[thirdparty/cups.git] / scheduler / auth.h

/*
 * "$Id$"
 *
 *   Authorization definitions for the Common UNIX Printing System (CUPS)
 *   scheduler.
 *
 *   Copyright 1997-2005 by Easy Software Products, all rights reserved.
 *
 *   These coded instructions, statements, and computer programs are the
 *   property of Easy Software Products and are protected by Federal
 *   copyright law.  Distribution and use rights are outlined in the file
 *   "LICENSE.txt" which should have been included with this file.  If this
 *   file is missing or damaged please contact Easy Software Products
 *   at:
 *
 *       Attn: CUPS Licensing Information
 *       Easy Software Products
 *       44141 Airport View Drive, Suite 204
 *       Hollywood, Maryland 20636 USA
 *
 *       Voice: (301) 373-9600
 *       EMail: cups-info@cups.org
 *         WWW: http://www.cups.org
 */

/*
 * Include necessary headers...
 */

#include <pwd.h>


/*
 * HTTP authorization types and levels...
 */

#define AUTH_NONE		0	/* No authentication */
#define AUTH_BASIC		1	/* Basic authentication */
#define AUTH_DIGEST		2	/* Digest authentication */
#define AUTH_BASICDIGEST	3	/* Basic authentication w/passwd.md5 */

#define AUTH_ANON		0	/* Anonymous access */
#define AUTH_USER		1	/* Must have a valid username/password */
#define AUTH_GROUP		2	/* Must also be in a named group */

#define AUTH_ALLOW		0	/* Allow access */
#define AUTH_DENY		1	/* Deny access */

#define AUTH_NAME		0	/* Authorize host by name */
#define AUTH_IP			1	/* Authorize host by IP */
#define AUTH_INTERFACE		2	/* Authorize host by interface */

#define AUTH_SATISFY_ALL	0	/* Satisfy both address and auth */
#define AUTH_SATISFY_ANY	1	/* Satisfy either address or auth */

#define AUTH_LIMIT_DELETE	1	/* Limit DELETE requests */
#define AUTH_LIMIT_GET		2	/* Limit GET requests */
#define AUTH_LIMIT_HEAD		4	/* Limit HEAD requests */
#define AUTH_LIMIT_OPTIONS	8	/* Limit OPTIONS requests */
#define AUTH_LIMIT_POST		16	/* Limit POST requests */
#define AUTH_LIMIT_PUT		32	/* Limit PUT requests */
#define AUTH_LIMIT_TRACE	64	/* Limit TRACE requests */
#define AUTH_LIMIT_ALL		127	/* Limit all requests */


/*
 * HTTP access control structures...
 */

typedef struct
{
  unsigned	address[4],		/* IP address */
		netmask[4];		/* IP netmask */
} ipmask_t;

typedef struct
{
  int		length;			/* Length of name */
  char		*name;			/* Name string */
} namemask_t;

typedef struct
{
  int		type;			/* Mask type */
  union
  {
    namemask_t	name;			/* Host/Domain name */
    ipmask_t	ip;			/* IP address/network */
  }		mask;			/* Mask data */
} authmask_t;

typedef struct
{
  char		location[HTTP_MAX_URI];	/* Location of resource */
  int		limit,			/* Limit for these types of requests */
		length,			/* Length of location string */
		order_type,		/* Allow or Deny */
		type,			/* Type of authentication */
		level,			/* Access level required */
		satisfy;		/* Satisfy any or all limits? */
  int		num_names;		/* Number of names */
  char		**names;		/* User or group names */
  int		num_allow;		/* Number of Allow lines */
  authmask_t	*allow;			/* Allow lines */
  int		num_deny;		/* Number of Deny lines */
  authmask_t	*deny;			/* Deny lines */
  http_encryption_t encryption;		/* To encrypt or not to encrypt... */
} location_t;


/*
 * Globals...
 */

VAR int			DefaultAuthType	VALUE(AUTH_BASIC);
VAR int			NumLocations	VALUE(0);
					/* Number of authorization locations */
VAR location_t		*Locations	VALUE(NULL);
					/* Authorization locations */


/*
 * Prototypes...
 */

extern location_t	*AddLocation(const char *location);
extern void		AddName(location_t *loc, char *name);
extern void		AllowHost(location_t *loc, char *name);
extern void		AllowIP(location_t *loc, unsigned address[4],
			        unsigned netmask[4]);
extern int		CheckAuth(unsigned ip[4], char *name, int namelen,
				  int num_masks, authmask_t *masks);
extern int		cupsdCheckGroup(const char *username,
			                struct passwd *user,
			                const char *groupname);
extern location_t	*CopyLocation(location_t **loc);
extern void		DeleteAllLocations(void);
extern void		DenyHost(location_t *loc, char *name);
extern void		DenyIP(location_t *loc, unsigned address[4],
			       unsigned netmask[4]);
extern location_t	*FindBest(const char *path, http_state_t state);
extern location_t	*FindLocation(const char *location);
extern char		*GetMD5Passwd(const char *username, const char *group,
			              char passwd[33]);
extern http_status_t	IsAuthorized(client_t *con);


/*
 * End of "$Id$".
 */
Commit	Line	Data
824bac0b	1	/*
c9d3f842	2	* "$Id$"
824bac0b	3	*
fd8b1cf8	4	* Authorization definitions for the Common UNIX Printing System (CUPS)
fd8b1cf8	5	* scheduler.
824bac0b	6	*
c9d3f842	7	* Copyright 1997-2005 by Easy Software Products, all rights reserved.
824bac0b	8	*
	9	* These coded instructions, statements, and computer programs are the
	10	* property of Easy Software Products and are protected by Federal
	11	* copyright law. Distribution and use rights are outlined in the file
	12	* "LICENSE.txt" which should have been included with this file. If this
	13	* file is missing or damaged please contact Easy Software Products
	14	* at:
	15	*
	16	* Attn: CUPS Licensing Information
	17	* Easy Software Products
8784b6a6	18	* 44141 Airport View Drive, Suite 204
bcd9e019	19	* Hollywood, Maryland 20636 USA
824bac0b	20	*
9639c4de	21	* Voice: (301) 373-9600
824bac0b	22	* EMail: cups-info@cups.org
824bac0b	23	* WWW: http://www.cups.org
824bac0b	24	*/
824bac0b	25
9d0c9f28	26	/*
	27	* Include necessary headers...
	28	*/
	29
	30	#include <pwd.h>
	31
	32
824bac0b	33	/*
fd8b1cf8	34	* HTTP authorization types and levels...
	35	*/
	36
7ebf3a09	37	#define AUTH_NONE 0 /* No authentication */
	38	#define AUTH_BASIC 1 /* Basic authentication */
	39	#define AUTH_DIGEST 2 /* Digest authentication */
753453e4	40	#define AUTH_BASICDIGEST 3 /* Basic authentication w/passwd.md5 */
7ebf3a09	41
fd8b1cf8	42	#define AUTH_ANON 0 /* Anonymous access */
	43	#define AUTH_USER 1 /* Must have a valid username/password */
	44	#define AUTH_GROUP 2 /* Must also be in a named group */
	45
	46	#define AUTH_ALLOW 0 /* Allow access */
	47	#define AUTH_DENY 1 /* Deny access */
	48
	49	#define AUTH_NAME 0 /* Authorize host by name */
	50	#define AUTH_IP 1 /* Authorize host by IP */
20264b99	51	#define AUTH_INTERFACE 2 /* Authorize host by interface */
fd8b1cf8	52
89db771d	53	#define AUTH_SATISFY_ALL 0 /* Satisfy both address and auth */
46490d9d	54	#define AUTH_SATISFY_ANY 1 /* Satisfy either address or auth */
46490d9d	55
	56	#define AUTH_LIMIT_DELETE 1 /* Limit DELETE requests */
	57	#define AUTH_LIMIT_GET 2 /* Limit GET requests */
	58	#define AUTH_LIMIT_HEAD 4 /* Limit HEAD requests */
	59	#define AUTH_LIMIT_OPTIONS 8 /* Limit OPTIONS requests */
	60	#define AUTH_LIMIT_POST 16 /* Limit POST requests */
	61	#define AUTH_LIMIT_PUT 32 /* Limit PUT requests */
	62	#define AUTH_LIMIT_TRACE 64 /* Limit TRACE requests */
	63	#define AUTH_LIMIT_ALL 127 /* Limit all requests */
	64
fd8b1cf8	65
fd8b1cf8	66	/*
03081fd2	67	* HTTP access control structures...
fd8b1cf8	68	*/
	69
	70	typedef struct
	71	{
99de6da0	72	unsigned address[4], /* IP address */
99de6da0	73	netmask[4]; /* IP netmask */
fd8b1cf8	74	} ipmask_t;
	75
	76	typedef struct
	77	{
	78	int length; /* Length of name */
	79	char name; / Name string */
	80	} namemask_t;
	81
	82	typedef struct
	83	{
	84	int type; /* Mask type */
	85	union
	86	{
	87	namemask_t name; /* Host/Domain name */
	88	ipmask_t ip; /* IP address/network */
	89	} mask; /* Mask data */
42d48bd2	90	} authmask_t;
fd8b1cf8	91
	92	typedef struct
	93	{
a74b005d	94	char location[HTTP_MAX_URI]; /* Location of resource */
46490d9d	95	int limit, /* Limit for these types of requests */
46490d9d	96	length, /* Length of location string */
fd8b1cf8	97	order_type, /* Allow or Deny */
7ebf3a09	98	type, /* Type of authentication */
46490d9d	99	level, /* Access level required */
	100	satisfy; /* Satisfy any or all limits? */
	101	int num_names; /* Number of names */
	102	char *names; / User or group names */
fd8b1cf8	103	int num_allow; /* Number of Allow lines */
42d48bd2	104	authmask_t allow; / Allow lines */
fd8b1cf8	105	int num_deny; /* Number of Deny lines */
42d48bd2	106	authmask_t deny; / Deny lines */
a75c006a	107	http_encryption_t encryption; /* To encrypt or not to encrypt... */
fd8b1cf8	108	} location_t;
	109
	110
	111	/*
	112	* Globals...
	113	*/
	114
b38d93df	115	VAR int DefaultAuthType VALUE(AUTH_BASIC);
fd8b1cf8	116	VAR int NumLocations VALUE(0);
	117	/* Number of authorization locations */
	118	VAR location_t *Locations VALUE(NULL);
	119	/* Authorization locations */
	120
	121
	122	/*
	123	* Prototypes...
824bac0b	124	*/
824bac0b	125
e4f4eb8e	126	extern location_t AddLocation(const char location);
46490d9d	127	extern void AddName(location_t loc, char name);
fd8b1cf8	128	extern void AllowHost(location_t loc, char name);
99de6da0	129	extern void AllowIP(location_t *loc, unsigned address[4],
	130	unsigned netmask[4]);
	131	extern int CheckAuth(unsigned ip[4], char *name, int namelen,
e5ebb675	132	int num_masks, authmask_t *masks);
9d0c9f28	133	extern int cupsdCheckGroup(const char *username,
	134	struct passwd *user,
	135	const char *groupname);
89db771d	136	extern location_t CopyLocation(location_t *loc);
fd8b1cf8	137	extern void DeleteAllLocations(void);
fd8b1cf8	138	extern void DenyHost(location_t loc, char name);
99de6da0	139	extern void DenyIP(location_t *loc, unsigned address[4],
99de6da0	140	unsigned netmask[4]);
7db52463	141	extern location_t FindBest(const char path, http_state_t state);
e4f4eb8e	142	extern location_t FindLocation(const char location);
19e7b382	143	extern char GetMD5Passwd(const char username, const char *group,
19e7b382	144	char passwd[33]);
a74b005d	145	extern http_status_t IsAuthorized(client_t *con);
824bac0b	146
	147
	148	/*
c9d3f842	149	* End of "$Id$".
824bac0b	150	*/