]> git.ipfire.org Git - thirdparty/cups.git/blob - cups/usersys.c
projects / thirdparty / cups.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Changes to eliminate warnings from new Clang.
[thirdparty/cups.git] / cups / usersys.c
1 /*
2 * "$Id$"
3 *
4 * User, system, and password routines for CUPS.
5 *
6 * Copyright 2007-2015 by Apple Inc.
7 * Copyright 1997-2006 by Easy Software Products.
8 *
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
14 *
15 * This file is subject to the Apple OS-Developed Software exception.
16 */
17
18 /*
19 * Include necessary headers...
20 */
21
22 #include "cups-private.h"
23 #include <stdlib.h>
24 #include <sys/stat.h>
25 #ifdef WIN32
26 # include <windows.h>
27 #else
28 # include <pwd.h>
29 # include <termios.h>
30 # include <sys/utsname.h>
31 #endif /* WIN32 */
32
33
34 /*
35 * Local constants...
36 */
37
38 #define _CUPS_PASSCHAR '*' /* Character that is echoed for password */
39
40
41 /*
42 * Local types...
43 */
44
45 typedef struct _cups_client_conf_s /**** client.conf config data ****/
46 {
47 #ifdef HAVE_SSL
48 int ssl_options; /* SSLOptions values */
49 #endif /* HAVE_SSL */
50 int any_root, /* Allow any (e.g., self-signed) root */
51 expired_certs, /* Allow expired certs */
52 validate_certs; /* Validate certificates */
53 http_encryption_t encryption; /* Encryption setting */
54 char user[65], /* User name */
55 server_name[256];
56 /* Server hostname */
57 #ifdef HAVE_GSSAPI
58 char gss_service_name[32];
59 /* Kerberos service name */
60 #endif /* HAVE_GSSAPI */
61 } _cups_client_conf_t;
62
63
64 /*
65 * Local functions...
66 */
67
68 static void cups_finalize_client_conf(_cups_client_conf_t *cc);
69 static void cups_init_client_conf(_cups_client_conf_t *cc);
70 static void cups_read_client_conf(cups_file_t *fp, _cups_client_conf_t *cc);
71 static void cups_set_default_ipp_port(_cups_globals_t *cg);
72 static void cups_set_encryption(_cups_client_conf_t *cc, const char *value);
73 #ifdef HAVE_GSSAPI
74 static void cups_set_gss_service_name(_cups_client_conf_t *cc, const char *value);
75 #endif /* HAVE_GSSAPI */
76 static void cups_set_server_name(_cups_client_conf_t *cc, const char *value);
77 #ifdef HAVE_SSL
78 static void cups_set_ssl_options(_cups_client_conf_t *cc, const char *value);
79 #endif /* HAVE_SSL */
80 static void cups_set_user(_cups_client_conf_t *cc, const char *value);
81
82
83 /*
84 * 'cupsEncryption()' - Get the current encryption settings.
85 *
86 * The default encryption setting comes from the CUPS_ENCRYPTION
87 * environment variable, then the ~/.cups/client.conf file, and finally the
88 * /etc/cups/client.conf file. If not set, the default is
89 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
90 *
91 * Note: The current encryption setting is tracked separately for each thread
92 * in a program. Multi-threaded programs that override the setting via the
93 * @link cupsSetEncryption@ function need to do so in each thread for the same
94 * setting to be used.
95 */
96
97 http_encryption_t /* O - Encryption settings */
98 cupsEncryption(void)
99 {
100 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
101
102
103 if (cg->encryption == (http_encryption_t)-1)
104 _cupsSetDefaults();
105
106 return (cg->encryption);
107 }
108
109
110 /*
111 * 'cupsGetPassword()' - Get a password from the user.
112 *
113 * Uses the current password callback function. Returns @code NULL@ if the
114 * user does not provide a password.
115 *
116 * Note: The current password callback function is tracked separately for each
117 * thread in a program. Multi-threaded programs that override the setting via
118 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
119 * do so in each thread for the same function to be used.
120 */
121
122 const char * /* O - Password */
123 cupsGetPassword(const char *prompt) /* I - Prompt string */
124 {
125 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
126
127
128 return ((cg->password_cb)(prompt, NULL, NULL, NULL, cg->password_data));
129 }
130
131
132 /*
133 * 'cupsGetPassword2()' - Get a password from the user using the advanced
134 * password callback.
135 *
136 * Uses the current password callback function. Returns @code NULL@ if the
137 * user does not provide a password.
138 *
139 * Note: The current password callback function is tracked separately for each
140 * thread in a program. Multi-threaded programs that override the setting via
141 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
142 * do so in each thread for the same function to be used.
143 *
144 * @since CUPS 1.4/OS X 10.6@
145 */
146
147 const char * /* O - Password */
148 cupsGetPassword2(const char *prompt, /* I - Prompt string */
149 http_t *http, /* I - Connection to server or @code CUPS_HTTP_DEFAULT@ */
150 const char *method, /* I - Request method ("GET", "POST", "PUT") */
151 const char *resource) /* I - Resource path */
152 {
153 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
154
155
156 if (!http)
157 http = _cupsConnect();
158
159 return ((cg->password_cb)(prompt, http, method, resource, cg->password_data));
160 }
161
162
163 /*
164 * 'cupsServer()' - Return the hostname/address of the current server.
165 *
166 * The default server comes from the CUPS_SERVER environment variable, then the
167 * ~/.cups/client.conf file, and finally the /etc/cups/client.conf file. If not
168 * set, the default is the local system - either "localhost" or a domain socket
169 * path.
170 *
171 * The returned value can be a fully-qualified hostname, a numeric IPv4 or IPv6
172 * address, or a domain socket pathname.
173 *
174 * Note: The current server is tracked separately for each thread in a program.
175 * Multi-threaded programs that override the server via the
176 * @link cupsSetServer@ function need to do so in each thread for the same
177 * server to be used.
178 */
179
180 const char * /* O - Server name */
181 cupsServer(void)
182 {
183 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
184
185
186 if (!cg->server[0])
187 _cupsSetDefaults();
188
189 return (cg->server);
190 }
191
192
193 /*
194 * 'cupsSetClientCertCB()' - Set the client certificate callback.
195 *
196 * Pass @code NULL@ to restore the default callback.
197 *
198 * Note: The current certificate callback is tracked separately for each thread
199 * in a program. Multi-threaded programs that override the callback need to do
200 * so in each thread for the same callback to be used.
201 *
202 * @since CUPS 1.5/OS X 10.7@
203 */
204
205 void
206 cupsSetClientCertCB(
207 cups_client_cert_cb_t cb, /* I - Callback function */
208 void *user_data) /* I - User data pointer */
209 {
210 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
211
212
213 cg->client_cert_cb = cb;
214 cg->client_cert_data = user_data;
215 }
216
217
218 /*
219 * 'cupsSetCredentials()' - Set the default credentials to be used for SSL/TLS
220 * connections.
221 *
222 * Note: The default credentials are tracked separately for each thread in a
223 * program. Multi-threaded programs that override the setting need to do so in
224 * each thread for the same setting to be used.
225 *
226 * @since CUPS 1.5/OS X 10.7@
227 */
228
229 int /* O - Status of call (0 = success) */
230 cupsSetCredentials(
231 cups_array_t *credentials) /* I - Array of credentials */
232 {
233 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
234
235
236 if (cupsArrayCount(credentials) < 1)
237 return (-1);
238
239 #ifdef HAVE_SSL
240 _httpFreeCredentials(cg->tls_credentials);
241 cg->tls_credentials = _httpCreateCredentials(credentials);
242 #endif /* HAVE_SSL */
243
244 return (cg->tls_credentials ? 0 : -1);
245 }
246
247
248 /*
249 * 'cupsSetEncryption()' - Set the encryption preference.
250 *
251 * The default encryption setting comes from the CUPS_ENCRYPTION
252 * environment variable, then the ~/.cups/client.conf file, and finally the
253 * /etc/cups/client.conf file. If not set, the default is
254 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
255 *
256 * Note: The current encryption setting is tracked separately for each thread
257 * in a program. Multi-threaded programs that override the setting need to do
258 * so in each thread for the same setting to be used.
259 */
260
261 void
262 cupsSetEncryption(http_encryption_t e) /* I - New encryption preference */
263 {
264 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
265
266
267 cg->encryption = e;
268
269 if (cg->http)
270 httpEncryption(cg->http, e);
271 }
272
273
274 /*
275 * 'cupsSetPasswordCB()' - Set the password callback for CUPS.
276 *
277 * Pass @code NULL@ to restore the default (console) password callback, which
278 * reads the password from the console. Programs should call either this
279 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
280 * by a program per thread.
281 *
282 * Note: The current password callback is tracked separately for each thread
283 * in a program. Multi-threaded programs that override the callback need to do
284 * so in each thread for the same callback to be used.
285 */
286
287 void
288 cupsSetPasswordCB(cups_password_cb_t cb)/* I - Callback function */
289 {
290 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
291
292
293 if (cb == (cups_password_cb_t)0)
294 cg->password_cb = (cups_password_cb2_t)_cupsGetPassword;
295 else
296 cg->password_cb = (cups_password_cb2_t)cb;
297
298 cg->password_data = NULL;
299 }
300
301
302 /*
303 * 'cupsSetPasswordCB2()' - Set the advanced password callback for CUPS.
304 *
305 * Pass @code NULL@ to restore the default (console) password callback, which
306 * reads the password from the console. Programs should call either this
307 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
308 * by a program per thread.
309 *
310 * Note: The current password callback is tracked separately for each thread
311 * in a program. Multi-threaded programs that override the callback need to do
312 * so in each thread for the same callback to be used.
313 *
314 * @since CUPS 1.4/OS X 10.6@
315 */
316
317 void
318 cupsSetPasswordCB2(
319 cups_password_cb2_t cb, /* I - Callback function */
320 void *user_data) /* I - User data pointer */
321 {
322 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
323
324
325 if (cb == (cups_password_cb2_t)0)
326 cg->password_cb = (cups_password_cb2_t)_cupsGetPassword;
327 else
328 cg->password_cb = cb;
329
330 cg->password_data = user_data;
331 }
332
333
334 /*
335 * 'cupsSetServer()' - Set the default server name and port.
336 *
337 * The "server" string can be a fully-qualified hostname, a numeric
338 * IPv4 or IPv6 address, or a domain socket pathname. Hostnames and numeric IP
339 * addresses can be optionally followed by a colon and port number to override
340 * the default port 631, e.g. "hostname:8631". Pass @code NULL@ to restore the
341 * default server name and port.
342 *
343 * Note: The current server is tracked separately for each thread in a program.
344 * Multi-threaded programs that override the server need to do so in each
345 * thread for the same server to be used.
346 */
347
348 void
349 cupsSetServer(const char *server) /* I - Server name */
350 {
351 char *options, /* Options */
352 *port; /* Pointer to port */
353 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
354
355
356 if (server)
357 {
358 strlcpy(cg->server, server, sizeof(cg->server));
359
360 if (cg->server[0] != '/' && (options = strrchr(cg->server, '/')) != NULL)
361 {
362 *options++ = '\0';
363
364 if (!strcmp(options, "version=1.0"))
365 cg->server_version = 10;
366 else if (!strcmp(options, "version=1.1"))
367 cg->server_version = 11;
368 else if (!strcmp(options, "version=2.0"))
369 cg->server_version = 20;
370 else if (!strcmp(options, "version=2.1"))
371 cg->server_version = 21;
372 else if (!strcmp(options, "version=2.2"))
373 cg->server_version = 22;
374 }
375 else
376 cg->server_version = 20;
377
378 if (cg->server[0] != '/' && (port = strrchr(cg->server, ':')) != NULL &&
379 !strchr(port, ']') && isdigit(port[1] & 255))
380 {
381 *port++ = '\0';
382
383 cg->ipp_port = atoi(port);
384 }
385
386 if (!cg->ipp_port)
387 cups_set_default_ipp_port(cg);
388
389 if (cg->server[0] == '/')
390 strlcpy(cg->servername, "localhost", sizeof(cg->servername));
391 else
392 strlcpy(cg->servername, cg->server, sizeof(cg->servername));
393 }
394 else
395 {
396 cg->server[0] = '\0';
397 cg->servername[0] = '\0';
398 cg->server_version = 20;
399 cg->ipp_port = 0;
400 }
401
402 if (cg->http)
403 {
404 httpClose(cg->http);
405 cg->http = NULL;
406 }
407 }
408
409
410 /*
411 * 'cupsSetServerCertCB()' - Set the server certificate callback.
412 *
413 * Pass @code NULL@ to restore the default callback.
414 *
415 * Note: The current credentials callback is tracked separately for each thread
416 * in a program. Multi-threaded programs that override the callback need to do
417 * so in each thread for the same callback to be used.
418 *
419 * @since CUPS 1.5/OS X 10.7@
420 */
421
422 void
423 cupsSetServerCertCB(
424 cups_server_cert_cb_t cb, /* I - Callback function */
425 void *user_data) /* I - User data pointer */
426 {
427 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
428
429
430 cg->server_cert_cb = cb;
431 cg->server_cert_data = user_data;
432 }
433
434
435 /*
436 * 'cupsSetUser()' - Set the default user name.
437 *
438 * Pass @code NULL@ to restore the default user name.
439 *
440 * Note: The current user name is tracked separately for each thread in a
441 * program. Multi-threaded programs that override the user name need to do so
442 * in each thread for the same user name to be used.
443 */
444
445 void
446 cupsSetUser(const char *user) /* I - User name */
447 {
448 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
449
450
451 if (user)
452 strlcpy(cg->user, user, sizeof(cg->user));
453 else
454 cg->user[0] = '\0';
455 }
456
457
458 /*
459 * 'cupsSetUserAgent()' - Set the default HTTP User-Agent string.
460 *
461 * Setting the string to NULL forces the default value containing the CUPS
462 * version, IPP version, and operating system version and architecture.
463 *
464 * @since CUPS 1.7/OS X 10.9@
465 */
466
467 void
468 cupsSetUserAgent(const char *user_agent)/* I - User-Agent string or @code NULL@ */
469 {
470 _cups_globals_t *cg = _cupsGlobals();
471 /* Thread globals */
472 #ifdef WIN32
473 SYSTEM_INFO sysinfo; /* System information */
474 OSVERSIONINFO version; /* OS version info */
475 #else
476 struct utsname name; /* uname info */
477 #endif /* WIN32 */
478
479
480 if (user_agent)
481 {
482 strlcpy(cg->user_agent, user_agent, sizeof(cg->user_agent));
483 return;
484 }
485
486 #ifdef WIN32
487 version.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
488 GetVersionEx(&version);
489 GetNativeSystemInfo(&sysinfo);
490
491 snprintf(cg->user_agent, sizeof(cg->user_agent),
492 CUPS_MINIMAL " (Windows %d.%d; %s) IPP/2.0",
493 version.dwMajorVersion, version.dwMinorVersion,
494 sysinfo.wProcessorArchitecture
495 == PROCESSOR_ARCHITECTURE_AMD64 ? "amd64" :
496 sysinfo.wProcessorArchitecture
497 == PROCESSOR_ARCHITECTURE_ARM ? "arm" :
498 sysinfo.wProcessorArchitecture
499 == PROCESSOR_ARCHITECTURE_IA64 ? "ia64" :
500 sysinfo.wProcessorArchitecture
501 == PROCESSOR_ARCHITECTURE_INTEL ? "intel" :
502 "unknown");
503
504 #else
505 uname(&name);
506
507 snprintf(cg->user_agent, sizeof(cg->user_agent),
508 CUPS_MINIMAL " (%s %s; %s) IPP/2.0",
509 name.sysname, name.release, name.machine);
510 #endif /* WIN32 */
511 }
512
513
514 /*
515 * 'cupsUser()' - Return the current user's name.
516 *
517 * Note: The current user name is tracked separately for each thread in a
518 * program. Multi-threaded programs that override the user name with the
519 * @link cupsSetUser@ function need to do so in each thread for the same user
520 * name to be used.
521 */
522
523 const char * /* O - User name */
524 cupsUser(void)
525 {
526 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
527
528
529 if (!cg->user[0])
530 _cupsSetDefaults();
531
532 return (cg->user);
533 }
534
535
536 /*
537 * 'cupsUserAgent()' - Return the default HTTP User-Agent string.
538 *
539 * @since CUPS 1.7/OS X 10.9@
540 */
541
542 const char * /* O - User-Agent string */
543 cupsUserAgent(void)
544 {
545 _cups_globals_t *cg = _cupsGlobals(); /* Thread globals */
546
547
548 if (!cg->user_agent[0])
549 cupsSetUserAgent(NULL);
550
551 return (cg->user_agent);
552 }
553
554
555 /*
556 * '_cupsGetPassword()' - Get a password from the user.
557 */
558
559 const char * /* O - Password or @code NULL@ if none */
560 _cupsGetPassword(const char *prompt) /* I - Prompt string */
561 {
562 #ifdef WIN32
563 HANDLE tty; /* Console handle */
564 DWORD mode; /* Console mode */
565 char passch, /* Current key press */
566 *passptr, /* Pointer into password string */
567 *passend; /* End of password string */
568 DWORD passbytes; /* Bytes read */
569 _cups_globals_t *cg = _cupsGlobals();
570 /* Thread globals */
571
572
573 /*
574 * Disable input echo and set raw input...
575 */
576
577 if ((tty = GetStdHandle(STD_INPUT_HANDLE)) == INVALID_HANDLE_VALUE)
578 return (NULL);
579
580 if (!GetConsoleMode(tty, &mode))
581 return (NULL);
582
583 if (!SetConsoleMode(tty, 0))
584 return (NULL);
585
586 /*
587 * Display the prompt...
588 */
589
590 printf("%s ", prompt);
591 fflush(stdout);
592
593 /*
594 * Read the password string from /dev/tty until we get interrupted or get a
595 * carriage return or newline...
596 */
597
598 passptr = cg->password;
599 passend = cg->password + sizeof(cg->password) - 1;
600
601 while (ReadFile(tty, &passch, 1, &passbytes, NULL))
602 {
603 if (passch == 0x0A || passch == 0x0D)
604 {
605 /*
606 * Enter/return...
607 */
608
609 break;
610 }
611 else if (passch == 0x08 || passch == 0x7F)
612 {
613 /*
614 * Backspace/delete (erase character)...
615 */
616
617 if (passptr > cg->password)
618 {
619 passptr --;
620 fputs("\010 \010", stdout);
621 }
622 else
623 putchar(0x07);
624 }
625 else if (passch == 0x15)
626 {
627 /*
628 * CTRL+U (erase line)
629 */
630
631 if (passptr > cg->password)
632 {
633 while (passptr > cg->password)
634 {
635 passptr --;
636 fputs("\010 \010", stdout);
637 }
638 }
639 else
640 putchar(0x07);
641 }
642 else if (passch == 0x03)
643 {
644 /*
645 * CTRL+C...
646 */
647
648 passptr = cg->password;
649 break;
650 }
651 else if ((passch & 255) < 0x20 || passptr >= passend)
652 putchar(0x07);
653 else
654 {
655 *passptr++ = passch;
656 putchar(_CUPS_PASSCHAR);
657 }
658
659 fflush(stdout);
660 }
661
662 putchar('\n');
663 fflush(stdout);
664
665 /*
666 * Cleanup...
667 */
668
669 SetConsoleMode(tty, mode);
670
671 /*
672 * Return the proper value...
673 */
674
675 if (passbytes == 1 && passptr > cg->password)
676 {
677 *passptr = '\0';
678 return (cg->password);
679 }
680 else
681 {
682 memset(cg->password, 0, sizeof(cg->password));
683 return (NULL);
684 }
685
686 #else
687 int tty; /* /dev/tty - never read from stdin */
688 struct termios original, /* Original input mode */
689 noecho; /* No echo input mode */
690 char passch, /* Current key press */
691 *passptr, /* Pointer into password string */
692 *passend; /* End of password string */
693 ssize_t passbytes; /* Bytes read */
694 _cups_globals_t *cg = _cupsGlobals();
695 /* Thread globals */
696
697
698 /*
699 * Disable input echo and set raw input...
700 */
701
702 if ((tty = open("/dev/tty", O_RDONLY)) < 0)
703 return (NULL);
704
705 if (tcgetattr(tty, &original))
706 {
707 close(tty);
708 return (NULL);
709 }
710
711 noecho = original;
712 noecho.c_lflag &= (tcflag_t)~(ICANON | ECHO | ECHOE | ISIG);
713 noecho.c_cc[VMIN] = 1;
714 noecho.c_cc[VTIME] = 0;
715
716 if (tcsetattr(tty, TCSAFLUSH, &noecho))
717 {
718 close(tty);
719 return (NULL);
720 }
721
722 /*
723 * Display the prompt...
724 */
725
726 printf("%s ", prompt);
727 fflush(stdout);
728
729 /*
730 * Read the password string from /dev/tty until we get interrupted or get a
731 * carriage return or newline...
732 */
733
734 passptr = cg->password;
735 passend = cg->password + sizeof(cg->password) - 1;
736
737 while ((passbytes = read(tty, &passch, 1)) == 1)
738 {
739 if (passch == noecho.c_cc[VEOL] ||
740 # ifdef VEOL2
741 passch == noecho.c_cc[VEOL2] ||
742 # endif /* VEOL2 */
743 passch == 0x0A || passch == 0x0D)
744 {
745 /*
746 * Enter/return...
747 */
748
749 break;
750 }
751 else if (passch == noecho.c_cc[VERASE] ||
752 passch == 0x08 || passch == 0x7F)
753 {
754 /*
755 * Backspace/delete (erase character)...
756 */
757
758 if (passptr > cg->password)
759 {
760 passptr --;
761 fputs("\010 \010", stdout);
762 }
763 else
764 putchar(0x07);
765 }
766 else if (passch == noecho.c_cc[VKILL])
767 {
768 /*
769 * CTRL+U (erase line)
770 */
771
772 if (passptr > cg->password)
773 {
774 while (passptr > cg->password)
775 {
776 passptr --;
777 fputs("\010 \010", stdout);
778 }
779 }
780 else
781 putchar(0x07);
782 }
783 else if (passch == noecho.c_cc[VINTR] || passch == noecho.c_cc[VQUIT] ||
784 passch == noecho.c_cc[VEOF])
785 {
786 /*
787 * CTRL+C, CTRL+D, or CTRL+Z...
788 */
789
790 passptr = cg->password;
791 break;
792 }
793 else if ((passch & 255) < 0x20 || passptr >= passend)
794 putchar(0x07);
795 else
796 {
797 *passptr++ = passch;
798 putchar(_CUPS_PASSCHAR);
799 }
800
801 fflush(stdout);
802 }
803
804 putchar('\n');
805 fflush(stdout);
806
807 /*
808 * Cleanup...
809 */
810
811 tcsetattr(tty, TCSAFLUSH, &original);
812 close(tty);
813
814 /*
815 * Return the proper value...
816 */
817
818 if (passbytes == 1 && passptr > cg->password)
819 {
820 *passptr = '\0';
821 return (cg->password);
822 }
823 else
824 {
825 memset(cg->password, 0, sizeof(cg->password));
826 return (NULL);
827 }
828 #endif /* WIN32 */
829 }
830
831
832 #ifdef HAVE_GSSAPI
833 /*
834 * '_cupsGSSServiceName()' - Get the GSS (Kerberos) service name.
835 */
836
837 const char *
838 _cupsGSSServiceName(void)
839 {
840 _cups_globals_t *cg = _cupsGlobals(); /* Thread globals */
841
842
843 if (!cg->gss_service_name[0])
844 _cupsSetDefaults();
845
846 return (cg->gss_service_name);
847 }
848 #endif /* HAVE_GSSAPI */
849
850
851 /*
852 * '_cupsSetDefaults()' - Set the default server, port, and encryption.
853 */
854
855 void
856 _cupsSetDefaults(void)
857 {
858 cups_file_t *fp; /* File */
859 const char *home; /* Home directory of user */
860 char filename[1024]; /* Filename */
861 _cups_client_conf_t cc; /* client.conf values */
862 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
863
864
865 DEBUG_puts("_cupsSetDefaults()");
866
867 /*
868 * Load initial client.conf values...
869 */
870
871 cups_init_client_conf(&cc);
872
873 /*
874 * Read the /etc/cups/client.conf and ~/.cups/client.conf files, if
875 * present.
876 */
877
878 snprintf(filename, sizeof(filename), "%s/client.conf", cg->cups_serverroot);
879 if ((fp = cupsFileOpen(filename, "r")) != NULL)
880 {
881 cups_read_client_conf(fp, &cc);
882 cupsFileClose(fp);
883 }
884
885 # ifdef HAVE_GETEUID
886 if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home = getenv("HOME")) != NULL)
887 # elif !defined(WIN32)
888 if (getuid() && (home = getenv("HOME")) != NULL)
889 # else
890 if ((home = getenv("HOME")) != NULL)
891 # endif /* HAVE_GETEUID */
892 {
893 /*
894 * Look for ~/.cups/client.conf...
895 */
896
897 snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home);
898 if ((fp = cupsFileOpen(filename, "r")) != NULL)
899 {
900 cups_read_client_conf(fp, &cc);
901 cupsFileClose(fp);
902 }
903 }
904
905 /*
906 * Finalize things so every client.conf value is set...
907 */
908
909 cups_finalize_client_conf(&cc);
910
911 if (cg->encryption == (http_encryption_t)-1)
912 cg->encryption = cc.encryption;
913
914 if (!cg->server[0] || !cg->ipp_port)
915 cupsSetServer(cc.server_name);
916
917 if (!cg->ipp_port)
918 cups_set_default_ipp_port(cg);
919
920 if (!cg->user[0])
921 strlcpy(cg->user, cc.user, sizeof(cg->user));
922
923 #ifdef HAVE_GSSAPI
924 if (!cg->gss_service_name[0])
925 strlcpy(cg->gss_service_name, cc.gss_service_name, sizeof(cg->gss_service_name));
926 #endif /* HAVE_GSSAPI */
927
928 if (cg->any_root < 0)
929 cg->any_root = cc.any_root;
930
931 if (cg->expired_certs < 0)
932 cg->expired_certs = cc.expired_certs;
933
934 if (cg->validate_certs < 0)
935 cg->validate_certs = cc.validate_certs;
936
937 #ifdef HAVE_SSL
938 _httpTLSSetOptions(cc.ssl_options);
939 #endif /* HAVE_SSL */
940 }
941
942
943 /*
944 * 'cups_boolean_value()' - Convert a string to a boolean value.
945 */
946
947 static int /* O - Boolean value */
948 cups_boolean_value(const char *value) /* I - String value */
949 {
950 return (!_cups_strcasecmp(value, "yes") || !_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "true"));
951 }
952
953
954 /*
955 * 'cups_finalize_client_conf()' - Finalize client.conf values.
956 */
957
958 static void
959 cups_finalize_client_conf(
960 _cups_client_conf_t *cc) /* I - client.conf values */
961 {
962 const char *value; /* Environment variable */
963
964
965 if ((value = getenv("CUPS_ANYROOT")) != NULL)
966 cc->any_root = cups_boolean_value(value);
967
968 if ((value = getenv("CUPS_ENCRYPTION")) != NULL)
969 cups_set_encryption(cc, value);
970
971 if ((value = getenv("CUPS_EXPIREDCERTS")) != NULL)
972 cc->expired_certs = cups_boolean_value(value);
973
974 #ifdef HAVE_GSSAPI
975 if ((value = getenv("CUPS_GSSSERVICENAME")) != NULL)
976 cups_set_gss_service_name(cc, value);
977 #endif /* HAVE_GSSAPI */
978
979 if ((value = getenv("CUPS_SERVER")) != NULL)
980 cups_set_server_name(cc, value);
981
982 if ((value = getenv("CUPS_USER")) != NULL)
983 cups_set_user(cc, value);
984
985 if ((value = getenv("CUPS_VALIDATECERTS")) != NULL)
986 cc->validate_certs = cups_boolean_value(value);
987
988 /*
989 * Then apply defaults for those values that haven't been set...
990 */
991
992 if (cc->any_root < 0)
993 cc->any_root = 1;
994
995 if (cc->encryption == (http_encryption_t)-1)
996 cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED;
997
998 if (cc->expired_certs < 0)
999 cc->expired_certs = 1;
1000
1001 #ifdef HAVE_GSSAPI
1002 if (!cc->gss_service_name[0])
1003 cups_set_gss_service_name(cc, CUPS_DEFAULT_GSSSERVICENAME);
1004 #endif /* HAVE_GSSAPI */
1005
1006 if (!cc->server_name[0])
1007 {
1008 #ifdef CUPS_DEFAULT_DOMAINSOCKET
1009 /*
1010 * If we are compiled with domain socket support, only use the
1011 * domain socket if it exists and has the right permissions...
1012 */
1013
1014 if (!access(CUPS_DEFAULT_DOMAINSOCKET, R_OK))
1015 cups_set_server_name(cc, CUPS_DEFAULT_DOMAINSOCKET);
1016 else
1017 #endif /* CUPS_DEFAULT_DOMAINSOCKET */
1018 cups_set_server_name(cc, "localhost");
1019 }
1020
1021 if (!cc->user[0])
1022 {
1023 #ifdef WIN32
1024 /*
1025 * Get the current user name from the OS...
1026 */
1027
1028 DWORD size; /* Size of string */
1029
1030 size = sizeof(cc->user);
1031 if (!GetUserName(cc->user, &size))
1032 #else
1033 /*
1034 * Try the USER environment variable as the default username...
1035 */
1036
1037 const char *envuser = getenv("USER");
1038 /* Default username */
1039 struct passwd *pw = NULL; /* Account information */
1040
1041 if (envuser)
1042 {
1043 /*
1044 * Validate USER matches the current UID, otherwise don't allow it to
1045 * override things... This makes sure that printing after doing su
1046 * or sudo records the correct username.
1047 */
1048
1049 if ((pw = getpwnam(envuser)) != NULL && pw->pw_uid != getuid())
1050 pw = NULL;
1051 }
1052
1053 if (!pw)
1054 pw = getpwuid(getuid());
1055
1056 if (pw)
1057 strlcpy(cc->user, pw->pw_name, sizeof(cc->user));
1058 else
1059 #endif /* WIN32 */
1060 {
1061 /*
1062 * Use the default "unknown" user name...
1063 */
1064
1065 strlcpy(cc->user, "unknown", sizeof(cc->user));
1066 }
1067 }
1068
1069 if (cc->validate_certs < 0)
1070 cc->validate_certs = 0;
1071 }
1072
1073
1074 /*
1075 * 'cups_init_client_conf()' - Initialize client.conf values.
1076 */
1077
1078 static void
1079 cups_init_client_conf(
1080 _cups_client_conf_t *cc) /* I - client.conf values */
1081 {
1082 /*
1083 * Clear all values to "not set"...
1084 */
1085
1086 memset(cc, 0, sizeof(_cups_client_conf_t));
1087
1088 cc->encryption = (http_encryption_t)-1;
1089 cc->any_root = -1;
1090 cc->expired_certs = -1;
1091 cc->validate_certs = -1;
1092 }
1093
1094
1095 /*
1096 * 'cups_read_client_conf()' - Read a client.conf file.
1097 */
1098
1099 static void
1100 cups_read_client_conf(
1101 cups_file_t *fp, /* I - File to read */
1102 _cups_client_conf_t *cc) /* I - client.conf values */
1103 {
1104 int linenum; /* Current line number */
1105 char line[1024], /* Line from file */
1106 *value; /* Pointer into line */
1107
1108
1109 /*
1110 * Read from the file...
1111 */
1112
1113 linenum = 0;
1114 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
1115 {
1116 if (!_cups_strcasecmp(line, "Encryption") && value)
1117 cups_set_encryption(cc, value);
1118 #ifndef __APPLE__
1119 /*
1120 * The ServerName directive is not supported on OS X due to app
1121 * sandboxing restrictions, i.e. not all apps request network access.
1122 */
1123 else if (!_cups_strcasecmp(line, "ServerName") && value)
1124 cups_set_server_name(cc, value);
1125 #endif /* !__APPLE__ */
1126 else if (!_cups_strcasecmp(line, "User") && value)
1127 cups_set_user(cc, value);
1128 else if (!_cups_strcasecmp(line, "AllowAnyRoot") && value)
1129 cc->any_root = cups_boolean_value(value);
1130 else if (!_cups_strcasecmp(line, "AllowExpiredCerts") &&
1131 value)
1132 cc->expired_certs = cups_boolean_value(value);
1133 else if (!_cups_strcasecmp(line, "ValidateCerts") && value)
1134 cc->validate_certs = cups_boolean_value(value);
1135 #ifdef HAVE_GSSAPI
1136 else if (!_cups_strcasecmp(line, "GSSServiceName") && value)
1137 cups_set_gss_service_name(cc, value);
1138 #endif /* HAVE_GSSAPI */
1139 #ifdef HAVE_SSL
1140 else if (!_cups_strcasecmp(line, "SSLOptions") && value)
1141 cups_set_ssl_options(cc, value);
1142 #endif /* HAVE_SSL */
1143 }
1144 }
1145
1146
1147 /*
1148 * 'cups_set_default_ipp_port()' - Set the default IPP port value.
1149 */
1150
1151 static void
1152 cups_set_default_ipp_port(
1153 _cups_globals_t *cg) /* I - Global data */
1154 {
1155 const char *ipp_port; /* IPP_PORT environment variable */
1156
1157
1158 if ((ipp_port = getenv("IPP_PORT")) != NULL)
1159 {
1160 if ((cg->ipp_port = atoi(ipp_port)) <= 0)
1161 cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
1162 }
1163 else
1164 cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
1165 }
1166
1167 /*
1168 * 'cups_set_encryption()' - Set the Encryption value.
1169 */
1170
1171 static void
1172 cups_set_encryption(
1173 _cups_client_conf_t *cc, /* I - client.conf values */
1174 const char *value) /* I - Value */
1175 {
1176 if (!_cups_strcasecmp(value, "never"))
1177 cc->encryption = HTTP_ENCRYPTION_NEVER;
1178 else if (!_cups_strcasecmp(value, "always"))
1179 cc->encryption = HTTP_ENCRYPTION_ALWAYS;
1180 else if (!_cups_strcasecmp(value, "required"))
1181 cc->encryption = HTTP_ENCRYPTION_REQUIRED;
1182 else
1183 cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED;
1184 }
1185
1186
1187 /*
1188 * 'cups_set_gss_service_name()' - Set the GSSServiceName value.
1189 */
1190
1191 #ifdef HAVE_GSSAPI
1192 static void
1193 cups_set_gss_service_name(
1194 _cups_client_conf_t *cc, /* I - client.conf values */
1195 const char *value) /* I - Value */
1196 {
1197 strlcpy(cc->gss_service_name, value, sizeof(cc->gss_service_name));
1198 }
1199 #endif /* HAVE_GSSAPI */
1200
1201
1202 /*
1203 * 'cups_set_server_name()' - Set the ServerName value.
1204 */
1205
1206 static void
1207 cups_set_server_name(
1208 _cups_client_conf_t *cc, /* I - client.conf values */
1209 const char *value) /* I - Value */
1210 {
1211 strlcpy(cc->server_name, value, sizeof(cc->server_name));
1212 }
1213
1214
1215 /*
1216 * 'cups_set_ssl_options()' - Set the SSLOptions value.
1217 */
1218
1219 #ifdef HAVE_SSL
1220 static void
1221 cups_set_ssl_options(
1222 _cups_client_conf_t *cc, /* I - client.conf values */
1223 const char *value) /* I - Value */
1224 {
1225 /*
1226 * SSLOptions [AllowRC4] [AllowSSL3] [AllowDH] [DenyTLS1.0] [None]
1227 */
1228
1229 int options = _HTTP_TLS_NONE; /* SSL/TLS options */
1230 char temp[256], /* Copy of value */
1231 *start, /* Start of option */
1232 *end; /* End of option */
1233
1234
1235 strlcpy(temp, value, sizeof(temp));
1236
1237 for (start = temp; *start; start = end)
1238 {
1239 /*
1240 * Find end of keyword...
1241 */
1242
1243 end = start;
1244 while (*end && !_cups_isspace(*end))
1245 end ++;
1246
1247 if (*end)
1248 *end++ = '\0';
1249
1250 /*
1251 * Compare...
1252 */
1253
1254 if (!_cups_strcasecmp(start, "AllowRC4"))
1255 options |= _HTTP_TLS_ALLOW_RC4;
1256 else if (!_cups_strcasecmp(start, "AllowSSL3"))
1257 options |= _HTTP_TLS_ALLOW_SSL3;
1258 else if (!_cups_strcasecmp(start, "AllowDH"))
1259 options |= _HTTP_TLS_ALLOW_DH;
1260 else if (!_cups_strcasecmp(start, "DenyTLS1.0"))
1261 options |= _HTTP_TLS_DENY_TLS10;
1262 else if (!_cups_strcasecmp(start, "None"))
1263 options = _HTTP_TLS_NONE;
1264 }
1265
1266 cc->ssl_options = options;
1267
1268 DEBUG_printf(("4cups_set_ssl_options(cc=%p, value=\"%s\") options=%x", (void *)cc, value, options));
1269 }
1270 #endif /* HAVE_SSL */
1271
1272
1273 /*
1274 * 'cups_set_user()' - Set the User value.
1275 */
1276
1277 static void
1278 cups_set_user(
1279 _cups_client_conf_t *cc, /* I - client.conf values */
1280 const char *value) /* I - Value */
1281 {
1282 strlcpy(cc->user, value, sizeof(cc->user));
1283 }
1284
1285
1286 /*
1287 * End of "$Id$".
1288 */
Unnamed repository; edit this file 'description' to name the repository.