scheduler/auth.h

   1 /*
   2  * "$Id: auth.h 7317 2008-02-15 22:29:27Z mike $"
   3  *
   4  *   Authorization definitions for the Common UNIX Printing System (CUPS)
   5  *   scheduler.
   6  *
   7  *   Copyright 2007-2008 by Apple Inc.
   8  *   Copyright 1997-2006 by Easy Software Products, all rights reserved.
   9  *
  10  *   These coded instructions, statements, and computer programs are the
  11  *   property of Apple Inc. and are protected by Federal copyright
  12  *   law.  Distribution and use rights are outlined in the file "LICENSE.txt"
  13  *   which should have been included with this file.  If this file is
  14  *   file is missing or damaged, see the license at "http://www.cups.org/".
  15  */
  16
  17 /*
  18  * Include necessary headers...
  19  */
  20
  21 #include <pwd.h>
  22
  23
  24 /*
  25  * HTTP authorization types and levels...
  26  */
  27
  28 #define CUPSD_AUTH_DEFAULT      -1      /* Use DefaultAuthType */
  29 #define CUPSD_AUTH_NONE         0       /* No authentication */
  30 #define CUPSD_AUTH_BASIC        1       /* Basic authentication */
  31 #define CUPSD_AUTH_DIGEST       2       /* Digest authentication */
  32 #define CUPSD_AUTH_BASICDIGEST  3       /* Basic authentication w/passwd.md5 */
  33 #define CUPSD_AUTH_NEGOTIATE    4       /* Kerberos authentication */
  34
  35 #define CUPSD_AUTH_ANON         0       /* Anonymous access */
  36 #define CUPSD_AUTH_USER         1       /* Must have a valid username/password */
  37 #define CUPSD_AUTH_GROUP        2       /* Must also be in a named group */
  38
  39 #define CUPSD_AUTH_ALLOW        0       /* Allow access */
  40 #define CUPSD_AUTH_DENY         1       /* Deny access */
  41
  42 #define CUPSD_AUTH_NAME         0       /* Authorize host by name */
  43 #define CUPSD_AUTH_IP           1       /* Authorize host by IP */
  44 #define CUPSD_AUTH_INTERFACE    2       /* Authorize host by interface */
  45
  46 #define CUPSD_AUTH_SATISFY_ALL  0       /* Satisfy both address and auth */
  47 #define CUPSD_AUTH_SATISFY_ANY  1       /* Satisfy either address or auth */
  48
  49 #define CUPSD_AUTH_LIMIT_DELETE 1       /* Limit DELETE requests */
  50 #define CUPSD_AUTH_LIMIT_GET    2       /* Limit GET requests */
  51 #define CUPSD_AUTH_LIMIT_HEAD   4       /* Limit HEAD requests */
  52 #define CUPSD_AUTH_LIMIT_OPTIONS 8      /* Limit OPTIONS requests */
  53 #define CUPSD_AUTH_LIMIT_POST   16      /* Limit POST requests */
  54 #define CUPSD_AUTH_LIMIT_PUT    32      /* Limit PUT requests */
  55 #define CUPSD_AUTH_LIMIT_TRACE  64      /* Limit TRACE requests */
  56 #define CUPSD_AUTH_LIMIT_ALL    127     /* Limit all requests */
  57 #define CUPSD_AUTH_LIMIT_IPP    128     /* Limit IPP requests */
  58
  59 #define IPP_ANY_OPERATION       (ipp_op_t)0
  60                                         /* Any IPP operation */
  61 #define IPP_BAD_OPERATION       (ipp_op_t)-1
  62                                         /* No IPP operation */
  63
  64
  65 /*
  66  * HTTP access control structures...
  67  */
  68
  69 typedef struct
  70 {
  71   unsigned      address[4],             /* IP address */
  72                 netmask[4];             /* IP netmask */
  73 } cupsd_ipmask_t;
  74
  75 typedef struct
  76 {
  77   int           length;                 /* Length of name */
  78   char          *name;                  /* Name string */
  79 } cupsd_namemask_t;
  80
  81 typedef struct
  82 {
  83   int           type;                   /* Mask type */
  84   union
  85   {
  86     cupsd_namemask_t    name;           /* Host/Domain name */
  87     cupsd_ipmask_t      ip;             /* IP address/network */
  88   }             mask;                   /* Mask data */
  89 } cupsd_authmask_t;
  90
  91 typedef struct
  92 {
  93   char                  *location;      /* Location of resource */
  94   ipp_op_t              op;             /* IPP operation */
  95   int                   limit,          /* Limit for these types of requests */
  96                         length,         /* Length of location string */
  97                         order_type,     /* Allow or Deny */
  98                         type,           /* Type of authentication */
  99                         level,          /* Access level required */
 100                         satisfy;        /* Satisfy any or all limits? */
 101   int                   num_names;      /* Number of names */
 102   char                  **names;        /* User or group names */
 103   int                   num_allow;      /* Number of Allow lines */
 104   cupsd_authmask_t      *allow;         /* Allow lines */
 105   int                   num_deny;       /* Number of Deny lines */
 106   cupsd_authmask_t      *deny;          /* Deny lines */
 107   http_encryption_t     encryption;     /* To encrypt or not to encrypt... */
 108 } cupsd_location_t;
 109
 110 typedef struct cupsd_client_s cupsd_client_t;
 111
 112
 113 /*
 114  * Globals...
 115  */
 116
 117 VAR cups_array_t        *Locations      VALUE(NULL);
 118                                         /* Authorization locations */
 119 VAR int                 DefaultAuthType VALUE(CUPSD_AUTH_BASIC);
 120                                         /* Default AuthType, if not specified */
 121 #ifdef HAVE_SSL
 122 VAR http_encryption_t   DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
 123                                         /* Default encryption for authentication */
 124 #endif /* HAVE_SSL */
 125
 126
 127 /*
 128  * Prototypes...
 129  */
 130
 131 extern cupsd_location_t *cupsdAddLocation(const char *location);
 132 extern void             cupsdAddName(cupsd_location_t *loc, char *name);
 133 extern void             cupsdAllowHost(cupsd_location_t *loc, char *name);
 134 extern void             cupsdAllowIP(cupsd_location_t *loc,
 135                                      const unsigned address[4],
 136                                      const unsigned netmask[4]);
 137 extern void             cupsdAuthorize(cupsd_client_t *con);
 138 extern int              cupsdCheckAccess(unsigned ip[4], char *name,
 139                                          int namelen, cupsd_location_t *loc);
 140 extern int              cupsdCheckAuth(unsigned ip[4], char *name, int namelen,
 141                                        int num_masks, cupsd_authmask_t *masks);
 142 extern int              cupsdCheckGroup(const char *username,
 143                                         struct passwd *user,
 144                                         const char *groupname);
 145 extern cupsd_location_t *cupsdCopyLocation(cupsd_location_t **loc);
 146 extern void             cupsdDeleteAllLocations(void);
 147 extern void             cupsdDeleteLocation(cupsd_location_t *loc);
 148 extern void             cupsdDenyHost(cupsd_location_t *loc, char *name);
 149 extern void             cupsdDenyIP(cupsd_location_t *loc,
 150                                     const unsigned address[4],
 151                                     const unsigned netmask[4]);
 152 extern cupsd_location_t *cupsdFindBest(const char *path, http_state_t state);
 153 extern cupsd_location_t *cupsdFindLocation(const char *location);
 154 extern http_status_t    cupsdIsAuthorized(cupsd_client_t *con, const char *owner);
 155
 156
 157 /*
 158  * End of "$Id: auth.h 7317 2008-02-15 22:29:27Z mike $".
 159  */