[thirdparty/cups.git] / scheduler / auth.h

/*
 * "$Id: auth.h 5069 2006-02-04 05:24:35Z mike $"
 *
 *   Authorization definitions for the Common UNIX Printing System (CUPS)
 *   scheduler.
 *
 *   Copyright 1997-2006 by Easy Software Products, all rights reserved.
 *
 *   These coded instructions, statements, and computer programs are the
 *   property of Easy Software Products and are protected by Federal
 *   copyright law.  Distribution and use rights are outlined in the file
 *   "LICENSE.txt" which should have been included with this file.  If this
 *   file is missing or damaged please contact Easy Software Products
 *   at:
 *
 *       Attn: CUPS Licensing Information
 *       Easy Software Products
 *       44141 Airport View Drive, Suite 204
 *       Hollywood, Maryland 20636 USA
 *
 *       Voice: (301) 373-9600
 *       EMail: cups-info@cups.org
 *         WWW: http://www.cups.org
 */

/*
 * Include necessary headers...
 */

#include <pwd.h>


/*
 * HTTP authorization types and levels...
 */

#define AUTH_NONE		0	/* No authentication */
#define AUTH_BASIC		1	/* Basic authentication */
#define AUTH_DIGEST		2	/* Digest authentication */
#define AUTH_BASICDIGEST	3	/* Basic authentication w/passwd.md5 */

#define AUTH_ANON		0	/* Anonymous access */
#define AUTH_USER		1	/* Must have a valid username/password */
#define AUTH_GROUP		2	/* Must also be in a named group */

#define AUTH_ALLOW		0	/* Allow access */
#define AUTH_DENY		1	/* Deny access */

#define AUTH_NAME		0	/* Authorize host by name */
#define AUTH_IP			1	/* Authorize host by IP */
#define AUTH_INTERFACE		2	/* Authorize host by interface */

#define AUTH_SATISFY_ALL	0	/* Satisfy both address and auth */
#define AUTH_SATISFY_ANY	1	/* Satisfy either address or auth */

#define AUTH_LIMIT_DELETE	1	/* Limit DELETE requests */
#define AUTH_LIMIT_GET		2	/* Limit GET requests */
#define AUTH_LIMIT_HEAD		4	/* Limit HEAD requests */
#define AUTH_LIMIT_OPTIONS	8	/* Limit OPTIONS requests */
#define AUTH_LIMIT_POST		16	/* Limit POST requests */
#define AUTH_LIMIT_PUT		32	/* Limit PUT requests */
#define AUTH_LIMIT_TRACE	64	/* Limit TRACE requests */
#define AUTH_LIMIT_ALL		127	/* Limit all requests */
#define AUTH_LIMIT_IPP		128	/* Limit IPP requests */

#define IPP_ANY_OPERATION	(ipp_op_t)0
					/* Any IPP operation */
#define IPP_BAD_OPERATION	(ipp_op_t)-1
					/* No IPP operation */


/*
 * HTTP access control structures...
 */

typedef struct
{
  unsigned	address[4],		/* IP address */
		netmask[4];		/* IP netmask */
} cupsd_ipmask_t;

typedef struct
{
  int		length;			/* Length of name */
  char		*name;			/* Name string */
} cupsd_namemask_t;

typedef struct
{
  int		type;			/* Mask type */
  union
  {
    cupsd_namemask_t	name;		/* Host/Domain name */
    cupsd_ipmask_t	ip;		/* IP address/network */
  }		mask;			/* Mask data */
} cupsd_authmask_t;

typedef struct
{
  char			*location;	/* Location of resource */
  ipp_op_t		op;		/* IPP operation */
  int			limit,		/* Limit for these types of requests */
			length,		/* Length of location string */
			order_type,	/* Allow or Deny */
			type,		/* Type of authentication */
			level,		/* Access level required */
			satisfy;	/* Satisfy any or all limits? */
  int			num_names;	/* Number of names */
  char			**names;	/* User or group names */
  int			num_allow;	/* Number of Allow lines */
  cupsd_authmask_t	*allow;		/* Allow lines */
  int			num_deny;	/* Number of Deny lines */
  cupsd_authmask_t	*deny;		/* Deny lines */
  http_encryption_t	encryption;	/* To encrypt or not to encrypt... */
} cupsd_location_t;

typedef struct cupsd_client_s cupsd_client_t;


/*
 * Globals...
 */

VAR cups_array_t	*Locations	VALUE(NULL);
					/* Authorization locations */
VAR int			DefaultAuthType	VALUE(AUTH_BASIC);
					/* Default AuthType, if not specified */


/*
 * Prototypes...
 */

extern cupsd_location_t	*cupsdAddLocation(const char *location);
extern void		cupsdAddName(cupsd_location_t *loc, char *name);
extern void		cupsdAllowHost(cupsd_location_t *loc, char *name);
extern void		cupsdAllowIP(cupsd_location_t *loc, unsigned address[4],
			             unsigned netmask[4]);
extern void		cupsdAuthorize(cupsd_client_t *con);
extern int		cupsdCheckAuth(unsigned ip[4], char *name, int namelen,
				       int num_masks, cupsd_authmask_t *masks);
extern int		cupsdCheckGroup(const char *username,
			                struct passwd *user,
			                const char *groupname);
extern cupsd_location_t	*cupsdCopyLocation(cupsd_location_t **loc);
extern void		cupsdDeleteAllLocations(void);
extern void		cupsdDeleteLocation(cupsd_location_t *loc);
extern void		cupsdDenyHost(cupsd_location_t *loc, char *name);
extern void		cupsdDenyIP(cupsd_location_t *loc, unsigned address[4],
			            unsigned netmask[4]);
extern cupsd_location_t	*cupsdFindBest(const char *path, http_state_t state);
extern cupsd_location_t	*cupsdFindLocation(const char *location);
extern char		*cupsdGetMD5Passwd(const char *username, const char *group,
			                   char passwd[33]);
extern http_status_t	cupsdIsAuthorized(cupsd_client_t *con, const char *owner);


/*
 * End of "$Id: auth.h 5069 2006-02-04 05:24:35Z mike $".
 */
Commit	Line	Data
ef416fc2	1	/*
bd7854cb	2	* "$Id: auth.h 5069 2006-02-04 05:24:35Z mike $"
ef416fc2	3	*
	4	* Authorization definitions for the Common UNIX Printing System (CUPS)
	5	* scheduler.
	6	*
bd7854cb	7	* Copyright 1997-2006 by Easy Software Products, all rights reserved.
ef416fc2	8	*
	9	* These coded instructions, statements, and computer programs are the
	10	* property of Easy Software Products and are protected by Federal
	11	* copyright law. Distribution and use rights are outlined in the file
	12	* "LICENSE.txt" which should have been included with this file. If this
	13	* file is missing or damaged please contact Easy Software Products
	14	* at:
	15	*
	16	* Attn: CUPS Licensing Information
	17	* Easy Software Products
	18	* 44141 Airport View Drive, Suite 204
	19	* Hollywood, Maryland 20636 USA
	20	*
	21	* Voice: (301) 373-9600
	22	* EMail: cups-info@cups.org
	23	* WWW: http://www.cups.org
	24	*/
	25
	26	/*
	27	* Include necessary headers...
	28	*/
	29
	30	#include <pwd.h>
	31
	32
	33	/*
	34	* HTTP authorization types and levels...
	35	*/
	36
	37	#define AUTH_NONE 0 /* No authentication */
	38	#define AUTH_BASIC 1 /* Basic authentication */
	39	#define AUTH_DIGEST 2 /* Digest authentication */
	40	#define AUTH_BASICDIGEST 3 /* Basic authentication w/passwd.md5 */
	41
	42	#define AUTH_ANON 0 /* Anonymous access */
	43	#define AUTH_USER 1 /* Must have a valid username/password */
	44	#define AUTH_GROUP 2 /* Must also be in a named group */
	45
	46	#define AUTH_ALLOW 0 /* Allow access */
	47	#define AUTH_DENY 1 /* Deny access */
	48
	49	#define AUTH_NAME 0 /* Authorize host by name */
	50	#define AUTH_IP 1 /* Authorize host by IP */
	51	#define AUTH_INTERFACE 2 /* Authorize host by interface */
	52
	53	#define AUTH_SATISFY_ALL 0 /* Satisfy both address and auth */
	54	#define AUTH_SATISFY_ANY 1 /* Satisfy either address or auth */
	55
	56	#define AUTH_LIMIT_DELETE 1 /* Limit DELETE requests */
	57	#define AUTH_LIMIT_GET 2 /* Limit GET requests */
	58	#define AUTH_LIMIT_HEAD 4 /* Limit HEAD requests */
	59	#define AUTH_LIMIT_OPTIONS 8 /* Limit OPTIONS requests */
	60	#define AUTH_LIMIT_POST 16 /* Limit POST requests */
	61	#define AUTH_LIMIT_PUT 32 /* Limit PUT requests */
	62	#define AUTH_LIMIT_TRACE 64 /* Limit TRACE requests */
	63	#define AUTH_LIMIT_ALL 127 /* Limit all requests */
	64	#define AUTH_LIMIT_IPP 128 /* Limit IPP requests */
	65
	66	#define IPP_ANY_OPERATION (ipp_op_t)0
	67	/* Any IPP operation */
	68	#define IPP_BAD_OPERATION (ipp_op_t)-1
	69	/* No IPP operation */
	70
	71
72	/*
73	* HTTP access control structures...
74	*/
75
76	typedef struct
77	{
78	unsigned address[4], /* IP address */
79	netmask[4]; /* IP netmask */
80	} cupsd_ipmask_t;
81
82	typedef struct
83	{
84	int length; /* Length of name */
85	char name; / Name string */
86	} cupsd_namemask_t;
87
88	typedef struct
89	{
90	int type; /* Mask type */
91	union
92	{
93	cupsd_namemask_t name; /* Host/Domain name */
94	cupsd_ipmask_t ip; /* IP address/network */
95	} mask; /* Mask data */
96	} cupsd_authmask_t;
97
98	typedef struct
99	{
bd7854cb	100	char location; / Location of resource */
ef416fc2	101	ipp_op_t op; /* IPP operation */
	102	int limit, /* Limit for these types of requests */
	103	length, /* Length of location string */
	104	order_type, /* Allow or Deny */
	105	type, /* Type of authentication */
	106	level, /* Access level required */
	107	satisfy; /* Satisfy any or all limits? */
	108	int num_names; /* Number of names */
	109	char *names; / User or group names */
	110	int num_allow; /* Number of Allow lines */
	111	cupsd_authmask_t allow; / Allow lines */
	112	int num_deny; /* Number of Deny lines */
	113	cupsd_authmask_t deny; / Deny lines */
	114	http_encryption_t encryption; /* To encrypt or not to encrypt... */
	115	} cupsd_location_t;
	116
	117	typedef struct cupsd_client_s cupsd_client_t;
	118
	119
	120	/*
	121	* Globals...
	122	*/
	123
bd7854cb	124	VAR cups_array_t *Locations VALUE(NULL);
ef416fc2	125	/* Authorization locations */
	126	VAR int DefaultAuthType VALUE(AUTH_BASIC);
	127	/* Default AuthType, if not specified */
	128
	129
	130	/*
	131	* Prototypes...
	132	*/
	133
	134	extern cupsd_location_t cupsdAddLocation(const char location);
	135	extern void cupsdAddName(cupsd_location_t loc, char name);
	136	extern void cupsdAllowHost(cupsd_location_t loc, char name);
	137	extern void cupsdAllowIP(cupsd_location_t *loc, unsigned address[4],
	138	unsigned netmask[4]);
	139	extern void cupsdAuthorize(cupsd_client_t *con);
	140	extern int cupsdCheckAuth(unsigned ip[4], char *name, int namelen,
	141	int num_masks, cupsd_authmask_t *masks);
	142	extern int cupsdCheckGroup(const char *username,
	143	struct passwd *user,
	144	const char *groupname);
	145	extern cupsd_location_t cupsdCopyLocation(cupsd_location_t *loc);
	146	extern void cupsdDeleteAllLocations(void);
	147	extern void cupsdDeleteLocation(cupsd_location_t *loc);
	148	extern void cupsdDenyHost(cupsd_location_t loc, char name);
	149	extern void cupsdDenyIP(cupsd_location_t *loc, unsigned address[4],
	150	unsigned netmask[4]);
	151	extern cupsd_location_t cupsdFindBest(const char path, http_state_t state);
	152	extern cupsd_location_t cupsdFindLocation(const char location);
	153	extern char cupsdGetMD5Passwd(const char username, const char *group,
	154	char passwd[33]);
	155	extern http_status_t cupsdIsAuthorized(cupsd_client_t con, const char owner);
	156
	157
	158	/*
bd7854cb	159	* End of "$Id: auth.h 5069 2006-02-04 05:24:35Z mike $".
ef416fc2	160	*/