]> git.ipfire.org Git - thirdparty/cups.git/blame - scheduler/conf.c
projects / thirdparty / cups.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge changes from CUPS 1.4svn-r7932.
[thirdparty/cups.git] / scheduler / conf.c
CommitLineData
ef416fc2 1/*
75bd9771 2 * "$Id: conf.c 7694 2008-06-26 00:23:20Z mike $"
ef416fc2 3 *
4 * Configuration routines for the Common UNIX Printing System (CUPS).
5 *
91c84a35 6 * Copyright 2007-2008 by Apple Inc.
7594b224 7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
ef416fc2 8 *
9 * These coded instructions, statements, and computer programs are the
bc44d920 10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
ef416fc2 14 *
15 * Contents:
16 *
b94498cf 17 * cupsdCheckPermissions() - Fix the mode and ownership of a file or
fa73b229 18 * directory.
b94498cf 19 * cupsdReadConfiguration() - Read the cupsd.conf file.
ef416fc2 20 * get_address() - Get an address + port number from a line.
21 * get_addr_and_mask() - Get an IP address and netmask.
22 * parse_aaa() - Parse authentication, authorization, and
23 * access control lines.
49d87452 24 * parse_fatal_errors() - Parse FatalErrors values in a string.
bd7854cb 25 * parse_groups() - Parse system group names in a string.
26 * parse_protocols() - Parse browse protocols in a string.
ef416fc2 27 * read_configuration() - Read a configuration file.
28 * read_location() - Read a <Location path> definition.
29 * read_policy() - Read a <Policy name> definition.
30 */
31
32/*
33 * Include necessary headers...
34 */
35
36#include "cupsd.h"
37#include <stdarg.h>
38#include <grp.h>
39#include <sys/utsname.h>
b94498cf 40#include <syslog.h>
ef416fc2 41
ef416fc2 42
43/*
44 * Possibly missing network definitions...
45 */
46
47#ifndef INADDR_NONE
48# define INADDR_NONE 0xffffffff
49#endif /* !INADDR_NONE */
50
51
52/*
53 * Configuration variable structure...
54 */
55
56typedef enum
57{
58 CUPSD_VARTYPE_INTEGER, /* Integer option */
59 CUPSD_VARTYPE_STRING, /* String option */
76cd9e37
MS		 60 CUPSD_VARTYPE_BOOLEAN, /* Boolean option */
61 CUPSD_VARTYPE_PATHNAME /* File/directory name option */
ef416fc2 62} cupsd_vartype_t;
63
64typedef struct
65{
66 char *name; /* Name of variable */
67 void *ptr; /* Pointer to variable */
68 cupsd_vartype_t type; /* Type (int, string, address) */
69} cupsd_var_t;
70
71
72/*
73 * Local globals...
74 */
75
ac884b6a 76static const cupsd_var_t variables[] =
ef416fc2 77{
78 { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
7594b224 79#ifdef __APPLE__
80 { "AppleQuotas", &AppleQuotas, CUPSD_VARTYPE_BOOLEAN },
81#endif /* __APPLE__ */
ef416fc2 82 { "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN },
83 { "BrowseInterval", &BrowseInterval, CUPSD_VARTYPE_INTEGER },
b423cd4c 84#ifdef HAVE_LDAP
85 { "BrowseLDAPBindDN", &BrowseLDAPBindDN, CUPSD_VARTYPE_STRING },
1ff0402e 86# ifdef HAVE_LDAP_SSL
76cd9e37 87 { "BrowseLDAPCACertFile", &BrowseLDAPCACertFile, CUPSD_VARTYPE_PATHNAME },
1ff0402e 88# endif /* HAVE_LDAP_SSL */
b423cd4c 89 { "BrowseLDAPDN", &BrowseLDAPDN, CUPSD_VARTYPE_STRING },
90 { "BrowseLDAPPassword", &BrowseLDAPPassword, CUPSD_VARTYPE_STRING },
91 { "BrowseLDAPServer", &BrowseLDAPServer, CUPSD_VARTYPE_STRING },
92#endif /* HAVE_LDAP */
ef416fc2 93 { "BrowseLocalOptions", &BrowseLocalOptions, CUPSD_VARTYPE_STRING },
94 { "BrowsePort", &BrowsePort, CUPSD_VARTYPE_INTEGER },
95 { "BrowseRemoteOptions", &BrowseRemoteOptions, CUPSD_VARTYPE_STRING },
96 { "BrowseShortNames", &BrowseShortNames, CUPSD_VARTYPE_BOOLEAN },
97 { "BrowseTimeout", &BrowseTimeout, CUPSD_VARTYPE_INTEGER },
98 { "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN },
99 { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
100 { "Classification", &Classification, CUPSD_VARTYPE_STRING },
101 { "ClassifyOverride", &ClassifyOverride, CUPSD_VARTYPE_BOOLEAN },
102 { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_INTEGER },
103 { "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
104 { "DefaultCharset", &DefaultCharset, CUPSD_VARTYPE_STRING },
105 { "DefaultLanguage", &DefaultLanguage, CUPSD_VARTYPE_STRING },
106 { "DefaultLeaseDuration", &DefaultLeaseDuration, CUPSD_VARTYPE_INTEGER },
c5571a1d 107 { "DefaultPaperSize", &DefaultPaperSize, CUPSD_VARTYPE_STRING },
ef416fc2 108 { "DefaultPolicy", &DefaultPolicy, CUPSD_VARTYPE_STRING },
fa73b229 109 { "DefaultShared", &DefaultShared, CUPSD_VARTYPE_BOOLEAN },
3dfe78b3 110 { "DirtyCleanInterval", &DirtyCleanInterval, CUPSD_VARTYPE_INTEGER },
ef416fc2 111 { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
112 { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
323c5de1 113 { "ErrorPolicy", &ErrorPolicy, CUPSD_VARTYPE_STRING },
ef416fc2 114 { "FileDevice", &FileDevice, CUPSD_VARTYPE_BOOLEAN },
115 { "FilterLimit", &FilterLimit, CUPSD_VARTYPE_INTEGER },
116 { "FilterNice", &FilterNice, CUPSD_VARTYPE_INTEGER },
117 { "FontPath", &FontPath, CUPSD_VARTYPE_STRING },
f7deaa1a 118#ifdef HAVE_GSSAPI
119 { "GSSServiceName", &GSSServiceName, CUPSD_VARTYPE_STRING },
120#endif /* HAVE_GSSAPI */
db0bd74a 121 { "HideImplicitMembers", &HideImplicitMembers, CUPSD_VARTYPE_BOOLEAN },
ef416fc2 122 { "ImplicitClasses", &ImplicitClasses, CUPSD_VARTYPE_BOOLEAN },
123 { "ImplicitAnyClasses", &ImplicitAnyClasses, CUPSD_VARTYPE_BOOLEAN },
124 { "JobRetryLimit", &JobRetryLimit, CUPSD_VARTYPE_INTEGER },
125 { "JobRetryInterval", &JobRetryInterval, CUPSD_VARTYPE_INTEGER },
126 { "KeepAliveTimeout", &KeepAliveTimeout, CUPSD_VARTYPE_INTEGER },
127 { "KeepAlive", &KeepAlive, CUPSD_VARTYPE_BOOLEAN },
f7deaa1a 128#ifdef HAVE_LAUNCHD
129 { "LaunchdTimeout", &LaunchdTimeout, CUPSD_VARTYPE_INTEGER },
130 { "LaunchdConf", &LaunchdConf, CUPSD_VARTYPE_STRING },
131#endif /* HAVE_LAUNCHD */
ef416fc2 132 { "LimitRequestBody", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
133 { "ListenBackLog", &ListenBackLog, CUPSD_VARTYPE_INTEGER },
134 { "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_INTEGER },
2e4ff8af 135 { "LPDConfigFile", &LPDConfigFile, CUPSD_VARTYPE_STRING },
ef416fc2 136 { "MaxActiveJobs", &MaxActiveJobs, CUPSD_VARTYPE_INTEGER },
137 { "MaxClients", &MaxClients, CUPSD_VARTYPE_INTEGER },
138 { "MaxClientsPerHost", &MaxClientsPerHost, CUPSD_VARTYPE_INTEGER },
139 { "MaxCopies", &MaxCopies, CUPSD_VARTYPE_INTEGER },
140 { "MaxEvents", &MaxEvents, CUPSD_VARTYPE_INTEGER },
141 { "MaxJobs", &MaxJobs, CUPSD_VARTYPE_INTEGER },
142 { "MaxJobsPerPrinter", &MaxJobsPerPrinter, CUPSD_VARTYPE_INTEGER },
143 { "MaxJobsPerUser", &MaxJobsPerUser, CUPSD_VARTYPE_INTEGER },
144 { "MaxLeaseDuration", &MaxLeaseDuration, CUPSD_VARTYPE_INTEGER },
145 { "MaxLogSize", &MaxLogSize, CUPSD_VARTYPE_INTEGER },
146 { "MaxPrinterHistory", &MaxPrinterHistory, CUPSD_VARTYPE_INTEGER },
147 { "MaxRequestSize", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
148 { "MaxSubscriptions", &MaxSubscriptions, CUPSD_VARTYPE_INTEGER },
149 { "MaxSubscriptionsPerJob", &MaxSubscriptionsPerJob, CUPSD_VARTYPE_INTEGER },
150 { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER },
151 { "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER },
152 { "PageLog", &PageLog, CUPSD_VARTYPE_STRING },
01ce6322 153 { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING },
ef416fc2 154 { "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_BOOLEAN },
155 { "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_BOOLEAN },
156 { "Printcap", &Printcap, CUPSD_VARTYPE_STRING },
157 { "PrintcapGUI", &PrintcapGUI, CUPSD_VARTYPE_STRING },
158 { "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_INTEGER },
159 { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
160 { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
161 { "RIPCache", &RIPCache, CUPSD_VARTYPE_STRING },
ef416fc2 162 { "RootCertDuration", &RootCertDuration, CUPSD_VARTYPE_INTEGER },
163 { "ServerAdmin", &ServerAdmin, CUPSD_VARTYPE_STRING },
76cd9e37 164 { "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME },
ef416fc2 165#ifdef HAVE_SSL
76cd9e37 166 { "ServerCertificate", &ServerCertificate, CUPSD_VARTYPE_PATHNAME },
ef416fc2 167# if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
76cd9e37 168 { "ServerKey", &ServerKey, CUPSD_VARTYPE_PATHNAME },
ef416fc2 169# endif /* HAVE_LIBSSL || HAVE_GNUTLS */
170#endif /* HAVE_SSL */
171 { "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
76cd9e37 172 { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME },
2e4ff8af 173 { "SMBConfigFile", &SMBConfigFile, CUPSD_VARTYPE_STRING },
ef416fc2 174 { "StateDir", &StateDir, CUPSD_VARTYPE_STRING },
f7deaa1a 175#ifdef HAVE_AUTHORIZATION_H
176 { "SystemGroupAuthKey", &SystemGroupAuthKey, CUPSD_VARTYPE_STRING },
177#endif /* HAVE_AUTHORIZATION_H */
76cd9e37 178 { "TempDir", &TempDir, CUPSD_VARTYPE_PATHNAME },
e00b005a 179 { "Timeout", &Timeout, CUPSD_VARTYPE_INTEGER },
180 { "UseNetworkDefault", &UseNetworkDefault, CUPSD_VARTYPE_BOOLEAN }
ef416fc2 181};
182#define NUM_VARS (sizeof(variables) / sizeof(variables[0]))
183
184
ac884b6a 185static const unsigned ones[4] =
ef416fc2 186 {
187 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff
188 };
ac884b6a 189static const unsigned zeros[4] =
ef416fc2 190 {
191 0x00000000, 0x00000000, 0x00000000, 0x00000000
192 };
193
194
195/*
196 * Local functions...
197 */
ef416fc2 198static http_addrlist_t *get_address(const char *value, int defport);
199static int get_addr_and_mask(const char *value, unsigned *ip,
200 unsigned *mask);
201static int parse_aaa(cupsd_location_t *loc, char *line,
202 char *value, int linenum);
49d87452 203static int parse_fatal_errors(const char *s);
bd7854cb 204static int parse_groups(const char *s);
205static int parse_protocols(const char *s);
ef416fc2 206static int read_configuration(cups_file_t *fp);
207static int read_location(cups_file_t *fp, char *name, int linenum);
208static int read_policy(cups_file_t *fp, char *name, int linenum);
209
210
b94498cf 211/*
212 * 'cupsdCheckPermissions()' - Fix the mode and ownership of a file or directory.
213 */
214
215int /* O - 0 on success, -1 on error, 1 on warning */
216cupsdCheckPermissions(
217 const char *filename, /* I - File/directory name */
218 const char *suffix, /* I - Additional file/directory name */
219 int mode, /* I - Permissions */
220 int user, /* I - Owner */
221 int group, /* I - Group */
222 int is_dir, /* I - 1 = directory, 0 = file */
223 int create_dir) /* I - 1 = create directory, -1 = create w/o logging, 0 = not */
224{
225 int dir_created = 0; /* Did we create a directory? */
226 char pathname[1024]; /* File name with prefix */
227 struct stat fileinfo; /* Stat buffer */
49d87452 228 int is_symlink; /* Is "filename" a symlink? */
b94498cf 229
230
231 /*
232 * Prepend the given root to the filename before testing it...
233 */
234
235 if (suffix)
236 {
237 snprintf(pathname, sizeof(pathname), "%s/%s", filename, suffix);
238 filename = pathname;
239 }
240
241 /*
242 * See if we can stat the file/directory...
243 */
244
49d87452 245 if (lstat(filename, &fileinfo))
b94498cf 246 {
247 if (errno == ENOENT && create_dir)
248 {
249 if (create_dir > 0)
250 cupsdLogMessage(CUPSD_LOG_DEBUG, "Creating missing directory \"%s\"",
251 filename);
252
253 if (mkdir(filename, mode))
254 {
255 if (create_dir > 0)
256 cupsdLogMessage(CUPSD_LOG_ERROR,
257 "Unable to create directory \"%s\" - %s", filename,
258 strerror(errno));
259 else
260 syslog(LOG_ERR, "Unable to create directory \"%s\" - %s", filename,
261 strerror(errno));
262
263 return (-1);
264 }
265
266 dir_created = 1;
267 }
268 else
269 return (create_dir ? -1 : 1);
270 }
271
49d87452
MS		 272 if ((is_symlink = S_ISLNK(fileinfo.st_mode)) != 0)
273 {
274 if (stat(filename, &fileinfo))
275 {
276 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is a bad symlink - %s",
277 filename, strerror(errno));
278 return (-1);
279 }
280 }
281
b94498cf 282 /*
49d87452 283 * Make sure it's a regular file or a directory as needed...
b94498cf 284 */
285
286 if (!dir_created && !is_dir && !S_ISREG(fileinfo.st_mode))
287 {
288 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a regular file!", filename);
289 return (-1);
290 }
291
292 if (!dir_created && is_dir && !S_ISDIR(fileinfo.st_mode))
293 {
294 if (create_dir >= 0)
295 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a directory!", filename);
296 else
297 syslog(LOG_ERR, "\"%s\" is not a directory!", filename);
298
299 return (-1);
300 }
301
49d87452
MS		 302 /*
303 * If the filename is a symlink, do not change permissions (STR #2937)...
304 */
305
306 if (is_symlink)
307 return (0);
308
b94498cf 309 /*
310 * Fix owner, group, and mode as needed...
311 */
312
313 if (dir_created || fileinfo.st_uid != user || fileinfo.st_gid != group)
314 {
315 if (create_dir >= 0)
316 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing ownership of \"%s\"",
317 filename);
318
319 if (chown(filename, user, group) && !getuid())
320 {
321 if (create_dir >= 0)
322 cupsdLogMessage(CUPSD_LOG_ERROR,
323 "Unable to change ownership of \"%s\" - %s", filename,
324 strerror(errno));
325 else
326 syslog(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename,
327 strerror(errno));
328
329 return (1);
330 }
331 }
332
333 if (dir_created || (fileinfo.st_mode & 07777) != mode)
334 {
335 if (create_dir >= 0)
336 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing access permissions of \"%s\"",
337 filename);
338
339 if (chmod(filename, mode))
340 {
341 if (create_dir >= 0)
342 cupsdLogMessage(CUPSD_LOG_ERROR,
343 "Unable to change permissions of \"%s\" - %s", filename,
344 strerror(errno));
345 else
346 syslog(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename,
347 strerror(errno));
348
349 return (1);
350 }
351 }
352
353 /*
354 * Everything is OK...
355 */
356
357 return (0);
358}
359
360
ef416fc2 361/*
362 * 'cupsdReadConfiguration()' - Read the cupsd.conf file.
363 */
364
365int /* O - 1 on success, 0 otherwise */
366cupsdReadConfiguration(void)
367{
368 int i; /* Looping var */
369 cups_file_t *fp; /* Configuration file */
370 int status; /* Return status */
371 char temp[1024], /* Temporary buffer */
dd1abb6b 372 mimedir[1024], /* MIME directory */
ef416fc2 373 *slash; /* Directory separator */
ef416fc2 374 cups_lang_t *language; /* Language */
375 struct passwd *user; /* Default user */
376 struct group *group; /* Default group */
377 char *old_serverroot, /* Old ServerRoot */
378 *old_requestroot; /* Old RequestRoot */
b423cd4c 379 const char *tmpdir; /* TMPDIR environment variable */
380 struct stat tmpinfo; /* Temporary directory info */
2e4ff8af 381 cupsd_policy_t *p; /* Policy */
b423cd4c 382
ef416fc2 383
ef416fc2 384 /*
385 * Save the old root paths...
386 */
387
388 old_serverroot = NULL;
389 cupsdSetString(&old_serverroot, ServerRoot);
390 old_requestroot = NULL;
391 cupsdSetString(&old_requestroot, RequestRoot);
392
393 /*
394 * Reset the server configuration data...
395 */
396
397 cupsdDeleteAllLocations();
398
399 if (NumBrowsers > 0)
400 {
401 free(Browsers);
e53920b9 402 Browsers = NULL;
ef416fc2 403
404 NumBrowsers = 0;
405 }
406
407 if (NumPolled > 0)
408 {
409 free(Polled);
410
411 NumPolled = 0;
412 }
413
414 if (NumRelays > 0)
415 {
416 for (i = 0; i < NumRelays; i ++)
5bd77a73 417 if (Relays[i].from.type == CUPSD_AUTH_NAME)
ef416fc2 418 free(Relays[i].from.mask.name.name);
419
420 free(Relays);
421
422 NumRelays = 0;
423 }
424
bd7854cb 425 cupsdDeleteAllListeners();
ef416fc2 426
427 /*
428 * String options...
429 */
430
757d2cad 431 cupsdSetString(&ServerName, httpGetHostname(NULL, temp, sizeof(temp)));
ef416fc2 432 cupsdSetStringf(&ServerAdmin, "root@%s", temp);
433 cupsdSetString(&ServerBin, CUPS_SERVERBIN);
434 cupsdSetString(&RequestRoot, CUPS_REQUESTS);
435 cupsdSetString(&CacheDir, CUPS_CACHEDIR);
436 cupsdSetString(&DataDir, CUPS_DATADIR);
437 cupsdSetString(&DocumentRoot, CUPS_DOCROOT);
438 cupsdSetString(&AccessLog, CUPS_LOGDIR "/access_log");
439 cupsdSetString(&ErrorLog, CUPS_LOGDIR "/error_log");
440 cupsdSetString(&PageLog, CUPS_LOGDIR "/page_log");
01ce6322
MS		 441 cupsdSetString(&PageLogFormat,
442 "%p %j %u %T %P %C %{job-billing} "
443 "%{job-originating-host-name} %{job-name} %{media} %{sides}");
e53920b9 444 cupsdSetString(&Printcap, CUPS_DEFAULT_PRINTCAP);
ef416fc2 445 cupsdSetString(&PrintcapGUI, "/usr/bin/glpoptions");
446 cupsdSetString(&FontPath, CUPS_FONTPATH);
447 cupsdSetString(&RemoteRoot, "remroot");
ae71f5de 448 cupsdSetString(&ServerHeader, "CUPS/1.4");
ef416fc2 449 cupsdSetString(&StateDir, CUPS_STATEDIR);
f7deaa1a 450#ifdef HAVE_GSSAPI
451 cupsdSetString(&GSSServiceName, CUPS_DEFAULT_GSSSERVICENAME);
452#endif /* HAVE_GSSAPI */
ef416fc2 453
ed486911 454 if (!strcmp(CUPS_DEFAULT_PRINTCAP, "/etc/printers.conf"))
455 PrintcapFormat = PRINTCAP_SOLARIS;
456 else
457 PrintcapFormat = PRINTCAP_BSD;
458
ef416fc2 459 strlcpy(temp, ConfigurationFile, sizeof(temp));
460 if ((slash = strrchr(temp, '/')) != NULL)
461 *slash = '\0';
462
463 cupsdSetString(&ServerRoot, temp);
464
465 cupsdClearString(&Classification);
466 ClassifyOverride = 0;
467
468#ifdef HAVE_SSL
469# ifdef HAVE_CDSASSL
fa73b229 470 cupsdSetString(&ServerCertificate, "/Library/Keychains/System.keychain");
ef416fc2 471# else
472 cupsdSetString(&ServerCertificate, "ssl/server.crt");
473 cupsdSetString(&ServerKey, "ssl/server.key");
474# endif /* HAVE_CDSASSL */
475#endif /* HAVE_SSL */
476
477 language = cupsLangDefault();
478
479 if (!strcmp(language->language, "C") || !strcmp(language->language, "POSIX"))
480 cupsdSetString(&DefaultLanguage, "en");
481 else
482 cupsdSetString(&DefaultLanguage, language->language);
483
484 cupsdSetString(&DefaultCharset, _cupsEncodingName(language->encoding));
485
c5571a1d
MS		 486 cupsdClearString(&DefaultPaperSize);
487
ef416fc2 488 cupsdSetString(&RIPCache, "8m");
489
b423cd4c 490 cupsdSetString(&TempDir, NULL);
ef416fc2 491
ef416fc2 492 /*
493 * Find the default user...
494 */
495
496 if ((user = getpwnam(CUPS_DEFAULT_USER)) != NULL)
497 User = user->pw_uid;
498 else
499 {
500 /*
501 * Use the (historical) NFS nobody user ID (-2 as a 16-bit twos-
502 * complement number...)
503 */
504
505 User = 65534;
506 }
507
508 endpwent();
509
510 /*
d6ae789d 511 * Find the default group...
ef416fc2 512 */
513
d6ae789d 514 group = getgrnam(CUPS_DEFAULT_GROUP);
ef416fc2 515 endgrent();
516
d6ae789d 517 if (group)
ef416fc2 518 Group = group->gr_gid;
519 else
520 {
521 /*
d6ae789d 522 * Fallback to group "nobody"...
ef416fc2 523 */
524
d6ae789d 525 group = getgrnam("nobody");
526 endgrent();
527
528 if (group)
529 Group = group->gr_gid;
530 else
531 {
532 /*
533 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
534 * complement number...)
535 */
536
537 Group = 65534;
538 }
ef416fc2 539 }
540
541 /*
542 * Numeric options...
543 */
544
1f0275e3 545 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
bd7854cb 546 ConfigFilePerm = CUPS_DEFAULT_CONFIG_FILE_PERM;
49d87452 547 FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS);
5bd77a73 548 DefaultAuthType = CUPSD_AUTH_BASIC;
4744bd90 549#ifdef HAVE_SSL
550 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
551#endif /* HAVE_SSL */
49d87452 552 DirtyCleanInterval = DEFAULT_KEEPALIVE;
bd7854cb 553 JobRetryLimit = 5;
554 JobRetryInterval = 300;
555 FileDevice = FALSE;
556 FilterLevel = 0;
557 FilterLimit = 0;
558 FilterNice = 0;
559 HostNameLookups = FALSE;
560 ImplicitClasses = CUPS_DEFAULT_IMPLICIT_CLASSES;
561 ImplicitAnyClasses = FALSE;
562 HideImplicitMembers = TRUE;
563 KeepAlive = TRUE;
564 KeepAliveTimeout = DEFAULT_KEEPALIVE;
565 ListenBackLog = SOMAXCONN;
566 LogFilePerm = CUPS_DEFAULT_LOG_FILE_PERM;
1f0275e3 567 LogLevel = CUPSD_LOG_WARN;
bd7854cb 568 MaxClients = 100;
569 MaxClientsPerHost = 0;
570 MaxLogSize = 1024 * 1024;
571 MaxPrinterHistory = 10;
572 MaxRequestSize = 0;
49d87452 573 ReloadTimeout = DEFAULT_KEEPALIVE;
bd7854cb 574 RootCertDuration = 300;
bd7854cb 575 Timeout = DEFAULT_TIMEOUT;
576 NumSystemGroups = 0;
ef416fc2 577
578 BrowseInterval = DEFAULT_INTERVAL;
579 BrowsePort = ippPort();
bd7854cb 580 BrowseLocalProtocols = parse_protocols(CUPS_DEFAULT_BROWSE_LOCAL_PROTOCOLS);
581 BrowseRemoteProtocols = parse_protocols(CUPS_DEFAULT_BROWSE_REMOTE_PROTOCOLS);
09ec0018 582 BrowseShortNames = CUPS_DEFAULT_BROWSE_SHORT_NAMES;
ef416fc2 583 BrowseTimeout = DEFAULT_TIMEOUT;
09ec0018 584 Browsing = CUPS_DEFAULT_BROWSING;
585 DefaultShared = CUPS_DEFAULT_DEFAULT_SHARED;
ef416fc2 586
2e4ff8af
MS		 587 cupsdSetString(&LPDConfigFile, CUPS_DEFAULT_LPD_CONFIG_FILE);
588 cupsdSetString(&SMBConfigFile, CUPS_DEFAULT_SMB_CONFIG_FILE);
589
ef416fc2 590 cupsdClearString(&BrowseLocalOptions);
591 cupsdClearString(&BrowseRemoteOptions);
592
323c5de1 593 cupsdSetString(&ErrorPolicy, "stop-printer");
594
b423cd4c 595#ifdef HAVE_LDAP
596 cupsdClearString(&BrowseLDAPBindDN);
597 cupsdClearString(&BrowseLDAPDN);
598 cupsdClearString(&BrowseLDAPPassword);
599 cupsdClearString(&BrowseLDAPServer);
1ff0402e 600# ifdef HAVE_LDAP_SSL
bc44d920 601 cupsdClearString(&BrowseLDAPCACertFile);
1ff0402e 602# endif /* HAVE_LDAP_SSL */
b423cd4c 603#endif /* HAVE_LDAP */
604
ef416fc2 605 JobHistory = DEFAULT_HISTORY;
606 JobFiles = DEFAULT_FILES;
607 JobAutoPurge = 0;
608 MaxJobs = 500;
609 MaxActiveJobs = 0;
610 MaxJobsPerUser = 0;
611 MaxJobsPerPrinter = 0;
f7deaa1a 612 MaxCopies = CUPS_DEFAULT_MAX_COPIES;
ef416fc2 613
614 cupsdDeleteAllPolicies();
615 cupsdClearString(&DefaultPolicy);
616
f7deaa1a 617#ifdef HAVE_AUTHORIZATION_H
618 cupsdClearString(&SystemGroupAuthKey);
619#endif /* HAVE_AUTHORIZATION_H */
620
ef416fc2 621 MaxSubscriptions = 100;
622 MaxSubscriptionsPerJob = 0;
623 MaxSubscriptionsPerPrinter = 0;
624 MaxSubscriptionsPerUser = 0;
625 DefaultLeaseDuration = 86400;
626 MaxLeaseDuration = 0;
627
a4d04587 628#ifdef HAVE_LAUNCHD
629 LaunchdTimeout = DEFAULT_TIMEOUT + 10;
630 cupsdSetString(&LaunchdConf, CUPS_DEFAULT_LAUNCHD_CONF);
631#endif /* HAVE_LAUNCHD */
632
7594b224 633#ifdef __APPLE__
634 AppleQuotas = TRUE;
635#endif /* __APPLE__ */
636
ef416fc2 637 /*
638 * Read the configuration file...
639 */
640
641 if ((fp = cupsFileOpen(ConfigurationFile, "r")) == NULL)
642 return (0);
643
644 status = read_configuration(fp);
645
646 cupsFileClose(fp);
647
648 if (!status)
649 return (0);
650
4744bd90 651 RunUser = getuid();
ef416fc2 652
8ca02f3c 653 /*
654 * See if the ServerName is an IP address...
655 */
656
657 for (slash = ServerName; isdigit(*slash & 255) || *slash == '.'; slash ++);
658
659 ServerNameIsIP = !*slash;
660
ef416fc2 661 /*
662 * Use the default system group if none was supplied in cupsd.conf...
663 */
664
665 if (NumSystemGroups == 0)
bd7854cb 666 {
667 if (!parse_groups(CUPS_DEFAULT_SYSTEM_GROUPS))
668 {
669 /*
670 * Find the group associated with GID 0...
671 */
672
673 group = getgrgid(0);
674 endgrent();
675
676 if (group != NULL)
677 cupsdSetString(&SystemGroups[0], group->gr_name);
678 else
679 cupsdSetString(&SystemGroups[0], "unknown");
680
681 SystemGroupIDs[0] = 0;
682 NumSystemGroups = 1;
683 }
684 }
ef416fc2 685
686 /*
687 * Get the access control list for browsing...
688 */
689
690 BrowseACL = cupsdFindLocation("CUPS_INTERNAL_BROWSE_ACL");
691
692 /*
693 * Open the system log for cupsd if necessary...
694 */
695
696#ifdef HAVE_VSYSLOG
697 if (!strcmp(AccessLog, "syslog") ||
698 !strcmp(ErrorLog, "syslog") ||
699 !strcmp(PageLog, "syslog"))
700 openlog("cupsd", LOG_PID | LOG_NOWAIT | LOG_NDELAY, LOG_LPR);
701#endif /* HAVE_VSYSLOG */
702
703 /*
704 * Log the configuration file that was used...
705 */
706
707 cupsdLogMessage(CUPSD_LOG_INFO, "Loaded configuration file \"%s\"",
708 ConfigurationFile);
709
710 /*
711 * Validate the Group and SystemGroup settings - they cannot be the same,
712 * otherwise the CGI programs will be able to authenticate as root without
713 * a password!
714 */
715
716 if (!RunUser)
717 {
718 for (i = 0; i < NumSystemGroups; i ++)
719 if (Group == SystemGroupIDs[i])
720 break;
721
722 if (i < NumSystemGroups)
723 {
724 /*
725 * Log the error and reset the group to a safe value...
726 */
727
728 cupsdLogMessage(CUPSD_LOG_NOTICE,
729 "Group and SystemGroup cannot use the same groups!");
730 cupsdLogMessage(CUPSD_LOG_INFO, "Resetting Group to \"nobody\"...");
731
732 group = getgrnam("nobody");
733 endgrent();
734
735 if (group != NULL)
736 Group = group->gr_gid;
737 else
738 {
739 /*
740 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
741 * complement number...)
742 */
743
744 Group = 65534;
745 }
746 }
747 }
748
749 /*
750 * Check that we have at least one listen/port line; if not, report this
751 * as an error and exit!
752 */
753
bd7854cb 754 if (cupsArrayCount(Listeners) == 0)
ef416fc2 755 {
756 /*
757 * No listeners!
758 */
759
760 cupsdLogMessage(CUPSD_LOG_EMERG,
49d87452
MS		 761 "No valid Listen or Port lines were found in the "
762 "configuration file!");
ef416fc2 763
764 /*
765 * Commit suicide...
766 */
767
768 cupsdEndProcess(getpid(), 0);
769 }
770
771 /*
772 * Set the default locale using the language and charset...
773 */
774
775 cupsdSetStringf(&DefaultLocale, "%s.%s", DefaultLanguage, DefaultCharset);
776
777 /*
778 * Update all relative filenames to include the full path from ServerRoot...
779 */
780
781 if (DocumentRoot[0] != '/')
782 cupsdSetStringf(&DocumentRoot, "%s/%s", ServerRoot, DocumentRoot);
783
784 if (RequestRoot[0] != '/')
785 cupsdSetStringf(&RequestRoot, "%s/%s", ServerRoot, RequestRoot);
786
787 if (ServerBin[0] != '/')
788 cupsdSetStringf(&ServerBin, "%s/%s", ServerRoot, ServerBin);
789
790 if (StateDir[0] != '/')
791 cupsdSetStringf(&StateDir, "%s/%s", ServerRoot, StateDir);
792
793 if (CacheDir[0] != '/')
794 cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir);
795
796#ifdef HAVE_SSL
797 if (ServerCertificate[0] != '/')
798 cupsdSetStringf(&ServerCertificate, "%s/%s", ServerRoot, ServerCertificate);
799
49d87452
MS		 800 if (!strncmp(ServerRoot, ServerCertificate, strlen(ServerRoot)) &&
801 cupsdCheckPermissions(ServerCertificate, NULL, 0600, RunUser, Group,
802 0, 0) < 0 &&
803 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
804 return (0);
ef416fc2 805
806# if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
807 if (ServerKey[0] != '/')
808 cupsdSetStringf(&ServerKey, "%s/%s", ServerRoot, ServerKey);
809
49d87452
MS		 810 if (!strncmp(ServerRoot, ServerKey, strlen(ServerRoot)) &&
811 cupsdCheckPermissions(ServerKey, NULL, 0600, RunUser, Group, 0, 0) < 0 &&
812 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
813 return (0);
ef416fc2 814# endif /* HAVE_LIBSSL || HAVE_GNUTLS */
815#endif /* HAVE_SSL */
816
817 /*
818 * Make sure that directories and config files are owned and
819 * writable by the user and group in the cupsd.conf file...
820 */
821
ae71f5de
MS		 822 snprintf(temp, sizeof(temp), "%s/rss", CacheDir);
823
49d87452
MS		 824 if ((cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser,
825 Group, 1, 1) < 0 ||
826 cupsdCheckPermissions(CacheDir, NULL, 0775, RunUser,
827 Group, 1, 1) < 0 ||
828 cupsdCheckPermissions(temp, NULL, 0775, RunUser,
829 Group, 1, 1) < 0 ||
830 cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
831 Group, 1, 1) < 0 ||
832 cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
833 SystemGroupIDs[0], 1, 1) < 0 ||
834 cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
835 Group, 1, 0) < 0 ||
836 cupsdCheckPermissions(ServerRoot, "ppd", 0755, RunUser,
837 Group, 1, 1) < 0 ||
838 cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser,
839 Group, 1, 0) < 0 ||
840 cupsdCheckPermissions(ServerRoot, "cupsd.conf", ConfigFilePerm, RunUser,
841 Group, 0, 0) < 0 ||
842 cupsdCheckPermissions(ServerRoot, "classes.conf", 0600, RunUser,
843 Group, 0, 0) < 0 ||
844 cupsdCheckPermissions(ServerRoot, "printers.conf", 0600, RunUser,
845 Group, 0, 0) < 0 ||
846 cupsdCheckPermissions(ServerRoot, "passwd.md5", 0600, User,
847 Group, 0, 0) < 0) &&
848 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
d09495fa 849 return (0);
ef416fc2 850
b423cd4c 851 /*
852 * Update TempDir to the default if it hasn't been set already...
853 */
854
855 if (!TempDir)
856 {
857 if ((tmpdir = getenv("TMPDIR")) != NULL)
858 {
859 /*
860 * TMPDIR is defined, see if it is OK for us to use...
861 */
862
863 if (stat(tmpdir, &tmpinfo))
864 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to access TMPDIR (%s): %s",
865 tmpdir, strerror(errno));
866 else if (!S_ISDIR(tmpinfo.st_mode))
867 cupsdLogMessage(CUPSD_LOG_ERROR, "TMPDIR (%s) is not a directory!",
868 tmpdir);
869 else if ((tmpinfo.st_uid != User || !(tmpinfo.st_mode & S_IWUSR)) &&
870 (tmpinfo.st_gid != Group || !(tmpinfo.st_mode & S_IWGRP)) &&
871 !(tmpinfo.st_mode & S_IWOTH))
872 cupsdLogMessage(CUPSD_LOG_ERROR,
873 "TMPDIR (%s) has the wrong permissions!", tmpdir);
874 else
875 cupsdSetString(&TempDir, tmpdir);
b423cd4c 876 }
877
878 if (!TempDir)
d09495fa 879 {
880 cupsdLogMessage(CUPSD_LOG_INFO, "Using default TempDir of %s/tmp...",
881 RequestRoot);
b423cd4c 882 cupsdSetStringf(&TempDir, "%s/tmp", RequestRoot);
d09495fa 883 }
b423cd4c 884 }
885
ef416fc2 886 /*
b94498cf 887 * Make sure the temporary directory has the right permissions...
ef416fc2 888 */
889
ef416fc2 890 if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)) ||
891 access(TempDir, 0))
892 {
893 /*
894 * Update ownership and permissions if the CUPS temp directory
895 * is under the spool directory or does not exist...
896 */
897
49d87452
MS		 898 if (cupsdCheckPermissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0 &&
899 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
d09495fa 900 return (0);
ef416fc2 901 }
902
ef416fc2 903 /*
904 * Setup environment variables...
905 */
906
907 cupsdInitEnv();
908
c5571a1d
MS		 909 /*
910 * Update default paper size setting as needed...
911 */
912
913 if (!DefaultPaperSize)
914 {
915#ifdef HAVE_LIBPAPER
916 char *paper_result; /* Paper size name from libpaper */
917
918 if ((paper_result = systempapername()) != NULL)
919 cupsdSetString(&DefaultPaperSize, paper_result);
920 else
921#endif /* HAVE_LIBPAPER */
922 if (!DefaultLanguage ||
923 !strcasecmp(DefaultLanguage, "C") ||
924 !strcasecmp(DefaultLanguage, "POSIX") ||
925 !strcasecmp(DefaultLanguage, "en") ||
926 !strncasecmp(DefaultLanguage, "en.", 3) ||
927 !strncasecmp(DefaultLanguage, "en_US", 5) ||
928 !strncasecmp(DefaultLanguage, "en_CA", 5) ||
929 !strncasecmp(DefaultLanguage, "fr_CA", 5))
930 {
931 /*
932 * These are the only locales that will default to "letter" size...
933 */
934
935 cupsdSetString(&DefaultPaperSize, "Letter");
936 }
937 else
938 cupsdSetString(&DefaultPaperSize, "A4");
939 }
940
941 /*
942 * Update classification setting as needed...
943 */
944
945 if (Classification && !strcasecmp(Classification, "none"))
946 cupsdClearString(&Classification);
947
948 if (Classification)
949 cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
950
ef416fc2 951 /*
952 * Check the MaxClients setting, and then allocate memory for it...
953 */
954
955 if (MaxClients > (MaxFDs / 3) || MaxClients <= 0)
956 {
957 if (MaxClients > 0)
49d87452
MS		 958 cupsdLogMessage(CUPSD_LOG_INFO,
959 "MaxClients limited to 1/3 (%d) of the file descriptor "
960 "limit (%d)...",
961 MaxFDs / 3, MaxFDs);
ef416fc2 962
963 MaxClients = MaxFDs / 3;
964 }
965
bd7854cb 966 cupsdLogMessage(CUPSD_LOG_INFO, "Configured for up to %d clients.",
967 MaxClients);
ef416fc2 968
969 /*
970 * Check the MaxActiveJobs setting; limit to 1/3 the available
971 * file descriptors, since we need a pipe for each job...
972 */
973
974 if (MaxActiveJobs > (MaxFDs / 3))
975 MaxActiveJobs = MaxFDs / 3;
976
ef416fc2 977 /*
978 * Update the MaxClientsPerHost value, as needed...
979 */
980
981 if (MaxClientsPerHost <= 0)
982 MaxClientsPerHost = MaxClients;
983
984 if (MaxClientsPerHost > MaxClients)
985 MaxClientsPerHost = MaxClients;
986
987 cupsdLogMessage(CUPSD_LOG_INFO,
988 "Allowing up to %d client connections per host.",
989 MaxClientsPerHost);
990
8ca02f3c 991 /*
992 * Make sure that BrowseTimeout is at least twice the interval...
993 */
994
995 if (BrowseTimeout < (2 * BrowseInterval) || BrowseTimeout <= 0)
996 {
997 cupsdLogMessage(CUPSD_LOG_ALERT, "Invalid BrowseTimeout value %d!",
998 BrowseTimeout);
999
1000 if (BrowseInterval)
1001 BrowseTimeout = BrowseInterval * 2;
1002 else
1003 BrowseTimeout = DEFAULT_TIMEOUT;
1004
1005 cupsdLogMessage(CUPSD_LOG_ALERT, "Reset BrowseTimeout to %d!",
1006 BrowseTimeout);
1007 }
1008
ef416fc2 1009 /*
1010 * Update the default policy, as needed...
1011 */
1012
1013 if (DefaultPolicy)
1014 DefaultPolicyPtr = cupsdFindPolicy(DefaultPolicy);
1015 else
1016 DefaultPolicyPtr = NULL;
1017
1018 if (!DefaultPolicyPtr)
1019 {
ef416fc2 1020 cupsd_location_t *po; /* New policy operation */
1021
1022
1023 if (DefaultPolicy)
1024 cupsdLogMessage(CUPSD_LOG_ERROR, "Default policy \"%s\" not found!",
1025 DefaultPolicy);
1026
e1d6a774 1027 cupsdSetString(&DefaultPolicy, "default");
1028
ef416fc2 1029 if ((DefaultPolicyPtr = cupsdFindPolicy("default")) != NULL)
1030 cupsdLogMessage(CUPSD_LOG_INFO,
1031 "Using policy \"default\" as the default!");
1032 else
1033 {
1034 cupsdLogMessage(CUPSD_LOG_INFO,
1035 "Creating CUPS default administrative policy:");
1036
1037 DefaultPolicyPtr = p = cupsdAddPolicy("default");
1038
1039 cupsdLogMessage(CUPSD_LOG_INFO, "<Policy default>");
1040 cupsdLogMessage(CUPSD_LOG_INFO,
1041 "<Limit Send-Document Send-URI Cancel-Job Hold-Job "
1042 "Release-Job Restart-Job Purge-Jobs "
1043 "Set-Job-Attributes Create-Job-Subscription "
1044 "Renew-Subscription Cancel-Subscription "
1045 "Get-Notifications Reprocess-Job Cancel-Current-Job "
1046 "Suspend-Current-Job Resume-Job CUPS-Move-Job "
2e4ff8af 1047 "CUPS-Authenticate-Job CUPS-Get-Document>");
ef416fc2 1048 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1049
1050 po = cupsdAddPolicyOp(p, NULL, IPP_SEND_DOCUMENT);
5bd77a73
MS		 1051 po->order_type = CUPSD_AUTH_ALLOW;
1052 po->level = CUPSD_AUTH_USER;
ef416fc2 1053
1054 cupsdAddName(po, "@OWNER");
1055 cupsdAddName(po, "@SYSTEM");
1056 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @OWNER @SYSTEM");
1057
1058 cupsdAddPolicyOp(p, po, IPP_SEND_URI);
1059 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOB);
1060 cupsdAddPolicyOp(p, po, IPP_HOLD_JOB);
1061 cupsdAddPolicyOp(p, po, IPP_RELEASE_JOB);
1062 cupsdAddPolicyOp(p, po, IPP_RESTART_JOB);
1063 cupsdAddPolicyOp(p, po, IPP_PURGE_JOBS);
1064 cupsdAddPolicyOp(p, po, IPP_SET_JOB_ATTRIBUTES);
1065 cupsdAddPolicyOp(p, po, IPP_CREATE_JOB_SUBSCRIPTION);
1066 cupsdAddPolicyOp(p, po, IPP_RENEW_SUBSCRIPTION);
1067 cupsdAddPolicyOp(p, po, IPP_CANCEL_SUBSCRIPTION);
1068 cupsdAddPolicyOp(p, po, IPP_GET_NOTIFICATIONS);
1069 cupsdAddPolicyOp(p, po, IPP_REPROCESS_JOB);
1070 cupsdAddPolicyOp(p, po, IPP_CANCEL_CURRENT_JOB);
1071 cupsdAddPolicyOp(p, po, IPP_SUSPEND_CURRENT_JOB);
1072 cupsdAddPolicyOp(p, po, IPP_RESUME_JOB);
1073 cupsdAddPolicyOp(p, po, CUPS_MOVE_JOB);
1074 cupsdAddPolicyOp(p, po, CUPS_AUTHENTICATE_JOB);
2e4ff8af 1075 cupsdAddPolicyOp(p, po, CUPS_GET_DOCUMENT);
ef416fc2 1076
1077 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1078
1079 cupsdLogMessage(CUPSD_LOG_INFO,
1080 "<Limit Pause-Printer Resume-Printer "
1081 "Set-Printer-Attributes Enable-Printer "
1082 "Disable-Printer Pause-Printer-After-Current-Job "
1083 "Hold-New-Jobs Release-Held-New-Jobs "
1084 "Deactivate-Printer Activate-Printer Restart-Printer "
1085 "Shutdown-Printer Startup-Printer Promote-Job "
1086 "Schedule-Job-After CUPS-Add-Printer "
1087 "CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class "
1088 "CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>");
1089 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
bc44d920 1090 cupsdLogMessage(CUPSD_LOG_INFO, "AuthType Default");
ef416fc2 1091
1092 po = cupsdAddPolicyOp(p, NULL, IPP_PAUSE_PRINTER);
5bd77a73
MS		 1093 po->order_type = CUPSD_AUTH_ALLOW;
1094 po->type = CUPSD_AUTH_DEFAULT;
1095 po->level = CUPSD_AUTH_USER;
ef416fc2 1096
1097 cupsdAddName(po, "@SYSTEM");
1098 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @SYSTEM");
1099
1100 cupsdAddPolicyOp(p, po, IPP_RESUME_PRINTER);
1101 cupsdAddPolicyOp(p, po, IPP_SET_PRINTER_ATTRIBUTES);
1102 cupsdAddPolicyOp(p, po, IPP_ENABLE_PRINTER);
1103 cupsdAddPolicyOp(p, po, IPP_DISABLE_PRINTER);
1104 cupsdAddPolicyOp(p, po, IPP_PAUSE_PRINTER_AFTER_CURRENT_JOB);
1105 cupsdAddPolicyOp(p, po, IPP_HOLD_NEW_JOBS);
1106 cupsdAddPolicyOp(p, po, IPP_RELEASE_HELD_NEW_JOBS);
1107 cupsdAddPolicyOp(p, po, IPP_DEACTIVATE_PRINTER);
1108 cupsdAddPolicyOp(p, po, IPP_ACTIVATE_PRINTER);
1109 cupsdAddPolicyOp(p, po, IPP_RESTART_PRINTER);
1110 cupsdAddPolicyOp(p, po, IPP_SHUTDOWN_PRINTER);
1111 cupsdAddPolicyOp(p, po, IPP_STARTUP_PRINTER);
1112 cupsdAddPolicyOp(p, po, IPP_PROMOTE_JOB);
1113 cupsdAddPolicyOp(p, po, IPP_SCHEDULE_JOB_AFTER);
1114 cupsdAddPolicyOp(p, po, CUPS_ADD_PRINTER);
1115 cupsdAddPolicyOp(p, po, CUPS_DELETE_PRINTER);
1116 cupsdAddPolicyOp(p, po, CUPS_ADD_CLASS);
1117 cupsdAddPolicyOp(p, po, CUPS_DELETE_CLASS);
1118 cupsdAddPolicyOp(p, po, CUPS_ACCEPT_JOBS);
1119 cupsdAddPolicyOp(p, po, CUPS_REJECT_JOBS);
1120 cupsdAddPolicyOp(p, po, CUPS_SET_DEFAULT);
1121
1122 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1123
1124 cupsdLogMessage(CUPSD_LOG_INFO, "<Limit All>");
1125 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1126
1127 po = cupsdAddPolicyOp(p, NULL, IPP_ANY_OPERATION);
5bd77a73 1128 po->order_type = CUPSD_AUTH_ALLOW;
ef416fc2 1129
1130 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1131 cupsdLogMessage(CUPSD_LOG_INFO, "</Policy>");
1132 }
1133 }
1134
bd7854cb 1135 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: NumPolicies=%d",
2e4ff8af
MS		 1136 cupsArrayCount(Policies));
1137 for (i = 0, p = (cupsd_policy_t *)cupsArrayFirst(Policies);
1138 p;
1139 i ++, p = (cupsd_policy_t *)cupsArrayNext(Policies))
bd7854cb 1140 cupsdLogMessage(CUPSD_LOG_DEBUG2,
2e4ff8af 1141 "cupsdReadConfiguration: Policies[%d]=\"%s\"", i, p->name);
ef416fc2 1142
1143 /*
1144 * If we are doing a full reload or the server root has changed, flush
1145 * the jobs, printers, etc. and start from scratch...
1146 */
1147
1148 if (NeedReload == RELOAD_ALL ||
1149 !old_serverroot || !ServerRoot || strcmp(old_serverroot, ServerRoot) ||
1150 !old_requestroot || !RequestRoot || strcmp(old_requestroot, RequestRoot))
1151 {
fa73b229 1152 mime_type_t *type; /* Current type */
1153 char mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE];
1154 /* MIME type name */
1155
1156
ef416fc2 1157 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload is required.");
1158
1159 /*
1160 * Free all memory...
1161 */
1162
1163 cupsdDeleteAllSubscriptions();
1164 cupsdFreeAllJobs();
1165 cupsdDeleteAllClasses();
1166 cupsdDeleteAllPrinters();
1167
1168 DefaultPrinter = NULL;
1169
1170 if (MimeDatabase != NULL)
1171 mimeDelete(MimeDatabase);
1172
1173 if (NumMimeTypes)
1174 {
1175 for (i = 0; i < NumMimeTypes; i ++)
757d2cad 1176 _cupsStrFree(MimeTypes[i]);
ef416fc2 1177
1178 free(MimeTypes);
1179 }
1180
1181 /*
1182 * Read the MIME type and conversion database...
1183 */
1184
1185 snprintf(temp, sizeof(temp), "%s/filter", ServerBin);
dd1abb6b 1186 snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir);
ef416fc2 1187
75bd9771
MS		 1188 MimeDatabase = mimeLoadTypes(NULL, mimedir);
1189 MimeDatabase = mimeLoadTypes(MimeDatabase, ServerRoot);
1190 MimeDatabase = mimeLoadFilters(MimeDatabase, mimedir, temp);
1191 MimeDatabase = mimeLoadFilters(MimeDatabase, ServerRoot, temp);
ef416fc2 1192
1193 if (!MimeDatabase)
1194 {
1195 cupsdLogMessage(CUPSD_LOG_EMERG,
75bd9771
MS		 1196 "Unable to load MIME database from \"%s\" or \"%s\"!",
1197 mimedir, ServerRoot);
49d87452
MS		 1198 if (FatalErrors & CUPSD_FATAL_CONFIG)
1199 return (0);
ef416fc2 1200 }
1201
1202 cupsdLogMessage(CUPSD_LOG_INFO,
75bd9771
MS		 1203 "Loaded MIME database from \"%s\" and \"%s\": %d types, "
1204 "%d filters...", mimedir, ServerRoot,
1205 mimeNumTypes(MimeDatabase), mimeNumFilters(MimeDatabase));
ef416fc2 1206
1207 /*
1208 * Create a list of MIME types for the document-format-supported
1209 * attribute...
1210 */
1211
fa73b229 1212 NumMimeTypes = mimeNumTypes(MimeDatabase);
ef416fc2 1213 if (!mimeType(MimeDatabase, "application", "octet-stream"))
1214 NumMimeTypes ++;
1215
91c84a35 1216 if ((MimeTypes = calloc(NumMimeTypes, sizeof(const char *))) == NULL)
ef416fc2 1217 {
91c84a35
MS		 1218 cupsdLogMessage(CUPSD_LOG_ERROR,
1219 "Unable to allocate memory for %d MIME types!",
1220 NumMimeTypes);
1221 NumMimeTypes = 0;
ef416fc2 1222 }
91c84a35
MS		 1223 else
1224 {
1225 for (i = 0, type = mimeFirstType(MimeDatabase);
1226 type;
1227 i ++, type = mimeNextType(MimeDatabase))
1228 {
1229 snprintf(mimetype, sizeof(mimetype), "%s/%s", type->super, type->type);
1230
1231 MimeTypes[i] = _cupsStrAlloc(mimetype);
1232 }
ef416fc2 1233
91c84a35
MS		 1234 if (i < NumMimeTypes)
1235 MimeTypes[i] = _cupsStrAlloc("application/octet-stream");
1236 }
bd7854cb 1237
1238 if (LogLevel == CUPSD_LOG_DEBUG2)
1239 {
1240 mime_filter_t *filter; /* Current filter */
1241
1242
1243 for (type = mimeFirstType(MimeDatabase);
1244 type;
1245 type = mimeNextType(MimeDatabase))
1246 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: type %s/%s",
1247 type->super, type->type);
1248
1249 for (filter = mimeFirstFilter(MimeDatabase);
1250 filter;
1251 filter = mimeNextFilter(MimeDatabase))
1252 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1253 "cupsdReadConfiguration: filter %s/%s to %s/%s %d %s",
1254 filter->src->super, filter->src->type,
1255 filter->dst->super, filter->dst->type,
1256 filter->cost, filter->filter);
1257 }
ef416fc2 1258
1259 /*
1260 * Load banners...
1261 */
1262
1263 snprintf(temp, sizeof(temp), "%s/banners", DataDir);
1264 cupsdLoadBanners(temp);
1265
1266 /*
1267 * Load printers and classes...
1268 */
1269
1270 cupsdLoadAllPrinters();
1271 cupsdLoadAllClasses();
1272 cupsdLoadRemoteCache();
3dfe78b3 1273 cupsdMarkDirty(CUPSD_DIRTY_PRINTCAP);
ef416fc2 1274
1275 cupsdCreateCommonData();
1276
1277 /*
1278 * Load queued jobs...
1279 */
1280
1281 cupsdLoadAllJobs();
1282
1283 /*
1284 * Load subscriptions...
1285 */
1286
1287 cupsdLoadAllSubscriptions();
1288
1289 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload complete.");
1290 }
1291 else
1292 {
1293 /*
1294 * Not a full reload, so recreate the common printer attributes...
1295 */
1296
1297 cupsdCreateCommonData();
1298
1299 /*
1300 * Update all printers as needed...
1301 */
1302
1303 cupsdUpdatePrinters();
3dfe78b3 1304 cupsdMarkDirty(CUPSD_DIRTY_PRINTCAP);
ef416fc2 1305
1306 cupsdLogMessage(CUPSD_LOG_INFO, "Partial reload complete.");
1307 }
1308
1309 /*
1310 * Reset the reload state...
1311 */
1312
1313 NeedReload = RELOAD_NONE;
1314
1315 cupsdClearString(&old_serverroot);
1316 cupsdClearString(&old_requestroot);
1317
ef416fc2 1318 return (1);
1319}
1320
1321
1322/*
1323 * 'get_address()' - Get an address + port number from a line.
1324 */
1325
1326static http_addrlist_t * /* O - Pointer to list if address good, NULL if bad */
1327get_address(const char *value, /* I - Value string */
1328 int defport) /* I - Default port */
1329{
1330 char buffer[1024], /* Hostname + port number buffer */
1331 defpname[255], /* Default port name */
1332 *hostname, /* Hostname or IP */
1333 *portname; /* Port number or name */
1334 http_addrlist_t *addrlist; /* Address list */
1335
1336
1337 /*
1338 * Check for an empty value...
1339 */
1340
1341 if (!*value)
1342 {
1343 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad (empty) address!");
1344 return (NULL);
1345 }
1346
1347 /*
1348 * Grab a hostname and port number; if there is no colon and the port name
1349 * is only digits, then we have a port number by itself...
1350 */
1351
1352 strlcpy(buffer, value, sizeof(buffer));
1353
1354 if ((portname = strrchr(buffer, ':')) != NULL && !strchr(portname, ']'))
1355 {
1356 *portname++ = '\0';
1357 hostname = buffer;
1358 }
1359 else
1360 {
1361 for (portname = buffer; isdigit(*portname & 255); portname ++);
1362
1363 if (*portname)
1364 {
1365 /*
1366 * Use the default port...
1367 */
1368
1369 sprintf(defpname, "%d", defport);
1370 portname = defpname;
1371 hostname = buffer;
1372 }
1373 else
1374 {
1375 /*
1376 * The buffer contains just a port number...
1377 */
1378
1379 portname = buffer;
1380 hostname = NULL;
1381 }
1382 }
1383
1384 if (hostname && !strcmp(hostname, "*"))
1385 hostname = NULL;
1386
1387 /*
1388 * Now lookup the address using httpAddrGetList()...
1389 */
1390
1391 if ((addrlist = httpAddrGetList(hostname, AF_UNSPEC, portname)) == NULL)
1392 cupsdLogMessage(CUPSD_LOG_ERROR, "Hostname lookup for \"%s\" failed!",
1393 hostname ? hostname : "(nil)");
1394
1395 return (addrlist);
1396}
1397
1398
1399/*
1400 * 'get_addr_and_mask()' - Get an IP address and netmask.
1401 */
1402
1403static int /* O - 1 on success, 0 on failure */
1404get_addr_and_mask(const char *value, /* I - String from config file */
1405 unsigned *ip, /* O - Address value */
1406 unsigned *mask) /* O - Mask value */
1407{
1408 int i, j, /* Looping vars */
1409 family, /* Address family */
1410 ipcount; /* Count of fields in address */
1411 unsigned ipval; /* Value */
1412 const char *maskval, /* Pointer to start of mask value */
1413 *ptr, /* Pointer into value */
1414 *ptr2; /* ... */
ef416fc2 1415
1416
1417 /*
1418 * Get the address...
1419 */
1420
b86bc4cf 1421 ip[0] = ip[1] = ip[2] = ip[3] = 0x00000000;
ed486911 1422 mask[0] = mask[1] = mask[2] = mask[3] = 0xffffffff;
ef416fc2 1423
1424 if ((maskval = strchr(value, '/')) != NULL)
1425 maskval ++;
1426 else
1427 maskval = value + strlen(value);
1428
1429#ifdef AF_INET6
1430 /*
1431 * Check for an IPv6 address...
1432 */
1433
1434 if (*value == '[')
1435 {
1436 /*
1437 * Parse hexadecimal IPv6 address...
1438 */
1439
1440 family = AF_INET6;
1441
1442 for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
1443 {
1444 if (*ptr == ']')
1445 break;
1446 else if (!strncmp(ptr, "::", 2))
1447 {
1448 for (ptr2 = strchr(ptr + 2, ':'), j = 0;
1449 ptr2;
1450 ptr2 = strchr(ptr2 + 1, ':'), j ++);
1451
1452 i = 7 - j;
ed486911 1453 ptr ++;
ef416fc2 1454 }
1455 else if (isxdigit(*ptr & 255))
1456 {
1457 ipval = strtoul(ptr, (char **)&ptr, 16);
1458
1459 if (ipval > 0xffff)
1460 return (0);
1461
1462 if (i & 1)
ed486911 1463 ip[i / 2] |= ipval;
ef416fc2 1464 else
ed486911 1465 ip[i / 2] |= ipval << 16;
ef416fc2 1466 }
1467 else
1468 return (0);
1469
1470 while (*ptr == ':')
1471 ptr ++;
1472 }
1473
ed486911 1474 if (*ptr != ']')
1475 return (0);
1476
1477 ptr ++;
ef416fc2 1478
1479 if (*ptr && *ptr != '/')
1480 return (0);
1481 }
1482 else
1483#endif /* AF_INET6 */
1484 {
1485 /*
1486 * Parse dotted-decimal IPv4 address...
1487 */
1488
ed486911 1489 unsigned val[4]; /* IPv4 address values */
ef416fc2 1490
ef416fc2 1491
ed486911 1492 family = AF_INET;
1493 ipcount = sscanf(value, "%u.%u.%u.%u", val + 0, val + 1, val + 2, val + 3);
1494
ef416fc2 1495 /*
ed486911 1496 * Range check the IP numbers...
ef416fc2 1497 */
1498
ed486911 1499 for (i = 0; i < ipcount; i ++)
1500 if (val[i] > 255)
1501 return (0);
ef416fc2 1502
ed486911 1503 /*
1504 * Make sure the trailing values are zeroed, as some C libraries like
1505 * glibc apparently like to fill the unused arguments with garbage...
1506 */
ef416fc2 1507
ed486911 1508 for (i = ipcount; i < 4; i ++)
1509 val[i] = 0;
ef416fc2 1510
ed486911 1511 /*
1512 * Merge everything into a 32-bit IPv4 address in ip[3]...
1513 */
ef416fc2 1514
ed486911 1515 ip[3] = (((((val[0] << 8) | val[1]) << 8) | val[2]) << 8) | val[3];
ef416fc2 1516
ed486911 1517 if (ipcount < 4)
1518 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1519 }
ef416fc2 1520
ed486911 1521 if (*maskval)
1522 {
1523 /*
1524 * Get the netmask value(s)...
1525 */
1526
1527 memset(mask, 0, sizeof(unsigned) * 4);
ef416fc2 1528
ef416fc2 1529 if (strchr(maskval, '.'))
1530 {
1531 /*
1532 * Get dotted-decimal mask...
1533 */
1534
ed486911 1535 if (family != AF_INET)
1536 return (0);
1537
ef416fc2 1538 if (sscanf(maskval, "%u.%u.%u.%u", mask + 0, mask + 1, mask + 2, mask + 3) != 4)
1539 return (0);
1540
1541 mask[3] |= ((((mask[0] << 8) | mask[1]) << 8) | mask[2]) << 8;
1542 mask[0] = mask[1] = mask[2] = 0;
1543 }
1544 else
1545 {
1546 /*
1547 * Get address/bits format...
1548 */
1549
1550 i = atoi(maskval);
1551
1552#ifdef AF_INET6
1553 if (family == AF_INET6)
1554 {
ed486911 1555 if (i > 128)
1556 return (0);
1557
ef416fc2 1558 i = 128 - i;
1559
1560 if (i <= 96)
1561 mask[0] = 0xffffffff;
1562 else
1563 mask[0] = (0xffffffff << (i - 96)) & 0xffffffff;
1564
1565 if (i <= 64)
1566 mask[1] = 0xffffffff;
1567 else if (i >= 96)
1568 mask[1] = 0;
1569 else
1570 mask[1] = (0xffffffff << (i - 64)) & 0xffffffff;
1571
1572 if (i <= 32)
1573 mask[2] = 0xffffffff;
1574 else if (i >= 64)
1575 mask[2] = 0;
1576 else
1577 mask[2] = (0xffffffff << (i - 32)) & 0xffffffff;
1578
1579 if (i == 0)
1580 mask[3] = 0xffffffff;
1581 else if (i >= 32)
1582 mask[3] = 0;
1583 else
1584 mask[3] = (0xffffffff << i) & 0xffffffff;
1585 }
1586 else
1587#endif /* AF_INET6 */
1588 {
ed486911 1589 if (i > 32)
1590 return (0);
ef416fc2 1591
1592 mask[0] = 0xffffffff;
1593 mask[1] = 0xffffffff;
1594 mask[2] = 0xffffffff;
1595
ed486911 1596 if (i < 32)
1597 mask[3] = (0xffffffff << (32 - i)) & 0xffffffff;
ef416fc2 1598 else
1599 mask[3] = 0xffffffff;
1600 }
1601 }
1602 }
ef416fc2 1603
1604 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1605 "get_addr_and_mask(value=\"%s\", "
b86bc4cf 1606 "ip=[%08x:%08x:%08x:%08x], mask=[%08x:%08x:%08x:%08x])",
ef416fc2 1607 value, ip[0], ip[1], ip[2], ip[3], mask[0], mask[1], mask[2],
1608 mask[3]);
1609
1610 /*
1611 * Check for a valid netmask; no fallback like in CUPS 1.1.x!
1612 */
1613
1614 if ((ip[0] & ~mask[0]) != 0 ||
1615 (ip[1] & ~mask[1]) != 0 ||
1616 (ip[2] & ~mask[2]) != 0 ||
1617 (ip[3] & ~mask[3]) != 0)
1618 return (0);
1619
1620 return (1);
1621}
1622
1623
1624/*
1625 * 'parse_aaa()' - Parse authentication, authorization, and access control lines.
1626 */
1627
1628static int /* O - 1 on success, 0 on failure */
1629parse_aaa(cupsd_location_t *loc, /* I - Location */
1630 char *line, /* I - Line from file */
1631 char *value, /* I - Start of value data */
1632 int linenum) /* I - Current line number */
1633{
1634 char *valptr; /* Pointer into value */
1635 unsigned ip[4], /* IP address components */
1636 mask[4]; /* IP netmask components */
1637
1638
1639 if (!strcasecmp(line, "Encryption"))
1640 {
1641 /*
1642 * "Encryption xxx" - set required encryption level...
1643 */
1644
1645 if (!strcasecmp(value, "never"))
1646 loc->encryption = HTTP_ENCRYPT_NEVER;
1647 else if (!strcasecmp(value, "always"))
1648 {
1649 cupsdLogMessage(CUPSD_LOG_ERROR,
1650 "Encryption value \"%s\" on line %d is invalid in this "
1651 "context. Using \"required\" instead.", value, linenum);
1652
1653 loc->encryption = HTTP_ENCRYPT_REQUIRED;
1654 }
1655 else if (!strcasecmp(value, "required"))
1656 loc->encryption = HTTP_ENCRYPT_REQUIRED;
1657 else if (!strcasecmp(value, "ifrequested"))
1658 loc->encryption = HTTP_ENCRYPT_IF_REQUESTED;
1659 else
1660 {
1661 cupsdLogMessage(CUPSD_LOG_ERROR,
1662 "Unknown Encryption value %s on line %d.", value, linenum);
1663 return (0);
1664 }
1665 }
1666 else if (!strcasecmp(line, "Order"))
1667 {
1668 /*
1669 * "Order Deny,Allow" or "Order Allow,Deny"...
1670 */
1671
1672 if (!strncasecmp(value, "deny", 4))
5bd77a73 1673 loc->order_type = CUPSD_AUTH_ALLOW;
ef416fc2 1674 else if (!strncasecmp(value, "allow", 5))
5bd77a73 1675 loc->order_type = CUPSD_AUTH_DENY;
ef416fc2 1676 else
1677 {
1678 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown Order value %s on line %d.",
1679 value, linenum);
1680 return (0);
1681 }
1682 }
1683 else if (!strcasecmp(line, "Allow") || !strcasecmp(line, "Deny"))
1684 {
1685 /*
1686 * Allow [From] host/ip...
1687 * Deny [From] host/ip...
1688 */
1689
1690 if (!strncasecmp(value, "from", 4))
1691 {
1692 /*
1693 * Strip leading "from"...
1694 */
1695
1696 value += 4;
1697
1698 while (isspace(*value & 255))
1699 value ++;
1700 }
1701
1702 /*
1703 * Figure out what form the allow/deny address takes:
1704 *
1705 * All
1706 * None
1707 * *.domain.com
1708 * .domain.com
1709 * host.domain.com
1710 * nnn.*
1711 * nnn.nnn.*
1712 * nnn.nnn.nnn.*
1713 * nnn.nnn.nnn.nnn
1714 * nnn.nnn.nnn.nnn/mm
1715 * nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
1716 */
1717
1718 if (!strcasecmp(value, "all"))
1719 {
1720 /*
1721 * All hosts...
1722 */
1723
1724 if (!strcasecmp(line, "Allow"))
1725 cupsdAllowIP(loc, zeros, zeros);
1726 else
1727 cupsdDenyIP(loc, zeros, zeros);
1728 }
1729 else if (!strcasecmp(value, "none"))
1730 {
1731 /*
1732 * No hosts...
1733 */
1734
1735 if (!strcasecmp(line, "Allow"))
1736 cupsdAllowIP(loc, ones, zeros);
1737 else
1738 cupsdDenyIP(loc, ones, zeros);
1739 }
ed486911 1740#ifdef AF_INET6
1741 else if (value[0] == '*' || value[0] == '.' ||
1742 (!isdigit(value[0] & 255) && value[0] != '['))
1743#else
ef416fc2 1744 else if (value[0] == '*' || value[0] == '.' || !isdigit(value[0] & 255))
ed486911 1745#endif /* AF_INET6 */
ef416fc2 1746 {
1747 /*
1748 * Host or domain name...
1749 */
1750
1751 if (value[0] == '*')
1752 value ++;
1753
1754 if (!strcasecmp(line, "Allow"))
1755 cupsdAllowHost(loc, value);
1756 else
1757 cupsdDenyHost(loc, value);
1758 }
1759 else
1760 {
1761 /*
1762 * One of many IP address forms...
1763 */
1764
1765 if (!get_addr_and_mask(value, ip, mask))
1766 {
1767 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d.",
1768 value, linenum);
1769 return (0);
1770 }
1771
1772 if (!strcasecmp(line, "Allow"))
1773 cupsdAllowIP(loc, ip, mask);
1774 else
1775 cupsdDenyIP(loc, ip, mask);
1776 }
1777 }
1778 else if (!strcasecmp(line, "AuthType"))
1779 {
1780 /*
bc44d920 1781 * AuthType {none,basic,digest,basicdigest,negotiate,default}
ef416fc2 1782 */
1783
1784 if (!strcasecmp(value, "none"))
1785 {
5bd77a73
MS		 1786 loc->type = CUPSD_AUTH_NONE;
1787 loc->level = CUPSD_AUTH_ANON;
ef416fc2 1788 }
1789 else if (!strcasecmp(value, "basic"))
1790 {
5bd77a73 1791 loc->type = CUPSD_AUTH_BASIC;
ef416fc2 1792
5bd77a73
MS		 1793 if (loc->level == CUPSD_AUTH_ANON)
1794 loc->level = CUPSD_AUTH_USER;
ef416fc2 1795 }
1796 else if (!strcasecmp(value, "digest"))
1797 {
5bd77a73 1798 loc->type = CUPSD_AUTH_DIGEST;
ef416fc2 1799
5bd77a73
MS		 1800 if (loc->level == CUPSD_AUTH_ANON)
1801 loc->level = CUPSD_AUTH_USER;
ef416fc2 1802 }
1803 else if (!strcasecmp(value, "basicdigest"))
1804 {
5bd77a73 1805 loc->type = CUPSD_AUTH_BASICDIGEST;
ef416fc2 1806
5bd77a73
MS		 1807 if (loc->level == CUPSD_AUTH_ANON)
1808 loc->level = CUPSD_AUTH_USER;
bc44d920 1809 }
1810 else if (!strcasecmp(value, "default"))
1811 {
5bd77a73 1812 loc->type = CUPSD_AUTH_DEFAULT;
bc44d920 1813
5bd77a73
MS		 1814 if (loc->level == CUPSD_AUTH_ANON)
1815 loc->level = CUPSD_AUTH_USER;
ef416fc2 1816 }
f7deaa1a 1817#ifdef HAVE_GSSAPI
7594b224 1818 else if (!strcasecmp(value, "negotiate"))
f7deaa1a 1819 {
5bd77a73 1820 loc->type = CUPSD_AUTH_NEGOTIATE;
f7deaa1a 1821
5bd77a73
MS		 1822 if (loc->level == CUPSD_AUTH_ANON)
1823 loc->level = CUPSD_AUTH_USER;
f7deaa1a 1824 }
1825#endif /* HAVE_GSSAPI */
ef416fc2 1826 else
1827 {
1828 cupsdLogMessage(CUPSD_LOG_WARN,
1829 "Unknown authorization type %s on line %d.",
1830 value, linenum);
1831 return (0);
1832 }
1833 }
1834 else if (!strcasecmp(line, "AuthClass"))
1835 {
1836 /*
1837 * AuthClass anonymous, user, system, group
1838 */
1839
1840 if (!strcasecmp(value, "anonymous"))
1841 {
5bd77a73
MS		 1842 loc->type = CUPSD_AUTH_NONE;
1843 loc->level = CUPSD_AUTH_ANON;
ef416fc2 1844
1845 cupsdLogMessage(CUPSD_LOG_WARN,
1846 "\"AuthClass %s\" is deprecated; consider removing "
1847 "it from line %d.",
1848 value, linenum);
1849 }
1850 else if (!strcasecmp(value, "user"))
1851 {
5bd77a73 1852 loc->level = CUPSD_AUTH_USER;
ef416fc2 1853
1854 cupsdLogMessage(CUPSD_LOG_WARN,
1855 "\"AuthClass %s\" is deprecated; consider using "
1856 "\"Require valid-user\" on line %d.",
1857 value, linenum);
1858 }
1859 else if (!strcasecmp(value, "group"))
1860 {
5bd77a73 1861 loc->level = CUPSD_AUTH_GROUP;
ef416fc2 1862
1863 cupsdLogMessage(CUPSD_LOG_WARN,
1864 "\"AuthClass %s\" is deprecated; consider using "
09a101d6 1865 "\"Require user @groupname\" on line %d.",
ef416fc2 1866 value, linenum);
1867 }
1868 else if (!strcasecmp(value, "system"))
1869 {
5bd77a73 1870 loc->level = CUPSD_AUTH_GROUP;
ef416fc2 1871
1872 cupsdAddName(loc, "@SYSTEM");
1873
1874 cupsdLogMessage(CUPSD_LOG_WARN,
1875 "\"AuthClass %s\" is deprecated; consider using "
09a101d6 1876 "\"Require user @SYSTEM\" on line %d.",
ef416fc2 1877 value, linenum);
1878 }
1879 else
1880 {
1881 cupsdLogMessage(CUPSD_LOG_WARN,
1882 "Unknown authorization class %s on line %d.",
1883 value, linenum);
1884 return (0);
1885 }
1886 }
1887 else if (!strcasecmp(line, "AuthGroupName"))
1888 {
1889 cupsdAddName(loc, value);
1890
1891 cupsdLogMessage(CUPSD_LOG_WARN,
1892 "\"AuthGroupName %s\" directive is deprecated; consider "
09a101d6 1893 "using \"Require user @%s\" on line %d.",
ef416fc2 1894 value, value, linenum);
1895 }
1896 else if (!strcasecmp(line, "Require"))
1897 {
1898 /*
1899 * Apache synonym for AuthClass and AuthGroupName...
1900 *
1901 * Get initial word:
1902 *
1903 * Require valid-user
1904 * Require group names
1905 * Require user names
1906 */
1907
1908 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
1909
1910 if (*valptr)
1911 *valptr++ = '\0';
1912
1913 if (!strcasecmp(value, "valid-user") ||
1914 !strcasecmp(value, "user"))
5bd77a73 1915 loc->level = CUPSD_AUTH_USER;
ef416fc2 1916 else if (!strcasecmp(value, "group"))
5bd77a73 1917 loc->level = CUPSD_AUTH_GROUP;
ef416fc2 1918 else
1919 {
1920 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Require type %s on line %d.",
1921 value, linenum);
1922 return (0);
1923 }
1924
1925 /*
1926 * Get the list of names from the line...
1927 */
1928
1929 for (value = valptr; *value;)
1930 {
1931 while (isspace(*value & 255))
1932 value ++;
1933
f7deaa1a 1934#ifdef HAVE_AUTHORIZATION_H
1935 if (!strncmp(value, "@AUTHKEY(", 9))
1936 {
1937 /*
1938 * Grab "@AUTHKEY(name)" value...
1939 */
1940
1941 for (valptr = value + 9; *valptr != ')' && *valptr; valptr ++);
1942
1943 if (*valptr)
1944 *valptr++ = '\0';
1945 }
1946 else
1947#endif /* HAVE_AUTHORIZATION_H */
ef416fc2 1948 if (*value == '\"' || *value == '\'')
1949 {
1950 /*
1951 * Grab quoted name...
1952 */
1953
1954 for (valptr = value + 1; *valptr != *value && *valptr; valptr ++);
1955
1956 value ++;
1957 }
1958 else
1959 {
1960 /*
1961 * Grab literal name.
1962 */
1963
1964 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
1965 }
1966
1967 if (*valptr)
1968 *valptr++ = '\0';
1969
1970 cupsdAddName(loc, value);
1971
1972 for (value = valptr; isspace(*value & 255); value ++);
1973 }
1974 }
1975 else if (!strcasecmp(line, "Satisfy"))
1976 {
1977 if (!strcasecmp(value, "all"))
5bd77a73 1978 loc->satisfy = CUPSD_AUTH_SATISFY_ALL;
ef416fc2 1979 else if (!strcasecmp(value, "any"))
5bd77a73 1980 loc->satisfy = CUPSD_AUTH_SATISFY_ANY;
ef416fc2 1981 else
1982 {
1983 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Satisfy value %s on line %d.",
1984 value, linenum);
1985 return (0);
1986 }
1987 }
1988 else
1989 return (0);
1990
1991 return (1);
1992}
1993
1994
49d87452
MS		 1995/*
1996 * 'parse_fatal_errors()' - Parse FatalErrors values in a string.
1997 */
1998
1999static int /* O - FatalErrors bits */
2000parse_fatal_errors(const char *s) /* I - FatalErrors string */
2001{
2002 int fatal; /* FatalErrors bits */
2003 char value[1024], /* Value string */
2004 *valstart, /* Pointer into value */
2005 *valend; /* End of value */
2006
2007
2008 /*
2009 * Empty FatalErrors line yields NULL pointer...
2010 */
2011
2012 if (!s)
2013 return (CUPSD_FATAL_NONE);
2014
2015 /*
2016 * Loop through the value string,...
2017 */
2018
2019 strlcpy(value, s, sizeof(value));
2020
2021 fatal = CUPSD_FATAL_NONE;
2022
2023 for (valstart = value; *valstart;)
2024 {
2025 /*
2026 * Get the current space/comma-delimited kind name...
2027 */
2028
2029 for (valend = valstart; *valend; valend ++)
2030 if (isspace(*valend & 255) || *valend == ',')
2031 break;
2032
2033 if (*valend)
2034 *valend++ = '\0';
2035
2036 /*
2037 * Add the error to the bitmask...
2038 */
2039
2040 if (!strcasecmp(valstart, "all"))
2041 fatal = CUPSD_FATAL_ALL;
2042 else if (!strcasecmp(valstart, "browse"))
2043 fatal |= CUPSD_FATAL_BROWSE;
2044 else if (!strcasecmp(valstart, "-browse"))
2045 fatal &= ~CUPSD_FATAL_BROWSE;
2046 else if (!strcasecmp(valstart, "config"))
2047 fatal |= CUPSD_FATAL_CONFIG;
2048 else if (!strcasecmp(valstart, "-config"))
2049 fatal &= ~CUPSD_FATAL_CONFIG;
2050 else if (!strcasecmp(valstart, "listen"))
2051 fatal |= CUPSD_FATAL_LISTEN;
2052 else if (!strcasecmp(valstart, "-listen"))
2053 fatal &= ~CUPSD_FATAL_LISTEN;
2054 else if (!strcasecmp(valstart, "log"))
2055 fatal |= CUPSD_FATAL_LOG;
2056 else if (!strcasecmp(valstart, "-log"))
2057 fatal &= ~CUPSD_FATAL_LOG;
2058 else if (!strcasecmp(valstart, "permissions"))
2059 fatal |= CUPSD_FATAL_PERMISSIONS;
2060 else if (!strcasecmp(valstart, "-permissions"))
2061 fatal &= ~CUPSD_FATAL_PERMISSIONS;
2062 else if (strcasecmp(valstart, "none"))
2063 cupsdLogMessage(CUPSD_LOG_ERROR,
2064 "Unknown FatalErrors kind \"%s\" ignored!", valstart);
2065
2066 for (valstart = valend; *valstart; valstart ++)
2067 if (!isspace(*valstart & 255) || *valstart != ',')
2068 break;
2069 }
2070
2071 return (fatal);
2072}
2073
2074
bd7854cb 2075/*
2076 * 'parse_groups()' - Parse system group names in a string.
2077 */
2078
2079static int /* O - 1 on success, 0 on failure */
2080parse_groups(const char *s) /* I - Space-delimited groups */
2081{
2082 int status; /* Return status */
2083 char value[1024], /* Value string */
2084 *valstart, /* Pointer into value */
2085 *valend, /* End of value */
2086 quote; /* Quote character */
2087 struct group *group; /* Group */
2088
2089
2090 /*
2091 * Make a copy of the string and parse out the groups...
2092 */
2093
2094 strlcpy(value, s, sizeof(value));
2095
2096 status = 1;
2097 valstart = value;
2098
2099 while (*valstart && NumSystemGroups < MAX_SYSTEM_GROUPS)
2100 {
2101 if (*valstart == '\'' || *valstart == '\"')
2102 {
2103 /*
2104 * Scan quoted name...
2105 */
2106
2107 quote = *valstart++;
2108
2109 for (valend = valstart; *valend; valend ++)
2110 if (*valend == quote)
2111 break;
2112 }
2113 else
2114 {
2115 /*
2116 * Scan space or comma-delimited name...
2117 */
2118
2119 for (valend = valstart; *valend; valend ++)
2120 if (isspace(*valend) || *valend == ',')
2121 break;
2122 }
2123
2124 if (*valend)
2125 *valend++ = '\0';
2126
2127 group = getgrnam(valstart);
2128 if (group)
2129 {
2130 cupsdSetString(SystemGroups + NumSystemGroups, valstart);
2131 SystemGroupIDs[NumSystemGroups] = group->gr_gid;
2132
2133 NumSystemGroups ++;
2134 }
2135 else
2136 status = 0;
2137
2138 endgrent();
2139
2140 valstart = valend;
2141
2142 while (*valstart == ',' || isspace(*valstart))
2143 valstart ++;
2144 }
2145
2146 return (status);
2147}
2148
2149
2150/*
2151 * 'parse_protocols()' - Parse browse protocols in a string.
2152 */
2153
2154static int /* O - Browse protocol bits */
2155parse_protocols(const char *s) /* I - Space-delimited protocols */
2156{
2157 int protocols; /* Browse protocol bits */
2158 char value[1024], /* Value string */
2159 *valstart, /* Pointer into value */
2160 *valend; /* End of value */
2161
2162
d09495fa 2163 /*
2164 * Empty protocol line yields NULL pointer...
2165 */
2166
2167 if (!s)
2168 return (0);
2169
bd7854cb 2170 /*
2171 * Loop through the value string,...
2172 */
2173
2174 strlcpy(value, s, sizeof(value));
2175
2176 protocols = 0;
2177
2178 for (valstart = value; *valstart;)
2179 {
2180 /*
2181 * Get the current space/comma-delimited protocol name...
2182 */
2183
2184 for (valend = valstart; *valend; valend ++)
2185 if (isspace(*valend & 255) || *valend == ',')
2186 break;
2187
2188 if (*valend)
2189 *valend++ = '\0';
2190
2191 /*
2192 * Add the protocol to the bitmask...
2193 */
2194
2195 if (!strcasecmp(valstart, "cups"))
2196 protocols |= BROWSE_CUPS;
2197 else if (!strcasecmp(valstart, "slp"))
2198 protocols |= BROWSE_SLP;
2199 else if (!strcasecmp(valstart, "ldap"))
2200 protocols |= BROWSE_LDAP;
a41f09e2
MS		 2201 else if (!strcasecmp(valstart, "dnssd") ||
2202 !strcasecmp(valstart, "dns-sd") ||
2203 !strcasecmp(valstart, "bonjour"))
bd7854cb 2204 protocols |= BROWSE_DNSSD;
2e4ff8af
MS		 2205 else if (!strcasecmp(valstart, "lpd"))
2206 protocols |= BROWSE_LPD;
2207 else if (!strcasecmp(valstart, "smb"))
2208 protocols |= BROWSE_SMB;
bd7854cb 2209 else if (!strcasecmp(valstart, "all"))
2210 protocols |= BROWSE_ALL;
b86bc4cf 2211 else if (strcasecmp(valstart, "none"))
a41f09e2
MS		 2212 cupsdLogMessage(CUPSD_LOG_ERROR,
2213 "Unknown browse protocol \"%s\" ignored!", valstart);
bd7854cb 2214
2215 for (valstart = valend; *valstart; valstart ++)
2216 if (!isspace(*valstart & 255) || *valstart != ',')
2217 break;
2218 }
2219
2220 return (protocols);
2221}
2222
2223
ef416fc2 2224/*
2225 * 'read_configuration()' - Read a configuration file.
2226 */
2227
2228static int /* O - 1 on success, 0 on failure */
2229read_configuration(cups_file_t *fp) /* I - File to read from */
2230{
2231 int i; /* Looping var */
2232 int linenum; /* Current line number */
2233 char line[HTTP_MAX_BUFFER],
2234 /* Line from file */
2235 temp[HTTP_MAX_BUFFER],
2236 /* Temporary buffer for value */
2237 temp2[HTTP_MAX_BUFFER],
2238 /* Temporary buffer 2 for value */
2239 *ptr, /* Pointer into line/temp */
2240 *value, /* Pointer to value */
bd7854cb 2241 *valueptr; /* Pointer into value */
ef416fc2 2242 int valuelen; /* Length of value */
ac884b6a 2243 cupsd_var_t const *var; /* Current variable */
ef416fc2 2244 http_addrlist_t *addrlist, /* Address list */
2245 *addr; /* Current address */
2246 unsigned ip[4], /* Address value */
2247 mask[4]; /* Netmask value */
2248 cupsd_dirsvc_relay_t *relay; /* Relay data */
2249 cupsd_dirsvc_poll_t *pollp; /* Polling data */
2250 cupsd_location_t *location; /* Browse location */
2251 cups_file_t *incfile; /* Include file */
2252 char incname[1024]; /* Include filename */
2253 struct group *group; /* Group */
2254
2255
2256 /*
2257 * Loop through each line in the file...
2258 */
2259
2260 linenum = 0;
2261
2262 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
2263 {
2264 /*
2265 * Decode the directive...
2266 */
2267
c934a06c 2268 if (!strcasecmp(line, "Include") && value)
ef416fc2 2269 {
2270 /*
2271 * Include filename
2272 */
2273
2274 if (value[0] == '/')
2275 strlcpy(incname, value, sizeof(incname));
2276 else
2277 snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value);
2278
2279 if ((incfile = cupsFileOpen(incname, "rb")) == NULL)
2280 cupsdLogMessage(CUPSD_LOG_ERROR,
2281 "Unable to include config file \"%s\" - %s",
2282 incname, strerror(errno));
2283 else
2284 {
2285 read_configuration(incfile);
2286 cupsFileClose(incfile);
2287 }
2288 }
c934a06c 2289 else if (!strcasecmp(line, "<Location") && value)
ef416fc2 2290 {
2291 /*
2292 * <Location path>
2293 */
2294
c934a06c
MS		 2295 linenum = read_location(fp, value, linenum);
2296 if (linenum == 0)
2297 return (0);
ef416fc2 2298 }
c934a06c 2299 else if (!strcasecmp(line, "<Policy") && value)
ef416fc2 2300 {
2301 /*
2302 * <Policy name>
2303 */
2304
c934a06c
MS		 2305 linenum = read_policy(fp, value, linenum);
2306 if (linenum == 0)
2307 return (0);
ef416fc2 2308 }
49d87452
MS		 2309 else if (!strcasecmp(line, "FatalErrors"))
2310 FatalErrors = parse_fatal_errors(value);
c934a06c 2311 else if (!strcasecmp(line, "FaxRetryInterval") && value)
ef416fc2 2312 {
c934a06c
MS		 2313 JobRetryInterval = atoi(value);
2314 cupsdLogMessage(CUPSD_LOG_WARN,
2315 "FaxRetryInterval is deprecated; use "
2316 "JobRetryInterval on line %d.", linenum);
ef416fc2 2317 }
c934a06c 2318 else if (!strcasecmp(line, "FaxRetryLimit") && value)
ef416fc2 2319 {
c934a06c
MS		 2320 JobRetryLimit = atoi(value);
2321 cupsdLogMessage(CUPSD_LOG_WARN,
2322 "FaxRetryLimit is deprecated; use "
2323 "JobRetryLimit on line %d.", linenum);
ef416fc2 2324 }
2325 else if (!strcasecmp(line, "Port") || !strcasecmp(line, "Listen")
2326#ifdef HAVE_SSL
2327 || !strcasecmp(line, "SSLPort") || !strcasecmp(line, "SSLListen")
2328#endif /* HAVE_SSL */
2329 )
2330 {
2331 /*
2332 * Add listening address(es) to the list...
2333 */
2334
2335 cupsd_listener_t *lis; /* New listeners array */
2336
2337
2338 /*
2339 * Get the address list...
2340 */
2341
2342 addrlist = get_address(value, IPP_PORT);
2343
2344 if (!addrlist)
2345 {
2346 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad %s address %s at line %d.", line,
2347 value, linenum);
2348 continue;
2349 }
2350
2351 /*
2352 * Add each address...
2353 */
2354
2355 for (addr = addrlist; addr; addr = addr->next)
2356 {
49d87452
MS		 2357 /*
2358 * See if this address is already present...
2359 */
2360
2361 for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners);
2362 lis;
2363 lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
2364 if (httpAddrEqual(&(addr->addr), &(lis->address)) &&
2365 _httpAddrPort(&(addr->addr)) == _httpAddrPort(&(lis->address)))
2366 break;
2367
2368 if (lis)
2369 {
2370 httpAddrString(&lis->address, temp, sizeof(temp));
2371 cupsdLogMessage(CUPSD_LOG_WARN,
2372 "Duplicate listen address \"%s\" ignored!", temp);
2373 continue;
2374 }
2375
ef416fc2 2376 /*
2377 * Allocate another listener...
2378 */
2379
bd7854cb 2380 if (!Listeners)
2381 Listeners = cupsArrayNew(NULL, NULL);
ef416fc2 2382
bd7854cb 2383 if (!Listeners)
ef416fc2 2384 {
2385 cupsdLogMessage(CUPSD_LOG_ERROR,
2386 "Unable to allocate %s at line %d - %s.",
2387 line, linenum, strerror(errno));
2388 break;
2389 }
2390
bd7854cb 2391 if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
2392 {
2393 cupsdLogMessage(CUPSD_LOG_ERROR,
2394 "Unable to allocate %s at line %d - %s.",
2395 line, linenum, strerror(errno));
2396 break;
2397 }
2398
2399 cupsArrayAdd(Listeners, lis);
ef416fc2 2400
2401 /*
2402 * Copy the current address and log it...
2403 */
2404
ef416fc2 2405 memcpy(&(lis->address), &(addr->addr), sizeof(lis->address));
a4d04587 2406 lis->fd = -1;
ef416fc2 2407
2408#ifdef HAVE_SSL
2409 if (!strcasecmp(line, "SSLPort") || !strcasecmp(line, "SSLListen"))
2410 lis->encryption = HTTP_ENCRYPT_ALWAYS;
2411#endif /* HAVE_SSL */
2412
a4d04587 2413 httpAddrString(&lis->address, temp, sizeof(temp));
2414
ef416fc2 2415#ifdef AF_INET6
2416 if (lis->address.addr.sa_family == AF_INET6)
2417 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s:%d (IPv6)", temp,
2418 ntohs(lis->address.ipv6.sin6_port));
2419 else
2420#endif /* AF_INET6 */
2421#ifdef AF_LOCAL
2422 if (lis->address.addr.sa_family == AF_LOCAL)
2423 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s (Domain)", temp);
2424 else
2425#endif /* AF_LOCAL */
2426 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s:%d (IPv4)", temp,
2427 ntohs(lis->address.ipv4.sin_port));
ef416fc2 2428 }
2429
2430 /*
2431 * Free the list...
2432 */
2433
2434 httpAddrFreeList(addrlist);
2435 }
c934a06c 2436 else if (!strcasecmp(line, "BrowseAddress") && value)
ef416fc2 2437 {
2438 /*
2439 * Add a browse address to the list...
2440 */
2441
2442 cupsd_dirsvc_addr_t *dira; /* New browse address array */
2443
2444
2445 if (NumBrowsers == 0)
2446 dira = malloc(sizeof(cupsd_dirsvc_addr_t));
2447 else
2448 dira = realloc(Browsers, (NumBrowsers + 1) * sizeof(cupsd_dirsvc_addr_t));
2449
2450 if (!dira)
2451 {
2452 cupsdLogMessage(CUPSD_LOG_ERROR,
2453 "Unable to allocate BrowseAddress at line %d - %s.",
2454 linenum, strerror(errno));
2455 continue;
2456 }
2457
2458 Browsers = dira;
2459 dira += NumBrowsers;
2460
2461 memset(dira, 0, sizeof(cupsd_dirsvc_addr_t));
2462
2463 if (!strcasecmp(value, "@LOCAL"))
2464 {
2465 /*
2466 * Send browse data to all local interfaces...
2467 */
2468
2469 strcpy(dira->iface, "*");
2470 NumBrowsers ++;
2471 }
2472 else if (!strncasecmp(value, "@IF(", 4))
2473 {
2474 /*
2475 * Send browse data to the named interface...
2476 */
2477
2478 strlcpy(dira->iface, value + 4, sizeof(Browsers[0].iface));
2479
2480 ptr = dira->iface + strlen(dira->iface) - 1;
2481 if (*ptr == ')')
2482 *ptr = '\0';
2483
2484 NumBrowsers ++;
2485 }
2486 else if ((addrlist = get_address(value, BrowsePort)) != NULL)
2487 {
2488 /*
2489 * Only IPv4 addresses are supported...
2490 */
2491
2492 for (addr = addrlist; addr; addr = addr->next)
2493 if (addr->addr.addr.sa_family == AF_INET)
2494 break;
2495
2496 if (addr)
2497 {
2498 memcpy(&(dira->to), &(addrlist->addr), sizeof(dira->to));
2499 httpAddrString(&(dira->to), temp, sizeof(temp));
2500
2501 cupsdLogMessage(CUPSD_LOG_INFO,
2502 "Sending browsing info to %s:%d (IPv4)",
2503 temp, ntohs(dira->to.ipv4.sin_port));
2504
2505 NumBrowsers ++;
2506 }
2507 else
2508 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad BrowseAddress %s at line %d.",
2509 value, linenum);
2510
2511 httpAddrFreeList(addrlist);
2512 }
2513 else
2514 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad BrowseAddress %s at line %d.",
2515 value, linenum);
2516 }
c934a06c 2517 else if (!strcasecmp(line, "BrowseOrder") && value)
ef416fc2 2518 {
2519 /*
2520 * "BrowseOrder Deny,Allow" or "BrowseOrder Allow,Deny"...
2521 */
2522
2523 if ((location = cupsdFindLocation("CUPS_INTERNAL_BROWSE_ACL")) == NULL)
2524 location = cupsdAddLocation("CUPS_INTERNAL_BROWSE_ACL");
2525
2526 if (location == NULL)
2527 cupsdLogMessage(CUPSD_LOG_ERROR,
2528 "Unable to initialize browse access control list!");
2529 else if (!strncasecmp(value, "deny", 4))
5bd77a73 2530 location->order_type = CUPSD_AUTH_ALLOW;
ef416fc2 2531 else if (!strncasecmp(value, "allow", 5))
5bd77a73 2532 location->order_type = CUPSD_AUTH_DENY;
ef416fc2 2533 else
2534 cupsdLogMessage(CUPSD_LOG_ERROR,
2535 "Unknown BrowseOrder value %s on line %d.",
2536 value, linenum);
2537 }
2538 else if (!strcasecmp(line, "BrowseProtocols") ||
2539 !strcasecmp(line, "BrowseLocalProtocols") ||
2540 !strcasecmp(line, "BrowseRemoteProtocols"))
2541 {
2542 /*
bd7854cb 2543 * "BrowseProtocols name [... name]"
2544 * "BrowseLocalProtocols name [... name]"
2545 * "BrowseRemoteProtocols name [... name]"
ef416fc2 2546 */
2547
bd7854cb 2548 int protocols = parse_protocols(value);
ef416fc2 2549
bd7854cb 2550 if (protocols < 0)
ef416fc2 2551 {
bd7854cb 2552 cupsdLogMessage(CUPSD_LOG_ERROR,
2553 "Unknown browse protocol \"%s\" on line %d.",
2554 value, linenum);
2555 break;
ef416fc2 2556 }
bd7854cb 2557
2558 if (strcasecmp(line, "BrowseLocalProtocols"))
2559 BrowseRemoteProtocols = protocols;
2560 if (strcasecmp(line, "BrowseRemoteProtocols"))
2561 BrowseLocalProtocols = protocols;
ef416fc2 2562 }
c934a06c
MS		 2563 else if ((!strcasecmp(line, "BrowseAllow") ||
2564 !strcasecmp(line, "BrowseDeny")) && value)
ef416fc2 2565 {
2566 /*
2567 * BrowseAllow [From] host/ip...
2568 * BrowseDeny [From] host/ip...
2569 */
2570
2571 if ((location = cupsdFindLocation("CUPS_INTERNAL_BROWSE_ACL")) == NULL)
2572 location = cupsdAddLocation("CUPS_INTERNAL_BROWSE_ACL");
2573
2574 if (location == NULL)
2575 cupsdLogMessage(CUPSD_LOG_ERROR,
2576 "Unable to initialize browse access control list!");
2577 else
2578 {
2579 if (!strncasecmp(value, "from ", 5))
2580 {
2581 /*
2582 * Strip leading "from"...
2583 */
2584
2585 value += 5;
2586
2587 while (isspace(*value))
2588 value ++;
2589 }
2590
2591 /*
2592 * Figure out what form the allow/deny address takes:
2593 *
2594 * All
2595 * None
2596 * *.domain.com
2597 * .domain.com
2598 * host.domain.com
2599 * nnn.*
2600 * nnn.nnn.*
2601 * nnn.nnn.nnn.*
2602 * nnn.nnn.nnn.nnn
2603 * nnn.nnn.nnn.nnn/mm
2604 * nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
2605 */
2606
2607 if (!strcasecmp(value, "all"))
2608 {
2609 /*
2610 * All hosts...
2611 */
2612
2613 if (!strcasecmp(line, "BrowseAllow"))
2614 cupsdAllowIP(location, zeros, zeros);
2615 else
2616 cupsdDenyIP(location, zeros, zeros);
2617 }
2618 else if (!strcasecmp(value, "none"))
2619 {
2620 /*
2621 * No hosts...
2622 */
2623
2624 if (!strcasecmp(line, "BrowseAllow"))
2625 cupsdAllowIP(location, ones, zeros);
2626 else
2627 cupsdDenyIP(location, ones, zeros);
2628 }
ed486911 2629#ifdef AF_INET6
2630 else if (value[0] == '*' || value[0] == '.' ||
2631 (!isdigit(value[0] & 255) && value[0] != '['))
2632#else
2633 else if (value[0] == '*' || value[0] == '.' || !isdigit(value[0] & 255))
2634#endif /* AF_INET6 */
ef416fc2 2635 {
2636 /*
2637 * Host or domain name...
2638 */
2639
2640 if (value[0] == '*')
2641 value ++;
2642
2643 if (!strcasecmp(line, "BrowseAllow"))
2644 cupsdAllowHost(location, value);
2645 else
2646 cupsdDenyHost(location, value);
2647 }
2648 else
2649 {
2650 /*
2651 * One of many IP address forms...
2652 */
2653
2654 if (!get_addr_and_mask(value, ip, mask))
2655 {
2656 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d.",
2657 value, linenum);
2658 break;
2659 }
2660
2661 if (!strcasecmp(line, "BrowseAllow"))
2662 cupsdAllowIP(location, ip, mask);
2663 else
2664 cupsdDenyIP(location, ip, mask);
2665 }
2666 }
2667 }
c934a06c 2668 else if (!strcasecmp(line, "BrowseRelay") && value)
ef416fc2 2669 {
2670 /*
2671 * BrowseRelay [from] source [to] destination
2672 */
2673
2674 if (NumRelays == 0)
2675 relay = malloc(sizeof(cupsd_dirsvc_relay_t));
2676 else
2677 relay = realloc(Relays, (NumRelays + 1) * sizeof(cupsd_dirsvc_relay_t));
2678
2679 if (!relay)
2680 {
2681 cupsdLogMessage(CUPSD_LOG_ERROR,
2682 "Unable to allocate BrowseRelay at line %d - %s.",
2683 linenum, strerror(errno));
2684 continue;
2685 }
2686
2687 Relays = relay;
2688 relay += NumRelays;
2689
2690 memset(relay, 0, sizeof(cupsd_dirsvc_relay_t));
2691
2692 if (!strncasecmp(value, "from ", 5))
2693 {
2694 /*
2695 * Strip leading "from"...
2696 */
2697
2698 value += 5;
2699
2700 while (isspace(*value))
2701 value ++;
2702 }
2703
2704 /*
2705 * Figure out what form the from address takes:
2706 *
2707 * *.domain.com
2708 * .domain.com
2709 * host.domain.com
2710 * nnn.*
2711 * nnn.nnn.*
2712 * nnn.nnn.nnn.*
2713 * nnn.nnn.nnn.nnn
2714 * nnn.nnn.nnn.nnn/mm
2715 * nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
2716 */
2717
ed486911 2718#ifdef AF_INET6
2719 if (value[0] == '*' || value[0] == '.' ||
2720 (!isdigit(value[0] & 255) && value[0] != '['))
2721#else
2722 if (value[0] == '*' || value[0] == '.' || !isdigit(value[0] & 255))
2723#endif /* AF_INET6 */
ef416fc2 2724 {
2725 /*
2726 * Host or domain name...
2727 */
2728
2729 if (value[0] == '*')
2730 value ++;
2731
2732 strlcpy(temp, value, sizeof(temp));
2733 if ((ptr = strchr(temp, ' ')) != NULL)
2734 *ptr = '\0';
2735
5bd77a73 2736 relay->from.type = CUPSD_AUTH_NAME;
91c84a35
MS		 2737
2738 if ((relay->from.mask.name.name = strdup(temp)) == NULL)
2739 {
2740 cupsdLogMessage(CUPSD_LOG_ERROR,
2741 "Unable to allocate BrowseRelay name at line %d - %s.",
2742 linenum, strerror(errno));
2743 continue;
2744 }
2745
ef416fc2 2746 relay->from.mask.name.length = strlen(temp);
2747 }
2748 else
2749 {
2750 /*
2751 * One of many IP address forms...
2752 */
2753
2754 if (!get_addr_and_mask(value, ip, mask))
2755 {
2756 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d.",
2757 value, linenum);
2758 break;
2759 }
2760
5bd77a73 2761 relay->from.type = CUPSD_AUTH_IP;
ef416fc2 2762 memcpy(relay->from.mask.ip.address, ip,
2763 sizeof(relay->from.mask.ip.address));
2764 memcpy(relay->from.mask.ip.netmask, mask,
2765 sizeof(relay->from.mask.ip.netmask));
2766 }
2767
2768 /*
2769 * Skip value and trailing whitespace...
2770 */
2771
2772 for (; *value; value ++)
2773 if (isspace(*value))
2774 break;
2775
2776 while (isspace(*value))
2777 value ++;
2778
2779 if (!strncasecmp(value, "to ", 3))
2780 {
2781 /*
2782 * Strip leading "to"...
2783 */
2784
2785 value += 3;
2786
2787 while (isspace(*value))
2788 value ++;
2789 }
2790
2791 /*
2792 * Get "to" address and port...
2793 */
2794
2795 if ((addrlist = get_address(value, BrowsePort)) != NULL)
2796 {
2797 /*
2798 * Only IPv4 addresses are supported...
2799 */
2800
2801 for (addr = addrlist; addr; addr = addr->next)
2802 if (addr->addr.addr.sa_family == AF_INET)
2803 break;
2804
2805 if (addr)
2806 {
2807 memcpy(&(relay->to), &(addrlist->addr), sizeof(relay->to));
2808
2809 httpAddrString(&(relay->to), temp, sizeof(temp));
2810
5bd77a73 2811 if (relay->from.type == CUPSD_AUTH_IP)
ef416fc2 2812 snprintf(temp2, sizeof(temp2), "%u.%u.%u.%u/%u.%u.%u.%u",
3d8365b8 2813 relay->from.mask.ip.address[0] >> 24,
2814 (relay->from.mask.ip.address[0] >> 16) & 255,
2815 (relay->from.mask.ip.address[0] >> 8) & 255,
2816 relay->from.mask.ip.address[0] & 255,
2817 relay->from.mask.ip.netmask[0] >> 24,
2818 (relay->from.mask.ip.netmask[0] >> 16) & 255,
2819 (relay->from.mask.ip.netmask[0] >> 8) & 255,
2820 relay->from.mask.ip.netmask[0] & 255);
ef416fc2 2821 else
2822 strlcpy(temp2, relay->from.mask.name.name, sizeof(temp2));
2823
2824 cupsdLogMessage(CUPSD_LOG_INFO, "Relaying from %s to %s:%d (IPv4)",
8ca02f3c 2825 temp2, temp, ntohs(relay->to.ipv4.sin_port));
ef416fc2 2826
2827 NumRelays ++;
2828 }
2829 else
2830 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad relay address %s at line %d.",
2831 value, linenum);
2832
2833 httpAddrFreeList(addrlist);
2834 }
2835 else
2836 {
5bd77a73 2837 if (relay->from.type == CUPSD_AUTH_NAME)
ef416fc2 2838 free(relay->from.mask.name.name);
2839
2840 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad relay address %s at line %d.",
2841 value, linenum);
2842 }
2843 }
c934a06c 2844 else if (!strcasecmp(line, "BrowsePoll") && value)
ef416fc2 2845 {
2846 /*
2847 * BrowsePoll address[:port]
2848 */
2849
2850 char *portname; /* Port name */
2851 int portnum; /* Port number */
2852 struct servent *service; /* Service */
2853
2854
2855 /*
2856 * Extract the port name from the address...
2857 */
2858
2859 if ((portname = strrchr(value, ':')) != NULL && !strchr(portname, ']'))
2860 {
2861 *portname++ = '\0';
2862
2863 if (isdigit(*portname & 255))
2864 portnum = atoi(portname);
2865 else if ((service = getservbyname(portname, NULL)) != NULL)
2866 portnum = ntohs(service->s_port);
2867 else
2868 {
2869 cupsdLogMessage(CUPSD_LOG_ERROR, "Lookup of service \"%s\" failed!",
2870 portname);
2871 continue;
2872 }
2873 }
2874 else
2875 portnum = ippPort();
2876
2877 /*
2878 * Add the poll entry...
2879 */
2880
2881 if (NumPolled == 0)
2882 pollp = malloc(sizeof(cupsd_dirsvc_poll_t));
2883 else
2884 pollp = realloc(Polled, (NumPolled + 1) * sizeof(cupsd_dirsvc_poll_t));
2885
2886 if (!pollp)
2887 {
2888 cupsdLogMessage(CUPSD_LOG_ERROR,
2889 "Unable to allocate BrowsePoll at line %d - %s.",
2890 linenum, strerror(errno));
2891 continue;
2892 }
2893
2894 Polled = pollp;
2895 pollp += NumPolled;
2896
2897 NumPolled ++;
2898 memset(pollp, 0, sizeof(cupsd_dirsvc_poll_t));
2899
2900 strlcpy(pollp->hostname, value, sizeof(pollp->hostname));
2901 pollp->port = portnum;
2902
2903 cupsdLogMessage(CUPSD_LOG_INFO, "Polling %s:%d", pollp->hostname,
2904 pollp->port);
2905 }
c934a06c 2906 else if (!strcasecmp(line, "DefaultAuthType") && value)
ef416fc2 2907 {
2908 /*
bc44d920 2909 * DefaultAuthType {basic,digest,basicdigest,negotiate}
ef416fc2 2910 */
2911
c24d2134 2912 if (!strcasecmp(value, "none"))
5bd77a73 2913 DefaultAuthType = CUPSD_AUTH_NONE;
c24d2134 2914 else if (!strcasecmp(value, "basic"))
5bd77a73 2915 DefaultAuthType = CUPSD_AUTH_BASIC;
ef416fc2 2916 else if (!strcasecmp(value, "digest"))
5bd77a73 2917 DefaultAuthType = CUPSD_AUTH_DIGEST;
ef416fc2 2918 else if (!strcasecmp(value, "basicdigest"))
5bd77a73 2919 DefaultAuthType = CUPSD_AUTH_BASICDIGEST;
f7deaa1a 2920#ifdef HAVE_GSSAPI
7594b224 2921 else if (!strcasecmp(value, "negotiate"))
5bd77a73 2922 DefaultAuthType = CUPSD_AUTH_NEGOTIATE;
f7deaa1a 2923#endif /* HAVE_GSSAPI */
ef416fc2 2924 else
2925 {
2926 cupsdLogMessage(CUPSD_LOG_WARN,
2927 "Unknown default authorization type %s on line %d.",
2928 value, linenum);
49d87452
MS		 2929 if (FatalErrors & CUPSD_FATAL_CONFIG)
2930 return (0);
ef416fc2 2931 }
2932 }
4744bd90 2933#ifdef HAVE_SSL
2934 else if (!strcasecmp(line, "DefaultEncryption"))
2935 {
2936 /*
2937 * DefaultEncryption {Never,IfRequested,Required}
2938 */
2939
2940 if (!value || !strcasecmp(value, "never"))
2941 DefaultEncryption = HTTP_ENCRYPT_NEVER;
2942 else if (!strcasecmp(value, "required"))
2943 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
2944 else if (!strcasecmp(value, "ifrequested"))
2945 DefaultEncryption = HTTP_ENCRYPT_IF_REQUESTED;
2946 else
2947 {
2948 cupsdLogMessage(CUPSD_LOG_WARN,
2949 "Unknown default encryption %s on line %d.",
2950 value, linenum);
49d87452
MS		 2951 if (FatalErrors & CUPSD_FATAL_CONFIG)
2952 return (0);
4744bd90 2953 }
2954 }
2955#endif /* HAVE_SSL */
f7deaa1a 2956#ifdef HAVE_GSSAPI
c934a06c 2957 else if (!strcasecmp(line, "Krb5Keytab") && value)
f7deaa1a 2958 {
2959 cupsdSetStringf(&Krb5Keytab, "KRB5_KTNAME=%s", value);
2960 putenv(Krb5Keytab);
2961
2962# ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY
2963 gsskrb5_register_acceptor_identity(value);
2964# else
2965 cupsdSetEnv("KRB5_KTNAME", value);
2966# endif /* HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY */
2967 }
2968#endif /* HAVE_GSSAPI */
c934a06c 2969 else if (!strcasecmp(line, "User") && value)
ef416fc2 2970 {
2971 /*
2972 * User ID to run as...
2973 */
2974
c934a06c 2975 if (isdigit(value[0] & 255))
ef416fc2 2976 {
2977 int uid = atoi(value);
2978
2979 if (!uid)
2980 cupsdLogMessage(CUPSD_LOG_ERROR,
2981 "Will not use User 0 as specified on line %d "
2982 "for security reasons. You must use a non-"
2983 "privileged account instead.",
2984 linenum);
2985 else
2986 User = atoi(value);
2987 }
c934a06c 2988 else
ef416fc2 2989 {
2990 struct passwd *p; /* Password information */
2991
2992 endpwent();
2993 p = getpwnam(value);
2994
2995 if (p)
2996 {
2997 if (!p->pw_uid)
2998 cupsdLogMessage(CUPSD_LOG_ERROR,
2999 "Will not use User %s (UID=0) as specified on line "
3000 "%d for security reasons. You must use a non-"
3001 "privileged account instead.",
3002 value, linenum);
3003 else
3004 User = p->pw_uid;
3005 }
3006 else
3007 cupsdLogMessage(CUPSD_LOG_ERROR,
3008 "Unknown User \"%s\" on line %d, ignoring!",
3009 value, linenum);
3010 }
ef416fc2 3011 }
c934a06c 3012 else if (!strcasecmp(line, "Group") && value)
ef416fc2 3013 {
3014 /*
3015 * Group ID to run as...
3016 */
3017
3018 if (isdigit(value[0]))
3019 Group = atoi(value);
3020 else
3021 {
3022 endgrent();
3023 group = getgrnam(value);
3024
3025 if (group != NULL)
3026 Group = group->gr_gid;
3027 else
3028 cupsdLogMessage(CUPSD_LOG_ERROR,
3029 "Unknown Group \"%s\" on line %d, ignoring!",
3030 value, linenum);
3031 }
3032 }
c934a06c 3033 else if (!strcasecmp(line, "SystemGroup") && value)
ef416fc2 3034 {
3035 /*
bd7854cb 3036 * SystemGroup (admin) group(s)...
ef416fc2 3037 */
3038
bd7854cb 3039 if (!parse_groups(value))
3040 cupsdLogMessage(CUPSD_LOG_ERROR,
3041 "Unknown SystemGroup \"%s\" on line %d, ignoring!",
3042 value, linenum);
ef416fc2 3043 }
c934a06c 3044 else if (!strcasecmp(line, "HostNameLookups") && value)
ef416fc2 3045 {
3046 /*
3047 * Do hostname lookups?
3048 */
3049
dd1abb6b
MS		 3050 if (!strcasecmp(value, "off") || !strcasecmp(value, "no") ||
3051 !strcasecmp(value, "false"))
ef416fc2 3052 HostNameLookups = 0;
dd1abb6b
MS		 3053 else if (!strcasecmp(value, "on") || !strcasecmp(value, "yes") ||
3054 !strcasecmp(value, "true"))
ef416fc2 3055 HostNameLookups = 1;
3056 else if (!strcasecmp(value, "double"))
3057 HostNameLookups = 2;
3058 else
3059 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown HostNameLookups %s on line %d.",
3060 value, linenum);
3061 }
1f0275e3
MS		 3062 else if (!strcasecmp(line, "AccessLogLevel") && value)
3063 {
3064 /*
3065 * Amount of logging to do to access log...
3066 */
3067
3068 if (!strcasecmp(value, "all"))
3069 AccessLogLevel = CUPSD_ACCESSLOG_ALL;
3070 else if (!strcasecmp(value, "actions"))
3071 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
3072 else if (!strcasecmp(value, "config"))
3073 AccessLogLevel = CUPSD_ACCESSLOG_CONFIG;
3074 else
3075 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown AccessLogLevel %s on line %d.",
3076 value, linenum);
3077 }
c934a06c 3078 else if (!strcasecmp(line, "LogLevel") && value)
ef416fc2 3079 {
3080 /*
1f0275e3 3081 * Amount of logging to do to error log...
ef416fc2 3082 */
3083
3084 if (!strcasecmp(value, "debug2"))
3085 LogLevel = CUPSD_LOG_DEBUG2;
3086 else if (!strcasecmp(value, "debug"))
3087 LogLevel = CUPSD_LOG_DEBUG;
3088 else if (!strcasecmp(value, "info"))
3089 LogLevel = CUPSD_LOG_INFO;
3090 else if (!strcasecmp(value, "notice"))
3091 LogLevel = CUPSD_LOG_NOTICE;
3092 else if (!strcasecmp(value, "warn"))
3093 LogLevel = CUPSD_LOG_WARN;
3094 else if (!strcasecmp(value, "error"))
3095 LogLevel = CUPSD_LOG_ERROR;
3096 else if (!strcasecmp(value, "crit"))
3097 LogLevel = CUPSD_LOG_CRIT;
3098 else if (!strcasecmp(value, "alert"))
3099 LogLevel = CUPSD_LOG_ALERT;
3100 else if (!strcasecmp(value, "emerg"))
3101 LogLevel = CUPSD_LOG_EMERG;
3102 else if (!strcasecmp(value, "none"))
3103 LogLevel = CUPSD_LOG_NONE;
3104 else
3105 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogLevel %s on line %d.",
3106 value, linenum);
3107 }
c934a06c 3108 else if (!strcasecmp(line, "PrintcapFormat") && value)
ef416fc2 3109 {
3110 /*
3111 * Format of printcap file?
3112 */
3113
3114 if (!strcasecmp(value, "bsd"))
3115 PrintcapFormat = PRINTCAP_BSD;
3116 else if (!strcasecmp(value, "solaris"))
3117 PrintcapFormat = PRINTCAP_SOLARIS;
3118 else
3119 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown PrintcapFormat %s on line %d.",
3120 value, linenum);
3121 }
c934a06c 3122 else if (!strcasecmp(line, "ServerTokens") && value)
ef416fc2 3123 {
3124 /*
3125 * Set the string used for the Server header...
3126 */
3127
3128 struct utsname plat; /* Platform info */
3129
3130
3131 uname(&plat);
3132
3133 if (!strcasecmp(value, "ProductOnly"))
3134 cupsdSetString(&ServerHeader, "CUPS");
3135 else if (!strcasecmp(value, "Major"))
3136 cupsdSetString(&ServerHeader, "CUPS/1");
3137 else if (!strcasecmp(value, "Minor"))
ae71f5de 3138 cupsdSetString(&ServerHeader, "CUPS/1.4");
ef416fc2 3139 else if (!strcasecmp(value, "Minimal"))
3140 cupsdSetString(&ServerHeader, CUPS_MINIMAL);
3141 else if (!strcasecmp(value, "OS"))
3142 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s)", plat.sysname);
3143 else if (!strcasecmp(value, "Full"))
3144 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s) IPP/1.1",
3145 plat.sysname);
3146 else if (!strcasecmp(value, "None"))
3147 cupsdClearString(&ServerHeader);
3148 else
3149 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d.",
3150 value, linenum);
3151 }
c934a06c 3152 else if (!strcasecmp(line, "PassEnv") && value)
ef416fc2 3153 {
3154 /*
3155 * PassEnv variable [... variable]
3156 */
3157
3158 for (; *value;)
3159 {
3160 for (valuelen = 0; value[valuelen]; valuelen ++)
3161 if (isspace(value[valuelen]) || value[valuelen] == ',')
3162 break;
3163
3164 if (value[valuelen])
3165 {
3166 value[valuelen] = '\0';
3167 valuelen ++;
3168 }
3169
3170 cupsdSetEnv(value, NULL);
3171
3172 for (value += valuelen; *value; value ++)
3173 if (!isspace(*value) || *value != ',')
3174 break;
3175 }
3176 }
c934a06c 3177 else if (!strcasecmp(line, "SetEnv") && value)
ef416fc2 3178 {
3179 /*
3180 * SetEnv variable value
3181 */
3182
3183 for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
3184
3185 if (*valueptr)
3186 {
3187 /*
3188 * Found a value...
3189 */
3190
3191 while (isspace(*valueptr & 255))
3192 *valueptr++ = '\0';
3193
3194 cupsdSetEnv(value, valueptr);
3195 }
3196 else
3197 cupsdLogMessage(CUPSD_LOG_ERROR,
3198 "Missing value for SetEnv directive on line %d.",
3199 linenum);
3200 }
3201 else
3202 {
3203 /*
3204 * Find a simple variable in the list...
3205 */
3206
3207 for (i = NUM_VARS, var = variables; i > 0; i --, var ++)
3208 if (!strcasecmp(line, var->name))
3209 break;
3210
3211 if (i == 0)
3212 {
3213 /*
3214 * Unknown directive! Output an error message and continue...
3215 */
3216
c934a06c
MS		 3217 if (!value)
3218 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d.",
3219 line, linenum);
3220 else
3221 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d.",
3222 line, linenum);
ef416fc2 3223 continue;
3224 }
3225
3226 switch (var->type)
3227 {
3228 case CUPSD_VARTYPE_INTEGER :
a74454a7 3229 if (!value)
3230 cupsdLogMessage(CUPSD_LOG_ERROR,
3231 "Missing integer value for %s on line %d!",
3232 line, linenum);
3233 else
ef416fc2 3234 {
3235 int n; /* Number */
3236 char *units; /* Units */
3237
3238
3239 n = strtol(value, &units, 0);
3240
3241 if (units && *units)
3242 {
3243 if (tolower(units[0] & 255) == 'g')
3244 n *= 1024 * 1024 * 1024;
3245 else if (tolower(units[0] & 255) == 'm')
3246 n *= 1024 * 1024;
3247 else if (tolower(units[0] & 255) == 'k')
3248 n *= 1024;
3249 else if (tolower(units[0] & 255) == 't')
3250 n *= 262144;
3251 }
3252
8ca02f3c 3253 if (n < 0)
3254 cupsdLogMessage(CUPSD_LOG_ERROR,
3255 "Bad negative integer value for %s on line %d!",
3256 line, linenum);
3257 else
3258 *((int *)var->ptr) = n;
ef416fc2 3259 }
3260 break;
3261
3262 case CUPSD_VARTYPE_BOOLEAN :
a74454a7 3263 if (!value)
3264 cupsdLogMessage(CUPSD_LOG_ERROR,
3265 "Missing boolean value for %s on line %d!",
3266 line, linenum);
3267 else if (!strcasecmp(value, "true") ||
3268 !strcasecmp(value, "on") ||
3269 !strcasecmp(value, "enabled") ||
3270 !strcasecmp(value, "yes") ||
3271 atoi(value) != 0)
ef416fc2 3272 *((int *)var->ptr) = TRUE;
3273 else if (!strcasecmp(value, "false") ||
3274 !strcasecmp(value, "off") ||
3275 !strcasecmp(value, "disabled") ||
3276 !strcasecmp(value, "no") ||
3277 !strcasecmp(value, "0"))
3278 *((int *)var->ptr) = FALSE;
3279 else
3280 cupsdLogMessage(CUPSD_LOG_ERROR,
3281 "Unknown boolean value %s on line %d.",
3282 value, linenum);
3283 break;
3284
76cd9e37 3285 case CUPSD_VARTYPE_PATHNAME :
c934a06c
MS		 3286 if (!value)
3287 {
3288 cupsdLogMessage(CUPSD_LOG_ERROR,
3289 "Missing pathname value for %s on line %d!",
3290 line, linenum);
3291 break;
3292 }
3293
3294 if (value[0] == '/')
76cd9e37
MS		 3295 strlcpy(temp, value, sizeof(temp));
3296 else
3297 snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value);
3298
3299 if (access(temp, 0))
3300 {
3301 cupsdLogMessage(CUPSD_LOG_ERROR,
3302 "File or directory for \"%s %s\" on line %d "
3303 "does not exist!", line, value, linenum);
3304 break;
3305 }
3306
ef416fc2 3307 case CUPSD_VARTYPE_STRING :
3308 cupsdSetString((char **)var->ptr, value);
3309 break;
3310 }
3311 }
3312 }
3313
3314 return (1);
3315}
3316
3317
3318/*
3319 * 'read_location()' - Read a <Location path> definition.
3320 */
3321
3322static int /* O - New line number or 0 on error */
3323read_location(cups_file_t *fp, /* I - Configuration file */
3324 char *location, /* I - Location name/path */
3325 int linenum) /* I - Current line number */
3326{
3327 cupsd_location_t *loc, /* New location */
3328 *parent; /* Parent location */
3329 char line[HTTP_MAX_BUFFER],
3330 /* Line buffer */
3331 *value, /* Value for directive */
3332 *valptr; /* Pointer into value */
3333
3334
3335 if ((parent = cupsdAddLocation(location)) == NULL)
3336 return (0);
3337
5bd77a73 3338 parent->limit = CUPSD_AUTH_LIMIT_ALL;
ef416fc2 3339 loc = parent;
3340
3341 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3342 {
3343 /*
3344 * Decode the directive...
3345 */
3346
3347 if (!strcasecmp(line, "</Location>"))
3348 return (linenum);
3349 else if (!strcasecmp(line, "<Limit") ||
3350 !strcasecmp(line, "<LimitExcept"))
3351 {
3352 if (!value)
3353 {
3354 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
49d87452
MS		 3355 if (FatalErrors & CUPSD_FATAL_CONFIG)
3356 return (0);
ef416fc2 3357 }
3358
3359 if ((loc = cupsdCopyLocation(&parent)) == NULL)
3360 return (0);
3361
3362 loc->limit = 0;
3363 while (*value)
3364 {
3365 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3366
3367 if (*valptr)
3368 *valptr++ = '\0';
3369
3370 if (!strcmp(value, "ALL"))
5bd77a73 3371 loc->limit = CUPSD_AUTH_LIMIT_ALL;
ef416fc2 3372 else if (!strcmp(value, "GET"))
5bd77a73 3373 loc->limit |= CUPSD_AUTH_LIMIT_GET;
ef416fc2 3374 else if (!strcmp(value, "HEAD"))
5bd77a73 3375 loc->limit |= CUPSD_AUTH_LIMIT_HEAD;
ef416fc2 3376 else if (!strcmp(value, "OPTIONS"))
5bd77a73 3377 loc->limit |= CUPSD_AUTH_LIMIT_OPTIONS;
ef416fc2 3378 else if (!strcmp(value, "POST"))
5bd77a73 3379 loc->limit |= CUPSD_AUTH_LIMIT_POST;
ef416fc2 3380 else if (!strcmp(value, "PUT"))
5bd77a73 3381 loc->limit |= CUPSD_AUTH_LIMIT_PUT;
ef416fc2 3382 else if (!strcmp(value, "TRACE"))
5bd77a73 3383 loc->limit |= CUPSD_AUTH_LIMIT_TRACE;
ef416fc2 3384 else
3385 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown request type %s on line %d!",
3386 value, linenum);
3387
3388 for (value = valptr; isspace(*value & 255); value ++);
3389 }
3390
3391 if (!strcasecmp(line, "<LimitExcept"))
5bd77a73 3392 loc->limit = CUPSD_AUTH_LIMIT_ALL ^ loc->limit;
ef416fc2 3393
3394 parent->limit &= ~loc->limit;
3395 }
ac884b6a
MS		 3396 else if (!strcasecmp(line, "</Limit>") ||
3397 !strcasecmp(line, "</LimitExcept>"))
ef416fc2 3398 loc = parent;
3399 else if (!parse_aaa(loc, line, value, linenum))
3400 {
3401 cupsdLogMessage(CUPSD_LOG_ERROR,
3402 "Unknown Location directive %s on line %d.",
3403 line, linenum);
49d87452
MS		 3404 if (FatalErrors & CUPSD_FATAL_CONFIG)
3405 return (0);
ef416fc2 3406 }
3407 }
3408
3409 cupsdLogMessage(CUPSD_LOG_ERROR,
3410 "Unexpected end-of-file at line %d while reading location!",
3411 linenum);
3412
49d87452 3413 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
ef416fc2 3414}
3415
3416
3417/*
3418 * 'read_policy()' - Read a <Policy name> definition.
3419 */
3420
3421static int /* O - New line number or 0 on error */
3422read_policy(cups_file_t *fp, /* I - Configuration file */
3423 char *policy, /* I - Location name/path */
3424 int linenum) /* I - Current line number */
3425{
3426 int i; /* Looping var */
3427 cupsd_policy_t *pol; /* Policy */
3428 cupsd_location_t *op; /* Policy operation */
3429 int num_ops; /* Number of IPP operations */
3430 ipp_op_t ops[100]; /* Operations */
3431 char line[HTTP_MAX_BUFFER],
3432 /* Line buffer */
3433 *value, /* Value for directive */
3434 *valptr; /* Pointer into value */
3435
3436
3437 /*
3438 * Create the policy...
3439 */
3440
3441 if ((pol = cupsdAddPolicy(policy)) == NULL)
3442 return (0);
3443
3444 /*
3445 * Read from the file...
3446 */
3447
3448 op = NULL;
3449 num_ops = 0;
3450
3451 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3452 {
3453 /*
3454 * Decode the directive...
3455 */
3456
3457 if (!strcasecmp(line, "</Policy>"))
3458 {
3459 if (op)
3460 cupsdLogMessage(CUPSD_LOG_WARN,
3461 "Missing </Limit> before </Policy> on line %d!",
3462 linenum);
3463
2e4ff8af
MS		 3464 /*
3465 * Verify that we have an explicit policy for CUPS-Get-Document
3466 * (ensures that upgrades do not introduce new security issues...)
3467 */
3468
3469 if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL ||
3470 op->op == IPP_ANY_OPERATION)
3471 {
3472 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3473 op->op != IPP_ANY_OPERATION)
3474 {
3475 /*
3476 * Add a new limit for CUPS-Get-Document using the Send-Document
3477 * limit as a template...
3478 */
3479
3480 cupsdLogMessage(CUPSD_LOG_WARN,
3481 "No limit for CUPS-Get-Document defined in policy %s "
3482 "- using Send-Document's policy", pol->name);
3483
3484 cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT);
3485 }
3486 }
3487
ef416fc2 3488 return (linenum);
3489 }
3490 else if (!strcasecmp(line, "<Limit") && !op)
3491 {
3492 if (!value)
3493 {
3494 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
49d87452
MS		 3495 if (FatalErrors & CUPSD_FATAL_CONFIG)
3496 return (0);
ef416fc2 3497 }
3498
3499 /*
3500 * Scan for IPP operation names...
3501 */
3502
3503 num_ops = 0;
3504
3505 while (*value)
3506 {
3507 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3508
3509 if (*valptr)
3510 *valptr++ = '\0';
3511
3512 if (num_ops < (int)(sizeof(ops) / sizeof(ops[0])))
3513 {
3514 if (!strcasecmp(value, "All"))
3515 ops[num_ops] = IPP_ANY_OPERATION;
3516 else if ((ops[num_ops] = ippOpValue(value)) == IPP_BAD_OPERATION)
3517 cupsdLogMessage(CUPSD_LOG_ERROR,
3518 "Bad IPP operation name \"%s\" on line %d!",
3519 value, linenum);
3520 else
3521 num_ops ++;
3522 }
3523 else
3524 cupsdLogMessage(CUPSD_LOG_ERROR,
3525 "Too many operations listed on line %d!",
3526 linenum);
3527
3528 for (value = valptr; isspace(*value & 255); value ++);
3529 }
3530
3531 /*
3532 * If none are specified, apply the policy to all operations...
3533 */
3534
3535 if (num_ops == 0)
3536 {
3537 ops[0] = IPP_ANY_OPERATION;
3538 num_ops = 1;
3539 }
3540
3541 /*
3542 * Add a new policy for the first operation...
3543 */
3544
3545 op = cupsdAddPolicyOp(pol, NULL, ops[0]);
3546 }
3547 else if (!strcasecmp(line, "</Limit>") && op)
3548 {
3549 /*
3550 * Finish the current operation limit...
3551 */
3552
3553 if (num_ops > 1)
3554 {
3555 /*
3556 * Copy the policy to the other operations...
3557 */
3558
3559 for (i = 1; i < num_ops; i ++)
3560 cupsdAddPolicyOp(pol, op, ops[i]);
3561 }
3562
3563 op = NULL;
3564 }
3565 else if (!op)
3566 {
3567 cupsdLogMessage(CUPSD_LOG_ERROR,
3568 "Missing <Limit ops> directive before %s on line %d.",
3569 line, linenum);
49d87452
MS		 3570 if (FatalErrors & CUPSD_FATAL_CONFIG)
3571 return (0);
ef416fc2 3572 }
3573 else if (!parse_aaa(op, line, value, linenum))
3574 {
3575 if (op)
3576 cupsdLogMessage(CUPSD_LOG_ERROR,
3577 "Unknown Policy Limit directive %s on line %d.",
3578 line, linenum);
3579 else
3580 cupsdLogMessage(CUPSD_LOG_ERROR,
3581 "Unknown Policy directive %s on line %d.",
3582 line, linenum);
3583
49d87452
MS		 3584 if (FatalErrors & CUPSD_FATAL_CONFIG)
3585 return (0);
ef416fc2 3586 }
3587 }
3588
3589 cupsdLogMessage(CUPSD_LOG_ERROR,
3590 "Unexpected end-of-file at line %d while reading policy \"%s\"!",
3591 linenum, policy);
3592
49d87452 3593 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
ef416fc2 3594}
3595
3596
3597/*
75bd9771 3598 * End of "$Id: conf.c 7694 2008-06-26 00:23:20Z mike $".
ef416fc2 3599 */
Unnamed repository; edit this file 'description' to name the repository.