2 * User, system, and password routines for CUPS.
4 * Copyright 2007-2015 by Apple Inc.
5 * Copyright 1997-2006 by Easy Software Products.
7 * These coded instructions, statements, and computer programs are the
8 * property of Apple Inc. and are protected by Federal copyright
9 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
10 * which should have been included with this file. If this file is
11 * file is missing or damaged, see the license at "http://www.cups.org/".
13 * This file is subject to the Apple OS-Developed Software exception.
17 * Include necessary headers...
20 #include "cups-private.h"
28 # include <sys/utsname.h>
36 #define _CUPS_PASSCHAR '*' /* Character that is echoed for password */
43 typedef struct _cups_client_conf_s
/**** client.conf config data ****/
46 int ssl_options
; /* SSLOptions values */
48 int any_root
, /* Allow any (e.g., self-signed) root */
49 expired_certs
, /* Allow expired certs */
50 validate_certs
; /* Validate certificates */
51 http_encryption_t encryption
; /* Encryption setting */
52 char user
[65], /* User name */
56 char gss_service_name
[32];
57 /* Kerberos service name */
58 #endif /* HAVE_GSSAPI */
59 } _cups_client_conf_t
;
66 static void cups_finalize_client_conf(_cups_client_conf_t
*cc
);
67 static void cups_init_client_conf(_cups_client_conf_t
*cc
);
68 static void cups_read_client_conf(cups_file_t
*fp
, _cups_client_conf_t
*cc
);
69 static void cups_set_default_ipp_port(_cups_globals_t
*cg
);
70 static void cups_set_encryption(_cups_client_conf_t
*cc
, const char *value
);
72 static void cups_set_gss_service_name(_cups_client_conf_t
*cc
, const char *value
);
73 #endif /* HAVE_GSSAPI */
74 static void cups_set_server_name(_cups_client_conf_t
*cc
, const char *value
);
76 static void cups_set_ssl_options(_cups_client_conf_t
*cc
, const char *value
);
78 static void cups_set_user(_cups_client_conf_t
*cc
, const char *value
);
82 * 'cupsEncryption()' - Get the current encryption settings.
84 * The default encryption setting comes from the CUPS_ENCRYPTION
85 * environment variable, then the ~/.cups/client.conf file, and finally the
86 * /etc/cups/client.conf file. If not set, the default is
87 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
89 * Note: The current encryption setting is tracked separately for each thread
90 * in a program. Multi-threaded programs that override the setting via the
91 * @link cupsSetEncryption@ function need to do so in each thread for the same
95 http_encryption_t
/* O - Encryption settings */
98 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
101 if (cg
->encryption
== (http_encryption_t
)-1)
104 return (cg
->encryption
);
109 * 'cupsGetPassword()' - Get a password from the user.
111 * Uses the current password callback function. Returns @code NULL@ if the
112 * user does not provide a password.
114 * Note: The current password callback function is tracked separately for each
115 * thread in a program. Multi-threaded programs that override the setting via
116 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
117 * do so in each thread for the same function to be used.
120 const char * /* O - Password */
121 cupsGetPassword(const char *prompt
) /* I - Prompt string */
123 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
126 return ((cg
->password_cb
)(prompt
, NULL
, NULL
, NULL
, cg
->password_data
));
131 * 'cupsGetPassword2()' - Get a password from the user using the advanced
134 * Uses the current password callback function. Returns @code NULL@ if the
135 * user does not provide a password.
137 * Note: The current password callback function is tracked separately for each
138 * thread in a program. Multi-threaded programs that override the setting via
139 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
140 * do so in each thread for the same function to be used.
142 * @since CUPS 1.4/OS X 10.6@
145 const char * /* O - Password */
146 cupsGetPassword2(const char *prompt
, /* I - Prompt string */
147 http_t
*http
, /* I - Connection to server or @code CUPS_HTTP_DEFAULT@ */
148 const char *method
, /* I - Request method ("GET", "POST", "PUT") */
149 const char *resource
) /* I - Resource path */
151 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
155 http
= _cupsConnect();
157 return ((cg
->password_cb
)(prompt
, http
, method
, resource
, cg
->password_data
));
162 * 'cupsServer()' - Return the hostname/address of the current server.
164 * The default server comes from the CUPS_SERVER environment variable, then the
165 * ~/.cups/client.conf file, and finally the /etc/cups/client.conf file. If not
166 * set, the default is the local system - either "localhost" or a domain socket
169 * The returned value can be a fully-qualified hostname, a numeric IPv4 or IPv6
170 * address, or a domain socket pathname.
172 * Note: The current server is tracked separately for each thread in a program.
173 * Multi-threaded programs that override the server via the
174 * @link cupsSetServer@ function need to do so in each thread for the same
178 const char * /* O - Server name */
181 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
192 * 'cupsSetClientCertCB()' - Set the client certificate callback.
194 * Pass @code NULL@ to restore the default callback.
196 * Note: The current certificate callback is tracked separately for each thread
197 * in a program. Multi-threaded programs that override the callback need to do
198 * so in each thread for the same callback to be used.
200 * @since CUPS 1.5/OS X 10.7@
205 cups_client_cert_cb_t cb
, /* I - Callback function */
206 void *user_data
) /* I - User data pointer */
208 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
211 cg
->client_cert_cb
= cb
;
212 cg
->client_cert_data
= user_data
;
217 * 'cupsSetCredentials()' - Set the default credentials to be used for SSL/TLS
220 * Note: The default credentials are tracked separately for each thread in a
221 * program. Multi-threaded programs that override the setting need to do so in
222 * each thread for the same setting to be used.
224 * @since CUPS 1.5/OS X 10.7@
227 int /* O - Status of call (0 = success) */
229 cups_array_t
*credentials
) /* I - Array of credentials */
231 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
234 if (cupsArrayCount(credentials
) < 1)
238 _httpFreeCredentials(cg
->tls_credentials
);
239 cg
->tls_credentials
= _httpCreateCredentials(credentials
);
240 #endif /* HAVE_SSL */
242 return (cg
->tls_credentials
? 0 : -1);
247 * 'cupsSetEncryption()' - Set the encryption preference.
249 * The default encryption setting comes from the CUPS_ENCRYPTION
250 * environment variable, then the ~/.cups/client.conf file, and finally the
251 * /etc/cups/client.conf file. If not set, the default is
252 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
254 * Note: The current encryption setting is tracked separately for each thread
255 * in a program. Multi-threaded programs that override the setting need to do
256 * so in each thread for the same setting to be used.
260 cupsSetEncryption(http_encryption_t e
) /* I - New encryption preference */
262 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
268 httpEncryption(cg
->http
, e
);
273 * 'cupsSetPasswordCB()' - Set the password callback for CUPS.
275 * Pass @code NULL@ to restore the default (console) password callback, which
276 * reads the password from the console. Programs should call either this
277 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
278 * by a program per thread.
280 * Note: The current password callback is tracked separately for each thread
281 * in a program. Multi-threaded programs that override the callback need to do
282 * so in each thread for the same callback to be used.
286 cupsSetPasswordCB(cups_password_cb_t cb
)/* I - Callback function */
288 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
291 if (cb
== (cups_password_cb_t
)0)
292 cg
->password_cb
= (cups_password_cb2_t
)_cupsGetPassword
;
294 cg
->password_cb
= (cups_password_cb2_t
)cb
;
296 cg
->password_data
= NULL
;
301 * 'cupsSetPasswordCB2()' - Set the advanced password callback for CUPS.
303 * Pass @code NULL@ to restore the default (console) password callback, which
304 * reads the password from the console. Programs should call either this
305 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
306 * by a program per thread.
308 * Note: The current password callback is tracked separately for each thread
309 * in a program. Multi-threaded programs that override the callback need to do
310 * so in each thread for the same callback to be used.
312 * @since CUPS 1.4/OS X 10.6@
317 cups_password_cb2_t cb
, /* I - Callback function */
318 void *user_data
) /* I - User data pointer */
320 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
323 if (cb
== (cups_password_cb2_t
)0)
324 cg
->password_cb
= (cups_password_cb2_t
)_cupsGetPassword
;
326 cg
->password_cb
= cb
;
328 cg
->password_data
= user_data
;
333 * 'cupsSetServer()' - Set the default server name and port.
335 * The "server" string can be a fully-qualified hostname, a numeric
336 * IPv4 or IPv6 address, or a domain socket pathname. Hostnames and numeric IP
337 * addresses can be optionally followed by a colon and port number to override
338 * the default port 631, e.g. "hostname:8631". Pass @code NULL@ to restore the
339 * default server name and port.
341 * Note: The current server is tracked separately for each thread in a program.
342 * Multi-threaded programs that override the server need to do so in each
343 * thread for the same server to be used.
347 cupsSetServer(const char *server
) /* I - Server name */
349 char *options
, /* Options */
350 *port
; /* Pointer to port */
351 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
356 strlcpy(cg
->server
, server
, sizeof(cg
->server
));
358 if (cg
->server
[0] != '/' && (options
= strrchr(cg
->server
, '/')) != NULL
)
362 if (!strcmp(options
, "version=1.0"))
363 cg
->server_version
= 10;
364 else if (!strcmp(options
, "version=1.1"))
365 cg
->server_version
= 11;
366 else if (!strcmp(options
, "version=2.0"))
367 cg
->server_version
= 20;
368 else if (!strcmp(options
, "version=2.1"))
369 cg
->server_version
= 21;
370 else if (!strcmp(options
, "version=2.2"))
371 cg
->server_version
= 22;
374 cg
->server_version
= 20;
376 if (cg
->server
[0] != '/' && (port
= strrchr(cg
->server
, ':')) != NULL
&&
377 !strchr(port
, ']') && isdigit(port
[1] & 255))
381 cg
->ipp_port
= atoi(port
);
385 cups_set_default_ipp_port(cg
);
387 if (cg
->server
[0] == '/')
388 strlcpy(cg
->servername
, "localhost", sizeof(cg
->servername
));
390 strlcpy(cg
->servername
, cg
->server
, sizeof(cg
->servername
));
394 cg
->server
[0] = '\0';
395 cg
->servername
[0] = '\0';
396 cg
->server_version
= 20;
409 * 'cupsSetServerCertCB()' - Set the server certificate callback.
411 * Pass @code NULL@ to restore the default callback.
413 * Note: The current credentials callback is tracked separately for each thread
414 * in a program. Multi-threaded programs that override the callback need to do
415 * so in each thread for the same callback to be used.
417 * @since CUPS 1.5/OS X 10.7@
422 cups_server_cert_cb_t cb
, /* I - Callback function */
423 void *user_data
) /* I - User data pointer */
425 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
428 cg
->server_cert_cb
= cb
;
429 cg
->server_cert_data
= user_data
;
434 * 'cupsSetUser()' - Set the default user name.
436 * Pass @code NULL@ to restore the default user name.
438 * Note: The current user name is tracked separately for each thread in a
439 * program. Multi-threaded programs that override the user name need to do so
440 * in each thread for the same user name to be used.
444 cupsSetUser(const char *user
) /* I - User name */
446 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
450 strlcpy(cg
->user
, user
, sizeof(cg
->user
));
457 * 'cupsSetUserAgent()' - Set the default HTTP User-Agent string.
459 * Setting the string to NULL forces the default value containing the CUPS
460 * version, IPP version, and operating system version and architecture.
462 * @since CUPS 1.7/OS X 10.9@
466 cupsSetUserAgent(const char *user_agent
)/* I - User-Agent string or @code NULL@ */
468 _cups_globals_t
*cg
= _cupsGlobals();
471 SYSTEM_INFO sysinfo
; /* System information */
472 OSVERSIONINFO version
; /* OS version info */
474 struct utsname name
; /* uname info */
480 strlcpy(cg
->user_agent
, user_agent
, sizeof(cg
->user_agent
));
485 version
.dwOSVersionInfoSize
= sizeof(OSVERSIONINFO
);
486 GetVersionEx(&version
);
487 GetNativeSystemInfo(&sysinfo
);
489 snprintf(cg
->user_agent
, sizeof(cg
->user_agent
),
490 CUPS_MINIMAL
" (Windows %d.%d; %s) IPP/2.0",
491 version
.dwMajorVersion
, version
.dwMinorVersion
,
492 sysinfo
.wProcessorArchitecture
493 == PROCESSOR_ARCHITECTURE_AMD64
? "amd64" :
494 sysinfo
.wProcessorArchitecture
495 == PROCESSOR_ARCHITECTURE_ARM
? "arm" :
496 sysinfo
.wProcessorArchitecture
497 == PROCESSOR_ARCHITECTURE_IA64
? "ia64" :
498 sysinfo
.wProcessorArchitecture
499 == PROCESSOR_ARCHITECTURE_INTEL
? "intel" :
505 snprintf(cg
->user_agent
, sizeof(cg
->user_agent
),
506 CUPS_MINIMAL
" (%s %s; %s) IPP/2.0",
507 name
.sysname
, name
.release
, name
.machine
);
513 * 'cupsUser()' - Return the current user's name.
515 * Note: The current user name is tracked separately for each thread in a
516 * program. Multi-threaded programs that override the user name with the
517 * @link cupsSetUser@ function need to do so in each thread for the same user
521 const char * /* O - User name */
524 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
535 * 'cupsUserAgent()' - Return the default HTTP User-Agent string.
537 * @since CUPS 1.7/OS X 10.9@
540 const char * /* O - User-Agent string */
543 _cups_globals_t
*cg
= _cupsGlobals(); /* Thread globals */
546 if (!cg
->user_agent
[0])
547 cupsSetUserAgent(NULL
);
549 return (cg
->user_agent
);
554 * '_cupsGetPassword()' - Get a password from the user.
557 const char * /* O - Password or @code NULL@ if none */
558 _cupsGetPassword(const char *prompt
) /* I - Prompt string */
561 HANDLE tty
; /* Console handle */
562 DWORD mode
; /* Console mode */
563 char passch
, /* Current key press */
564 *passptr
, /* Pointer into password string */
565 *passend
; /* End of password string */
566 DWORD passbytes
; /* Bytes read */
567 _cups_globals_t
*cg
= _cupsGlobals();
572 * Disable input echo and set raw input...
575 if ((tty
= GetStdHandle(STD_INPUT_HANDLE
)) == INVALID_HANDLE_VALUE
)
578 if (!GetConsoleMode(tty
, &mode
))
581 if (!SetConsoleMode(tty
, 0))
585 * Display the prompt...
588 printf("%s ", prompt
);
592 * Read the password string from /dev/tty until we get interrupted or get a
593 * carriage return or newline...
596 passptr
= cg
->password
;
597 passend
= cg
->password
+ sizeof(cg
->password
) - 1;
599 while (ReadFile(tty
, &passch
, 1, &passbytes
, NULL
))
601 if (passch
== 0x0A || passch
== 0x0D)
609 else if (passch
== 0x08 || passch
== 0x7F)
612 * Backspace/delete (erase character)...
615 if (passptr
> cg
->password
)
618 fputs("\010 \010", stdout
);
623 else if (passch
== 0x15)
626 * CTRL+U (erase line)
629 if (passptr
> cg
->password
)
631 while (passptr
> cg
->password
)
634 fputs("\010 \010", stdout
);
640 else if (passch
== 0x03)
646 passptr
= cg
->password
;
649 else if ((passch
& 255) < 0x20 || passptr
>= passend
)
654 putchar(_CUPS_PASSCHAR
);
667 SetConsoleMode(tty
, mode
);
670 * Return the proper value...
673 if (passbytes
== 1 && passptr
> cg
->password
)
676 return (cg
->password
);
680 memset(cg
->password
, 0, sizeof(cg
->password
));
685 int tty
; /* /dev/tty - never read from stdin */
686 struct termios original
, /* Original input mode */
687 noecho
; /* No echo input mode */
688 char passch
, /* Current key press */
689 *passptr
, /* Pointer into password string */
690 *passend
; /* End of password string */
691 ssize_t passbytes
; /* Bytes read */
692 _cups_globals_t
*cg
= _cupsGlobals();
697 * Disable input echo and set raw input...
700 if ((tty
= open("/dev/tty", O_RDONLY
)) < 0)
703 if (tcgetattr(tty
, &original
))
710 noecho
.c_lflag
&= (tcflag_t
)~(ICANON
| ECHO
| ECHOE
| ISIG
);
711 noecho
.c_cc
[VMIN
] = 1;
712 noecho
.c_cc
[VTIME
] = 0;
714 if (tcsetattr(tty
, TCSAFLUSH
, &noecho
))
721 * Display the prompt...
724 printf("%s ", prompt
);
728 * Read the password string from /dev/tty until we get interrupted or get a
729 * carriage return or newline...
732 passptr
= cg
->password
;
733 passend
= cg
->password
+ sizeof(cg
->password
) - 1;
735 while ((passbytes
= read(tty
, &passch
, 1)) == 1)
737 if (passch
== noecho
.c_cc
[VEOL
] ||
739 passch
== noecho
.c_cc
[VEOL2
] ||
741 passch
== 0x0A || passch
== 0x0D)
749 else if (passch
== noecho
.c_cc
[VERASE
] ||
750 passch
== 0x08 || passch
== 0x7F)
753 * Backspace/delete (erase character)...
756 if (passptr
> cg
->password
)
759 fputs("\010 \010", stdout
);
764 else if (passch
== noecho
.c_cc
[VKILL
])
767 * CTRL+U (erase line)
770 if (passptr
> cg
->password
)
772 while (passptr
> cg
->password
)
775 fputs("\010 \010", stdout
);
781 else if (passch
== noecho
.c_cc
[VINTR
] || passch
== noecho
.c_cc
[VQUIT
] ||
782 passch
== noecho
.c_cc
[VEOF
])
785 * CTRL+C, CTRL+D, or CTRL+Z...
788 passptr
= cg
->password
;
791 else if ((passch
& 255) < 0x20 || passptr
>= passend
)
796 putchar(_CUPS_PASSCHAR
);
809 tcsetattr(tty
, TCSAFLUSH
, &original
);
813 * Return the proper value...
816 if (passbytes
== 1 && passptr
> cg
->password
)
819 return (cg
->password
);
823 memset(cg
->password
, 0, sizeof(cg
->password
));
832 * '_cupsGSSServiceName()' - Get the GSS (Kerberos) service name.
836 _cupsGSSServiceName(void)
838 _cups_globals_t
*cg
= _cupsGlobals(); /* Thread globals */
841 if (!cg
->gss_service_name
[0])
844 return (cg
->gss_service_name
);
846 #endif /* HAVE_GSSAPI */
850 * '_cupsSetDefaults()' - Set the default server, port, and encryption.
854 _cupsSetDefaults(void)
856 cups_file_t
*fp
; /* File */
857 const char *home
; /* Home directory of user */
858 char filename
[1024]; /* Filename */
859 _cups_client_conf_t cc
; /* client.conf values */
860 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
863 DEBUG_puts("_cupsSetDefaults()");
866 * Load initial client.conf values...
869 cups_init_client_conf(&cc
);
872 * Read the /etc/cups/client.conf and ~/.cups/client.conf files, if
876 snprintf(filename
, sizeof(filename
), "%s/client.conf", cg
->cups_serverroot
);
877 if ((fp
= cupsFileOpen(filename
, "r")) != NULL
)
879 cups_read_client_conf(fp
, &cc
);
884 if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home
= getenv("HOME")) != NULL
)
885 # elif !defined(WIN32)
886 if (getuid() && (home
= getenv("HOME")) != NULL
)
888 if ((home
= getenv("HOME")) != NULL
)
889 # endif /* HAVE_GETEUID */
892 * Look for ~/.cups/client.conf...
895 snprintf(filename
, sizeof(filename
), "%s/.cups/client.conf", home
);
896 if ((fp
= cupsFileOpen(filename
, "r")) != NULL
)
898 cups_read_client_conf(fp
, &cc
);
904 * Finalize things so every client.conf value is set...
907 cups_finalize_client_conf(&cc
);
909 if (cg
->encryption
== (http_encryption_t
)-1)
910 cg
->encryption
= cc
.encryption
;
912 if (!cg
->server
[0] || !cg
->ipp_port
)
913 cupsSetServer(cc
.server_name
);
916 cups_set_default_ipp_port(cg
);
919 strlcpy(cg
->user
, cc
.user
, sizeof(cg
->user
));
922 if (!cg
->gss_service_name
[0])
923 strlcpy(cg
->gss_service_name
, cc
.gss_service_name
, sizeof(cg
->gss_service_name
));
924 #endif /* HAVE_GSSAPI */
926 if (cg
->any_root
< 0)
927 cg
->any_root
= cc
.any_root
;
929 if (cg
->expired_certs
< 0)
930 cg
->expired_certs
= cc
.expired_certs
;
932 if (cg
->validate_certs
< 0)
933 cg
->validate_certs
= cc
.validate_certs
;
936 _httpTLSSetOptions(cc
.ssl_options
);
937 #endif /* HAVE_SSL */
942 * 'cups_boolean_value()' - Convert a string to a boolean value.
945 static int /* O - Boolean value */
946 cups_boolean_value(const char *value
) /* I - String value */
948 return (!_cups_strcasecmp(value
, "yes") || !_cups_strcasecmp(value
, "on") || !_cups_strcasecmp(value
, "true"));
953 * 'cups_finalize_client_conf()' - Finalize client.conf values.
957 cups_finalize_client_conf(
958 _cups_client_conf_t
*cc
) /* I - client.conf values */
960 const char *value
; /* Environment variable */
963 if ((value
= getenv("CUPS_ANYROOT")) != NULL
)
964 cc
->any_root
= cups_boolean_value(value
);
966 if ((value
= getenv("CUPS_ENCRYPTION")) != NULL
)
967 cups_set_encryption(cc
, value
);
969 if ((value
= getenv("CUPS_EXPIREDCERTS")) != NULL
)
970 cc
->expired_certs
= cups_boolean_value(value
);
973 if ((value
= getenv("CUPS_GSSSERVICENAME")) != NULL
)
974 cups_set_gss_service_name(cc
, value
);
975 #endif /* HAVE_GSSAPI */
977 if ((value
= getenv("CUPS_SERVER")) != NULL
)
978 cups_set_server_name(cc
, value
);
980 if ((value
= getenv("CUPS_USER")) != NULL
)
981 cups_set_user(cc
, value
);
983 if ((value
= getenv("CUPS_VALIDATECERTS")) != NULL
)
984 cc
->validate_certs
= cups_boolean_value(value
);
987 * Then apply defaults for those values that haven't been set...
990 if (cc
->any_root
< 0)
993 if (cc
->encryption
== (http_encryption_t
)-1)
994 cc
->encryption
= HTTP_ENCRYPTION_IF_REQUESTED
;
996 if (cc
->expired_certs
< 0)
997 cc
->expired_certs
= 1;
1000 if (!cc
->gss_service_name
[0])
1001 cups_set_gss_service_name(cc
, CUPS_DEFAULT_GSSSERVICENAME
);
1002 #endif /* HAVE_GSSAPI */
1004 if (!cc
->server_name
[0])
1006 #ifdef CUPS_DEFAULT_DOMAINSOCKET
1008 * If we are compiled with domain socket support, only use the
1009 * domain socket if it exists and has the right permissions...
1012 if (!access(CUPS_DEFAULT_DOMAINSOCKET
, R_OK
))
1013 cups_set_server_name(cc
, CUPS_DEFAULT_DOMAINSOCKET
);
1015 #endif /* CUPS_DEFAULT_DOMAINSOCKET */
1016 cups_set_server_name(cc
, "localhost");
1023 * Get the current user name from the OS...
1026 DWORD size
; /* Size of string */
1028 size
= sizeof(cc
->user
);
1029 if (!GetUserName(cc
->user
, &size
))
1032 * Try the USER environment variable as the default username...
1035 const char *envuser
= getenv("USER");
1036 /* Default username */
1037 struct passwd
*pw
= NULL
; /* Account information */
1042 * Validate USER matches the current UID, otherwise don't allow it to
1043 * override things... This makes sure that printing after doing su
1044 * or sudo records the correct username.
1047 if ((pw
= getpwnam(envuser
)) != NULL
&& pw
->pw_uid
!= getuid())
1052 pw
= getpwuid(getuid());
1055 strlcpy(cc
->user
, pw
->pw_name
, sizeof(cc
->user
));
1060 * Use the default "unknown" user name...
1063 strlcpy(cc
->user
, "unknown", sizeof(cc
->user
));
1067 if (cc
->validate_certs
< 0)
1068 cc
->validate_certs
= 0;
1073 * 'cups_init_client_conf()' - Initialize client.conf values.
1077 cups_init_client_conf(
1078 _cups_client_conf_t
*cc
) /* I - client.conf values */
1081 * Clear all values to "not set"...
1084 memset(cc
, 0, sizeof(_cups_client_conf_t
));
1086 cc
->encryption
= (http_encryption_t
)-1;
1088 cc
->expired_certs
= -1;
1089 cc
->validate_certs
= -1;
1094 * 'cups_read_client_conf()' - Read a client.conf file.
1098 cups_read_client_conf(
1099 cups_file_t
*fp
, /* I - File to read */
1100 _cups_client_conf_t
*cc
) /* I - client.conf values */
1102 int linenum
; /* Current line number */
1103 char line
[1024], /* Line from file */
1104 *value
; /* Pointer into line */
1108 * Read from the file...
1112 while (cupsFileGetConf(fp
, line
, sizeof(line
), &value
, &linenum
))
1114 if (!_cups_strcasecmp(line
, "Encryption") && value
)
1115 cups_set_encryption(cc
, value
);
1118 * The ServerName directive is not supported on OS X due to app
1119 * sandboxing restrictions, i.e. not all apps request network access.
1121 else if (!_cups_strcasecmp(line
, "ServerName") && value
)
1122 cups_set_server_name(cc
, value
);
1123 #endif /* !__APPLE__ */
1124 else if (!_cups_strcasecmp(line
, "User") && value
)
1125 cups_set_user(cc
, value
);
1126 else if (!_cups_strcasecmp(line
, "AllowAnyRoot") && value
)
1127 cc
->any_root
= cups_boolean_value(value
);
1128 else if (!_cups_strcasecmp(line
, "AllowExpiredCerts") &&
1130 cc
->expired_certs
= cups_boolean_value(value
);
1131 else if (!_cups_strcasecmp(line
, "ValidateCerts") && value
)
1132 cc
->validate_certs
= cups_boolean_value(value
);
1134 else if (!_cups_strcasecmp(line
, "GSSServiceName") && value
)
1135 cups_set_gss_service_name(cc
, value
);
1136 #endif /* HAVE_GSSAPI */
1138 else if (!_cups_strcasecmp(line
, "SSLOptions") && value
)
1139 cups_set_ssl_options(cc
, value
);
1140 #endif /* HAVE_SSL */
1146 * 'cups_set_default_ipp_port()' - Set the default IPP port value.
1150 cups_set_default_ipp_port(
1151 _cups_globals_t
*cg
) /* I - Global data */
1153 const char *ipp_port
; /* IPP_PORT environment variable */
1156 if ((ipp_port
= getenv("IPP_PORT")) != NULL
)
1158 if ((cg
->ipp_port
= atoi(ipp_port
)) <= 0)
1159 cg
->ipp_port
= CUPS_DEFAULT_IPP_PORT
;
1162 cg
->ipp_port
= CUPS_DEFAULT_IPP_PORT
;
1166 * 'cups_set_encryption()' - Set the Encryption value.
1170 cups_set_encryption(
1171 _cups_client_conf_t
*cc
, /* I - client.conf values */
1172 const char *value
) /* I - Value */
1174 if (!_cups_strcasecmp(value
, "never"))
1175 cc
->encryption
= HTTP_ENCRYPTION_NEVER
;
1176 else if (!_cups_strcasecmp(value
, "always"))
1177 cc
->encryption
= HTTP_ENCRYPTION_ALWAYS
;
1178 else if (!_cups_strcasecmp(value
, "required"))
1179 cc
->encryption
= HTTP_ENCRYPTION_REQUIRED
;
1181 cc
->encryption
= HTTP_ENCRYPTION_IF_REQUESTED
;
1186 * 'cups_set_gss_service_name()' - Set the GSSServiceName value.
1191 cups_set_gss_service_name(
1192 _cups_client_conf_t
*cc
, /* I - client.conf values */
1193 const char *value
) /* I - Value */
1195 strlcpy(cc
->gss_service_name
, value
, sizeof(cc
->gss_service_name
));
1197 #endif /* HAVE_GSSAPI */
1201 * 'cups_set_server_name()' - Set the ServerName value.
1205 cups_set_server_name(
1206 _cups_client_conf_t
*cc
, /* I - client.conf values */
1207 const char *value
) /* I - Value */
1209 strlcpy(cc
->server_name
, value
, sizeof(cc
->server_name
));
1214 * 'cups_set_ssl_options()' - Set the SSLOptions value.
1219 cups_set_ssl_options(
1220 _cups_client_conf_t
*cc
, /* I - client.conf values */
1221 const char *value
) /* I - Value */
1224 * SSLOptions [AllowRC4] [AllowSSL3] [AllowDH] [DenyTLS1.0] [None]
1227 int options
= _HTTP_TLS_NONE
; /* SSL/TLS options */
1228 char temp
[256], /* Copy of value */
1229 *start
, /* Start of option */
1230 *end
; /* End of option */
1233 strlcpy(temp
, value
, sizeof(temp
));
1235 for (start
= temp
; *start
; start
= end
)
1238 * Find end of keyword...
1242 while (*end
&& !_cups_isspace(*end
))
1252 if (!_cups_strcasecmp(start
, "AllowRC4"))
1253 options
|= _HTTP_TLS_ALLOW_RC4
;
1254 else if (!_cups_strcasecmp(start
, "AllowSSL3"))
1255 options
|= _HTTP_TLS_ALLOW_SSL3
;
1256 else if (!_cups_strcasecmp(start
, "AllowDH"))
1257 options
|= _HTTP_TLS_ALLOW_DH
;
1258 else if (!_cups_strcasecmp(start
, "DenyTLS1.0"))
1259 options
|= _HTTP_TLS_DENY_TLS10
;
1260 else if (!_cups_strcasecmp(start
, "None"))
1261 options
= _HTTP_TLS_NONE
;
1264 cc
->ssl_options
= options
;
1266 DEBUG_printf(("4cups_set_ssl_options(cc=%p, value=\"%s\") options=%x", (void *)cc
, value
, options
));
1268 #endif /* HAVE_SSL */
1272 * 'cups_set_user()' - Set the User value.
1277 _cups_client_conf_t
*cc
, /* I - client.conf values */
1278 const char *value
) /* I - Value */
1280 strlcpy(cc
->user
, value
, sizeof(cc
->user
));