2 * User, system, and password routines for CUPS.
4 * Copyright 2007-2017 by Apple Inc.
5 * Copyright 1997-2006 by Easy Software Products.
7 * These coded instructions, statements, and computer programs are the
8 * property of Apple Inc. and are protected by Federal copyright
9 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
10 * which should have been included with this file. If this file is
11 * missing or damaged, see the license at "http://www.cups.org/".
13 * This file is subject to the Apple OS-Developed Software exception.
17 * Include necessary headers...
20 #include "cups-private.h"
28 # include <sys/utsname.h>
37 # define kCUPSPrintingPrefs CFSTR("org.cups.PrintingPrefs")
38 # define kAllowAnyRootKey CFSTR("AllowAnyRoot")
39 # define kAllowExpiredCertsKey CFSTR("AllowExpiredCerts")
40 # define kEncryptionKey CFSTR("Encryption")
41 # define kGSSServiceNameKey CFSTR("GSSServiceName")
42 # define kSSLOptionsKey CFSTR("SSLOptions")
43 # define kTrustOnFirstUseKey CFSTR("TrustOnFirstUse")
44 # define kValidateCertsKey CFSTR("ValidateCerts")
45 #endif /* __APPLE__ */
47 #define _CUPS_PASSCHAR '*' /* Character that is echoed for password */
54 typedef struct _cups_client_conf_s
/**** client.conf config data ****/
57 int ssl_options
, /* SSLOptions values */
58 ssl_min_version
,/* Minimum SSL/TLS version */
59 ssl_max_version
;/* Maximum SSL/TLS version */
61 int trust_first
, /* Trust on first use? */
62 any_root
, /* Allow any (e.g., self-signed) root */
63 expired_certs
, /* Allow expired certs */
64 validate_certs
; /* Validate certificates */
65 http_encryption_t encryption
; /* Encryption setting */
66 char user
[65], /* User name */
70 char gss_service_name
[32];
71 /* Kerberos service name */
72 #endif /* HAVE_GSSAPI */
73 } _cups_client_conf_t
;
81 static int cups_apple_get_boolean(CFStringRef key
, int *value
);
82 static int cups_apple_get_string(CFStringRef key
, char *value
, size_t valsize
);
83 #endif /* __APPLE__ */
84 static int cups_boolean_value(const char *value
);
85 static void cups_finalize_client_conf(_cups_client_conf_t
*cc
);
86 static void cups_init_client_conf(_cups_client_conf_t
*cc
);
87 static void cups_read_client_conf(cups_file_t
*fp
, _cups_client_conf_t
*cc
);
88 static void cups_set_default_ipp_port(_cups_globals_t
*cg
);
89 static void cups_set_encryption(_cups_client_conf_t
*cc
, const char *value
);
91 static void cups_set_gss_service_name(_cups_client_conf_t
*cc
, const char *value
);
92 #endif /* HAVE_GSSAPI */
93 static void cups_set_server_name(_cups_client_conf_t
*cc
, const char *value
);
95 static void cups_set_ssl_options(_cups_client_conf_t
*cc
, const char *value
);
97 static void cups_set_user(_cups_client_conf_t
*cc
, const char *value
);
101 * 'cupsEncryption()' - Get the current encryption settings.
103 * The default encryption setting comes from the CUPS_ENCRYPTION
104 * environment variable, then the ~/.cups/client.conf file, and finally the
105 * /etc/cups/client.conf file. If not set, the default is
106 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
108 * Note: The current encryption setting is tracked separately for each thread
109 * in a program. Multi-threaded programs that override the setting via the
110 * @link cupsSetEncryption@ function need to do so in each thread for the same
111 * setting to be used.
114 http_encryption_t
/* O - Encryption settings */
117 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
120 if (cg
->encryption
== (http_encryption_t
)-1)
123 return (cg
->encryption
);
128 * 'cupsGetPassword()' - Get a password from the user.
130 * Uses the current password callback function. Returns @code NULL@ if the
131 * user does not provide a password.
133 * Note: The current password callback function is tracked separately for each
134 * thread in a program. Multi-threaded programs that override the setting via
135 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
136 * do so in each thread for the same function to be used.
141 const char * /* O - Password */
142 cupsGetPassword(const char *prompt
) /* I - Prompt string */
144 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
147 return ((cg
->password_cb
)(prompt
, NULL
, NULL
, NULL
, cg
->password_data
));
152 * 'cupsGetPassword2()' - Get a password from the user using the current
155 * Uses the current password callback function. Returns @code NULL@ if the
156 * user does not provide a password.
158 * Note: The current password callback function is tracked separately for each
159 * thread in a program. Multi-threaded programs that override the setting via
160 * the @link cupsSetPasswordCB2@ function need to do so in each thread for the
161 * same function to be used.
163 * @since CUPS 1.4/macOS 10.6@
166 const char * /* O - Password */
167 cupsGetPassword2(const char *prompt
, /* I - Prompt string */
168 http_t
*http
, /* I - Connection to server or @code CUPS_HTTP_DEFAULT@ */
169 const char *method
, /* I - Request method ("GET", "POST", "PUT") */
170 const char *resource
) /* I - Resource path */
172 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
176 http
= _cupsConnect();
178 return ((cg
->password_cb
)(prompt
, http
, method
, resource
, cg
->password_data
));
183 * 'cupsServer()' - Return the hostname/address of the current server.
185 * The default server comes from the CUPS_SERVER environment variable, then the
186 * ~/.cups/client.conf file, and finally the /etc/cups/client.conf file. If not
187 * set, the default is the local system - either "localhost" or a domain socket
190 * The returned value can be a fully-qualified hostname, a numeric IPv4 or IPv6
191 * address, or a domain socket pathname.
193 * Note: The current server is tracked separately for each thread in a program.
194 * Multi-threaded programs that override the server via the
195 * @link cupsSetServer@ function need to do so in each thread for the same
199 const char * /* O - Server name */
202 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
213 * 'cupsSetClientCertCB()' - Set the client certificate callback.
215 * Pass @code NULL@ to restore the default callback.
217 * Note: The current certificate callback is tracked separately for each thread
218 * in a program. Multi-threaded programs that override the callback need to do
219 * so in each thread for the same callback to be used.
221 * @since CUPS 1.5/macOS 10.7@
226 cups_client_cert_cb_t cb
, /* I - Callback function */
227 void *user_data
) /* I - User data pointer */
229 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
232 cg
->client_cert_cb
= cb
;
233 cg
->client_cert_data
= user_data
;
238 * 'cupsSetCredentials()' - Set the default credentials to be used for SSL/TLS
241 * Note: The default credentials are tracked separately for each thread in a
242 * program. Multi-threaded programs that override the setting need to do so in
243 * each thread for the same setting to be used.
245 * @since CUPS 1.5/macOS 10.7@
248 int /* O - Status of call (0 = success) */
250 cups_array_t
*credentials
) /* I - Array of credentials */
252 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
255 if (cupsArrayCount(credentials
) < 1)
259 _httpFreeCredentials(cg
->tls_credentials
);
260 cg
->tls_credentials
= _httpCreateCredentials(credentials
);
261 #endif /* HAVE_SSL */
263 return (cg
->tls_credentials
? 0 : -1);
268 * 'cupsSetEncryption()' - Set the encryption preference.
270 * The default encryption setting comes from the CUPS_ENCRYPTION
271 * environment variable, then the ~/.cups/client.conf file, and finally the
272 * /etc/cups/client.conf file. If not set, the default is
273 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
275 * Note: The current encryption setting is tracked separately for each thread
276 * in a program. Multi-threaded programs that override the setting need to do
277 * so in each thread for the same setting to be used.
281 cupsSetEncryption(http_encryption_t e
) /* I - New encryption preference */
283 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
289 httpEncryption(cg
->http
, e
);
294 * 'cupsSetPasswordCB()' - Set the password callback for CUPS.
296 * Pass @code NULL@ to restore the default (console) password callback, which
297 * reads the password from the console. Programs should call either this
298 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
299 * by a program per thread.
301 * Note: The current password callback is tracked separately for each thread
302 * in a program. Multi-threaded programs that override the callback need to do
303 * so in each thread for the same callback to be used.
309 cupsSetPasswordCB(cups_password_cb_t cb
)/* I - Callback function */
311 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
314 if (cb
== (cups_password_cb_t
)0)
315 cg
->password_cb
= (cups_password_cb2_t
)_cupsGetPassword
;
317 cg
->password_cb
= (cups_password_cb2_t
)cb
;
319 cg
->password_data
= NULL
;
324 * 'cupsSetPasswordCB2()' - Set the advanced password callback for CUPS.
326 * Pass @code NULL@ to restore the default (console) password callback, which
327 * reads the password from the console. Programs should call either this
328 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
329 * by a program per thread.
331 * Note: The current password callback is tracked separately for each thread
332 * in a program. Multi-threaded programs that override the callback need to do
333 * so in each thread for the same callback to be used.
335 * @since CUPS 1.4/macOS 10.6@
340 cups_password_cb2_t cb
, /* I - Callback function */
341 void *user_data
) /* I - User data pointer */
343 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
346 if (cb
== (cups_password_cb2_t
)0)
347 cg
->password_cb
= (cups_password_cb2_t
)_cupsGetPassword
;
349 cg
->password_cb
= cb
;
351 cg
->password_data
= user_data
;
356 * 'cupsSetServer()' - Set the default server name and port.
358 * The "server" string can be a fully-qualified hostname, a numeric
359 * IPv4 or IPv6 address, or a domain socket pathname. Hostnames and numeric IP
360 * addresses can be optionally followed by a colon and port number to override
361 * the default port 631, e.g. "hostname:8631". Pass @code NULL@ to restore the
362 * default server name and port.
364 * Note: The current server is tracked separately for each thread in a program.
365 * Multi-threaded programs that override the server need to do so in each
366 * thread for the same server to be used.
370 cupsSetServer(const char *server
) /* I - Server name */
372 char *options
, /* Options */
373 *port
; /* Pointer to port */
374 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
379 strlcpy(cg
->server
, server
, sizeof(cg
->server
));
381 if (cg
->server
[0] != '/' && (options
= strrchr(cg
->server
, '/')) != NULL
)
385 if (!strcmp(options
, "version=1.0"))
386 cg
->server_version
= 10;
387 else if (!strcmp(options
, "version=1.1"))
388 cg
->server_version
= 11;
389 else if (!strcmp(options
, "version=2.0"))
390 cg
->server_version
= 20;
391 else if (!strcmp(options
, "version=2.1"))
392 cg
->server_version
= 21;
393 else if (!strcmp(options
, "version=2.2"))
394 cg
->server_version
= 22;
397 cg
->server_version
= 20;
399 if (cg
->server
[0] != '/' && (port
= strrchr(cg
->server
, ':')) != NULL
&&
400 !strchr(port
, ']') && isdigit(port
[1] & 255))
404 cg
->ipp_port
= atoi(port
);
408 cups_set_default_ipp_port(cg
);
410 if (cg
->server
[0] == '/')
411 strlcpy(cg
->servername
, "localhost", sizeof(cg
->servername
));
413 strlcpy(cg
->servername
, cg
->server
, sizeof(cg
->servername
));
417 cg
->server
[0] = '\0';
418 cg
->servername
[0] = '\0';
419 cg
->server_version
= 20;
432 * 'cupsSetServerCertCB()' - Set the server certificate callback.
434 * Pass @code NULL@ to restore the default callback.
436 * Note: The current credentials callback is tracked separately for each thread
437 * in a program. Multi-threaded programs that override the callback need to do
438 * so in each thread for the same callback to be used.
440 * @since CUPS 1.5/macOS 10.7@
445 cups_server_cert_cb_t cb
, /* I - Callback function */
446 void *user_data
) /* I - User data pointer */
448 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
451 cg
->server_cert_cb
= cb
;
452 cg
->server_cert_data
= user_data
;
457 * 'cupsSetUser()' - Set the default user name.
459 * Pass @code NULL@ to restore the default user name.
461 * Note: The current user name is tracked separately for each thread in a
462 * program. Multi-threaded programs that override the user name need to do so
463 * in each thread for the same user name to be used.
467 cupsSetUser(const char *user
) /* I - User name */
469 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
473 strlcpy(cg
->user
, user
, sizeof(cg
->user
));
480 * 'cupsSetUserAgent()' - Set the default HTTP User-Agent string.
482 * Setting the string to NULL forces the default value containing the CUPS
483 * version, IPP version, and operating system version and architecture.
485 * @since CUPS 1.7/macOS 10.9@
489 cupsSetUserAgent(const char *user_agent
)/* I - User-Agent string or @code NULL@ */
491 _cups_globals_t
*cg
= _cupsGlobals();
494 SYSTEM_INFO sysinfo
; /* System information */
495 OSVERSIONINFO version
; /* OS version info */
497 struct utsname name
; /* uname info */
503 strlcpy(cg
->user_agent
, user_agent
, sizeof(cg
->user_agent
));
508 version
.dwOSVersionInfoSize
= sizeof(OSVERSIONINFO
);
509 GetVersionEx(&version
);
510 GetNativeSystemInfo(&sysinfo
);
512 snprintf(cg
->user_agent
, sizeof(cg
->user_agent
),
513 CUPS_MINIMAL
" (Windows %d.%d; %s) IPP/2.0",
514 version
.dwMajorVersion
, version
.dwMinorVersion
,
515 sysinfo
.wProcessorArchitecture
516 == PROCESSOR_ARCHITECTURE_AMD64
? "amd64" :
517 sysinfo
.wProcessorArchitecture
518 == PROCESSOR_ARCHITECTURE_ARM
? "arm" :
519 sysinfo
.wProcessorArchitecture
520 == PROCESSOR_ARCHITECTURE_IA64
? "ia64" :
521 sysinfo
.wProcessorArchitecture
522 == PROCESSOR_ARCHITECTURE_INTEL
? "intel" :
528 snprintf(cg
->user_agent
, sizeof(cg
->user_agent
),
529 CUPS_MINIMAL
" (%s %s; %s) IPP/2.0",
530 name
.sysname
, name
.release
, name
.machine
);
536 * 'cupsUser()' - Return the current user's name.
538 * Note: The current user name is tracked separately for each thread in a
539 * program. Multi-threaded programs that override the user name with the
540 * @link cupsSetUser@ function need to do so in each thread for the same user
544 const char * /* O - User name */
547 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
558 * 'cupsUserAgent()' - Return the default HTTP User-Agent string.
560 * @since CUPS 1.7/macOS 10.9@
563 const char * /* O - User-Agent string */
566 _cups_globals_t
*cg
= _cupsGlobals(); /* Thread globals */
569 if (!cg
->user_agent
[0])
570 cupsSetUserAgent(NULL
);
572 return (cg
->user_agent
);
577 * '_cupsGetPassword()' - Get a password from the user.
580 const char * /* O - Password or @code NULL@ if none */
581 _cupsGetPassword(const char *prompt
) /* I - Prompt string */
584 HANDLE tty
; /* Console handle */
585 DWORD mode
; /* Console mode */
586 char passch
, /* Current key press */
587 *passptr
, /* Pointer into password string */
588 *passend
; /* End of password string */
589 DWORD passbytes
; /* Bytes read */
590 _cups_globals_t
*cg
= _cupsGlobals();
595 * Disable input echo and set raw input...
598 if ((tty
= GetStdHandle(STD_INPUT_HANDLE
)) == INVALID_HANDLE_VALUE
)
601 if (!GetConsoleMode(tty
, &mode
))
604 if (!SetConsoleMode(tty
, 0))
608 * Display the prompt...
611 printf("%s ", prompt
);
615 * Read the password string from /dev/tty until we get interrupted or get a
616 * carriage return or newline...
619 passptr
= cg
->password
;
620 passend
= cg
->password
+ sizeof(cg
->password
) - 1;
622 while (ReadFile(tty
, &passch
, 1, &passbytes
, NULL
))
624 if (passch
== 0x0A || passch
== 0x0D)
632 else if (passch
== 0x08 || passch
== 0x7F)
635 * Backspace/delete (erase character)...
638 if (passptr
> cg
->password
)
641 fputs("\010 \010", stdout
);
646 else if (passch
== 0x15)
649 * CTRL+U (erase line)
652 if (passptr
> cg
->password
)
654 while (passptr
> cg
->password
)
657 fputs("\010 \010", stdout
);
663 else if (passch
== 0x03)
669 passptr
= cg
->password
;
672 else if ((passch
& 255) < 0x20 || passptr
>= passend
)
677 putchar(_CUPS_PASSCHAR
);
690 SetConsoleMode(tty
, mode
);
693 * Return the proper value...
696 if (passbytes
== 1 && passptr
> cg
->password
)
699 return (cg
->password
);
703 memset(cg
->password
, 0, sizeof(cg
->password
));
708 int tty
; /* /dev/tty - never read from stdin */
709 struct termios original
, /* Original input mode */
710 noecho
; /* No echo input mode */
711 char passch
, /* Current key press */
712 *passptr
, /* Pointer into password string */
713 *passend
; /* End of password string */
714 ssize_t passbytes
; /* Bytes read */
715 _cups_globals_t
*cg
= _cupsGlobals();
720 * Disable input echo and set raw input...
723 if ((tty
= open("/dev/tty", O_RDONLY
)) < 0)
726 if (tcgetattr(tty
, &original
))
733 noecho
.c_lflag
&= (tcflag_t
)~(ICANON
| ECHO
| ECHOE
| ISIG
);
734 noecho
.c_cc
[VMIN
] = 1;
735 noecho
.c_cc
[VTIME
] = 0;
737 if (tcsetattr(tty
, TCSAFLUSH
, &noecho
))
744 * Display the prompt...
747 printf("%s ", prompt
);
751 * Read the password string from /dev/tty until we get interrupted or get a
752 * carriage return or newline...
755 passptr
= cg
->password
;
756 passend
= cg
->password
+ sizeof(cg
->password
) - 1;
758 while ((passbytes
= read(tty
, &passch
, 1)) == 1)
760 if (passch
== noecho
.c_cc
[VEOL
] ||
762 passch
== noecho
.c_cc
[VEOL2
] ||
764 passch
== 0x0A || passch
== 0x0D)
772 else if (passch
== noecho
.c_cc
[VERASE
] ||
773 passch
== 0x08 || passch
== 0x7F)
776 * Backspace/delete (erase character)...
779 if (passptr
> cg
->password
)
782 fputs("\010 \010", stdout
);
787 else if (passch
== noecho
.c_cc
[VKILL
])
790 * CTRL+U (erase line)
793 if (passptr
> cg
->password
)
795 while (passptr
> cg
->password
)
798 fputs("\010 \010", stdout
);
804 else if (passch
== noecho
.c_cc
[VINTR
] || passch
== noecho
.c_cc
[VQUIT
] ||
805 passch
== noecho
.c_cc
[VEOF
])
808 * CTRL+C, CTRL+D, or CTRL+Z...
811 passptr
= cg
->password
;
814 else if ((passch
& 255) < 0x20 || passptr
>= passend
)
819 putchar(_CUPS_PASSCHAR
);
832 tcsetattr(tty
, TCSAFLUSH
, &original
);
836 * Return the proper value...
839 if (passbytes
== 1 && passptr
> cg
->password
)
842 return (cg
->password
);
846 memset(cg
->password
, 0, sizeof(cg
->password
));
855 * '_cupsGSSServiceName()' - Get the GSS (Kerberos) service name.
859 _cupsGSSServiceName(void)
861 _cups_globals_t
*cg
= _cupsGlobals(); /* Thread globals */
864 if (!cg
->gss_service_name
[0])
867 return (cg
->gss_service_name
);
869 #endif /* HAVE_GSSAPI */
873 * '_cupsSetDefaults()' - Set the default server, port, and encryption.
877 _cupsSetDefaults(void)
879 cups_file_t
*fp
; /* File */
880 const char *home
; /* Home directory of user */
881 char filename
[1024]; /* Filename */
882 _cups_client_conf_t cc
; /* client.conf values */
883 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
886 DEBUG_puts("_cupsSetDefaults()");
889 * Load initial client.conf values...
892 cups_init_client_conf(&cc
);
895 * Read the /etc/cups/client.conf and ~/.cups/client.conf files, if
899 snprintf(filename
, sizeof(filename
), "%s/client.conf", cg
->cups_serverroot
);
900 if ((fp
= cupsFileOpen(filename
, "r")) != NULL
)
902 cups_read_client_conf(fp
, &cc
);
907 if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home
= getenv("HOME")) != NULL
)
908 # elif !defined(WIN32)
909 if (getuid() && (home
= getenv("HOME")) != NULL
)
911 if ((home
= getenv("HOME")) != NULL
)
912 # endif /* HAVE_GETEUID */
915 * Look for ~/.cups/client.conf...
918 snprintf(filename
, sizeof(filename
), "%s/.cups/client.conf", home
);
919 if ((fp
= cupsFileOpen(filename
, "r")) != NULL
)
921 cups_read_client_conf(fp
, &cc
);
927 * Finalize things so every client.conf value is set...
930 cups_finalize_client_conf(&cc
);
932 if (cg
->encryption
== (http_encryption_t
)-1)
933 cg
->encryption
= cc
.encryption
;
935 if (!cg
->server
[0] || !cg
->ipp_port
)
936 cupsSetServer(cc
.server_name
);
939 cups_set_default_ipp_port(cg
);
942 strlcpy(cg
->user
, cc
.user
, sizeof(cg
->user
));
945 if (!cg
->gss_service_name
[0])
946 strlcpy(cg
->gss_service_name
, cc
.gss_service_name
, sizeof(cg
->gss_service_name
));
947 #endif /* HAVE_GSSAPI */
949 if (cg
->trust_first
< 0)
950 cg
->trust_first
= cc
.trust_first
;
952 if (cg
->any_root
< 0)
953 cg
->any_root
= cc
.any_root
;
955 if (cg
->expired_certs
< 0)
956 cg
->expired_certs
= cc
.expired_certs
;
958 if (cg
->validate_certs
< 0)
959 cg
->validate_certs
= cc
.validate_certs
;
962 _httpTLSSetOptions(cc
.ssl_options
| _HTTP_TLS_SET_DEFAULT
, cc
.ssl_min_version
, cc
.ssl_max_version
);
963 #endif /* HAVE_SSL */
969 * 'cups_apple_get_boolean()' - Get a boolean setting from the CUPS preferences.
972 static int /* O - 1 if set, 0 otherwise */
973 cups_apple_get_boolean(
974 CFStringRef key
, /* I - Key (name) */
975 int *value
) /* O - Boolean value */
977 Boolean bval
, /* Preference value */
978 bval_set
; /* Value is set? */
981 bval
= CFPreferencesGetAppBooleanValue(key
, kCUPSPrintingPrefs
, &bval_set
);
986 return ((int)bval_set
);
991 * 'cups_apple_get_string()' - Get a string setting from the CUPS preferences.
994 static int /* O - 1 if set, 0 otherwise */
995 cups_apple_get_string(
996 CFStringRef key
, /* I - Key (name) */
997 char *value
, /* O - String value */
998 size_t valsize
) /* I - Size of value buffer */
1000 CFStringRef sval
; /* String value */
1003 if ((sval
= CFPreferencesCopyAppValue(key
, kCUPSPrintingPrefs
)) != NULL
)
1005 Boolean result
= CFStringGetCString(sval
, value
, (CFIndex
)valsize
, kCFStringEncodingUTF8
);
1015 #endif /* __APPLE__ */
1019 * 'cups_boolean_value()' - Convert a string to a boolean value.
1022 static int /* O - Boolean value */
1023 cups_boolean_value(const char *value
) /* I - String value */
1025 return (!_cups_strcasecmp(value
, "yes") || !_cups_strcasecmp(value
, "on") || !_cups_strcasecmp(value
, "true"));
1030 * 'cups_finalize_client_conf()' - Finalize client.conf values.
1034 cups_finalize_client_conf(
1035 _cups_client_conf_t
*cc
) /* I - client.conf values */
1037 const char *value
; /* Environment variable */
1040 if ((value
= getenv("CUPS_TRUSTFIRST")) != NULL
)
1041 cc
->trust_first
= cups_boolean_value(value
);
1043 if ((value
= getenv("CUPS_ANYROOT")) != NULL
)
1044 cc
->any_root
= cups_boolean_value(value
);
1046 if ((value
= getenv("CUPS_ENCRYPTION")) != NULL
)
1047 cups_set_encryption(cc
, value
);
1049 if ((value
= getenv("CUPS_EXPIREDCERTS")) != NULL
)
1050 cc
->expired_certs
= cups_boolean_value(value
);
1053 if ((value
= getenv("CUPS_GSSSERVICENAME")) != NULL
)
1054 cups_set_gss_service_name(cc
, value
);
1055 #endif /* HAVE_GSSAPI */
1057 if ((value
= getenv("CUPS_SERVER")) != NULL
)
1058 cups_set_server_name(cc
, value
);
1060 if ((value
= getenv("CUPS_USER")) != NULL
)
1061 cups_set_user(cc
, value
);
1063 if ((value
= getenv("CUPS_VALIDATECERTS")) != NULL
)
1064 cc
->validate_certs
= cups_boolean_value(value
);
1067 * Then apply defaults for those values that haven't been set...
1070 if (cc
->trust_first
< 0)
1071 cc
->trust_first
= 1;
1073 if (cc
->any_root
< 0)
1076 if (cc
->encryption
== (http_encryption_t
)-1)
1077 cc
->encryption
= HTTP_ENCRYPTION_IF_REQUESTED
;
1079 if (cc
->expired_certs
< 0)
1080 cc
->expired_certs
= 0;
1083 if (!cc
->gss_service_name
[0])
1084 cups_set_gss_service_name(cc
, CUPS_DEFAULT_GSSSERVICENAME
);
1085 #endif /* HAVE_GSSAPI */
1087 if (!cc
->server_name
[0])
1089 #ifdef CUPS_DEFAULT_DOMAINSOCKET
1091 * If we are compiled with domain socket support, only use the
1092 * domain socket if it exists and has the right permissions...
1095 if (!access(CUPS_DEFAULT_DOMAINSOCKET
, R_OK
))
1096 cups_set_server_name(cc
, CUPS_DEFAULT_DOMAINSOCKET
);
1098 #endif /* CUPS_DEFAULT_DOMAINSOCKET */
1099 cups_set_server_name(cc
, "localhost");
1106 * Get the current user name from the OS...
1109 DWORD size
; /* Size of string */
1111 size
= sizeof(cc
->user
);
1112 if (!GetUserName(cc
->user
, &size
))
1115 * Try the USER environment variable as the default username...
1118 const char *envuser
= getenv("USER");
1119 /* Default username */
1120 struct passwd
*pw
= NULL
; /* Account information */
1125 * Validate USER matches the current UID, otherwise don't allow it to
1126 * override things... This makes sure that printing after doing su
1127 * or sudo records the correct username.
1130 if ((pw
= getpwnam(envuser
)) != NULL
&& pw
->pw_uid
!= getuid())
1135 pw
= getpwuid(getuid());
1138 strlcpy(cc
->user
, pw
->pw_name
, sizeof(cc
->user
));
1143 * Use the default "unknown" user name...
1146 strlcpy(cc
->user
, "unknown", sizeof(cc
->user
));
1150 if (cc
->validate_certs
< 0)
1151 cc
->validate_certs
= 0;
1156 * 'cups_init_client_conf()' - Initialize client.conf values.
1160 cups_init_client_conf(
1161 _cups_client_conf_t
*cc
) /* I - client.conf values */
1164 * Clear all values to "not set"...
1167 memset(cc
, 0, sizeof(_cups_client_conf_t
));
1170 cc
->ssl_min_version
= _HTTP_TLS_1_0
;
1171 cc
->ssl_max_version
= _HTTP_TLS_MAX
;
1172 #endif /* HAVE_SSL */
1173 cc
->encryption
= (http_encryption_t
)-1;
1174 cc
->trust_first
= -1;
1176 cc
->expired_certs
= -1;
1177 cc
->validate_certs
= -1;
1180 * Load settings from the org.cups.PrintingPrefs plist (which trump
1184 #if defined(__APPLE__) && defined(HAVE_SSL)
1185 char sval
[1024]; /* String value */
1186 int bval
; /* Boolean value */
1188 if (cups_apple_get_boolean(kAllowAnyRootKey
, &bval
))
1189 cc
->any_root
= bval
;
1191 if (cups_apple_get_boolean(kAllowExpiredCertsKey
, &bval
))
1192 cc
->expired_certs
= bval
;
1194 if (cups_apple_get_string(kEncryptionKey
, sval
, sizeof(sval
)))
1195 cups_set_encryption(cc
, sval
);
1197 if (cups_apple_get_string(kSSLOptionsKey
, sval
, sizeof(sval
)))
1198 cups_set_ssl_options(cc
, sval
);
1200 if (cups_apple_get_boolean(kTrustOnFirstUseKey
, &bval
))
1201 cc
->trust_first
= bval
;
1203 if (cups_apple_get_boolean(kValidateCertsKey
, &bval
))
1204 cc
->validate_certs
= bval
;
1205 #endif /* __APPLE__ && HAVE_SSL */
1210 * 'cups_read_client_conf()' - Read a client.conf file.
1214 cups_read_client_conf(
1215 cups_file_t
*fp
, /* I - File to read */
1216 _cups_client_conf_t
*cc
) /* I - client.conf values */
1218 int linenum
; /* Current line number */
1219 char line
[1024], /* Line from file */
1220 *value
; /* Pointer into line */
1224 * Read from the file...
1228 while (cupsFileGetConf(fp
, line
, sizeof(line
), &value
, &linenum
))
1230 if (!_cups_strcasecmp(line
, "Encryption") && value
)
1231 cups_set_encryption(cc
, value
);
1234 * The ServerName directive is not supported on macOS due to app
1235 * sandboxing restrictions, i.e. not all apps request network access.
1237 else if (!_cups_strcasecmp(line
, "ServerName") && value
)
1238 cups_set_server_name(cc
, value
);
1239 #endif /* !__APPLE__ */
1240 else if (!_cups_strcasecmp(line
, "User") && value
)
1241 cups_set_user(cc
, value
);
1242 else if (!_cups_strcasecmp(line
, "TrustOnFirstUse") && value
)
1243 cc
->trust_first
= cups_boolean_value(value
);
1244 else if (!_cups_strcasecmp(line
, "AllowAnyRoot") && value
)
1245 cc
->any_root
= cups_boolean_value(value
);
1246 else if (!_cups_strcasecmp(line
, "AllowExpiredCerts") &&
1248 cc
->expired_certs
= cups_boolean_value(value
);
1249 else if (!_cups_strcasecmp(line
, "ValidateCerts") && value
)
1250 cc
->validate_certs
= cups_boolean_value(value
);
1252 else if (!_cups_strcasecmp(line
, "GSSServiceName") && value
)
1253 cups_set_gss_service_name(cc
, value
);
1254 #endif /* HAVE_GSSAPI */
1256 else if (!_cups_strcasecmp(line
, "SSLOptions") && value
)
1257 cups_set_ssl_options(cc
, value
);
1258 #endif /* HAVE_SSL */
1264 * 'cups_set_default_ipp_port()' - Set the default IPP port value.
1268 cups_set_default_ipp_port(
1269 _cups_globals_t
*cg
) /* I - Global data */
1271 const char *ipp_port
; /* IPP_PORT environment variable */
1274 if ((ipp_port
= getenv("IPP_PORT")) != NULL
)
1276 if ((cg
->ipp_port
= atoi(ipp_port
)) <= 0)
1277 cg
->ipp_port
= CUPS_DEFAULT_IPP_PORT
;
1280 cg
->ipp_port
= CUPS_DEFAULT_IPP_PORT
;
1284 * 'cups_set_encryption()' - Set the Encryption value.
1288 cups_set_encryption(
1289 _cups_client_conf_t
*cc
, /* I - client.conf values */
1290 const char *value
) /* I - Value */
1292 if (!_cups_strcasecmp(value
, "never"))
1293 cc
->encryption
= HTTP_ENCRYPTION_NEVER
;
1294 else if (!_cups_strcasecmp(value
, "always"))
1295 cc
->encryption
= HTTP_ENCRYPTION_ALWAYS
;
1296 else if (!_cups_strcasecmp(value
, "required"))
1297 cc
->encryption
= HTTP_ENCRYPTION_REQUIRED
;
1299 cc
->encryption
= HTTP_ENCRYPTION_IF_REQUESTED
;
1304 * 'cups_set_gss_service_name()' - Set the GSSServiceName value.
1309 cups_set_gss_service_name(
1310 _cups_client_conf_t
*cc
, /* I - client.conf values */
1311 const char *value
) /* I - Value */
1313 strlcpy(cc
->gss_service_name
, value
, sizeof(cc
->gss_service_name
));
1315 #endif /* HAVE_GSSAPI */
1319 * 'cups_set_server_name()' - Set the ServerName value.
1323 cups_set_server_name(
1324 _cups_client_conf_t
*cc
, /* I - client.conf values */
1325 const char *value
) /* I - Value */
1327 strlcpy(cc
->server_name
, value
, sizeof(cc
->server_name
));
1332 * 'cups_set_ssl_options()' - Set the SSLOptions value.
1337 cups_set_ssl_options(
1338 _cups_client_conf_t
*cc
, /* I - client.conf values */
1339 const char *value
) /* I - Value */
1342 * SSLOptions [AllowRC4] [AllowSSL3] [AllowDH] [DenyTLS1.0] [None]
1345 int options
= _HTTP_TLS_NONE
, /* SSL/TLS options */
1346 min_version
= _HTTP_TLS_1_0
, /* Minimum SSL/TLS version */
1347 max_version
= _HTTP_TLS_MAX
; /* Maximum SSL/TLS version */
1348 char temp
[256], /* Copy of value */
1349 *start
, /* Start of option */
1350 *end
; /* End of option */
1353 strlcpy(temp
, value
, sizeof(temp
));
1355 for (start
= temp
; *start
; start
= end
)
1358 * Find end of keyword...
1362 while (*end
&& !_cups_isspace(*end
))
1372 if (!_cups_strcasecmp(start
, "AllowRC4"))
1373 options
|= _HTTP_TLS_ALLOW_RC4
;
1374 else if (!_cups_strcasecmp(start
, "AllowSSL3"))
1375 min_version
= _HTTP_TLS_SSL3
;
1376 else if (!_cups_strcasecmp(start
, "AllowDH"))
1377 options
|= _HTTP_TLS_ALLOW_DH
;
1378 else if (!_cups_strcasecmp(start
, "DenyCBC"))
1379 options
|= _HTTP_TLS_DENY_CBC
;
1380 else if (!_cups_strcasecmp(start
, "DenyTLS1.0"))
1381 min_version
= _HTTP_TLS_1_1
;
1382 else if (!_cups_strcasecmp(start
, "MaxTLS1.0"))
1383 max_version
= _HTTP_TLS_1_0
;
1384 else if (!_cups_strcasecmp(start
, "MaxTLS1.1"))
1385 max_version
= _HTTP_TLS_1_1
;
1386 else if (!_cups_strcasecmp(start
, "MaxTLS1.2"))
1387 max_version
= _HTTP_TLS_1_2
;
1388 else if (!_cups_strcasecmp(start
, "MaxTLS1.3"))
1389 max_version
= _HTTP_TLS_1_3
;
1390 else if (!_cups_strcasecmp(start
, "MinTLS1.0"))
1391 min_version
= _HTTP_TLS_1_0
;
1392 else if (!_cups_strcasecmp(start
, "MinTLS1.1"))
1393 min_version
= _HTTP_TLS_1_1
;
1394 else if (!_cups_strcasecmp(start
, "MinTLS1.2"))
1395 min_version
= _HTTP_TLS_1_2
;
1396 else if (!_cups_strcasecmp(start
, "MinTLS1.3"))
1397 min_version
= _HTTP_TLS_1_3
;
1398 else if (!_cups_strcasecmp(start
, "None"))
1399 options
= _HTTP_TLS_NONE
;
1402 cc
->ssl_options
= options
;
1403 cc
->ssl_max_version
= max_version
;
1404 cc
->ssl_min_version
= min_version
;
1406 DEBUG_printf(("4cups_set_ssl_options(cc=%p, value=\"%s\") options=%x, min_version=%d, max_version=%d", (void *)cc
, value
, options
, min_version
, max_version
));
1408 #endif /* HAVE_SSL */
1412 * 'cups_set_user()' - Set the User value.
1417 _cups_client_conf_t
*cc
, /* I - client.conf values */
1418 const char *value
) /* I - Value */
1420 strlcpy(cc
->user
, value
, sizeof(cc
->user
));