]> git.ipfire.org Git - thirdparty/cups.git/blame - cups/usersys.c
projects / thirdparty / cups.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Changelog.
[thirdparty/cups.git] / cups / usersys.c
CommitLineData
ef416fc2 1/*
83bc2aac
MS		 2 * User, system, and password routines for CUPS.
3 *
53af7f21 4 * Copyright 2007-2017 by Apple Inc.
83bc2aac
MS		 5 * Copyright 1997-2006 by Easy Software Products.
6 *
7 * These coded instructions, statements, and computer programs are the
8 * property of Apple Inc. and are protected by Federal copyright
9 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
10 * which should have been included with this file. If this file is
57b7b66b 11 * missing or damaged, see the license at "http://www.cups.org/".
83bc2aac
MS		 12 *
13 * This file is subject to the Apple OS-Developed Software exception.
ef416fc2 14 */
15
16/*
17 * Include necessary headers...
18 */
19
71e16022 20#include "cups-private.h"
ef416fc2 21#include <stdlib.h>
e00b005a 22#include <sys/stat.h>
ef416fc2 23#ifdef WIN32
24# include <windows.h>
5a6b583a
MS		 25#else
26# include <pwd.h>
dcb445bc 27# include <termios.h>
db8b865d 28# include <sys/utsname.h>
ef416fc2 29#endif /* WIN32 */
30
31
dcb445bc
MS		 32/*
33 * Local constants...
34 */
35
08d56b1f
MS		 36#ifdef __APPLE__
37# define kCUPSPrintingPrefs CFSTR("org.cups.PrintingPrefs")
38# define kAllowAnyRootKey CFSTR("AllowAnyRoot")
39# define kAllowExpiredCertsKey CFSTR("AllowExpiredCerts")
40# define kEncryptionKey CFSTR("Encryption")
41# define kGSSServiceNameKey CFSTR("GSSServiceName")
42# define kSSLOptionsKey CFSTR("SSLOptions")
43# define kTrustOnFirstUseKey CFSTR("TrustOnFirstUse")
44# define kValidateCertsKey CFSTR("ValidateCerts")
45#endif /* __APPLE__ */
46
dcb445bc
MS		 47#define _CUPS_PASSCHAR '*' /* Character that is echoed for password */
48
49
3abb875b
MS		 50/*
51 * Local types...
52 */
53
54typedef struct _cups_client_conf_s /**** client.conf config data ****/
55{
56#ifdef HAVE_SSL
8f1fbdec
MS		 57 int ssl_options, /* SSLOptions values */
58 ssl_min_version,/* Minimum SSL/TLS version */
59 ssl_max_version;/* Maximum SSL/TLS version */
3abb875b 60#endif /* HAVE_SSL */
08d56b1f
MS		 61 int trust_first, /* Trust on first use? */
62 any_root, /* Allow any (e.g., self-signed) root */
3abb875b
MS		 63 expired_certs, /* Allow expired certs */
64 validate_certs; /* Validate certificates */
65 http_encryption_t encryption; /* Encryption setting */
66 char user[65], /* User name */
67 server_name[256];
68 /* Server hostname */
69#ifdef HAVE_GSSAPI
70 char gss_service_name[32];
71 /* Kerberos service name */
72#endif /* HAVE_GSSAPI */
73} _cups_client_conf_t;
74
75
b423cd4c 76/*
77 * Local functions...
78 */
79
08d56b1f
MS		 80#ifdef __APPLE__
81static int cups_apple_get_boolean(CFStringRef key, int *value);
82static int cups_apple_get_string(CFStringRef key, char *value, size_t valsize);
83#endif /* __APPLE__ */
84static int cups_boolean_value(const char *value);
3abb875b
MS		 85static void cups_finalize_client_conf(_cups_client_conf_t *cc);
86static void cups_init_client_conf(_cups_client_conf_t *cc);
87static void cups_read_client_conf(cups_file_t *fp, _cups_client_conf_t *cc);
4b9daaf4 88static void cups_set_default_ipp_port(_cups_globals_t *cg);
3abb875b 89static void cups_set_encryption(_cups_client_conf_t *cc, const char *value);
07ed0e9a 90#ifdef HAVE_GSSAPI
3abb875b 91static void cups_set_gss_service_name(_cups_client_conf_t *cc, const char *value);
07ed0e9a 92#endif /* HAVE_GSSAPI */
3abb875b
MS		 93static void cups_set_server_name(_cups_client_conf_t *cc, const char *value);
94#ifdef HAVE_SSL
95static void cups_set_ssl_options(_cups_client_conf_t *cc, const char *value);
96#endif /* HAVE_SSL */
97static void cups_set_user(_cups_client_conf_t *cc, const char *value);
b423cd4c 98
99
ef416fc2 100/*
5a6b583a 101 * 'cupsEncryption()' - Get the current encryption settings.
ef416fc2 102 *
103 * The default encryption setting comes from the CUPS_ENCRYPTION
568fa3fa 104 * environment variable, then the ~/.cups/client.conf file, and finally the
ef416fc2 105 * /etc/cups/client.conf file. If not set, the default is
cb7f98ee 106 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
5a6b583a
MS		 107 *
108 * Note: The current encryption setting is tracked separately for each thread
109 * in a program. Multi-threaded programs that override the setting via the
110 * @link cupsSetEncryption@ function need to do so in each thread for the same
111 * setting to be used.
ef416fc2 112 */
113
114http_encryption_t /* O - Encryption settings */
115cupsEncryption(void)
116{
ef416fc2 117 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
118
119
ef416fc2 120 if (cg->encryption == (http_encryption_t)-1)
e07d4801 121 _cupsSetDefaults();
ef416fc2 122
123 return (cg->encryption);
124}
125
126
127/*
128 * 'cupsGetPassword()' - Get a password from the user.
129 *
5a738aea 130 * Uses the current password callback function. Returns @code NULL@ if the
ecdc0628 131 * user does not provide a password.
5a6b583a
MS		 132 *
133 * Note: The current password callback function is tracked separately for each
134 * thread in a program. Multi-threaded programs that override the setting via
135 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
136 * do so in each thread for the same function to be used.
53af7f21
MS		 137 *
138 * @exclude all@
ef416fc2 139 */
140
141const char * /* O - Password */
142cupsGetPassword(const char *prompt) /* I - Prompt string */
143{
f11a948a
MS		 144 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
145
146
147 return ((cg->password_cb)(prompt, NULL, NULL, NULL, cg->password_data));
148}
149
150
151/*
98d88c8d 152 * 'cupsGetPassword2()' - Get a password from the user using the current
5a6b583a 153 * password callback.
f11a948a
MS		 154 *
155 * Uses the current password callback function. Returns @code NULL@ if the
156 * user does not provide a password.
157 *
5a6b583a
MS		 158 * Note: The current password callback function is tracked separately for each
159 * thread in a program. Multi-threaded programs that override the setting via
98d88c8d
MS		 160 * the @link cupsSetPasswordCB2@ function need to do so in each thread for the
161 * same function to be used.
5a6b583a 162 *
8072030b 163 * @since CUPS 1.4/macOS 10.6@
f11a948a
MS		 164 */
165
166const char * /* O - Password */
167cupsGetPassword2(const char *prompt, /* I - Prompt string */
168 http_t *http, /* I - Connection to server or @code CUPS_HTTP_DEFAULT@ */
169 const char *method, /* I - Request method ("GET", "POST", "PUT") */
170 const char *resource) /* I - Resource path */
171{
172 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
173
174
175 if (!http)
176 http = _cupsConnect();
177
178 return ((cg->password_cb)(prompt, http, method, resource, cg->password_data));
ef416fc2 179}
180
181
ef416fc2 182/*
5a6b583a
MS		 183 * 'cupsServer()' - Return the hostname/address of the current server.
184 *
185 * The default server comes from the CUPS_SERVER environment variable, then the
186 * ~/.cups/client.conf file, and finally the /etc/cups/client.conf file. If not
187 * set, the default is the local system - either "localhost" or a domain socket
188 * path.
ef416fc2 189 *
5a6b583a
MS		 190 * The returned value can be a fully-qualified hostname, a numeric IPv4 or IPv6
191 * address, or a domain socket pathname.
192 *
193 * Note: The current server is tracked separately for each thread in a program.
194 * Multi-threaded programs that override the server via the
195 * @link cupsSetServer@ function need to do so in each thread for the same
196 * server to be used.
ef416fc2 197 */
198
199const char * /* O - Server name */
200cupsServer(void)
201{
ef416fc2 202 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
203
204
ef416fc2 205 if (!cg->server[0])
e07d4801 206 _cupsSetDefaults();
ef416fc2 207
e07d4801
MS		 208 return (cg->server);
209}
ef416fc2 210
d09495fa 211
7cf5915e
MS		 212/*
213 * 'cupsSetClientCertCB()' - Set the client certificate callback.
214 *
215 * Pass @code NULL@ to restore the default callback.
216 *
217 * Note: The current certificate callback is tracked separately for each thread
218 * in a program. Multi-threaded programs that override the callback need to do
219 * so in each thread for the same callback to be used.
220 *
8072030b 221 * @since CUPS 1.5/macOS 10.7@
7cf5915e
MS		 222 */
223
224void
225cupsSetClientCertCB(
226 cups_client_cert_cb_t cb, /* I - Callback function */
227 void *user_data) /* I - User data pointer */
228{
229 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
230
231
232 cg->client_cert_cb = cb;
233 cg->client_cert_data = user_data;
234}
235
236
237/*
238 * 'cupsSetCredentials()' - Set the default credentials to be used for SSL/TLS
239 * connections.
240 *
241 * Note: The default credentials are tracked separately for each thread in a
242 * program. Multi-threaded programs that override the setting need to do so in
243 * each thread for the same setting to be used.
244 *
8072030b 245 * @since CUPS 1.5/macOS 10.7@
7cf5915e
MS		 246 */
247
248int /* O - Status of call (0 = success) */
249cupsSetCredentials(
250 cups_array_t *credentials) /* I - Array of credentials */
251{
252 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
253
254
255 if (cupsArrayCount(credentials) < 1)
256 return (-1);
257
7d5824d6 258#ifdef HAVE_SSL
7cf5915e 259 _httpFreeCredentials(cg->tls_credentials);
85dda01c 260 cg->tls_credentials = _httpCreateCredentials(credentials);
7d5824d6 261#endif /* HAVE_SSL */
7cf5915e
MS		 262
263 return (cg->tls_credentials ? 0 : -1);
264}
265
266
e07d4801
MS		 267/*
268 * 'cupsSetEncryption()' - Set the encryption preference.
5a6b583a
MS		 269 *
270 * The default encryption setting comes from the CUPS_ENCRYPTION
271 * environment variable, then the ~/.cups/client.conf file, and finally the
272 * /etc/cups/client.conf file. If not set, the default is
cb7f98ee 273 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
5a6b583a
MS		 274 *
275 * Note: The current encryption setting is tracked separately for each thread
276 * in a program. Multi-threaded programs that override the setting need to do
277 * so in each thread for the same setting to be used.
e07d4801 278 */
ef416fc2 279
e07d4801
MS		 280void
281cupsSetEncryption(http_encryption_t e) /* I - New encryption preference */
282{
283 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
ef416fc2 284
ef416fc2 285
e07d4801 286 cg->encryption = e;
ef416fc2 287
e07d4801
MS		 288 if (cg->http)
289 httpEncryption(cg->http, e);
ef416fc2 290}
291
292
293/*
294 * 'cupsSetPasswordCB()' - Set the password callback for CUPS.
295 *
5a6b583a
MS		 296 * Pass @code NULL@ to restore the default (console) password callback, which
297 * reads the password from the console. Programs should call either this
298 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
299 * by a program per thread.
300 *
301 * Note: The current password callback is tracked separately for each thread
302 * in a program. Multi-threaded programs that override the callback need to do
303 * so in each thread for the same callback to be used.
53af7f21
MS		 304 *
305 * @exclude all@
ef416fc2 306 */
307
308void
309cupsSetPasswordCB(cups_password_cb_t cb)/* I - Callback function */
310{
311 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
312
313
f11a948a
MS		 314 if (cb == (cups_password_cb_t)0)
315 cg->password_cb = (cups_password_cb2_t)_cupsGetPassword;
316 else
317 cg->password_cb = (cups_password_cb2_t)cb;
318
319 cg->password_data = NULL;
320}
321
322
323/*
324 * 'cupsSetPasswordCB2()' - Set the advanced password callback for CUPS.
325 *
5a6b583a
MS		 326 * Pass @code NULL@ to restore the default (console) password callback, which
327 * reads the password from the console. Programs should call either this
328 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
329 * by a program per thread.
330 *
331 * Note: The current password callback is tracked separately for each thread
332 * in a program. Multi-threaded programs that override the callback need to do
333 * so in each thread for the same callback to be used.
f11a948a 334 *
8072030b 335 * @since CUPS 1.4/macOS 10.6@
f11a948a
MS		 336 */
337
338void
339cupsSetPasswordCB2(
340 cups_password_cb2_t cb, /* I - Callback function */
341 void *user_data) /* I - User data pointer */
342{
343 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
344
345
346 if (cb == (cups_password_cb2_t)0)
347 cg->password_cb = (cups_password_cb2_t)_cupsGetPassword;
ef416fc2 348 else
349 cg->password_cb = cb;
f11a948a
MS		 350
351 cg->password_data = user_data;
ef416fc2 352}
353
354
355/*
5a6b583a 356 * 'cupsSetServer()' - Set the default server name and port.
ef416fc2 357 *
358 * The "server" string can be a fully-qualified hostname, a numeric
5a6b583a
MS		 359 * IPv4 or IPv6 address, or a domain socket pathname. Hostnames and numeric IP
360 * addresses can be optionally followed by a colon and port number to override
361 * the default port 631, e.g. "hostname:8631". Pass @code NULL@ to restore the
362 * default server name and port.
363 *
364 * Note: The current server is tracked separately for each thread in a program.
365 * Multi-threaded programs that override the server need to do so in each
366 * thread for the same server to be used.
ef416fc2 367 */
368
369void
370cupsSetServer(const char *server) /* I - Server name */
371{
0cb67df3
MS		 372 char *options, /* Options */
373 *port; /* Pointer to port */
ef416fc2 374 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
375
376
377 if (server)
378 {
379 strlcpy(cg->server, server, sizeof(cg->server));
380
0cb67df3
MS		 381 if (cg->server[0] != '/' && (options = strrchr(cg->server, '/')) != NULL)
382 {
383 *options++ = '\0';
384
385 if (!strcmp(options, "version=1.0"))
386 cg->server_version = 10;
387 else if (!strcmp(options, "version=1.1"))
388 cg->server_version = 11;
389 else if (!strcmp(options, "version=2.0"))
390 cg->server_version = 20;
391 else if (!strcmp(options, "version=2.1"))
392 cg->server_version = 21;
393 else if (!strcmp(options, "version=2.2"))
394 cg->server_version = 22;
395 }
567f49cb
MS		 396 else
397 cg->server_version = 20;
0cb67df3 398
ef416fc2 399 if (cg->server[0] != '/' && (port = strrchr(cg->server, ':')) != NULL &&
400 !strchr(port, ']') && isdigit(port[1] & 255))
401 {
402 *port++ = '\0';
403
e07d4801 404 cg->ipp_port = atoi(port);
ef416fc2 405 }
406
4b9daaf4
MS		 407 if (!cg->ipp_port)
408 cups_set_default_ipp_port(cg);
409
ef416fc2 410 if (cg->server[0] == '/')
5a9febac 411 strlcpy(cg->servername, "localhost", sizeof(cg->servername));
ef416fc2 412 else
413 strlcpy(cg->servername, cg->server, sizeof(cg->servername));
414 }
415 else
416 {
0cb67df3
MS		 417 cg->server[0] = '\0';
418 cg->servername[0] = '\0';
419 cg->server_version = 20;
4b9daaf4 420 cg->ipp_port = 0;
ef416fc2 421 }
5a738aea
MS		 422
423 if (cg->http)
424 {
425 httpClose(cg->http);
426 cg->http = NULL;
427 }
ef416fc2 428}
429
430
7cf5915e
MS		 431/*
432 * 'cupsSetServerCertCB()' - Set the server certificate callback.
433 *
434 * Pass @code NULL@ to restore the default callback.
435 *
436 * Note: The current credentials callback is tracked separately for each thread
437 * in a program. Multi-threaded programs that override the callback need to do
438 * so in each thread for the same callback to be used.
439 *
8072030b 440 * @since CUPS 1.5/macOS 10.7@
7cf5915e
MS		 441 */
442
443void
444cupsSetServerCertCB(
445 cups_server_cert_cb_t cb, /* I - Callback function */
446 void *user_data) /* I - User data pointer */
447{
448 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
449
450
451 cg->server_cert_cb = cb;
452 cg->server_cert_data = user_data;
453}
454
455
ef416fc2 456/*
457 * 'cupsSetUser()' - Set the default user name.
458 *
5a738aea 459 * Pass @code NULL@ to restore the default user name.
5a6b583a
MS		 460 *
461 * Note: The current user name is tracked separately for each thread in a
462 * program. Multi-threaded programs that override the user name need to do so
463 * in each thread for the same user name to be used.
ef416fc2 464 */
465
466void
467cupsSetUser(const char *user) /* I - User name */
468{
469 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
470
471
472 if (user)
473 strlcpy(cg->user, user, sizeof(cg->user));
474 else
475 cg->user[0] = '\0';
476}
477
478
db8b865d
MS		 479/*
480 * 'cupsSetUserAgent()' - Set the default HTTP User-Agent string.
481 *
482 * Setting the string to NULL forces the default value containing the CUPS
483 * version, IPP version, and operating system version and architecture.
484 *
8072030b 485 * @since CUPS 1.7/macOS 10.9@
db8b865d
MS		 486 */
487
488void
489cupsSetUserAgent(const char *user_agent)/* I - User-Agent string or @code NULL@ */
490{
491 _cups_globals_t *cg = _cupsGlobals();
492 /* Thread globals */
493#ifdef WIN32
494 SYSTEM_INFO sysinfo; /* System information */
495 OSVERSIONINFO version; /* OS version info */
496#else
497 struct utsname name; /* uname info */
498#endif /* WIN32 */
499
500
501 if (user_agent)
502 {
503 strlcpy(cg->user_agent, user_agent, sizeof(cg->user_agent));
504 return;
505 }
506
507#ifdef WIN32
508 version.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
509 GetVersionEx(&version);
510 GetNativeSystemInfo(&sysinfo);
511
512 snprintf(cg->user_agent, sizeof(cg->user_agent),
513 CUPS_MINIMAL " (Windows %d.%d; %s) IPP/2.0",
514 version.dwMajorVersion, version.dwMinorVersion,
515 sysinfo.wProcessorArchitecture
516 == PROCESSOR_ARCHITECTURE_AMD64 ? "amd64" :
517 sysinfo.wProcessorArchitecture
518 == PROCESSOR_ARCHITECTURE_ARM ? "arm" :
519 sysinfo.wProcessorArchitecture
520 == PROCESSOR_ARCHITECTURE_IA64 ? "ia64" :
521 sysinfo.wProcessorArchitecture
522 == PROCESSOR_ARCHITECTURE_INTEL ? "intel" :
523 "unknown");
524
525#else
526 uname(&name);
527
528 snprintf(cg->user_agent, sizeof(cg->user_agent),
529 CUPS_MINIMAL " (%s %s; %s) IPP/2.0",
530 name.sysname, name.release, name.machine);
531#endif /* WIN32 */
532}
533
534
ef416fc2 535/*
536 * 'cupsUser()' - Return the current user's name.
5a6b583a
MS		 537 *
538 * Note: The current user name is tracked separately for each thread in a
539 * program. Multi-threaded programs that override the user name with the
540 * @link cupsSetUser@ function need to do so in each thread for the same user
541 * name to be used.
ef416fc2 542 */
543
544const char * /* O - User name */
545cupsUser(void)
546{
547 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
548
549
550 if (!cg->user[0])
3e7fe0ca 551 _cupsSetDefaults();
ef416fc2 552
553 return (cg->user);
554}
555
556
db8b865d
MS		 557/*
558 * 'cupsUserAgent()' - Return the default HTTP User-Agent string.
559 *
8072030b 560 * @since CUPS 1.7/macOS 10.9@
db8b865d
MS		 561 */
562
563const char * /* O - User-Agent string */
564cupsUserAgent(void)
565{
566 _cups_globals_t *cg = _cupsGlobals(); /* Thread globals */
567
568
569 if (!cg->user_agent[0])
570 cupsSetUserAgent(NULL);
571
572 return (cg->user_agent);
573}
574
575
ef416fc2 576/*
577 * '_cupsGetPassword()' - Get a password from the user.
578 */
579
dcb445bc 580const char * /* O - Password or @code NULL@ if none */
ef416fc2 581_cupsGetPassword(const char *prompt) /* I - Prompt string */
582{
5a6b583a 583#ifdef WIN32
dcb445bc
MS		 584 HANDLE tty; /* Console handle */
585 DWORD mode; /* Console mode */
586 char passch, /* Current key press */
587 *passptr, /* Pointer into password string */
588 *passend; /* End of password string */
12f89d24 589 DWORD passbytes; /* Bytes read */
dcb445bc
MS		 590 _cups_globals_t *cg = _cupsGlobals();
591 /* Thread globals */
592
593
5a6b583a 594 /*
dcb445bc 595 * Disable input echo and set raw input...
5a6b583a
MS		 596 */
597
dcb445bc
MS		 598 if ((tty = GetStdHandle(STD_INPUT_HANDLE)) == INVALID_HANDLE_VALUE)
599 return (NULL);
600
601 if (!GetConsoleMode(tty, &mode))
602 return (NULL);
603
604 if (!SetConsoleMode(tty, 0))
605 return (NULL);
606
607 /*
608 * Display the prompt...
609 */
610
611 printf("%s ", prompt);
612 fflush(stdout);
613
614 /*
615 * Read the password string from /dev/tty until we get interrupted or get a
616 * carriage return or newline...
617 */
618
619 passptr = cg->password;
620 passend = cg->password + sizeof(cg->password) - 1;
621
12f89d24 622 while (ReadFile(tty, &passch, 1, &passbytes, NULL))
dcb445bc
MS		 623 {
624 if (passch == 0x0A || passch == 0x0D)
625 {
626 /*
627 * Enter/return...
628 */
629
630 break;
631 }
632 else if (passch == 0x08 || passch == 0x7F)
633 {
634 /*
635 * Backspace/delete (erase character)...
636 */
637
638 if (passptr > cg->password)
639 {
640 passptr --;
641 fputs("\010 \010", stdout);
642 }
643 else
644 putchar(0x07);
645 }
646 else if (passch == 0x15)
647 {
648 /*
649 * CTRL+U (erase line)
650 */
651
652 if (passptr > cg->password)
653 {
654 while (passptr > cg->password)
655 {
656 passptr --;
657 fputs("\010 \010", stdout);
658 }
659 }
660 else
661 putchar(0x07);
662 }
663 else if (passch == 0x03)
664 {
665 /*
666 * CTRL+C...
667 */
668
669 passptr = cg->password;
670 break;
671 }
672 else if ((passch & 255) < 0x20 || passptr >= passend)
673 putchar(0x07);
674 else
675 {
676 *passptr++ = passch;
677 putchar(_CUPS_PASSCHAR);
678 }
679
680 fflush(stdout);
681 }
682
683 putchar('\n');
684 fflush(stdout);
685
686 /*
687 * Cleanup...
688 */
689
690 SetConsoleMode(tty, mode);
691
692 /*
693 * Return the proper value...
694 */
695
696 if (passbytes == 1 && passptr > cg->password)
697 {
698 *passptr = '\0';
699 return (cg->password);
700 }
701 else
702 {
703 memset(cg->password, 0, sizeof(cg->password));
704 return (NULL);
705 }
5a6b583a
MS		 706
707#else
dcb445bc
MS		 708 int tty; /* /dev/tty - never read from stdin */
709 struct termios original, /* Original input mode */
710 noecho; /* No echo input mode */
711 char passch, /* Current key press */
712 *passptr, /* Pointer into password string */
713 *passend; /* End of password string */
714 ssize_t passbytes; /* Bytes read */
715 _cups_globals_t *cg = _cupsGlobals();
716 /* Thread globals */
717
718
5a6b583a 719 /*
dcb445bc 720 * Disable input echo and set raw input...
5a6b583a
MS		 721 */
722
dcb445bc
MS		 723 if ((tty = open("/dev/tty", O_RDONLY)) < 0)
724 return (NULL);
725
726 if (tcgetattr(tty, &original))
727 {
728 close(tty);
729 return (NULL);
730 }
731
732 noecho = original;
7e86f2f6 733 noecho.c_lflag &= (tcflag_t)~(ICANON | ECHO | ECHOE | ISIG);
a8db9df8
MS		 734 noecho.c_cc[VMIN] = 1;
735 noecho.c_cc[VTIME] = 0;
7cf5915e 736
dcb445bc
MS		 737 if (tcsetattr(tty, TCSAFLUSH, &noecho))
738 {
739 close(tty);
7cf5915e 740 return (NULL);
dcb445bc
MS		 741 }
742
743 /*
744 * Display the prompt...
745 */
746
747 printf("%s ", prompt);
748 fflush(stdout);
749
750 /*
751 * Read the password string from /dev/tty until we get interrupted or get a
752 * carriage return or newline...
753 */
754
755 passptr = cg->password;
756 passend = cg->password + sizeof(cg->password) - 1;
757
758 while ((passbytes = read(tty, &passch, 1)) == 1)
759 {
8dd318e5
MS		 760 if (passch == noecho.c_cc[VEOL] ||
761# ifdef VEOL2
762 passch == noecho.c_cc[VEOL2] ||
763# endif /* VEOL2 */
dcb445bc
MS		 764 passch == 0x0A || passch == 0x0D)
765 {
766 /*
767 * Enter/return...
768 */
769
770 break;
771 }
772 else if (passch == noecho.c_cc[VERASE] ||
773 passch == 0x08 || passch == 0x7F)
774 {
775 /*
776 * Backspace/delete (erase character)...
777 */
778
779 if (passptr > cg->password)
780 {
781 passptr --;
782 fputs("\010 \010", stdout);
783 }
784 else
785 putchar(0x07);
786 }
787 else if (passch == noecho.c_cc[VKILL])
788 {
789 /*
790 * CTRL+U (erase line)
791 */
792
793 if (passptr > cg->password)
794 {
795 while (passptr > cg->password)
796 {
797 passptr --;
798 fputs("\010 \010", stdout);
799 }
800 }
801 else
802 putchar(0x07);
803 }
804 else if (passch == noecho.c_cc[VINTR] || passch == noecho.c_cc[VQUIT] ||
805 passch == noecho.c_cc[VEOF])
806 {
807 /*
808 * CTRL+C, CTRL+D, or CTRL+Z...
809 */
810
811 passptr = cg->password;
812 break;
813 }
814 else if ((passch & 255) < 0x20 || passptr >= passend)
815 putchar(0x07);
816 else
817 {
818 *passptr++ = passch;
819 putchar(_CUPS_PASSCHAR);
820 }
821
822 fflush(stdout);
823 }
824
825 putchar('\n');
826 fflush(stdout);
827
828 /*
829 * Cleanup...
830 */
831
832 tcsetattr(tty, TCSAFLUSH, &original);
833 close(tty);
834
835 /*
836 * Return the proper value...
837 */
838
839 if (passbytes == 1 && passptr > cg->password)
840 {
841 *passptr = '\0';
842 return (cg->password);
843 }
7cf5915e 844 else
dcb445bc
MS		 845 {
846 memset(cg->password, 0, sizeof(cg->password));
847 return (NULL);
848 }
ef416fc2 849#endif /* WIN32 */
5a6b583a 850}
ef416fc2 851
852
eac3a0a0
MS		 853#ifdef HAVE_GSSAPI
854/*
855 * '_cupsGSSServiceName()' - Get the GSS (Kerberos) service name.
856 */
857
858const char *
859_cupsGSSServiceName(void)
860{
861 _cups_globals_t *cg = _cupsGlobals(); /* Thread globals */
862
863
864 if (!cg->gss_service_name[0])
865 _cupsSetDefaults();
866
867 return (cg->gss_service_name);
868}
869#endif /* HAVE_GSSAPI */
870
871
ef416fc2 872/*
e07d4801 873 * '_cupsSetDefaults()' - Set the default server, port, and encryption.
b423cd4c 874 */
875
e07d4801
MS		 876void
877_cupsSetDefaults(void)
b423cd4c 878{
879 cups_file_t *fp; /* File */
3abb875b 880 const char *home; /* Home directory of user */
b423cd4c 881 char filename[1024]; /* Filename */
3abb875b 882 _cups_client_conf_t cc; /* client.conf values */
b423cd4c 883 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
884
885
e07d4801
MS		 886 DEBUG_puts("_cupsSetDefaults()");
887
888 /*
3abb875b
MS		 889 * Load initial client.conf values...
890 */
891
892 cups_init_client_conf(&cc);
893
894 /*
895 * Read the /etc/cups/client.conf and ~/.cups/client.conf files, if
896 * present.
897 */
898
899 snprintf(filename, sizeof(filename), "%s/client.conf", cg->cups_serverroot);
900 if ((fp = cupsFileOpen(filename, "r")) != NULL)
901 {
902 cups_read_client_conf(fp, &cc);
903 cupsFileClose(fp);
904 }
905
906# ifdef HAVE_GETEUID
907 if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home = getenv("HOME")) != NULL)
908# elif !defined(WIN32)
909 if (getuid() && (home = getenv("HOME")) != NULL)
910# else
911 if ((home = getenv("HOME")) != NULL)
912# endif /* HAVE_GETEUID */
913 {
914 /*
915 * Look for ~/.cups/client.conf...
916 */
917
918 snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home);
919 if ((fp = cupsFileOpen(filename, "r")) != NULL)
920 {
921 cups_read_client_conf(fp, &cc);
922 cupsFileClose(fp);
923 }
924 }
925
926 /*
927 * Finalize things so every client.conf value is set...
e07d4801
MS		 928 */
929
3abb875b
MS		 930 cups_finalize_client_conf(&cc);
931
932 if (cg->encryption == (http_encryption_t)-1)
933 cg->encryption = cc.encryption;
934
935 if (!cg->server[0] || !cg->ipp_port)
936 cupsSetServer(cc.server_name);
937
938 if (!cg->ipp_port)
4b9daaf4 939 cups_set_default_ipp_port(cg);
3abb875b
MS		 940
941 if (!cg->user[0])
942 strlcpy(cg->user, cc.user, sizeof(cg->user));
943
944#ifdef HAVE_GSSAPI
945 if (!cg->gss_service_name[0])
946 strlcpy(cg->gss_service_name, cc.gss_service_name, sizeof(cg->gss_service_name));
947#endif /* HAVE_GSSAPI */
948
08d56b1f
MS		 949 if (cg->trust_first < 0)
950 cg->trust_first = cc.trust_first;
951
3abb875b
MS		 952 if (cg->any_root < 0)
953 cg->any_root = cc.any_root;
954
955 if (cg->expired_certs < 0)
956 cg->expired_certs = cc.expired_certs;
957
958 if (cg->validate_certs < 0)
959 cg->validate_certs = cc.validate_certs;
960
961#ifdef HAVE_SSL
8f1fbdec 962 _httpTLSSetOptions(cc.ssl_options | _HTTP_TLS_SET_DEFAULT, cc.ssl_min_version, cc.ssl_max_version);
3abb875b
MS		 963#endif /* HAVE_SSL */
964}
965
966
08d56b1f
MS		 967#ifdef __APPLE__
968/*
969 * 'cups_apple_get_boolean()' - Get a boolean setting from the CUPS preferences.
970 */
971
972static int /* O - 1 if set, 0 otherwise */
973cups_apple_get_boolean(
974 CFStringRef key, /* I - Key (name) */
975 int *value) /* O - Boolean value */
976{
977 Boolean bval, /* Preference value */
978 bval_set; /* Value is set? */
979
980
981 bval = CFPreferencesGetAppBooleanValue(key, kCUPSPrintingPrefs, &bval_set);
982
983 if (bval_set)
984 *value = (int)bval;
985
986 return ((int)bval_set);
987}
988
989
990/*
991 * 'cups_apple_get_string()' - Get a string setting from the CUPS preferences.
992 */
993
994static int /* O - 1 if set, 0 otherwise */
995cups_apple_get_string(
996 CFStringRef key, /* I - Key (name) */
997 char *value, /* O - String value */
998 size_t valsize) /* I - Size of value buffer */
999{
1000 CFStringRef sval; /* String value */
1001
1002
1003 if ((sval = CFPreferencesCopyAppValue(key, kCUPSPrintingPrefs)) != NULL)
1004 {
1005 Boolean result = CFStringGetCString(sval, value, (CFIndex)valsize, kCFStringEncodingUTF8);
1006
1007 CFRelease(sval);
1008
1009 if (result)
1010 return (1);
1011 }
1012
1013 return (0);
1014}
1015#endif /* __APPLE__ */
1016
1017
3abb875b
MS		 1018/*
1019 * 'cups_boolean_value()' - Convert a string to a boolean value.
1020 */
1021
1022static int /* O - Boolean value */
1023cups_boolean_value(const char *value) /* I - String value */
1024{
1025 return (!_cups_strcasecmp(value, "yes") || !_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "true"));
1026}
1027
1028
1029/*
1030 * 'cups_finalize_client_conf()' - Finalize client.conf values.
1031 */
1032
1033static void
1034cups_finalize_client_conf(
1035 _cups_client_conf_t *cc) /* I - client.conf values */
1036{
1037 const char *value; /* Environment variable */
1038
1039
08d56b1f
MS		 1040 if ((value = getenv("CUPS_TRUSTFIRST")) != NULL)
1041 cc->trust_first = cups_boolean_value(value);
1042
3abb875b
MS		 1043 if ((value = getenv("CUPS_ANYROOT")) != NULL)
1044 cc->any_root = cups_boolean_value(value);
1045
1046 if ((value = getenv("CUPS_ENCRYPTION")) != NULL)
1047 cups_set_encryption(cc, value);
1048
1049 if ((value = getenv("CUPS_EXPIREDCERTS")) != NULL)
1050 cc->expired_certs = cups_boolean_value(value);
1051
07ed0e9a 1052#ifdef HAVE_GSSAPI
3abb875b
MS		 1053 if ((value = getenv("CUPS_GSSSERVICENAME")) != NULL)
1054 cups_set_gss_service_name(cc, value);
07ed0e9a 1055#endif /* HAVE_GSSAPI */
3abb875b
MS		 1056
1057 if ((value = getenv("CUPS_SERVER")) != NULL)
1058 cups_set_server_name(cc, value);
1059
1060 if ((value = getenv("CUPS_USER")) != NULL)
1061 cups_set_user(cc, value);
1062
1063 if ((value = getenv("CUPS_VALIDATECERTS")) != NULL)
1064 cc->validate_certs = cups_boolean_value(value);
e07d4801
MS		 1065
1066 /*
3abb875b 1067 * Then apply defaults for those values that haven't been set...
e07d4801
MS		 1068 */
1069
08d56b1f
MS		 1070 if (cc->trust_first < 0)
1071 cc->trust_first = 1;
1072
3abb875b
MS		 1073 if (cc->any_root < 0)
1074 cc->any_root = 1;
1075
1076 if (cc->encryption == (http_encryption_t)-1)
1077 cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED;
1078
1079 if (cc->expired_certs < 0)
08d56b1f 1080 cc->expired_certs = 0;
3abb875b
MS		 1081
1082#ifdef HAVE_GSSAPI
1083 if (!cc->gss_service_name[0])
1084 cups_set_gss_service_name(cc, CUPS_DEFAULT_GSSSERVICENAME);
1085#endif /* HAVE_GSSAPI */
1086
1087 if (!cc->server_name[0])
e07d4801 1088 {
3abb875b 1089#ifdef CUPS_DEFAULT_DOMAINSOCKET
63aefcd5 1090 /*
3abb875b
MS		 1091 * If we are compiled with domain socket support, only use the
1092 * domain socket if it exists and has the right permissions...
63aefcd5
MS		 1093 */
1094
89b7fd55 1095 if (!access(CUPS_DEFAULT_DOMAINSOCKET, R_OK))
3abb875b
MS		 1096 cups_set_server_name(cc, CUPS_DEFAULT_DOMAINSOCKET);
1097 else
1098#endif /* CUPS_DEFAULT_DOMAINSOCKET */
1099 cups_set_server_name(cc, "localhost");
1100 }
63aefcd5 1101
3abb875b
MS		 1102 if (!cc->user[0])
1103 {
1104#ifdef WIN32
63aefcd5 1105 /*
3abb875b 1106 * Get the current user name from the OS...
63aefcd5
MS		 1107 */
1108
3abb875b 1109 DWORD size; /* Size of string */
63aefcd5 1110
3abb875b
MS		 1111 size = sizeof(cc->user);
1112 if (!GetUserName(cc->user, &size))
1113#else
63aefcd5 1114 /*
3abb875b 1115 * Try the USER environment variable as the default username...
63aefcd5
MS		 1116 */
1117
3abb875b
MS		 1118 const char *envuser = getenv("USER");
1119 /* Default username */
1120 struct passwd *pw = NULL; /* Account information */
1121
1122 if (envuser)
d09495fa 1123 {
10d09e33 1124 /*
3abb875b
MS		 1125 * Validate USER matches the current UID, otherwise don't allow it to
1126 * override things... This makes sure that printing after doing su
1127 * or sudo records the correct username.
10d09e33 1128 */
e07d4801 1129
3abb875b
MS		 1130 if ((pw = getpwnam(envuser)) != NULL && pw->pw_uid != getuid())
1131 pw = NULL;
1132 }
1133
1134 if (!pw)
1135 pw = getpwuid(getuid());
e07d4801 1136
3abb875b
MS		 1137 if (pw)
1138 strlcpy(cc->user, pw->pw_name, sizeof(cc->user));
1139 else
1140#endif /* WIN32 */
1141 {
e07d4801 1142 /*
3abb875b 1143 * Use the default "unknown" user name...
e07d4801
MS		 1144 */
1145
3abb875b 1146 strlcpy(cc->user, "unknown", sizeof(cc->user));
63aefcd5 1147 }
e07d4801 1148 }
3abb875b
MS		 1149
1150 if (cc->validate_certs < 0)
1151 cc->validate_certs = 0;
1152}
1153
1154
1155/*
1156 * 'cups_init_client_conf()' - Initialize client.conf values.
1157 */
1158
1159static void
1160cups_init_client_conf(
1161 _cups_client_conf_t *cc) /* I - client.conf values */
1162{
1163 /*
1164 * Clear all values to "not set"...
1165 */
1166
1167 memset(cc, 0, sizeof(_cups_client_conf_t));
1168
1169 cc->encryption = (http_encryption_t)-1;
08d56b1f 1170 cc->trust_first = -1;
3abb875b
MS		 1171 cc->any_root = -1;
1172 cc->expired_certs = -1;
1173 cc->validate_certs = -1;
08d56b1f
MS		 1174
1175 /*
1176 * Load settings from the org.cups.PrintingPrefs plist (which trump
1177 * everything...)
1178 */
1179
b908d72c 1180#if defined(__APPLE__) && defined(HAVE_SSL)
08d56b1f
MS		 1181 char sval[1024]; /* String value */
1182 int bval; /* Boolean value */
1183
1184 if (cups_apple_get_boolean(kAllowAnyRootKey, &bval))
1185 cc->any_root = bval;
1186
1187 if (cups_apple_get_boolean(kAllowExpiredCertsKey, &bval))
1188 cc->expired_certs = bval;
1189
1190 if (cups_apple_get_string(kEncryptionKey, sval, sizeof(sval)))
1191 cups_set_encryption(cc, sval);
1192
1193 if (cups_apple_get_string(kSSLOptionsKey, sval, sizeof(sval)))
1194 cups_set_ssl_options(cc, sval);
1195
1196 if (cups_apple_get_boolean(kTrustOnFirstUseKey, &bval))
1197 cc->trust_first = bval;
1198
1199 if (cups_apple_get_boolean(kValidateCertsKey, &bval))
1200 cc->validate_certs = bval;
b908d72c 1201#endif /* __APPLE__ && HAVE_SSL */
e07d4801
MS		 1202}
1203
1204
1205/*
1206 * 'cups_read_client_conf()' - Read a client.conf file.
1207 */
1208
1209static void
1210cups_read_client_conf(
3abb875b
MS		 1211 cups_file_t *fp, /* I - File to read */
1212 _cups_client_conf_t *cc) /* I - client.conf values */
e07d4801
MS		 1213{
1214 int linenum; /* Current line number */
1215 char line[1024], /* Line from file */
3abb875b 1216 *value; /* Pointer into line */
e07d4801
MS		 1217
1218
1219 /*
1220 * Read from the file...
1221 */
1222
1223 linenum = 0;
1224 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
1225 {
3abb875b
MS		 1226 if (!_cups_strcasecmp(line, "Encryption") && value)
1227 cups_set_encryption(cc, value);
85dda01c
MS		 1228#ifndef __APPLE__
1229 /*
8072030b 1230 * The ServerName directive is not supported on macOS due to app
3abb875b 1231 * sandboxing restrictions, i.e. not all apps request network access.
85dda01c 1232 */
3abb875b
MS		 1233 else if (!_cups_strcasecmp(line, "ServerName") && value)
1234 cups_set_server_name(cc, value);
85dda01c 1235#endif /* !__APPLE__ */
3abb875b
MS		 1236 else if (!_cups_strcasecmp(line, "User") && value)
1237 cups_set_user(cc, value);
08d56b1f
MS		 1238 else if (!_cups_strcasecmp(line, "TrustOnFirstUse") && value)
1239 cc->trust_first = cups_boolean_value(value);
3abb875b
MS		 1240 else if (!_cups_strcasecmp(line, "AllowAnyRoot") && value)
1241 cc->any_root = cups_boolean_value(value);
1242 else if (!_cups_strcasecmp(line, "AllowExpiredCerts") &&
7cf5915e 1243 value)
3abb875b
MS		 1244 cc->expired_certs = cups_boolean_value(value);
1245 else if (!_cups_strcasecmp(line, "ValidateCerts") && value)
1246 cc->validate_certs = cups_boolean_value(value);
07ed0e9a 1247#ifdef HAVE_GSSAPI
3abb875b
MS		 1248 else if (!_cups_strcasecmp(line, "GSSServiceName") && value)
1249 cups_set_gss_service_name(cc, value);
07ed0e9a 1250#endif /* HAVE_GSSAPI */
22ebb7d0 1251#ifdef HAVE_SSL
3abb875b
MS		 1252 else if (!_cups_strcasecmp(line, "SSLOptions") && value)
1253 cups_set_ssl_options(cc, value);
1254#endif /* HAVE_SSL */
1255 }
1256}
63aefcd5 1257
63aefcd5 1258
4b9daaf4
MS		 1259/*
1260 * 'cups_set_default_ipp_port()' - Set the default IPP port value.
1261 */
1262
1263static void
1264cups_set_default_ipp_port(
1265 _cups_globals_t *cg) /* I - Global data */
1266{
1267 const char *ipp_port; /* IPP_PORT environment variable */
1268
1269
1270 if ((ipp_port = getenv("IPP_PORT")) != NULL)
1271 {
1272 if ((cg->ipp_port = atoi(ipp_port)) <= 0)
1273 cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
1274 }
1275 else
1276 cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
1277}
1278
3abb875b
MS		 1279/*
1280 * 'cups_set_encryption()' - Set the Encryption value.
1281 */
63aefcd5 1282
3abb875b
MS		 1283static void
1284cups_set_encryption(
1285 _cups_client_conf_t *cc, /* I - client.conf values */
1286 const char *value) /* I - Value */
1287{
1288 if (!_cups_strcasecmp(value, "never"))
1289 cc->encryption = HTTP_ENCRYPTION_NEVER;
1290 else if (!_cups_strcasecmp(value, "always"))
1291 cc->encryption = HTTP_ENCRYPTION_ALWAYS;
1292 else if (!_cups_strcasecmp(value, "required"))
1293 cc->encryption = HTTP_ENCRYPTION_REQUIRED;
1294 else
1295 cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED;
1296}
e07d4801 1297
e07d4801 1298
3abb875b
MS		 1299/*
1300 * 'cups_set_gss_service_name()' - Set the GSSServiceName value.
1301 */
b423cd4c 1302
3abb875b
MS		 1303#ifdef HAVE_GSSAPI
1304static void
1305cups_set_gss_service_name(
1306 _cups_client_conf_t *cc, /* I - client.conf values */
1307 const char *value) /* I - Value */
1308{
1309 strlcpy(cc->gss_service_name, value, sizeof(cc->gss_service_name));
1310}
1311#endif /* HAVE_GSSAPI */
7cf5915e 1312
10d09e33 1313
3abb875b
MS		 1314/*
1315 * 'cups_set_server_name()' - Set the ServerName value.
1316 */
10d09e33 1317
3abb875b
MS		 1318static void
1319cups_set_server_name(
1320 _cups_client_conf_t *cc, /* I - client.conf values */
1321 const char *value) /* I - Value */
1322{
1323 strlcpy(cc->server_name, value, sizeof(cc->server_name));
1324}
10d09e33 1325
10d09e33 1326
3abb875b
MS		 1327/*
1328 * 'cups_set_ssl_options()' - Set the SSLOptions value.
1329 */
10d09e33 1330
3abb875b
MS		 1331#ifdef HAVE_SSL
1332static void
1333cups_set_ssl_options(
1334 _cups_client_conf_t *cc, /* I - client.conf values */
1335 const char *value) /* I - Value */
1336{
1337 /*
ee6226a5 1338 * SSLOptions [AllowRC4] [AllowSSL3] [AllowDH] [DenyTLS1.0] [None]
3abb875b 1339 */
10d09e33 1340
8f1fbdec
MS		 1341 int options = _HTTP_TLS_NONE, /* SSL/TLS options */
1342 min_version = _HTTP_TLS_1_0, /* Minimum SSL/TLS version */
1343 max_version = _HTTP_TLS_MAX; /* Maximum SSL/TLS version */
3abb875b
MS		 1344 char temp[256], /* Copy of value */
1345 *start, /* Start of option */
1346 *end; /* End of option */
3e7fe0ca 1347
3e7fe0ca 1348
3abb875b 1349 strlcpy(temp, value, sizeof(temp));
3e7fe0ca 1350
3abb875b
MS		 1351 for (start = temp; *start; start = end)
1352 {
a8db9df8 1353 /*
3abb875b
MS		 1354 * Find end of keyword...
1355 */
3e7fe0ca 1356
3abb875b
MS		 1357 end = start;
1358 while (*end && !_cups_isspace(*end))
1359 end ++;
93e3d3f5 1360
3abb875b
MS		 1361 if (*end)
1362 *end++ = '\0';
93e3d3f5 1363
3abb875b
MS		 1364 /*
1365 * Compare...
1366 */
3e7fe0ca 1367
3abb875b
MS		 1368 if (!_cups_strcasecmp(start, "AllowRC4"))
1369 options |= _HTTP_TLS_ALLOW_RC4;
1370 else if (!_cups_strcasecmp(start, "AllowSSL3"))
8f1fbdec 1371 min_version = _HTTP_TLS_SSL3;
ee6226a5
MS		 1372 else if (!_cups_strcasecmp(start, "AllowDH"))
1373 options |= _HTTP_TLS_ALLOW_DH;
f2e87147
MS		 1374 else if (!_cups_strcasecmp(start, "DenyCBC"))
1375 options |= _HTTP_TLS_DENY_CBC;
ee6226a5 1376 else if (!_cups_strcasecmp(start, "DenyTLS1.0"))
8f1fbdec
MS		 1377 min_version = _HTTP_TLS_1_1;
1378 else if (!_cups_strcasecmp(start, "MaxTLS1.0"))
1379 max_version = _HTTP_TLS_1_0;
1380 else if (!_cups_strcasecmp(start, "MaxTLS1.1"))
1381 max_version = _HTTP_TLS_1_1;
1382 else if (!_cups_strcasecmp(start, "MaxTLS1.2"))
1383 max_version = _HTTP_TLS_1_2;
1384 else if (!_cups_strcasecmp(start, "MaxTLS1.3"))
1385 max_version = _HTTP_TLS_1_3;
1386 else if (!_cups_strcasecmp(start, "MinTLS1.0"))
1387 min_version = _HTTP_TLS_1_0;
1388 else if (!_cups_strcasecmp(start, "MinTLS1.1"))
1389 min_version = _HTTP_TLS_1_1;
1390 else if (!_cups_strcasecmp(start, "MinTLS1.2"))
1391 min_version = _HTTP_TLS_1_2;
1392 else if (!_cups_strcasecmp(start, "MinTLS1.3"))
1393 min_version = _HTTP_TLS_1_3;
3abb875b 1394 else if (!_cups_strcasecmp(start, "None"))
ee6226a5 1395 options = _HTTP_TLS_NONE;
3e7fe0ca
MS		 1396 }
1397
8f1fbdec
MS		 1398 cc->ssl_options = options;
1399 cc->ssl_max_version = max_version;
1400 cc->ssl_min_version = min_version;
b37d45d9 1401
8f1fbdec 1402 DEBUG_printf(("4cups_set_ssl_options(cc=%p, value=\"%s\") options=%x, min_version=%d, max_version=%d", (void *)cc, value, options, min_version, max_version));
3abb875b
MS		 1403}
1404#endif /* HAVE_SSL */
07ed0e9a 1405
7cf5915e 1406
3abb875b
MS		 1407/*
1408 * 'cups_set_user()' - Set the User value.
1409 */
f51f3773 1410
3abb875b
MS		 1411static void
1412cups_set_user(
1413 _cups_client_conf_t *cc, /* I - client.conf values */
1414 const char *value) /* I - Value */
1415{
1416 strlcpy(cc->user, value, sizeof(cc->user));
b423cd4c 1417}
Unnamed repository; edit this file 'description' to name the repository.