]>
Commit | Line | Data |
---|---|---|
ef416fc2 | 1 | /* |
07725fee | 2 | * "$Id: auth.c 5961 2006-09-16 19:08:36Z mike $" |
ef416fc2 | 3 | * |
4 | * Authentication functions for the Common UNIX Printing System (CUPS). | |
5 | * | |
6 | * Copyright 1997-2006 by Easy Software Products. | |
7 | * | |
8 | * These coded instructions, statements, and computer programs are the | |
9 | * property of Easy Software Products and are protected by Federal | |
10 | * copyright law. Distribution and use rights are outlined in the file | |
11 | * "LICENSE.txt" which should have been included with this file. If this | |
12 | * file is missing or damaged please contact Easy Software Products | |
13 | * at: | |
14 | * | |
15 | * Attn: CUPS Licensing Information | |
16 | * Easy Software Products | |
17 | * 44141 Airport View Drive, Suite 204 | |
18 | * Hollywood, Maryland 20636 USA | |
19 | * | |
20 | * Voice: (301) 373-9600 | |
21 | * EMail: cups-info@cups.org | |
22 | * WWW: http://www.cups.org | |
23 | * | |
24 | * This file is subject to the Apple OS-Developed Software exception. | |
25 | * | |
26 | * Contents: | |
27 | * | |
28 | * cupsDoAuthentication() - Authenticate a request. | |
29 | * cups_local_auth() - Get the local authorization certificate if | |
30 | * available/applicable... | |
31 | */ | |
32 | ||
33 | /* | |
34 | * Include necessary headers... | |
35 | */ | |
36 | ||
37 | #include "globals.h" | |
38 | #include "debug.h" | |
39 | #include <stdlib.h> | |
40 | #include <ctype.h> | |
41 | #include <errno.h> | |
42 | #include <fcntl.h> | |
43 | #include <sys/stat.h> | |
44 | #if defined(WIN32) || defined(__EMX__) | |
45 | # include <io.h> | |
46 | #else | |
47 | # include <unistd.h> | |
48 | #endif /* WIN32 || __EMX__ */ | |
49 | ||
50 | ||
51 | /* | |
52 | * Local functions... | |
53 | */ | |
54 | ||
55 | static int cups_local_auth(http_t *http); | |
56 | ||
57 | ||
58 | /* | |
59 | * 'cupsDoAuthentication()' - Authenticate a request. | |
60 | * | |
61 | * This function should be called in response to a HTTP_UNAUTHORIZED | |
62 | * status, prior to resubmitting your request. | |
63 | * | |
64 | * @since CUPS 1.1.20@ | |
65 | */ | |
66 | ||
67 | int /* O - 0 on success, -1 on error */ | |
68 | cupsDoAuthentication(http_t *http, /* I - HTTP connection to server */ | |
69 | const char *method,/* I - Request method (GET, POST, PUT) */ | |
70 | const char *resource) | |
71 | /* I - Resource path */ | |
72 | { | |
73 | const char *password; /* Password string */ | |
74 | char prompt[1024], /* Prompt for user */ | |
75 | realm[HTTP_MAX_VALUE], /* realm="xyz" string */ | |
76 | nonce[HTTP_MAX_VALUE], /* nonce="xyz" string */ | |
77 | encode[512]; /* Encoded username:password */ | |
78 | ||
79 | ||
80 | DEBUG_printf(("cupsDoAuthentication(http=%p, method=\"%s\", resource=\"%s\")\n", | |
81 | http, method, resource)); | |
82 | DEBUG_printf(("cupsDoAuthentication: digest_tries=%d, userpass=\"%s\"\n", | |
83 | http->digest_tries, http->userpass)); | |
07725fee | 84 | DEBUG_printf(("cupsDoAuthentication: WWW-Authenticate=\"%s\"\n", |
85 | httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE))); | |
ef416fc2 | 86 | |
87 | /* | |
88 | * Clear the current authentication string... | |
89 | */ | |
90 | ||
91 | http->authstring[0] = '\0'; | |
92 | ||
93 | /* | |
94 | * See if we can do local authentication... | |
95 | */ | |
96 | ||
d6ae789d | 97 | if (http->digest_tries < 3 && !cups_local_auth(http)) |
ef416fc2 | 98 | { |
99 | DEBUG_printf(("cupsDoAuthentication: authstring=\"%s\"\n", http->authstring)); | |
d6ae789d | 100 | |
101 | if (http->status == HTTP_UNAUTHORIZED) | |
102 | http->digest_tries ++; | |
103 | ||
ef416fc2 | 104 | return (0); |
105 | } | |
106 | ||
107 | /* | |
108 | * Nope, see if we should retry the current username:password... | |
109 | */ | |
110 | ||
111 | if (http->digest_tries > 1 || !http->userpass[0]) | |
112 | { | |
113 | /* | |
114 | * Nope - get a new password from the user... | |
115 | */ | |
116 | ||
f301802f | 117 | snprintf(prompt, sizeof(prompt), _("Password for %s on %s? "), cupsUser(), |
118 | http->hostname[0] == '/' ? "localhost" : http->hostname); | |
ef416fc2 | 119 | |
120 | http->digest_tries = strncasecmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], | |
121 | "Digest", 5) != 0; | |
122 | http->userpass[0] = '\0'; | |
123 | ||
124 | if ((password = cupsGetPassword(prompt)) == NULL) | |
125 | return (-1); | |
126 | ||
127 | if (!password[0]) | |
128 | return (-1); | |
129 | ||
130 | snprintf(http->userpass, sizeof(http->userpass), "%s:%s", cupsUser(), | |
131 | password); | |
132 | } | |
133 | else if (http->status == HTTP_UNAUTHORIZED) | |
134 | http->digest_tries ++; | |
135 | ||
136 | /* | |
137 | * Got a password; encode it for the server... | |
138 | */ | |
139 | ||
140 | if (strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Digest", 6)) | |
141 | { | |
142 | /* | |
143 | * Basic authentication... | |
144 | */ | |
145 | ||
146 | httpEncode64_2(encode, sizeof(encode), http->userpass, | |
147 | strlen(http->userpass)); | |
148 | snprintf(http->authstring, sizeof(http->authstring), "Basic %s", encode); | |
149 | } | |
150 | else | |
151 | { | |
152 | /* | |
153 | * Digest authentication... | |
154 | */ | |
155 | ||
156 | httpGetSubField(http, HTTP_FIELD_WWW_AUTHENTICATE, "realm", realm); | |
157 | httpGetSubField(http, HTTP_FIELD_WWW_AUTHENTICATE, "nonce", nonce); | |
158 | ||
159 | httpMD5(cupsUser(), realm, strchr(http->userpass, ':') + 1, encode); | |
160 | httpMD5Final(nonce, method, resource, encode); | |
161 | snprintf(http->authstring, sizeof(http->authstring), | |
162 | "Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", " | |
163 | "uri=\"%s\", response=\"%s\"", cupsUser(), realm, nonce, | |
164 | resource, encode); | |
165 | } | |
166 | ||
167 | DEBUG_printf(("cupsDoAuthentication: authstring=\"%s\"\n", http->authstring)); | |
168 | ||
169 | return (0); | |
170 | } | |
171 | ||
172 | ||
173 | /* | |
174 | * 'cups_local_auth()' - Get the local authorization certificate if | |
175 | * available/applicable... | |
176 | */ | |
177 | ||
178 | static int /* O - 0 if available, -1 if not */ | |
179 | cups_local_auth(http_t *http) /* I - HTTP connection to server */ | |
180 | { | |
181 | #if defined(WIN32) || defined(__EMX__) | |
182 | /* | |
183 | * Currently WIN32 and OS-2 do not support the CUPS server... | |
184 | */ | |
185 | ||
186 | return (-1); | |
187 | #else | |
188 | int pid; /* Current process ID */ | |
189 | FILE *fp; /* Certificate file */ | |
190 | char filename[1024], /* Certificate filename */ | |
191 | certificate[33]; /* Certificate string */ | |
192 | _cups_globals_t *cg = _cupsGlobals(); /* Global data */ | |
193 | ||
194 | ||
195 | DEBUG_printf(("cups_local_auth(http=%p) hostaddr=%s, hostname=\"%s\"\n", | |
196 | http, httpAddrString(http->hostaddr, filename, sizeof(filename)), http->hostname)); | |
197 | ||
198 | /* | |
199 | * See if we are accessing localhost... | |
200 | */ | |
201 | ||
202 | if (!httpAddrLocalhost(http->hostaddr) && | |
203 | strcasecmp(http->hostname, "localhost") != 0) | |
204 | { | |
205 | DEBUG_puts("cups_local_auth: Not a local connection!"); | |
206 | return (-1); | |
207 | } | |
208 | ||
209 | /* | |
210 | * Try opening a certificate file for this PID. If that fails, | |
211 | * try the root certificate... | |
212 | */ | |
213 | ||
214 | pid = getpid(); | |
215 | snprintf(filename, sizeof(filename), "%s/certs/%d", cg->cups_statedir, pid); | |
216 | if ((fp = fopen(filename, "r")) == NULL && pid > 0) | |
217 | { | |
218 | DEBUG_printf(("cups_local_auth: Unable to open file %s: %s\n", | |
219 | filename, strerror(errno))); | |
220 | ||
221 | snprintf(filename, sizeof(filename), "%s/certs/0", cg->cups_statedir); | |
222 | fp = fopen(filename, "r"); | |
223 | } | |
224 | ||
225 | if (fp == NULL) | |
226 | { | |
227 | DEBUG_printf(("cups_local_auth: Unable to open file %s: %s\n", | |
228 | filename, strerror(errno))); | |
229 | return (-1); | |
230 | } | |
231 | ||
232 | /* | |
233 | * Read the certificate from the file... | |
234 | */ | |
235 | ||
236 | fgets(certificate, sizeof(certificate), fp); | |
237 | fclose(fp); | |
238 | ||
239 | /* | |
240 | * Set the authorization string and return... | |
241 | */ | |
242 | ||
243 | snprintf(http->authstring, sizeof(http->authstring), "Local %s", certificate); | |
244 | ||
245 | DEBUG_printf(("cups_local_auth: Returning authstring = \"%s\"\n", | |
246 | http->authstring)); | |
247 | ||
248 | return (0); | |
249 | #endif /* WIN32 || __EMX__ */ | |
250 | } | |
251 | ||
252 | ||
253 | /* | |
07725fee | 254 | * End of "$Id: auth.c 5961 2006-09-16 19:08:36Z mike $". |
ef416fc2 | 255 | */ |