]>
Commit | Line | Data |
---|---|---|
ef416fc2 | 1 | /* |
f2d18633 | 2 | * "$Id$" |
ef416fc2 | 3 | * |
10d09e33 | 4 | * Authorization definitions for the CUPS scheduler. |
ef416fc2 | 5 | * |
07ed0e9a | 6 | * Copyright 2007-2011 by Apple Inc. |
bd7854cb | 7 | * Copyright 1997-2006 by Easy Software Products, all rights reserved. |
ef416fc2 | 8 | * |
9 | * These coded instructions, statements, and computer programs are the | |
bc44d920 | 10 | * property of Apple Inc. and are protected by Federal copyright |
11 | * law. Distribution and use rights are outlined in the file "LICENSE.txt" | |
12 | * which should have been included with this file. If this file is | |
13 | * file is missing or damaged, see the license at "http://www.cups.org/". | |
ef416fc2 | 14 | */ |
15 | ||
16 | /* | |
17 | * Include necessary headers... | |
18 | */ | |
19 | ||
20 | #include <pwd.h> | |
21 | ||
22 | ||
23 | /* | |
24 | * HTTP authorization types and levels... | |
25 | */ | |
26 | ||
5bd77a73 MS |
27 | #define CUPSD_AUTH_DEFAULT -1 /* Use DefaultAuthType */ |
28 | #define CUPSD_AUTH_NONE 0 /* No authentication */ | |
29 | #define CUPSD_AUTH_BASIC 1 /* Basic authentication */ | |
30 | #define CUPSD_AUTH_DIGEST 2 /* Digest authentication */ | |
31 | #define CUPSD_AUTH_BASICDIGEST 3 /* Basic authentication w/passwd.md5 */ | |
32 | #define CUPSD_AUTH_NEGOTIATE 4 /* Kerberos authentication */ | |
dcb445bc | 33 | #define CUPSD_AUTH_AUTO 5 /* Kerberos or Basic, depending on configuration of server */ |
5bd77a73 MS |
34 | |
35 | #define CUPSD_AUTH_ANON 0 /* Anonymous access */ | |
36 | #define CUPSD_AUTH_USER 1 /* Must have a valid username/password */ | |
37 | #define CUPSD_AUTH_GROUP 2 /* Must also be in a named group */ | |
38 | ||
39 | #define CUPSD_AUTH_ALLOW 0 /* Allow access */ | |
40 | #define CUPSD_AUTH_DENY 1 /* Deny access */ | |
41 | ||
42 | #define CUPSD_AUTH_NAME 0 /* Authorize host by name */ | |
43 | #define CUPSD_AUTH_IP 1 /* Authorize host by IP */ | |
44 | #define CUPSD_AUTH_INTERFACE 2 /* Authorize host by interface */ | |
45 | ||
46 | #define CUPSD_AUTH_SATISFY_ALL 0 /* Satisfy both address and auth */ | |
47 | #define CUPSD_AUTH_SATISFY_ANY 1 /* Satisfy either address or auth */ | |
48 | ||
49 | #define CUPSD_AUTH_LIMIT_DELETE 1 /* Limit DELETE requests */ | |
50 | #define CUPSD_AUTH_LIMIT_GET 2 /* Limit GET requests */ | |
51 | #define CUPSD_AUTH_LIMIT_HEAD 4 /* Limit HEAD requests */ | |
52 | #define CUPSD_AUTH_LIMIT_OPTIONS 8 /* Limit OPTIONS requests */ | |
53 | #define CUPSD_AUTH_LIMIT_POST 16 /* Limit POST requests */ | |
54 | #define CUPSD_AUTH_LIMIT_PUT 32 /* Limit PUT requests */ | |
55 | #define CUPSD_AUTH_LIMIT_TRACE 64 /* Limit TRACE requests */ | |
56 | #define CUPSD_AUTH_LIMIT_ALL 127 /* Limit all requests */ | |
57 | #define CUPSD_AUTH_LIMIT_IPP 128 /* Limit IPP requests */ | |
ef416fc2 | 58 | |
59 | #define IPP_ANY_OPERATION (ipp_op_t)0 | |
60 | /* Any IPP operation */ | |
61 | #define IPP_BAD_OPERATION (ipp_op_t)-1 | |
62 | /* No IPP operation */ | |
63 | ||
64 | ||
65 | /* | |
66 | * HTTP access control structures... | |
67 | */ | |
68 | ||
69 | typedef struct | |
70 | { | |
71 | unsigned address[4], /* IP address */ | |
72 | netmask[4]; /* IP netmask */ | |
73 | } cupsd_ipmask_t; | |
74 | ||
75 | typedef struct | |
76 | { | |
77 | int length; /* Length of name */ | |
78 | char *name; /* Name string */ | |
79 | } cupsd_namemask_t; | |
80 | ||
81 | typedef struct | |
82 | { | |
83 | int type; /* Mask type */ | |
84 | union | |
85 | { | |
86 | cupsd_namemask_t name; /* Host/Domain name */ | |
87 | cupsd_ipmask_t ip; /* IP address/network */ | |
88 | } mask; /* Mask data */ | |
89 | } cupsd_authmask_t; | |
90 | ||
91 | typedef struct | |
92 | { | |
bd7854cb | 93 | char *location; /* Location of resource */ |
ef416fc2 | 94 | ipp_op_t op; /* IPP operation */ |
95 | int limit, /* Limit for these types of requests */ | |
96 | length, /* Length of location string */ | |
97 | order_type, /* Allow or Deny */ | |
98 | type, /* Type of authentication */ | |
99 | level, /* Access level required */ | |
100 | satisfy; /* Satisfy any or all limits? */ | |
10d09e33 MS |
101 | cups_array_t *names, /* User or group names */ |
102 | *allow, /* Allow lines */ | |
103 | *deny; /* Deny lines */ | |
ef416fc2 | 104 | http_encryption_t encryption; /* To encrypt or not to encrypt... */ |
105 | } cupsd_location_t; | |
106 | ||
107 | typedef struct cupsd_client_s cupsd_client_t; | |
108 | ||
109 | ||
110 | /* | |
111 | * Globals... | |
112 | */ | |
113 | ||
bd7854cb | 114 | VAR cups_array_t *Locations VALUE(NULL); |
ef416fc2 | 115 | /* Authorization locations */ |
4744bd90 | 116 | #ifdef HAVE_SSL |
117 | VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED); | |
118 | /* Default encryption for authentication */ | |
119 | #endif /* HAVE_SSL */ | |
ef416fc2 | 120 | |
121 | ||
122 | /* | |
123 | * Prototypes... | |
124 | */ | |
125 | ||
10d09e33 MS |
126 | extern int cupsdAddIPMask(cups_array_t **masks, |
127 | const unsigned address[4], | |
128 | const unsigned netmask[4]); | |
129 | extern void cupsdAddLocation(cupsd_location_t *loc); | |
ef416fc2 | 130 | extern void cupsdAddName(cupsd_location_t *loc, char *name); |
10d09e33 | 131 | extern int cupsdAddNameMask(cups_array_t **masks, char *name); |
ef416fc2 | 132 | extern void cupsdAuthorize(cupsd_client_t *con); |
080811b1 MS |
133 | extern int cupsdCheckAccess(unsigned ip[4], char *name, |
134 | int namelen, cupsd_location_t *loc); | |
ef416fc2 | 135 | extern int cupsdCheckAuth(unsigned ip[4], char *name, int namelen, |
10d09e33 | 136 | cups_array_t *masks); |
ef416fc2 | 137 | extern int cupsdCheckGroup(const char *username, |
138 | struct passwd *user, | |
139 | const char *groupname); | |
10d09e33 | 140 | extern cupsd_location_t *cupsdCopyLocation(cupsd_location_t *loc); |
ef416fc2 | 141 | extern void cupsdDeleteAllLocations(void); |
ef416fc2 | 142 | extern cupsd_location_t *cupsdFindBest(const char *path, http_state_t state); |
143 | extern cupsd_location_t *cupsdFindLocation(const char *location); | |
10d09e33 | 144 | extern void cupsdFreeLocation(cupsd_location_t *loc); |
ef416fc2 | 145 | extern http_status_t cupsdIsAuthorized(cupsd_client_t *con, const char *owner); |
10d09e33 | 146 | extern cupsd_location_t *cupsdNewLocation(const char *location); |
ef416fc2 | 147 | |
148 | ||
149 | /* | |
f2d18633 | 150 | * End of "$Id$". |
ef416fc2 | 151 | */ |