scheduler/auth.h

   1 /*
   2  * Authorization definitions for the CUPS scheduler.
   3  *
   4  * Copyright 2007-2014 by Apple Inc.
   5  * Copyright 1997-2006 by Easy Software Products, all rights reserved.
   6  *
   7  * Licensed under Apache License v2.0.  See the file "LICENSE" for more information.
   8  */
   9
  10 /*
  11  * Include necessary headers...
  12  */
  13
  14 #include <pwd.h>
  15
  16
  17 /*
  18  * HTTP authorization types and levels...
  19  */
  20
  21 #define CUPSD_AUTH_DEFAULT      -1      /* Use DefaultAuthType */
  22 #define CUPSD_AUTH_NONE         0       /* No authentication */
  23 #define CUPSD_AUTH_BASIC        1       /* Basic authentication */
  24 #define CUPSD_AUTH_NEGOTIATE    2       /* Kerberos authentication */
  25 #define CUPSD_AUTH_AUTO         3       /* Kerberos or Basic, depending on configuration of server */
  26
  27 #define CUPSD_AUTH_ANON         0       /* Anonymous access */
  28 #define CUPSD_AUTH_USER         1       /* Must have a valid username/password */
  29 #define CUPSD_AUTH_GROUP        2       /* Must also be in a named group */
  30
  31 #define CUPSD_AUTH_ALLOW        0       /* Allow access */
  32 #define CUPSD_AUTH_DENY         1       /* Deny access */
  33
  34 #define CUPSD_AUTH_NAME         0       /* Authorize host by name */
  35 #define CUPSD_AUTH_IP           1       /* Authorize host by IP */
  36 #define CUPSD_AUTH_INTERFACE    2       /* Authorize host by interface */
  37
  38 #define CUPSD_AUTH_SATISFY_ALL  0       /* Satisfy both address and auth */
  39 #define CUPSD_AUTH_SATISFY_ANY  1       /* Satisfy either address or auth */
  40
  41 #define CUPSD_AUTH_LIMIT_DELETE 1       /* Limit DELETE requests */
  42 #define CUPSD_AUTH_LIMIT_GET    2       /* Limit GET requests */
  43 #define CUPSD_AUTH_LIMIT_HEAD   4       /* Limit HEAD requests */
  44 #define CUPSD_AUTH_LIMIT_OPTIONS 8      /* Limit OPTIONS requests */
  45 #define CUPSD_AUTH_LIMIT_POST   16      /* Limit POST requests */
  46 #define CUPSD_AUTH_LIMIT_PUT    32      /* Limit PUT requests */
  47 #define CUPSD_AUTH_LIMIT_TRACE  64      /* Limit TRACE requests */
  48 #define CUPSD_AUTH_LIMIT_ALL    127     /* Limit all requests */
  49 #define CUPSD_AUTH_LIMIT_IPP    128     /* Limit IPP requests */
  50
  51 #define IPP_ANY_OPERATION       (ipp_op_t)0
  52                                         /* Any IPP operation */
  53 #define IPP_BAD_OPERATION       (ipp_op_t)-1
  54                                         /* No IPP operation */
  55
  56
  57 /*
  58  * HTTP access control structures...
  59  */
  60
  61 typedef struct
  62 {
  63   unsigned      address[4],             /* IP address */
  64                 netmask[4];             /* IP netmask */
  65 } cupsd_ipmask_t;
  66
  67 typedef struct
  68 {
  69   size_t        length;                 /* Length of name */
  70   char          *name;                  /* Name string */
  71 } cupsd_namemask_t;
  72
  73 typedef struct
  74 {
  75   int           type;                   /* Mask type */
  76   union
  77   {
  78     cupsd_namemask_t    name;           /* Host/Domain name */
  79     cupsd_ipmask_t      ip;             /* IP address/network */
  80   }             mask;                   /* Mask data */
  81 } cupsd_authmask_t;
  82
  83 typedef struct
  84 {
  85   char                  *location;      /* Location of resource */
  86   size_t                length;         /* Length of location string */
  87   ipp_op_t              op;             /* IPP operation */
  88   int                   limit,          /* Limit for these types of requests */
  89                         order_type,     /* Allow or Deny */
  90                         type,           /* Type of authentication */
  91                         level,          /* Access level required */
  92                         satisfy;        /* Satisfy any or all limits? */
  93   cups_array_t          *names,         /* User or group names */
  94                         *allow,         /* Allow lines */
  95                         *deny;          /* Deny lines */
  96   http_encryption_t     encryption;     /* To encrypt or not to encrypt... */
  97 } cupsd_location_t;
  98
  99 typedef struct cupsd_client_s cupsd_client_t;
 100
 101
 102 /*
 103  * Globals...
 104  */
 105
 106 VAR cups_array_t        *Locations      VALUE(NULL);
 107                                         /* Authorization locations */
 108 #ifdef HAVE_SSL
 109 VAR http_encryption_t   DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
 110                                         /* Default encryption for authentication */
 111 #endif /* HAVE_SSL */
 112
 113
 114 /*
 115  * Prototypes...
 116  */
 117
 118 extern int              cupsdAddIPMask(cups_array_t **masks,
 119                                        const unsigned address[4],
 120                                        const unsigned netmask[4]);
 121 extern void             cupsdAddLocation(cupsd_location_t *loc);
 122 extern void             cupsdAddName(cupsd_location_t *loc, char *name);
 123 extern int              cupsdAddNameMask(cups_array_t **masks, char *name);
 124 extern void             cupsdAuthorize(cupsd_client_t *con);
 125 extern int              cupsdCheckAccess(unsigned ip[4], const char *name, size_t namelen, cupsd_location_t *loc);
 126 extern int              cupsdCheckAuth(unsigned ip[4], const char *name, size_t namelen, cups_array_t *masks);
 127 extern int              cupsdCheckGroup(const char *username,
 128                                         struct passwd *user,
 129                                         const char *groupname);
 130 extern cupsd_location_t *cupsdCopyLocation(cupsd_location_t *loc);
 131 extern void             cupsdDeleteAllLocations(void);
 132 extern cupsd_location_t *cupsdFindBest(const char *path, http_state_t state);
 133 extern cupsd_location_t *cupsdFindLocation(const char *location);
 134 extern void             cupsdFreeLocation(cupsd_location_t *loc);
 135 extern http_status_t    cupsdIsAuthorized(cupsd_client_t *con, const char *owner);
 136 extern cupsd_location_t *cupsdNewLocation(const char *location);