]> git.ipfire.org Git - thirdparty/cups.git/blame - cups/usersys.c
projects / thirdparty / cups.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
License change: Apache License, Version 2.0.
[thirdparty/cups.git] / cups / usersys.c
CommitLineData
ef416fc2 1/*
83bc2aac
MS		 2 * User, system, and password routines for CUPS.
3 *
53af7f21 4 * Copyright 2007-2017 by Apple Inc.
83bc2aac
MS		 5 * Copyright 1997-2006 by Easy Software Products.
6 *
e3101897 7 * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
ef416fc2 8 */
9
10/*
11 * Include necessary headers...
12 */
13
71e16022 14#include "cups-private.h"
ef416fc2 15#include <stdlib.h>
e00b005a 16#include <sys/stat.h>
ef416fc2 17#ifdef WIN32
18# include <windows.h>
5a6b583a
MS		 19#else
20# include <pwd.h>
dcb445bc 21# include <termios.h>
db8b865d 22# include <sys/utsname.h>
ef416fc2 23#endif /* WIN32 */
24
25
dcb445bc
MS		 26/*
27 * Local constants...
28 */
29
08d56b1f
MS		 30#ifdef __APPLE__
31# define kCUPSPrintingPrefs CFSTR("org.cups.PrintingPrefs")
32# define kAllowAnyRootKey CFSTR("AllowAnyRoot")
33# define kAllowExpiredCertsKey CFSTR("AllowExpiredCerts")
34# define kEncryptionKey CFSTR("Encryption")
35# define kGSSServiceNameKey CFSTR("GSSServiceName")
36# define kSSLOptionsKey CFSTR("SSLOptions")
37# define kTrustOnFirstUseKey CFSTR("TrustOnFirstUse")
38# define kValidateCertsKey CFSTR("ValidateCerts")
39#endif /* __APPLE__ */
40
dcb445bc
MS		 41#define _CUPS_PASSCHAR '*' /* Character that is echoed for password */
42
43
3abb875b
MS		 44/*
45 * Local types...
46 */
47
48typedef struct _cups_client_conf_s /**** client.conf config data ****/
49{
50#ifdef HAVE_SSL
8f1fbdec
MS		 51 int ssl_options, /* SSLOptions values */
52 ssl_min_version,/* Minimum SSL/TLS version */
53 ssl_max_version;/* Maximum SSL/TLS version */
3abb875b 54#endif /* HAVE_SSL */
08d56b1f
MS		 55 int trust_first, /* Trust on first use? */
56 any_root, /* Allow any (e.g., self-signed) root */
3abb875b
MS		 57 expired_certs, /* Allow expired certs */
58 validate_certs; /* Validate certificates */
59 http_encryption_t encryption; /* Encryption setting */
60 char user[65], /* User name */
61 server_name[256];
62 /* Server hostname */
63#ifdef HAVE_GSSAPI
64 char gss_service_name[32];
65 /* Kerberos service name */
66#endif /* HAVE_GSSAPI */
67} _cups_client_conf_t;
68
69
b423cd4c 70/*
71 * Local functions...
72 */
73
08d56b1f
MS		 74#ifdef __APPLE__
75static int cups_apple_get_boolean(CFStringRef key, int *value);
76static int cups_apple_get_string(CFStringRef key, char *value, size_t valsize);
77#endif /* __APPLE__ */
78static int cups_boolean_value(const char *value);
3abb875b
MS		 79static void cups_finalize_client_conf(_cups_client_conf_t *cc);
80static void cups_init_client_conf(_cups_client_conf_t *cc);
81static void cups_read_client_conf(cups_file_t *fp, _cups_client_conf_t *cc);
4b9daaf4 82static void cups_set_default_ipp_port(_cups_globals_t *cg);
3abb875b 83static void cups_set_encryption(_cups_client_conf_t *cc, const char *value);
07ed0e9a 84#ifdef HAVE_GSSAPI
3abb875b 85static void cups_set_gss_service_name(_cups_client_conf_t *cc, const char *value);
07ed0e9a 86#endif /* HAVE_GSSAPI */
3abb875b
MS		 87static void cups_set_server_name(_cups_client_conf_t *cc, const char *value);
88#ifdef HAVE_SSL
89static void cups_set_ssl_options(_cups_client_conf_t *cc, const char *value);
90#endif /* HAVE_SSL */
91static void cups_set_user(_cups_client_conf_t *cc, const char *value);
b423cd4c 92
93
ef416fc2 94/*
5a6b583a 95 * 'cupsEncryption()' - Get the current encryption settings.
ef416fc2 96 *
97 * The default encryption setting comes from the CUPS_ENCRYPTION
568fa3fa 98 * environment variable, then the ~/.cups/client.conf file, and finally the
ef416fc2 99 * /etc/cups/client.conf file. If not set, the default is
cb7f98ee 100 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
5a6b583a
MS		 101 *
102 * Note: The current encryption setting is tracked separately for each thread
103 * in a program. Multi-threaded programs that override the setting via the
104 * @link cupsSetEncryption@ function need to do so in each thread for the same
105 * setting to be used.
ef416fc2 106 */
107
108http_encryption_t /* O - Encryption settings */
109cupsEncryption(void)
110{
ef416fc2 111 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
112
113
ef416fc2 114 if (cg->encryption == (http_encryption_t)-1)
e07d4801 115 _cupsSetDefaults();
ef416fc2 116
117 return (cg->encryption);
118}
119
120
121/*
122 * 'cupsGetPassword()' - Get a password from the user.
123 *
5a738aea 124 * Uses the current password callback function. Returns @code NULL@ if the
ecdc0628 125 * user does not provide a password.
5a6b583a
MS		 126 *
127 * Note: The current password callback function is tracked separately for each
128 * thread in a program. Multi-threaded programs that override the setting via
129 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
130 * do so in each thread for the same function to be used.
53af7f21
MS		 131 *
132 * @exclude all@
ef416fc2 133 */
134
135const char * /* O - Password */
136cupsGetPassword(const char *prompt) /* I - Prompt string */
137{
f11a948a
MS		 138 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
139
140
141 return ((cg->password_cb)(prompt, NULL, NULL, NULL, cg->password_data));
142}
143
144
145/*
98d88c8d 146 * 'cupsGetPassword2()' - Get a password from the user using the current
5a6b583a 147 * password callback.
f11a948a
MS		 148 *
149 * Uses the current password callback function. Returns @code NULL@ if the
150 * user does not provide a password.
151 *
5a6b583a
MS		 152 * Note: The current password callback function is tracked separately for each
153 * thread in a program. Multi-threaded programs that override the setting via
98d88c8d
MS		 154 * the @link cupsSetPasswordCB2@ function need to do so in each thread for the
155 * same function to be used.
5a6b583a 156 *
8072030b 157 * @since CUPS 1.4/macOS 10.6@
f11a948a
MS		 158 */
159
160const char * /* O - Password */
161cupsGetPassword2(const char *prompt, /* I - Prompt string */
162 http_t *http, /* I - Connection to server or @code CUPS_HTTP_DEFAULT@ */
163 const char *method, /* I - Request method ("GET", "POST", "PUT") */
164 const char *resource) /* I - Resource path */
165{
166 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
167
168
169 if (!http)
170 http = _cupsConnect();
171
172 return ((cg->password_cb)(prompt, http, method, resource, cg->password_data));
ef416fc2 173}
174
175
ef416fc2 176/*
5a6b583a
MS		 177 * 'cupsServer()' - Return the hostname/address of the current server.
178 *
179 * The default server comes from the CUPS_SERVER environment variable, then the
180 * ~/.cups/client.conf file, and finally the /etc/cups/client.conf file. If not
181 * set, the default is the local system - either "localhost" or a domain socket
182 * path.
ef416fc2 183 *
5a6b583a
MS		 184 * The returned value can be a fully-qualified hostname, a numeric IPv4 or IPv6
185 * address, or a domain socket pathname.
186 *
187 * Note: The current server is tracked separately for each thread in a program.
188 * Multi-threaded programs that override the server via the
189 * @link cupsSetServer@ function need to do so in each thread for the same
190 * server to be used.
ef416fc2 191 */
192
193const char * /* O - Server name */
194cupsServer(void)
195{
ef416fc2 196 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
197
198
ef416fc2 199 if (!cg->server[0])
e07d4801 200 _cupsSetDefaults();
ef416fc2 201
e07d4801
MS		 202 return (cg->server);
203}
ef416fc2 204
d09495fa 205
7cf5915e
MS		 206/*
207 * 'cupsSetClientCertCB()' - Set the client certificate callback.
208 *
209 * Pass @code NULL@ to restore the default callback.
210 *
211 * Note: The current certificate callback is tracked separately for each thread
212 * in a program. Multi-threaded programs that override the callback need to do
213 * so in each thread for the same callback to be used.
214 *
8072030b 215 * @since CUPS 1.5/macOS 10.7@
7cf5915e
MS		 216 */
217
218void
219cupsSetClientCertCB(
220 cups_client_cert_cb_t cb, /* I - Callback function */
221 void *user_data) /* I - User data pointer */
222{
223 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
224
225
226 cg->client_cert_cb = cb;
227 cg->client_cert_data = user_data;
228}
229
230
231/*
232 * 'cupsSetCredentials()' - Set the default credentials to be used for SSL/TLS
233 * connections.
234 *
235 * Note: The default credentials are tracked separately for each thread in a
236 * program. Multi-threaded programs that override the setting need to do so in
237 * each thread for the same setting to be used.
238 *
8072030b 239 * @since CUPS 1.5/macOS 10.7@
7cf5915e
MS		 240 */
241
242int /* O - Status of call (0 = success) */
243cupsSetCredentials(
244 cups_array_t *credentials) /* I - Array of credentials */
245{
246 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
247
248
249 if (cupsArrayCount(credentials) < 1)
250 return (-1);
251
7d5824d6 252#ifdef HAVE_SSL
7cf5915e 253 _httpFreeCredentials(cg->tls_credentials);
85dda01c 254 cg->tls_credentials = _httpCreateCredentials(credentials);
7d5824d6 255#endif /* HAVE_SSL */
7cf5915e
MS		 256
257 return (cg->tls_credentials ? 0 : -1);
258}
259
260
e07d4801
MS		 261/*
262 * 'cupsSetEncryption()' - Set the encryption preference.
5a6b583a
MS		 263 *
264 * The default encryption setting comes from the CUPS_ENCRYPTION
265 * environment variable, then the ~/.cups/client.conf file, and finally the
266 * /etc/cups/client.conf file. If not set, the default is
cb7f98ee 267 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
5a6b583a
MS		 268 *
269 * Note: The current encryption setting is tracked separately for each thread
270 * in a program. Multi-threaded programs that override the setting need to do
271 * so in each thread for the same setting to be used.
e07d4801 272 */
ef416fc2 273
e07d4801
MS		 274void
275cupsSetEncryption(http_encryption_t e) /* I - New encryption preference */
276{
277 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
ef416fc2 278
ef416fc2 279
e07d4801 280 cg->encryption = e;
ef416fc2 281
e07d4801
MS		 282 if (cg->http)
283 httpEncryption(cg->http, e);
ef416fc2 284}
285
286
287/*
288 * 'cupsSetPasswordCB()' - Set the password callback for CUPS.
289 *
5a6b583a
MS		 290 * Pass @code NULL@ to restore the default (console) password callback, which
291 * reads the password from the console. Programs should call either this
292 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
293 * by a program per thread.
294 *
295 * Note: The current password callback is tracked separately for each thread
296 * in a program. Multi-threaded programs that override the callback need to do
297 * so in each thread for the same callback to be used.
53af7f21
MS		 298 *
299 * @exclude all@
ef416fc2 300 */
301
302void
303cupsSetPasswordCB(cups_password_cb_t cb)/* I - Callback function */
304{
305 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
306
307
f11a948a
MS		 308 if (cb == (cups_password_cb_t)0)
309 cg->password_cb = (cups_password_cb2_t)_cupsGetPassword;
310 else
311 cg->password_cb = (cups_password_cb2_t)cb;
312
313 cg->password_data = NULL;
314}
315
316
317/*
318 * 'cupsSetPasswordCB2()' - Set the advanced password callback for CUPS.
319 *
5a6b583a
MS		 320 * Pass @code NULL@ to restore the default (console) password callback, which
321 * reads the password from the console. Programs should call either this
322 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
323 * by a program per thread.
324 *
325 * Note: The current password callback is tracked separately for each thread
326 * in a program. Multi-threaded programs that override the callback need to do
327 * so in each thread for the same callback to be used.
f11a948a 328 *
8072030b 329 * @since CUPS 1.4/macOS 10.6@
f11a948a
MS		 330 */
331
332void
333cupsSetPasswordCB2(
334 cups_password_cb2_t cb, /* I - Callback function */
335 void *user_data) /* I - User data pointer */
336{
337 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
338
339
340 if (cb == (cups_password_cb2_t)0)
341 cg->password_cb = (cups_password_cb2_t)_cupsGetPassword;
ef416fc2 342 else
343 cg->password_cb = cb;
f11a948a
MS		 344
345 cg->password_data = user_data;
ef416fc2 346}
347
348
349/*
5a6b583a 350 * 'cupsSetServer()' - Set the default server name and port.
ef416fc2 351 *
352 * The "server" string can be a fully-qualified hostname, a numeric
5a6b583a
MS		 353 * IPv4 or IPv6 address, or a domain socket pathname. Hostnames and numeric IP
354 * addresses can be optionally followed by a colon and port number to override
355 * the default port 631, e.g. "hostname:8631". Pass @code NULL@ to restore the
356 * default server name and port.
357 *
358 * Note: The current server is tracked separately for each thread in a program.
359 * Multi-threaded programs that override the server need to do so in each
360 * thread for the same server to be used.
ef416fc2 361 */
362
363void
364cupsSetServer(const char *server) /* I - Server name */
365{
0cb67df3
MS		 366 char *options, /* Options */
367 *port; /* Pointer to port */
ef416fc2 368 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
369
370
371 if (server)
372 {
373 strlcpy(cg->server, server, sizeof(cg->server));
374
0cb67df3
MS		 375 if (cg->server[0] != '/' && (options = strrchr(cg->server, '/')) != NULL)
376 {
377 *options++ = '\0';
378
379 if (!strcmp(options, "version=1.0"))
380 cg->server_version = 10;
381 else if (!strcmp(options, "version=1.1"))
382 cg->server_version = 11;
383 else if (!strcmp(options, "version=2.0"))
384 cg->server_version = 20;
385 else if (!strcmp(options, "version=2.1"))
386 cg->server_version = 21;
387 else if (!strcmp(options, "version=2.2"))
388 cg->server_version = 22;
389 }
567f49cb
MS		 390 else
391 cg->server_version = 20;
0cb67df3 392
ef416fc2 393 if (cg->server[0] != '/' && (port = strrchr(cg->server, ':')) != NULL &&
394 !strchr(port, ']') && isdigit(port[1] & 255))
395 {
396 *port++ = '\0';
397
e07d4801 398 cg->ipp_port = atoi(port);
ef416fc2 399 }
400
4b9daaf4
MS		 401 if (!cg->ipp_port)
402 cups_set_default_ipp_port(cg);
403
ef416fc2 404 if (cg->server[0] == '/')
5a9febac 405 strlcpy(cg->servername, "localhost", sizeof(cg->servername));
ef416fc2 406 else
407 strlcpy(cg->servername, cg->server, sizeof(cg->servername));
408 }
409 else
410 {
0cb67df3
MS		 411 cg->server[0] = '\0';
412 cg->servername[0] = '\0';
413 cg->server_version = 20;
4b9daaf4 414 cg->ipp_port = 0;
ef416fc2 415 }
5a738aea
MS		 416
417 if (cg->http)
418 {
419 httpClose(cg->http);
420 cg->http = NULL;
421 }
ef416fc2 422}
423
424
7cf5915e
MS		 425/*
426 * 'cupsSetServerCertCB()' - Set the server certificate callback.
427 *
428 * Pass @code NULL@ to restore the default callback.
429 *
430 * Note: The current credentials callback is tracked separately for each thread
431 * in a program. Multi-threaded programs that override the callback need to do
432 * so in each thread for the same callback to be used.
433 *
8072030b 434 * @since CUPS 1.5/macOS 10.7@
7cf5915e
MS		 435 */
436
437void
438cupsSetServerCertCB(
439 cups_server_cert_cb_t cb, /* I - Callback function */
440 void *user_data) /* I - User data pointer */
441{
442 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
443
444
445 cg->server_cert_cb = cb;
446 cg->server_cert_data = user_data;
447}
448
449
ef416fc2 450/*
451 * 'cupsSetUser()' - Set the default user name.
452 *
5a738aea 453 * Pass @code NULL@ to restore the default user name.
5a6b583a
MS		 454 *
455 * Note: The current user name is tracked separately for each thread in a
456 * program. Multi-threaded programs that override the user name need to do so
457 * in each thread for the same user name to be used.
ef416fc2 458 */
459
460void
461cupsSetUser(const char *user) /* I - User name */
462{
463 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
464
465
466 if (user)
467 strlcpy(cg->user, user, sizeof(cg->user));
468 else
469 cg->user[0] = '\0';
470}
471
472
db8b865d
MS		 473/*
474 * 'cupsSetUserAgent()' - Set the default HTTP User-Agent string.
475 *
476 * Setting the string to NULL forces the default value containing the CUPS
477 * version, IPP version, and operating system version and architecture.
478 *
8072030b 479 * @since CUPS 1.7/macOS 10.9@
db8b865d
MS		 480 */
481
482void
483cupsSetUserAgent(const char *user_agent)/* I - User-Agent string or @code NULL@ */
484{
485 _cups_globals_t *cg = _cupsGlobals();
486 /* Thread globals */
487#ifdef WIN32
488 SYSTEM_INFO sysinfo; /* System information */
489 OSVERSIONINFO version; /* OS version info */
490#else
491 struct utsname name; /* uname info */
492#endif /* WIN32 */
493
494
495 if (user_agent)
496 {
497 strlcpy(cg->user_agent, user_agent, sizeof(cg->user_agent));
498 return;
499 }
500
501#ifdef WIN32
502 version.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
503 GetVersionEx(&version);
504 GetNativeSystemInfo(&sysinfo);
505
506 snprintf(cg->user_agent, sizeof(cg->user_agent),
507 CUPS_MINIMAL " (Windows %d.%d; %s) IPP/2.0",
508 version.dwMajorVersion, version.dwMinorVersion,
509 sysinfo.wProcessorArchitecture
510 == PROCESSOR_ARCHITECTURE_AMD64 ? "amd64" :
511 sysinfo.wProcessorArchitecture
512 == PROCESSOR_ARCHITECTURE_ARM ? "arm" :
513 sysinfo.wProcessorArchitecture
514 == PROCESSOR_ARCHITECTURE_IA64 ? "ia64" :
515 sysinfo.wProcessorArchitecture
516 == PROCESSOR_ARCHITECTURE_INTEL ? "intel" :
517 "unknown");
518
519#else
520 uname(&name);
521
522 snprintf(cg->user_agent, sizeof(cg->user_agent),
523 CUPS_MINIMAL " (%s %s; %s) IPP/2.0",
524 name.sysname, name.release, name.machine);
525#endif /* WIN32 */
526}
527
528
ef416fc2 529/*
530 * 'cupsUser()' - Return the current user's name.
5a6b583a
MS		 531 *
532 * Note: The current user name is tracked separately for each thread in a
533 * program. Multi-threaded programs that override the user name with the
534 * @link cupsSetUser@ function need to do so in each thread for the same user
535 * name to be used.
ef416fc2 536 */
537
538const char * /* O - User name */
539cupsUser(void)
540{
541 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
542
543
544 if (!cg->user[0])
3e7fe0ca 545 _cupsSetDefaults();
ef416fc2 546
547 return (cg->user);
548}
549
550
db8b865d
MS		 551/*
552 * 'cupsUserAgent()' - Return the default HTTP User-Agent string.
553 *
8072030b 554 * @since CUPS 1.7/macOS 10.9@
db8b865d
MS		 555 */
556
557const char * /* O - User-Agent string */
558cupsUserAgent(void)
559{
560 _cups_globals_t *cg = _cupsGlobals(); /* Thread globals */
561
562
563 if (!cg->user_agent[0])
564 cupsSetUserAgent(NULL);
565
566 return (cg->user_agent);
567}
568
569
ef416fc2 570/*
571 * '_cupsGetPassword()' - Get a password from the user.
572 */
573
dcb445bc 574const char * /* O - Password or @code NULL@ if none */
ef416fc2 575_cupsGetPassword(const char *prompt) /* I - Prompt string */
576{
5a6b583a 577#ifdef WIN32
dcb445bc
MS		 578 HANDLE tty; /* Console handle */
579 DWORD mode; /* Console mode */
580 char passch, /* Current key press */
581 *passptr, /* Pointer into password string */
582 *passend; /* End of password string */
12f89d24 583 DWORD passbytes; /* Bytes read */
dcb445bc
MS		 584 _cups_globals_t *cg = _cupsGlobals();
585 /* Thread globals */
586
587
5a6b583a 588 /*
dcb445bc 589 * Disable input echo and set raw input...
5a6b583a
MS		 590 */
591
dcb445bc
MS		 592 if ((tty = GetStdHandle(STD_INPUT_HANDLE)) == INVALID_HANDLE_VALUE)
593 return (NULL);
594
595 if (!GetConsoleMode(tty, &mode))
596 return (NULL);
597
598 if (!SetConsoleMode(tty, 0))
599 return (NULL);
600
601 /*
602 * Display the prompt...
603 */
604
605 printf("%s ", prompt);
606 fflush(stdout);
607
608 /*
609 * Read the password string from /dev/tty until we get interrupted or get a
610 * carriage return or newline...
611 */
612
613 passptr = cg->password;
614 passend = cg->password + sizeof(cg->password) - 1;
615
12f89d24 616 while (ReadFile(tty, &passch, 1, &passbytes, NULL))
dcb445bc
MS		 617 {
618 if (passch == 0x0A || passch == 0x0D)
619 {
620 /*
621 * Enter/return...
622 */
623
624 break;
625 }
626 else if (passch == 0x08 || passch == 0x7F)
627 {
628 /*
629 * Backspace/delete (erase character)...
630 */
631
632 if (passptr > cg->password)
633 {
634 passptr --;
635 fputs("\010 \010", stdout);
636 }
637 else
638 putchar(0x07);
639 }
640 else if (passch == 0x15)
641 {
642 /*
643 * CTRL+U (erase line)
644 */
645
646 if (passptr > cg->password)
647 {
648 while (passptr > cg->password)
649 {
650 passptr --;
651 fputs("\010 \010", stdout);
652 }
653 }
654 else
655 putchar(0x07);
656 }
657 else if (passch == 0x03)
658 {
659 /*
660 * CTRL+C...
661 */
662
663 passptr = cg->password;
664 break;
665 }
666 else if ((passch & 255) < 0x20 || passptr >= passend)
667 putchar(0x07);
668 else
669 {
670 *passptr++ = passch;
671 putchar(_CUPS_PASSCHAR);
672 }
673
674 fflush(stdout);
675 }
676
677 putchar('\n');
678 fflush(stdout);
679
680 /*
681 * Cleanup...
682 */
683
684 SetConsoleMode(tty, mode);
685
686 /*
687 * Return the proper value...
688 */
689
690 if (passbytes == 1 && passptr > cg->password)
691 {
692 *passptr = '\0';
693 return (cg->password);
694 }
695 else
696 {
697 memset(cg->password, 0, sizeof(cg->password));
698 return (NULL);
699 }
5a6b583a
MS		 700
701#else
dcb445bc
MS		 702 int tty; /* /dev/tty - never read from stdin */
703 struct termios original, /* Original input mode */
704 noecho; /* No echo input mode */
705 char passch, /* Current key press */
706 *passptr, /* Pointer into password string */
707 *passend; /* End of password string */
708 ssize_t passbytes; /* Bytes read */
709 _cups_globals_t *cg = _cupsGlobals();
710 /* Thread globals */
711
712
5a6b583a 713 /*
dcb445bc 714 * Disable input echo and set raw input...
5a6b583a
MS		 715 */
716
dcb445bc
MS		 717 if ((tty = open("/dev/tty", O_RDONLY)) < 0)
718 return (NULL);
719
720 if (tcgetattr(tty, &original))
721 {
722 close(tty);
723 return (NULL);
724 }
725
726 noecho = original;
7e86f2f6 727 noecho.c_lflag &= (tcflag_t)~(ICANON | ECHO | ECHOE | ISIG);
a8db9df8
MS		 728 noecho.c_cc[VMIN] = 1;
729 noecho.c_cc[VTIME] = 0;
7cf5915e 730
dcb445bc
MS		 731 if (tcsetattr(tty, TCSAFLUSH, &noecho))
732 {
733 close(tty);
7cf5915e 734 return (NULL);
dcb445bc
MS		 735 }
736
737 /*
738 * Display the prompt...
739 */
740
741 printf("%s ", prompt);
742 fflush(stdout);
743
744 /*
745 * Read the password string from /dev/tty until we get interrupted or get a
746 * carriage return or newline...
747 */
748
749 passptr = cg->password;
750 passend = cg->password + sizeof(cg->password) - 1;
751
752 while ((passbytes = read(tty, &passch, 1)) == 1)
753 {
8dd318e5
MS		 754 if (passch == noecho.c_cc[VEOL] ||
755# ifdef VEOL2
756 passch == noecho.c_cc[VEOL2] ||
757# endif /* VEOL2 */
dcb445bc
MS		 758 passch == 0x0A || passch == 0x0D)
759 {
760 /*
761 * Enter/return...
762 */
763
764 break;
765 }
766 else if (passch == noecho.c_cc[VERASE] ||
767 passch == 0x08 || passch == 0x7F)
768 {
769 /*
770 * Backspace/delete (erase character)...
771 */
772
773 if (passptr > cg->password)
774 {
775 passptr --;
776 fputs("\010 \010", stdout);
777 }
778 else
779 putchar(0x07);
780 }
781 else if (passch == noecho.c_cc[VKILL])
782 {
783 /*
784 * CTRL+U (erase line)
785 */
786
787 if (passptr > cg->password)
788 {
789 while (passptr > cg->password)
790 {
791 passptr --;
792 fputs("\010 \010", stdout);
793 }
794 }
795 else
796 putchar(0x07);
797 }
798 else if (passch == noecho.c_cc[VINTR] || passch == noecho.c_cc[VQUIT] ||
799 passch == noecho.c_cc[VEOF])
800 {
801 /*
802 * CTRL+C, CTRL+D, or CTRL+Z...
803 */
804
805 passptr = cg->password;
806 break;
807 }
808 else if ((passch & 255) < 0x20 || passptr >= passend)
809 putchar(0x07);
810 else
811 {
812 *passptr++ = passch;
813 putchar(_CUPS_PASSCHAR);
814 }
815
816 fflush(stdout);
817 }
818
819 putchar('\n');
820 fflush(stdout);
821
822 /*
823 * Cleanup...
824 */
825
826 tcsetattr(tty, TCSAFLUSH, &original);
827 close(tty);
828
829 /*
830 * Return the proper value...
831 */
832
833 if (passbytes == 1 && passptr > cg->password)
834 {
835 *passptr = '\0';
836 return (cg->password);
837 }
7cf5915e 838 else
dcb445bc
MS		 839 {
840 memset(cg->password, 0, sizeof(cg->password));
841 return (NULL);
842 }
ef416fc2 843#endif /* WIN32 */
5a6b583a 844}
ef416fc2 845
846
eac3a0a0
MS		 847#ifdef HAVE_GSSAPI
848/*
849 * '_cupsGSSServiceName()' - Get the GSS (Kerberos) service name.
850 */
851
852const char *
853_cupsGSSServiceName(void)
854{
855 _cups_globals_t *cg = _cupsGlobals(); /* Thread globals */
856
857
858 if (!cg->gss_service_name[0])
859 _cupsSetDefaults();
860
861 return (cg->gss_service_name);
862}
863#endif /* HAVE_GSSAPI */
864
865
ef416fc2 866/*
e07d4801 867 * '_cupsSetDefaults()' - Set the default server, port, and encryption.
b423cd4c 868 */
869
e07d4801
MS		 870void
871_cupsSetDefaults(void)
b423cd4c 872{
873 cups_file_t *fp; /* File */
3abb875b 874 const char *home; /* Home directory of user */
b423cd4c 875 char filename[1024]; /* Filename */
3abb875b 876 _cups_client_conf_t cc; /* client.conf values */
b423cd4c 877 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
878
879
e07d4801
MS		 880 DEBUG_puts("_cupsSetDefaults()");
881
882 /*
3abb875b
MS		 883 * Load initial client.conf values...
884 */
885
886 cups_init_client_conf(&cc);
887
888 /*
889 * Read the /etc/cups/client.conf and ~/.cups/client.conf files, if
890 * present.
891 */
892
893 snprintf(filename, sizeof(filename), "%s/client.conf", cg->cups_serverroot);
894 if ((fp = cupsFileOpen(filename, "r")) != NULL)
895 {
896 cups_read_client_conf(fp, &cc);
897 cupsFileClose(fp);
898 }
899
900# ifdef HAVE_GETEUID
901 if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home = getenv("HOME")) != NULL)
902# elif !defined(WIN32)
903 if (getuid() && (home = getenv("HOME")) != NULL)
904# else
905 if ((home = getenv("HOME")) != NULL)
906# endif /* HAVE_GETEUID */
907 {
908 /*
909 * Look for ~/.cups/client.conf...
910 */
911
912 snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home);
913 if ((fp = cupsFileOpen(filename, "r")) != NULL)
914 {
915 cups_read_client_conf(fp, &cc);
916 cupsFileClose(fp);
917 }
918 }
919
920 /*
921 * Finalize things so every client.conf value is set...
e07d4801
MS		 922 */
923
3abb875b
MS		 924 cups_finalize_client_conf(&cc);
925
926 if (cg->encryption == (http_encryption_t)-1)
927 cg->encryption = cc.encryption;
928
929 if (!cg->server[0] || !cg->ipp_port)
930 cupsSetServer(cc.server_name);
931
932 if (!cg->ipp_port)
4b9daaf4 933 cups_set_default_ipp_port(cg);
3abb875b
MS		 934
935 if (!cg->user[0])
936 strlcpy(cg->user, cc.user, sizeof(cg->user));
937
938#ifdef HAVE_GSSAPI
939 if (!cg->gss_service_name[0])
940 strlcpy(cg->gss_service_name, cc.gss_service_name, sizeof(cg->gss_service_name));
941#endif /* HAVE_GSSAPI */
942
08d56b1f
MS		 943 if (cg->trust_first < 0)
944 cg->trust_first = cc.trust_first;
945
3abb875b
MS		 946 if (cg->any_root < 0)
947 cg->any_root = cc.any_root;
948
949 if (cg->expired_certs < 0)
950 cg->expired_certs = cc.expired_certs;
951
952 if (cg->validate_certs < 0)
953 cg->validate_certs = cc.validate_certs;
954
955#ifdef HAVE_SSL
8f1fbdec 956 _httpTLSSetOptions(cc.ssl_options | _HTTP_TLS_SET_DEFAULT, cc.ssl_min_version, cc.ssl_max_version);
3abb875b
MS		 957#endif /* HAVE_SSL */
958}
959
960
08d56b1f
MS		 961#ifdef __APPLE__
962/*
963 * 'cups_apple_get_boolean()' - Get a boolean setting from the CUPS preferences.
964 */
965
966static int /* O - 1 if set, 0 otherwise */
967cups_apple_get_boolean(
968 CFStringRef key, /* I - Key (name) */
969 int *value) /* O - Boolean value */
970{
971 Boolean bval, /* Preference value */
972 bval_set; /* Value is set? */
973
974
975 bval = CFPreferencesGetAppBooleanValue(key, kCUPSPrintingPrefs, &bval_set);
976
977 if (bval_set)
978 *value = (int)bval;
979
980 return ((int)bval_set);
981}
982
983
984/*
985 * 'cups_apple_get_string()' - Get a string setting from the CUPS preferences.
986 */
987
988static int /* O - 1 if set, 0 otherwise */
989cups_apple_get_string(
990 CFStringRef key, /* I - Key (name) */
991 char *value, /* O - String value */
992 size_t valsize) /* I - Size of value buffer */
993{
994 CFStringRef sval; /* String value */
995
996
997 if ((sval = CFPreferencesCopyAppValue(key, kCUPSPrintingPrefs)) != NULL)
998 {
999 Boolean result = CFStringGetCString(sval, value, (CFIndex)valsize, kCFStringEncodingUTF8);
1000
1001 CFRelease(sval);
1002
1003 if (result)
1004 return (1);
1005 }
1006
1007 return (0);
1008}
1009#endif /* __APPLE__ */
1010
1011
3abb875b
MS		 1012/*
1013 * 'cups_boolean_value()' - Convert a string to a boolean value.
1014 */
1015
1016static int /* O - Boolean value */
1017cups_boolean_value(const char *value) /* I - String value */
1018{
1019 return (!_cups_strcasecmp(value, "yes") || !_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "true"));
1020}
1021
1022
1023/*
1024 * 'cups_finalize_client_conf()' - Finalize client.conf values.
1025 */
1026
1027static void
1028cups_finalize_client_conf(
1029 _cups_client_conf_t *cc) /* I - client.conf values */
1030{
1031 const char *value; /* Environment variable */
1032
1033
08d56b1f
MS		 1034 if ((value = getenv("CUPS_TRUSTFIRST")) != NULL)
1035 cc->trust_first = cups_boolean_value(value);
1036
3abb875b
MS		 1037 if ((value = getenv("CUPS_ANYROOT")) != NULL)
1038 cc->any_root = cups_boolean_value(value);
1039
1040 if ((value = getenv("CUPS_ENCRYPTION")) != NULL)
1041 cups_set_encryption(cc, value);
1042
1043 if ((value = getenv("CUPS_EXPIREDCERTS")) != NULL)
1044 cc->expired_certs = cups_boolean_value(value);
1045
07ed0e9a 1046#ifdef HAVE_GSSAPI
3abb875b
MS		 1047 if ((value = getenv("CUPS_GSSSERVICENAME")) != NULL)
1048 cups_set_gss_service_name(cc, value);
07ed0e9a 1049#endif /* HAVE_GSSAPI */
3abb875b
MS		 1050
1051 if ((value = getenv("CUPS_SERVER")) != NULL)
1052 cups_set_server_name(cc, value);
1053
1054 if ((value = getenv("CUPS_USER")) != NULL)
1055 cups_set_user(cc, value);
1056
1057 if ((value = getenv("CUPS_VALIDATECERTS")) != NULL)
1058 cc->validate_certs = cups_boolean_value(value);
e07d4801
MS		 1059
1060 /*
3abb875b 1061 * Then apply defaults for those values that haven't been set...
e07d4801
MS		 1062 */
1063
08d56b1f
MS		 1064 if (cc->trust_first < 0)
1065 cc->trust_first = 1;
1066
3abb875b
MS		 1067 if (cc->any_root < 0)
1068 cc->any_root = 1;
1069
1070 if (cc->encryption == (http_encryption_t)-1)
1071 cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED;
1072
1073 if (cc->expired_certs < 0)
08d56b1f 1074 cc->expired_certs = 0;
3abb875b
MS		 1075
1076#ifdef HAVE_GSSAPI
1077 if (!cc->gss_service_name[0])
1078 cups_set_gss_service_name(cc, CUPS_DEFAULT_GSSSERVICENAME);
1079#endif /* HAVE_GSSAPI */
1080
1081 if (!cc->server_name[0])
e07d4801 1082 {
3abb875b 1083#ifdef CUPS_DEFAULT_DOMAINSOCKET
63aefcd5 1084 /*
3abb875b
MS		 1085 * If we are compiled with domain socket support, only use the
1086 * domain socket if it exists and has the right permissions...
63aefcd5
MS		 1087 */
1088
89b7fd55 1089 if (!access(CUPS_DEFAULT_DOMAINSOCKET, R_OK))
3abb875b
MS		 1090 cups_set_server_name(cc, CUPS_DEFAULT_DOMAINSOCKET);
1091 else
1092#endif /* CUPS_DEFAULT_DOMAINSOCKET */
1093 cups_set_server_name(cc, "localhost");
1094 }
63aefcd5 1095
3abb875b
MS		 1096 if (!cc->user[0])
1097 {
1098#ifdef WIN32
63aefcd5 1099 /*
3abb875b 1100 * Get the current user name from the OS...
63aefcd5
MS		 1101 */
1102
3abb875b 1103 DWORD size; /* Size of string */
63aefcd5 1104
3abb875b
MS		 1105 size = sizeof(cc->user);
1106 if (!GetUserName(cc->user, &size))
1107#else
63aefcd5 1108 /*
3abb875b 1109 * Try the USER environment variable as the default username...
63aefcd5
MS		 1110 */
1111
3abb875b
MS		 1112 const char *envuser = getenv("USER");
1113 /* Default username */
1114 struct passwd *pw = NULL; /* Account information */
1115
1116 if (envuser)
d09495fa 1117 {
10d09e33 1118 /*
3abb875b
MS		 1119 * Validate USER matches the current UID, otherwise don't allow it to
1120 * override things... This makes sure that printing after doing su
1121 * or sudo records the correct username.
10d09e33 1122 */
e07d4801 1123
3abb875b
MS		 1124 if ((pw = getpwnam(envuser)) != NULL && pw->pw_uid != getuid())
1125 pw = NULL;
1126 }
1127
1128 if (!pw)
1129 pw = getpwuid(getuid());
e07d4801 1130
3abb875b
MS		 1131 if (pw)
1132 strlcpy(cc->user, pw->pw_name, sizeof(cc->user));
1133 else
1134#endif /* WIN32 */
1135 {
e07d4801 1136 /*
3abb875b 1137 * Use the default "unknown" user name...
e07d4801
MS		 1138 */
1139
3abb875b 1140 strlcpy(cc->user, "unknown", sizeof(cc->user));
63aefcd5 1141 }
e07d4801 1142 }
3abb875b
MS		 1143
1144 if (cc->validate_certs < 0)
1145 cc->validate_certs = 0;
1146}
1147
1148
1149/*
1150 * 'cups_init_client_conf()' - Initialize client.conf values.
1151 */
1152
1153static void
1154cups_init_client_conf(
1155 _cups_client_conf_t *cc) /* I - client.conf values */
1156{
1157 /*
1158 * Clear all values to "not set"...
1159 */
1160
1161 memset(cc, 0, sizeof(_cups_client_conf_t));
1162
1163 cc->encryption = (http_encryption_t)-1;
08d56b1f 1164 cc->trust_first = -1;
3abb875b
MS		 1165 cc->any_root = -1;
1166 cc->expired_certs = -1;
1167 cc->validate_certs = -1;
08d56b1f
MS		 1168
1169 /*
1170 * Load settings from the org.cups.PrintingPrefs plist (which trump
1171 * everything...)
1172 */
1173
b908d72c 1174#if defined(__APPLE__) && defined(HAVE_SSL)
08d56b1f
MS		 1175 char sval[1024]; /* String value */
1176 int bval; /* Boolean value */
1177
1178 if (cups_apple_get_boolean(kAllowAnyRootKey, &bval))
1179 cc->any_root = bval;
1180
1181 if (cups_apple_get_boolean(kAllowExpiredCertsKey, &bval))
1182 cc->expired_certs = bval;
1183
1184 if (cups_apple_get_string(kEncryptionKey, sval, sizeof(sval)))
1185 cups_set_encryption(cc, sval);
1186
1187 if (cups_apple_get_string(kSSLOptionsKey, sval, sizeof(sval)))
1188 cups_set_ssl_options(cc, sval);
1189
1190 if (cups_apple_get_boolean(kTrustOnFirstUseKey, &bval))
1191 cc->trust_first = bval;
1192
1193 if (cups_apple_get_boolean(kValidateCertsKey, &bval))
1194 cc->validate_certs = bval;
b908d72c 1195#endif /* __APPLE__ && HAVE_SSL */
e07d4801
MS		 1196}
1197
1198
1199/*
1200 * 'cups_read_client_conf()' - Read a client.conf file.
1201 */
1202
1203static void
1204cups_read_client_conf(
3abb875b
MS		 1205 cups_file_t *fp, /* I - File to read */
1206 _cups_client_conf_t *cc) /* I - client.conf values */
e07d4801
MS		 1207{
1208 int linenum; /* Current line number */
1209 char line[1024], /* Line from file */
3abb875b 1210 *value; /* Pointer into line */
e07d4801
MS		 1211
1212
1213 /*
1214 * Read from the file...
1215 */
1216
1217 linenum = 0;
1218 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
1219 {
3abb875b
MS		 1220 if (!_cups_strcasecmp(line, "Encryption") && value)
1221 cups_set_encryption(cc, value);
85dda01c
MS		 1222#ifndef __APPLE__
1223 /*
8072030b 1224 * The ServerName directive is not supported on macOS due to app
3abb875b 1225 * sandboxing restrictions, i.e. not all apps request network access.
85dda01c 1226 */
3abb875b
MS		 1227 else if (!_cups_strcasecmp(line, "ServerName") && value)
1228 cups_set_server_name(cc, value);
85dda01c 1229#endif /* !__APPLE__ */
3abb875b
MS		 1230 else if (!_cups_strcasecmp(line, "User") && value)
1231 cups_set_user(cc, value);
08d56b1f
MS		 1232 else if (!_cups_strcasecmp(line, "TrustOnFirstUse") && value)
1233 cc->trust_first = cups_boolean_value(value);
3abb875b
MS		 1234 else if (!_cups_strcasecmp(line, "AllowAnyRoot") && value)
1235 cc->any_root = cups_boolean_value(value);
1236 else if (!_cups_strcasecmp(line, "AllowExpiredCerts") &&
7cf5915e 1237 value)
3abb875b
MS		 1238 cc->expired_certs = cups_boolean_value(value);
1239 else if (!_cups_strcasecmp(line, "ValidateCerts") && value)
1240 cc->validate_certs = cups_boolean_value(value);
07ed0e9a 1241#ifdef HAVE_GSSAPI
3abb875b
MS		 1242 else if (!_cups_strcasecmp(line, "GSSServiceName") && value)
1243 cups_set_gss_service_name(cc, value);
07ed0e9a 1244#endif /* HAVE_GSSAPI */
22ebb7d0 1245#ifdef HAVE_SSL
3abb875b
MS		 1246 else if (!_cups_strcasecmp(line, "SSLOptions") && value)
1247 cups_set_ssl_options(cc, value);
1248#endif /* HAVE_SSL */
1249 }
1250}
63aefcd5 1251
63aefcd5 1252
4b9daaf4
MS		 1253/*
1254 * 'cups_set_default_ipp_port()' - Set the default IPP port value.
1255 */
1256
1257static void
1258cups_set_default_ipp_port(
1259 _cups_globals_t *cg) /* I - Global data */
1260{
1261 const char *ipp_port; /* IPP_PORT environment variable */
1262
1263
1264 if ((ipp_port = getenv("IPP_PORT")) != NULL)
1265 {
1266 if ((cg->ipp_port = atoi(ipp_port)) <= 0)
1267 cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
1268 }
1269 else
1270 cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
1271}
1272
3abb875b
MS		 1273/*
1274 * 'cups_set_encryption()' - Set the Encryption value.
1275 */
63aefcd5 1276
3abb875b
MS		 1277static void
1278cups_set_encryption(
1279 _cups_client_conf_t *cc, /* I - client.conf values */
1280 const char *value) /* I - Value */
1281{
1282 if (!_cups_strcasecmp(value, "never"))
1283 cc->encryption = HTTP_ENCRYPTION_NEVER;
1284 else if (!_cups_strcasecmp(value, "always"))
1285 cc->encryption = HTTP_ENCRYPTION_ALWAYS;
1286 else if (!_cups_strcasecmp(value, "required"))
1287 cc->encryption = HTTP_ENCRYPTION_REQUIRED;
1288 else
1289 cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED;
1290}
e07d4801 1291
e07d4801 1292
3abb875b
MS		 1293/*
1294 * 'cups_set_gss_service_name()' - Set the GSSServiceName value.
1295 */
b423cd4c 1296
3abb875b
MS		 1297#ifdef HAVE_GSSAPI
1298static void
1299cups_set_gss_service_name(
1300 _cups_client_conf_t *cc, /* I - client.conf values */
1301 const char *value) /* I - Value */
1302{
1303 strlcpy(cc->gss_service_name, value, sizeof(cc->gss_service_name));
1304}
1305#endif /* HAVE_GSSAPI */
7cf5915e 1306
10d09e33 1307
3abb875b
MS		 1308/*
1309 * 'cups_set_server_name()' - Set the ServerName value.
1310 */
10d09e33 1311
3abb875b
MS		 1312static void
1313cups_set_server_name(
1314 _cups_client_conf_t *cc, /* I - client.conf values */
1315 const char *value) /* I - Value */
1316{
1317 strlcpy(cc->server_name, value, sizeof(cc->server_name));
1318}
10d09e33 1319
10d09e33 1320
3abb875b
MS		 1321/*
1322 * 'cups_set_ssl_options()' - Set the SSLOptions value.
1323 */
10d09e33 1324
3abb875b
MS		 1325#ifdef HAVE_SSL
1326static void
1327cups_set_ssl_options(
1328 _cups_client_conf_t *cc, /* I - client.conf values */
1329 const char *value) /* I - Value */
1330{
1331 /*
ee6226a5 1332 * SSLOptions [AllowRC4] [AllowSSL3] [AllowDH] [DenyTLS1.0] [None]
3abb875b 1333 */
10d09e33 1334
8f1fbdec
MS		 1335 int options = _HTTP_TLS_NONE, /* SSL/TLS options */
1336 min_version = _HTTP_TLS_1_0, /* Minimum SSL/TLS version */
1337 max_version = _HTTP_TLS_MAX; /* Maximum SSL/TLS version */
3abb875b
MS		 1338 char temp[256], /* Copy of value */
1339 *start, /* Start of option */
1340 *end; /* End of option */
3e7fe0ca 1341
3e7fe0ca 1342
3abb875b 1343 strlcpy(temp, value, sizeof(temp));
3e7fe0ca 1344
3abb875b
MS		 1345 for (start = temp; *start; start = end)
1346 {
a8db9df8 1347 /*
3abb875b
MS		 1348 * Find end of keyword...
1349 */
3e7fe0ca 1350
3abb875b
MS		 1351 end = start;
1352 while (*end && !_cups_isspace(*end))
1353 end ++;
93e3d3f5 1354
3abb875b
MS		 1355 if (*end)
1356 *end++ = '\0';
93e3d3f5 1357
3abb875b
MS		 1358 /*
1359 * Compare...
1360 */
3e7fe0ca 1361
3abb875b
MS		 1362 if (!_cups_strcasecmp(start, "AllowRC4"))
1363 options |= _HTTP_TLS_ALLOW_RC4;
1364 else if (!_cups_strcasecmp(start, "AllowSSL3"))
8f1fbdec 1365 min_version = _HTTP_TLS_SSL3;
ee6226a5
MS		 1366 else if (!_cups_strcasecmp(start, "AllowDH"))
1367 options |= _HTTP_TLS_ALLOW_DH;
f2e87147
MS		 1368 else if (!_cups_strcasecmp(start, "DenyCBC"))
1369 options |= _HTTP_TLS_DENY_CBC;
ee6226a5 1370 else if (!_cups_strcasecmp(start, "DenyTLS1.0"))
8f1fbdec
MS		 1371 min_version = _HTTP_TLS_1_1;
1372 else if (!_cups_strcasecmp(start, "MaxTLS1.0"))
1373 max_version = _HTTP_TLS_1_0;
1374 else if (!_cups_strcasecmp(start, "MaxTLS1.1"))
1375 max_version = _HTTP_TLS_1_1;
1376 else if (!_cups_strcasecmp(start, "MaxTLS1.2"))
1377 max_version = _HTTP_TLS_1_2;
1378 else if (!_cups_strcasecmp(start, "MaxTLS1.3"))
1379 max_version = _HTTP_TLS_1_3;
1380 else if (!_cups_strcasecmp(start, "MinTLS1.0"))
1381 min_version = _HTTP_TLS_1_0;
1382 else if (!_cups_strcasecmp(start, "MinTLS1.1"))
1383 min_version = _HTTP_TLS_1_1;
1384 else if (!_cups_strcasecmp(start, "MinTLS1.2"))
1385 min_version = _HTTP_TLS_1_2;
1386 else if (!_cups_strcasecmp(start, "MinTLS1.3"))
1387 min_version = _HTTP_TLS_1_3;
3abb875b 1388 else if (!_cups_strcasecmp(start, "None"))
ee6226a5 1389 options = _HTTP_TLS_NONE;
3e7fe0ca
MS		 1390 }
1391
8f1fbdec
MS		 1392 cc->ssl_options = options;
1393 cc->ssl_max_version = max_version;
1394 cc->ssl_min_version = min_version;
b37d45d9 1395
8f1fbdec 1396 DEBUG_printf(("4cups_set_ssl_options(cc=%p, value=\"%s\") options=%x, min_version=%d, max_version=%d", (void *)cc, value, options, min_version, max_version));
3abb875b
MS		 1397}
1398#endif /* HAVE_SSL */
07ed0e9a 1399
7cf5915e 1400
3abb875b
MS		 1401/*
1402 * 'cups_set_user()' - Set the User value.
1403 */
f51f3773 1404
3abb875b
MS		 1405static void
1406cups_set_user(
1407 _cups_client_conf_t *cc, /* I - client.conf values */
1408 const char *value) /* I - Value */
1409{
1410 strlcpy(cc->user, value, sizeof(cc->user));
b423cd4c 1411}
Unnamed repository; edit this file 'description' to name the repository.