4 * User, system, and password routines for CUPS.
6 * Copyright 2007-2014 by Apple Inc.
7 * Copyright 1997-2006 by Easy Software Products.
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
15 * This file is subject to the Apple OS-Developed Software exception.
19 * Include necessary headers...
22 #include "cups-private.h"
30 # include <sys/utsname.h>
38 #define _CUPS_PASSCHAR '*' /* Character that is echoed for password */
45 static void cups_read_client_conf(cups_file_t
*fp
,
47 const char *cups_encryption
,
48 const char *cups_server
,
49 const char *cups_user
,
51 const char *cups_gssservicename
,
52 #endif /* HAVE_GSSAPI */
53 const char *cups_anyroot
,
54 const char *cups_expiredcerts
,
55 const char *cups_validatecerts
);
59 * 'cupsEncryption()' - Get the current encryption settings.
61 * The default encryption setting comes from the CUPS_ENCRYPTION
62 * environment variable, then the ~/.cups/client.conf file, and finally the
63 * /etc/cups/client.conf file. If not set, the default is
64 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
66 * Note: The current encryption setting is tracked separately for each thread
67 * in a program. Multi-threaded programs that override the setting via the
68 * @link cupsSetEncryption@ function need to do so in each thread for the same
72 http_encryption_t
/* O - Encryption settings */
75 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
78 if (cg
->encryption
== (http_encryption_t
)-1)
81 return (cg
->encryption
);
86 * 'cupsGetPassword()' - Get a password from the user.
88 * Uses the current password callback function. Returns @code NULL@ if the
89 * user does not provide a password.
91 * Note: The current password callback function is tracked separately for each
92 * thread in a program. Multi-threaded programs that override the setting via
93 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
94 * do so in each thread for the same function to be used.
97 const char * /* O - Password */
98 cupsGetPassword(const char *prompt
) /* I - Prompt string */
100 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
103 return ((cg
->password_cb
)(prompt
, NULL
, NULL
, NULL
, cg
->password_data
));
108 * 'cupsGetPassword2()' - Get a password from the user using the advanced
111 * Uses the current password callback function. Returns @code NULL@ if the
112 * user does not provide a password.
114 * Note: The current password callback function is tracked separately for each
115 * thread in a program. Multi-threaded programs that override the setting via
116 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
117 * do so in each thread for the same function to be used.
119 * @since CUPS 1.4/OS X 10.6@
122 const char * /* O - Password */
123 cupsGetPassword2(const char *prompt
, /* I - Prompt string */
124 http_t
*http
, /* I - Connection to server or @code CUPS_HTTP_DEFAULT@ */
125 const char *method
, /* I - Request method ("GET", "POST", "PUT") */
126 const char *resource
) /* I - Resource path */
128 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
132 http
= _cupsConnect();
134 return ((cg
->password_cb
)(prompt
, http
, method
, resource
, cg
->password_data
));
139 * 'cupsServer()' - Return the hostname/address of the current server.
141 * The default server comes from the CUPS_SERVER environment variable, then the
142 * ~/.cups/client.conf file, and finally the /etc/cups/client.conf file. If not
143 * set, the default is the local system - either "localhost" or a domain socket
146 * The returned value can be a fully-qualified hostname, a numeric IPv4 or IPv6
147 * address, or a domain socket pathname.
149 * Note: The current server is tracked separately for each thread in a program.
150 * Multi-threaded programs that override the server via the
151 * @link cupsSetServer@ function need to do so in each thread for the same
155 const char * /* O - Server name */
158 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
169 * 'cupsSetClientCertCB()' - Set the client certificate callback.
171 * Pass @code NULL@ to restore the default callback.
173 * Note: The current certificate callback is tracked separately for each thread
174 * in a program. Multi-threaded programs that override the callback need to do
175 * so in each thread for the same callback to be used.
177 * @since CUPS 1.5/OS X 10.7@
182 cups_client_cert_cb_t cb
, /* I - Callback function */
183 void *user_data
) /* I - User data pointer */
185 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
188 cg
->client_cert_cb
= cb
;
189 cg
->client_cert_data
= user_data
;
194 * 'cupsSetCredentials()' - Set the default credentials to be used for SSL/TLS
197 * Note: The default credentials are tracked separately for each thread in a
198 * program. Multi-threaded programs that override the setting need to do so in
199 * each thread for the same setting to be used.
201 * @since CUPS 1.5/OS X 10.7@
204 int /* O - Status of call (0 = success) */
206 cups_array_t
*credentials
) /* I - Array of credentials */
208 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
211 if (cupsArrayCount(credentials
) < 1)
215 _httpFreeCredentials(cg
->tls_credentials
);
216 cg
->tls_credentials
= _httpCreateCredentials(credentials
);
217 #endif /* HAVE_SSL */
219 return (cg
->tls_credentials
? 0 : -1);
224 * 'cupsSetEncryption()' - Set the encryption preference.
226 * The default encryption setting comes from the CUPS_ENCRYPTION
227 * environment variable, then the ~/.cups/client.conf file, and finally the
228 * /etc/cups/client.conf file. If not set, the default is
229 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
231 * Note: The current encryption setting is tracked separately for each thread
232 * in a program. Multi-threaded programs that override the setting need to do
233 * so in each thread for the same setting to be used.
237 cupsSetEncryption(http_encryption_t e
) /* I - New encryption preference */
239 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
245 httpEncryption(cg
->http
, e
);
250 * 'cupsSetPasswordCB()' - Set the password callback for CUPS.
252 * Pass @code NULL@ to restore the default (console) password callback, which
253 * reads the password from the console. Programs should call either this
254 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
255 * by a program per thread.
257 * Note: The current password callback is tracked separately for each thread
258 * in a program. Multi-threaded programs that override the callback need to do
259 * so in each thread for the same callback to be used.
263 cupsSetPasswordCB(cups_password_cb_t cb
)/* I - Callback function */
265 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
268 if (cb
== (cups_password_cb_t
)0)
269 cg
->password_cb
= (cups_password_cb2_t
)_cupsGetPassword
;
271 cg
->password_cb
= (cups_password_cb2_t
)cb
;
273 cg
->password_data
= NULL
;
278 * 'cupsSetPasswordCB2()' - Set the advanced password callback for CUPS.
280 * Pass @code NULL@ to restore the default (console) password callback, which
281 * reads the password from the console. Programs should call either this
282 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
283 * by a program per thread.
285 * Note: The current password callback is tracked separately for each thread
286 * in a program. Multi-threaded programs that override the callback need to do
287 * so in each thread for the same callback to be used.
289 * @since CUPS 1.4/OS X 10.6@
294 cups_password_cb2_t cb
, /* I - Callback function */
295 void *user_data
) /* I - User data pointer */
297 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
300 if (cb
== (cups_password_cb2_t
)0)
301 cg
->password_cb
= (cups_password_cb2_t
)_cupsGetPassword
;
303 cg
->password_cb
= cb
;
305 cg
->password_data
= user_data
;
310 * 'cupsSetServer()' - Set the default server name and port.
312 * The "server" string can be a fully-qualified hostname, a numeric
313 * IPv4 or IPv6 address, or a domain socket pathname. Hostnames and numeric IP
314 * addresses can be optionally followed by a colon and port number to override
315 * the default port 631, e.g. "hostname:8631". Pass @code NULL@ to restore the
316 * default server name and port.
318 * Note: The current server is tracked separately for each thread in a program.
319 * Multi-threaded programs that override the server need to do so in each
320 * thread for the same server to be used.
324 cupsSetServer(const char *server
) /* I - Server name */
326 char *options
, /* Options */
327 *port
; /* Pointer to port */
328 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
333 strlcpy(cg
->server
, server
, sizeof(cg
->server
));
335 if (cg
->server
[0] != '/' && (options
= strrchr(cg
->server
, '/')) != NULL
)
339 if (!strcmp(options
, "version=1.0"))
340 cg
->server_version
= 10;
341 else if (!strcmp(options
, "version=1.1"))
342 cg
->server_version
= 11;
343 else if (!strcmp(options
, "version=2.0"))
344 cg
->server_version
= 20;
345 else if (!strcmp(options
, "version=2.1"))
346 cg
->server_version
= 21;
347 else if (!strcmp(options
, "version=2.2"))
348 cg
->server_version
= 22;
351 cg
->server_version
= 20;
353 if (cg
->server
[0] != '/' && (port
= strrchr(cg
->server
, ':')) != NULL
&&
354 !strchr(port
, ']') && isdigit(port
[1] & 255))
358 cg
->ipp_port
= atoi(port
);
361 if (cg
->server
[0] == '/')
362 strlcpy(cg
->servername
, "localhost", sizeof(cg
->servername
));
364 strlcpy(cg
->servername
, cg
->server
, sizeof(cg
->servername
));
368 cg
->server
[0] = '\0';
369 cg
->servername
[0] = '\0';
370 cg
->server_version
= 20;
382 * 'cupsSetServerCertCB()' - Set the server certificate callback.
384 * Pass @code NULL@ to restore the default callback.
386 * Note: The current credentials callback is tracked separately for each thread
387 * in a program. Multi-threaded programs that override the callback need to do
388 * so in each thread for the same callback to be used.
390 * @since CUPS 1.5/OS X 10.7@
395 cups_server_cert_cb_t cb
, /* I - Callback function */
396 void *user_data
) /* I - User data pointer */
398 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
401 cg
->server_cert_cb
= cb
;
402 cg
->server_cert_data
= user_data
;
407 * 'cupsSetUser()' - Set the default user name.
409 * Pass @code NULL@ to restore the default user name.
411 * Note: The current user name is tracked separately for each thread in a
412 * program. Multi-threaded programs that override the user name need to do so
413 * in each thread for the same user name to be used.
417 cupsSetUser(const char *user
) /* I - User name */
419 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
423 strlcpy(cg
->user
, user
, sizeof(cg
->user
));
430 * 'cupsSetUserAgent()' - Set the default HTTP User-Agent string.
432 * Setting the string to NULL forces the default value containing the CUPS
433 * version, IPP version, and operating system version and architecture.
435 * @since CUPS 1.7/OS X 10.9@
439 cupsSetUserAgent(const char *user_agent
)/* I - User-Agent string or @code NULL@ */
441 _cups_globals_t
*cg
= _cupsGlobals();
444 SYSTEM_INFO sysinfo
; /* System information */
445 OSVERSIONINFO version
; /* OS version info */
447 struct utsname name
; /* uname info */
453 strlcpy(cg
->user_agent
, user_agent
, sizeof(cg
->user_agent
));
458 version
.dwOSVersionInfoSize
= sizeof(OSVERSIONINFO
);
459 GetVersionEx(&version
);
460 GetNativeSystemInfo(&sysinfo
);
462 snprintf(cg
->user_agent
, sizeof(cg
->user_agent
),
463 CUPS_MINIMAL
" (Windows %d.%d; %s) IPP/2.0",
464 version
.dwMajorVersion
, version
.dwMinorVersion
,
465 sysinfo
.wProcessorArchitecture
466 == PROCESSOR_ARCHITECTURE_AMD64
? "amd64" :
467 sysinfo
.wProcessorArchitecture
468 == PROCESSOR_ARCHITECTURE_ARM
? "arm" :
469 sysinfo
.wProcessorArchitecture
470 == PROCESSOR_ARCHITECTURE_IA64
? "ia64" :
471 sysinfo
.wProcessorArchitecture
472 == PROCESSOR_ARCHITECTURE_INTEL
? "intel" :
478 snprintf(cg
->user_agent
, sizeof(cg
->user_agent
),
479 CUPS_MINIMAL
" (%s %s; %s) IPP/2.0",
480 name
.sysname
, name
.release
, name
.machine
);
486 * 'cupsUser()' - Return the current user's name.
488 * Note: The current user name is tracked separately for each thread in a
489 * program. Multi-threaded programs that override the user name with the
490 * @link cupsSetUser@ function need to do so in each thread for the same user
494 const char * /* O - User name */
497 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
508 * 'cupsUserAgent()' - Return the default HTTP User-Agent string.
510 * @since CUPS 1.7/OS X 10.9@
513 const char * /* O - User-Agent string */
516 _cups_globals_t
*cg
= _cupsGlobals(); /* Thread globals */
519 if (!cg
->user_agent
[0])
520 cupsSetUserAgent(NULL
);
522 return (cg
->user_agent
);
527 * '_cupsGetPassword()' - Get a password from the user.
530 const char * /* O - Password or @code NULL@ if none */
531 _cupsGetPassword(const char *prompt
) /* I - Prompt string */
534 HANDLE tty
; /* Console handle */
535 DWORD mode
; /* Console mode */
536 char passch
, /* Current key press */
537 *passptr
, /* Pointer into password string */
538 *passend
; /* End of password string */
539 DWORD passbytes
; /* Bytes read */
540 _cups_globals_t
*cg
= _cupsGlobals();
545 * Disable input echo and set raw input...
548 if ((tty
= GetStdHandle(STD_INPUT_HANDLE
)) == INVALID_HANDLE_VALUE
)
551 if (!GetConsoleMode(tty
, &mode
))
554 if (!SetConsoleMode(tty
, 0))
558 * Display the prompt...
561 printf("%s ", prompt
);
565 * Read the password string from /dev/tty until we get interrupted or get a
566 * carriage return or newline...
569 passptr
= cg
->password
;
570 passend
= cg
->password
+ sizeof(cg
->password
) - 1;
572 while (ReadFile(tty
, &passch
, 1, &passbytes
, NULL
))
574 if (passch
== 0x0A || passch
== 0x0D)
582 else if (passch
== 0x08 || passch
== 0x7F)
585 * Backspace/delete (erase character)...
588 if (passptr
> cg
->password
)
591 fputs("\010 \010", stdout
);
596 else if (passch
== 0x15)
599 * CTRL+U (erase line)
602 if (passptr
> cg
->password
)
604 while (passptr
> cg
->password
)
607 fputs("\010 \010", stdout
);
613 else if (passch
== 0x03)
619 passptr
= cg
->password
;
622 else if ((passch
& 255) < 0x20 || passptr
>= passend
)
627 putchar(_CUPS_PASSCHAR
);
640 SetConsoleMode(tty
, mode
);
643 * Return the proper value...
646 if (passbytes
== 1 && passptr
> cg
->password
)
649 return (cg
->password
);
653 memset(cg
->password
, 0, sizeof(cg
->password
));
658 int tty
; /* /dev/tty - never read from stdin */
659 struct termios original
, /* Original input mode */
660 noecho
; /* No echo input mode */
661 char passch
, /* Current key press */
662 *passptr
, /* Pointer into password string */
663 *passend
; /* End of password string */
664 ssize_t passbytes
; /* Bytes read */
665 _cups_globals_t
*cg
= _cupsGlobals();
670 * Disable input echo and set raw input...
673 if ((tty
= open("/dev/tty", O_RDONLY
)) < 0)
676 if (tcgetattr(tty
, &original
))
683 noecho
.c_lflag
&= (tcflag_t
)~(ICANON
| ECHO
| ECHOE
| ISIG
);
685 if (tcsetattr(tty
, TCSAFLUSH
, &noecho
))
692 * Display the prompt...
695 printf("%s ", prompt
);
699 * Read the password string from /dev/tty until we get interrupted or get a
700 * carriage return or newline...
703 passptr
= cg
->password
;
704 passend
= cg
->password
+ sizeof(cg
->password
) - 1;
706 while ((passbytes
= read(tty
, &passch
, 1)) == 1)
708 if (passch
== noecho
.c_cc
[VEOL
] ||
710 passch
== noecho
.c_cc
[VEOL2
] ||
712 passch
== 0x0A || passch
== 0x0D)
720 else if (passch
== noecho
.c_cc
[VERASE
] ||
721 passch
== 0x08 || passch
== 0x7F)
724 * Backspace/delete (erase character)...
727 if (passptr
> cg
->password
)
730 fputs("\010 \010", stdout
);
735 else if (passch
== noecho
.c_cc
[VKILL
])
738 * CTRL+U (erase line)
741 if (passptr
> cg
->password
)
743 while (passptr
> cg
->password
)
746 fputs("\010 \010", stdout
);
752 else if (passch
== noecho
.c_cc
[VINTR
] || passch
== noecho
.c_cc
[VQUIT
] ||
753 passch
== noecho
.c_cc
[VEOF
])
756 * CTRL+C, CTRL+D, or CTRL+Z...
759 passptr
= cg
->password
;
762 else if ((passch
& 255) < 0x20 || passptr
>= passend
)
767 putchar(_CUPS_PASSCHAR
);
780 tcsetattr(tty
, TCSAFLUSH
, &original
);
784 * Return the proper value...
787 if (passbytes
== 1 && passptr
> cg
->password
)
790 return (cg
->password
);
794 memset(cg
->password
, 0, sizeof(cg
->password
));
803 * '_cupsGSSServiceName()' - Get the GSS (Kerberos) service name.
807 _cupsGSSServiceName(void)
809 _cups_globals_t
*cg
= _cupsGlobals(); /* Thread globals */
812 if (!cg
->gss_service_name
[0])
815 return (cg
->gss_service_name
);
817 #endif /* HAVE_GSSAPI */
821 * '_cupsSetDefaults()' - Set the default server, port, and encryption.
825 _cupsSetDefaults(void)
827 cups_file_t
*fp
; /* File */
828 const char *home
, /* Home directory of user */
829 *cups_encryption
, /* CUPS_ENCRYPTION env var */
830 *cups_server
, /* CUPS_SERVER env var */
831 *cups_user
, /* CUPS_USER/USER env var */
833 *cups_gssservicename
, /* CUPS_GSSSERVICENAME env var */
834 #endif /* HAVE_GSSAPI */
835 *cups_anyroot
, /* CUPS_ANYROOT env var */
836 *cups_expiredcerts
, /* CUPS_EXPIREDCERTS env var */
837 *cups_validatecerts
; /* CUPS_VALIDATECERTS env var */
838 char filename
[1024]; /* Filename */
839 _cups_globals_t
*cg
= _cupsGlobals(); /* Pointer to library globals */
842 DEBUG_puts("_cupsSetDefaults()");
845 * First collect environment variables...
848 cups_encryption
= getenv("CUPS_ENCRYPTION");
849 cups_server
= getenv("CUPS_SERVER");
851 cups_gssservicename
= getenv("CUPS_GSSSERVICENAME");
852 #endif /* HAVE_GSSAPI */
853 cups_anyroot
= getenv("CUPS_ANYROOT");
854 cups_expiredcerts
= getenv("CUPS_EXPIREDCERTS");
855 cups_user
= getenv("CUPS_USER");
856 cups_validatecerts
= getenv("CUPS_VALIDATECERTS");
859 * Then, if needed, read the ~/.cups/client.conf or /etc/cups/client.conf
860 * files to get the default values...
863 if (cg
->encryption
== (http_encryption_t
)-1 || !cg
->server
[0] ||
864 !cg
->user
[0] || !cg
->ipp_port
)
867 if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home
= getenv("HOME")) != NULL
)
868 # elif !defined(WIN32)
869 if (getuid() && (home
= getenv("HOME")) != NULL
)
871 if ((home
= getenv("HOME")) != NULL
)
872 # endif /* HAVE_GETEUID */
875 * Look for ~/.cups/client.conf...
878 snprintf(filename
, sizeof(filename
), "%s/.cups/client.conf", home
);
879 fp
= cupsFileOpen(filename
, "r");
887 * Look for CUPS_SERVERROOT/client.conf...
890 snprintf(filename
, sizeof(filename
), "%s/client.conf",
891 cg
->cups_serverroot
);
892 fp
= cupsFileOpen(filename
, "r");
896 * Read the configuration file and apply any environment variables; both
897 * functions handle NULL cups_file_t pointers...
900 cups_read_client_conf(fp
, cg
, cups_encryption
, cups_server
, cups_user
,
903 #endif /* HAVE_GSSAPI */
904 cups_anyroot
, cups_expiredcerts
, cups_validatecerts
);
911 * 'cups_read_client_conf()' - Read a client.conf file.
915 cups_read_client_conf(
916 cups_file_t
*fp
, /* I - File to read */
917 _cups_globals_t
*cg
, /* I - Global data */
918 const char *cups_encryption
, /* I - CUPS_ENCRYPTION env var */
919 const char *cups_server
, /* I - CUPS_SERVER env var */
920 const char *cups_user
, /* I - CUPS_USER env var */
922 const char *cups_gssservicename
,
923 /* I - CUPS_GSSSERVICENAME env var */
924 #endif /* HAVE_GSSAPI */
925 const char *cups_anyroot
, /* I - CUPS_ANYROOT env var */
926 const char *cups_expiredcerts
, /* I - CUPS_EXPIREDCERTS env var */
927 const char *cups_validatecerts
)/* I - CUPS_VALIDATECERTS env var */
929 int linenum
; /* Current line number */
930 char line
[1024], /* Line from file */
931 *value
, /* Pointer into line */
932 encryption
[1024], /* Encryption value */
934 server_name
[1024], /* ServerName value */
935 #endif /* !__APPLE__ */
936 user
[256], /* User value */
937 any_root
[1024], /* AllowAnyRoot value */
938 expired_certs
[1024], /* AllowExpiredCerts value */
939 validate_certs
[1024]; /* ValidateCerts value */
941 char gss_service_name
[32]; /* GSSServiceName value */
942 #endif /* HAVE_GSSAPI */
946 * Read from the file...
950 while (cupsFileGetConf(fp
, line
, sizeof(line
), &value
, &linenum
))
952 if (!cups_encryption
&& cg
->encryption
== (http_encryption_t
)-1 &&
953 !_cups_strcasecmp(line
, "Encryption") && value
)
955 strlcpy(encryption
, value
, sizeof(encryption
));
956 cups_encryption
= encryption
;
960 * The Server directive is not supported on OS X due to app sandboxing
961 * restrictions, i.e. not all apps request network access.
963 else if (!cups_server
&& (!cg
->server
[0] || !cg
->ipp_port
) &&
964 !_cups_strcasecmp(line
, "ServerName") && value
)
966 strlcpy(server_name
, value
, sizeof(server_name
));
967 cups_server
= server_name
;
969 #endif /* !__APPLE__ */
970 else if (!cups_user
&& !_cups_strcasecmp(line
, "User") && value
)
972 strlcpy(user
, value
, sizeof(user
));
975 else if (!cups_anyroot
&& !_cups_strcasecmp(line
, "AllowAnyRoot") && value
)
977 strlcpy(any_root
, value
, sizeof(any_root
));
978 cups_anyroot
= any_root
;
980 else if (!cups_expiredcerts
&& !_cups_strcasecmp(line
, "AllowExpiredCerts") &&
983 strlcpy(expired_certs
, value
, sizeof(expired_certs
));
984 cups_expiredcerts
= expired_certs
;
986 else if (!cups_validatecerts
&& !_cups_strcasecmp(line
, "ValidateCerts") && value
)
988 strlcpy(validate_certs
, value
, sizeof(validate_certs
));
989 cups_validatecerts
= validate_certs
;
992 else if (!cups_gssservicename
&& !_cups_strcasecmp(line
, "GSSServiceName") &&
995 strlcpy(gss_service_name
, value
, sizeof(gss_service_name
));
996 cups_gssservicename
= gss_service_name
;
998 #endif /* HAVE_GSSAPI */
1005 if (cg
->encryption
== (http_encryption_t
)-1 && cups_encryption
)
1007 if (!_cups_strcasecmp(cups_encryption
, "never"))
1008 cg
->encryption
= HTTP_ENCRYPTION_NEVER
;
1009 else if (!_cups_strcasecmp(cups_encryption
, "always"))
1010 cg
->encryption
= HTTP_ENCRYPTION_ALWAYS
;
1011 else if (!_cups_strcasecmp(cups_encryption
, "required"))
1012 cg
->encryption
= HTTP_ENCRYPTION_REQUIRED
;
1014 cg
->encryption
= HTTP_ENCRYPTION_IF_REQUESTED
;
1017 if ((!cg
->server
[0] || !cg
->ipp_port
) && cups_server
)
1018 cupsSetServer(cups_server
);
1022 #ifdef CUPS_DEFAULT_DOMAINSOCKET
1024 * If we are compiled with domain socket support, only use the
1025 * domain socket if it exists and has the right permissions...
1028 struct stat sockinfo
; /* Domain socket information */
1030 if (!stat(CUPS_DEFAULT_DOMAINSOCKET
, &sockinfo
) &&
1031 (sockinfo
.st_mode
& S_IRWXO
) == S_IRWXO
)
1032 cups_server
= CUPS_DEFAULT_DOMAINSOCKET
;
1034 #endif /* CUPS_DEFAULT_DOMAINSOCKET */
1035 cups_server
= "localhost";
1037 cupsSetServer(cups_server
);
1042 const char *ipp_port
; /* IPP_PORT environment variable */
1044 if ((ipp_port
= getenv("IPP_PORT")) != NULL
)
1046 if ((cg
->ipp_port
= atoi(ipp_port
)) <= 0)
1047 cg
->ipp_port
= CUPS_DEFAULT_IPP_PORT
;
1050 cg
->ipp_port
= CUPS_DEFAULT_IPP_PORT
;
1056 strlcpy(cg
->user
, cups_user
, sizeof(cg
->user
));
1061 * Get the current user name from the OS...
1064 DWORD size
; /* Size of string */
1066 size
= sizeof(cg
->user
);
1067 if (!GetUserName(cg
->user
, &size
))
1070 * Try the USER environment variable as the default username...
1073 const char *envuser
= getenv("USER");
1074 /* Default username */
1075 struct passwd
*pw
= NULL
; /* Account information */
1080 * Validate USER matches the current UID, otherwise don't allow it to
1081 * override things... This makes sure that printing after doing su or
1082 * sudo records the correct username.
1085 if ((pw
= getpwnam(envuser
)) != NULL
&& pw
->pw_uid
!= getuid())
1090 pw
= getpwuid(getuid());
1093 strlcpy(cg
->user
, pw
->pw_name
, sizeof(cg
->user
));
1098 * Use the default "unknown" user name...
1101 strlcpy(cg
->user
, "unknown", sizeof(cg
->user
));
1107 if (!cups_gssservicename
)
1108 cups_gssservicename
= CUPS_DEFAULT_GSSSERVICENAME
;
1110 strlcpy(cg
->gss_service_name
, cups_gssservicename
,
1111 sizeof(cg
->gss_service_name
));
1112 #endif /* HAVE_GSSAPI */
1115 cg
->any_root
= !_cups_strcasecmp(cups_anyroot
, "yes") ||
1116 !_cups_strcasecmp(cups_anyroot
, "on") ||
1117 !_cups_strcasecmp(cups_anyroot
, "true");
1119 if (cups_expiredcerts
)
1120 cg
->expired_certs
= !_cups_strcasecmp(cups_expiredcerts
, "yes") ||
1121 !_cups_strcasecmp(cups_expiredcerts
, "on") ||
1122 !_cups_strcasecmp(cups_expiredcerts
, "true");
1124 if (cups_validatecerts
)
1125 cg
->validate_certs
= !_cups_strcasecmp(cups_validatecerts
, "yes") ||
1126 !_cups_strcasecmp(cups_validatecerts
, "on") ||
1127 !_cups_strcasecmp(cups_validatecerts
, "true");