4 * User, system, and password routines for CUPS.
6 * Copyright 2007-2015 by Apple Inc.
7 * Copyright 1997-2006 by Easy Software Products.
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
15 * This file is subject to the Apple OS-Developed Software exception.
19 * Include necessary headers...
22 #include "cups-private.h"
30 # include <sys/utsname.h>
38 #define _CUPS_PASSCHAR '*' /* Character that is echoed for password */
45 typedef struct _cups_client_conf_s
/**** client.conf config data ****/
48 int ssl_options
; /* SSLOptions values */
50 int any_root
, /* Allow any (e.g., self-signed) root */
51 expired_certs
, /* Allow expired certs */
52 validate_certs
; /* Validate certificates */
53 http_encryption_t encryption
; /* Encryption setting */
54 char user
[65], /* User name */
58 char gss_service_name
[32];
59 /* Kerberos service name */
60 #endif /* HAVE_GSSAPI */
61 } _cups_client_conf_t
;
68 static void cups_finalize_client_conf(_cups_client_conf_t
*cc
);
69 static void cups_init_client_conf(_cups_client_conf_t
*cc
);
70 static void cups_read_client_conf(cups_file_t
*fp
, _cups_client_conf_t
*cc
);
71 static void cups_set_encryption(_cups_client_conf_t
*cc
, const char *value
);
73 static void cups_set_gss_service_name(_cups_client_conf_t
*cc
, const char *value
);
74 #endif /* HAVE_GSSAPI */
75 static void cups_set_server_name(_cups_client_conf_t
*cc
, const char *value
);
77 static void cups_set_ssl_options(_cups_client_conf_t
*cc
, const char *value
);
79 static void cups_set_user(_cups_client_conf_t
*cc
, const char *value
);
83 * 'cupsEncryption()' - Get the current encryption settings.
85 * The default encryption setting comes from the CUPS_ENCRYPTION
86 * environment variable, then the ~/.cups/client.conf file, and finally the
87 * /etc/cups/client.conf file. If not set, the default is
88 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
90 * Note: The current encryption setting is tracked separately for each thread
91 * in a program. Multi-threaded programs that override the setting via the
92 * @link cupsSetEncryption@ function need to do so in each thread for the same
96 http_encryption_t
/* O - Encryption settings */
99 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
102 if (cg
->encryption
== (http_encryption_t
)-1)
105 return (cg
->encryption
);
110 * 'cupsGetPassword()' - Get a password from the user.
112 * Uses the current password callback function. Returns @code NULL@ if the
113 * user does not provide a password.
115 * Note: The current password callback function is tracked separately for each
116 * thread in a program. Multi-threaded programs that override the setting via
117 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
118 * do so in each thread for the same function to be used.
121 const char * /* O - Password */
122 cupsGetPassword(const char *prompt
) /* I - Prompt string */
124 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
127 return ((cg
->password_cb
)(prompt
, NULL
, NULL
, NULL
, cg
->password_data
));
132 * 'cupsGetPassword2()' - Get a password from the user using the advanced
135 * Uses the current password callback function. Returns @code NULL@ if the
136 * user does not provide a password.
138 * Note: The current password callback function is tracked separately for each
139 * thread in a program. Multi-threaded programs that override the setting via
140 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
141 * do so in each thread for the same function to be used.
143 * @since CUPS 1.4/OS X 10.6@
146 const char * /* O - Password */
147 cupsGetPassword2(const char *prompt
, /* I - Prompt string */
148 http_t
*http
, /* I - Connection to server or @code CUPS_HTTP_DEFAULT@ */
149 const char *method
, /* I - Request method ("GET", "POST", "PUT") */
150 const char *resource
) /* I - Resource path */
152 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
156 http
= _cupsConnect();
158 return ((cg
->password_cb
)(prompt
, http
, method
, resource
, cg
->password_data
));
163 * 'cupsServer()' - Return the hostname/address of the current server.
165 * The default server comes from the CUPS_SERVER environment variable, then the
166 * ~/.cups/client.conf file, and finally the /etc/cups/client.conf file. If not
167 * set, the default is the local system - either "localhost" or a domain socket
170 * The returned value can be a fully-qualified hostname, a numeric IPv4 or IPv6
171 * address, or a domain socket pathname.
173 * Note: The current server is tracked separately for each thread in a program.
174 * Multi-threaded programs that override the server via the
175 * @link cupsSetServer@ function need to do so in each thread for the same
179 const char * /* O - Server name */
182 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
193 * 'cupsSetClientCertCB()' - Set the client certificate callback.
195 * Pass @code NULL@ to restore the default callback.
197 * Note: The current certificate callback is tracked separately for each thread
198 * in a program. Multi-threaded programs that override the callback need to do
199 * so in each thread for the same callback to be used.
201 * @since CUPS 1.5/OS X 10.7@
206 cups_client_cert_cb_t cb
, /* I - Callback function */
207 void *user_data
) /* I - User data pointer */
209 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
212 cg
->client_cert_cb
= cb
;
213 cg
->client_cert_data
= user_data
;
218 * 'cupsSetCredentials()' - Set the default credentials to be used for SSL/TLS
221 * Note: The default credentials are tracked separately for each thread in a
222 * program. Multi-threaded programs that override the setting need to do so in
223 * each thread for the same setting to be used.
225 * @since CUPS 1.5/OS X 10.7@
228 int /* O - Status of call (0 = success) */
230 cups_array_t
*credentials
) /* I - Array of credentials */
232 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
235 if (cupsArrayCount(credentials
) < 1)
239 _httpFreeCredentials(cg
->tls_credentials
);
240 cg
->tls_credentials
= _httpCreateCredentials(credentials
);
241 #endif /* HAVE_SSL */
243 return (cg
->tls_credentials
? 0 : -1);
248 * 'cupsSetEncryption()' - Set the encryption preference.
250 * The default encryption setting comes from the CUPS_ENCRYPTION
251 * environment variable, then the ~/.cups/client.conf file, and finally the
252 * /etc/cups/client.conf file. If not set, the default is
253 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
255 * Note: The current encryption setting is tracked separately for each thread
256 * in a program. Multi-threaded programs that override the setting need to do
257 * so in each thread for the same setting to be used.
261 cupsSetEncryption(http_encryption_t e
) /* I - New encryption preference */
263 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
269 httpEncryption(cg
->http
, e
);
274 * 'cupsSetPasswordCB()' - Set the password callback for CUPS.
276 * Pass @code NULL@ to restore the default (console) password callback, which
277 * reads the password from the console. Programs should call either this
278 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
279 * by a program per thread.
281 * Note: The current password callback is tracked separately for each thread
282 * in a program. Multi-threaded programs that override the callback need to do
283 * so in each thread for the same callback to be used.
287 cupsSetPasswordCB(cups_password_cb_t cb
)/* I - Callback function */
289 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
292 if (cb
== (cups_password_cb_t
)0)
293 cg
->password_cb
= (cups_password_cb2_t
)_cupsGetPassword
;
295 cg
->password_cb
= (cups_password_cb2_t
)cb
;
297 cg
->password_data
= NULL
;
302 * 'cupsSetPasswordCB2()' - Set the advanced password callback for CUPS.
304 * Pass @code NULL@ to restore the default (console) password callback, which
305 * reads the password from the console. Programs should call either this
306 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
307 * by a program per thread.
309 * Note: The current password callback is tracked separately for each thread
310 * in a program. Multi-threaded programs that override the callback need to do
311 * so in each thread for the same callback to be used.
313 * @since CUPS 1.4/OS X 10.6@
318 cups_password_cb2_t cb
, /* I - Callback function */
319 void *user_data
) /* I - User data pointer */
321 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
324 if (cb
== (cups_password_cb2_t
)0)
325 cg
->password_cb
= (cups_password_cb2_t
)_cupsGetPassword
;
327 cg
->password_cb
= cb
;
329 cg
->password_data
= user_data
;
334 * 'cupsSetServer()' - Set the default server name and port.
336 * The "server" string can be a fully-qualified hostname, a numeric
337 * IPv4 or IPv6 address, or a domain socket pathname. Hostnames and numeric IP
338 * addresses can be optionally followed by a colon and port number to override
339 * the default port 631, e.g. "hostname:8631". Pass @code NULL@ to restore the
340 * default server name and port.
342 * Note: The current server is tracked separately for each thread in a program.
343 * Multi-threaded programs that override the server need to do so in each
344 * thread for the same server to be used.
348 cupsSetServer(const char *server
) /* I - Server name */
350 char *options
, /* Options */
351 *port
; /* Pointer to port */
352 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
357 strlcpy(cg
->server
, server
, sizeof(cg
->server
));
359 if (cg
->server
[0] != '/' && (options
= strrchr(cg
->server
, '/')) != NULL
)
363 if (!strcmp(options
, "version=1.0"))
364 cg
->server_version
= 10;
365 else if (!strcmp(options
, "version=1.1"))
366 cg
->server_version
= 11;
367 else if (!strcmp(options
, "version=2.0"))
368 cg
->server_version
= 20;
369 else if (!strcmp(options
, "version=2.1"))
370 cg
->server_version
= 21;
371 else if (!strcmp(options
, "version=2.2"))
372 cg
->server_version
= 22;
375 cg
->server_version
= 20;
377 if (cg
->server
[0] != '/' && (port
= strrchr(cg
->server
, ':')) != NULL
&&
378 !strchr(port
, ']') && isdigit(port
[1] & 255))
382 cg
->ipp_port
= atoi(port
);
385 if (cg
->server
[0] == '/')
386 strlcpy(cg
->servername
, "localhost", sizeof(cg
->servername
));
388 strlcpy(cg
->servername
, cg
->server
, sizeof(cg
->servername
));
392 cg
->server
[0] = '\0';
393 cg
->servername
[0] = '\0';
394 cg
->server_version
= 20;
406 * 'cupsSetServerCertCB()' - Set the server certificate callback.
408 * Pass @code NULL@ to restore the default callback.
410 * Note: The current credentials callback is tracked separately for each thread
411 * in a program. Multi-threaded programs that override the callback need to do
412 * so in each thread for the same callback to be used.
414 * @since CUPS 1.5/OS X 10.7@
419 cups_server_cert_cb_t cb
, /* I - Callback function */
420 void *user_data
) /* I - User data pointer */
422 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
425 cg
->server_cert_cb
= cb
;
426 cg
->server_cert_data
= user_data
;
431 * 'cupsSetUser()' - Set the default user name.
433 * Pass @code NULL@ to restore the default user name.
435 * Note: The current user name is tracked separately for each thread in a
436 * program. Multi-threaded programs that override the user name need to do so
437 * in each thread for the same user name to be used.
441 cupsSetUser(const char *user
) /* I - User name */
443 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
447 strlcpy(cg
->user
, user
, sizeof(cg
->user
));
454 * 'cupsSetUserAgent()' - Set the default HTTP User-Agent string.
456 * Setting the string to NULL forces the default value containing the CUPS
457 * version, IPP version, and operating system version and architecture.
459 * @since CUPS 1.7/OS X 10.9@
463 cupsSetUserAgent(const char *user_agent
)/* I - User-Agent string or @code NULL@ */
465 _cups_globals_t
*cg
= _cupsGlobals();
468 SYSTEM_INFO sysinfo
; /* System information */
469 OSVERSIONINFO version
; /* OS version info */
471 struct utsname name
; /* uname info */
477 strlcpy(cg
->user_agent
, user_agent
, sizeof(cg
->user_agent
));
482 version
.dwOSVersionInfoSize
= sizeof(OSVERSIONINFO
);
483 GetVersionEx(&version
);
484 GetNativeSystemInfo(&sysinfo
);
486 snprintf(cg
->user_agent
, sizeof(cg
->user_agent
),
487 CUPS_MINIMAL
" (Windows %d.%d; %s) IPP/2.0",
488 version
.dwMajorVersion
, version
.dwMinorVersion
,
489 sysinfo
.wProcessorArchitecture
490 == PROCESSOR_ARCHITECTURE_AMD64
? "amd64" :
491 sysinfo
.wProcessorArchitecture
492 == PROCESSOR_ARCHITECTURE_ARM
? "arm" :
493 sysinfo
.wProcessorArchitecture
494 == PROCESSOR_ARCHITECTURE_IA64
? "ia64" :
495 sysinfo
.wProcessorArchitecture
496 == PROCESSOR_ARCHITECTURE_INTEL
? "intel" :
502 snprintf(cg
->user_agent
, sizeof(cg
->user_agent
),
503 CUPS_MINIMAL
" (%s %s; %s) IPP/2.0",
504 name
.sysname
, name
.release
, name
.machine
);
510 * 'cupsUser()' - Return the current user's name.
512 * Note: The current user name is tracked separately for each thread in a
513 * program. Multi-threaded programs that override the user name with the
514 * @link cupsSetUser@ function need to do so in each thread for the same user
518 const char * /* O - User name */
521 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
532 * 'cupsUserAgent()' - Return the default HTTP User-Agent string.
534 * @since CUPS 1.7/OS X 10.9@
537 const char * /* O - User-Agent string */
540 _cups_globals_t
*cg
= _cupsGlobals(); /* Thread globals */
543 if (!cg
->user_agent
[0])
544 cupsSetUserAgent(NULL
);
546 return (cg
->user_agent
);
551 * '_cupsGetPassword()' - Get a password from the user.
554 const char * /* O - Password or @code NULL@ if none */
555 _cupsGetPassword(const char *prompt
) /* I - Prompt string */
558 HANDLE tty
; /* Console handle */
559 DWORD mode
; /* Console mode */
560 char passch
, /* Current key press */
561 *passptr
, /* Pointer into password string */
562 *passend
; /* End of password string */
563 DWORD passbytes
; /* Bytes read */
564 _cups_globals_t
*cg
= _cupsGlobals();
569 * Disable input echo and set raw input...
572 if ((tty
= GetStdHandle(STD_INPUT_HANDLE
)) == INVALID_HANDLE_VALUE
)
575 if (!GetConsoleMode(tty
, &mode
))
578 if (!SetConsoleMode(tty
, 0))
582 * Display the prompt...
585 printf("%s ", prompt
);
589 * Read the password string from /dev/tty until we get interrupted or get a
590 * carriage return or newline...
593 passptr
= cg
->password
;
594 passend
= cg
->password
+ sizeof(cg
->password
) - 1;
596 while (ReadFile(tty
, &passch
, 1, &passbytes
, NULL
))
598 if (passch
== 0x0A || passch
== 0x0D)
606 else if (passch
== 0x08 || passch
== 0x7F)
609 * Backspace/delete (erase character)...
612 if (passptr
> cg
->password
)
615 fputs("\010 \010", stdout
);
620 else if (passch
== 0x15)
623 * CTRL+U (erase line)
626 if (passptr
> cg
->password
)
628 while (passptr
> cg
->password
)
631 fputs("\010 \010", stdout
);
637 else if (passch
== 0x03)
643 passptr
= cg
->password
;
646 else if ((passch
& 255) < 0x20 || passptr
>= passend
)
651 putchar(_CUPS_PASSCHAR
);
664 SetConsoleMode(tty
, mode
);
667 * Return the proper value...
670 if (passbytes
== 1 && passptr
> cg
->password
)
673 return (cg
->password
);
677 memset(cg
->password
, 0, sizeof(cg
->password
));
682 int tty
; /* /dev/tty - never read from stdin */
683 struct termios original
, /* Original input mode */
684 noecho
; /* No echo input mode */
685 char passch
, /* Current key press */
686 *passptr
, /* Pointer into password string */
687 *passend
; /* End of password string */
688 ssize_t passbytes
; /* Bytes read */
689 _cups_globals_t
*cg
= _cupsGlobals();
694 * Disable input echo and set raw input...
697 if ((tty
= open("/dev/tty", O_RDONLY
)) < 0)
700 if (tcgetattr(tty
, &original
))
707 noecho
.c_lflag
&= (tcflag_t
)~(ICANON
| ECHO
| ECHOE
| ISIG
);
709 if (tcsetattr(tty
, TCSAFLUSH
, &noecho
))
716 * Display the prompt...
719 printf("%s ", prompt
);
723 * Read the password string from /dev/tty until we get interrupted or get a
724 * carriage return or newline...
727 passptr
= cg
->password
;
728 passend
= cg
->password
+ sizeof(cg
->password
) - 1;
730 while ((passbytes
= read(tty
, &passch
, 1)) == 1)
732 if (passch
== noecho
.c_cc
[VEOL
] ||
734 passch
== noecho
.c_cc
[VEOL2
] ||
736 passch
== 0x0A || passch
== 0x0D)
744 else if (passch
== noecho
.c_cc
[VERASE
] ||
745 passch
== 0x08 || passch
== 0x7F)
748 * Backspace/delete (erase character)...
751 if (passptr
> cg
->password
)
754 fputs("\010 \010", stdout
);
759 else if (passch
== noecho
.c_cc
[VKILL
])
762 * CTRL+U (erase line)
765 if (passptr
> cg
->password
)
767 while (passptr
> cg
->password
)
770 fputs("\010 \010", stdout
);
776 else if (passch
== noecho
.c_cc
[VINTR
] || passch
== noecho
.c_cc
[VQUIT
] ||
777 passch
== noecho
.c_cc
[VEOF
])
780 * CTRL+C, CTRL+D, or CTRL+Z...
783 passptr
= cg
->password
;
786 else if ((passch
& 255) < 0x20 || passptr
>= passend
)
791 putchar(_CUPS_PASSCHAR
);
804 tcsetattr(tty
, TCSAFLUSH
, &original
);
808 * Return the proper value...
811 if (passbytes
== 1 && passptr
> cg
->password
)
814 return (cg
->password
);
818 memset(cg
->password
, 0, sizeof(cg
->password
));
827 * '_cupsGSSServiceName()' - Get the GSS (Kerberos) service name.
831 _cupsGSSServiceName(void)
833 _cups_globals_t
*cg
= _cupsGlobals(); /* Thread globals */
836 if (!cg
->gss_service_name
[0])
839 return (cg
->gss_service_name
);
841 #endif /* HAVE_GSSAPI */
845 * '_cupsSetDefaults()' - Set the default server, port, and encryption.
849 _cupsSetDefaults(void)
851 cups_file_t
*fp
; /* File */
852 const char *home
; /* Home directory of user */
853 char filename
[1024]; /* Filename */
854 _cups_client_conf_t cc
; /* client.conf values */
855 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
858 DEBUG_puts("_cupsSetDefaults()");
861 * Load initial client.conf values...
864 cups_init_client_conf(&cc
);
867 * Read the /etc/cups/client.conf and ~/.cups/client.conf files, if
871 snprintf(filename
, sizeof(filename
), "%s/client.conf", cg
->cups_serverroot
);
872 if ((fp
= cupsFileOpen(filename
, "r")) != NULL
)
874 cups_read_client_conf(fp
, &cc
);
879 if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home
= getenv("HOME")) != NULL
)
880 # elif !defined(WIN32)
881 if (getuid() && (home
= getenv("HOME")) != NULL
)
883 if ((home
= getenv("HOME")) != NULL
)
884 # endif /* HAVE_GETEUID */
887 * Look for ~/.cups/client.conf...
890 snprintf(filename
, sizeof(filename
), "%s/.cups/client.conf", home
);
891 if ((fp
= cupsFileOpen(filename
, "r")) != NULL
)
893 cups_read_client_conf(fp
, &cc
);
899 * Finalize things so every client.conf value is set...
902 cups_finalize_client_conf(&cc
);
904 if (cg
->encryption
== (http_encryption_t
)-1)
905 cg
->encryption
= cc
.encryption
;
907 if (!cg
->server
[0] || !cg
->ipp_port
)
908 cupsSetServer(cc
.server_name
);
912 const char *ipp_port
; /* IPP_PORT environment variable */
914 if ((ipp_port
= getenv("IPP_PORT")) != NULL
)
916 if ((cg
->ipp_port
= atoi(ipp_port
)) <= 0)
917 cg
->ipp_port
= CUPS_DEFAULT_IPP_PORT
;
920 cg
->ipp_port
= CUPS_DEFAULT_IPP_PORT
;
924 strlcpy(cg
->user
, cc
.user
, sizeof(cg
->user
));
927 if (!cg
->gss_service_name
[0])
928 strlcpy(cg
->gss_service_name
, cc
.gss_service_name
, sizeof(cg
->gss_service_name
));
929 #endif /* HAVE_GSSAPI */
931 if (cg
->any_root
< 0)
932 cg
->any_root
= cc
.any_root
;
934 if (cg
->expired_certs
< 0)
935 cg
->expired_certs
= cc
.expired_certs
;
937 if (cg
->validate_certs
< 0)
938 cg
->validate_certs
= cc
.validate_certs
;
941 _httpTLSSetOptions(cc
.ssl_options
);
942 #endif /* HAVE_SSL */
947 * 'cups_boolean_value()' - Convert a string to a boolean value.
950 static int /* O - Boolean value */
951 cups_boolean_value(const char *value
) /* I - String value */
953 return (!_cups_strcasecmp(value
, "yes") || !_cups_strcasecmp(value
, "on") || !_cups_strcasecmp(value
, "true"));
958 * 'cups_finalize_client_conf()' - Finalize client.conf values.
962 cups_finalize_client_conf(
963 _cups_client_conf_t
*cc
) /* I - client.conf values */
965 const char *value
; /* Environment variable */
968 if ((value
= getenv("CUPS_ANYROOT")) != NULL
)
969 cc
->any_root
= cups_boolean_value(value
);
971 if ((value
= getenv("CUPS_ENCRYPTION")) != NULL
)
972 cups_set_encryption(cc
, value
);
974 if ((value
= getenv("CUPS_EXPIREDCERTS")) != NULL
)
975 cc
->expired_certs
= cups_boolean_value(value
);
978 if ((value
= getenv("CUPS_GSSSERVICENAME")) != NULL
)
979 cups_set_gss_service_name(cc
, value
);
980 #endif /* HAVE_GSSAPI */
982 if ((value
= getenv("CUPS_SERVER")) != NULL
)
983 cups_set_server_name(cc
, value
);
985 if ((value
= getenv("CUPS_USER")) != NULL
)
986 cups_set_user(cc
, value
);
988 if ((value
= getenv("CUPS_VALIDATECERTS")) != NULL
)
989 cc
->validate_certs
= cups_boolean_value(value
);
992 * Then apply defaults for those values that haven't been set...
995 if (cc
->any_root
< 0)
998 if (cc
->encryption
== (http_encryption_t
)-1)
999 cc
->encryption
= HTTP_ENCRYPTION_IF_REQUESTED
;
1001 if (cc
->expired_certs
< 0)
1002 cc
->expired_certs
= 1;
1005 if (!cc
->gss_service_name
[0])
1006 cups_set_gss_service_name(cc
, CUPS_DEFAULT_GSSSERVICENAME
);
1007 #endif /* HAVE_GSSAPI */
1009 if (!cc
->server_name
[0])
1011 #ifdef CUPS_DEFAULT_DOMAINSOCKET
1013 * If we are compiled with domain socket support, only use the
1014 * domain socket if it exists and has the right permissions...
1017 struct stat sockinfo
; /* Domain socket information */
1019 if (!stat(CUPS_DEFAULT_DOMAINSOCKET
, &sockinfo
) &&
1020 (sockinfo
.st_mode
& S_IRWXO
) == S_IRWXO
)
1021 cups_set_server_name(cc
, CUPS_DEFAULT_DOMAINSOCKET
);
1023 #endif /* CUPS_DEFAULT_DOMAINSOCKET */
1024 cups_set_server_name(cc
, "localhost");
1031 * Get the current user name from the OS...
1034 DWORD size
; /* Size of string */
1036 size
= sizeof(cc
->user
);
1037 if (!GetUserName(cc
->user
, &size
))
1040 * Try the USER environment variable as the default username...
1043 const char *envuser
= getenv("USER");
1044 /* Default username */
1045 struct passwd
*pw
= NULL
; /* Account information */
1050 * Validate USER matches the current UID, otherwise don't allow it to
1051 * override things... This makes sure that printing after doing su
1052 * or sudo records the correct username.
1055 if ((pw
= getpwnam(envuser
)) != NULL
&& pw
->pw_uid
!= getuid())
1060 pw
= getpwuid(getuid());
1063 strlcpy(cc
->user
, pw
->pw_name
, sizeof(cc
->user
));
1068 * Use the default "unknown" user name...
1071 strlcpy(cc
->user
, "unknown", sizeof(cc
->user
));
1075 if (cc
->validate_certs
< 0)
1076 cc
->validate_certs
= 0;
1081 * 'cups_init_client_conf()' - Initialize client.conf values.
1085 cups_init_client_conf(
1086 _cups_client_conf_t
*cc
) /* I - client.conf values */
1089 * Clear all values to "not set"...
1092 memset(cc
, 0, sizeof(_cups_client_conf_t
));
1094 cc
->encryption
= (http_encryption_t
)-1;
1096 cc
->expired_certs
= -1;
1097 cc
->validate_certs
= -1;
1102 * 'cups_read_client_conf()' - Read a client.conf file.
1106 cups_read_client_conf(
1107 cups_file_t
*fp
, /* I - File to read */
1108 _cups_client_conf_t
*cc
) /* I - client.conf values */
1110 int linenum
; /* Current line number */
1111 char line
[1024], /* Line from file */
1112 *value
; /* Pointer into line */
1116 * Read from the file...
1120 while (cupsFileGetConf(fp
, line
, sizeof(line
), &value
, &linenum
))
1122 if (!_cups_strcasecmp(line
, "Encryption") && value
)
1123 cups_set_encryption(cc
, value
);
1126 * The ServerName directive is not supported on OS X due to app
1127 * sandboxing restrictions, i.e. not all apps request network access.
1129 else if (!_cups_strcasecmp(line
, "ServerName") && value
)
1130 cups_set_server_name(cc
, value
);
1131 #endif /* !__APPLE__ */
1132 else if (!_cups_strcasecmp(line
, "User") && value
)
1133 cups_set_user(cc
, value
);
1134 else if (!_cups_strcasecmp(line
, "AllowAnyRoot") && value
)
1135 cc
->any_root
= cups_boolean_value(value
);
1136 else if (!_cups_strcasecmp(line
, "AllowExpiredCerts") &&
1138 cc
->expired_certs
= cups_boolean_value(value
);
1139 else if (!_cups_strcasecmp(line
, "ValidateCerts") && value
)
1140 cc
->validate_certs
= cups_boolean_value(value
);
1142 else if (!_cups_strcasecmp(line
, "GSSServiceName") && value
)
1143 cups_set_gss_service_name(cc
, value
);
1144 #endif /* HAVE_GSSAPI */
1146 else if (!_cups_strcasecmp(line
, "SSLOptions") && value
)
1147 cups_set_ssl_options(cc
, value
);
1148 #endif /* HAVE_SSL */
1154 * 'cups_set_encryption()' - Set the Encryption value.
1158 cups_set_encryption(
1159 _cups_client_conf_t
*cc
, /* I - client.conf values */
1160 const char *value
) /* I - Value */
1162 if (!_cups_strcasecmp(value
, "never"))
1163 cc
->encryption
= HTTP_ENCRYPTION_NEVER
;
1164 else if (!_cups_strcasecmp(value
, "always"))
1165 cc
->encryption
= HTTP_ENCRYPTION_ALWAYS
;
1166 else if (!_cups_strcasecmp(value
, "required"))
1167 cc
->encryption
= HTTP_ENCRYPTION_REQUIRED
;
1169 cc
->encryption
= HTTP_ENCRYPTION_IF_REQUESTED
;
1174 * 'cups_set_gss_service_name()' - Set the GSSServiceName value.
1179 cups_set_gss_service_name(
1180 _cups_client_conf_t
*cc
, /* I - client.conf values */
1181 const char *value
) /* I - Value */
1183 strlcpy(cc
->gss_service_name
, value
, sizeof(cc
->gss_service_name
));
1185 #endif /* HAVE_GSSAPI */
1189 * 'cups_set_server_name()' - Set the ServerName value.
1193 cups_set_server_name(
1194 _cups_client_conf_t
*cc
, /* I - client.conf values */
1195 const char *value
) /* I - Value */
1197 strlcpy(cc
->server_name
, value
, sizeof(cc
->server_name
));
1202 * 'cups_set_ssl_options()' - Set the SSLOptions value.
1207 cups_set_ssl_options(
1208 _cups_client_conf_t
*cc
, /* I - client.conf values */
1209 const char *value
) /* I - Value */
1212 * SSLOptions [AllowRC4] [AllowSSL3] [None]
1215 int options
= 0; /* SSL/TLS options */
1216 char temp
[256], /* Copy of value */
1217 *start
, /* Start of option */
1218 *end
; /* End of option */
1221 strlcpy(temp
, value
, sizeof(temp
));
1223 for (start
= temp
; *start
; start
= end
)
1226 * Find end of keyword...
1230 while (*end
&& !_cups_isspace(*end
))
1240 if (!_cups_strcasecmp(start
, "AllowRC4"))
1241 options
|= _HTTP_TLS_ALLOW_RC4
;
1242 else if (!_cups_strcasecmp(start
, "AllowSSL3"))
1243 options
|= _HTTP_TLS_ALLOW_SSL3
;
1244 else if (!_cups_strcasecmp(start
, "None"))
1248 cc
->ssl_options
= options
;
1250 #endif /* HAVE_SSL */
1254 * 'cups_set_user()' - Set the User value.
1259 _cups_client_conf_t
*cc
, /* I - client.conf values */
1260 const char *value
) /* I - Value */
1262 strlcpy(cc
->user
, value
, sizeof(cc
->user
));