]>
Commit | Line | Data |
---|---|---|
ef416fc2 | 1 | /* |
75bd9771 | 2 | * "$Id: auth.h 7317 2008-02-15 22:29:27Z mike $" |
ef416fc2 | 3 | * |
4 | * Authorization definitions for the Common UNIX Printing System (CUPS) | |
5 | * scheduler. | |
6 | * | |
080811b1 | 7 | * Copyright 2007-2008 by Apple Inc. |
bd7854cb | 8 | * Copyright 1997-2006 by Easy Software Products, all rights reserved. |
ef416fc2 | 9 | * |
10 | * These coded instructions, statements, and computer programs are the | |
bc44d920 | 11 | * property of Apple Inc. and are protected by Federal copyright |
12 | * law. Distribution and use rights are outlined in the file "LICENSE.txt" | |
13 | * which should have been included with this file. If this file is | |
14 | * file is missing or damaged, see the license at "http://www.cups.org/". | |
ef416fc2 | 15 | */ |
16 | ||
17 | /* | |
18 | * Include necessary headers... | |
19 | */ | |
20 | ||
21 | #include <pwd.h> | |
22 | ||
23 | ||
24 | /* | |
25 | * HTTP authorization types and levels... | |
26 | */ | |
27 | ||
5bd77a73 MS |
28 | #define CUPSD_AUTH_DEFAULT -1 /* Use DefaultAuthType */ |
29 | #define CUPSD_AUTH_NONE 0 /* No authentication */ | |
30 | #define CUPSD_AUTH_BASIC 1 /* Basic authentication */ | |
31 | #define CUPSD_AUTH_DIGEST 2 /* Digest authentication */ | |
32 | #define CUPSD_AUTH_BASICDIGEST 3 /* Basic authentication w/passwd.md5 */ | |
33 | #define CUPSD_AUTH_NEGOTIATE 4 /* Kerberos authentication */ | |
34 | ||
35 | #define CUPSD_AUTH_ANON 0 /* Anonymous access */ | |
36 | #define CUPSD_AUTH_USER 1 /* Must have a valid username/password */ | |
37 | #define CUPSD_AUTH_GROUP 2 /* Must also be in a named group */ | |
38 | ||
39 | #define CUPSD_AUTH_ALLOW 0 /* Allow access */ | |
40 | #define CUPSD_AUTH_DENY 1 /* Deny access */ | |
41 | ||
42 | #define CUPSD_AUTH_NAME 0 /* Authorize host by name */ | |
43 | #define CUPSD_AUTH_IP 1 /* Authorize host by IP */ | |
44 | #define CUPSD_AUTH_INTERFACE 2 /* Authorize host by interface */ | |
45 | ||
46 | #define CUPSD_AUTH_SATISFY_ALL 0 /* Satisfy both address and auth */ | |
47 | #define CUPSD_AUTH_SATISFY_ANY 1 /* Satisfy either address or auth */ | |
48 | ||
49 | #define CUPSD_AUTH_LIMIT_DELETE 1 /* Limit DELETE requests */ | |
50 | #define CUPSD_AUTH_LIMIT_GET 2 /* Limit GET requests */ | |
51 | #define CUPSD_AUTH_LIMIT_HEAD 4 /* Limit HEAD requests */ | |
52 | #define CUPSD_AUTH_LIMIT_OPTIONS 8 /* Limit OPTIONS requests */ | |
53 | #define CUPSD_AUTH_LIMIT_POST 16 /* Limit POST requests */ | |
54 | #define CUPSD_AUTH_LIMIT_PUT 32 /* Limit PUT requests */ | |
55 | #define CUPSD_AUTH_LIMIT_TRACE 64 /* Limit TRACE requests */ | |
56 | #define CUPSD_AUTH_LIMIT_ALL 127 /* Limit all requests */ | |
57 | #define CUPSD_AUTH_LIMIT_IPP 128 /* Limit IPP requests */ | |
ef416fc2 | 58 | |
59 | #define IPP_ANY_OPERATION (ipp_op_t)0 | |
60 | /* Any IPP operation */ | |
61 | #define IPP_BAD_OPERATION (ipp_op_t)-1 | |
62 | /* No IPP operation */ | |
63 | ||
64 | ||
65 | /* | |
66 | * HTTP access control structures... | |
67 | */ | |
68 | ||
69 | typedef struct | |
70 | { | |
71 | unsigned address[4], /* IP address */ | |
72 | netmask[4]; /* IP netmask */ | |
73 | } cupsd_ipmask_t; | |
74 | ||
75 | typedef struct | |
76 | { | |
77 | int length; /* Length of name */ | |
78 | char *name; /* Name string */ | |
79 | } cupsd_namemask_t; | |
80 | ||
81 | typedef struct | |
82 | { | |
83 | int type; /* Mask type */ | |
84 | union | |
85 | { | |
86 | cupsd_namemask_t name; /* Host/Domain name */ | |
87 | cupsd_ipmask_t ip; /* IP address/network */ | |
88 | } mask; /* Mask data */ | |
89 | } cupsd_authmask_t; | |
90 | ||
91 | typedef struct | |
92 | { | |
bd7854cb | 93 | char *location; /* Location of resource */ |
ef416fc2 | 94 | ipp_op_t op; /* IPP operation */ |
95 | int limit, /* Limit for these types of requests */ | |
96 | length, /* Length of location string */ | |
97 | order_type, /* Allow or Deny */ | |
98 | type, /* Type of authentication */ | |
99 | level, /* Access level required */ | |
100 | satisfy; /* Satisfy any or all limits? */ | |
101 | int num_names; /* Number of names */ | |
102 | char **names; /* User or group names */ | |
103 | int num_allow; /* Number of Allow lines */ | |
104 | cupsd_authmask_t *allow; /* Allow lines */ | |
105 | int num_deny; /* Number of Deny lines */ | |
106 | cupsd_authmask_t *deny; /* Deny lines */ | |
107 | http_encryption_t encryption; /* To encrypt or not to encrypt... */ | |
108 | } cupsd_location_t; | |
109 | ||
110 | typedef struct cupsd_client_s cupsd_client_t; | |
111 | ||
112 | ||
113 | /* | |
114 | * Globals... | |
115 | */ | |
116 | ||
bd7854cb | 117 | VAR cups_array_t *Locations VALUE(NULL); |
ef416fc2 | 118 | /* Authorization locations */ |
5bd77a73 | 119 | VAR int DefaultAuthType VALUE(CUPSD_AUTH_BASIC); |
ef416fc2 | 120 | /* Default AuthType, if not specified */ |
4744bd90 | 121 | #ifdef HAVE_SSL |
122 | VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED); | |
123 | /* Default encryption for authentication */ | |
124 | #endif /* HAVE_SSL */ | |
ef416fc2 | 125 | |
126 | ||
127 | /* | |
128 | * Prototypes... | |
129 | */ | |
130 | ||
131 | extern cupsd_location_t *cupsdAddLocation(const char *location); | |
132 | extern void cupsdAddName(cupsd_location_t *loc, char *name); | |
133 | extern void cupsdAllowHost(cupsd_location_t *loc, char *name); | |
ac884b6a MS |
134 | extern void cupsdAllowIP(cupsd_location_t *loc, |
135 | const unsigned address[4], | |
136 | const unsigned netmask[4]); | |
ef416fc2 | 137 | extern void cupsdAuthorize(cupsd_client_t *con); |
080811b1 MS |
138 | extern int cupsdCheckAccess(unsigned ip[4], char *name, |
139 | int namelen, cupsd_location_t *loc); | |
ef416fc2 | 140 | extern int cupsdCheckAuth(unsigned ip[4], char *name, int namelen, |
141 | int num_masks, cupsd_authmask_t *masks); | |
142 | extern int cupsdCheckGroup(const char *username, | |
143 | struct passwd *user, | |
144 | const char *groupname); | |
145 | extern cupsd_location_t *cupsdCopyLocation(cupsd_location_t **loc); | |
146 | extern void cupsdDeleteAllLocations(void); | |
147 | extern void cupsdDeleteLocation(cupsd_location_t *loc); | |
148 | extern void cupsdDenyHost(cupsd_location_t *loc, char *name); | |
ac884b6a MS |
149 | extern void cupsdDenyIP(cupsd_location_t *loc, |
150 | const unsigned address[4], | |
151 | const unsigned netmask[4]); | |
ef416fc2 | 152 | extern cupsd_location_t *cupsdFindBest(const char *path, http_state_t state); |
153 | extern cupsd_location_t *cupsdFindLocation(const char *location); | |
ef416fc2 | 154 | extern http_status_t cupsdIsAuthorized(cupsd_client_t *con, const char *owner); |
155 | ||
156 | ||
157 | /* | |
75bd9771 | 158 | * End of "$Id: auth.h 7317 2008-02-15 22:29:27Z mike $". |
ef416fc2 | 159 | */ |