]> git.ipfire.org Git - thirdparty/cups.git/blob - cups/usersys.c
projects / thirdparty / cups.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Move debug printfs to internal usage only.
[thirdparty/cups.git] / cups / usersys.c
1 /*
2 * User, system, and password routines for CUPS.
3 *
4 * Copyright 2007-2017 by Apple Inc.
5 * Copyright 1997-2006 by Easy Software Products.
6 *
7 * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
8 */
9
10 /*
11 * Include necessary headers...
12 */
13
14 #include "cups-private.h"
15 #include "debug-internal.h"
16 #include <stdlib.h>
17 #include <sys/stat.h>
18 #ifdef _WIN32
19 # include <windows.h>
20 #else
21 # include <pwd.h>
22 # include <termios.h>
23 # include <sys/utsname.h>
24 #endif /* _WIN32 */
25
26
27 /*
28 * Local constants...
29 */
30
31 #ifdef __APPLE__
32 # define kCUPSPrintingPrefs CFSTR("org.cups.PrintingPrefs")
33 # define kAllowAnyRootKey CFSTR("AllowAnyRoot")
34 # define kAllowExpiredCertsKey CFSTR("AllowExpiredCerts")
35 # define kEncryptionKey CFSTR("Encryption")
36 # define kGSSServiceNameKey CFSTR("GSSServiceName")
37 # define kSSLOptionsKey CFSTR("SSLOptions")
38 # define kTrustOnFirstUseKey CFSTR("TrustOnFirstUse")
39 # define kValidateCertsKey CFSTR("ValidateCerts")
40 #endif /* __APPLE__ */
41
42 #define _CUPS_PASSCHAR '*' /* Character that is echoed for password */
43
44
45 /*
46 * Local types...
47 */
48
49 typedef struct _cups_client_conf_s /**** client.conf config data ****/
50 {
51 #ifdef HAVE_SSL
52 int ssl_options, /* SSLOptions values */
53 ssl_min_version,/* Minimum SSL/TLS version */
54 ssl_max_version;/* Maximum SSL/TLS version */
55 #endif /* HAVE_SSL */
56 int trust_first, /* Trust on first use? */
57 any_root, /* Allow any (e.g., self-signed) root */
58 expired_certs, /* Allow expired certs */
59 validate_certs; /* Validate certificates */
60 http_encryption_t encryption; /* Encryption setting */
61 char user[65], /* User name */
62 server_name[256];
63 /* Server hostname */
64 #ifdef HAVE_GSSAPI
65 char gss_service_name[32];
66 /* Kerberos service name */
67 #endif /* HAVE_GSSAPI */
68 } _cups_client_conf_t;
69
70
71 /*
72 * Local functions...
73 */
74
75 #ifdef __APPLE__
76 static int cups_apple_get_boolean(CFStringRef key, int *value);
77 static int cups_apple_get_string(CFStringRef key, char *value, size_t valsize);
78 #endif /* __APPLE__ */
79 static int cups_boolean_value(const char *value);
80 static void cups_finalize_client_conf(_cups_client_conf_t *cc);
81 static void cups_init_client_conf(_cups_client_conf_t *cc);
82 static void cups_read_client_conf(cups_file_t *fp, _cups_client_conf_t *cc);
83 static void cups_set_default_ipp_port(_cups_globals_t *cg);
84 static void cups_set_encryption(_cups_client_conf_t *cc, const char *value);
85 #ifdef HAVE_GSSAPI
86 static void cups_set_gss_service_name(_cups_client_conf_t *cc, const char *value);
87 #endif /* HAVE_GSSAPI */
88 static void cups_set_server_name(_cups_client_conf_t *cc, const char *value);
89 #ifdef HAVE_SSL
90 static void cups_set_ssl_options(_cups_client_conf_t *cc, const char *value);
91 #endif /* HAVE_SSL */
92 static void cups_set_user(_cups_client_conf_t *cc, const char *value);
93
94
95 /*
96 * 'cupsEncryption()' - Get the current encryption settings.
97 *
98 * The default encryption setting comes from the CUPS_ENCRYPTION
99 * environment variable, then the ~/.cups/client.conf file, and finally the
100 * /etc/cups/client.conf file. If not set, the default is
101 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
102 *
103 * Note: The current encryption setting is tracked separately for each thread
104 * in a program. Multi-threaded programs that override the setting via the
105 * @link cupsSetEncryption@ function need to do so in each thread for the same
106 * setting to be used.
107 */
108
109 http_encryption_t /* O - Encryption settings */
110 cupsEncryption(void)
111 {
112 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
113
114
115 if (cg->encryption == (http_encryption_t)-1)
116 _cupsSetDefaults();
117
118 return (cg->encryption);
119 }
120
121
122 /*
123 * 'cupsGetPassword()' - Get a password from the user.
124 *
125 * Uses the current password callback function. Returns @code NULL@ if the
126 * user does not provide a password.
127 *
128 * Note: The current password callback function is tracked separately for each
129 * thread in a program. Multi-threaded programs that override the setting via
130 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
131 * do so in each thread for the same function to be used.
132 *
133 * @exclude all@
134 */
135
136 const char * /* O - Password */
137 cupsGetPassword(const char *prompt) /* I - Prompt string */
138 {
139 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
140
141
142 return ((cg->password_cb)(prompt, NULL, NULL, NULL, cg->password_data));
143 }
144
145
146 /*
147 * 'cupsGetPassword2()' - Get a password from the user using the current
148 * password callback.
149 *
150 * Uses the current password callback function. Returns @code NULL@ if the
151 * user does not provide a password.
152 *
153 * Note: The current password callback function is tracked separately for each
154 * thread in a program. Multi-threaded programs that override the setting via
155 * the @link cupsSetPasswordCB2@ function need to do so in each thread for the
156 * same function to be used.
157 *
158 * @since CUPS 1.4/macOS 10.6@
159 */
160
161 const char * /* O - Password */
162 cupsGetPassword2(const char *prompt, /* I - Prompt string */
163 http_t *http, /* I - Connection to server or @code CUPS_HTTP_DEFAULT@ */
164 const char *method, /* I - Request method ("GET", "POST", "PUT") */
165 const char *resource) /* I - Resource path */
166 {
167 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
168
169
170 if (!http)
171 http = _cupsConnect();
172
173 return ((cg->password_cb)(prompt, http, method, resource, cg->password_data));
174 }
175
176
177 /*
178 * 'cupsServer()' - Return the hostname/address of the current server.
179 *
180 * The default server comes from the CUPS_SERVER environment variable, then the
181 * ~/.cups/client.conf file, and finally the /etc/cups/client.conf file. If not
182 * set, the default is the local system - either "localhost" or a domain socket
183 * path.
184 *
185 * The returned value can be a fully-qualified hostname, a numeric IPv4 or IPv6
186 * address, or a domain socket pathname.
187 *
188 * Note: The current server is tracked separately for each thread in a program.
189 * Multi-threaded programs that override the server via the
190 * @link cupsSetServer@ function need to do so in each thread for the same
191 * server to be used.
192 */
193
194 const char * /* O - Server name */
195 cupsServer(void)
196 {
197 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
198
199
200 if (!cg->server[0])
201 _cupsSetDefaults();
202
203 return (cg->server);
204 }
205
206
207 /*
208 * 'cupsSetClientCertCB()' - Set the client certificate callback.
209 *
210 * Pass @code NULL@ to restore the default callback.
211 *
212 * Note: The current certificate callback is tracked separately for each thread
213 * in a program. Multi-threaded programs that override the callback need to do
214 * so in each thread for the same callback to be used.
215 *
216 * @since CUPS 1.5/macOS 10.7@
217 */
218
219 void
220 cupsSetClientCertCB(
221 cups_client_cert_cb_t cb, /* I - Callback function */
222 void *user_data) /* I - User data pointer */
223 {
224 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
225
226
227 cg->client_cert_cb = cb;
228 cg->client_cert_data = user_data;
229 }
230
231
232 /*
233 * 'cupsSetCredentials()' - Set the default credentials to be used for SSL/TLS
234 * connections.
235 *
236 * Note: The default credentials are tracked separately for each thread in a
237 * program. Multi-threaded programs that override the setting need to do so in
238 * each thread for the same setting to be used.
239 *
240 * @since CUPS 1.5/macOS 10.7@
241 */
242
243 int /* O - Status of call (0 = success) */
244 cupsSetCredentials(
245 cups_array_t *credentials) /* I - Array of credentials */
246 {
247 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
248
249
250 if (cupsArrayCount(credentials) < 1)
251 return (-1);
252
253 #ifdef HAVE_SSL
254 _httpFreeCredentials(cg->tls_credentials);
255 cg->tls_credentials = _httpCreateCredentials(credentials);
256 #endif /* HAVE_SSL */
257
258 return (cg->tls_credentials ? 0 : -1);
259 }
260
261
262 /*
263 * 'cupsSetEncryption()' - Set the encryption preference.
264 *
265 * The default encryption setting comes from the CUPS_ENCRYPTION
266 * environment variable, then the ~/.cups/client.conf file, and finally the
267 * /etc/cups/client.conf file. If not set, the default is
268 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
269 *
270 * Note: The current encryption setting is tracked separately for each thread
271 * in a program. Multi-threaded programs that override the setting need to do
272 * so in each thread for the same setting to be used.
273 */
274
275 void
276 cupsSetEncryption(http_encryption_t e) /* I - New encryption preference */
277 {
278 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
279
280
281 cg->encryption = e;
282
283 if (cg->http)
284 httpEncryption(cg->http, e);
285 }
286
287
288 /*
289 * 'cupsSetPasswordCB()' - Set the password callback for CUPS.
290 *
291 * Pass @code NULL@ to restore the default (console) password callback, which
292 * reads the password from the console. Programs should call either this
293 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
294 * by a program per thread.
295 *
296 * Note: The current password callback is tracked separately for each thread
297 * in a program. Multi-threaded programs that override the callback need to do
298 * so in each thread for the same callback to be used.
299 *
300 * @exclude all@
301 */
302
303 void
304 cupsSetPasswordCB(cups_password_cb_t cb)/* I - Callback function */
305 {
306 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
307
308
309 if (cb == (cups_password_cb_t)0)
310 cg->password_cb = (cups_password_cb2_t)_cupsGetPassword;
311 else
312 cg->password_cb = (cups_password_cb2_t)cb;
313
314 cg->password_data = NULL;
315 }
316
317
318 /*
319 * 'cupsSetPasswordCB2()' - Set the advanced password callback for CUPS.
320 *
321 * Pass @code NULL@ to restore the default (console) password callback, which
322 * reads the password from the console. Programs should call either this
323 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
324 * by a program per thread.
325 *
326 * Note: The current password callback is tracked separately for each thread
327 * in a program. Multi-threaded programs that override the callback need to do
328 * so in each thread for the same callback to be used.
329 *
330 * @since CUPS 1.4/macOS 10.6@
331 */
332
333 void
334 cupsSetPasswordCB2(
335 cups_password_cb2_t cb, /* I - Callback function */
336 void *user_data) /* I - User data pointer */
337 {
338 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
339
340
341 if (cb == (cups_password_cb2_t)0)
342 cg->password_cb = (cups_password_cb2_t)_cupsGetPassword;
343 else
344 cg->password_cb = cb;
345
346 cg->password_data = user_data;
347 }
348
349
350 /*
351 * 'cupsSetServer()' - Set the default server name and port.
352 *
353 * The "server" string can be a fully-qualified hostname, a numeric
354 * IPv4 or IPv6 address, or a domain socket pathname. Hostnames and numeric IP
355 * addresses can be optionally followed by a colon and port number to override
356 * the default port 631, e.g. "hostname:8631". Pass @code NULL@ to restore the
357 * default server name and port.
358 *
359 * Note: The current server is tracked separately for each thread in a program.
360 * Multi-threaded programs that override the server need to do so in each
361 * thread for the same server to be used.
362 */
363
364 void
365 cupsSetServer(const char *server) /* I - Server name */
366 {
367 char *options, /* Options */
368 *port; /* Pointer to port */
369 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
370
371
372 if (server)
373 {
374 strlcpy(cg->server, server, sizeof(cg->server));
375
376 if (cg->server[0] != '/' && (options = strrchr(cg->server, '/')) != NULL)
377 {
378 *options++ = '\0';
379
380 if (!strcmp(options, "version=1.0"))
381 cg->server_version = 10;
382 else if (!strcmp(options, "version=1.1"))
383 cg->server_version = 11;
384 else if (!strcmp(options, "version=2.0"))
385 cg->server_version = 20;
386 else if (!strcmp(options, "version=2.1"))
387 cg->server_version = 21;
388 else if (!strcmp(options, "version=2.2"))
389 cg->server_version = 22;
390 }
391 else
392 cg->server_version = 20;
393
394 if (cg->server[0] != '/' && (port = strrchr(cg->server, ':')) != NULL &&
395 !strchr(port, ']') && isdigit(port[1] & 255))
396 {
397 *port++ = '\0';
398
399 cg->ipp_port = atoi(port);
400 }
401
402 if (!cg->ipp_port)
403 cups_set_default_ipp_port(cg);
404
405 if (cg->server[0] == '/')
406 strlcpy(cg->servername, "localhost", sizeof(cg->servername));
407 else
408 strlcpy(cg->servername, cg->server, sizeof(cg->servername));
409 }
410 else
411 {
412 cg->server[0] = '\0';
413 cg->servername[0] = '\0';
414 cg->server_version = 20;
415 cg->ipp_port = 0;
416 }
417
418 if (cg->http)
419 {
420 httpClose(cg->http);
421 cg->http = NULL;
422 }
423 }
424
425
426 /*
427 * 'cupsSetServerCertCB()' - Set the server certificate callback.
428 *
429 * Pass @code NULL@ to restore the default callback.
430 *
431 * Note: The current credentials callback is tracked separately for each thread
432 * in a program. Multi-threaded programs that override the callback need to do
433 * so in each thread for the same callback to be used.
434 *
435 * @since CUPS 1.5/macOS 10.7@
436 */
437
438 void
439 cupsSetServerCertCB(
440 cups_server_cert_cb_t cb, /* I - Callback function */
441 void *user_data) /* I - User data pointer */
442 {
443 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
444
445
446 cg->server_cert_cb = cb;
447 cg->server_cert_data = user_data;
448 }
449
450
451 /*
452 * 'cupsSetUser()' - Set the default user name.
453 *
454 * Pass @code NULL@ to restore the default user name.
455 *
456 * Note: The current user name is tracked separately for each thread in a
457 * program. Multi-threaded programs that override the user name need to do so
458 * in each thread for the same user name to be used.
459 */
460
461 void
462 cupsSetUser(const char *user) /* I - User name */
463 {
464 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
465
466
467 if (user)
468 strlcpy(cg->user, user, sizeof(cg->user));
469 else
470 cg->user[0] = '\0';
471 }
472
473
474 /*
475 * 'cupsSetUserAgent()' - Set the default HTTP User-Agent string.
476 *
477 * Setting the string to NULL forces the default value containing the CUPS
478 * version, IPP version, and operating system version and architecture.
479 *
480 * @since CUPS 1.7/macOS 10.9@
481 */
482
483 void
484 cupsSetUserAgent(const char *user_agent)/* I - User-Agent string or @code NULL@ */
485 {
486 _cups_globals_t *cg = _cupsGlobals();
487 /* Thread globals */
488 #ifdef _WIN32
489 SYSTEM_INFO sysinfo; /* System information */
490 OSVERSIONINFOA version; /* OS version info */
491 #else
492 struct utsname name; /* uname info */
493 #endif /* _WIN32 */
494
495
496 if (user_agent)
497 {
498 strlcpy(cg->user_agent, user_agent, sizeof(cg->user_agent));
499 return;
500 }
501
502 #ifdef _WIN32
503 version.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
504 GetVersionExA(&version);
505 GetNativeSystemInfo(&sysinfo);
506
507 snprintf(cg->user_agent, sizeof(cg->user_agent),
508 CUPS_MINIMAL " (Windows %d.%d; %s) IPP/2.0",
509 version.dwMajorVersion, version.dwMinorVersion,
510 sysinfo.wProcessorArchitecture
511 == PROCESSOR_ARCHITECTURE_AMD64 ? "amd64" :
512 sysinfo.wProcessorArchitecture
513 == PROCESSOR_ARCHITECTURE_ARM ? "arm" :
514 sysinfo.wProcessorArchitecture
515 == PROCESSOR_ARCHITECTURE_IA64 ? "ia64" :
516 sysinfo.wProcessorArchitecture
517 == PROCESSOR_ARCHITECTURE_INTEL ? "intel" :
518 "unknown");
519
520 #else
521 uname(&name);
522
523 snprintf(cg->user_agent, sizeof(cg->user_agent),
524 CUPS_MINIMAL " (%s %s; %s) IPP/2.0",
525 name.sysname, name.release, name.machine);
526 #endif /* _WIN32 */
527 }
528
529
530 /*
531 * 'cupsUser()' - Return the current user's name.
532 *
533 * Note: The current user name is tracked separately for each thread in a
534 * program. Multi-threaded programs that override the user name with the
535 * @link cupsSetUser@ function need to do so in each thread for the same user
536 * name to be used.
537 */
538
539 const char * /* O - User name */
540 cupsUser(void)
541 {
542 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
543
544
545 if (!cg->user[0])
546 _cupsSetDefaults();
547
548 return (cg->user);
549 }
550
551
552 /*
553 * 'cupsUserAgent()' - Return the default HTTP User-Agent string.
554 *
555 * @since CUPS 1.7/macOS 10.9@
556 */
557
558 const char * /* O - User-Agent string */
559 cupsUserAgent(void)
560 {
561 _cups_globals_t *cg = _cupsGlobals(); /* Thread globals */
562
563
564 if (!cg->user_agent[0])
565 cupsSetUserAgent(NULL);
566
567 return (cg->user_agent);
568 }
569
570
571 /*
572 * '_cupsGetPassword()' - Get a password from the user.
573 */
574
575 const char * /* O - Password or @code NULL@ if none */
576 _cupsGetPassword(const char *prompt) /* I - Prompt string */
577 {
578 #ifdef _WIN32
579 HANDLE tty; /* Console handle */
580 DWORD mode; /* Console mode */
581 char passch, /* Current key press */
582 *passptr, /* Pointer into password string */
583 *passend; /* End of password string */
584 DWORD passbytes; /* Bytes read */
585 _cups_globals_t *cg = _cupsGlobals();
586 /* Thread globals */
587
588
589 /*
590 * Disable input echo and set raw input...
591 */
592
593 if ((tty = GetStdHandle(STD_INPUT_HANDLE)) == INVALID_HANDLE_VALUE)
594 return (NULL);
595
596 if (!GetConsoleMode(tty, &mode))
597 return (NULL);
598
599 if (!SetConsoleMode(tty, 0))
600 return (NULL);
601
602 /*
603 * Display the prompt...
604 */
605
606 printf("%s ", prompt);
607 fflush(stdout);
608
609 /*
610 * Read the password string from /dev/tty until we get interrupted or get a
611 * carriage return or newline...
612 */
613
614 passptr = cg->password;
615 passend = cg->password + sizeof(cg->password) - 1;
616
617 while (ReadFile(tty, &passch, 1, &passbytes, NULL))
618 {
619 if (passch == 0x0A || passch == 0x0D)
620 {
621 /*
622 * Enter/return...
623 */
624
625 break;
626 }
627 else if (passch == 0x08 || passch == 0x7F)
628 {
629 /*
630 * Backspace/delete (erase character)...
631 */
632
633 if (passptr > cg->password)
634 {
635 passptr --;
636 fputs("\010 \010", stdout);
637 }
638 else
639 putchar(0x07);
640 }
641 else if (passch == 0x15)
642 {
643 /*
644 * CTRL+U (erase line)
645 */
646
647 if (passptr > cg->password)
648 {
649 while (passptr > cg->password)
650 {
651 passptr --;
652 fputs("\010 \010", stdout);
653 }
654 }
655 else
656 putchar(0x07);
657 }
658 else if (passch == 0x03)
659 {
660 /*
661 * CTRL+C...
662 */
663
664 passptr = cg->password;
665 break;
666 }
667 else if ((passch & 255) < 0x20 || passptr >= passend)
668 putchar(0x07);
669 else
670 {
671 *passptr++ = passch;
672 putchar(_CUPS_PASSCHAR);
673 }
674
675 fflush(stdout);
676 }
677
678 putchar('\n');
679 fflush(stdout);
680
681 /*
682 * Cleanup...
683 */
684
685 SetConsoleMode(tty, mode);
686
687 /*
688 * Return the proper value...
689 */
690
691 if (passbytes == 1 && passptr > cg->password)
692 {
693 *passptr = '\0';
694 return (cg->password);
695 }
696 else
697 {
698 memset(cg->password, 0, sizeof(cg->password));
699 return (NULL);
700 }
701
702 #else
703 int tty; /* /dev/tty - never read from stdin */
704 struct termios original, /* Original input mode */
705 noecho; /* No echo input mode */
706 char passch, /* Current key press */
707 *passptr, /* Pointer into password string */
708 *passend; /* End of password string */
709 ssize_t passbytes; /* Bytes read */
710 _cups_globals_t *cg = _cupsGlobals();
711 /* Thread globals */
712
713
714 /*
715 * Disable input echo and set raw input...
716 */
717
718 if ((tty = open("/dev/tty", O_RDONLY)) < 0)
719 return (NULL);
720
721 if (tcgetattr(tty, &original))
722 {
723 close(tty);
724 return (NULL);
725 }
726
727 noecho = original;
728 noecho.c_lflag &= (tcflag_t)~(ICANON | ECHO | ECHOE | ISIG);
729 noecho.c_cc[VMIN] = 1;
730 noecho.c_cc[VTIME] = 0;
731
732 if (tcsetattr(tty, TCSAFLUSH, &noecho))
733 {
734 close(tty);
735 return (NULL);
736 }
737
738 /*
739 * Display the prompt...
740 */
741
742 printf("%s ", prompt);
743 fflush(stdout);
744
745 /*
746 * Read the password string from /dev/tty until we get interrupted or get a
747 * carriage return or newline...
748 */
749
750 passptr = cg->password;
751 passend = cg->password + sizeof(cg->password) - 1;
752
753 while ((passbytes = read(tty, &passch, 1)) == 1)
754 {
755 if (passch == noecho.c_cc[VEOL] ||
756 # ifdef VEOL2
757 passch == noecho.c_cc[VEOL2] ||
758 # endif /* VEOL2 */
759 passch == 0x0A || passch == 0x0D)
760 {
761 /*
762 * Enter/return...
763 */
764
765 break;
766 }
767 else if (passch == noecho.c_cc[VERASE] ||
768 passch == 0x08 || passch == 0x7F)
769 {
770 /*
771 * Backspace/delete (erase character)...
772 */
773
774 if (passptr > cg->password)
775 {
776 passptr --;
777 fputs("\010 \010", stdout);
778 }
779 else
780 putchar(0x07);
781 }
782 else if (passch == noecho.c_cc[VKILL])
783 {
784 /*
785 * CTRL+U (erase line)
786 */
787
788 if (passptr > cg->password)
789 {
790 while (passptr > cg->password)
791 {
792 passptr --;
793 fputs("\010 \010", stdout);
794 }
795 }
796 else
797 putchar(0x07);
798 }
799 else if (passch == noecho.c_cc[VINTR] || passch == noecho.c_cc[VQUIT] ||
800 passch == noecho.c_cc[VEOF])
801 {
802 /*
803 * CTRL+C, CTRL+D, or CTRL+Z...
804 */
805
806 passptr = cg->password;
807 break;
808 }
809 else if ((passch & 255) < 0x20 || passptr >= passend)
810 putchar(0x07);
811 else
812 {
813 *passptr++ = passch;
814 putchar(_CUPS_PASSCHAR);
815 }
816
817 fflush(stdout);
818 }
819
820 putchar('\n');
821 fflush(stdout);
822
823 /*
824 * Cleanup...
825 */
826
827 tcsetattr(tty, TCSAFLUSH, &original);
828 close(tty);
829
830 /*
831 * Return the proper value...
832 */
833
834 if (passbytes == 1 && passptr > cg->password)
835 {
836 *passptr = '\0';
837 return (cg->password);
838 }
839 else
840 {
841 memset(cg->password, 0, sizeof(cg->password));
842 return (NULL);
843 }
844 #endif /* _WIN32 */
845 }
846
847
848 #ifdef HAVE_GSSAPI
849 /*
850 * '_cupsGSSServiceName()' - Get the GSS (Kerberos) service name.
851 */
852
853 const char *
854 _cupsGSSServiceName(void)
855 {
856 _cups_globals_t *cg = _cupsGlobals(); /* Thread globals */
857
858
859 if (!cg->gss_service_name[0])
860 _cupsSetDefaults();
861
862 return (cg->gss_service_name);
863 }
864 #endif /* HAVE_GSSAPI */
865
866
867 /*
868 * '_cupsSetDefaults()' - Set the default server, port, and encryption.
869 */
870
871 void
872 _cupsSetDefaults(void)
873 {
874 cups_file_t *fp; /* File */
875 const char *home; /* Home directory of user */
876 char filename[1024]; /* Filename */
877 _cups_client_conf_t cc; /* client.conf values */
878 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
879
880
881 DEBUG_puts("_cupsSetDefaults()");
882
883 /*
884 * Load initial client.conf values...
885 */
886
887 cups_init_client_conf(&cc);
888
889 /*
890 * Read the /etc/cups/client.conf and ~/.cups/client.conf files, if
891 * present.
892 */
893
894 snprintf(filename, sizeof(filename), "%s/client.conf", cg->cups_serverroot);
895 if ((fp = cupsFileOpen(filename, "r")) != NULL)
896 {
897 cups_read_client_conf(fp, &cc);
898 cupsFileClose(fp);
899 }
900
901 # ifdef HAVE_GETEUID
902 if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home = getenv("HOME")) != NULL)
903 # elif !defined(_WIN32)
904 if (getuid() && (home = getenv("HOME")) != NULL)
905 # else
906 if ((home = getenv("HOME")) != NULL)
907 # endif /* HAVE_GETEUID */
908 {
909 /*
910 * Look for ~/.cups/client.conf...
911 */
912
913 snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home);
914 if ((fp = cupsFileOpen(filename, "r")) != NULL)
915 {
916 cups_read_client_conf(fp, &cc);
917 cupsFileClose(fp);
918 }
919 }
920
921 /*
922 * Finalize things so every client.conf value is set...
923 */
924
925 cups_finalize_client_conf(&cc);
926
927 if (cg->encryption == (http_encryption_t)-1)
928 cg->encryption = cc.encryption;
929
930 if (!cg->server[0] || !cg->ipp_port)
931 cupsSetServer(cc.server_name);
932
933 if (!cg->ipp_port)
934 cups_set_default_ipp_port(cg);
935
936 if (!cg->user[0])
937 strlcpy(cg->user, cc.user, sizeof(cg->user));
938
939 #ifdef HAVE_GSSAPI
940 if (!cg->gss_service_name[0])
941 strlcpy(cg->gss_service_name, cc.gss_service_name, sizeof(cg->gss_service_name));
942 #endif /* HAVE_GSSAPI */
943
944 if (cg->trust_first < 0)
945 cg->trust_first = cc.trust_first;
946
947 if (cg->any_root < 0)
948 cg->any_root = cc.any_root;
949
950 if (cg->expired_certs < 0)
951 cg->expired_certs = cc.expired_certs;
952
953 if (cg->validate_certs < 0)
954 cg->validate_certs = cc.validate_certs;
955
956 #ifdef HAVE_SSL
957 _httpTLSSetOptions(cc.ssl_options | _HTTP_TLS_SET_DEFAULT, cc.ssl_min_version, cc.ssl_max_version);
958 #endif /* HAVE_SSL */
959 }
960
961
962 #ifdef __APPLE__
963 /*
964 * 'cups_apple_get_boolean()' - Get a boolean setting from the CUPS preferences.
965 */
966
967 static int /* O - 1 if set, 0 otherwise */
968 cups_apple_get_boolean(
969 CFStringRef key, /* I - Key (name) */
970 int *value) /* O - Boolean value */
971 {
972 Boolean bval, /* Preference value */
973 bval_set; /* Value is set? */
974
975
976 bval = CFPreferencesGetAppBooleanValue(key, kCUPSPrintingPrefs, &bval_set);
977
978 if (bval_set)
979 *value = (int)bval;
980
981 return ((int)bval_set);
982 }
983
984
985 /*
986 * 'cups_apple_get_string()' - Get a string setting from the CUPS preferences.
987 */
988
989 static int /* O - 1 if set, 0 otherwise */
990 cups_apple_get_string(
991 CFStringRef key, /* I - Key (name) */
992 char *value, /* O - String value */
993 size_t valsize) /* I - Size of value buffer */
994 {
995 CFStringRef sval; /* String value */
996
997
998 if ((sval = CFPreferencesCopyAppValue(key, kCUPSPrintingPrefs)) != NULL)
999 {
1000 Boolean result = CFStringGetCString(sval, value, (CFIndex)valsize, kCFStringEncodingUTF8);
1001
1002 CFRelease(sval);
1003
1004 if (result)
1005 return (1);
1006 }
1007
1008 return (0);
1009 }
1010 #endif /* __APPLE__ */
1011
1012
1013 /*
1014 * 'cups_boolean_value()' - Convert a string to a boolean value.
1015 */
1016
1017 static int /* O - Boolean value */
1018 cups_boolean_value(const char *value) /* I - String value */
1019 {
1020 return (!_cups_strcasecmp(value, "yes") || !_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "true"));
1021 }
1022
1023
1024 /*
1025 * 'cups_finalize_client_conf()' - Finalize client.conf values.
1026 */
1027
1028 static void
1029 cups_finalize_client_conf(
1030 _cups_client_conf_t *cc) /* I - client.conf values */
1031 {
1032 const char *value; /* Environment variable */
1033
1034
1035 if ((value = getenv("CUPS_TRUSTFIRST")) != NULL)
1036 cc->trust_first = cups_boolean_value(value);
1037
1038 if ((value = getenv("CUPS_ANYROOT")) != NULL)
1039 cc->any_root = cups_boolean_value(value);
1040
1041 if ((value = getenv("CUPS_ENCRYPTION")) != NULL)
1042 cups_set_encryption(cc, value);
1043
1044 if ((value = getenv("CUPS_EXPIREDCERTS")) != NULL)
1045 cc->expired_certs = cups_boolean_value(value);
1046
1047 #ifdef HAVE_GSSAPI
1048 if ((value = getenv("CUPS_GSSSERVICENAME")) != NULL)
1049 cups_set_gss_service_name(cc, value);
1050 #endif /* HAVE_GSSAPI */
1051
1052 if ((value = getenv("CUPS_SERVER")) != NULL)
1053 cups_set_server_name(cc, value);
1054
1055 if ((value = getenv("CUPS_USER")) != NULL)
1056 cups_set_user(cc, value);
1057
1058 if ((value = getenv("CUPS_VALIDATECERTS")) != NULL)
1059 cc->validate_certs = cups_boolean_value(value);
1060
1061 /*
1062 * Then apply defaults for those values that haven't been set...
1063 */
1064
1065 if (cc->trust_first < 0)
1066 cc->trust_first = 1;
1067
1068 if (cc->any_root < 0)
1069 cc->any_root = 1;
1070
1071 if (cc->encryption == (http_encryption_t)-1)
1072 cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED;
1073
1074 if (cc->expired_certs < 0)
1075 cc->expired_certs = 0;
1076
1077 #ifdef HAVE_GSSAPI
1078 if (!cc->gss_service_name[0])
1079 cups_set_gss_service_name(cc, CUPS_DEFAULT_GSSSERVICENAME);
1080 #endif /* HAVE_GSSAPI */
1081
1082 if (!cc->server_name[0])
1083 {
1084 #ifdef CUPS_DEFAULT_DOMAINSOCKET
1085 /*
1086 * If we are compiled with domain socket support, only use the
1087 * domain socket if it exists and has the right permissions...
1088 */
1089
1090 if (!access(CUPS_DEFAULT_DOMAINSOCKET, R_OK))
1091 cups_set_server_name(cc, CUPS_DEFAULT_DOMAINSOCKET);
1092 else
1093 #endif /* CUPS_DEFAULT_DOMAINSOCKET */
1094 cups_set_server_name(cc, "localhost");
1095 }
1096
1097 if (!cc->user[0])
1098 {
1099 #ifdef _WIN32
1100 /*
1101 * Get the current user name from the OS...
1102 */
1103
1104 DWORD size; /* Size of string */
1105
1106 size = sizeof(cc->user);
1107 if (!GetUserNameA(cc->user, &size))
1108 #else
1109 /*
1110 * Try the USER environment variable as the default username...
1111 */
1112
1113 const char *envuser = getenv("USER");
1114 /* Default username */
1115 struct passwd *pw = NULL; /* Account information */
1116
1117 if (envuser)
1118 {
1119 /*
1120 * Validate USER matches the current UID, otherwise don't allow it to
1121 * override things... This makes sure that printing after doing su
1122 * or sudo records the correct username.
1123 */
1124
1125 if ((pw = getpwnam(envuser)) != NULL && pw->pw_uid != getuid())
1126 pw = NULL;
1127 }
1128
1129 if (!pw)
1130 pw = getpwuid(getuid());
1131
1132 if (pw)
1133 strlcpy(cc->user, pw->pw_name, sizeof(cc->user));
1134 else
1135 #endif /* _WIN32 */
1136 {
1137 /*
1138 * Use the default "unknown" user name...
1139 */
1140
1141 strlcpy(cc->user, "unknown", sizeof(cc->user));
1142 }
1143 }
1144
1145 if (cc->validate_certs < 0)
1146 cc->validate_certs = 0;
1147 }
1148
1149
1150 /*
1151 * 'cups_init_client_conf()' - Initialize client.conf values.
1152 */
1153
1154 static void
1155 cups_init_client_conf(
1156 _cups_client_conf_t *cc) /* I - client.conf values */
1157 {
1158 /*
1159 * Clear all values to "not set"...
1160 */
1161
1162 memset(cc, 0, sizeof(_cups_client_conf_t));
1163
1164 #ifdef HAVE_SSL
1165 cc->ssl_min_version = _HTTP_TLS_1_0;
1166 cc->ssl_max_version = _HTTP_TLS_MAX;
1167 #endif /* HAVE_SSL */
1168 cc->encryption = (http_encryption_t)-1;
1169 cc->trust_first = -1;
1170 cc->any_root = -1;
1171 cc->expired_certs = -1;
1172 cc->validate_certs = -1;
1173
1174 /*
1175 * Load settings from the org.cups.PrintingPrefs plist (which trump
1176 * everything...)
1177 */
1178
1179 #if defined(__APPLE__) && defined(HAVE_SSL)
1180 char sval[1024]; /* String value */
1181 int bval; /* Boolean value */
1182
1183 if (cups_apple_get_boolean(kAllowAnyRootKey, &bval))
1184 cc->any_root = bval;
1185
1186 if (cups_apple_get_boolean(kAllowExpiredCertsKey, &bval))
1187 cc->expired_certs = bval;
1188
1189 if (cups_apple_get_string(kEncryptionKey, sval, sizeof(sval)))
1190 cups_set_encryption(cc, sval);
1191
1192 if (cups_apple_get_string(kSSLOptionsKey, sval, sizeof(sval)))
1193 cups_set_ssl_options(cc, sval);
1194
1195 if (cups_apple_get_boolean(kTrustOnFirstUseKey, &bval))
1196 cc->trust_first = bval;
1197
1198 if (cups_apple_get_boolean(kValidateCertsKey, &bval))
1199 cc->validate_certs = bval;
1200 #endif /* __APPLE__ && HAVE_SSL */
1201 }
1202
1203
1204 /*
1205 * 'cups_read_client_conf()' - Read a client.conf file.
1206 */
1207
1208 static void
1209 cups_read_client_conf(
1210 cups_file_t *fp, /* I - File to read */
1211 _cups_client_conf_t *cc) /* I - client.conf values */
1212 {
1213 int linenum; /* Current line number */
1214 char line[1024], /* Line from file */
1215 *value; /* Pointer into line */
1216
1217
1218 /*
1219 * Read from the file...
1220 */
1221
1222 linenum = 0;
1223 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
1224 {
1225 if (!_cups_strcasecmp(line, "Encryption") && value)
1226 cups_set_encryption(cc, value);
1227 #ifndef __APPLE__
1228 /*
1229 * The ServerName directive is not supported on macOS due to app
1230 * sandboxing restrictions, i.e. not all apps request network access.
1231 */
1232 else if (!_cups_strcasecmp(line, "ServerName") && value)
1233 cups_set_server_name(cc, value);
1234 #endif /* !__APPLE__ */
1235 else if (!_cups_strcasecmp(line, "User") && value)
1236 cups_set_user(cc, value);
1237 else if (!_cups_strcasecmp(line, "TrustOnFirstUse") && value)
1238 cc->trust_first = cups_boolean_value(value);
1239 else if (!_cups_strcasecmp(line, "AllowAnyRoot") && value)
1240 cc->any_root = cups_boolean_value(value);
1241 else if (!_cups_strcasecmp(line, "AllowExpiredCerts") &&
1242 value)
1243 cc->expired_certs = cups_boolean_value(value);
1244 else if (!_cups_strcasecmp(line, "ValidateCerts") && value)
1245 cc->validate_certs = cups_boolean_value(value);
1246 #ifdef HAVE_GSSAPI
1247 else if (!_cups_strcasecmp(line, "GSSServiceName") && value)
1248 cups_set_gss_service_name(cc, value);
1249 #endif /* HAVE_GSSAPI */
1250 #ifdef HAVE_SSL
1251 else if (!_cups_strcasecmp(line, "SSLOptions") && value)
1252 cups_set_ssl_options(cc, value);
1253 #endif /* HAVE_SSL */
1254 }
1255 }
1256
1257
1258 /*
1259 * 'cups_set_default_ipp_port()' - Set the default IPP port value.
1260 */
1261
1262 static void
1263 cups_set_default_ipp_port(
1264 _cups_globals_t *cg) /* I - Global data */
1265 {
1266 const char *ipp_port; /* IPP_PORT environment variable */
1267
1268
1269 if ((ipp_port = getenv("IPP_PORT")) != NULL)
1270 {
1271 if ((cg->ipp_port = atoi(ipp_port)) <= 0)
1272 cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
1273 }
1274 else
1275 cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
1276 }
1277
1278 /*
1279 * 'cups_set_encryption()' - Set the Encryption value.
1280 */
1281
1282 static void
1283 cups_set_encryption(
1284 _cups_client_conf_t *cc, /* I - client.conf values */
1285 const char *value) /* I - Value */
1286 {
1287 if (!_cups_strcasecmp(value, "never"))
1288 cc->encryption = HTTP_ENCRYPTION_NEVER;
1289 else if (!_cups_strcasecmp(value, "always"))
1290 cc->encryption = HTTP_ENCRYPTION_ALWAYS;
1291 else if (!_cups_strcasecmp(value, "required"))
1292 cc->encryption = HTTP_ENCRYPTION_REQUIRED;
1293 else
1294 cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED;
1295 }
1296
1297
1298 /*
1299 * 'cups_set_gss_service_name()' - Set the GSSServiceName value.
1300 */
1301
1302 #ifdef HAVE_GSSAPI
1303 static void
1304 cups_set_gss_service_name(
1305 _cups_client_conf_t *cc, /* I - client.conf values */
1306 const char *value) /* I - Value */
1307 {
1308 strlcpy(cc->gss_service_name, value, sizeof(cc->gss_service_name));
1309 }
1310 #endif /* HAVE_GSSAPI */
1311
1312
1313 /*
1314 * 'cups_set_server_name()' - Set the ServerName value.
1315 */
1316
1317 static void
1318 cups_set_server_name(
1319 _cups_client_conf_t *cc, /* I - client.conf values */
1320 const char *value) /* I - Value */
1321 {
1322 strlcpy(cc->server_name, value, sizeof(cc->server_name));
1323 }
1324
1325
1326 /*
1327 * 'cups_set_ssl_options()' - Set the SSLOptions value.
1328 */
1329
1330 #ifdef HAVE_SSL
1331 static void
1332 cups_set_ssl_options(
1333 _cups_client_conf_t *cc, /* I - client.conf values */
1334 const char *value) /* I - Value */
1335 {
1336 /*
1337 * SSLOptions [AllowRC4] [AllowSSL3] [AllowDH] [DenyTLS1.0] [None]
1338 */
1339
1340 int options = _HTTP_TLS_NONE, /* SSL/TLS options */
1341 min_version = _HTTP_TLS_1_0, /* Minimum SSL/TLS version */
1342 max_version = _HTTP_TLS_MAX; /* Maximum SSL/TLS version */
1343 char temp[256], /* Copy of value */
1344 *start, /* Start of option */
1345 *end; /* End of option */
1346
1347
1348 strlcpy(temp, value, sizeof(temp));
1349
1350 for (start = temp; *start; start = end)
1351 {
1352 /*
1353 * Find end of keyword...
1354 */
1355
1356 end = start;
1357 while (*end && !_cups_isspace(*end))
1358 end ++;
1359
1360 if (*end)
1361 *end++ = '\0';
1362
1363 /*
1364 * Compare...
1365 */
1366
1367 if (!_cups_strcasecmp(start, "AllowRC4"))
1368 options |= _HTTP_TLS_ALLOW_RC4;
1369 else if (!_cups_strcasecmp(start, "AllowSSL3"))
1370 min_version = _HTTP_TLS_SSL3;
1371 else if (!_cups_strcasecmp(start, "AllowDH"))
1372 options |= _HTTP_TLS_ALLOW_DH;
1373 else if (!_cups_strcasecmp(start, "DenyCBC"))
1374 options |= _HTTP_TLS_DENY_CBC;
1375 else if (!_cups_strcasecmp(start, "DenyTLS1.0"))
1376 min_version = _HTTP_TLS_1_1;
1377 else if (!_cups_strcasecmp(start, "MaxTLS1.0"))
1378 max_version = _HTTP_TLS_1_0;
1379 else if (!_cups_strcasecmp(start, "MaxTLS1.1"))
1380 max_version = _HTTP_TLS_1_1;
1381 else if (!_cups_strcasecmp(start, "MaxTLS1.2"))
1382 max_version = _HTTP_TLS_1_2;
1383 else if (!_cups_strcasecmp(start, "MaxTLS1.3"))
1384 max_version = _HTTP_TLS_1_3;
1385 else if (!_cups_strcasecmp(start, "MinTLS1.0"))
1386 min_version = _HTTP_TLS_1_0;
1387 else if (!_cups_strcasecmp(start, "MinTLS1.1"))
1388 min_version = _HTTP_TLS_1_1;
1389 else if (!_cups_strcasecmp(start, "MinTLS1.2"))
1390 min_version = _HTTP_TLS_1_2;
1391 else if (!_cups_strcasecmp(start, "MinTLS1.3"))
1392 min_version = _HTTP_TLS_1_3;
1393 else if (!_cups_strcasecmp(start, "None"))
1394 options = _HTTP_TLS_NONE;
1395 }
1396
1397 cc->ssl_options = options;
1398 cc->ssl_max_version = max_version;
1399 cc->ssl_min_version = min_version;
1400
1401 DEBUG_printf(("4cups_set_ssl_options(cc=%p, value=\"%s\") options=%x, min_version=%d, max_version=%d", (void *)cc, value, options, min_version, max_version));
1402 }
1403 #endif /* HAVE_SSL */
1404
1405
1406 /*
1407 * 'cups_set_user()' - Set the User value.
1408 */
1409
1410 static void
1411 cups_set_user(
1412 _cups_client_conf_t *cc, /* I - client.conf values */
1413 const char *value) /* I - Value */
1414 {
1415 strlcpy(cc->user, value, sizeof(cc->user));
1416 }
Unnamed repository; edit this file 'description' to name the repository.