]>
Commit | Line | Data |
---|---|---|
ef416fc2 | 1 | /* |
83bc2aac MS |
2 | * User, system, and password routines for CUPS. |
3 | * | |
53af7f21 | 4 | * Copyright 2007-2017 by Apple Inc. |
83bc2aac MS |
5 | * Copyright 1997-2006 by Easy Software Products. |
6 | * | |
e3101897 | 7 | * Licensed under Apache License v2.0. See the file "LICENSE" for more information. |
ef416fc2 | 8 | */ |
9 | ||
10 | /* | |
11 | * Include necessary headers... | |
12 | */ | |
13 | ||
71e16022 | 14 | #include "cups-private.h" |
fb863569 | 15 | #include "debug-internal.h" |
ef416fc2 | 16 | #include <stdlib.h> |
e00b005a | 17 | #include <sys/stat.h> |
19dc16f7 | 18 | #ifdef _WIN32 |
ef416fc2 | 19 | # include <windows.h> |
5a6b583a MS |
20 | #else |
21 | # include <pwd.h> | |
dcb445bc | 22 | # include <termios.h> |
db8b865d | 23 | # include <sys/utsname.h> |
19dc16f7 | 24 | #endif /* _WIN32 */ |
ef416fc2 | 25 | |
26 | ||
dcb445bc MS |
27 | /* |
28 | * Local constants... | |
29 | */ | |
30 | ||
08d56b1f MS |
31 | #ifdef __APPLE__ |
32 | # define kCUPSPrintingPrefs CFSTR("org.cups.PrintingPrefs") | |
33 | # define kAllowAnyRootKey CFSTR("AllowAnyRoot") | |
34 | # define kAllowExpiredCertsKey CFSTR("AllowExpiredCerts") | |
35 | # define kEncryptionKey CFSTR("Encryption") | |
36 | # define kGSSServiceNameKey CFSTR("GSSServiceName") | |
37 | # define kSSLOptionsKey CFSTR("SSLOptions") | |
38 | # define kTrustOnFirstUseKey CFSTR("TrustOnFirstUse") | |
39 | # define kValidateCertsKey CFSTR("ValidateCerts") | |
40 | #endif /* __APPLE__ */ | |
41 | ||
dcb445bc MS |
42 | #define _CUPS_PASSCHAR '*' /* Character that is echoed for password */ |
43 | ||
44 | ||
3abb875b MS |
45 | /* |
46 | * Local types... | |
47 | */ | |
48 | ||
49 | typedef struct _cups_client_conf_s /**** client.conf config data ****/ | |
50 | { | |
51 | #ifdef HAVE_SSL | |
8f1fbdec MS |
52 | int ssl_options, /* SSLOptions values */ |
53 | ssl_min_version,/* Minimum SSL/TLS version */ | |
54 | ssl_max_version;/* Maximum SSL/TLS version */ | |
3abb875b | 55 | #endif /* HAVE_SSL */ |
08d56b1f MS |
56 | int trust_first, /* Trust on first use? */ |
57 | any_root, /* Allow any (e.g., self-signed) root */ | |
3abb875b MS |
58 | expired_certs, /* Allow expired certs */ |
59 | validate_certs; /* Validate certificates */ | |
60 | http_encryption_t encryption; /* Encryption setting */ | |
61 | char user[65], /* User name */ | |
62 | server_name[256]; | |
63 | /* Server hostname */ | |
64 | #ifdef HAVE_GSSAPI | |
65 | char gss_service_name[32]; | |
66 | /* Kerberos service name */ | |
67 | #endif /* HAVE_GSSAPI */ | |
68 | } _cups_client_conf_t; | |
69 | ||
70 | ||
b423cd4c | 71 | /* |
72 | * Local functions... | |
73 | */ | |
74 | ||
08d56b1f MS |
75 | #ifdef __APPLE__ |
76 | static int cups_apple_get_boolean(CFStringRef key, int *value); | |
77 | static int cups_apple_get_string(CFStringRef key, char *value, size_t valsize); | |
78 | #endif /* __APPLE__ */ | |
79 | static int cups_boolean_value(const char *value); | |
3abb875b MS |
80 | static void cups_finalize_client_conf(_cups_client_conf_t *cc); |
81 | static void cups_init_client_conf(_cups_client_conf_t *cc); | |
82 | static void cups_read_client_conf(cups_file_t *fp, _cups_client_conf_t *cc); | |
4b9daaf4 | 83 | static void cups_set_default_ipp_port(_cups_globals_t *cg); |
3abb875b | 84 | static void cups_set_encryption(_cups_client_conf_t *cc, const char *value); |
07ed0e9a | 85 | #ifdef HAVE_GSSAPI |
3abb875b | 86 | static void cups_set_gss_service_name(_cups_client_conf_t *cc, const char *value); |
07ed0e9a | 87 | #endif /* HAVE_GSSAPI */ |
3abb875b MS |
88 | static void cups_set_server_name(_cups_client_conf_t *cc, const char *value); |
89 | #ifdef HAVE_SSL | |
90 | static void cups_set_ssl_options(_cups_client_conf_t *cc, const char *value); | |
91 | #endif /* HAVE_SSL */ | |
92 | static void cups_set_user(_cups_client_conf_t *cc, const char *value); | |
b423cd4c | 93 | |
94 | ||
ef416fc2 | 95 | /* |
5a6b583a | 96 | * 'cupsEncryption()' - Get the current encryption settings. |
ef416fc2 | 97 | * |
98 | * The default encryption setting comes from the CUPS_ENCRYPTION | |
568fa3fa | 99 | * environment variable, then the ~/.cups/client.conf file, and finally the |
ef416fc2 | 100 | * /etc/cups/client.conf file. If not set, the default is |
cb7f98ee | 101 | * @code HTTP_ENCRYPTION_IF_REQUESTED@. |
5a6b583a MS |
102 | * |
103 | * Note: The current encryption setting is tracked separately for each thread | |
104 | * in a program. Multi-threaded programs that override the setting via the | |
105 | * @link cupsSetEncryption@ function need to do so in each thread for the same | |
106 | * setting to be used. | |
ef416fc2 | 107 | */ |
108 | ||
109 | http_encryption_t /* O - Encryption settings */ | |
110 | cupsEncryption(void) | |
111 | { | |
ef416fc2 | 112 | _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */ |
113 | ||
114 | ||
ef416fc2 | 115 | if (cg->encryption == (http_encryption_t)-1) |
e07d4801 | 116 | _cupsSetDefaults(); |
ef416fc2 | 117 | |
118 | return (cg->encryption); | |
119 | } | |
120 | ||
121 | ||
122 | /* | |
123 | * 'cupsGetPassword()' - Get a password from the user. | |
124 | * | |
5a738aea | 125 | * Uses the current password callback function. Returns @code NULL@ if the |
ecdc0628 | 126 | * user does not provide a password. |
5a6b583a MS |
127 | * |
128 | * Note: The current password callback function is tracked separately for each | |
129 | * thread in a program. Multi-threaded programs that override the setting via | |
130 | * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to | |
131 | * do so in each thread for the same function to be used. | |
53af7f21 MS |
132 | * |
133 | * @exclude all@ | |
ef416fc2 | 134 | */ |
135 | ||
136 | const char * /* O - Password */ | |
137 | cupsGetPassword(const char *prompt) /* I - Prompt string */ | |
138 | { | |
f11a948a MS |
139 | _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */ |
140 | ||
141 | ||
142 | return ((cg->password_cb)(prompt, NULL, NULL, NULL, cg->password_data)); | |
143 | } | |
144 | ||
145 | ||
146 | /* | |
98d88c8d | 147 | * 'cupsGetPassword2()' - Get a password from the user using the current |
5a6b583a | 148 | * password callback. |
f11a948a MS |
149 | * |
150 | * Uses the current password callback function. Returns @code NULL@ if the | |
151 | * user does not provide a password. | |
152 | * | |
5a6b583a MS |
153 | * Note: The current password callback function is tracked separately for each |
154 | * thread in a program. Multi-threaded programs that override the setting via | |
98d88c8d MS |
155 | * the @link cupsSetPasswordCB2@ function need to do so in each thread for the |
156 | * same function to be used. | |
5a6b583a | 157 | * |
8072030b | 158 | * @since CUPS 1.4/macOS 10.6@ |
f11a948a MS |
159 | */ |
160 | ||
161 | const char * /* O - Password */ | |
162 | cupsGetPassword2(const char *prompt, /* I - Prompt string */ | |
163 | http_t *http, /* I - Connection to server or @code CUPS_HTTP_DEFAULT@ */ | |
164 | const char *method, /* I - Request method ("GET", "POST", "PUT") */ | |
165 | const char *resource) /* I - Resource path */ | |
166 | { | |
167 | _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */ | |
168 | ||
169 | ||
170 | if (!http) | |
171 | http = _cupsConnect(); | |
172 | ||
173 | return ((cg->password_cb)(prompt, http, method, resource, cg->password_data)); | |
ef416fc2 | 174 | } |
175 | ||
176 | ||
ef416fc2 | 177 | /* |
5a6b583a MS |
178 | * 'cupsServer()' - Return the hostname/address of the current server. |
179 | * | |
180 | * The default server comes from the CUPS_SERVER environment variable, then the | |
181 | * ~/.cups/client.conf file, and finally the /etc/cups/client.conf file. If not | |
182 | * set, the default is the local system - either "localhost" or a domain socket | |
183 | * path. | |
ef416fc2 | 184 | * |
5a6b583a MS |
185 | * The returned value can be a fully-qualified hostname, a numeric IPv4 or IPv6 |
186 | * address, or a domain socket pathname. | |
187 | * | |
188 | * Note: The current server is tracked separately for each thread in a program. | |
189 | * Multi-threaded programs that override the server via the | |
190 | * @link cupsSetServer@ function need to do so in each thread for the same | |
191 | * server to be used. | |
ef416fc2 | 192 | */ |
193 | ||
194 | const char * /* O - Server name */ | |
195 | cupsServer(void) | |
196 | { | |
ef416fc2 | 197 | _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */ |
198 | ||
199 | ||
ef416fc2 | 200 | if (!cg->server[0]) |
e07d4801 | 201 | _cupsSetDefaults(); |
ef416fc2 | 202 | |
e07d4801 MS |
203 | return (cg->server); |
204 | } | |
ef416fc2 | 205 | |
d09495fa | 206 | |
7cf5915e MS |
207 | /* |
208 | * 'cupsSetClientCertCB()' - Set the client certificate callback. | |
209 | * | |
210 | * Pass @code NULL@ to restore the default callback. | |
211 | * | |
212 | * Note: The current certificate callback is tracked separately for each thread | |
213 | * in a program. Multi-threaded programs that override the callback need to do | |
214 | * so in each thread for the same callback to be used. | |
215 | * | |
8072030b | 216 | * @since CUPS 1.5/macOS 10.7@ |
7cf5915e MS |
217 | */ |
218 | ||
219 | void | |
220 | cupsSetClientCertCB( | |
221 | cups_client_cert_cb_t cb, /* I - Callback function */ | |
222 | void *user_data) /* I - User data pointer */ | |
223 | { | |
224 | _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */ | |
225 | ||
226 | ||
227 | cg->client_cert_cb = cb; | |
228 | cg->client_cert_data = user_data; | |
229 | } | |
230 | ||
231 | ||
232 | /* | |
233 | * 'cupsSetCredentials()' - Set the default credentials to be used for SSL/TLS | |
234 | * connections. | |
235 | * | |
236 | * Note: The default credentials are tracked separately for each thread in a | |
237 | * program. Multi-threaded programs that override the setting need to do so in | |
238 | * each thread for the same setting to be used. | |
239 | * | |
8072030b | 240 | * @since CUPS 1.5/macOS 10.7@ |
7cf5915e MS |
241 | */ |
242 | ||
243 | int /* O - Status of call (0 = success) */ | |
244 | cupsSetCredentials( | |
245 | cups_array_t *credentials) /* I - Array of credentials */ | |
246 | { | |
247 | _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */ | |
248 | ||
249 | ||
250 | if (cupsArrayCount(credentials) < 1) | |
251 | return (-1); | |
252 | ||
7d5824d6 | 253 | #ifdef HAVE_SSL |
7cf5915e | 254 | _httpFreeCredentials(cg->tls_credentials); |
85dda01c | 255 | cg->tls_credentials = _httpCreateCredentials(credentials); |
7d5824d6 | 256 | #endif /* HAVE_SSL */ |
7cf5915e MS |
257 | |
258 | return (cg->tls_credentials ? 0 : -1); | |
259 | } | |
260 | ||
261 | ||
e07d4801 MS |
262 | /* |
263 | * 'cupsSetEncryption()' - Set the encryption preference. | |
5a6b583a MS |
264 | * |
265 | * The default encryption setting comes from the CUPS_ENCRYPTION | |
266 | * environment variable, then the ~/.cups/client.conf file, and finally the | |
267 | * /etc/cups/client.conf file. If not set, the default is | |
cb7f98ee | 268 | * @code HTTP_ENCRYPTION_IF_REQUESTED@. |
5a6b583a MS |
269 | * |
270 | * Note: The current encryption setting is tracked separately for each thread | |
271 | * in a program. Multi-threaded programs that override the setting need to do | |
272 | * so in each thread for the same setting to be used. | |
e07d4801 | 273 | */ |
ef416fc2 | 274 | |
e07d4801 MS |
275 | void |
276 | cupsSetEncryption(http_encryption_t e) /* I - New encryption preference */ | |
277 | { | |
278 | _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */ | |
ef416fc2 | 279 | |
ef416fc2 | 280 | |
e07d4801 | 281 | cg->encryption = e; |
ef416fc2 | 282 | |
e07d4801 MS |
283 | if (cg->http) |
284 | httpEncryption(cg->http, e); | |
ef416fc2 | 285 | } |
286 | ||
287 | ||
288 | /* | |
289 | * 'cupsSetPasswordCB()' - Set the password callback for CUPS. | |
290 | * | |
5a6b583a MS |
291 | * Pass @code NULL@ to restore the default (console) password callback, which |
292 | * reads the password from the console. Programs should call either this | |
293 | * function or @link cupsSetPasswordCB2@, as only one callback can be registered | |
294 | * by a program per thread. | |
295 | * | |
296 | * Note: The current password callback is tracked separately for each thread | |
297 | * in a program. Multi-threaded programs that override the callback need to do | |
298 | * so in each thread for the same callback to be used. | |
53af7f21 MS |
299 | * |
300 | * @exclude all@ | |
ef416fc2 | 301 | */ |
302 | ||
303 | void | |
304 | cupsSetPasswordCB(cups_password_cb_t cb)/* I - Callback function */ | |
305 | { | |
306 | _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */ | |
307 | ||
308 | ||
f11a948a MS |
309 | if (cb == (cups_password_cb_t)0) |
310 | cg->password_cb = (cups_password_cb2_t)_cupsGetPassword; | |
311 | else | |
312 | cg->password_cb = (cups_password_cb2_t)cb; | |
313 | ||
314 | cg->password_data = NULL; | |
315 | } | |
316 | ||
317 | ||
318 | /* | |
319 | * 'cupsSetPasswordCB2()' - Set the advanced password callback for CUPS. | |
320 | * | |
5a6b583a MS |
321 | * Pass @code NULL@ to restore the default (console) password callback, which |
322 | * reads the password from the console. Programs should call either this | |
323 | * function or @link cupsSetPasswordCB2@, as only one callback can be registered | |
324 | * by a program per thread. | |
325 | * | |
326 | * Note: The current password callback is tracked separately for each thread | |
327 | * in a program. Multi-threaded programs that override the callback need to do | |
328 | * so in each thread for the same callback to be used. | |
f11a948a | 329 | * |
8072030b | 330 | * @since CUPS 1.4/macOS 10.6@ |
f11a948a MS |
331 | */ |
332 | ||
333 | void | |
334 | cupsSetPasswordCB2( | |
335 | cups_password_cb2_t cb, /* I - Callback function */ | |
336 | void *user_data) /* I - User data pointer */ | |
337 | { | |
338 | _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */ | |
339 | ||
340 | ||
341 | if (cb == (cups_password_cb2_t)0) | |
342 | cg->password_cb = (cups_password_cb2_t)_cupsGetPassword; | |
ef416fc2 | 343 | else |
344 | cg->password_cb = cb; | |
f11a948a MS |
345 | |
346 | cg->password_data = user_data; | |
ef416fc2 | 347 | } |
348 | ||
349 | ||
350 | /* | |
5a6b583a | 351 | * 'cupsSetServer()' - Set the default server name and port. |
ef416fc2 | 352 | * |
353 | * The "server" string can be a fully-qualified hostname, a numeric | |
5a6b583a MS |
354 | * IPv4 or IPv6 address, or a domain socket pathname. Hostnames and numeric IP |
355 | * addresses can be optionally followed by a colon and port number to override | |
356 | * the default port 631, e.g. "hostname:8631". Pass @code NULL@ to restore the | |
357 | * default server name and port. | |
358 | * | |
359 | * Note: The current server is tracked separately for each thread in a program. | |
360 | * Multi-threaded programs that override the server need to do so in each | |
361 | * thread for the same server to be used. | |
ef416fc2 | 362 | */ |
363 | ||
364 | void | |
365 | cupsSetServer(const char *server) /* I - Server name */ | |
366 | { | |
0cb67df3 MS |
367 | char *options, /* Options */ |
368 | *port; /* Pointer to port */ | |
ef416fc2 | 369 | _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */ |
370 | ||
371 | ||
372 | if (server) | |
373 | { | |
374 | strlcpy(cg->server, server, sizeof(cg->server)); | |
375 | ||
0cb67df3 MS |
376 | if (cg->server[0] != '/' && (options = strrchr(cg->server, '/')) != NULL) |
377 | { | |
378 | *options++ = '\0'; | |
379 | ||
380 | if (!strcmp(options, "version=1.0")) | |
381 | cg->server_version = 10; | |
382 | else if (!strcmp(options, "version=1.1")) | |
383 | cg->server_version = 11; | |
384 | else if (!strcmp(options, "version=2.0")) | |
385 | cg->server_version = 20; | |
386 | else if (!strcmp(options, "version=2.1")) | |
387 | cg->server_version = 21; | |
388 | else if (!strcmp(options, "version=2.2")) | |
389 | cg->server_version = 22; | |
390 | } | |
567f49cb MS |
391 | else |
392 | cg->server_version = 20; | |
0cb67df3 | 393 | |
ef416fc2 | 394 | if (cg->server[0] != '/' && (port = strrchr(cg->server, ':')) != NULL && |
395 | !strchr(port, ']') && isdigit(port[1] & 255)) | |
396 | { | |
397 | *port++ = '\0'; | |
398 | ||
e07d4801 | 399 | cg->ipp_port = atoi(port); |
ef416fc2 | 400 | } |
401 | ||
4b9daaf4 MS |
402 | if (!cg->ipp_port) |
403 | cups_set_default_ipp_port(cg); | |
404 | ||
ef416fc2 | 405 | if (cg->server[0] == '/') |
5a9febac | 406 | strlcpy(cg->servername, "localhost", sizeof(cg->servername)); |
ef416fc2 | 407 | else |
408 | strlcpy(cg->servername, cg->server, sizeof(cg->servername)); | |
409 | } | |
410 | else | |
411 | { | |
0cb67df3 MS |
412 | cg->server[0] = '\0'; |
413 | cg->servername[0] = '\0'; | |
414 | cg->server_version = 20; | |
4b9daaf4 | 415 | cg->ipp_port = 0; |
ef416fc2 | 416 | } |
5a738aea MS |
417 | |
418 | if (cg->http) | |
419 | { | |
420 | httpClose(cg->http); | |
421 | cg->http = NULL; | |
422 | } | |
ef416fc2 | 423 | } |
424 | ||
425 | ||
7cf5915e MS |
426 | /* |
427 | * 'cupsSetServerCertCB()' - Set the server certificate callback. | |
428 | * | |
429 | * Pass @code NULL@ to restore the default callback. | |
430 | * | |
431 | * Note: The current credentials callback is tracked separately for each thread | |
432 | * in a program. Multi-threaded programs that override the callback need to do | |
433 | * so in each thread for the same callback to be used. | |
434 | * | |
8072030b | 435 | * @since CUPS 1.5/macOS 10.7@ |
7cf5915e MS |
436 | */ |
437 | ||
438 | void | |
439 | cupsSetServerCertCB( | |
440 | cups_server_cert_cb_t cb, /* I - Callback function */ | |
441 | void *user_data) /* I - User data pointer */ | |
442 | { | |
443 | _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */ | |
444 | ||
445 | ||
446 | cg->server_cert_cb = cb; | |
447 | cg->server_cert_data = user_data; | |
448 | } | |
449 | ||
450 | ||
ef416fc2 | 451 | /* |
452 | * 'cupsSetUser()' - Set the default user name. | |
453 | * | |
5a738aea | 454 | * Pass @code NULL@ to restore the default user name. |
5a6b583a MS |
455 | * |
456 | * Note: The current user name is tracked separately for each thread in a | |
457 | * program. Multi-threaded programs that override the user name need to do so | |
458 | * in each thread for the same user name to be used. | |
ef416fc2 | 459 | */ |
460 | ||
461 | void | |
462 | cupsSetUser(const char *user) /* I - User name */ | |
463 | { | |
464 | _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */ | |
465 | ||
466 | ||
467 | if (user) | |
468 | strlcpy(cg->user, user, sizeof(cg->user)); | |
469 | else | |
470 | cg->user[0] = '\0'; | |
471 | } | |
472 | ||
473 | ||
db8b865d MS |
474 | /* |
475 | * 'cupsSetUserAgent()' - Set the default HTTP User-Agent string. | |
476 | * | |
477 | * Setting the string to NULL forces the default value containing the CUPS | |
478 | * version, IPP version, and operating system version and architecture. | |
479 | * | |
8072030b | 480 | * @since CUPS 1.7/macOS 10.9@ |
db8b865d MS |
481 | */ |
482 | ||
483 | void | |
484 | cupsSetUserAgent(const char *user_agent)/* I - User-Agent string or @code NULL@ */ | |
485 | { | |
486 | _cups_globals_t *cg = _cupsGlobals(); | |
487 | /* Thread globals */ | |
19dc16f7 | 488 | #ifdef _WIN32 |
db8b865d | 489 | SYSTEM_INFO sysinfo; /* System information */ |
104c5283 | 490 | OSVERSIONINFOA version; /* OS version info */ |
db8b865d MS |
491 | #else |
492 | struct utsname name; /* uname info */ | |
19dc16f7 | 493 | #endif /* _WIN32 */ |
db8b865d MS |
494 | |
495 | ||
496 | if (user_agent) | |
497 | { | |
498 | strlcpy(cg->user_agent, user_agent, sizeof(cg->user_agent)); | |
499 | return; | |
500 | } | |
501 | ||
19dc16f7 | 502 | #ifdef _WIN32 |
db8b865d | 503 | version.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); |
86206ccf | 504 | GetVersionExA(&version); |
db8b865d MS |
505 | GetNativeSystemInfo(&sysinfo); |
506 | ||
507 | snprintf(cg->user_agent, sizeof(cg->user_agent), | |
508 | CUPS_MINIMAL " (Windows %d.%d; %s) IPP/2.0", | |
509 | version.dwMajorVersion, version.dwMinorVersion, | |
510 | sysinfo.wProcessorArchitecture | |
511 | == PROCESSOR_ARCHITECTURE_AMD64 ? "amd64" : | |
512 | sysinfo.wProcessorArchitecture | |
513 | == PROCESSOR_ARCHITECTURE_ARM ? "arm" : | |
514 | sysinfo.wProcessorArchitecture | |
515 | == PROCESSOR_ARCHITECTURE_IA64 ? "ia64" : | |
516 | sysinfo.wProcessorArchitecture | |
517 | == PROCESSOR_ARCHITECTURE_INTEL ? "intel" : | |
518 | "unknown"); | |
519 | ||
520 | #else | |
521 | uname(&name); | |
522 | ||
523 | snprintf(cg->user_agent, sizeof(cg->user_agent), | |
524 | CUPS_MINIMAL " (%s %s; %s) IPP/2.0", | |
525 | name.sysname, name.release, name.machine); | |
19dc16f7 | 526 | #endif /* _WIN32 */ |
db8b865d MS |
527 | } |
528 | ||
529 | ||
ef416fc2 | 530 | /* |
531 | * 'cupsUser()' - Return the current user's name. | |
5a6b583a MS |
532 | * |
533 | * Note: The current user name is tracked separately for each thread in a | |
534 | * program. Multi-threaded programs that override the user name with the | |
535 | * @link cupsSetUser@ function need to do so in each thread for the same user | |
536 | * name to be used. | |
ef416fc2 | 537 | */ |
538 | ||
539 | const char * /* O - User name */ | |
540 | cupsUser(void) | |
541 | { | |
542 | _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */ | |
543 | ||
544 | ||
545 | if (!cg->user[0]) | |
3e7fe0ca | 546 | _cupsSetDefaults(); |
ef416fc2 | 547 | |
548 | return (cg->user); | |
549 | } | |
550 | ||
551 | ||
db8b865d MS |
552 | /* |
553 | * 'cupsUserAgent()' - Return the default HTTP User-Agent string. | |
554 | * | |
8072030b | 555 | * @since CUPS 1.7/macOS 10.9@ |
db8b865d MS |
556 | */ |
557 | ||
558 | const char * /* O - User-Agent string */ | |
559 | cupsUserAgent(void) | |
560 | { | |
561 | _cups_globals_t *cg = _cupsGlobals(); /* Thread globals */ | |
562 | ||
563 | ||
564 | if (!cg->user_agent[0]) | |
565 | cupsSetUserAgent(NULL); | |
566 | ||
567 | return (cg->user_agent); | |
568 | } | |
569 | ||
570 | ||
ef416fc2 | 571 | /* |
572 | * '_cupsGetPassword()' - Get a password from the user. | |
573 | */ | |
574 | ||
dcb445bc | 575 | const char * /* O - Password or @code NULL@ if none */ |
ef416fc2 | 576 | _cupsGetPassword(const char *prompt) /* I - Prompt string */ |
577 | { | |
19dc16f7 | 578 | #ifdef _WIN32 |
dcb445bc MS |
579 | HANDLE tty; /* Console handle */ |
580 | DWORD mode; /* Console mode */ | |
581 | char passch, /* Current key press */ | |
582 | *passptr, /* Pointer into password string */ | |
583 | *passend; /* End of password string */ | |
12f89d24 | 584 | DWORD passbytes; /* Bytes read */ |
dcb445bc MS |
585 | _cups_globals_t *cg = _cupsGlobals(); |
586 | /* Thread globals */ | |
587 | ||
588 | ||
5a6b583a | 589 | /* |
dcb445bc | 590 | * Disable input echo and set raw input... |
5a6b583a MS |
591 | */ |
592 | ||
dcb445bc MS |
593 | if ((tty = GetStdHandle(STD_INPUT_HANDLE)) == INVALID_HANDLE_VALUE) |
594 | return (NULL); | |
595 | ||
596 | if (!GetConsoleMode(tty, &mode)) | |
597 | return (NULL); | |
598 | ||
599 | if (!SetConsoleMode(tty, 0)) | |
600 | return (NULL); | |
601 | ||
602 | /* | |
603 | * Display the prompt... | |
604 | */ | |
605 | ||
606 | printf("%s ", prompt); | |
607 | fflush(stdout); | |
608 | ||
609 | /* | |
610 | * Read the password string from /dev/tty until we get interrupted or get a | |
611 | * carriage return or newline... | |
612 | */ | |
613 | ||
614 | passptr = cg->password; | |
615 | passend = cg->password + sizeof(cg->password) - 1; | |
616 | ||
12f89d24 | 617 | while (ReadFile(tty, &passch, 1, &passbytes, NULL)) |
dcb445bc MS |
618 | { |
619 | if (passch == 0x0A || passch == 0x0D) | |
620 | { | |
621 | /* | |
622 | * Enter/return... | |
623 | */ | |
624 | ||
625 | break; | |
626 | } | |
627 | else if (passch == 0x08 || passch == 0x7F) | |
628 | { | |
629 | /* | |
630 | * Backspace/delete (erase character)... | |
631 | */ | |
632 | ||
633 | if (passptr > cg->password) | |
634 | { | |
635 | passptr --; | |
636 | fputs("\010 \010", stdout); | |
637 | } | |
638 | else | |
639 | putchar(0x07); | |
640 | } | |
641 | else if (passch == 0x15) | |
642 | { | |
643 | /* | |
644 | * CTRL+U (erase line) | |
645 | */ | |
646 | ||
647 | if (passptr > cg->password) | |
648 | { | |
649 | while (passptr > cg->password) | |
650 | { | |
651 | passptr --; | |
652 | fputs("\010 \010", stdout); | |
653 | } | |
654 | } | |
655 | else | |
656 | putchar(0x07); | |
657 | } | |
658 | else if (passch == 0x03) | |
659 | { | |
660 | /* | |
661 | * CTRL+C... | |
662 | */ | |
663 | ||
664 | passptr = cg->password; | |
665 | break; | |
666 | } | |
667 | else if ((passch & 255) < 0x20 || passptr >= passend) | |
668 | putchar(0x07); | |
669 | else | |
670 | { | |
671 | *passptr++ = passch; | |
672 | putchar(_CUPS_PASSCHAR); | |
673 | } | |
674 | ||
675 | fflush(stdout); | |
676 | } | |
677 | ||
678 | putchar('\n'); | |
679 | fflush(stdout); | |
680 | ||
681 | /* | |
682 | * Cleanup... | |
683 | */ | |
684 | ||
685 | SetConsoleMode(tty, mode); | |
686 | ||
687 | /* | |
688 | * Return the proper value... | |
689 | */ | |
690 | ||
691 | if (passbytes == 1 && passptr > cg->password) | |
692 | { | |
693 | *passptr = '\0'; | |
694 | return (cg->password); | |
695 | } | |
696 | else | |
697 | { | |
698 | memset(cg->password, 0, sizeof(cg->password)); | |
699 | return (NULL); | |
700 | } | |
5a6b583a MS |
701 | |
702 | #else | |
dcb445bc MS |
703 | int tty; /* /dev/tty - never read from stdin */ |
704 | struct termios original, /* Original input mode */ | |
705 | noecho; /* No echo input mode */ | |
706 | char passch, /* Current key press */ | |
707 | *passptr, /* Pointer into password string */ | |
708 | *passend; /* End of password string */ | |
709 | ssize_t passbytes; /* Bytes read */ | |
710 | _cups_globals_t *cg = _cupsGlobals(); | |
711 | /* Thread globals */ | |
712 | ||
713 | ||
5a6b583a | 714 | /* |
dcb445bc | 715 | * Disable input echo and set raw input... |
5a6b583a MS |
716 | */ |
717 | ||
dcb445bc MS |
718 | if ((tty = open("/dev/tty", O_RDONLY)) < 0) |
719 | return (NULL); | |
720 | ||
721 | if (tcgetattr(tty, &original)) | |
722 | { | |
723 | close(tty); | |
724 | return (NULL); | |
725 | } | |
726 | ||
727 | noecho = original; | |
7e86f2f6 | 728 | noecho.c_lflag &= (tcflag_t)~(ICANON | ECHO | ECHOE | ISIG); |
a8db9df8 MS |
729 | noecho.c_cc[VMIN] = 1; |
730 | noecho.c_cc[VTIME] = 0; | |
7cf5915e | 731 | |
dcb445bc MS |
732 | if (tcsetattr(tty, TCSAFLUSH, &noecho)) |
733 | { | |
734 | close(tty); | |
7cf5915e | 735 | return (NULL); |
dcb445bc MS |
736 | } |
737 | ||
738 | /* | |
739 | * Display the prompt... | |
740 | */ | |
741 | ||
742 | printf("%s ", prompt); | |
743 | fflush(stdout); | |
744 | ||
745 | /* | |
746 | * Read the password string from /dev/tty until we get interrupted or get a | |
747 | * carriage return or newline... | |
748 | */ | |
749 | ||
750 | passptr = cg->password; | |
751 | passend = cg->password + sizeof(cg->password) - 1; | |
752 | ||
753 | while ((passbytes = read(tty, &passch, 1)) == 1) | |
754 | { | |
8dd318e5 MS |
755 | if (passch == noecho.c_cc[VEOL] || |
756 | # ifdef VEOL2 | |
757 | passch == noecho.c_cc[VEOL2] || | |
758 | # endif /* VEOL2 */ | |
dcb445bc MS |
759 | passch == 0x0A || passch == 0x0D) |
760 | { | |
761 | /* | |
762 | * Enter/return... | |
763 | */ | |
764 | ||
765 | break; | |
766 | } | |
767 | else if (passch == noecho.c_cc[VERASE] || | |
768 | passch == 0x08 || passch == 0x7F) | |
769 | { | |
770 | /* | |
771 | * Backspace/delete (erase character)... | |
772 | */ | |
773 | ||
774 | if (passptr > cg->password) | |
775 | { | |
776 | passptr --; | |
777 | fputs("\010 \010", stdout); | |
778 | } | |
779 | else | |
780 | putchar(0x07); | |
781 | } | |
782 | else if (passch == noecho.c_cc[VKILL]) | |
783 | { | |
784 | /* | |
785 | * CTRL+U (erase line) | |
786 | */ | |
787 | ||
788 | if (passptr > cg->password) | |
789 | { | |
790 | while (passptr > cg->password) | |
791 | { | |
792 | passptr --; | |
793 | fputs("\010 \010", stdout); | |
794 | } | |
795 | } | |
796 | else | |
797 | putchar(0x07); | |
798 | } | |
799 | else if (passch == noecho.c_cc[VINTR] || passch == noecho.c_cc[VQUIT] || | |
800 | passch == noecho.c_cc[VEOF]) | |
801 | { | |
802 | /* | |
803 | * CTRL+C, CTRL+D, or CTRL+Z... | |
804 | */ | |
805 | ||
806 | passptr = cg->password; | |
807 | break; | |
808 | } | |
809 | else if ((passch & 255) < 0x20 || passptr >= passend) | |
810 | putchar(0x07); | |
811 | else | |
812 | { | |
813 | *passptr++ = passch; | |
814 | putchar(_CUPS_PASSCHAR); | |
815 | } | |
816 | ||
817 | fflush(stdout); | |
818 | } | |
819 | ||
820 | putchar('\n'); | |
821 | fflush(stdout); | |
822 | ||
823 | /* | |
824 | * Cleanup... | |
825 | */ | |
826 | ||
827 | tcsetattr(tty, TCSAFLUSH, &original); | |
828 | close(tty); | |
829 | ||
830 | /* | |
831 | * Return the proper value... | |
832 | */ | |
833 | ||
834 | if (passbytes == 1 && passptr > cg->password) | |
835 | { | |
836 | *passptr = '\0'; | |
837 | return (cg->password); | |
838 | } | |
7cf5915e | 839 | else |
dcb445bc MS |
840 | { |
841 | memset(cg->password, 0, sizeof(cg->password)); | |
842 | return (NULL); | |
843 | } | |
19dc16f7 | 844 | #endif /* _WIN32 */ |
5a6b583a | 845 | } |
ef416fc2 | 846 | |
847 | ||
eac3a0a0 MS |
848 | #ifdef HAVE_GSSAPI |
849 | /* | |
850 | * '_cupsGSSServiceName()' - Get the GSS (Kerberos) service name. | |
851 | */ | |
852 | ||
853 | const char * | |
854 | _cupsGSSServiceName(void) | |
855 | { | |
856 | _cups_globals_t *cg = _cupsGlobals(); /* Thread globals */ | |
857 | ||
858 | ||
859 | if (!cg->gss_service_name[0]) | |
860 | _cupsSetDefaults(); | |
861 | ||
862 | return (cg->gss_service_name); | |
863 | } | |
864 | #endif /* HAVE_GSSAPI */ | |
865 | ||
866 | ||
ef416fc2 | 867 | /* |
e07d4801 | 868 | * '_cupsSetDefaults()' - Set the default server, port, and encryption. |
b423cd4c | 869 | */ |
870 | ||
e07d4801 MS |
871 | void |
872 | _cupsSetDefaults(void) | |
b423cd4c | 873 | { |
874 | cups_file_t *fp; /* File */ | |
3abb875b | 875 | const char *home; /* Home directory of user */ |
b423cd4c | 876 | char filename[1024]; /* Filename */ |
3abb875b | 877 | _cups_client_conf_t cc; /* client.conf values */ |
b423cd4c | 878 | _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */ |
879 | ||
880 | ||
e07d4801 MS |
881 | DEBUG_puts("_cupsSetDefaults()"); |
882 | ||
883 | /* | |
3abb875b MS |
884 | * Load initial client.conf values... |
885 | */ | |
886 | ||
887 | cups_init_client_conf(&cc); | |
888 | ||
889 | /* | |
890 | * Read the /etc/cups/client.conf and ~/.cups/client.conf files, if | |
891 | * present. | |
892 | */ | |
893 | ||
894 | snprintf(filename, sizeof(filename), "%s/client.conf", cg->cups_serverroot); | |
895 | if ((fp = cupsFileOpen(filename, "r")) != NULL) | |
896 | { | |
897 | cups_read_client_conf(fp, &cc); | |
898 | cupsFileClose(fp); | |
899 | } | |
900 | ||
901 | # ifdef HAVE_GETEUID | |
902 | if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home = getenv("HOME")) != NULL) | |
19dc16f7 | 903 | # elif !defined(_WIN32) |
3abb875b MS |
904 | if (getuid() && (home = getenv("HOME")) != NULL) |
905 | # else | |
906 | if ((home = getenv("HOME")) != NULL) | |
907 | # endif /* HAVE_GETEUID */ | |
908 | { | |
909 | /* | |
910 | * Look for ~/.cups/client.conf... | |
911 | */ | |
912 | ||
913 | snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home); | |
914 | if ((fp = cupsFileOpen(filename, "r")) != NULL) | |
915 | { | |
916 | cups_read_client_conf(fp, &cc); | |
917 | cupsFileClose(fp); | |
918 | } | |
919 | } | |
920 | ||
921 | /* | |
922 | * Finalize things so every client.conf value is set... | |
e07d4801 MS |
923 | */ |
924 | ||
3abb875b MS |
925 | cups_finalize_client_conf(&cc); |
926 | ||
927 | if (cg->encryption == (http_encryption_t)-1) | |
928 | cg->encryption = cc.encryption; | |
929 | ||
930 | if (!cg->server[0] || !cg->ipp_port) | |
931 | cupsSetServer(cc.server_name); | |
932 | ||
933 | if (!cg->ipp_port) | |
4b9daaf4 | 934 | cups_set_default_ipp_port(cg); |
3abb875b MS |
935 | |
936 | if (!cg->user[0]) | |
937 | strlcpy(cg->user, cc.user, sizeof(cg->user)); | |
938 | ||
939 | #ifdef HAVE_GSSAPI | |
940 | if (!cg->gss_service_name[0]) | |
941 | strlcpy(cg->gss_service_name, cc.gss_service_name, sizeof(cg->gss_service_name)); | |
942 | #endif /* HAVE_GSSAPI */ | |
943 | ||
08d56b1f MS |
944 | if (cg->trust_first < 0) |
945 | cg->trust_first = cc.trust_first; | |
946 | ||
3abb875b MS |
947 | if (cg->any_root < 0) |
948 | cg->any_root = cc.any_root; | |
949 | ||
950 | if (cg->expired_certs < 0) | |
951 | cg->expired_certs = cc.expired_certs; | |
952 | ||
953 | if (cg->validate_certs < 0) | |
954 | cg->validate_certs = cc.validate_certs; | |
955 | ||
956 | #ifdef HAVE_SSL | |
8f1fbdec | 957 | _httpTLSSetOptions(cc.ssl_options | _HTTP_TLS_SET_DEFAULT, cc.ssl_min_version, cc.ssl_max_version); |
3abb875b MS |
958 | #endif /* HAVE_SSL */ |
959 | } | |
960 | ||
961 | ||
08d56b1f MS |
962 | #ifdef __APPLE__ |
963 | /* | |
964 | * 'cups_apple_get_boolean()' - Get a boolean setting from the CUPS preferences. | |
965 | */ | |
966 | ||
967 | static int /* O - 1 if set, 0 otherwise */ | |
968 | cups_apple_get_boolean( | |
969 | CFStringRef key, /* I - Key (name) */ | |
970 | int *value) /* O - Boolean value */ | |
971 | { | |
972 | Boolean bval, /* Preference value */ | |
973 | bval_set; /* Value is set? */ | |
974 | ||
975 | ||
976 | bval = CFPreferencesGetAppBooleanValue(key, kCUPSPrintingPrefs, &bval_set); | |
977 | ||
978 | if (bval_set) | |
979 | *value = (int)bval; | |
980 | ||
981 | return ((int)bval_set); | |
982 | } | |
983 | ||
984 | ||
985 | /* | |
986 | * 'cups_apple_get_string()' - Get a string setting from the CUPS preferences. | |
987 | */ | |
988 | ||
989 | static int /* O - 1 if set, 0 otherwise */ | |
990 | cups_apple_get_string( | |
991 | CFStringRef key, /* I - Key (name) */ | |
992 | char *value, /* O - String value */ | |
993 | size_t valsize) /* I - Size of value buffer */ | |
994 | { | |
995 | CFStringRef sval; /* String value */ | |
996 | ||
997 | ||
998 | if ((sval = CFPreferencesCopyAppValue(key, kCUPSPrintingPrefs)) != NULL) | |
999 | { | |
1000 | Boolean result = CFStringGetCString(sval, value, (CFIndex)valsize, kCFStringEncodingUTF8); | |
1001 | ||
1002 | CFRelease(sval); | |
1003 | ||
1004 | if (result) | |
1005 | return (1); | |
1006 | } | |
1007 | ||
1008 | return (0); | |
1009 | } | |
1010 | #endif /* __APPLE__ */ | |
1011 | ||
1012 | ||
3abb875b MS |
1013 | /* |
1014 | * 'cups_boolean_value()' - Convert a string to a boolean value. | |
1015 | */ | |
1016 | ||
1017 | static int /* O - Boolean value */ | |
1018 | cups_boolean_value(const char *value) /* I - String value */ | |
1019 | { | |
1020 | return (!_cups_strcasecmp(value, "yes") || !_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "true")); | |
1021 | } | |
1022 | ||
1023 | ||
1024 | /* | |
1025 | * 'cups_finalize_client_conf()' - Finalize client.conf values. | |
1026 | */ | |
1027 | ||
1028 | static void | |
1029 | cups_finalize_client_conf( | |
1030 | _cups_client_conf_t *cc) /* I - client.conf values */ | |
1031 | { | |
1032 | const char *value; /* Environment variable */ | |
1033 | ||
1034 | ||
08d56b1f MS |
1035 | if ((value = getenv("CUPS_TRUSTFIRST")) != NULL) |
1036 | cc->trust_first = cups_boolean_value(value); | |
1037 | ||
3abb875b MS |
1038 | if ((value = getenv("CUPS_ANYROOT")) != NULL) |
1039 | cc->any_root = cups_boolean_value(value); | |
1040 | ||
1041 | if ((value = getenv("CUPS_ENCRYPTION")) != NULL) | |
1042 | cups_set_encryption(cc, value); | |
1043 | ||
1044 | if ((value = getenv("CUPS_EXPIREDCERTS")) != NULL) | |
1045 | cc->expired_certs = cups_boolean_value(value); | |
1046 | ||
07ed0e9a | 1047 | #ifdef HAVE_GSSAPI |
3abb875b MS |
1048 | if ((value = getenv("CUPS_GSSSERVICENAME")) != NULL) |
1049 | cups_set_gss_service_name(cc, value); | |
07ed0e9a | 1050 | #endif /* HAVE_GSSAPI */ |
3abb875b MS |
1051 | |
1052 | if ((value = getenv("CUPS_SERVER")) != NULL) | |
1053 | cups_set_server_name(cc, value); | |
1054 | ||
1055 | if ((value = getenv("CUPS_USER")) != NULL) | |
1056 | cups_set_user(cc, value); | |
1057 | ||
1058 | if ((value = getenv("CUPS_VALIDATECERTS")) != NULL) | |
1059 | cc->validate_certs = cups_boolean_value(value); | |
e07d4801 MS |
1060 | |
1061 | /* | |
3abb875b | 1062 | * Then apply defaults for those values that haven't been set... |
e07d4801 MS |
1063 | */ |
1064 | ||
08d56b1f MS |
1065 | if (cc->trust_first < 0) |
1066 | cc->trust_first = 1; | |
1067 | ||
3abb875b MS |
1068 | if (cc->any_root < 0) |
1069 | cc->any_root = 1; | |
1070 | ||
1071 | if (cc->encryption == (http_encryption_t)-1) | |
1072 | cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED; | |
1073 | ||
1074 | if (cc->expired_certs < 0) | |
08d56b1f | 1075 | cc->expired_certs = 0; |
3abb875b MS |
1076 | |
1077 | #ifdef HAVE_GSSAPI | |
1078 | if (!cc->gss_service_name[0]) | |
1079 | cups_set_gss_service_name(cc, CUPS_DEFAULT_GSSSERVICENAME); | |
1080 | #endif /* HAVE_GSSAPI */ | |
1081 | ||
1082 | if (!cc->server_name[0]) | |
e07d4801 | 1083 | { |
3abb875b | 1084 | #ifdef CUPS_DEFAULT_DOMAINSOCKET |
63aefcd5 | 1085 | /* |
3abb875b MS |
1086 | * If we are compiled with domain socket support, only use the |
1087 | * domain socket if it exists and has the right permissions... | |
63aefcd5 MS |
1088 | */ |
1089 | ||
89b7fd55 | 1090 | if (!access(CUPS_DEFAULT_DOMAINSOCKET, R_OK)) |
3abb875b MS |
1091 | cups_set_server_name(cc, CUPS_DEFAULT_DOMAINSOCKET); |
1092 | else | |
1093 | #endif /* CUPS_DEFAULT_DOMAINSOCKET */ | |
1094 | cups_set_server_name(cc, "localhost"); | |
1095 | } | |
63aefcd5 | 1096 | |
3abb875b MS |
1097 | if (!cc->user[0]) |
1098 | { | |
19dc16f7 | 1099 | #ifdef _WIN32 |
63aefcd5 | 1100 | /* |
3abb875b | 1101 | * Get the current user name from the OS... |
63aefcd5 MS |
1102 | */ |
1103 | ||
3abb875b | 1104 | DWORD size; /* Size of string */ |
63aefcd5 | 1105 | |
3abb875b | 1106 | size = sizeof(cc->user); |
86206ccf | 1107 | if (!GetUserNameA(cc->user, &size)) |
3abb875b | 1108 | #else |
63aefcd5 | 1109 | /* |
3abb875b | 1110 | * Try the USER environment variable as the default username... |
63aefcd5 MS |
1111 | */ |
1112 | ||
3abb875b MS |
1113 | const char *envuser = getenv("USER"); |
1114 | /* Default username */ | |
1115 | struct passwd *pw = NULL; /* Account information */ | |
1116 | ||
1117 | if (envuser) | |
d09495fa | 1118 | { |
10d09e33 | 1119 | /* |
3abb875b MS |
1120 | * Validate USER matches the current UID, otherwise don't allow it to |
1121 | * override things... This makes sure that printing after doing su | |
1122 | * or sudo records the correct username. | |
10d09e33 | 1123 | */ |
e07d4801 | 1124 | |
3abb875b MS |
1125 | if ((pw = getpwnam(envuser)) != NULL && pw->pw_uid != getuid()) |
1126 | pw = NULL; | |
1127 | } | |
1128 | ||
1129 | if (!pw) | |
1130 | pw = getpwuid(getuid()); | |
e07d4801 | 1131 | |
3abb875b MS |
1132 | if (pw) |
1133 | strlcpy(cc->user, pw->pw_name, sizeof(cc->user)); | |
1134 | else | |
19dc16f7 | 1135 | #endif /* _WIN32 */ |
3abb875b | 1136 | { |
e07d4801 | 1137 | /* |
3abb875b | 1138 | * Use the default "unknown" user name... |
e07d4801 MS |
1139 | */ |
1140 | ||
3abb875b | 1141 | strlcpy(cc->user, "unknown", sizeof(cc->user)); |
63aefcd5 | 1142 | } |
e07d4801 | 1143 | } |
3abb875b MS |
1144 | |
1145 | if (cc->validate_certs < 0) | |
1146 | cc->validate_certs = 0; | |
1147 | } | |
1148 | ||
1149 | ||
1150 | /* | |
1151 | * 'cups_init_client_conf()' - Initialize client.conf values. | |
1152 | */ | |
1153 | ||
1154 | static void | |
1155 | cups_init_client_conf( | |
1156 | _cups_client_conf_t *cc) /* I - client.conf values */ | |
1157 | { | |
1158 | /* | |
1159 | * Clear all values to "not set"... | |
1160 | */ | |
1161 | ||
1162 | memset(cc, 0, sizeof(_cups_client_conf_t)); | |
1163 | ||
60da78ba | 1164 | #ifdef HAVE_SSL |
c88f441f MS |
1165 | cc->ssl_min_version = _HTTP_TLS_1_0; |
1166 | cc->ssl_max_version = _HTTP_TLS_MAX; | |
60da78ba | 1167 | #endif /* HAVE_SSL */ |
c88f441f MS |
1168 | cc->encryption = (http_encryption_t)-1; |
1169 | cc->trust_first = -1; | |
1170 | cc->any_root = -1; | |
1171 | cc->expired_certs = -1; | |
1172 | cc->validate_certs = -1; | |
08d56b1f MS |
1173 | |
1174 | /* | |
1175 | * Load settings from the org.cups.PrintingPrefs plist (which trump | |
1176 | * everything...) | |
1177 | */ | |
1178 | ||
b908d72c | 1179 | #if defined(__APPLE__) && defined(HAVE_SSL) |
08d56b1f MS |
1180 | char sval[1024]; /* String value */ |
1181 | int bval; /* Boolean value */ | |
1182 | ||
1183 | if (cups_apple_get_boolean(kAllowAnyRootKey, &bval)) | |
1184 | cc->any_root = bval; | |
1185 | ||
1186 | if (cups_apple_get_boolean(kAllowExpiredCertsKey, &bval)) | |
1187 | cc->expired_certs = bval; | |
1188 | ||
1189 | if (cups_apple_get_string(kEncryptionKey, sval, sizeof(sval))) | |
1190 | cups_set_encryption(cc, sval); | |
1191 | ||
1192 | if (cups_apple_get_string(kSSLOptionsKey, sval, sizeof(sval))) | |
1193 | cups_set_ssl_options(cc, sval); | |
1194 | ||
1195 | if (cups_apple_get_boolean(kTrustOnFirstUseKey, &bval)) | |
1196 | cc->trust_first = bval; | |
1197 | ||
1198 | if (cups_apple_get_boolean(kValidateCertsKey, &bval)) | |
1199 | cc->validate_certs = bval; | |
b908d72c | 1200 | #endif /* __APPLE__ && HAVE_SSL */ |
e07d4801 MS |
1201 | } |
1202 | ||
1203 | ||
1204 | /* | |
1205 | * 'cups_read_client_conf()' - Read a client.conf file. | |
1206 | */ | |
1207 | ||
1208 | static void | |
1209 | cups_read_client_conf( | |
3abb875b MS |
1210 | cups_file_t *fp, /* I - File to read */ |
1211 | _cups_client_conf_t *cc) /* I - client.conf values */ | |
e07d4801 MS |
1212 | { |
1213 | int linenum; /* Current line number */ | |
1214 | char line[1024], /* Line from file */ | |
3abb875b | 1215 | *value; /* Pointer into line */ |
e07d4801 MS |
1216 | |
1217 | ||
1218 | /* | |
1219 | * Read from the file... | |
1220 | */ | |
1221 | ||
1222 | linenum = 0; | |
1223 | while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum)) | |
1224 | { | |
3abb875b MS |
1225 | if (!_cups_strcasecmp(line, "Encryption") && value) |
1226 | cups_set_encryption(cc, value); | |
85dda01c MS |
1227 | #ifndef __APPLE__ |
1228 | /* | |
8072030b | 1229 | * The ServerName directive is not supported on macOS due to app |
3abb875b | 1230 | * sandboxing restrictions, i.e. not all apps request network access. |
85dda01c | 1231 | */ |
3abb875b MS |
1232 | else if (!_cups_strcasecmp(line, "ServerName") && value) |
1233 | cups_set_server_name(cc, value); | |
85dda01c | 1234 | #endif /* !__APPLE__ */ |
3abb875b MS |
1235 | else if (!_cups_strcasecmp(line, "User") && value) |
1236 | cups_set_user(cc, value); | |
08d56b1f MS |
1237 | else if (!_cups_strcasecmp(line, "TrustOnFirstUse") && value) |
1238 | cc->trust_first = cups_boolean_value(value); | |
3abb875b MS |
1239 | else if (!_cups_strcasecmp(line, "AllowAnyRoot") && value) |
1240 | cc->any_root = cups_boolean_value(value); | |
1241 | else if (!_cups_strcasecmp(line, "AllowExpiredCerts") && | |
7cf5915e | 1242 | value) |
3abb875b MS |
1243 | cc->expired_certs = cups_boolean_value(value); |
1244 | else if (!_cups_strcasecmp(line, "ValidateCerts") && value) | |
1245 | cc->validate_certs = cups_boolean_value(value); | |
07ed0e9a | 1246 | #ifdef HAVE_GSSAPI |
3abb875b MS |
1247 | else if (!_cups_strcasecmp(line, "GSSServiceName") && value) |
1248 | cups_set_gss_service_name(cc, value); | |
07ed0e9a | 1249 | #endif /* HAVE_GSSAPI */ |
22ebb7d0 | 1250 | #ifdef HAVE_SSL |
3abb875b MS |
1251 | else if (!_cups_strcasecmp(line, "SSLOptions") && value) |
1252 | cups_set_ssl_options(cc, value); | |
1253 | #endif /* HAVE_SSL */ | |
1254 | } | |
1255 | } | |
63aefcd5 | 1256 | |
63aefcd5 | 1257 | |
4b9daaf4 MS |
1258 | /* |
1259 | * 'cups_set_default_ipp_port()' - Set the default IPP port value. | |
1260 | */ | |
1261 | ||
1262 | static void | |
1263 | cups_set_default_ipp_port( | |
1264 | _cups_globals_t *cg) /* I - Global data */ | |
1265 | { | |
1266 | const char *ipp_port; /* IPP_PORT environment variable */ | |
1267 | ||
1268 | ||
1269 | if ((ipp_port = getenv("IPP_PORT")) != NULL) | |
1270 | { | |
1271 | if ((cg->ipp_port = atoi(ipp_port)) <= 0) | |
1272 | cg->ipp_port = CUPS_DEFAULT_IPP_PORT; | |
1273 | } | |
1274 | else | |
1275 | cg->ipp_port = CUPS_DEFAULT_IPP_PORT; | |
1276 | } | |
1277 | ||
3abb875b MS |
1278 | /* |
1279 | * 'cups_set_encryption()' - Set the Encryption value. | |
1280 | */ | |
63aefcd5 | 1281 | |
3abb875b MS |
1282 | static void |
1283 | cups_set_encryption( | |
1284 | _cups_client_conf_t *cc, /* I - client.conf values */ | |
1285 | const char *value) /* I - Value */ | |
1286 | { | |
1287 | if (!_cups_strcasecmp(value, "never")) | |
1288 | cc->encryption = HTTP_ENCRYPTION_NEVER; | |
1289 | else if (!_cups_strcasecmp(value, "always")) | |
1290 | cc->encryption = HTTP_ENCRYPTION_ALWAYS; | |
1291 | else if (!_cups_strcasecmp(value, "required")) | |
1292 | cc->encryption = HTTP_ENCRYPTION_REQUIRED; | |
1293 | else | |
1294 | cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED; | |
1295 | } | |
e07d4801 | 1296 | |
e07d4801 | 1297 | |
3abb875b MS |
1298 | /* |
1299 | * 'cups_set_gss_service_name()' - Set the GSSServiceName value. | |
1300 | */ | |
b423cd4c | 1301 | |
3abb875b MS |
1302 | #ifdef HAVE_GSSAPI |
1303 | static void | |
1304 | cups_set_gss_service_name( | |
1305 | _cups_client_conf_t *cc, /* I - client.conf values */ | |
1306 | const char *value) /* I - Value */ | |
1307 | { | |
1308 | strlcpy(cc->gss_service_name, value, sizeof(cc->gss_service_name)); | |
1309 | } | |
1310 | #endif /* HAVE_GSSAPI */ | |
7cf5915e | 1311 | |
10d09e33 | 1312 | |
3abb875b MS |
1313 | /* |
1314 | * 'cups_set_server_name()' - Set the ServerName value. | |
1315 | */ | |
10d09e33 | 1316 | |
3abb875b MS |
1317 | static void |
1318 | cups_set_server_name( | |
1319 | _cups_client_conf_t *cc, /* I - client.conf values */ | |
1320 | const char *value) /* I - Value */ | |
1321 | { | |
1322 | strlcpy(cc->server_name, value, sizeof(cc->server_name)); | |
1323 | } | |
10d09e33 | 1324 | |
10d09e33 | 1325 | |
3abb875b MS |
1326 | /* |
1327 | * 'cups_set_ssl_options()' - Set the SSLOptions value. | |
1328 | */ | |
10d09e33 | 1329 | |
3abb875b MS |
1330 | #ifdef HAVE_SSL |
1331 | static void | |
1332 | cups_set_ssl_options( | |
1333 | _cups_client_conf_t *cc, /* I - client.conf values */ | |
1334 | const char *value) /* I - Value */ | |
1335 | { | |
1336 | /* | |
ee6226a5 | 1337 | * SSLOptions [AllowRC4] [AllowSSL3] [AllowDH] [DenyTLS1.0] [None] |
3abb875b | 1338 | */ |
10d09e33 | 1339 | |
8f1fbdec MS |
1340 | int options = _HTTP_TLS_NONE, /* SSL/TLS options */ |
1341 | min_version = _HTTP_TLS_1_0, /* Minimum SSL/TLS version */ | |
1342 | max_version = _HTTP_TLS_MAX; /* Maximum SSL/TLS version */ | |
3abb875b MS |
1343 | char temp[256], /* Copy of value */ |
1344 | *start, /* Start of option */ | |
1345 | *end; /* End of option */ | |
3e7fe0ca | 1346 | |
3e7fe0ca | 1347 | |
3abb875b | 1348 | strlcpy(temp, value, sizeof(temp)); |
3e7fe0ca | 1349 | |
3abb875b MS |
1350 | for (start = temp; *start; start = end) |
1351 | { | |
a8db9df8 | 1352 | /* |
3abb875b MS |
1353 | * Find end of keyword... |
1354 | */ | |
3e7fe0ca | 1355 | |
3abb875b MS |
1356 | end = start; |
1357 | while (*end && !_cups_isspace(*end)) | |
1358 | end ++; | |
93e3d3f5 | 1359 | |
3abb875b MS |
1360 | if (*end) |
1361 | *end++ = '\0'; | |
93e3d3f5 | 1362 | |
3abb875b MS |
1363 | /* |
1364 | * Compare... | |
1365 | */ | |
3e7fe0ca | 1366 | |
3abb875b MS |
1367 | if (!_cups_strcasecmp(start, "AllowRC4")) |
1368 | options |= _HTTP_TLS_ALLOW_RC4; | |
1369 | else if (!_cups_strcasecmp(start, "AllowSSL3")) | |
8f1fbdec | 1370 | min_version = _HTTP_TLS_SSL3; |
ee6226a5 MS |
1371 | else if (!_cups_strcasecmp(start, "AllowDH")) |
1372 | options |= _HTTP_TLS_ALLOW_DH; | |
f2e87147 MS |
1373 | else if (!_cups_strcasecmp(start, "DenyCBC")) |
1374 | options |= _HTTP_TLS_DENY_CBC; | |
ee6226a5 | 1375 | else if (!_cups_strcasecmp(start, "DenyTLS1.0")) |
8f1fbdec MS |
1376 | min_version = _HTTP_TLS_1_1; |
1377 | else if (!_cups_strcasecmp(start, "MaxTLS1.0")) | |
1378 | max_version = _HTTP_TLS_1_0; | |
1379 | else if (!_cups_strcasecmp(start, "MaxTLS1.1")) | |
1380 | max_version = _HTTP_TLS_1_1; | |
1381 | else if (!_cups_strcasecmp(start, "MaxTLS1.2")) | |
1382 | max_version = _HTTP_TLS_1_2; | |
1383 | else if (!_cups_strcasecmp(start, "MaxTLS1.3")) | |
1384 | max_version = _HTTP_TLS_1_3; | |
1385 | else if (!_cups_strcasecmp(start, "MinTLS1.0")) | |
1386 | min_version = _HTTP_TLS_1_0; | |
1387 | else if (!_cups_strcasecmp(start, "MinTLS1.1")) | |
1388 | min_version = _HTTP_TLS_1_1; | |
1389 | else if (!_cups_strcasecmp(start, "MinTLS1.2")) | |
1390 | min_version = _HTTP_TLS_1_2; | |
1391 | else if (!_cups_strcasecmp(start, "MinTLS1.3")) | |
1392 | min_version = _HTTP_TLS_1_3; | |
3abb875b | 1393 | else if (!_cups_strcasecmp(start, "None")) |
ee6226a5 | 1394 | options = _HTTP_TLS_NONE; |
3e7fe0ca MS |
1395 | } |
1396 | ||
8f1fbdec MS |
1397 | cc->ssl_options = options; |
1398 | cc->ssl_max_version = max_version; | |
1399 | cc->ssl_min_version = min_version; | |
b37d45d9 | 1400 | |
8f1fbdec | 1401 | DEBUG_printf(("4cups_set_ssl_options(cc=%p, value=\"%s\") options=%x, min_version=%d, max_version=%d", (void *)cc, value, options, min_version, max_version)); |
3abb875b MS |
1402 | } |
1403 | #endif /* HAVE_SSL */ | |
07ed0e9a | 1404 | |
7cf5915e | 1405 | |
3abb875b MS |
1406 | /* |
1407 | * 'cups_set_user()' - Set the User value. | |
1408 | */ | |
f51f3773 | 1409 | |
3abb875b MS |
1410 | static void |
1411 | cups_set_user( | |
1412 | _cups_client_conf_t *cc, /* I - client.conf values */ | |
1413 | const char *value) /* I - Value */ | |
1414 | { | |
1415 | strlcpy(cc->user, value, sizeof(cc->user)); | |
b423cd4c | 1416 | } |