[thirdparty/cups.git] / scheduler / auth.h

/*
 * "$Id$"
 *
 * Authorization definitions for the CUPS scheduler.
 *
 * Copyright 2007-2014 by Apple Inc.
 * Copyright 1997-2006 by Easy Software Products, all rights reserved.
 *
 * These coded instructions, statements, and computer programs are the
 * property of Apple Inc. and are protected by Federal copyright
 * law.  Distribution and use rights are outlined in the file "LICENSE.txt"
 * which should have been included with this file.  If this file is
 * file is missing or damaged, see the license at "http://www.cups.org/".
 */

/*
 * Include necessary headers...
 */

#include <pwd.h>


/*
 * HTTP authorization types and levels...
 */

#define CUPSD_AUTH_DEFAULT	-1	/* Use DefaultAuthType */
#define CUPSD_AUTH_NONE		0	/* No authentication */
#define CUPSD_AUTH_BASIC	1	/* Basic authentication */
#define CUPSD_AUTH_NEGOTIATE	2	/* Kerberos authentication */
#define CUPSD_AUTH_AUTO		3	/* Kerberos or Basic, depending on configuration of server */

#define CUPSD_AUTH_ANON		0	/* Anonymous access */
#define CUPSD_AUTH_USER		1	/* Must have a valid username/password */
#define CUPSD_AUTH_GROUP	2	/* Must also be in a named group */

#define CUPSD_AUTH_ALLOW	0	/* Allow access */
#define CUPSD_AUTH_DENY		1	/* Deny access */

#define CUPSD_AUTH_NAME		0	/* Authorize host by name */
#define CUPSD_AUTH_IP		1	/* Authorize host by IP */
#define CUPSD_AUTH_INTERFACE	2	/* Authorize host by interface */

#define CUPSD_AUTH_SATISFY_ALL	0	/* Satisfy both address and auth */
#define CUPSD_AUTH_SATISFY_ANY	1	/* Satisfy either address or auth */

#define CUPSD_AUTH_LIMIT_DELETE	1	/* Limit DELETE requests */
#define CUPSD_AUTH_LIMIT_GET	2	/* Limit GET requests */
#define CUPSD_AUTH_LIMIT_HEAD	4	/* Limit HEAD requests */
#define CUPSD_AUTH_LIMIT_OPTIONS 8	/* Limit OPTIONS requests */
#define CUPSD_AUTH_LIMIT_POST	16	/* Limit POST requests */
#define CUPSD_AUTH_LIMIT_PUT	32	/* Limit PUT requests */
#define CUPSD_AUTH_LIMIT_TRACE	64	/* Limit TRACE requests */
#define CUPSD_AUTH_LIMIT_ALL	127	/* Limit all requests */
#define CUPSD_AUTH_LIMIT_IPP	128	/* Limit IPP requests */

#define IPP_ANY_OPERATION	(ipp_op_t)0
					/* Any IPP operation */
#define IPP_BAD_OPERATION	(ipp_op_t)-1
					/* No IPP operation */


/*
 * HTTP access control structures...
 */

typedef struct
{
  unsigned	address[4],		/* IP address */
		netmask[4];		/* IP netmask */
} cupsd_ipmask_t;

typedef struct
{
  size_t	length;			/* Length of name */
  char		*name;			/* Name string */
} cupsd_namemask_t;

typedef struct
{
  int		type;			/* Mask type */
  union
  {
    cupsd_namemask_t	name;		/* Host/Domain name */
    cupsd_ipmask_t	ip;		/* IP address/network */
  }		mask;			/* Mask data */
} cupsd_authmask_t;

typedef struct
{
  char			*location;	/* Location of resource */
  size_t		length;		/* Length of location string */
  ipp_op_t		op;		/* IPP operation */
  int			limit,		/* Limit for these types of requests */
			order_type,	/* Allow or Deny */
			type,		/* Type of authentication */
			level,		/* Access level required */
			satisfy;	/* Satisfy any or all limits? */
  cups_array_t		*names,		/* User or group names */
			*allow,		/* Allow lines */
			*deny;		/* Deny lines */
  http_encryption_t	encryption;	/* To encrypt or not to encrypt... */
} cupsd_location_t;

typedef struct cupsd_client_s cupsd_client_t;


/*
 * Globals...
 */

VAR cups_array_t	*Locations	VALUE(NULL);
					/* Authorization locations */
#ifdef HAVE_SSL
VAR http_encryption_t	DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
					/* Default encryption for authentication */
#endif /* HAVE_SSL */


/*
 * Prototypes...
 */

extern int		cupsdAddIPMask(cups_array_t **masks,
				       const unsigned address[4],
				       const unsigned netmask[4]);
extern void		cupsdAddLocation(cupsd_location_t *loc);
extern void		cupsdAddName(cupsd_location_t *loc, char *name);
extern int		cupsdAddNameMask(cups_array_t **masks, char *name);
extern void		cupsdAuthorize(cupsd_client_t *con);
extern int		cupsdCheckAccess(unsigned ip[4], const char *name, size_t namelen, cupsd_location_t *loc);
extern int		cupsdCheckAuth(unsigned ip[4], const char *name, size_t namelen, cups_array_t *masks);
extern int		cupsdCheckGroup(const char *username,
			                struct passwd *user,
			                const char *groupname);
extern cupsd_location_t	*cupsdCopyLocation(cupsd_location_t *loc);
extern void		cupsdDeleteAllLocations(void);
extern cupsd_location_t	*cupsdFindBest(const char *path, http_state_t state);
extern cupsd_location_t	*cupsdFindLocation(const char *location);
extern void		cupsdFreeLocation(cupsd_location_t *loc);
extern http_status_t	cupsdIsAuthorized(cupsd_client_t *con, const char *owner);
extern cupsd_location_t	*cupsdNewLocation(const char *location);


/*
 * End of "$Id$".
 */
Commit	Line	Data
ef416fc2	1	/*
f2d18633	2	* "$Id$"
ef416fc2	3	*
5ec1fd3d	4	* Authorization definitions for the CUPS scheduler.
ef416fc2	5	*
7e86f2f6	6	* Copyright 2007-2014 by Apple Inc.
5ec1fd3d	7	* Copyright 1997-2006 by Easy Software Products, all rights reserved.
ef416fc2	8	*
5ec1fd3d MS	9	* These coded instructions, statements, and computer programs are the
	10	* property of Apple Inc. and are protected by Federal copyright
	11	* law. Distribution and use rights are outlined in the file "LICENSE.txt"
	12	* which should have been included with this file. If this file is
	13	* file is missing or damaged, see the license at "http://www.cups.org/".
ef416fc2	14	*/
	15
	16	/*
	17	* Include necessary headers...
	18	*/
	19
	20	#include <pwd.h>
	21
	22
	23	/*
	24	* HTTP authorization types and levels...
	25	*/
	26
5bd77a73 MS	27	#define CUPSD_AUTH_DEFAULT -1 /* Use DefaultAuthType */
	28	#define CUPSD_AUTH_NONE 0 /* No authentication */
	29	#define CUPSD_AUTH_BASIC 1 /* Basic authentication */
e0660879 MS	30	#define CUPSD_AUTH_NEGOTIATE 2 /* Kerberos authentication */
e0660879 MS	31	#define CUPSD_AUTH_AUTO 3 /* Kerberos or Basic, depending on configuration of server */
5bd77a73 MS	32
	33	#define CUPSD_AUTH_ANON 0 /* Anonymous access */
	34	#define CUPSD_AUTH_USER 1 /* Must have a valid username/password */
	35	#define CUPSD_AUTH_GROUP 2 /* Must also be in a named group */
	36
	37	#define CUPSD_AUTH_ALLOW 0 /* Allow access */
	38	#define CUPSD_AUTH_DENY 1 /* Deny access */
	39
	40	#define CUPSD_AUTH_NAME 0 /* Authorize host by name */
	41	#define CUPSD_AUTH_IP 1 /* Authorize host by IP */
	42	#define CUPSD_AUTH_INTERFACE 2 /* Authorize host by interface */
	43
	44	#define CUPSD_AUTH_SATISFY_ALL 0 /* Satisfy both address and auth */
	45	#define CUPSD_AUTH_SATISFY_ANY 1 /* Satisfy either address or auth */
	46
	47	#define CUPSD_AUTH_LIMIT_DELETE 1 /* Limit DELETE requests */
	48	#define CUPSD_AUTH_LIMIT_GET 2 /* Limit GET requests */
	49	#define CUPSD_AUTH_LIMIT_HEAD 4 /* Limit HEAD requests */
	50	#define CUPSD_AUTH_LIMIT_OPTIONS 8 /* Limit OPTIONS requests */
	51	#define CUPSD_AUTH_LIMIT_POST 16 /* Limit POST requests */
	52	#define CUPSD_AUTH_LIMIT_PUT 32 /* Limit PUT requests */
	53	#define CUPSD_AUTH_LIMIT_TRACE 64 /* Limit TRACE requests */
	54	#define CUPSD_AUTH_LIMIT_ALL 127 /* Limit all requests */
	55	#define CUPSD_AUTH_LIMIT_IPP 128 /* Limit IPP requests */
ef416fc2	56
	57	#define IPP_ANY_OPERATION (ipp_op_t)0
	58	/* Any IPP operation */
	59	#define IPP_BAD_OPERATION (ipp_op_t)-1
	60	/* No IPP operation */
	61
	62
	63	/*
	64	* HTTP access control structures...
	65	*/
	66
	67	typedef struct
	68	{
	69	unsigned address[4], /* IP address */
	70	netmask[4]; /* IP netmask */
	71	} cupsd_ipmask_t;
	72
	73	typedef struct
	74	{
7e86f2f6	75	size_t length; /* Length of name */
ef416fc2	76	char name; / Name string */
	77	} cupsd_namemask_t;
	78
	79	typedef struct
	80	{
	81	int type; /* Mask type */
	82	union
	83	{
	84	cupsd_namemask_t name; /* Host/Domain name */
	85	cupsd_ipmask_t ip; /* IP address/network */
	86	} mask; /* Mask data */
	87	} cupsd_authmask_t;
	88
	89	typedef struct
	90	{
bd7854cb	91	char location; / Location of resource */
7e86f2f6	92	size_t length; /* Length of location string */
ef416fc2	93	ipp_op_t op; /* IPP operation */
ef416fc2	94	int limit, /* Limit for these types of requests */
ef416fc2	95	order_type, /* Allow or Deny */
	96	type, /* Type of authentication */
	97	level, /* Access level required */
	98	satisfy; /* Satisfy any or all limits? */
10d09e33 MS	99	cups_array_t names, / User or group names */
	100	allow, / Allow lines */
	101	deny; / Deny lines */
ef416fc2	102	http_encryption_t encryption; /* To encrypt or not to encrypt... */
	103	} cupsd_location_t;
	104
	105	typedef struct cupsd_client_s cupsd_client_t;
	106
	107
	108	/*
	109	* Globals...
	110	*/
	111
bd7854cb	112	VAR cups_array_t *Locations VALUE(NULL);
ef416fc2	113	/* Authorization locations */
4744bd90	114	#ifdef HAVE_SSL
	115	VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
	116	/* Default encryption for authentication */
	117	#endif /* HAVE_SSL */
ef416fc2	118
	119
	120	/*
	121	* Prototypes...
	122	*/
	123
10d09e33 MS	124	extern int cupsdAddIPMask(cups_array_t **masks,
	125	const unsigned address[4],
	126	const unsigned netmask[4]);
	127	extern void cupsdAddLocation(cupsd_location_t *loc);
ef416fc2	128	extern void cupsdAddName(cupsd_location_t loc, char name);
10d09e33	129	extern int cupsdAddNameMask(cups_array_t *masks, char name);
ef416fc2	130	extern void cupsdAuthorize(cupsd_client_t *con);
7e86f2f6 MS	131	extern int cupsdCheckAccess(unsigned ip[4], const char name, size_t namelen, cupsd_location_t loc);
7e86f2f6 MS	132	extern int cupsdCheckAuth(unsigned ip[4], const char name, size_t namelen, cups_array_t masks);
ef416fc2	133	extern int cupsdCheckGroup(const char *username,
	134	struct passwd *user,
	135	const char *groupname);
10d09e33	136	extern cupsd_location_t cupsdCopyLocation(cupsd_location_t loc);
ef416fc2	137	extern void cupsdDeleteAllLocations(void);
ef416fc2	138	extern cupsd_location_t cupsdFindBest(const char path, http_state_t state);
ef416fc2	139	extern cupsd_location_t cupsdFindLocation(const char location);
10d09e33	140	extern void cupsdFreeLocation(cupsd_location_t *loc);
ef416fc2	141	extern http_status_t cupsdIsAuthorized(cupsd_client_t con, const char owner);
10d09e33	142	extern cupsd_location_t cupsdNewLocation(const char location);
ef416fc2	143
	144
	145	/*
f2d18633	146	* End of "$Id$".
ef416fc2	147	*/