]>
Commit | Line | Data |
---|---|---|
ef416fc2 | 1 | /* |
b86bc4cf | 2 | * "$Id: auth.c 6191 2007-01-10 16:48:37Z mike $" |
ef416fc2 | 3 | * |
4 | * Authentication functions for the Common UNIX Printing System (CUPS). | |
5 | * | |
b86bc4cf | 6 | * Copyright 1997-2007 by Easy Software Products. |
ef416fc2 | 7 | * |
8 | * These coded instructions, statements, and computer programs are the | |
9 | * property of Easy Software Products and are protected by Federal | |
10 | * copyright law. Distribution and use rights are outlined in the file | |
11 | * "LICENSE.txt" which should have been included with this file. If this | |
12 | * file is missing or damaged please contact Easy Software Products | |
13 | * at: | |
14 | * | |
15 | * Attn: CUPS Licensing Information | |
16 | * Easy Software Products | |
17 | * 44141 Airport View Drive, Suite 204 | |
18 | * Hollywood, Maryland 20636 USA | |
19 | * | |
20 | * Voice: (301) 373-9600 | |
21 | * EMail: cups-info@cups.org | |
22 | * WWW: http://www.cups.org | |
23 | * | |
24 | * This file is subject to the Apple OS-Developed Software exception. | |
25 | * | |
26 | * Contents: | |
27 | * | |
28 | * cupsDoAuthentication() - Authenticate a request. | |
29 | * cups_local_auth() - Get the local authorization certificate if | |
30 | * available/applicable... | |
31 | */ | |
32 | ||
33 | /* | |
34 | * Include necessary headers... | |
35 | */ | |
36 | ||
37 | #include "globals.h" | |
38 | #include "debug.h" | |
39 | #include <stdlib.h> | |
40 | #include <ctype.h> | |
41 | #include <errno.h> | |
42 | #include <fcntl.h> | |
43 | #include <sys/stat.h> | |
44 | #if defined(WIN32) || defined(__EMX__) | |
45 | # include <io.h> | |
46 | #else | |
47 | # include <unistd.h> | |
48 | #endif /* WIN32 || __EMX__ */ | |
49 | ||
50 | ||
51 | /* | |
52 | * Local functions... | |
53 | */ | |
54 | ||
55 | static int cups_local_auth(http_t *http); | |
56 | ||
57 | ||
58 | /* | |
59 | * 'cupsDoAuthentication()' - Authenticate a request. | |
60 | * | |
61 | * This function should be called in response to a HTTP_UNAUTHORIZED | |
62 | * status, prior to resubmitting your request. | |
63 | * | |
64 | * @since CUPS 1.1.20@ | |
65 | */ | |
66 | ||
67 | int /* O - 0 on success, -1 on error */ | |
68 | cupsDoAuthentication(http_t *http, /* I - HTTP connection to server */ | |
69 | const char *method,/* I - Request method (GET, POST, PUT) */ | |
70 | const char *resource) | |
71 | /* I - Resource path */ | |
72 | { | |
73 | const char *password; /* Password string */ | |
74 | char prompt[1024], /* Prompt for user */ | |
75 | realm[HTTP_MAX_VALUE], /* realm="xyz" string */ | |
76 | nonce[HTTP_MAX_VALUE], /* nonce="xyz" string */ | |
77 | encode[512]; /* Encoded username:password */ | |
b86bc4cf | 78 | _cups_globals_t *cg; /* Global data */ |
ef416fc2 | 79 | |
80 | ||
81 | DEBUG_printf(("cupsDoAuthentication(http=%p, method=\"%s\", resource=\"%s\")\n", | |
82 | http, method, resource)); | |
83 | DEBUG_printf(("cupsDoAuthentication: digest_tries=%d, userpass=\"%s\"\n", | |
84 | http->digest_tries, http->userpass)); | |
07725fee | 85 | DEBUG_printf(("cupsDoAuthentication: WWW-Authenticate=\"%s\"\n", |
86 | httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE))); | |
ef416fc2 | 87 | |
88 | /* | |
89 | * Clear the current authentication string... | |
90 | */ | |
91 | ||
92 | http->authstring[0] = '\0'; | |
93 | ||
94 | /* | |
95 | * See if we can do local authentication... | |
96 | */ | |
97 | ||
d6ae789d | 98 | if (http->digest_tries < 3 && !cups_local_auth(http)) |
ef416fc2 | 99 | { |
100 | DEBUG_printf(("cupsDoAuthentication: authstring=\"%s\"\n", http->authstring)); | |
d6ae789d | 101 | |
102 | if (http->status == HTTP_UNAUTHORIZED) | |
103 | http->digest_tries ++; | |
104 | ||
ef416fc2 | 105 | return (0); |
106 | } | |
107 | ||
108 | /* | |
109 | * Nope, see if we should retry the current username:password... | |
110 | */ | |
111 | ||
112 | if (http->digest_tries > 1 || !http->userpass[0]) | |
113 | { | |
114 | /* | |
115 | * Nope - get a new password from the user... | |
116 | */ | |
117 | ||
b86bc4cf | 118 | cg = _cupsGlobals(); |
119 | ||
120 | if (!cg->lang_default) | |
121 | cg->lang_default = cupsLangDefault(); | |
122 | ||
123 | snprintf(prompt, sizeof(prompt), | |
124 | _cupsLangString(cg->lang_default, _("Password for %s on %s? ")), | |
125 | cupsUser(), | |
126 | http->hostname[0] == '/' ? "localhost" : http->hostname); | |
ef416fc2 | 127 | |
128 | http->digest_tries = strncasecmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], | |
129 | "Digest", 5) != 0; | |
130 | http->userpass[0] = '\0'; | |
131 | ||
132 | if ((password = cupsGetPassword(prompt)) == NULL) | |
133 | return (-1); | |
134 | ||
135 | if (!password[0]) | |
136 | return (-1); | |
137 | ||
138 | snprintf(http->userpass, sizeof(http->userpass), "%s:%s", cupsUser(), | |
139 | password); | |
140 | } | |
141 | else if (http->status == HTTP_UNAUTHORIZED) | |
142 | http->digest_tries ++; | |
143 | ||
144 | /* | |
145 | * Got a password; encode it for the server... | |
146 | */ | |
147 | ||
148 | if (strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Digest", 6)) | |
149 | { | |
150 | /* | |
151 | * Basic authentication... | |
152 | */ | |
153 | ||
154 | httpEncode64_2(encode, sizeof(encode), http->userpass, | |
b86bc4cf | 155 | (int)strlen(http->userpass)); |
ef416fc2 | 156 | snprintf(http->authstring, sizeof(http->authstring), "Basic %s", encode); |
157 | } | |
158 | else | |
159 | { | |
160 | /* | |
161 | * Digest authentication... | |
162 | */ | |
163 | ||
164 | httpGetSubField(http, HTTP_FIELD_WWW_AUTHENTICATE, "realm", realm); | |
165 | httpGetSubField(http, HTTP_FIELD_WWW_AUTHENTICATE, "nonce", nonce); | |
166 | ||
167 | httpMD5(cupsUser(), realm, strchr(http->userpass, ':') + 1, encode); | |
168 | httpMD5Final(nonce, method, resource, encode); | |
169 | snprintf(http->authstring, sizeof(http->authstring), | |
170 | "Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", " | |
171 | "uri=\"%s\", response=\"%s\"", cupsUser(), realm, nonce, | |
172 | resource, encode); | |
173 | } | |
174 | ||
175 | DEBUG_printf(("cupsDoAuthentication: authstring=\"%s\"\n", http->authstring)); | |
176 | ||
177 | return (0); | |
178 | } | |
179 | ||
180 | ||
181 | /* | |
182 | * 'cups_local_auth()' - Get the local authorization certificate if | |
183 | * available/applicable... | |
184 | */ | |
185 | ||
186 | static int /* O - 0 if available, -1 if not */ | |
187 | cups_local_auth(http_t *http) /* I - HTTP connection to server */ | |
188 | { | |
189 | #if defined(WIN32) || defined(__EMX__) | |
190 | /* | |
191 | * Currently WIN32 and OS-2 do not support the CUPS server... | |
192 | */ | |
193 | ||
194 | return (-1); | |
195 | #else | |
196 | int pid; /* Current process ID */ | |
197 | FILE *fp; /* Certificate file */ | |
198 | char filename[1024], /* Certificate filename */ | |
199 | certificate[33]; /* Certificate string */ | |
200 | _cups_globals_t *cg = _cupsGlobals(); /* Global data */ | |
201 | ||
202 | ||
203 | DEBUG_printf(("cups_local_auth(http=%p) hostaddr=%s, hostname=\"%s\"\n", | |
204 | http, httpAddrString(http->hostaddr, filename, sizeof(filename)), http->hostname)); | |
205 | ||
206 | /* | |
207 | * See if we are accessing localhost... | |
208 | */ | |
209 | ||
210 | if (!httpAddrLocalhost(http->hostaddr) && | |
211 | strcasecmp(http->hostname, "localhost") != 0) | |
212 | { | |
213 | DEBUG_puts("cups_local_auth: Not a local connection!"); | |
214 | return (-1); | |
215 | } | |
216 | ||
217 | /* | |
218 | * Try opening a certificate file for this PID. If that fails, | |
219 | * try the root certificate... | |
220 | */ | |
221 | ||
222 | pid = getpid(); | |
223 | snprintf(filename, sizeof(filename), "%s/certs/%d", cg->cups_statedir, pid); | |
224 | if ((fp = fopen(filename, "r")) == NULL && pid > 0) | |
225 | { | |
226 | DEBUG_printf(("cups_local_auth: Unable to open file %s: %s\n", | |
227 | filename, strerror(errno))); | |
228 | ||
229 | snprintf(filename, sizeof(filename), "%s/certs/0", cg->cups_statedir); | |
230 | fp = fopen(filename, "r"); | |
231 | } | |
232 | ||
233 | if (fp == NULL) | |
234 | { | |
235 | DEBUG_printf(("cups_local_auth: Unable to open file %s: %s\n", | |
236 | filename, strerror(errno))); | |
237 | return (-1); | |
238 | } | |
239 | ||
240 | /* | |
241 | * Read the certificate from the file... | |
242 | */ | |
243 | ||
244 | fgets(certificate, sizeof(certificate), fp); | |
245 | fclose(fp); | |
246 | ||
247 | /* | |
248 | * Set the authorization string and return... | |
249 | */ | |
250 | ||
251 | snprintf(http->authstring, sizeof(http->authstring), "Local %s", certificate); | |
252 | ||
253 | DEBUG_printf(("cups_local_auth: Returning authstring = \"%s\"\n", | |
254 | http->authstring)); | |
255 | ||
256 | return (0); | |
257 | #endif /* WIN32 || __EMX__ */ | |
258 | } | |
259 | ||
260 | ||
261 | /* | |
b86bc4cf | 262 | * End of "$Id: auth.c 6191 2007-01-10 16:48:37Z mike $". |
ef416fc2 | 263 | */ |