scheduler/auth.h

   1 /*
   2  * "$Id$"
   3  *
   4  * Authorization definitions for the CUPS scheduler.
   5  *
   6  * Copyright 2007-2014 by Apple Inc.
   7  * Copyright 1997-2006 by Easy Software Products, all rights reserved.
   8  *
   9  * These coded instructions, statements, and computer programs are the
  10  * property of Apple Inc. and are protected by Federal copyright
  11  * law.  Distribution and use rights are outlined in the file "LICENSE.txt"
  12  * which should have been included with this file.  If this file is
  13  * file is missing or damaged, see the license at "http://www.cups.org/".
  14  */
  15
  16 /*
  17  * Include necessary headers...
  18  */
  19
  20 #include <pwd.h>
  21
  22
  23 /*
  24  * HTTP authorization types and levels...
  25  */
  26
  27 #define CUPSD_AUTH_DEFAULT      -1      /* Use DefaultAuthType */
  28 #define CUPSD_AUTH_NONE         0       /* No authentication */
  29 #define CUPSD_AUTH_BASIC        1       /* Basic authentication */
  30 #define CUPSD_AUTH_NEGOTIATE    2       /* Kerberos authentication */
  31 #define CUPSD_AUTH_AUTO         3       /* Kerberos or Basic, depending on configuration of server */
  32
  33 #define CUPSD_AUTH_ANON         0       /* Anonymous access */
  34 #define CUPSD_AUTH_USER         1       /* Must have a valid username/password */
  35 #define CUPSD_AUTH_GROUP        2       /* Must also be in a named group */
  36
  37 #define CUPSD_AUTH_ALLOW        0       /* Allow access */
  38 #define CUPSD_AUTH_DENY         1       /* Deny access */
  39
  40 #define CUPSD_AUTH_NAME         0       /* Authorize host by name */
  41 #define CUPSD_AUTH_IP           1       /* Authorize host by IP */
  42 #define CUPSD_AUTH_INTERFACE    2       /* Authorize host by interface */
  43
  44 #define CUPSD_AUTH_SATISFY_ALL  0       /* Satisfy both address and auth */
  45 #define CUPSD_AUTH_SATISFY_ANY  1       /* Satisfy either address or auth */
  46
  47 #define CUPSD_AUTH_LIMIT_DELETE 1       /* Limit DELETE requests */
  48 #define CUPSD_AUTH_LIMIT_GET    2       /* Limit GET requests */
  49 #define CUPSD_AUTH_LIMIT_HEAD   4       /* Limit HEAD requests */
  50 #define CUPSD_AUTH_LIMIT_OPTIONS 8      /* Limit OPTIONS requests */
  51 #define CUPSD_AUTH_LIMIT_POST   16      /* Limit POST requests */
  52 #define CUPSD_AUTH_LIMIT_PUT    32      /* Limit PUT requests */
  53 #define CUPSD_AUTH_LIMIT_TRACE  64      /* Limit TRACE requests */
  54 #define CUPSD_AUTH_LIMIT_ALL    127     /* Limit all requests */
  55 #define CUPSD_AUTH_LIMIT_IPP    128     /* Limit IPP requests */
  56
  57 #define IPP_ANY_OPERATION       (ipp_op_t)0
  58                                         /* Any IPP operation */
  59 #define IPP_BAD_OPERATION       (ipp_op_t)-1
  60                                         /* No IPP operation */
  61
  62
  63 /*
  64  * HTTP access control structures...
  65  */
  66
  67 typedef struct
  68 {
  69   unsigned      address[4],             /* IP address */
  70                 netmask[4];             /* IP netmask */
  71 } cupsd_ipmask_t;
  72
  73 typedef struct
  74 {
  75   size_t        length;                 /* Length of name */
  76   char          *name;                  /* Name string */
  77 } cupsd_namemask_t;
  78
  79 typedef struct
  80 {
  81   int           type;                   /* Mask type */
  82   union
  83   {
  84     cupsd_namemask_t    name;           /* Host/Domain name */
  85     cupsd_ipmask_t      ip;             /* IP address/network */
  86   }             mask;                   /* Mask data */
  87 } cupsd_authmask_t;
  88
  89 typedef struct
  90 {
  91   char                  *location;      /* Location of resource */
  92   size_t                length;         /* Length of location string */
  93   ipp_op_t              op;             /* IPP operation */
  94   int                   limit,          /* Limit for these types of requests */
  95                         order_type,     /* Allow or Deny */
  96                         type,           /* Type of authentication */
  97                         level,          /* Access level required */
  98                         satisfy;        /* Satisfy any or all limits? */
  99   cups_array_t          *names,         /* User or group names */
 100                         *allow,         /* Allow lines */
 101                         *deny;          /* Deny lines */
 102   http_encryption_t     encryption;     /* To encrypt or not to encrypt... */
 103 } cupsd_location_t;
 104
 105 typedef struct cupsd_client_s cupsd_client_t;
 106
 107
 108 /*
 109  * Globals...
 110  */
 111
 112 VAR cups_array_t        *Locations      VALUE(NULL);
 113                                         /* Authorization locations */
 114 #ifdef HAVE_SSL
 115 VAR http_encryption_t   DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
 116                                         /* Default encryption for authentication */
 117 #endif /* HAVE_SSL */
 118
 119
 120 /*
 121  * Prototypes...
 122  */
 123
 124 extern int              cupsdAddIPMask(cups_array_t **masks,
 125                                        const unsigned address[4],
 126                                        const unsigned netmask[4]);
 127 extern void             cupsdAddLocation(cupsd_location_t *loc);
 128 extern void             cupsdAddName(cupsd_location_t *loc, char *name);
 129 extern int              cupsdAddNameMask(cups_array_t **masks, char *name);
 130 extern void             cupsdAuthorize(cupsd_client_t *con);
 131 extern int              cupsdCheckAccess(unsigned ip[4], const char *name, size_t namelen, cupsd_location_t *loc);
 132 extern int              cupsdCheckAuth(unsigned ip[4], const char *name, size_t namelen, cups_array_t *masks);
 133 extern int              cupsdCheckGroup(const char *username,
 134                                         struct passwd *user,
 135                                         const char *groupname);
 136 extern cupsd_location_t *cupsdCopyLocation(cupsd_location_t *loc);
 137 extern void             cupsdDeleteAllLocations(void);
 138 extern cupsd_location_t *cupsdFindBest(const char *path, http_state_t state);
 139 extern cupsd_location_t *cupsdFindLocation(const char *location);
 140 extern void             cupsdFreeLocation(cupsd_location_t *loc);
 141 extern http_status_t    cupsdIsAuthorized(cupsd_client_t *con, const char *owner);
 142 extern cupsd_location_t *cupsdNewLocation(const char *location);
 143
 144
 145 /*
 146  * End of "$Id$".
 147  */