]> git.ipfire.org Git - thirdparty/cups.git/blob - scheduler/conf.c
projects / thirdparty / cups.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge changes from CUPS 1.6svn-r10310.
[thirdparty/cups.git] / scheduler / conf.c
1 /*
2 * "$Id: conf.c 9352 2010-11-06 04:55:26Z mike $"
3 *
4 * Configuration routines for the CUPS scheduler.
5 *
6 * Copyright 2007-2012 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
8 *
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
14 *
15 * Contents:
16 *
17 * cupsdAddAlias() - Add a host alias.
18 * cupsdCheckPermissions() - Fix the mode and ownership of a file or
19 * directory.
20 * cupsdDefaultAuthType() - Get the default AuthType.
21 * cupsdFreeAliases() - Free all of the alias entries.
22 * cupsdReadConfiguration() - Read the cupsd.conf file.
23 * get_address() - Get an address + port number from a line.
24 * get_addr_and_mask() - Get an IP address and netmask.
25 * mime_error_cb() - Log a MIME error.
26 * parse_aaa() - Parse authentication, authorization, and access
27 * control lines.
28 * parse_fatal_errors() - Parse FatalErrors values in a string.
29 * parse_groups() - Parse system group names in a string.
30 * parse_protocols() - Parse browse protocols in a string.
31 * read_configuration() - Read a configuration file.
32 * read_location() - Read a <Location path> definition.
33 * read_policy() - Read a <Policy name> definition.
34 * set_policy_defaults() - Set default policy values as needed.
35 */
36
37 /*
38 * Include necessary headers...
39 */
40
41 #include "cupsd.h"
42 #include <stdarg.h>
43 #include <grp.h>
44 #include <sys/utsname.h>
45 #include <syslog.h>
46
47 #ifdef HAVE_LIBPAPER
48 # include <paper.h>
49 #endif /* HAVE_LIBPAPER */
50
51
52 /*
53 * Possibly missing network definitions...
54 */
55
56 #ifndef INADDR_NONE
57 # define INADDR_NONE 0xffffffff
58 #endif /* !INADDR_NONE */
59
60
61 /*
62 * Configuration variable structure...
63 */
64
65 typedef enum
66 {
67 CUPSD_VARTYPE_INTEGER, /* Integer option */
68 CUPSD_VARTYPE_STRING, /* String option */
69 CUPSD_VARTYPE_BOOLEAN, /* Boolean option */
70 CUPSD_VARTYPE_PATHNAME /* File/directory name option */
71 } cupsd_vartype_t;
72
73 typedef struct
74 {
75 const char *name; /* Name of variable */
76 void *ptr; /* Pointer to variable */
77 cupsd_vartype_t type; /* Type (int, string, address) */
78 } cupsd_var_t;
79
80
81 /*
82 * Local globals...
83 */
84
85 static int default_auth_type = CUPSD_AUTH_AUTO;
86 /* Default AuthType, if not specified */
87 static const cupsd_var_t variables[] =
88 {
89 { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
90 { "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN },
91 #ifdef HAVE_DNSSD
92 { "BrowseDNSSDRegType", &DNSSDRegType, CUPSD_VARTYPE_STRING },
93 #endif /* HAVE_DNSSD */
94 { "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN },
95 { "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN },
96 { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
97 { "Classification", &Classification, CUPSD_VARTYPE_STRING },
98 { "ClassifyOverride", &ClassifyOverride, CUPSD_VARTYPE_BOOLEAN },
99 { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_INTEGER },
100 { "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
101 { "DefaultLanguage", &DefaultLanguage, CUPSD_VARTYPE_STRING },
102 { "DefaultLeaseDuration", &DefaultLeaseDuration, CUPSD_VARTYPE_INTEGER },
103 { "DefaultPaperSize", &DefaultPaperSize, CUPSD_VARTYPE_STRING },
104 { "DefaultPolicy", &DefaultPolicy, CUPSD_VARTYPE_STRING },
105 { "DefaultShared", &DefaultShared, CUPSD_VARTYPE_BOOLEAN },
106 { "DirtyCleanInterval", &DirtyCleanInterval, CUPSD_VARTYPE_INTEGER },
107 { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
108 { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
109 { "ErrorPolicy", &ErrorPolicy, CUPSD_VARTYPE_STRING },
110 { "FileDevice", &FileDevice, CUPSD_VARTYPE_BOOLEAN },
111 { "FilterLimit", &FilterLimit, CUPSD_VARTYPE_INTEGER },
112 { "FilterNice", &FilterNice, CUPSD_VARTYPE_INTEGER },
113 { "FontPath", &FontPath, CUPSD_VARTYPE_STRING },
114 #ifdef HAVE_GSSAPI
115 { "GSSServiceName", &GSSServiceName, CUPSD_VARTYPE_STRING },
116 #endif /* HAVE_GSSAPI */
117 { "JobKillDelay", &JobKillDelay, CUPSD_VARTYPE_INTEGER },
118 { "JobRetryLimit", &JobRetryLimit, CUPSD_VARTYPE_INTEGER },
119 { "JobRetryInterval", &JobRetryInterval, CUPSD_VARTYPE_INTEGER },
120 { "KeepAliveTimeout", &KeepAliveTimeout, CUPSD_VARTYPE_INTEGER },
121 { "KeepAlive", &KeepAlive, CUPSD_VARTYPE_BOOLEAN },
122 #ifdef HAVE_LAUNCHD
123 { "LaunchdTimeout", &LaunchdTimeout, CUPSD_VARTYPE_INTEGER },
124 #endif /* HAVE_LAUNCHD */
125 { "LimitRequestBody", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
126 { "ListenBackLog", &ListenBackLog, CUPSD_VARTYPE_INTEGER },
127 { "LogDebugHistory", &LogDebugHistory, CUPSD_VARTYPE_INTEGER },
128 { "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_INTEGER },
129 { "LPDConfigFile", &LPDConfigFile, CUPSD_VARTYPE_STRING },
130 { "MaxActiveJobs", &MaxActiveJobs, CUPSD_VARTYPE_INTEGER },
131 { "MaxClients", &MaxClients, CUPSD_VARTYPE_INTEGER },
132 { "MaxClientsPerHost", &MaxClientsPerHost, CUPSD_VARTYPE_INTEGER },
133 { "MaxCopies", &MaxCopies, CUPSD_VARTYPE_INTEGER },
134 { "MaxEvents", &MaxEvents, CUPSD_VARTYPE_INTEGER },
135 { "MaxHoldTime", &MaxHoldTime, CUPSD_VARTYPE_INTEGER },
136 { "MaxJobs", &MaxJobs, CUPSD_VARTYPE_INTEGER },
137 { "MaxJobsPerPrinter", &MaxJobsPerPrinter, CUPSD_VARTYPE_INTEGER },
138 { "MaxJobsPerUser", &MaxJobsPerUser, CUPSD_VARTYPE_INTEGER },
139 { "MaxJobTime", &MaxJobTime, CUPSD_VARTYPE_INTEGER },
140 { "MaxLeaseDuration", &MaxLeaseDuration, CUPSD_VARTYPE_INTEGER },
141 { "MaxLogSize", &MaxLogSize, CUPSD_VARTYPE_INTEGER },
142 { "MaxRequestSize", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
143 { "MaxSubscriptions", &MaxSubscriptions, CUPSD_VARTYPE_INTEGER },
144 { "MaxSubscriptionsPerJob", &MaxSubscriptionsPerJob, CUPSD_VARTYPE_INTEGER },
145 { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER },
146 { "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER },
147 { "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_INTEGER },
148 { "PageLog", &PageLog, CUPSD_VARTYPE_STRING },
149 { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING },
150 { "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_BOOLEAN },
151 { "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_BOOLEAN },
152 { "Printcap", &Printcap, CUPSD_VARTYPE_STRING },
153 { "PrintcapGUI", &PrintcapGUI, CUPSD_VARTYPE_STRING },
154 { "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_INTEGER },
155 { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
156 { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
157 { "RIPCache", &RIPCache, CUPSD_VARTYPE_STRING },
158 { "RootCertDuration", &RootCertDuration, CUPSD_VARTYPE_INTEGER },
159 { "ServerAdmin", &ServerAdmin, CUPSD_VARTYPE_STRING },
160 { "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME },
161 #ifdef HAVE_SSL
162 { "ServerCertificate", &ServerCertificate, CUPSD_VARTYPE_PATHNAME },
163 # if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
164 { "ServerKey", &ServerKey, CUPSD_VARTYPE_PATHNAME },
165 # endif /* HAVE_LIBSSL || HAVE_GNUTLS */
166 #endif /* HAVE_SSL */
167 { "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
168 { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME },
169 { "SMBConfigFile", &SMBConfigFile, CUPSD_VARTYPE_STRING },
170 { "StateDir", &StateDir, CUPSD_VARTYPE_STRING },
171 #ifdef HAVE_AUTHORIZATION_H
172 { "SystemGroupAuthKey", &SystemGroupAuthKey, CUPSD_VARTYPE_STRING },
173 #endif /* HAVE_AUTHORIZATION_H */
174 { "TempDir", &TempDir, CUPSD_VARTYPE_PATHNAME },
175 { "Timeout", &Timeout, CUPSD_VARTYPE_INTEGER },
176 { "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN }
177 };
178 #define NUM_VARS (sizeof(variables) / sizeof(variables[0]))
179
180
181 static const unsigned ones[4] =
182 {
183 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff
184 };
185 static const unsigned zeros[4] =
186 {
187 0x00000000, 0x00000000, 0x00000000, 0x00000000
188 };
189
190
191 /*
192 * Local functions...
193 */
194
195 static http_addrlist_t *get_address(const char *value, int defport);
196 static int get_addr_and_mask(const char *value, unsigned *ip,
197 unsigned *mask);
198 static void mime_error_cb(void *ctx, const char *message);
199 static int parse_aaa(cupsd_location_t *loc, char *line,
200 char *value, int linenum);
201 static int parse_fatal_errors(const char *s);
202 static int parse_groups(const char *s);
203 static int parse_protocols(const char *s);
204 static int read_configuration(cups_file_t *fp);
205 static int read_location(cups_file_t *fp, char *name, int linenum);
206 static int read_policy(cups_file_t *fp, char *name, int linenum);
207 static void set_policy_defaults(cupsd_policy_t *pol);
208
209
210 /*
211 * 'cupsdAddAlias()' - Add a host alias.
212 */
213
214 void
215 cupsdAddAlias(cups_array_t *aliases, /* I - Array of aliases */
216 const char *name) /* I - Name to add */
217 {
218 cupsd_alias_t *a; /* New alias */
219 size_t namelen; /* Length of name */
220
221
222 namelen = strlen(name);
223
224 if ((a = (cupsd_alias_t *)malloc(sizeof(cupsd_alias_t) + namelen)) == NULL)
225 return;
226
227 a->namelen = namelen;
228 strcpy(a->name, name); /* OK since a->name is allocated */
229
230 cupsArrayAdd(aliases, a);
231 }
232
233
234 /*
235 * 'cupsdCheckPermissions()' - Fix the mode and ownership of a file or directory.
236 */
237
238 int /* O - 0 on success, -1 on error, 1 on warning */
239 cupsdCheckPermissions(
240 const char *filename, /* I - File/directory name */
241 const char *suffix, /* I - Additional file/directory name */
242 int mode, /* I - Permissions */
243 int user, /* I - Owner */
244 int group, /* I - Group */
245 int is_dir, /* I - 1 = directory, 0 = file */
246 int create_dir) /* I - 1 = create directory, -1 = create w/o logging, 0 = not */
247 {
248 int dir_created = 0; /* Did we create a directory? */
249 char pathname[1024]; /* File name with prefix */
250 struct stat fileinfo; /* Stat buffer */
251 int is_symlink; /* Is "filename" a symlink? */
252
253
254 /*
255 * Prepend the given root to the filename before testing it...
256 */
257
258 if (suffix)
259 {
260 snprintf(pathname, sizeof(pathname), "%s/%s", filename, suffix);
261 filename = pathname;
262 }
263
264 /*
265 * See if we can stat the file/directory...
266 */
267
268 if (lstat(filename, &fileinfo))
269 {
270 if (errno == ENOENT && create_dir)
271 {
272 if (create_dir > 0)
273 cupsdLogMessage(CUPSD_LOG_DEBUG, "Creating missing directory \"%s\"",
274 filename);
275
276 if (mkdir(filename, mode))
277 {
278 if (create_dir > 0)
279 cupsdLogMessage(CUPSD_LOG_ERROR,
280 "Unable to create directory \"%s\" - %s", filename,
281 strerror(errno));
282 else
283 syslog(LOG_ERR, "Unable to create directory \"%s\" - %s", filename,
284 strerror(errno));
285
286 return (-1);
287 }
288
289 dir_created = 1;
290 fileinfo.st_mode = mode | S_IFDIR;
291 }
292 else
293 return (create_dir ? -1 : 1);
294 }
295
296 if ((is_symlink = S_ISLNK(fileinfo.st_mode)) != 0)
297 {
298 if (stat(filename, &fileinfo))
299 {
300 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is a bad symlink - %s",
301 filename, strerror(errno));
302 return (-1);
303 }
304 }
305
306 /*
307 * Make sure it's a regular file or a directory as needed...
308 */
309
310 if (!dir_created && !is_dir && !S_ISREG(fileinfo.st_mode))
311 {
312 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a regular file.", filename);
313 return (-1);
314 }
315
316 if (!dir_created && is_dir && !S_ISDIR(fileinfo.st_mode))
317 {
318 if (create_dir >= 0)
319 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a directory.", filename);
320 else
321 syslog(LOG_ERR, "\"%s\" is not a directory.", filename);
322
323 return (-1);
324 }
325
326 /*
327 * If the filename is a symlink, do not change permissions (STR #2937)...
328 */
329
330 if (is_symlink)
331 return (0);
332
333 /*
334 * Fix owner, group, and mode as needed...
335 */
336
337 if (dir_created || fileinfo.st_uid != user || fileinfo.st_gid != group)
338 {
339 if (create_dir >= 0)
340 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing ownership of \"%s\"",
341 filename);
342
343 if (chown(filename, user, group) && !getuid())
344 {
345 if (create_dir >= 0)
346 cupsdLogMessage(CUPSD_LOG_ERROR,
347 "Unable to change ownership of \"%s\" - %s", filename,
348 strerror(errno));
349 else
350 syslog(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename,
351 strerror(errno));
352
353 return (1);
354 }
355 }
356
357 if (dir_created || (fileinfo.st_mode & 07777) != mode)
358 {
359 if (create_dir >= 0)
360 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing access permissions of \"%s\"",
361 filename);
362
363 if (chmod(filename, mode))
364 {
365 if (create_dir >= 0)
366 cupsdLogMessage(CUPSD_LOG_ERROR,
367 "Unable to change permissions of \"%s\" - %s", filename,
368 strerror(errno));
369 else
370 syslog(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename,
371 strerror(errno));
372
373 return (1);
374 }
375 }
376
377 /*
378 * Everything is OK...
379 */
380
381 return (0);
382 }
383
384
385 /*
386 * 'cupsdDefaultAuthType()' - Get the default AuthType.
387 *
388 * When the default_auth_type is "auto", this function tries to get the GSS
389 * credentials for the server. If that succeeds we use Kerberos authentication,
390 * otherwise we do a fallback to Basic authentication against the local user
391 * accounts.
392 */
393
394 int /* O - Default AuthType value */
395 cupsdDefaultAuthType(void)
396 {
397 #ifdef HAVE_GSSAPI
398 OM_uint32 major_status, /* Major status code */
399 minor_status; /* Minor status code */
400 gss_name_t server_name; /* Server name */
401 gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
402 /* Service name token */
403 char buf[1024]; /* Service name buffer */
404 #endif /* HAVE_GSSAPI */
405
406
407 /*
408 * If we have already determined the correct default AuthType, use it...
409 */
410
411 if (default_auth_type != CUPSD_AUTH_AUTO)
412 return (default_auth_type);
413
414 #ifdef HAVE_GSSAPI
415 # ifdef __APPLE__
416 /*
417 * If the weak-linked GSSAPI/Kerberos library is not present, don't try
418 * to use it...
419 */
420
421 if (gss_init_sec_context == NULL)
422 return (default_auth_type = CUPSD_AUTH_BASIC);
423 # endif /* __APPLE__ */
424
425 /*
426 * Try to obtain the server's GSS credentials (GSSServiceName@servername). If
427 * that fails we must use Basic...
428 */
429
430 snprintf(buf, sizeof(buf), "%s@%s", GSSServiceName, ServerName);
431
432 token.value = buf;
433 token.length = strlen(buf);
434 server_name = GSS_C_NO_NAME;
435 major_status = gss_import_name(&minor_status, &token,
436 GSS_C_NT_HOSTBASED_SERVICE,
437 &server_name);
438
439 memset(&token, 0, sizeof(token));
440
441 if (GSS_ERROR(major_status))
442 {
443 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
444 "cupsdDefaultAuthType: gss_import_name(%s) failed", buf);
445 return (default_auth_type = CUPSD_AUTH_BASIC);
446 }
447
448 major_status = gss_display_name(&minor_status, server_name, &token, NULL);
449
450 if (GSS_ERROR(major_status))
451 {
452 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
453 "cupsdDefaultAuthType: gss_display_name(%s) failed",
454 buf);
455 return (default_auth_type = CUPSD_AUTH_BASIC);
456 }
457
458 cupsdLogMessage(CUPSD_LOG_DEBUG,
459 "cupsdDefaultAuthType: Attempting to acquire Kerberos "
460 "credentials for %s...", (char *)token.value);
461
462 ServerCreds = GSS_C_NO_CREDENTIAL;
463 major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE,
464 GSS_C_NO_OID_SET, GSS_C_ACCEPT,
465 &ServerCreds, NULL, NULL);
466 if (GSS_ERROR(major_status))
467 {
468 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
469 "cupsdDefaultAuthType: gss_acquire_cred(%s) failed",
470 (char *)token.value);
471 gss_release_name(&minor_status, &server_name);
472 gss_release_buffer(&minor_status, &token);
473 return (default_auth_type = CUPSD_AUTH_BASIC);
474 }
475
476 cupsdLogMessage(CUPSD_LOG_DEBUG,
477 "cupsdDefaultAuthType: Kerberos credentials acquired "
478 "successfully for %s.", (char *)token.value);
479
480 gss_release_name(&minor_status, &server_name);
481 gss_release_buffer(&minor_status, &token);
482
483 HaveServerCreds = 1;
484
485 return (default_auth_type = CUPSD_AUTH_NEGOTIATE);
486
487 #else
488 /*
489 * No Kerberos support compiled in so just use Basic all the time...
490 */
491
492 return (default_auth_type = CUPSD_AUTH_BASIC);
493 #endif /* HAVE_GSSAPI */
494 }
495
496
497 /*
498 * 'cupsdFreeAliases()' - Free all of the alias entries.
499 */
500
501 void
502 cupsdFreeAliases(cups_array_t *aliases) /* I - Array of aliases */
503 {
504 cupsd_alias_t *a; /* Current alias */
505
506
507 for (a = (cupsd_alias_t *)cupsArrayFirst(aliases);
508 a;
509 a = (cupsd_alias_t *)cupsArrayNext(aliases))
510 free(a);
511
512 cupsArrayDelete(aliases);
513 }
514
515
516 /*
517 * 'cupsdReadConfiguration()' - Read the cupsd.conf file.
518 */
519
520 int /* O - 1 on success, 0 otherwise */
521 cupsdReadConfiguration(void)
522 {
523 int i; /* Looping var */
524 cups_file_t *fp; /* Configuration file */
525 int status; /* Return status */
526 char temp[1024], /* Temporary buffer */
527 mimedir[1024], /* MIME directory */
528 *slash; /* Directory separator */
529 cups_lang_t *language; /* Language */
530 struct passwd *user; /* Default user */
531 struct group *group; /* Default group */
532 char *old_serverroot, /* Old ServerRoot */
533 *old_requestroot; /* Old RequestRoot */
534 int old_remote_port; /* Old RemotePort */
535 const char *tmpdir; /* TMPDIR environment variable */
536 struct stat tmpinfo; /* Temporary directory info */
537 cupsd_policy_t *p; /* Policy */
538
539
540 /*
541 * Save the old root paths...
542 */
543
544 old_serverroot = NULL;
545 cupsdSetString(&old_serverroot, ServerRoot);
546 old_requestroot = NULL;
547 cupsdSetString(&old_requestroot, RequestRoot);
548
549 /*
550 * Reset the server configuration data...
551 */
552
553 cupsdDeleteAllLocations();
554
555 cupsdDeleteAllListeners();
556
557 old_remote_port = RemotePort;
558 RemotePort = 0;
559
560 /*
561 * String options...
562 */
563
564 cupsdFreeAliases(ServerAlias);
565 ServerAlias = NULL;
566
567 cupsdClearString(&ServerName);
568 cupsdClearString(&ServerAdmin);
569 cupsdSetString(&ServerBin, CUPS_SERVERBIN);
570 cupsdSetString(&RequestRoot, CUPS_REQUESTS);
571 cupsdSetString(&CacheDir, CUPS_CACHEDIR);
572 cupsdSetString(&DataDir, CUPS_DATADIR);
573 cupsdSetString(&DocumentRoot, CUPS_DOCROOT);
574 cupsdSetString(&AccessLog, CUPS_LOGDIR "/access_log");
575 cupsdClearString(&ErrorLog);
576 cupsdSetString(&PageLog, CUPS_LOGDIR "/page_log");
577 cupsdSetString(&PageLogFormat,
578 "%p %u %j %T %P %C %{job-billing} "
579 "%{job-originating-host-name} %{job-name} %{media} %{sides}");
580 cupsdSetString(&Printcap, CUPS_DEFAULT_PRINTCAP);
581 cupsdSetString(&PrintcapGUI, "/usr/bin/glpoptions");
582 cupsdSetString(&FontPath, CUPS_FONTPATH);
583 cupsdSetString(&RemoteRoot, "remroot");
584 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d", CUPS_VERSION_MAJOR,
585 CUPS_VERSION_MINOR);
586 cupsdSetString(&StateDir, CUPS_STATEDIR);
587
588 if (!strcmp(CUPS_DEFAULT_PRINTCAP, "/etc/printers.conf"))
589 PrintcapFormat = PRINTCAP_SOLARIS;
590 else if (!strcmp(CUPS_DEFAULT_PRINTCAP,
591 "/Library/Preferences/org.cups.printers.plist"))
592 PrintcapFormat = PRINTCAP_PLIST;
593 else
594 PrintcapFormat = PRINTCAP_BSD;
595
596 strlcpy(temp, ConfigurationFile, sizeof(temp));
597 if ((slash = strrchr(temp, '/')) != NULL)
598 *slash = '\0';
599
600 cupsdSetString(&ServerRoot, temp);
601
602 cupsdClearString(&Classification);
603 ClassifyOverride = 0;
604
605 #ifdef HAVE_SSL
606 # ifdef HAVE_CDSASSL
607 cupsdSetString(&ServerCertificate, "/Library/Keychains/System.keychain");
608 # else
609 cupsdSetString(&ServerCertificate, "ssl/server.crt");
610 cupsdSetString(&ServerKey, "ssl/server.key");
611 # endif /* HAVE_CDSASSL */
612 #endif /* HAVE_SSL */
613
614 language = cupsLangDefault();
615
616 if (!strcmp(language->language, "C") || !strcmp(language->language, "POSIX"))
617 cupsdSetString(&DefaultLanguage, "en");
618 else
619 cupsdSetString(&DefaultLanguage, language->language);
620
621 cupsdClearString(&DefaultPaperSize);
622
623 cupsdSetString(&RIPCache, "128m");
624
625 cupsdSetString(&TempDir, NULL);
626
627 #ifdef HAVE_GSSAPI
628 cupsdSetString(&GSSServiceName, CUPS_DEFAULT_GSSSERVICENAME);
629
630 if (HaveServerCreds)
631 {
632 OM_uint32 minor_status; /* Minor status code */
633
634 gss_release_cred(&minor_status, &ServerCreds);
635
636 HaveServerCreds = 0;
637 }
638
639 ServerCreds = GSS_C_NO_CREDENTIAL;
640 #endif /* HAVE_GSSAPI */
641
642 /*
643 * Find the default user...
644 */
645
646 if ((user = getpwnam(CUPS_DEFAULT_USER)) != NULL)
647 User = user->pw_uid;
648 else
649 {
650 /*
651 * Use the (historical) NFS nobody user ID (-2 as a 16-bit twos-
652 * complement number...)
653 */
654
655 User = 65534;
656 }
657
658 endpwent();
659
660 /*
661 * Find the default group...
662 */
663
664 group = getgrnam(CUPS_DEFAULT_GROUP);
665 endgrent();
666
667 if (group)
668 Group = group->gr_gid;
669 else
670 {
671 /*
672 * Fallback to group "nobody"...
673 */
674
675 group = getgrnam("nobody");
676 endgrent();
677
678 if (group)
679 Group = group->gr_gid;
680 else
681 {
682 /*
683 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
684 * complement number...)
685 */
686
687 Group = 65534;
688 }
689 }
690
691 /*
692 * Numeric options...
693 */
694
695 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
696 ConfigFilePerm = CUPS_DEFAULT_CONFIG_FILE_PERM;
697 FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS);
698 default_auth_type = CUPSD_AUTH_BASIC;
699 #ifdef HAVE_SSL
700 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
701 SSLOptions = CUPSD_SSL_NONE;
702 #endif /* HAVE_SSL */
703 DirtyCleanInterval = DEFAULT_KEEPALIVE;
704 JobKillDelay = DEFAULT_TIMEOUT;
705 JobRetryLimit = 5;
706 JobRetryInterval = 300;
707 FileDevice = FALSE;
708 FilterLevel = 0;
709 FilterLimit = 0;
710 FilterNice = 0;
711 HostNameLookups = FALSE;
712 KeepAlive = TRUE;
713 KeepAliveTimeout = DEFAULT_KEEPALIVE;
714 ListenBackLog = SOMAXCONN;
715 LogDebugHistory = 200;
716 LogFilePerm = CUPS_DEFAULT_LOG_FILE_PERM;
717 LogLevel = CUPSD_LOG_WARN;
718 LogTimeFormat = CUPSD_TIME_STANDARD;
719 MaxClients = 100;
720 MaxClientsPerHost = 0;
721 MaxLogSize = 1024 * 1024;
722 MaxRequestSize = 0;
723 MultipleOperationTimeout = DEFAULT_TIMEOUT;
724 ReloadTimeout = DEFAULT_KEEPALIVE;
725 RootCertDuration = 300;
726 Timeout = DEFAULT_TIMEOUT;
727 NumSystemGroups = 0;
728 WebInterface = CUPS_DEFAULT_WEBIF;
729
730 BrowseLocalProtocols = parse_protocols(CUPS_DEFAULT_BROWSE_LOCAL_PROTOCOLS);
731 BrowseWebIF = FALSE;
732 Browsing = CUPS_DEFAULT_BROWSING;
733 DefaultShared = CUPS_DEFAULT_DEFAULT_SHARED;
734
735 #ifdef HAVE_DNSSD
736 cupsdSetString(&DNSSDRegType, "_ipp._tcp,_cups");
737 #endif /* HAVE_DNSSD */
738
739 cupsdSetString(&LPDConfigFile, CUPS_DEFAULT_LPD_CONFIG_FILE);
740 cupsdSetString(&SMBConfigFile, CUPS_DEFAULT_SMB_CONFIG_FILE);
741
742 cupsdSetString(&ErrorPolicy, "stop-printer");
743
744 JobHistory = DEFAULT_HISTORY;
745 JobFiles = DEFAULT_FILES;
746 JobAutoPurge = 0;
747 MaxHoldTime = 0;
748 MaxJobs = 500;
749 MaxActiveJobs = 0;
750 MaxJobsPerUser = 0;
751 MaxJobsPerPrinter = 0;
752 MaxJobTime = 3 * 60 * 60; /* 3 hours */
753 MaxCopies = CUPS_DEFAULT_MAX_COPIES;
754
755 cupsdDeleteAllPolicies();
756 cupsdClearString(&DefaultPolicy);
757
758 #ifdef HAVE_AUTHORIZATION_H
759 cupsdClearString(&SystemGroupAuthKey);
760 #endif /* HAVE_AUTHORIZATION_H */
761
762 MaxSubscriptions = 100;
763 MaxSubscriptionsPerJob = 0;
764 MaxSubscriptionsPerPrinter = 0;
765 MaxSubscriptionsPerUser = 0;
766 DefaultLeaseDuration = 86400;
767 MaxLeaseDuration = 0;
768
769 #ifdef HAVE_LAUNCHD
770 LaunchdTimeout = 10;
771 #endif /* HAVE_LAUNCHD */
772
773 /*
774 * Setup environment variables...
775 */
776
777 cupsdInitEnv();
778
779 /*
780 * Read the configuration file...
781 */
782
783 if ((fp = cupsFileOpen(ConfigurationFile, "r")) == NULL)
784 return (0);
785
786 status = read_configuration(fp);
787
788 cupsFileClose(fp);
789
790 if (!status)
791 return (0);
792
793 if (!ErrorLog)
794 cupsdSetString(&ErrorLog, CUPS_LOGDIR "/error_log");
795
796 RunUser = getuid();
797
798 cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
799 RemotePort ? "enabled" : "disabled");
800
801 if (!RemotePort)
802 BrowseLocalProtocols = 0; /* Disable sharing - no remote access */
803
804 /*
805 * See if the ServerName is an IP address...
806 */
807
808 if (ServerName)
809 {
810 if (!ServerAlias)
811 ServerAlias = cupsArrayNew(NULL, NULL);
812
813 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", ServerName);
814 }
815 else
816 {
817 if (gethostname(temp, sizeof(temp)))
818 {
819 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get hostname: %s",
820 strerror(errno));
821 strlcpy(temp, "localhost", sizeof(temp));
822 }
823
824 cupsdSetString(&ServerName, temp);
825
826 if (!ServerAlias)
827 ServerAlias = cupsArrayNew(NULL, NULL);
828
829 cupsdAddAlias(ServerAlias, temp);
830 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
831
832 if (HostNameLookups || RemotePort)
833 {
834 struct hostent *host; /* Host entry to get FQDN */
835
836 if ((host = gethostbyname(temp)) != NULL)
837 {
838 if (_cups_strcasecmp(temp, host->h_name))
839 {
840 cupsdSetString(&ServerName, host->h_name);
841 cupsdAddAlias(ServerAlias, host->h_name);
842 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
843 host->h_name);
844 }
845
846 if (host->h_aliases)
847 {
848 for (i = 0; host->h_aliases[i]; i ++)
849 if (_cups_strcasecmp(temp, host->h_aliases[i]))
850 {
851 cupsdAddAlias(ServerAlias, host->h_aliases[i]);
852 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
853 host->h_aliases[i]);
854 }
855 }
856 }
857 }
858
859 /*
860 * Make sure we have the base hostname added as an alias, too!
861 */
862
863 if ((slash = strchr(temp, '.')) != NULL)
864 {
865 *slash = '\0';
866 cupsdAddAlias(ServerAlias, temp);
867 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
868 }
869 }
870
871 for (slash = ServerName; isdigit(*slash & 255) || *slash == '.'; slash ++);
872
873 ServerNameIsIP = !*slash;
874
875 /*
876 * Make sure ServerAdmin is initialized...
877 */
878
879 if (!ServerAdmin)
880 cupsdSetStringf(&ServerAdmin, "root@%s", ServerName);
881
882 /*
883 * Use the default system group if none was supplied in cupsd.conf...
884 */
885
886 if (NumSystemGroups == 0)
887 {
888 if (!parse_groups(CUPS_DEFAULT_SYSTEM_GROUPS))
889 {
890 /*
891 * Find the group associated with GID 0...
892 */
893
894 group = getgrgid(0);
895 endgrent();
896
897 if (group != NULL)
898 cupsdSetString(&SystemGroups[0], group->gr_name);
899 else
900 cupsdSetString(&SystemGroups[0], "unknown");
901
902 SystemGroupIDs[0] = 0;
903 NumSystemGroups = 1;
904 }
905 }
906
907 /*
908 * Open the system log for cupsd if necessary...
909 */
910
911 #ifdef HAVE_VSYSLOG
912 if (!strcmp(AccessLog, "syslog") ||
913 !strcmp(ErrorLog, "syslog") ||
914 !strcmp(PageLog, "syslog"))
915 openlog("cupsd", LOG_PID | LOG_NOWAIT | LOG_NDELAY, LOG_LPR);
916 #endif /* HAVE_VSYSLOG */
917
918 /*
919 * Make sure each of the log files exists and gets rotated as necessary...
920 */
921
922 if (strcmp(AccessLog, "syslog"))
923 cupsdCheckLogFile(&AccessFile, AccessLog);
924
925 if (strcmp(ErrorLog, "syslog"))
926 cupsdCheckLogFile(&ErrorFile, ErrorLog);
927
928 if (strcmp(PageLog, "syslog"))
929 cupsdCheckLogFile(&PageFile, PageLog);
930
931 /*
932 * Log the configuration file that was used...
933 */
934
935 cupsdLogMessage(CUPSD_LOG_INFO, "Loaded configuration file \"%s\"",
936 ConfigurationFile);
937
938 /*
939 * Validate the Group and SystemGroup settings - they cannot be the same,
940 * otherwise the CGI programs will be able to authenticate as root without
941 * a password!
942 */
943
944 if (!RunUser)
945 {
946 for (i = 0; i < NumSystemGroups; i ++)
947 if (Group == SystemGroupIDs[i])
948 break;
949
950 if (i < NumSystemGroups)
951 {
952 /*
953 * Log the error and reset the group to a safe value...
954 */
955
956 cupsdLogMessage(CUPSD_LOG_NOTICE,
957 "Group and SystemGroup cannot use the same groups.");
958 cupsdLogMessage(CUPSD_LOG_INFO, "Resetting Group to \"nobody\"...");
959
960 group = getgrnam("nobody");
961 endgrent();
962
963 if (group != NULL)
964 Group = group->gr_gid;
965 else
966 {
967 /*
968 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
969 * complement number...)
970 */
971
972 Group = 65534;
973 }
974 }
975 }
976
977 /*
978 * Check that we have at least one listen/port line; if not, report this
979 * as an error and exit!
980 */
981
982 if (cupsArrayCount(Listeners) == 0)
983 {
984 /*
985 * No listeners!
986 */
987
988 cupsdLogMessage(CUPSD_LOG_EMERG,
989 "No valid Listen or Port lines were found in the "
990 "configuration file.");
991
992 /*
993 * Commit suicide...
994 */
995
996 cupsdEndProcess(getpid(), 0);
997 }
998
999 /*
1000 * Set the default locale using the language and charset...
1001 */
1002
1003 cupsdSetStringf(&DefaultLocale, "%s.UTF-8", DefaultLanguage);
1004
1005 /*
1006 * Update all relative filenames to include the full path from ServerRoot...
1007 */
1008
1009 if (DocumentRoot[0] != '/')
1010 cupsdSetStringf(&DocumentRoot, "%s/%s", ServerRoot, DocumentRoot);
1011
1012 if (RequestRoot[0] != '/')
1013 cupsdSetStringf(&RequestRoot, "%s/%s", ServerRoot, RequestRoot);
1014
1015 if (ServerBin[0] != '/')
1016 cupsdSetStringf(&ServerBin, "%s/%s", ServerRoot, ServerBin);
1017
1018 if (StateDir[0] != '/')
1019 cupsdSetStringf(&StateDir, "%s/%s", ServerRoot, StateDir);
1020
1021 if (CacheDir[0] != '/')
1022 cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir);
1023
1024 #ifdef HAVE_SSL
1025 if (ServerCertificate[0] != '/')
1026 cupsdSetStringf(&ServerCertificate, "%s/%s", ServerRoot, ServerCertificate);
1027
1028 if (!strncmp(ServerRoot, ServerCertificate, strlen(ServerRoot)) &&
1029 cupsdCheckPermissions(ServerCertificate, NULL, 0600, RunUser, Group,
1030 0, 0) < 0 &&
1031 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1032 return (0);
1033
1034 # if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
1035 if (ServerKey[0] != '/')
1036 cupsdSetStringf(&ServerKey, "%s/%s", ServerRoot, ServerKey);
1037
1038 if (!strncmp(ServerRoot, ServerKey, strlen(ServerRoot)) &&
1039 cupsdCheckPermissions(ServerKey, NULL, 0600, RunUser, Group, 0, 0) < 0 &&
1040 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1041 return (0);
1042 # endif /* HAVE_LIBSSL || HAVE_GNUTLS */
1043 #endif /* HAVE_SSL */
1044
1045 /*
1046 * Make sure that directories and config files are owned and
1047 * writable by the user and group in the cupsd.conf file...
1048 */
1049
1050 snprintf(temp, sizeof(temp), "%s/rss", CacheDir);
1051
1052 if ((cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser,
1053 Group, 1, 1) < 0 ||
1054 cupsdCheckPermissions(CacheDir, NULL, 0775, RunUser,
1055 Group, 1, 1) < 0 ||
1056 cupsdCheckPermissions(temp, NULL, 0775, RunUser,
1057 Group, 1, 1) < 0 ||
1058 cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
1059 Group, 1, 1) < 0 ||
1060 cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
1061 SystemGroupIDs[0], 1, 1) < 0 ||
1062 cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
1063 Group, 1, 0) < 0 ||
1064 cupsdCheckPermissions(ServerRoot, "ppd", 0755, RunUser,
1065 Group, 1, 1) < 0 ||
1066 cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser,
1067 Group, 1, 0) < 0 ||
1068 cupsdCheckPermissions(ServerRoot, "cupsd.conf", ConfigFilePerm, RunUser,
1069 Group, 0, 0) < 0 ||
1070 cupsdCheckPermissions(ServerRoot, "classes.conf", 0600, RunUser,
1071 Group, 0, 0) < 0 ||
1072 cupsdCheckPermissions(ServerRoot, "printers.conf", 0600, RunUser,
1073 Group, 0, 0) < 0 ||
1074 cupsdCheckPermissions(ServerRoot, "passwd.md5", 0600, User,
1075 Group, 0, 0) < 0) &&
1076 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1077 return (0);
1078
1079 /*
1080 * Update TempDir to the default if it hasn't been set already...
1081 */
1082
1083 if (!TempDir)
1084 {
1085 #ifdef __APPLE__
1086 if ((tmpdir = getenv("TMPDIR")) != NULL &&
1087 strncmp(tmpdir, "/private/tmp", 12))
1088 #else
1089 if ((tmpdir = getenv("TMPDIR")) != NULL)
1090 #endif /* __APPLE__ */
1091 {
1092 /*
1093 * TMPDIR is defined, see if it is OK for us to use...
1094 */
1095
1096 if (stat(tmpdir, &tmpinfo))
1097 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to access TMPDIR (%s): %s",
1098 tmpdir, strerror(errno));
1099 else if (!S_ISDIR(tmpinfo.st_mode))
1100 cupsdLogMessage(CUPSD_LOG_ERROR, "TMPDIR (%s) is not a directory.",
1101 tmpdir);
1102 else if ((tmpinfo.st_uid != User || !(tmpinfo.st_mode & S_IWUSR)) &&
1103 (tmpinfo.st_gid != Group || !(tmpinfo.st_mode & S_IWGRP)) &&
1104 !(tmpinfo.st_mode & S_IWOTH))
1105 cupsdLogMessage(CUPSD_LOG_ERROR,
1106 "TMPDIR (%s) has the wrong permissions.", tmpdir);
1107 else
1108 cupsdSetString(&TempDir, tmpdir);
1109 }
1110
1111 if (!TempDir)
1112 {
1113 cupsdLogMessage(CUPSD_LOG_INFO, "Using default TempDir of %s/tmp...",
1114 RequestRoot);
1115 cupsdSetStringf(&TempDir, "%s/tmp", RequestRoot);
1116 }
1117 }
1118
1119 /*
1120 * Make sure the temporary directory has the right permissions...
1121 */
1122
1123 if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)) ||
1124 access(TempDir, 0))
1125 {
1126 /*
1127 * Update ownership and permissions if the CUPS temp directory
1128 * is under the spool directory or does not exist...
1129 */
1130
1131 if (cupsdCheckPermissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0 &&
1132 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1133 return (0);
1134 }
1135
1136 /*
1137 * Update environment variables...
1138 */
1139
1140 cupsdUpdateEnv();
1141
1142 /*
1143 * Update default paper size setting as needed...
1144 */
1145
1146 if (!DefaultPaperSize)
1147 {
1148 #ifdef HAVE_LIBPAPER
1149 char *paper_result; /* Paper size name from libpaper */
1150
1151 if ((paper_result = systempapername()) != NULL)
1152 cupsdSetString(&DefaultPaperSize, paper_result);
1153 else
1154 #endif /* HAVE_LIBPAPER */
1155 if (!DefaultLanguage ||
1156 !_cups_strcasecmp(DefaultLanguage, "C") ||
1157 !_cups_strcasecmp(DefaultLanguage, "POSIX") ||
1158 !_cups_strcasecmp(DefaultLanguage, "en") ||
1159 !_cups_strncasecmp(DefaultLanguage, "en.", 3) ||
1160 !_cups_strncasecmp(DefaultLanguage, "en_US", 5) ||
1161 !_cups_strncasecmp(DefaultLanguage, "en_CA", 5) ||
1162 !_cups_strncasecmp(DefaultLanguage, "fr_CA", 5))
1163 {
1164 /*
1165 * These are the only locales that will default to "letter" size...
1166 */
1167
1168 cupsdSetString(&DefaultPaperSize, "Letter");
1169 }
1170 else
1171 cupsdSetString(&DefaultPaperSize, "A4");
1172 }
1173
1174 /*
1175 * Update classification setting as needed...
1176 */
1177
1178 if (Classification && !_cups_strcasecmp(Classification, "none"))
1179 cupsdClearString(&Classification);
1180
1181 if (Classification)
1182 cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
1183
1184 /*
1185 * Check the MaxClients setting, and then allocate memory for it...
1186 */
1187
1188 if (MaxClients > (MaxFDs / 3) || MaxClients <= 0)
1189 {
1190 if (MaxClients > 0)
1191 cupsdLogMessage(CUPSD_LOG_INFO,
1192 "MaxClients limited to 1/3 (%d) of the file descriptor "
1193 "limit (%d)...",
1194 MaxFDs / 3, MaxFDs);
1195
1196 MaxClients = MaxFDs / 3;
1197 }
1198
1199 cupsdLogMessage(CUPSD_LOG_INFO, "Configured for up to %d clients.",
1200 MaxClients);
1201
1202 /*
1203 * Check the MaxActiveJobs setting; limit to 1/3 the available
1204 * file descriptors, since we need a pipe for each job...
1205 */
1206
1207 if (MaxActiveJobs > (MaxFDs / 3))
1208 MaxActiveJobs = MaxFDs / 3;
1209
1210 /*
1211 * Update the MaxClientsPerHost value, as needed...
1212 */
1213
1214 if (MaxClientsPerHost <= 0)
1215 MaxClientsPerHost = MaxClients;
1216
1217 if (MaxClientsPerHost > MaxClients)
1218 MaxClientsPerHost = MaxClients;
1219
1220 cupsdLogMessage(CUPSD_LOG_INFO,
1221 "Allowing up to %d client connections per host.",
1222 MaxClientsPerHost);
1223
1224 /*
1225 * Update the default policy, as needed...
1226 */
1227
1228 if (DefaultPolicy)
1229 DefaultPolicyPtr = cupsdFindPolicy(DefaultPolicy);
1230 else
1231 DefaultPolicyPtr = NULL;
1232
1233 if (!DefaultPolicyPtr)
1234 {
1235 cupsd_location_t *po; /* New policy operation */
1236
1237
1238 if (DefaultPolicy)
1239 cupsdLogMessage(CUPSD_LOG_ERROR, "Default policy \"%s\" not found.",
1240 DefaultPolicy);
1241
1242 cupsdSetString(&DefaultPolicy, "default");
1243
1244 if ((DefaultPolicyPtr = cupsdFindPolicy("default")) != NULL)
1245 cupsdLogMessage(CUPSD_LOG_INFO,
1246 "Using policy \"default\" as the default.");
1247 else
1248 {
1249 cupsdLogMessage(CUPSD_LOG_INFO,
1250 "Creating CUPS default administrative policy:");
1251
1252 DefaultPolicyPtr = p = cupsdAddPolicy("default");
1253
1254 cupsdLogMessage(CUPSD_LOG_INFO, "<Policy default>");
1255
1256 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateAccess default");
1257 cupsdAddString(&(p->job_access), "@OWNER");
1258 cupsdAddString(&(p->job_access), "@SYSTEM");
1259
1260 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateValues default");
1261 cupsdAddString(&(p->job_attrs), "job-name");
1262 cupsdAddString(&(p->job_attrs), "job-originating-host-name");
1263 cupsdAddString(&(p->job_attrs), "job-originating-user-name");
1264
1265 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateAccess default");
1266 cupsdAddString(&(p->sub_access), "@OWNER");
1267 cupsdAddString(&(p->sub_access), "@SYSTEM");
1268
1269 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateValues default");
1270 cupsdAddString(&(p->job_attrs), "notify-events");
1271 cupsdAddString(&(p->job_attrs), "notify-pull-method");
1272 cupsdAddString(&(p->job_attrs), "notify-recipient-uri");
1273 cupsdAddString(&(p->job_attrs), "notify-subscriber-user-name");
1274 cupsdAddString(&(p->job_attrs), "notify-user-data");
1275
1276 cupsdLogMessage(CUPSD_LOG_INFO,
1277 "<Limit Create-Job Print-Job Print-URI Validate-Job>");
1278 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1279
1280 po = cupsdAddPolicyOp(p, NULL, IPP_CREATE_JOB);
1281 po->order_type = CUPSD_AUTH_ALLOW;
1282
1283 cupsdAddPolicyOp(p, po, IPP_PRINT_JOB);
1284 cupsdAddPolicyOp(p, po, IPP_PRINT_URI);
1285 cupsdAddPolicyOp(p, po, IPP_VALIDATE_JOB);
1286
1287 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1288
1289 cupsdLogMessage(CUPSD_LOG_INFO,
1290 "<Limit Send-Document Send-URI Cancel-Job Hold-Job "
1291 "Release-Job Restart-Job Purge-Jobs "
1292 "Set-Job-Attributes Create-Job-Subscription "
1293 "Renew-Subscription Cancel-Subscription "
1294 "Get-Notifications Reprocess-Job Cancel-Current-Job "
1295 "Suspend-Current-Job Resume-Job "
1296 "Cancel-My-Jobs Close-Job CUPS-Move-Job "
1297 "CUPS-Authenticate-Job CUPS-Get-Document>");
1298 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1299
1300 po = cupsdAddPolicyOp(p, NULL, IPP_SEND_DOCUMENT);
1301 po->order_type = CUPSD_AUTH_ALLOW;
1302 po->level = CUPSD_AUTH_USER;
1303
1304 cupsdAddName(po, "@OWNER");
1305 cupsdAddName(po, "@SYSTEM");
1306 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @OWNER @SYSTEM");
1307
1308 cupsdAddPolicyOp(p, po, IPP_SEND_URI);
1309 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOB);
1310 cupsdAddPolicyOp(p, po, IPP_HOLD_JOB);
1311 cupsdAddPolicyOp(p, po, IPP_RELEASE_JOB);
1312 cupsdAddPolicyOp(p, po, IPP_RESTART_JOB);
1313 cupsdAddPolicyOp(p, po, IPP_PURGE_JOBS);
1314 cupsdAddPolicyOp(p, po, IPP_SET_JOB_ATTRIBUTES);
1315 cupsdAddPolicyOp(p, po, IPP_CREATE_JOB_SUBSCRIPTION);
1316 cupsdAddPolicyOp(p, po, IPP_RENEW_SUBSCRIPTION);
1317 cupsdAddPolicyOp(p, po, IPP_CANCEL_SUBSCRIPTION);
1318 cupsdAddPolicyOp(p, po, IPP_GET_NOTIFICATIONS);
1319 cupsdAddPolicyOp(p, po, IPP_REPROCESS_JOB);
1320 cupsdAddPolicyOp(p, po, IPP_CANCEL_CURRENT_JOB);
1321 cupsdAddPolicyOp(p, po, IPP_SUSPEND_CURRENT_JOB);
1322 cupsdAddPolicyOp(p, po, IPP_RESUME_JOB);
1323 cupsdAddPolicyOp(p, po, IPP_CANCEL_MY_JOBS);
1324 cupsdAddPolicyOp(p, po, IPP_CLOSE_JOB);
1325 cupsdAddPolicyOp(p, po, CUPS_MOVE_JOB);
1326 cupsdAddPolicyOp(p, po, CUPS_AUTHENTICATE_JOB);
1327 cupsdAddPolicyOp(p, po, CUPS_GET_DOCUMENT);
1328
1329 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1330
1331 cupsdLogMessage(CUPSD_LOG_INFO,
1332 "<Limit Pause-Printer Resume-Printer "
1333 "Set-Printer-Attributes Enable-Printer "
1334 "Disable-Printer Pause-Printer-After-Current-Job "
1335 "Hold-New-Jobs Release-Held-New-Jobs "
1336 "Deactivate-Printer Activate-Printer Restart-Printer "
1337 "Shutdown-Printer Startup-Printer Promote-Job "
1338 "Schedule-Job-After Cancel-Jobs CUPS-Add-Printer "
1339 "CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class "
1340 "CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>");
1341 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1342 cupsdLogMessage(CUPSD_LOG_INFO, "AuthType Default");
1343
1344 po = cupsdAddPolicyOp(p, NULL, IPP_PAUSE_PRINTER);
1345 po->order_type = CUPSD_AUTH_ALLOW;
1346 po->type = CUPSD_AUTH_DEFAULT;
1347 po->level = CUPSD_AUTH_USER;
1348
1349 cupsdAddName(po, "@SYSTEM");
1350 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @SYSTEM");
1351
1352 cupsdAddPolicyOp(p, po, IPP_RESUME_PRINTER);
1353 cupsdAddPolicyOp(p, po, IPP_SET_PRINTER_ATTRIBUTES);
1354 cupsdAddPolicyOp(p, po, IPP_ENABLE_PRINTER);
1355 cupsdAddPolicyOp(p, po, IPP_DISABLE_PRINTER);
1356 cupsdAddPolicyOp(p, po, IPP_PAUSE_PRINTER_AFTER_CURRENT_JOB);
1357 cupsdAddPolicyOp(p, po, IPP_HOLD_NEW_JOBS);
1358 cupsdAddPolicyOp(p, po, IPP_RELEASE_HELD_NEW_JOBS);
1359 cupsdAddPolicyOp(p, po, IPP_DEACTIVATE_PRINTER);
1360 cupsdAddPolicyOp(p, po, IPP_ACTIVATE_PRINTER);
1361 cupsdAddPolicyOp(p, po, IPP_RESTART_PRINTER);
1362 cupsdAddPolicyOp(p, po, IPP_SHUTDOWN_PRINTER);
1363 cupsdAddPolicyOp(p, po, IPP_STARTUP_PRINTER);
1364 cupsdAddPolicyOp(p, po, IPP_PROMOTE_JOB);
1365 cupsdAddPolicyOp(p, po, IPP_SCHEDULE_JOB_AFTER);
1366 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOBS);
1367 cupsdAddPolicyOp(p, po, CUPS_ADD_PRINTER);
1368 cupsdAddPolicyOp(p, po, CUPS_DELETE_PRINTER);
1369 cupsdAddPolicyOp(p, po, CUPS_ADD_CLASS);
1370 cupsdAddPolicyOp(p, po, CUPS_DELETE_CLASS);
1371 cupsdAddPolicyOp(p, po, CUPS_ACCEPT_JOBS);
1372 cupsdAddPolicyOp(p, po, CUPS_REJECT_JOBS);
1373 cupsdAddPolicyOp(p, po, CUPS_SET_DEFAULT);
1374
1375 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1376
1377 cupsdLogMessage(CUPSD_LOG_INFO, "<Limit All>");
1378 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1379
1380 po = cupsdAddPolicyOp(p, NULL, IPP_ANY_OPERATION);
1381 po->order_type = CUPSD_AUTH_ALLOW;
1382
1383 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1384 cupsdLogMessage(CUPSD_LOG_INFO, "</Policy>");
1385 }
1386 }
1387
1388 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: NumPolicies=%d",
1389 cupsArrayCount(Policies));
1390 for (i = 0, p = (cupsd_policy_t *)cupsArrayFirst(Policies);
1391 p;
1392 i ++, p = (cupsd_policy_t *)cupsArrayNext(Policies))
1393 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1394 "cupsdReadConfiguration: Policies[%d]=\"%s\"", i, p->name);
1395
1396 /*
1397 * If we are doing a full reload or the server root has changed, flush
1398 * the jobs, printers, etc. and start from scratch...
1399 */
1400
1401 if (NeedReload == RELOAD_ALL ||
1402 old_remote_port != RemotePort ||
1403 !old_serverroot || !ServerRoot || strcmp(old_serverroot, ServerRoot) ||
1404 !old_requestroot || !RequestRoot || strcmp(old_requestroot, RequestRoot))
1405 {
1406 mime_type_t *type; /* Current type */
1407 char mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE];
1408 /* MIME type name */
1409
1410
1411 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload is required.");
1412
1413 /*
1414 * Free all memory...
1415 */
1416
1417 cupsdDeleteAllSubscriptions();
1418 cupsdFreeAllJobs();
1419 cupsdDeleteAllPrinters();
1420
1421 DefaultPrinter = NULL;
1422
1423 if (MimeDatabase != NULL)
1424 mimeDelete(MimeDatabase);
1425
1426 if (NumMimeTypes)
1427 {
1428 for (i = 0; i < NumMimeTypes; i ++)
1429 _cupsStrFree(MimeTypes[i]);
1430
1431 free(MimeTypes);
1432 }
1433
1434 /*
1435 * Read the MIME type and conversion database...
1436 */
1437
1438 snprintf(temp, sizeof(temp), "%s/filter", ServerBin);
1439 snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir);
1440
1441 MimeDatabase = mimeNew();
1442 mimeSetErrorCallback(MimeDatabase, mime_error_cb, NULL);
1443
1444 MimeDatabase = mimeLoadTypes(MimeDatabase, mimedir);
1445 MimeDatabase = mimeLoadTypes(MimeDatabase, ServerRoot);
1446 MimeDatabase = mimeLoadFilters(MimeDatabase, mimedir, temp);
1447 MimeDatabase = mimeLoadFilters(MimeDatabase, ServerRoot, temp);
1448
1449 if (!MimeDatabase)
1450 {
1451 cupsdLogMessage(CUPSD_LOG_EMERG,
1452 "Unable to load MIME database from \"%s\" or \"%s\".",
1453 mimedir, ServerRoot);
1454 if (FatalErrors & CUPSD_FATAL_CONFIG)
1455 return (0);
1456 }
1457
1458 cupsdLogMessage(CUPSD_LOG_INFO,
1459 "Loaded MIME database from \"%s\" and \"%s\": %d types, "
1460 "%d filters...", mimedir, ServerRoot,
1461 mimeNumTypes(MimeDatabase), mimeNumFilters(MimeDatabase));
1462
1463 /*
1464 * Create a list of MIME types for the document-format-supported
1465 * attribute...
1466 */
1467
1468 NumMimeTypes = mimeNumTypes(MimeDatabase);
1469 if (!mimeType(MimeDatabase, "application", "octet-stream"))
1470 NumMimeTypes ++;
1471
1472 if ((MimeTypes = calloc(NumMimeTypes, sizeof(const char *))) == NULL)
1473 {
1474 cupsdLogMessage(CUPSD_LOG_ERROR,
1475 "Unable to allocate memory for %d MIME types.",
1476 NumMimeTypes);
1477 NumMimeTypes = 0;
1478 }
1479 else
1480 {
1481 for (i = 0, type = mimeFirstType(MimeDatabase);
1482 type;
1483 i ++, type = mimeNextType(MimeDatabase))
1484 {
1485 snprintf(mimetype, sizeof(mimetype), "%s/%s", type->super, type->type);
1486
1487 MimeTypes[i] = _cupsStrAlloc(mimetype);
1488 }
1489
1490 if (i < NumMimeTypes)
1491 MimeTypes[i] = _cupsStrAlloc("application/octet-stream");
1492 }
1493
1494 if (LogLevel == CUPSD_LOG_DEBUG2)
1495 {
1496 mime_filter_t *filter; /* Current filter */
1497
1498
1499 for (type = mimeFirstType(MimeDatabase);
1500 type;
1501 type = mimeNextType(MimeDatabase))
1502 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: type %s/%s",
1503 type->super, type->type);
1504
1505 for (filter = mimeFirstFilter(MimeDatabase);
1506 filter;
1507 filter = mimeNextFilter(MimeDatabase))
1508 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1509 "cupsdReadConfiguration: filter %s/%s to %s/%s %d %s",
1510 filter->src->super, filter->src->type,
1511 filter->dst->super, filter->dst->type,
1512 filter->cost, filter->filter);
1513 }
1514
1515 /*
1516 * Load banners...
1517 */
1518
1519 snprintf(temp, sizeof(temp), "%s/banners", DataDir);
1520 cupsdLoadBanners(temp);
1521
1522 /*
1523 * Load printers and classes...
1524 */
1525
1526 cupsdLoadAllPrinters();
1527 cupsdLoadAllClasses();
1528
1529 cupsdCreateCommonData();
1530
1531 /*
1532 * Update the printcap file as needed...
1533 */
1534
1535 if (Printcap && *Printcap && access(Printcap, 0))
1536 cupsdWritePrintcap();
1537
1538 /*
1539 * Load queued jobs...
1540 */
1541
1542 cupsdLoadAllJobs();
1543
1544 /*
1545 * Load subscriptions...
1546 */
1547
1548 cupsdLoadAllSubscriptions();
1549
1550 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload complete.");
1551 }
1552 else
1553 {
1554 /*
1555 * Not a full reload, so recreate the common printer attributes...
1556 */
1557
1558 cupsdCreateCommonData();
1559
1560 /*
1561 * Update all printers as needed...
1562 */
1563
1564 cupsdUpdatePrinters();
1565 cupsdMarkDirty(CUPSD_DIRTY_PRINTCAP);
1566
1567 cupsdLogMessage(CUPSD_LOG_INFO, "Partial reload complete.");
1568 }
1569
1570 /*
1571 * Reset the reload state...
1572 */
1573
1574 NeedReload = RELOAD_NONE;
1575
1576 cupsdClearString(&old_serverroot);
1577 cupsdClearString(&old_requestroot);
1578
1579 return (1);
1580 }
1581
1582
1583 /*
1584 * 'get_address()' - Get an address + port number from a line.
1585 */
1586
1587 static http_addrlist_t * /* O - Pointer to list if address good, NULL if bad */
1588 get_address(const char *value, /* I - Value string */
1589 int defport) /* I - Default port */
1590 {
1591 char buffer[1024], /* Hostname + port number buffer */
1592 defpname[255], /* Default port name */
1593 *hostname, /* Hostname or IP */
1594 *portname; /* Port number or name */
1595 http_addrlist_t *addrlist; /* Address list */
1596
1597
1598 /*
1599 * Check for an empty value...
1600 */
1601
1602 if (!*value)
1603 {
1604 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad (empty) address.");
1605 return (NULL);
1606 }
1607
1608 /*
1609 * Grab a hostname and port number; if there is no colon and the port name
1610 * is only digits, then we have a port number by itself...
1611 */
1612
1613 strlcpy(buffer, value, sizeof(buffer));
1614
1615 if ((portname = strrchr(buffer, ':')) != NULL && !strchr(portname, ']'))
1616 {
1617 *portname++ = '\0';
1618 hostname = buffer;
1619 }
1620 else
1621 {
1622 for (portname = buffer; isdigit(*portname & 255); portname ++);
1623
1624 if (*portname)
1625 {
1626 /*
1627 * Use the default port...
1628 */
1629
1630 sprintf(defpname, "%d", defport);
1631 portname = defpname;
1632 hostname = buffer;
1633 }
1634 else
1635 {
1636 /*
1637 * The buffer contains just a port number...
1638 */
1639
1640 portname = buffer;
1641 hostname = NULL;
1642 }
1643 }
1644
1645 if (hostname && !strcmp(hostname, "*"))
1646 hostname = NULL;
1647
1648 /*
1649 * Now lookup the address using httpAddrGetList()...
1650 */
1651
1652 if ((addrlist = httpAddrGetList(hostname, AF_UNSPEC, portname)) == NULL)
1653 cupsdLogMessage(CUPSD_LOG_ERROR, "Hostname lookup for \"%s\" failed.",
1654 hostname ? hostname : "(nil)");
1655
1656 return (addrlist);
1657 }
1658
1659
1660 /*
1661 * 'get_addr_and_mask()' - Get an IP address and netmask.
1662 */
1663
1664 static int /* O - 1 on success, 0 on failure */
1665 get_addr_and_mask(const char *value, /* I - String from config file */
1666 unsigned *ip, /* O - Address value */
1667 unsigned *mask) /* O - Mask value */
1668 {
1669 int i, j, /* Looping vars */
1670 family, /* Address family */
1671 ipcount; /* Count of fields in address */
1672 unsigned ipval; /* Value */
1673 const char *maskval, /* Pointer to start of mask value */
1674 *ptr, /* Pointer into value */
1675 *ptr2; /* ... */
1676
1677
1678 /*
1679 * Get the address...
1680 */
1681
1682 ip[0] = ip[1] = ip[2] = ip[3] = 0x00000000;
1683 mask[0] = mask[1] = mask[2] = mask[3] = 0xffffffff;
1684
1685 if ((maskval = strchr(value, '/')) != NULL)
1686 maskval ++;
1687 else
1688 maskval = value + strlen(value);
1689
1690 #ifdef AF_INET6
1691 /*
1692 * Check for an IPv6 address...
1693 */
1694
1695 if (*value == '[')
1696 {
1697 /*
1698 * Parse hexadecimal IPv6/IPv4 address...
1699 */
1700
1701 family = AF_INET6;
1702
1703 for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
1704 {
1705 if (*ptr == ']')
1706 break;
1707 else if (!strncmp(ptr, "::", 2))
1708 {
1709 for (ptr2 = strchr(ptr + 2, ':'), j = 0;
1710 ptr2;
1711 ptr2 = strchr(ptr2 + 1, ':'), j ++);
1712
1713 i = 6 - j;
1714 ptr += 2;
1715 }
1716 else if (isdigit(*ptr & 255) && strchr(ptr + 1, '.') && i >= 6)
1717 {
1718 /*
1719 * Read IPv4 dotted quad...
1720 */
1721
1722 unsigned val[4] = { 0, 0, 0, 0 };
1723 /* IPv4 address values */
1724
1725 ipcount = sscanf(ptr, "%u.%u.%u.%u", val + 0, val + 1, val + 2,
1726 val + 3);
1727
1728 /*
1729 * Range check the IP numbers...
1730 */
1731
1732 for (i = 0; i < ipcount; i ++)
1733 if (val[i] > 255)
1734 return (0);
1735
1736 /*
1737 * Merge everything into a 32-bit IPv4 address in ip[3]...
1738 */
1739
1740 ip[3] = (((((val[0] << 8) | val[1]) << 8) | val[2]) << 8) | val[3];
1741
1742 if (ipcount < 4)
1743 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1744
1745 /*
1746 * If the leading words are all 0's then this is an IPv4 address...
1747 */
1748
1749 if (!val[0] && !val[1] && !val[2])
1750 family = AF_INET;
1751
1752 while (isdigit(*ptr & 255) || *ptr == '.')
1753 ptr ++;
1754 break;
1755 }
1756 else if (isxdigit(*ptr & 255))
1757 {
1758 ipval = strtoul(ptr, (char **)&ptr, 16);
1759
1760 if (*ptr == ':' && ptr[1] != ':')
1761 ptr ++;
1762
1763 if (ipval > 0xffff)
1764 return (0);
1765
1766 if (i & 1)
1767 ip[i / 2] |= ipval;
1768 else
1769 ip[i / 2] |= ipval << 16;
1770 }
1771 else
1772 return (0);
1773 }
1774
1775 if (*ptr != ']')
1776 return (0);
1777
1778 ptr ++;
1779
1780 if (*ptr && *ptr != '/')
1781 return (0);
1782 }
1783 else
1784 #endif /* AF_INET6 */
1785 {
1786 /*
1787 * Parse dotted-decimal IPv4 address...
1788 */
1789
1790 unsigned val[4] = { 0, 0, 0, 0 }; /* IPv4 address values */
1791
1792
1793 family = AF_INET;
1794 ipcount = sscanf(value, "%u.%u.%u.%u", val + 0, val + 1, val + 2, val + 3);
1795
1796 /*
1797 * Range check the IP numbers...
1798 */
1799
1800 for (i = 0; i < ipcount; i ++)
1801 if (val[i] > 255)
1802 return (0);
1803
1804 /*
1805 * Merge everything into a 32-bit IPv4 address in ip[3]...
1806 */
1807
1808 ip[3] = (((((val[0] << 8) | val[1]) << 8) | val[2]) << 8) | val[3];
1809
1810 if (ipcount < 4)
1811 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1812 }
1813
1814 if (*maskval)
1815 {
1816 /*
1817 * Get the netmask value(s)...
1818 */
1819
1820 memset(mask, 0, sizeof(unsigned) * 4);
1821
1822 if (strchr(maskval, '.'))
1823 {
1824 /*
1825 * Get dotted-decimal mask...
1826 */
1827
1828 if (family != AF_INET)
1829 return (0);
1830
1831 if (sscanf(maskval, "%u.%u.%u.%u", mask + 0, mask + 1, mask + 2,
1832 mask + 3) != 4)
1833 return (0);
1834
1835 mask[3] |= ((((mask[0] << 8) | mask[1]) << 8) | mask[2]) << 8;
1836 mask[0] = mask[1] = mask[2] = 0;
1837 }
1838 else
1839 {
1840 /*
1841 * Get address/bits format...
1842 */
1843
1844 i = atoi(maskval);
1845
1846 #ifdef AF_INET6
1847 if (family == AF_INET6)
1848 {
1849 if (i > 128)
1850 return (0);
1851
1852 i = 128 - i;
1853
1854 if (i <= 96)
1855 mask[0] = 0xffffffff;
1856 else
1857 mask[0] = (0xffffffff << (i - 96)) & 0xffffffff;
1858
1859 if (i <= 64)
1860 mask[1] = 0xffffffff;
1861 else if (i >= 96)
1862 mask[1] = 0;
1863 else
1864 mask[1] = (0xffffffff << (i - 64)) & 0xffffffff;
1865
1866 if (i <= 32)
1867 mask[2] = 0xffffffff;
1868 else if (i >= 64)
1869 mask[2] = 0;
1870 else
1871 mask[2] = (0xffffffff << (i - 32)) & 0xffffffff;
1872
1873 if (i == 0)
1874 mask[3] = 0xffffffff;
1875 else if (i >= 32)
1876 mask[3] = 0;
1877 else
1878 mask[3] = (0xffffffff << i) & 0xffffffff;
1879 }
1880 else
1881 #endif /* AF_INET6 */
1882 {
1883 if (i > 32)
1884 return (0);
1885
1886 mask[0] = 0xffffffff;
1887 mask[1] = 0xffffffff;
1888 mask[2] = 0xffffffff;
1889
1890 if (i < 32)
1891 mask[3] = (0xffffffff << (32 - i)) & 0xffffffff;
1892 else
1893 mask[3] = 0xffffffff;
1894 }
1895 }
1896 }
1897
1898 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1899 "get_addr_and_mask(value=\"%s\", "
1900 "ip=[%08x:%08x:%08x:%08x], mask=[%08x:%08x:%08x:%08x])",
1901 value, ip[0], ip[1], ip[2], ip[3], mask[0], mask[1], mask[2],
1902 mask[3]);
1903
1904 /*
1905 * Check for a valid netmask; no fallback like in CUPS 1.1.x!
1906 */
1907
1908 if ((ip[0] & ~mask[0]) != 0 ||
1909 (ip[1] & ~mask[1]) != 0 ||
1910 (ip[2] & ~mask[2]) != 0 ||
1911 (ip[3] & ~mask[3]) != 0)
1912 return (0);
1913
1914 return (1);
1915 }
1916
1917
1918 /*
1919 * 'mime_error_cb()' - Log a MIME error.
1920 */
1921
1922 static void
1923 mime_error_cb(void *ctx, /* I - Context pointer (unused) */
1924 const char *message) /* I - Message */
1925 {
1926 (void)ctx;
1927
1928 cupsdLogMessage(CUPSD_LOG_ERROR, "%s", message);
1929 }
1930
1931
1932 /*
1933 * 'parse_aaa()' - Parse authentication, authorization, and access control lines.
1934 */
1935
1936 static int /* O - 1 on success, 0 on failure */
1937 parse_aaa(cupsd_location_t *loc, /* I - Location */
1938 char *line, /* I - Line from file */
1939 char *value, /* I - Start of value data */
1940 int linenum) /* I - Current line number */
1941 {
1942 char *valptr; /* Pointer into value */
1943 unsigned ip[4], /* IP address components */
1944 mask[4]; /* IP netmask components */
1945
1946
1947 if (!_cups_strcasecmp(line, "Encryption"))
1948 {
1949 /*
1950 * "Encryption xxx" - set required encryption level...
1951 */
1952
1953 if (!_cups_strcasecmp(value, "never"))
1954 loc->encryption = HTTP_ENCRYPT_NEVER;
1955 else if (!_cups_strcasecmp(value, "always"))
1956 {
1957 cupsdLogMessage(CUPSD_LOG_ERROR,
1958 "Encryption value \"%s\" on line %d is invalid in this "
1959 "context. Using \"required\" instead.", value, linenum);
1960
1961 loc->encryption = HTTP_ENCRYPT_REQUIRED;
1962 }
1963 else if (!_cups_strcasecmp(value, "required"))
1964 loc->encryption = HTTP_ENCRYPT_REQUIRED;
1965 else if (!_cups_strcasecmp(value, "ifrequested"))
1966 loc->encryption = HTTP_ENCRYPT_IF_REQUESTED;
1967 else
1968 {
1969 cupsdLogMessage(CUPSD_LOG_ERROR,
1970 "Unknown Encryption value %s on line %d.", value, linenum);
1971 return (0);
1972 }
1973 }
1974 else if (!_cups_strcasecmp(line, "Order"))
1975 {
1976 /*
1977 * "Order Deny,Allow" or "Order Allow,Deny"...
1978 */
1979
1980 if (!_cups_strncasecmp(value, "deny", 4))
1981 loc->order_type = CUPSD_AUTH_ALLOW;
1982 else if (!_cups_strncasecmp(value, "allow", 5))
1983 loc->order_type = CUPSD_AUTH_DENY;
1984 else
1985 {
1986 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown Order value %s on line %d.",
1987 value, linenum);
1988 return (0);
1989 }
1990 }
1991 else if (!_cups_strcasecmp(line, "Allow") || !_cups_strcasecmp(line, "Deny"))
1992 {
1993 /*
1994 * Allow [From] host/ip...
1995 * Deny [From] host/ip...
1996 */
1997
1998 while (*value)
1999 {
2000 if (!_cups_strncasecmp(value, "from", 4))
2001 {
2002 /*
2003 * Strip leading "from"...
2004 */
2005
2006 value += 4;
2007
2008 while (_cups_isspace(*value))
2009 value ++;
2010
2011 if (!*value)
2012 break;
2013 }
2014
2015 /*
2016 * Find the end of the value...
2017 */
2018
2019 for (valptr = value; *valptr && !_cups_isspace(*valptr); valptr ++);
2020
2021 while (_cups_isspace(*valptr))
2022 *valptr++ = '\0';
2023
2024 /*
2025 * Figure out what form the allow/deny address takes:
2026 *
2027 * All
2028 * None
2029 * *.domain.com
2030 * .domain.com
2031 * host.domain.com
2032 * nnn.*
2033 * nnn.nnn.*
2034 * nnn.nnn.nnn.*
2035 * nnn.nnn.nnn.nnn
2036 * nnn.nnn.nnn.nnn/mm
2037 * nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
2038 */
2039
2040 if (!_cups_strcasecmp(value, "all"))
2041 {
2042 /*
2043 * All hosts...
2044 */
2045
2046 if (!_cups_strcasecmp(line, "Allow"))
2047 cupsdAddIPMask(&(loc->allow), zeros, zeros);
2048 else
2049 cupsdAddIPMask(&(loc->deny), zeros, zeros);
2050 }
2051 else if (!_cups_strcasecmp(value, "none"))
2052 {
2053 /*
2054 * No hosts...
2055 */
2056
2057 if (!_cups_strcasecmp(line, "Allow"))
2058 cupsdAddIPMask(&(loc->allow), ones, zeros);
2059 else
2060 cupsdAddIPMask(&(loc->deny), ones, zeros);
2061 }
2062 #ifdef AF_INET6
2063 else if (value[0] == '*' || value[0] == '.' ||
2064 (!isdigit(value[0] & 255) && value[0] != '['))
2065 #else
2066 else if (value[0] == '*' || value[0] == '.' || !isdigit(value[0] & 255))
2067 #endif /* AF_INET6 */
2068 {
2069 /*
2070 * Host or domain name...
2071 */
2072
2073 if (value[0] == '*')
2074 value ++;
2075
2076 if (!_cups_strcasecmp(line, "Allow"))
2077 cupsdAddNameMask(&(loc->allow), value);
2078 else
2079 cupsdAddNameMask(&(loc->deny), value);
2080 }
2081 else
2082 {
2083 /*
2084 * One of many IP address forms...
2085 */
2086
2087 if (!get_addr_and_mask(value, ip, mask))
2088 {
2089 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d.",
2090 value, linenum);
2091 return (0);
2092 }
2093
2094 if (!_cups_strcasecmp(line, "Allow"))
2095 cupsdAddIPMask(&(loc->allow), ip, mask);
2096 else
2097 cupsdAddIPMask(&(loc->deny), ip, mask);
2098 }
2099
2100 /*
2101 * Advance to next value...
2102 */
2103
2104 value = valptr;
2105 }
2106 }
2107 else if (!_cups_strcasecmp(line, "AuthType"))
2108 {
2109 /*
2110 * AuthType {none,basic,digest,basicdigest,negotiate,default}
2111 */
2112
2113 if (!_cups_strcasecmp(value, "none"))
2114 {
2115 loc->type = CUPSD_AUTH_NONE;
2116 loc->level = CUPSD_AUTH_ANON;
2117 }
2118 else if (!_cups_strcasecmp(value, "basic"))
2119 {
2120 loc->type = CUPSD_AUTH_BASIC;
2121
2122 if (loc->level == CUPSD_AUTH_ANON)
2123 loc->level = CUPSD_AUTH_USER;
2124 }
2125 else if (!_cups_strcasecmp(value, "digest"))
2126 {
2127 loc->type = CUPSD_AUTH_DIGEST;
2128
2129 if (loc->level == CUPSD_AUTH_ANON)
2130 loc->level = CUPSD_AUTH_USER;
2131 }
2132 else if (!_cups_strcasecmp(value, "basicdigest"))
2133 {
2134 loc->type = CUPSD_AUTH_BASICDIGEST;
2135
2136 if (loc->level == CUPSD_AUTH_ANON)
2137 loc->level = CUPSD_AUTH_USER;
2138 }
2139 else if (!_cups_strcasecmp(value, "default"))
2140 {
2141 loc->type = CUPSD_AUTH_DEFAULT;
2142
2143 if (loc->level == CUPSD_AUTH_ANON)
2144 loc->level = CUPSD_AUTH_USER;
2145 }
2146 #ifdef HAVE_GSSAPI
2147 else if (!_cups_strcasecmp(value, "negotiate"))
2148 {
2149 loc->type = CUPSD_AUTH_NEGOTIATE;
2150
2151 if (loc->level == CUPSD_AUTH_ANON)
2152 loc->level = CUPSD_AUTH_USER;
2153 }
2154 #endif /* HAVE_GSSAPI */
2155 else
2156 {
2157 cupsdLogMessage(CUPSD_LOG_WARN,
2158 "Unknown authorization type %s on line %d.",
2159 value, linenum);
2160 return (0);
2161 }
2162 }
2163 else if (!_cups_strcasecmp(line, "AuthClass"))
2164 {
2165 /*
2166 * AuthClass anonymous, user, system, group
2167 */
2168
2169 if (!_cups_strcasecmp(value, "anonymous"))
2170 {
2171 loc->type = CUPSD_AUTH_NONE;
2172 loc->level = CUPSD_AUTH_ANON;
2173
2174 cupsdLogMessage(CUPSD_LOG_WARN,
2175 "\"AuthClass %s\" is deprecated; consider removing "
2176 "it from line %d.",
2177 value, linenum);
2178 }
2179 else if (!_cups_strcasecmp(value, "user"))
2180 {
2181 loc->level = CUPSD_AUTH_USER;
2182
2183 cupsdLogMessage(CUPSD_LOG_WARN,
2184 "\"AuthClass %s\" is deprecated; consider using "
2185 "\"Require valid-user\" on line %d.",
2186 value, linenum);
2187 }
2188 else if (!_cups_strcasecmp(value, "group"))
2189 {
2190 loc->level = CUPSD_AUTH_GROUP;
2191
2192 cupsdLogMessage(CUPSD_LOG_WARN,
2193 "\"AuthClass %s\" is deprecated; consider using "
2194 "\"Require user @groupname\" on line %d.",
2195 value, linenum);
2196 }
2197 else if (!_cups_strcasecmp(value, "system"))
2198 {
2199 loc->level = CUPSD_AUTH_GROUP;
2200
2201 cupsdAddName(loc, "@SYSTEM");
2202
2203 cupsdLogMessage(CUPSD_LOG_WARN,
2204 "\"AuthClass %s\" is deprecated; consider using "
2205 "\"Require user @SYSTEM\" on line %d.",
2206 value, linenum);
2207 }
2208 else
2209 {
2210 cupsdLogMessage(CUPSD_LOG_WARN,
2211 "Unknown authorization class %s on line %d.",
2212 value, linenum);
2213 return (0);
2214 }
2215 }
2216 else if (!_cups_strcasecmp(line, "AuthGroupName"))
2217 {
2218 cupsdAddName(loc, value);
2219
2220 cupsdLogMessage(CUPSD_LOG_WARN,
2221 "\"AuthGroupName %s\" directive is deprecated; consider "
2222 "using \"Require user @%s\" on line %d.",
2223 value, value, linenum);
2224 }
2225 else if (!_cups_strcasecmp(line, "Require"))
2226 {
2227 /*
2228 * Apache synonym for AuthClass and AuthGroupName...
2229 *
2230 * Get initial word:
2231 *
2232 * Require valid-user
2233 * Require group names
2234 * Require user names
2235 */
2236
2237 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
2238
2239 if (*valptr)
2240 *valptr++ = '\0';
2241
2242 if (!_cups_strcasecmp(value, "valid-user") ||
2243 !_cups_strcasecmp(value, "user"))
2244 loc->level = CUPSD_AUTH_USER;
2245 else if (!_cups_strcasecmp(value, "group"))
2246 loc->level = CUPSD_AUTH_GROUP;
2247 else
2248 {
2249 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Require type %s on line %d.",
2250 value, linenum);
2251 return (0);
2252 }
2253
2254 /*
2255 * Get the list of names from the line...
2256 */
2257
2258 for (value = valptr; *value;)
2259 {
2260 while (_cups_isspace(*value))
2261 value ++;
2262
2263 #ifdef HAVE_AUTHORIZATION_H
2264 if (!strncmp(value, "@AUTHKEY(", 9))
2265 {
2266 /*
2267 * Grab "@AUTHKEY(name)" value...
2268 */
2269
2270 for (valptr = value + 9; *valptr != ')' && *valptr; valptr ++);
2271
2272 if (*valptr)
2273 *valptr++ = '\0';
2274 }
2275 else
2276 #endif /* HAVE_AUTHORIZATION_H */
2277 if (*value == '\"' || *value == '\'')
2278 {
2279 /*
2280 * Grab quoted name...
2281 */
2282
2283 for (valptr = value + 1; *valptr != *value && *valptr; valptr ++);
2284
2285 value ++;
2286 }
2287 else
2288 {
2289 /*
2290 * Grab literal name.
2291 */
2292
2293 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
2294 }
2295
2296 if (*valptr)
2297 *valptr++ = '\0';
2298
2299 cupsdAddName(loc, value);
2300
2301 for (value = valptr; _cups_isspace(*value); value ++);
2302 }
2303 }
2304 else if (!_cups_strcasecmp(line, "Satisfy"))
2305 {
2306 if (!_cups_strcasecmp(value, "all"))
2307 loc->satisfy = CUPSD_AUTH_SATISFY_ALL;
2308 else if (!_cups_strcasecmp(value, "any"))
2309 loc->satisfy = CUPSD_AUTH_SATISFY_ANY;
2310 else
2311 {
2312 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Satisfy value %s on line %d.",
2313 value, linenum);
2314 return (0);
2315 }
2316 }
2317 else
2318 return (0);
2319
2320 return (1);
2321 }
2322
2323
2324 /*
2325 * 'parse_fatal_errors()' - Parse FatalErrors values in a string.
2326 */
2327
2328 static int /* O - FatalErrors bits */
2329 parse_fatal_errors(const char *s) /* I - FatalErrors string */
2330 {
2331 int fatal; /* FatalErrors bits */
2332 char value[1024], /* Value string */
2333 *valstart, /* Pointer into value */
2334 *valend; /* End of value */
2335
2336
2337 /*
2338 * Empty FatalErrors line yields NULL pointer...
2339 */
2340
2341 if (!s)
2342 return (CUPSD_FATAL_NONE);
2343
2344 /*
2345 * Loop through the value string,...
2346 */
2347
2348 strlcpy(value, s, sizeof(value));
2349
2350 fatal = CUPSD_FATAL_NONE;
2351
2352 for (valstart = value; *valstart;)
2353 {
2354 /*
2355 * Get the current space/comma-delimited kind name...
2356 */
2357
2358 for (valend = valstart; *valend; valend ++)
2359 if (_cups_isspace(*valend) || *valend == ',')
2360 break;
2361
2362 if (*valend)
2363 *valend++ = '\0';
2364
2365 /*
2366 * Add the error to the bitmask...
2367 */
2368
2369 if (!_cups_strcasecmp(valstart, "all"))
2370 fatal = CUPSD_FATAL_ALL;
2371 else if (!_cups_strcasecmp(valstart, "browse"))
2372 fatal |= CUPSD_FATAL_BROWSE;
2373 else if (!_cups_strcasecmp(valstart, "-browse"))
2374 fatal &= ~CUPSD_FATAL_BROWSE;
2375 else if (!_cups_strcasecmp(valstart, "config"))
2376 fatal |= CUPSD_FATAL_CONFIG;
2377 else if (!_cups_strcasecmp(valstart, "-config"))
2378 fatal &= ~CUPSD_FATAL_CONFIG;
2379 else if (!_cups_strcasecmp(valstart, "listen"))
2380 fatal |= CUPSD_FATAL_LISTEN;
2381 else if (!_cups_strcasecmp(valstart, "-listen"))
2382 fatal &= ~CUPSD_FATAL_LISTEN;
2383 else if (!_cups_strcasecmp(valstart, "log"))
2384 fatal |= CUPSD_FATAL_LOG;
2385 else if (!_cups_strcasecmp(valstart, "-log"))
2386 fatal &= ~CUPSD_FATAL_LOG;
2387 else if (!_cups_strcasecmp(valstart, "permissions"))
2388 fatal |= CUPSD_FATAL_PERMISSIONS;
2389 else if (!_cups_strcasecmp(valstart, "-permissions"))
2390 fatal &= ~CUPSD_FATAL_PERMISSIONS;
2391 else if (_cups_strcasecmp(valstart, "none"))
2392 cupsdLogMessage(CUPSD_LOG_ERROR,
2393 "Unknown FatalErrors kind \"%s\" ignored.", valstart);
2394
2395 for (valstart = valend; *valstart; valstart ++)
2396 if (!_cups_isspace(*valstart) || *valstart != ',')
2397 break;
2398 }
2399
2400 return (fatal);
2401 }
2402
2403
2404 /*
2405 * 'parse_groups()' - Parse system group names in a string.
2406 */
2407
2408 static int /* O - 1 on success, 0 on failure */
2409 parse_groups(const char *s) /* I - Space-delimited groups */
2410 {
2411 int status; /* Return status */
2412 char value[1024], /* Value string */
2413 *valstart, /* Pointer into value */
2414 *valend, /* End of value */
2415 quote; /* Quote character */
2416 struct group *group; /* Group */
2417
2418
2419 /*
2420 * Make a copy of the string and parse out the groups...
2421 */
2422
2423 strlcpy(value, s, sizeof(value));
2424
2425 status = 1;
2426 valstart = value;
2427
2428 while (*valstart && NumSystemGroups < MAX_SYSTEM_GROUPS)
2429 {
2430 if (*valstart == '\'' || *valstart == '\"')
2431 {
2432 /*
2433 * Scan quoted name...
2434 */
2435
2436 quote = *valstart++;
2437
2438 for (valend = valstart; *valend; valend ++)
2439 if (*valend == quote)
2440 break;
2441 }
2442 else
2443 {
2444 /*
2445 * Scan space or comma-delimited name...
2446 */
2447
2448 for (valend = valstart; *valend; valend ++)
2449 if (_cups_isspace(*valend) || *valend == ',')
2450 break;
2451 }
2452
2453 if (*valend)
2454 *valend++ = '\0';
2455
2456 group = getgrnam(valstart);
2457 if (group)
2458 {
2459 cupsdSetString(SystemGroups + NumSystemGroups, valstart);
2460 SystemGroupIDs[NumSystemGroups] = group->gr_gid;
2461
2462 NumSystemGroups ++;
2463 }
2464 else
2465 status = 0;
2466
2467 endgrent();
2468
2469 valstart = valend;
2470
2471 while (*valstart == ',' || _cups_isspace(*valstart))
2472 valstart ++;
2473 }
2474
2475 return (status);
2476 }
2477
2478
2479 /*
2480 * 'parse_protocols()' - Parse browse protocols in a string.
2481 */
2482
2483 static int /* O - Browse protocol bits */
2484 parse_protocols(const char *s) /* I - Space-delimited protocols */
2485 {
2486 int protocols; /* Browse protocol bits */
2487 char value[1024], /* Value string */
2488 *valstart, /* Pointer into value */
2489 *valend; /* End of value */
2490
2491
2492 /*
2493 * Empty protocol line yields NULL pointer...
2494 */
2495
2496 if (!s)
2497 return (0);
2498
2499 /*
2500 * Loop through the value string,...
2501 */
2502
2503 strlcpy(value, s, sizeof(value));
2504
2505 protocols = 0;
2506
2507 for (valstart = value; *valstart;)
2508 {
2509 /*
2510 * Get the current space/comma-delimited protocol name...
2511 */
2512
2513 for (valend = valstart; *valend; valend ++)
2514 if (_cups_isspace(*valend) || *valend == ',')
2515 break;
2516
2517 if (*valend)
2518 *valend++ = '\0';
2519
2520 /*
2521 * Add the protocol to the bitmask...
2522 */
2523
2524 if (!_cups_strcasecmp(valstart, "dnssd") ||
2525 !_cups_strcasecmp(valstart, "dns-sd") ||
2526 !_cups_strcasecmp(valstart, "bonjour"))
2527 protocols |= BROWSE_DNSSD;
2528 else if (!_cups_strcasecmp(valstart, "all"))
2529 protocols |= BROWSE_ALL;
2530 else if (_cups_strcasecmp(valstart, "none"))
2531 cupsdLogMessage(CUPSD_LOG_ERROR,
2532 "Unknown browse protocol \"%s\" ignored.", valstart);
2533
2534 for (valstart = valend; *valstart; valstart ++)
2535 if (!_cups_isspace(*valstart) || *valstart != ',')
2536 break;
2537 }
2538
2539 return (protocols);
2540 }
2541
2542
2543 /*
2544 * 'read_configuration()' - Read a configuration file.
2545 */
2546
2547 static int /* O - 1 on success, 0 on failure */
2548 read_configuration(cups_file_t *fp) /* I - File to read from */
2549 {
2550 int i; /* Looping var */
2551 int linenum; /* Current line number */
2552 char line[HTTP_MAX_BUFFER],
2553 /* Line from file */
2554 temp[HTTP_MAX_BUFFER],
2555 /* Temporary buffer for value */
2556 *value, /* Pointer to value */
2557 *valueptr; /* Pointer into value */
2558 int valuelen; /* Length of value */
2559 cupsd_var_t const *var; /* Current variable */
2560 http_addrlist_t *addrlist, /* Address list */
2561 *addr; /* Current address */
2562 cups_file_t *incfile; /* Include file */
2563 char incname[1024]; /* Include filename */
2564 struct group *group; /* Group */
2565
2566
2567 /*
2568 * Loop through each line in the file...
2569 */
2570
2571 linenum = 0;
2572
2573 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
2574 {
2575 /*
2576 * Decode the directive...
2577 */
2578
2579 if (!_cups_strcasecmp(line, "Include") && value)
2580 {
2581 /*
2582 * Include filename
2583 */
2584
2585 if (value[0] == '/')
2586 strlcpy(incname, value, sizeof(incname));
2587 else
2588 snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value);
2589
2590 if ((incfile = cupsFileOpen(incname, "rb")) == NULL)
2591 cupsdLogMessage(CUPSD_LOG_ERROR,
2592 "Unable to include config file \"%s\" - %s",
2593 incname, strerror(errno));
2594 else
2595 {
2596 read_configuration(incfile);
2597 cupsFileClose(incfile);
2598 }
2599 }
2600 else if (!_cups_strcasecmp(line, "<Location") && value)
2601 {
2602 /*
2603 * <Location path>
2604 */
2605
2606 linenum = read_location(fp, value, linenum);
2607 if (linenum == 0)
2608 return (0);
2609 }
2610 else if (!_cups_strcasecmp(line, "<Policy") && value)
2611 {
2612 /*
2613 * <Policy name>
2614 */
2615
2616 linenum = read_policy(fp, value, linenum);
2617 if (linenum == 0)
2618 return (0);
2619 }
2620 else if (!_cups_strcasecmp(line, "FatalErrors"))
2621 FatalErrors = parse_fatal_errors(value);
2622 else if (!_cups_strcasecmp(line, "FaxRetryInterval") && value)
2623 {
2624 JobRetryInterval = atoi(value);
2625 cupsdLogMessage(CUPSD_LOG_WARN,
2626 "FaxRetryInterval is deprecated; use "
2627 "JobRetryInterval on line %d.", linenum);
2628 }
2629 else if (!_cups_strcasecmp(line, "FaxRetryLimit") && value)
2630 {
2631 JobRetryLimit = atoi(value);
2632 cupsdLogMessage(CUPSD_LOG_WARN,
2633 "FaxRetryLimit is deprecated; use "
2634 "JobRetryLimit on line %d.", linenum);
2635 }
2636 else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")
2637 #ifdef HAVE_SSL
2638 || !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen")
2639 #endif /* HAVE_SSL */
2640 ) && value)
2641 {
2642 /*
2643 * Add listening address(es) to the list...
2644 */
2645
2646 cupsd_listener_t *lis; /* New listeners array */
2647
2648
2649 /*
2650 * Get the address list...
2651 */
2652
2653 addrlist = get_address(value, IPP_PORT);
2654
2655 if (!addrlist)
2656 {
2657 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad %s address %s at line %d.", line,
2658 value, linenum);
2659 continue;
2660 }
2661
2662 /*
2663 * Add each address...
2664 */
2665
2666 for (addr = addrlist; addr; addr = addr->next)
2667 {
2668 /*
2669 * See if this address is already present...
2670 */
2671
2672 for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners);
2673 lis;
2674 lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
2675 if (httpAddrEqual(&(addr->addr), &(lis->address)) &&
2676 _httpAddrPort(&(addr->addr)) == _httpAddrPort(&(lis->address)))
2677 break;
2678
2679 if (lis)
2680 {
2681 httpAddrString(&lis->address, temp, sizeof(temp));
2682 cupsdLogMessage(CUPSD_LOG_WARN,
2683 "Duplicate listen address \"%s\" ignored.", temp);
2684 continue;
2685 }
2686
2687 /*
2688 * Allocate another listener...
2689 */
2690
2691 if (!Listeners)
2692 Listeners = cupsArrayNew(NULL, NULL);
2693
2694 if (!Listeners)
2695 {
2696 cupsdLogMessage(CUPSD_LOG_ERROR,
2697 "Unable to allocate %s at line %d - %s.",
2698 line, linenum, strerror(errno));
2699 break;
2700 }
2701
2702 if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
2703 {
2704 cupsdLogMessage(CUPSD_LOG_ERROR,
2705 "Unable to allocate %s at line %d - %s.",
2706 line, linenum, strerror(errno));
2707 break;
2708 }
2709
2710 cupsArrayAdd(Listeners, lis);
2711
2712 /*
2713 * Copy the current address and log it...
2714 */
2715
2716 memcpy(&(lis->address), &(addr->addr), sizeof(lis->address));
2717 lis->fd = -1;
2718
2719 #ifdef HAVE_SSL
2720 if (!_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen"))
2721 lis->encryption = HTTP_ENCRYPT_ALWAYS;
2722 #endif /* HAVE_SSL */
2723
2724 httpAddrString(&lis->address, temp, sizeof(temp));
2725
2726 #ifdef AF_LOCAL
2727 if (lis->address.addr.sa_family == AF_LOCAL)
2728 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s (Domain)", temp);
2729 else
2730 #endif /* AF_LOCAL */
2731 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s:%d (IPv%d)", temp,
2732 _httpAddrPort(&(lis->address)),
2733 _httpAddrFamily(&(lis->address)) == AF_INET ? 4 : 6);
2734
2735 if (!httpAddrLocalhost(&(lis->address)))
2736 RemotePort = _httpAddrPort(&(lis->address));
2737 }
2738
2739 /*
2740 * Free the list...
2741 */
2742
2743 httpAddrFreeList(addrlist);
2744 }
2745 else if (!_cups_strcasecmp(line, "BrowseProtocols") ||
2746 !_cups_strcasecmp(line, "BrowseLocalProtocols"))
2747 {
2748 /*
2749 * "BrowseProtocols name [... name]"
2750 * "BrowseLocalProtocols name [... name]"
2751 */
2752
2753 int protocols = parse_protocols(value);
2754
2755 if (protocols < 0)
2756 {
2757 cupsdLogMessage(CUPSD_LOG_ERROR,
2758 "Unknown browse protocol \"%s\" on line %d.",
2759 value, linenum);
2760 break;
2761 }
2762
2763 BrowseLocalProtocols = protocols;
2764 }
2765 else if (!_cups_strcasecmp(line, "default_auth_type") && value)
2766 {
2767 /*
2768 * default_auth_type {basic,digest,basicdigest,negotiate}
2769 */
2770
2771 if (!_cups_strcasecmp(value, "none"))
2772 default_auth_type = CUPSD_AUTH_NONE;
2773 else if (!_cups_strcasecmp(value, "basic"))
2774 default_auth_type = CUPSD_AUTH_BASIC;
2775 else if (!_cups_strcasecmp(value, "digest"))
2776 default_auth_type = CUPSD_AUTH_DIGEST;
2777 else if (!_cups_strcasecmp(value, "basicdigest"))
2778 default_auth_type = CUPSD_AUTH_BASICDIGEST;
2779 #ifdef HAVE_GSSAPI
2780 else if (!_cups_strcasecmp(value, "negotiate"))
2781 default_auth_type = CUPSD_AUTH_NEGOTIATE;
2782 #endif /* HAVE_GSSAPI */
2783 else if (!_cups_strcasecmp(value, "auto"))
2784 default_auth_type = CUPSD_AUTH_AUTO;
2785 else
2786 {
2787 cupsdLogMessage(CUPSD_LOG_WARN,
2788 "Unknown default authorization type %s on line %d.",
2789 value, linenum);
2790 if (FatalErrors & CUPSD_FATAL_CONFIG)
2791 return (0);
2792 }
2793 }
2794 #ifdef HAVE_SSL
2795 else if (!_cups_strcasecmp(line, "DefaultEncryption"))
2796 {
2797 /*
2798 * DefaultEncryption {Never,IfRequested,Required}
2799 */
2800
2801 if (!value || !_cups_strcasecmp(value, "never"))
2802 DefaultEncryption = HTTP_ENCRYPT_NEVER;
2803 else if (!_cups_strcasecmp(value, "required"))
2804 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
2805 else if (!_cups_strcasecmp(value, "ifrequested"))
2806 DefaultEncryption = HTTP_ENCRYPT_IF_REQUESTED;
2807 else
2808 {
2809 cupsdLogMessage(CUPSD_LOG_WARN,
2810 "Unknown default encryption %s on line %d.",
2811 value, linenum);
2812 if (FatalErrors & CUPSD_FATAL_CONFIG)
2813 return (0);
2814 }
2815 }
2816 #endif /* HAVE_SSL */
2817 else if (!_cups_strcasecmp(line, "User") && value)
2818 {
2819 /*
2820 * User ID to run as...
2821 */
2822
2823 if (isdigit(value[0] & 255))
2824 {
2825 int uid = atoi(value);
2826
2827 if (!uid)
2828 cupsdLogMessage(CUPSD_LOG_ERROR,
2829 "Will not use User 0 as specified on line %d "
2830 "for security reasons. You must use a non-"
2831 "privileged account instead.",
2832 linenum);
2833 else
2834 User = atoi(value);
2835 }
2836 else
2837 {
2838 struct passwd *p; /* Password information */
2839
2840 endpwent();
2841 p = getpwnam(value);
2842
2843 if (p)
2844 {
2845 if (!p->pw_uid)
2846 cupsdLogMessage(CUPSD_LOG_ERROR,
2847 "Will not use User %s (UID=0) as specified on line "
2848 "%d for security reasons. You must use a non-"
2849 "privileged account instead.",
2850 value, linenum);
2851 else
2852 User = p->pw_uid;
2853 }
2854 else
2855 cupsdLogMessage(CUPSD_LOG_ERROR,
2856 "Unknown User \"%s\" on line %d, ignoring.",
2857 value, linenum);
2858 }
2859 }
2860 else if (!_cups_strcasecmp(line, "Group") && value)
2861 {
2862 /*
2863 * Group ID to run as...
2864 */
2865
2866 if (isdigit(value[0]))
2867 Group = atoi(value);
2868 else
2869 {
2870 endgrent();
2871 group = getgrnam(value);
2872
2873 if (group != NULL)
2874 Group = group->gr_gid;
2875 else
2876 cupsdLogMessage(CUPSD_LOG_ERROR,
2877 "Unknown Group \"%s\" on line %d, ignoring.",
2878 value, linenum);
2879 }
2880 }
2881 else if (!_cups_strcasecmp(line, "SystemGroup") && value)
2882 {
2883 /*
2884 * SystemGroup (admin) group(s)...
2885 */
2886
2887 if (!parse_groups(value))
2888 cupsdLogMessage(CUPSD_LOG_ERROR,
2889 "Unknown SystemGroup \"%s\" on line %d, ignoring.",
2890 value, linenum);
2891 }
2892 else if (!_cups_strcasecmp(line, "HostNameLookups") && value)
2893 {
2894 /*
2895 * Do hostname lookups?
2896 */
2897
2898 if (!_cups_strcasecmp(value, "off") || !_cups_strcasecmp(value, "no") ||
2899 !_cups_strcasecmp(value, "false"))
2900 HostNameLookups = 0;
2901 else if (!_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "yes") ||
2902 !_cups_strcasecmp(value, "true"))
2903 HostNameLookups = 1;
2904 else if (!_cups_strcasecmp(value, "double"))
2905 HostNameLookups = 2;
2906 else
2907 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown HostNameLookups %s on line %d.",
2908 value, linenum);
2909 }
2910 else if (!_cups_strcasecmp(line, "AccessLogLevel") && value)
2911 {
2912 /*
2913 * Amount of logging to do to access log...
2914 */
2915
2916 if (!_cups_strcasecmp(value, "all"))
2917 AccessLogLevel = CUPSD_ACCESSLOG_ALL;
2918 else if (!_cups_strcasecmp(value, "actions"))
2919 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
2920 else if (!_cups_strcasecmp(value, "config"))
2921 AccessLogLevel = CUPSD_ACCESSLOG_CONFIG;
2922 else
2923 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown AccessLogLevel %s on line %d.",
2924 value, linenum);
2925 }
2926 else if (!_cups_strcasecmp(line, "LogLevel") && value)
2927 {
2928 /*
2929 * Amount of logging to do to error log...
2930 */
2931
2932 if (!_cups_strcasecmp(value, "debug2"))
2933 LogLevel = CUPSD_LOG_DEBUG2;
2934 else if (!_cups_strcasecmp(value, "debug"))
2935 LogLevel = CUPSD_LOG_DEBUG;
2936 else if (!_cups_strcasecmp(value, "info"))
2937 LogLevel = CUPSD_LOG_INFO;
2938 else if (!_cups_strcasecmp(value, "notice"))
2939 LogLevel = CUPSD_LOG_NOTICE;
2940 else if (!_cups_strcasecmp(value, "warn"))
2941 LogLevel = CUPSD_LOG_WARN;
2942 else if (!_cups_strcasecmp(value, "error"))
2943 LogLevel = CUPSD_LOG_ERROR;
2944 else if (!_cups_strcasecmp(value, "crit"))
2945 LogLevel = CUPSD_LOG_CRIT;
2946 else if (!_cups_strcasecmp(value, "alert"))
2947 LogLevel = CUPSD_LOG_ALERT;
2948 else if (!_cups_strcasecmp(value, "emerg"))
2949 LogLevel = CUPSD_LOG_EMERG;
2950 else if (!_cups_strcasecmp(value, "none"))
2951 LogLevel = CUPSD_LOG_NONE;
2952 else
2953 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogLevel %s on line %d.",
2954 value, linenum);
2955 }
2956 else if (!_cups_strcasecmp(line, "LogTimeFormat") && value)
2957 {
2958 /*
2959 * Amount of logging to do to error log...
2960 */
2961
2962 if (!_cups_strcasecmp(value, "standard"))
2963 LogTimeFormat = CUPSD_TIME_STANDARD;
2964 else if (!_cups_strcasecmp(value, "usecs"))
2965 LogTimeFormat = CUPSD_TIME_USECS;
2966 else
2967 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogTimeFormat %s on line %d.",
2968 value, linenum);
2969 }
2970 else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
2971 {
2972 /*
2973 * Format of printcap file?
2974 */
2975
2976 if (!_cups_strcasecmp(value, "bsd"))
2977 PrintcapFormat = PRINTCAP_BSD;
2978 else if (!_cups_strcasecmp(value, "plist"))
2979 PrintcapFormat = PRINTCAP_PLIST;
2980 else if (!_cups_strcasecmp(value, "solaris"))
2981 PrintcapFormat = PRINTCAP_SOLARIS;
2982 else
2983 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown PrintcapFormat %s on line %d.",
2984 value, linenum);
2985 }
2986 else if (!_cups_strcasecmp(line, "ServerTokens") && value)
2987 {
2988 /*
2989 * Set the string used for the Server header...
2990 */
2991
2992 struct utsname plat; /* Platform info */
2993
2994
2995 uname(&plat);
2996
2997 if (!_cups_strcasecmp(value, "ProductOnly"))
2998 cupsdSetString(&ServerHeader, "CUPS");
2999 else if (!_cups_strcasecmp(value, "Major"))
3000 cupsdSetStringf(&ServerHeader, "CUPS/%d", CUPS_VERSION_MAJOR);
3001 else if (!_cups_strcasecmp(value, "Minor"))
3002 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d", CUPS_VERSION_MAJOR,
3003 CUPS_VERSION_MINOR);
3004 else if (!_cups_strcasecmp(value, "Minimal"))
3005 cupsdSetString(&ServerHeader, CUPS_MINIMAL);
3006 else if (!_cups_strcasecmp(value, "OS"))
3007 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s)", plat.sysname);
3008 else if (!_cups_strcasecmp(value, "Full"))
3009 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s) IPP/2.1",
3010 plat.sysname);
3011 else if (!_cups_strcasecmp(value, "None"))
3012 cupsdClearString(&ServerHeader);
3013 else
3014 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d.",
3015 value, linenum);
3016 }
3017 else if (!_cups_strcasecmp(line, "PassEnv") && value)
3018 {
3019 /*
3020 * PassEnv variable [... variable]
3021 */
3022
3023 for (; *value;)
3024 {
3025 for (valuelen = 0; value[valuelen]; valuelen ++)
3026 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3027 break;
3028
3029 if (value[valuelen])
3030 {
3031 value[valuelen] = '\0';
3032 valuelen ++;
3033 }
3034
3035 cupsdSetEnv(value, NULL);
3036
3037 for (value += valuelen; *value; value ++)
3038 if (!_cups_isspace(*value) || *value != ',')
3039 break;
3040 }
3041 }
3042 else if (!_cups_strcasecmp(line, "ServerAlias") && value)
3043 {
3044 /*
3045 * ServerAlias name [... name]
3046 */
3047
3048 if (!ServerAlias)
3049 ServerAlias = cupsArrayNew(NULL, NULL);
3050
3051 for (; *value;)
3052 {
3053 for (valuelen = 0; value[valuelen]; valuelen ++)
3054 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3055 break;
3056
3057 if (value[valuelen])
3058 {
3059 value[valuelen] = '\0';
3060 valuelen ++;
3061 }
3062
3063 cupsdAddAlias(ServerAlias, value);
3064
3065 for (value += valuelen; *value; value ++)
3066 if (!_cups_isspace(*value) || *value != ',')
3067 break;
3068 }
3069 }
3070 else if (!_cups_strcasecmp(line, "SetEnv") && value)
3071 {
3072 /*
3073 * SetEnv variable value
3074 */
3075
3076 for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
3077
3078 if (*valueptr)
3079 {
3080 /*
3081 * Found a value...
3082 */
3083
3084 while (isspace(*valueptr & 255))
3085 *valueptr++ = '\0';
3086
3087 cupsdSetEnv(value, valueptr);
3088 }
3089 else
3090 cupsdLogMessage(CUPSD_LOG_ERROR,
3091 "Missing value for SetEnv directive on line %d.",
3092 linenum);
3093 }
3094 #ifdef HAVE_SSL
3095 else if (!_cups_strcasecmp(line, "SSLOptions"))
3096 {
3097 /*
3098 * SSLOptions options
3099 */
3100
3101 if (!value || !_cups_strcasecmp(value, "none"))
3102 SSLOptions = CUPSD_SSL_NONE;
3103 else if (!_cups_strcasecmp(value, "noemptyfragments"))
3104 SSLOptions = CUPSD_SSL_NOEMPTY;
3105 else
3106 cupsdLogMessage(CUPSD_LOG_ERROR,
3107 "Unknown value \"%s\" for SSLOptions directive on "
3108 "line %d.", value, linenum);
3109 }
3110 #endif /* HAVE_SSL */
3111 else
3112 {
3113 /*
3114 * Find a simple variable in the list...
3115 */
3116
3117 for (i = NUM_VARS, var = variables; i > 0; i --, var ++)
3118 if (!_cups_strcasecmp(line, var->name))
3119 break;
3120
3121 if (i == 0)
3122 {
3123 /*
3124 * Unknown directive! Output an error message and continue...
3125 */
3126
3127 if (!value)
3128 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d.",
3129 line, linenum);
3130 else
3131 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d.",
3132 line, linenum);
3133 continue;
3134 }
3135
3136 switch (var->type)
3137 {
3138 case CUPSD_VARTYPE_INTEGER :
3139 if (!value)
3140 cupsdLogMessage(CUPSD_LOG_ERROR,
3141 "Missing integer value for %s on line %d.",
3142 line, linenum);
3143 else
3144 {
3145 int n; /* Number */
3146 char *units; /* Units */
3147
3148
3149 n = strtol(value, &units, 0);
3150
3151 if (units && *units)
3152 {
3153 if (tolower(units[0] & 255) == 'g')
3154 n *= 1024 * 1024 * 1024;
3155 else if (tolower(units[0] & 255) == 'm')
3156 n *= 1024 * 1024;
3157 else if (tolower(units[0] & 255) == 'k')
3158 n *= 1024;
3159 else if (tolower(units[0] & 255) == 't')
3160 n *= 262144;
3161 }
3162
3163 if (n < 0)
3164 cupsdLogMessage(CUPSD_LOG_ERROR,
3165 "Bad negative integer value for %s on line %d.",
3166 line, linenum);
3167 else
3168 *((int *)var->ptr) = n;
3169 }
3170 break;
3171
3172 case CUPSD_VARTYPE_BOOLEAN :
3173 if (!value)
3174 cupsdLogMessage(CUPSD_LOG_ERROR,
3175 "Missing boolean value for %s on line %d.",
3176 line, linenum);
3177 else if (!_cups_strcasecmp(value, "true") ||
3178 !_cups_strcasecmp(value, "on") ||
3179 !_cups_strcasecmp(value, "enabled") ||
3180 !_cups_strcasecmp(value, "yes") ||
3181 atoi(value) != 0)
3182 *((int *)var->ptr) = TRUE;
3183 else if (!_cups_strcasecmp(value, "false") ||
3184 !_cups_strcasecmp(value, "off") ||
3185 !_cups_strcasecmp(value, "disabled") ||
3186 !_cups_strcasecmp(value, "no") ||
3187 !_cups_strcasecmp(value, "0"))
3188 *((int *)var->ptr) = FALSE;
3189 else
3190 cupsdLogMessage(CUPSD_LOG_ERROR,
3191 "Unknown boolean value %s on line %d.",
3192 value, linenum);
3193 break;
3194
3195 case CUPSD_VARTYPE_PATHNAME :
3196 if (!value)
3197 {
3198 cupsdLogMessage(CUPSD_LOG_ERROR,
3199 "Missing pathname value for %s on line %d.",
3200 line, linenum);
3201 break;
3202 }
3203
3204 if (value[0] == '/')
3205 strlcpy(temp, value, sizeof(temp));
3206 else
3207 snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value);
3208
3209 if (access(temp, 0))
3210 {
3211 cupsdLogMessage(CUPSD_LOG_ERROR,
3212 "File or directory for \"%s %s\" on line %d "
3213 "does not exist.", line, value, linenum);
3214 break;
3215 }
3216
3217 case CUPSD_VARTYPE_STRING :
3218 cupsdSetString((char **)var->ptr, value);
3219 break;
3220 }
3221 }
3222 }
3223
3224 return (1);
3225 }
3226
3227
3228 /*
3229 * 'read_location()' - Read a <Location path> definition.
3230 */
3231
3232 static int /* O - New line number or 0 on error */
3233 read_location(cups_file_t *fp, /* I - Configuration file */
3234 char *location, /* I - Location name/path */
3235 int linenum) /* I - Current line number */
3236 {
3237 cupsd_location_t *loc, /* New location */
3238 *parent; /* Parent location */
3239 char line[HTTP_MAX_BUFFER],
3240 /* Line buffer */
3241 *value, /* Value for directive */
3242 *valptr; /* Pointer into value */
3243
3244
3245 if ((parent = cupsdFindLocation(location)) != NULL)
3246 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Location %s> on line %d.",
3247 location, linenum);
3248 else if ((parent = cupsdNewLocation(location)) == NULL)
3249 return (0);
3250 else
3251 {
3252 cupsdAddLocation(parent);
3253
3254 parent->limit = CUPSD_AUTH_LIMIT_ALL;
3255 }
3256
3257 loc = parent;
3258
3259 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3260 {
3261 /*
3262 * Decode the directive...
3263 */
3264
3265 if (!_cups_strcasecmp(line, "</Location>"))
3266 return (linenum);
3267 else if (!_cups_strcasecmp(line, "<Limit") ||
3268 !_cups_strcasecmp(line, "<LimitExcept"))
3269 {
3270 if (!value)
3271 {
3272 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
3273 if (FatalErrors & CUPSD_FATAL_CONFIG)
3274 return (0);
3275 else
3276 continue;
3277 }
3278
3279 if ((loc = cupsdCopyLocation(parent)) == NULL)
3280 return (0);
3281
3282 cupsdAddLocation(loc);
3283
3284 loc->limit = 0;
3285 while (*value)
3286 {
3287 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3288
3289 if (*valptr)
3290 *valptr++ = '\0';
3291
3292 if (!strcmp(value, "ALL"))
3293 loc->limit = CUPSD_AUTH_LIMIT_ALL;
3294 else if (!strcmp(value, "GET"))
3295 loc->limit |= CUPSD_AUTH_LIMIT_GET;
3296 else if (!strcmp(value, "HEAD"))
3297 loc->limit |= CUPSD_AUTH_LIMIT_HEAD;
3298 else if (!strcmp(value, "OPTIONS"))
3299 loc->limit |= CUPSD_AUTH_LIMIT_OPTIONS;
3300 else if (!strcmp(value, "POST"))
3301 loc->limit |= CUPSD_AUTH_LIMIT_POST;
3302 else if (!strcmp(value, "PUT"))
3303 loc->limit |= CUPSD_AUTH_LIMIT_PUT;
3304 else if (!strcmp(value, "TRACE"))
3305 loc->limit |= CUPSD_AUTH_LIMIT_TRACE;
3306 else
3307 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown request type %s on line %d.",
3308 value, linenum);
3309
3310 for (value = valptr; isspace(*value & 255); value ++);
3311 }
3312
3313 if (!_cups_strcasecmp(line, "<LimitExcept"))
3314 loc->limit = CUPSD_AUTH_LIMIT_ALL ^ loc->limit;
3315
3316 parent->limit &= ~loc->limit;
3317 }
3318 else if (!_cups_strcasecmp(line, "</Limit>") ||
3319 !_cups_strcasecmp(line, "</LimitExcept>"))
3320 loc = parent;
3321 else if (!value)
3322 {
3323 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d.", linenum);
3324 if (FatalErrors & CUPSD_FATAL_CONFIG)
3325 return (0);
3326 }
3327 else if (!parse_aaa(loc, line, value, linenum))
3328 {
3329 cupsdLogMessage(CUPSD_LOG_ERROR,
3330 "Unknown Location directive %s on line %d.",
3331 line, linenum);
3332 if (FatalErrors & CUPSD_FATAL_CONFIG)
3333 return (0);
3334 }
3335 }
3336
3337 cupsdLogMessage(CUPSD_LOG_ERROR,
3338 "Unexpected end-of-file at line %d while reading location.",
3339 linenum);
3340
3341 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
3342 }
3343
3344
3345 /*
3346 * 'read_policy()' - Read a <Policy name> definition.
3347 */
3348
3349 static int /* O - New line number or 0 on error */
3350 read_policy(cups_file_t *fp, /* I - Configuration file */
3351 char *policy, /* I - Location name/path */
3352 int linenum) /* I - Current line number */
3353 {
3354 int i; /* Looping var */
3355 cupsd_policy_t *pol; /* Policy */
3356 cupsd_location_t *op; /* Policy operation */
3357 int num_ops; /* Number of IPP operations */
3358 ipp_op_t ops[100]; /* Operations */
3359 char line[HTTP_MAX_BUFFER],
3360 /* Line buffer */
3361 *value, /* Value for directive */
3362 *valptr; /* Pointer into value */
3363
3364
3365 /*
3366 * Create the policy...
3367 */
3368
3369 if ((pol = cupsdFindPolicy(policy)) != NULL)
3370 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Policy %s> on line %d.",
3371 policy, linenum);
3372 else if ((pol = cupsdAddPolicy(policy)) == NULL)
3373 return (0);
3374
3375 /*
3376 * Read from the file...
3377 */
3378
3379 op = NULL;
3380 num_ops = 0;
3381
3382 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3383 {
3384 /*
3385 * Decode the directive...
3386 */
3387
3388 if (!_cups_strcasecmp(line, "</Policy>"))
3389 {
3390 if (op)
3391 cupsdLogMessage(CUPSD_LOG_WARN,
3392 "Missing </Limit> before </Policy> on line %d.",
3393 linenum);
3394
3395 set_policy_defaults(pol);
3396
3397 return (linenum);
3398 }
3399 else if (!_cups_strcasecmp(line, "<Limit") && !op)
3400 {
3401 if (!value)
3402 {
3403 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
3404 if (FatalErrors & CUPSD_FATAL_CONFIG)
3405 return (0);
3406 else
3407 continue;
3408 }
3409
3410 /*
3411 * Scan for IPP operation names...
3412 */
3413
3414 num_ops = 0;
3415
3416 while (*value)
3417 {
3418 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3419
3420 if (*valptr)
3421 *valptr++ = '\0';
3422
3423 if (num_ops < (int)(sizeof(ops) / sizeof(ops[0])))
3424 {
3425 if (!_cups_strcasecmp(value, "All"))
3426 ops[num_ops] = IPP_ANY_OPERATION;
3427 else if ((ops[num_ops] = ippOpValue(value)) == IPP_BAD_OPERATION)
3428 cupsdLogMessage(CUPSD_LOG_ERROR,
3429 "Bad IPP operation name \"%s\" on line %d.",
3430 value, linenum);
3431 else
3432 num_ops ++;
3433 }
3434 else
3435 cupsdLogMessage(CUPSD_LOG_ERROR,
3436 "Too many operations listed on line %d.",
3437 linenum);
3438
3439 for (value = valptr; isspace(*value & 255); value ++);
3440 }
3441
3442 /*
3443 * If none are specified, apply the policy to all operations...
3444 */
3445
3446 if (num_ops == 0)
3447 {
3448 ops[0] = IPP_ANY_OPERATION;
3449 num_ops = 1;
3450 }
3451
3452 /*
3453 * Add a new policy for the first operation...
3454 */
3455
3456 op = cupsdAddPolicyOp(pol, NULL, ops[0]);
3457 }
3458 else if (!_cups_strcasecmp(line, "</Limit>") && op)
3459 {
3460 /*
3461 * Finish the current operation limit...
3462 */
3463
3464 if (num_ops > 1)
3465 {
3466 /*
3467 * Copy the policy to the other operations...
3468 */
3469
3470 for (i = 1; i < num_ops; i ++)
3471 cupsdAddPolicyOp(pol, op, ops[i]);
3472 }
3473
3474 op = NULL;
3475 }
3476 else if (!value)
3477 {
3478 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d.", linenum);
3479 if (FatalErrors & CUPSD_FATAL_CONFIG)
3480 return (0);
3481 }
3482 else if (!_cups_strcasecmp(line, "JobPrivateAccess") ||
3483 !_cups_strcasecmp(line, "JobPrivateValues") ||
3484 !_cups_strcasecmp(line, "SubscriptionPrivateAccess") ||
3485 !_cups_strcasecmp(line, "SubscriptionPrivateValues"))
3486 {
3487 if (op)
3488 {
3489 cupsdLogMessage(CUPSD_LOG_ERROR,
3490 "%s directive must appear outside <Limit>...</Limit> "
3491 "on line %d.", line, linenum);
3492 if (FatalErrors & CUPSD_FATAL_CONFIG)
3493 return (0);
3494 }
3495 else
3496 {
3497 /*
3498 * Pull out whitespace-delimited values...
3499 */
3500
3501 while (*value)
3502 {
3503 /*
3504 * Find the end of the current value...
3505 */
3506
3507 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3508
3509 if (*valptr)
3510 *valptr++ = '\0';
3511
3512 /*
3513 * Save it appropriately...
3514 */
3515
3516 if (!_cups_strcasecmp(line, "JobPrivateAccess"))
3517 {
3518 /*
3519 * JobPrivateAccess {all|default|user/group list|@@ACL}
3520 */
3521
3522 if (!_cups_strcasecmp(value, "default"))
3523 {
3524 cupsdAddString(&(pol->job_access), "@OWNER");
3525 cupsdAddString(&(pol->job_access), "@SYSTEM");
3526 }
3527 else
3528 cupsdAddString(&(pol->job_access), value);
3529 }
3530 else if (!_cups_strcasecmp(line, "JobPrivateValues"))
3531 {
3532 /*
3533 * JobPrivateValues {all|none|default|attribute list}
3534 */
3535
3536 if (!_cups_strcasecmp(value, "default"))
3537 {
3538 cupsdAddString(&(pol->job_attrs), "job-name");
3539 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
3540 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
3541 }
3542 else
3543 cupsdAddString(&(pol->job_attrs), value);
3544 }
3545 else if (!_cups_strcasecmp(line, "SubscriptionPrivateAccess"))
3546 {
3547 /*
3548 * SubscriptionPrivateAccess {all|default|user/group list|@@ACL}
3549 */
3550
3551 if (!_cups_strcasecmp(value, "default"))
3552 {
3553 cupsdAddString(&(pol->sub_access), "@OWNER");
3554 cupsdAddString(&(pol->sub_access), "@SYSTEM");
3555 }
3556 else
3557 cupsdAddString(&(pol->sub_access), value);
3558 }
3559 else /* if (!_cups_strcasecmp(line, "SubscriptionPrivateValues")) */
3560 {
3561 /*
3562 * SubscriptionPrivateValues {all|none|default|attribute list}
3563 */
3564
3565 if (!_cups_strcasecmp(value, "default"))
3566 {
3567 cupsdAddString(&(pol->sub_attrs), "notify-events");
3568 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
3569 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
3570 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
3571 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
3572 }
3573 else
3574 cupsdAddString(&(pol->sub_attrs), value);
3575 }
3576
3577 /*
3578 * Find the next string on the line...
3579 */
3580
3581 for (value = valptr; isspace(*value & 255); value ++);
3582 }
3583 }
3584 }
3585 else if (!op)
3586 {
3587 cupsdLogMessage(CUPSD_LOG_ERROR,
3588 "Missing <Limit ops> directive before %s on line %d.",
3589 line, linenum);
3590 if (FatalErrors & CUPSD_FATAL_CONFIG)
3591 return (0);
3592 }
3593 else if (!parse_aaa(op, line, value, linenum))
3594 {
3595 cupsdLogMessage(CUPSD_LOG_ERROR,
3596 "Unknown Policy Limit directive %s on line %d.",
3597 line, linenum);
3598
3599 if (FatalErrors & CUPSD_FATAL_CONFIG)
3600 return (0);
3601 }
3602 }
3603
3604 cupsdLogMessage(CUPSD_LOG_ERROR,
3605 "Unexpected end-of-file at line %d while reading policy "
3606 "\"%s\".", linenum, policy);
3607
3608 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
3609 }
3610
3611
3612 /*
3613 * 'set_policy_defaults()' - Set default policy values as needed.
3614 */
3615
3616 static void
3617 set_policy_defaults(cupsd_policy_t *pol)/* I - Policy */
3618 {
3619 cupsd_location_t *op; /* Policy operation */
3620
3621
3622 /*
3623 * Verify that we have an explicit policy for Validate-Job, Cancel-Jobs,
3624 * Cancel-My-Jobs, Close-Job, and CUPS-Get-Document, which ensures that
3625 * upgrades do not introduce new security issues...
3626 */
3627
3628 if ((op = cupsdFindPolicyOp(pol, IPP_VALIDATE_JOB)) == NULL ||
3629 op->op == IPP_ANY_OPERATION)
3630 {
3631 if ((op = cupsdFindPolicyOp(pol, IPP_PRINT_JOB)) != NULL &&
3632 op->op != IPP_ANY_OPERATION)
3633 {
3634 /*
3635 * Add a new limit for Validate-Job using the Print-Job limit as a
3636 * template...
3637 */
3638
3639 cupsdLogMessage(CUPSD_LOG_WARN,
3640 "No limit for Validate-Job defined in policy %s "
3641 "- using Print-Job's policy.", pol->name);
3642
3643 cupsdAddPolicyOp(pol, op, IPP_VALIDATE_JOB);
3644 }
3645 else
3646 cupsdLogMessage(CUPSD_LOG_WARN,
3647 "No limit for Validate-Job defined in policy %s "
3648 "and no suitable template found.", pol->name);
3649 }
3650
3651 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_JOBS)) == NULL ||
3652 op->op == IPP_ANY_OPERATION)
3653 {
3654 if ((op = cupsdFindPolicyOp(pol, IPP_PAUSE_PRINTER)) != NULL &&
3655 op->op != IPP_ANY_OPERATION)
3656 {
3657 /*
3658 * Add a new limit for Cancel-Jobs using the Pause-Printer limit as a
3659 * template...
3660 */
3661
3662 cupsdLogMessage(CUPSD_LOG_WARN,
3663 "No limit for Cancel-Jobs defined in policy %s "
3664 "- using Pause-Printer's policy.", pol->name);
3665
3666 cupsdAddPolicyOp(pol, op, IPP_CANCEL_JOBS);
3667 }
3668 else
3669 cupsdLogMessage(CUPSD_LOG_WARN,
3670 "No limit for Cancel-Jobs defined in policy %s "
3671 "and no suitable template found.", pol->name);
3672 }
3673
3674 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_MY_JOBS)) == NULL ||
3675 op->op == IPP_ANY_OPERATION)
3676 {
3677 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3678 op->op != IPP_ANY_OPERATION)
3679 {
3680 /*
3681 * Add a new limit for Cancel-My-Jobs using the Send-Document limit as
3682 * a template...
3683 */
3684
3685 cupsdLogMessage(CUPSD_LOG_WARN,
3686 "No limit for Cancel-My-Jobs defined in policy %s "
3687 "- using Send-Document's policy.", pol->name);
3688
3689 cupsdAddPolicyOp(pol, op, IPP_CANCEL_MY_JOBS);
3690 }
3691 else
3692 cupsdLogMessage(CUPSD_LOG_WARN,
3693 "No limit for Cancel-My-Jobs defined in policy %s "
3694 "and no suitable template found.", pol->name);
3695 }
3696
3697 if ((op = cupsdFindPolicyOp(pol, IPP_CLOSE_JOB)) == NULL ||
3698 op->op == IPP_ANY_OPERATION)
3699 {
3700 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3701 op->op != IPP_ANY_OPERATION)
3702 {
3703 /*
3704 * Add a new limit for Close-Job using the Send-Document limit as a
3705 * template...
3706 */
3707
3708 cupsdLogMessage(CUPSD_LOG_WARN,
3709 "No limit for Close-Job defined in policy %s "
3710 "- using Send-Document's policy.", pol->name);
3711
3712 cupsdAddPolicyOp(pol, op, IPP_CLOSE_JOB);
3713 }
3714 else
3715 cupsdLogMessage(CUPSD_LOG_WARN,
3716 "No limit for Close-Job defined in policy %s "
3717 "and no suitable template found.", pol->name);
3718 }
3719
3720 if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL ||
3721 op->op == IPP_ANY_OPERATION)
3722 {
3723 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3724 op->op != IPP_ANY_OPERATION)
3725 {
3726 /*
3727 * Add a new limit for CUPS-Get-Document using the Send-Document
3728 * limit as a template...
3729 */
3730
3731 cupsdLogMessage(CUPSD_LOG_WARN,
3732 "No limit for CUPS-Get-Document defined in policy %s "
3733 "- using Send-Document's policy.", pol->name);
3734
3735 cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT);
3736 }
3737 else
3738 cupsdLogMessage(CUPSD_LOG_WARN,
3739 "No limit for CUPS-Get-Document defined in policy %s "
3740 "and no suitable template found.", pol->name);
3741 }
3742
3743 /*
3744 * Verify we have JobPrivateAccess, JobPrivateValues,
3745 * SubscriptionPrivateAccess, and SubscriptionPrivateValues in the policy.
3746 */
3747
3748 if (!pol->job_access)
3749 {
3750 cupsdLogMessage(CUPSD_LOG_WARN,
3751 "No JobPrivateAccess defined in policy %s "
3752 "- using defaults.", pol->name);
3753 cupsdAddString(&(pol->job_access), "@OWNER");
3754 cupsdAddString(&(pol->job_access), "@SYSTEM");
3755 }
3756
3757 if (!pol->job_attrs)
3758 {
3759 cupsdLogMessage(CUPSD_LOG_WARN,
3760 "No JobPrivateValues defined in policy %s "
3761 "- using defaults.", pol->name);
3762 cupsdAddString(&(pol->job_attrs), "job-name");
3763 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
3764 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
3765 }
3766
3767 if (!pol->sub_access)
3768 {
3769 cupsdLogMessage(CUPSD_LOG_WARN,
3770 "No SubscriptionPrivateAccess defined in policy %s "
3771 "- using defaults.", pol->name);
3772 cupsdAddString(&(pol->sub_access), "@OWNER");
3773 cupsdAddString(&(pol->sub_access), "@SYSTEM");
3774 }
3775
3776 if (!pol->sub_attrs)
3777 {
3778 cupsdLogMessage(CUPSD_LOG_WARN,
3779 "No SubscriptionPrivateValues defined in policy %s "
3780 "- using defaults.", pol->name);
3781 cupsdAddString(&(pol->sub_attrs), "notify-events");
3782 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
3783 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
3784 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
3785 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
3786 }
3787 }
3788
3789
3790 /*
3791 * End of "$Id: conf.c 9352 2010-11-06 04:55:26Z mike $".
3792 */
Unnamed repository; edit this file 'description' to name the repository.