]> git.ipfire.org Git - thirdparty/cups.git/blame - scheduler/conf.c
projects / thirdparty / cups.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Full sweep of all Clang warnings, plus some bug fixes for incorrect memcpy usage.
[thirdparty/cups.git] / scheduler / conf.c
CommitLineData
ef416fc2 1/*
f2d18633 2 * "$Id$"
ef416fc2 3 *
da003234 4 * Configuration routines for the CUPS scheduler.
ef416fc2 5 *
da003234
MS		 6 * Copyright 2007-2013 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
ef416fc2 8 *
da003234
MS		 9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
ef416fc2 14 */
15
16/*
17 * Include necessary headers...
18 */
19
20#include "cupsd.h"
21#include <stdarg.h>
22#include <grp.h>
23#include <sys/utsname.h>
b94498cf 24#include <syslog.h>
ef416fc2 25
97c9a8d7
MS		 26#ifdef HAVE_LIBPAPER
27# include <paper.h>
28#endif /* HAVE_LIBPAPER */
29
ef416fc2 30
31/*
32 * Possibly missing network definitions...
33 */
34
35#ifndef INADDR_NONE
36# define INADDR_NONE 0xffffffff
37#endif /* !INADDR_NONE */
38
39
40/*
41 * Configuration variable structure...
42 */
43
44typedef enum
45{
46 CUPSD_VARTYPE_INTEGER, /* Integer option */
82cc1f9a 47 CUPSD_VARTYPE_TIME, /* Time interval option */
ef416fc2 48 CUPSD_VARTYPE_STRING, /* String option */
76cd9e37 49 CUPSD_VARTYPE_BOOLEAN, /* Boolean option */
7e86f2f6
MS		 50 CUPSD_VARTYPE_PATHNAME, /* File/directory name option */
51 CUPSD_VARTYPE_PERM /* File/directory permissions */
ef416fc2 52} cupsd_vartype_t;
53
54typedef struct
55{
a2326b5b 56 const char *name; /* Name of variable */
ef416fc2 57 void *ptr; /* Pointer to variable */
58 cupsd_vartype_t type; /* Type (int, string, address) */
59} cupsd_var_t;
60
61
62/*
63 * Local globals...
64 */
65
c41769ff 66static const cupsd_var_t cupsd_vars[] =
ef416fc2 67{
ef416fc2 68 { "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN },
37e7e6e0 69#if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
f3c17241 70 { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_STRING },
37e7e6e0 71#endif /* HAVE_DNSSD || HAVE_AVAHI */
b19ccc9e 72 { "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN },
ef416fc2 73 { "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN },
ef416fc2 74 { "Classification", &Classification, CUPSD_VARTYPE_STRING },
75 { "ClassifyOverride", &ClassifyOverride, CUPSD_VARTYPE_BOOLEAN },
ef416fc2 76 { "DefaultLanguage", &DefaultLanguage, CUPSD_VARTYPE_STRING },
82cc1f9a 77 { "DefaultLeaseDuration", &DefaultLeaseDuration, CUPSD_VARTYPE_TIME },
c5571a1d 78 { "DefaultPaperSize", &DefaultPaperSize, CUPSD_VARTYPE_STRING },
ef416fc2 79 { "DefaultPolicy", &DefaultPolicy, CUPSD_VARTYPE_STRING },
fa73b229 80 { "DefaultShared", &DefaultShared, CUPSD_VARTYPE_BOOLEAN },
82cc1f9a 81 { "DirtyCleanInterval", &DirtyCleanInterval, CUPSD_VARTYPE_TIME },
323c5de1 82 { "ErrorPolicy", &ErrorPolicy, CUPSD_VARTYPE_STRING },
ef416fc2 83 { "FilterLimit", &FilterLimit, CUPSD_VARTYPE_INTEGER },
84 { "FilterNice", &FilterNice, CUPSD_VARTYPE_INTEGER },
dcb445bc
MS		 85#ifdef HAVE_GSSAPI
86 { "GSSServiceName", &GSSServiceName, CUPSD_VARTYPE_STRING },
87#endif /* HAVE_GSSAPI */
82cc1f9a 88 { "JobKillDelay", &JobKillDelay, CUPSD_VARTYPE_TIME },
ef416fc2 89 { "JobRetryLimit", &JobRetryLimit, CUPSD_VARTYPE_INTEGER },
82cc1f9a
MS		 90 { "JobRetryInterval", &JobRetryInterval, CUPSD_VARTYPE_TIME },
91 { "KeepAliveTimeout", &KeepAliveTimeout, CUPSD_VARTYPE_TIME },
ef416fc2 92 { "KeepAlive", &KeepAlive, CUPSD_VARTYPE_BOOLEAN },
f7deaa1a 93#ifdef HAVE_LAUNCHD
82cc1f9a 94 { "LaunchdTimeout", &LaunchdTimeout, CUPSD_VARTYPE_TIME },
f7deaa1a 95#endif /* HAVE_LAUNCHD */
ef416fc2 96 { "LimitRequestBody", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
97 { "ListenBackLog", &ListenBackLog, CUPSD_VARTYPE_INTEGER },
178cb736 98 { "LogDebugHistory", &LogDebugHistory, CUPSD_VARTYPE_INTEGER },
ef416fc2 99 { "MaxActiveJobs", &MaxActiveJobs, CUPSD_VARTYPE_INTEGER },
100 { "MaxClients", &MaxClients, CUPSD_VARTYPE_INTEGER },
101 { "MaxClientsPerHost", &MaxClientsPerHost, CUPSD_VARTYPE_INTEGER },
102 { "MaxCopies", &MaxCopies, CUPSD_VARTYPE_INTEGER },
103 { "MaxEvents", &MaxEvents, CUPSD_VARTYPE_INTEGER },
82cc1f9a 104 { "MaxHoldTime", &MaxHoldTime, CUPSD_VARTYPE_TIME },
ef416fc2 105 { "MaxJobs", &MaxJobs, CUPSD_VARTYPE_INTEGER },
106 { "MaxJobsPerPrinter", &MaxJobsPerPrinter, CUPSD_VARTYPE_INTEGER },
107 { "MaxJobsPerUser", &MaxJobsPerUser, CUPSD_VARTYPE_INTEGER },
dcb445bc 108 { "MaxJobTime", &MaxJobTime, CUPSD_VARTYPE_INTEGER },
82cc1f9a 109 { "MaxLeaseDuration", &MaxLeaseDuration, CUPSD_VARTYPE_TIME },
ef416fc2 110 { "MaxLogSize", &MaxLogSize, CUPSD_VARTYPE_INTEGER },
ef416fc2 111 { "MaxRequestSize", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
112 { "MaxSubscriptions", &MaxSubscriptions, CUPSD_VARTYPE_INTEGER },
113 { "MaxSubscriptionsPerJob", &MaxSubscriptionsPerJob, CUPSD_VARTYPE_INTEGER },
114 { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER },
115 { "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER },
82cc1f9a 116 { "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_TIME },
01ce6322 117 { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING },
82cc1f9a
MS		 118 { "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_TIME },
119 { "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_TIME },
82cc1f9a 120 { "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_TIME },
ef416fc2 121 { "RIPCache", &RIPCache, CUPSD_VARTYPE_STRING },
82cc1f9a 122 { "RootCertDuration", &RootCertDuration, CUPSD_VARTYPE_TIME },
ef416fc2 123 { "ServerAdmin", &ServerAdmin, CUPSD_VARTYPE_STRING },
c41769ff
MS		 124 { "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
125 { "StrictConformance", &StrictConformance, CUPSD_VARTYPE_BOOLEAN },
126 { "Timeout", &Timeout, CUPSD_VARTYPE_TIME },
127 { "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN }
128};
129static const cupsd_var_t cupsfiles_vars[] =
130{
131 { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
132 { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
7e86f2f6 133 { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_PERM },
c41769ff
MS		 134 { "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
135 { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
136 { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
137 { "FileDevice", &FileDevice, CUPSD_VARTYPE_BOOLEAN },
138 { "FontPath", &FontPath, CUPSD_VARTYPE_STRING },
7e86f2f6 139 { "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_PERM },
c41769ff
MS		 140 { "LPDConfigFile", &LPDConfigFile, CUPSD_VARTYPE_STRING },
141 { "PageLog", &PageLog, CUPSD_VARTYPE_STRING },
142 { "Printcap", &Printcap, CUPSD_VARTYPE_STRING },
cb7f98ee 143 { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
c41769ff 144 { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
76cd9e37 145 { "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME },
ef416fc2 146#ifdef HAVE_SSL
72d05bc9 147 { "ServerKeychain", &ServerKeychain, CUPSD_VARTYPE_PATHNAME },
ef416fc2 148#endif /* HAVE_SSL */
76cd9e37 149 { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME },
2e4ff8af 150 { "SMBConfigFile", &SMBConfigFile, CUPSD_VARTYPE_STRING },
ef416fc2 151 { "StateDir", &StateDir, CUPSD_VARTYPE_STRING },
8a259669 152 { "SyncOnClose", &SyncOnClose, CUPSD_VARTYPE_BOOLEAN },
f7deaa1a 153#ifdef HAVE_AUTHORIZATION_H
154 { "SystemGroupAuthKey", &SystemGroupAuthKey, CUPSD_VARTYPE_STRING },
155#endif /* HAVE_AUTHORIZATION_H */
c41769ff 156 { "TempDir", &TempDir, CUPSD_VARTYPE_PATHNAME }
ef416fc2 157};
ef416fc2 158
c41769ff
MS		 159static int default_auth_type = CUPSD_AUTH_AUTO;
160 /* Default AuthType, if not specified */
ef416fc2 161
ac884b6a 162static const unsigned ones[4] =
ef416fc2 163 {
164 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff
165 };
ac884b6a 166static const unsigned zeros[4] =
ef416fc2 167 {
168 0x00000000, 0x00000000, 0x00000000, 0x00000000
169 };
170
171
172/*
173 * Local functions...
174 */
e07d4801 175
ef416fc2 176static http_addrlist_t *get_address(const char *value, int defport);
177static int get_addr_and_mask(const char *value, unsigned *ip,
178 unsigned *mask);
eac3a0a0 179static void mime_error_cb(void *ctx, const char *message);
ef416fc2 180static int parse_aaa(cupsd_location_t *loc, char *line,
181 char *value, int linenum);
49d87452 182static int parse_fatal_errors(const char *s);
bd7854cb 183static int parse_groups(const char *s);
184static int parse_protocols(const char *s);
c41769ff
MS		 185static int parse_variable(const char *filename, int linenum,
186 const char *line, const char *value,
187 size_t num_vars,
188 const cupsd_var_t *vars);
189static int read_cupsd_conf(cups_file_t *fp);
190static int read_cups_files_conf(cups_file_t *fp);
ef416fc2 191static int read_location(cups_file_t *fp, char *name, int linenum);
192static int read_policy(cups_file_t *fp, char *name, int linenum);
10d09e33 193static void set_policy_defaults(cupsd_policy_t *pol);
ef416fc2 194
195
e07d4801
MS		 196/*
197 * 'cupsdAddAlias()' - Add a host alias.
198 */
199
200void
201cupsdAddAlias(cups_array_t *aliases, /* I - Array of aliases */
202 const char *name) /* I - Name to add */
203{
204 cupsd_alias_t *a; /* New alias */
205 size_t namelen; /* Length of name */
206
207
208 namelen = strlen(name);
209
210 if ((a = (cupsd_alias_t *)malloc(sizeof(cupsd_alias_t) + namelen)) == NULL)
211 return;
212
213 a->namelen = namelen;
5a9febac 214 memcpy(a->name, name, namelen + 1); /* OK since a->name is allocated */
e07d4801
MS		 215
216 cupsArrayAdd(aliases, a);
217}
218
219
b94498cf 220/*
221 * 'cupsdCheckPermissions()' - Fix the mode and ownership of a file or directory.
222 */
223
224int /* O - 0 on success, -1 on error, 1 on warning */
225cupsdCheckPermissions(
226 const char *filename, /* I - File/directory name */
227 const char *suffix, /* I - Additional file/directory name */
7e86f2f6
MS		 228 mode_t mode, /* I - Permissions */
229 uid_t user, /* I - Owner */
230 gid_t group, /* I - Group */
b94498cf 231 int is_dir, /* I - 1 = directory, 0 = file */
232 int create_dir) /* I - 1 = create directory, -1 = create w/o logging, 0 = not */
233{
234 int dir_created = 0; /* Did we create a directory? */
235 char pathname[1024]; /* File name with prefix */
236 struct stat fileinfo; /* Stat buffer */
49d87452 237 int is_symlink; /* Is "filename" a symlink? */
b94498cf 238
239
240 /*
241 * Prepend the given root to the filename before testing it...
242 */
243
244 if (suffix)
245 {
246 snprintf(pathname, sizeof(pathname), "%s/%s", filename, suffix);
247 filename = pathname;
248 }
249
250 /*
251 * See if we can stat the file/directory...
252 */
253
49d87452 254 if (lstat(filename, &fileinfo))
b94498cf 255 {
256 if (errno == ENOENT && create_dir)
257 {
258 if (create_dir > 0)
259 cupsdLogMessage(CUPSD_LOG_DEBUG, "Creating missing directory \"%s\"",
260 filename);
261
262 if (mkdir(filename, mode))
263 {
264 if (create_dir > 0)
265 cupsdLogMessage(CUPSD_LOG_ERROR,
266 "Unable to create directory \"%s\" - %s", filename,
267 strerror(errno));
268 else
269 syslog(LOG_ERR, "Unable to create directory \"%s\" - %s", filename,
270 strerror(errno));
271
272 return (-1);
273 }
274
d1c13e16
MS		 275 dir_created = 1;
276 fileinfo.st_mode = mode | S_IFDIR;
b94498cf 277 }
278 else
279 return (create_dir ? -1 : 1);
280 }
281
49d87452
MS		 282 if ((is_symlink = S_ISLNK(fileinfo.st_mode)) != 0)
283 {
284 if (stat(filename, &fileinfo))
285 {
286 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is a bad symlink - %s",
287 filename, strerror(errno));
288 return (-1);
289 }
290 }
291
b94498cf 292 /*
49d87452 293 * Make sure it's a regular file or a directory as needed...
b94498cf 294 */
295
296 if (!dir_created && !is_dir && !S_ISREG(fileinfo.st_mode))
297 {
c8fef167 298 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a regular file.", filename);
b94498cf 299 return (-1);
300 }
301
302 if (!dir_created && is_dir && !S_ISDIR(fileinfo.st_mode))
303 {
304 if (create_dir >= 0)
c8fef167 305 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a directory.", filename);
b94498cf 306 else
c8fef167 307 syslog(LOG_ERR, "\"%s\" is not a directory.", filename);
b94498cf 308
309 return (-1);
310 }
311
49d87452
MS		 312 /*
313 * If the filename is a symlink, do not change permissions (STR #2937)...
314 */
315
316 if (is_symlink)
317 return (0);
318
b94498cf 319 /*
320 * Fix owner, group, and mode as needed...
321 */
322
323 if (dir_created || fileinfo.st_uid != user || fileinfo.st_gid != group)
324 {
325 if (create_dir >= 0)
326 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing ownership of \"%s\"",
327 filename);
328
329 if (chown(filename, user, group) && !getuid())
330 {
331 if (create_dir >= 0)
332 cupsdLogMessage(CUPSD_LOG_ERROR,
333 "Unable to change ownership of \"%s\" - %s", filename,
334 strerror(errno));
335 else
336 syslog(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename,
337 strerror(errno));
338
339 return (1);
340 }
341 }
342
343 if (dir_created || (fileinfo.st_mode & 07777) != mode)
344 {
345 if (create_dir >= 0)
346 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing access permissions of \"%s\"",
347 filename);
348
349 if (chmod(filename, mode))
350 {
351 if (create_dir >= 0)
352 cupsdLogMessage(CUPSD_LOG_ERROR,
353 "Unable to change permissions of \"%s\" - %s", filename,
354 strerror(errno));
355 else
356 syslog(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename,
357 strerror(errno));
358
359 return (1);
360 }
361 }
362
363 /*
364 * Everything is OK...
365 */
366
367 return (0);
368}
369
370
dcb445bc
MS		 371/*
372 * 'cupsdDefaultAuthType()' - Get the default AuthType.
373 *
374 * When the default_auth_type is "auto", this function tries to get the GSS
375 * credentials for the server. If that succeeds we use Kerberos authentication,
376 * otherwise we do a fallback to Basic authentication against the local user
377 * accounts.
378 */
379
380int /* O - Default AuthType value */
381cupsdDefaultAuthType(void)
382{
383#ifdef HAVE_GSSAPI
384 OM_uint32 major_status, /* Major status code */
385 minor_status; /* Minor status code */
386 gss_name_t server_name; /* Server name */
387 gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
388 /* Service name token */
389 char buf[1024]; /* Service name buffer */
390#endif /* HAVE_GSSAPI */
391
392
393 /*
394 * If we have already determined the correct default AuthType, use it...
395 */
396
397 if (default_auth_type != CUPSD_AUTH_AUTO)
398 return (default_auth_type);
399
400#ifdef HAVE_GSSAPI
401# ifdef __APPLE__
402 /*
403 * If the weak-linked GSSAPI/Kerberos library is not present, don't try
404 * to use it...
405 */
406
407 if (gss_init_sec_context == NULL)
408 return (default_auth_type = CUPSD_AUTH_BASIC);
409# endif /* __APPLE__ */
410
411 /*
412 * Try to obtain the server's GSS credentials (GSSServiceName@servername). If
413 * that fails we must use Basic...
414 */
415
416 snprintf(buf, sizeof(buf), "%s@%s", GSSServiceName, ServerName);
417
418 token.value = buf;
419 token.length = strlen(buf);
420 server_name = GSS_C_NO_NAME;
421 major_status = gss_import_name(&minor_status, &token,
422 GSS_C_NT_HOSTBASED_SERVICE,
423 &server_name);
424
425 memset(&token, 0, sizeof(token));
426
427 if (GSS_ERROR(major_status))
428 {
429 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
430 "cupsdDefaultAuthType: gss_import_name(%s) failed", buf);
431 return (default_auth_type = CUPSD_AUTH_BASIC);
432 }
433
434 major_status = gss_display_name(&minor_status, server_name, &token, NULL);
435
436 if (GSS_ERROR(major_status))
437 {
438 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
439 "cupsdDefaultAuthType: gss_display_name(%s) failed",
440 buf);
441 return (default_auth_type = CUPSD_AUTH_BASIC);
442 }
443
444 cupsdLogMessage(CUPSD_LOG_DEBUG,
445 "cupsdDefaultAuthType: Attempting to acquire Kerberos "
446 "credentials for %s...", (char *)token.value);
447
448 ServerCreds = GSS_C_NO_CREDENTIAL;
449 major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE,
450 GSS_C_NO_OID_SET, GSS_C_ACCEPT,
451 &ServerCreds, NULL, NULL);
452 if (GSS_ERROR(major_status))
453 {
454 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
455 "cupsdDefaultAuthType: gss_acquire_cred(%s) failed",
456 (char *)token.value);
457 gss_release_name(&minor_status, &server_name);
458 gss_release_buffer(&minor_status, &token);
459 return (default_auth_type = CUPSD_AUTH_BASIC);
460 }
461
462 cupsdLogMessage(CUPSD_LOG_DEBUG,
463 "cupsdDefaultAuthType: Kerberos credentials acquired "
464 "successfully for %s.", (char *)token.value);
465
466 gss_release_name(&minor_status, &server_name);
467 gss_release_buffer(&minor_status, &token);
468
469 HaveServerCreds = 1;
470
471 return (default_auth_type = CUPSD_AUTH_NEGOTIATE);
472
473#else
474 /*
475 * No Kerberos support compiled in so just use Basic all the time...
476 */
477
478 return (default_auth_type = CUPSD_AUTH_BASIC);
479#endif /* HAVE_GSSAPI */
480}
481
482
e07d4801
MS		 483/*
484 * 'cupsdFreeAliases()' - Free all of the alias entries.
485 */
486
487void
488cupsdFreeAliases(cups_array_t *aliases) /* I - Array of aliases */
489{
490 cupsd_alias_t *a; /* Current alias */
491
492
493 for (a = (cupsd_alias_t *)cupsArrayFirst(aliases);
494 a;
495 a = (cupsd_alias_t *)cupsArrayNext(aliases))
496 free(a);
497
498 cupsArrayDelete(aliases);
499}
500
501
ef416fc2 502/*
503 * 'cupsdReadConfiguration()' - Read the cupsd.conf file.
504 */
505
506int /* O - 1 on success, 0 otherwise */
507cupsdReadConfiguration(void)
508{
509 int i; /* Looping var */
510 cups_file_t *fp; /* Configuration file */
511 int status; /* Return status */
512 char temp[1024], /* Temporary buffer */
dd1abb6b 513 mimedir[1024], /* MIME directory */
ef416fc2 514 *slash; /* Directory separator */
ef416fc2 515 cups_lang_t *language; /* Language */
516 struct passwd *user; /* Default user */
517 struct group *group; /* Default group */
518 char *old_serverroot, /* Old ServerRoot */
519 *old_requestroot; /* Old RequestRoot */
f11a948a 520 int old_remote_port; /* Old RemotePort */
b423cd4c 521 const char *tmpdir; /* TMPDIR environment variable */
522 struct stat tmpinfo; /* Temporary directory info */
2e4ff8af 523 cupsd_policy_t *p; /* Policy */
b423cd4c 524
ef416fc2 525
ef416fc2 526 /*
527 * Save the old root paths...
528 */
529
530 old_serverroot = NULL;
531 cupsdSetString(&old_serverroot, ServerRoot);
532 old_requestroot = NULL;
533 cupsdSetString(&old_requestroot, RequestRoot);
534
535 /*
536 * Reset the server configuration data...
537 */
538
539 cupsdDeleteAllLocations();
540
bd7854cb 541 cupsdDeleteAllListeners();
ef416fc2 542
f11a948a
MS		 543 old_remote_port = RemotePort;
544 RemotePort = 0;
d1c13e16 545
ef416fc2 546 /*
547 * String options...
548 */
549
e07d4801
MS		 550 cupsdFreeAliases(ServerAlias);
551 ServerAlias = NULL;
552
d1c13e16
MS		 553 cupsdClearString(&ServerName);
554 cupsdClearString(&ServerAdmin);
ef416fc2 555 cupsdSetString(&ServerBin, CUPS_SERVERBIN);
556 cupsdSetString(&RequestRoot, CUPS_REQUESTS);
557 cupsdSetString(&CacheDir, CUPS_CACHEDIR);
558 cupsdSetString(&DataDir, CUPS_DATADIR);
559 cupsdSetString(&DocumentRoot, CUPS_DOCROOT);
560 cupsdSetString(&AccessLog, CUPS_LOGDIR "/access_log");
a4845881 561 cupsdClearString(&ErrorLog);
ef416fc2 562 cupsdSetString(&PageLog, CUPS_LOGDIR "/page_log");
01ce6322 563 cupsdSetString(&PageLogFormat,
0268488e 564 "%p %u %j %T %P %C %{job-billing} "
01ce6322 565 "%{job-originating-host-name} %{job-name} %{media} %{sides}");
e53920b9 566 cupsdSetString(&Printcap, CUPS_DEFAULT_PRINTCAP);
ef416fc2 567 cupsdSetString(&FontPath, CUPS_FONTPATH);
568 cupsdSetString(&RemoteRoot, "remroot");
db8b865d 569 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d IPP/2.1", CUPS_VERSION_MAJOR,
771bd8cb 570 CUPS_VERSION_MINOR);
ef416fc2 571 cupsdSetString(&StateDir, CUPS_STATEDIR);
572
ed486911 573 if (!strcmp(CUPS_DEFAULT_PRINTCAP, "/etc/printers.conf"))
574 PrintcapFormat = PRINTCAP_SOLARIS;
0af14961
MS		 575 else if (!strcmp(CUPS_DEFAULT_PRINTCAP,
576 "/Library/Preferences/org.cups.printers.plist"))
577 PrintcapFormat = PRINTCAP_PLIST;
ed486911 578 else
579 PrintcapFormat = PRINTCAP_BSD;
580
ef416fc2 581 strlcpy(temp, ConfigurationFile, sizeof(temp));
582 if ((slash = strrchr(temp, '/')) != NULL)
583 *slash = '\0';
584
585 cupsdSetString(&ServerRoot, temp);
586
587 cupsdClearString(&Classification);
588 ClassifyOverride = 0;
589
590#ifdef HAVE_SSL
72d05bc9 591# ifdef HAVE_GNUTLS
097488cf 592 cupsdSetString(&ServerKeychain, "ssl");
72d05bc9
MS		 593# else
594 cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain");
595# endif /* HAVE_GNUTLS */
ef416fc2 596#endif /* HAVE_SSL */
597
598 language = cupsLangDefault();
599
600 if (!strcmp(language->language, "C") || !strcmp(language->language, "POSIX"))
601 cupsdSetString(&DefaultLanguage, "en");
602 else
603 cupsdSetString(&DefaultLanguage, language->language);
604
c5571a1d
MS		 605 cupsdClearString(&DefaultPaperSize);
606
eac3a0a0 607 cupsdSetString(&RIPCache, "128m");
ef416fc2 608
b423cd4c 609 cupsdSetString(&TempDir, NULL);
ef416fc2 610
dcb445bc
MS		 611#ifdef HAVE_GSSAPI
612 cupsdSetString(&GSSServiceName, CUPS_DEFAULT_GSSSERVICENAME);
613
614 if (HaveServerCreds)
615 {
616 OM_uint32 minor_status; /* Minor status code */
617
618 gss_release_cred(&minor_status, &ServerCreds);
619
620 HaveServerCreds = 0;
621 }
622
623 ServerCreds = GSS_C_NO_CREDENTIAL;
624#endif /* HAVE_GSSAPI */
625
ef416fc2 626 /*
627 * Find the default user...
628 */
629
630 if ((user = getpwnam(CUPS_DEFAULT_USER)) != NULL)
631 User = user->pw_uid;
632 else
633 {
634 /*
635 * Use the (historical) NFS nobody user ID (-2 as a 16-bit twos-
636 * complement number...)
637 */
638
639 User = 65534;
640 }
641
642 endpwent();
643
644 /*
d6ae789d 645 * Find the default group...
ef416fc2 646 */
647
d6ae789d 648 group = getgrnam(CUPS_DEFAULT_GROUP);
ef416fc2 649 endgrent();
650
d6ae789d 651 if (group)
ef416fc2 652 Group = group->gr_gid;
653 else
654 {
655 /*
d6ae789d 656 * Fallback to group "nobody"...
ef416fc2 657 */
658
d6ae789d 659 group = getgrnam("nobody");
660 endgrent();
661
662 if (group)
663 Group = group->gr_gid;
664 else
665 {
666 /*
667 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
668 * complement number...)
669 */
670
671 Group = 65534;
672 }
ef416fc2 673 }
674
675 /*
676 * Numeric options...
677 */
678
dfd5680b
MS		 679 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
680 ConfigFilePerm = CUPS_DEFAULT_CONFIG_FILE_PERM;
681 FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS);
6961465f 682 default_auth_type = CUPSD_AUTH_BASIC;
4744bd90 683#ifdef HAVE_SSL
dfd5680b 684 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
4744bd90 685#endif /* HAVE_SSL */
dfd5680b 686 DirtyCleanInterval = DEFAULT_KEEPALIVE;
238c3832 687 JobKillDelay = DEFAULT_TIMEOUT;
dfd5680b
MS		 688 JobRetryLimit = 5;
689 JobRetryInterval = 300;
690 FileDevice = FALSE;
691 FilterLevel = 0;
692 FilterLimit = 0;
693 FilterNice = 0;
694 HostNameLookups = FALSE;
dfd5680b
MS		 695 KeepAlive = TRUE;
696 KeepAliveTimeout = DEFAULT_KEEPALIVE;
697 ListenBackLog = SOMAXCONN;
178cb736 698 LogDebugHistory = 200;
dfd5680b
MS		 699 LogFilePerm = CUPS_DEFAULT_LOG_FILE_PERM;
700 LogLevel = CUPSD_LOG_WARN;
701 LogTimeFormat = CUPSD_TIME_STANDARD;
702 MaxClients = 100;
703 MaxClientsPerHost = 0;
704 MaxLogSize = 1024 * 1024;
dfd5680b
MS		 705 MaxRequestSize = 0;
706 MultipleOperationTimeout = DEFAULT_TIMEOUT;
a29fd7dd 707 NumSystemGroups = 0;
dfd5680b
MS		 708 ReloadTimeout = DEFAULT_KEEPALIVE;
709 RootCertDuration = 300;
a29fd7dd 710 StrictConformance = FALSE;
8a259669 711 SyncOnClose = FALSE;
dfd5680b 712 Timeout = DEFAULT_TIMEOUT;
229681c1 713 WebInterface = CUPS_DEFAULT_WEBIF;
dfd5680b 714
dfd5680b 715 BrowseLocalProtocols = parse_protocols(CUPS_DEFAULT_BROWSE_LOCAL_PROTOCOLS);
dfd5680b
MS		 716 BrowseWebIF = FALSE;
717 Browsing = CUPS_DEFAULT_BROWSING;
718 DefaultShared = CUPS_DEFAULT_DEFAULT_SHARED;
ef416fc2 719
37e7e6e0 720#if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
f3c17241 721 cupsdSetString(&DNSSDSubTypes, "_cups,_print");
37e7e6e0 722#endif /* HAVE_DNSSD || HAVE_AVAHI */
84315f46 723
2e4ff8af
MS		 724 cupsdSetString(&LPDConfigFile, CUPS_DEFAULT_LPD_CONFIG_FILE);
725 cupsdSetString(&SMBConfigFile, CUPS_DEFAULT_SMB_CONFIG_FILE);
726
323c5de1 727 cupsdSetString(&ErrorPolicy, "stop-printer");
728
ef416fc2 729 JobHistory = DEFAULT_HISTORY;
730 JobFiles = DEFAULT_FILES;
731 JobAutoPurge = 0;
3e7fe0ca 732 MaxHoldTime = 0;
ef416fc2 733 MaxJobs = 500;
734 MaxActiveJobs = 0;
735 MaxJobsPerUser = 0;
736 MaxJobsPerPrinter = 0;
dcb445bc 737 MaxJobTime = 3 * 60 * 60; /* 3 hours */
f7deaa1a 738 MaxCopies = CUPS_DEFAULT_MAX_COPIES;
ef416fc2 739
740 cupsdDeleteAllPolicies();
741 cupsdClearString(&DefaultPolicy);
742
f7deaa1a 743#ifdef HAVE_AUTHORIZATION_H
6961465f 744 cupsdSetString(&SystemGroupAuthKey, CUPS_DEFAULT_SYSTEM_AUTHKEY);
f7deaa1a 745#endif /* HAVE_AUTHORIZATION_H */
746
ef416fc2 747 MaxSubscriptions = 100;
748 MaxSubscriptionsPerJob = 0;
749 MaxSubscriptionsPerPrinter = 0;
750 MaxSubscriptionsPerUser = 0;
751 DefaultLeaseDuration = 86400;
752 MaxLeaseDuration = 0;
753
a4d04587 754#ifdef HAVE_LAUNCHD
dcb445bc 755 LaunchdTimeout = 10;
a4d04587 756#endif /* HAVE_LAUNCHD */
757
0268488e
MS		 758 /*
759 * Setup environment variables...
760 */
761
762 cupsdInitEnv();
763
ef416fc2 764 /*
c41769ff
MS		 765 * Read the cups-files.conf file...
766 */
767
768 if ((fp = cupsFileOpen(CupsFilesFile, "r")) != NULL)
769 {
770 status = read_cups_files_conf(fp);
771
772 cupsFileClose(fp);
773
774 if (!status)
cb7f98ee
MS		 775 {
776 if (TestConfigFile)
777 printf("\"%s\" contains errors.\n", CupsFilesFile);
778 else
779 syslog(LOG_LPR, "Unable to read \"%s\" due to errors.",
780 CupsFilesFile);
781
c41769ff 782 return (0);
cb7f98ee 783 }
c41769ff
MS		 784 }
785 else if (errno == ENOENT)
786 cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile);
787 else
788 {
cb7f98ee
MS		 789 syslog(LOG_LPR, "Unable to open \"%s\": %s", CupsFilesFile,
790 strerror(errno));
c41769ff
MS		 791 return (0);
792 }
793
794 if (!ErrorLog)
795 cupsdSetString(&ErrorLog, CUPS_LOGDIR "/error_log");
796
797 /*
798 * Read the cupsd.conf file...
ef416fc2 799 */
800
801 if ((fp = cupsFileOpen(ConfigurationFile, "r")) == NULL)
c41769ff 802 {
cb7f98ee
MS		 803 syslog(LOG_LPR, "Unable to open \"%s\": %s", ConfigurationFile,
804 strerror(errno));
ef416fc2 805 return (0);
c41769ff 806 }
ef416fc2 807
c41769ff 808 status = read_cupsd_conf(fp);
ef416fc2 809
810 cupsFileClose(fp);
811
812 if (!status)
cb7f98ee
MS		 813 {
814 if (TestConfigFile)
815 printf("\"%s\" contains errors.\n", ConfigurationFile);
816 else
817 syslog(LOG_LPR, "Unable to read \"%s\" due to errors.",
818 ConfigurationFile);
819
ef416fc2 820 return (0);
cb7f98ee 821 }
ef416fc2 822
4744bd90 823 RunUser = getuid();
ef416fc2 824
d1c13e16 825 cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
f11a948a 826 RemotePort ? "enabled" : "disabled");
d1c13e16 827
5a6b583a
MS		 828 if (!RemotePort)
829 BrowseLocalProtocols = 0; /* Disable sharing - no remote access */
830
8ca02f3c 831 /*
832 * See if the ServerName is an IP address...
833 */
834
f11a948a
MS		 835 if (ServerName)
836 {
837 if (!ServerAlias)
838 ServerAlias = cupsArrayNew(NULL, NULL);
839
840 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", ServerName);
841 }
842 else
d1c13e16 843 {
e07d4801 844 if (gethostname(temp, sizeof(temp)))
d1c13e16
MS		 845 {
846 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get hostname: %s",
847 strerror(errno));
848 strlcpy(temp, "localhost", sizeof(temp));
849 }
850
851 cupsdSetString(&ServerName, temp);
e07d4801
MS		 852
853 if (!ServerAlias)
854 ServerAlias = cupsArrayNew(NULL, NULL);
855
856 cupsdAddAlias(ServerAlias, temp);
857 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
858
f11a948a 859 if (HostNameLookups || RemotePort)
e07d4801
MS		 860 {
861 struct hostent *host; /* Host entry to get FQDN */
862
863 if ((host = gethostbyname(temp)) != NULL)
864 {
88f9aafc 865 if (_cups_strcasecmp(temp, host->h_name))
e07d4801
MS		 866 {
867 cupsdSetString(&ServerName, host->h_name);
868 cupsdAddAlias(ServerAlias, host->h_name);
869 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
870 host->h_name);
871 }
872
873 if (host->h_aliases)
874 {
875 for (i = 0; host->h_aliases[i]; i ++)
88f9aafc 876 if (_cups_strcasecmp(temp, host->h_aliases[i]))
e07d4801
MS		 877 {
878 cupsdAddAlias(ServerAlias, host->h_aliases[i]);
879 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
880 host->h_aliases[i]);
881 }
882 }
883 }
884 }
885
886 /*
887 * Make sure we have the base hostname added as an alias, too!
888 */
889
890 if ((slash = strchr(temp, '.')) != NULL)
891 {
892 *slash = '\0';
893 cupsdAddAlias(ServerAlias, temp);
894 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
895 }
d1c13e16
MS		 896 }
897
8ca02f3c 898 for (slash = ServerName; isdigit(*slash & 255) || *slash == '.'; slash ++);
899
900 ServerNameIsIP = !*slash;
901
d1c13e16
MS		 902 /*
903 * Make sure ServerAdmin is initialized...
904 */
905
906 if (!ServerAdmin)
907 cupsdSetStringf(&ServerAdmin, "root@%s", ServerName);
908
ef416fc2 909 /*
910 * Use the default system group if none was supplied in cupsd.conf...
911 */
912
913 if (NumSystemGroups == 0)
bd7854cb 914 {
915 if (!parse_groups(CUPS_DEFAULT_SYSTEM_GROUPS))
916 {
917 /*
918 * Find the group associated with GID 0...
919 */
920
921 group = getgrgid(0);
922 endgrent();
923
924 if (group != NULL)
925 cupsdSetString(&SystemGroups[0], group->gr_name);
926 else
927 cupsdSetString(&SystemGroups[0], "unknown");
928
929 SystemGroupIDs[0] = 0;
930 NumSystemGroups = 1;
931 }
932 }
ef416fc2 933
cb7f98ee
MS		 934 /*
935 * Make sure ConfigFilePerm and LogFilePerm have sane values...
936 */
937
938 ConfigFilePerm &= 0664;
939 LogFilePerm &= 0664;
940
ef416fc2 941 /*
942 * Open the system log for cupsd if necessary...
943 */
944
945#ifdef HAVE_VSYSLOG
946 if (!strcmp(AccessLog, "syslog") ||
947 !strcmp(ErrorLog, "syslog") ||
948 !strcmp(PageLog, "syslog"))
949 openlog("cupsd", LOG_PID | LOG_NOWAIT | LOG_NDELAY, LOG_LPR);
950#endif /* HAVE_VSYSLOG */
951
22c9029b
MS		 952 /*
953 * Make sure each of the log files exists and gets rotated as necessary...
954 */
955
eac3a0a0 956 if (strcmp(AccessLog, "syslog"))
22c9029b
MS		 957 cupsdCheckLogFile(&AccessFile, AccessLog);
958
eac3a0a0 959 if (strcmp(ErrorLog, "syslog"))
22c9029b
MS		 960 cupsdCheckLogFile(&ErrorFile, ErrorLog);
961
eac3a0a0 962 if (strcmp(PageLog, "syslog"))
22c9029b
MS		 963 cupsdCheckLogFile(&PageFile, PageLog);
964
ef416fc2 965 /*
966 * Log the configuration file that was used...
967 */
968
969 cupsdLogMessage(CUPSD_LOG_INFO, "Loaded configuration file \"%s\"",
970 ConfigurationFile);
971
972 /*
973 * Validate the Group and SystemGroup settings - they cannot be the same,
974 * otherwise the CGI programs will be able to authenticate as root without
975 * a password!
976 */
977
978 if (!RunUser)
979 {
980 for (i = 0; i < NumSystemGroups; i ++)
981 if (Group == SystemGroupIDs[i])
982 break;
983
984 if (i < NumSystemGroups)
985 {
986 /*
987 * Log the error and reset the group to a safe value...
988 */
989
990 cupsdLogMessage(CUPSD_LOG_NOTICE,
c8fef167 991 "Group and SystemGroup cannot use the same groups.");
ef416fc2 992 cupsdLogMessage(CUPSD_LOG_INFO, "Resetting Group to \"nobody\"...");
993
994 group = getgrnam("nobody");
995 endgrent();
996
997 if (group != NULL)
998 Group = group->gr_gid;
999 else
1000 {
1001 /*
1002 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
1003 * complement number...)
1004 */
1005
1006 Group = 65534;
1007 }
1008 }
1009 }
1010
1011 /*
1012 * Check that we have at least one listen/port line; if not, report this
1013 * as an error and exit!
1014 */
1015
bd7854cb 1016 if (cupsArrayCount(Listeners) == 0)
ef416fc2 1017 {
1018 /*
1019 * No listeners!
1020 */
1021
1022 cupsdLogMessage(CUPSD_LOG_EMERG,
49d87452 1023 "No valid Listen or Port lines were found in the "
c8fef167 1024 "configuration file.");
ef416fc2 1025
1026 /*
1027 * Commit suicide...
1028 */
1029
1030 cupsdEndProcess(getpid(), 0);
1031 }
1032
1033 /*
1034 * Set the default locale using the language and charset...
1035 */
1036
f8b3a85b 1037 cupsdSetStringf(&DefaultLocale, "%s.UTF-8", DefaultLanguage);
ef416fc2 1038
1039 /*
1040 * Update all relative filenames to include the full path from ServerRoot...
1041 */
1042
1043 if (DocumentRoot[0] != '/')
1044 cupsdSetStringf(&DocumentRoot, "%s/%s", ServerRoot, DocumentRoot);
1045
1046 if (RequestRoot[0] != '/')
1047 cupsdSetStringf(&RequestRoot, "%s/%s", ServerRoot, RequestRoot);
1048
1049 if (ServerBin[0] != '/')
1050 cupsdSetStringf(&ServerBin, "%s/%s", ServerRoot, ServerBin);
1051
1052 if (StateDir[0] != '/')
1053 cupsdSetStringf(&StateDir, "%s/%s", ServerRoot, StateDir);
1054
1055 if (CacheDir[0] != '/')
1056 cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir);
1057
1058#ifdef HAVE_SSL
72d05bc9
MS		 1059 if (ServerKeychain[0] != '/')
1060 cupsdSetStringf(&ServerKeychain, "%s/%s", ServerRoot, ServerKeychain);
097488cf 1061
5bc8ea66 1062 cupsdLogMessage(CUPSD_LOG_DEBUG, "Using keychain \"%s\" for server name \"%s\".", ServerKeychain, ServerName);
097488cf 1063 cupsSetServerCredentials(ServerKeychain, ServerName, 1);
ef416fc2 1064#endif /* HAVE_SSL */
1065
1066 /*
1067 * Make sure that directories and config files are owned and
1068 * writable by the user and group in the cupsd.conf file...
1069 */
1070
ae71f5de
MS		 1071 snprintf(temp, sizeof(temp), "%s/rss", CacheDir);
1072
49d87452
MS		 1073 if ((cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser,
1074 Group, 1, 1) < 0 ||
1075 cupsdCheckPermissions(CacheDir, NULL, 0775, RunUser,
1076 Group, 1, 1) < 0 ||
1077 cupsdCheckPermissions(temp, NULL, 0775, RunUser,
1078 Group, 1, 1) < 0 ||
1079 cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
1080 Group, 1, 1) < 0 ||
1081 cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
1082 SystemGroupIDs[0], 1, 1) < 0 ||
ef55b745 1083 cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
49d87452
MS		 1084 Group, 1, 0) < 0 ||
1085 cupsdCheckPermissions(ServerRoot, "ppd", 0755, RunUser,
1086 Group, 1, 1) < 0 ||
1087 cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser,
1088 Group, 1, 0) < 0 ||
cb7f98ee
MS		 1089 cupsdCheckPermissions(ConfigurationFile, NULL, ConfigFilePerm, RunUser,
1090 Group, 0, 0) < 0 ||
1091 cupsdCheckPermissions(CupsFilesFile, NULL, ConfigFilePerm, RunUser,
49d87452
MS		 1092 Group, 0, 0) < 0 ||
1093 cupsdCheckPermissions(ServerRoot, "classes.conf", 0600, RunUser,
1094 Group, 0, 0) < 0 ||
1095 cupsdCheckPermissions(ServerRoot, "printers.conf", 0600, RunUser,
1096 Group, 0, 0) < 0 ||
1097 cupsdCheckPermissions(ServerRoot, "passwd.md5", 0600, User,
1098 Group, 0, 0) < 0) &&
1099 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
d09495fa 1100 return (0);
ef416fc2 1101
b423cd4c 1102 /*
1103 * Update TempDir to the default if it hasn't been set already...
1104 */
1105
0fa6c7fa
MS		 1106#ifdef __APPLE__
1107 if (TempDir && !RunUser &&
1108 (!strncmp(TempDir, "/private/tmp", 12) || !strncmp(TempDir, "/tmp", 4)))
1109 {
1110 cupsdLogMessage(CUPSD_LOG_ERROR, "Cannot use %s for TempDir.", TempDir);
1111 cupsdClearString(&TempDir);
1112 }
1113#endif /* __APPLE__ */
1114
b423cd4c 1115 if (!TempDir)
1116 {
9c80ffa2
MS		 1117#ifdef __APPLE__
1118 if ((tmpdir = getenv("TMPDIR")) != NULL &&
0fa6c7fa 1119 strncmp(tmpdir, "/private/tmp", 12) && strncmp(tmpdir, "/tmp", 4))
9c80ffa2 1120#else
b423cd4c 1121 if ((tmpdir = getenv("TMPDIR")) != NULL)
9c80ffa2 1122#endif /* __APPLE__ */
b423cd4c 1123 {
1124 /*
1125 * TMPDIR is defined, see if it is OK for us to use...
1126 */
1127
1128 if (stat(tmpdir, &tmpinfo))
1129 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to access TMPDIR (%s): %s",
1130 tmpdir, strerror(errno));
1131 else if (!S_ISDIR(tmpinfo.st_mode))
c8fef167 1132 cupsdLogMessage(CUPSD_LOG_ERROR, "TMPDIR (%s) is not a directory.",
b423cd4c 1133 tmpdir);
1134 else if ((tmpinfo.st_uid != User || !(tmpinfo.st_mode & S_IWUSR)) &&
1135 (tmpinfo.st_gid != Group || !(tmpinfo.st_mode & S_IWGRP)) &&
1136 !(tmpinfo.st_mode & S_IWOTH))
1137 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 1138 "TMPDIR (%s) has the wrong permissions.", tmpdir);
b423cd4c 1139 else
1140 cupsdSetString(&TempDir, tmpdir);
b423cd4c 1141 }
0fa6c7fa 1142 }
b423cd4c 1143
0fa6c7fa
MS		 1144 if (!TempDir)
1145 {
1146 cupsdLogMessage(CUPSD_LOG_INFO, "Using default TempDir of %s/tmp...",
1147 RequestRoot);
1148 cupsdSetStringf(&TempDir, "%s/tmp", RequestRoot);
b423cd4c 1149 }
1150
878389c8
MS		 1151 setenv("TMPDIR", TempDir, 1);
1152
ef416fc2 1153 /*
b94498cf 1154 * Make sure the temporary directory has the right permissions...
ef416fc2 1155 */
1156
ef416fc2 1157 if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)) ||
1158 access(TempDir, 0))
1159 {
1160 /*
1161 * Update ownership and permissions if the CUPS temp directory
1162 * is under the spool directory or does not exist...
1163 */
1164
49d87452
MS		 1165 if (cupsdCheckPermissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0 &&
1166 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
d09495fa 1167 return (0);
ef416fc2 1168 }
1169
ef416fc2 1170 /*
0268488e 1171 * Update environment variables...
ef416fc2 1172 */
1173
0268488e 1174 cupsdUpdateEnv();
ef416fc2 1175
c5571a1d
MS		 1176 /*
1177 * Update default paper size setting as needed...
1178 */
1179
1180 if (!DefaultPaperSize)
1181 {
1182#ifdef HAVE_LIBPAPER
1183 char *paper_result; /* Paper size name from libpaper */
1184
1185 if ((paper_result = systempapername()) != NULL)
1186 cupsdSetString(&DefaultPaperSize, paper_result);
1187 else
1188#endif /* HAVE_LIBPAPER */
1189 if (!DefaultLanguage ||
88f9aafc
MS		 1190 !_cups_strcasecmp(DefaultLanguage, "C") ||
1191 !_cups_strcasecmp(DefaultLanguage, "POSIX") ||
1192 !_cups_strcasecmp(DefaultLanguage, "en") ||
1193 !_cups_strncasecmp(DefaultLanguage, "en.", 3) ||
1194 !_cups_strncasecmp(DefaultLanguage, "en_US", 5) ||
1195 !_cups_strncasecmp(DefaultLanguage, "en_CA", 5) ||
1196 !_cups_strncasecmp(DefaultLanguage, "fr_CA", 5))
c5571a1d
MS		 1197 {
1198 /*
1199 * These are the only locales that will default to "letter" size...
1200 */
1201
1202 cupsdSetString(&DefaultPaperSize, "Letter");
1203 }
1204 else
1205 cupsdSetString(&DefaultPaperSize, "A4");
1206 }
1207
1208 /*
1209 * Update classification setting as needed...
1210 */
1211
88f9aafc 1212 if (Classification && !_cups_strcasecmp(Classification, "none"))
c5571a1d
MS		 1213 cupsdClearString(&Classification);
1214
1215 if (Classification)
1216 cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
1217
ef416fc2 1218 /*
1219 * Check the MaxClients setting, and then allocate memory for it...
1220 */
1221
1222 if (MaxClients > (MaxFDs / 3) || MaxClients <= 0)
1223 {
1224 if (MaxClients > 0)
49d87452
MS		 1225 cupsdLogMessage(CUPSD_LOG_INFO,
1226 "MaxClients limited to 1/3 (%d) of the file descriptor "
1227 "limit (%d)...",
1228 MaxFDs / 3, MaxFDs);
ef416fc2 1229
1230 MaxClients = MaxFDs / 3;
1231 }
1232
bd7854cb 1233 cupsdLogMessage(CUPSD_LOG_INFO, "Configured for up to %d clients.",
1234 MaxClients);
ef416fc2 1235
1236 /*
1237 * Check the MaxActiveJobs setting; limit to 1/3 the available
1238 * file descriptors, since we need a pipe for each job...
1239 */
1240
1241 if (MaxActiveJobs > (MaxFDs / 3))
1242 MaxActiveJobs = MaxFDs / 3;
1243
ef416fc2 1244 /*
1245 * Update the MaxClientsPerHost value, as needed...
1246 */
1247
1248 if (MaxClientsPerHost <= 0)
1249 MaxClientsPerHost = MaxClients;
1250
1251 if (MaxClientsPerHost > MaxClients)
1252 MaxClientsPerHost = MaxClients;
1253
1254 cupsdLogMessage(CUPSD_LOG_INFO,
1255 "Allowing up to %d client connections per host.",
1256 MaxClientsPerHost);
1257
1258 /*
1259 * Update the default policy, as needed...
1260 */
1261
1262 if (DefaultPolicy)
1263 DefaultPolicyPtr = cupsdFindPolicy(DefaultPolicy);
1264 else
1265 DefaultPolicyPtr = NULL;
1266
1267 if (!DefaultPolicyPtr)
1268 {
ef416fc2 1269 cupsd_location_t *po; /* New policy operation */
1270
1271
1272 if (DefaultPolicy)
c8fef167 1273 cupsdLogMessage(CUPSD_LOG_ERROR, "Default policy \"%s\" not found.",
ef416fc2 1274 DefaultPolicy);
1275
e1d6a774 1276 cupsdSetString(&DefaultPolicy, "default");
1277
ef416fc2 1278 if ((DefaultPolicyPtr = cupsdFindPolicy("default")) != NULL)
1279 cupsdLogMessage(CUPSD_LOG_INFO,
c8fef167 1280 "Using policy \"default\" as the default.");
ef416fc2 1281 else
1282 {
1283 cupsdLogMessage(CUPSD_LOG_INFO,
1284 "Creating CUPS default administrative policy:");
1285
1286 DefaultPolicyPtr = p = cupsdAddPolicy("default");
1287
1288 cupsdLogMessage(CUPSD_LOG_INFO, "<Policy default>");
10d09e33
MS		 1289
1290 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateAccess default");
1291 cupsdAddString(&(p->job_access), "@OWNER");
1292 cupsdAddString(&(p->job_access), "@SYSTEM");
1293
1294 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateValues default");
1295 cupsdAddString(&(p->job_attrs), "job-name");
1296 cupsdAddString(&(p->job_attrs), "job-originating-host-name");
1297 cupsdAddString(&(p->job_attrs), "job-originating-user-name");
1298
1299 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateAccess default");
1300 cupsdAddString(&(p->sub_access), "@OWNER");
1301 cupsdAddString(&(p->sub_access), "@SYSTEM");
1302
1303 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateValues default");
1304 cupsdAddString(&(p->job_attrs), "notify-events");
1305 cupsdAddString(&(p->job_attrs), "notify-pull-method");
1306 cupsdAddString(&(p->job_attrs), "notify-recipient-uri");
1307 cupsdAddString(&(p->job_attrs), "notify-subscriber-user-name");
1308 cupsdAddString(&(p->job_attrs), "notify-user-data");
1309
c7017ecc
MS		 1310 cupsdLogMessage(CUPSD_LOG_INFO,
1311 "<Limit Create-Job Print-Job Print-URI Validate-Job>");
1312 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1313
1314 po = cupsdAddPolicyOp(p, NULL, IPP_CREATE_JOB);
1315 po->order_type = CUPSD_AUTH_ALLOW;
1316
1317 cupsdAddPolicyOp(p, po, IPP_PRINT_JOB);
1318 cupsdAddPolicyOp(p, po, IPP_PRINT_URI);
1319 cupsdAddPolicyOp(p, po, IPP_VALIDATE_JOB);
1320
1321 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1322
ef416fc2 1323 cupsdLogMessage(CUPSD_LOG_INFO,
1324 "<Limit Send-Document Send-URI Cancel-Job Hold-Job "
1325 "Release-Job Restart-Job Purge-Jobs "
1326 "Set-Job-Attributes Create-Job-Subscription "
1327 "Renew-Subscription Cancel-Subscription "
1328 "Get-Notifications Reprocess-Job Cancel-Current-Job "
10d09e33 1329 "Suspend-Current-Job Resume-Job "
aaf19ab0 1330 "Cancel-My-Jobs Close-Job CUPS-Move-Job "
2e4ff8af 1331 "CUPS-Authenticate-Job CUPS-Get-Document>");
ef416fc2 1332 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1333
1334 po = cupsdAddPolicyOp(p, NULL, IPP_SEND_DOCUMENT);
5bd77a73
MS		 1335 po->order_type = CUPSD_AUTH_ALLOW;
1336 po->level = CUPSD_AUTH_USER;
ef416fc2 1337
1338 cupsdAddName(po, "@OWNER");
1339 cupsdAddName(po, "@SYSTEM");
1340 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @OWNER @SYSTEM");
1341
1342 cupsdAddPolicyOp(p, po, IPP_SEND_URI);
1343 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOB);
1344 cupsdAddPolicyOp(p, po, IPP_HOLD_JOB);
1345 cupsdAddPolicyOp(p, po, IPP_RELEASE_JOB);
1346 cupsdAddPolicyOp(p, po, IPP_RESTART_JOB);
1347 cupsdAddPolicyOp(p, po, IPP_PURGE_JOBS);
1348 cupsdAddPolicyOp(p, po, IPP_SET_JOB_ATTRIBUTES);
1349 cupsdAddPolicyOp(p, po, IPP_CREATE_JOB_SUBSCRIPTION);
1350 cupsdAddPolicyOp(p, po, IPP_RENEW_SUBSCRIPTION);
1351 cupsdAddPolicyOp(p, po, IPP_CANCEL_SUBSCRIPTION);
1352 cupsdAddPolicyOp(p, po, IPP_GET_NOTIFICATIONS);
1353 cupsdAddPolicyOp(p, po, IPP_REPROCESS_JOB);
1354 cupsdAddPolicyOp(p, po, IPP_CANCEL_CURRENT_JOB);
1355 cupsdAddPolicyOp(p, po, IPP_SUSPEND_CURRENT_JOB);
1356 cupsdAddPolicyOp(p, po, IPP_RESUME_JOB);
aaf19ab0
MS		 1357 cupsdAddPolicyOp(p, po, IPP_CANCEL_MY_JOBS);
1358 cupsdAddPolicyOp(p, po, IPP_CLOSE_JOB);
ef416fc2 1359 cupsdAddPolicyOp(p, po, CUPS_MOVE_JOB);
1360 cupsdAddPolicyOp(p, po, CUPS_AUTHENTICATE_JOB);
2e4ff8af 1361 cupsdAddPolicyOp(p, po, CUPS_GET_DOCUMENT);
ef416fc2 1362
1363 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1364
1365 cupsdLogMessage(CUPSD_LOG_INFO,
1366 "<Limit Pause-Printer Resume-Printer "
1367 "Set-Printer-Attributes Enable-Printer "
1368 "Disable-Printer Pause-Printer-After-Current-Job "
1369 "Hold-New-Jobs Release-Held-New-Jobs "
1370 "Deactivate-Printer Activate-Printer Restart-Printer "
1371 "Shutdown-Printer Startup-Printer Promote-Job "
10d09e33 1372 "Schedule-Job-After Cancel-Jobs CUPS-Add-Printer "
ef416fc2 1373 "CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class "
1374 "CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>");
1375 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
bc44d920 1376 cupsdLogMessage(CUPSD_LOG_INFO, "AuthType Default");
ef416fc2 1377
1378 po = cupsdAddPolicyOp(p, NULL, IPP_PAUSE_PRINTER);
5bd77a73
MS		 1379 po->order_type = CUPSD_AUTH_ALLOW;
1380 po->type = CUPSD_AUTH_DEFAULT;
1381 po->level = CUPSD_AUTH_USER;
ef416fc2 1382
1383 cupsdAddName(po, "@SYSTEM");
1384 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @SYSTEM");
1385
1386 cupsdAddPolicyOp(p, po, IPP_RESUME_PRINTER);
1387 cupsdAddPolicyOp(p, po, IPP_SET_PRINTER_ATTRIBUTES);
1388 cupsdAddPolicyOp(p, po, IPP_ENABLE_PRINTER);
1389 cupsdAddPolicyOp(p, po, IPP_DISABLE_PRINTER);
1390 cupsdAddPolicyOp(p, po, IPP_PAUSE_PRINTER_AFTER_CURRENT_JOB);
1391 cupsdAddPolicyOp(p, po, IPP_HOLD_NEW_JOBS);
1392 cupsdAddPolicyOp(p, po, IPP_RELEASE_HELD_NEW_JOBS);
1393 cupsdAddPolicyOp(p, po, IPP_DEACTIVATE_PRINTER);
1394 cupsdAddPolicyOp(p, po, IPP_ACTIVATE_PRINTER);
1395 cupsdAddPolicyOp(p, po, IPP_RESTART_PRINTER);
1396 cupsdAddPolicyOp(p, po, IPP_SHUTDOWN_PRINTER);
1397 cupsdAddPolicyOp(p, po, IPP_STARTUP_PRINTER);
1398 cupsdAddPolicyOp(p, po, IPP_PROMOTE_JOB);
1399 cupsdAddPolicyOp(p, po, IPP_SCHEDULE_JOB_AFTER);
10d09e33 1400 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOBS);
ef416fc2 1401 cupsdAddPolicyOp(p, po, CUPS_ADD_PRINTER);
1402 cupsdAddPolicyOp(p, po, CUPS_DELETE_PRINTER);
1403 cupsdAddPolicyOp(p, po, CUPS_ADD_CLASS);
1404 cupsdAddPolicyOp(p, po, CUPS_DELETE_CLASS);
1405 cupsdAddPolicyOp(p, po, CUPS_ACCEPT_JOBS);
1406 cupsdAddPolicyOp(p, po, CUPS_REJECT_JOBS);
1407 cupsdAddPolicyOp(p, po, CUPS_SET_DEFAULT);
1408
1409 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1410
1411 cupsdLogMessage(CUPSD_LOG_INFO, "<Limit All>");
1412 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1413
1414 po = cupsdAddPolicyOp(p, NULL, IPP_ANY_OPERATION);
5bd77a73 1415 po->order_type = CUPSD_AUTH_ALLOW;
ef416fc2 1416
1417 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1418 cupsdLogMessage(CUPSD_LOG_INFO, "</Policy>");
1419 }
1420 }
1421
bd7854cb 1422 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: NumPolicies=%d",
2e4ff8af
MS		 1423 cupsArrayCount(Policies));
1424 for (i = 0, p = (cupsd_policy_t *)cupsArrayFirst(Policies);
1425 p;
1426 i ++, p = (cupsd_policy_t *)cupsArrayNext(Policies))
bd7854cb 1427 cupsdLogMessage(CUPSD_LOG_DEBUG2,
2e4ff8af 1428 "cupsdReadConfiguration: Policies[%d]=\"%s\"", i, p->name);
ef416fc2 1429
1430 /*
1431 * If we are doing a full reload or the server root has changed, flush
1432 * the jobs, printers, etc. and start from scratch...
1433 */
1434
1435 if (NeedReload == RELOAD_ALL ||
f11a948a 1436 old_remote_port != RemotePort ||
ef416fc2 1437 !old_serverroot || !ServerRoot || strcmp(old_serverroot, ServerRoot) ||
1438 !old_requestroot || !RequestRoot || strcmp(old_requestroot, RequestRoot))
1439 {
fa73b229 1440 mime_type_t *type; /* Current type */
1441 char mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE];
1442 /* MIME type name */
1443
1444
ef416fc2 1445 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload is required.");
1446
1447 /*
1448 * Free all memory...
1449 */
1450
1451 cupsdDeleteAllSubscriptions();
1452 cupsdFreeAllJobs();
ef416fc2 1453 cupsdDeleteAllPrinters();
1454
1455 DefaultPrinter = NULL;
1456
1457 if (MimeDatabase != NULL)
1458 mimeDelete(MimeDatabase);
1459
1460 if (NumMimeTypes)
1461 {
1462 for (i = 0; i < NumMimeTypes; i ++)
757d2cad 1463 _cupsStrFree(MimeTypes[i]);
ef416fc2 1464
1465 free(MimeTypes);
1466 }
1467
1468 /*
1469 * Read the MIME type and conversion database...
1470 */
1471
1472 snprintf(temp, sizeof(temp), "%s/filter", ServerBin);
dd1abb6b 1473 snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir);
ef416fc2 1474
eac3a0a0
MS		 1475 MimeDatabase = mimeNew();
1476 mimeSetErrorCallback(MimeDatabase, mime_error_cb, NULL);
1477
1478 MimeDatabase = mimeLoadTypes(MimeDatabase, mimedir);
75bd9771
MS		 1479 MimeDatabase = mimeLoadTypes(MimeDatabase, ServerRoot);
1480 MimeDatabase = mimeLoadFilters(MimeDatabase, mimedir, temp);
1481 MimeDatabase = mimeLoadFilters(MimeDatabase, ServerRoot, temp);
ef416fc2 1482
1483 if (!MimeDatabase)
1484 {
1485 cupsdLogMessage(CUPSD_LOG_EMERG,
c8fef167 1486 "Unable to load MIME database from \"%s\" or \"%s\".",
75bd9771 1487 mimedir, ServerRoot);
49d87452
MS		 1488 if (FatalErrors & CUPSD_FATAL_CONFIG)
1489 return (0);
ef416fc2 1490 }
1491
1492 cupsdLogMessage(CUPSD_LOG_INFO,
75bd9771
MS		 1493 "Loaded MIME database from \"%s\" and \"%s\": %d types, "
1494 "%d filters...", mimedir, ServerRoot,
1495 mimeNumTypes(MimeDatabase), mimeNumFilters(MimeDatabase));
ef416fc2 1496
1497 /*
1498 * Create a list of MIME types for the document-format-supported
1499 * attribute...
1500 */
1501
fa73b229 1502 NumMimeTypes = mimeNumTypes(MimeDatabase);
ef416fc2 1503 if (!mimeType(MimeDatabase, "application", "octet-stream"))
1504 NumMimeTypes ++;
1505
7e86f2f6 1506 if ((MimeTypes = calloc((size_t)NumMimeTypes, sizeof(const char *))) == NULL)
ef416fc2 1507 {
91c84a35 1508 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 1509 "Unable to allocate memory for %d MIME types.",
91c84a35
MS		 1510 NumMimeTypes);
1511 NumMimeTypes = 0;
ef416fc2 1512 }
91c84a35
MS		 1513 else
1514 {
1515 for (i = 0, type = mimeFirstType(MimeDatabase);
1516 type;
1517 i ++, type = mimeNextType(MimeDatabase))
1518 {
1519 snprintf(mimetype, sizeof(mimetype), "%s/%s", type->super, type->type);
1520
1521 MimeTypes[i] = _cupsStrAlloc(mimetype);
1522 }
ef416fc2 1523
91c84a35
MS		 1524 if (i < NumMimeTypes)
1525 MimeTypes[i] = _cupsStrAlloc("application/octet-stream");
1526 }
bd7854cb 1527
1528 if (LogLevel == CUPSD_LOG_DEBUG2)
1529 {
1530 mime_filter_t *filter; /* Current filter */
1531
1532
1533 for (type = mimeFirstType(MimeDatabase);
1534 type;
1535 type = mimeNextType(MimeDatabase))
1536 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: type %s/%s",
1537 type->super, type->type);
1538
1539 for (filter = mimeFirstFilter(MimeDatabase);
1540 filter;
1541 filter = mimeNextFilter(MimeDatabase))
1542 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1543 "cupsdReadConfiguration: filter %s/%s to %s/%s %d %s",
1544 filter->src->super, filter->src->type,
1545 filter->dst->super, filter->dst->type,
1546 filter->cost, filter->filter);
1547 }
ef416fc2 1548
1549 /*
1550 * Load banners...
1551 */
1552
1553 snprintf(temp, sizeof(temp), "%s/banners", DataDir);
1554 cupsdLoadBanners(temp);
1555
1556 /*
1557 * Load printers and classes...
1558 */
1559
1560 cupsdLoadAllPrinters();
1561 cupsdLoadAllClasses();
ef416fc2 1562
1563 cupsdCreateCommonData();
1564
68b10830
MS		 1565 /*
1566 * Update the printcap file as needed...
1567 */
1568
1569 if (Printcap && *Printcap && access(Printcap, 0))
1570 cupsdWritePrintcap();
1571
ef416fc2 1572 /*
1573 * Load queued jobs...
1574 */
1575
1576 cupsdLoadAllJobs();
1577
1578 /*
1579 * Load subscriptions...
1580 */
1581
1582 cupsdLoadAllSubscriptions();
1583
1584 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload complete.");
1585 }
1586 else
1587 {
1588 /*
1589 * Not a full reload, so recreate the common printer attributes...
1590 */
1591
1592 cupsdCreateCommonData();
1593
82cc1f9a
MS		 1594 /*
1595 * Update all jobs as needed...
1596 */
1597
1598 cupsdUpdateJobs();
1599
ef416fc2 1600 /*
1601 * Update all printers as needed...
1602 */
1603
1604 cupsdUpdatePrinters();
3dfe78b3 1605 cupsdMarkDirty(CUPSD_DIRTY_PRINTCAP);
ef416fc2 1606
1607 cupsdLogMessage(CUPSD_LOG_INFO, "Partial reload complete.");
1608 }
1609
1610 /*
1611 * Reset the reload state...
1612 */
1613
1614 NeedReload = RELOAD_NONE;
1615
1616 cupsdClearString(&old_serverroot);
1617 cupsdClearString(&old_requestroot);
1618
ef416fc2 1619 return (1);
1620}
1621
1622
1623/*
1624 * 'get_address()' - Get an address + port number from a line.
1625 */
1626
1627static http_addrlist_t * /* O - Pointer to list if address good, NULL if bad */
1628get_address(const char *value, /* I - Value string */
1629 int defport) /* I - Default port */
1630{
1631 char buffer[1024], /* Hostname + port number buffer */
1632 defpname[255], /* Default port name */
1633 *hostname, /* Hostname or IP */
1634 *portname; /* Port number or name */
1635 http_addrlist_t *addrlist; /* Address list */
1636
1637
1638 /*
1639 * Check for an empty value...
1640 */
1641
1642 if (!*value)
1643 {
c8fef167 1644 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad (empty) address.");
ef416fc2 1645 return (NULL);
1646 }
1647
1648 /*
1649 * Grab a hostname and port number; if there is no colon and the port name
1650 * is only digits, then we have a port number by itself...
1651 */
1652
1653 strlcpy(buffer, value, sizeof(buffer));
1654
1655 if ((portname = strrchr(buffer, ':')) != NULL && !strchr(portname, ']'))
1656 {
1657 *portname++ = '\0';
1658 hostname = buffer;
1659 }
1660 else
1661 {
1662 for (portname = buffer; isdigit(*portname & 255); portname ++);
1663
1664 if (*portname)
1665 {
1666 /*
1667 * Use the default port...
1668 */
1669
1670 sprintf(defpname, "%d", defport);
1671 portname = defpname;
1672 hostname = buffer;
1673 }
1674 else
1675 {
1676 /*
1677 * The buffer contains just a port number...
1678 */
1679
1680 portname = buffer;
1681 hostname = NULL;
1682 }
1683 }
1684
1685 if (hostname && !strcmp(hostname, "*"))
1686 hostname = NULL;
1687
1688 /*
1689 * Now lookup the address using httpAddrGetList()...
1690 */
1691
1692 if ((addrlist = httpAddrGetList(hostname, AF_UNSPEC, portname)) == NULL)
c8fef167 1693 cupsdLogMessage(CUPSD_LOG_ERROR, "Hostname lookup for \"%s\" failed.",
ef416fc2 1694 hostname ? hostname : "(nil)");
1695
1696 return (addrlist);
1697}
1698
1699
1700/*
1701 * 'get_addr_and_mask()' - Get an IP address and netmask.
1702 */
1703
1704static int /* O - 1 on success, 0 on failure */
1705get_addr_and_mask(const char *value, /* I - String from config file */
1706 unsigned *ip, /* O - Address value */
1707 unsigned *mask) /* O - Mask value */
1708{
1709 int i, j, /* Looping vars */
1710 family, /* Address family */
1711 ipcount; /* Count of fields in address */
1712 unsigned ipval; /* Value */
1713 const char *maskval, /* Pointer to start of mask value */
1714 *ptr, /* Pointer into value */
1715 *ptr2; /* ... */
ef416fc2 1716
1717
1718 /*
1719 * Get the address...
1720 */
1721
b86bc4cf 1722 ip[0] = ip[1] = ip[2] = ip[3] = 0x00000000;
ed486911 1723 mask[0] = mask[1] = mask[2] = mask[3] = 0xffffffff;
ef416fc2 1724
1725 if ((maskval = strchr(value, '/')) != NULL)
1726 maskval ++;
1727 else
1728 maskval = value + strlen(value);
1729
1730#ifdef AF_INET6
1731 /*
1732 * Check for an IPv6 address...
1733 */
1734
1735 if (*value == '[')
1736 {
1737 /*
88f9aafc 1738 * Parse hexadecimal IPv6/IPv4 address...
ef416fc2 1739 */
1740
1741 family = AF_INET6;
1742
1743 for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
1744 {
1745 if (*ptr == ']')
1746 break;
1747 else if (!strncmp(ptr, "::", 2))
1748 {
1749 for (ptr2 = strchr(ptr + 2, ':'), j = 0;
1750 ptr2;
1751 ptr2 = strchr(ptr2 + 1, ':'), j ++);
1752
88f9aafc
MS		 1753 i = 6 - j;
1754 ptr += 2;
1755 }
1756 else if (isdigit(*ptr & 255) && strchr(ptr + 1, '.') && i >= 6)
1757 {
1758 /*
1759 * Read IPv4 dotted quad...
1760 */
1761
1762 unsigned val[4] = { 0, 0, 0, 0 };
1763 /* IPv4 address values */
1764
1765 ipcount = sscanf(ptr, "%u.%u.%u.%u", val + 0, val + 1, val + 2,
1766 val + 3);
1767
1768 /*
1769 * Range check the IP numbers...
1770 */
1771
1772 for (i = 0; i < ipcount; i ++)
1773 if (val[i] > 255)
1774 return (0);
1775
1776 /*
1777 * Merge everything into a 32-bit IPv4 address in ip[3]...
1778 */
1779
da003234
MS		 1780 ip[3] = ((((((unsigned)val[0] << 8) | (unsigned)val[1]) << 8) |
1781 (unsigned)val[2]) << 8) | (unsigned)val[3];
88f9aafc
MS		 1782
1783 if (ipcount < 4)
1784 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1785
1786 /*
1787 * If the leading words are all 0's then this is an IPv4 address...
1788 */
1789
1790 if (!val[0] && !val[1] && !val[2])
1791 family = AF_INET;
1792
1793 while (isdigit(*ptr & 255) || *ptr == '.')
1794 ptr ++;
1795 break;
ef416fc2 1796 }
1797 else if (isxdigit(*ptr & 255))
1798 {
1799 ipval = strtoul(ptr, (char **)&ptr, 16);
1800
88f9aafc
MS		 1801 if (*ptr == ':' && ptr[1] != ':')
1802 ptr ++;
1803
ef416fc2 1804 if (ipval > 0xffff)
1805 return (0);
1806
1807 if (i & 1)
ed486911 1808 ip[i / 2] |= ipval;
ef416fc2 1809 else
ed486911 1810 ip[i / 2] |= ipval << 16;
ef416fc2 1811 }
1812 else
1813 return (0);
ef416fc2 1814 }
1815
ed486911 1816 if (*ptr != ']')
1817 return (0);
1818
1819 ptr ++;
ef416fc2 1820
1821 if (*ptr && *ptr != '/')
1822 return (0);
1823 }
1824 else
1825#endif /* AF_INET6 */
1826 {
1827 /*
1828 * Parse dotted-decimal IPv4 address...
1829 */
1830
88f9aafc 1831 unsigned val[4] = { 0, 0, 0, 0 }; /* IPv4 address values */
ef416fc2 1832
ef416fc2 1833
ed486911 1834 family = AF_INET;
1835 ipcount = sscanf(value, "%u.%u.%u.%u", val + 0, val + 1, val + 2, val + 3);
1836
ef416fc2 1837 /*
ed486911 1838 * Range check the IP numbers...
ef416fc2 1839 */
1840
ed486911 1841 for (i = 0; i < ipcount; i ++)
1842 if (val[i] > 255)
1843 return (0);
ef416fc2 1844
ed486911 1845 /*
1846 * Merge everything into a 32-bit IPv4 address in ip[3]...
1847 */
ef416fc2 1848
da003234
MS		 1849 ip[3] = ((((((unsigned)val[0] << 8) | (unsigned)val[1]) << 8) |
1850 (unsigned)val[2]) << 8) | (unsigned)val[3];
ef416fc2 1851
ed486911 1852 if (ipcount < 4)
1853 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1854 }
ef416fc2 1855
ed486911 1856 if (*maskval)
1857 {
1858 /*
1859 * Get the netmask value(s)...
1860 */
1861
1862 memset(mask, 0, sizeof(unsigned) * 4);
ef416fc2 1863
ef416fc2 1864 if (strchr(maskval, '.'))
1865 {
1866 /*
1867 * Get dotted-decimal mask...
1868 */
1869
ed486911 1870 if (family != AF_INET)
1871 return (0);
1872
88f9aafc
MS		 1873 if (sscanf(maskval, "%u.%u.%u.%u", mask + 0, mask + 1, mask + 2,
1874 mask + 3) != 4)
ef416fc2 1875 return (0);
1876
da003234
MS		 1877 mask[3] |= (((((unsigned)mask[0] << 8) | (unsigned)mask[1]) << 8) |
1878 (unsigned)mask[2]) << 8;
ef416fc2 1879 mask[0] = mask[1] = mask[2] = 0;
1880 }
1881 else
1882 {
1883 /*
1884 * Get address/bits format...
1885 */
1886
1887 i = atoi(maskval);
1888
1889#ifdef AF_INET6
1890 if (family == AF_INET6)
1891 {
ed486911 1892 if (i > 128)
1893 return (0);
1894
ef416fc2 1895 i = 128 - i;
1896
1897 if (i <= 96)
1898 mask[0] = 0xffffffff;
1899 else
1900 mask[0] = (0xffffffff << (i - 96)) & 0xffffffff;
1901
1902 if (i <= 64)
1903 mask[1] = 0xffffffff;
1904 else if (i >= 96)
1905 mask[1] = 0;
1906 else
1907 mask[1] = (0xffffffff << (i - 64)) & 0xffffffff;
1908
1909 if (i <= 32)
1910 mask[2] = 0xffffffff;
1911 else if (i >= 64)
1912 mask[2] = 0;
1913 else
1914 mask[2] = (0xffffffff << (i - 32)) & 0xffffffff;
1915
1916 if (i == 0)
1917 mask[3] = 0xffffffff;
1918 else if (i >= 32)
1919 mask[3] = 0;
1920 else
1921 mask[3] = (0xffffffff << i) & 0xffffffff;
1922 }
1923 else
1924#endif /* AF_INET6 */
1925 {
ed486911 1926 if (i > 32)
1927 return (0);
ef416fc2 1928
1929 mask[0] = 0xffffffff;
1930 mask[1] = 0xffffffff;
1931 mask[2] = 0xffffffff;
1932
ed486911 1933 if (i < 32)
1934 mask[3] = (0xffffffff << (32 - i)) & 0xffffffff;
ef416fc2 1935 else
1936 mask[3] = 0xffffffff;
1937 }
1938 }
1939 }
ef416fc2 1940
1941 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1942 "get_addr_and_mask(value=\"%s\", "
b86bc4cf 1943 "ip=[%08x:%08x:%08x:%08x], mask=[%08x:%08x:%08x:%08x])",
ef416fc2 1944 value, ip[0], ip[1], ip[2], ip[3], mask[0], mask[1], mask[2],
1945 mask[3]);
1946
1947 /*
1948 * Check for a valid netmask; no fallback like in CUPS 1.1.x!
1949 */
1950
1951 if ((ip[0] & ~mask[0]) != 0 ||
1952 (ip[1] & ~mask[1]) != 0 ||
1953 (ip[2] & ~mask[2]) != 0 ||
1954 (ip[3] & ~mask[3]) != 0)
1955 return (0);
1956
1957 return (1);
1958}
1959
1960
eac3a0a0
MS		 1961/*
1962 * 'mime_error_cb()' - Log a MIME error.
1963 */
1964
1965static void
1966mime_error_cb(void *ctx, /* I - Context pointer (unused) */
1967 const char *message) /* I - Message */
1968{
321d8d57
MS		 1969 (void)ctx;
1970
eac3a0a0
MS		 1971 cupsdLogMessage(CUPSD_LOG_ERROR, "%s", message);
1972}
1973
1974
ef416fc2 1975/*
1976 * 'parse_aaa()' - Parse authentication, authorization, and access control lines.
1977 */
1978
1979static int /* O - 1 on success, 0 on failure */
1980parse_aaa(cupsd_location_t *loc, /* I - Location */
1981 char *line, /* I - Line from file */
1982 char *value, /* I - Start of value data */
1983 int linenum) /* I - Current line number */
1984{
1985 char *valptr; /* Pointer into value */
1986 unsigned ip[4], /* IP address components */
1987 mask[4]; /* IP netmask components */
1988
1989
88f9aafc 1990 if (!_cups_strcasecmp(line, "Encryption"))
ef416fc2 1991 {
1992 /*
1993 * "Encryption xxx" - set required encryption level...
1994 */
1995
88f9aafc 1996 if (!_cups_strcasecmp(value, "never"))
ef416fc2 1997 loc->encryption = HTTP_ENCRYPT_NEVER;
88f9aafc 1998 else if (!_cups_strcasecmp(value, "always"))
ef416fc2 1999 {
2000 cupsdLogMessage(CUPSD_LOG_ERROR,
2001 "Encryption value \"%s\" on line %d is invalid in this "
2002 "context. Using \"required\" instead.", value, linenum);
2003
2004 loc->encryption = HTTP_ENCRYPT_REQUIRED;
2005 }
88f9aafc 2006 else if (!_cups_strcasecmp(value, "required"))
ef416fc2 2007 loc->encryption = HTTP_ENCRYPT_REQUIRED;
88f9aafc 2008 else if (!_cups_strcasecmp(value, "ifrequested"))
ef416fc2 2009 loc->encryption = HTTP_ENCRYPT_IF_REQUESTED;
2010 else
2011 {
2012 cupsdLogMessage(CUPSD_LOG_ERROR,
2013 "Unknown Encryption value %s on line %d.", value, linenum);
2014 return (0);
2015 }
2016 }
88f9aafc 2017 else if (!_cups_strcasecmp(line, "Order"))
ef416fc2 2018 {
2019 /*
2020 * "Order Deny,Allow" or "Order Allow,Deny"...
2021 */
2022
88f9aafc 2023 if (!_cups_strncasecmp(value, "deny", 4))
5bd77a73 2024 loc->order_type = CUPSD_AUTH_ALLOW;
88f9aafc 2025 else if (!_cups_strncasecmp(value, "allow", 5))
5bd77a73 2026 loc->order_type = CUPSD_AUTH_DENY;
ef416fc2 2027 else
2028 {
2029 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown Order value %s on line %d.",
2030 value, linenum);
2031 return (0);
2032 }
2033 }
88f9aafc 2034 else if (!_cups_strcasecmp(line, "Allow") || !_cups_strcasecmp(line, "Deny"))
ef416fc2 2035 {
2036 /*
2037 * Allow [From] host/ip...
2038 * Deny [From] host/ip...
2039 */
2040
0af14961 2041 while (*value)
ef416fc2 2042 {
88f9aafc 2043 if (!_cups_strncasecmp(value, "from", 4))
0af14961
MS		 2044 {
2045 /*
2046 * Strip leading "from"...
2047 */
ef416fc2 2048
0af14961 2049 value += 4;
ef416fc2 2050
88f9aafc 2051 while (_cups_isspace(*value))
0af14961 2052 value ++;
ef416fc2 2053
0af14961
MS		 2054 if (!*value)
2055 break;
2056 }
ef416fc2 2057
ef416fc2 2058 /*
0af14961 2059 * Find the end of the value...
ef416fc2 2060 */
2061
88f9aafc 2062 for (valptr = value; *valptr && !_cups_isspace(*valptr); valptr ++);
0af14961 2063
88f9aafc 2064 while (_cups_isspace(*valptr))
0af14961
MS		 2065 *valptr++ = '\0';
2066
ef416fc2 2067 /*
0af14961
MS		 2068 * Figure out what form the allow/deny address takes:
2069 *
2070 * All
2071 * None
2072 * *.domain.com
2073 * .domain.com
2074 * host.domain.com
2075 * nnn.*
2076 * nnn.nnn.*
2077 * nnn.nnn.nnn.*
2078 * nnn.nnn.nnn.nnn
2079 * nnn.nnn.nnn.nnn/mm
2080 * nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
ef416fc2 2081 */
2082
88f9aafc 2083 if (!_cups_strcasecmp(value, "all"))
0af14961
MS		 2084 {
2085 /*
2086 * All hosts...
2087 */
2088
88f9aafc 2089 if (!_cups_strcasecmp(line, "Allow"))
10d09e33 2090 cupsdAddIPMask(&(loc->allow), zeros, zeros);
0af14961 2091 else
10d09e33 2092 cupsdAddIPMask(&(loc->deny), zeros, zeros);
0af14961 2093 }
88f9aafc 2094 else if (!_cups_strcasecmp(value, "none"))
0af14961
MS		 2095 {
2096 /*
2097 * No hosts...
2098 */
2099
88f9aafc 2100 if (!_cups_strcasecmp(line, "Allow"))
10d09e33 2101 cupsdAddIPMask(&(loc->allow), ones, zeros);
0af14961 2102 else
10d09e33 2103 cupsdAddIPMask(&(loc->deny), ones, zeros);
0af14961 2104 }
ed486911 2105#ifdef AF_INET6
ef55b745 2106 else if (value[0] == '*' || value[0] == '.' ||
0af14961 2107 (!isdigit(value[0] & 255) && value[0] != '['))
ed486911 2108#else
0af14961 2109 else if (value[0] == '*' || value[0] == '.' || !isdigit(value[0] & 255))
ed486911 2110#endif /* AF_INET6 */
0af14961
MS		 2111 {
2112 /*
2113 * Host or domain name...
2114 */
ef416fc2 2115
0af14961
MS		 2116 if (value[0] == '*')
2117 value ++;
ef416fc2 2118
88f9aafc 2119 if (!_cups_strcasecmp(line, "Allow"))
10d09e33 2120 cupsdAddNameMask(&(loc->allow), value);
0af14961 2121 else
10d09e33 2122 cupsdAddNameMask(&(loc->deny), value);
0af14961 2123 }
ef416fc2 2124 else
ef416fc2 2125 {
0af14961
MS		 2126 /*
2127 * One of many IP address forms...
2128 */
2129
2130 if (!get_addr_and_mask(value, ip, mask))
2131 {
2132 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d.",
2133 value, linenum);
2134 return (0);
2135 }
2136
88f9aafc 2137 if (!_cups_strcasecmp(line, "Allow"))
10d09e33 2138 cupsdAddIPMask(&(loc->allow), ip, mask);
0af14961 2139 else
10d09e33 2140 cupsdAddIPMask(&(loc->deny), ip, mask);
ef416fc2 2141 }
2142
0af14961
MS		 2143 /*
2144 * Advance to next value...
2145 */
2146
2147 value = valptr;
ef416fc2 2148 }
2149 }
88f9aafc 2150 else if (!_cups_strcasecmp(line, "AuthType"))
ef416fc2 2151 {
2152 /*
bc44d920 2153 * AuthType {none,basic,digest,basicdigest,negotiate,default}
ef416fc2 2154 */
2155
88f9aafc 2156 if (!_cups_strcasecmp(value, "none"))
ef416fc2 2157 {
5bd77a73
MS		 2158 loc->type = CUPSD_AUTH_NONE;
2159 loc->level = CUPSD_AUTH_ANON;
ef416fc2 2160 }
88f9aafc 2161 else if (!_cups_strcasecmp(value, "basic"))
ef416fc2 2162 {
5bd77a73 2163 loc->type = CUPSD_AUTH_BASIC;
ef416fc2 2164
5bd77a73
MS		 2165 if (loc->level == CUPSD_AUTH_ANON)
2166 loc->level = CUPSD_AUTH_USER;
ef416fc2 2167 }
88f9aafc 2168 else if (!_cups_strcasecmp(value, "digest"))
ef416fc2 2169 {
5bd77a73 2170 loc->type = CUPSD_AUTH_DIGEST;
ef416fc2 2171
5bd77a73
MS		 2172 if (loc->level == CUPSD_AUTH_ANON)
2173 loc->level = CUPSD_AUTH_USER;
ef416fc2 2174 }
88f9aafc 2175 else if (!_cups_strcasecmp(value, "basicdigest"))
ef416fc2 2176 {
5bd77a73 2177 loc->type = CUPSD_AUTH_BASICDIGEST;
ef416fc2 2178
5bd77a73
MS		 2179 if (loc->level == CUPSD_AUTH_ANON)
2180 loc->level = CUPSD_AUTH_USER;
bc44d920 2181 }
88f9aafc 2182 else if (!_cups_strcasecmp(value, "default"))
bc44d920 2183 {
5bd77a73 2184 loc->type = CUPSD_AUTH_DEFAULT;
bc44d920 2185
5bd77a73
MS		 2186 if (loc->level == CUPSD_AUTH_ANON)
2187 loc->level = CUPSD_AUTH_USER;
ef416fc2 2188 }
f7deaa1a 2189#ifdef HAVE_GSSAPI
88f9aafc 2190 else if (!_cups_strcasecmp(value, "negotiate"))
f7deaa1a 2191 {
5bd77a73 2192 loc->type = CUPSD_AUTH_NEGOTIATE;
f7deaa1a 2193
5bd77a73
MS		 2194 if (loc->level == CUPSD_AUTH_ANON)
2195 loc->level = CUPSD_AUTH_USER;
f7deaa1a 2196 }
2197#endif /* HAVE_GSSAPI */
ef416fc2 2198 else
2199 {
2200 cupsdLogMessage(CUPSD_LOG_WARN,
2201 "Unknown authorization type %s on line %d.",
2202 value, linenum);
2203 return (0);
2204 }
2205 }
88f9aafc 2206 else if (!_cups_strcasecmp(line, "AuthClass"))
ef416fc2 2207 {
2208 /*
2209 * AuthClass anonymous, user, system, group
2210 */
2211
88f9aafc 2212 if (!_cups_strcasecmp(value, "anonymous"))
ef416fc2 2213 {
5bd77a73
MS		 2214 loc->type = CUPSD_AUTH_NONE;
2215 loc->level = CUPSD_AUTH_ANON;
ef416fc2 2216
2217 cupsdLogMessage(CUPSD_LOG_WARN,
2218 "\"AuthClass %s\" is deprecated; consider removing "
2219 "it from line %d.",
2220 value, linenum);
2221 }
88f9aafc 2222 else if (!_cups_strcasecmp(value, "user"))
ef416fc2 2223 {
5bd77a73 2224 loc->level = CUPSD_AUTH_USER;
ef416fc2 2225
2226 cupsdLogMessage(CUPSD_LOG_WARN,
2227 "\"AuthClass %s\" is deprecated; consider using "
2228 "\"Require valid-user\" on line %d.",
2229 value, linenum);
2230 }
88f9aafc 2231 else if (!_cups_strcasecmp(value, "group"))
ef416fc2 2232 {
5bd77a73 2233 loc->level = CUPSD_AUTH_GROUP;
ef416fc2 2234
2235 cupsdLogMessage(CUPSD_LOG_WARN,
2236 "\"AuthClass %s\" is deprecated; consider using "
09a101d6 2237 "\"Require user @groupname\" on line %d.",
ef416fc2 2238 value, linenum);
2239 }
88f9aafc 2240 else if (!_cups_strcasecmp(value, "system"))
ef416fc2 2241 {
5bd77a73 2242 loc->level = CUPSD_AUTH_GROUP;
ef416fc2 2243
2244 cupsdAddName(loc, "@SYSTEM");
2245
2246 cupsdLogMessage(CUPSD_LOG_WARN,
2247 "\"AuthClass %s\" is deprecated; consider using "
09a101d6 2248 "\"Require user @SYSTEM\" on line %d.",
ef416fc2 2249 value, linenum);
2250 }
2251 else
2252 {
2253 cupsdLogMessage(CUPSD_LOG_WARN,
2254 "Unknown authorization class %s on line %d.",
2255 value, linenum);
2256 return (0);
2257 }
2258 }
88f9aafc 2259 else if (!_cups_strcasecmp(line, "AuthGroupName"))
ef416fc2 2260 {
2261 cupsdAddName(loc, value);
2262
2263 cupsdLogMessage(CUPSD_LOG_WARN,
2264 "\"AuthGroupName %s\" directive is deprecated; consider "
09a101d6 2265 "using \"Require user @%s\" on line %d.",
ef416fc2 2266 value, value, linenum);
2267 }
88f9aafc 2268 else if (!_cups_strcasecmp(line, "Require"))
ef416fc2 2269 {
2270 /*
2271 * Apache synonym for AuthClass and AuthGroupName...
2272 *
2273 * Get initial word:
2274 *
2275 * Require valid-user
2276 * Require group names
2277 * Require user names
2278 */
2279
88f9aafc 2280 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
ef416fc2 2281
2282 if (*valptr)
2283 *valptr++ = '\0';
2284
88f9aafc
MS		 2285 if (!_cups_strcasecmp(value, "valid-user") ||
2286 !_cups_strcasecmp(value, "user"))
5bd77a73 2287 loc->level = CUPSD_AUTH_USER;
88f9aafc 2288 else if (!_cups_strcasecmp(value, "group"))
5bd77a73 2289 loc->level = CUPSD_AUTH_GROUP;
ef416fc2 2290 else
2291 {
2292 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Require type %s on line %d.",
2293 value, linenum);
2294 return (0);
2295 }
2296
2297 /*
2298 * Get the list of names from the line...
2299 */
2300
2301 for (value = valptr; *value;)
2302 {
88f9aafc 2303 while (_cups_isspace(*value))
ef416fc2 2304 value ++;
2305
f7deaa1a 2306#ifdef HAVE_AUTHORIZATION_H
2307 if (!strncmp(value, "@AUTHKEY(", 9))
2308 {
2309 /*
2310 * Grab "@AUTHKEY(name)" value...
2311 */
2312
2313 for (valptr = value + 9; *valptr != ')' && *valptr; valptr ++);
2314
2315 if (*valptr)
2316 *valptr++ = '\0';
2317 }
2318 else
2319#endif /* HAVE_AUTHORIZATION_H */
ef416fc2 2320 if (*value == '\"' || *value == '\'')
2321 {
2322 /*
2323 * Grab quoted name...
2324 */
2325
2326 for (valptr = value + 1; *valptr != *value && *valptr; valptr ++);
2327
2328 value ++;
2329 }
2330 else
2331 {
2332 /*
2333 * Grab literal name.
2334 */
2335
88f9aafc 2336 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
ef416fc2 2337 }
2338
2339 if (*valptr)
2340 *valptr++ = '\0';
2341
2342 cupsdAddName(loc, value);
2343
88f9aafc 2344 for (value = valptr; _cups_isspace(*value); value ++);
ef416fc2 2345 }
2346 }
88f9aafc 2347 else if (!_cups_strcasecmp(line, "Satisfy"))
ef416fc2 2348 {
88f9aafc 2349 if (!_cups_strcasecmp(value, "all"))
5bd77a73 2350 loc->satisfy = CUPSD_AUTH_SATISFY_ALL;
88f9aafc 2351 else if (!_cups_strcasecmp(value, "any"))
5bd77a73 2352 loc->satisfy = CUPSD_AUTH_SATISFY_ANY;
ef416fc2 2353 else
2354 {
2355 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Satisfy value %s on line %d.",
2356 value, linenum);
2357 return (0);
2358 }
2359 }
2360 else
2361 return (0);
2362
2363 return (1);
2364}
2365
2366
49d87452
MS		 2367/*
2368 * 'parse_fatal_errors()' - Parse FatalErrors values in a string.
2369 */
2370
2371static int /* O - FatalErrors bits */
2372parse_fatal_errors(const char *s) /* I - FatalErrors string */
2373{
2374 int fatal; /* FatalErrors bits */
2375 char value[1024], /* Value string */
2376 *valstart, /* Pointer into value */
2377 *valend; /* End of value */
2378
2379
2380 /*
2381 * Empty FatalErrors line yields NULL pointer...
2382 */
2383
2384 if (!s)
2385 return (CUPSD_FATAL_NONE);
2386
2387 /*
2388 * Loop through the value string,...
2389 */
2390
2391 strlcpy(value, s, sizeof(value));
2392
2393 fatal = CUPSD_FATAL_NONE;
2394
2395 for (valstart = value; *valstart;)
2396 {
2397 /*
2398 * Get the current space/comma-delimited kind name...
2399 */
2400
2401 for (valend = valstart; *valend; valend ++)
88f9aafc 2402 if (_cups_isspace(*valend) || *valend == ',')
49d87452
MS		 2403 break;
2404
2405 if (*valend)
2406 *valend++ = '\0';
2407
2408 /*
2409 * Add the error to the bitmask...
2410 */
2411
88f9aafc 2412 if (!_cups_strcasecmp(valstart, "all"))
49d87452 2413 fatal = CUPSD_FATAL_ALL;
88f9aafc 2414 else if (!_cups_strcasecmp(valstart, "browse"))
49d87452 2415 fatal |= CUPSD_FATAL_BROWSE;
88f9aafc 2416 else if (!_cups_strcasecmp(valstart, "-browse"))
49d87452 2417 fatal &= ~CUPSD_FATAL_BROWSE;
88f9aafc 2418 else if (!_cups_strcasecmp(valstart, "config"))
49d87452 2419 fatal |= CUPSD_FATAL_CONFIG;
88f9aafc 2420 else if (!_cups_strcasecmp(valstart, "-config"))
49d87452 2421 fatal &= ~CUPSD_FATAL_CONFIG;
88f9aafc 2422 else if (!_cups_strcasecmp(valstart, "listen"))
49d87452 2423 fatal |= CUPSD_FATAL_LISTEN;
88f9aafc 2424 else if (!_cups_strcasecmp(valstart, "-listen"))
49d87452 2425 fatal &= ~CUPSD_FATAL_LISTEN;
88f9aafc 2426 else if (!_cups_strcasecmp(valstart, "log"))
49d87452 2427 fatal |= CUPSD_FATAL_LOG;
88f9aafc 2428 else if (!_cups_strcasecmp(valstart, "-log"))
49d87452 2429 fatal &= ~CUPSD_FATAL_LOG;
88f9aafc 2430 else if (!_cups_strcasecmp(valstart, "permissions"))
49d87452 2431 fatal |= CUPSD_FATAL_PERMISSIONS;
88f9aafc 2432 else if (!_cups_strcasecmp(valstart, "-permissions"))
49d87452 2433 fatal &= ~CUPSD_FATAL_PERMISSIONS;
88f9aafc 2434 else if (_cups_strcasecmp(valstart, "none"))
49d87452 2435 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 2436 "Unknown FatalErrors kind \"%s\" ignored.", valstart);
49d87452
MS		 2437
2438 for (valstart = valend; *valstart; valstart ++)
88f9aafc 2439 if (!_cups_isspace(*valstart) || *valstart != ',')
49d87452
MS		 2440 break;
2441 }
2442
2443 return (fatal);
2444}
2445
2446
bd7854cb 2447/*
2448 * 'parse_groups()' - Parse system group names in a string.
2449 */
2450
2451static int /* O - 1 on success, 0 on failure */
2452parse_groups(const char *s) /* I - Space-delimited groups */
2453{
2454 int status; /* Return status */
2455 char value[1024], /* Value string */
2456 *valstart, /* Pointer into value */
2457 *valend, /* End of value */
2458 quote; /* Quote character */
2459 struct group *group; /* Group */
2460
2461
2462 /*
2463 * Make a copy of the string and parse out the groups...
2464 */
2465
2466 strlcpy(value, s, sizeof(value));
2467
2468 status = 1;
2469 valstart = value;
2470
2471 while (*valstart && NumSystemGroups < MAX_SYSTEM_GROUPS)
2472 {
2473 if (*valstart == '\'' || *valstart == '\"')
2474 {
2475 /*
2476 * Scan quoted name...
2477 */
2478
2479 quote = *valstart++;
2480
2481 for (valend = valstart; *valend; valend ++)
2482 if (*valend == quote)
2483 break;
2484 }
2485 else
2486 {
2487 /*
2488 * Scan space or comma-delimited name...
2489 */
2490
2491 for (valend = valstart; *valend; valend ++)
88f9aafc 2492 if (_cups_isspace(*valend) || *valend == ',')
bd7854cb 2493 break;
2494 }
2495
2496 if (*valend)
2497 *valend++ = '\0';
2498
2499 group = getgrnam(valstart);
2500 if (group)
2501 {
2502 cupsdSetString(SystemGroups + NumSystemGroups, valstart);
2503 SystemGroupIDs[NumSystemGroups] = group->gr_gid;
2504
2505 NumSystemGroups ++;
2506 }
2507 else
2508 status = 0;
2509
2510 endgrent();
2511
2512 valstart = valend;
2513
88f9aafc 2514 while (*valstart == ',' || _cups_isspace(*valstart))
bd7854cb 2515 valstart ++;
2516 }
2517
2518 return (status);
2519}
2520
2521
2522/*
2523 * 'parse_protocols()' - Parse browse protocols in a string.
2524 */
2525
2526static int /* O - Browse protocol bits */
2527parse_protocols(const char *s) /* I - Space-delimited protocols */
2528{
2529 int protocols; /* Browse protocol bits */
2530 char value[1024], /* Value string */
2531 *valstart, /* Pointer into value */
2532 *valend; /* End of value */
2533
2534
d09495fa 2535 /*
2536 * Empty protocol line yields NULL pointer...
2537 */
2538
2539 if (!s)
2540 return (0);
2541
bd7854cb 2542 /*
2543 * Loop through the value string,...
2544 */
2545
2546 strlcpy(value, s, sizeof(value));
2547
2548 protocols = 0;
2549
2550 for (valstart = value; *valstart;)
2551 {
2552 /*
2553 * Get the current space/comma-delimited protocol name...
2554 */
2555
2556 for (valend = valstart; *valend; valend ++)
88f9aafc 2557 if (_cups_isspace(*valend) || *valend == ',')
bd7854cb 2558 break;
2559
2560 if (*valend)
2561 *valend++ = '\0';
2562
2563 /*
2564 * Add the protocol to the bitmask...
2565 */
2566
a2326b5b
MS		 2567 if (!_cups_strcasecmp(valstart, "dnssd") ||
2568 !_cups_strcasecmp(valstart, "dns-sd") ||
2569 !_cups_strcasecmp(valstart, "bonjour"))
bd7854cb 2570 protocols |= BROWSE_DNSSD;
88f9aafc 2571 else if (!_cups_strcasecmp(valstart, "all"))
bd7854cb 2572 protocols |= BROWSE_ALL;
88f9aafc 2573 else if (_cups_strcasecmp(valstart, "none"))
a41f09e2 2574 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 2575 "Unknown browse protocol \"%s\" ignored.", valstart);
bd7854cb 2576
2577 for (valstart = valend; *valstart; valstart ++)
88f9aafc 2578 if (!_cups_isspace(*valstart) || *valstart != ',')
bd7854cb 2579 break;
2580 }
2581
2582 return (protocols);
2583}
2584
2585
ef416fc2 2586/*
c41769ff 2587 * 'parse_variable()' - Parse a variable line.
ef416fc2 2588 */
2589
2590static int /* O - 1 on success, 0 on failure */
c41769ff
MS		 2591parse_variable(
2592 const char *filename, /* I - Name of configuration file */
2593 int linenum, /* I - Line in configuration file */
2594 const char *line, /* I - Line from configuration file */
2595 const char *value, /* I - Value from configuration file */
2596 size_t num_vars, /* I - Number of variables */
2597 const cupsd_var_t *vars) /* I - Variables */
2598{
2599 size_t i; /* Looping var */
2600 const cupsd_var_t *var; /* Variables */
2601 char temp[1024]; /* Temporary string */
2602
2603
2604 for (i = num_vars, var = vars; i > 0; i --, var ++)
2605 if (!_cups_strcasecmp(line, var->name))
2606 break;
2607
2608 if (i == 0)
2609 {
2610 /*
2611 * Unknown directive! Output an error message and continue...
2612 */
2613
2614 if (!value)
2615 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.",
2616 line, linenum, filename);
2617 else
2618 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
2619 line, linenum, filename);
2620
2621 return (0);
2622 }
2623
2624 switch (var->type)
2625 {
2626 case CUPSD_VARTYPE_INTEGER :
2627 if (!value)
2628 {
2629 cupsdLogMessage(CUPSD_LOG_ERROR,
2630 "Missing integer value for %s on line %d of %s.",
2631 line, linenum, filename);
2632 return (0);
2633 }
2634 else if (!isdigit(*value & 255))
2635 {
2636 cupsdLogMessage(CUPSD_LOG_ERROR,
2637 "Bad integer value for %s on line %d of %s.",
2638 line, linenum, filename);
2639 return (0);
2640 }
2641 else
2642 {
2643 int n; /* Number */
2644 char *units; /* Units */
2645
2646 n = strtol(value, &units, 0);
2647
2648 if (units && *units)
2649 {
2650 if (tolower(units[0] & 255) == 'g')
2651 n *= 1024 * 1024 * 1024;
2652 else if (tolower(units[0] & 255) == 'm')
2653 n *= 1024 * 1024;
2654 else if (tolower(units[0] & 255) == 'k')
2655 n *= 1024;
2656 else if (tolower(units[0] & 255) == 't')
2657 n *= 262144;
2658 else
2659 {
2660 cupsdLogMessage(CUPSD_LOG_ERROR,
2661 "Unknown integer value for %s on line %d of %s.",
2662 line, linenum, filename);
2663 return (0);
2664 }
2665 }
2666
2667 if (n < 0)
2668 {
2669 cupsdLogMessage(CUPSD_LOG_ERROR,
2670 "Bad negative integer value for %s on line %d of "
2671 "%s.", line, linenum, filename);
2672 return (0);
2673 }
2674 else
2675 {
2676 *((int *)var->ptr) = n;
2677 }
2678 }
2679 break;
2680
7e86f2f6
MS		 2681 case CUPSD_VARTYPE_PERM :
2682 if (!value)
2683 {
2684 cupsdLogMessage(CUPSD_LOG_ERROR,
2685 "Missing permissions value for %s on line %d of %s.",
2686 line, linenum, filename);
2687 return (0);
2688 }
2689 else if (!isdigit(*value & 255))
2690 {
2691 /* TODO: Add chmod UGO syntax support */
2692 cupsdLogMessage(CUPSD_LOG_ERROR,
2693 "Bad permissions value for %s on line %d of %s.",
2694 line, linenum, filename);
2695 return (0);
2696 }
2697 else
2698 {
2699 int n = strtol(value, NULL, 8);
2700 /* Permissions value */
2701
2702 if (n < 0)
2703 {
2704 cupsdLogMessage(CUPSD_LOG_ERROR,
2705 "Bad negative permissions value for %s on line %d of "
2706 "%s.", line, linenum, filename);
2707 return (0);
2708 }
2709 else
2710 {
2711 *((mode_t *)var->ptr) = (mode_t)n;
2712 }
2713 }
2714 break;
2715
c41769ff
MS		 2716 case CUPSD_VARTYPE_TIME :
2717 if (!value)
2718 {
2719 cupsdLogMessage(CUPSD_LOG_ERROR,
2720 "Missing time interval value for %s on line %d of "
2721 "%s.", line, linenum, filename);
2722 return (0);
2723 }
2724 else if (!_cups_strncasecmp(line, "PreserveJob", 11) &&
2725 (!_cups_strcasecmp(value, "true") ||
2726 !_cups_strcasecmp(value, "on") ||
2727 !_cups_strcasecmp(value, "enabled") ||
2728 !_cups_strcasecmp(value, "yes")))
2729 {
2730 *((int *)var->ptr) = INT_MAX;
2731 }
2732 else if (!_cups_strcasecmp(value, "false") ||
2733 !_cups_strcasecmp(value, "off") ||
2734 !_cups_strcasecmp(value, "disabled") ||
2735 !_cups_strcasecmp(value, "no"))
2736 {
2737 *((int *)var->ptr) = 0;
2738 }
2739 else if (!isdigit(*value & 255))
2740 {
2741 cupsdLogMessage(CUPSD_LOG_ERROR,
2742 "Unknown time interval value for %s on line %d of "
2743 "%s.", line, linenum, filename);
2744 return (0);
2745 }
2746 else
2747 {
2748 double n; /* Number */
2749 char *units; /* Units */
2750
2751 n = strtod(value, &units);
2752
2753 if (units && *units)
2754 {
2755 if (tolower(units[0] & 255) == 'w')
2756 n *= 7 * 24 * 60 * 60;
2757 else if (tolower(units[0] & 255) == 'd')
2758 n *= 24 * 60 * 60;
2759 else if (tolower(units[0] & 255) == 'h')
2760 n *= 60 * 60;
2761 else if (tolower(units[0] & 255) == 'm')
2762 n *= 60;
2763 else
2764 {
2765 cupsdLogMessage(CUPSD_LOG_ERROR,
2766 "Unknown time interval value for %s on line "
2767 "%d of %s.", line, linenum, filename);
2768 return (0);
2769 }
2770 }
2771
2772 if (n < 0.0 || n > INT_MAX)
2773 {
2774 cupsdLogMessage(CUPSD_LOG_ERROR,
2775 "Bad time value for %s on line %d of %s.",
2776 line, linenum, filename);
2777 return (0);
2778 }
2779 else
2780 {
2781 *((int *)var->ptr) = (int)n;
2782 }
2783 }
2784 break;
2785
2786 case CUPSD_VARTYPE_BOOLEAN :
2787 if (!value)
2788 {
2789 cupsdLogMessage(CUPSD_LOG_ERROR,
2790 "Missing boolean value for %s on line %d of %s.",
2791 line, linenum, filename);
2792 return (0);
2793 }
2794 else if (!_cups_strcasecmp(value, "true") ||
2795 !_cups_strcasecmp(value, "on") ||
2796 !_cups_strcasecmp(value, "enabled") ||
2797 !_cups_strcasecmp(value, "yes") ||
2798 atoi(value) != 0)
2799 {
2800 *((int *)var->ptr) = TRUE;
2801 }
2802 else if (!_cups_strcasecmp(value, "false") ||
2803 !_cups_strcasecmp(value, "off") ||
2804 !_cups_strcasecmp(value, "disabled") ||
2805 !_cups_strcasecmp(value, "no") ||
2806 !_cups_strcasecmp(value, "0"))
2807 {
2808 *((int *)var->ptr) = FALSE;
2809 }
2810 else
2811 {
2812 cupsdLogMessage(CUPSD_LOG_ERROR,
2813 "Unknown boolean value %s on line %d of %s.",
2814 value, linenum, filename);
2815 return (0);
2816 }
2817 break;
2818
2819 case CUPSD_VARTYPE_PATHNAME :
2820 if (!value)
2821 {
2822 cupsdLogMessage(CUPSD_LOG_ERROR,
2823 "Missing pathname value for %s on line %d of %s.",
2824 line, linenum, filename);
2825 return (0);
2826 }
2827
2828 if (value[0] == '/')
2829 strlcpy(temp, value, sizeof(temp));
2830 else
2831 snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value);
2832
2833 if (access(temp, 0))
2834 {
2835 cupsdLogMessage(CUPSD_LOG_ERROR,
2836 "File or directory for \"%s %s\" on line %d of %s "
2837 "does not exist.", line, value, linenum, filename);
2838 return (0);
2839 }
2840
2841 cupsdSetString((char **)var->ptr, temp);
2842 break;
2843
2844 case CUPSD_VARTYPE_STRING :
2845 cupsdSetString((char **)var->ptr, value);
2846 break;
2847 }
2848
2849 return (1);
2850}
2851
2852
2853/*
2854 * 'read_cupsd_conf()' - Read the cupsd.conf configuration file.
2855 */
2856
2857static int /* O - 1 on success, 0 on failure */
2858read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
ef416fc2 2859{
ef416fc2 2860 int linenum; /* Current line number */
2861 char line[HTTP_MAX_BUFFER],
2862 /* Line from file */
2863 temp[HTTP_MAX_BUFFER],
2864 /* Temporary buffer for value */
ef416fc2 2865 *value, /* Pointer to value */
bd7854cb 2866 *valueptr; /* Pointer into value */
ef416fc2 2867 int valuelen; /* Length of value */
ef416fc2 2868 http_addrlist_t *addrlist, /* Address list */
2869 *addr; /* Current address */
ef416fc2 2870 cups_file_t *incfile; /* Include file */
2871 char incname[1024]; /* Include filename */
ef416fc2 2872
2873
2874 /*
2875 * Loop through each line in the file...
2876 */
2877
2878 linenum = 0;
2879
2880 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
2881 {
2882 /*
2883 * Decode the directive...
2884 */
2885
88f9aafc 2886 if (!_cups_strcasecmp(line, "Include") && value)
ef416fc2 2887 {
2888 /*
2889 * Include filename
2890 */
2891
2892 if (value[0] == '/')
2893 strlcpy(incname, value, sizeof(incname));
2894 else
2895 snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value);
2896
2897 if ((incfile = cupsFileOpen(incname, "rb")) == NULL)
2898 cupsdLogMessage(CUPSD_LOG_ERROR,
2899 "Unable to include config file \"%s\" - %s",
2900 incname, strerror(errno));
2901 else
2902 {
c41769ff 2903 read_cupsd_conf(incfile);
ef416fc2 2904 cupsFileClose(incfile);
2905 }
2906 }
88f9aafc 2907 else if (!_cups_strcasecmp(line, "<Location") && value)
ef416fc2 2908 {
2909 /*
2910 * <Location path>
2911 */
2912
c934a06c
MS		 2913 linenum = read_location(fp, value, linenum);
2914 if (linenum == 0)
2915 return (0);
ef416fc2 2916 }
88f9aafc 2917 else if (!_cups_strcasecmp(line, "<Policy") && value)
ef416fc2 2918 {
2919 /*
2920 * <Policy name>
2921 */
2922
c934a06c
MS		 2923 linenum = read_policy(fp, value, linenum);
2924 if (linenum == 0)
2925 return (0);
ef416fc2 2926 }
88f9aafc 2927 else if (!_cups_strcasecmp(line, "FaxRetryInterval") && value)
ef416fc2 2928 {
c934a06c
MS		 2929 JobRetryInterval = atoi(value);
2930 cupsdLogMessage(CUPSD_LOG_WARN,
2931 "FaxRetryInterval is deprecated; use "
2932 "JobRetryInterval on line %d.", linenum);
ef416fc2 2933 }
88f9aafc 2934 else if (!_cups_strcasecmp(line, "FaxRetryLimit") && value)
ef416fc2 2935 {
c934a06c
MS		 2936 JobRetryLimit = atoi(value);
2937 cupsdLogMessage(CUPSD_LOG_WARN,
2938 "FaxRetryLimit is deprecated; use "
2939 "JobRetryLimit on line %d.", linenum);
ef416fc2 2940 }
f99f3698 2941 else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")
ef416fc2 2942#ifdef HAVE_SSL
88f9aafc 2943 || !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen")
ef416fc2 2944#endif /* HAVE_SSL */
f99f3698 2945 ) && value)
ef416fc2 2946 {
2947 /*
2948 * Add listening address(es) to the list...
2949 */
2950
2951 cupsd_listener_t *lis; /* New listeners array */
2952
2953
2954 /*
2955 * Get the address list...
2956 */
2957
2958 addrlist = get_address(value, IPP_PORT);
2959
2960 if (!addrlist)
2961 {
2962 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad %s address %s at line %d.", line,
2963 value, linenum);
2964 continue;
2965 }
2966
2967 /*
2968 * Add each address...
2969 */
2970
2971 for (addr = addrlist; addr; addr = addr->next)
2972 {
49d87452
MS		 2973 /*
2974 * See if this address is already present...
2975 */
2976
2977 for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners);
2978 lis;
2979 lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
2980 if (httpAddrEqual(&(addr->addr), &(lis->address)) &&
a469f8a5 2981 httpAddrPort(&(addr->addr)) == httpAddrPort(&(lis->address)))
49d87452
MS		 2982 break;
2983
2984 if (lis)
2985 {
2986 httpAddrString(&lis->address, temp, sizeof(temp));
2987 cupsdLogMessage(CUPSD_LOG_WARN,
c8fef167 2988 "Duplicate listen address \"%s\" ignored.", temp);
49d87452
MS		 2989 continue;
2990 }
2991
ef416fc2 2992 /*
2993 * Allocate another listener...
2994 */
2995
bd7854cb 2996 if (!Listeners)
2997 Listeners = cupsArrayNew(NULL, NULL);
ef416fc2 2998
bd7854cb 2999 if (!Listeners)
ef416fc2 3000 {
3001 cupsdLogMessage(CUPSD_LOG_ERROR,
3002 "Unable to allocate %s at line %d - %s.",
3003 line, linenum, strerror(errno));
3004 break;
3005 }
3006
bd7854cb 3007 if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
3008 {
3009 cupsdLogMessage(CUPSD_LOG_ERROR,
3010 "Unable to allocate %s at line %d - %s.",
3011 line, linenum, strerror(errno));
3012 break;
3013 }
3014
3015 cupsArrayAdd(Listeners, lis);
ef416fc2 3016
3017 /*
3018 * Copy the current address and log it...
3019 */
3020
ef416fc2 3021 memcpy(&(lis->address), &(addr->addr), sizeof(lis->address));
a4d04587 3022 lis->fd = -1;
ef416fc2 3023
3024#ifdef HAVE_SSL
88f9aafc 3025 if (!_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen"))
ef416fc2 3026 lis->encryption = HTTP_ENCRYPT_ALWAYS;
3027#endif /* HAVE_SSL */
3028
a4d04587 3029 httpAddrString(&lis->address, temp, sizeof(temp));
3030
ef416fc2 3031#ifdef AF_LOCAL
3032 if (lis->address.addr.sa_family == AF_LOCAL)
3033 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s (Domain)", temp);
3034 else
3035#endif /* AF_LOCAL */
22c9029b 3036 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s:%d (IPv%d)", temp,
a469f8a5 3037 httpAddrPort(&(lis->address)),
5ec1fd3d 3038 httpAddrFamily(&(lis->address)) == AF_INET ? 4 : 6);
d1c13e16
MS		 3039
3040 if (!httpAddrLocalhost(&(lis->address)))
a469f8a5 3041 RemotePort = httpAddrPort(&(lis->address));
ef416fc2 3042 }
3043
3044 /*
3045 * Free the list...
3046 */
3047
3048 httpAddrFreeList(addrlist);
3049 }
88f9aafc 3050 else if (!_cups_strcasecmp(line, "BrowseProtocols") ||
a2326b5b 3051 !_cups_strcasecmp(line, "BrowseLocalProtocols"))
ef416fc2 3052 {
3053 /*
bd7854cb 3054 * "BrowseProtocols name [... name]"
3055 * "BrowseLocalProtocols name [... name]"
ef416fc2 3056 */
3057
bd7854cb 3058 int protocols = parse_protocols(value);
ef416fc2 3059
bd7854cb 3060 if (protocols < 0)
ef416fc2 3061 {
bd7854cb 3062 cupsdLogMessage(CUPSD_LOG_ERROR,
3063 "Unknown browse protocol \"%s\" on line %d.",
3064 value, linenum);
3065 break;
ef416fc2 3066 }
bd7854cb 3067
a2326b5b 3068 BrowseLocalProtocols = protocols;
ef416fc2 3069 }
c41769ff 3070 else if (!_cups_strcasecmp(line, "DefaultAuthType") && value)
ef416fc2 3071 {
3072 /*
c41769ff 3073 * DefaultAuthType {basic,digest,basicdigest,negotiate}
ef416fc2 3074 */
3075
88f9aafc 3076 if (!_cups_strcasecmp(value, "none"))
dcb445bc 3077 default_auth_type = CUPSD_AUTH_NONE;
88f9aafc 3078 else if (!_cups_strcasecmp(value, "basic"))
dcb445bc 3079 default_auth_type = CUPSD_AUTH_BASIC;
88f9aafc 3080 else if (!_cups_strcasecmp(value, "digest"))
dcb445bc 3081 default_auth_type = CUPSD_AUTH_DIGEST;
88f9aafc 3082 else if (!_cups_strcasecmp(value, "basicdigest"))
dcb445bc 3083 default_auth_type = CUPSD_AUTH_BASICDIGEST;
f7deaa1a 3084#ifdef HAVE_GSSAPI
88f9aafc 3085 else if (!_cups_strcasecmp(value, "negotiate"))
dcb445bc 3086 default_auth_type = CUPSD_AUTH_NEGOTIATE;
f7deaa1a 3087#endif /* HAVE_GSSAPI */
dcb445bc
MS		 3088 else if (!_cups_strcasecmp(value, "auto"))
3089 default_auth_type = CUPSD_AUTH_AUTO;
ef416fc2 3090 else
3091 {
3092 cupsdLogMessage(CUPSD_LOG_WARN,
3093 "Unknown default authorization type %s on line %d.",
3094 value, linenum);
49d87452
MS		 3095 if (FatalErrors & CUPSD_FATAL_CONFIG)
3096 return (0);
ef416fc2 3097 }
3098 }
4744bd90 3099#ifdef HAVE_SSL
88f9aafc 3100 else if (!_cups_strcasecmp(line, "DefaultEncryption"))
4744bd90 3101 {
3102 /*
3103 * DefaultEncryption {Never,IfRequested,Required}
3104 */
3105
88f9aafc 3106 if (!value || !_cups_strcasecmp(value, "never"))
4744bd90 3107 DefaultEncryption = HTTP_ENCRYPT_NEVER;
88f9aafc 3108 else if (!_cups_strcasecmp(value, "required"))
4744bd90 3109 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
88f9aafc 3110 else if (!_cups_strcasecmp(value, "ifrequested"))
4744bd90 3111 DefaultEncryption = HTTP_ENCRYPT_IF_REQUESTED;
3112 else
3113 {
3114 cupsdLogMessage(CUPSD_LOG_WARN,
3115 "Unknown default encryption %s on line %d.",
3116 value, linenum);
49d87452
MS		 3117 if (FatalErrors & CUPSD_FATAL_CONFIG)
3118 return (0);
4744bd90 3119 }
3120 }
3121#endif /* HAVE_SSL */
88f9aafc 3122 else if (!_cups_strcasecmp(line, "HostNameLookups") && value)
ef416fc2 3123 {
3124 /*
3125 * Do hostname lookups?
3126 */
3127
88f9aafc
MS		 3128 if (!_cups_strcasecmp(value, "off") || !_cups_strcasecmp(value, "no") ||
3129 !_cups_strcasecmp(value, "false"))
ef416fc2 3130 HostNameLookups = 0;
88f9aafc
MS		 3131 else if (!_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "yes") ||
3132 !_cups_strcasecmp(value, "true"))
ef416fc2 3133 HostNameLookups = 1;
88f9aafc 3134 else if (!_cups_strcasecmp(value, "double"))
ef416fc2 3135 HostNameLookups = 2;
3136 else
3137 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown HostNameLookups %s on line %d.",
3138 value, linenum);
3139 }
88f9aafc 3140 else if (!_cups_strcasecmp(line, "AccessLogLevel") && value)
1f0275e3
MS		 3141 {
3142 /*
3143 * Amount of logging to do to access log...
3144 */
3145
88f9aafc 3146 if (!_cups_strcasecmp(value, "all"))
1f0275e3 3147 AccessLogLevel = CUPSD_ACCESSLOG_ALL;
88f9aafc 3148 else if (!_cups_strcasecmp(value, "actions"))
1f0275e3 3149 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
88f9aafc 3150 else if (!_cups_strcasecmp(value, "config"))
1f0275e3
MS		 3151 AccessLogLevel = CUPSD_ACCESSLOG_CONFIG;
3152 else
3153 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown AccessLogLevel %s on line %d.",
3154 value, linenum);
3155 }
88f9aafc 3156 else if (!_cups_strcasecmp(line, "LogLevel") && value)
ef416fc2 3157 {
3158 /*
1f0275e3 3159 * Amount of logging to do to error log...
ef416fc2 3160 */
3161
88f9aafc 3162 if (!_cups_strcasecmp(value, "debug2"))
ef416fc2 3163 LogLevel = CUPSD_LOG_DEBUG2;
88f9aafc 3164 else if (!_cups_strcasecmp(value, "debug"))
ef416fc2 3165 LogLevel = CUPSD_LOG_DEBUG;
88f9aafc 3166 else if (!_cups_strcasecmp(value, "info"))
ef416fc2 3167 LogLevel = CUPSD_LOG_INFO;
88f9aafc 3168 else if (!_cups_strcasecmp(value, "notice"))
ef416fc2 3169 LogLevel = CUPSD_LOG_NOTICE;
88f9aafc 3170 else if (!_cups_strcasecmp(value, "warn"))
ef416fc2 3171 LogLevel = CUPSD_LOG_WARN;
88f9aafc 3172 else if (!_cups_strcasecmp(value, "error"))
ef416fc2 3173 LogLevel = CUPSD_LOG_ERROR;
88f9aafc 3174 else if (!_cups_strcasecmp(value, "crit"))
ef416fc2 3175 LogLevel = CUPSD_LOG_CRIT;
88f9aafc 3176 else if (!_cups_strcasecmp(value, "alert"))
ef416fc2 3177 LogLevel = CUPSD_LOG_ALERT;
88f9aafc 3178 else if (!_cups_strcasecmp(value, "emerg"))
ef416fc2 3179 LogLevel = CUPSD_LOG_EMERG;
88f9aafc 3180 else if (!_cups_strcasecmp(value, "none"))
ef416fc2 3181 LogLevel = CUPSD_LOG_NONE;
3182 else
3183 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogLevel %s on line %d.",
3184 value, linenum);
3185 }
88f9aafc 3186 else if (!_cups_strcasecmp(line, "LogTimeFormat") && value)
dfd5680b
MS		 3187 {
3188 /*
3189 * Amount of logging to do to error log...
3190 */
3191
88f9aafc 3192 if (!_cups_strcasecmp(value, "standard"))
dfd5680b 3193 LogTimeFormat = CUPSD_TIME_STANDARD;
88f9aafc 3194 else if (!_cups_strcasecmp(value, "usecs"))
dfd5680b
MS		 3195 LogTimeFormat = CUPSD_TIME_USECS;
3196 else
3197 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogTimeFormat %s on line %d.",
3198 value, linenum);
3199 }
88f9aafc 3200 else if (!_cups_strcasecmp(line, "ServerTokens") && value)
ef416fc2 3201 {
3202 /*
3203 * Set the string used for the Server header...
3204 */
3205
3206 struct utsname plat; /* Platform info */
3207
3208
3209 uname(&plat);
3210
88f9aafc 3211 if (!_cups_strcasecmp(value, "ProductOnly"))
db8b865d 3212 cupsdSetString(&ServerHeader, "CUPS IPP");
88f9aafc 3213 else if (!_cups_strcasecmp(value, "Major"))
db8b865d 3214 cupsdSetStringf(&ServerHeader, "CUPS/%d IPP/2", CUPS_VERSION_MAJOR);
88f9aafc 3215 else if (!_cups_strcasecmp(value, "Minor"))
db8b865d 3216 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d IPP/2.1", CUPS_VERSION_MAJOR,
771bd8cb 3217 CUPS_VERSION_MINOR);
88f9aafc 3218 else if (!_cups_strcasecmp(value, "Minimal"))
db8b865d 3219 cupsdSetString(&ServerHeader, CUPS_MINIMAL " IPP/2.1");
88f9aafc 3220 else if (!_cups_strcasecmp(value, "OS"))
db8b865d
MS		 3221 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s %s) IPP/2.1",
3222 plat.sysname, plat.release);
88f9aafc 3223 else if (!_cups_strcasecmp(value, "Full"))
db8b865d
MS		 3224 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s %s; %s) IPP/2.1",
3225 plat.sysname, plat.release, plat.machine);
88f9aafc 3226 else if (!_cups_strcasecmp(value, "None"))
ef416fc2 3227 cupsdClearString(&ServerHeader);
3228 else
3229 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d.",
3230 value, linenum);
3231 }
88f9aafc 3232 else if (!_cups_strcasecmp(line, "PassEnv") && value)
ef416fc2 3233 {
3234 /*
3235 * PassEnv variable [... variable]
3236 */
3237
3238 for (; *value;)
3239 {
3240 for (valuelen = 0; value[valuelen]; valuelen ++)
88f9aafc 3241 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
ef416fc2 3242 break;
3243
3244 if (value[valuelen])
3245 {
3246 value[valuelen] = '\0';
3247 valuelen ++;
3248 }
3249
3250 cupsdSetEnv(value, NULL);
3251
3252 for (value += valuelen; *value; value ++)
88f9aafc 3253 if (!_cups_isspace(*value) || *value != ',')
ef416fc2 3254 break;
3255 }
3256 }
88f9aafc 3257 else if (!_cups_strcasecmp(line, "ServerAlias") && value)
e07d4801 3258 {
88f9aafc
MS		 3259 /*
3260 * ServerAlias name [... name]
3261 */
3262
e07d4801
MS		 3263 if (!ServerAlias)
3264 ServerAlias = cupsArrayNew(NULL, NULL);
3265
88f9aafc
MS		 3266 for (; *value;)
3267 {
3268 for (valuelen = 0; value[valuelen]; valuelen ++)
3269 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3270 break;
3271
3272 if (value[valuelen])
3273 {
3274 value[valuelen] = '\0';
3275 valuelen ++;
3276 }
3277
3278 cupsdAddAlias(ServerAlias, value);
3279
3280 for (value += valuelen; *value; value ++)
3281 if (!_cups_isspace(*value) || *value != ',')
3282 break;
3283 }
e07d4801 3284 }
88f9aafc 3285 else if (!_cups_strcasecmp(line, "SetEnv") && value)
ef416fc2 3286 {
3287 /*
3288 * SetEnv variable value
3289 */
3290
3291 for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
3292
3293 if (*valueptr)
3294 {
3295 /*
3296 * Found a value...
3297 */
3298
3299 while (isspace(*valueptr & 255))
3300 *valueptr++ = '\0';
3301
3302 cupsdSetEnv(value, valueptr);
3303 }
3304 else
3305 cupsdLogMessage(CUPSD_LOG_ERROR,
3306 "Missing value for SetEnv directive on line %d.",
3307 linenum);
3308 }
cb7f98ee
MS		 3309 else if (!_cups_strcasecmp(line, "AccessLog") ||
3310 !_cups_strcasecmp(line, "CacheDir") ||
3311 !_cups_strcasecmp(line, "ConfigFilePerm") ||
3312 !_cups_strcasecmp(line, "DataDir") ||
3313 !_cups_strcasecmp(line, "DocumentRoot") ||
3314 !_cups_strcasecmp(line, "ErrorLog") ||
3315 !_cups_strcasecmp(line, "FatalErrors") ||
3316 !_cups_strcasecmp(line, "FileDevice") ||
3317 !_cups_strcasecmp(line, "FontPath") ||
3318 !_cups_strcasecmp(line, "Group") ||
3319 !_cups_strcasecmp(line, "LogFilePerm") ||
3320 !_cups_strcasecmp(line, "LPDConfigFile") ||
3321 !_cups_strcasecmp(line, "PageLog") ||
3322 !_cups_strcasecmp(line, "Printcap") ||
3323 !_cups_strcasecmp(line, "PrintcapFormat") ||
3324 !_cups_strcasecmp(line, "RemoteRoot") ||
3325 !_cups_strcasecmp(line, "RequestRoot") ||
3326 !_cups_strcasecmp(line, "ServerBin") ||
3327 !_cups_strcasecmp(line, "ServerCertificate") ||
3328 !_cups_strcasecmp(line, "ServerKey") ||
097488cf 3329 !_cups_strcasecmp(line, "ServerKeychain") ||
cb7f98ee
MS		 3330 !_cups_strcasecmp(line, "ServerRoot") ||
3331 !_cups_strcasecmp(line, "SMBConfigFile") ||
3332 !_cups_strcasecmp(line, "StateDir") ||
3333 !_cups_strcasecmp(line, "SystemGroup") ||
3334 !_cups_strcasecmp(line, "SystemGroupAuthKey") ||
3335 !_cups_strcasecmp(line, "TempDir") ||
3336 !_cups_strcasecmp(line, "User"))
3337 {
6961465f 3338 cupsdLogMessage(CUPSD_LOG_INFO,
cb7f98ee
MS		 3339 "Please move \"%s%s%s\" on line %d of %s to the %s file; "
3340 "this will become an error in a future release.",
3341 line, value ? " " : "", value ? value : "", linenum,
3342 ConfigurationFile, CupsFilesFile);
3343 }
ef416fc2 3344 else
c41769ff
MS		 3345 parse_variable(ConfigurationFile, linenum, line, value,
3346 sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars);
3347 }
3348
3349 return (1);
3350}
3351
3352
3353/*
3354 * 'read_cups_files_conf()' - Read the cups-files.conf configuration file.
3355 */
3356
3357static int /* O - 1 on success, 0 on failure */
3358read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
3359{
3360 int linenum; /* Current line number */
3361 char line[HTTP_MAX_BUFFER], /* Line from file */
3362 *value; /* Value from line */
3363 struct group *group; /* Group */
3364
3365
3366 /*
3367 * Loop through each line in the file...
3368 */
3369
3370 linenum = 0;
3371
3372 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3373 {
3374 if (!_cups_strcasecmp(line, "FatalErrors"))
3375 FatalErrors = parse_fatal_errors(value);
3376 else if (!_cups_strcasecmp(line, "Group") && value)
ef416fc2 3377 {
3378 /*
c41769ff 3379 * Group ID to run as...
ef416fc2 3380 */
3381
c41769ff 3382 if (isdigit(value[0]))
7e86f2f6 3383 Group = (gid_t)atoi(value);
c41769ff 3384 else
ef416fc2 3385 {
c41769ff
MS		 3386 endgrent();
3387 group = getgrnam(value);
ef416fc2 3388
c41769ff
MS		 3389 if (group != NULL)
3390 Group = group->gr_gid;
c934a06c 3391 else
c41769ff
MS		 3392 {
3393 cupsdLogMessage(CUPSD_LOG_ERROR,
3394 "Unknown Group \"%s\" on line %d of %s.", value,
3395 linenum, CupsFilesFile);
3396 if (FatalErrors & CUPSD_FATAL_CONFIG)
3397 return (0);
3398 }
ef416fc2 3399 }
c41769ff
MS		 3400 }
3401 else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
3402 {
3403 /*
3404 * Format of printcap file?
3405 */
ef416fc2 3406
c41769ff
MS		 3407 if (!_cups_strcasecmp(value, "bsd"))
3408 PrintcapFormat = PRINTCAP_BSD;
3409 else if (!_cups_strcasecmp(value, "plist"))
3410 PrintcapFormat = PRINTCAP_PLIST;
3411 else if (!_cups_strcasecmp(value, "solaris"))
3412 PrintcapFormat = PRINTCAP_SOLARIS;
3413 else
ef416fc2 3414 {
c41769ff
MS		 3415 cupsdLogMessage(CUPSD_LOG_ERROR,
3416 "Unknown PrintcapFormat \"%s\" on line %d of %s.",
3417 value, linenum, CupsFilesFile);
3418 if (FatalErrors & CUPSD_FATAL_CONFIG)
3419 return (0);
3420 }
3421 }
3422 else if (!_cups_strcasecmp(line, "SystemGroup") && value)
3423 {
3424 /*
3425 * SystemGroup (admin) group(s)...
3426 */
82cc1f9a 3427
c41769ff
MS		 3428 if (!parse_groups(value))
3429 {
3430 cupsdLogMessage(CUPSD_LOG_ERROR,
3431 "Unknown SystemGroup \"%s\" on line %d of %s.", value,
3432 linenum, CupsFilesFile);
3433 if (FatalErrors & CUPSD_FATAL_CONFIG)
3434 return (0);
3435 }
3436 }
3437 else if (!_cups_strcasecmp(line, "User") && value)
3438 {
3439 /*
3440 * User ID to run as...
3441 */
ef416fc2 3442
c41769ff
MS		 3443 if (isdigit(value[0] & 255))
3444 {
3445 int uid = atoi(value);
c934a06c 3446
c41769ff
MS		 3447 if (!uid)
3448 {
3449 cupsdLogMessage(CUPSD_LOG_ERROR,
3450 "Will not use User 0 as specified on line %d of %s "
3451 "for security reasons. You must use a non-"
3452 "privileged account instead.",
3453 linenum, CupsFilesFile);
3454 if (FatalErrors & CUPSD_FATAL_CONFIG)
3455 return (0);
3456 }
3457 else
7e86f2f6 3458 User = (uid_t)atoi(value);
c41769ff
MS		 3459 }
3460 else
3461 {
3462 struct passwd *p; /* Password information */
76cd9e37 3463
c41769ff
MS		 3464 endpwent();
3465 p = getpwnam(value);
76cd9e37 3466
c41769ff
MS		 3467 if (p)
3468 {
3469 if (!p->pw_uid)
3470 {
3471 cupsdLogMessage(CUPSD_LOG_ERROR,
3472 "Will not use User %s (UID=0) as specified on line "
3473 "%d of %s for security reasons. You must use a "
3474 "non-privileged account instead.",
3475 value, linenum, CupsFilesFile);
3476 if (FatalErrors & CUPSD_FATAL_CONFIG)
3477 return (0);
3478 }
3479 else
3480 User = p->pw_uid;
3481 }
3482 else
3483 {
3484 cupsdLogMessage(CUPSD_LOG_ERROR,
3485 "Unknown User \"%s\" on line %d of %s.",
3486 value, linenum, CupsFilesFile);
3487 if (FatalErrors & CUPSD_FATAL_CONFIG)
3488 return (0);
3489 }
ef416fc2 3490 }
3491 }
097488cf
MS		 3492 else if (!_cups_strcasecmp(line, "ServerCertificate") ||
3493 !_cups_strcasecmp(line, "ServerKey"))
3494 {
3495 cupsdLogMessage(CUPSD_LOG_INFO,
3496 "The \"%s\" directive on line %d of %s is no longer "
3497 "supported; this will become an error in a future "
3498 "release.",
3499 line, linenum, CupsFilesFile);
3500 }
c41769ff
MS		 3501 else if (!parse_variable(CupsFilesFile, linenum, line, value,
3502 sizeof(cupsfiles_vars) / sizeof(cupsfiles_vars[0]),
3503 cupsfiles_vars) &&
3504 (FatalErrors & CUPSD_FATAL_CONFIG))
3505 return (0);
ef416fc2 3506 }
3507
3508 return (1);
3509}
3510
3511
3512/*
3513 * 'read_location()' - Read a <Location path> definition.
3514 */
3515
3516static int /* O - New line number or 0 on error */
3517read_location(cups_file_t *fp, /* I - Configuration file */
3518 char *location, /* I - Location name/path */
3519 int linenum) /* I - Current line number */
3520{
3521 cupsd_location_t *loc, /* New location */
3522 *parent; /* Parent location */
3523 char line[HTTP_MAX_BUFFER],
3524 /* Line buffer */
3525 *value, /* Value for directive */
3526 *valptr; /* Pointer into value */
3527
3528
c8fef167
MS		 3529 if ((parent = cupsdFindLocation(location)) != NULL)
3530 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Location %s> on line %d.",
3531 location, linenum);
3532 else if ((parent = cupsdNewLocation(location)) == NULL)
ef416fc2 3533 return (0);
c8fef167
MS		 3534 else
3535 {
3536 cupsdAddLocation(parent);
ef416fc2 3537
c8fef167
MS		 3538 parent->limit = CUPSD_AUTH_LIMIT_ALL;
3539 }
10d09e33 3540
c8fef167 3541 loc = parent;
ef416fc2 3542
3543 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3544 {
3545 /*
3546 * Decode the directive...
3547 */
3548
88f9aafc 3549 if (!_cups_strcasecmp(line, "</Location>"))
ef416fc2 3550 return (linenum);
88f9aafc
MS		 3551 else if (!_cups_strcasecmp(line, "<Limit") ||
3552 !_cups_strcasecmp(line, "<LimitExcept"))
ef416fc2 3553 {
3554 if (!value)
3555 {
3556 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
49d87452
MS		 3557 if (FatalErrors & CUPSD_FATAL_CONFIG)
3558 return (0);
b19ccc9e
MS		 3559 else
3560 continue;
ef416fc2 3561 }
ef55b745 3562
10d09e33 3563 if ((loc = cupsdCopyLocation(parent)) == NULL)
ef416fc2 3564 return (0);
3565
10d09e33
MS		 3566 cupsdAddLocation(loc);
3567
ef416fc2 3568 loc->limit = 0;
3569 while (*value)
3570 {
3571 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3572
3573 if (*valptr)
3574 *valptr++ = '\0';
3575
3576 if (!strcmp(value, "ALL"))
5bd77a73 3577 loc->limit = CUPSD_AUTH_LIMIT_ALL;
ef416fc2 3578 else if (!strcmp(value, "GET"))
5bd77a73 3579 loc->limit |= CUPSD_AUTH_LIMIT_GET;
ef416fc2 3580 else if (!strcmp(value, "HEAD"))
5bd77a73 3581 loc->limit |= CUPSD_AUTH_LIMIT_HEAD;
ef416fc2 3582 else if (!strcmp(value, "OPTIONS"))
5bd77a73 3583 loc->limit |= CUPSD_AUTH_LIMIT_OPTIONS;
ef416fc2 3584 else if (!strcmp(value, "POST"))
5bd77a73 3585 loc->limit |= CUPSD_AUTH_LIMIT_POST;
ef416fc2 3586 else if (!strcmp(value, "PUT"))
5bd77a73 3587 loc->limit |= CUPSD_AUTH_LIMIT_PUT;
ef416fc2 3588 else if (!strcmp(value, "TRACE"))
5bd77a73 3589 loc->limit |= CUPSD_AUTH_LIMIT_TRACE;
ef416fc2 3590 else
c8fef167 3591 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown request type %s on line %d.",
ef416fc2 3592 value, linenum);
3593
3594 for (value = valptr; isspace(*value & 255); value ++);
3595 }
3596
88f9aafc 3597 if (!_cups_strcasecmp(line, "<LimitExcept"))
5bd77a73 3598 loc->limit = CUPSD_AUTH_LIMIT_ALL ^ loc->limit;
ef416fc2 3599
3600 parent->limit &= ~loc->limit;
3601 }
88f9aafc
MS		 3602 else if (!_cups_strcasecmp(line, "</Limit>") ||
3603 !_cups_strcasecmp(line, "</LimitExcept>"))
ef416fc2 3604 loc = parent;
f99f3698
MS		 3605 else if (!value)
3606 {
3607 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d.", linenum);
3608 if (FatalErrors & CUPSD_FATAL_CONFIG)
3609 return (0);
3610 }
ef416fc2 3611 else if (!parse_aaa(loc, line, value, linenum))
3612 {
3613 cupsdLogMessage(CUPSD_LOG_ERROR,
3614 "Unknown Location directive %s on line %d.",
3615 line, linenum);
49d87452
MS		 3616 if (FatalErrors & CUPSD_FATAL_CONFIG)
3617 return (0);
ef416fc2 3618 }
3619 }
3620
3621 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 3622 "Unexpected end-of-file at line %d while reading location.",
ef416fc2 3623 linenum);
3624
49d87452 3625 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
ef416fc2 3626}
3627
3628
3629/*
3630 * 'read_policy()' - Read a <Policy name> definition.
3631 */
3632
3633static int /* O - New line number or 0 on error */
3634read_policy(cups_file_t *fp, /* I - Configuration file */
3635 char *policy, /* I - Location name/path */
3636 int linenum) /* I - Current line number */
3637{
3638 int i; /* Looping var */
3639 cupsd_policy_t *pol; /* Policy */
3640 cupsd_location_t *op; /* Policy operation */
3641 int num_ops; /* Number of IPP operations */
3642 ipp_op_t ops[100]; /* Operations */
3643 char line[HTTP_MAX_BUFFER],
3644 /* Line buffer */
3645 *value, /* Value for directive */
3646 *valptr; /* Pointer into value */
3647
3648
3649 /*
3650 * Create the policy...
3651 */
3652
c8fef167
MS		 3653 if ((pol = cupsdFindPolicy(policy)) != NULL)
3654 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Policy %s> on line %d.",
3655 policy, linenum);
3656 else if ((pol = cupsdAddPolicy(policy)) == NULL)
ef416fc2 3657 return (0);
3658
3659 /*
3660 * Read from the file...
3661 */
3662
3663 op = NULL;
3664 num_ops = 0;
3665
3666 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3667 {
3668 /*
3669 * Decode the directive...
3670 */
3671
88f9aafc 3672 if (!_cups_strcasecmp(line, "</Policy>"))
ef416fc2 3673 {
3674 if (op)
3675 cupsdLogMessage(CUPSD_LOG_WARN,
c8fef167 3676 "Missing </Limit> before </Policy> on line %d.",
ef416fc2 3677 linenum);
3678
10d09e33 3679 set_policy_defaults(pol);
2e4ff8af 3680
ef416fc2 3681 return (linenum);
3682 }
88f9aafc 3683 else if (!_cups_strcasecmp(line, "<Limit") && !op)
ef416fc2 3684 {
3685 if (!value)
3686 {
3687 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
49d87452
MS		 3688 if (FatalErrors & CUPSD_FATAL_CONFIG)
3689 return (0);
b19ccc9e
MS		 3690 else
3691 continue;
ef416fc2 3692 }
ef55b745 3693
ef416fc2 3694 /*
3695 * Scan for IPP operation names...
3696 */
3697
3698 num_ops = 0;
3699
3700 while (*value)
3701 {
3702 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3703
3704 if (*valptr)
3705 *valptr++ = '\0';
3706
3707 if (num_ops < (int)(sizeof(ops) / sizeof(ops[0])))
3708 {
88f9aafc 3709 if (!_cups_strcasecmp(value, "All"))
ef416fc2 3710 ops[num_ops] = IPP_ANY_OPERATION;
3711 else if ((ops[num_ops] = ippOpValue(value)) == IPP_BAD_OPERATION)
3712 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 3713 "Bad IPP operation name \"%s\" on line %d.",
ef416fc2 3714 value, linenum);
3715 else
3716 num_ops ++;
3717 }
3718 else
3719 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 3720 "Too many operations listed on line %d.",
ef416fc2 3721 linenum);
3722
3723 for (value = valptr; isspace(*value & 255); value ++);
3724 }
3725
3726 /*
3727 * If none are specified, apply the policy to all operations...
3728 */
3729
3730 if (num_ops == 0)
3731 {
3732 ops[0] = IPP_ANY_OPERATION;
3733 num_ops = 1;
3734 }
3735
3736 /*
3737 * Add a new policy for the first operation...
3738 */
3739
3740 op = cupsdAddPolicyOp(pol, NULL, ops[0]);
3741 }
88f9aafc 3742 else if (!_cups_strcasecmp(line, "</Limit>") && op)
ef416fc2 3743 {
3744 /*
3745 * Finish the current operation limit...
3746 */
3747
3748 if (num_ops > 1)
3749 {
3750 /*
3751 * Copy the policy to the other operations...
3752 */
3753
3754 for (i = 1; i < num_ops; i ++)
3755 cupsdAddPolicyOp(pol, op, ops[i]);
3756 }
3757
3758 op = NULL;
3759 }
f99f3698
MS		 3760 else if (!value)
3761 {
3762 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d.", linenum);
3763 if (FatalErrors & CUPSD_FATAL_CONFIG)
3764 return (0);
3765 }
88f9aafc
MS		 3766 else if (!_cups_strcasecmp(line, "JobPrivateAccess") ||
3767 !_cups_strcasecmp(line, "JobPrivateValues") ||
3768 !_cups_strcasecmp(line, "SubscriptionPrivateAccess") ||
3769 !_cups_strcasecmp(line, "SubscriptionPrivateValues"))
10d09e33
MS		 3770 {
3771 if (op)
3772 {
3773 cupsdLogMessage(CUPSD_LOG_ERROR,
3774 "%s directive must appear outside <Limit>...</Limit> "
3775 "on line %d.", line, linenum);
3776 if (FatalErrors & CUPSD_FATAL_CONFIG)
3777 return (0);
3778 }
3779 else
3780 {
3781 /*
3782 * Pull out whitespace-delimited values...
3783 */
3784
3785 while (*value)
3786 {
3787 /*
3788 * Find the end of the current value...
3789 */
3790
3791 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3792
3793 if (*valptr)
3794 *valptr++ = '\0';
3795
3796 /*
3797 * Save it appropriately...
3798 */
3799
88f9aafc 3800 if (!_cups_strcasecmp(line, "JobPrivateAccess"))
10d09e33
MS		 3801 {
3802 /*
3803 * JobPrivateAccess {all|default|user/group list|@@ACL}
3804 */
3805
88f9aafc 3806 if (!_cups_strcasecmp(value, "default"))
10d09e33
MS		 3807 {
3808 cupsdAddString(&(pol->job_access), "@OWNER");
3809 cupsdAddString(&(pol->job_access), "@SYSTEM");
3810 }
3811 else
3812 cupsdAddString(&(pol->job_access), value);
3813 }
88f9aafc 3814 else if (!_cups_strcasecmp(line, "JobPrivateValues"))
10d09e33
MS		 3815 {
3816 /*
3817 * JobPrivateValues {all|none|default|attribute list}
3818 */
3819
88f9aafc 3820 if (!_cups_strcasecmp(value, "default"))
10d09e33
MS		 3821 {
3822 cupsdAddString(&(pol->job_attrs), "job-name");
3823 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
3824 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
82cc1f9a 3825 cupsdAddString(&(pol->job_attrs), "phone");
10d09e33
MS		 3826 }
3827 else
3828 cupsdAddString(&(pol->job_attrs), value);
3829 }
88f9aafc 3830 else if (!_cups_strcasecmp(line, "SubscriptionPrivateAccess"))
10d09e33
MS		 3831 {
3832 /*
3833 * SubscriptionPrivateAccess {all|default|user/group list|@@ACL}
3834 */
3835
88f9aafc 3836 if (!_cups_strcasecmp(value, "default"))
10d09e33
MS		 3837 {
3838 cupsdAddString(&(pol->sub_access), "@OWNER");
3839 cupsdAddString(&(pol->sub_access), "@SYSTEM");
3840 }
3841 else
3842 cupsdAddString(&(pol->sub_access), value);
3843 }
88f9aafc 3844 else /* if (!_cups_strcasecmp(line, "SubscriptionPrivateValues")) */
10d09e33
MS		 3845 {
3846 /*
3847 * SubscriptionPrivateValues {all|none|default|attribute list}
3848 */
3849
88f9aafc 3850 if (!_cups_strcasecmp(value, "default"))
10d09e33
MS		 3851 {
3852 cupsdAddString(&(pol->sub_attrs), "notify-events");
3853 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
3854 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
3855 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
3856 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
3857 }
3858 else
3859 cupsdAddString(&(pol->sub_attrs), value);
3860 }
3861
3862 /*
3863 * Find the next string on the line...
3864 */
3865
3866 for (value = valptr; isspace(*value & 255); value ++);
3867 }
3868 }
3869 }
ef416fc2 3870 else if (!op)
3871 {
3872 cupsdLogMessage(CUPSD_LOG_ERROR,
3873 "Missing <Limit ops> directive before %s on line %d.",
3874 line, linenum);
49d87452
MS		 3875 if (FatalErrors & CUPSD_FATAL_CONFIG)
3876 return (0);
ef416fc2 3877 }
3878 else if (!parse_aaa(op, line, value, linenum))
3879 {
321d8d57
MS		 3880 cupsdLogMessage(CUPSD_LOG_ERROR,
3881 "Unknown Policy Limit directive %s on line %d.",
3882 line, linenum);
ef416fc2 3883
49d87452
MS		 3884 if (FatalErrors & CUPSD_FATAL_CONFIG)
3885 return (0);
ef416fc2 3886 }
3887 }
3888
3889 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167
MS		 3890 "Unexpected end-of-file at line %d while reading policy "
3891 "\"%s\".", linenum, policy);
ef416fc2 3892
49d87452 3893 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
ef416fc2 3894}
3895
3896
3897/*
10d09e33
MS		 3898 * 'set_policy_defaults()' - Set default policy values as needed.
3899 */
3900
3901static void
3902set_policy_defaults(cupsd_policy_t *pol)/* I - Policy */
3903{
3904 cupsd_location_t *op; /* Policy operation */
3905
3906
3907 /*
3908 * Verify that we have an explicit policy for Validate-Job, Cancel-Jobs,
3909 * Cancel-My-Jobs, Close-Job, and CUPS-Get-Document, which ensures that
3910 * upgrades do not introduce new security issues...
3911 */
3912
3913 if ((op = cupsdFindPolicyOp(pol, IPP_VALIDATE_JOB)) == NULL ||
3914 op->op == IPP_ANY_OPERATION)
3915 {
3916 if ((op = cupsdFindPolicyOp(pol, IPP_PRINT_JOB)) != NULL &&
3917 op->op != IPP_ANY_OPERATION)
3918 {
3919 /*
3920 * Add a new limit for Validate-Job using the Print-Job limit as a
3921 * template...
3922 */
3923
3924 cupsdLogMessage(CUPSD_LOG_WARN,
3925 "No limit for Validate-Job defined in policy %s "
3926 "- using Print-Job's policy.", pol->name);
3927
3928 cupsdAddPolicyOp(pol, op, IPP_VALIDATE_JOB);
3929 }
3930 else
3931 cupsdLogMessage(CUPSD_LOG_WARN,
3932 "No limit for Validate-Job defined in policy %s "
3933 "and no suitable template found.", pol->name);
3934 }
3935
3936 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_JOBS)) == NULL ||
3937 op->op == IPP_ANY_OPERATION)
3938 {
3939 if ((op = cupsdFindPolicyOp(pol, IPP_PAUSE_PRINTER)) != NULL &&
3940 op->op != IPP_ANY_OPERATION)
3941 {
3942 /*
3943 * Add a new limit for Cancel-Jobs using the Pause-Printer limit as a
3944 * template...
3945 */
3946
3947 cupsdLogMessage(CUPSD_LOG_WARN,
3948 "No limit for Cancel-Jobs defined in policy %s "
3949 "- using Pause-Printer's policy.", pol->name);
3950
3951 cupsdAddPolicyOp(pol, op, IPP_CANCEL_JOBS);
3952 }
3953 else
3954 cupsdLogMessage(CUPSD_LOG_WARN,
3955 "No limit for Cancel-Jobs defined in policy %s "
3956 "and no suitable template found.", pol->name);
3957 }
3958
3959 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_MY_JOBS)) == NULL ||
3960 op->op == IPP_ANY_OPERATION)
3961 {
3962 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3963 op->op != IPP_ANY_OPERATION)
3964 {
3965 /*
3966 * Add a new limit for Cancel-My-Jobs using the Send-Document limit as
3967 * a template...
3968 */
3969
3970 cupsdLogMessage(CUPSD_LOG_WARN,
3971 "No limit for Cancel-My-Jobs defined in policy %s "
3972 "- using Send-Document's policy.", pol->name);
3973
3974 cupsdAddPolicyOp(pol, op, IPP_CANCEL_MY_JOBS);
3975 }
3976 else
3977 cupsdLogMessage(CUPSD_LOG_WARN,
3978 "No limit for Cancel-My-Jobs defined in policy %s "
3979 "and no suitable template found.", pol->name);
3980 }
3981
3982 if ((op = cupsdFindPolicyOp(pol, IPP_CLOSE_JOB)) == NULL ||
3983 op->op == IPP_ANY_OPERATION)
3984 {
3985 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3986 op->op != IPP_ANY_OPERATION)
3987 {
3988 /*
3989 * Add a new limit for Close-Job using the Send-Document limit as a
3990 * template...
3991 */
3992
3993 cupsdLogMessage(CUPSD_LOG_WARN,
3994 "No limit for Close-Job defined in policy %s "
3995 "- using Send-Document's policy.", pol->name);
3996
3997 cupsdAddPolicyOp(pol, op, IPP_CLOSE_JOB);
3998 }
3999 else
4000 cupsdLogMessage(CUPSD_LOG_WARN,
4001 "No limit for Close-Job defined in policy %s "
4002 "and no suitable template found.", pol->name);
4003 }
4004
4005 if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL ||
4006 op->op == IPP_ANY_OPERATION)
4007 {
4008 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
4009 op->op != IPP_ANY_OPERATION)
4010 {
4011 /*
4012 * Add a new limit for CUPS-Get-Document using the Send-Document
4013 * limit as a template...
4014 */
4015
4016 cupsdLogMessage(CUPSD_LOG_WARN,
4017 "No limit for CUPS-Get-Document defined in policy %s "
4018 "- using Send-Document's policy.", pol->name);
4019
4020 cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT);
4021 }
4022 else
4023 cupsdLogMessage(CUPSD_LOG_WARN,
4024 "No limit for CUPS-Get-Document defined in policy %s "
4025 "and no suitable template found.", pol->name);
4026 }
4027
4028 /*
4029 * Verify we have JobPrivateAccess, JobPrivateValues,
4030 * SubscriptionPrivateAccess, and SubscriptionPrivateValues in the policy.
4031 */
4032
4033 if (!pol->job_access)
4034 {
4035 cupsdLogMessage(CUPSD_LOG_WARN,
4036 "No JobPrivateAccess defined in policy %s "
4037 "- using defaults.", pol->name);
4038 cupsdAddString(&(pol->job_access), "@OWNER");
4039 cupsdAddString(&(pol->job_access), "@SYSTEM");
4040 }
4041
4042 if (!pol->job_attrs)
4043 {
4044 cupsdLogMessage(CUPSD_LOG_WARN,
4045 "No JobPrivateValues defined in policy %s "
4046 "- using defaults.", pol->name);
4047 cupsdAddString(&(pol->job_attrs), "job-name");
4048 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
4049 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
82cc1f9a 4050 cupsdAddString(&(pol->job_attrs), "phone");
10d09e33
MS		 4051 }
4052
4053 if (!pol->sub_access)
4054 {
4055 cupsdLogMessage(CUPSD_LOG_WARN,
4056 "No SubscriptionPrivateAccess defined in policy %s "
4057 "- using defaults.", pol->name);
4058 cupsdAddString(&(pol->sub_access), "@OWNER");
4059 cupsdAddString(&(pol->sub_access), "@SYSTEM");
4060 }
4061
4062 if (!pol->sub_attrs)
4063 {
4064 cupsdLogMessage(CUPSD_LOG_WARN,
4065 "No SubscriptionPrivateValues defined in policy %s "
4066 "- using defaults.", pol->name);
4067 cupsdAddString(&(pol->sub_attrs), "notify-events");
4068 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
4069 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
4070 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
4071 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
4072 }
4073}
4074
4075
4076/*
f2d18633 4077 * End of "$Id$".
ef416fc2 4078 */
Unnamed repository; edit this file 'description' to name the repository.