cups/auth.c

   1 /*
   2  * "$Id$"
   3  *
   4  *   Authentication functions for the Common UNIX Printing System (CUPS).
   5  *
   6  *   Copyright 1997-2003 by Easy Software Products.
   7  *
   8  *   These coded instructions, statements, and computer programs are the
   9  *   property of Easy Software Products and are protected by Federal
  10  *   copyright law.  Distribution and use rights are outlined in the file
  11  *   "LICENSE.txt" which should have been included with this file.  If this
  12  *   file is missing or damaged please contact Easy Software Products
  13  *   at:
  14  *
  15  *       Attn: CUPS Licensing Information
  16  *       Easy Software Products
  17  *       44141 Airport View Drive, Suite 204
  18  *       Hollywood, Maryland 20636-3111 USA
  19  *
  20  *       Voice: (301) 373-9603
  21  *       EMail: cups-info@cups.org
  22  *         WWW: http://www.cups.org
  23  *
  24  *   This file is subject to the Apple OS-Developed Software exception.
  25  *
  26  * Contents:
  27  *
  28  *   cupsDoAuthentication() - Authenticate a request...
  29  *   cups_local_auth()      - Get the local authorization certificate if
  30  *                            available/applicable...
  31  */
  32
  33 /*
  34  * Include necessary headers...
  35  */
  36
  37 #include "cups.h"
  38 #include "ipp.h"
  39 #include "language.h"
  40 #include "string.h"
  41 #include "debug.h"
  42 #include <stdlib.h>
  43 #include <ctype.h>
  44 #include <errno.h>
  45 #include <fcntl.h>
  46 #include <sys/stat.h>
  47 #if defined(WIN32) || defined(__EMX__)
  48 #  include <io.h>
  49 #else
  50 #  include <unistd.h>
  51 #endif /* WIN32 || __EMX__ */
  52
  53
  54 /*
  55  * Local functions...
  56  */
  57
  58 static int      cups_local_auth(http_t *http);
  59
  60
  61 /*
  62  * 'cupsDoAuthentication()' - Authenticate a request...
  63  */
  64
  65 int                                     /* O - 0 on success, -1 on error */
  66 cupsDoAuthentication(http_t     *http,  /* I - HTTP connection to server */
  67                      const char *method,/* I - Request method (GET, POST, PUT) */
  68                      const char *resource)
  69                                         /* I - Resource path */
  70 {
  71   const char    *password;              /* Password string */
  72   char          prompt[1024],           /* Prompt for user */
  73                 realm[HTTP_MAX_VALUE],  /* realm="xyz" string */
  74                 nonce[HTTP_MAX_VALUE],  /* nonce="xyz" string */
  75                 encode[512];            /* Encoded username:password */
  76
  77
  78  /*
  79   * Clear the current authentication string...
  80   */
  81
  82   http->authstring[0] = '\0';
  83
  84  /*
  85   * See if we can do local authentication...
  86   */
  87
  88   if (!cups_local_auth(http))
  89     return (0);
  90
  91  /*
  92   * Nope, see if we should retry the current digest password...
  93   */
  94
  95   if (strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Basic", 5) == 0 ||
  96       http->digest_tries > 1 || !http->userpass[0])
  97   {
  98    /*
  99     * Nope - get a new password from the user...
 100     */
 101
 102     snprintf(prompt, sizeof(prompt), "Password for %s on %s? ", cupsUser(),
 103              http->hostname);
 104
 105     http->digest_tries  = 0;
 106     http->userpass[0]   = '\0';
 107
 108     if ((password = cupsGetPassword(prompt)) == NULL)
 109       return (-1);
 110
 111     if (!password[0])
 112       return (-1);
 113
 114     snprintf(http->userpass, sizeof(http->userpass), "%s:%s", cupsUser(),
 115              password);
 116   }
 117   else
 118     http->digest_tries ++;
 119
 120  /*
 121   * Got a password; encode it for the server...
 122   */
 123
 124   if (strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Basic", 5) == 0)
 125   {
 126    /*
 127     * Basic authentication...
 128     */
 129
 130     httpEncode64(encode, http->userpass);
 131     snprintf(http->authstring, sizeof(http->authstring), "Basic %s", encode);
 132   }
 133   else
 134   {
 135    /*
 136     * Digest authentication...
 137     */
 138
 139     httpGetSubField(http, HTTP_FIELD_WWW_AUTHENTICATE, "realm", realm);
 140     httpGetSubField(http, HTTP_FIELD_WWW_AUTHENTICATE, "nonce", nonce);
 141
 142     httpMD5(cupsUser(), realm, strchr(http->userpass, ':') + 1, encode);
 143     httpMD5Final(nonce, "POST", resource, encode);
 144     snprintf(http->authstring, sizeof(http->authstring),
 145              "Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", "
 146              "response=\"%s\"", cupsUser(), realm, nonce, encode);
 147   }
 148
 149   return (0);
 150 }
 151
 152
 153 /*
 154  * 'cups_local_auth()' - Get the local authorization certificate if
 155  *                       available/applicable...
 156  */
 157
 158 static int                              /* O - 0 if available, -1 if not */
 159 cups_local_auth(http_t *http)           /* I - HTTP connection to server */
 160 {
 161 #if defined(WIN32) || defined(__EMX__)
 162  /*
 163   * Currently WIN32 and OS-2 do not support the CUPS server...
 164   */
 165
 166   return (-1);
 167 #else
 168   int           pid;                    /* Current process ID */
 169   FILE          *fp;                    /* Certificate file */
 170   char          filename[1024],         /* Certificate filename */
 171                 certificate[33];        /* Certificate string */
 172   const char    *root;                  /* Server root directory */
 173
 174
 175   DEBUG_printf(("cups_local_auth(http=%p) hostaddr=%08x, hostname=\"%s\"\n",
 176                 http, ntohl(http->hostaddr.sin_addr.s_addr), http->hostname));
 177
 178  /*
 179   * See if we are accessing localhost...
 180   */
 181
 182   if (ntohl(http->hostaddr.sin_addr.s_addr) != 0x7f000001 &&
 183       strcasecmp(http->hostname, "localhost") != 0)
 184   {
 185     DEBUG_puts("cups_local_auth: Not a local connection!");
 186     return (-1);
 187   }
 188
 189  /*
 190   * Try opening a certificate file for this PID.  If that fails,
 191   * try the root certificate...
 192   */
 193
 194   if ((root = getenv("CUPS_SERVERROOT")) == NULL)
 195     root = CUPS_SERVERROOT;
 196
 197   pid = getpid();
 198   snprintf(filename, sizeof(filename), "%s/certs/%d", root, pid);
 199   if ((fp = fopen(filename, "r")) == NULL && pid > 0)
 200   {
 201     DEBUG_printf(("cups_local_auth: Unable to open file %s: %s\n",
 202                   filename, strerror(errno)));
 203
 204     snprintf(filename, sizeof(filename), "%s/certs/0", root);
 205     fp = fopen(filename, "r");
 206   }
 207
 208   if (fp == NULL)
 209   {
 210     DEBUG_printf(("cups_local_auth: Unable to open file %s: %s\n",
 211                   filename, strerror(errno)));
 212     return (-1);
 213   }
 214
 215  /*
 216   * Read the certificate from the file...
 217   */
 218
 219   fgets(certificate, sizeof(certificate), fp);
 220   fclose(fp);
 221
 222  /*
 223   * Set the authorization string and return...
 224   */
 225
 226   snprintf(http->authstring, sizeof(http->authstring), "Local %s", certificate);
 227
 228   DEBUG_printf(("cups_local_auth: Returning authstring = \"%s\"\n",
 229                 http->authstring));
 230
 231   return (0);
 232 #endif /* WIN32 || __EMX__ */
 233 }
 234
 235
 236 /*
 237  * End of "$Id$".
 238  */