]> git.ipfire.org Git - thirdparty/cups.git/blame - cups/usersys.c
projects / thirdparty / cups.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Don't do TLS upgrade unless the Upgrade header says to...
[thirdparty/cups.git] / cups / usersys.c
CommitLineData
ef416fc2 1/*
f2d18633 2 * "$Id$"
ef416fc2 3 *
5a6b583a 4 * User, system, and password routines for CUPS.
ef416fc2 5 *
db8b865d 6 * Copyright 2007-2013 by Apple Inc.
ef416fc2 7 * Copyright 1997-2006 by Easy Software Products.
8 *
9 * These coded instructions, statements, and computer programs are the
bc44d920 10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
ef416fc2 14 *
15 * This file is subject to the Apple OS-Developed Software exception.
16 *
17 * Contents:
18 *
db8b865d
MS		 19 * cupsEncryption() - Get the current encryption settings.
20 * cupsGetPassword() - Get a password from the user.
5a6b583a 21 * cupsGetPassword2() - Get a password from the user using the advanced
db8b865d
MS		 22 * password callback.
23 * cupsServer() - Return the hostname/address of the current
24 * server.
7cf5915e 25 * cupsSetClientCertCB() - Set the client certificate callback.
db8b865d
MS		 26 * cupsSetCredentials() - Set the default credentials to be used for
27 * SSL/TLS connections.
b423cd4c 28 * cupsSetEncryption() - Set the encryption preference.
29 * cupsSetPasswordCB() - Set the password callback for CUPS.
f11a948a 30 * cupsSetPasswordCB2() - Set the advanced password callback for CUPS.
db8b865d 31 * cupsSetServer() - Set the default server name and port.
7cf5915e 32 * cupsSetServerCertCB() - Set the server certificate callback.
db8b865d
MS		 33 * cupsSetUser() - Set the default user name.
34 * cupsSetUserAgent() - Set the default HTTP User-Agent string.
35 * cupsUser() - Return the current user's name.
36 * cupsUserAgent() - Return the default HTTP User-Agent string.
b423cd4c 37 * _cupsGetPassword() - Get a password from the user.
eac3a0a0 38 * _cupsGSSServiceName() - Get the GSS (Kerberos) service name.
e07d4801
MS		 39 * _cupsSetDefaults() - Set the default server, port, and encryption.
40 * cups_read_client_conf() - Read a client.conf file.
ef416fc2 41 */
42
43/*
44 * Include necessary headers...
45 */
46
71e16022 47#include "cups-private.h"
ef416fc2 48#include <stdlib.h>
e00b005a 49#include <sys/stat.h>
ef416fc2 50#ifdef WIN32
51# include <windows.h>
5a6b583a
MS		 52#else
53# include <pwd.h>
dcb445bc 54# include <termios.h>
db8b865d 55# include <sys/utsname.h>
ef416fc2 56#endif /* WIN32 */
57
58
dcb445bc
MS		 59/*
60 * Local constants...
61 */
62
63#define _CUPS_PASSCHAR '*' /* Character that is echoed for password */
64
65
b423cd4c 66/*
67 * Local functions...
68 */
69
e07d4801
MS		 70static void cups_read_client_conf(cups_file_t *fp,
71 _cups_globals_t *cg,
72 const char *cups_encryption,
7cf5915e 73 const char *cups_server,
3e7fe0ca 74 const char *cups_user,
07ed0e9a
MS		 75#ifdef HAVE_GSSAPI
76 const char *cups_gssservicename,
77#endif /* HAVE_GSSAPI */
7cf5915e
MS		 78 const char *cups_anyroot,
79 const char *cups_expiredroot,
80 const char *cups_expiredcerts);
b423cd4c 81
82
ef416fc2 83/*
5a6b583a 84 * 'cupsEncryption()' - Get the current encryption settings.
ef416fc2 85 *
86 * The default encryption setting comes from the CUPS_ENCRYPTION
568fa3fa 87 * environment variable, then the ~/.cups/client.conf file, and finally the
ef416fc2 88 * /etc/cups/client.conf file. If not set, the default is
cb7f98ee 89 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
5a6b583a
MS		 90 *
91 * Note: The current encryption setting is tracked separately for each thread
92 * in a program. Multi-threaded programs that override the setting via the
93 * @link cupsSetEncryption@ function need to do so in each thread for the same
94 * setting to be used.
ef416fc2 95 */
96
97http_encryption_t /* O - Encryption settings */
98cupsEncryption(void)
99{
ef416fc2 100 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
101
102
ef416fc2 103 if (cg->encryption == (http_encryption_t)-1)
e07d4801 104 _cupsSetDefaults();
ef416fc2 105
106 return (cg->encryption);
107}
108
109
110/*
111 * 'cupsGetPassword()' - Get a password from the user.
112 *
5a738aea 113 * Uses the current password callback function. Returns @code NULL@ if the
ecdc0628 114 * user does not provide a password.
5a6b583a
MS		 115 *
116 * Note: The current password callback function is tracked separately for each
117 * thread in a program. Multi-threaded programs that override the setting via
118 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
119 * do so in each thread for the same function to be used.
ef416fc2 120 */
121
122const char * /* O - Password */
123cupsGetPassword(const char *prompt) /* I - Prompt string */
124{
f11a948a
MS		 125 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
126
127
128 return ((cg->password_cb)(prompt, NULL, NULL, NULL, cg->password_data));
129}
130
131
132/*
133 * 'cupsGetPassword2()' - Get a password from the user using the advanced
5a6b583a 134 * password callback.
f11a948a
MS		 135 *
136 * Uses the current password callback function. Returns @code NULL@ if the
137 * user does not provide a password.
138 *
5a6b583a
MS		 139 * Note: The current password callback function is tracked separately for each
140 * thread in a program. Multi-threaded programs that override the setting via
141 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
142 * do so in each thread for the same function to be used.
143 *
f3c17241 144 * @since CUPS 1.4/OS X 10.6@
f11a948a
MS		 145 */
146
147const char * /* O - Password */
148cupsGetPassword2(const char *prompt, /* I - Prompt string */
149 http_t *http, /* I - Connection to server or @code CUPS_HTTP_DEFAULT@ */
150 const char *method, /* I - Request method ("GET", "POST", "PUT") */
151 const char *resource) /* I - Resource path */
152{
153 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
154
155
156 if (!http)
157 http = _cupsConnect();
158
159 return ((cg->password_cb)(prompt, http, method, resource, cg->password_data));
ef416fc2 160}
161
162
ef416fc2 163/*
5a6b583a
MS		 164 * 'cupsServer()' - Return the hostname/address of the current server.
165 *
166 * The default server comes from the CUPS_SERVER environment variable, then the
167 * ~/.cups/client.conf file, and finally the /etc/cups/client.conf file. If not
168 * set, the default is the local system - either "localhost" or a domain socket
169 * path.
ef416fc2 170 *
5a6b583a
MS		 171 * The returned value can be a fully-qualified hostname, a numeric IPv4 or IPv6
172 * address, or a domain socket pathname.
173 *
174 * Note: The current server is tracked separately for each thread in a program.
175 * Multi-threaded programs that override the server via the
176 * @link cupsSetServer@ function need to do so in each thread for the same
177 * server to be used.
ef416fc2 178 */
179
180const char * /* O - Server name */
181cupsServer(void)
182{
ef416fc2 183 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
184
185
ef416fc2 186 if (!cg->server[0])
e07d4801 187 _cupsSetDefaults();
ef416fc2 188
e07d4801
MS		 189 return (cg->server);
190}
ef416fc2 191
d09495fa 192
7cf5915e
MS		 193/*
194 * 'cupsSetClientCertCB()' - Set the client certificate callback.
195 *
196 * Pass @code NULL@ to restore the default callback.
197 *
198 * Note: The current certificate callback is tracked separately for each thread
199 * in a program. Multi-threaded programs that override the callback need to do
200 * so in each thread for the same callback to be used.
201 *
f3c17241 202 * @since CUPS 1.5/OS X 10.7@
7cf5915e
MS		 203 */
204
205void
206cupsSetClientCertCB(
207 cups_client_cert_cb_t cb, /* I - Callback function */
208 void *user_data) /* I - User data pointer */
209{
210 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
211
212
213 cg->client_cert_cb = cb;
214 cg->client_cert_data = user_data;
215}
216
217
218/*
219 * 'cupsSetCredentials()' - Set the default credentials to be used for SSL/TLS
220 * connections.
221 *
222 * Note: The default credentials are tracked separately for each thread in a
223 * program. Multi-threaded programs that override the setting need to do so in
224 * each thread for the same setting to be used.
225 *
f3c17241 226 * @since CUPS 1.5/OS X 10.7@
7cf5915e
MS		 227 */
228
229int /* O - Status of call (0 = success) */
230cupsSetCredentials(
231 cups_array_t *credentials) /* I - Array of credentials */
232{
233 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
234
235
236 if (cupsArrayCount(credentials) < 1)
237 return (-1);
238
239 _httpFreeCredentials(cg->tls_credentials);
85dda01c 240 cg->tls_credentials = _httpCreateCredentials(credentials);
7cf5915e
MS		 241
242 return (cg->tls_credentials ? 0 : -1);
243}
244
245
e07d4801
MS		 246/*
247 * 'cupsSetEncryption()' - Set the encryption preference.
5a6b583a
MS		 248 *
249 * The default encryption setting comes from the CUPS_ENCRYPTION
250 * environment variable, then the ~/.cups/client.conf file, and finally the
251 * /etc/cups/client.conf file. If not set, the default is
cb7f98ee 252 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
5a6b583a
MS		 253 *
254 * Note: The current encryption setting is tracked separately for each thread
255 * in a program. Multi-threaded programs that override the setting need to do
256 * so in each thread for the same setting to be used.
e07d4801 257 */
ef416fc2 258
e07d4801
MS		 259void
260cupsSetEncryption(http_encryption_t e) /* I - New encryption preference */
261{
262 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
ef416fc2 263
ef416fc2 264
e07d4801 265 cg->encryption = e;
ef416fc2 266
e07d4801
MS		 267 if (cg->http)
268 httpEncryption(cg->http, e);
ef416fc2 269}
270
271
272/*
273 * 'cupsSetPasswordCB()' - Set the password callback for CUPS.
274 *
5a6b583a
MS		 275 * Pass @code NULL@ to restore the default (console) password callback, which
276 * reads the password from the console. Programs should call either this
277 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
278 * by a program per thread.
279 *
280 * Note: The current password callback is tracked separately for each thread
281 * in a program. Multi-threaded programs that override the callback need to do
282 * so in each thread for the same callback to be used.
ef416fc2 283 */
284
285void
286cupsSetPasswordCB(cups_password_cb_t cb)/* I - Callback function */
287{
288 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
289
290
f11a948a
MS		 291 if (cb == (cups_password_cb_t)0)
292 cg->password_cb = (cups_password_cb2_t)_cupsGetPassword;
293 else
294 cg->password_cb = (cups_password_cb2_t)cb;
295
296 cg->password_data = NULL;
297}
298
299
300/*
301 * 'cupsSetPasswordCB2()' - Set the advanced password callback for CUPS.
302 *
5a6b583a
MS		 303 * Pass @code NULL@ to restore the default (console) password callback, which
304 * reads the password from the console. Programs should call either this
305 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
306 * by a program per thread.
307 *
308 * Note: The current password callback is tracked separately for each thread
309 * in a program. Multi-threaded programs that override the callback need to do
310 * so in each thread for the same callback to be used.
f11a948a 311 *
f3c17241 312 * @since CUPS 1.4/OS X 10.6@
f11a948a
MS		 313 */
314
315void
316cupsSetPasswordCB2(
317 cups_password_cb2_t cb, /* I - Callback function */
318 void *user_data) /* I - User data pointer */
319{
320 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
321
322
323 if (cb == (cups_password_cb2_t)0)
324 cg->password_cb = (cups_password_cb2_t)_cupsGetPassword;
ef416fc2 325 else
326 cg->password_cb = cb;
f11a948a
MS		 327
328 cg->password_data = user_data;
ef416fc2 329}
330
331
332/*
5a6b583a 333 * 'cupsSetServer()' - Set the default server name and port.
ef416fc2 334 *
335 * The "server" string can be a fully-qualified hostname, a numeric
5a6b583a
MS		 336 * IPv4 or IPv6 address, or a domain socket pathname. Hostnames and numeric IP
337 * addresses can be optionally followed by a colon and port number to override
338 * the default port 631, e.g. "hostname:8631". Pass @code NULL@ to restore the
339 * default server name and port.
340 *
341 * Note: The current server is tracked separately for each thread in a program.
342 * Multi-threaded programs that override the server need to do so in each
343 * thread for the same server to be used.
ef416fc2 344 */
345
346void
347cupsSetServer(const char *server) /* I - Server name */
348{
0cb67df3
MS		 349 char *options, /* Options */
350 *port; /* Pointer to port */
ef416fc2 351 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
352
353
354 if (server)
355 {
356 strlcpy(cg->server, server, sizeof(cg->server));
357
0cb67df3
MS		 358 if (cg->server[0] != '/' && (options = strrchr(cg->server, '/')) != NULL)
359 {
360 *options++ = '\0';
361
362 if (!strcmp(options, "version=1.0"))
363 cg->server_version = 10;
364 else if (!strcmp(options, "version=1.1"))
365 cg->server_version = 11;
366 else if (!strcmp(options, "version=2.0"))
367 cg->server_version = 20;
368 else if (!strcmp(options, "version=2.1"))
369 cg->server_version = 21;
370 else if (!strcmp(options, "version=2.2"))
371 cg->server_version = 22;
372 }
567f49cb
MS		 373 else
374 cg->server_version = 20;
0cb67df3 375
ef416fc2 376 if (cg->server[0] != '/' && (port = strrchr(cg->server, ':')) != NULL &&
377 !strchr(port, ']') && isdigit(port[1] & 255))
378 {
379 *port++ = '\0';
380
e07d4801 381 cg->ipp_port = atoi(port);
ef416fc2 382 }
383
384 if (cg->server[0] == '/')
5a9febac 385 strlcpy(cg->servername, "localhost", sizeof(cg->servername));
ef416fc2 386 else
387 strlcpy(cg->servername, cg->server, sizeof(cg->servername));
388 }
389 else
390 {
0cb67df3
MS		 391 cg->server[0] = '\0';
392 cg->servername[0] = '\0';
393 cg->server_version = 20;
ef416fc2 394 }
5a738aea
MS		 395
396 if (cg->http)
397 {
398 httpClose(cg->http);
399 cg->http = NULL;
400 }
ef416fc2 401}
402
403
7cf5915e
MS		 404/*
405 * 'cupsSetServerCertCB()' - Set the server certificate callback.
406 *
407 * Pass @code NULL@ to restore the default callback.
408 *
409 * Note: The current credentials callback is tracked separately for each thread
410 * in a program. Multi-threaded programs that override the callback need to do
411 * so in each thread for the same callback to be used.
412 *
f3c17241 413 * @since CUPS 1.5/OS X 10.7@
7cf5915e
MS		 414 */
415
416void
417cupsSetServerCertCB(
418 cups_server_cert_cb_t cb, /* I - Callback function */
419 void *user_data) /* I - User data pointer */
420{
421 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
422
423
424 cg->server_cert_cb = cb;
425 cg->server_cert_data = user_data;
426}
427
428
ef416fc2 429/*
430 * 'cupsSetUser()' - Set the default user name.
431 *
5a738aea 432 * Pass @code NULL@ to restore the default user name.
5a6b583a
MS		 433 *
434 * Note: The current user name is tracked separately for each thread in a
435 * program. Multi-threaded programs that override the user name need to do so
436 * in each thread for the same user name to be used.
ef416fc2 437 */
438
439void
440cupsSetUser(const char *user) /* I - User name */
441{
442 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
443
444
445 if (user)
446 strlcpy(cg->user, user, sizeof(cg->user));
447 else
448 cg->user[0] = '\0';
449}
450
451
db8b865d
MS		 452/*
453 * 'cupsSetUserAgent()' - Set the default HTTP User-Agent string.
454 *
455 * Setting the string to NULL forces the default value containing the CUPS
456 * version, IPP version, and operating system version and architecture.
457 *
9c0e8e5d 458 * @since CUPS 1.7/OS X 10.9@
db8b865d
MS		 459 */
460
461void
462cupsSetUserAgent(const char *user_agent)/* I - User-Agent string or @code NULL@ */
463{
464 _cups_globals_t *cg = _cupsGlobals();
465 /* Thread globals */
466#ifdef WIN32
467 SYSTEM_INFO sysinfo; /* System information */
468 OSVERSIONINFO version; /* OS version info */
469#else
470 struct utsname name; /* uname info */
471#endif /* WIN32 */
472
473
474 if (user_agent)
475 {
476 strlcpy(cg->user_agent, user_agent, sizeof(cg->user_agent));
477 return;
478 }
479
480#ifdef WIN32
481 version.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
482 GetVersionEx(&version);
483 GetNativeSystemInfo(&sysinfo);
484
485 snprintf(cg->user_agent, sizeof(cg->user_agent),
486 CUPS_MINIMAL " (Windows %d.%d; %s) IPP/2.0",
487 version.dwMajorVersion, version.dwMinorVersion,
488 sysinfo.wProcessorArchitecture
489 == PROCESSOR_ARCHITECTURE_AMD64 ? "amd64" :
490 sysinfo.wProcessorArchitecture
491 == PROCESSOR_ARCHITECTURE_ARM ? "arm" :
492 sysinfo.wProcessorArchitecture
493 == PROCESSOR_ARCHITECTURE_IA64 ? "ia64" :
494 sysinfo.wProcessorArchitecture
495 == PROCESSOR_ARCHITECTURE_INTEL ? "intel" :
496 "unknown");
497
498#else
499 uname(&name);
500
501 snprintf(cg->user_agent, sizeof(cg->user_agent),
502 CUPS_MINIMAL " (%s %s; %s) IPP/2.0",
503 name.sysname, name.release, name.machine);
504#endif /* WIN32 */
505}
506
507
ef416fc2 508/*
509 * 'cupsUser()' - Return the current user's name.
5a6b583a
MS		 510 *
511 * Note: The current user name is tracked separately for each thread in a
512 * program. Multi-threaded programs that override the user name with the
513 * @link cupsSetUser@ function need to do so in each thread for the same user
514 * name to be used.
ef416fc2 515 */
516
517const char * /* O - User name */
518cupsUser(void)
519{
520 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
521
522
523 if (!cg->user[0])
3e7fe0ca 524 _cupsSetDefaults();
ef416fc2 525
526 return (cg->user);
527}
528
529
db8b865d
MS		 530/*
531 * 'cupsUserAgent()' - Return the default HTTP User-Agent string.
532 *
9c0e8e5d 533 * @since CUPS 1.7/OS X 10.9@
db8b865d
MS		 534 */
535
536const char * /* O - User-Agent string */
537cupsUserAgent(void)
538{
539 _cups_globals_t *cg = _cupsGlobals(); /* Thread globals */
540
541
542 if (!cg->user_agent[0])
543 cupsSetUserAgent(NULL);
544
545 return (cg->user_agent);
546}
547
548
ef416fc2 549/*
550 * '_cupsGetPassword()' - Get a password from the user.
551 */
552
dcb445bc 553const char * /* O - Password or @code NULL@ if none */
ef416fc2 554_cupsGetPassword(const char *prompt) /* I - Prompt string */
555{
5a6b583a 556#ifdef WIN32
dcb445bc
MS		 557 HANDLE tty; /* Console handle */
558 DWORD mode; /* Console mode */
559 char passch, /* Current key press */
560 *passptr, /* Pointer into password string */
561 *passend; /* End of password string */
12f89d24 562 DWORD passbytes; /* Bytes read */
dcb445bc
MS		 563 _cups_globals_t *cg = _cupsGlobals();
564 /* Thread globals */
565
566
5a6b583a 567 /*
dcb445bc 568 * Disable input echo and set raw input...
5a6b583a
MS		 569 */
570
dcb445bc
MS		 571 if ((tty = GetStdHandle(STD_INPUT_HANDLE)) == INVALID_HANDLE_VALUE)
572 return (NULL);
573
574 if (!GetConsoleMode(tty, &mode))
575 return (NULL);
576
577 if (!SetConsoleMode(tty, 0))
578 return (NULL);
579
580 /*
581 * Display the prompt...
582 */
583
584 printf("%s ", prompt);
585 fflush(stdout);
586
587 /*
588 * Read the password string from /dev/tty until we get interrupted or get a
589 * carriage return or newline...
590 */
591
592 passptr = cg->password;
593 passend = cg->password + sizeof(cg->password) - 1;
594
12f89d24 595 while (ReadFile(tty, &passch, 1, &passbytes, NULL))
dcb445bc
MS		 596 {
597 if (passch == 0x0A || passch == 0x0D)
598 {
599 /*
600 * Enter/return...
601 */
602
603 break;
604 }
605 else if (passch == 0x08 || passch == 0x7F)
606 {
607 /*
608 * Backspace/delete (erase character)...
609 */
610
611 if (passptr > cg->password)
612 {
613 passptr --;
614 fputs("\010 \010", stdout);
615 }
616 else
617 putchar(0x07);
618 }
619 else if (passch == 0x15)
620 {
621 /*
622 * CTRL+U (erase line)
623 */
624
625 if (passptr > cg->password)
626 {
627 while (passptr > cg->password)
628 {
629 passptr --;
630 fputs("\010 \010", stdout);
631 }
632 }
633 else
634 putchar(0x07);
635 }
636 else if (passch == 0x03)
637 {
638 /*
639 * CTRL+C...
640 */
641
642 passptr = cg->password;
643 break;
644 }
645 else if ((passch & 255) < 0x20 || passptr >= passend)
646 putchar(0x07);
647 else
648 {
649 *passptr++ = passch;
650 putchar(_CUPS_PASSCHAR);
651 }
652
653 fflush(stdout);
654 }
655
656 putchar('\n');
657 fflush(stdout);
658
659 /*
660 * Cleanup...
661 */
662
663 SetConsoleMode(tty, mode);
664
665 /*
666 * Return the proper value...
667 */
668
669 if (passbytes == 1 && passptr > cg->password)
670 {
671 *passptr = '\0';
672 return (cg->password);
673 }
674 else
675 {
676 memset(cg->password, 0, sizeof(cg->password));
677 return (NULL);
678 }
5a6b583a
MS		 679
680#else
dcb445bc
MS		 681 int tty; /* /dev/tty - never read from stdin */
682 struct termios original, /* Original input mode */
683 noecho; /* No echo input mode */
684 char passch, /* Current key press */
685 *passptr, /* Pointer into password string */
686 *passend; /* End of password string */
687 ssize_t passbytes; /* Bytes read */
688 _cups_globals_t *cg = _cupsGlobals();
689 /* Thread globals */
690
691
5a6b583a 692 /*
dcb445bc 693 * Disable input echo and set raw input...
5a6b583a
MS		 694 */
695
dcb445bc
MS		 696 if ((tty = open("/dev/tty", O_RDONLY)) < 0)
697 return (NULL);
698
699 if (tcgetattr(tty, &original))
700 {
701 close(tty);
702 return (NULL);
703 }
704
705 noecho = original;
706 noecho.c_lflag &= ~(ICANON | ECHO | ECHOE | ISIG);
7cf5915e 707
dcb445bc
MS		 708 if (tcsetattr(tty, TCSAFLUSH, &noecho))
709 {
710 close(tty);
7cf5915e 711 return (NULL);
dcb445bc
MS		 712 }
713
714 /*
715 * Display the prompt...
716 */
717
718 printf("%s ", prompt);
719 fflush(stdout);
720
721 /*
722 * Read the password string from /dev/tty until we get interrupted or get a
723 * carriage return or newline...
724 */
725
726 passptr = cg->password;
727 passend = cg->password + sizeof(cg->password) - 1;
728
729 while ((passbytes = read(tty, &passch, 1)) == 1)
730 {
731 if (passch == noecho.c_cc[VEOL] || passch == noecho.c_cc[VEOL2] ||
732 passch == 0x0A || passch == 0x0D)
733 {
734 /*
735 * Enter/return...
736 */
737
738 break;
739 }
740 else if (passch == noecho.c_cc[VERASE] ||
741 passch == 0x08 || passch == 0x7F)
742 {
743 /*
744 * Backspace/delete (erase character)...
745 */
746
747 if (passptr > cg->password)
748 {
749 passptr --;
750 fputs("\010 \010", stdout);
751 }
752 else
753 putchar(0x07);
754 }
755 else if (passch == noecho.c_cc[VKILL])
756 {
757 /*
758 * CTRL+U (erase line)
759 */
760
761 if (passptr > cg->password)
762 {
763 while (passptr > cg->password)
764 {
765 passptr --;
766 fputs("\010 \010", stdout);
767 }
768 }
769 else
770 putchar(0x07);
771 }
772 else if (passch == noecho.c_cc[VINTR] || passch == noecho.c_cc[VQUIT] ||
773 passch == noecho.c_cc[VEOF])
774 {
775 /*
776 * CTRL+C, CTRL+D, or CTRL+Z...
777 */
778
779 passptr = cg->password;
780 break;
781 }
782 else if ((passch & 255) < 0x20 || passptr >= passend)
783 putchar(0x07);
784 else
785 {
786 *passptr++ = passch;
787 putchar(_CUPS_PASSCHAR);
788 }
789
790 fflush(stdout);
791 }
792
793 putchar('\n');
794 fflush(stdout);
795
796 /*
797 * Cleanup...
798 */
799
800 tcsetattr(tty, TCSAFLUSH, &original);
801 close(tty);
802
803 /*
804 * Return the proper value...
805 */
806
807 if (passbytes == 1 && passptr > cg->password)
808 {
809 *passptr = '\0';
810 return (cg->password);
811 }
7cf5915e 812 else
dcb445bc
MS		 813 {
814 memset(cg->password, 0, sizeof(cg->password));
815 return (NULL);
816 }
ef416fc2 817#endif /* WIN32 */
5a6b583a 818}
ef416fc2 819
820
eac3a0a0
MS		 821#ifdef HAVE_GSSAPI
822/*
823 * '_cupsGSSServiceName()' - Get the GSS (Kerberos) service name.
824 */
825
826const char *
827_cupsGSSServiceName(void)
828{
829 _cups_globals_t *cg = _cupsGlobals(); /* Thread globals */
830
831
832 if (!cg->gss_service_name[0])
833 _cupsSetDefaults();
834
835 return (cg->gss_service_name);
836}
837#endif /* HAVE_GSSAPI */
838
839
ef416fc2 840/*
e07d4801 841 * '_cupsSetDefaults()' - Set the default server, port, and encryption.
b423cd4c 842 */
843
e07d4801
MS		 844void
845_cupsSetDefaults(void)
b423cd4c 846{
847 cups_file_t *fp; /* File */
e07d4801
MS		 848 const char *home, /* Home directory of user */
849 *cups_encryption, /* CUPS_ENCRYPTION env var */
7cf5915e 850 *cups_server, /* CUPS_SERVER env var */
3e7fe0ca 851 *cups_user, /* CUPS_USER/USER env var */
07ed0e9a
MS		 852#ifdef HAVE_GSSAPI
853 *cups_gssservicename, /* CUPS_GSSSERVICENAME env var */
854#endif /* HAVE_GSSAPI */
7cf5915e
MS		 855 *cups_anyroot, /* CUPS_ANYROOT env var */
856 *cups_expiredroot, /* CUPS_EXPIREDROOT env var */
857 *cups_expiredcerts; /* CUPS_EXPIREDCERTS env var */
b423cd4c 858 char filename[1024]; /* Filename */
859 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
860
861
e07d4801
MS		 862 DEBUG_puts("_cupsSetDefaults()");
863
864 /*
865 * First collect environment variables...
866 */
867
07ed0e9a
MS		 868 cups_encryption = getenv("CUPS_ENCRYPTION");
869 cups_server = getenv("CUPS_SERVER");
870#ifdef HAVE_GSSAPI
871 cups_gssservicename = getenv("CUPS_GSSSERVICENAME");
872#endif /* HAVE_GSSAPI */
873 cups_anyroot = getenv("CUPS_ANYROOT");
874 cups_expiredroot = getenv("CUPS_EXPIREDROOT");
875 cups_expiredcerts = getenv("CUPS_EXPIREDCERTS");
e07d4801 876
3e7fe0ca
MS		 877 if ((cups_user = getenv("CUPS_USER")) == NULL)
878 cups_user = getenv("USER");
879
e07d4801 880 /*
10d09e33
MS		 881 * Then, if needed, read the ~/.cups/client.conf or /etc/cups/client.conf
882 * files to get the default values...
e07d4801
MS		 883 */
884
e07d4801 885 if (cg->encryption == (http_encryption_t)-1 || !cg->server[0] ||
3e7fe0ca 886 !cg->user[0] || !cg->ipp_port)
e07d4801 887 {
10d09e33 888 if ((home = getenv("HOME")) != NULL)
d09495fa 889 {
10d09e33
MS		 890 /*
891 * Look for ~/.cups/client.conf...
892 */
e07d4801 893
10d09e33
MS		 894 snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home);
895 fp = cupsFileOpen(filename, "r");
896 }
897 else
898 fp = NULL;
e07d4801 899
10d09e33 900 if (!fp)
e07d4801 901 {
e07d4801 902 /*
10d09e33 903 * Look for CUPS_SERVERROOT/client.conf...
e07d4801
MS		 904 */
905
10d09e33
MS		 906 snprintf(filename, sizeof(filename), "%s/client.conf",
907 cg->cups_serverroot);
908 fp = cupsFileOpen(filename, "r");
e07d4801
MS		 909 }
910
10d09e33
MS		 911 /*
912 * Read the configuration file and apply any environment variables; both
913 * functions handle NULL cups_file_t pointers...
914 */
e07d4801 915
3e7fe0ca 916 cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user,
07ed0e9a
MS		 917#ifdef HAVE_GSSAPI
918 cups_gssservicename,
919#endif /* HAVE_GSSAPI */
10d09e33
MS		 920 cups_anyroot, cups_expiredroot,
921 cups_expiredcerts);
922 cupsFileClose(fp);
e07d4801
MS		 923 }
924}
925
926
927/*
928 * 'cups_read_client_conf()' - Read a client.conf file.
929 */
930
931static void
932cups_read_client_conf(
933 cups_file_t *fp, /* I - File to read */
934 _cups_globals_t *cg, /* I - Global data */
935 const char *cups_encryption, /* I - CUPS_ENCRYPTION env var */
7cf5915e 936 const char *cups_server, /* I - CUPS_SERVER env var */
3e7fe0ca 937 const char *cups_user, /* I - CUPS_USER env var */
07ed0e9a
MS		 938#ifdef HAVE_GSSAPI
939 const char *cups_gssservicename,
940 /* I - CUPS_GSSSERVICENAME env var */
941#endif /* HAVE_GSSAPI */
7cf5915e
MS		 942 const char *cups_anyroot, /* I - CUPS_ANYROOT env var */
943 const char *cups_expiredroot, /* I - CUPS_EXPIREDROOT env var */
944 const char *cups_expiredcerts) /* I - CUPS_EXPIREDCERTS env var */
e07d4801
MS		 945{
946 int linenum; /* Current line number */
947 char line[1024], /* Line from file */
948 *value, /* Pointer into line */
949 encryption[1024], /* Encryption value */
85dda01c 950#ifndef __APPLE__
7cf5915e 951 server_name[1024], /* ServerName value */
85dda01c 952#endif /* !__APPLE__ */
3e7fe0ca 953 user[256], /* User value */
7cf5915e
MS		 954 any_root[1024], /* AllowAnyRoot value */
955 expired_root[1024], /* AllowExpiredRoot value */
956 expired_certs[1024]; /* AllowExpiredCerts value */
07ed0e9a
MS		 957#ifdef HAVE_GSSAPI
958 char gss_service_name[32]; /* GSSServiceName value */
959#endif /* HAVE_GSSAPI */
e07d4801
MS		 960
961
962 /*
963 * Read from the file...
964 */
965
966 linenum = 0;
967 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
968 {
969 if (!cups_encryption && cg->encryption == (http_encryption_t)-1 &&
88f9aafc 970 !_cups_strcasecmp(line, "Encryption") && value)
e07d4801
MS		 971 {
972 strlcpy(encryption, value, sizeof(encryption));
973 cups_encryption = encryption;
974 }
85dda01c
MS		 975#ifndef __APPLE__
976 /*
f3c17241 977 * The Server directive is not supported on OS X due to app sandboxing
85dda01c
MS		 978 * restrictions, i.e. not all apps request network access.
979 */
e07d4801 980 else if (!cups_server && (!cg->server[0] || !cg->ipp_port) &&
88f9aafc 981 !_cups_strcasecmp(line, "ServerName") && value)
e07d4801
MS		 982 {
983 strlcpy(server_name, value, sizeof(server_name));
984 cups_server = server_name;
985 }
85dda01c 986#endif /* !__APPLE__ */
3e7fe0ca
MS		 987 else if (!cups_user && !_cups_strcasecmp(line, "User") && value)
988 {
989 strlcpy(user, value, sizeof(user));
990 cups_user = user;
991 }
88f9aafc 992 else if (!cups_anyroot && !_cups_strcasecmp(line, "AllowAnyRoot") && value)
7cf5915e
MS		 993 {
994 strlcpy(any_root, value, sizeof(any_root));
995 cups_anyroot = any_root;
996 }
88f9aafc 997 else if (!cups_expiredroot && !_cups_strcasecmp(line, "AllowExpiredRoot") &&
7cf5915e
MS		 998 value)
999 {
1000 strlcpy(expired_root, value, sizeof(expired_root));
1001 cups_expiredroot = expired_root;
1002 }
88f9aafc 1003 else if (!cups_expiredcerts && !_cups_strcasecmp(line, "AllowExpiredCerts") &&
7cf5915e
MS		 1004 value)
1005 {
1006 strlcpy(expired_certs, value, sizeof(expired_certs));
1007 cups_expiredcerts = expired_certs;
1008 }
07ed0e9a 1009#ifdef HAVE_GSSAPI
88f9aafc 1010 else if (!cups_gssservicename && !_cups_strcasecmp(line, "GSSServiceName") &&
07ed0e9a
MS		 1011 value)
1012 {
1013 strlcpy(gss_service_name, value, sizeof(gss_service_name));
1014 cups_gssservicename = gss_service_name;
1015 }
1016#endif /* HAVE_GSSAPI */
e07d4801
MS		 1017 }
1018
1019 /*
1020 * Set values...
1021 */
1022
1023 if (cg->encryption == (http_encryption_t)-1 && cups_encryption)
1024 {
88f9aafc 1025 if (!_cups_strcasecmp(cups_encryption, "never"))
cb7f98ee 1026 cg->encryption = HTTP_ENCRYPTION_NEVER;
88f9aafc 1027 else if (!_cups_strcasecmp(cups_encryption, "always"))
cb7f98ee 1028 cg->encryption = HTTP_ENCRYPTION_ALWAYS;
88f9aafc 1029 else if (!_cups_strcasecmp(cups_encryption, "required"))
cb7f98ee 1030 cg->encryption = HTTP_ENCRYPTION_REQUIRED;
e07d4801 1031 else
cb7f98ee 1032 cg->encryption = HTTP_ENCRYPTION_IF_REQUESTED;
b423cd4c 1033 }
1034
e07d4801 1035 if ((!cg->server[0] || !cg->ipp_port) && cups_server)
6961465f 1036 cupsSetServer(cups_server);
7cf5915e 1037
10d09e33
MS		 1038 if (!cg->server[0])
1039 {
1040#ifdef CUPS_DEFAULT_DOMAINSOCKET
1041 /*
1042 * If we are compiled with domain socket support, only use the
1043 * domain socket if it exists and has the right permissions...
1044 */
1045
1046 struct stat sockinfo; /* Domain socket information */
1047
1048 if (!stat(CUPS_DEFAULT_DOMAINSOCKET, &sockinfo) &&
1049 (sockinfo.st_mode & S_IRWXO) == S_IRWXO)
1050 cups_server = CUPS_DEFAULT_DOMAINSOCKET;
1051 else
1052#endif /* CUPS_DEFAULT_DOMAINSOCKET */
1053 cups_server = "localhost";
1054
1055 cupsSetServer(cups_server);
1056 }
1057
1058 if (!cg->ipp_port)
1059 {
88f9aafc 1060 const char *ipp_port; /* IPP_PORT environment variable */
10d09e33
MS		 1061
1062 if ((ipp_port = getenv("IPP_PORT")) != NULL)
1063 {
1064 if ((cg->ipp_port = atoi(ipp_port)) <= 0)
1065 cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
1066 }
10d09e33 1067 else
88f9aafc 1068 cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
10d09e33
MS		 1069 }
1070
3e7fe0ca
MS		 1071 if (!cg->user[0])
1072 {
1073 if (cups_user)
1074 strlcpy(cg->user, cups_user, sizeof(cg->user));
1075 else
1076 {
1077#ifdef WIN32
1078 /*
1079 * Get the current user name from the OS...
1080 */
1081
1082 DWORD size; /* Size of string */
1083
1084 size = sizeof(cg->user);
1085 if (!GetUserName(cg->user, &size))
1086#else
1087 /*
1088 * Get the user name corresponding to the current UID...
1089 */
1090
1091 struct passwd *pwd; /* User/password entry */
1092
1093 setpwent();
1094 if ((pwd = getpwuid(getuid())) != NULL)
1095 {
1096 /*
1097 * Found a match!
1098 */
1099
1100 strlcpy(cg->user, pwd->pw_name, sizeof(cg->user));
1101 }
1102 else
1103#endif /* WIN32 */
1104 {
1105 /*
1106 * Use the default "unknown" user name...
1107 */
1108
5a9febac 1109 strlcpy(cg->user, "unknown", sizeof(cg->user));
3e7fe0ca
MS		 1110 }
1111 }
1112 }
1113
07ed0e9a
MS		 1114#ifdef HAVE_GSSAPI
1115 if (!cups_gssservicename)
1116 cups_gssservicename = CUPS_DEFAULT_GSSSERVICENAME;
1117
1118 strlcpy(cg->gss_service_name, cups_gssservicename,
1119 sizeof(cg->gss_service_name));
1120#endif /* HAVE_GSSAPI */
1121
7cf5915e 1122 if (cups_anyroot)
88f9aafc
MS		 1123 cg->any_root = !_cups_strcasecmp(cups_anyroot, "yes") ||
1124 !_cups_strcasecmp(cups_anyroot, "on") ||
1125 !_cups_strcasecmp(cups_anyroot, "true");
7cf5915e
MS		 1126
1127 if (cups_expiredroot)
88f9aafc
MS		 1128 cg->expired_root = !_cups_strcasecmp(cups_expiredroot, "yes") ||
1129 !_cups_strcasecmp(cups_expiredroot, "on") ||
1130 !_cups_strcasecmp(cups_expiredroot, "true");
7cf5915e
MS		 1131
1132 if (cups_expiredcerts)
88f9aafc
MS		 1133 cg->expired_certs = !_cups_strcasecmp(cups_expiredcerts, "yes") ||
1134 !_cups_strcasecmp(cups_expiredcerts, "on") ||
1135 !_cups_strcasecmp(cups_expiredcerts, "true");
b423cd4c 1136}
1137
1138
1139/*
f2d18633 1140 * End of "$Id$".
ef416fc2 1141 */
Unnamed repository; edit this file 'description' to name the repository.