OPERATION;
3721 else if ((ops[num_ops] = ippOpValue(value)) == IPP_BAD_OPERATION)
3722 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 3723 "Bad IPP operation name \"%s\" on line %d.",
ef416fc2 3724 value, linenum);
3725 else
3726 num_ops ++;
3727 }
3728 else
3729 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 3730 "Too many operations listed on line %d.",
ef416fc2 3731 linenum);
3732
3733 for (value = valptr; isspace(*value & 255); value ++);
3734 }
3735
3736 /*
3737 * If none are specified, apply the policy to all operations...
3738 */
3739
3740 if (num_ops == 0)
3741 {
3742 ops[0] = IPP_ANY_OPERATION;
3743 num_ops = 1;
3744 }
3745
3746 /*
3747 * Add a new policy for the first operation...
3748 */
3749
3750 op = cupsdAddPolicyOp(pol, NULL, ops[0]);
3751 }
88f9aafc 3752 else if (!_cups_strcasecmp(line, "</Limit>") && op)
ef416fc2 3753 {
3754 /*
3755 * Finish the current operation limit...
3756 */
3757
3758 if (num_ops > 1)
3759 {
3760 /*
3761 * Copy the policy to the other operations...
3762 */
3763
3764 for (i = 1; i < num_ops; i ++)
3765 cupsdAddPolicyOp(pol, op, ops[i]);
3766 }
3767
3768 op = NULL;
3769 }
f99f3698
MS		 3770 else if (!value)
3771 {
3772 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d.", linenum);
3773 if (FatalErrors & CUPSD_FATAL_CONFIG)
3774 return (0);
3775 }
88f9aafc
MS		 3776 else if (!_cups_strcasecmp(line, "JobPrivateAccess") ||
3777 !_cups_strcasecmp(line, "JobPrivateValues") ||
3778 !_cups_strcasecmp(line, "SubscriptionPrivateAccess") ||
3779 !_cups_strcasecmp(line, "SubscriptionPrivateValues"))
10d09e33
MS		 3780 {
3781 if (op)
3782 {
3783 cupsdLogMessage(CUPSD_LOG_ERROR,
3784 "%s directive must appear outside <Limit>...</Limit> "
3785 "on line %d.", line, linenum);
3786 if (FatalErrors & CUPSD_FATAL_CONFIG)
3787 return (0);
3788 }
3789 else
3790 {
3791 /*
3792 * Pull out whitespace-delimited values...
3793 */
3794
3795 while (*value)
3796 {
3797 /*
3798 * Find the end of the current value...
3799 */
3800
3801 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3802
3803 if (*valptr)
3804 *valptr++ = '\0';
3805
3806 /*
3807 * Save it appropriately...
3808 */
3809
88f9aafc 3810 if (!_cups_strcasecmp(line, "JobPrivateAccess"))
10d09e33
MS		 3811 {
3812 /*
3813 * JobPrivateAccess {all|default|user/group list|@@ACL}
3814 */
3815
88f9aafc 3816 if (!_cups_strcasecmp(value, "default"))
10d09e33
MS		 3817 {
3818 cupsdAddString(&(pol->job_access), "@OWNER");
3819 cupsdAddString(&(pol->job_access), "@SYSTEM");
3820 }
3821 else
3822 cupsdAddString(&(pol->job_access), value);
3823 }
88f9aafc 3824 else if (!_cups_strcasecmp(line, "JobPrivateValues"))
10d09e33
MS		 3825 {
3826 /*
3827 * JobPrivateValues {all|none|default|attribute list}
3828 */
3829
88f9aafc 3830 if (!_cups_strcasecmp(value, "default"))
10d09e33
MS		 3831 {
3832 cupsdAddString(&(pol->job_attrs), "job-name");
3833 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
3834 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
82cc1f9a 3835 cupsdAddString(&(pol->job_attrs), "phone");
10d09e33
MS		 3836 }
3837 else
3838 cupsdAddString(&(pol->job_attrs), value);
3839 }
88f9aafc 3840 else if (!_cups_strcasecmp(line, "SubscriptionPrivateAccess"))
10d09e33
MS		 3841 {
3842 /*
3843 * SubscriptionPrivateAccess {all|default|user/group list|@@ACL}
3844 */
3845
88f9aafc 3846 if (!_cups_strcasecmp(value, "default"))
10d09e33
MS		 3847 {
3848 cupsdAddString(&(pol->sub_access), "@OWNER");
3849 cupsdAddString(&(pol->sub_access), "@SYSTEM");
3850 }
3851 else
3852 cupsdAddString(&(pol->sub_access), value);
3853 }
88f9aafc 3854 else /* if (!_cups_strcasecmp(line, "SubscriptionPrivateValues")) */
10d09e33
MS		 3855 {
3856 /*
3857 * SubscriptionPrivateValues {all|none|default|attribute list}
3858 */
3859
88f9aafc 3860 if (!_cups_strcasecmp(value, "default"))
10d09e33
MS		 3861 {
3862 cupsdAddString(&(pol->sub_attrs), "notify-events");
3863 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
3864 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
3865 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
3866 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
3867 }
3868 else
3869 cupsdAddString(&(pol->sub_attrs), value);
3870 }
3871
3872 /*
3873 * Find the next string on the line...
3874 */
3875
3876 for (value = valptr; isspace(*value & 255); value ++);
3877 }
3878 }
3879 }
ef416fc2 3880 else if (!op)
3881 {
3882 cupsdLogMessage(CUPSD_LOG_ERROR,
3883 "Missing <Limit ops> directive before %s on line %d.",
3884 line, linenum);
49d87452
MS		 3885 if (FatalErrors & CUPSD_FATAL_CONFIG)
3886 return (0);
ef416fc2 3887 }
3888 else if (!parse_aaa(op, line, value, linenum))
3889 {
321d8d57
MS		 3890 cupsdLogMessage(CUPSD_LOG_ERROR,
3891 "Unknown Policy Limit directive %s on line %d.",
3892 line, linenum);
ef416fc2 3893
49d87452
MS		 3894 if (FatalErrors & CUPSD_FATAL_CONFIG)
3895 return (0);
ef416fc2 3896 }
3897 }
3898
3899 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167
MS		 3900 "Unexpected end-of-file at line %d while reading policy "
3901 "\"%s\".", linenum, policy);
ef416fc2 3902
49d87452 3903 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
ef416fc2 3904}
3905
3906
3907/*
10d09e33
MS		 3908 * 'set_policy_defaults()' - Set default policy values as needed.
3909 */
3910
3911static void
3912set_policy_defaults(cupsd_policy_t *pol)/* I - Policy */
3913{
3914 cupsd_location_t *op; /* Policy operation */
3915
3916
3917 /*
3918 * Verify that we have an explicit policy for Validate-Job, Cancel-Jobs,
3919 * Cancel-My-Jobs, Close-Job, and CUPS-Get-Document, which ensures that
3920 * upgrades do not introduce new security issues...
3921 */
3922
3923 if ((op = cupsdFindPolicyOp(pol, IPP_VALIDATE_JOB)) == NULL ||
3924 op->op == IPP_ANY_OPERATION)
3925 {
3926 if ((op = cupsdFindPolicyOp(pol, IPP_PRINT_JOB)) != NULL &&
3927 op->op != IPP_ANY_OPERATION)
3928 {
3929 /*
3930 * Add a new limit for Validate-Job using the Print-Job limit as a
3931 * template...
3932 */
3933
3934 cupsdLogMessage(CUPSD_LOG_WARN,
3935 "No limit for Validate-Job defined in policy %s "
3936 "- using Print-Job's policy.", pol->name);
3937
3938 cupsdAddPolicyOp(pol, op, IPP_VALIDATE_JOB);
3939 }
3940 else
3941 cupsdLogMessage(CUPSD_LOG_WARN,
3942 "No limit for Validate-Job defined in policy %s "
3943 "and no suitable template found.", pol->name);
3944 }
3945
3946 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_JOBS)) == NULL ||
3947 op->op == IPP_ANY_OPERATION)
3948 {
3949 if ((op = cupsdFindPolicyOp(pol, IPP_PAUSE_PRINTER)) != NULL &&
3950 op->op != IPP_ANY_OPERATION)
3951 {
3952 /*
3953 * Add a new limit for Cancel-Jobs using the Pause-Printer limit as a
3954 * template...
3955 */
3956
3957 cupsdLogMessage(CUPSD_LOG_WARN,
3958 "No limit for Cancel-Jobs defined in policy %s "
3959 "- using Pause-Printer's policy.", pol->name);
3960
3961 cupsdAddPolicyOp(pol, op, IPP_CANCEL_JOBS);
3962 }
3963 else
3964 cupsdLogMessage(CUPSD_LOG_WARN,
3965 "No limit for Cancel-Jobs defined in policy %s "
3966 "and no suitable template found.", pol->name);
3967 }
3968
3969 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_MY_JOBS)) == NULL ||
3970 op->op == IPP_ANY_OPERATION)
3971 {
3972 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3973 op->op != IPP_ANY_OPERATION)
3974 {
3975 /*
3976 * Add a new limit for Cancel-My-Jobs using the Send-Document limit as
3977 * a template...
3978 */
3979
3980 cupsdLogMessage(CUPSD_LOG_WARN,
3981 "No limit for Cancel-My-Jobs defined in policy %s "
3982 "- using Send-Document's policy.", pol->name);
3983
3984 cupsdAddPolicyOp(pol, op, IPP_CANCEL_MY_JOBS);
3985 }
3986 else
3987 cupsdLogMessage(CUPSD_LOG_WARN,
3988 "No limit for Cancel-My-Jobs defined in policy %s "
3989 "and no suitable template found.", pol->name);
3990 }
3991
3992 if ((op = cupsdFindPolicyOp(pol, IPP_CLOSE_JOB)) == NULL ||
3993 op->op == IPP_ANY_OPERATION)
3994 {
3995 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3996 op->op != IPP_ANY_OPERATION)
3997 {
3998 /*
3999 * Add a new limit for Close-Job using the Send-Document limit as a
4000 * template...
4001 */
4002
4003 cupsdLogMessage(CUPSD_LOG_WARN,
4004 "No limit for Close-Job defined in policy %s "
4005 "- using Send-Document's policy.", pol->name);
4006
4007 cupsdAddPolicyOp(pol, op, IPP_CLOSE_JOB);
4008 }
4009 else
4010 cupsdLogMessage(CUPSD_LOG_WARN,
4011 "No limit for Close-Job defined in policy %s "
4012 "and no suitable template found.", pol->name);
4013 }
4014
4015 if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL ||
4016 op->op == IPP_ANY_OPERATION)
4017 {
4018 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
4019 op->op != IPP_ANY_OPERATION)
4020 {
4021 /*
4022 * Add a new limit for CUPS-Get-Document using the Send-Document
4023 * limit as a template...
4024 */
4025
4026 cupsdLogMessage(CUPSD_LOG_WARN,
4027 "No limit for CUPS-Get-Document defined in policy %s "
4028 "- using Send-Document's policy.", pol->name);
4029
4030 cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT);
4031 }
4032 else
4033 cupsdLogMessage(CUPSD_LOG_WARN,
4034 "No limit for CUPS-Get-Document defined in policy %s "
4035 "and no suitable template found.", pol->name);
4036 }
4037
4038 /*
4039 * Verify we have JobPrivateAccess, JobPrivateValues,
4040 * SubscriptionPrivateAccess, and SubscriptionPrivateValues in the policy.
4041 */
4042
4043 if (!pol->job_access)
4044 {
4045 cupsdLogMessage(CUPSD_LOG_WARN,
4046 "No JobPrivateAccess defined in policy %s "
4047 "- using defaults.", pol->name);
4048 cupsdAddString(&(pol->job_access), "@OWNER");
4049 cupsdAddString(&(pol->job_access), "@SYSTEM");
4050 }
4051
4052 if (!pol->job_attrs)
4053 {
4054 cupsdLogMessage(CUPSD_LOG_WARN,
4055 "No JobPrivateValues defined in policy %s "
4056 "- using defaults.", pol->name);
4057 cupsdAddString(&(pol->job_attrs), "job-name");
4058 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
4059 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
82cc1f9a 4060 cupsdAddString(&(pol->job_attrs), "phone");
10d09e33
MS		 4061 }
4062
4063 if (!pol->sub_access)
4064 {
4065 cupsdLogMessage(CUPSD_LOG_WARN,
4066 "No SubscriptionPrivateAccess defined in policy %s "
4067 "- using defaults.", pol->name);
4068 cupsdAddString(&(pol->sub_access), "@OWNER");
4069 cupsdAddString(&(pol->sub_access), "@SYSTEM");
4070 }
4071
4072 if (!pol->sub_attrs)
4073 {
4074 cupsdLogMessage(CUPSD_LOG_WARN,
4075 "No SubscriptionPrivateValues defined in policy %s "
4076 "- using defaults.", pol->name);
4077 cupsdAddString(&(pol->sub_attrs), "notify-events");
4078 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
4079 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
4080 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
4081 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
4082 }
4083}
4084
4085
4086/*
f2d18633 4087 * End of "$Id$".
ef416fc2 4088 */
Unnamed repository; edit this file 'description' to name the repository.