]> git.ipfire.org Git - thirdparty/cups.git/blob - scheduler/conf.c
projects / thirdparty / cups.git / blob
? search:


68b97611da65179ec91054f676b58069572a6c19
[thirdparty/cups.git] / scheduler / conf.c
1 /*
2 * "$Id: conf.c 9352 2010-11-06 04:55:26Z mike $"
3 *
4 * Configuration routines for the CUPS scheduler.
5 *
6 * Copyright 2007-2012 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
8 *
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
14 *
15 * Contents:
16 *
17 * cupsdAddAlias() - Add a host alias.
18 * cupsdCheckPermissions() - Fix the mode and ownership of a file or
19 * directory.
20 * cupsdDefaultAuthType() - Get the default AuthType.
21 * cupsdFreeAliases() - Free all of the alias entries.
22 * cupsdReadConfiguration() - Read the cupsd.conf file.
23 * get_address() - Get an address + port number from a line.
24 * get_addr_and_mask() - Get an IP address and netmask.
25 * mime_error_cb() - Log a MIME error.
26 * parse_aaa() - Parse authentication, authorization, and access
27 * control lines.
28 * parse_fatal_errors() - Parse FatalErrors values in a string.
29 * parse_groups() - Parse system group names in a string.
30 * parse_protocols() - Parse browse protocols in a string.
31 * parse_variable() - Parse a variable line.
32 * read_cupsd_conf() - Read the cupsd.conf configuration file.
33 * read_cups_files_conf() - Read the cups-files.conf configuration file.
34 * read_location() - Read a <Location path> definition.
35 * read_policy() - Read a <Policy name> definition.
36 * set_policy_defaults() - Set default policy values as needed.
37 */
38
39 /*
40 * Include necessary headers...
41 */
42
43 #include "cupsd.h"
44 #include <stdarg.h>
45 #include <grp.h>
46 #include <sys/utsname.h>
47 #include <syslog.h>
48
49 #ifdef HAVE_LIBPAPER
50 # include <paper.h>
51 #endif /* HAVE_LIBPAPER */
52
53
54 /*
55 * Possibly missing network definitions...
56 */
57
58 #ifndef INADDR_NONE
59 # define INADDR_NONE 0xffffffff
60 #endif /* !INADDR_NONE */
61
62
63 /*
64 * Configuration variable structure...
65 */
66
67 typedef enum
68 {
69 CUPSD_VARTYPE_INTEGER, /* Integer option */
70 CUPSD_VARTYPE_TIME, /* Time interval option */
71 CUPSD_VARTYPE_STRING, /* String option */
72 CUPSD_VARTYPE_BOOLEAN, /* Boolean option */
73 CUPSD_VARTYPE_PATHNAME /* File/directory name option */
74 } cupsd_vartype_t;
75
76 typedef struct
77 {
78 const char *name; /* Name of variable */
79 void *ptr; /* Pointer to variable */
80 cupsd_vartype_t type; /* Type (int, string, address) */
81 } cupsd_var_t;
82
83
84 /*
85 * Local globals...
86 */
87
88 static const cupsd_var_t cupsd_vars[] =
89 {
90 { "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN },
91 #if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
92 { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_STRING },
93 #endif /* HAVE_DNSSD || HAVE_AVAHI */
94 { "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN },
95 { "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN },
96 { "Classification", &Classification, CUPSD_VARTYPE_STRING },
97 { "ClassifyOverride", &ClassifyOverride, CUPSD_VARTYPE_BOOLEAN },
98 { "DefaultLanguage", &DefaultLanguage, CUPSD_VARTYPE_STRING },
99 { "DefaultLeaseDuration", &DefaultLeaseDuration, CUPSD_VARTYPE_TIME },
100 { "DefaultPaperSize", &DefaultPaperSize, CUPSD_VARTYPE_STRING },
101 { "DefaultPolicy", &DefaultPolicy, CUPSD_VARTYPE_STRING },
102 { "DefaultShared", &DefaultShared, CUPSD_VARTYPE_BOOLEAN },
103 { "DirtyCleanInterval", &DirtyCleanInterval, CUPSD_VARTYPE_TIME },
104 { "ErrorPolicy", &ErrorPolicy, CUPSD_VARTYPE_STRING },
105 { "FilterLimit", &FilterLimit, CUPSD_VARTYPE_INTEGER },
106 { "FilterNice", &FilterNice, CUPSD_VARTYPE_INTEGER },
107 #ifdef HAVE_GSSAPI
108 { "GSSServiceName", &GSSServiceName, CUPSD_VARTYPE_STRING },
109 #endif /* HAVE_GSSAPI */
110 { "JobKillDelay", &JobKillDelay, CUPSD_VARTYPE_TIME },
111 { "JobRetryLimit", &JobRetryLimit, CUPSD_VARTYPE_INTEGER },
112 { "JobRetryInterval", &JobRetryInterval, CUPSD_VARTYPE_TIME },
113 { "KeepAliveTimeout", &KeepAliveTimeout, CUPSD_VARTYPE_TIME },
114 { "KeepAlive", &KeepAlive, CUPSD_VARTYPE_BOOLEAN },
115 #ifdef HAVE_LAUNCHD
116 { "LaunchdTimeout", &LaunchdTimeout, CUPSD_VARTYPE_TIME },
117 #endif /* HAVE_LAUNCHD */
118 { "LimitRequestBody", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
119 { "ListenBackLog", &ListenBackLog, CUPSD_VARTYPE_INTEGER },
120 { "LogDebugHistory", &LogDebugHistory, CUPSD_VARTYPE_INTEGER },
121 { "MaxActiveJobs", &MaxActiveJobs, CUPSD_VARTYPE_INTEGER },
122 { "MaxClients", &MaxClients, CUPSD_VARTYPE_INTEGER },
123 { "MaxClientsPerHost", &MaxClientsPerHost, CUPSD_VARTYPE_INTEGER },
124 { "MaxCopies", &MaxCopies, CUPSD_VARTYPE_INTEGER },
125 { "MaxEvents", &MaxEvents, CUPSD_VARTYPE_INTEGER },
126 { "MaxHoldTime", &MaxHoldTime, CUPSD_VARTYPE_TIME },
127 { "MaxJobs", &MaxJobs, CUPSD_VARTYPE_INTEGER },
128 { "MaxJobsPerPrinter", &MaxJobsPerPrinter, CUPSD_VARTYPE_INTEGER },
129 { "MaxJobsPerUser", &MaxJobsPerUser, CUPSD_VARTYPE_INTEGER },
130 { "MaxJobTime", &MaxJobTime, CUPSD_VARTYPE_INTEGER },
131 { "MaxLeaseDuration", &MaxLeaseDuration, CUPSD_VARTYPE_TIME },
132 { "MaxLogSize", &MaxLogSize, CUPSD_VARTYPE_INTEGER },
133 { "MaxRequestSize", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
134 { "MaxSubscriptions", &MaxSubscriptions, CUPSD_VARTYPE_INTEGER },
135 { "MaxSubscriptionsPerJob", &MaxSubscriptionsPerJob, CUPSD_VARTYPE_INTEGER },
136 { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER },
137 { "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER },
138 { "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_TIME },
139 { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING },
140 { "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_TIME },
141 { "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_TIME },
142 { "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_TIME },
143 { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
144 { "RIPCache", &RIPCache, CUPSD_VARTYPE_STRING },
145 { "RootCertDuration", &RootCertDuration, CUPSD_VARTYPE_TIME },
146 { "ServerAdmin", &ServerAdmin, CUPSD_VARTYPE_STRING },
147 { "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
148 { "StrictConformance", &StrictConformance, CUPSD_VARTYPE_BOOLEAN },
149 { "Timeout", &Timeout, CUPSD_VARTYPE_TIME },
150 { "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN }
151 };
152 static const cupsd_var_t cupsfiles_vars[] =
153 {
154 { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
155 { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
156 { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_INTEGER },
157 { "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
158 { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
159 { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
160 { "FileDevice", &FileDevice, CUPSD_VARTYPE_BOOLEAN },
161 { "FontPath", &FontPath, CUPSD_VARTYPE_STRING },
162 { "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_INTEGER },
163 { "LPDConfigFile", &LPDConfigFile, CUPSD_VARTYPE_STRING },
164 { "PageLog", &PageLog, CUPSD_VARTYPE_STRING },
165 { "Printcap", &Printcap, CUPSD_VARTYPE_STRING },
166 { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
167 { "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME },
168 #ifdef HAVE_SSL
169 { "ServerCertificate", &ServerCertificate, CUPSD_VARTYPE_PATHNAME },
170 # if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
171 { "ServerKey", &ServerKey, CUPSD_VARTYPE_PATHNAME },
172 # endif /* HAVE_LIBSSL || HAVE_GNUTLS */
173 #endif /* HAVE_SSL */
174 { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME },
175 { "SMBConfigFile", &SMBConfigFile, CUPSD_VARTYPE_STRING },
176 { "StateDir", &StateDir, CUPSD_VARTYPE_STRING },
177 #ifdef HAVE_AUTHORIZATION_H
178 { "SystemGroupAuthKey", &SystemGroupAuthKey, CUPSD_VARTYPE_STRING },
179 #endif /* HAVE_AUTHORIZATION_H */
180 { "TempDir", &TempDir, CUPSD_VARTYPE_PATHNAME }
181 };
182
183 static int default_auth_type = CUPSD_AUTH_AUTO;
184 /* Default AuthType, if not specified */
185
186 static const unsigned ones[4] =
187 {
188 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff
189 };
190 static const unsigned zeros[4] =
191 {
192 0x00000000, 0x00000000, 0x00000000, 0x00000000
193 };
194
195
196 /*
197 * Local functions...
198 */
199
200 static http_addrlist_t *get_address(const char *value, int defport);
201 static int get_addr_and_mask(const char *value, unsigned *ip,
202 unsigned *mask);
203 static void mime_error_cb(void *ctx, const char *message);
204 static int parse_aaa(cupsd_location_t *loc, char *line,
205 char *value, int linenum);
206 static int parse_fatal_errors(const char *s);
207 static int parse_groups(const char *s);
208 static int parse_protocols(const char *s);
209 static int parse_variable(const char *filename, int linenum,
210 const char *line, const char *value,
211 size_t num_vars,
212 const cupsd_var_t *vars);
213 static int read_cupsd_conf(cups_file_t *fp);
214 static int read_cups_files_conf(cups_file_t *fp);
215 static int read_location(cups_file_t *fp, char *name, int linenum);
216 static int read_policy(cups_file_t *fp, char *name, int linenum);
217 static void set_policy_defaults(cupsd_policy_t *pol);
218
219
220 /*
221 * 'cupsdAddAlias()' - Add a host alias.
222 */
223
224 void
225 cupsdAddAlias(cups_array_t *aliases, /* I - Array of aliases */
226 const char *name) /* I - Name to add */
227 {
228 cupsd_alias_t *a; /* New alias */
229 size_t namelen; /* Length of name */
230
231
232 namelen = strlen(name);
233
234 if ((a = (cupsd_alias_t *)malloc(sizeof(cupsd_alias_t) + namelen)) == NULL)
235 return;
236
237 a->namelen = namelen;
238 memcpy(a->name, name, namelen + 1); /* OK since a->name is allocated */
239
240 cupsArrayAdd(aliases, a);
241 }
242
243
244 /*
245 * 'cupsdCheckPermissions()' - Fix the mode and ownership of a file or directory.
246 */
247
248 int /* O - 0 on success, -1 on error, 1 on warning */
249 cupsdCheckPermissions(
250 const char *filename, /* I - File/directory name */
251 const char *suffix, /* I - Additional file/directory name */
252 int mode, /* I - Permissions */
253 int user, /* I - Owner */
254 int group, /* I - Group */
255 int is_dir, /* I - 1 = directory, 0 = file */
256 int create_dir) /* I - 1 = create directory, -1 = create w/o logging, 0 = not */
257 {
258 int dir_created = 0; /* Did we create a directory? */
259 char pathname[1024]; /* File name with prefix */
260 struct stat fileinfo; /* Stat buffer */
261 int is_symlink; /* Is "filename" a symlink? */
262
263
264 /*
265 * Prepend the given root to the filename before testing it...
266 */
267
268 if (suffix)
269 {
270 snprintf(pathname, sizeof(pathname), "%s/%s", filename, suffix);
271 filename = pathname;
272 }
273
274 /*
275 * See if we can stat the file/directory...
276 */
277
278 if (lstat(filename, &fileinfo))
279 {
280 if (errno == ENOENT && create_dir)
281 {
282 if (create_dir > 0)
283 cupsdLogMessage(CUPSD_LOG_DEBUG, "Creating missing directory \"%s\"",
284 filename);
285
286 if (mkdir(filename, mode))
287 {
288 if (create_dir > 0)
289 cupsdLogMessage(CUPSD_LOG_ERROR,
290 "Unable to create directory \"%s\" - %s", filename,
291 strerror(errno));
292 else
293 syslog(LOG_ERR, "Unable to create directory \"%s\" - %s", filename,
294 strerror(errno));
295
296 return (-1);
297 }
298
299 dir_created = 1;
300 fileinfo.st_mode = mode | S_IFDIR;
301 }
302 else
303 return (create_dir ? -1 : 1);
304 }
305
306 if ((is_symlink = S_ISLNK(fileinfo.st_mode)) != 0)
307 {
308 if (stat(filename, &fileinfo))
309 {
310 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is a bad symlink - %s",
311 filename, strerror(errno));
312 return (-1);
313 }
314 }
315
316 /*
317 * Make sure it's a regular file or a directory as needed...
318 */
319
320 if (!dir_created && !is_dir && !S_ISREG(fileinfo.st_mode))
321 {
322 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a regular file.", filename);
323 return (-1);
324 }
325
326 if (!dir_created && is_dir && !S_ISDIR(fileinfo.st_mode))
327 {
328 if (create_dir >= 0)
329 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a directory.", filename);
330 else
331 syslog(LOG_ERR, "\"%s\" is not a directory.", filename);
332
333 return (-1);
334 }
335
336 /*
337 * If the filename is a symlink, do not change permissions (STR #2937)...
338 */
339
340 if (is_symlink)
341 return (0);
342
343 /*
344 * Fix owner, group, and mode as needed...
345 */
346
347 if (dir_created || fileinfo.st_uid != user || fileinfo.st_gid != group)
348 {
349 if (create_dir >= 0)
350 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing ownership of \"%s\"",
351 filename);
352
353 if (chown(filename, user, group) && !getuid())
354 {
355 if (create_dir >= 0)
356 cupsdLogMessage(CUPSD_LOG_ERROR,
357 "Unable to change ownership of \"%s\" - %s", filename,
358 strerror(errno));
359 else
360 syslog(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename,
361 strerror(errno));
362
363 return (1);
364 }
365 }
366
367 if (dir_created || (fileinfo.st_mode & 07777) != mode)
368 {
369 if (create_dir >= 0)
370 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing access permissions of \"%s\"",
371 filename);
372
373 if (chmod(filename, mode))
374 {
375 if (create_dir >= 0)
376 cupsdLogMessage(CUPSD_LOG_ERROR,
377 "Unable to change permissions of \"%s\" - %s", filename,
378 strerror(errno));
379 else
380 syslog(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename,
381 strerror(errno));
382
383 return (1);
384 }
385 }
386
387 /*
388 * Everything is OK...
389 */
390
391 return (0);
392 }
393
394
395 /*
396 * 'cupsdDefaultAuthType()' - Get the default AuthType.
397 *
398 * When the default_auth_type is "auto", this function tries to get the GSS
399 * credentials for the server. If that succeeds we use Kerberos authentication,
400 * otherwise we do a fallback to Basic authentication against the local user
401 * accounts.
402 */
403
404 int /* O - Default AuthType value */
405 cupsdDefaultAuthType(void)
406 {
407 #ifdef HAVE_GSSAPI
408 OM_uint32 major_status, /* Major status code */
409 minor_status; /* Minor status code */
410 gss_name_t server_name; /* Server name */
411 gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
412 /* Service name token */
413 char buf[1024]; /* Service name buffer */
414 #endif /* HAVE_GSSAPI */
415
416
417 /*
418 * If we have already determined the correct default AuthType, use it...
419 */
420
421 if (default_auth_type != CUPSD_AUTH_AUTO)
422 return (default_auth_type);
423
424 #ifdef HAVE_GSSAPI
425 # ifdef __APPLE__
426 /*
427 * If the weak-linked GSSAPI/Kerberos library is not present, don't try
428 * to use it...
429 */
430
431 if (gss_init_sec_context == NULL)
432 return (default_auth_type = CUPSD_AUTH_BASIC);
433 # endif /* __APPLE__ */
434
435 /*
436 * Try to obtain the server's GSS credentials (GSSServiceName@servername). If
437 * that fails we must use Basic...
438 */
439
440 snprintf(buf, sizeof(buf), "%s@%s", GSSServiceName, ServerName);
441
442 token.value = buf;
443 token.length = strlen(buf);
444 server_name = GSS_C_NO_NAME;
445 major_status = gss_import_name(&minor_status, &token,
446 GSS_C_NT_HOSTBASED_SERVICE,
447 &server_name);
448
449 memset(&token, 0, sizeof(token));
450
451 if (GSS_ERROR(major_status))
452 {
453 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
454 "cupsdDefaultAuthType: gss_import_name(%s) failed", buf);
455 return (default_auth_type = CUPSD_AUTH_BASIC);
456 }
457
458 major_status = gss_display_name(&minor_status, server_name, &token, NULL);
459
460 if (GSS_ERROR(major_status))
461 {
462 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
463 "cupsdDefaultAuthType: gss_display_name(%s) failed",
464 buf);
465 return (default_auth_type = CUPSD_AUTH_BASIC);
466 }
467
468 cupsdLogMessage(CUPSD_LOG_DEBUG,
469 "cupsdDefaultAuthType: Attempting to acquire Kerberos "
470 "credentials for %s...", (char *)token.value);
471
472 ServerCreds = GSS_C_NO_CREDENTIAL;
473 major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE,
474 GSS_C_NO_OID_SET, GSS_C_ACCEPT,
475 &ServerCreds, NULL, NULL);
476 if (GSS_ERROR(major_status))
477 {
478 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
479 "cupsdDefaultAuthType: gss_acquire_cred(%s) failed",
480 (char *)token.value);
481 gss_release_name(&minor_status, &server_name);
482 gss_release_buffer(&minor_status, &token);
483 return (default_auth_type = CUPSD_AUTH_BASIC);
484 }
485
486 cupsdLogMessage(CUPSD_LOG_DEBUG,
487 "cupsdDefaultAuthType: Kerberos credentials acquired "
488 "successfully for %s.", (char *)token.value);
489
490 gss_release_name(&minor_status, &server_name);
491 gss_release_buffer(&minor_status, &token);
492
493 HaveServerCreds = 1;
494
495 return (default_auth_type = CUPSD_AUTH_NEGOTIATE);
496
497 #else
498 /*
499 * No Kerberos support compiled in so just use Basic all the time...
500 */
501
502 return (default_auth_type = CUPSD_AUTH_BASIC);
503 #endif /* HAVE_GSSAPI */
504 }
505
506
507 /*
508 * 'cupsdFreeAliases()' - Free all of the alias entries.
509 */
510
511 void
512 cupsdFreeAliases(cups_array_t *aliases) /* I - Array of aliases */
513 {
514 cupsd_alias_t *a; /* Current alias */
515
516
517 for (a = (cupsd_alias_t *)cupsArrayFirst(aliases);
518 a;
519 a = (cupsd_alias_t *)cupsArrayNext(aliases))
520 free(a);
521
522 cupsArrayDelete(aliases);
523 }
524
525
526 /*
527 * 'cupsdReadConfiguration()' - Read the cupsd.conf file.
528 */
529
530 int /* O - 1 on success, 0 otherwise */
531 cupsdReadConfiguration(void)
532 {
533 int i; /* Looping var */
534 cups_file_t *fp; /* Configuration file */
535 int status; /* Return status */
536 char temp[1024], /* Temporary buffer */
537 mimedir[1024], /* MIME directory */
538 *slash; /* Directory separator */
539 cups_lang_t *language; /* Language */
540 struct passwd *user; /* Default user */
541 struct group *group; /* Default group */
542 char *old_serverroot, /* Old ServerRoot */
543 *old_requestroot; /* Old RequestRoot */
544 int old_remote_port; /* Old RemotePort */
545 const char *tmpdir; /* TMPDIR environment variable */
546 struct stat tmpinfo; /* Temporary directory info */
547 cupsd_policy_t *p; /* Policy */
548
549
550 /*
551 * Save the old root paths...
552 */
553
554 old_serverroot = NULL;
555 cupsdSetString(&old_serverroot, ServerRoot);
556 old_requestroot = NULL;
557 cupsdSetString(&old_requestroot, RequestRoot);
558
559 /*
560 * Reset the server configuration data...
561 */
562
563 cupsdDeleteAllLocations();
564
565 cupsdDeleteAllListeners();
566
567 old_remote_port = RemotePort;
568 RemotePort = 0;
569
570 /*
571 * String options...
572 */
573
574 cupsdFreeAliases(ServerAlias);
575 ServerAlias = NULL;
576
577 cupsdClearString(&ServerName);
578 cupsdClearString(&ServerAdmin);
579 cupsdSetString(&ServerBin, CUPS_SERVERBIN);
580 cupsdSetString(&RequestRoot, CUPS_REQUESTS);
581 cupsdSetString(&CacheDir, CUPS_CACHEDIR);
582 cupsdSetString(&DataDir, CUPS_DATADIR);
583 cupsdSetString(&DocumentRoot, CUPS_DOCROOT);
584 cupsdSetString(&AccessLog, CUPS_LOGDIR "/access_log");
585 cupsdClearString(&ErrorLog);
586 cupsdSetString(&PageLog, CUPS_LOGDIR "/page_log");
587 cupsdSetString(&PageLogFormat,
588 "%p %u %j %T %P %C %{job-billing} "
589 "%{job-originating-host-name} %{job-name} %{media} %{sides}");
590 cupsdSetString(&Printcap, CUPS_DEFAULT_PRINTCAP);
591 cupsdSetString(&FontPath, CUPS_FONTPATH);
592 cupsdSetString(&RemoteRoot, "remroot");
593 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d", CUPS_VERSION_MAJOR,
594 CUPS_VERSION_MINOR);
595 cupsdSetString(&StateDir, CUPS_STATEDIR);
596
597 if (!strcmp(CUPS_DEFAULT_PRINTCAP, "/etc/printers.conf"))
598 PrintcapFormat = PRINTCAP_SOLARIS;
599 else if (!strcmp(CUPS_DEFAULT_PRINTCAP,
600 "/Library/Preferences/org.cups.printers.plist"))
601 PrintcapFormat = PRINTCAP_PLIST;
602 else
603 PrintcapFormat = PRINTCAP_BSD;
604
605 strlcpy(temp, ConfigurationFile, sizeof(temp));
606 if ((slash = strrchr(temp, '/')) != NULL)
607 *slash = '\0';
608
609 cupsdSetString(&ServerRoot, temp);
610
611 cupsdClearString(&Classification);
612 ClassifyOverride = 0;
613
614 #ifdef HAVE_SSL
615 # ifdef HAVE_CDSASSL
616 cupsdSetString(&ServerCertificate, "/Library/Keychains/System.keychain");
617 # else
618 cupsdSetString(&ServerCertificate, "ssl/server.crt");
619 cupsdSetString(&ServerKey, "ssl/server.key");
620 # endif /* HAVE_CDSASSL */
621 #endif /* HAVE_SSL */
622
623 language = cupsLangDefault();
624
625 if (!strcmp(language->language, "C") || !strcmp(language->language, "POSIX"))
626 cupsdSetString(&DefaultLanguage, "en");
627 else
628 cupsdSetString(&DefaultLanguage, language->language);
629
630 cupsdClearString(&DefaultPaperSize);
631
632 cupsdSetString(&RIPCache, "128m");
633
634 cupsdSetString(&TempDir, NULL);
635
636 #ifdef HAVE_GSSAPI
637 cupsdSetString(&GSSServiceName, CUPS_DEFAULT_GSSSERVICENAME);
638
639 if (HaveServerCreds)
640 {
641 OM_uint32 minor_status; /* Minor status code */
642
643 gss_release_cred(&minor_status, &ServerCreds);
644
645 HaveServerCreds = 0;
646 }
647
648 ServerCreds = GSS_C_NO_CREDENTIAL;
649 #endif /* HAVE_GSSAPI */
650
651 /*
652 * Find the default user...
653 */
654
655 if ((user = getpwnam(CUPS_DEFAULT_USER)) != NULL)
656 User = user->pw_uid;
657 else
658 {
659 /*
660 * Use the (historical) NFS nobody user ID (-2 as a 16-bit twos-
661 * complement number...)
662 */
663
664 User = 65534;
665 }
666
667 endpwent();
668
669 /*
670 * Find the default group...
671 */
672
673 group = getgrnam(CUPS_DEFAULT_GROUP);
674 endgrent();
675
676 if (group)
677 Group = group->gr_gid;
678 else
679 {
680 /*
681 * Fallback to group "nobody"...
682 */
683
684 group = getgrnam("nobody");
685 endgrent();
686
687 if (group)
688 Group = group->gr_gid;
689 else
690 {
691 /*
692 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
693 * complement number...)
694 */
695
696 Group = 65534;
697 }
698 }
699
700 /*
701 * Numeric options...
702 */
703
704 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
705 ConfigFilePerm = CUPS_DEFAULT_CONFIG_FILE_PERM;
706 FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS);
707 default_auth_type = CUPSD_AUTH_BASIC;
708 #ifdef HAVE_SSL
709 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
710 SSLOptions = CUPSD_SSL_NONE;
711 #endif /* HAVE_SSL */
712 DirtyCleanInterval = DEFAULT_KEEPALIVE;
713 JobKillDelay = DEFAULT_TIMEOUT;
714 JobRetryLimit = 5;
715 JobRetryInterval = 300;
716 FileDevice = FALSE;
717 FilterLevel = 0;
718 FilterLimit = 0;
719 FilterNice = 0;
720 HostNameLookups = FALSE;
721 KeepAlive = TRUE;
722 KeepAliveTimeout = DEFAULT_KEEPALIVE;
723 ListenBackLog = SOMAXCONN;
724 LogDebugHistory = 200;
725 LogFilePerm = CUPS_DEFAULT_LOG_FILE_PERM;
726 LogLevel = CUPSD_LOG_WARN;
727 LogTimeFormat = CUPSD_TIME_STANDARD;
728 MaxClients = 100;
729 MaxClientsPerHost = 0;
730 MaxLogSize = 1024 * 1024;
731 MaxRequestSize = 0;
732 MultipleOperationTimeout = DEFAULT_TIMEOUT;
733 NumSystemGroups = 0;
734 ReloadTimeout = DEFAULT_KEEPALIVE;
735 RootCertDuration = 300;
736 StrictConformance = FALSE;
737 Timeout = DEFAULT_TIMEOUT;
738 WebInterface = CUPS_DEFAULT_WEBIF;
739
740 BrowseLocalProtocols = parse_protocols(CUPS_DEFAULT_BROWSE_LOCAL_PROTOCOLS);
741 BrowseWebIF = FALSE;
742 Browsing = CUPS_DEFAULT_BROWSING;
743 DefaultShared = CUPS_DEFAULT_DEFAULT_SHARED;
744
745 #if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
746 cupsdSetString(&DNSSDSubTypes, "_cups,_print");
747 #endif /* HAVE_DNSSD || HAVE_AVAHI */
748
749 cupsdSetString(&LPDConfigFile, CUPS_DEFAULT_LPD_CONFIG_FILE);
750 cupsdSetString(&SMBConfigFile, CUPS_DEFAULT_SMB_CONFIG_FILE);
751
752 cupsdSetString(&ErrorPolicy, "stop-printer");
753
754 JobHistory = DEFAULT_HISTORY;
755 JobFiles = DEFAULT_FILES;
756 JobAutoPurge = 0;
757 MaxHoldTime = 0;
758 MaxJobs = 500;
759 MaxActiveJobs = 0;
760 MaxJobsPerUser = 0;
761 MaxJobsPerPrinter = 0;
762 MaxJobTime = 3 * 60 * 60; /* 3 hours */
763 MaxCopies = CUPS_DEFAULT_MAX_COPIES;
764
765 cupsdDeleteAllPolicies();
766 cupsdClearString(&DefaultPolicy);
767
768 #ifdef HAVE_AUTHORIZATION_H
769 cupsdClearString(&SystemGroupAuthKey);
770 #endif /* HAVE_AUTHORIZATION_H */
771
772 MaxSubscriptions = 100;
773 MaxSubscriptionsPerJob = 0;
774 MaxSubscriptionsPerPrinter = 0;
775 MaxSubscriptionsPerUser = 0;
776 DefaultLeaseDuration = 86400;
777 MaxLeaseDuration = 0;
778
779 #ifdef HAVE_LAUNCHD
780 LaunchdTimeout = 10;
781 #endif /* HAVE_LAUNCHD */
782
783 /*
784 * Setup environment variables...
785 */
786
787 cupsdInitEnv();
788
789 /*
790 * Read the cups-files.conf file...
791 */
792
793 if ((fp = cupsFileOpen(CupsFilesFile, "r")) != NULL)
794 {
795 status = read_cups_files_conf(fp);
796
797 cupsFileClose(fp);
798
799 if (!status)
800 return (0);
801 }
802 else if (errno == ENOENT)
803 cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile);
804 else
805 {
806 cupsdLogMessage(CUPSD_LOG_CRIT, "Unable to open %s: %s", CupsFilesFile,
807 strerror(errno));
808 return (0);
809 }
810
811 if (!ErrorLog)
812 cupsdSetString(&ErrorLog, CUPS_LOGDIR "/error_log");
813
814 /*
815 * Read the cupsd.conf file...
816 */
817
818 if ((fp = cupsFileOpen(ConfigurationFile, "r")) == NULL)
819 {
820 cupsdLogMessage(CUPSD_LOG_CRIT, "Unable to open %s: %s", ConfigurationFile,
821 strerror(errno));
822 return (0);
823 }
824
825 status = read_cupsd_conf(fp);
826
827 cupsFileClose(fp);
828
829 if (!status)
830 return (0);
831
832 RunUser = getuid();
833
834 cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
835 RemotePort ? "enabled" : "disabled");
836
837 if (!RemotePort)
838 BrowseLocalProtocols = 0; /* Disable sharing - no remote access */
839
840 /*
841 * See if the ServerName is an IP address...
842 */
843
844 if (ServerName)
845 {
846 if (!ServerAlias)
847 ServerAlias = cupsArrayNew(NULL, NULL);
848
849 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", ServerName);
850 }
851 else
852 {
853 if (gethostname(temp, sizeof(temp)))
854 {
855 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get hostname: %s",
856 strerror(errno));
857 strlcpy(temp, "localhost", sizeof(temp));
858 }
859
860 cupsdSetString(&ServerName, temp);
861
862 if (!ServerAlias)
863 ServerAlias = cupsArrayNew(NULL, NULL);
864
865 cupsdAddAlias(ServerAlias, temp);
866 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
867
868 if (HostNameLookups || RemotePort)
869 {
870 struct hostent *host; /* Host entry to get FQDN */
871
872 if ((host = gethostbyname(temp)) != NULL)
873 {
874 if (_cups_strcasecmp(temp, host->h_name))
875 {
876 cupsdSetString(&ServerName, host->h_name);
877 cupsdAddAlias(ServerAlias, host->h_name);
878 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
879 host->h_name);
880 }
881
882 if (host->h_aliases)
883 {
884 for (i = 0; host->h_aliases[i]; i ++)
885 if (_cups_strcasecmp(temp, host->h_aliases[i]))
886 {
887 cupsdAddAlias(ServerAlias, host->h_aliases[i]);
888 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
889 host->h_aliases[i]);
890 }
891 }
892 }
893 }
894
895 /*
896 * Make sure we have the base hostname added as an alias, too!
897 */
898
899 if ((slash = strchr(temp, '.')) != NULL)
900 {
901 *slash = '\0';
902 cupsdAddAlias(ServerAlias, temp);
903 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
904 }
905 }
906
907 for (slash = ServerName; isdigit(*slash & 255) || *slash == '.'; slash ++);
908
909 ServerNameIsIP = !*slash;
910
911 /*
912 * Make sure ServerAdmin is initialized...
913 */
914
915 if (!ServerAdmin)
916 cupsdSetStringf(&ServerAdmin, "root@%s", ServerName);
917
918 /*
919 * Use the default system group if none was supplied in cupsd.conf...
920 */
921
922 if (NumSystemGroups == 0)
923 {
924 if (!parse_groups(CUPS_DEFAULT_SYSTEM_GROUPS))
925 {
926 /*
927 * Find the group associated with GID 0...
928 */
929
930 group = getgrgid(0);
931 endgrent();
932
933 if (group != NULL)
934 cupsdSetString(&SystemGroups[0], group->gr_name);
935 else
936 cupsdSetString(&SystemGroups[0], "unknown");
937
938 SystemGroupIDs[0] = 0;
939 NumSystemGroups = 1;
940 }
941 }
942
943 /*
944 * Open the system log for cupsd if necessary...
945 */
946
947 #ifdef HAVE_VSYSLOG
948 if (!strcmp(AccessLog, "syslog") ||
949 !strcmp(ErrorLog, "syslog") ||
950 !strcmp(PageLog, "syslog"))
951 openlog("cupsd", LOG_PID | LOG_NOWAIT | LOG_NDELAY, LOG_LPR);
952 #endif /* HAVE_VSYSLOG */
953
954 /*
955 * Make sure each of the log files exists and gets rotated as necessary...
956 */
957
958 if (strcmp(AccessLog, "syslog"))
959 cupsdCheckLogFile(&AccessFile, AccessLog);
960
961 if (strcmp(ErrorLog, "syslog"))
962 cupsdCheckLogFile(&ErrorFile, ErrorLog);
963
964 if (strcmp(PageLog, "syslog"))
965 cupsdCheckLogFile(&PageFile, PageLog);
966
967 /*
968 * Log the configuration file that was used...
969 */
970
971 cupsdLogMessage(CUPSD_LOG_INFO, "Loaded configuration file \"%s\"",
972 ConfigurationFile);
973
974 /*
975 * Validate the Group and SystemGroup settings - they cannot be the same,
976 * otherwise the CGI programs will be able to authenticate as root without
977 * a password!
978 */
979
980 if (!RunUser)
981 {
982 for (i = 0; i < NumSystemGroups; i ++)
983 if (Group == SystemGroupIDs[i])
984 break;
985
986 if (i < NumSystemGroups)
987 {
988 /*
989 * Log the error and reset the group to a safe value...
990 */
991
992 cupsdLogMessage(CUPSD_LOG_NOTICE,
993 "Group and SystemGroup cannot use the same groups.");
994 cupsdLogMessage(CUPSD_LOG_INFO, "Resetting Group to \"nobody\"...");
995
996 group = getgrnam("nobody");
997 endgrent();
998
999 if (group != NULL)
1000 Group = group->gr_gid;
1001 else
1002 {
1003 /*
1004 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
1005 * complement number...)
1006 */
1007
1008 Group = 65534;
1009 }
1010 }
1011 }
1012
1013 /*
1014 * Check that we have at least one listen/port line; if not, report this
1015 * as an error and exit!
1016 */
1017
1018 if (cupsArrayCount(Listeners) == 0)
1019 {
1020 /*
1021 * No listeners!
1022 */
1023
1024 cupsdLogMessage(CUPSD_LOG_EMERG,
1025 "No valid Listen or Port lines were found in the "
1026 "configuration file.");
1027
1028 /*
1029 * Commit suicide...
1030 */
1031
1032 cupsdEndProcess(getpid(), 0);
1033 }
1034
1035 /*
1036 * Set the default locale using the language and charset...
1037 */
1038
1039 cupsdSetStringf(&DefaultLocale, "%s.UTF-8", DefaultLanguage);
1040
1041 /*
1042 * Update all relative filenames to include the full path from ServerRoot...
1043 */
1044
1045 if (DocumentRoot[0] != '/')
1046 cupsdSetStringf(&DocumentRoot, "%s/%s", ServerRoot, DocumentRoot);
1047
1048 if (RequestRoot[0] != '/')
1049 cupsdSetStringf(&RequestRoot, "%s/%s", ServerRoot, RequestRoot);
1050
1051 if (ServerBin[0] != '/')
1052 cupsdSetStringf(&ServerBin, "%s/%s", ServerRoot, ServerBin);
1053
1054 if (StateDir[0] != '/')
1055 cupsdSetStringf(&StateDir, "%s/%s", ServerRoot, StateDir);
1056
1057 if (CacheDir[0] != '/')
1058 cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir);
1059
1060 #ifdef HAVE_SSL
1061 if (ServerCertificate[0] != '/')
1062 cupsdSetStringf(&ServerCertificate, "%s/%s", ServerRoot, ServerCertificate);
1063
1064 if (!strncmp(ServerRoot, ServerCertificate, strlen(ServerRoot)) &&
1065 cupsdCheckPermissions(ServerCertificate, NULL, 0600, RunUser, Group,
1066 0, 0) < 0 &&
1067 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1068 return (0);
1069
1070 # if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
1071 if (ServerKey[0] != '/')
1072 cupsdSetStringf(&ServerKey, "%s/%s", ServerRoot, ServerKey);
1073
1074 if (!strncmp(ServerRoot, ServerKey, strlen(ServerRoot)) &&
1075 cupsdCheckPermissions(ServerKey, NULL, 0600, RunUser, Group, 0, 0) < 0 &&
1076 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1077 return (0);
1078 # endif /* HAVE_LIBSSL || HAVE_GNUTLS */
1079 #endif /* HAVE_SSL */
1080
1081 /*
1082 * Make sure that directories and config files are owned and
1083 * writable by the user and group in the cupsd.conf file...
1084 */
1085
1086 snprintf(temp, sizeof(temp), "%s/rss", CacheDir);
1087
1088 if ((cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser,
1089 Group, 1, 1) < 0 ||
1090 cupsdCheckPermissions(CacheDir, NULL, 0775, RunUser,
1091 Group, 1, 1) < 0 ||
1092 cupsdCheckPermissions(temp, NULL, 0775, RunUser,
1093 Group, 1, 1) < 0 ||
1094 cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
1095 Group, 1, 1) < 0 ||
1096 cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
1097 SystemGroupIDs[0], 1, 1) < 0 ||
1098 cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
1099 Group, 1, 0) < 0 ||
1100 cupsdCheckPermissions(ServerRoot, "ppd", 0755, RunUser,
1101 Group, 1, 1) < 0 ||
1102 cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser,
1103 Group, 1, 0) < 0 ||
1104 cupsdCheckPermissions(ServerRoot, "cupsd.conf", ConfigFilePerm, RunUser,
1105 Group, 0, 0) < 0 ||
1106 cupsdCheckPermissions(ServerRoot, "classes.conf", 0600, RunUser,
1107 Group, 0, 0) < 0 ||
1108 cupsdCheckPermissions(ServerRoot, "printers.conf", 0600, RunUser,
1109 Group, 0, 0) < 0 ||
1110 cupsdCheckPermissions(ServerRoot, "passwd.md5", 0600, User,
1111 Group, 0, 0) < 0) &&
1112 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1113 return (0);
1114
1115 /*
1116 * Update TempDir to the default if it hasn't been set already...
1117 */
1118
1119 if (!TempDir)
1120 {
1121 #ifdef __APPLE__
1122 if ((tmpdir = getenv("TMPDIR")) != NULL &&
1123 strncmp(tmpdir, "/private/tmp", 12))
1124 #else
1125 if ((tmpdir = getenv("TMPDIR")) != NULL)
1126 #endif /* __APPLE__ */
1127 {
1128 /*
1129 * TMPDIR is defined, see if it is OK for us to use...
1130 */
1131
1132 if (stat(tmpdir, &tmpinfo))
1133 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to access TMPDIR (%s): %s",
1134 tmpdir, strerror(errno));
1135 else if (!S_ISDIR(tmpinfo.st_mode))
1136 cupsdLogMessage(CUPSD_LOG_ERROR, "TMPDIR (%s) is not a directory.",
1137 tmpdir);
1138 else if ((tmpinfo.st_uid != User || !(tmpinfo.st_mode & S_IWUSR)) &&
1139 (tmpinfo.st_gid != Group || !(tmpinfo.st_mode & S_IWGRP)) &&
1140 !(tmpinfo.st_mode & S_IWOTH))
1141 cupsdLogMessage(CUPSD_LOG_ERROR,
1142 "TMPDIR (%s) has the wrong permissions.", tmpdir);
1143 else
1144 cupsdSetString(&TempDir, tmpdir);
1145 }
1146
1147 if (!TempDir)
1148 {
1149 cupsdLogMessage(CUPSD_LOG_INFO, "Using default TempDir of %s/tmp...",
1150 RequestRoot);
1151 cupsdSetStringf(&TempDir, "%s/tmp", RequestRoot);
1152 }
1153 }
1154
1155 /*
1156 * Make sure the temporary directory has the right permissions...
1157 */
1158
1159 if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)) ||
1160 access(TempDir, 0))
1161 {
1162 /*
1163 * Update ownership and permissions if the CUPS temp directory
1164 * is under the spool directory or does not exist...
1165 */
1166
1167 if (cupsdCheckPermissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0 &&
1168 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1169 return (0);
1170 }
1171
1172 /*
1173 * Update environment variables...
1174 */
1175
1176 cupsdUpdateEnv();
1177
1178 /*
1179 * Update default paper size setting as needed...
1180 */
1181
1182 if (!DefaultPaperSize)
1183 {
1184 #ifdef HAVE_LIBPAPER
1185 char *paper_result; /* Paper size name from libpaper */
1186
1187 if ((paper_result = systempapername()) != NULL)
1188 cupsdSetString(&DefaultPaperSize, paper_result);
1189 else
1190 #endif /* HAVE_LIBPAPER */
1191 if (!DefaultLanguage ||
1192 !_cups_strcasecmp(DefaultLanguage, "C") ||
1193 !_cups_strcasecmp(DefaultLanguage, "POSIX") ||
1194 !_cups_strcasecmp(DefaultLanguage, "en") ||
1195 !_cups_strncasecmp(DefaultLanguage, "en.", 3) ||
1196 !_cups_strncasecmp(DefaultLanguage, "en_US", 5) ||
1197 !_cups_strncasecmp(DefaultLanguage, "en_CA", 5) ||
1198 !_cups_strncasecmp(DefaultLanguage, "fr_CA", 5))
1199 {
1200 /*
1201 * These are the only locales that will default to "letter" size...
1202 */
1203
1204 cupsdSetString(&DefaultPaperSize, "Letter");
1205 }
1206 else
1207 cupsdSetString(&DefaultPaperSize, "A4");
1208 }
1209
1210 /*
1211 * Update classification setting as needed...
1212 */
1213
1214 if (Classification && !_cups_strcasecmp(Classification, "none"))
1215 cupsdClearString(&Classification);
1216
1217 if (Classification)
1218 cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
1219
1220 /*
1221 * Check the MaxClients setting, and then allocate memory for it...
1222 */
1223
1224 if (MaxClients > (MaxFDs / 3) || MaxClients <= 0)
1225 {
1226 if (MaxClients > 0)
1227 cupsdLogMessage(CUPSD_LOG_INFO,
1228 "MaxClients limited to 1/3 (%d) of the file descriptor "
1229 "limit (%d)...",
1230 MaxFDs / 3, MaxFDs);
1231
1232 MaxClients = MaxFDs / 3;
1233 }
1234
1235 cupsdLogMessage(CUPSD_LOG_INFO, "Configured for up to %d clients.",
1236 MaxClients);
1237
1238 /*
1239 * Check the MaxActiveJobs setting; limit to 1/3 the available
1240 * file descriptors, since we need a pipe for each job...
1241 */
1242
1243 if (MaxActiveJobs > (MaxFDs / 3))
1244 MaxActiveJobs = MaxFDs / 3;
1245
1246 /*
1247 * Update the MaxClientsPerHost value, as needed...
1248 */
1249
1250 if (MaxClientsPerHost <= 0)
1251 MaxClientsPerHost = MaxClients;
1252
1253 if (MaxClientsPerHost > MaxClients)
1254 MaxClientsPerHost = MaxClients;
1255
1256 cupsdLogMessage(CUPSD_LOG_INFO,
1257 "Allowing up to %d client connections per host.",
1258 MaxClientsPerHost);
1259
1260 /*
1261 * Update the default policy, as needed...
1262 */
1263
1264 if (DefaultPolicy)
1265 DefaultPolicyPtr = cupsdFindPolicy(DefaultPolicy);
1266 else
1267 DefaultPolicyPtr = NULL;
1268
1269 if (!DefaultPolicyPtr)
1270 {
1271 cupsd_location_t *po; /* New policy operation */
1272
1273
1274 if (DefaultPolicy)
1275 cupsdLogMessage(CUPSD_LOG_ERROR, "Default policy \"%s\" not found.",
1276 DefaultPolicy);
1277
1278 cupsdSetString(&DefaultPolicy, "default");
1279
1280 if ((DefaultPolicyPtr = cupsdFindPolicy("default")) != NULL)
1281 cupsdLogMessage(CUPSD_LOG_INFO,
1282 "Using policy \"default\" as the default.");
1283 else
1284 {
1285 cupsdLogMessage(CUPSD_LOG_INFO,
1286 "Creating CUPS default administrative policy:");
1287
1288 DefaultPolicyPtr = p = cupsdAddPolicy("default");
1289
1290 cupsdLogMessage(CUPSD_LOG_INFO, "<Policy default>");
1291
1292 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateAccess default");
1293 cupsdAddString(&(p->job_access), "@OWNER");
1294 cupsdAddString(&(p->job_access), "@SYSTEM");
1295
1296 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateValues default");
1297 cupsdAddString(&(p->job_attrs), "job-name");
1298 cupsdAddString(&(p->job_attrs), "job-originating-host-name");
1299 cupsdAddString(&(p->job_attrs), "job-originating-user-name");
1300
1301 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateAccess default");
1302 cupsdAddString(&(p->sub_access), "@OWNER");
1303 cupsdAddString(&(p->sub_access), "@SYSTEM");
1304
1305 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateValues default");
1306 cupsdAddString(&(p->job_attrs), "notify-events");
1307 cupsdAddString(&(p->job_attrs), "notify-pull-method");
1308 cupsdAddString(&(p->job_attrs), "notify-recipient-uri");
1309 cupsdAddString(&(p->job_attrs), "notify-subscriber-user-name");
1310 cupsdAddString(&(p->job_attrs), "notify-user-data");
1311
1312 cupsdLogMessage(CUPSD_LOG_INFO,
1313 "<Limit Create-Job Print-Job Print-URI Validate-Job>");
1314 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1315
1316 po = cupsdAddPolicyOp(p, NULL, IPP_CREATE_JOB);
1317 po->order_type = CUPSD_AUTH_ALLOW;
1318
1319 cupsdAddPolicyOp(p, po, IPP_PRINT_JOB);
1320 cupsdAddPolicyOp(p, po, IPP_PRINT_URI);
1321 cupsdAddPolicyOp(p, po, IPP_VALIDATE_JOB);
1322
1323 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1324
1325 cupsdLogMessage(CUPSD_LOG_INFO,
1326 "<Limit Send-Document Send-URI Cancel-Job Hold-Job "
1327 "Release-Job Restart-Job Purge-Jobs "
1328 "Set-Job-Attributes Create-Job-Subscription "
1329 "Renew-Subscription Cancel-Subscription "
1330 "Get-Notifications Reprocess-Job Cancel-Current-Job "
1331 "Suspend-Current-Job Resume-Job "
1332 "Cancel-My-Jobs Close-Job CUPS-Move-Job "
1333 "CUPS-Authenticate-Job CUPS-Get-Document>");
1334 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1335
1336 po = cupsdAddPolicyOp(p, NULL, IPP_SEND_DOCUMENT);
1337 po->order_type = CUPSD_AUTH_ALLOW;
1338 po->level = CUPSD_AUTH_USER;
1339
1340 cupsdAddName(po, "@OWNER");
1341 cupsdAddName(po, "@SYSTEM");
1342 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @OWNER @SYSTEM");
1343
1344 cupsdAddPolicyOp(p, po, IPP_SEND_URI);
1345 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOB);
1346 cupsdAddPolicyOp(p, po, IPP_HOLD_JOB);
1347 cupsdAddPolicyOp(p, po, IPP_RELEASE_JOB);
1348 cupsdAddPolicyOp(p, po, IPP_RESTART_JOB);
1349 cupsdAddPolicyOp(p, po, IPP_PURGE_JOBS);
1350 cupsdAddPolicyOp(p, po, IPP_SET_JOB_ATTRIBUTES);
1351 cupsdAddPolicyOp(p, po, IPP_CREATE_JOB_SUBSCRIPTION);
1352 cupsdAddPolicyOp(p, po, IPP_RENEW_SUBSCRIPTION);
1353 cupsdAddPolicyOp(p, po, IPP_CANCEL_SUBSCRIPTION);
1354 cupsdAddPolicyOp(p, po, IPP_GET_NOTIFICATIONS);
1355 cupsdAddPolicyOp(p, po, IPP_REPROCESS_JOB);
1356 cupsdAddPolicyOp(p, po, IPP_CANCEL_CURRENT_JOB);
1357 cupsdAddPolicyOp(p, po, IPP_SUSPEND_CURRENT_JOB);
1358 cupsdAddPolicyOp(p, po, IPP_RESUME_JOB);
1359 cupsdAddPolicyOp(p, po, IPP_CANCEL_MY_JOBS);
1360 cupsdAddPolicyOp(p, po, IPP_CLOSE_JOB);
1361 cupsdAddPolicyOp(p, po, CUPS_MOVE_JOB);
1362 cupsdAddPolicyOp(p, po, CUPS_AUTHENTICATE_JOB);
1363 cupsdAddPolicyOp(p, po, CUPS_GET_DOCUMENT);
1364
1365 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1366
1367 cupsdLogMessage(CUPSD_LOG_INFO,
1368 "<Limit Pause-Printer Resume-Printer "
1369 "Set-Printer-Attributes Enable-Printer "
1370 "Disable-Printer Pause-Printer-After-Current-Job "
1371 "Hold-New-Jobs Release-Held-New-Jobs "
1372 "Deactivate-Printer Activate-Printer Restart-Printer "
1373 "Shutdown-Printer Startup-Printer Promote-Job "
1374 "Schedule-Job-After Cancel-Jobs CUPS-Add-Printer "
1375 "CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class "
1376 "CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>");
1377 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1378 cupsdLogMessage(CUPSD_LOG_INFO, "AuthType Default");
1379
1380 po = cupsdAddPolicyOp(p, NULL, IPP_PAUSE_PRINTER);
1381 po->order_type = CUPSD_AUTH_ALLOW;
1382 po->type = CUPSD_AUTH_DEFAULT;
1383 po->level = CUPSD_AUTH_USER;
1384
1385 cupsdAddName(po, "@SYSTEM");
1386 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @SYSTEM");
1387
1388 cupsdAddPolicyOp(p, po, IPP_RESUME_PRINTER);
1389 cupsdAddPolicyOp(p, po, IPP_SET_PRINTER_ATTRIBUTES);
1390 cupsdAddPolicyOp(p, po, IPP_ENABLE_PRINTER);
1391 cupsdAddPolicyOp(p, po, IPP_DISABLE_PRINTER);
1392 cupsdAddPolicyOp(p, po, IPP_PAUSE_PRINTER_AFTER_CURRENT_JOB);
1393 cupsdAddPolicyOp(p, po, IPP_HOLD_NEW_JOBS);
1394 cupsdAddPolicyOp(p, po, IPP_RELEASE_HELD_NEW_JOBS);
1395 cupsdAddPolicyOp(p, po, IPP_DEACTIVATE_PRINTER);
1396 cupsdAddPolicyOp(p, po, IPP_ACTIVATE_PRINTER);
1397 cupsdAddPolicyOp(p, po, IPP_RESTART_PRINTER);
1398 cupsdAddPolicyOp(p, po, IPP_SHUTDOWN_PRINTER);
1399 cupsdAddPolicyOp(p, po, IPP_STARTUP_PRINTER);
1400 cupsdAddPolicyOp(p, po, IPP_PROMOTE_JOB);
1401 cupsdAddPolicyOp(p, po, IPP_SCHEDULE_JOB_AFTER);
1402 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOBS);
1403 cupsdAddPolicyOp(p, po, CUPS_ADD_PRINTER);
1404 cupsdAddPolicyOp(p, po, CUPS_DELETE_PRINTER);
1405 cupsdAddPolicyOp(p, po, CUPS_ADD_CLASS);
1406 cupsdAddPolicyOp(p, po, CUPS_DELETE_CLASS);
1407 cupsdAddPolicyOp(p, po, CUPS_ACCEPT_JOBS);
1408 cupsdAddPolicyOp(p, po, CUPS_REJECT_JOBS);
1409 cupsdAddPolicyOp(p, po, CUPS_SET_DEFAULT);
1410
1411 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1412
1413 cupsdLogMessage(CUPSD_LOG_INFO, "<Limit All>");
1414 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1415
1416 po = cupsdAddPolicyOp(p, NULL, IPP_ANY_OPERATION);
1417 po->order_type = CUPSD_AUTH_ALLOW;
1418
1419 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1420 cupsdLogMessage(CUPSD_LOG_INFO, "</Policy>");
1421 }
1422 }
1423
1424 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: NumPolicies=%d",
1425 cupsArrayCount(Policies));
1426 for (i = 0, p = (cupsd_policy_t *)cupsArrayFirst(Policies);
1427 p;
1428 i ++, p = (cupsd_policy_t *)cupsArrayNext(Policies))
1429 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1430 "cupsdReadConfiguration: Policies[%d]=\"%s\"", i, p->name);
1431
1432 /*
1433 * If we are doing a full reload or the server root has changed, flush
1434 * the jobs, printers, etc. and start from scratch...
1435 */
1436
1437 if (NeedReload == RELOAD_ALL ||
1438 old_remote_port != RemotePort ||
1439 !old_serverroot || !ServerRoot || strcmp(old_serverroot, ServerRoot) ||
1440 !old_requestroot || !RequestRoot || strcmp(old_requestroot, RequestRoot))
1441 {
1442 mime_type_t *type; /* Current type */
1443 char mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE];
1444 /* MIME type name */
1445
1446
1447 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload is required.");
1448
1449 /*
1450 * Free all memory...
1451 */
1452
1453 cupsdDeleteAllSubscriptions();
1454 cupsdFreeAllJobs();
1455 cupsdDeleteAllPrinters();
1456
1457 DefaultPrinter = NULL;
1458
1459 if (MimeDatabase != NULL)
1460 mimeDelete(MimeDatabase);
1461
1462 if (NumMimeTypes)
1463 {
1464 for (i = 0; i < NumMimeTypes; i ++)
1465 _cupsStrFree(MimeTypes[i]);
1466
1467 free(MimeTypes);
1468 }
1469
1470 /*
1471 * Read the MIME type and conversion database...
1472 */
1473
1474 snprintf(temp, sizeof(temp), "%s/filter", ServerBin);
1475 snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir);
1476
1477 MimeDatabase = mimeNew();
1478 mimeSetErrorCallback(MimeDatabase, mime_error_cb, NULL);
1479
1480 MimeDatabase = mimeLoadTypes(MimeDatabase, mimedir);
1481 MimeDatabase = mimeLoadTypes(MimeDatabase, ServerRoot);
1482 MimeDatabase = mimeLoadFilters(MimeDatabase, mimedir, temp);
1483 MimeDatabase = mimeLoadFilters(MimeDatabase, ServerRoot, temp);
1484
1485 if (!MimeDatabase)
1486 {
1487 cupsdLogMessage(CUPSD_LOG_EMERG,
1488 "Unable to load MIME database from \"%s\" or \"%s\".",
1489 mimedir, ServerRoot);
1490 if (FatalErrors & CUPSD_FATAL_CONFIG)
1491 return (0);
1492 }
1493
1494 cupsdLogMessage(CUPSD_LOG_INFO,
1495 "Loaded MIME database from \"%s\" and \"%s\": %d types, "
1496 "%d filters...", mimedir, ServerRoot,
1497 mimeNumTypes(MimeDatabase), mimeNumFilters(MimeDatabase));
1498
1499 /*
1500 * Create a list of MIME types for the document-format-supported
1501 * attribute...
1502 */
1503
1504 NumMimeTypes = mimeNumTypes(MimeDatabase);
1505 if (!mimeType(MimeDatabase, "application", "octet-stream"))
1506 NumMimeTypes ++;
1507
1508 if ((MimeTypes = calloc(NumMimeTypes, sizeof(const char *))) == NULL)
1509 {
1510 cupsdLogMessage(CUPSD_LOG_ERROR,
1511 "Unable to allocate memory for %d MIME types.",
1512 NumMimeTypes);
1513 NumMimeTypes = 0;
1514 }
1515 else
1516 {
1517 for (i = 0, type = mimeFirstType(MimeDatabase);
1518 type;
1519 i ++, type = mimeNextType(MimeDatabase))
1520 {
1521 snprintf(mimetype, sizeof(mimetype), "%s/%s", type->super, type->type);
1522
1523 MimeTypes[i] = _cupsStrAlloc(mimetype);
1524 }
1525
1526 if (i < NumMimeTypes)
1527 MimeTypes[i] = _cupsStrAlloc("application/octet-stream");
1528 }
1529
1530 if (LogLevel == CUPSD_LOG_DEBUG2)
1531 {
1532 mime_filter_t *filter; /* Current filter */
1533
1534
1535 for (type = mimeFirstType(MimeDatabase);
1536 type;
1537 type = mimeNextType(MimeDatabase))
1538 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: type %s/%s",
1539 type->super, type->type);
1540
1541 for (filter = mimeFirstFilter(MimeDatabase);
1542 filter;
1543 filter = mimeNextFilter(MimeDatabase))
1544 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1545 "cupsdReadConfiguration: filter %s/%s to %s/%s %d %s",
1546 filter->src->super, filter->src->type,
1547 filter->dst->super, filter->dst->type,
1548 filter->cost, filter->filter);
1549 }
1550
1551 /*
1552 * Load banners...
1553 */
1554
1555 snprintf(temp, sizeof(temp), "%s/banners", DataDir);
1556 cupsdLoadBanners(temp);
1557
1558 /*
1559 * Load printers and classes...
1560 */
1561
1562 cupsdLoadAllPrinters();
1563 cupsdLoadAllClasses();
1564
1565 cupsdCreateCommonData();
1566
1567 /*
1568 * Update the printcap file as needed...
1569 */
1570
1571 if (Printcap && *Printcap && access(Printcap, 0))
1572 cupsdWritePrintcap();
1573
1574 /*
1575 * Load queued jobs...
1576 */
1577
1578 cupsdLoadAllJobs();
1579
1580 /*
1581 * Load subscriptions...
1582 */
1583
1584 cupsdLoadAllSubscriptions();
1585
1586 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload complete.");
1587 }
1588 else
1589 {
1590 /*
1591 * Not a full reload, so recreate the common printer attributes...
1592 */
1593
1594 cupsdCreateCommonData();
1595
1596 /*
1597 * Update all jobs as needed...
1598 */
1599
1600 cupsdUpdateJobs();
1601
1602 /*
1603 * Update all printers as needed...
1604 */
1605
1606 cupsdUpdatePrinters();
1607 cupsdMarkDirty(CUPSD_DIRTY_PRINTCAP);
1608
1609 cupsdLogMessage(CUPSD_LOG_INFO, "Partial reload complete.");
1610 }
1611
1612 /*
1613 * Reset the reload state...
1614 */
1615
1616 NeedReload = RELOAD_NONE;
1617
1618 cupsdClearString(&old_serverroot);
1619 cupsdClearString(&old_requestroot);
1620
1621 return (1);
1622 }
1623
1624
1625 /*
1626 * 'get_address()' - Get an address + port number from a line.
1627 */
1628
1629 static http_addrlist_t * /* O - Pointer to list if address good, NULL if bad */
1630 get_address(const char *value, /* I - Value string */
1631 int defport) /* I - Default port */
1632 {
1633 char buffer[1024], /* Hostname + port number buffer */
1634 defpname[255], /* Default port name */
1635 *hostname, /* Hostname or IP */
1636 *portname; /* Port number or name */
1637 http_addrlist_t *addrlist; /* Address list */
1638
1639
1640 /*
1641 * Check for an empty value...
1642 */
1643
1644 if (!*value)
1645 {
1646 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad (empty) address.");
1647 return (NULL);
1648 }
1649
1650 /*
1651 * Grab a hostname and port number; if there is no colon and the port name
1652 * is only digits, then we have a port number by itself...
1653 */
1654
1655 strlcpy(buffer, value, sizeof(buffer));
1656
1657 if ((portname = strrchr(buffer, ':')) != NULL && !strchr(portname, ']'))
1658 {
1659 *portname++ = '\0';
1660 hostname = buffer;
1661 }
1662 else
1663 {
1664 for (portname = buffer; isdigit(*portname & 255); portname ++);
1665
1666 if (*portname)
1667 {
1668 /*
1669 * Use the default port...
1670 */
1671
1672 sprintf(defpname, "%d", defport);
1673 portname = defpname;
1674 hostname = buffer;
1675 }
1676 else
1677 {
1678 /*
1679 * The buffer contains just a port number...
1680 */
1681
1682 portname = buffer;
1683 hostname = NULL;
1684 }
1685 }
1686
1687 if (hostname && !strcmp(hostname, "*"))
1688 hostname = NULL;
1689
1690 /*
1691 * Now lookup the address using httpAddrGetList()...
1692 */
1693
1694 if ((addrlist = httpAddrGetList(hostname, AF_UNSPEC, portname)) == NULL)
1695 cupsdLogMessage(CUPSD_LOG_ERROR, "Hostname lookup for \"%s\" failed.",
1696 hostname ? hostname : "(nil)");
1697
1698 return (addrlist);
1699 }
1700
1701
1702 /*
1703 * 'get_addr_and_mask()' - Get an IP address and netmask.
1704 */
1705
1706 static int /* O - 1 on success, 0 on failure */
1707 get_addr_and_mask(const char *value, /* I - String from config file */
1708 unsigned *ip, /* O - Address value */
1709 unsigned *mask) /* O - Mask value */
1710 {
1711 int i, j, /* Looping vars */
1712 family, /* Address family */
1713 ipcount; /* Count of fields in address */
1714 unsigned ipval; /* Value */
1715 const char *maskval, /* Pointer to start of mask value */
1716 *ptr, /* Pointer into value */
1717 *ptr2; /* ... */
1718
1719
1720 /*
1721 * Get the address...
1722 */
1723
1724 ip[0] = ip[1] = ip[2] = ip[3] = 0x00000000;
1725 mask[0] = mask[1] = mask[2] = mask[3] = 0xffffffff;
1726
1727 if ((maskval = strchr(value, '/')) != NULL)
1728 maskval ++;
1729 else
1730 maskval = value + strlen(value);
1731
1732 #ifdef AF_INET6
1733 /*
1734 * Check for an IPv6 address...
1735 */
1736
1737 if (*value == '[')
1738 {
1739 /*
1740 * Parse hexadecimal IPv6/IPv4 address...
1741 */
1742
1743 family = AF_INET6;
1744
1745 for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
1746 {
1747 if (*ptr == ']')
1748 break;
1749 else if (!strncmp(ptr, "::", 2))
1750 {
1751 for (ptr2 = strchr(ptr + 2, ':'), j = 0;
1752 ptr2;
1753 ptr2 = strchr(ptr2 + 1, ':'), j ++);
1754
1755 i = 6 - j;
1756 ptr += 2;
1757 }
1758 else if (isdigit(*ptr & 255) && strchr(ptr + 1, '.') && i >= 6)
1759 {
1760 /*
1761 * Read IPv4 dotted quad...
1762 */
1763
1764 unsigned val[4] = { 0, 0, 0, 0 };
1765 /* IPv4 address values */
1766
1767 ipcount = sscanf(ptr, "%u.%u.%u.%u", val + 0, val + 1, val + 2,
1768 val + 3);
1769
1770 /*
1771 * Range check the IP numbers...
1772 */
1773
1774 for (i = 0; i < ipcount; i ++)
1775 if (val[i] > 255)
1776 return (0);
1777
1778 /*
1779 * Merge everything into a 32-bit IPv4 address in ip[3]...
1780 */
1781
1782 ip[3] = (((((val[0] << 8) | val[1]) << 8) | val[2]) << 8) | val[3];
1783
1784 if (ipcount < 4)
1785 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1786
1787 /*
1788 * If the leading words are all 0's then this is an IPv4 address...
1789 */
1790
1791 if (!val[0] && !val[1] && !val[2])
1792 family = AF_INET;
1793
1794 while (isdigit(*ptr & 255) || *ptr == '.')
1795 ptr ++;
1796 break;
1797 }
1798 else if (isxdigit(*ptr & 255))
1799 {
1800 ipval = strtoul(ptr, (char **)&ptr, 16);
1801
1802 if (*ptr == ':' && ptr[1] != ':')
1803 ptr ++;
1804
1805 if (ipval > 0xffff)
1806 return (0);
1807
1808 if (i & 1)
1809 ip[i / 2] |= ipval;
1810 else
1811 ip[i / 2] |= ipval << 16;
1812 }
1813 else
1814 return (0);
1815 }
1816
1817 if (*ptr != ']')
1818 return (0);
1819
1820 ptr ++;
1821
1822 if (*ptr && *ptr != '/')
1823 return (0);
1824 }
1825 else
1826 #endif /* AF_INET6 */
1827 {
1828 /*
1829 * Parse dotted-decimal IPv4 address...
1830 */
1831
1832 unsigned val[4] = { 0, 0, 0, 0 }; /* IPv4 address values */
1833
1834
1835 family = AF_INET;
1836 ipcount = sscanf(value, "%u.%u.%u.%u", val + 0, val + 1, val + 2, val + 3);
1837
1838 /*
1839 * Range check the IP numbers...
1840 */
1841
1842 for (i = 0; i < ipcount; i ++)
1843 if (val[i] > 255)
1844 return (0);
1845
1846 /*
1847 * Merge everything into a 32-bit IPv4 address in ip[3]...
1848 */
1849
1850 ip[3] = (((((val[0] << 8) | val[1]) << 8) | val[2]) << 8) | val[3];
1851
1852 if (ipcount < 4)
1853 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1854 }
1855
1856 if (*maskval)
1857 {
1858 /*
1859 * Get the netmask value(s)...
1860 */
1861
1862 memset(mask, 0, sizeof(unsigned) * 4);
1863
1864 if (strchr(maskval, '.'))
1865 {
1866 /*
1867 * Get dotted-decimal mask...
1868 */
1869
1870 if (family != AF_INET)
1871 return (0);
1872
1873 if (sscanf(maskval, "%u.%u.%u.%u", mask + 0, mask + 1, mask + 2,
1874 mask + 3) != 4)
1875 return (0);
1876
1877 mask[3] |= ((((mask[0] << 8) | mask[1]) << 8) | mask[2]) << 8;
1878 mask[0] = mask[1] = mask[2] = 0;
1879 }
1880 else
1881 {
1882 /*
1883 * Get address/bits format...
1884 */
1885
1886 i = atoi(maskval);
1887
1888 #ifdef AF_INET6
1889 if (family == AF_INET6)
1890 {
1891 if (i > 128)
1892 return (0);
1893
1894 i = 128 - i;
1895
1896 if (i <= 96)
1897 mask[0] = 0xffffffff;
1898 else
1899 mask[0] = (0xffffffff << (i - 96)) & 0xffffffff;
1900
1901 if (i <= 64)
1902 mask[1] = 0xffffffff;
1903 else if (i >= 96)
1904 mask[1] = 0;
1905 else
1906 mask[1] = (0xffffffff << (i - 64)) & 0xffffffff;
1907
1908 if (i <= 32)
1909 mask[2] = 0xffffffff;
1910 else if (i >= 64)
1911 mask[2] = 0;
1912 else
1913 mask[2] = (0xffffffff << (i - 32)) & 0xffffffff;
1914
1915 if (i == 0)
1916 mask[3] = 0xffffffff;
1917 else if (i >= 32)
1918 mask[3] = 0;
1919 else
1920 mask[3] = (0xffffffff << i) & 0xffffffff;
1921 }
1922 else
1923 #endif /* AF_INET6 */
1924 {
1925 if (i > 32)
1926 return (0);
1927
1928 mask[0] = 0xffffffff;
1929 mask[1] = 0xffffffff;
1930 mask[2] = 0xffffffff;
1931
1932 if (i < 32)
1933 mask[3] = (0xffffffff << (32 - i)) & 0xffffffff;
1934 else
1935 mask[3] = 0xffffffff;
1936 }
1937 }
1938 }
1939
1940 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1941 "get_addr_and_mask(value=\"%s\", "
1942 "ip=[%08x:%08x:%08x:%08x], mask=[%08x:%08x:%08x:%08x])",
1943 value, ip[0], ip[1], ip[2], ip[3], mask[0], mask[1], mask[2],
1944 mask[3]);
1945
1946 /*
1947 * Check for a valid netmask; no fallback like in CUPS 1.1.x!
1948 */
1949
1950 if ((ip[0] & ~mask[0]) != 0 ||
1951 (ip[1] & ~mask[1]) != 0 ||
1952 (ip[2] & ~mask[2]) != 0 ||
1953 (ip[3] & ~mask[3]) != 0)
1954 return (0);
1955
1956 return (1);
1957 }
1958
1959
1960 /*
1961 * 'mime_error_cb()' - Log a MIME error.
1962 */
1963
1964 static void
1965 mime_error_cb(void *ctx, /* I - Context pointer (unused) */
1966 const char *message) /* I - Message */
1967 {
1968 (void)ctx;
1969
1970 cupsdLogMessage(CUPSD_LOG_ERROR, "%s", message);
1971 }
1972
1973
1974 /*
1975 * 'parse_aaa()' - Parse authentication, authorization, and access control lines.
1976 */
1977
1978 static int /* O - 1 on success, 0 on failure */
1979 parse_aaa(cupsd_location_t *loc, /* I - Location */
1980 char *line, /* I - Line from file */
1981 char *value, /* I - Start of value data */
1982 int linenum) /* I - Current line number */
1983 {
1984 char *valptr; /* Pointer into value */
1985 unsigned ip[4], /* IP address components */
1986 mask[4]; /* IP netmask components */
1987
1988
1989 if (!_cups_strcasecmp(line, "Encryption"))
1990 {
1991 /*
1992 * "Encryption xxx" - set required encryption level...
1993 */
1994
1995 if (!_cups_strcasecmp(value, "never"))
1996 loc->encryption = HTTP_ENCRYPT_NEVER;
1997 else if (!_cups_strcasecmp(value, "always"))
1998 {
1999 cupsdLogMessage(CUPSD_LOG_ERROR,
2000 "Encryption value \"%s\" on line %d is invalid in this "
2001 "context. Using \"required\" instead.", value, linenum);
2002
2003 loc->encryption = HTTP_ENCRYPT_REQUIRED;
2004 }
2005 else if (!_cups_strcasecmp(value, "required"))
2006 loc->encryption = HTTP_ENCRYPT_REQUIRED;
2007 else if (!_cups_strcasecmp(value, "ifrequested"))
2008 loc->encryption = HTTP_ENCRYPT_IF_REQUESTED;
2009 else
2010 {
2011 cupsdLogMessage(CUPSD_LOG_ERROR,
2012 "Unknown Encryption value %s on line %d.", value, linenum);
2013 return (0);
2014 }
2015 }
2016 else if (!_cups_strcasecmp(line, "Order"))
2017 {
2018 /*
2019 * "Order Deny,Allow" or "Order Allow,Deny"...
2020 */
2021
2022 if (!_cups_strncasecmp(value, "deny", 4))
2023 loc->order_type = CUPSD_AUTH_ALLOW;
2024 else if (!_cups_strncasecmp(value, "allow", 5))
2025 loc->order_type = CUPSD_AUTH_DENY;
2026 else
2027 {
2028 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown Order value %s on line %d.",
2029 value, linenum);
2030 return (0);
2031 }
2032 }
2033 else if (!_cups_strcasecmp(line, "Allow") || !_cups_strcasecmp(line, "Deny"))
2034 {
2035 /*
2036 * Allow [From] host/ip...
2037 * Deny [From] host/ip...
2038 */
2039
2040 while (*value)
2041 {
2042 if (!_cups_strncasecmp(value, "from", 4))
2043 {
2044 /*
2045 * Strip leading "from"...
2046 */
2047
2048 value += 4;
2049
2050 while (_cups_isspace(*value))
2051 value ++;
2052
2053 if (!*value)
2054 break;
2055 }
2056
2057 /*
2058 * Find the end of the value...
2059 */
2060
2061 for (valptr = value; *valptr && !_cups_isspace(*valptr); valptr ++);
2062
2063 while (_cups_isspace(*valptr))
2064 *valptr++ = '\0';
2065
2066 /*
2067 * Figure out what form the allow/deny address takes:
2068 *
2069 * All
2070 * None
2071 * *.domain.com
2072 * .domain.com
2073 * host.domain.com
2074 * nnn.*
2075 * nnn.nnn.*
2076 * nnn.nnn.nnn.*
2077 * nnn.nnn.nnn.nnn
2078 * nnn.nnn.nnn.nnn/mm
2079 * nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
2080 */
2081
2082 if (!_cups_strcasecmp(value, "all"))
2083 {
2084 /*
2085 * All hosts...
2086 */
2087
2088 if (!_cups_strcasecmp(line, "Allow"))
2089 cupsdAddIPMask(&(loc->allow), zeros, zeros);
2090 else
2091 cupsdAddIPMask(&(loc->deny), zeros, zeros);
2092 }
2093 else if (!_cups_strcasecmp(value, "none"))
2094 {
2095 /*
2096 * No hosts...
2097 */
2098
2099 if (!_cups_strcasecmp(line, "Allow"))
2100 cupsdAddIPMask(&(loc->allow), ones, zeros);
2101 else
2102 cupsdAddIPMask(&(loc->deny), ones, zeros);
2103 }
2104 #ifdef AF_INET6
2105 else if (value[0] == '*' || value[0] == '.' ||
2106 (!isdigit(value[0] & 255) && value[0] != '['))
2107 #else
2108 else if (value[0] == '*' || value[0] == '.' || !isdigit(value[0] & 255))
2109 #endif /* AF_INET6 */
2110 {
2111 /*
2112 * Host or domain name...
2113 */
2114
2115 if (value[0] == '*')
2116 value ++;
2117
2118 if (!_cups_strcasecmp(line, "Allow"))
2119 cupsdAddNameMask(&(loc->allow), value);
2120 else
2121 cupsdAddNameMask(&(loc->deny), value);
2122 }
2123 else
2124 {
2125 /*
2126 * One of many IP address forms...
2127 */
2128
2129 if (!get_addr_and_mask(value, ip, mask))
2130 {
2131 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d.",
2132 value, linenum);
2133 return (0);
2134 }
2135
2136 if (!_cups_strcasecmp(line, "Allow"))
2137 cupsdAddIPMask(&(loc->allow), ip, mask);
2138 else
2139 cupsdAddIPMask(&(loc->deny), ip, mask);
2140 }
2141
2142 /*
2143 * Advance to next value...
2144 */
2145
2146 value = valptr;
2147 }
2148 }
2149 else if (!_cups_strcasecmp(line, "AuthType"))
2150 {
2151 /*
2152 * AuthType {none,basic,digest,basicdigest,negotiate,default}
2153 */
2154
2155 if (!_cups_strcasecmp(value, "none"))
2156 {
2157 loc->type = CUPSD_AUTH_NONE;
2158 loc->level = CUPSD_AUTH_ANON;
2159 }
2160 else if (!_cups_strcasecmp(value, "basic"))
2161 {
2162 loc->type = CUPSD_AUTH_BASIC;
2163
2164 if (loc->level == CUPSD_AUTH_ANON)
2165 loc->level = CUPSD_AUTH_USER;
2166 }
2167 else if (!_cups_strcasecmp(value, "digest"))
2168 {
2169 loc->type = CUPSD_AUTH_DIGEST;
2170
2171 if (loc->level == CUPSD_AUTH_ANON)
2172 loc->level = CUPSD_AUTH_USER;
2173 }
2174 else if (!_cups_strcasecmp(value, "basicdigest"))
2175 {
2176 loc->type = CUPSD_AUTH_BASICDIGEST;
2177
2178 if (loc->level == CUPSD_AUTH_ANON)
2179 loc->level = CUPSD_AUTH_USER;
2180 }
2181 else if (!_cups_strcasecmp(value, "default"))
2182 {
2183 loc->type = CUPSD_AUTH_DEFAULT;
2184
2185 if (loc->level == CUPSD_AUTH_ANON)
2186 loc->level = CUPSD_AUTH_USER;
2187 }
2188 #ifdef HAVE_GSSAPI
2189 else if (!_cups_strcasecmp(value, "negotiate"))
2190 {
2191 loc->type = CUPSD_AUTH_NEGOTIATE;
2192
2193 if (loc->level == CUPSD_AUTH_ANON)
2194 loc->level = CUPSD_AUTH_USER;
2195 }
2196 #endif /* HAVE_GSSAPI */
2197 else
2198 {
2199 cupsdLogMessage(CUPSD_LOG_WARN,
2200 "Unknown authorization type %s on line %d.",
2201 value, linenum);
2202 return (0);
2203 }
2204 }
2205 else if (!_cups_strcasecmp(line, "AuthClass"))
2206 {
2207 /*
2208 * AuthClass anonymous, user, system, group
2209 */
2210
2211 if (!_cups_strcasecmp(value, "anonymous"))
2212 {
2213 loc->type = CUPSD_AUTH_NONE;
2214 loc->level = CUPSD_AUTH_ANON;
2215
2216 cupsdLogMessage(CUPSD_LOG_WARN,
2217 "\"AuthClass %s\" is deprecated; consider removing "
2218 "it from line %d.",
2219 value, linenum);
2220 }
2221 else if (!_cups_strcasecmp(value, "user"))
2222 {
2223 loc->level = CUPSD_AUTH_USER;
2224
2225 cupsdLogMessage(CUPSD_LOG_WARN,
2226 "\"AuthClass %s\" is deprecated; consider using "
2227 "\"Require valid-user\" on line %d.",
2228 value, linenum);
2229 }
2230 else if (!_cups_strcasecmp(value, "group"))
2231 {
2232 loc->level = CUPSD_AUTH_GROUP;
2233
2234 cupsdLogMessage(CUPSD_LOG_WARN,
2235 "\"AuthClass %s\" is deprecated; consider using "
2236 "\"Require user @groupname\" on line %d.",
2237 value, linenum);
2238 }
2239 else if (!_cups_strcasecmp(value, "system"))
2240 {
2241 loc->level = CUPSD_AUTH_GROUP;
2242
2243 cupsdAddName(loc, "@SYSTEM");
2244
2245 cupsdLogMessage(CUPSD_LOG_WARN,
2246 "\"AuthClass %s\" is deprecated; consider using "
2247 "\"Require user @SYSTEM\" on line %d.",
2248 value, linenum);
2249 }
2250 else
2251 {
2252 cupsdLogMessage(CUPSD_LOG_WARN,
2253 "Unknown authorization class %s on line %d.",
2254 value, linenum);
2255 return (0);
2256 }
2257 }
2258 else if (!_cups_strcasecmp(line, "AuthGroupName"))
2259 {
2260 cupsdAddName(loc, value);
2261
2262 cupsdLogMessage(CUPSD_LOG_WARN,
2263 "\"AuthGroupName %s\" directive is deprecated; consider "
2264 "using \"Require user @%s\" on line %d.",
2265 value, value, linenum);
2266 }
2267 else if (!_cups_strcasecmp(line, "Require"))
2268 {
2269 /*
2270 * Apache synonym for AuthClass and AuthGroupName...
2271 *
2272 * Get initial word:
2273 *
2274 * Require valid-user
2275 * Require group names
2276 * Require user names
2277 */
2278
2279 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
2280
2281 if (*valptr)
2282 *valptr++ = '\0';
2283
2284 if (!_cups_strcasecmp(value, "valid-user") ||
2285 !_cups_strcasecmp(value, "user"))
2286 loc->level = CUPSD_AUTH_USER;
2287 else if (!_cups_strcasecmp(value, "group"))
2288 loc->level = CUPSD_AUTH_GROUP;
2289 else
2290 {
2291 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Require type %s on line %d.",
2292 value, linenum);
2293 return (0);
2294 }
2295
2296 /*
2297 * Get the list of names from the line...
2298 */
2299
2300 for (value = valptr; *value;)
2301 {
2302 while (_cups_isspace(*value))
2303 value ++;
2304
2305 #ifdef HAVE_AUTHORIZATION_H
2306 if (!strncmp(value, "@AUTHKEY(", 9))
2307 {
2308 /*
2309 * Grab "@AUTHKEY(name)" value...
2310 */
2311
2312 for (valptr = value + 9; *valptr != ')' && *valptr; valptr ++);
2313
2314 if (*valptr)
2315 *valptr++ = '\0';
2316 }
2317 else
2318 #endif /* HAVE_AUTHORIZATION_H */
2319 if (*value == '\"' || *value == '\'')
2320 {
2321 /*
2322 * Grab quoted name...
2323 */
2324
2325 for (valptr = value + 1; *valptr != *value && *valptr; valptr ++);
2326
2327 value ++;
2328 }
2329 else
2330 {
2331 /*
2332 * Grab literal name.
2333 */
2334
2335 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
2336 }
2337
2338 if (*valptr)
2339 *valptr++ = '\0';
2340
2341 cupsdAddName(loc, value);
2342
2343 for (value = valptr; _cups_isspace(*value); value ++);
2344 }
2345 }
2346 else if (!_cups_strcasecmp(line, "Satisfy"))
2347 {
2348 if (!_cups_strcasecmp(value, "all"))
2349 loc->satisfy = CUPSD_AUTH_SATISFY_ALL;
2350 else if (!_cups_strcasecmp(value, "any"))
2351 loc->satisfy = CUPSD_AUTH_SATISFY_ANY;
2352 else
2353 {
2354 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Satisfy value %s on line %d.",
2355 value, linenum);
2356 return (0);
2357 }
2358 }
2359 else
2360 return (0);
2361
2362 return (1);
2363 }
2364
2365
2366 /*
2367 * 'parse_fatal_errors()' - Parse FatalErrors values in a string.
2368 */
2369
2370 static int /* O - FatalErrors bits */
2371 parse_fatal_errors(const char *s) /* I - FatalErrors string */
2372 {
2373 int fatal; /* FatalErrors bits */
2374 char value[1024], /* Value string */
2375 *valstart, /* Pointer into value */
2376 *valend; /* End of value */
2377
2378
2379 /*
2380 * Empty FatalErrors line yields NULL pointer...
2381 */
2382
2383 if (!s)
2384 return (CUPSD_FATAL_NONE);
2385
2386 /*
2387 * Loop through the value string,...
2388 */
2389
2390 strlcpy(value, s, sizeof(value));
2391
2392 fatal = CUPSD_FATAL_NONE;
2393
2394 for (valstart = value; *valstart;)
2395 {
2396 /*
2397 * Get the current space/comma-delimited kind name...
2398 */
2399
2400 for (valend = valstart; *valend; valend ++)
2401 if (_cups_isspace(*valend) || *valend == ',')
2402 break;
2403
2404 if (*valend)
2405 *valend++ = '\0';
2406
2407 /*
2408 * Add the error to the bitmask...
2409 */
2410
2411 if (!_cups_strcasecmp(valstart, "all"))
2412 fatal = CUPSD_FATAL_ALL;
2413 else if (!_cups_strcasecmp(valstart, "browse"))
2414 fatal |= CUPSD_FATAL_BROWSE;
2415 else if (!_cups_strcasecmp(valstart, "-browse"))
2416 fatal &= ~CUPSD_FATAL_BROWSE;
2417 else if (!_cups_strcasecmp(valstart, "config"))
2418 fatal |= CUPSD_FATAL_CONFIG;
2419 else if (!_cups_strcasecmp(valstart, "-config"))
2420 fatal &= ~CUPSD_FATAL_CONFIG;
2421 else if (!_cups_strcasecmp(valstart, "listen"))
2422 fatal |= CUPSD_FATAL_LISTEN;
2423 else if (!_cups_strcasecmp(valstart, "-listen"))
2424 fatal &= ~CUPSD_FATAL_LISTEN;
2425 else if (!_cups_strcasecmp(valstart, "log"))
2426 fatal |= CUPSD_FATAL_LOG;
2427 else if (!_cups_strcasecmp(valstart, "-log"))
2428 fatal &= ~CUPSD_FATAL_LOG;
2429 else if (!_cups_strcasecmp(valstart, "permissions"))
2430 fatal |= CUPSD_FATAL_PERMISSIONS;
2431 else if (!_cups_strcasecmp(valstart, "-permissions"))
2432 fatal &= ~CUPSD_FATAL_PERMISSIONS;
2433 else if (_cups_strcasecmp(valstart, "none"))
2434 cupsdLogMessage(CUPSD_LOG_ERROR,
2435 "Unknown FatalErrors kind \"%s\" ignored.", valstart);
2436
2437 for (valstart = valend; *valstart; valstart ++)
2438 if (!_cups_isspace(*valstart) || *valstart != ',')
2439 break;
2440 }
2441
2442 return (fatal);
2443 }
2444
2445
2446 /*
2447 * 'parse_groups()' - Parse system group names in a string.
2448 */
2449
2450 static int /* O - 1 on success, 0 on failure */
2451 parse_groups(const char *s) /* I - Space-delimited groups */
2452 {
2453 int status; /* Return status */
2454 char value[1024], /* Value string */
2455 *valstart, /* Pointer into value */
2456 *valend, /* End of value */
2457 quote; /* Quote character */
2458 struct group *group; /* Group */
2459
2460
2461 /*
2462 * Make a copy of the string and parse out the groups...
2463 */
2464
2465 strlcpy(value, s, sizeof(value));
2466
2467 status = 1;
2468 valstart = value;
2469
2470 while (*valstart && NumSystemGroups < MAX_SYSTEM_GROUPS)
2471 {
2472 if (*valstart == '\'' || *valstart == '\"')
2473 {
2474 /*
2475 * Scan quoted name...
2476 */
2477
2478 quote = *valstart++;
2479
2480 for (valend = valstart; *valend; valend ++)
2481 if (*valend == quote)
2482 break;
2483 }
2484 else
2485 {
2486 /*
2487 * Scan space or comma-delimited name...
2488 */
2489
2490 for (valend = valstart; *valend; valend ++)
2491 if (_cups_isspace(*valend) || *valend == ',')
2492 break;
2493 }
2494
2495 if (*valend)
2496 *valend++ = '\0';
2497
2498 group = getgrnam(valstart);
2499 if (group)
2500 {
2501 cupsdSetString(SystemGroups + NumSystemGroups, valstart);
2502 SystemGroupIDs[NumSystemGroups] = group->gr_gid;
2503
2504 NumSystemGroups ++;
2505 }
2506 else
2507 status = 0;
2508
2509 endgrent();
2510
2511 valstart = valend;
2512
2513 while (*valstart == ',' || _cups_isspace(*valstart))
2514 valstart ++;
2515 }
2516
2517 return (status);
2518 }
2519
2520
2521 /*
2522 * 'parse_protocols()' - Parse browse protocols in a string.
2523 */
2524
2525 static int /* O - Browse protocol bits */
2526 parse_protocols(const char *s) /* I - Space-delimited protocols */
2527 {
2528 int protocols; /* Browse protocol bits */
2529 char value[1024], /* Value string */
2530 *valstart, /* Pointer into value */
2531 *valend; /* End of value */
2532
2533
2534 /*
2535 * Empty protocol line yields NULL pointer...
2536 */
2537
2538 if (!s)
2539 return (0);
2540
2541 /*
2542 * Loop through the value string,...
2543 */
2544
2545 strlcpy(value, s, sizeof(value));
2546
2547 protocols = 0;
2548
2549 for (valstart = value; *valstart;)
2550 {
2551 /*
2552 * Get the current space/comma-delimited protocol name...
2553 */
2554
2555 for (valend = valstart; *valend; valend ++)
2556 if (_cups_isspace(*valend) || *valend == ',')
2557 break;
2558
2559 if (*valend)
2560 *valend++ = '\0';
2561
2562 /*
2563 * Add the protocol to the bitmask...
2564 */
2565
2566 if (!_cups_strcasecmp(valstart, "dnssd") ||
2567 !_cups_strcasecmp(valstart, "dns-sd") ||
2568 !_cups_strcasecmp(valstart, "bonjour"))
2569 protocols |= BROWSE_DNSSD;
2570 else if (!_cups_strcasecmp(valstart, "all"))
2571 protocols |= BROWSE_ALL;
2572 else if (_cups_strcasecmp(valstart, "none"))
2573 cupsdLogMessage(CUPSD_LOG_ERROR,
2574 "Unknown browse protocol \"%s\" ignored.", valstart);
2575
2576 for (valstart = valend; *valstart; valstart ++)
2577 if (!_cups_isspace(*valstart) || *valstart != ',')
2578 break;
2579 }
2580
2581 return (protocols);
2582 }
2583
2584
2585 /*
2586 * 'parse_variable()' - Parse a variable line.
2587 */
2588
2589 static int /* O - 1 on success, 0 on failure */
2590 parse_variable(
2591 const char *filename, /* I - Name of configuration file */
2592 int linenum, /* I - Line in configuration file */
2593 const char *line, /* I - Line from configuration file */
2594 const char *value, /* I - Value from configuration file */
2595 size_t num_vars, /* I - Number of variables */
2596 const cupsd_var_t *vars) /* I - Variables */
2597 {
2598 size_t i; /* Looping var */
2599 const cupsd_var_t *var; /* Variables */
2600 char temp[1024]; /* Temporary string */
2601
2602
2603 for (i = num_vars, var = vars; i > 0; i --, var ++)
2604 if (!_cups_strcasecmp(line, var->name))
2605 break;
2606
2607 if (i == 0)
2608 {
2609 /*
2610 * Unknown directive! Output an error message and continue...
2611 */
2612
2613 if (!value)
2614 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.",
2615 line, linenum, filename);
2616 else
2617 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
2618 line, linenum, filename);
2619
2620 return (0);
2621 }
2622
2623 switch (var->type)
2624 {
2625 case CUPSD_VARTYPE_INTEGER :
2626 if (!value)
2627 {
2628 cupsdLogMessage(CUPSD_LOG_ERROR,
2629 "Missing integer value for %s on line %d of %s.",
2630 line, linenum, filename);
2631 return (0);
2632 }
2633 else if (!isdigit(*value & 255))
2634 {
2635 cupsdLogMessage(CUPSD_LOG_ERROR,
2636 "Bad integer value for %s on line %d of %s.",
2637 line, linenum, filename);
2638 return (0);
2639 }
2640 else
2641 {
2642 int n; /* Number */
2643 char *units; /* Units */
2644
2645 n = strtol(value, &units, 0);
2646
2647 if (units && *units)
2648 {
2649 if (tolower(units[0] & 255) == 'g')
2650 n *= 1024 * 1024 * 1024;
2651 else if (tolower(units[0] & 255) == 'm')
2652 n *= 1024 * 1024;
2653 else if (tolower(units[0] & 255) == 'k')
2654 n *= 1024;
2655 else if (tolower(units[0] & 255) == 't')
2656 n *= 262144;
2657 else
2658 {
2659 cupsdLogMessage(CUPSD_LOG_ERROR,
2660 "Unknown integer value for %s on line %d of %s.",
2661 line, linenum, filename);
2662 return (0);
2663 }
2664 }
2665
2666 if (n < 0)
2667 {
2668 cupsdLogMessage(CUPSD_LOG_ERROR,
2669 "Bad negative integer value for %s on line %d of "
2670 "%s.", line, linenum, filename);
2671 return (0);
2672 }
2673 else
2674 {
2675 *((int *)var->ptr) = n;
2676 }
2677 }
2678 break;
2679
2680 case CUPSD_VARTYPE_TIME :
2681 if (!value)
2682 {
2683 cupsdLogMessage(CUPSD_LOG_ERROR,
2684 "Missing time interval value for %s on line %d of "
2685 "%s.", line, linenum, filename);
2686 return (0);
2687 }
2688 else if (!_cups_strncasecmp(line, "PreserveJob", 11) &&
2689 (!_cups_strcasecmp(value, "true") ||
2690 !_cups_strcasecmp(value, "on") ||
2691 !_cups_strcasecmp(value, "enabled") ||
2692 !_cups_strcasecmp(value, "yes")))
2693 {
2694 *((int *)var->ptr) = INT_MAX;
2695 }
2696 else if (!_cups_strcasecmp(value, "false") ||
2697 !_cups_strcasecmp(value, "off") ||
2698 !_cups_strcasecmp(value, "disabled") ||
2699 !_cups_strcasecmp(value, "no"))
2700 {
2701 *((int *)var->ptr) = 0;
2702 }
2703 else if (!isdigit(*value & 255))
2704 {
2705 cupsdLogMessage(CUPSD_LOG_ERROR,
2706 "Unknown time interval value for %s on line %d of "
2707 "%s.", line, linenum, filename);
2708 return (0);
2709 }
2710 else
2711 {
2712 double n; /* Number */
2713 char *units; /* Units */
2714
2715 n = strtod(value, &units);
2716
2717 if (units && *units)
2718 {
2719 if (tolower(units[0] & 255) == 'w')
2720 n *= 7 * 24 * 60 * 60;
2721 else if (tolower(units[0] & 255) == 'd')
2722 n *= 24 * 60 * 60;
2723 else if (tolower(units[0] & 255) == 'h')
2724 n *= 60 * 60;
2725 else if (tolower(units[0] & 255) == 'm')
2726 n *= 60;
2727 else
2728 {
2729 cupsdLogMessage(CUPSD_LOG_ERROR,
2730 "Unknown time interval value for %s on line "
2731 "%d of %s.", line, linenum, filename);
2732 return (0);
2733 }
2734 }
2735
2736 if (n < 0.0 || n > INT_MAX)
2737 {
2738 cupsdLogMessage(CUPSD_LOG_ERROR,
2739 "Bad time value for %s on line %d of %s.",
2740 line, linenum, filename);
2741 return (0);
2742 }
2743 else
2744 {
2745 *((int *)var->ptr) = (int)n;
2746 }
2747 }
2748 break;
2749
2750 case CUPSD_VARTYPE_BOOLEAN :
2751 if (!value)
2752 {
2753 cupsdLogMessage(CUPSD_LOG_ERROR,
2754 "Missing boolean value for %s on line %d of %s.",
2755 line, linenum, filename);
2756 return (0);
2757 }
2758 else if (!_cups_strcasecmp(value, "true") ||
2759 !_cups_strcasecmp(value, "on") ||
2760 !_cups_strcasecmp(value, "enabled") ||
2761 !_cups_strcasecmp(value, "yes") ||
2762 atoi(value) != 0)
2763 {
2764 *((int *)var->ptr) = TRUE;
2765 }
2766 else if (!_cups_strcasecmp(value, "false") ||
2767 !_cups_strcasecmp(value, "off") ||
2768 !_cups_strcasecmp(value, "disabled") ||
2769 !_cups_strcasecmp(value, "no") ||
2770 !_cups_strcasecmp(value, "0"))
2771 {
2772 *((int *)var->ptr) = FALSE;
2773 }
2774 else
2775 {
2776 cupsdLogMessage(CUPSD_LOG_ERROR,
2777 "Unknown boolean value %s on line %d of %s.",
2778 value, linenum, filename);
2779 return (0);
2780 }
2781 break;
2782
2783 case CUPSD_VARTYPE_PATHNAME :
2784 if (!value)
2785 {
2786 cupsdLogMessage(CUPSD_LOG_ERROR,
2787 "Missing pathname value for %s on line %d of %s.",
2788 line, linenum, filename);
2789 return (0);
2790 }
2791
2792 if (value[0] == '/')
2793 strlcpy(temp, value, sizeof(temp));
2794 else
2795 snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value);
2796
2797 if (access(temp, 0))
2798 {
2799 cupsdLogMessage(CUPSD_LOG_ERROR,
2800 "File or directory for \"%s %s\" on line %d of %s "
2801 "does not exist.", line, value, linenum, filename);
2802 return (0);
2803 }
2804
2805 cupsdSetString((char **)var->ptr, temp);
2806 break;
2807
2808 case CUPSD_VARTYPE_STRING :
2809 cupsdSetString((char **)var->ptr, value);
2810 break;
2811 }
2812
2813 return (1);
2814 }
2815
2816
2817 /*
2818 * 'read_cupsd_conf()' - Read the cupsd.conf configuration file.
2819 */
2820
2821 static int /* O - 1 on success, 0 on failure */
2822 read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
2823 {
2824 int linenum; /* Current line number */
2825 char line[HTTP_MAX_BUFFER],
2826 /* Line from file */
2827 temp[HTTP_MAX_BUFFER],
2828 /* Temporary buffer for value */
2829 *value, /* Pointer to value */
2830 *valueptr; /* Pointer into value */
2831 int valuelen; /* Length of value */
2832 http_addrlist_t *addrlist, /* Address list */
2833 *addr; /* Current address */
2834 cups_file_t *incfile; /* Include file */
2835 char incname[1024]; /* Include filename */
2836
2837
2838 /*
2839 * Loop through each line in the file...
2840 */
2841
2842 linenum = 0;
2843
2844 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
2845 {
2846 /*
2847 * Decode the directive...
2848 */
2849
2850 if (!_cups_strcasecmp(line, "Include") && value)
2851 {
2852 /*
2853 * Include filename
2854 */
2855
2856 if (value[0] == '/')
2857 strlcpy(incname, value, sizeof(incname));
2858 else
2859 snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value);
2860
2861 if ((incfile = cupsFileOpen(incname, "rb")) == NULL)
2862 cupsdLogMessage(CUPSD_LOG_ERROR,
2863 "Unable to include config file \"%s\" - %s",
2864 incname, strerror(errno));
2865 else
2866 {
2867 read_cupsd_conf(incfile);
2868 cupsFileClose(incfile);
2869 }
2870 }
2871 else if (!_cups_strcasecmp(line, "<Location") && value)
2872 {
2873 /*
2874 * <Location path>
2875 */
2876
2877 linenum = read_location(fp, value, linenum);
2878 if (linenum == 0)
2879 return (0);
2880 }
2881 else if (!_cups_strcasecmp(line, "<Policy") && value)
2882 {
2883 /*
2884 * <Policy name>
2885 */
2886
2887 linenum = read_policy(fp, value, linenum);
2888 if (linenum == 0)
2889 return (0);
2890 }
2891 else if (!_cups_strcasecmp(line, "FaxRetryInterval") && value)
2892 {
2893 JobRetryInterval = atoi(value);
2894 cupsdLogMessage(CUPSD_LOG_WARN,
2895 "FaxRetryInterval is deprecated; use "
2896 "JobRetryInterval on line %d.", linenum);
2897 }
2898 else if (!_cups_strcasecmp(line, "FaxRetryLimit") && value)
2899 {
2900 JobRetryLimit = atoi(value);
2901 cupsdLogMessage(CUPSD_LOG_WARN,
2902 "FaxRetryLimit is deprecated; use "
2903 "JobRetryLimit on line %d.", linenum);
2904 }
2905 else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")
2906 #ifdef HAVE_SSL
2907 || !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen")
2908 #endif /* HAVE_SSL */
2909 ) && value)
2910 {
2911 /*
2912 * Add listening address(es) to the list...
2913 */
2914
2915 cupsd_listener_t *lis; /* New listeners array */
2916
2917
2918 /*
2919 * Get the address list...
2920 */
2921
2922 addrlist = get_address(value, IPP_PORT);
2923
2924 if (!addrlist)
2925 {
2926 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad %s address %s at line %d.", line,
2927 value, linenum);
2928 continue;
2929 }
2930
2931 /*
2932 * Add each address...
2933 */
2934
2935 for (addr = addrlist; addr; addr = addr->next)
2936 {
2937 /*
2938 * See if this address is already present...
2939 */
2940
2941 for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners);
2942 lis;
2943 lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
2944 if (httpAddrEqual(&(addr->addr), &(lis->address)) &&
2945 httpAddrPort(&(addr->addr)) == httpAddrPort(&(lis->address)))
2946 break;
2947
2948 if (lis)
2949 {
2950 httpAddrString(&lis->address, temp, sizeof(temp));
2951 cupsdLogMessage(CUPSD_LOG_WARN,
2952 "Duplicate listen address \"%s\" ignored.", temp);
2953 continue;
2954 }
2955
2956 /*
2957 * Allocate another listener...
2958 */
2959
2960 if (!Listeners)
2961 Listeners = cupsArrayNew(NULL, NULL);
2962
2963 if (!Listeners)
2964 {
2965 cupsdLogMessage(CUPSD_LOG_ERROR,
2966 "Unable to allocate %s at line %d - %s.",
2967 line, linenum, strerror(errno));
2968 break;
2969 }
2970
2971 if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
2972 {
2973 cupsdLogMessage(CUPSD_LOG_ERROR,
2974 "Unable to allocate %s at line %d - %s.",
2975 line, linenum, strerror(errno));
2976 break;
2977 }
2978
2979 cupsArrayAdd(Listeners, lis);
2980
2981 /*
2982 * Copy the current address and log it...
2983 */
2984
2985 memcpy(&(lis->address), &(addr->addr), sizeof(lis->address));
2986 lis->fd = -1;
2987
2988 #ifdef HAVE_SSL
2989 if (!_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen"))
2990 lis->encryption = HTTP_ENCRYPT_ALWAYS;
2991 #endif /* HAVE_SSL */
2992
2993 httpAddrString(&lis->address, temp, sizeof(temp));
2994
2995 #ifdef AF_LOCAL
2996 if (lis->address.addr.sa_family == AF_LOCAL)
2997 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s (Domain)", temp);
2998 else
2999 #endif /* AF_LOCAL */
3000 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s:%d (IPv%d)", temp,
3001 httpAddrPort(&(lis->address)),
3002 _httpAddrFamily(&(lis->address)) == AF_INET ? 4 : 6);
3003
3004 if (!httpAddrLocalhost(&(lis->address)))
3005 RemotePort = httpAddrPort(&(lis->address));
3006 }
3007
3008 /*
3009 * Free the list...
3010 */
3011
3012 httpAddrFreeList(addrlist);
3013 }
3014 else if (!_cups_strcasecmp(line, "BrowseProtocols") ||
3015 !_cups_strcasecmp(line, "BrowseLocalProtocols"))
3016 {
3017 /*
3018 * "BrowseProtocols name [... name]"
3019 * "BrowseLocalProtocols name [... name]"
3020 */
3021
3022 int protocols = parse_protocols(value);
3023
3024 if (protocols < 0)
3025 {
3026 cupsdLogMessage(CUPSD_LOG_ERROR,
3027 "Unknown browse protocol \"%s\" on line %d.",
3028 value, linenum);
3029 break;
3030 }
3031
3032 BrowseLocalProtocols = protocols;
3033 }
3034 else if (!_cups_strcasecmp(line, "DefaultAuthType") && value)
3035 {
3036 /*
3037 * DefaultAuthType {basic,digest,basicdigest,negotiate}
3038 */
3039
3040 if (!_cups_strcasecmp(value, "none"))
3041 default_auth_type = CUPSD_AUTH_NONE;
3042 else if (!_cups_strcasecmp(value, "basic"))
3043 default_auth_type = CUPSD_AUTH_BASIC;
3044 else if (!_cups_strcasecmp(value, "digest"))
3045 default_auth_type = CUPSD_AUTH_DIGEST;
3046 else if (!_cups_strcasecmp(value, "basicdigest"))
3047 default_auth_type = CUPSD_AUTH_BASICDIGEST;
3048 #ifdef HAVE_GSSAPI
3049 else if (!_cups_strcasecmp(value, "negotiate"))
3050 default_auth_type = CUPSD_AUTH_NEGOTIATE;
3051 #endif /* HAVE_GSSAPI */
3052 else if (!_cups_strcasecmp(value, "auto"))
3053 default_auth_type = CUPSD_AUTH_AUTO;
3054 else
3055 {
3056 cupsdLogMessage(CUPSD_LOG_WARN,
3057 "Unknown default authorization type %s on line %d.",
3058 value, linenum);
3059 if (FatalErrors & CUPSD_FATAL_CONFIG)
3060 return (0);
3061 }
3062 }
3063 #ifdef HAVE_SSL
3064 else if (!_cups_strcasecmp(line, "DefaultEncryption"))
3065 {
3066 /*
3067 * DefaultEncryption {Never,IfRequested,Required}
3068 */
3069
3070 if (!value || !_cups_strcasecmp(value, "never"))
3071 DefaultEncryption = HTTP_ENCRYPT_NEVER;
3072 else if (!_cups_strcasecmp(value, "required"))
3073 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
3074 else if (!_cups_strcasecmp(value, "ifrequested"))
3075 DefaultEncryption = HTTP_ENCRYPT_IF_REQUESTED;
3076 else
3077 {
3078 cupsdLogMessage(CUPSD_LOG_WARN,
3079 "Unknown default encryption %s on line %d.",
3080 value, linenum);
3081 if (FatalErrors & CUPSD_FATAL_CONFIG)
3082 return (0);
3083 }
3084 }
3085 #endif /* HAVE_SSL */
3086 else if (!_cups_strcasecmp(line, "HostNameLookups") && value)
3087 {
3088 /*
3089 * Do hostname lookups?
3090 */
3091
3092 if (!_cups_strcasecmp(value, "off") || !_cups_strcasecmp(value, "no") ||
3093 !_cups_strcasecmp(value, "false"))
3094 HostNameLookups = 0;
3095 else if (!_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "yes") ||
3096 !_cups_strcasecmp(value, "true"))
3097 HostNameLookups = 1;
3098 else if (!_cups_strcasecmp(value, "double"))
3099 HostNameLookups = 2;
3100 else
3101 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown HostNameLookups %s on line %d.",
3102 value, linenum);
3103 }
3104 else if (!_cups_strcasecmp(line, "AccessLogLevel") && value)
3105 {
3106 /*
3107 * Amount of logging to do to access log...
3108 */
3109
3110 if (!_cups_strcasecmp(value, "all"))
3111 AccessLogLevel = CUPSD_ACCESSLOG_ALL;
3112 else if (!_cups_strcasecmp(value, "actions"))
3113 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
3114 else if (!_cups_strcasecmp(value, "config"))
3115 AccessLogLevel = CUPSD_ACCESSLOG_CONFIG;
3116 else
3117 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown AccessLogLevel %s on line %d.",
3118 value, linenum);
3119 }
3120 else if (!_cups_strcasecmp(line, "LogLevel") && value)
3121 {
3122 /*
3123 * Amount of logging to do to error log...
3124 */
3125
3126 if (!_cups_strcasecmp(value, "debug2"))
3127 LogLevel = CUPSD_LOG_DEBUG2;
3128 else if (!_cups_strcasecmp(value, "debug"))
3129 LogLevel = CUPSD_LOG_DEBUG;
3130 else if (!_cups_strcasecmp(value, "info"))
3131 LogLevel = CUPSD_LOG_INFO;
3132 else if (!_cups_strcasecmp(value, "notice"))
3133 LogLevel = CUPSD_LOG_NOTICE;
3134 else if (!_cups_strcasecmp(value, "warn"))
3135 LogLevel = CUPSD_LOG_WARN;
3136 else if (!_cups_strcasecmp(value, "error"))
3137 LogLevel = CUPSD_LOG_ERROR;
3138 else if (!_cups_strcasecmp(value, "crit"))
3139 LogLevel = CUPSD_LOG_CRIT;
3140 else if (!_cups_strcasecmp(value, "alert"))
3141 LogLevel = CUPSD_LOG_ALERT;
3142 else if (!_cups_strcasecmp(value, "emerg"))
3143 LogLevel = CUPSD_LOG_EMERG;
3144 else if (!_cups_strcasecmp(value, "none"))
3145 LogLevel = CUPSD_LOG_NONE;
3146 else
3147 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogLevel %s on line %d.",
3148 value, linenum);
3149 }
3150 else if (!_cups_strcasecmp(line, "LogTimeFormat") && value)
3151 {
3152 /*
3153 * Amount of logging to do to error log...
3154 */
3155
3156 if (!_cups_strcasecmp(value, "standard"))
3157 LogTimeFormat = CUPSD_TIME_STANDARD;
3158 else if (!_cups_strcasecmp(value, "usecs"))
3159 LogTimeFormat = CUPSD_TIME_USECS;
3160 else
3161 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogTimeFormat %s on line %d.",
3162 value, linenum);
3163 }
3164 else if (!_cups_strcasecmp(line, "ServerTokens") && value)
3165 {
3166 /*
3167 * Set the string used for the Server header...
3168 */
3169
3170 struct utsname plat; /* Platform info */
3171
3172
3173 uname(&plat);
3174
3175 if (!_cups_strcasecmp(value, "ProductOnly"))
3176 cupsdSetString(&ServerHeader, "CUPS");
3177 else if (!_cups_strcasecmp(value, "Major"))
3178 cupsdSetStringf(&ServerHeader, "CUPS/%d", CUPS_VERSION_MAJOR);
3179 else if (!_cups_strcasecmp(value, "Minor"))
3180 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d", CUPS_VERSION_MAJOR,
3181 CUPS_VERSION_MINOR);
3182 else if (!_cups_strcasecmp(value, "Minimal"))
3183 cupsdSetString(&ServerHeader, CUPS_MINIMAL);
3184 else if (!_cups_strcasecmp(value, "OS"))
3185 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s)", plat.sysname);
3186 else if (!_cups_strcasecmp(value, "Full"))
3187 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s) IPP/2.1",
3188 plat.sysname);
3189 else if (!_cups_strcasecmp(value, "None"))
3190 cupsdClearString(&ServerHeader);
3191 else
3192 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d.",
3193 value, linenum);
3194 }
3195 else if (!_cups_strcasecmp(line, "PassEnv") && value)
3196 {
3197 /*
3198 * PassEnv variable [... variable]
3199 */
3200
3201 for (; *value;)
3202 {
3203 for (valuelen = 0; value[valuelen]; valuelen ++)
3204 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3205 break;
3206
3207 if (value[valuelen])
3208 {
3209 value[valuelen] = '\0';
3210 valuelen ++;
3211 }
3212
3213 cupsdSetEnv(value, NULL);
3214
3215 for (value += valuelen; *value; value ++)
3216 if (!_cups_isspace(*value) || *value != ',')
3217 break;
3218 }
3219 }
3220 else if (!_cups_strcasecmp(line, "ServerAlias") && value)
3221 {
3222 /*
3223 * ServerAlias name [... name]
3224 */
3225
3226 if (!ServerAlias)
3227 ServerAlias = cupsArrayNew(NULL, NULL);
3228
3229 for (; *value;)
3230 {
3231 for (valuelen = 0; value[valuelen]; valuelen ++)
3232 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3233 break;
3234
3235 if (value[valuelen])
3236 {
3237 value[valuelen] = '\0';
3238 valuelen ++;
3239 }
3240
3241 cupsdAddAlias(ServerAlias, value);
3242
3243 for (value += valuelen; *value; value ++)
3244 if (!_cups_isspace(*value) || *value != ',')
3245 break;
3246 }
3247 }
3248 else if (!_cups_strcasecmp(line, "SetEnv") && value)
3249 {
3250 /*
3251 * SetEnv variable value
3252 */
3253
3254 for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
3255
3256 if (*valueptr)
3257 {
3258 /*
3259 * Found a value...
3260 */
3261
3262 while (isspace(*valueptr & 255))
3263 *valueptr++ = '\0';
3264
3265 cupsdSetEnv(value, valueptr);
3266 }
3267 else
3268 cupsdLogMessage(CUPSD_LOG_ERROR,
3269 "Missing value for SetEnv directive on line %d.",
3270 linenum);
3271 }
3272 #ifdef HAVE_SSL
3273 else if (!_cups_strcasecmp(line, "SSLOptions"))
3274 {
3275 /*
3276 * SSLOptions options
3277 */
3278
3279 if (!value || !_cups_strcasecmp(value, "none"))
3280 SSLOptions = CUPSD_SSL_NONE;
3281 else if (!_cups_strcasecmp(value, "noemptyfragments"))
3282 SSLOptions = CUPSD_SSL_NOEMPTY;
3283 else
3284 cupsdLogMessage(CUPSD_LOG_ERROR,
3285 "Unknown value \"%s\" for SSLOptions directive on "
3286 "line %d.", value, linenum);
3287 }
3288 #endif /* HAVE_SSL */
3289 else
3290 parse_variable(ConfigurationFile, linenum, line, value,
3291 sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars);
3292 }
3293
3294 return (1);
3295 }
3296
3297
3298 /*
3299 * 'read_cups_files_conf()' - Read the cups-files.conf configuration file.
3300 */
3301
3302 static int /* O - 1 on success, 0 on failure */
3303 read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
3304 {
3305 int linenum; /* Current line number */
3306 char line[HTTP_MAX_BUFFER], /* Line from file */
3307 *value; /* Value from line */
3308 struct group *group; /* Group */
3309
3310
3311 /*
3312 * Loop through each line in the file...
3313 */
3314
3315 linenum = 0;
3316
3317 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3318 {
3319 if (!_cups_strcasecmp(line, "FatalErrors"))
3320 FatalErrors = parse_fatal_errors(value);
3321 else if (!_cups_strcasecmp(line, "Group") && value)
3322 {
3323 /*
3324 * Group ID to run as...
3325 */
3326
3327 if (isdigit(value[0]))
3328 Group = atoi(value);
3329 else
3330 {
3331 endgrent();
3332 group = getgrnam(value);
3333
3334 if (group != NULL)
3335 Group = group->gr_gid;
3336 else
3337 {
3338 cupsdLogMessage(CUPSD_LOG_ERROR,
3339 "Unknown Group \"%s\" on line %d of %s.", value,
3340 linenum, CupsFilesFile);
3341 if (FatalErrors & CUPSD_FATAL_CONFIG)
3342 return (0);
3343 }
3344 }
3345 }
3346 else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
3347 {
3348 /*
3349 * Format of printcap file?
3350 */
3351
3352 if (!_cups_strcasecmp(value, "bsd"))
3353 PrintcapFormat = PRINTCAP_BSD;
3354 else if (!_cups_strcasecmp(value, "plist"))
3355 PrintcapFormat = PRINTCAP_PLIST;
3356 else if (!_cups_strcasecmp(value, "solaris"))
3357 PrintcapFormat = PRINTCAP_SOLARIS;
3358 else
3359 {
3360 cupsdLogMessage(CUPSD_LOG_ERROR,
3361 "Unknown PrintcapFormat \"%s\" on line %d of %s.",
3362 value, linenum, CupsFilesFile);
3363 if (FatalErrors & CUPSD_FATAL_CONFIG)
3364 return (0);
3365 }
3366 }
3367 else if (!_cups_strcasecmp(line, "SystemGroup") && value)
3368 {
3369 /*
3370 * SystemGroup (admin) group(s)...
3371 */
3372
3373 if (!parse_groups(value))
3374 {
3375 cupsdLogMessage(CUPSD_LOG_ERROR,
3376 "Unknown SystemGroup \"%s\" on line %d of %s.", value,
3377 linenum, CupsFilesFile);
3378 if (FatalErrors & CUPSD_FATAL_CONFIG)
3379 return (0);
3380 }
3381 }
3382 else if (!_cups_strcasecmp(line, "User") && value)
3383 {
3384 /*
3385 * User ID to run as...
3386 */
3387
3388 if (isdigit(value[0] & 255))
3389 {
3390 int uid = atoi(value);
3391
3392 if (!uid)
3393 {
3394 cupsdLogMessage(CUPSD_LOG_ERROR,
3395 "Will not use User 0 as specified on line %d of %s "
3396 "for security reasons. You must use a non-"
3397 "privileged account instead.",
3398 linenum, CupsFilesFile);
3399 if (FatalErrors & CUPSD_FATAL_CONFIG)
3400 return (0);
3401 }
3402 else
3403 User = atoi(value);
3404 }
3405 else
3406 {
3407 struct passwd *p; /* Password information */
3408
3409 endpwent();
3410 p = getpwnam(value);
3411
3412 if (p)
3413 {
3414 if (!p->pw_uid)
3415 {
3416 cupsdLogMessage(CUPSD_LOG_ERROR,
3417 "Will not use User %s (UID=0) as specified on line "
3418 "%d of %s for security reasons. You must use a "
3419 "non-privileged account instead.",
3420 value, linenum, CupsFilesFile);
3421 if (FatalErrors & CUPSD_FATAL_CONFIG)
3422 return (0);
3423 }
3424 else
3425 User = p->pw_uid;
3426 }
3427 else
3428 {
3429 cupsdLogMessage(CUPSD_LOG_ERROR,
3430 "Unknown User \"%s\" on line %d of %s.",
3431 value, linenum, CupsFilesFile);
3432 if (FatalErrors & CUPSD_FATAL_CONFIG)
3433 return (0);
3434 }
3435 }
3436 }
3437 else if (!parse_variable(CupsFilesFile, linenum, line, value,
3438 sizeof(cupsfiles_vars) / sizeof(cupsfiles_vars[0]),
3439 cupsfiles_vars) &&
3440 (FatalErrors & CUPSD_FATAL_CONFIG))
3441 return (0);
3442 }
3443
3444 return (1);
3445 }
3446
3447
3448 /*
3449 * 'read_location()' - Read a <Location path> definition.
3450 */
3451
3452 static int /* O - New line number or 0 on error */
3453 read_location(cups_file_t *fp, /* I - Configuration file */
3454 char *location, /* I - Location name/path */
3455 int linenum) /* I - Current line number */
3456 {
3457 cupsd_location_t *loc, /* New location */
3458 *parent; /* Parent location */
3459 char line[HTTP_MAX_BUFFER],
3460 /* Line buffer */
3461 *value, /* Value for directive */
3462 *valptr; /* Pointer into value */
3463
3464
3465 if ((parent = cupsdFindLocation(location)) != NULL)
3466 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Location %s> on line %d.",
3467 location, linenum);
3468 else if ((parent = cupsdNewLocation(location)) == NULL)
3469 return (0);
3470 else
3471 {
3472 cupsdAddLocation(parent);
3473
3474 parent->limit = CUPSD_AUTH_LIMIT_ALL;
3475 }
3476
3477 loc = parent;
3478
3479 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3480 {
3481 /*
3482 * Decode the directive...
3483 */
3484
3485 if (!_cups_strcasecmp(line, "</Location>"))
3486 return (linenum);
3487 else if (!_cups_strcasecmp(line, "<Limit") ||
3488 !_cups_strcasecmp(line, "<LimitExcept"))
3489 {
3490 if (!value)
3491 {
3492 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
3493 if (FatalErrors & CUPSD_FATAL_CONFIG)
3494 return (0);
3495 else
3496 continue;
3497 }
3498
3499 if ((loc = cupsdCopyLocation(parent)) == NULL)
3500 return (0);
3501
3502 cupsdAddLocation(loc);
3503
3504 loc->limit = 0;
3505 while (*value)
3506 {
3507 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3508
3509 if (*valptr)
3510 *valptr++ = '\0';
3511
3512 if (!strcmp(value, "ALL"))
3513 loc->limit = CUPSD_AUTH_LIMIT_ALL;
3514 else if (!strcmp(value, "GET"))
3515 loc->limit |= CUPSD_AUTH_LIMIT_GET;
3516 else if (!strcmp(value, "HEAD"))
3517 loc->limit |= CUPSD_AUTH_LIMIT_HEAD;
3518 else if (!strcmp(value, "OPTIONS"))
3519 loc->limit |= CUPSD_AUTH_LIMIT_OPTIONS;
3520 else if (!strcmp(value, "POST"))
3521 loc->limit |= CUPSD_AUTH_LIMIT_POST;
3522 else if (!strcmp(value, "PUT"))
3523 loc->limit |= CUPSD_AUTH_LIMIT_PUT;
3524 else if (!strcmp(value, "TRACE"))
3525 loc->limit |= CUPSD_AUTH_LIMIT_TRACE;
3526 else
3527 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown request type %s on line %d.",
3528 value, linenum);
3529
3530 for (value = valptr; isspace(*value & 255); value ++);
3531 }
3532
3533 if (!_cups_strcasecmp(line, "<LimitExcept"))
3534 loc->limit = CUPSD_AUTH_LIMIT_ALL ^ loc->limit;
3535
3536 parent->limit &= ~loc->limit;
3537 }
3538 else if (!_cups_strcasecmp(line, "</Limit>") ||
3539 !_cups_strcasecmp(line, "</LimitExcept>"))
3540 loc = parent;
3541 else if (!value)
3542 {
3543 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d.", linenum);
3544 if (FatalErrors & CUPSD_FATAL_CONFIG)
3545 return (0);
3546 }
3547 else if (!parse_aaa(loc, line, value, linenum))
3548 {
3549 cupsdLogMessage(CUPSD_LOG_ERROR,
3550 "Unknown Location directive %s on line %d.",
3551 line, linenum);
3552 if (FatalErrors & CUPSD_FATAL_CONFIG)
3553 return (0);
3554 }
3555 }
3556
3557 cupsdLogMessage(CUPSD_LOG_ERROR,
3558 "Unexpected end-of-file at line %d while reading location.",
3559 linenum);
3560
3561 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
3562 }
3563
3564
3565 /*
3566 * 'read_policy()' - Read a <Policy name> definition.
3567 */
3568
3569 static int /* O - New line number or 0 on error */
3570 read_policy(cups_file_t *fp, /* I - Configuration file */
3571 char *policy, /* I - Location name/path */
3572 int linenum) /* I - Current line number */
3573 {
3574 int i; /* Looping var */
3575 cupsd_policy_t *pol; /* Policy */
3576 cupsd_location_t *op; /* Policy operation */
3577 int num_ops; /* Number of IPP operations */
3578 ipp_op_t ops[100]; /* Operations */
3579 char line[HTTP_MAX_BUFFER],
3580 /* Line buffer */
3581 *value, /* Value for directive */
3582 *valptr; /* Pointer into value */
3583
3584
3585 /*
3586 * Create the policy...
3587 */
3588
3589 if ((pol = cupsdFindPolicy(policy)) != NULL)
3590 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Policy %s> on line %d.",
3591 policy, linenum);
3592 else if ((pol = cupsdAddPolicy(policy)) == NULL)
3593 return (0);
3594
3595 /*
3596 * Read from the file...
3597 */
3598
3599 op = NULL;
3600 num_ops = 0;
3601
3602 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3603 {
3604 /*
3605 * Decode the directive...
3606 */
3607
3608 if (!_cups_strcasecmp(line, "</Policy>"))
3609 {
3610 if (op)
3611 cupsdLogMessage(CUPSD_LOG_WARN,
3612 "Missing </Limit> before </Policy> on line %d.",
3613 linenum);
3614
3615 set_policy_defaults(pol);
3616
3617 return (linenum);
3618 }
3619 else if (!_cups_strcasecmp(line, "<Limit") && !op)
3620 {
3621 if (!value)
3622 {
3623 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
3624 if (FatalErrors & CUPSD_FATAL_CONFIG)
3625 return (0);
3626 else
3627 continue;
3628 }
3629
3630 /*
3631 * Scan for IPP operation names...
3632 */
3633
3634 num_ops = 0;
3635
3636 while (*value)
3637 {
3638 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3639
3640 if (*valptr)
3641 *valptr++ = '\0';
3642
3643 if (num_ops < (int)(sizeof(ops) / sizeof(ops[0])))
3644 {
3645 if (!_cups_strcasecmp(value, "All"))
3646 ops[num_ops] = IPP_ANY_OPERATION;
3647 else if ((ops[num_ops] = ippOpValue(value)) == IPP_BAD_OPERATION)
3648 cupsdLogMessage(CUPSD_LOG_ERROR,
3649 "Bad IPP operation name \"%s\" on line %d.",
3650 value, linenum);
3651 else
3652 num_ops ++;
3653 }
3654 else
3655 cupsdLogMessage(CUPSD_LOG_ERROR,
3656 "Too many operations listed on line %d.",
3657 linenum);
3658
3659 for (value = valptr; isspace(*value & 255); value ++);
3660 }
3661
3662 /*
3663 * If none are specified, apply the policy to all operations...
3664 */
3665
3666 if (num_ops == 0)
3667 {
3668 ops[0] = IPP_ANY_OPERATION;
3669 num_ops = 1;
3670 }
3671
3672 /*
3673 * Add a new policy for the first operation...
3674 */
3675
3676 op = cupsdAddPolicyOp(pol, NULL, ops[0]);
3677 }
3678 else if (!_cups_strcasecmp(line, "</Limit>") && op)
3679 {
3680 /*
3681 * Finish the current operation limit...
3682 */
3683
3684 if (num_ops > 1)
3685 {
3686 /*
3687 * Copy the policy to the other operations...
3688 */
3689
3690 for (i = 1; i < num_ops; i ++)
3691 cupsdAddPolicyOp(pol, op, ops[i]);
3692 }
3693
3694 op = NULL;
3695 }
3696 else if (!value)
3697 {
3698 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d.", linenum);
3699 if (FatalErrors & CUPSD_FATAL_CONFIG)
3700 return (0);
3701 }
3702 else if (!_cups_strcasecmp(line, "JobPrivateAccess") ||
3703 !_cups_strcasecmp(line, "JobPrivateValues") ||
3704 !_cups_strcasecmp(line, "SubscriptionPrivateAccess") ||
3705 !_cups_strcasecmp(line, "SubscriptionPrivateValues"))
3706 {
3707 if (op)
3708 {
3709 cupsdLogMessage(CUPSD_LOG_ERROR,
3710 "%s directive must appear outside <Limit>...</Limit> "
3711 "on line %d.", line, linenum);
3712 if (FatalErrors & CUPSD_FATAL_CONFIG)
3713 return (0);
3714 }
3715 else
3716 {
3717 /*
3718 * Pull out whitespace-delimited values...
3719 */
3720
3721 while (*value)
3722 {
3723 /*
3724 * Find the end of the current value...
3725 */
3726
3727 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3728
3729 if (*valptr)
3730 *valptr++ = '\0';
3731
3732 /*
3733 * Save it appropriately...
3734 */
3735
3736 if (!_cups_strcasecmp(line, "JobPrivateAccess"))
3737 {
3738 /*
3739 * JobPrivateAccess {all|default|user/group list|@@ACL}
3740 */
3741
3742 if (!_cups_strcasecmp(value, "default"))
3743 {
3744 cupsdAddString(&(pol->job_access), "@OWNER");
3745 cupsdAddString(&(pol->job_access), "@SYSTEM");
3746 }
3747 else
3748 cupsdAddString(&(pol->job_access), value);
3749 }
3750 else if (!_cups_strcasecmp(line, "JobPrivateValues"))
3751 {
3752 /*
3753 * JobPrivateValues {all|none|default|attribute list}
3754 */
3755
3756 if (!_cups_strcasecmp(value, "default"))
3757 {
3758 cupsdAddString(&(pol->job_attrs), "job-name");
3759 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
3760 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
3761 cupsdAddString(&(pol->job_attrs), "phone");
3762 }
3763 else
3764 cupsdAddString(&(pol->job_attrs), value);
3765 }
3766 else if (!_cups_strcasecmp(line, "SubscriptionPrivateAccess"))
3767 {
3768 /*
3769 * SubscriptionPrivateAccess {all|default|user/group list|@@ACL}
3770 */
3771
3772 if (!_cups_strcasecmp(value, "default"))
3773 {
3774 cupsdAddString(&(pol->sub_access), "@OWNER");
3775 cupsdAddString(&(pol->sub_access), "@SYSTEM");
3776 }
3777 else
3778 cupsdAddString(&(pol->sub_access), value);
3779 }
3780 else /* if (!_cups_strcasecmp(line, "SubscriptionPrivateValues")) */
3781 {
3782 /*
3783 * SubscriptionPrivateValues {all|none|default|attribute list}
3784 */
3785
3786 if (!_cups_strcasecmp(value, "default"))
3787 {
3788 cupsdAddString(&(pol->sub_attrs), "notify-events");
3789 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
3790 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
3791 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
3792 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
3793 }
3794 else
3795 cupsdAddString(&(pol->sub_attrs), value);
3796 }
3797
3798 /*
3799 * Find the next string on the line...
3800 */
3801
3802 for (value = valptr; isspace(*value & 255); value ++);
3803 }
3804 }
3805 }
3806 else if (!op)
3807 {
3808 cupsdLogMessage(CUPSD_LOG_ERROR,
3809 "Missing <Limit ops> directive before %s on line %d.",
3810 line, linenum);
3811 if (FatalErrors & CUPSD_FATAL_CONFIG)
3812 return (0);
3813 }
3814 else if (!parse_aaa(op, line, value, linenum))
3815 {
3816 cupsdLogMessage(CUPSD_LOG_ERROR,
3817 "Unknown Policy Limit directive %s on line %d.",
3818 line, linenum);
3819
3820 if (FatalErrors & CUPSD_FATAL_CONFIG)
3821 return (0);
3822 }
3823 }
3824
3825 cupsdLogMessage(CUPSD_LOG_ERROR,
3826 "Unexpected end-of-file at line %d while reading policy "
3827 "\"%s\".", linenum, policy);
3828
3829 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
3830 }
3831
3832
3833 /*
3834 * 'set_policy_defaults()' - Set default policy values as needed.
3835 */
3836
3837 static void
3838 set_policy_defaults(cupsd_policy_t *pol)/* I - Policy */
3839 {
3840 cupsd_location_t *op; /* Policy operation */
3841
3842
3843 /*
3844 * Verify that we have an explicit policy for Validate-Job, Cancel-Jobs,
3845 * Cancel-My-Jobs, Close-Job, and CUPS-Get-Document, which ensures that
3846 * upgrades do not introduce new security issues...
3847 */
3848
3849 if ((op = cupsdFindPolicyOp(pol, IPP_VALIDATE_JOB)) == NULL ||
3850 op->op == IPP_ANY_OPERATION)
3851 {
3852 if ((op = cupsdFindPolicyOp(pol, IPP_PRINT_JOB)) != NULL &&
3853 op->op != IPP_ANY_OPERATION)
3854 {
3855 /*
3856 * Add a new limit for Validate-Job using the Print-Job limit as a
3857 * template...
3858 */
3859
3860 cupsdLogMessage(CUPSD_LOG_WARN,
3861 "No limit for Validate-Job defined in policy %s "
3862 "- using Print-Job's policy.", pol->name);
3863
3864 cupsdAddPolicyOp(pol, op, IPP_VALIDATE_JOB);
3865 }
3866 else
3867 cupsdLogMessage(CUPSD_LOG_WARN,
3868 "No limit for Validate-Job defined in policy %s "
3869 "and no suitable template found.", pol->name);
3870 }
3871
3872 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_JOBS)) == NULL ||
3873 op->op == IPP_ANY_OPERATION)
3874 {
3875 if ((op = cupsdFindPolicyOp(pol, IPP_PAUSE_PRINTER)) != NULL &&
3876 op->op != IPP_ANY_OPERATION)
3877 {
3878 /*
3879 * Add a new limit for Cancel-Jobs using the Pause-Printer limit as a
3880 * template...
3881 */
3882
3883 cupsdLogMessage(CUPSD_LOG_WARN,
3884 "No limit for Cancel-Jobs defined in policy %s "
3885 "- using Pause-Printer's policy.", pol->name);
3886
3887 cupsdAddPolicyOp(pol, op, IPP_CANCEL_JOBS);
3888 }
3889 else
3890 cupsdLogMessage(CUPSD_LOG_WARN,
3891 "No limit for Cancel-Jobs defined in policy %s "
3892 "and no suitable template found.", pol->name);
3893 }
3894
3895 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_MY_JOBS)) == NULL ||
3896 op->op == IPP_ANY_OPERATION)
3897 {
3898 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3899 op->op != IPP_ANY_OPERATION)
3900 {
3901 /*
3902 * Add a new limit for Cancel-My-Jobs using the Send-Document limit as
3903 * a template...
3904 */
3905
3906 cupsdLogMessage(CUPSD_LOG_WARN,
3907 "No limit for Cancel-My-Jobs defined in policy %s "
3908 "- using Send-Document's policy.", pol->name);
3909
3910 cupsdAddPolicyOp(pol, op, IPP_CANCEL_MY_JOBS);
3911 }
3912 else
3913 cupsdLogMessage(CUPSD_LOG_WARN,
3914 "No limit for Cancel-My-Jobs defined in policy %s "
3915 "and no suitable template found.", pol->name);
3916 }
3917
3918 if ((op = cupsdFindPolicyOp(pol, IPP_CLOSE_JOB)) == NULL ||
3919 op->op == IPP_ANY_OPERATION)
3920 {
3921 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3922 op->op != IPP_ANY_OPERATION)
3923 {
3924 /*
3925 * Add a new limit for Close-Job using the Send-Document limit as a
3926 * template...
3927 */
3928
3929 cupsdLogMessage(CUPSD_LOG_WARN,
3930 "No limit for Close-Job defined in policy %s "
3931 "- using Send-Document's policy.", pol->name);
3932
3933 cupsdAddPolicyOp(pol, op, IPP_CLOSE_JOB);
3934 }
3935 else
3936 cupsdLogMessage(CUPSD_LOG_WARN,
3937 "No limit for Close-Job defined in policy %s "
3938 "and no suitable template found.", pol->name);
3939 }
3940
3941 if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL ||
3942 op->op == IPP_ANY_OPERATION)
3943 {
3944 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3945 op->op != IPP_ANY_OPERATION)
3946 {
3947 /*
3948 * Add a new limit for CUPS-Get-Document using the Send-Document
3949 * limit as a template...
3950 */
3951
3952 cupsdLogMessage(CUPSD_LOG_WARN,
3953 "No limit for CUPS-Get-Document defined in policy %s "
3954 "- using Send-Document's policy.", pol->name);
3955
3956 cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT);
3957 }
3958 else
3959 cupsdLogMessage(CUPSD_LOG_WARN,
3960 "No limit for CUPS-Get-Document defined in policy %s "
3961 "and no suitable template found.", pol->name);
3962 }
3963
3964 /*
3965 * Verify we have JobPrivateAccess, JobPrivateValues,
3966 * SubscriptionPrivateAccess, and SubscriptionPrivateValues in the policy.
3967 */
3968
3969 if (!pol->job_access)
3970 {
3971 cupsdLogMessage(CUPSD_LOG_WARN,
3972 "No JobPrivateAccess defined in policy %s "
3973 "- using defaults.", pol->name);
3974 cupsdAddString(&(pol->job_access), "@OWNER");
3975 cupsdAddString(&(pol->job_access), "@SYSTEM");
3976 }
3977
3978 if (!pol->job_attrs)
3979 {
3980 cupsdLogMessage(CUPSD_LOG_WARN,
3981 "No JobPrivateValues defined in policy %s "
3982 "- using defaults.", pol->name);
3983 cupsdAddString(&(pol->job_attrs), "job-name");
3984 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
3985 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
3986 cupsdAddString(&(pol->job_attrs), "phone");
3987 }
3988
3989 if (!pol->sub_access)
3990 {
3991 cupsdLogMessage(CUPSD_LOG_WARN,
3992 "No SubscriptionPrivateAccess defined in policy %s "
3993 "- using defaults.", pol->name);
3994 cupsdAddString(&(pol->sub_access), "@OWNER");
3995 cupsdAddString(&(pol->sub_access), "@SYSTEM");
3996 }
3997
3998 if (!pol->sub_attrs)
3999 {
4000 cupsdLogMessage(CUPSD_LOG_WARN,
4001 "No SubscriptionPrivateValues defined in policy %s "
4002 "- using defaults.", pol->name);
4003 cupsdAddString(&(pol->sub_attrs), "notify-events");
4004 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
4005 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
4006 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
4007 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
4008 }
4009 }
4010
4011
4012 /*
4013 * End of "$Id: conf.c 9352 2010-11-06 04:55:26Z mike $".
4014 */
Unnamed repository; edit this file 'description' to name the repository.