- if ((location = cupsdFindLocation("CUPS_INTERNAL_BROWSE_ACL")) == NULL)
- if ((location = cupsdNewLocation("CUPS_INTERNAL_BROWSE_ACL")) != NULL)
- cupsdAddLocation(location);
-
-
- if (location == NULL)
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Unable to initialize browse access control list!");
- else
- {
- if (!strncasecmp(value, "from", 4))
- {
- /*
- * Skip leading "from"...
- */
-
- value += 4;
- }
-
- while (*value)
- {
- /*
- * Skip leading whitespace...
- */
-
- while (isspace(*value & 255))
- value ++;
-
- if (!*value)
- break;
-
- /*
- * Find the end of the value...
- */
-
- for (valueptr = value;
- *valueptr && !isspace(*valueptr & 255);
- valueptr ++);
-
- while (isspace(*valueptr & 255))
- *valueptr++ = '\0';
-
- /*
- * Figure out what form the allow/deny address takes:
- *
- * All
- * None
- * *.domain.com
- * .domain.com
- * host.domain.com
- * nnn.*
- * nnn.nnn.*
- * nnn.nnn.nnn.*
- * nnn.nnn.nnn.nnn
- * nnn.nnn.nnn.nnn/mm
- * nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
- */
-
- if (!strcasecmp(value, "all"))
- {
- /*
- * All hosts...
- */
-
- if (!strcasecmp(line, "BrowseAllow"))
- cupsdAddIPMask(&(location->allow), zeros, zeros);
- else
- cupsdAddIPMask(&(location->deny), zeros, zeros);
- }
- else if (!strcasecmp(value, "none"))
- {
- /*
- * No hosts...
- */
-
- if (!strcasecmp(line, "BrowseAllow"))
- cupsdAddIPMask(&(location->allow), ones, zeros);
- else
- cupsdAddIPMask(&(location->deny), ones, zeros);
- }
-#ifdef AF_INET6
- else if (value[0] == '*' || value[0] == '.' ||
- (!isdigit(value[0] & 255) && value[0] != '['))
-#else
- else if (value[0] == '*' || value[0] == '.' ||
- !isdigit(value[0] & 255))
-#endif /* AF_INET6 */
- {
- /*
- * Host or domain name...
- */
-
- if (!strcasecmp(line, "BrowseAllow"))
- cupsdAddNameMask(&(location->allow), value);
- else
- cupsdAddNameMask(&(location->deny), value);
- }
- else
- {
- /*
- * One of many IP address forms...
- */
-
- if (!get_addr_and_mask(value, ip, mask))
- {
- cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d.",
- value, linenum);
- break;
- }
-
- if (!strcasecmp(line, "BrowseAllow"))
- cupsdAddIPMask(&(location->allow), ip, mask);
- else
- cupsdAddIPMask(&(location->deny), ip, mask);
- }
-
- /*
- * Advance to next value...
- */
-
- value = valueptr;
- }
- }
- }
- else if (!strcasecmp(line, "BrowseRelay") && value)
- {
- /*
- * BrowseRelay [from] source [to] destination
- */
-
- if (NumRelays == 0)
- relay = malloc(sizeof(cupsd_dirsvc_relay_t));
- else
- relay = realloc(Relays, (NumRelays + 1) * sizeof(cupsd_dirsvc_relay_t));
-
- if (!relay)
- {
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Unable to allocate BrowseRelay at line %d - %s.",
- linenum, strerror(errno));
- continue;
- }
-
- Relays = relay;
- relay += NumRelays;
-
- memset(relay, 0, sizeof(cupsd_dirsvc_relay_t));
-
- if (!strncasecmp(value, "from ", 5))
- {
- /*
- * Skip leading "from"...
- */
-
- value += 5;
-
- /*
- * Skip leading whitespace...
- */
-
- while (isspace(*value))
- value ++;
- }
-
- /*
- * Find the end of the from value...
- */
-
- for (valueptr = value;
- *valueptr && !isspace(*valueptr & 255);
- valueptr ++);
-
- while (isspace(*valueptr & 255))
- *valueptr++ = '\0';
-
- /*
- * Figure out what form the from address takes:
- *
- * *.domain.com
- * .domain.com
- * host.domain.com
- * nnn.*
- * nnn.nnn.*
- * nnn.nnn.nnn.*
- * nnn.nnn.nnn.nnn
- * nnn.nnn.nnn.nnn/mm
- * nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
- */
-
-#ifdef AF_INET6
- if (value[0] == '*' || value[0] == '.' ||
- (!isdigit(value[0] & 255) && value[0] != '['))
-#else
- if (value[0] == '*' || value[0] == '.' || !isdigit(value[0] & 255))
-#endif /* AF_INET6 */
- {
- /*
- * Host or domain name...
- */
-
- if (!cupsdAddNameMask(&(relay->from), value))
- {
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Unable to allocate BrowseRelay name at line %d - %s.",
- linenum, strerror(errno));
- continue;
- }
- }
- else
- {
- /*
- * One of many IP address forms...
- */
-
- if (!get_addr_and_mask(value, ip, mask))
- {
- cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d.",
- value, linenum);
- break;
- }
-
- if (!cupsdAddIPMask(&(relay->from), ip, mask))
- {
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Unable to allocate BrowseRelay IP at line %d - %s.",
- linenum, strerror(errno));
- continue;
- }
- }
-
- /*
- * Get "to" address and port...
- */
-
- if (!strncasecmp(valueptr, "to ", 3))
- {
- /*
- * Strip leading "to"...
- */
-
- valueptr += 3;
-
- while (isspace(*valueptr))
- valueptr ++;
- }
-
- if ((addrlist = get_address(valueptr, BrowsePort)) != NULL)
- {
- /*
- * Only IPv4 addresses are supported...
- */
-
- for (addr = addrlist; addr; addr = addr->next)
- if (addr->addr.addr.sa_family == AF_INET)
- break;
-
- if (addr)
- {
- memcpy(&(relay->to), &(addrlist->addr), sizeof(relay->to));
-
- httpAddrString(&(relay->to), temp, sizeof(temp));
-
- cupsdLogMessage(CUPSD_LOG_INFO, "Relaying from %s to %s:%d (IPv4)",
- value, temp, ntohs(relay->to.ipv4.sin_port));
-
- NumRelays ++;
- }
- else
- {
- cupsArrayDelete(relay->from);
- relay->from = NULL;
-
- cupsdLogMessage(CUPSD_LOG_ERROR, "Bad relay address %s at line %d.",
- valueptr, linenum);
- }
-
- httpAddrFreeList(addrlist);
- }
- else
- {
- cupsArrayDelete(relay->from);
- relay->from = NULL;
-
- cupsdLogMessage(CUPSD_LOG_ERROR, "Bad relay address %s at line %d.",
- valueptr, linenum);
- }
- }
- else if (!strcasecmp(line, "BrowsePoll") && value)
- {
- /*
- * BrowsePoll address[:port]
- */
-
- char *portname; /* Port name */
- int portnum; /* Port number */
- struct servent *service; /* Service */
-
-
- /*
- * Extract the port name from the address...
- */
-
- if ((portname = strrchr(value, ':')) != NULL && !strchr(portname, ']'))
- {
- *portname++ = '\0';
-
- if (isdigit(*portname & 255))
- portnum = atoi(portname);
- else if ((service = getservbyname(portname, NULL)) != NULL)
- portnum = ntohs(service->s_port);
- else
- {
- cupsdLogMessage(CUPSD_LOG_ERROR, "Lookup of service \"%s\" failed!",
- portname);
- continue;
- }
- }
- else
- portnum = ippPort();
-
- /*
- * Add the poll entry...
- */
-
- if (NumPolled == 0)
- pollp = malloc(sizeof(cupsd_dirsvc_poll_t));
- else
- pollp = realloc(Polled, (NumPolled + 1) * sizeof(cupsd_dirsvc_poll_t));
-
- if (!pollp)
- {
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Unable to allocate BrowsePoll at line %d - %s.",
- linenum, strerror(errno));
- continue;
- }
-
- Polled = pollp;
- pollp += NumPolled;
-
- NumPolled ++;
- memset(pollp, 0, sizeof(cupsd_dirsvc_poll_t));
-
- strlcpy(pollp->hostname, value, sizeof(pollp->hostname));
- pollp->port = portnum;
-
- cupsdLogMessage(CUPSD_LOG_INFO, "Polling %s:%d", pollp->hostname,
- pollp->port);
- }
- else if (!strcasecmp(line, "DefaultAuthType") && value)
- {
- /*
- * DefaultAuthType {basic,digest,basicdigest,negotiate}
- */
-
- if (!strcasecmp(value, "none"))
- DefaultAuthType = CUPSD_AUTH_NONE;
- else if (!strcasecmp(value, "basic"))
- DefaultAuthType = CUPSD_AUTH_BASIC;
- else if (!strcasecmp(value, "digest"))
- DefaultAuthType = CUPSD_AUTH_DIGEST;
- else if (!strcasecmp(value, "basicdigest"))
- DefaultAuthType = CUPSD_AUTH_BASICDIGEST;
-#ifdef HAVE_GSSAPI
- else if (!strcasecmp(value, "negotiate"))
- DefaultAuthType = CUPSD_AUTH_NEGOTIATE;
-#endif /* HAVE_GSSAPI */
- else
- {
- cupsdLogMessage(CUPSD_LOG_WARN,
- "Unknown default authorization type %s on line %d.",
- value, linenum);
- if (FatalErrors & CUPSD_FATAL_CONFIG)
- return (0);
- }
- }
-#ifdef HAVE_SSL
- else if (!strcasecmp(line, "DefaultEncryption"))
- {
- /*
- * DefaultEncryption {Never,IfRequested,Required}
- */
-
- if (!value || !strcasecmp(value, "never"))
- DefaultEncryption = HTTP_ENCRYPT_NEVER;
- else if (!strcasecmp(value, "required"))
- DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
- else if (!strcasecmp(value, "ifrequested"))
- DefaultEncryption = HTTP_ENCRYPT_IF_REQUESTED;
- else
- {
- cupsdLogMessage(CUPSD_LOG_WARN,
- "Unknown default encryption %s on line %d.",
- value, linenum);
- if (FatalErrors & CUPSD_FATAL_CONFIG)
- return (0);
- }
- }
-#endif /* HAVE_SSL */
- else if (!strcasecmp(line, "User") && value)
- {
- /*
- * User ID to run as...
- */
-
- if (isdigit(value[0] & 255))
- {
- int uid = atoi(value);
-
- if (!uid)
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Will not use User 0 as specified on line %d "
- "for security reasons. You must use a non-"
- "privileged account instead.",
- linenum);
- else
- User = atoi(value);
- }
- else
- {
- struct passwd *p; /* Password information */
-
- endpwent();
- p = getpwnam(value);
-
- if (p)
- {
- if (!p->pw_uid)
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Will not use User %s (UID=0) as specified on line "
- "%d for security reasons. You must use a non-"
- "privileged account instead.",
- value, linenum);
- else
- User = p->pw_uid;
- }
- else
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Unknown User \"%s\" on line %d, ignoring!",
- value, linenum);
- }
- }
- else if (!strcasecmp(line, "Group") && value)
- {
- /*
- * Group ID to run as...
- */
-
- if (isdigit(value[0]))
- Group = atoi(value);
- else
- {
- endgrent();
- group = getgrnam(value);
-
- if (group != NULL)
- Group = group->gr_gid;
- else
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Unknown Group \"%s\" on line %d, ignoring!",
- value, linenum);
- }
- }
- else if (!strcasecmp(line, "SystemGroup") && value)
- {
- /*
- * SystemGroup (admin) group(s)...
- */
-
- if (!parse_groups(value))
- cupsdLogMessage(CUPSD_LOG_ERROR,
- "Unknown SystemGroup \"%s\" on line %d, ignoring!",
- value, linenum);
- }
- else if (!strcasecmp(line, "HostNameLookups") && value)
- {
- /*
- * Do hostname lookups?
- */
-
- if (!strcasecmp(value, "off") || !strcasecmp(value, "no") ||
- !strcasecmp(value, "false"))