2 * "$Id: auth.h 6780 2007-08-08 20:50:42Z mike $"
4 * Authorization definitions for the Common UNIX Printing System (CUPS)
7 * Copyright 2007-2008 by Apple Inc.
8 * Copyright 1997-2006 by Easy Software Products, all rights reserved.
10 * These coded instructions, statements, and computer programs are the
11 * property of Apple Inc. and are protected by Federal copyright
12 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
13 * which should have been included with this file. If this file is
14 * file is missing or damaged, see the license at "http://www.cups.org/".
18 * Include necessary headers...
25 * HTTP authorization types and levels...
28 #define CUPSD_AUTH_DEFAULT -1 /* Use DefaultAuthType */
29 #define CUPSD_AUTH_NONE 0 /* No authentication */
30 #define CUPSD_AUTH_BASIC 1 /* Basic authentication */
31 #define CUPSD_AUTH_DIGEST 2 /* Digest authentication */
32 #define CUPSD_AUTH_BASICDIGEST 3 /* Basic authentication w/passwd.md5 */
33 #define CUPSD_AUTH_NEGOTIATE 4 /* Kerberos authentication */
35 #define CUPSD_AUTH_ANON 0 /* Anonymous access */
36 #define CUPSD_AUTH_USER 1 /* Must have a valid username/password */
37 #define CUPSD_AUTH_GROUP 2 /* Must also be in a named group */
39 #define CUPSD_AUTH_ALLOW 0 /* Allow access */
40 #define CUPSD_AUTH_DENY 1 /* Deny access */
42 #define CUPSD_AUTH_NAME 0 /* Authorize host by name */
43 #define CUPSD_AUTH_IP 1 /* Authorize host by IP */
44 #define CUPSD_AUTH_INTERFACE 2 /* Authorize host by interface */
46 #define CUPSD_AUTH_SATISFY_ALL 0 /* Satisfy both address and auth */
47 #define CUPSD_AUTH_SATISFY_ANY 1 /* Satisfy either address or auth */
49 #define CUPSD_AUTH_LIMIT_DELETE 1 /* Limit DELETE requests */
50 #define CUPSD_AUTH_LIMIT_GET 2 /* Limit GET requests */
51 #define CUPSD_AUTH_LIMIT_HEAD 4 /* Limit HEAD requests */
52 #define CUPSD_AUTH_LIMIT_OPTIONS 8 /* Limit OPTIONS requests */
53 #define CUPSD_AUTH_LIMIT_POST 16 /* Limit POST requests */
54 #define CUPSD_AUTH_LIMIT_PUT 32 /* Limit PUT requests */
55 #define CUPSD_AUTH_LIMIT_TRACE 64 /* Limit TRACE requests */
56 #define CUPSD_AUTH_LIMIT_ALL 127 /* Limit all requests */
57 #define CUPSD_AUTH_LIMIT_IPP 128 /* Limit IPP requests */
59 #define IPP_ANY_OPERATION (ipp_op_t)0
60 /* Any IPP operation */
61 #define IPP_BAD_OPERATION (ipp_op_t)-1
62 /* No IPP operation */
66 * HTTP access control structures...
71 unsigned address
[4], /* IP address */
72 netmask
[4]; /* IP netmask */
77 int length
; /* Length of name */
78 char *name
; /* Name string */
83 int type
; /* Mask type */
86 cupsd_namemask_t name
; /* Host/Domain name */
87 cupsd_ipmask_t ip
; /* IP address/network */
88 } mask
; /* Mask data */
93 char *location
; /* Location of resource */
94 ipp_op_t op
; /* IPP operation */
95 int limit
, /* Limit for these types of requests */
96 length
, /* Length of location string */
97 order_type
, /* Allow or Deny */
98 type
, /* Type of authentication */
99 level
, /* Access level required */
100 satisfy
; /* Satisfy any or all limits? */
101 int num_names
; /* Number of names */
102 char **names
; /* User or group names */
103 int num_allow
; /* Number of Allow lines */
104 cupsd_authmask_t
*allow
; /* Allow lines */
105 int num_deny
; /* Number of Deny lines */
106 cupsd_authmask_t
*deny
; /* Deny lines */
107 http_encryption_t encryption
; /* To encrypt or not to encrypt... */
110 typedef struct cupsd_client_s cupsd_client_t
;
117 VAR cups_array_t
*Locations
VALUE(NULL
);
118 /* Authorization locations */
119 VAR
int DefaultAuthType
VALUE(CUPSD_AUTH_BASIC
);
120 /* Default AuthType, if not specified */
122 VAR http_encryption_t DefaultEncryption
VALUE(HTTP_ENCRYPT_REQUIRED
);
123 /* Default encryption for authentication */
124 #endif /* HAVE_SSL */
131 extern cupsd_location_t
*cupsdAddLocation(const char *location
);
132 extern void cupsdAddName(cupsd_location_t
*loc
, char *name
);
133 extern void cupsdAllowHost(cupsd_location_t
*loc
, char *name
);
134 extern void cupsdAllowIP(cupsd_location_t
*loc
,
135 const unsigned address
[4],
136 const unsigned netmask
[4]);
137 extern void cupsdAuthorize(cupsd_client_t
*con
);
138 extern int cupsdCheckAccess(unsigned ip
[4], char *name
,
139 int namelen
, cupsd_location_t
*loc
);
140 extern int cupsdCheckAuth(unsigned ip
[4], char *name
, int namelen
,
141 int num_masks
, cupsd_authmask_t
*masks
);
142 extern int cupsdCheckGroup(const char *username
,
144 const char *groupname
);
145 extern cupsd_location_t
*cupsdCopyLocation(cupsd_location_t
**loc
);
146 extern void cupsdDeleteAllLocations(void);
147 extern void cupsdDeleteLocation(cupsd_location_t
*loc
);
148 extern void cupsdDenyHost(cupsd_location_t
*loc
, char *name
);
149 extern void cupsdDenyIP(cupsd_location_t
*loc
,
150 const unsigned address
[4],
151 const unsigned netmask
[4]);
152 extern cupsd_location_t
*cupsdFindBest(const char *path
, http_state_t state
);
153 extern cupsd_location_t
*cupsdFindLocation(const char *location
);
154 extern http_status_t
cupsdIsAuthorized(cupsd_client_t
*con
, const char *owner
);
158 * End of "$Id: auth.h 6780 2007-08-08 20:50:42Z mike $".