]>
git.ipfire.org Git - thirdparty/cups.git/blob - scheduler/cert.c
2 * "$Id: cert.c,v 1.7.2.11 2004/04/20 13:40:30 mike Exp $"
4 * Authentication certificate routines for the Common UNIX
5 * Printing System (CUPS).
7 * Copyright 1997-2003 by Easy Software Products.
9 * These coded instructions, statements, and computer programs are the
10 * property of Easy Software Products and are protected by Federal
11 * copyright law. Distribution and use rights are outlined in the file
12 * "LICENSE.txt" which should have been included with this file. If this
13 * file is missing or damaged please contact Easy Software Products
16 * Attn: CUPS Licensing Information
17 * Easy Software Products
18 * 44141 Airport View Drive, Suite 204
19 * Hollywood, Maryland 20636-3111 USA
21 * Voice: (301) 373-9603
22 * EMail: cups-info@cups.org
23 * WWW: http://www.cups.org
27 * AddCert() - Add a certificate.
28 * DeleteCert() - Delete a single certificate.
29 * DeleteAllCerts() - Delete all certificates...
30 * FindCert() - Find a certificate.
31 * InitCerts() - Initialize the certificate "system" and root
36 * Include necessary headers...
44 * 'AddCert()' - Add a certificate.
48 AddCert(int pid
, /* I - Process ID */
49 const char *username
) /* I - Username */
51 int i
; /* Looping var */
52 cert_t
*cert
; /* Current certificate */
53 int fd
; /* Certificate file */
54 char filename
[1024]; /* Certificate filename */
55 struct group
*grp
; /* System group */
56 static const char hex
[] = "0123456789ABCDEF";
57 /* Hex constants... */
60 LogMessage(L_DEBUG2
, "AddCert: adding certificate for pid %d", pid
);
63 * Allocate memory for the certificate...
66 if ((cert
= calloc(sizeof(cert_t
), 1)) == NULL
)
70 * Fill in the certificate information...
74 strlcpy(cert
->username
, username
, sizeof(cert
->username
));
76 for (i
= 0; i
< 32; i
++)
77 cert
->certificate
[i
] = hex
[random() & 15];
80 * Save the certificate to a file readable only by the User and Group
81 * (or root and SystemGroup for PID == 0)...
84 snprintf(filename
, sizeof(filename
), "%s/certs/%d", ServerRoot
, pid
);
87 if ((fd
= open(filename
, O_WRONLY
| O_CREAT
| O_EXCL
, 0400)) < 0)
89 LogMessage(L_ERROR
, "AddCert: Unable to create certificate file %s - %s",
90 filename
, strerror(errno
));
103 if ((grp
= getgrnam(SystemGroups
[0])) == NULL
)
104 fchown(fd
, RunUser
, 0);
106 fchown(fd
, RunUser
, grp
->gr_gid
);
110 RootCertTime
= time(NULL
);
119 fchown(fd
, User
, Group
);
122 DEBUG_printf(("ADD pid=%d, username=%s, cert=%s\n", pid
, username
,
125 write(fd
, cert
->certificate
, strlen(cert
->certificate
));
129 * Insert the certificate at the front of the list...
138 * 'DeleteCert()' - Delete a single certificate.
142 DeleteCert(int pid
) /* I - Process ID */
144 cert_t
*cert
, /* Current certificate */
145 *prev
; /* Previous certificate */
146 char filename
[1024]; /* Certificate file */
149 for (prev
= NULL
, cert
= Certs
; cert
!= NULL
; prev
= cert
, cert
= cert
->next
)
150 if (cert
->pid
== pid
)
153 * Remove this certificate from the list...
156 LogMessage(L_DEBUG2
, "DeleteCert: removing certificate for pid %d", pid
);
158 DEBUG_printf(("DELETE pid=%d, username=%s, cert=%s\n", cert
->pid
,
159 cert
->username
, cert
->certificate
));
164 prev
->next
= cert
->next
;
169 * Delete the file and return...
172 snprintf(filename
, sizeof(filename
), "%s/certs/%d", ServerRoot
, pid
);
173 if (unlink(filename
))
174 LogMessage(L_ERROR
, "DeleteCert: Unable to remove %s!\n", filename
);
182 * 'DeleteAllCerts()' - Delete all certificates...
188 cert_t
*cert
, /* Current certificate */
189 *next
; /* Next certificate */
190 char filename
[1024]; /* Certificate file */
194 * Loop through each certificate, deleting them...
197 for (cert
= Certs
; cert
!= NULL
; cert
= next
)
203 snprintf(filename
, sizeof(filename
), "%s/certs/%d", ServerRoot
, cert
->pid
);
204 if (unlink(filename
))
205 LogMessage(L_ERROR
, "DeleteAllCerts: Unable to remove %s!\n", filename
);
220 * 'FindCert()' - Find a certificate.
223 const char * /* O - Matching username or NULL */
224 FindCert(const char *certificate
) /* I - Certificate */
226 cert_t
*cert
; /* Current certificate */
229 DEBUG_printf(("FindCert(certificate=%s)\n", certificate
));
230 for (cert
= Certs
; cert
!= NULL
; cert
= cert
->next
)
231 if (strcasecmp(certificate
, cert
->certificate
) == 0)
233 DEBUG_printf((" returning %s...\n", cert
->username
));
234 return (cert
->username
);
237 DEBUG_puts(" certificate not found!");
244 * 'InitCerts()' - Initialize the certificate "system" and root certificate.
250 cups_file_t
*fp
; /* /dev/random file */
251 unsigned seed
; /* Seed for random number generator */
252 struct timeval tod
; /* Time of day */
256 * Initialize the random number generator using the random device or
257 * the current time, as available...
260 if ((fp
= cupsFileOpen("/dev/urandom", "rb")) == NULL
)
263 * Get the time in usecs and use it as the initial seed...
266 gettimeofday(&tod
, NULL
);
268 seed
= (unsigned)(tod
.tv_sec
+ tod
.tv_usec
);
273 * Read 4 random characters from the random device and use
274 * them as the seed...
277 seed
= cupsFileGetChar(fp
);
278 seed
= (seed
<< 8) | cupsFileGetChar(fp
);
279 seed
= (seed
<< 8) | cupsFileGetChar(fp
);
280 seed
= (seed
<< 8) | cupsFileGetChar(fp
);
288 * Create a root certificate and return...
296 * End of "$Id: cert.c,v 1.7.2.11 2004/04/20 13:40:30 mike Exp $".