]> git.ipfire.org Git - thirdparty/cups.git/blame - scheduler/conf.c
projects / thirdparty / cups.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Import CUPS v2.0.3
[thirdparty/cups.git] / scheduler / conf.c
CommitLineData
ef416fc2 1/*
a215cf84 2 * "$Id: conf.c 12701 2015-06-08 18:33:44Z msweet $"
ef416fc2 3 *
8eabd901 4 * Configuration routines for the CUPS scheduler.
ef416fc2 5 *
1a18c85c 6 * Copyright 2007-2014 by Apple Inc.
8eabd901 7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
ef416fc2 8 *
8eabd901
MS		 9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
ef416fc2 14 */
15
16/*
17 * Include necessary headers...
18 */
19
20#include "cupsd.h"
21#include <stdarg.h>
22#include <grp.h>
23#include <sys/utsname.h>
b94498cf 24#include <syslog.h>
ef416fc2 25
97c9a8d7
MS		 26#ifdef HAVE_LIBPAPER
27# include <paper.h>
28#endif /* HAVE_LIBPAPER */
29
ef416fc2 30
31/*
32 * Possibly missing network definitions...
33 */
34
35#ifndef INADDR_NONE
36# define INADDR_NONE 0xffffffff
37#endif /* !INADDR_NONE */
38
39
40/*
41 * Configuration variable structure...
42 */
43
44typedef enum
45{
46 CUPSD_VARTYPE_INTEGER, /* Integer option */
82cc1f9a 47 CUPSD_VARTYPE_TIME, /* Time interval option */
ef416fc2 48 CUPSD_VARTYPE_STRING, /* String option */
76cd9e37 49 CUPSD_VARTYPE_BOOLEAN, /* Boolean option */
1a18c85c
MS		 50 CUPSD_VARTYPE_PATHNAME, /* File/directory name option */
51 CUPSD_VARTYPE_PERM /* File/directory permissions */
ef416fc2 52} cupsd_vartype_t;
53
54typedef struct
55{
a2326b5b 56 const char *name; /* Name of variable */
ef416fc2 57 void *ptr; /* Pointer to variable */
58 cupsd_vartype_t type; /* Type (int, string, address) */
59} cupsd_var_t;
60
61
62/*
63 * Local globals...
64 */
65
c41769ff 66static const cupsd_var_t cupsd_vars[] =
ef416fc2 67{
ef416fc2 68 { "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN },
37e7e6e0 69#if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
f3c17241 70 { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_STRING },
37e7e6e0 71#endif /* HAVE_DNSSD || HAVE_AVAHI */
b19ccc9e 72 { "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN },
ef416fc2 73 { "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN },
ef416fc2 74 { "Classification", &Classification, CUPSD_VARTYPE_STRING },
75 { "ClassifyOverride", &ClassifyOverride, CUPSD_VARTYPE_BOOLEAN },
ef416fc2 76 { "DefaultLanguage", &DefaultLanguage, CUPSD_VARTYPE_STRING },
82cc1f9a 77 { "DefaultLeaseDuration", &DefaultLeaseDuration, CUPSD_VARTYPE_TIME },
c5571a1d 78 { "DefaultPaperSize", &DefaultPaperSize, CUPSD_VARTYPE_STRING },
ef416fc2 79 { "DefaultPolicy", &DefaultPolicy, CUPSD_VARTYPE_STRING },
fa73b229 80 { "DefaultShared", &DefaultShared, CUPSD_VARTYPE_BOOLEAN },
82cc1f9a 81 { "DirtyCleanInterval", &DirtyCleanInterval, CUPSD_VARTYPE_TIME },
323c5de1 82 { "ErrorPolicy", &ErrorPolicy, CUPSD_VARTYPE_STRING },
ef416fc2 83 { "FilterLimit", &FilterLimit, CUPSD_VARTYPE_INTEGER },
84 { "FilterNice", &FilterNice, CUPSD_VARTYPE_INTEGER },
dcb445bc
MS		 85#ifdef HAVE_GSSAPI
86 { "GSSServiceName", &GSSServiceName, CUPSD_VARTYPE_STRING },
87#endif /* HAVE_GSSAPI */
1a18c85c
MS		 88#if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
89 { "IdleExitTimeout", &IdleExitTimeout, CUPSD_VARTYPE_TIME },
90#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
82cc1f9a 91 { "JobKillDelay", &JobKillDelay, CUPSD_VARTYPE_TIME },
ef416fc2 92 { "JobRetryLimit", &JobRetryLimit, CUPSD_VARTYPE_INTEGER },
82cc1f9a
MS		 93 { "JobRetryInterval", &JobRetryInterval, CUPSD_VARTYPE_TIME },
94 { "KeepAliveTimeout", &KeepAliveTimeout, CUPSD_VARTYPE_TIME },
ef416fc2 95 { "KeepAlive", &KeepAlive, CUPSD_VARTYPE_BOOLEAN },
f7deaa1a 96#ifdef HAVE_LAUNCHD
1a18c85c 97 { "LaunchdTimeout", &IdleExitTimeout, CUPSD_VARTYPE_TIME },
f7deaa1a 98#endif /* HAVE_LAUNCHD */
ef416fc2 99 { "LimitRequestBody", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
100 { "ListenBackLog", &ListenBackLog, CUPSD_VARTYPE_INTEGER },
178cb736 101 { "LogDebugHistory", &LogDebugHistory, CUPSD_VARTYPE_INTEGER },
ef416fc2 102 { "MaxActiveJobs", &MaxActiveJobs, CUPSD_VARTYPE_INTEGER },
103 { "MaxClients", &MaxClients, CUPSD_VARTYPE_INTEGER },
104 { "MaxClientsPerHost", &MaxClientsPerHost, CUPSD_VARTYPE_INTEGER },
105 { "MaxCopies", &MaxCopies, CUPSD_VARTYPE_INTEGER },
106 { "MaxEvents", &MaxEvents, CUPSD_VARTYPE_INTEGER },
82cc1f9a 107 { "MaxHoldTime", &MaxHoldTime, CUPSD_VARTYPE_TIME },
ef416fc2 108 { "MaxJobs", &MaxJobs, CUPSD_VARTYPE_INTEGER },
109 { "MaxJobsPerPrinter", &MaxJobsPerPrinter, CUPSD_VARTYPE_INTEGER },
110 { "MaxJobsPerUser", &MaxJobsPerUser, CUPSD_VARTYPE_INTEGER },
215ef638 111 { "MaxJobTime", &MaxJobTime, CUPSD_VARTYPE_TIME },
82cc1f9a 112 { "MaxLeaseDuration", &MaxLeaseDuration, CUPSD_VARTYPE_TIME },
ef416fc2 113 { "MaxLogSize", &MaxLogSize, CUPSD_VARTYPE_INTEGER },
ef416fc2 114 { "MaxRequestSize", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
115 { "MaxSubscriptions", &MaxSubscriptions, CUPSD_VARTYPE_INTEGER },
116 { "MaxSubscriptionsPerJob", &MaxSubscriptionsPerJob, CUPSD_VARTYPE_INTEGER },
117 { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER },
118 { "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER },
82cc1f9a 119 { "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_TIME },
01ce6322 120 { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING },
82cc1f9a
MS		 121 { "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_TIME },
122 { "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_TIME },
82cc1f9a 123 { "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_TIME },
ef416fc2 124 { "RIPCache", &RIPCache, CUPSD_VARTYPE_STRING },
82cc1f9a 125 { "RootCertDuration", &RootCertDuration, CUPSD_VARTYPE_TIME },
ef416fc2 126 { "ServerAdmin", &ServerAdmin, CUPSD_VARTYPE_STRING },
c41769ff
MS		 127 { "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
128 { "StrictConformance", &StrictConformance, CUPSD_VARTYPE_BOOLEAN },
129 { "Timeout", &Timeout, CUPSD_VARTYPE_TIME },
130 { "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN }
131};
132static const cupsd_var_t cupsfiles_vars[] =
133{
134 { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
135 { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
1a18c85c 136 { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_PERM },
c41769ff
MS		 137 { "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
138 { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
139 { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
140 { "FileDevice", &FileDevice, CUPSD_VARTYPE_BOOLEAN },
141 { "FontPath", &FontPath, CUPSD_VARTYPE_STRING },
1a18c85c 142 { "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_PERM },
c41769ff
MS		 143 { "LPDConfigFile", &LPDConfigFile, CUPSD_VARTYPE_STRING },
144 { "PageLog", &PageLog, CUPSD_VARTYPE_STRING },
145 { "Printcap", &Printcap, CUPSD_VARTYPE_STRING },
cb7f98ee 146 { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
c41769ff 147 { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
76cd9e37 148 { "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME },
ef416fc2 149#ifdef HAVE_SSL
1a18c85c 150 { "ServerKeychain", &ServerKeychain, CUPSD_VARTYPE_PATHNAME },
ef416fc2 151#endif /* HAVE_SSL */
76cd9e37 152 { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME },
2e4ff8af 153 { "SMBConfigFile", &SMBConfigFile, CUPSD_VARTYPE_STRING },
ef416fc2 154 { "StateDir", &StateDir, CUPSD_VARTYPE_STRING },
8a259669 155 { "SyncOnClose", &SyncOnClose, CUPSD_VARTYPE_BOOLEAN },
f7deaa1a 156#ifdef HAVE_AUTHORIZATION_H
157 { "SystemGroupAuthKey", &SystemGroupAuthKey, CUPSD_VARTYPE_STRING },
158#endif /* HAVE_AUTHORIZATION_H */
c41769ff 159 { "TempDir", &TempDir, CUPSD_VARTYPE_PATHNAME }
ef416fc2 160};
ef416fc2 161
c41769ff
MS		 162static int default_auth_type = CUPSD_AUTH_AUTO;
163 /* Default AuthType, if not specified */
ef416fc2 164
ac884b6a 165static const unsigned ones[4] =
ef416fc2 166 {
167 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff
168 };
ac884b6a 169static const unsigned zeros[4] =
ef416fc2 170 {
171 0x00000000, 0x00000000, 0x00000000, 0x00000000
172 };
173
174
175/*
176 * Local functions...
177 */
e07d4801 178
ef416fc2 179static http_addrlist_t *get_address(const char *value, int defport);
180static int get_addr_and_mask(const char *value, unsigned *ip,
181 unsigned *mask);
eac3a0a0 182static void mime_error_cb(void *ctx, const char *message);
ef416fc2 183static int parse_aaa(cupsd_location_t *loc, char *line,
184 char *value, int linenum);
49d87452 185static int parse_fatal_errors(const char *s);
bd7854cb 186static int parse_groups(const char *s);
187static int parse_protocols(const char *s);
c41769ff
MS		 188static int parse_variable(const char *filename, int linenum,
189 const char *line, const char *value,
190 size_t num_vars,
191 const cupsd_var_t *vars);
192static int read_cupsd_conf(cups_file_t *fp);
193static int read_cups_files_conf(cups_file_t *fp);
ef416fc2 194static int read_location(cups_file_t *fp, char *name, int linenum);
195static int read_policy(cups_file_t *fp, char *name, int linenum);
10d09e33 196static void set_policy_defaults(cupsd_policy_t *pol);
ef416fc2 197
198
e07d4801
MS		 199/*
200 * 'cupsdAddAlias()' - Add a host alias.
201 */
202
203void
204cupsdAddAlias(cups_array_t *aliases, /* I - Array of aliases */
205 const char *name) /* I - Name to add */
206{
207 cupsd_alias_t *a; /* New alias */
208 size_t namelen; /* Length of name */
209
210
211 namelen = strlen(name);
212
213 if ((a = (cupsd_alias_t *)malloc(sizeof(cupsd_alias_t) + namelen)) == NULL)
214 return;
215
216 a->namelen = namelen;
5a9febac 217 memcpy(a->name, name, namelen + 1); /* OK since a->name is allocated */
e07d4801
MS		 218
219 cupsArrayAdd(aliases, a);
220}
221
222
b94498cf 223/*
224 * 'cupsdCheckPermissions()' - Fix the mode and ownership of a file or directory.
225 */
226
227int /* O - 0 on success, -1 on error, 1 on warning */
228cupsdCheckPermissions(
229 const char *filename, /* I - File/directory name */
230 const char *suffix, /* I - Additional file/directory name */
1a18c85c
MS		 231 mode_t mode, /* I - Permissions */
232 uid_t user, /* I - Owner */
233 gid_t group, /* I - Group */
b94498cf 234 int is_dir, /* I - 1 = directory, 0 = file */
235 int create_dir) /* I - 1 = create directory, -1 = create w/o logging, 0 = not */
236{
237 int dir_created = 0; /* Did we create a directory? */
238 char pathname[1024]; /* File name with prefix */
239 struct stat fileinfo; /* Stat buffer */
49d87452 240 int is_symlink; /* Is "filename" a symlink? */
b94498cf 241
242
243 /*
244 * Prepend the given root to the filename before testing it...
245 */
246
247 if (suffix)
248 {
249 snprintf(pathname, sizeof(pathname), "%s/%s", filename, suffix);
250 filename = pathname;
251 }
252
253 /*
254 * See if we can stat the file/directory...
255 */
256
49d87452 257 if (lstat(filename, &fileinfo))
b94498cf 258 {
259 if (errno == ENOENT && create_dir)
260 {
261 if (create_dir > 0)
262 cupsdLogMessage(CUPSD_LOG_DEBUG, "Creating missing directory \"%s\"",
263 filename);
264
265 if (mkdir(filename, mode))
266 {
267 if (create_dir > 0)
268 cupsdLogMessage(CUPSD_LOG_ERROR,
269 "Unable to create directory \"%s\" - %s", filename,
270 strerror(errno));
271 else
272 syslog(LOG_ERR, "Unable to create directory \"%s\" - %s", filename,
273 strerror(errno));
274
275 return (-1);
276 }
277
d1c13e16
MS		 278 dir_created = 1;
279 fileinfo.st_mode = mode | S_IFDIR;
b94498cf 280 }
281 else
282 return (create_dir ? -1 : 1);
283 }
284
49d87452
MS		 285 if ((is_symlink = S_ISLNK(fileinfo.st_mode)) != 0)
286 {
287 if (stat(filename, &fileinfo))
288 {
289 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is a bad symlink - %s",
290 filename, strerror(errno));
291 return (-1);
292 }
293 }
294
b94498cf 295 /*
49d87452 296 * Make sure it's a regular file or a directory as needed...
b94498cf 297 */
298
299 if (!dir_created && !is_dir && !S_ISREG(fileinfo.st_mode))
300 {
c8fef167 301 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a regular file.", filename);
b94498cf 302 return (-1);
303 }
304
305 if (!dir_created && is_dir && !S_ISDIR(fileinfo.st_mode))
306 {
307 if (create_dir >= 0)
c8fef167 308 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a directory.", filename);
b94498cf 309 else
c8fef167 310 syslog(LOG_ERR, "\"%s\" is not a directory.", filename);
b94498cf 311
312 return (-1);
313 }
314
49d87452
MS		 315 /*
316 * If the filename is a symlink, do not change permissions (STR #2937)...
317 */
318
319 if (is_symlink)
320 return (0);
321
b94498cf 322 /*
323 * Fix owner, group, and mode as needed...
324 */
325
326 if (dir_created || fileinfo.st_uid != user || fileinfo.st_gid != group)
327 {
328 if (create_dir >= 0)
329 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing ownership of \"%s\"",
330 filename);
331
332 if (chown(filename, user, group) && !getuid())
333 {
334 if (create_dir >= 0)
335 cupsdLogMessage(CUPSD_LOG_ERROR,
336 "Unable to change ownership of \"%s\" - %s", filename,
337 strerror(errno));
338 else
339 syslog(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename,
340 strerror(errno));
341
342 return (1);
343 }
344 }
345
346 if (dir_created || (fileinfo.st_mode & 07777) != mode)
347 {
348 if (create_dir >= 0)
349 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing access permissions of \"%s\"",
350 filename);
351
352 if (chmod(filename, mode))
353 {
354 if (create_dir >= 0)
355 cupsdLogMessage(CUPSD_LOG_ERROR,
356 "Unable to change permissions of \"%s\" - %s", filename,
357 strerror(errno));
358 else
359 syslog(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename,
360 strerror(errno));
361
362 return (1);
363 }
364 }
365
366 /*
367 * Everything is OK...
368 */
369
370 return (0);
371}
372
373
dcb445bc
MS		 374/*
375 * 'cupsdDefaultAuthType()' - Get the default AuthType.
376 *
377 * When the default_auth_type is "auto", this function tries to get the GSS
378 * credentials for the server. If that succeeds we use Kerberos authentication,
379 * otherwise we do a fallback to Basic authentication against the local user
380 * accounts.
381 */
382
383int /* O - Default AuthType value */
384cupsdDefaultAuthType(void)
385{
386#ifdef HAVE_GSSAPI
387 OM_uint32 major_status, /* Major status code */
388 minor_status; /* Minor status code */
389 gss_name_t server_name; /* Server name */
390 gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
391 /* Service name token */
392 char buf[1024]; /* Service name buffer */
393#endif /* HAVE_GSSAPI */
394
395
396 /*
397 * If we have already determined the correct default AuthType, use it...
398 */
399
400 if (default_auth_type != CUPSD_AUTH_AUTO)
401 return (default_auth_type);
402
403#ifdef HAVE_GSSAPI
404# ifdef __APPLE__
405 /*
406 * If the weak-linked GSSAPI/Kerberos library is not present, don't try
407 * to use it...
408 */
409
a215cf84 410 if (&gss_init_sec_context == NULL)
dcb445bc
MS		 411 return (default_auth_type = CUPSD_AUTH_BASIC);
412# endif /* __APPLE__ */
413
414 /*
415 * Try to obtain the server's GSS credentials (GSSServiceName@servername). If
416 * that fails we must use Basic...
417 */
418
419 snprintf(buf, sizeof(buf), "%s@%s", GSSServiceName, ServerName);
420
421 token.value = buf;
422 token.length = strlen(buf);
423 server_name = GSS_C_NO_NAME;
424 major_status = gss_import_name(&minor_status, &token,
425 GSS_C_NT_HOSTBASED_SERVICE,
426 &server_name);
427
428 memset(&token, 0, sizeof(token));
429
430 if (GSS_ERROR(major_status))
431 {
432 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
433 "cupsdDefaultAuthType: gss_import_name(%s) failed", buf);
434 return (default_auth_type = CUPSD_AUTH_BASIC);
435 }
436
437 major_status = gss_display_name(&minor_status, server_name, &token, NULL);
438
439 if (GSS_ERROR(major_status))
440 {
441 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
442 "cupsdDefaultAuthType: gss_display_name(%s) failed",
443 buf);
444 return (default_auth_type = CUPSD_AUTH_BASIC);
445 }
446
447 cupsdLogMessage(CUPSD_LOG_DEBUG,
448 "cupsdDefaultAuthType: Attempting to acquire Kerberos "
449 "credentials for %s...", (char *)token.value);
450
451 ServerCreds = GSS_C_NO_CREDENTIAL;
452 major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE,
453 GSS_C_NO_OID_SET, GSS_C_ACCEPT,
454 &ServerCreds, NULL, NULL);
455 if (GSS_ERROR(major_status))
456 {
457 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
458 "cupsdDefaultAuthType: gss_acquire_cred(%s) failed",
459 (char *)token.value);
460 gss_release_name(&minor_status, &server_name);
461 gss_release_buffer(&minor_status, &token);
462 return (default_auth_type = CUPSD_AUTH_BASIC);
463 }
464
465 cupsdLogMessage(CUPSD_LOG_DEBUG,
466 "cupsdDefaultAuthType: Kerberos credentials acquired "
467 "successfully for %s.", (char *)token.value);
468
469 gss_release_name(&minor_status, &server_name);
470 gss_release_buffer(&minor_status, &token);
471
472 HaveServerCreds = 1;
473
474 return (default_auth_type = CUPSD_AUTH_NEGOTIATE);
475
476#else
477 /*
478 * No Kerberos support compiled in so just use Basic all the time...
479 */
480
481 return (default_auth_type = CUPSD_AUTH_BASIC);
482#endif /* HAVE_GSSAPI */
483}
484
485
e07d4801
MS		 486/*
487 * 'cupsdFreeAliases()' - Free all of the alias entries.
488 */
489
490void
491cupsdFreeAliases(cups_array_t *aliases) /* I - Array of aliases */
492{
493 cupsd_alias_t *a; /* Current alias */
494
495
496 for (a = (cupsd_alias_t *)cupsArrayFirst(aliases);
497 a;
498 a = (cupsd_alias_t *)cupsArrayNext(aliases))
499 free(a);
500
501 cupsArrayDelete(aliases);
502}
503
504
ef416fc2 505/*
506 * 'cupsdReadConfiguration()' - Read the cupsd.conf file.
507 */
508
509int /* O - 1 on success, 0 otherwise */
510cupsdReadConfiguration(void)
511{
512 int i; /* Looping var */
513 cups_file_t *fp; /* Configuration file */
514 int status; /* Return status */
515 char temp[1024], /* Temporary buffer */
dd1abb6b 516 mimedir[1024], /* MIME directory */
ef416fc2 517 *slash; /* Directory separator */
ef416fc2 518 cups_lang_t *language; /* Language */
519 struct passwd *user; /* Default user */
520 struct group *group; /* Default group */
521 char *old_serverroot, /* Old ServerRoot */
522 *old_requestroot; /* Old RequestRoot */
f11a948a 523 int old_remote_port; /* Old RemotePort */
b423cd4c 524 const char *tmpdir; /* TMPDIR environment variable */
525 struct stat tmpinfo; /* Temporary directory info */
2e4ff8af 526 cupsd_policy_t *p; /* Policy */
b423cd4c 527
ef416fc2 528
ef416fc2 529 /*
530 * Save the old root paths...
531 */
532
533 old_serverroot = NULL;
534 cupsdSetString(&old_serverroot, ServerRoot);
535 old_requestroot = NULL;
536 cupsdSetString(&old_requestroot, RequestRoot);
537
538 /*
539 * Reset the server configuration data...
540 */
541
542 cupsdDeleteAllLocations();
543
bd7854cb 544 cupsdDeleteAllListeners();
ef416fc2 545
f11a948a
MS		 546 old_remote_port = RemotePort;
547 RemotePort = 0;
d1c13e16 548
ef416fc2 549 /*
550 * String options...
551 */
552
e07d4801
MS		 553 cupsdFreeAliases(ServerAlias);
554 ServerAlias = NULL;
555
d1c13e16
MS		 556 cupsdClearString(&ServerName);
557 cupsdClearString(&ServerAdmin);
ef416fc2 558 cupsdSetString(&ServerBin, CUPS_SERVERBIN);
559 cupsdSetString(&RequestRoot, CUPS_REQUESTS);
560 cupsdSetString(&CacheDir, CUPS_CACHEDIR);
561 cupsdSetString(&DataDir, CUPS_DATADIR);
562 cupsdSetString(&DocumentRoot, CUPS_DOCROOT);
563 cupsdSetString(&AccessLog, CUPS_LOGDIR "/access_log");
a4845881 564 cupsdClearString(&ErrorLog);
ef416fc2 565 cupsdSetString(&PageLog, CUPS_LOGDIR "/page_log");
01ce6322 566 cupsdSetString(&PageLogFormat,
0268488e 567 "%p %u %j %T %P %C %{job-billing} "
01ce6322 568 "%{job-originating-host-name} %{job-name} %{media} %{sides}");
e53920b9 569 cupsdSetString(&Printcap, CUPS_DEFAULT_PRINTCAP);
ef416fc2 570 cupsdSetString(&FontPath, CUPS_FONTPATH);
571 cupsdSetString(&RemoteRoot, "remroot");
db8b865d 572 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d IPP/2.1", CUPS_VERSION_MAJOR,
771bd8cb 573 CUPS_VERSION_MINOR);
ef416fc2 574 cupsdSetString(&StateDir, CUPS_STATEDIR);
575
ed486911 576 if (!strcmp(CUPS_DEFAULT_PRINTCAP, "/etc/printers.conf"))
577 PrintcapFormat = PRINTCAP_SOLARIS;
0af14961
MS		 578 else if (!strcmp(CUPS_DEFAULT_PRINTCAP,
579 "/Library/Preferences/org.cups.printers.plist"))
580 PrintcapFormat = PRINTCAP_PLIST;
ed486911 581 else
582 PrintcapFormat = PRINTCAP_BSD;
583
ef416fc2 584 strlcpy(temp, ConfigurationFile, sizeof(temp));
585 if ((slash = strrchr(temp, '/')) != NULL)
586 *slash = '\0';
587
588 cupsdSetString(&ServerRoot, temp);
589
590 cupsdClearString(&Classification);
591 ClassifyOverride = 0;
592
593#ifdef HAVE_SSL
1a18c85c
MS		 594# ifdef HAVE_GNUTLS
595 cupsdSetString(&ServerKeychain, "ssl");
ef416fc2 596# else
1a18c85c
MS		 597 cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain");
598# endif /* HAVE_GNUTLS */
86243a75
MS		 599
600 _httpTLSSetOptions(0);
ef416fc2 601#endif /* HAVE_SSL */
602
603 language = cupsLangDefault();
604
605 if (!strcmp(language->language, "C") || !strcmp(language->language, "POSIX"))
606 cupsdSetString(&DefaultLanguage, "en");
607 else
608 cupsdSetString(&DefaultLanguage, language->language);
609
c5571a1d
MS		 610 cupsdClearString(&DefaultPaperSize);
611
eac3a0a0 612 cupsdSetString(&RIPCache, "128m");
ef416fc2 613
b423cd4c 614 cupsdSetString(&TempDir, NULL);
ef416fc2 615
dcb445bc
MS		 616#ifdef HAVE_GSSAPI
617 cupsdSetString(&GSSServiceName, CUPS_DEFAULT_GSSSERVICENAME);
618
619 if (HaveServerCreds)
620 {
621 OM_uint32 minor_status; /* Minor status code */
622
623 gss_release_cred(&minor_status, &ServerCreds);
624
625 HaveServerCreds = 0;
626 }
627
628 ServerCreds = GSS_C_NO_CREDENTIAL;
629#endif /* HAVE_GSSAPI */
630
ef416fc2 631 /*
632 * Find the default user...
633 */
634
635 if ((user = getpwnam(CUPS_DEFAULT_USER)) != NULL)
636 User = user->pw_uid;
637 else
638 {
639 /*
640 * Use the (historical) NFS nobody user ID (-2 as a 16-bit twos-
641 * complement number...)
642 */
643
644 User = 65534;
645 }
646
647 endpwent();
648
649 /*
d6ae789d 650 * Find the default group...
ef416fc2 651 */
652
d6ae789d 653 group = getgrnam(CUPS_DEFAULT_GROUP);
ef416fc2 654 endgrent();
655
d6ae789d 656 if (group)
ef416fc2 657 Group = group->gr_gid;
658 else
659 {
660 /*
d6ae789d 661 * Fallback to group "nobody"...
ef416fc2 662 */
663
d6ae789d 664 group = getgrnam("nobody");
665 endgrent();
666
667 if (group)
668 Group = group->gr_gid;
669 else
670 {
671 /*
672 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
673 * complement number...)
674 */
675
676 Group = 65534;
677 }
ef416fc2 678 }
679
680 /*
681 * Numeric options...
682 */
683
dfd5680b
MS		 684 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
685 ConfigFilePerm = CUPS_DEFAULT_CONFIG_FILE_PERM;
686 FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS);
6961465f 687 default_auth_type = CUPSD_AUTH_BASIC;
4744bd90 688#ifdef HAVE_SSL
dfd5680b 689 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
4744bd90 690#endif /* HAVE_SSL */
dfd5680b 691 DirtyCleanInterval = DEFAULT_KEEPALIVE;
238c3832 692 JobKillDelay = DEFAULT_TIMEOUT;
dfd5680b
MS		 693 JobRetryLimit = 5;
694 JobRetryInterval = 300;
695 FileDevice = FALSE;
696 FilterLevel = 0;
697 FilterLimit = 0;
698 FilterNice = 0;
699 HostNameLookups = FALSE;
dfd5680b
MS		 700 KeepAlive = TRUE;
701 KeepAliveTimeout = DEFAULT_KEEPALIVE;
702 ListenBackLog = SOMAXCONN;
178cb736 703 LogDebugHistory = 200;
dfd5680b
MS		 704 LogFilePerm = CUPS_DEFAULT_LOG_FILE_PERM;
705 LogLevel = CUPSD_LOG_WARN;
706 LogTimeFormat = CUPSD_TIME_STANDARD;
707 MaxClients = 100;
708 MaxClientsPerHost = 0;
709 MaxLogSize = 1024 * 1024;
dfd5680b
MS		 710 MaxRequestSize = 0;
711 MultipleOperationTimeout = DEFAULT_TIMEOUT;
a29fd7dd 712 NumSystemGroups = 0;
dfd5680b
MS		 713 ReloadTimeout = DEFAULT_KEEPALIVE;
714 RootCertDuration = 300;
1a18c85c 715 Sandboxing = CUPSD_SANDBOXING_STRICT;
a29fd7dd 716 StrictConformance = FALSE;
8a259669 717 SyncOnClose = FALSE;
dfd5680b 718 Timeout = DEFAULT_TIMEOUT;
229681c1 719 WebInterface = CUPS_DEFAULT_WEBIF;
dfd5680b 720
dfd5680b 721 BrowseLocalProtocols = parse_protocols(CUPS_DEFAULT_BROWSE_LOCAL_PROTOCOLS);
dfd5680b
MS		 722 BrowseWebIF = FALSE;
723 Browsing = CUPS_DEFAULT_BROWSING;
724 DefaultShared = CUPS_DEFAULT_DEFAULT_SHARED;
ef416fc2 725
37e7e6e0 726#if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
f3c17241 727 cupsdSetString(&DNSSDSubTypes, "_cups,_print");
37e7e6e0 728#endif /* HAVE_DNSSD || HAVE_AVAHI */
84315f46 729
2e4ff8af
MS		 730 cupsdSetString(&LPDConfigFile, CUPS_DEFAULT_LPD_CONFIG_FILE);
731 cupsdSetString(&SMBConfigFile, CUPS_DEFAULT_SMB_CONFIG_FILE);
732
323c5de1 733 cupsdSetString(&ErrorPolicy, "stop-printer");
734
ef416fc2 735 JobHistory = DEFAULT_HISTORY;
736 JobFiles = DEFAULT_FILES;
737 JobAutoPurge = 0;
3e7fe0ca 738 MaxHoldTime = 0;
ef416fc2 739 MaxJobs = 500;
740 MaxActiveJobs = 0;
741 MaxJobsPerUser = 0;
742 MaxJobsPerPrinter = 0;
dcb445bc 743 MaxJobTime = 3 * 60 * 60; /* 3 hours */
f7deaa1a 744 MaxCopies = CUPS_DEFAULT_MAX_COPIES;
ef416fc2 745
746 cupsdDeleteAllPolicies();
747 cupsdClearString(&DefaultPolicy);
748
f7deaa1a 749#ifdef HAVE_AUTHORIZATION_H
6961465f 750 cupsdSetString(&SystemGroupAuthKey, CUPS_DEFAULT_SYSTEM_AUTHKEY);
f7deaa1a 751#endif /* HAVE_AUTHORIZATION_H */
752
ef416fc2 753 MaxSubscriptions = 100;
754 MaxSubscriptionsPerJob = 0;
755 MaxSubscriptionsPerPrinter = 0;
756 MaxSubscriptionsPerUser = 0;
757 DefaultLeaseDuration = 86400;
758 MaxLeaseDuration = 0;
759
1a18c85c
MS		 760#if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
761 IdleExitTimeout = 60;
762#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
a4d04587 763
0268488e
MS		 764 /*
765 * Setup environment variables...
766 */
767
768 cupsdInitEnv();
769
ef416fc2 770 /*
c41769ff
MS		 771 * Read the cups-files.conf file...
772 */
773
774 if ((fp = cupsFileOpen(CupsFilesFile, "r")) != NULL)
775 {
776 status = read_cups_files_conf(fp);
777
778 cupsFileClose(fp);
779
780 if (!status)
cb7f98ee
MS		 781 {
782 if (TestConfigFile)
783 printf("\"%s\" contains errors.\n", CupsFilesFile);
784 else
785 syslog(LOG_LPR, "Unable to read \"%s\" due to errors.",
786 CupsFilesFile);
787
c41769ff 788 return (0);
cb7f98ee 789 }
c41769ff
MS		 790 }
791 else if (errno == ENOENT)
792 cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile);
793 else
794 {
cb7f98ee
MS		 795 syslog(LOG_LPR, "Unable to open \"%s\": %s", CupsFilesFile,
796 strerror(errno));
c41769ff
MS		 797 return (0);
798 }
799
800 if (!ErrorLog)
801 cupsdSetString(&ErrorLog, CUPS_LOGDIR "/error_log");
802
803 /*
804 * Read the cupsd.conf file...
ef416fc2 805 */
806
807 if ((fp = cupsFileOpen(ConfigurationFile, "r")) == NULL)
c41769ff 808 {
cb7f98ee
MS		 809 syslog(LOG_LPR, "Unable to open \"%s\": %s", ConfigurationFile,
810 strerror(errno));
ef416fc2 811 return (0);
c41769ff 812 }
ef416fc2 813
c41769ff 814 status = read_cupsd_conf(fp);
ef416fc2 815
816 cupsFileClose(fp);
817
818 if (!status)
cb7f98ee
MS		 819 {
820 if (TestConfigFile)
821 printf("\"%s\" contains errors.\n", ConfigurationFile);
822 else
823 syslog(LOG_LPR, "Unable to read \"%s\" due to errors.",
824 ConfigurationFile);
825
ef416fc2 826 return (0);
cb7f98ee 827 }
ef416fc2 828
4744bd90 829 RunUser = getuid();
ef416fc2 830
d1c13e16 831 cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
f11a948a 832 RemotePort ? "enabled" : "disabled");
d1c13e16 833
5a6b583a
MS		 834 if (!RemotePort)
835 BrowseLocalProtocols = 0; /* Disable sharing - no remote access */
836
8ca02f3c 837 /*
838 * See if the ServerName is an IP address...
839 */
840
f11a948a
MS		 841 if (ServerName)
842 {
843 if (!ServerAlias)
844 ServerAlias = cupsArrayNew(NULL, NULL);
845
846 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", ServerName);
847 }
848 else
d1c13e16 849 {
e07d4801 850 if (gethostname(temp, sizeof(temp)))
d1c13e16
MS		 851 {
852 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get hostname: %s",
853 strerror(errno));
854 strlcpy(temp, "localhost", sizeof(temp));
855 }
856
857 cupsdSetString(&ServerName, temp);
e07d4801
MS		 858
859 if (!ServerAlias)
860 ServerAlias = cupsArrayNew(NULL, NULL);
861
862 cupsdAddAlias(ServerAlias, temp);
863 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
864
f11a948a 865 if (HostNameLookups || RemotePort)
e07d4801
MS		 866 {
867 struct hostent *host; /* Host entry to get FQDN */
868
869 if ((host = gethostbyname(temp)) != NULL)
870 {
88f9aafc 871 if (_cups_strcasecmp(temp, host->h_name))
e07d4801
MS		 872 {
873 cupsdSetString(&ServerName, host->h_name);
874 cupsdAddAlias(ServerAlias, host->h_name);
875 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
876 host->h_name);
877 }
878
879 if (host->h_aliases)
880 {
881 for (i = 0; host->h_aliases[i]; i ++)
88f9aafc 882 if (_cups_strcasecmp(temp, host->h_aliases[i]))
e07d4801
MS		 883 {
884 cupsdAddAlias(ServerAlias, host->h_aliases[i]);
885 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
886 host->h_aliases[i]);
887 }
888 }
889 }
890 }
891
892 /*
893 * Make sure we have the base hostname added as an alias, too!
894 */
895
896 if ((slash = strchr(temp, '.')) != NULL)
897 {
898 *slash = '\0';
899 cupsdAddAlias(ServerAlias, temp);
900 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
901 }
d1c13e16
MS		 902 }
903
8ca02f3c 904 for (slash = ServerName; isdigit(*slash & 255) || *slash == '.'; slash ++);
905
906 ServerNameIsIP = !*slash;
907
d1c13e16
MS		 908 /*
909 * Make sure ServerAdmin is initialized...
910 */
911
912 if (!ServerAdmin)
913 cupsdSetStringf(&ServerAdmin, "root@%s", ServerName);
914
ef416fc2 915 /*
916 * Use the default system group if none was supplied in cupsd.conf...
917 */
918
919 if (NumSystemGroups == 0)
bd7854cb 920 {
921 if (!parse_groups(CUPS_DEFAULT_SYSTEM_GROUPS))
922 {
923 /*
924 * Find the group associated with GID 0...
925 */
926
927 group = getgrgid(0);
928 endgrent();
929
930 if (group != NULL)
931 cupsdSetString(&SystemGroups[0], group->gr_name);
932 else
933 cupsdSetString(&SystemGroups[0], "unknown");
934
935 SystemGroupIDs[0] = 0;
936 NumSystemGroups = 1;
937 }
938 }
ef416fc2 939
cb7f98ee
MS		 940 /*
941 * Make sure ConfigFilePerm and LogFilePerm have sane values...
942 */
943
944 ConfigFilePerm &= 0664;
945 LogFilePerm &= 0664;
946
ef416fc2 947 /*
948 * Open the system log for cupsd if necessary...
949 */
950
951#ifdef HAVE_VSYSLOG
952 if (!strcmp(AccessLog, "syslog") ||
953 !strcmp(ErrorLog, "syslog") ||
954 !strcmp(PageLog, "syslog"))
955 openlog("cupsd", LOG_PID | LOG_NOWAIT | LOG_NDELAY, LOG_LPR);
956#endif /* HAVE_VSYSLOG */
957
22c9029b
MS		 958 /*
959 * Make sure each of the log files exists and gets rotated as necessary...
960 */
961
eac3a0a0 962 if (strcmp(AccessLog, "syslog"))
22c9029b
MS		 963 cupsdCheckLogFile(&AccessFile, AccessLog);
964
eac3a0a0 965 if (strcmp(ErrorLog, "syslog"))
22c9029b
MS		 966 cupsdCheckLogFile(&ErrorFile, ErrorLog);
967
eac3a0a0 968 if (strcmp(PageLog, "syslog"))
22c9029b
MS		 969 cupsdCheckLogFile(&PageFile, PageLog);
970
ef416fc2 971 /*
972 * Log the configuration file that was used...
973 */
974
975 cupsdLogMessage(CUPSD_LOG_INFO, "Loaded configuration file \"%s\"",
976 ConfigurationFile);
977
978 /*
979 * Validate the Group and SystemGroup settings - they cannot be the same,
980 * otherwise the CGI programs will be able to authenticate as root without
981 * a password!
982 */
983
984 if (!RunUser)
985 {
986 for (i = 0; i < NumSystemGroups; i ++)
987 if (Group == SystemGroupIDs[i])
988 break;
989
990 if (i < NumSystemGroups)
991 {
992 /*
993 * Log the error and reset the group to a safe value...
994 */
995
a215cf84 996 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 997 "Group and SystemGroup cannot use the same groups.");
86243a75
MS		 998 if (FatalErrors & (CUPSD_FATAL_CONFIG | CUPSD_FATAL_PERMISSIONS))
999 return (0);
1000
ef416fc2 1001 cupsdLogMessage(CUPSD_LOG_INFO, "Resetting Group to \"nobody\"...");
1002
1003 group = getgrnam("nobody");
1004 endgrent();
1005
1006 if (group != NULL)
1007 Group = group->gr_gid;
1008 else
1009 {
1010 /*
1011 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
1012 * complement number...)
1013 */
1014
1015 Group = 65534;
1016 }
1017 }
1018 }
1019
1020 /*
1021 * Check that we have at least one listen/port line; if not, report this
1022 * as an error and exit!
1023 */
1024
bd7854cb 1025 if (cupsArrayCount(Listeners) == 0)
ef416fc2 1026 {
1027 /*
1028 * No listeners!
1029 */
1030
1031 cupsdLogMessage(CUPSD_LOG_EMERG,
49d87452 1032 "No valid Listen or Port lines were found in the "
c8fef167 1033 "configuration file.");
ef416fc2 1034
1035 /*
1036 * Commit suicide...
1037 */
1038
1039 cupsdEndProcess(getpid(), 0);
1040 }
1041
1042 /*
1043 * Set the default locale using the language and charset...
1044 */
1045
f8b3a85b 1046 cupsdSetStringf(&DefaultLocale, "%s.UTF-8", DefaultLanguage);
ef416fc2 1047
1048 /*
1049 * Update all relative filenames to include the full path from ServerRoot...
1050 */
1051
1052 if (DocumentRoot[0] != '/')
1053 cupsdSetStringf(&DocumentRoot, "%s/%s", ServerRoot, DocumentRoot);
1054
1055 if (RequestRoot[0] != '/')
1056 cupsdSetStringf(&RequestRoot, "%s/%s", ServerRoot, RequestRoot);
1057
1058 if (ServerBin[0] != '/')
1059 cupsdSetStringf(&ServerBin, "%s/%s", ServerRoot, ServerBin);
1060
1061 if (StateDir[0] != '/')
1062 cupsdSetStringf(&StateDir, "%s/%s", ServerRoot, StateDir);
1063
1064 if (CacheDir[0] != '/')
1065 cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir);
1066
1067#ifdef HAVE_SSL
1a18c85c
MS		 1068 if (ServerKeychain[0] != '/')
1069 cupsdSetStringf(&ServerKeychain, "%s/%s", ServerRoot, ServerKeychain);
ef416fc2 1070
1a18c85c
MS		 1071 cupsdLogMessage(CUPSD_LOG_DEBUG, "Using keychain \"%s\" for server name \"%s\".", ServerKeychain, ServerName);
1072 cupsSetServerCredentials(ServerKeychain, ServerName, 1);
ef416fc2 1073#endif /* HAVE_SSL */
1074
1075 /*
1076 * Make sure that directories and config files are owned and
1077 * writable by the user and group in the cupsd.conf file...
1078 */
1079
ae71f5de
MS		 1080 snprintf(temp, sizeof(temp), "%s/rss", CacheDir);
1081
49d87452
MS		 1082 if ((cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser,
1083 Group, 1, 1) < 0 ||
5d2cc5d3 1084 cupsdCheckPermissions(CacheDir, NULL, 0770, RunUser,
49d87452
MS		 1085 Group, 1, 1) < 0 ||
1086 cupsdCheckPermissions(temp, NULL, 0775, RunUser,
1087 Group, 1, 1) < 0 ||
1088 cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
1089 Group, 1, 1) < 0 ||
1090 cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
1091 SystemGroupIDs[0], 1, 1) < 0 ||
ef55b745 1092 cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
49d87452
MS		 1093 Group, 1, 0) < 0 ||
1094 cupsdCheckPermissions(ServerRoot, "ppd", 0755, RunUser,
1095 Group, 1, 1) < 0 ||
1096 cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser,
1097 Group, 1, 0) < 0 ||
cb7f98ee
MS		 1098 cupsdCheckPermissions(ConfigurationFile, NULL, ConfigFilePerm, RunUser,
1099 Group, 0, 0) < 0 ||
1100 cupsdCheckPermissions(CupsFilesFile, NULL, ConfigFilePerm, RunUser,
49d87452
MS		 1101 Group, 0, 0) < 0 ||
1102 cupsdCheckPermissions(ServerRoot, "classes.conf", 0600, RunUser,
1103 Group, 0, 0) < 0 ||
1104 cupsdCheckPermissions(ServerRoot, "printers.conf", 0600, RunUser,
1105 Group, 0, 0) < 0 ||
1106 cupsdCheckPermissions(ServerRoot, "passwd.md5", 0600, User,
1107 Group, 0, 0) < 0) &&
1108 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
d09495fa 1109 return (0);
ef416fc2 1110
b423cd4c 1111 /*
1112 * Update TempDir to the default if it hasn't been set already...
1113 */
1114
0fa6c7fa
MS		 1115#ifdef __APPLE__
1116 if (TempDir && !RunUser &&
1117 (!strncmp(TempDir, "/private/tmp", 12) || !strncmp(TempDir, "/tmp", 4)))
1118 {
1119 cupsdLogMessage(CUPSD_LOG_ERROR, "Cannot use %s for TempDir.", TempDir);
1120 cupsdClearString(&TempDir);
1121 }
1122#endif /* __APPLE__ */
1123
b423cd4c 1124 if (!TempDir)
1125 {
9c80ffa2
MS		 1126#ifdef __APPLE__
1127 if ((tmpdir = getenv("TMPDIR")) != NULL &&
0fa6c7fa 1128 strncmp(tmpdir, "/private/tmp", 12) && strncmp(tmpdir, "/tmp", 4))
9c80ffa2 1129#else
b423cd4c 1130 if ((tmpdir = getenv("TMPDIR")) != NULL)
9c80ffa2 1131#endif /* __APPLE__ */
b423cd4c 1132 {
1133 /*
1134 * TMPDIR is defined, see if it is OK for us to use...
1135 */
1136
1137 if (stat(tmpdir, &tmpinfo))
1138 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to access TMPDIR (%s): %s",
1139 tmpdir, strerror(errno));
1140 else if (!S_ISDIR(tmpinfo.st_mode))
c8fef167 1141 cupsdLogMessage(CUPSD_LOG_ERROR, "TMPDIR (%s) is not a directory.",
b423cd4c 1142 tmpdir);
1143 else if ((tmpinfo.st_uid != User || !(tmpinfo.st_mode & S_IWUSR)) &&
1144 (tmpinfo.st_gid != Group || !(tmpinfo.st_mode & S_IWGRP)) &&
1145 !(tmpinfo.st_mode & S_IWOTH))
1146 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 1147 "TMPDIR (%s) has the wrong permissions.", tmpdir);
b423cd4c 1148 else
1149 cupsdSetString(&TempDir, tmpdir);
b423cd4c 1150 }
0fa6c7fa 1151 }
b423cd4c 1152
0fa6c7fa
MS		 1153 if (!TempDir)
1154 {
1155 cupsdLogMessage(CUPSD_LOG_INFO, "Using default TempDir of %s/tmp...",
1156 RequestRoot);
1157 cupsdSetStringf(&TempDir, "%s/tmp", RequestRoot);
b423cd4c 1158 }
1159
61515785
MS		 1160 setenv("TMPDIR", TempDir, 1);
1161
ef416fc2 1162 /*
b94498cf 1163 * Make sure the temporary directory has the right permissions...
ef416fc2 1164 */
1165
ef416fc2 1166 if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)) ||
1167 access(TempDir, 0))
1168 {
1169 /*
1170 * Update ownership and permissions if the CUPS temp directory
1171 * is under the spool directory or does not exist...
1172 */
1173
49d87452
MS		 1174 if (cupsdCheckPermissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0 &&
1175 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
d09495fa 1176 return (0);
ef416fc2 1177 }
1178
ef416fc2 1179 /*
0268488e 1180 * Update environment variables...
ef416fc2 1181 */
1182
0268488e 1183 cupsdUpdateEnv();
ef416fc2 1184
c5571a1d
MS		 1185 /*
1186 * Update default paper size setting as needed...
1187 */
1188
1189 if (!DefaultPaperSize)
1190 {
1191#ifdef HAVE_LIBPAPER
1192 char *paper_result; /* Paper size name from libpaper */
1193
1194 if ((paper_result = systempapername()) != NULL)
1195 cupsdSetString(&DefaultPaperSize, paper_result);
1196 else
1197#endif /* HAVE_LIBPAPER */
1198 if (!DefaultLanguage ||
88f9aafc
MS		 1199 !_cups_strcasecmp(DefaultLanguage, "C") ||
1200 !_cups_strcasecmp(DefaultLanguage, "POSIX") ||
1201 !_cups_strcasecmp(DefaultLanguage, "en") ||
1202 !_cups_strncasecmp(DefaultLanguage, "en.", 3) ||
1203 !_cups_strncasecmp(DefaultLanguage, "en_US", 5) ||
1204 !_cups_strncasecmp(DefaultLanguage, "en_CA", 5) ||
1205 !_cups_strncasecmp(DefaultLanguage, "fr_CA", 5))
c5571a1d
MS		 1206 {
1207 /*
1208 * These are the only locales that will default to "letter" size...
1209 */
1210
1211 cupsdSetString(&DefaultPaperSize, "Letter");
1212 }
1213 else
1214 cupsdSetString(&DefaultPaperSize, "A4");
1215 }
1216
1217 /*
1218 * Update classification setting as needed...
1219 */
1220
88f9aafc 1221 if (Classification && !_cups_strcasecmp(Classification, "none"))
c5571a1d
MS		 1222 cupsdClearString(&Classification);
1223
1224 if (Classification)
1225 cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
1226
ef416fc2 1227 /*
1228 * Check the MaxClients setting, and then allocate memory for it...
1229 */
1230
1231 if (MaxClients > (MaxFDs / 3) || MaxClients <= 0)
1232 {
1233 if (MaxClients > 0)
49d87452
MS		 1234 cupsdLogMessage(CUPSD_LOG_INFO,
1235 "MaxClients limited to 1/3 (%d) of the file descriptor "
1236 "limit (%d)...",
1237 MaxFDs / 3, MaxFDs);
ef416fc2 1238
1239 MaxClients = MaxFDs / 3;
1240 }
1241
bd7854cb 1242 cupsdLogMessage(CUPSD_LOG_INFO, "Configured for up to %d clients.",
1243 MaxClients);
ef416fc2 1244
1245 /*
1246 * Check the MaxActiveJobs setting; limit to 1/3 the available
1247 * file descriptors, since we need a pipe for each job...
1248 */
1249
1250 if (MaxActiveJobs > (MaxFDs / 3))
1251 MaxActiveJobs = MaxFDs / 3;
1252
ef416fc2 1253 /*
1254 * Update the MaxClientsPerHost value, as needed...
1255 */
1256
1257 if (MaxClientsPerHost <= 0)
1258 MaxClientsPerHost = MaxClients;
1259
1260 if (MaxClientsPerHost > MaxClients)
1261 MaxClientsPerHost = MaxClients;
1262
1263 cupsdLogMessage(CUPSD_LOG_INFO,
1264 "Allowing up to %d client connections per host.",
1265 MaxClientsPerHost);
1266
1267 /*
1268 * Update the default policy, as needed...
1269 */
1270
1271 if (DefaultPolicy)
1272 DefaultPolicyPtr = cupsdFindPolicy(DefaultPolicy);
1273 else
1274 DefaultPolicyPtr = NULL;
1275
1276 if (!DefaultPolicyPtr)
1277 {
ef416fc2 1278 cupsd_location_t *po; /* New policy operation */
1279
1280
1281 if (DefaultPolicy)
c8fef167 1282 cupsdLogMessage(CUPSD_LOG_ERROR, "Default policy \"%s\" not found.",
ef416fc2 1283 DefaultPolicy);
1284
e1d6a774 1285 cupsdSetString(&DefaultPolicy, "default");
1286
ef416fc2 1287 if ((DefaultPolicyPtr = cupsdFindPolicy("default")) != NULL)
1288 cupsdLogMessage(CUPSD_LOG_INFO,
c8fef167 1289 "Using policy \"default\" as the default.");
ef416fc2 1290 else
1291 {
1292 cupsdLogMessage(CUPSD_LOG_INFO,
1293 "Creating CUPS default administrative policy:");
1294
1295 DefaultPolicyPtr = p = cupsdAddPolicy("default");
1296
1297 cupsdLogMessage(CUPSD_LOG_INFO, "<Policy default>");
10d09e33
MS		 1298
1299 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateAccess default");
1300 cupsdAddString(&(p->job_access), "@OWNER");
1301 cupsdAddString(&(p->job_access), "@SYSTEM");
1302
1303 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateValues default");
1304 cupsdAddString(&(p->job_attrs), "job-name");
1305 cupsdAddString(&(p->job_attrs), "job-originating-host-name");
1306 cupsdAddString(&(p->job_attrs), "job-originating-user-name");
1a18c85c 1307 cupsdAddString(&(p->job_attrs), "phone");
10d09e33
MS		 1308
1309 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateAccess default");
1310 cupsdAddString(&(p->sub_access), "@OWNER");
1311 cupsdAddString(&(p->sub_access), "@SYSTEM");
1312
1313 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateValues default");
1314 cupsdAddString(&(p->job_attrs), "notify-events");
1315 cupsdAddString(&(p->job_attrs), "notify-pull-method");
1316 cupsdAddString(&(p->job_attrs), "notify-recipient-uri");
1317 cupsdAddString(&(p->job_attrs), "notify-subscriber-user-name");
1318 cupsdAddString(&(p->job_attrs), "notify-user-data");
1319
c7017ecc
MS		 1320 cupsdLogMessage(CUPSD_LOG_INFO,
1321 "<Limit Create-Job Print-Job Print-URI Validate-Job>");
1322 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1323
1324 po = cupsdAddPolicyOp(p, NULL, IPP_CREATE_JOB);
1325 po->order_type = CUPSD_AUTH_ALLOW;
1326
1327 cupsdAddPolicyOp(p, po, IPP_PRINT_JOB);
1328 cupsdAddPolicyOp(p, po, IPP_PRINT_URI);
1329 cupsdAddPolicyOp(p, po, IPP_VALIDATE_JOB);
1330
1331 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1332
ef416fc2 1333 cupsdLogMessage(CUPSD_LOG_INFO,
1334 "<Limit Send-Document Send-URI Cancel-Job Hold-Job "
1335 "Release-Job Restart-Job Purge-Jobs "
1336 "Set-Job-Attributes Create-Job-Subscription "
1337 "Renew-Subscription Cancel-Subscription "
1338 "Get-Notifications Reprocess-Job Cancel-Current-Job "
10d09e33 1339 "Suspend-Current-Job Resume-Job "
aaf19ab0 1340 "Cancel-My-Jobs Close-Job CUPS-Move-Job "
2e4ff8af 1341 "CUPS-Authenticate-Job CUPS-Get-Document>");
ef416fc2 1342 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1343
1344 po = cupsdAddPolicyOp(p, NULL, IPP_SEND_DOCUMENT);
5bd77a73
MS		 1345 po->order_type = CUPSD_AUTH_ALLOW;
1346 po->level = CUPSD_AUTH_USER;
ef416fc2 1347
1348 cupsdAddName(po, "@OWNER");
1349 cupsdAddName(po, "@SYSTEM");
1350 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @OWNER @SYSTEM");
1351
1352 cupsdAddPolicyOp(p, po, IPP_SEND_URI);
1353 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOB);
1354 cupsdAddPolicyOp(p, po, IPP_HOLD_JOB);
1355 cupsdAddPolicyOp(p, po, IPP_RELEASE_JOB);
1356 cupsdAddPolicyOp(p, po, IPP_RESTART_JOB);
1357 cupsdAddPolicyOp(p, po, IPP_PURGE_JOBS);
1358 cupsdAddPolicyOp(p, po, IPP_SET_JOB_ATTRIBUTES);
1359 cupsdAddPolicyOp(p, po, IPP_CREATE_JOB_SUBSCRIPTION);
1360 cupsdAddPolicyOp(p, po, IPP_RENEW_SUBSCRIPTION);
1361 cupsdAddPolicyOp(p, po, IPP_CANCEL_SUBSCRIPTION);
1362 cupsdAddPolicyOp(p, po, IPP_GET_NOTIFICATIONS);
1363 cupsdAddPolicyOp(p, po, IPP_REPROCESS_JOB);
1364 cupsdAddPolicyOp(p, po, IPP_CANCEL_CURRENT_JOB);
1365 cupsdAddPolicyOp(p, po, IPP_SUSPEND_CURRENT_JOB);
1366 cupsdAddPolicyOp(p, po, IPP_RESUME_JOB);
aaf19ab0
MS		 1367 cupsdAddPolicyOp(p, po, IPP_CANCEL_MY_JOBS);
1368 cupsdAddPolicyOp(p, po, IPP_CLOSE_JOB);
ef416fc2 1369 cupsdAddPolicyOp(p, po, CUPS_MOVE_JOB);
1370 cupsdAddPolicyOp(p, po, CUPS_AUTHENTICATE_JOB);
2e4ff8af 1371 cupsdAddPolicyOp(p, po, CUPS_GET_DOCUMENT);
ef416fc2 1372
1373 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1374
1375 cupsdLogMessage(CUPSD_LOG_INFO,
1376 "<Limit Pause-Printer Resume-Printer "
1377 "Set-Printer-Attributes Enable-Printer "
1378 "Disable-Printer Pause-Printer-After-Current-Job "
1379 "Hold-New-Jobs Release-Held-New-Jobs "
1380 "Deactivate-Printer Activate-Printer Restart-Printer "
1381 "Shutdown-Printer Startup-Printer Promote-Job "
10d09e33 1382 "Schedule-Job-After Cancel-Jobs CUPS-Add-Printer "
ef416fc2 1383 "CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class "
1384 "CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>");
1385 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
bc44d920 1386 cupsdLogMessage(CUPSD_LOG_INFO, "AuthType Default");
ef416fc2 1387
1388 po = cupsdAddPolicyOp(p, NULL, IPP_PAUSE_PRINTER);
5bd77a73
MS		 1389 po->order_type = CUPSD_AUTH_ALLOW;
1390 po->type = CUPSD_AUTH_DEFAULT;
1391 po->level = CUPSD_AUTH_USER;
ef416fc2 1392
1393 cupsdAddName(po, "@SYSTEM");
1394 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @SYSTEM");
1395
1396 cupsdAddPolicyOp(p, po, IPP_RESUME_PRINTER);
1397 cupsdAddPolicyOp(p, po, IPP_SET_PRINTER_ATTRIBUTES);
1398 cupsdAddPolicyOp(p, po, IPP_ENABLE_PRINTER);
1399 cupsdAddPolicyOp(p, po, IPP_DISABLE_PRINTER);
1400 cupsdAddPolicyOp(p, po, IPP_PAUSE_PRINTER_AFTER_CURRENT_JOB);
1401 cupsdAddPolicyOp(p, po, IPP_HOLD_NEW_JOBS);
1402 cupsdAddPolicyOp(p, po, IPP_RELEASE_HELD_NEW_JOBS);
1403 cupsdAddPolicyOp(p, po, IPP_DEACTIVATE_PRINTER);
1404 cupsdAddPolicyOp(p, po, IPP_ACTIVATE_PRINTER);
1405 cupsdAddPolicyOp(p, po, IPP_RESTART_PRINTER);
1406 cupsdAddPolicyOp(p, po, IPP_SHUTDOWN_PRINTER);
1407 cupsdAddPolicyOp(p, po, IPP_STARTUP_PRINTER);
1408 cupsdAddPolicyOp(p, po, IPP_PROMOTE_JOB);
1409 cupsdAddPolicyOp(p, po, IPP_SCHEDULE_JOB_AFTER);
10d09e33 1410 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOBS);
ef416fc2 1411 cupsdAddPolicyOp(p, po, CUPS_ADD_PRINTER);
1412 cupsdAddPolicyOp(p, po, CUPS_DELETE_PRINTER);
1413 cupsdAddPolicyOp(p, po, CUPS_ADD_CLASS);
1414 cupsdAddPolicyOp(p, po, CUPS_DELETE_CLASS);
1415 cupsdAddPolicyOp(p, po, CUPS_ACCEPT_JOBS);
1416 cupsdAddPolicyOp(p, po, CUPS_REJECT_JOBS);
1417 cupsdAddPolicyOp(p, po, CUPS_SET_DEFAULT);
1418
1419 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1420
1421 cupsdLogMessage(CUPSD_LOG_INFO, "<Limit All>");
1422 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1423
1424 po = cupsdAddPolicyOp(p, NULL, IPP_ANY_OPERATION);
5bd77a73 1425 po->order_type = CUPSD_AUTH_ALLOW;
ef416fc2 1426
1427 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1428 cupsdLogMessage(CUPSD_LOG_INFO, "</Policy>");
1429 }
1430 }
1431
bd7854cb 1432 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: NumPolicies=%d",
2e4ff8af
MS		 1433 cupsArrayCount(Policies));
1434 for (i = 0, p = (cupsd_policy_t *)cupsArrayFirst(Policies);
1435 p;
1436 i ++, p = (cupsd_policy_t *)cupsArrayNext(Policies))
bd7854cb 1437 cupsdLogMessage(CUPSD_LOG_DEBUG2,
2e4ff8af 1438 "cupsdReadConfiguration: Policies[%d]=\"%s\"", i, p->name);
ef416fc2 1439
1440 /*
1441 * If we are doing a full reload or the server root has changed, flush
1442 * the jobs, printers, etc. and start from scratch...
1443 */
1444
1445 if (NeedReload == RELOAD_ALL ||
f11a948a 1446 old_remote_port != RemotePort ||
ef416fc2 1447 !old_serverroot || !ServerRoot || strcmp(old_serverroot, ServerRoot) ||
1448 !old_requestroot || !RequestRoot || strcmp(old_requestroot, RequestRoot))
1449 {
fa73b229 1450 mime_type_t *type; /* Current type */
1451 char mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE];
1452 /* MIME type name */
1453
1454
ef416fc2 1455 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload is required.");
1456
1457 /*
1458 * Free all memory...
1459 */
1460
1461 cupsdDeleteAllSubscriptions();
1462 cupsdFreeAllJobs();
ef416fc2 1463 cupsdDeleteAllPrinters();
1464
1465 DefaultPrinter = NULL;
1466
1467 if (MimeDatabase != NULL)
1468 mimeDelete(MimeDatabase);
1469
1470 if (NumMimeTypes)
1471 {
1472 for (i = 0; i < NumMimeTypes; i ++)
757d2cad 1473 _cupsStrFree(MimeTypes[i]);
ef416fc2 1474
1475 free(MimeTypes);
1476 }
1477
1478 /*
1479 * Read the MIME type and conversion database...
1480 */
1481
1482 snprintf(temp, sizeof(temp), "%s/filter", ServerBin);
dd1abb6b 1483 snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir);
ef416fc2 1484
eac3a0a0
MS		 1485 MimeDatabase = mimeNew();
1486 mimeSetErrorCallback(MimeDatabase, mime_error_cb, NULL);
1487
1488 MimeDatabase = mimeLoadTypes(MimeDatabase, mimedir);
75bd9771
MS		 1489 MimeDatabase = mimeLoadTypes(MimeDatabase, ServerRoot);
1490 MimeDatabase = mimeLoadFilters(MimeDatabase, mimedir, temp);
1491 MimeDatabase = mimeLoadFilters(MimeDatabase, ServerRoot, temp);
ef416fc2 1492
1493 if (!MimeDatabase)
1494 {
1495 cupsdLogMessage(CUPSD_LOG_EMERG,
c8fef167 1496 "Unable to load MIME database from \"%s\" or \"%s\".",
75bd9771 1497 mimedir, ServerRoot);
49d87452
MS		 1498 if (FatalErrors & CUPSD_FATAL_CONFIG)
1499 return (0);
ef416fc2 1500 }
1501
1502 cupsdLogMessage(CUPSD_LOG_INFO,
75bd9771
MS		 1503 "Loaded MIME database from \"%s\" and \"%s\": %d types, "
1504 "%d filters...", mimedir, ServerRoot,
1505 mimeNumTypes(MimeDatabase), mimeNumFilters(MimeDatabase));
ef416fc2 1506
1507 /*
1508 * Create a list of MIME types for the document-format-supported
1509 * attribute...
1510 */
1511
fa73b229 1512 NumMimeTypes = mimeNumTypes(MimeDatabase);
ef416fc2 1513 if (!mimeType(MimeDatabase, "application", "octet-stream"))
1514 NumMimeTypes ++;
1515
1a18c85c 1516 if ((MimeTypes = calloc((size_t)NumMimeTypes, sizeof(const char *))) == NULL)
ef416fc2 1517 {
91c84a35 1518 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 1519 "Unable to allocate memory for %d MIME types.",
91c84a35
MS		 1520 NumMimeTypes);
1521 NumMimeTypes = 0;
ef416fc2 1522 }
91c84a35
MS		 1523 else
1524 {
1525 for (i = 0, type = mimeFirstType(MimeDatabase);
1526 type;
1527 i ++, type = mimeNextType(MimeDatabase))
1528 {
1529 snprintf(mimetype, sizeof(mimetype), "%s/%s", type->super, type->type);
1530
1531 MimeTypes[i] = _cupsStrAlloc(mimetype);
1532 }
ef416fc2 1533
91c84a35
MS		 1534 if (i < NumMimeTypes)
1535 MimeTypes[i] = _cupsStrAlloc("application/octet-stream");
1536 }
bd7854cb 1537
1538 if (LogLevel == CUPSD_LOG_DEBUG2)
1539 {
1540 mime_filter_t *filter; /* Current filter */
1541
1542
1543 for (type = mimeFirstType(MimeDatabase);
1544 type;
1545 type = mimeNextType(MimeDatabase))
1546 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: type %s/%s",
1547 type->super, type->type);
1548
1549 for (filter = mimeFirstFilter(MimeDatabase);
1550 filter;
1551 filter = mimeNextFilter(MimeDatabase))
1552 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1553 "cupsdReadConfiguration: filter %s/%s to %s/%s %d %s",
1554 filter->src->super, filter->src->type,
1555 filter->dst->super, filter->dst->type,
1556 filter->cost, filter->filter);
1557 }
ef416fc2 1558
1559 /*
1560 * Load banners...
1561 */
1562
1563 snprintf(temp, sizeof(temp), "%s/banners", DataDir);
1564 cupsdLoadBanners(temp);
1565
1566 /*
1567 * Load printers and classes...
1568 */
1569
1570 cupsdLoadAllPrinters();
1571 cupsdLoadAllClasses();
ef416fc2 1572
1573 cupsdCreateCommonData();
1574
68b10830
MS		 1575 /*
1576 * Update the printcap file as needed...
1577 */
1578
1579 if (Printcap && *Printcap && access(Printcap, 0))
1580 cupsdWritePrintcap();
1581
ef416fc2 1582 /*
1583 * Load queued jobs...
1584 */
1585
1586 cupsdLoadAllJobs();
1587
1588 /*
1589 * Load subscriptions...
1590 */
1591
1592 cupsdLoadAllSubscriptions();
1593
1594 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload complete.");
1595 }
1596 else
1597 {
1598 /*
1599 * Not a full reload, so recreate the common printer attributes...
1600 */
1601
1602 cupsdCreateCommonData();
1603
82cc1f9a
MS		 1604 /*
1605 * Update all jobs as needed...
1606 */
1607
1608 cupsdUpdateJobs();
1609
ef416fc2 1610 /*
1611 * Update all printers as needed...
1612 */
1613
1614 cupsdUpdatePrinters();
3dfe78b3 1615 cupsdMarkDirty(CUPSD_DIRTY_PRINTCAP);
ef416fc2 1616
1617 cupsdLogMessage(CUPSD_LOG_INFO, "Partial reload complete.");
1618 }
1619
1620 /*
1621 * Reset the reload state...
1622 */
1623
1624 NeedReload = RELOAD_NONE;
1625
1626 cupsdClearString(&old_serverroot);
1627 cupsdClearString(&old_requestroot);
1628
ef416fc2 1629 return (1);
1630}
1631
1632
1633/*
1634 * 'get_address()' - Get an address + port number from a line.
1635 */
1636
1637static http_addrlist_t * /* O - Pointer to list if address good, NULL if bad */
1638get_address(const char *value, /* I - Value string */
1639 int defport) /* I - Default port */
1640{
1641 char buffer[1024], /* Hostname + port number buffer */
1642 defpname[255], /* Default port name */
1643 *hostname, /* Hostname or IP */
1644 *portname; /* Port number or name */
1645 http_addrlist_t *addrlist; /* Address list */
1646
1647
1648 /*
1649 * Check for an empty value...
1650 */
1651
1652 if (!*value)
1653 {
c8fef167 1654 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad (empty) address.");
ef416fc2 1655 return (NULL);
1656 }
1657
1658 /*
1659 * Grab a hostname and port number; if there is no colon and the port name
1660 * is only digits, then we have a port number by itself...
1661 */
1662
1663 strlcpy(buffer, value, sizeof(buffer));
1664
1665 if ((portname = strrchr(buffer, ':')) != NULL && !strchr(portname, ']'))
1666 {
1667 *portname++ = '\0';
1668 hostname = buffer;
1669 }
1670 else
1671 {
1672 for (portname = buffer; isdigit(*portname & 255); portname ++);
1673
1674 if (*portname)
1675 {
1676 /*
1677 * Use the default port...
1678 */
1679
1680 sprintf(defpname, "%d", defport);
1681 portname = defpname;
1682 hostname = buffer;
1683 }
1684 else
1685 {
1686 /*
1687 * The buffer contains just a port number...
1688 */
1689
1690 portname = buffer;
1691 hostname = NULL;
1692 }
1693 }
1694
1695 if (hostname && !strcmp(hostname, "*"))
1696 hostname = NULL;
1697
1698 /*
1699 * Now lookup the address using httpAddrGetList()...
1700 */
1701
1702 if ((addrlist = httpAddrGetList(hostname, AF_UNSPEC, portname)) == NULL)
c8fef167 1703 cupsdLogMessage(CUPSD_LOG_ERROR, "Hostname lookup for \"%s\" failed.",
ef416fc2 1704 hostname ? hostname : "(nil)");
1705
1706 return (addrlist);
1707}
1708
1709
1710/*
1711 * 'get_addr_and_mask()' - Get an IP address and netmask.
1712 */
1713
1714static int /* O - 1 on success, 0 on failure */
1715get_addr_and_mask(const char *value, /* I - String from config file */
1716 unsigned *ip, /* O - Address value */
1717 unsigned *mask) /* O - Mask value */
1718{
1719 int i, j, /* Looping vars */
1720 family, /* Address family */
1721 ipcount; /* Count of fields in address */
1722 unsigned ipval; /* Value */
1723 const char *maskval, /* Pointer to start of mask value */
1724 *ptr, /* Pointer into value */
1725 *ptr2; /* ... */
ef416fc2 1726
1727
1728 /*
1729 * Get the address...
1730 */
1731
b86bc4cf 1732 ip[0] = ip[1] = ip[2] = ip[3] = 0x00000000;
ed486911 1733 mask[0] = mask[1] = mask[2] = mask[3] = 0xffffffff;
ef416fc2 1734
1735 if ((maskval = strchr(value, '/')) != NULL)
1736 maskval ++;
1737 else
1738 maskval = value + strlen(value);
1739
1740#ifdef AF_INET6
1741 /*
1742 * Check for an IPv6 address...
1743 */
1744
1745 if (*value == '[')
1746 {
1747 /*
88f9aafc 1748 * Parse hexadecimal IPv6/IPv4 address...
ef416fc2 1749 */
1750
1751 family = AF_INET6;
1752
1753 for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
1754 {
1755 if (*ptr == ']')
1756 break;
1757 else if (!strncmp(ptr, "::", 2))
1758 {
1759 for (ptr2 = strchr(ptr + 2, ':'), j = 0;
1760 ptr2;
1761 ptr2 = strchr(ptr2 + 1, ':'), j ++);
1762
88f9aafc
MS		 1763 i = 6 - j;
1764 ptr += 2;
1765 }
1766 else if (isdigit(*ptr & 255) && strchr(ptr + 1, '.') && i >= 6)
1767 {
1768 /*
1769 * Read IPv4 dotted quad...
1770 */
1771
1772 unsigned val[4] = { 0, 0, 0, 0 };
1773 /* IPv4 address values */
1774
1775 ipcount = sscanf(ptr, "%u.%u.%u.%u", val + 0, val + 1, val + 2,
1776 val + 3);
1777
1778 /*
1779 * Range check the IP numbers...
1780 */
1781
1782 for (i = 0; i < ipcount; i ++)
1783 if (val[i] > 255)
1784 return (0);
1785
1786 /*
1787 * Merge everything into a 32-bit IPv4 address in ip[3]...
1788 */
1789
8eabd901
MS		 1790 ip[3] = ((((((unsigned)val[0] << 8) | (unsigned)val[1]) << 8) |
1791 (unsigned)val[2]) << 8) | (unsigned)val[3];
88f9aafc
MS		 1792
1793 if (ipcount < 4)
1794 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1795
1796 /*
1797 * If the leading words are all 0's then this is an IPv4 address...
1798 */
1799
1800 if (!val[0] && !val[1] && !val[2])
1801 family = AF_INET;
1802
1803 while (isdigit(*ptr & 255) || *ptr == '.')
1804 ptr ++;
1805 break;
ef416fc2 1806 }
1807 else if (isxdigit(*ptr & 255))
1808 {
1809 ipval = strtoul(ptr, (char **)&ptr, 16);
1810
88f9aafc
MS		 1811 if (*ptr == ':' && ptr[1] != ':')
1812 ptr ++;
1813
ef416fc2 1814 if (ipval > 0xffff)
1815 return (0);
1816
1817 if (i & 1)
ed486911 1818 ip[i / 2] |= ipval;
ef416fc2 1819 else
ed486911 1820 ip[i / 2] |= ipval << 16;
ef416fc2 1821 }
1822 else
1823 return (0);
ef416fc2 1824 }
1825
ed486911 1826 if (*ptr != ']')
1827 return (0);
1828
1829 ptr ++;
ef416fc2 1830
1831 if (*ptr && *ptr != '/')
1832 return (0);
1833 }
1834 else
1835#endif /* AF_INET6 */
1836 {
1837 /*
1838 * Parse dotted-decimal IPv4 address...
1839 */
1840
88f9aafc 1841 unsigned val[4] = { 0, 0, 0, 0 }; /* IPv4 address values */
ef416fc2 1842
ef416fc2 1843
ed486911 1844 family = AF_INET;
1845 ipcount = sscanf(value, "%u.%u.%u.%u", val + 0, val + 1, val + 2, val + 3);
1846
ef416fc2 1847 /*
ed486911 1848 * Range check the IP numbers...
ef416fc2 1849 */
1850
ed486911 1851 for (i = 0; i < ipcount; i ++)
1852 if (val[i] > 255)
1853 return (0);
ef416fc2 1854
ed486911 1855 /*
1856 * Merge everything into a 32-bit IPv4 address in ip[3]...
1857 */
ef416fc2 1858
8eabd901
MS		 1859 ip[3] = ((((((unsigned)val[0] << 8) | (unsigned)val[1]) << 8) |
1860 (unsigned)val[2]) << 8) | (unsigned)val[3];
ef416fc2 1861
ed486911 1862 if (ipcount < 4)
1863 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1864 }
ef416fc2 1865
ed486911 1866 if (*maskval)
1867 {
1868 /*
1869 * Get the netmask value(s)...
1870 */
1871
1872 memset(mask, 0, sizeof(unsigned) * 4);
ef416fc2 1873
ef416fc2 1874 if (strchr(maskval, '.'))
1875 {
1876 /*
1877 * Get dotted-decimal mask...
1878 */
1879
ed486911 1880 if (family != AF_INET)
1881 return (0);
1882
88f9aafc
MS		 1883 if (sscanf(maskval, "%u.%u.%u.%u", mask + 0, mask + 1, mask + 2,
1884 mask + 3) != 4)
ef416fc2 1885 return (0);
1886
8eabd901
MS		 1887 mask[3] |= (((((unsigned)mask[0] << 8) | (unsigned)mask[1]) << 8) |
1888 (unsigned)mask[2]) << 8;
ef416fc2 1889 mask[0] = mask[1] = mask[2] = 0;
1890 }
1891 else
1892 {
1893 /*
1894 * Get address/bits format...
1895 */
1896
1897 i = atoi(maskval);
1898
1899#ifdef AF_INET6
1900 if (family == AF_INET6)
1901 {
ed486911 1902 if (i > 128)
1903 return (0);
1904
ef416fc2 1905 i = 128 - i;
1906
1907 if (i <= 96)
1908 mask[0] = 0xffffffff;
1909 else
1910 mask[0] = (0xffffffff << (i - 96)) & 0xffffffff;
1911
1912 if (i <= 64)
1913 mask[1] = 0xffffffff;
1914 else if (i >= 96)
1915 mask[1] = 0;
1916 else
1917 mask[1] = (0xffffffff << (i - 64)) & 0xffffffff;
1918
1919 if (i <= 32)
1920 mask[2] = 0xffffffff;
1921 else if (i >= 64)
1922 mask[2] = 0;
1923 else
1924 mask[2] = (0xffffffff << (i - 32)) & 0xffffffff;
1925
1926 if (i == 0)
1927 mask[3] = 0xffffffff;
1928 else if (i >= 32)
1929 mask[3] = 0;
1930 else
1931 mask[3] = (0xffffffff << i) & 0xffffffff;
1932 }
1933 else
1934#endif /* AF_INET6 */
1935 {
ed486911 1936 if (i > 32)
1937 return (0);
ef416fc2 1938
1939 mask[0] = 0xffffffff;
1940 mask[1] = 0xffffffff;
1941 mask[2] = 0xffffffff;
1942
ed486911 1943 if (i < 32)
1944 mask[3] = (0xffffffff << (32 - i)) & 0xffffffff;
ef416fc2 1945 else
1946 mask[3] = 0xffffffff;
1947 }
1948 }
1949 }
ef416fc2 1950
1951 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1952 "get_addr_and_mask(value=\"%s\", "
b86bc4cf 1953 "ip=[%08x:%08x:%08x:%08x], mask=[%08x:%08x:%08x:%08x])",
ef416fc2 1954 value, ip[0], ip[1], ip[2], ip[3], mask[0], mask[1], mask[2],
1955 mask[3]);
1956
1957 /*
1958 * Check for a valid netmask; no fallback like in CUPS 1.1.x!
1959 */
1960
1961 if ((ip[0] & ~mask[0]) != 0 ||
1962 (ip[1] & ~mask[1]) != 0 ||
1963 (ip[2] & ~mask[2]) != 0 ||
1964 (ip[3] & ~mask[3]) != 0)
1965 return (0);
1966
1967 return (1);
1968}
1969
1970
eac3a0a0
MS		 1971/*
1972 * 'mime_error_cb()' - Log a MIME error.
1973 */
1974
1975static void
1976mime_error_cb(void *ctx, /* I - Context pointer (unused) */
1977 const char *message) /* I - Message */
1978{
321d8d57
MS		 1979 (void)ctx;
1980
eac3a0a0
MS		 1981 cupsdLogMessage(CUPSD_LOG_ERROR, "%s", message);
1982}
1983
1984
ef416fc2 1985/*
1986 * 'parse_aaa()' - Parse authentication, authorization, and access control lines.
1987 */
1988
1989static int /* O - 1 on success, 0 on failure */
1990parse_aaa(cupsd_location_t *loc, /* I - Location */
1991 char *line, /* I - Line from file */
1992 char *value, /* I - Start of value data */
1993 int linenum) /* I - Current line number */
1994{
1995 char *valptr; /* Pointer into value */
1996 unsigned ip[4], /* IP address components */
1997 mask[4]; /* IP netmask components */
1998
1999
88f9aafc 2000 if (!_cups_strcasecmp(line, "Encryption"))
ef416fc2 2001 {
2002 /*
2003 * "Encryption xxx" - set required encryption level...
2004 */
2005
88f9aafc 2006 if (!_cups_strcasecmp(value, "never"))
ef416fc2 2007 loc->encryption = HTTP_ENCRYPT_NEVER;
88f9aafc 2008 else if (!_cups_strcasecmp(value, "always"))
ef416fc2 2009 {
2010 cupsdLogMessage(CUPSD_LOG_ERROR,
4ef75dec
MS		 2011 "Encryption value \"%s\" on line %d of %s is invalid in this "
2012 "context. Using \"required\" instead.", value, linenum, ConfigurationFile);
ef416fc2 2013
2014 loc->encryption = HTTP_ENCRYPT_REQUIRED;
2015 }
88f9aafc 2016 else if (!_cups_strcasecmp(value, "required"))
ef416fc2 2017 loc->encryption = HTTP_ENCRYPT_REQUIRED;
88f9aafc 2018 else if (!_cups_strcasecmp(value, "ifrequested"))
ef416fc2 2019 loc->encryption = HTTP_ENCRYPT_IF_REQUESTED;
2020 else
2021 {
2022 cupsdLogMessage(CUPSD_LOG_ERROR,
4ef75dec 2023 "Unknown Encryption value %s on line %d of %s.", value, linenum, ConfigurationFile);
ef416fc2 2024 return (0);
2025 }
2026 }
88f9aafc 2027 else if (!_cups_strcasecmp(line, "Order"))
ef416fc2 2028 {
2029 /*
2030 * "Order Deny,Allow" or "Order Allow,Deny"...
2031 */
2032
88f9aafc 2033 if (!_cups_strncasecmp(value, "deny", 4))
5bd77a73 2034 loc->order_type = CUPSD_AUTH_ALLOW;
88f9aafc 2035 else if (!_cups_strncasecmp(value, "allow", 5))
5bd77a73 2036 loc->order_type = CUPSD_AUTH_DENY;
ef416fc2 2037 else
2038 {
4ef75dec
MS		 2039 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown Order value %s on line %d of %s.",
2040 value, linenum, ConfigurationFile);
ef416fc2 2041 return (0);
2042 }
2043 }
88f9aafc 2044 else if (!_cups_strcasecmp(line, "Allow") || !_cups_strcasecmp(line, "Deny"))
ef416fc2 2045 {
2046 /*
2047 * Allow [From] host/ip...
2048 * Deny [From] host/ip...
2049 */
2050
0af14961 2051 while (*value)
ef416fc2 2052 {
88f9aafc 2053 if (!_cups_strncasecmp(value, "from", 4))
0af14961
MS		 2054 {
2055 /*
2056 * Strip leading "from"...
2057 */
ef416fc2 2058
0af14961 2059 value += 4;
ef416fc2 2060
88f9aafc 2061 while (_cups_isspace(*value))
0af14961 2062 value ++;
ef416fc2 2063
0af14961
MS		 2064 if (!*value)
2065 break;
2066 }
ef416fc2 2067
ef416fc2 2068 /*
0af14961 2069 * Find the end of the value...
ef416fc2 2070 */
2071
88f9aafc 2072 for (valptr = value; *valptr && !_cups_isspace(*valptr); valptr ++);
0af14961 2073
88f9aafc 2074 while (_cups_isspace(*valptr))
0af14961
MS		 2075 *valptr++ = '\0';
2076
ef416fc2 2077 /*
0af14961
MS		 2078 * Figure out what form the allow/deny address takes:
2079 *
2080 * All
2081 * None
2082 * *.domain.com
2083 * .domain.com
2084 * host.domain.com
2085 * nnn.*
2086 * nnn.nnn.*
2087 * nnn.nnn.nnn.*
2088 * nnn.nnn.nnn.nnn
2089 * nnn.nnn.nnn.nnn/mm
2090 * nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
ef416fc2 2091 */
2092
88f9aafc 2093 if (!_cups_strcasecmp(value, "all"))
0af14961
MS		 2094 {
2095 /*
2096 * All hosts...
2097 */
2098
88f9aafc 2099 if (!_cups_strcasecmp(line, "Allow"))
10d09e33 2100 cupsdAddIPMask(&(loc->allow), zeros, zeros);
0af14961 2101 else
10d09e33 2102 cupsdAddIPMask(&(loc->deny), zeros, zeros);
0af14961 2103 }
88f9aafc 2104 else if (!_cups_strcasecmp(value, "none"))
0af14961
MS		 2105 {
2106 /*
2107 * No hosts...
2108 */
2109
88f9aafc 2110 if (!_cups_strcasecmp(line, "Allow"))
10d09e33 2111 cupsdAddIPMask(&(loc->allow), ones, zeros);
0af14961 2112 else
10d09e33 2113 cupsdAddIPMask(&(loc->deny), ones, zeros);
0af14961 2114 }
ed486911 2115#ifdef AF_INET6
ef55b745 2116 else if (value[0] == '*' || value[0] == '.' ||
0af14961 2117 (!isdigit(value[0] & 255) && value[0] != '['))
ed486911 2118#else
0af14961 2119 else if (value[0] == '*' || value[0] == '.' || !isdigit(value[0] & 255))
ed486911 2120#endif /* AF_INET6 */
0af14961
MS		 2121 {
2122 /*
2123 * Host or domain name...
2124 */
ef416fc2 2125
0af14961
MS		 2126 if (value[0] == '*')
2127 value ++;
ef416fc2 2128
88f9aafc 2129 if (!_cups_strcasecmp(line, "Allow"))
10d09e33 2130 cupsdAddNameMask(&(loc->allow), value);
0af14961 2131 else
10d09e33 2132 cupsdAddNameMask(&(loc->deny), value);
0af14961 2133 }
ef416fc2 2134 else
ef416fc2 2135 {
0af14961
MS		 2136 /*
2137 * One of many IP address forms...
2138 */
2139
2140 if (!get_addr_and_mask(value, ip, mask))
2141 {
4ef75dec
MS		 2142 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d of %s.",
2143 value, linenum, ConfigurationFile);
0af14961
MS		 2144 return (0);
2145 }
2146
88f9aafc 2147 if (!_cups_strcasecmp(line, "Allow"))
10d09e33 2148 cupsdAddIPMask(&(loc->allow), ip, mask);
0af14961 2149 else
10d09e33 2150 cupsdAddIPMask(&(loc->deny), ip, mask);
ef416fc2 2151 }
2152
0af14961
MS		 2153 /*
2154 * Advance to next value...
2155 */
2156
2157 value = valptr;
ef416fc2 2158 }
2159 }
88f9aafc 2160 else if (!_cups_strcasecmp(line, "AuthType"))
ef416fc2 2161 {
2162 /*
bc44d920 2163 * AuthType {none,basic,digest,basicdigest,negotiate,default}
ef416fc2 2164 */
2165
88f9aafc 2166 if (!_cups_strcasecmp(value, "none"))
ef416fc2 2167 {
5bd77a73
MS		 2168 loc->type = CUPSD_AUTH_NONE;
2169 loc->level = CUPSD_AUTH_ANON;
ef416fc2 2170 }
88f9aafc 2171 else if (!_cups_strcasecmp(value, "basic"))
ef416fc2 2172 {
5bd77a73 2173 loc->type = CUPSD_AUTH_BASIC;
ef416fc2 2174
5bd77a73
MS		 2175 if (loc->level == CUPSD_AUTH_ANON)
2176 loc->level = CUPSD_AUTH_USER;
ef416fc2 2177 }
88f9aafc 2178 else if (!_cups_strcasecmp(value, "default"))
bc44d920 2179 {
5bd77a73 2180 loc->type = CUPSD_AUTH_DEFAULT;
bc44d920 2181
5bd77a73
MS		 2182 if (loc->level == CUPSD_AUTH_ANON)
2183 loc->level = CUPSD_AUTH_USER;
ef416fc2 2184 }
f7deaa1a 2185#ifdef HAVE_GSSAPI
88f9aafc 2186 else if (!_cups_strcasecmp(value, "negotiate"))
f7deaa1a 2187 {
5bd77a73 2188 loc->type = CUPSD_AUTH_NEGOTIATE;
f7deaa1a 2189
5bd77a73
MS		 2190 if (loc->level == CUPSD_AUTH_ANON)
2191 loc->level = CUPSD_AUTH_USER;
f7deaa1a 2192 }
2193#endif /* HAVE_GSSAPI */
ef416fc2 2194 else
2195 {
2196 cupsdLogMessage(CUPSD_LOG_WARN,
4ef75dec
MS		 2197 "Unknown authorization type %s on line %d of %s.",
2198 value, linenum, ConfigurationFile);
ef416fc2 2199 return (0);
2200 }
2201 }
88f9aafc 2202 else if (!_cups_strcasecmp(line, "AuthClass"))
ef416fc2 2203 {
2204 /*
2205 * AuthClass anonymous, user, system, group
2206 */
2207
88f9aafc 2208 if (!_cups_strcasecmp(value, "anonymous"))
ef416fc2 2209 {
5bd77a73
MS		 2210 loc->type = CUPSD_AUTH_NONE;
2211 loc->level = CUPSD_AUTH_ANON;
ef416fc2 2212
2213 cupsdLogMessage(CUPSD_LOG_WARN,
2214 "\"AuthClass %s\" is deprecated; consider removing "
2215 "it from line %d.",
2216 value, linenum);
2217 }
88f9aafc 2218 else if (!_cups_strcasecmp(value, "user"))
ef416fc2 2219 {
5bd77a73 2220 loc->level = CUPSD_AUTH_USER;
ef416fc2 2221
2222 cupsdLogMessage(CUPSD_LOG_WARN,
2223 "\"AuthClass %s\" is deprecated; consider using "
4ef75dec
MS		 2224 "\"Require valid-user\" on line %d of %s.",
2225 value, linenum, ConfigurationFile);
ef416fc2 2226 }
88f9aafc 2227 else if (!_cups_strcasecmp(value, "group"))
ef416fc2 2228 {
5bd77a73 2229 loc->level = CUPSD_AUTH_GROUP;
ef416fc2 2230
2231 cupsdLogMessage(CUPSD_LOG_WARN,
2232 "\"AuthClass %s\" is deprecated; consider using "
4ef75dec
MS		 2233 "\"Require user @groupname\" on line %d of %s.",
2234 value, linenum, ConfigurationFile);
ef416fc2 2235 }
88f9aafc 2236 else if (!_cups_strcasecmp(value, "system"))
ef416fc2 2237 {
5bd77a73 2238 loc->level = CUPSD_AUTH_GROUP;
ef416fc2 2239
2240 cupsdAddName(loc, "@SYSTEM");
2241
2242 cupsdLogMessage(CUPSD_LOG_WARN,
2243 "\"AuthClass %s\" is deprecated; consider using "
4ef75dec
MS		 2244 "\"Require user @SYSTEM\" on line %d of %s.",
2245 value, linenum, ConfigurationFile);
ef416fc2 2246 }
2247 else
2248 {
2249 cupsdLogMessage(CUPSD_LOG_WARN,
4ef75dec
MS		 2250 "Unknown authorization class %s on line %d of %s.",
2251 value, linenum, ConfigurationFile);
ef416fc2 2252 return (0);
2253 }
2254 }
88f9aafc 2255 else if (!_cups_strcasecmp(line, "AuthGroupName"))
ef416fc2 2256 {
2257 cupsdAddName(loc, value);
2258
2259 cupsdLogMessage(CUPSD_LOG_WARN,
2260 "\"AuthGroupName %s\" directive is deprecated; consider "
4ef75dec
MS		 2261 "using \"Require user @%s\" on line %d of %s.",
2262 value, value, linenum, ConfigurationFile);
ef416fc2 2263 }
88f9aafc 2264 else if (!_cups_strcasecmp(line, "Require"))
ef416fc2 2265 {
2266 /*
2267 * Apache synonym for AuthClass and AuthGroupName...
2268 *
2269 * Get initial word:
2270 *
2271 * Require valid-user
2272 * Require group names
2273 * Require user names
2274 */
2275
88f9aafc 2276 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
ef416fc2 2277
2278 if (*valptr)
2279 *valptr++ = '\0';
2280
88f9aafc
MS		 2281 if (!_cups_strcasecmp(value, "valid-user") ||
2282 !_cups_strcasecmp(value, "user"))
5bd77a73 2283 loc->level = CUPSD_AUTH_USER;
88f9aafc 2284 else if (!_cups_strcasecmp(value, "group"))
5bd77a73 2285 loc->level = CUPSD_AUTH_GROUP;
ef416fc2 2286 else
2287 {
4ef75dec
MS		 2288 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Require type %s on line %d of %s.",
2289 value, linenum, ConfigurationFile);
ef416fc2 2290 return (0);
2291 }
2292
2293 /*
2294 * Get the list of names from the line...
2295 */
2296
2297 for (value = valptr; *value;)
2298 {
88f9aafc 2299 while (_cups_isspace(*value))
ef416fc2 2300 value ++;
2301
f7deaa1a 2302#ifdef HAVE_AUTHORIZATION_H
2303 if (!strncmp(value, "@AUTHKEY(", 9))
2304 {
2305 /*
2306 * Grab "@AUTHKEY(name)" value...
2307 */
2308
2309 for (valptr = value + 9; *valptr != ')' && *valptr; valptr ++);
2310
2311 if (*valptr)
2312 *valptr++ = '\0';
2313 }
2314 else
2315#endif /* HAVE_AUTHORIZATION_H */
ef416fc2 2316 if (*value == '\"' || *value == '\'')
2317 {
2318 /*
2319 * Grab quoted name...
2320 */
2321
2322 for (valptr = value + 1; *valptr != *value && *valptr; valptr ++);
2323
2324 value ++;
2325 }
2326 else
2327 {
2328 /*
2329 * Grab literal name.
2330 */
2331
88f9aafc 2332 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
ef416fc2 2333 }
2334
2335 if (*valptr)
2336 *valptr++ = '\0';
2337
2338 cupsdAddName(loc, value);
2339
88f9aafc 2340 for (value = valptr; _cups_isspace(*value); value ++);
ef416fc2 2341 }
2342 }
88f9aafc 2343 else if (!_cups_strcasecmp(line, "Satisfy"))
ef416fc2 2344 {
88f9aafc 2345 if (!_cups_strcasecmp(value, "all"))
5bd77a73 2346 loc->satisfy = CUPSD_AUTH_SATISFY_ALL;
88f9aafc 2347 else if (!_cups_strcasecmp(value, "any"))
5bd77a73 2348 loc->satisfy = CUPSD_AUTH_SATISFY_ANY;
ef416fc2 2349 else
2350 {
4ef75dec
MS		 2351 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Satisfy value %s on line %d of %s.",
2352 value, linenum, ConfigurationFile);
ef416fc2 2353 return (0);
2354 }
2355 }
2356 else
2357 return (0);
2358
2359 return (1);
2360}
2361
2362
49d87452
MS		 2363/*
2364 * 'parse_fatal_errors()' - Parse FatalErrors values in a string.
2365 */
2366
2367static int /* O - FatalErrors bits */
2368parse_fatal_errors(const char *s) /* I - FatalErrors string */
2369{
2370 int fatal; /* FatalErrors bits */
2371 char value[1024], /* Value string */
2372 *valstart, /* Pointer into value */
2373 *valend; /* End of value */
2374
2375
2376 /*
2377 * Empty FatalErrors line yields NULL pointer...
2378 */
2379
2380 if (!s)
2381 return (CUPSD_FATAL_NONE);
2382
2383 /*
2384 * Loop through the value string,...
2385 */
2386
2387 strlcpy(value, s, sizeof(value));
2388
2389 fatal = CUPSD_FATAL_NONE;
2390
2391 for (valstart = value; *valstart;)
2392 {
2393 /*
2394 * Get the current space/comma-delimited kind name...
2395 */
2396
2397 for (valend = valstart; *valend; valend ++)
88f9aafc 2398 if (_cups_isspace(*valend) || *valend == ',')
49d87452
MS		 2399 break;
2400
2401 if (*valend)
2402 *valend++ = '\0';
2403
2404 /*
2405 * Add the error to the bitmask...
2406 */
2407
88f9aafc 2408 if (!_cups_strcasecmp(valstart, "all"))
49d87452 2409 fatal = CUPSD_FATAL_ALL;
88f9aafc 2410 else if (!_cups_strcasecmp(valstart, "browse"))
49d87452 2411 fatal |= CUPSD_FATAL_BROWSE;
88f9aafc 2412 else if (!_cups_strcasecmp(valstart, "-browse"))
49d87452 2413 fatal &= ~CUPSD_FATAL_BROWSE;
88f9aafc 2414 else if (!_cups_strcasecmp(valstart, "config"))
49d87452 2415 fatal |= CUPSD_FATAL_CONFIG;
88f9aafc 2416 else if (!_cups_strcasecmp(valstart, "-config"))
49d87452 2417 fatal &= ~CUPSD_FATAL_CONFIG;
88f9aafc 2418 else if (!_cups_strcasecmp(valstart, "listen"))
49d87452 2419 fatal |= CUPSD_FATAL_LISTEN;
88f9aafc 2420 else if (!_cups_strcasecmp(valstart, "-listen"))
49d87452 2421 fatal &= ~CUPSD_FATAL_LISTEN;
88f9aafc 2422 else if (!_cups_strcasecmp(valstart, "log"))
49d87452 2423 fatal |= CUPSD_FATAL_LOG;
88f9aafc 2424 else if (!_cups_strcasecmp(valstart, "-log"))
49d87452 2425 fatal &= ~CUPSD_FATAL_LOG;
88f9aafc 2426 else if (!_cups_strcasecmp(valstart, "permissions"))
49d87452 2427 fatal |= CUPSD_FATAL_PERMISSIONS;
88f9aafc 2428 else if (!_cups_strcasecmp(valstart, "-permissions"))
49d87452 2429 fatal &= ~CUPSD_FATAL_PERMISSIONS;
88f9aafc 2430 else if (_cups_strcasecmp(valstart, "none"))
49d87452 2431 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 2432 "Unknown FatalErrors kind \"%s\" ignored.", valstart);
49d87452
MS		 2433
2434 for (valstart = valend; *valstart; valstart ++)
88f9aafc 2435 if (!_cups_isspace(*valstart) || *valstart != ',')
49d87452
MS		 2436 break;
2437 }
2438
2439 return (fatal);
2440}
2441
2442
bd7854cb 2443/*
2444 * 'parse_groups()' - Parse system group names in a string.
2445 */
2446
2447static int /* O - 1 on success, 0 on failure */
2448parse_groups(const char *s) /* I - Space-delimited groups */
2449{
2450 int status; /* Return status */
2451 char value[1024], /* Value string */
2452 *valstart, /* Pointer into value */
2453 *valend, /* End of value */
2454 quote; /* Quote character */
2455 struct group *group; /* Group */
2456
2457
2458 /*
2459 * Make a copy of the string and parse out the groups...
2460 */
2461
2462 strlcpy(value, s, sizeof(value));
2463
2464 status = 1;
2465 valstart = value;
2466
2467 while (*valstart && NumSystemGroups < MAX_SYSTEM_GROUPS)
2468 {
2469 if (*valstart == '\'' || *valstart == '\"')
2470 {
2471 /*
2472 * Scan quoted name...
2473 */
2474
2475 quote = *valstart++;
2476
2477 for (valend = valstart; *valend; valend ++)
2478 if (*valend == quote)
2479 break;
2480 }
2481 else
2482 {
2483 /*
2484 * Scan space or comma-delimited name...
2485 */
2486
2487 for (valend = valstart; *valend; valend ++)
88f9aafc 2488 if (_cups_isspace(*valend) || *valend == ',')
bd7854cb 2489 break;
2490 }
2491
2492 if (*valend)
2493 *valend++ = '\0';
2494
2495 group = getgrnam(valstart);
2496 if (group)
2497 {
2498 cupsdSetString(SystemGroups + NumSystemGroups, valstart);
2499 SystemGroupIDs[NumSystemGroups] = group->gr_gid;
2500
2501 NumSystemGroups ++;
2502 }
2503 else
2504 status = 0;
2505
2506 endgrent();
2507
2508 valstart = valend;
2509
88f9aafc 2510 while (*valstart == ',' || _cups_isspace(*valstart))
bd7854cb 2511 valstart ++;
2512 }
2513
2514 return (status);
2515}
2516
2517
2518/*
2519 * 'parse_protocols()' - Parse browse protocols in a string.
2520 */
2521
2522static int /* O - Browse protocol bits */
2523parse_protocols(const char *s) /* I - Space-delimited protocols */
2524{
2525 int protocols; /* Browse protocol bits */
2526 char value[1024], /* Value string */
2527 *valstart, /* Pointer into value */
2528 *valend; /* End of value */
2529
2530
d09495fa 2531 /*
2532 * Empty protocol line yields NULL pointer...
2533 */
2534
2535 if (!s)
2536 return (0);
2537
bd7854cb 2538 /*
2539 * Loop through the value string,...
2540 */
2541
2542 strlcpy(value, s, sizeof(value));
2543
2544 protocols = 0;
2545
2546 for (valstart = value; *valstart;)
2547 {
2548 /*
2549 * Get the current space/comma-delimited protocol name...
2550 */
2551
2552 for (valend = valstart; *valend; valend ++)
88f9aafc 2553 if (_cups_isspace(*valend) || *valend == ',')
bd7854cb 2554 break;
2555
2556 if (*valend)
2557 *valend++ = '\0';
2558
2559 /*
2560 * Add the protocol to the bitmask...
2561 */
2562
a2326b5b
MS		 2563 if (!_cups_strcasecmp(valstart, "dnssd") ||
2564 !_cups_strcasecmp(valstart, "dns-sd") ||
2565 !_cups_strcasecmp(valstart, "bonjour"))
bd7854cb 2566 protocols |= BROWSE_DNSSD;
88f9aafc 2567 else if (!_cups_strcasecmp(valstart, "all"))
bd7854cb 2568 protocols |= BROWSE_ALL;
88f9aafc 2569 else if (_cups_strcasecmp(valstart, "none"))
a41f09e2 2570 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 2571 "Unknown browse protocol \"%s\" ignored.", valstart);
bd7854cb 2572
2573 for (valstart = valend; *valstart; valstart ++)
88f9aafc 2574 if (!_cups_isspace(*valstart) || *valstart != ',')
bd7854cb 2575 break;
2576 }
2577
2578 return (protocols);
2579}
2580
2581
ef416fc2 2582/*
c41769ff 2583 * 'parse_variable()' - Parse a variable line.
ef416fc2 2584 */
2585
2586static int /* O - 1 on success, 0 on failure */
c41769ff
MS		 2587parse_variable(
2588 const char *filename, /* I - Name of configuration file */
2589 int linenum, /* I - Line in configuration file */
2590 const char *line, /* I - Line from configuration file */
2591 const char *value, /* I - Value from configuration file */
2592 size_t num_vars, /* I - Number of variables */
2593 const cupsd_var_t *vars) /* I - Variables */
2594{
2595 size_t i; /* Looping var */
2596 const cupsd_var_t *var; /* Variables */
2597 char temp[1024]; /* Temporary string */
2598
2599
2600 for (i = num_vars, var = vars; i > 0; i --, var ++)
2601 if (!_cups_strcasecmp(line, var->name))
2602 break;
2603
2604 if (i == 0)
2605 {
2606 /*
2607 * Unknown directive! Output an error message and continue...
2608 */
2609
2610 if (!value)
2611 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.",
2612 line, linenum, filename);
2613 else
2614 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
2615 line, linenum, filename);
2616
2617 return (0);
2618 }
2619
2620 switch (var->type)
2621 {
2622 case CUPSD_VARTYPE_INTEGER :
2623 if (!value)
2624 {
2625 cupsdLogMessage(CUPSD_LOG_ERROR,
2626 "Missing integer value for %s on line %d of %s.",
2627 line, linenum, filename);
2628 return (0);
2629 }
2630 else if (!isdigit(*value & 255))
2631 {
2632 cupsdLogMessage(CUPSD_LOG_ERROR,
2633 "Bad integer value for %s on line %d of %s.",
2634 line, linenum, filename);
2635 return (0);
2636 }
2637 else
2638 {
2639 int n; /* Number */
2640 char *units; /* Units */
2641
2642 n = strtol(value, &units, 0);
2643
2644 if (units && *units)
2645 {
2646 if (tolower(units[0] & 255) == 'g')
2647 n *= 1024 * 1024 * 1024;
2648 else if (tolower(units[0] & 255) == 'm')
2649 n *= 1024 * 1024;
2650 else if (tolower(units[0] & 255) == 'k')
2651 n *= 1024;
2652 else if (tolower(units[0] & 255) == 't')
2653 n *= 262144;
2654 else
2655 {
2656 cupsdLogMessage(CUPSD_LOG_ERROR,
2657 "Unknown integer value for %s on line %d of %s.",
2658 line, linenum, filename);
2659 return (0);
2660 }
2661 }
2662
2663 if (n < 0)
2664 {
2665 cupsdLogMessage(CUPSD_LOG_ERROR,
2666 "Bad negative integer value for %s on line %d of "
2667 "%s.", line, linenum, filename);
2668 return (0);
2669 }
2670 else
2671 {
2672 *((int *)var->ptr) = n;
2673 }
2674 }
2675 break;
2676
1a18c85c
MS		 2677 case CUPSD_VARTYPE_PERM :
2678 if (!value)
2679 {
2680 cupsdLogMessage(CUPSD_LOG_ERROR,
2681 "Missing permissions value for %s on line %d of %s.",
2682 line, linenum, filename);
2683 return (0);
2684 }
2685 else if (!isdigit(*value & 255))
2686 {
2687 /* TODO: Add chmod UGO syntax support */
2688 cupsdLogMessage(CUPSD_LOG_ERROR,
2689 "Bad permissions value for %s on line %d of %s.",
2690 line, linenum, filename);
2691 return (0);
2692 }
2693 else
2694 {
2695 int n = strtol(value, NULL, 8);
2696 /* Permissions value */
2697
2698 if (n < 0)
2699 {
2700 cupsdLogMessage(CUPSD_LOG_ERROR,
2701 "Bad negative permissions value for %s on line %d of "
2702 "%s.", line, linenum, filename);
2703 return (0);
2704 }
2705 else
2706 {
2707 *((mode_t *)var->ptr) = (mode_t)n;
2708 }
2709 }
2710 break;
2711
c41769ff
MS		 2712 case CUPSD_VARTYPE_TIME :
2713 if (!value)
2714 {
2715 cupsdLogMessage(CUPSD_LOG_ERROR,
2716 "Missing time interval value for %s on line %d of "
2717 "%s.", line, linenum, filename);
2718 return (0);
2719 }
2720 else if (!_cups_strncasecmp(line, "PreserveJob", 11) &&
2721 (!_cups_strcasecmp(value, "true") ||
2722 !_cups_strcasecmp(value, "on") ||
2723 !_cups_strcasecmp(value, "enabled") ||
2724 !_cups_strcasecmp(value, "yes")))
2725 {
2726 *((int *)var->ptr) = INT_MAX;
2727 }
2728 else if (!_cups_strcasecmp(value, "false") ||
2729 !_cups_strcasecmp(value, "off") ||
2730 !_cups_strcasecmp(value, "disabled") ||
2731 !_cups_strcasecmp(value, "no"))
2732 {
2733 *((int *)var->ptr) = 0;
2734 }
2735 else if (!isdigit(*value & 255))
2736 {
2737 cupsdLogMessage(CUPSD_LOG_ERROR,
2738 "Unknown time interval value for %s on line %d of "
2739 "%s.", line, linenum, filename);
2740 return (0);
2741 }
2742 else
2743 {
2744 double n; /* Number */
2745 char *units; /* Units */
2746
2747 n = strtod(value, &units);
2748
2749 if (units && *units)
2750 {
2751 if (tolower(units[0] & 255) == 'w')
2752 n *= 7 * 24 * 60 * 60;
2753 else if (tolower(units[0] & 255) == 'd')
2754 n *= 24 * 60 * 60;
2755 else if (tolower(units[0] & 255) == 'h')
2756 n *= 60 * 60;
2757 else if (tolower(units[0] & 255) == 'm')
2758 n *= 60;
2759 else
2760 {
2761 cupsdLogMessage(CUPSD_LOG_ERROR,
2762 "Unknown time interval value for %s on line "
2763 "%d of %s.", line, linenum, filename);
2764 return (0);
2765 }
2766 }
2767
2768 if (n < 0.0 || n > INT_MAX)
2769 {
2770 cupsdLogMessage(CUPSD_LOG_ERROR,
2771 "Bad time value for %s on line %d of %s.",
2772 line, linenum, filename);
2773 return (0);
2774 }
2775 else
2776 {
2777 *((int *)var->ptr) = (int)n;
2778 }
2779 }
2780 break;
2781
2782 case CUPSD_VARTYPE_BOOLEAN :
2783 if (!value)
2784 {
2785 cupsdLogMessage(CUPSD_LOG_ERROR,
2786 "Missing boolean value for %s on line %d of %s.",
2787 line, linenum, filename);
2788 return (0);
2789 }
2790 else if (!_cups_strcasecmp(value, "true") ||
2791 !_cups_strcasecmp(value, "on") ||
2792 !_cups_strcasecmp(value, "enabled") ||
2793 !_cups_strcasecmp(value, "yes") ||
2794 atoi(value) != 0)
2795 {
2796 *((int *)var->ptr) = TRUE;
2797 }
2798 else if (!_cups_strcasecmp(value, "false") ||
2799 !_cups_strcasecmp(value, "off") ||
2800 !_cups_strcasecmp(value, "disabled") ||
2801 !_cups_strcasecmp(value, "no") ||
2802 !_cups_strcasecmp(value, "0"))
2803 {
2804 *((int *)var->ptr) = FALSE;
2805 }
2806 else
2807 {
2808 cupsdLogMessage(CUPSD_LOG_ERROR,
2809 "Unknown boolean value %s on line %d of %s.",
2810 value, linenum, filename);
2811 return (0);
2812 }
2813 break;
2814
2815 case CUPSD_VARTYPE_PATHNAME :
2816 if (!value)
2817 {
2818 cupsdLogMessage(CUPSD_LOG_ERROR,
2819 "Missing pathname value for %s on line %d of %s.",
2820 line, linenum, filename);
2821 return (0);
2822 }
2823
2824 if (value[0] == '/')
2825 strlcpy(temp, value, sizeof(temp));
2826 else
2827 snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value);
2828
2829 if (access(temp, 0))
2830 {
2831 cupsdLogMessage(CUPSD_LOG_ERROR,
2832 "File or directory for \"%s %s\" on line %d of %s "
2833 "does not exist.", line, value, linenum, filename);
2834 return (0);
2835 }
2836
2837 cupsdSetString((char **)var->ptr, temp);
2838 break;
2839
2840 case CUPSD_VARTYPE_STRING :
2841 cupsdSetString((char **)var->ptr, value);
2842 break;
2843 }
2844
2845 return (1);
2846}
2847
2848
2849/*
2850 * 'read_cupsd_conf()' - Read the cupsd.conf configuration file.
2851 */
2852
2853static int /* O - 1 on success, 0 on failure */
2854read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
ef416fc2 2855{
ef416fc2 2856 int linenum; /* Current line number */
2857 char line[HTTP_MAX_BUFFER],
2858 /* Line from file */
2859 temp[HTTP_MAX_BUFFER],
2860 /* Temporary buffer for value */
ef416fc2 2861 *value, /* Pointer to value */
bd7854cb 2862 *valueptr; /* Pointer into value */
ef416fc2 2863 int valuelen; /* Length of value */
ef416fc2 2864 http_addrlist_t *addrlist, /* Address list */
2865 *addr; /* Current address */
ef416fc2 2866 cups_file_t *incfile; /* Include file */
2867 char incname[1024]; /* Include filename */
ef416fc2 2868
2869
2870 /*
2871 * Loop through each line in the file...
2872 */
2873
2874 linenum = 0;
2875
2876 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
2877 {
2878 /*
2879 * Decode the directive...
2880 */
2881
88f9aafc 2882 if (!_cups_strcasecmp(line, "Include") && value)
ef416fc2 2883 {
2884 /*
2885 * Include filename
2886 */
2887
2888 if (value[0] == '/')
2889 strlcpy(incname, value, sizeof(incname));
2890 else
2891 snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value);
2892
2893 if ((incfile = cupsFileOpen(incname, "rb")) == NULL)
2894 cupsdLogMessage(CUPSD_LOG_ERROR,
2895 "Unable to include config file \"%s\" - %s",
2896 incname, strerror(errno));
2897 else
2898 {
c41769ff 2899 read_cupsd_conf(incfile);
ef416fc2 2900 cupsFileClose(incfile);
2901 }
2902 }
88f9aafc 2903 else if (!_cups_strcasecmp(line, "<Location") && value)
ef416fc2 2904 {
2905 /*
2906 * <Location path>
2907 */
2908
c934a06c
MS		 2909 linenum = read_location(fp, value, linenum);
2910 if (linenum == 0)
2911 return (0);
ef416fc2 2912 }
88f9aafc 2913 else if (!_cups_strcasecmp(line, "<Policy") && value)
ef416fc2 2914 {
2915 /*
2916 * <Policy name>
2917 */
2918
c934a06c
MS		 2919 linenum = read_policy(fp, value, linenum);
2920 if (linenum == 0)
2921 return (0);
ef416fc2 2922 }
88f9aafc 2923 else if (!_cups_strcasecmp(line, "FaxRetryInterval") && value)
ef416fc2 2924 {
c934a06c
MS		 2925 JobRetryInterval = atoi(value);
2926 cupsdLogMessage(CUPSD_LOG_WARN,
2927 "FaxRetryInterval is deprecated; use "
4ef75dec 2928 "JobRetryInterval on line %d of %s.", linenum, ConfigurationFile);
ef416fc2 2929 }
88f9aafc 2930 else if (!_cups_strcasecmp(line, "FaxRetryLimit") && value)
ef416fc2 2931 {
c934a06c
MS		 2932 JobRetryLimit = atoi(value);
2933 cupsdLogMessage(CUPSD_LOG_WARN,
2934 "FaxRetryLimit is deprecated; use "
4ef75dec 2935 "JobRetryLimit on line %d of %s.", linenum, ConfigurationFile);
ef416fc2 2936 }
4ef75dec 2937#ifdef HAVE_SSL
86243a75
MS		 2938 else if (!_cups_strcasecmp(line, "SSLOptions"))
2939 {
2940 /*
2941 * SSLOptions [AllowRC4] [AllowSSL3] [None]
2942 */
2943
2944 int options = 0; /* SSL/TLS options */
2945
2946 if (value)
2947 {
2948 char *start, /* Start of option */
2949 *end; /* End of option */
2950
2951 for (start = value; *start; start = end)
2952 {
2953 /*
2954 * Find end of keyword...
2955 */
2956
2957 end = start;
2958 while (*end && !_cups_isspace(*end))
2959 end ++;
2960
2961 if (*end)
2962 *end++ = '\0';
2963
2964 /*
2965 * Compare...
2966 */
2967
2968 if (!_cups_strcasecmp(start, "AllowRC4"))
2969 options |= _HTTP_TLS_ALLOW_RC4;
2970 else if (!_cups_strcasecmp(start, "AllowSSL3"))
2971 options |= _HTTP_TLS_ALLOW_SSL3;
2972 else if (!_cups_strcasecmp(start, "None"))
2973 options = 0;
2974 else if (_cups_strcasecmp(start, "NoEmptyFragments"))
2975 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown SSL option %s at line %d.", start, linenum);
2976 }
2977 }
2978
2979 _httpTLSSetOptions(options);
2980 }
4ef75dec 2981#endif /* HAVE_SSL */
f99f3698 2982 else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")
ef416fc2 2983#ifdef HAVE_SSL
88f9aafc 2984 || !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen")
ef416fc2 2985#endif /* HAVE_SSL */
f99f3698 2986 ) && value)
ef416fc2 2987 {
2988 /*
2989 * Add listening address(es) to the list...
2990 */
2991
2992 cupsd_listener_t *lis; /* New listeners array */
2993
2994
2995 /*
2996 * Get the address list...
2997 */
2998
2999 addrlist = get_address(value, IPP_PORT);
3000
3001 if (!addrlist)
3002 {
3003 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad %s address %s at line %d.", line,
3004 value, linenum);
3005 continue;
3006 }
3007
3008 /*
3009 * Add each address...
3010 */
3011
3012 for (addr = addrlist; addr; addr = addr->next)
3013 {
49d87452
MS		 3014 /*
3015 * See if this address is already present...
3016 */
3017
3018 for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners);
3019 lis;
3020 lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
3021 if (httpAddrEqual(&(addr->addr), &(lis->address)) &&
a469f8a5 3022 httpAddrPort(&(addr->addr)) == httpAddrPort(&(lis->address)))
49d87452
MS		 3023 break;
3024
3025 if (lis)
3026 {
b9367124
MS		 3027#if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
3028 if (!lis->on_demand)
3029#endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
3030 {
3031 httpAddrString(&lis->address, temp, sizeof(temp));
3032 cupsdLogMessage(CUPSD_LOG_WARN,
3033 "Duplicate listen address \"%s\" ignored.", temp);
3034 }
3035
49d87452
MS		 3036 continue;
3037 }
3038
ef416fc2 3039 /*
3040 * Allocate another listener...
3041 */
3042
bd7854cb 3043 if (!Listeners)
3044 Listeners = cupsArrayNew(NULL, NULL);
ef416fc2 3045
bd7854cb 3046 if (!Listeners)
ef416fc2 3047 {
3048 cupsdLogMessage(CUPSD_LOG_ERROR,
3049 "Unable to allocate %s at line %d - %s.",
3050 line, linenum, strerror(errno));
3051 break;
3052 }
3053
bd7854cb 3054 if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
3055 {
3056 cupsdLogMessage(CUPSD_LOG_ERROR,
3057 "Unable to allocate %s at line %d - %s.",
3058 line, linenum, strerror(errno));
3059 break;
3060 }
3061
3062 cupsArrayAdd(Listeners, lis);
ef416fc2 3063
3064 /*
3065 * Copy the current address and log it...
3066 */
3067
ef416fc2 3068 memcpy(&(lis->address), &(addr->addr), sizeof(lis->address));
a4d04587 3069 lis->fd = -1;
ef416fc2 3070
3071#ifdef HAVE_SSL
88f9aafc 3072 if (!_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen"))
ef416fc2 3073 lis->encryption = HTTP_ENCRYPT_ALWAYS;
3074#endif /* HAVE_SSL */
3075
a4d04587 3076 httpAddrString(&lis->address, temp, sizeof(temp));
3077
ef416fc2 3078#ifdef AF_LOCAL
3079 if (lis->address.addr.sa_family == AF_LOCAL)
3080 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s (Domain)", temp);
3081 else
3082#endif /* AF_LOCAL */
22c9029b 3083 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s:%d (IPv%d)", temp,
a469f8a5 3084 httpAddrPort(&(lis->address)),
1a18c85c 3085 httpAddrFamily(&(lis->address)) == AF_INET ? 4 : 6);
d1c13e16
MS		 3086
3087 if (!httpAddrLocalhost(&(lis->address)))
a469f8a5 3088 RemotePort = httpAddrPort(&(lis->address));
ef416fc2 3089 }
3090
3091 /*
3092 * Free the list...
3093 */
3094
3095 httpAddrFreeList(addrlist);
3096 }
88f9aafc 3097 else if (!_cups_strcasecmp(line, "BrowseProtocols") ||
a2326b5b 3098 !_cups_strcasecmp(line, "BrowseLocalProtocols"))
ef416fc2 3099 {
3100 /*
bd7854cb 3101 * "BrowseProtocols name [... name]"
3102 * "BrowseLocalProtocols name [... name]"
ef416fc2 3103 */
3104
bd7854cb 3105 int protocols = parse_protocols(value);
ef416fc2 3106
bd7854cb 3107 if (protocols < 0)
ef416fc2 3108 {
bd7854cb 3109 cupsdLogMessage(CUPSD_LOG_ERROR,
4ef75dec
MS		 3110 "Unknown browse protocol \"%s\" on line %d of %s.",
3111 value, linenum, ConfigurationFile);
bd7854cb 3112 break;
ef416fc2 3113 }
bd7854cb 3114
a2326b5b 3115 BrowseLocalProtocols = protocols;
ef416fc2 3116 }
c41769ff 3117 else if (!_cups_strcasecmp(line, "DefaultAuthType") && value)
ef416fc2 3118 {
3119 /*
c41769ff 3120 * DefaultAuthType {basic,digest,basicdigest,negotiate}
ef416fc2 3121 */
3122
88f9aafc 3123 if (!_cups_strcasecmp(value, "none"))
dcb445bc 3124 default_auth_type = CUPSD_AUTH_NONE;
88f9aafc 3125 else if (!_cups_strcasecmp(value, "basic"))
dcb445bc 3126 default_auth_type = CUPSD_AUTH_BASIC;
f7deaa1a 3127#ifdef HAVE_GSSAPI
88f9aafc 3128 else if (!_cups_strcasecmp(value, "negotiate"))
dcb445bc 3129 default_auth_type = CUPSD_AUTH_NEGOTIATE;
f7deaa1a 3130#endif /* HAVE_GSSAPI */
dcb445bc
MS		 3131 else if (!_cups_strcasecmp(value, "auto"))
3132 default_auth_type = CUPSD_AUTH_AUTO;
ef416fc2 3133 else
3134 {
3135 cupsdLogMessage(CUPSD_LOG_WARN,
4ef75dec
MS		 3136 "Unknown default authorization type %s on line %d of %s.",
3137 value, linenum, ConfigurationFile);
49d87452
MS		 3138 if (FatalErrors & CUPSD_FATAL_CONFIG)
3139 return (0);
ef416fc2 3140 }
3141 }
4744bd90 3142#ifdef HAVE_SSL
88f9aafc 3143 else if (!_cups_strcasecmp(line, "DefaultEncryption"))
4744bd90 3144 {
3145 /*
3146 * DefaultEncryption {Never,IfRequested,Required}
3147 */
3148
88f9aafc 3149 if (!value || !_cups_strcasecmp(value, "never"))
4744bd90 3150 DefaultEncryption = HTTP_ENCRYPT_NEVER;
88f9aafc 3151 else if (!_cups_strcasecmp(value, "required"))
4744bd90 3152 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
88f9aafc 3153 else if (!_cups_strcasecmp(value, "ifrequested"))
4744bd90 3154 DefaultEncryption = HTTP_ENCRYPT_IF_REQUESTED;
3155 else
3156 {
3157 cupsdLogMessage(CUPSD_LOG_WARN,
4ef75dec
MS		 3158 "Unknown default encryption %s on line %d of %s.",
3159 value, linenum, ConfigurationFile);
49d87452
MS		 3160 if (FatalErrors & CUPSD_FATAL_CONFIG)
3161 return (0);
4744bd90 3162 }
3163 }
3164#endif /* HAVE_SSL */
88f9aafc 3165 else if (!_cups_strcasecmp(line, "HostNameLookups") && value)
ef416fc2 3166 {
3167 /*
3168 * Do hostname lookups?
3169 */
3170
88f9aafc
MS		 3171 if (!_cups_strcasecmp(value, "off") || !_cups_strcasecmp(value, "no") ||
3172 !_cups_strcasecmp(value, "false"))
ef416fc2 3173 HostNameLookups = 0;
88f9aafc
MS		 3174 else if (!_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "yes") ||
3175 !_cups_strcasecmp(value, "true"))
ef416fc2 3176 HostNameLookups = 1;
88f9aafc 3177 else if (!_cups_strcasecmp(value, "double"))
ef416fc2 3178 HostNameLookups = 2;
3179 else
4ef75dec
MS		 3180 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown HostNameLookups %s on line %d of %s.",
3181 value, linenum, ConfigurationFile);
ef416fc2 3182 }
88f9aafc 3183 else if (!_cups_strcasecmp(line, "AccessLogLevel") && value)
1f0275e3
MS		 3184 {
3185 /*
3186 * Amount of logging to do to access log...
3187 */
3188
88f9aafc 3189 if (!_cups_strcasecmp(value, "all"))
1f0275e3 3190 AccessLogLevel = CUPSD_ACCESSLOG_ALL;
88f9aafc 3191 else if (!_cups_strcasecmp(value, "actions"))
1f0275e3 3192 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
88f9aafc 3193 else if (!_cups_strcasecmp(value, "config"))
1f0275e3 3194 AccessLogLevel = CUPSD_ACCESSLOG_CONFIG;
1a18c85c
MS		 3195 else if (!_cups_strcasecmp(value, "none"))
3196 AccessLogLevel = CUPSD_ACCESSLOG_NONE;
1f0275e3 3197 else
4ef75dec
MS		 3198 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown AccessLogLevel %s on line %d of %s.",
3199 value, linenum, ConfigurationFile);
1f0275e3 3200 }
88f9aafc 3201 else if (!_cups_strcasecmp(line, "LogLevel") && value)
ef416fc2 3202 {
3203 /*
1f0275e3 3204 * Amount of logging to do to error log...
ef416fc2 3205 */
3206
88f9aafc 3207 if (!_cups_strcasecmp(value, "debug2"))
ef416fc2 3208 LogLevel = CUPSD_LOG_DEBUG2;
88f9aafc 3209 else if (!_cups_strcasecmp(value, "debug"))
ef416fc2 3210 LogLevel = CUPSD_LOG_DEBUG;
88f9aafc 3211 else if (!_cups_strcasecmp(value, "info"))
ef416fc2 3212 LogLevel = CUPSD_LOG_INFO;
88f9aafc 3213 else if (!_cups_strcasecmp(value, "notice"))
ef416fc2 3214 LogLevel = CUPSD_LOG_NOTICE;
88f9aafc 3215 else if (!_cups_strcasecmp(value, "warn"))
ef416fc2 3216 LogLevel = CUPSD_LOG_WARN;
88f9aafc 3217 else if (!_cups_strcasecmp(value, "error"))
ef416fc2 3218 LogLevel = CUPSD_LOG_ERROR;
88f9aafc 3219 else if (!_cups_strcasecmp(value, "crit"))
ef416fc2 3220 LogLevel = CUPSD_LOG_CRIT;
88f9aafc 3221 else if (!_cups_strcasecmp(value, "alert"))
ef416fc2 3222 LogLevel = CUPSD_LOG_ALERT;
88f9aafc 3223 else if (!_cups_strcasecmp(value, "emerg"))
ef416fc2 3224 LogLevel = CUPSD_LOG_EMERG;
88f9aafc 3225 else if (!_cups_strcasecmp(value, "none"))
ef416fc2 3226 LogLevel = CUPSD_LOG_NONE;
3227 else
4ef75dec
MS		 3228 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogLevel %s on line %d of %s.",
3229 value, linenum, ConfigurationFile);
ef416fc2 3230 }
88f9aafc 3231 else if (!_cups_strcasecmp(line, "LogTimeFormat") && value)
dfd5680b
MS		 3232 {
3233 /*
3234 * Amount of logging to do to error log...
3235 */
3236
88f9aafc 3237 if (!_cups_strcasecmp(value, "standard"))
dfd5680b 3238 LogTimeFormat = CUPSD_TIME_STANDARD;
88f9aafc 3239 else if (!_cups_strcasecmp(value, "usecs"))
dfd5680b
MS		 3240 LogTimeFormat = CUPSD_TIME_USECS;
3241 else
4ef75dec
MS		 3242 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogTimeFormat %s on line %d of %s.",
3243 value, linenum, ConfigurationFile);
dfd5680b 3244 }
88f9aafc 3245 else if (!_cups_strcasecmp(line, "ServerTokens") && value)
ef416fc2 3246 {
3247 /*
3248 * Set the string used for the Server header...
3249 */
3250
3251 struct utsname plat; /* Platform info */
3252
3253
3254 uname(&plat);
3255
88f9aafc 3256 if (!_cups_strcasecmp(value, "ProductOnly"))
db8b865d 3257 cupsdSetString(&ServerHeader, "CUPS IPP");
88f9aafc 3258 else if (!_cups_strcasecmp(value, "Major"))
db8b865d 3259 cupsdSetStringf(&ServerHeader, "CUPS/%d IPP/2", CUPS_VERSION_MAJOR);
88f9aafc 3260 else if (!_cups_strcasecmp(value, "Minor"))
db8b865d 3261 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d IPP/2.1", CUPS_VERSION_MAJOR,
771bd8cb 3262 CUPS_VERSION_MINOR);
88f9aafc 3263 else if (!_cups_strcasecmp(value, "Minimal"))
db8b865d 3264 cupsdSetString(&ServerHeader, CUPS_MINIMAL " IPP/2.1");
88f9aafc 3265 else if (!_cups_strcasecmp(value, "OS"))
db8b865d
MS		 3266 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s %s) IPP/2.1",
3267 plat.sysname, plat.release);
88f9aafc 3268 else if (!_cups_strcasecmp(value, "Full"))
db8b865d
MS		 3269 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s %s; %s) IPP/2.1",
3270 plat.sysname, plat.release, plat.machine);
88f9aafc 3271 else if (!_cups_strcasecmp(value, "None"))
ef416fc2 3272 cupsdClearString(&ServerHeader);
3273 else
4ef75dec
MS		 3274 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d of %s.",
3275 value, linenum, ConfigurationFile);
ef416fc2 3276 }
88f9aafc 3277 else if (!_cups_strcasecmp(line, "PassEnv") && value)
ef416fc2 3278 {
3279 /*
3280 * PassEnv variable [... variable]
3281 */
3282
3283 for (; *value;)
3284 {
3285 for (valuelen = 0; value[valuelen]; valuelen ++)
88f9aafc 3286 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
ef416fc2 3287 break;
3288
3289 if (value[valuelen])
3290 {
3291 value[valuelen] = '\0';
3292 valuelen ++;
3293 }
3294
3295 cupsdSetEnv(value, NULL);
3296
3297 for (value += valuelen; *value; value ++)
88f9aafc 3298 if (!_cups_isspace(*value) || *value != ',')
ef416fc2 3299 break;
3300 }
3301 }
88f9aafc 3302 else if (!_cups_strcasecmp(line, "ServerAlias") && value)
e07d4801 3303 {
88f9aafc
MS		 3304 /*
3305 * ServerAlias name [... name]
3306 */
3307
e07d4801
MS		 3308 if (!ServerAlias)
3309 ServerAlias = cupsArrayNew(NULL, NULL);
3310
88f9aafc
MS		 3311 for (; *value;)
3312 {
3313 for (valuelen = 0; value[valuelen]; valuelen ++)
3314 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3315 break;
3316
3317 if (value[valuelen])
3318 {
3319 value[valuelen] = '\0';
3320 valuelen ++;
3321 }
3322
3323 cupsdAddAlias(ServerAlias, value);
3324
3325 for (value += valuelen; *value; value ++)
3326 if (!_cups_isspace(*value) || *value != ',')
3327 break;
3328 }
e07d4801 3329 }
88f9aafc 3330 else if (!_cups_strcasecmp(line, "SetEnv") && value)
ef416fc2 3331 {
3332 /*
3333 * SetEnv variable value
3334 */
3335
3336 for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
3337
3338 if (*valueptr)
3339 {
3340 /*
3341 * Found a value...
3342 */
3343
3344 while (isspace(*valueptr & 255))
3345 *valueptr++ = '\0';
3346
3347 cupsdSetEnv(value, valueptr);
3348 }
3349 else
3350 cupsdLogMessage(CUPSD_LOG_ERROR,
4ef75dec
MS		 3351 "Missing value for SetEnv directive on line %d of %s.",
3352 linenum, ConfigurationFile);
ef416fc2 3353 }
cb7f98ee
MS		 3354 else if (!_cups_strcasecmp(line, "AccessLog") ||
3355 !_cups_strcasecmp(line, "CacheDir") ||
3356 !_cups_strcasecmp(line, "ConfigFilePerm") ||
3357 !_cups_strcasecmp(line, "DataDir") ||
3358 !_cups_strcasecmp(line, "DocumentRoot") ||
3359 !_cups_strcasecmp(line, "ErrorLog") ||
3360 !_cups_strcasecmp(line, "FatalErrors") ||
3361 !_cups_strcasecmp(line, "FileDevice") ||
3362 !_cups_strcasecmp(line, "FontPath") ||
3363 !_cups_strcasecmp(line, "Group") ||
3364 !_cups_strcasecmp(line, "LogFilePerm") ||
3365 !_cups_strcasecmp(line, "LPDConfigFile") ||
3366 !_cups_strcasecmp(line, "PageLog") ||
3367 !_cups_strcasecmp(line, "Printcap") ||
3368 !_cups_strcasecmp(line, "PrintcapFormat") ||
3369 !_cups_strcasecmp(line, "RemoteRoot") ||
3370 !_cups_strcasecmp(line, "RequestRoot") ||
3371 !_cups_strcasecmp(line, "ServerBin") ||
3372 !_cups_strcasecmp(line, "ServerCertificate") ||
3373 !_cups_strcasecmp(line, "ServerKey") ||
1a18c85c 3374 !_cups_strcasecmp(line, "ServerKeychain") ||
cb7f98ee
MS		 3375 !_cups_strcasecmp(line, "ServerRoot") ||
3376 !_cups_strcasecmp(line, "SMBConfigFile") ||
3377 !_cups_strcasecmp(line, "StateDir") ||
3378 !_cups_strcasecmp(line, "SystemGroup") ||
3379 !_cups_strcasecmp(line, "SystemGroupAuthKey") ||
3380 !_cups_strcasecmp(line, "TempDir") ||
3381 !_cups_strcasecmp(line, "User"))
3382 {
6961465f 3383 cupsdLogMessage(CUPSD_LOG_INFO,
cb7f98ee
MS		 3384 "Please move \"%s%s%s\" on line %d of %s to the %s file; "
3385 "this will become an error in a future release.",
3386 line, value ? " " : "", value ? value : "", linenum,
3387 ConfigurationFile, CupsFilesFile);
3388 }
ef416fc2 3389 else
c41769ff
MS		 3390 parse_variable(ConfigurationFile, linenum, line, value,
3391 sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars);
3392 }
3393
3394 return (1);
3395}
3396
3397
3398/*
3399 * 'read_cups_files_conf()' - Read the cups-files.conf configuration file.
3400 */
3401
3402static int /* O - 1 on success, 0 on failure */
3403read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
3404{
3405 int linenum; /* Current line number */
3406 char line[HTTP_MAX_BUFFER], /* Line from file */
3407 *value; /* Value from line */
3408 struct group *group; /* Group */
3409
3410
3411 /*
3412 * Loop through each line in the file...
3413 */
3414
3415 linenum = 0;
3416
3417 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3418 {
3419 if (!_cups_strcasecmp(line, "FatalErrors"))
3420 FatalErrors = parse_fatal_errors(value);
3421 else if (!_cups_strcasecmp(line, "Group") && value)
ef416fc2 3422 {
3423 /*
c41769ff 3424 * Group ID to run as...
ef416fc2 3425 */
3426
c41769ff 3427 if (isdigit(value[0]))
1a18c85c 3428 Group = (gid_t)atoi(value);
c41769ff 3429 else
ef416fc2 3430 {
c41769ff
MS		 3431 endgrent();
3432 group = getgrnam(value);
ef416fc2 3433
c41769ff
MS		 3434 if (group != NULL)
3435 Group = group->gr_gid;
c934a06c 3436 else
c41769ff
MS		 3437 {
3438 cupsdLogMessage(CUPSD_LOG_ERROR,
3439 "Unknown Group \"%s\" on line %d of %s.", value,
3440 linenum, CupsFilesFile);
3441 if (FatalErrors & CUPSD_FATAL_CONFIG)
3442 return (0);
3443 }
ef416fc2 3444 }
c41769ff
MS		 3445 }
3446 else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
3447 {
3448 /*
3449 * Format of printcap file?
3450 */
ef416fc2 3451
c41769ff
MS		 3452 if (!_cups_strcasecmp(value, "bsd"))
3453 PrintcapFormat = PRINTCAP_BSD;
3454 else if (!_cups_strcasecmp(value, "plist"))
3455 PrintcapFormat = PRINTCAP_PLIST;
3456 else if (!_cups_strcasecmp(value, "solaris"))
3457 PrintcapFormat = PRINTCAP_SOLARIS;
3458 else
ef416fc2 3459 {
c41769ff
MS		 3460 cupsdLogMessage(CUPSD_LOG_ERROR,
3461 "Unknown PrintcapFormat \"%s\" on line %d of %s.",
3462 value, linenum, CupsFilesFile);
3463 if (FatalErrors & CUPSD_FATAL_CONFIG)
3464 return (0);
3465 }
3466 }
1a18c85c
MS		 3467 else if (!_cups_strcasecmp(line, "Sandboxing") && value)
3468 {
3469 /*
3470 * Level of sandboxing?
3471 */
3472
3473 if (!_cups_strcasecmp(value, "off"))
3474 {
3475 Sandboxing = CUPSD_SANDBOXING_OFF;
3476 cupsdLogMessage(CUPSD_LOG_WARN, "Disabling sandboxing is not recommended (line %d of %s)", linenum, CupsFilesFile);
3477 }
3478 else if (!_cups_strcasecmp(value, "relaxed"))
3479 Sandboxing = CUPSD_SANDBOXING_RELAXED;
3480 else if (!_cups_strcasecmp(value, "strict"))
3481 Sandboxing = CUPSD_SANDBOXING_STRICT;
3482 else
3483 {
3484 cupsdLogMessage(CUPSD_LOG_ERROR,
3485 "Unknown Sandboxing \"%s\" on line %d of %s.",
3486 value, linenum, CupsFilesFile);
3487 if (FatalErrors & CUPSD_FATAL_CONFIG)
3488 return (0);
3489 }
3490 }
c41769ff
MS		 3491 else if (!_cups_strcasecmp(line, "SystemGroup") && value)
3492 {
3493 /*
3494 * SystemGroup (admin) group(s)...
3495 */
82cc1f9a 3496
c41769ff
MS		 3497 if (!parse_groups(value))
3498 {
3499 cupsdLogMessage(CUPSD_LOG_ERROR,
3500 "Unknown SystemGroup \"%s\" on line %d of %s.", value,
3501 linenum, CupsFilesFile);
3502 if (FatalErrors & CUPSD_FATAL_CONFIG)
3503 return (0);
3504 }
3505 }
3506 else if (!_cups_strcasecmp(line, "User") && value)
3507 {
3508 /*
3509 * User ID to run as...
3510 */
ef416fc2 3511
c41769ff
MS		 3512 if (isdigit(value[0] & 255))
3513 {
3514 int uid = atoi(value);
c934a06c 3515
c41769ff
MS		 3516 if (!uid)
3517 {
3518 cupsdLogMessage(CUPSD_LOG_ERROR,
3519 "Will not use User 0 as specified on line %d of %s "
3520 "for security reasons. You must use a non-"
3521 "privileged account instead.",
3522 linenum, CupsFilesFile);
3523 if (FatalErrors & CUPSD_FATAL_CONFIG)
3524 return (0);
3525 }
3526 else
1a18c85c 3527 User = (uid_t)atoi(value);
c41769ff
MS		 3528 }
3529 else
3530 {
3531 struct passwd *p; /* Password information */
76cd9e37 3532
c41769ff
MS		 3533 endpwent();
3534 p = getpwnam(value);
76cd9e37 3535
c41769ff
MS		 3536 if (p)
3537 {
3538 if (!p->pw_uid)
3539 {
3540 cupsdLogMessage(CUPSD_LOG_ERROR,
3541 "Will not use User %s (UID=0) as specified on line "
3542 "%d of %s for security reasons. You must use a "
3543 "non-privileged account instead.",
3544 value, linenum, CupsFilesFile);
3545 if (FatalErrors & CUPSD_FATAL_CONFIG)
3546 return (0);
3547 }
3548 else
3549 User = p->pw_uid;
3550 }
3551 else
3552 {
3553 cupsdLogMessage(CUPSD_LOG_ERROR,
3554 "Unknown User \"%s\" on line %d of %s.",
3555 value, linenum, CupsFilesFile);
3556 if (FatalErrors & CUPSD_FATAL_CONFIG)
3557 return (0);
3558 }
ef416fc2 3559 }
3560 }
1a18c85c
MS		 3561 else if (!_cups_strcasecmp(line, "ServerCertificate") ||
3562 !_cups_strcasecmp(line, "ServerKey"))
3563 {
3564 cupsdLogMessage(CUPSD_LOG_INFO,
3565 "The \"%s\" directive on line %d of %s is no longer "
3566 "supported; this will become an error in a future "
3567 "release.",
3568 line, linenum, CupsFilesFile);
3569 }
c41769ff
MS		 3570 else if (!parse_variable(CupsFilesFile, linenum, line, value,
3571 sizeof(cupsfiles_vars) / sizeof(cupsfiles_vars[0]),
3572 cupsfiles_vars) &&
3573 (FatalErrors & CUPSD_FATAL_CONFIG))
3574 return (0);
ef416fc2 3575 }
3576
3577 return (1);
3578}
3579
3580
3581/*
3582 * 'read_location()' - Read a <Location path> definition.
3583 */
3584
3585static int /* O - New line number or 0 on error */
3586read_location(cups_file_t *fp, /* I - Configuration file */
3587 char *location, /* I - Location name/path */
3588 int linenum) /* I - Current line number */
3589{
3590 cupsd_location_t *loc, /* New location */
3591 *parent; /* Parent location */
3592 char line[HTTP_MAX_BUFFER],
3593 /* Line buffer */
3594 *value, /* Value for directive */
3595 *valptr; /* Pointer into value */
3596
3597
c8fef167 3598 if ((parent = cupsdFindLocation(location)) != NULL)
4ef75dec
MS		 3599 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Location %s> on line %d of %s.",
3600 location, linenum, ConfigurationFile);
c8fef167 3601 else if ((parent = cupsdNewLocation(location)) == NULL)
ef416fc2 3602 return (0);
c8fef167
MS		 3603 else
3604 {
3605 cupsdAddLocation(parent);
ef416fc2 3606
c8fef167
MS		 3607 parent->limit = CUPSD_AUTH_LIMIT_ALL;
3608 }
10d09e33 3609
c8fef167 3610 loc = parent;
ef416fc2 3611
3612 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3613 {
3614 /*
3615 * Decode the directive...
3616 */
3617
88f9aafc 3618 if (!_cups_strcasecmp(line, "</Location>"))
ef416fc2 3619 return (linenum);
88f9aafc
MS		 3620 else if (!_cups_strcasecmp(line, "<Limit") ||
3621 !_cups_strcasecmp(line, "<LimitExcept"))
ef416fc2 3622 {
3623 if (!value)
3624 {
4ef75dec 3625 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d of %s.", linenum, ConfigurationFile);
49d87452
MS		 3626 if (FatalErrors & CUPSD_FATAL_CONFIG)
3627 return (0);
b19ccc9e
MS		 3628 else
3629 continue;
ef416fc2 3630 }
ef55b745 3631
10d09e33 3632 if ((loc = cupsdCopyLocation(parent)) == NULL)
ef416fc2 3633 return (0);
3634
10d09e33
MS		 3635 cupsdAddLocation(loc);
3636
ef416fc2 3637 loc->limit = 0;
3638 while (*value)
3639 {
3640 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3641
3642 if (*valptr)
3643 *valptr++ = '\0';
3644
3645 if (!strcmp(value, "ALL"))
5bd77a73 3646 loc->limit = CUPSD_AUTH_LIMIT_ALL;
ef416fc2 3647 else if (!strcmp(value, "GET"))
5bd77a73 3648 loc->limit |= CUPSD_AUTH_LIMIT_GET;
ef416fc2 3649 else if (!strcmp(value, "HEAD"))
5bd77a73 3650 loc->limit |= CUPSD_AUTH_LIMIT_HEAD;
ef416fc2 3651 else if (!strcmp(value, "OPTIONS"))
5bd77a73 3652 loc->limit |= CUPSD_AUTH_LIMIT_OPTIONS;
ef416fc2 3653 else if (!strcmp(value, "POST"))
5bd77a73 3654 loc->limit |= CUPSD_AUTH_LIMIT_POST;
ef416fc2 3655 else if (!strcmp(value, "PUT"))
5bd77a73 3656 loc->limit |= CUPSD_AUTH_LIMIT_PUT;
ef416fc2 3657 else if (!strcmp(value, "TRACE"))
5bd77a73 3658 loc->limit |= CUPSD_AUTH_LIMIT_TRACE;
ef416fc2 3659 else
4ef75dec
MS		 3660 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown request type %s on line %d of %s.",
3661 value, linenum, ConfigurationFile);
ef416fc2 3662
3663 for (value = valptr; isspace(*value & 255); value ++);
3664 }
3665
88f9aafc 3666 if (!_cups_strcasecmp(line, "<LimitExcept"))
5bd77a73 3667 loc->limit = CUPSD_AUTH_LIMIT_ALL ^ loc->limit;
ef416fc2 3668
3669 parent->limit &= ~loc->limit;
3670 }
88f9aafc
MS		 3671 else if (!_cups_strcasecmp(line, "</Limit>") ||
3672 !_cups_strcasecmp(line, "</LimitExcept>"))
ef416fc2 3673 loc = parent;
f99f3698
MS		 3674 else if (!value)
3675 {
4ef75dec 3676 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d of %s.", linenum, ConfigurationFile);
f99f3698
MS		 3677 if (FatalErrors & CUPSD_FATAL_CONFIG)
3678 return (0);
3679 }
ef416fc2 3680 else if (!parse_aaa(loc, line, value, linenum))
3681 {
3682 cupsdLogMessage(CUPSD_LOG_ERROR,
4ef75dec
MS		 3683 "Unknown Location directive %s on line %d of %s.",
3684 line, linenum, ConfigurationFile);
49d87452
MS		 3685 if (FatalErrors & CUPSD_FATAL_CONFIG)
3686 return (0);
ef416fc2 3687 }
3688 }
3689
3690 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167 3691 "Unexpected end-of-file at line %d while reading location.",
ef416fc2 3692 linenum);
3693
49d87452 3694 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
ef416fc2 3695}
3696
3697
3698/*
3699 * 'read_policy()' - Read a <Policy name> definition.
3700 */
3701
3702static int /* O - New line number or 0 on error */
3703read_policy(cups_file_t *fp, /* I - Configuration file */
3704 char *policy, /* I - Location name/path */
3705 int linenum) /* I - Current line number */
3706{
3707 int i; /* Looping var */
3708 cupsd_policy_t *pol; /* Policy */
3709 cupsd_location_t *op; /* Policy operation */
3710 int num_ops; /* Number of IPP operations */
3711 ipp_op_t ops[100]; /* Operations */
3712 char line[HTTP_MAX_BUFFER],
3713 /* Line buffer */
3714 *value, /* Value for directive */
3715 *valptr; /* Pointer into value */
3716
3717
3718 /*
3719 * Create the policy...
3720 */
3721
c8fef167 3722 if ((pol = cupsdFindPolicy(policy)) != NULL)
4ef75dec
MS		 3723 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Policy %s> on line %d of %s.",
3724 policy, linenum, ConfigurationFile);
c8fef167 3725 else if ((pol = cupsdAddPolicy(policy)) == NULL)
ef416fc2 3726 return (0);
3727
3728 /*
3729 * Read from the file...
3730 */
3731
3732 op = NULL;
3733 num_ops = 0;
3734
3735 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3736 {
3737 /*
3738 * Decode the directive...
3739 */
3740
88f9aafc 3741 if (!_cups_strcasecmp(line, "</Policy>"))
ef416fc2 3742 {
3743 if (op)
3744 cupsdLogMessage(CUPSD_LOG_WARN,
4ef75dec
MS		 3745 "Missing </Limit> before </Policy> on line %d of %s.",
3746 linenum, ConfigurationFile);
ef416fc2 3747
10d09e33 3748 set_policy_defaults(pol);
2e4ff8af 3749
ef416fc2 3750 return (linenum);
3751 }
88f9aafc 3752 else if (!_cups_strcasecmp(line, "<Limit") && !op)
ef416fc2 3753 {
3754 if (!value)
3755 {
4ef75dec 3756 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d of %s.", linenum, ConfigurationFile);
49d87452
MS		 3757 if (FatalErrors & CUPSD_FATAL_CONFIG)
3758 return (0);
b19ccc9e
MS		 3759 else
3760 continue;
ef416fc2 3761 }
ef55b745 3762
ef416fc2 3763 /*
3764 * Scan for IPP operation names...
3765 */
3766
3767 num_ops = 0;
3768
3769 while (*value)
3770 {
3771 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3772
3773 if (*valptr)
3774 *valptr++ = '\0';
3775
3776 if (num_ops < (int)(sizeof(ops) / sizeof(ops[0])))
3777 {
88f9aafc 3778 if (!_cups_strcasecmp(value, "All"))
ef416fc2 3779 ops[num_ops] = IPP_ANY_OPERATION;
3780 else if ((ops[num_ops] = ippOpValue(value)) == IPP_BAD_OPERATION)
3781 cupsdLogMessage(CUPSD_LOG_ERROR,
4ef75dec
MS		 3782 "Bad IPP operation name \"%s\" on line %d of %s.",
3783 value, linenum, ConfigurationFile);
ef416fc2 3784 else
3785 num_ops ++;
3786 }
3787 else
3788 cupsdLogMessage(CUPSD_LOG_ERROR,
4ef75dec
MS		 3789 "Too many operations listed on line %d of %s.",
3790 linenum, ConfigurationFile);
ef416fc2 3791
3792 for (value = valptr; isspace(*value & 255); value ++);
3793 }
3794
3795 /*
3796 * If none are specified, apply the policy to all operations...
3797 */
3798
3799 if (num_ops == 0)
3800 {
3801 ops[0] = IPP_ANY_OPERATION;
3802 num_ops = 1;
3803 }
3804
3805 /*
3806 * Add a new policy for the first operation...
3807 */
3808
3809 op = cupsdAddPolicyOp(pol, NULL, ops[0]);
3810 }
88f9aafc 3811 else if (!_cups_strcasecmp(line, "</Limit>") && op)
ef416fc2 3812 {
3813 /*
3814 * Finish the current operation limit...
3815 */
3816
3817 if (num_ops > 1)
3818 {
3819 /*
3820 * Copy the policy to the other operations...
3821 */
3822
3823 for (i = 1; i < num_ops; i ++)
3824 cupsdAddPolicyOp(pol, op, ops[i]);
3825 }
3826
3827 op = NULL;
3828 }
f99f3698
MS		 3829 else if (!value)
3830 {
4ef75dec 3831 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d of %s.", linenum, ConfigurationFile);
f99f3698
MS		 3832 if (FatalErrors & CUPSD_FATAL_CONFIG)
3833 return (0);
3834 }
88f9aafc
MS		 3835 else if (!_cups_strcasecmp(line, "JobPrivateAccess") ||
3836 !_cups_strcasecmp(line, "JobPrivateValues") ||
3837 !_cups_strcasecmp(line, "SubscriptionPrivateAccess") ||
3838 !_cups_strcasecmp(line, "SubscriptionPrivateValues"))
10d09e33
MS		 3839 {
3840 if (op)
3841 {
3842 cupsdLogMessage(CUPSD_LOG_ERROR,
3843 "%s directive must appear outside <Limit>...</Limit> "
4ef75dec 3844 "on line %d of %s.", line, linenum, ConfigurationFile);
10d09e33
MS		 3845 if (FatalErrors & CUPSD_FATAL_CONFIG)
3846 return (0);
3847 }
3848 else
3849 {
3850 /*
3851 * Pull out whitespace-delimited values...
3852 */
3853
3854 while (*value)
3855 {
3856 /*
3857 * Find the end of the current value...
3858 */
3859
3860 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3861
3862 if (*valptr)
3863 *valptr++ = '\0';
3864
3865 /*
3866 * Save it appropriately...
3867 */
3868
88f9aafc 3869 if (!_cups_strcasecmp(line, "JobPrivateAccess"))
10d09e33
MS		 3870 {
3871 /*
3872 * JobPrivateAccess {all|default|user/group list|@@ACL}
3873 */
3874
88f9aafc 3875 if (!_cups_strcasecmp(value, "default"))
10d09e33
MS		 3876 {
3877 cupsdAddString(&(pol->job_access), "@OWNER");
3878 cupsdAddString(&(pol->job_access), "@SYSTEM");
3879 }
3880 else
3881 cupsdAddString(&(pol->job_access), value);
3882 }
88f9aafc 3883 else if (!_cups_strcasecmp(line, "JobPrivateValues"))
10d09e33
MS		 3884 {
3885 /*
3886 * JobPrivateValues {all|none|default|attribute list}
3887 */
3888
88f9aafc 3889 if (!_cups_strcasecmp(value, "default"))
10d09e33
MS		 3890 {
3891 cupsdAddString(&(pol->job_attrs), "job-name");
3892 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
3893 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
82cc1f9a 3894 cupsdAddString(&(pol->job_attrs), "phone");
10d09e33
MS		 3895 }
3896 else
3897 cupsdAddString(&(pol->job_attrs), value);
3898 }
88f9aafc 3899 else if (!_cups_strcasecmp(line, "SubscriptionPrivateAccess"))
10d09e33
MS		 3900 {
3901 /*
3902 * SubscriptionPrivateAccess {all|default|user/group list|@@ACL}
3903 */
3904
88f9aafc 3905 if (!_cups_strcasecmp(value, "default"))
10d09e33
MS		 3906 {
3907 cupsdAddString(&(pol->sub_access), "@OWNER");
3908 cupsdAddString(&(pol->sub_access), "@SYSTEM");
3909 }
3910 else
3911 cupsdAddString(&(pol->sub_access), value);
3912 }
88f9aafc 3913 else /* if (!_cups_strcasecmp(line, "SubscriptionPrivateValues")) */
10d09e33
MS		 3914 {
3915 /*
3916 * SubscriptionPrivateValues {all|none|default|attribute list}
3917 */
3918
88f9aafc 3919 if (!_cups_strcasecmp(value, "default"))
10d09e33
MS		 3920 {
3921 cupsdAddString(&(pol->sub_attrs), "notify-events");
3922 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
3923 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
3924 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
3925 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
3926 }
3927 else
3928 cupsdAddString(&(pol->sub_attrs), value);
3929 }
3930
3931 /*
3932 * Find the next string on the line...
3933 */
3934
3935 for (value = valptr; isspace(*value & 255); value ++);
3936 }
3937 }
3938 }
ef416fc2 3939 else if (!op)
3940 {
3941 cupsdLogMessage(CUPSD_LOG_ERROR,
4ef75dec
MS		 3942 "Missing <Limit ops> directive before %s on line %d of %s.",
3943 line, linenum, ConfigurationFile);
49d87452
MS		 3944 if (FatalErrors & CUPSD_FATAL_CONFIG)
3945 return (0);
ef416fc2 3946 }
3947 else if (!parse_aaa(op, line, value, linenum))
3948 {
321d8d57 3949 cupsdLogMessage(CUPSD_LOG_ERROR,
4ef75dec
MS		 3950 "Unknown Policy Limit directive %s on line %d of %s.",
3951 line, linenum, ConfigurationFile);
ef416fc2 3952
49d87452
MS		 3953 if (FatalErrors & CUPSD_FATAL_CONFIG)
3954 return (0);
ef416fc2 3955 }
3956 }
3957
3958 cupsdLogMessage(CUPSD_LOG_ERROR,
c8fef167
MS		 3959 "Unexpected end-of-file at line %d while reading policy "
3960 "\"%s\".", linenum, policy);
ef416fc2 3961
49d87452 3962 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
ef416fc2 3963}
3964
3965
3966/*
10d09e33
MS		 3967 * 'set_policy_defaults()' - Set default policy values as needed.
3968 */
3969
3970static void
3971set_policy_defaults(cupsd_policy_t *pol)/* I - Policy */
3972{
3973 cupsd_location_t *op; /* Policy operation */
3974
3975
3976 /*
3977 * Verify that we have an explicit policy for Validate-Job, Cancel-Jobs,
3978 * Cancel-My-Jobs, Close-Job, and CUPS-Get-Document, which ensures that
3979 * upgrades do not introduce new security issues...
3980 */
3981
3982 if ((op = cupsdFindPolicyOp(pol, IPP_VALIDATE_JOB)) == NULL ||
3983 op->op == IPP_ANY_OPERATION)
3984 {
3985 if ((op = cupsdFindPolicyOp(pol, IPP_PRINT_JOB)) != NULL &&
3986 op->op != IPP_ANY_OPERATION)
3987 {
3988 /*
3989 * Add a new limit for Validate-Job using the Print-Job limit as a
3990 * template...
3991 */
3992
3993 cupsdLogMessage(CUPSD_LOG_WARN,
3994 "No limit for Validate-Job defined in policy %s "
3995 "- using Print-Job's policy.", pol->name);
3996
3997 cupsdAddPolicyOp(pol, op, IPP_VALIDATE_JOB);
3998 }
3999 else
4000 cupsdLogMessage(CUPSD_LOG_WARN,
4001 "No limit for Validate-Job defined in policy %s "
4002 "and no suitable template found.", pol->name);
4003 }
4004
4005 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_JOBS)) == NULL ||
4006 op->op == IPP_ANY_OPERATION)
4007 {
4008 if ((op = cupsdFindPolicyOp(pol, IPP_PAUSE_PRINTER)) != NULL &&
4009 op->op != IPP_ANY_OPERATION)
4010 {
4011 /*
4012 * Add a new limit for Cancel-Jobs using the Pause-Printer limit as a
4013 * template...
4014 */
4015
4016 cupsdLogMessage(CUPSD_LOG_WARN,
4017 "No limit for Cancel-Jobs defined in policy %s "
4018 "- using Pause-Printer's policy.", pol->name);
4019
4020 cupsdAddPolicyOp(pol, op, IPP_CANCEL_JOBS);
4021 }
4022 else
4023 cupsdLogMessage(CUPSD_LOG_WARN,
4024 "No limit for Cancel-Jobs defined in policy %s "
4025 "and no suitable template found.", pol->name);
4026 }
4027
4028 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_MY_JOBS)) == NULL ||
4029 op->op == IPP_ANY_OPERATION)
4030 {
4031 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
4032 op->op != IPP_ANY_OPERATION)
4033 {
4034 /*
4035 * Add a new limit for Cancel-My-Jobs using the Send-Document limit as
4036 * a template...
4037 */
4038
4039 cupsdLogMessage(CUPSD_LOG_WARN,
4040 "No limit for Cancel-My-Jobs defined in policy %s "
4041 "- using Send-Document's policy.", pol->name);
4042
4043 cupsdAddPolicyOp(pol, op, IPP_CANCEL_MY_JOBS);
4044 }
4045 else
4046 cupsdLogMessage(CUPSD_LOG_WARN,
4047 "No limit for Cancel-My-Jobs defined in policy %s "
4048 "and no suitable template found.", pol->name);
4049 }
4050
4051 if ((op = cupsdFindPolicyOp(pol, IPP_CLOSE_JOB)) == NULL ||
4052 op->op == IPP_ANY_OPERATION)
4053 {
4054 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
4055 op->op != IPP_ANY_OPERATION)
4056 {
4057 /*
4058 * Add a new limit for Close-Job using the Send-Document limit as a
4059 * template...
4060 */
4061
4062 cupsdLogMessage(CUPSD_LOG_WARN,
4063 "No limit for Close-Job defined in policy %s "
4064 "- using Send-Document's policy.", pol->name);
4065
4066 cupsdAddPolicyOp(pol, op, IPP_CLOSE_JOB);
4067 }
4068 else
4069 cupsdLogMessage(CUPSD_LOG_WARN,
4070 "No limit for Close-Job defined in policy %s "
4071 "and no suitable template found.", pol->name);
4072 }
4073
4074 if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL ||
4075 op->op == IPP_ANY_OPERATION)
4076 {
4077 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
4078 op->op != IPP_ANY_OPERATION)
4079 {
4080 /*
4081 * Add a new limit for CUPS-Get-Document using the Send-Document
4082 * limit as a template...
4083 */
4084
4085 cupsdLogMessage(CUPSD_LOG_WARN,
4086 "No limit for CUPS-Get-Document defined in policy %s "
4087 "- using Send-Document's policy.", pol->name);
4088
4089 cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT);
4090 }
4091 else
4092 cupsdLogMessage(CUPSD_LOG_WARN,
4093 "No limit for CUPS-Get-Document defined in policy %s "
4094 "and no suitable template found.", pol->name);
4095 }
4096
4097 /*
4098 * Verify we have JobPrivateAccess, JobPrivateValues,
4099 * SubscriptionPrivateAccess, and SubscriptionPrivateValues in the policy.
4100 */
4101
4102 if (!pol->job_access)
4103 {
4104 cupsdLogMessage(CUPSD_LOG_WARN,
4105 "No JobPrivateAccess defined in policy %s "
4106 "- using defaults.", pol->name);
4107 cupsdAddString(&(pol->job_access), "@OWNER");
4108 cupsdAddString(&(pol->job_access), "@SYSTEM");
4109 }
4110
4111 if (!pol->job_attrs)
4112 {
4113 cupsdLogMessage(CUPSD_LOG_WARN,
4114 "No JobPrivateValues defined in policy %s "
4115 "- using defaults.", pol->name);
4116 cupsdAddString(&(pol->job_attrs), "job-name");
4117 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
4118 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
82cc1f9a 4119 cupsdAddString(&(pol->job_attrs), "phone");
10d09e33
MS		 4120 }
4121
4122 if (!pol->sub_access)
4123 {
4124 cupsdLogMessage(CUPSD_LOG_WARN,
4125 "No SubscriptionPrivateAccess defined in policy %s "
4126 "- using defaults.", pol->name);
4127 cupsdAddString(&(pol->sub_access), "@OWNER");
4128 cupsdAddString(&(pol->sub_access), "@SYSTEM");
4129 }
4130
4131 if (!pol->sub_attrs)
4132 {
4133 cupsdLogMessage(CUPSD_LOG_WARN,
4134 "No SubscriptionPrivateValues defined in policy %s "
4135 "- using defaults.", pol->name);
4136 cupsdAddString(&(pol->sub_attrs), "notify-events");
4137 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
4138 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
4139 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
4140 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
4141 }
4142}
4143
4144
4145/*
a215cf84 4146 * End of "$Id: conf.c 12701 2015-06-08 18:33:44Z msweet $".
ef416fc2 4147 */
Unnamed repository; edit this file 'description' to name the repository.