cups/auth.c

   1 /*
   2  * "$Id: auth.c,v 1.1.2.6 2004/02/26 16:27:51 mike Exp $"
   3  *
   4  *   Authentication functions for the Common UNIX Printing System (CUPS).
   5  *
   6  *   Copyright 1997-2003 by Easy Software Products.
   7  *
   8  *   These coded instructions, statements, and computer programs are the
   9  *   property of Easy Software Products and are protected by Federal
  10  *   copyright law.  Distribution and use rights are outlined in the file
  11  *   "LICENSE.txt" which should have been included with this file.  If this
  12  *   file is missing or damaged please contact Easy Software Products
  13  *   at:
  14  *
  15  *       Attn: CUPS Licensing Information
  16  *       Easy Software Products
  17  *       44141 Airport View Drive, Suite 204
  18  *       Hollywood, Maryland 20636-3111 USA
  19  *
  20  *       Voice: (301) 373-9603
  21  *       EMail: cups-info@cups.org
  22  *         WWW: http://www.cups.org
  23  *
  24  *   This file is subject to the Apple OS-Developed Software exception.
  25  *
  26  * Contents:
  27  *
  28  *   cupsDoAuthentication() - Authenticate a request...
  29  *   cups_local_auth()      - Get the local authorization certificate if
  30  *                            available/applicable...
  31  */
  32
  33 /*
  34  * Include necessary headers...
  35  */
  36
  37 #include "cups.h"
  38 #include "ipp.h"
  39 #include "language.h"
  40 #include "string.h"
  41 #include "debug.h"
  42 #include <stdlib.h>
  43 #include <ctype.h>
  44 #include <errno.h>
  45 #include <fcntl.h>
  46 #include <sys/stat.h>
  47 #if defined(WIN32) || defined(__EMX__)
  48 #  include <io.h>
  49 #else
  50 #  include <unistd.h>
  51 #endif /* WIN32 || __EMX__ */
  52
  53
  54 /*
  55  * Local functions...
  56  */
  57
  58 static int      cups_local_auth(http_t *http);
  59
  60
  61 /*
  62  * 'cupsDoAuthentication()' - Authenticate a request...
  63  */
  64
  65 int                                     /* O - 0 on success, -1 on error */
  66 cupsDoAuthentication(http_t     *http,  /* I - HTTP connection to server */
  67                      const char *method,/* I - Request method (GET, POST, PUT) */
  68                      const char *resource)
  69                                         /* I - Resource path */
  70 {
  71   const char    *password;              /* Password string */
  72   char          prompt[1024],           /* Prompt for user */
  73                 realm[HTTP_MAX_VALUE],  /* realm="xyz" string */
  74                 nonce[HTTP_MAX_VALUE],  /* nonce="xyz" string */
  75                 encode[512];            /* Encoded username:password */
  76
  77
  78   DEBUG_printf(("cupsDoAuthentication(http=%p, method=\"%s\", resource=\"%s\")\n",
  79                 http, method, resource));
  80
  81  /*
  82   * Clear the current authentication string...
  83   */
  84
  85   http->authstring[0] = '\0';
  86
  87  /*
  88   * See if we can do local authentication...
  89   */
  90
  91   if (!cups_local_auth(http))
  92   {
  93     DEBUG_printf(("cupsDoAuthentication: authstring=\"%s\"\n", http->authstring));
  94     return (0);
  95   }
  96
  97  /*
  98   * Nope, see if we should retry the current username:password...
  99   */
 100
 101   if (http->digest_tries > 1 || !http->userpass[0])
 102   {
 103    /*
 104     * Nope - get a new password from the user...
 105     */
 106
 107     snprintf(prompt, sizeof(prompt), "Password for %s on %s? ", cupsUser(),
 108              http->hostname);
 109
 110     http->digest_tries  = strncasecmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE],
 111                                       "Basic", 5) == 0;
 112     http->userpass[0]   = '\0';
 113
 114     if ((password = cupsGetPassword(prompt)) == NULL)
 115       return (-1);
 116
 117     if (!password[0])
 118       return (-1);
 119
 120     snprintf(http->userpass, sizeof(http->userpass), "%s:%s", cupsUser(),
 121              password);
 122   }
 123   else if (http->status == HTTP_UNAUTHORIZED)
 124     http->digest_tries ++;
 125
 126  /*
 127   * Got a password; encode it for the server...
 128   */
 129
 130   if (strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Basic", 5) == 0)
 131   {
 132    /*
 133     * Basic authentication...
 134     */
 135
 136     httpEncode64(encode, http->userpass);
 137     snprintf(http->authstring, sizeof(http->authstring), "Basic %s", encode);
 138   }
 139   else
 140   {
 141    /*
 142     * Digest authentication...
 143     */
 144
 145     httpGetSubField(http, HTTP_FIELD_WWW_AUTHENTICATE, "realm", realm);
 146     httpGetSubField(http, HTTP_FIELD_WWW_AUTHENTICATE, "nonce", nonce);
 147
 148     httpMD5(cupsUser(), realm, strchr(http->userpass, ':') + 1, encode);
 149     httpMD5Final(nonce, method, resource, encode);
 150     snprintf(http->authstring, sizeof(http->authstring),
 151              "Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", "
 152              "uri=\"%s\", response=\"%s\"", cupsUser(), realm, nonce,
 153              resource, encode);
 154   }
 155
 156   DEBUG_printf(("cupsDoAuthentication: authstring=\"%s\"\n", http->authstring));
 157
 158   return (0);
 159 }
 160
 161
 162 /*
 163  * 'cups_local_auth()' - Get the local authorization certificate if
 164  *                       available/applicable...
 165  */
 166
 167 static int                              /* O - 0 if available, -1 if not */
 168 cups_local_auth(http_t *http)           /* I - HTTP connection to server */
 169 {
 170 #if defined(WIN32) || defined(__EMX__)
 171  /*
 172   * Currently WIN32 and OS-2 do not support the CUPS server...
 173   */
 174
 175   return (-1);
 176 #else
 177   int           pid;                    /* Current process ID */
 178   FILE          *fp;                    /* Certificate file */
 179   char          filename[1024],         /* Certificate filename */
 180                 certificate[33];        /* Certificate string */
 181   const char    *root;                  /* Server root directory */
 182
 183
 184   DEBUG_printf(("cups_local_auth(http=%p) hostaddr=%08x, hostname=\"%s\"\n",
 185                 http, ntohl(http->hostaddr.sin_addr.s_addr), http->hostname));
 186
 187  /*
 188   * See if we are accessing localhost...
 189   */
 190
 191   if (!httpAddrLocalhost(&http->hostaddr) &&
 192       strcasecmp(http->hostname, "localhost") != 0)
 193   {
 194     DEBUG_puts("cups_local_auth: Not a local connection!");
 195     return (-1);
 196   }
 197
 198  /*
 199   * Try opening a certificate file for this PID.  If that fails,
 200   * try the root certificate...
 201   */
 202
 203   if ((root = getenv("CUPS_SERVERROOT")) == NULL)
 204     root = CUPS_SERVERROOT;
 205
 206   pid = getpid();
 207   snprintf(filename, sizeof(filename), "%s/certs/%d", root, pid);
 208   if ((fp = fopen(filename, "r")) == NULL && pid > 0)
 209   {
 210     DEBUG_printf(("cups_local_auth: Unable to open file %s: %s\n",
 211                   filename, strerror(errno)));
 212
 213     snprintf(filename, sizeof(filename), "%s/certs/0", root);
 214     fp = fopen(filename, "r");
 215   }
 216
 217   if (fp == NULL)
 218   {
 219     DEBUG_printf(("cups_local_auth: Unable to open file %s: %s\n",
 220                   filename, strerror(errno)));
 221     return (-1);
 222   }
 223
 224  /*
 225   * Read the certificate from the file...
 226   */
 227
 228   fgets(certificate, sizeof(certificate), fp);
 229   fclose(fp);
 230
 231  /*
 232   * Set the authorization string and return...
 233   */
 234
 235   snprintf(http->authstring, sizeof(http->authstring), "Local %s", certificate);
 236
 237   DEBUG_printf(("cups_local_auth: Returning authstring = \"%s\"\n",
 238                 http->authstring));
 239
 240   return (0);
 241 #endif /* WIN32 || __EMX__ */
 242 }
 243
 244
 245 /*
 246  * End of "$Id: auth.c,v 1.1.2.6 2004/02/26 16:27:51 mike Exp $".
 247  */