]> git.ipfire.org Git - thirdparty/cups.git/blob - scheduler/conf.c
projects / thirdparty / cups.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'master' of https://github.com/apple/cups
[thirdparty/cups.git] / scheduler / conf.c
1 /*
2 * Configuration routines for the CUPS scheduler.
3 *
4 * Copyright 2007-2016 by Apple Inc.
5 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
6 *
7 * These coded instructions, statements, and computer programs are the
8 * property of Apple Inc. and are protected by Federal copyright
9 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
10 * which should have been included with this file. If this file is
11 * file is missing or damaged, see the license at "http://www.cups.org/".
12 */
13
14 /*
15 * Include necessary headers...
16 */
17
18 #include "cupsd.h"
19 #include <stdarg.h>
20 #include <grp.h>
21 #include <sys/utsname.h>
22 #ifdef HAVE_ASL_H
23 # include <asl.h>
24 #elif defined(HAVE_SYSTEMD_SD_JOURNAL_H)
25 # define SD_JOURNAL_SUPPRESS_LOCATION
26 # include <systemd/sd-journal.h>
27 #endif /* HAVE_ASL_H */
28 #include <syslog.h>
29
30 #ifdef HAVE_LIBPAPER
31 # include <paper.h>
32 #endif /* HAVE_LIBPAPER */
33
34
35 /*
36 * Possibly missing network definitions...
37 */
38
39 #ifndef INADDR_NONE
40 # define INADDR_NONE 0xffffffff
41 #endif /* !INADDR_NONE */
42
43
44 /*
45 * Configuration variable structure...
46 */
47
48 typedef enum
49 {
50 CUPSD_VARTYPE_INTEGER, /* Integer option */
51 CUPSD_VARTYPE_TIME, /* Time interval option */
52 CUPSD_VARTYPE_STRING, /* String option */
53 CUPSD_VARTYPE_BOOLEAN, /* Boolean option */
54 CUPSD_VARTYPE_PATHNAME, /* File/directory name option */
55 CUPSD_VARTYPE_PERM /* File/directory permissions */
56 } cupsd_vartype_t;
57
58 typedef struct
59 {
60 const char *name; /* Name of variable */
61 void *ptr; /* Pointer to variable */
62 cupsd_vartype_t type; /* Type (int, string, address) */
63 } cupsd_var_t;
64
65
66 /*
67 * Local globals...
68 */
69
70 static const cupsd_var_t cupsd_vars[] =
71 {
72 { "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN },
73 #if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
74 { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_STRING },
75 #endif /* HAVE_DNSSD || HAVE_AVAHI */
76 { "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN },
77 { "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN },
78 { "Classification", &Classification, CUPSD_VARTYPE_STRING },
79 { "ClassifyOverride", &ClassifyOverride, CUPSD_VARTYPE_BOOLEAN },
80 { "DefaultLanguage", &DefaultLanguage, CUPSD_VARTYPE_STRING },
81 { "DefaultLeaseDuration", &DefaultLeaseDuration, CUPSD_VARTYPE_TIME },
82 { "DefaultPaperSize", &DefaultPaperSize, CUPSD_VARTYPE_STRING },
83 { "DefaultPolicy", &DefaultPolicy, CUPSD_VARTYPE_STRING },
84 { "DefaultShared", &DefaultShared, CUPSD_VARTYPE_BOOLEAN },
85 { "DirtyCleanInterval", &DirtyCleanInterval, CUPSD_VARTYPE_TIME },
86 { "ErrorPolicy", &ErrorPolicy, CUPSD_VARTYPE_STRING },
87 { "FilterLimit", &FilterLimit, CUPSD_VARTYPE_INTEGER },
88 { "FilterNice", &FilterNice, CUPSD_VARTYPE_INTEGER },
89 #ifdef HAVE_GSSAPI
90 { "GSSServiceName", &GSSServiceName, CUPSD_VARTYPE_STRING },
91 #endif /* HAVE_GSSAPI */
92 #ifdef HAVE_ONDEMAND
93 { "IdleExitTimeout", &IdleExitTimeout, CUPSD_VARTYPE_TIME },
94 #endif /* HAVE_ONDEMAND */
95 { "JobKillDelay", &JobKillDelay, CUPSD_VARTYPE_TIME },
96 { "JobRetryLimit", &JobRetryLimit, CUPSD_VARTYPE_INTEGER },
97 { "JobRetryInterval", &JobRetryInterval, CUPSD_VARTYPE_TIME },
98 { "KeepAliveTimeout", &KeepAliveTimeout, CUPSD_VARTYPE_TIME },
99 { "KeepAlive", &KeepAlive, CUPSD_VARTYPE_BOOLEAN },
100 #ifdef HAVE_LAUNCHD
101 { "LaunchdTimeout", &IdleExitTimeout, CUPSD_VARTYPE_TIME },
102 #endif /* HAVE_LAUNCHD */
103 { "LimitRequestBody", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
104 { "ListenBackLog", &ListenBackLog, CUPSD_VARTYPE_INTEGER },
105 { "LogDebugHistory", &LogDebugHistory, CUPSD_VARTYPE_INTEGER },
106 { "MaxActiveJobs", &MaxActiveJobs, CUPSD_VARTYPE_INTEGER },
107 { "MaxClients", &MaxClients, CUPSD_VARTYPE_INTEGER },
108 { "MaxClientsPerHost", &MaxClientsPerHost, CUPSD_VARTYPE_INTEGER },
109 { "MaxCopies", &MaxCopies, CUPSD_VARTYPE_INTEGER },
110 { "MaxEvents", &MaxEvents, CUPSD_VARTYPE_INTEGER },
111 { "MaxHoldTime", &MaxHoldTime, CUPSD_VARTYPE_TIME },
112 { "MaxJobs", &MaxJobs, CUPSD_VARTYPE_INTEGER },
113 { "MaxJobsPerPrinter", &MaxJobsPerPrinter, CUPSD_VARTYPE_INTEGER },
114 { "MaxJobsPerUser", &MaxJobsPerUser, CUPSD_VARTYPE_INTEGER },
115 { "MaxJobTime", &MaxJobTime, CUPSD_VARTYPE_TIME },
116 { "MaxLeaseDuration", &MaxLeaseDuration, CUPSD_VARTYPE_TIME },
117 { "MaxLogSize", &MaxLogSize, CUPSD_VARTYPE_INTEGER },
118 { "MaxRequestSize", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
119 { "MaxSubscriptions", &MaxSubscriptions, CUPSD_VARTYPE_INTEGER },
120 { "MaxSubscriptionsPerJob", &MaxSubscriptionsPerJob, CUPSD_VARTYPE_INTEGER },
121 { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER },
122 { "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER },
123 { "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_TIME },
124 { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING },
125 { "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_TIME },
126 { "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_TIME },
127 { "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_TIME },
128 { "RIPCache", &RIPCache, CUPSD_VARTYPE_STRING },
129 { "RootCertDuration", &RootCertDuration, CUPSD_VARTYPE_TIME },
130 { "ServerAdmin", &ServerAdmin, CUPSD_VARTYPE_STRING },
131 { "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
132 { "StrictConformance", &StrictConformance, CUPSD_VARTYPE_BOOLEAN },
133 { "Timeout", &Timeout, CUPSD_VARTYPE_TIME },
134 { "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN }
135 };
136 static const cupsd_var_t cupsfiles_vars[] =
137 {
138 { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
139 { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
140 { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_PERM },
141 #ifdef HAVE_SSL
142 { "CreateSelfSignedCerts", &CreateSelfSignedCerts, CUPSD_VARTYPE_BOOLEAN },
143 #endif /* HAVE_SSL */
144 { "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
145 { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
146 { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
147 { "FileDevice", &FileDevice, CUPSD_VARTYPE_BOOLEAN },
148 { "FontPath", &FontPath, CUPSD_VARTYPE_STRING },
149 { "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_PERM },
150 { "LPDConfigFile", &LPDConfigFile, CUPSD_VARTYPE_STRING },
151 { "PageLog", &PageLog, CUPSD_VARTYPE_STRING },
152 { "Printcap", &Printcap, CUPSD_VARTYPE_STRING },
153 { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
154 { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
155 { "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME },
156 #ifdef HAVE_SSL
157 { "ServerKeychain", &ServerKeychain, CUPSD_VARTYPE_PATHNAME },
158 #endif /* HAVE_SSL */
159 { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME },
160 { "SMBConfigFile", &SMBConfigFile, CUPSD_VARTYPE_STRING },
161 { "StateDir", &StateDir, CUPSD_VARTYPE_STRING },
162 { "SyncOnClose", &SyncOnClose, CUPSD_VARTYPE_BOOLEAN },
163 #ifdef HAVE_AUTHORIZATION_H
164 { "SystemGroupAuthKey", &SystemGroupAuthKey, CUPSD_VARTYPE_STRING },
165 #endif /* HAVE_AUTHORIZATION_H */
166 { "TempDir", &TempDir, CUPSD_VARTYPE_PATHNAME }
167 };
168
169 static int default_auth_type = CUPSD_AUTH_AUTO;
170 /* Default AuthType, if not specified */
171
172 static const unsigned ones[4] =
173 {
174 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff
175 };
176 static const unsigned zeros[4] =
177 {
178 0x00000000, 0x00000000, 0x00000000, 0x00000000
179 };
180
181
182 /*
183 * Local functions...
184 */
185
186 static http_addrlist_t *get_address(const char *value, int defport);
187 static int get_addr_and_mask(const char *value, unsigned *ip,
188 unsigned *mask);
189 static void mime_error_cb(void *ctx, const char *message);
190 static int parse_aaa(cupsd_location_t *loc, char *line,
191 char *value, int linenum);
192 static int parse_fatal_errors(const char *s);
193 static int parse_groups(const char *s);
194 static int parse_protocols(const char *s);
195 static int parse_variable(const char *filename, int linenum,
196 const char *line, const char *value,
197 size_t num_vars,
198 const cupsd_var_t *vars);
199 static int read_cupsd_conf(cups_file_t *fp);
200 static int read_cups_files_conf(cups_file_t *fp);
201 static int read_location(cups_file_t *fp, char *name, int linenum);
202 static int read_policy(cups_file_t *fp, char *name, int linenum);
203 static void set_policy_defaults(cupsd_policy_t *pol);
204
205
206 /*
207 * 'cupsdAddAlias()' - Add a host alias.
208 */
209
210 void
211 cupsdAddAlias(cups_array_t *aliases, /* I - Array of aliases */
212 const char *name) /* I - Name to add */
213 {
214 cupsd_alias_t *a; /* New alias */
215 size_t namelen; /* Length of name */
216
217
218 namelen = strlen(name);
219
220 if ((a = (cupsd_alias_t *)malloc(sizeof(cupsd_alias_t) + namelen)) == NULL)
221 return;
222
223 a->namelen = namelen;
224 memcpy(a->name, name, namelen + 1); /* OK since a->name is allocated */
225
226 cupsArrayAdd(aliases, a);
227 }
228
229
230 /*
231 * 'cupsdCheckPermissions()' - Fix the mode and ownership of a file or directory.
232 */
233
234 int /* O - 0 on success, -1 on error, 1 on warning */
235 cupsdCheckPermissions(
236 const char *filename, /* I - File/directory name */
237 const char *suffix, /* I - Additional file/directory name */
238 mode_t mode, /* I - Permissions */
239 uid_t user, /* I - Owner */
240 gid_t group, /* I - Group */
241 int is_dir, /* I - 1 = directory, 0 = file */
242 int create_dir) /* I - 1 = create directory, -1 = create w/o logging, 0 = not */
243 {
244 int dir_created = 0; /* Did we create a directory? */
245 char pathname[1024]; /* File name with prefix */
246 struct stat fileinfo; /* Stat buffer */
247 int is_symlink; /* Is "filename" a symlink? */
248
249
250 /*
251 * Prepend the given root to the filename before testing it...
252 */
253
254 if (suffix)
255 {
256 snprintf(pathname, sizeof(pathname), "%s/%s", filename, suffix);
257 filename = pathname;
258 }
259
260 /*
261 * See if we can stat the file/directory...
262 */
263
264 if (lstat(filename, &fileinfo))
265 {
266 if (errno == ENOENT && create_dir)
267 {
268 if (create_dir > 0)
269 cupsdLogMessage(CUPSD_LOG_DEBUG, "Creating missing directory \"%s\"",
270 filename);
271
272 if (mkdir(filename, mode))
273 {
274 if (create_dir > 0)
275 cupsdLogMessage(CUPSD_LOG_ERROR,
276 "Unable to create directory \"%s\" - %s", filename,
277 strerror(errno));
278 else
279 #ifdef HAVE_ASL_H
280 {
281 asl_object_t m; /* Log message */
282
283 m = asl_new(ASL_TYPE_MSG);
284 asl_set(m, ASL_KEY_FACILITY, "org.cups.cupsd");
285 asl_log(NULL, m, ASL_LEVEL_ERR, "Unable to create directory \"%s\" - %s", filename, strerror(errno));
286 asl_release(m);
287 }
288 #elif defined(HAVE_SYSTEMD_SD_JOURNAL_H)
289 sd_journal_print(LOG_ERR, "Unable to create directory \"%s\" - %s", filename, strerror(errno));
290 #else
291 syslog(LOG_ERR, "Unable to create directory \"%s\" - %s", filename, strerror(errno));
292 #endif /* HAVE_ASL_H */
293
294 return (-1);
295 }
296
297 dir_created = 1;
298 fileinfo.st_mode = mode | S_IFDIR;
299 }
300 else
301 return (create_dir ? -1 : 1);
302 }
303
304 if ((is_symlink = S_ISLNK(fileinfo.st_mode)) != 0)
305 {
306 if (stat(filename, &fileinfo))
307 {
308 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is a bad symlink - %s",
309 filename, strerror(errno));
310 return (-1);
311 }
312 }
313
314 /*
315 * Make sure it's a regular file or a directory as needed...
316 */
317
318 if (!dir_created && !is_dir && !S_ISREG(fileinfo.st_mode))
319 {
320 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a regular file.", filename);
321 return (-1);
322 }
323
324 if (!dir_created && is_dir && !S_ISDIR(fileinfo.st_mode))
325 {
326 if (create_dir >= 0)
327 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a directory.", filename);
328 else
329 #ifdef HAVE_ASL_H
330 {
331 asl_object_t m; /* Log message */
332
333 m = asl_new(ASL_TYPE_MSG);
334 asl_set(m, ASL_KEY_FACILITY, "org.cups.cupsd");
335 asl_log(NULL, m, ASL_LEVEL_ERR, "\"%s\" is not a directory.", filename);
336 asl_release(m);
337 }
338 #elif defined(HAVE_SYSTEMD_SD_JOURNAL_H)
339 sd_journal_print(LOG_ERR, "\"%s\" is not a directory.", filename);
340 #else
341 syslog(LOG_ERR, "\"%s\" is not a directory.", filename);
342 #endif /* HAVE_ASL_H */
343
344 return (-1);
345 }
346
347 /*
348 * If the filename is a symlink, do not change permissions (STR #2937)...
349 */
350
351 if (is_symlink)
352 return (0);
353
354 /*
355 * Fix owner, group, and mode as needed...
356 */
357
358 if (dir_created || fileinfo.st_uid != user || fileinfo.st_gid != group)
359 {
360 if (create_dir >= 0)
361 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing ownership of \"%s\"",
362 filename);
363
364 if (chown(filename, user, group) && !getuid())
365 {
366 if (create_dir >= 0)
367 cupsdLogMessage(CUPSD_LOG_ERROR,
368 "Unable to change ownership of \"%s\" - %s", filename,
369 strerror(errno));
370 else
371 #ifdef HAVE_ASL_H
372 {
373 asl_object_t m; /* Log message */
374
375 m = asl_new(ASL_TYPE_MSG);
376 asl_set(m, ASL_KEY_FACILITY, "org.cups.cupsd");
377 asl_log(NULL, m, ASL_LEVEL_ERR, "Unable to change ownership of \"%s\" - %s", filename, strerror(errno));
378 asl_release(m);
379 }
380 #elif defined(HAVE_SYSTEMD_SD_JOURNAL_H)
381 sd_journal_print(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename, strerror(errno));
382 #else
383 syslog(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename, strerror(errno));
384 #endif /* HAVE_ASL_H */
385
386 return (1);
387 }
388 }
389
390 if (dir_created || (fileinfo.st_mode & 07777) != mode)
391 {
392 if (create_dir >= 0)
393 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing access permissions of \"%s\"",
394 filename);
395
396 if (chmod(filename, mode))
397 {
398 if (create_dir >= 0)
399 cupsdLogMessage(CUPSD_LOG_ERROR,
400 "Unable to change permissions of \"%s\" - %s", filename,
401 strerror(errno));
402 else
403 #ifdef HAVE_ASL_H
404 {
405 asl_object_t m; /* Log message */
406
407 m = asl_new(ASL_TYPE_MSG);
408 asl_set(m, ASL_KEY_FACILITY, "org.cups.cupsd");
409 asl_log(NULL, m, ASL_LEVEL_ERR, "Unable to change permissions of \"%s\" - %s", filename, strerror(errno));
410 asl_release(m);
411 }
412 #elif defined(HAVE_SYSTEMD_SD_JOURNAL_H)
413 sd_journal_print(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename, strerror(errno));
414 #else
415 syslog(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename, strerror(errno));
416 #endif /* HAVE_ASL_H */
417
418 return (1);
419 }
420 }
421
422 /*
423 * Everything is OK...
424 */
425
426 return (0);
427 }
428
429
430 /*
431 * 'cupsdDefaultAuthType()' - Get the default AuthType.
432 *
433 * When the default_auth_type is "auto", this function tries to get the GSS
434 * credentials for the server. If that succeeds we use Kerberos authentication,
435 * otherwise we do a fallback to Basic authentication against the local user
436 * accounts.
437 */
438
439 int /* O - Default AuthType value */
440 cupsdDefaultAuthType(void)
441 {
442 #ifdef HAVE_GSSAPI
443 OM_uint32 major_status, /* Major status code */
444 minor_status; /* Minor status code */
445 gss_name_t server_name; /* Server name */
446 gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
447 /* Service name token */
448 char buf[1024]; /* Service name buffer */
449 #endif /* HAVE_GSSAPI */
450
451
452 /*
453 * If we have already determined the correct default AuthType, use it...
454 */
455
456 if (default_auth_type != CUPSD_AUTH_AUTO)
457 return (default_auth_type);
458
459 #ifdef HAVE_GSSAPI
460 # ifdef __APPLE__
461 /*
462 * If the weak-linked GSSAPI/Kerberos library is not present, don't try
463 * to use it...
464 */
465
466 if (&gss_init_sec_context == NULL)
467 return (default_auth_type = CUPSD_AUTH_BASIC);
468 # endif /* __APPLE__ */
469
470 /*
471 * Try to obtain the server's GSS credentials (GSSServiceName@servername). If
472 * that fails we must use Basic...
473 */
474
475 snprintf(buf, sizeof(buf), "%s@%s", GSSServiceName, ServerName);
476
477 token.value = buf;
478 token.length = strlen(buf);
479 server_name = GSS_C_NO_NAME;
480 major_status = gss_import_name(&minor_status, &token,
481 GSS_C_NT_HOSTBASED_SERVICE,
482 &server_name);
483
484 memset(&token, 0, sizeof(token));
485
486 if (GSS_ERROR(major_status))
487 {
488 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
489 "cupsdDefaultAuthType: gss_import_name(%s) failed", buf);
490 return (default_auth_type = CUPSD_AUTH_BASIC);
491 }
492
493 major_status = gss_display_name(&minor_status, server_name, &token, NULL);
494
495 if (GSS_ERROR(major_status))
496 {
497 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
498 "cupsdDefaultAuthType: gss_display_name(%s) failed",
499 buf);
500 return (default_auth_type = CUPSD_AUTH_BASIC);
501 }
502
503 cupsdLogMessage(CUPSD_LOG_DEBUG,
504 "cupsdDefaultAuthType: Attempting to acquire Kerberos "
505 "credentials for %s...", (char *)token.value);
506
507 ServerCreds = GSS_C_NO_CREDENTIAL;
508 major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE,
509 GSS_C_NO_OID_SET, GSS_C_ACCEPT,
510 &ServerCreds, NULL, NULL);
511 if (GSS_ERROR(major_status))
512 {
513 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
514 "cupsdDefaultAuthType: gss_acquire_cred(%s) failed",
515 (char *)token.value);
516 gss_release_name(&minor_status, &server_name);
517 gss_release_buffer(&minor_status, &token);
518 return (default_auth_type = CUPSD_AUTH_BASIC);
519 }
520
521 cupsdLogMessage(CUPSD_LOG_DEBUG,
522 "cupsdDefaultAuthType: Kerberos credentials acquired "
523 "successfully for %s.", (char *)token.value);
524
525 gss_release_name(&minor_status, &server_name);
526 gss_release_buffer(&minor_status, &token);
527
528 HaveServerCreds = 1;
529
530 return (default_auth_type = CUPSD_AUTH_NEGOTIATE);
531
532 #else
533 /*
534 * No Kerberos support compiled in so just use Basic all the time...
535 */
536
537 return (default_auth_type = CUPSD_AUTH_BASIC);
538 #endif /* HAVE_GSSAPI */
539 }
540
541
542 /*
543 * 'cupsdFreeAliases()' - Free all of the alias entries.
544 */
545
546 void
547 cupsdFreeAliases(cups_array_t *aliases) /* I - Array of aliases */
548 {
549 cupsd_alias_t *a; /* Current alias */
550
551
552 for (a = (cupsd_alias_t *)cupsArrayFirst(aliases);
553 a;
554 a = (cupsd_alias_t *)cupsArrayNext(aliases))
555 free(a);
556
557 cupsArrayDelete(aliases);
558 }
559
560
561 /*
562 * 'cupsdReadConfiguration()' - Read the cupsd.conf file.
563 */
564
565 int /* O - 1 on success, 0 otherwise */
566 cupsdReadConfiguration(void)
567 {
568 int i; /* Looping var */
569 cups_file_t *fp; /* Configuration file */
570 int status; /* Return status */
571 char temp[1024], /* Temporary buffer */
572 mimedir[1024], /* MIME directory */
573 *slash; /* Directory separator */
574 cups_lang_t *language; /* Language */
575 struct passwd *user; /* Default user */
576 struct group *group; /* Default group */
577 char *old_serverroot, /* Old ServerRoot */
578 *old_requestroot; /* Old RequestRoot */
579 int old_remote_port; /* Old RemotePort */
580 const char *tmpdir; /* TMPDIR environment variable */
581 struct stat tmpinfo; /* Temporary directory info */
582 cupsd_policy_t *p; /* Policy */
583
584
585 /*
586 * Save the old root paths...
587 */
588
589 old_serverroot = NULL;
590 cupsdSetString(&old_serverroot, ServerRoot);
591 old_requestroot = NULL;
592 cupsdSetString(&old_requestroot, RequestRoot);
593
594 /*
595 * Reset the server configuration data...
596 */
597
598 cupsdDeleteAllLocations();
599
600 cupsdDeleteAllListeners();
601
602 old_remote_port = RemotePort;
603 RemotePort = 0;
604
605 /*
606 * String options...
607 */
608
609 cupsdFreeAliases(ServerAlias);
610 ServerAlias = NULL;
611
612 cupsdClearString(&ServerName);
613 cupsdClearString(&ServerAdmin);
614 cupsdSetString(&ServerBin, CUPS_SERVERBIN);
615 cupsdSetString(&RequestRoot, CUPS_REQUESTS);
616 cupsdSetString(&CacheDir, CUPS_CACHEDIR);
617 cupsdSetString(&DataDir, CUPS_DATADIR);
618 cupsdSetString(&DocumentRoot, CUPS_DOCROOT);
619 cupsdSetString(&AccessLog, CUPS_LOGDIR "/access_log");
620 cupsdClearString(&ErrorLog);
621 cupsdSetString(&PageLog, CUPS_LOGDIR "/page_log");
622 cupsdSetString(&PageLogFormat,
623 "%p %u %j %T %P %C %{job-billing} "
624 "%{job-originating-host-name} %{job-name} %{media} %{sides}");
625 cupsdSetString(&Printcap, CUPS_DEFAULT_PRINTCAP);
626 cupsdSetString(&FontPath, CUPS_FONTPATH);
627 cupsdSetString(&RemoteRoot, "remroot");
628 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d IPP/2.1", CUPS_VERSION_MAJOR,
629 CUPS_VERSION_MINOR);
630 cupsdSetString(&StateDir, CUPS_STATEDIR);
631
632 if (!strcmp(CUPS_DEFAULT_PRINTCAP, "/etc/printers.conf"))
633 PrintcapFormat = PRINTCAP_SOLARIS;
634 else if (!strcmp(CUPS_DEFAULT_PRINTCAP,
635 "/Library/Preferences/org.cups.printers.plist"))
636 PrintcapFormat = PRINTCAP_PLIST;
637 else
638 PrintcapFormat = PRINTCAP_BSD;
639
640 strlcpy(temp, ConfigurationFile, sizeof(temp));
641 if ((slash = strrchr(temp, '/')) != NULL)
642 *slash = '\0';
643
644 cupsdSetString(&ServerRoot, temp);
645
646 cupsdClearString(&Classification);
647 ClassifyOverride = 0;
648
649 #ifdef HAVE_SSL
650 # ifdef HAVE_GNUTLS
651 cupsdSetString(&ServerKeychain, "ssl");
652 # else
653 cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain");
654 # endif /* HAVE_GNUTLS */
655
656 _httpTLSSetOptions(0);
657 #endif /* HAVE_SSL */
658
659 language = cupsLangDefault();
660
661 if (!strcmp(language->language, "C") || !strcmp(language->language, "POSIX"))
662 cupsdSetString(&DefaultLanguage, "en");
663 else
664 cupsdSetString(&DefaultLanguage, language->language);
665
666 cupsdClearString(&DefaultPaperSize);
667
668 cupsdSetString(&RIPCache, "128m");
669
670 cupsdSetString(&TempDir, NULL);
671
672 #ifdef HAVE_GSSAPI
673 cupsdSetString(&GSSServiceName, CUPS_DEFAULT_GSSSERVICENAME);
674
675 if (HaveServerCreds)
676 {
677 OM_uint32 minor_status; /* Minor status code */
678
679 gss_release_cred(&minor_status, &ServerCreds);
680
681 HaveServerCreds = 0;
682 }
683
684 ServerCreds = GSS_C_NO_CREDENTIAL;
685 #endif /* HAVE_GSSAPI */
686
687 /*
688 * Find the default user...
689 */
690
691 if ((user = getpwnam(CUPS_DEFAULT_USER)) != NULL)
692 User = user->pw_uid;
693 else
694 {
695 /*
696 * Use the (historical) NFS nobody user ID (-2 as a 16-bit twos-
697 * complement number...)
698 */
699
700 User = 65534;
701 }
702
703 endpwent();
704
705 /*
706 * Find the default group...
707 */
708
709 group = getgrnam(CUPS_DEFAULT_GROUP);
710 endgrent();
711
712 if (group)
713 Group = group->gr_gid;
714 else
715 {
716 /*
717 * Fallback to group "nobody"...
718 */
719
720 group = getgrnam("nobody");
721 endgrent();
722
723 if (group)
724 Group = group->gr_gid;
725 else
726 {
727 /*
728 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
729 * complement number...)
730 */
731
732 Group = 65534;
733 }
734 }
735
736 /*
737 * Numeric options...
738 */
739
740 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
741 ConfigFilePerm = CUPS_DEFAULT_CONFIG_FILE_PERM;
742 FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS);
743 default_auth_type = CUPSD_AUTH_BASIC;
744 #ifdef HAVE_SSL
745 CreateSelfSignedCerts = TRUE;
746 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
747 #endif /* HAVE_SSL */
748 DirtyCleanInterval = DEFAULT_KEEPALIVE;
749 JobKillDelay = DEFAULT_TIMEOUT;
750 JobRetryLimit = 5;
751 JobRetryInterval = 300;
752 FileDevice = FALSE;
753 FilterLevel = 0;
754 FilterLimit = 0;
755 FilterNice = 0;
756 HostNameLookups = FALSE;
757 KeepAlive = TRUE;
758 KeepAliveTimeout = DEFAULT_KEEPALIVE;
759 ListenBackLog = SOMAXCONN;
760 LogDebugHistory = 200;
761 LogFilePerm = CUPS_DEFAULT_LOG_FILE_PERM;
762 LogLevel = CUPSD_LOG_WARN;
763 LogTimeFormat = CUPSD_TIME_STANDARD;
764 MaxClients = 100;
765 MaxClientsPerHost = 0;
766 MaxLogSize = 1024 * 1024;
767 MaxRequestSize = 0;
768 MultipleOperationTimeout = DEFAULT_TIMEOUT;
769 NumSystemGroups = 0;
770 ReloadTimeout = DEFAULT_KEEPALIVE;
771 RootCertDuration = 300;
772 Sandboxing = CUPSD_SANDBOXING_STRICT;
773 StrictConformance = FALSE;
774 SyncOnClose = FALSE;
775 Timeout = DEFAULT_TIMEOUT;
776 WebInterface = CUPS_DEFAULT_WEBIF;
777
778 BrowseLocalProtocols = parse_protocols(CUPS_DEFAULT_BROWSE_LOCAL_PROTOCOLS);
779 BrowseWebIF = FALSE;
780 Browsing = CUPS_DEFAULT_BROWSING;
781 DefaultShared = CUPS_DEFAULT_DEFAULT_SHARED;
782
783 #if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
784 cupsdSetString(&DNSSDSubTypes, "_cups,_print");
785 #endif /* HAVE_DNSSD || HAVE_AVAHI */
786
787 cupsdSetString(&LPDConfigFile, CUPS_DEFAULT_LPD_CONFIG_FILE);
788 cupsdSetString(&SMBConfigFile, CUPS_DEFAULT_SMB_CONFIG_FILE);
789
790 cupsdSetString(&ErrorPolicy, "stop-printer");
791
792 JobHistory = DEFAULT_HISTORY;
793 JobFiles = DEFAULT_FILES;
794 JobAutoPurge = 0;
795 MaxHoldTime = 0;
796 MaxJobs = 500;
797 MaxActiveJobs = 0;
798 MaxJobsPerUser = 0;
799 MaxJobsPerPrinter = 0;
800 MaxJobTime = 3 * 60 * 60; /* 3 hours */
801 MaxCopies = CUPS_DEFAULT_MAX_COPIES;
802
803 cupsdDeleteAllPolicies();
804 cupsdClearString(&DefaultPolicy);
805
806 #ifdef HAVE_AUTHORIZATION_H
807 cupsdSetString(&SystemGroupAuthKey, CUPS_DEFAULT_SYSTEM_AUTHKEY);
808 #endif /* HAVE_AUTHORIZATION_H */
809
810 MaxSubscriptions = 100;
811 MaxSubscriptionsPerJob = 0;
812 MaxSubscriptionsPerPrinter = 0;
813 MaxSubscriptionsPerUser = 0;
814 DefaultLeaseDuration = 86400;
815 MaxLeaseDuration = 0;
816
817 #ifdef HAVE_ONDEMAND
818 IdleExitTimeout = 60;
819 #endif /* HAVE_ONDEMAND */
820
821 /*
822 * Setup environment variables...
823 */
824
825 cupsdInitEnv();
826
827 /*
828 * Read the cups-files.conf file...
829 */
830
831 if ((fp = cupsFileOpen(CupsFilesFile, "r")) != NULL)
832 {
833 status = read_cups_files_conf(fp);
834
835 cupsFileClose(fp);
836
837 if (!status)
838 {
839 if (TestConfigFile)
840 printf("\"%s\" contains errors.\n", CupsFilesFile);
841 else
842 #ifdef HAVE_ASL_H
843 {
844 asl_object_t m; /* Log message */
845
846 m = asl_new(ASL_TYPE_MSG);
847 asl_set(m, ASL_KEY_FACILITY, "org.cups.cupsd");
848 asl_log(NULL, m, ASL_LEVEL_ERR, "Unable to read \"%s\" due to errors.", CupsFilesFile);
849 asl_release(m);
850 }
851 #elif defined(HAVE_SYSTEMD_SD_JOURNAL_H)
852 sd_journal_print(LOG_ERR, "Unable to read \"%s\" due to errors.", CupsFilesFile);
853 #else
854 syslog(LOG_LPR, "Unable to read \"%s\" due to errors.", CupsFilesFile);
855 #endif /* HAVE_ASL_H */
856
857 return (0);
858 }
859 }
860 else if (errno == ENOENT)
861 cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile);
862 else
863 {
864 #ifdef HAVE_ASL_H
865 asl_object_t m; /* Log message */
866
867 m = asl_new(ASL_TYPE_MSG);
868 asl_set(m, ASL_KEY_FACILITY, "org.cups.cupsd");
869 asl_log(NULL, m, ASL_LEVEL_ERR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
870 asl_release(m);
871
872 #elif defined(HAVE_SYSTEMD_SD_JOURNAL_H)
873 sd_journal_print(LOG_ERR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
874 #else
875 syslog(LOG_LPR, "Unable to open \"%s\" - %s", CupsFilesFile, strerror(errno));
876 #endif /* HAVE_ASL_H */
877
878 return (0);
879 }
880
881 if (!ErrorLog)
882 cupsdSetString(&ErrorLog, CUPS_LOGDIR "/error_log");
883
884 /*
885 * Read the cupsd.conf file...
886 */
887
888 if ((fp = cupsFileOpen(ConfigurationFile, "r")) == NULL)
889 {
890 #ifdef HAVE_ASL_H
891 asl_object_t m; /* Log message */
892
893 m = asl_new(ASL_TYPE_MSG);
894 asl_set(m, ASL_KEY_FACILITY, "org.cups.cupsd");
895 asl_log(NULL, m, ASL_LEVEL_ERR, "Unable to open \"%s\" - %s", ConfigurationFile, strerror(errno));
896 asl_release(m);
897 #elif defined(HAVE_SYSTEMD_SD_JOURNAL_H)
898 sd_journal_print(LOG_ERR, "Unable to open \"%s\" - %s", ConfigurationFile, strerror(errno));
899 #else
900 syslog(LOG_LPR, "Unable to open \"%s\" - %s", ConfigurationFile, strerror(errno));
901 #endif /* HAVE_ASL_H */
902
903 return (0);
904 }
905
906 status = read_cupsd_conf(fp);
907
908 cupsFileClose(fp);
909
910 if (!status)
911 {
912 if (TestConfigFile)
913 printf("\"%s\" contains errors.\n", ConfigurationFile);
914 else
915 #ifdef HAVE_ASL_H
916 {
917 asl_object_t m; /* Log message */
918
919 m = asl_new(ASL_TYPE_MSG);
920 asl_set(m, ASL_KEY_FACILITY, "org.cups.cupsd");
921 asl_log(NULL, m, ASL_LEVEL_ERR, "Unable to read \"%s\" due to errors.", ConfigurationFile);
922 asl_release(m);
923 }
924 #elif defined(HAVE_SYSTEMD_SD_JOURNAL_H)
925 sd_journal_print(LOG_ERR, "Unable to read \"%s\" due to errors.", ConfigurationFile);
926 #else
927 syslog(LOG_LPR, "Unable to read \"%s\" due to errors.", ConfigurationFile);
928 #endif /* HAVE_ASL_H */
929
930 return (0);
931 }
932
933 RunUser = getuid();
934
935 cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
936 RemotePort ? "enabled" : "disabled");
937
938 if (!RemotePort)
939 BrowseLocalProtocols = 0; /* Disable sharing - no remote access */
940
941 /*
942 * See if the ServerName is an IP address...
943 */
944
945 if (ServerName)
946 {
947 if (!ServerAlias)
948 ServerAlias = cupsArrayNew(NULL, NULL);
949
950 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", ServerName);
951 }
952 else
953 {
954 if (gethostname(temp, sizeof(temp)))
955 {
956 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get hostname: %s",
957 strerror(errno));
958 strlcpy(temp, "localhost", sizeof(temp));
959 }
960
961 cupsdSetString(&ServerName, temp);
962
963 if (!ServerAlias)
964 ServerAlias = cupsArrayNew(NULL, NULL);
965
966 cupsdAddAlias(ServerAlias, temp);
967 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
968
969 if (HostNameLookups || RemotePort)
970 {
971 struct hostent *host; /* Host entry to get FQDN */
972
973 if ((host = gethostbyname(temp)) != NULL)
974 {
975 if (_cups_strcasecmp(temp, host->h_name))
976 {
977 cupsdSetString(&ServerName, host->h_name);
978 cupsdAddAlias(ServerAlias, host->h_name);
979 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
980 host->h_name);
981 }
982
983 if (host->h_aliases)
984 {
985 for (i = 0; host->h_aliases[i]; i ++)
986 if (_cups_strcasecmp(temp, host->h_aliases[i]))
987 {
988 cupsdAddAlias(ServerAlias, host->h_aliases[i]);
989 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
990 host->h_aliases[i]);
991 }
992 }
993 }
994 }
995
996 /*
997 * Make sure we have the base hostname added as an alias, too!
998 */
999
1000 if ((slash = strchr(temp, '.')) != NULL)
1001 {
1002 *slash = '\0';
1003 cupsdAddAlias(ServerAlias, temp);
1004 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
1005 }
1006 }
1007
1008 for (slash = ServerName; isdigit(*slash & 255) || *slash == '.'; slash ++);
1009
1010 ServerNameIsIP = !*slash;
1011
1012 /*
1013 * Make sure ServerAdmin is initialized...
1014 */
1015
1016 if (!ServerAdmin)
1017 cupsdSetStringf(&ServerAdmin, "root@%s", ServerName);
1018
1019 /*
1020 * Use the default system group if none was supplied in cupsd.conf...
1021 */
1022
1023 if (NumSystemGroups == 0)
1024 {
1025 if (!parse_groups(CUPS_DEFAULT_SYSTEM_GROUPS))
1026 {
1027 /*
1028 * Find the group associated with GID 0...
1029 */
1030
1031 group = getgrgid(0);
1032 endgrent();
1033
1034 if (group != NULL)
1035 cupsdSetString(&SystemGroups[0], group->gr_name);
1036 else
1037 cupsdSetString(&SystemGroups[0], "unknown");
1038
1039 SystemGroupIDs[0] = 0;
1040 NumSystemGroups = 1;
1041 }
1042 }
1043
1044 /*
1045 * Make sure ConfigFilePerm and LogFilePerm have sane values...
1046 */
1047
1048 ConfigFilePerm &= 0664;
1049 LogFilePerm &= 0664;
1050
1051 /*
1052 * Open the system log for cupsd if necessary...
1053 */
1054
1055 if (!LogStderr)
1056 {
1057 if (!strcmp(AccessLog, "stderr"))
1058 cupsdSetString(&AccessLog, "syslog");
1059
1060 if (!strcmp(ErrorLog, "stderr"))
1061 cupsdSetString(&ErrorLog, "syslog");
1062
1063 if (!strcmp(PageLog, "stderr"))
1064 cupsdSetString(&PageLog, "syslog");
1065 }
1066
1067 #if defined(HAVE_VSYSLOG) && !defined(HAVE_ASL_H) && !defined(HAVE_SYSTEMD_SD_JOURNAL_H)
1068 if (!strcmp(AccessLog, "syslog") ||
1069 !strcmp(ErrorLog, "syslog") ||
1070 !strcmp(PageLog, "syslog"))
1071 openlog("cupsd", LOG_PID | LOG_NOWAIT | LOG_NDELAY, LOG_LPR);
1072 #endif /* HAVE_VSYSLOG && !HAVE_ASL_H && !HAVE_SYSTEMD_SD_JOURNAL_H */
1073
1074 /*
1075 * Make sure each of the log files exists and gets rotated as necessary...
1076 */
1077
1078 if (strcmp(AccessLog, "syslog"))
1079 cupsdCheckLogFile(&AccessFile, AccessLog);
1080
1081 if (strcmp(ErrorLog, "syslog"))
1082 cupsdCheckLogFile(&ErrorFile, ErrorLog);
1083
1084 if (strcmp(PageLog, "syslog"))
1085 cupsdCheckLogFile(&PageFile, PageLog);
1086
1087 /*
1088 * Log the configuration file that was used...
1089 */
1090
1091 cupsdLogMessage(CUPSD_LOG_INFO, "Loaded configuration file \"%s\"",
1092 ConfigurationFile);
1093
1094 /*
1095 * Validate the Group and SystemGroup settings - they cannot be the same,
1096 * otherwise the CGI programs will be able to authenticate as root without
1097 * a password!
1098 */
1099
1100 if (!RunUser)
1101 {
1102 for (i = 0; i < NumSystemGroups; i ++)
1103 if (Group == SystemGroupIDs[i])
1104 break;
1105
1106 if (i < NumSystemGroups)
1107 {
1108 /*
1109 * Log the error and reset the group to a safe value...
1110 */
1111
1112 cupsdLogMessage(CUPSD_LOG_ERROR,
1113 "Group and SystemGroup cannot use the same groups.");
1114 if (FatalErrors & (CUPSD_FATAL_CONFIG | CUPSD_FATAL_PERMISSIONS))
1115 return (0);
1116
1117 cupsdLogMessage(CUPSD_LOG_INFO, "Resetting Group to \"nobody\"...");
1118
1119 group = getgrnam("nobody");
1120 endgrent();
1121
1122 if (group != NULL)
1123 Group = group->gr_gid;
1124 else
1125 {
1126 /*
1127 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
1128 * complement number...)
1129 */
1130
1131 Group = 65534;
1132 }
1133 }
1134 }
1135
1136 /*
1137 * Check that we have at least one listen/port line; if not, report this
1138 * as an error and exit!
1139 */
1140
1141 if (cupsArrayCount(Listeners) == 0)
1142 {
1143 /*
1144 * No listeners!
1145 */
1146
1147 cupsdLogMessage(CUPSD_LOG_EMERG,
1148 "No valid Listen or Port lines were found in the "
1149 "configuration file.");
1150
1151 /*
1152 * Commit suicide...
1153 */
1154
1155 cupsdEndProcess(getpid(), 0);
1156 }
1157
1158 /*
1159 * Set the default locale using the language and charset...
1160 */
1161
1162 cupsdSetStringf(&DefaultLocale, "%s.UTF-8", DefaultLanguage);
1163
1164 /*
1165 * Update all relative filenames to include the full path from ServerRoot...
1166 */
1167
1168 if (DocumentRoot[0] != '/')
1169 cupsdSetStringf(&DocumentRoot, "%s/%s", ServerRoot, DocumentRoot);
1170
1171 if (RequestRoot[0] != '/')
1172 cupsdSetStringf(&RequestRoot, "%s/%s", ServerRoot, RequestRoot);
1173
1174 if (ServerBin[0] != '/')
1175 cupsdSetStringf(&ServerBin, "%s/%s", ServerRoot, ServerBin);
1176
1177 if (StateDir[0] != '/')
1178 cupsdSetStringf(&StateDir, "%s/%s", ServerRoot, StateDir);
1179
1180 if (CacheDir[0] != '/')
1181 cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir);
1182
1183 #ifdef HAVE_SSL
1184 if (ServerKeychain[0] != '/')
1185 cupsdSetStringf(&ServerKeychain, "%s/%s", ServerRoot, ServerKeychain);
1186
1187 cupsdLogMessage(CUPSD_LOG_DEBUG, "Using keychain \"%s\" for server name \"%s\".", ServerKeychain, ServerName);
1188 if (!CreateSelfSignedCerts)
1189 cupsdLogMessage(CUPSD_LOG_DEBUG, "Self-signed TLS certificate generation is disabled.");
1190 cupsSetServerCredentials(ServerKeychain, ServerName, CreateSelfSignedCerts);
1191 #endif /* HAVE_SSL */
1192
1193 /*
1194 * Make sure that directories and config files are owned and
1195 * writable by the user and group in the cupsd.conf file...
1196 */
1197
1198 snprintf(temp, sizeof(temp), "%s/rss", CacheDir);
1199
1200 if ((cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser,
1201 Group, 1, 1) < 0 ||
1202 cupsdCheckPermissions(CacheDir, NULL, 0770, RunUser,
1203 Group, 1, 1) < 0 ||
1204 cupsdCheckPermissions(temp, NULL, 0775, RunUser,
1205 Group, 1, 1) < 0 ||
1206 cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
1207 Group, 1, 1) < 0 ||
1208 cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
1209 SystemGroupIDs[0], 1, 1) < 0 ||
1210 cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
1211 Group, 1, 0) < 0 ||
1212 cupsdCheckPermissions(ServerRoot, "ppd", 0755, RunUser,
1213 Group, 1, 1) < 0 ||
1214 cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser,
1215 Group, 1, 0) < 0 ||
1216 cupsdCheckPermissions(ConfigurationFile, NULL, ConfigFilePerm, RunUser,
1217 Group, 0, 0) < 0 ||
1218 cupsdCheckPermissions(CupsFilesFile, NULL, ConfigFilePerm, RunUser,
1219 Group, 0, 0) < 0 ||
1220 cupsdCheckPermissions(ServerRoot, "classes.conf", 0600, RunUser,
1221 Group, 0, 0) < 0 ||
1222 cupsdCheckPermissions(ServerRoot, "printers.conf", 0600, RunUser,
1223 Group, 0, 0) < 0 ||
1224 cupsdCheckPermissions(ServerRoot, "passwd.md5", 0600, User,
1225 Group, 0, 0) < 0) &&
1226 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1227 return (0);
1228
1229 /*
1230 * Update TempDir to the default if it hasn't been set already...
1231 */
1232
1233 #ifdef __APPLE__
1234 if (TempDir && !RunUser &&
1235 (!strncmp(TempDir, "/private/tmp", 12) || !strncmp(TempDir, "/tmp", 4)))
1236 {
1237 cupsdLogMessage(CUPSD_LOG_ERROR, "Cannot use %s for TempDir.", TempDir);
1238 cupsdClearString(&TempDir);
1239 }
1240 #endif /* __APPLE__ */
1241
1242 if (!TempDir)
1243 {
1244 #ifdef __APPLE__
1245 if ((tmpdir = getenv("TMPDIR")) != NULL &&
1246 strncmp(tmpdir, "/private/tmp", 12) && strncmp(tmpdir, "/tmp", 4))
1247 #else
1248 if ((tmpdir = getenv("TMPDIR")) != NULL)
1249 #endif /* __APPLE__ */
1250 {
1251 /*
1252 * TMPDIR is defined, see if it is OK for us to use...
1253 */
1254
1255 if (stat(tmpdir, &tmpinfo))
1256 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to access TMPDIR (%s): %s",
1257 tmpdir, strerror(errno));
1258 else if (!S_ISDIR(tmpinfo.st_mode))
1259 cupsdLogMessage(CUPSD_LOG_ERROR, "TMPDIR (%s) is not a directory.",
1260 tmpdir);
1261 else if ((tmpinfo.st_uid != User || !(tmpinfo.st_mode & S_IWUSR)) &&
1262 (tmpinfo.st_gid != Group || !(tmpinfo.st_mode & S_IWGRP)) &&
1263 !(tmpinfo.st_mode & S_IWOTH))
1264 cupsdLogMessage(CUPSD_LOG_ERROR,
1265 "TMPDIR (%s) has the wrong permissions.", tmpdir);
1266 else
1267 cupsdSetString(&TempDir, tmpdir);
1268 }
1269 }
1270
1271 if (!TempDir)
1272 {
1273 cupsdLogMessage(CUPSD_LOG_INFO, "Using default TempDir of %s/tmp...",
1274 RequestRoot);
1275 cupsdSetStringf(&TempDir, "%s/tmp", RequestRoot);
1276 }
1277
1278 setenv("TMPDIR", TempDir, 1);
1279
1280 /*
1281 * Make sure the temporary directory has the right permissions...
1282 */
1283
1284 if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)) ||
1285 access(TempDir, 0))
1286 {
1287 /*
1288 * Update ownership and permissions if the CUPS temp directory
1289 * is under the spool directory or does not exist...
1290 */
1291
1292 if (cupsdCheckPermissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0 &&
1293 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1294 return (0);
1295 }
1296
1297 /*
1298 * Update environment variables...
1299 */
1300
1301 cupsdUpdateEnv();
1302
1303 /*
1304 * Validate the default error policy...
1305 */
1306
1307 if (strcmp(ErrorPolicy, "retry-current-job") &&
1308 strcmp(ErrorPolicy, "abort-job") &&
1309 strcmp(ErrorPolicy, "retry-job") &&
1310 strcmp(ErrorPolicy, "stop-printer"))
1311 {
1312 cupsdLogMessage(CUPSD_LOG_ALERT, "Invalid ErrorPolicy \"%s\", resetting to \"stop-printer\".", ErrorPolicy);
1313 cupsdSetString(&ErrorPolicy, "stop-printer");
1314 }
1315
1316 /*
1317 * Update default paper size setting as needed...
1318 */
1319
1320 if (!DefaultPaperSize)
1321 {
1322 #ifdef HAVE_LIBPAPER
1323 char *paper_result; /* Paper size name from libpaper */
1324
1325 if ((paper_result = systempapername()) != NULL)
1326 cupsdSetString(&DefaultPaperSize, paper_result);
1327 else
1328 #endif /* HAVE_LIBPAPER */
1329 if (!DefaultLanguage ||
1330 !_cups_strcasecmp(DefaultLanguage, "C") ||
1331 !_cups_strcasecmp(DefaultLanguage, "POSIX") ||
1332 !_cups_strcasecmp(DefaultLanguage, "en") ||
1333 !_cups_strncasecmp(DefaultLanguage, "en.", 3) ||
1334 !_cups_strncasecmp(DefaultLanguage, "en_US", 5) ||
1335 !_cups_strncasecmp(DefaultLanguage, "en_CA", 5) ||
1336 !_cups_strncasecmp(DefaultLanguage, "fr_CA", 5))
1337 {
1338 /*
1339 * These are the only locales that will default to "letter" size...
1340 */
1341
1342 cupsdSetString(&DefaultPaperSize, "Letter");
1343 }
1344 else
1345 cupsdSetString(&DefaultPaperSize, "A4");
1346 }
1347
1348 /*
1349 * Update classification setting as needed...
1350 */
1351
1352 if (Classification && !_cups_strcasecmp(Classification, "none"))
1353 cupsdClearString(&Classification);
1354
1355 if (Classification)
1356 cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
1357
1358 /*
1359 * Check the MaxClients setting, and then allocate memory for it...
1360 */
1361
1362 if (MaxClients > (MaxFDs / 3) || MaxClients <= 0)
1363 {
1364 if (MaxClients > 0)
1365 cupsdLogMessage(CUPSD_LOG_INFO,
1366 "MaxClients limited to 1/3 (%d) of the file descriptor "
1367 "limit (%d)...",
1368 MaxFDs / 3, MaxFDs);
1369
1370 MaxClients = MaxFDs / 3;
1371 }
1372
1373 cupsdLogMessage(CUPSD_LOG_INFO, "Configured for up to %d clients.",
1374 MaxClients);
1375
1376 /*
1377 * Check the MaxActiveJobs setting; limit to 1/3 the available
1378 * file descriptors, since we need a pipe for each job...
1379 */
1380
1381 if (MaxActiveJobs > (MaxFDs / 3))
1382 MaxActiveJobs = MaxFDs / 3;
1383
1384 /*
1385 * Update the MaxClientsPerHost value, as needed...
1386 */
1387
1388 if (MaxClientsPerHost <= 0)
1389 MaxClientsPerHost = MaxClients;
1390
1391 if (MaxClientsPerHost > MaxClients)
1392 MaxClientsPerHost = MaxClients;
1393
1394 cupsdLogMessage(CUPSD_LOG_INFO,
1395 "Allowing up to %d client connections per host.",
1396 MaxClientsPerHost);
1397
1398 /*
1399 * Update the default policy, as needed...
1400 */
1401
1402 if (DefaultPolicy)
1403 DefaultPolicyPtr = cupsdFindPolicy(DefaultPolicy);
1404 else
1405 DefaultPolicyPtr = NULL;
1406
1407 if (!DefaultPolicyPtr)
1408 {
1409 cupsd_location_t *po; /* New policy operation */
1410
1411
1412 if (DefaultPolicy)
1413 cupsdLogMessage(CUPSD_LOG_ERROR, "Default policy \"%s\" not found.",
1414 DefaultPolicy);
1415
1416 cupsdSetString(&DefaultPolicy, "default");
1417
1418 if ((DefaultPolicyPtr = cupsdFindPolicy("default")) != NULL)
1419 cupsdLogMessage(CUPSD_LOG_INFO,
1420 "Using policy \"default\" as the default.");
1421 else
1422 {
1423 cupsdLogMessage(CUPSD_LOG_INFO,
1424 "Creating CUPS default administrative policy:");
1425
1426 DefaultPolicyPtr = p = cupsdAddPolicy("default");
1427
1428 cupsdLogMessage(CUPSD_LOG_INFO, "<Policy default>");
1429
1430 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateAccess default");
1431 cupsdAddString(&(p->job_access), "@OWNER");
1432 cupsdAddString(&(p->job_access), "@SYSTEM");
1433
1434 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateValues default");
1435 cupsdAddString(&(p->job_attrs), "job-name");
1436 cupsdAddString(&(p->job_attrs), "job-originating-host-name");
1437 cupsdAddString(&(p->job_attrs), "job-originating-user-name");
1438 cupsdAddString(&(p->job_attrs), "phone");
1439
1440 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateAccess default");
1441 cupsdAddString(&(p->sub_access), "@OWNER");
1442 cupsdAddString(&(p->sub_access), "@SYSTEM");
1443
1444 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateValues default");
1445 cupsdAddString(&(p->job_attrs), "notify-events");
1446 cupsdAddString(&(p->job_attrs), "notify-pull-method");
1447 cupsdAddString(&(p->job_attrs), "notify-recipient-uri");
1448 cupsdAddString(&(p->job_attrs), "notify-subscriber-user-name");
1449 cupsdAddString(&(p->job_attrs), "notify-user-data");
1450
1451 cupsdLogMessage(CUPSD_LOG_INFO,
1452 "<Limit Create-Job Print-Job Print-URI Validate-Job>");
1453 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1454
1455 po = cupsdAddPolicyOp(p, NULL, IPP_CREATE_JOB);
1456 po->order_type = CUPSD_AUTH_ALLOW;
1457
1458 cupsdAddPolicyOp(p, po, IPP_PRINT_JOB);
1459 cupsdAddPolicyOp(p, po, IPP_PRINT_URI);
1460 cupsdAddPolicyOp(p, po, IPP_VALIDATE_JOB);
1461
1462 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1463
1464 cupsdLogMessage(CUPSD_LOG_INFO,
1465 "<Limit Send-Document Send-URI Cancel-Job Hold-Job "
1466 "Release-Job Restart-Job Purge-Jobs "
1467 "Set-Job-Attributes Create-Job-Subscription "
1468 "Renew-Subscription Cancel-Subscription "
1469 "Get-Notifications Reprocess-Job Cancel-Current-Job "
1470 "Suspend-Current-Job Resume-Job "
1471 "Cancel-My-Jobs Close-Job CUPS-Move-Job "
1472 "CUPS-Authenticate-Job CUPS-Get-Document>");
1473 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1474
1475 po = cupsdAddPolicyOp(p, NULL, IPP_SEND_DOCUMENT);
1476 po->order_type = CUPSD_AUTH_ALLOW;
1477 po->level = CUPSD_AUTH_USER;
1478
1479 cupsdAddName(po, "@OWNER");
1480 cupsdAddName(po, "@SYSTEM");
1481 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @OWNER @SYSTEM");
1482
1483 cupsdAddPolicyOp(p, po, IPP_SEND_URI);
1484 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOB);
1485 cupsdAddPolicyOp(p, po, IPP_HOLD_JOB);
1486 cupsdAddPolicyOp(p, po, IPP_RELEASE_JOB);
1487 cupsdAddPolicyOp(p, po, IPP_RESTART_JOB);
1488 cupsdAddPolicyOp(p, po, IPP_PURGE_JOBS);
1489 cupsdAddPolicyOp(p, po, IPP_SET_JOB_ATTRIBUTES);
1490 cupsdAddPolicyOp(p, po, IPP_CREATE_JOB_SUBSCRIPTION);
1491 cupsdAddPolicyOp(p, po, IPP_RENEW_SUBSCRIPTION);
1492 cupsdAddPolicyOp(p, po, IPP_CANCEL_SUBSCRIPTION);
1493 cupsdAddPolicyOp(p, po, IPP_GET_NOTIFICATIONS);
1494 cupsdAddPolicyOp(p, po, IPP_REPROCESS_JOB);
1495 cupsdAddPolicyOp(p, po, IPP_CANCEL_CURRENT_JOB);
1496 cupsdAddPolicyOp(p, po, IPP_SUSPEND_CURRENT_JOB);
1497 cupsdAddPolicyOp(p, po, IPP_RESUME_JOB);
1498 cupsdAddPolicyOp(p, po, IPP_CANCEL_MY_JOBS);
1499 cupsdAddPolicyOp(p, po, IPP_CLOSE_JOB);
1500 cupsdAddPolicyOp(p, po, CUPS_MOVE_JOB);
1501 cupsdAddPolicyOp(p, po, CUPS_AUTHENTICATE_JOB);
1502 cupsdAddPolicyOp(p, po, CUPS_GET_DOCUMENT);
1503
1504 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1505
1506 cupsdLogMessage(CUPSD_LOG_INFO,
1507 "<Limit Pause-Printer Resume-Printer "
1508 "Set-Printer-Attributes Enable-Printer "
1509 "Disable-Printer Pause-Printer-After-Current-Job "
1510 "Hold-New-Jobs Release-Held-New-Jobs "
1511 "Deactivate-Printer Activate-Printer Restart-Printer "
1512 "Shutdown-Printer Startup-Printer Promote-Job "
1513 "Schedule-Job-After Cancel-Jobs CUPS-Add-Printer "
1514 "CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class "
1515 "CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>");
1516 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1517 cupsdLogMessage(CUPSD_LOG_INFO, "AuthType Default");
1518
1519 po = cupsdAddPolicyOp(p, NULL, IPP_PAUSE_PRINTER);
1520 po->order_type = CUPSD_AUTH_ALLOW;
1521 po->type = CUPSD_AUTH_DEFAULT;
1522 po->level = CUPSD_AUTH_USER;
1523
1524 cupsdAddName(po, "@SYSTEM");
1525 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @SYSTEM");
1526
1527 cupsdAddPolicyOp(p, po, IPP_RESUME_PRINTER);
1528 cupsdAddPolicyOp(p, po, IPP_SET_PRINTER_ATTRIBUTES);
1529 cupsdAddPolicyOp(p, po, IPP_ENABLE_PRINTER);
1530 cupsdAddPolicyOp(p, po, IPP_DISABLE_PRINTER);
1531 cupsdAddPolicyOp(p, po, IPP_PAUSE_PRINTER_AFTER_CURRENT_JOB);
1532 cupsdAddPolicyOp(p, po, IPP_HOLD_NEW_JOBS);
1533 cupsdAddPolicyOp(p, po, IPP_RELEASE_HELD_NEW_JOBS);
1534 cupsdAddPolicyOp(p, po, IPP_DEACTIVATE_PRINTER);
1535 cupsdAddPolicyOp(p, po, IPP_ACTIVATE_PRINTER);
1536 cupsdAddPolicyOp(p, po, IPP_RESTART_PRINTER);
1537 cupsdAddPolicyOp(p, po, IPP_SHUTDOWN_PRINTER);
1538 cupsdAddPolicyOp(p, po, IPP_STARTUP_PRINTER);
1539 cupsdAddPolicyOp(p, po, IPP_PROMOTE_JOB);
1540 cupsdAddPolicyOp(p, po, IPP_SCHEDULE_JOB_AFTER);
1541 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOBS);
1542 cupsdAddPolicyOp(p, po, CUPS_ADD_PRINTER);
1543 cupsdAddPolicyOp(p, po, CUPS_DELETE_PRINTER);
1544 cupsdAddPolicyOp(p, po, CUPS_ADD_CLASS);
1545 cupsdAddPolicyOp(p, po, CUPS_DELETE_CLASS);
1546 cupsdAddPolicyOp(p, po, CUPS_ACCEPT_JOBS);
1547 cupsdAddPolicyOp(p, po, CUPS_REJECT_JOBS);
1548 cupsdAddPolicyOp(p, po, CUPS_SET_DEFAULT);
1549
1550 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1551
1552 cupsdLogMessage(CUPSD_LOG_INFO, "<Limit All>");
1553 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1554
1555 po = cupsdAddPolicyOp(p, NULL, IPP_ANY_OPERATION);
1556 po->order_type = CUPSD_AUTH_ALLOW;
1557
1558 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1559 cupsdLogMessage(CUPSD_LOG_INFO, "</Policy>");
1560 }
1561 }
1562
1563 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: NumPolicies=%d",
1564 cupsArrayCount(Policies));
1565 for (i = 0, p = (cupsd_policy_t *)cupsArrayFirst(Policies);
1566 p;
1567 i ++, p = (cupsd_policy_t *)cupsArrayNext(Policies))
1568 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1569 "cupsdReadConfiguration: Policies[%d]=\"%s\"", i, p->name);
1570
1571 /*
1572 * If we are doing a full reload or the server root has changed, flush
1573 * the jobs, printers, etc. and start from scratch...
1574 */
1575
1576 if (NeedReload == RELOAD_ALL ||
1577 old_remote_port != RemotePort ||
1578 !old_serverroot || !ServerRoot || strcmp(old_serverroot, ServerRoot) ||
1579 !old_requestroot || !RequestRoot || strcmp(old_requestroot, RequestRoot))
1580 {
1581 mime_type_t *type; /* Current type */
1582 char mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE];
1583 /* MIME type name */
1584
1585
1586 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload is required.");
1587
1588 /*
1589 * Free all memory...
1590 */
1591
1592 cupsdDeleteAllSubscriptions();
1593 cupsdFreeAllJobs();
1594 cupsdDeleteAllPrinters();
1595
1596 DefaultPrinter = NULL;
1597
1598 if (MimeDatabase != NULL)
1599 mimeDelete(MimeDatabase);
1600
1601 if (NumMimeTypes)
1602 {
1603 for (i = 0; i < NumMimeTypes; i ++)
1604 _cupsStrFree(MimeTypes[i]);
1605
1606 free(MimeTypes);
1607 }
1608
1609 /*
1610 * Read the MIME type and conversion database...
1611 */
1612
1613 snprintf(temp, sizeof(temp), "%s/filter", ServerBin);
1614 snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir);
1615
1616 MimeDatabase = mimeNew();
1617 mimeSetErrorCallback(MimeDatabase, mime_error_cb, NULL);
1618
1619 MimeDatabase = mimeLoadTypes(MimeDatabase, mimedir);
1620 MimeDatabase = mimeLoadTypes(MimeDatabase, ServerRoot);
1621 MimeDatabase = mimeLoadFilters(MimeDatabase, mimedir, temp);
1622 MimeDatabase = mimeLoadFilters(MimeDatabase, ServerRoot, temp);
1623
1624 if (!MimeDatabase)
1625 {
1626 cupsdLogMessage(CUPSD_LOG_EMERG,
1627 "Unable to load MIME database from \"%s\" or \"%s\".",
1628 mimedir, ServerRoot);
1629 if (FatalErrors & CUPSD_FATAL_CONFIG)
1630 return (0);
1631 }
1632
1633 cupsdLogMessage(CUPSD_LOG_INFO,
1634 "Loaded MIME database from \"%s\" and \"%s\": %d types, "
1635 "%d filters...", mimedir, ServerRoot,
1636 mimeNumTypes(MimeDatabase), mimeNumFilters(MimeDatabase));
1637
1638 /*
1639 * Create a list of MIME types for the document-format-supported
1640 * attribute...
1641 */
1642
1643 NumMimeTypes = mimeNumTypes(MimeDatabase);
1644 if (!mimeType(MimeDatabase, "application", "octet-stream"))
1645 NumMimeTypes ++;
1646
1647 if ((MimeTypes = calloc((size_t)NumMimeTypes, sizeof(const char *))) == NULL)
1648 {
1649 cupsdLogMessage(CUPSD_LOG_ERROR,
1650 "Unable to allocate memory for %d MIME types.",
1651 NumMimeTypes);
1652 NumMimeTypes = 0;
1653 }
1654 else
1655 {
1656 for (i = 0, type = mimeFirstType(MimeDatabase);
1657 type;
1658 i ++, type = mimeNextType(MimeDatabase))
1659 {
1660 snprintf(mimetype, sizeof(mimetype), "%s/%s", type->super, type->type);
1661
1662 MimeTypes[i] = _cupsStrAlloc(mimetype);
1663 }
1664
1665 if (i < NumMimeTypes)
1666 MimeTypes[i] = _cupsStrAlloc("application/octet-stream");
1667 }
1668
1669 if (LogLevel == CUPSD_LOG_DEBUG2)
1670 {
1671 mime_filter_t *filter; /* Current filter */
1672
1673
1674 for (type = mimeFirstType(MimeDatabase);
1675 type;
1676 type = mimeNextType(MimeDatabase))
1677 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: type %s/%s",
1678 type->super, type->type);
1679
1680 for (filter = mimeFirstFilter(MimeDatabase);
1681 filter;
1682 filter = mimeNextFilter(MimeDatabase))
1683 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1684 "cupsdReadConfiguration: filter %s/%s to %s/%s %d %s",
1685 filter->src->super, filter->src->type,
1686 filter->dst->super, filter->dst->type,
1687 filter->cost, filter->filter);
1688 }
1689
1690 /*
1691 * Load banners...
1692 */
1693
1694 snprintf(temp, sizeof(temp), "%s/banners", DataDir);
1695 cupsdLoadBanners(temp);
1696
1697 /*
1698 * Load printers and classes...
1699 */
1700
1701 cupsdLoadAllPrinters();
1702 cupsdLoadAllClasses();
1703
1704 cupsdCreateCommonData();
1705
1706 /*
1707 * Update the printcap file as needed...
1708 */
1709
1710 if (Printcap && *Printcap && access(Printcap, 0))
1711 cupsdWritePrintcap();
1712
1713 /*
1714 * Load queued jobs...
1715 */
1716
1717 cupsdLoadAllJobs();
1718
1719 /*
1720 * Load subscriptions...
1721 */
1722
1723 cupsdLoadAllSubscriptions();
1724
1725 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload complete.");
1726 }
1727 else
1728 {
1729 /*
1730 * Not a full reload, so recreate the common printer attributes...
1731 */
1732
1733 cupsdCreateCommonData();
1734
1735 /*
1736 * Update all jobs as needed...
1737 */
1738
1739 cupsdUpdateJobs();
1740
1741 /*
1742 * Update all printers as needed...
1743 */
1744
1745 cupsdUpdatePrinters();
1746 cupsdMarkDirty(CUPSD_DIRTY_PRINTCAP);
1747
1748 cupsdLogMessage(CUPSD_LOG_INFO, "Partial reload complete.");
1749 }
1750
1751 /*
1752 * Reset the reload state...
1753 */
1754
1755 NeedReload = RELOAD_NONE;
1756
1757 cupsdClearString(&old_serverroot);
1758 cupsdClearString(&old_requestroot);
1759
1760 return (1);
1761 }
1762
1763
1764 /*
1765 * 'get_address()' - Get an address + port number from a line.
1766 */
1767
1768 static http_addrlist_t * /* O - Pointer to list if address good, NULL if bad */
1769 get_address(const char *value, /* I - Value string */
1770 int defport) /* I - Default port */
1771 {
1772 char buffer[1024], /* Hostname + port number buffer */
1773 defpname[255], /* Default port name */
1774 *hostname, /* Hostname or IP */
1775 *portname; /* Port number or name */
1776 http_addrlist_t *addrlist; /* Address list */
1777
1778
1779 /*
1780 * Check for an empty value...
1781 */
1782
1783 if (!*value)
1784 {
1785 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad (empty) address.");
1786 return (NULL);
1787 }
1788
1789 /*
1790 * Grab a hostname and port number; if there is no colon and the port name
1791 * is only digits, then we have a port number by itself...
1792 */
1793
1794 strlcpy(buffer, value, sizeof(buffer));
1795
1796 if ((portname = strrchr(buffer, ':')) != NULL && !strchr(portname, ']'))
1797 {
1798 *portname++ = '\0';
1799 hostname = buffer;
1800 }
1801 else
1802 {
1803 for (portname = buffer; isdigit(*portname & 255); portname ++);
1804
1805 if (*portname)
1806 {
1807 /*
1808 * Use the default port...
1809 */
1810
1811 sprintf(defpname, "%d", defport);
1812 portname = defpname;
1813 hostname = buffer;
1814 }
1815 else
1816 {
1817 /*
1818 * The buffer contains just a port number...
1819 */
1820
1821 portname = buffer;
1822 hostname = NULL;
1823 }
1824 }
1825
1826 if (hostname && !strcmp(hostname, "*"))
1827 hostname = NULL;
1828
1829 /*
1830 * Now lookup the address using httpAddrGetList()...
1831 */
1832
1833 if ((addrlist = httpAddrGetList(hostname, AF_UNSPEC, portname)) == NULL)
1834 cupsdLogMessage(CUPSD_LOG_ERROR, "Hostname lookup for \"%s\" failed.",
1835 hostname ? hostname : "(nil)");
1836
1837 return (addrlist);
1838 }
1839
1840
1841 /*
1842 * 'get_addr_and_mask()' - Get an IP address and netmask.
1843 */
1844
1845 static int /* O - 1 on success, 0 on failure */
1846 get_addr_and_mask(const char *value, /* I - String from config file */
1847 unsigned *ip, /* O - Address value */
1848 unsigned *mask) /* O - Mask value */
1849 {
1850 int i, j, /* Looping vars */
1851 family, /* Address family */
1852 ipcount; /* Count of fields in address */
1853 unsigned ipval; /* Value */
1854 const char *maskval, /* Pointer to start of mask value */
1855 *ptr, /* Pointer into value */
1856 *ptr2; /* ... */
1857
1858
1859 /*
1860 * Get the address...
1861 */
1862
1863 ip[0] = ip[1] = ip[2] = ip[3] = 0x00000000;
1864 mask[0] = mask[1] = mask[2] = mask[3] = 0xffffffff;
1865
1866 if ((maskval = strchr(value, '/')) != NULL)
1867 maskval ++;
1868 else
1869 maskval = value + strlen(value);
1870
1871 #ifdef AF_INET6
1872 /*
1873 * Check for an IPv6 address...
1874 */
1875
1876 if (*value == '[')
1877 {
1878 /*
1879 * Parse hexadecimal IPv6/IPv4 address...
1880 */
1881
1882 family = AF_INET6;
1883
1884 for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
1885 {
1886 if (*ptr == ']')
1887 break;
1888 else if (!strncmp(ptr, "::", 2))
1889 {
1890 for (ptr2 = strchr(ptr + 2, ':'), j = 0;
1891 ptr2;
1892 ptr2 = strchr(ptr2 + 1, ':'), j ++);
1893
1894 i = 6 - j;
1895 ptr += 2;
1896 }
1897 else if (isdigit(*ptr & 255) && strchr(ptr + 1, '.') && i >= 6)
1898 {
1899 /*
1900 * Read IPv4 dotted quad...
1901 */
1902
1903 unsigned val[4] = { 0, 0, 0, 0 };
1904 /* IPv4 address values */
1905
1906 ipcount = sscanf(ptr, "%u.%u.%u.%u", val + 0, val + 1, val + 2,
1907 val + 3);
1908
1909 /*
1910 * Range check the IP numbers...
1911 */
1912
1913 for (i = 0; i < ipcount; i ++)
1914 if (val[i] > 255)
1915 return (0);
1916
1917 /*
1918 * Merge everything into a 32-bit IPv4 address in ip[3]...
1919 */
1920
1921 ip[3] = ((((((unsigned)val[0] << 8) | (unsigned)val[1]) << 8) |
1922 (unsigned)val[2]) << 8) | (unsigned)val[3];
1923
1924 if (ipcount < 4)
1925 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1926
1927 /*
1928 * If the leading words are all 0's then this is an IPv4 address...
1929 */
1930
1931 if (!val[0] && !val[1] && !val[2])
1932 family = AF_INET;
1933
1934 while (isdigit(*ptr & 255) || *ptr == '.')
1935 ptr ++;
1936 break;
1937 }
1938 else if (isxdigit(*ptr & 255))
1939 {
1940 ipval = strtoul(ptr, (char **)&ptr, 16);
1941
1942 if (*ptr == ':' && ptr[1] != ':')
1943 ptr ++;
1944
1945 if (ipval > 0xffff)
1946 return (0);
1947
1948 if (i & 1)
1949 ip[i / 2] |= ipval;
1950 else
1951 ip[i / 2] |= ipval << 16;
1952 }
1953 else
1954 return (0);
1955 }
1956
1957 if (*ptr != ']')
1958 return (0);
1959
1960 ptr ++;
1961
1962 if (*ptr && *ptr != '/')
1963 return (0);
1964 }
1965 else
1966 #endif /* AF_INET6 */
1967 {
1968 /*
1969 * Parse dotted-decimal IPv4 address...
1970 */
1971
1972 unsigned val[4] = { 0, 0, 0, 0 }; /* IPv4 address values */
1973
1974
1975 family = AF_INET;
1976 ipcount = sscanf(value, "%u.%u.%u.%u", val + 0, val + 1, val + 2, val + 3);
1977
1978 /*
1979 * Range check the IP numbers...
1980 */
1981
1982 for (i = 0; i < ipcount; i ++)
1983 if (val[i] > 255)
1984 return (0);
1985
1986 /*
1987 * Merge everything into a 32-bit IPv4 address in ip[3]...
1988 */
1989
1990 ip[3] = ((((((unsigned)val[0] << 8) | (unsigned)val[1]) << 8) |
1991 (unsigned)val[2]) << 8) | (unsigned)val[3];
1992
1993 if (ipcount < 4)
1994 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1995 }
1996
1997 if (*maskval)
1998 {
1999 /*
2000 * Get the netmask value(s)...
2001 */
2002
2003 memset(mask, 0, sizeof(unsigned) * 4);
2004
2005 if (strchr(maskval, '.'))
2006 {
2007 /*
2008 * Get dotted-decimal mask...
2009 */
2010
2011 if (family != AF_INET)
2012 return (0);
2013
2014 if (sscanf(maskval, "%u.%u.%u.%u", mask + 0, mask + 1, mask + 2,
2015 mask + 3) != 4)
2016 return (0);
2017
2018 mask[3] |= (((((unsigned)mask[0] << 8) | (unsigned)mask[1]) << 8) |
2019 (unsigned)mask[2]) << 8;
2020 mask[0] = mask[1] = mask[2] = 0;
2021 }
2022 else
2023 {
2024 /*
2025 * Get address/bits format...
2026 */
2027
2028 i = atoi(maskval);
2029
2030 #ifdef AF_INET6
2031 if (family == AF_INET6)
2032 {
2033 if (i > 128)
2034 return (0);
2035
2036 i = 128 - i;
2037
2038 if (i <= 96)
2039 mask[0] = 0xffffffff;
2040 else
2041 mask[0] = (0xffffffff << (i - 96)) & 0xffffffff;
2042
2043 if (i <= 64)
2044 mask[1] = 0xffffffff;
2045 else if (i >= 96)
2046 mask[1] = 0;
2047 else
2048 mask[1] = (0xffffffff << (i - 64)) & 0xffffffff;
2049
2050 if (i <= 32)
2051 mask[2] = 0xffffffff;
2052 else if (i >= 64)
2053 mask[2] = 0;
2054 else
2055 mask[2] = (0xffffffff << (i - 32)) & 0xffffffff;
2056
2057 if (i == 0)
2058 mask[3] = 0xffffffff;
2059 else if (i >= 32)
2060 mask[3] = 0;
2061 else
2062 mask[3] = (0xffffffff << i) & 0xffffffff;
2063 }
2064 else
2065 #endif /* AF_INET6 */
2066 {
2067 if (i > 32)
2068 return (0);
2069
2070 mask[0] = 0xffffffff;
2071 mask[1] = 0xffffffff;
2072 mask[2] = 0xffffffff;
2073
2074 if (i < 32)
2075 mask[3] = (0xffffffff << (32 - i)) & 0xffffffff;
2076 else
2077 mask[3] = 0xffffffff;
2078 }
2079 }
2080 }
2081
2082 cupsdLogMessage(CUPSD_LOG_DEBUG2,
2083 "get_addr_and_mask(value=\"%s\", "
2084 "ip=[%08x:%08x:%08x:%08x], mask=[%08x:%08x:%08x:%08x])",
2085 value, ip[0], ip[1], ip[2], ip[3], mask[0], mask[1], mask[2],
2086 mask[3]);
2087
2088 /*
2089 * Check for a valid netmask; no fallback like in CUPS 1.1.x!
2090 */
2091
2092 if ((ip[0] & ~mask[0]) != 0 ||
2093 (ip[1] & ~mask[1]) != 0 ||
2094 (ip[2] & ~mask[2]) != 0 ||
2095 (ip[3] & ~mask[3]) != 0)
2096 return (0);
2097
2098 return (1);
2099 }
2100
2101
2102 /*
2103 * 'mime_error_cb()' - Log a MIME error.
2104 */
2105
2106 static void
2107 mime_error_cb(void *ctx, /* I - Context pointer (unused) */
2108 const char *message) /* I - Message */
2109 {
2110 (void)ctx;
2111
2112 cupsdLogMessage(CUPSD_LOG_ERROR, "%s", message);
2113 }
2114
2115
2116 /*
2117 * 'parse_aaa()' - Parse authentication, authorization, and access control lines.
2118 */
2119
2120 static int /* O - 1 on success, 0 on failure */
2121 parse_aaa(cupsd_location_t *loc, /* I - Location */
2122 char *line, /* I - Line from file */
2123 char *value, /* I - Start of value data */
2124 int linenum) /* I - Current line number */
2125 {
2126 char *valptr; /* Pointer into value */
2127 unsigned ip[4], /* IP address components */
2128 mask[4]; /* IP netmask components */
2129
2130
2131 if (!_cups_strcasecmp(line, "Encryption"))
2132 {
2133 /*
2134 * "Encryption xxx" - set required encryption level...
2135 */
2136
2137 if (!_cups_strcasecmp(value, "never"))
2138 loc->encryption = HTTP_ENCRYPT_NEVER;
2139 else if (!_cups_strcasecmp(value, "always"))
2140 {
2141 cupsdLogMessage(CUPSD_LOG_ERROR,
2142 "Encryption value \"%s\" on line %d of %s is invalid in this "
2143 "context. Using \"required\" instead.", value, linenum, ConfigurationFile);
2144
2145 loc->encryption = HTTP_ENCRYPT_REQUIRED;
2146 }
2147 else if (!_cups_strcasecmp(value, "required"))
2148 loc->encryption = HTTP_ENCRYPT_REQUIRED;
2149 else if (!_cups_strcasecmp(value, "ifrequested"))
2150 loc->encryption = HTTP_ENCRYPT_IF_REQUESTED;
2151 else
2152 {
2153 cupsdLogMessage(CUPSD_LOG_ERROR,
2154 "Unknown Encryption value %s on line %d of %s.", value, linenum, ConfigurationFile);
2155 return (0);
2156 }
2157 }
2158 else if (!_cups_strcasecmp(line, "Order"))
2159 {
2160 /*
2161 * "Order Deny,Allow" or "Order Allow,Deny"...
2162 */
2163
2164 if (!_cups_strncasecmp(value, "deny", 4))
2165 loc->order_type = CUPSD_AUTH_ALLOW;
2166 else if (!_cups_strncasecmp(value, "allow", 5))
2167 loc->order_type = CUPSD_AUTH_DENY;
2168 else
2169 {
2170 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown Order value %s on line %d of %s.",
2171 value, linenum, ConfigurationFile);
2172 return (0);
2173 }
2174 }
2175 else if (!_cups_strcasecmp(line, "Allow") || !_cups_strcasecmp(line, "Deny"))
2176 {
2177 /*
2178 * Allow [From] host/ip...
2179 * Deny [From] host/ip...
2180 */
2181
2182 while (*value)
2183 {
2184 if (!_cups_strncasecmp(value, "from", 4))
2185 {
2186 /*
2187 * Strip leading "from"...
2188 */
2189
2190 value += 4;
2191
2192 while (_cups_isspace(*value))
2193 value ++;
2194
2195 if (!*value)
2196 break;
2197 }
2198
2199 /*
2200 * Find the end of the value...
2201 */
2202
2203 for (valptr = value; *valptr && !_cups_isspace(*valptr); valptr ++);
2204
2205 while (_cups_isspace(*valptr))
2206 *valptr++ = '\0';
2207
2208 /*
2209 * Figure out what form the allow/deny address takes:
2210 *
2211 * All
2212 * None
2213 * *.domain.com
2214 * .domain.com
2215 * host.domain.com
2216 * nnn.*
2217 * nnn.nnn.*
2218 * nnn.nnn.nnn.*
2219 * nnn.nnn.nnn.nnn
2220 * nnn.nnn.nnn.nnn/mm
2221 * nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
2222 */
2223
2224 if (!_cups_strcasecmp(value, "all"))
2225 {
2226 /*
2227 * All hosts...
2228 */
2229
2230 if (!_cups_strcasecmp(line, "Allow"))
2231 cupsdAddIPMask(&(loc->allow), zeros, zeros);
2232 else
2233 cupsdAddIPMask(&(loc->deny), zeros, zeros);
2234 }
2235 else if (!_cups_strcasecmp(value, "none"))
2236 {
2237 /*
2238 * No hosts...
2239 */
2240
2241 if (!_cups_strcasecmp(line, "Allow"))
2242 cupsdAddIPMask(&(loc->allow), ones, zeros);
2243 else
2244 cupsdAddIPMask(&(loc->deny), ones, zeros);
2245 }
2246 #ifdef AF_INET6
2247 else if (value[0] == '*' || value[0] == '.' ||
2248 (!isdigit(value[0] & 255) && value[0] != '['))
2249 #else
2250 else if (value[0] == '*' || value[0] == '.' || !isdigit(value[0] & 255))
2251 #endif /* AF_INET6 */
2252 {
2253 /*
2254 * Host or domain name...
2255 */
2256
2257 if (value[0] == '*')
2258 value ++;
2259
2260 if (!_cups_strcasecmp(line, "Allow"))
2261 cupsdAddNameMask(&(loc->allow), value);
2262 else
2263 cupsdAddNameMask(&(loc->deny), value);
2264 }
2265 else
2266 {
2267 /*
2268 * One of many IP address forms...
2269 */
2270
2271 if (!get_addr_and_mask(value, ip, mask))
2272 {
2273 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d of %s.",
2274 value, linenum, ConfigurationFile);
2275 return (0);
2276 }
2277
2278 if (!_cups_strcasecmp(line, "Allow"))
2279 cupsdAddIPMask(&(loc->allow), ip, mask);
2280 else
2281 cupsdAddIPMask(&(loc->deny), ip, mask);
2282 }
2283
2284 /*
2285 * Advance to next value...
2286 */
2287
2288 value = valptr;
2289 }
2290 }
2291 else if (!_cups_strcasecmp(line, "AuthType"))
2292 {
2293 /*
2294 * AuthType {none,basic,digest,basicdigest,negotiate,default}
2295 */
2296
2297 if (!_cups_strcasecmp(value, "none"))
2298 {
2299 loc->type = CUPSD_AUTH_NONE;
2300 loc->level = CUPSD_AUTH_ANON;
2301 }
2302 else if (!_cups_strcasecmp(value, "basic"))
2303 {
2304 loc->type = CUPSD_AUTH_BASIC;
2305
2306 if (loc->level == CUPSD_AUTH_ANON)
2307 loc->level = CUPSD_AUTH_USER;
2308 }
2309 else if (!_cups_strcasecmp(value, "default"))
2310 {
2311 loc->type = CUPSD_AUTH_DEFAULT;
2312
2313 if (loc->level == CUPSD_AUTH_ANON)
2314 loc->level = CUPSD_AUTH_USER;
2315 }
2316 #ifdef HAVE_GSSAPI
2317 else if (!_cups_strcasecmp(value, "negotiate"))
2318 {
2319 loc->type = CUPSD_AUTH_NEGOTIATE;
2320
2321 if (loc->level == CUPSD_AUTH_ANON)
2322 loc->level = CUPSD_AUTH_USER;
2323 }
2324 #endif /* HAVE_GSSAPI */
2325 else
2326 {
2327 cupsdLogMessage(CUPSD_LOG_WARN,
2328 "Unknown authorization type %s on line %d of %s.",
2329 value, linenum, ConfigurationFile);
2330 return (0);
2331 }
2332 }
2333 else if (!_cups_strcasecmp(line, "AuthClass"))
2334 {
2335 /*
2336 * AuthClass anonymous, user, system, group
2337 */
2338
2339 if (!_cups_strcasecmp(value, "anonymous"))
2340 {
2341 loc->type = CUPSD_AUTH_NONE;
2342 loc->level = CUPSD_AUTH_ANON;
2343
2344 cupsdLogMessage(CUPSD_LOG_WARN,
2345 "\"AuthClass %s\" is deprecated; consider removing "
2346 "it from line %d.",
2347 value, linenum);
2348 }
2349 else if (!_cups_strcasecmp(value, "user"))
2350 {
2351 loc->level = CUPSD_AUTH_USER;
2352
2353 cupsdLogMessage(CUPSD_LOG_WARN,
2354 "\"AuthClass %s\" is deprecated; consider using "
2355 "\"Require valid-user\" on line %d of %s.",
2356 value, linenum, ConfigurationFile);
2357 }
2358 else if (!_cups_strcasecmp(value, "group"))
2359 {
2360 loc->level = CUPSD_AUTH_GROUP;
2361
2362 cupsdLogMessage(CUPSD_LOG_WARN,
2363 "\"AuthClass %s\" is deprecated; consider using "
2364 "\"Require user @groupname\" on line %d of %s.",
2365 value, linenum, ConfigurationFile);
2366 }
2367 else if (!_cups_strcasecmp(value, "system"))
2368 {
2369 loc->level = CUPSD_AUTH_GROUP;
2370
2371 cupsdAddName(loc, "@SYSTEM");
2372
2373 cupsdLogMessage(CUPSD_LOG_WARN,
2374 "\"AuthClass %s\" is deprecated; consider using "
2375 "\"Require user @SYSTEM\" on line %d of %s.",
2376 value, linenum, ConfigurationFile);
2377 }
2378 else
2379 {
2380 cupsdLogMessage(CUPSD_LOG_WARN,
2381 "Unknown authorization class %s on line %d of %s.",
2382 value, linenum, ConfigurationFile);
2383 return (0);
2384 }
2385 }
2386 else if (!_cups_strcasecmp(line, "AuthGroupName"))
2387 {
2388 cupsdAddName(loc, value);
2389
2390 cupsdLogMessage(CUPSD_LOG_WARN,
2391 "\"AuthGroupName %s\" directive is deprecated; consider "
2392 "using \"Require user @%s\" on line %d of %s.",
2393 value, value, linenum, ConfigurationFile);
2394 }
2395 else if (!_cups_strcasecmp(line, "Require"))
2396 {
2397 /*
2398 * Apache synonym for AuthClass and AuthGroupName...
2399 *
2400 * Get initial word:
2401 *
2402 * Require valid-user
2403 * Require group names
2404 * Require user names
2405 */
2406
2407 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
2408
2409 if (*valptr)
2410 *valptr++ = '\0';
2411
2412 if (!_cups_strcasecmp(value, "valid-user") ||
2413 !_cups_strcasecmp(value, "user"))
2414 loc->level = CUPSD_AUTH_USER;
2415 else if (!_cups_strcasecmp(value, "group"))
2416 loc->level = CUPSD_AUTH_GROUP;
2417 else
2418 {
2419 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Require type %s on line %d of %s.",
2420 value, linenum, ConfigurationFile);
2421 return (0);
2422 }
2423
2424 /*
2425 * Get the list of names from the line...
2426 */
2427
2428 for (value = valptr; *value;)
2429 {
2430 while (_cups_isspace(*value))
2431 value ++;
2432
2433 #ifdef HAVE_AUTHORIZATION_H
2434 if (!strncmp(value, "@AUTHKEY(", 9))
2435 {
2436 /*
2437 * Grab "@AUTHKEY(name)" value...
2438 */
2439
2440 for (valptr = value + 9; *valptr != ')' && *valptr; valptr ++);
2441
2442 if (*valptr)
2443 *valptr++ = '\0';
2444 }
2445 else
2446 #endif /* HAVE_AUTHORIZATION_H */
2447 if (*value == '\"' || *value == '\'')
2448 {
2449 /*
2450 * Grab quoted name...
2451 */
2452
2453 for (valptr = value + 1; *valptr != *value && *valptr; valptr ++);
2454
2455 value ++;
2456 }
2457 else
2458 {
2459 /*
2460 * Grab literal name.
2461 */
2462
2463 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
2464 }
2465
2466 if (*valptr)
2467 *valptr++ = '\0';
2468
2469 cupsdAddName(loc, value);
2470
2471 for (value = valptr; _cups_isspace(*value); value ++);
2472 }
2473 }
2474 else if (!_cups_strcasecmp(line, "Satisfy"))
2475 {
2476 if (!_cups_strcasecmp(value, "all"))
2477 loc->satisfy = CUPSD_AUTH_SATISFY_ALL;
2478 else if (!_cups_strcasecmp(value, "any"))
2479 loc->satisfy = CUPSD_AUTH_SATISFY_ANY;
2480 else
2481 {
2482 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Satisfy value %s on line %d of %s.",
2483 value, linenum, ConfigurationFile);
2484 return (0);
2485 }
2486 }
2487 else
2488 return (0);
2489
2490 return (1);
2491 }
2492
2493
2494 /*
2495 * 'parse_fatal_errors()' - Parse FatalErrors values in a string.
2496 */
2497
2498 static int /* O - FatalErrors bits */
2499 parse_fatal_errors(const char *s) /* I - FatalErrors string */
2500 {
2501 int fatal; /* FatalErrors bits */
2502 char value[1024], /* Value string */
2503 *valstart, /* Pointer into value */
2504 *valend; /* End of value */
2505
2506
2507 /*
2508 * Empty FatalErrors line yields NULL pointer...
2509 */
2510
2511 if (!s)
2512 return (CUPSD_FATAL_NONE);
2513
2514 /*
2515 * Loop through the value string,...
2516 */
2517
2518 strlcpy(value, s, sizeof(value));
2519
2520 fatal = CUPSD_FATAL_NONE;
2521
2522 for (valstart = value; *valstart;)
2523 {
2524 /*
2525 * Get the current space/comma-delimited kind name...
2526 */
2527
2528 for (valend = valstart; *valend; valend ++)
2529 if (_cups_isspace(*valend) || *valend == ',')
2530 break;
2531
2532 if (*valend)
2533 *valend++ = '\0';
2534
2535 /*
2536 * Add the error to the bitmask...
2537 */
2538
2539 if (!_cups_strcasecmp(valstart, "all"))
2540 fatal = CUPSD_FATAL_ALL;
2541 else if (!_cups_strcasecmp(valstart, "browse"))
2542 fatal |= CUPSD_FATAL_BROWSE;
2543 else if (!_cups_strcasecmp(valstart, "-browse"))
2544 fatal &= ~CUPSD_FATAL_BROWSE;
2545 else if (!_cups_strcasecmp(valstart, "config"))
2546 fatal |= CUPSD_FATAL_CONFIG;
2547 else if (!_cups_strcasecmp(valstart, "-config"))
2548 fatal &= ~CUPSD_FATAL_CONFIG;
2549 else if (!_cups_strcasecmp(valstart, "listen"))
2550 fatal |= CUPSD_FATAL_LISTEN;
2551 else if (!_cups_strcasecmp(valstart, "-listen"))
2552 fatal &= ~CUPSD_FATAL_LISTEN;
2553 else if (!_cups_strcasecmp(valstart, "log"))
2554 fatal |= CUPSD_FATAL_LOG;
2555 else if (!_cups_strcasecmp(valstart, "-log"))
2556 fatal &= ~CUPSD_FATAL_LOG;
2557 else if (!_cups_strcasecmp(valstart, "permissions"))
2558 fatal |= CUPSD_FATAL_PERMISSIONS;
2559 else if (!_cups_strcasecmp(valstart, "-permissions"))
2560 fatal &= ~CUPSD_FATAL_PERMISSIONS;
2561 else if (_cups_strcasecmp(valstart, "none"))
2562 cupsdLogMessage(CUPSD_LOG_ERROR,
2563 "Unknown FatalErrors kind \"%s\" ignored.", valstart);
2564
2565 for (valstart = valend; *valstart; valstart ++)
2566 if (!_cups_isspace(*valstart) || *valstart != ',')
2567 break;
2568 }
2569
2570 return (fatal);
2571 }
2572
2573
2574 /*
2575 * 'parse_groups()' - Parse system group names in a string.
2576 */
2577
2578 static int /* O - 1 on success, 0 on failure */
2579 parse_groups(const char *s) /* I - Space-delimited groups */
2580 {
2581 int status; /* Return status */
2582 char value[1024], /* Value string */
2583 *valstart, /* Pointer into value */
2584 *valend, /* End of value */
2585 quote; /* Quote character */
2586 struct group *group; /* Group */
2587
2588
2589 /*
2590 * Make a copy of the string and parse out the groups...
2591 */
2592
2593 strlcpy(value, s, sizeof(value));
2594
2595 status = 1;
2596 valstart = value;
2597
2598 while (*valstart && NumSystemGroups < MAX_SYSTEM_GROUPS)
2599 {
2600 if (*valstart == '\'' || *valstart == '\"')
2601 {
2602 /*
2603 * Scan quoted name...
2604 */
2605
2606 quote = *valstart++;
2607
2608 for (valend = valstart; *valend; valend ++)
2609 if (*valend == quote)
2610 break;
2611 }
2612 else
2613 {
2614 /*
2615 * Scan space or comma-delimited name...
2616 */
2617
2618 for (valend = valstart; *valend; valend ++)
2619 if (_cups_isspace(*valend) || *valend == ',')
2620 break;
2621 }
2622
2623 if (*valend)
2624 *valend++ = '\0';
2625
2626 group = getgrnam(valstart);
2627 if (group)
2628 {
2629 cupsdSetString(SystemGroups + NumSystemGroups, valstart);
2630 SystemGroupIDs[NumSystemGroups] = group->gr_gid;
2631
2632 NumSystemGroups ++;
2633 }
2634 else
2635 status = 0;
2636
2637 endgrent();
2638
2639 valstart = valend;
2640
2641 while (*valstart == ',' || _cups_isspace(*valstart))
2642 valstart ++;
2643 }
2644
2645 return (status);
2646 }
2647
2648
2649 /*
2650 * 'parse_protocols()' - Parse browse protocols in a string.
2651 */
2652
2653 static int /* O - Browse protocol bits */
2654 parse_protocols(const char *s) /* I - Space-delimited protocols */
2655 {
2656 int protocols; /* Browse protocol bits */
2657 char value[1024], /* Value string */
2658 *valstart, /* Pointer into value */
2659 *valend; /* End of value */
2660
2661
2662 /*
2663 * Empty protocol line yields NULL pointer...
2664 */
2665
2666 if (!s)
2667 return (0);
2668
2669 /*
2670 * Loop through the value string,...
2671 */
2672
2673 strlcpy(value, s, sizeof(value));
2674
2675 protocols = 0;
2676
2677 for (valstart = value; *valstart;)
2678 {
2679 /*
2680 * Get the current space/comma-delimited protocol name...
2681 */
2682
2683 for (valend = valstart; *valend; valend ++)
2684 if (_cups_isspace(*valend) || *valend == ',')
2685 break;
2686
2687 if (*valend)
2688 *valend++ = '\0';
2689
2690 /*
2691 * Add the protocol to the bitmask...
2692 */
2693
2694 if (!_cups_strcasecmp(valstart, "dnssd") ||
2695 !_cups_strcasecmp(valstart, "dns-sd") ||
2696 !_cups_strcasecmp(valstart, "bonjour"))
2697 protocols |= BROWSE_DNSSD;
2698 else if (!_cups_strcasecmp(valstart, "all"))
2699 protocols |= BROWSE_ALL;
2700 else if (_cups_strcasecmp(valstart, "none"))
2701 cupsdLogMessage(CUPSD_LOG_ERROR,
2702 "Unknown browse protocol \"%s\" ignored.", valstart);
2703
2704 for (valstart = valend; *valstart; valstart ++)
2705 if (!_cups_isspace(*valstart) || *valstart != ',')
2706 break;
2707 }
2708
2709 return (protocols);
2710 }
2711
2712
2713 /*
2714 * 'parse_variable()' - Parse a variable line.
2715 */
2716
2717 static int /* O - 1 on success, 0 on failure */
2718 parse_variable(
2719 const char *filename, /* I - Name of configuration file */
2720 int linenum, /* I - Line in configuration file */
2721 const char *line, /* I - Line from configuration file */
2722 const char *value, /* I - Value from configuration file */
2723 size_t num_vars, /* I - Number of variables */
2724 const cupsd_var_t *vars) /* I - Variables */
2725 {
2726 size_t i; /* Looping var */
2727 const cupsd_var_t *var; /* Variables */
2728 char temp[1024]; /* Temporary string */
2729
2730
2731 for (i = num_vars, var = vars; i > 0; i --, var ++)
2732 if (!_cups_strcasecmp(line, var->name))
2733 break;
2734
2735 if (i == 0)
2736 {
2737 /*
2738 * Unknown directive! Output an error message and continue...
2739 */
2740
2741 if (!value)
2742 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.",
2743 line, linenum, filename);
2744 else
2745 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
2746 line, linenum, filename);
2747
2748 return (0);
2749 }
2750
2751 switch (var->type)
2752 {
2753 case CUPSD_VARTYPE_INTEGER :
2754 if (!value)
2755 {
2756 cupsdLogMessage(CUPSD_LOG_ERROR,
2757 "Missing integer value for %s on line %d of %s.",
2758 line, linenum, filename);
2759 return (0);
2760 }
2761 else if (!isdigit(*value & 255))
2762 {
2763 cupsdLogMessage(CUPSD_LOG_ERROR,
2764 "Bad integer value for %s on line %d of %s.",
2765 line, linenum, filename);
2766 return (0);
2767 }
2768 else
2769 {
2770 int n; /* Number */
2771 char *units; /* Units */
2772
2773 n = strtol(value, &units, 0);
2774
2775 if (units && *units)
2776 {
2777 if (tolower(units[0] & 255) == 'g')
2778 n *= 1024 * 1024 * 1024;
2779 else if (tolower(units[0] & 255) == 'm')
2780 n *= 1024 * 1024;
2781 else if (tolower(units[0] & 255) == 'k')
2782 n *= 1024;
2783 else if (tolower(units[0] & 255) == 't')
2784 n *= 262144;
2785 else
2786 {
2787 cupsdLogMessage(CUPSD_LOG_ERROR,
2788 "Unknown integer value for %s on line %d of %s.",
2789 line, linenum, filename);
2790 return (0);
2791 }
2792 }
2793
2794 if (n < 0)
2795 {
2796 cupsdLogMessage(CUPSD_LOG_ERROR,
2797 "Bad negative integer value for %s on line %d of "
2798 "%s.", line, linenum, filename);
2799 return (0);
2800 }
2801 else
2802 {
2803 *((int *)var->ptr) = n;
2804 }
2805 }
2806 break;
2807
2808 case CUPSD_VARTYPE_PERM :
2809 if (!value)
2810 {
2811 cupsdLogMessage(CUPSD_LOG_ERROR,
2812 "Missing permissions value for %s on line %d of %s.",
2813 line, linenum, filename);
2814 return (0);
2815 }
2816 else if (!isdigit(*value & 255))
2817 {
2818 /* TODO: Add chmod UGO syntax support */
2819 cupsdLogMessage(CUPSD_LOG_ERROR,
2820 "Bad permissions value for %s on line %d of %s.",
2821 line, linenum, filename);
2822 return (0);
2823 }
2824 else
2825 {
2826 int n = strtol(value, NULL, 8);
2827 /* Permissions value */
2828
2829 if (n < 0)
2830 {
2831 cupsdLogMessage(CUPSD_LOG_ERROR,
2832 "Bad negative permissions value for %s on line %d of "
2833 "%s.", line, linenum, filename);
2834 return (0);
2835 }
2836 else
2837 {
2838 *((mode_t *)var->ptr) = (mode_t)n;
2839 }
2840 }
2841 break;
2842
2843 case CUPSD_VARTYPE_TIME :
2844 if (!value)
2845 {
2846 cupsdLogMessage(CUPSD_LOG_ERROR,
2847 "Missing time interval value for %s on line %d of "
2848 "%s.", line, linenum, filename);
2849 return (0);
2850 }
2851 else if (!_cups_strncasecmp(line, "PreserveJob", 11) &&
2852 (!_cups_strcasecmp(value, "true") ||
2853 !_cups_strcasecmp(value, "on") ||
2854 !_cups_strcasecmp(value, "enabled") ||
2855 !_cups_strcasecmp(value, "yes")))
2856 {
2857 *((int *)var->ptr) = INT_MAX;
2858 }
2859 else if (!_cups_strcasecmp(value, "false") ||
2860 !_cups_strcasecmp(value, "off") ||
2861 !_cups_strcasecmp(value, "disabled") ||
2862 !_cups_strcasecmp(value, "no"))
2863 {
2864 *((int *)var->ptr) = 0;
2865 }
2866 else if (!isdigit(*value & 255))
2867 {
2868 cupsdLogMessage(CUPSD_LOG_ERROR,
2869 "Unknown time interval value for %s on line %d of "
2870 "%s.", line, linenum, filename);
2871 return (0);
2872 }
2873 else
2874 {
2875 double n; /* Number */
2876 char *units; /* Units */
2877
2878 n = strtod(value, &units);
2879
2880 if (units && *units)
2881 {
2882 if (tolower(units[0] & 255) == 'w')
2883 n *= 7 * 24 * 60 * 60;
2884 else if (tolower(units[0] & 255) == 'd')
2885 n *= 24 * 60 * 60;
2886 else if (tolower(units[0] & 255) == 'h')
2887 n *= 60 * 60;
2888 else if (tolower(units[0] & 255) == 'm')
2889 n *= 60;
2890 else
2891 {
2892 cupsdLogMessage(CUPSD_LOG_ERROR,
2893 "Unknown time interval value for %s on line "
2894 "%d of %s.", line, linenum, filename);
2895 return (0);
2896 }
2897 }
2898
2899 if (n < 0.0 || n > INT_MAX)
2900 {
2901 cupsdLogMessage(CUPSD_LOG_ERROR,
2902 "Bad time value for %s on line %d of %s.",
2903 line, linenum, filename);
2904 return (0);
2905 }
2906 else
2907 {
2908 *((int *)var->ptr) = (int)n;
2909 }
2910 }
2911 break;
2912
2913 case CUPSD_VARTYPE_BOOLEAN :
2914 if (!value)
2915 {
2916 cupsdLogMessage(CUPSD_LOG_ERROR,
2917 "Missing boolean value for %s on line %d of %s.",
2918 line, linenum, filename);
2919 return (0);
2920 }
2921 else if (!_cups_strcasecmp(value, "true") ||
2922 !_cups_strcasecmp(value, "on") ||
2923 !_cups_strcasecmp(value, "enabled") ||
2924 !_cups_strcasecmp(value, "yes") ||
2925 atoi(value) != 0)
2926 {
2927 *((int *)var->ptr) = TRUE;
2928 }
2929 else if (!_cups_strcasecmp(value, "false") ||
2930 !_cups_strcasecmp(value, "off") ||
2931 !_cups_strcasecmp(value, "disabled") ||
2932 !_cups_strcasecmp(value, "no") ||
2933 !_cups_strcasecmp(value, "0"))
2934 {
2935 *((int *)var->ptr) = FALSE;
2936 }
2937 else
2938 {
2939 cupsdLogMessage(CUPSD_LOG_ERROR,
2940 "Unknown boolean value %s on line %d of %s.",
2941 value, linenum, filename);
2942 return (0);
2943 }
2944 break;
2945
2946 case CUPSD_VARTYPE_PATHNAME :
2947 if (!value)
2948 {
2949 cupsdLogMessage(CUPSD_LOG_ERROR,
2950 "Missing pathname value for %s on line %d of %s.",
2951 line, linenum, filename);
2952 return (0);
2953 }
2954
2955 if (value[0] == '/')
2956 strlcpy(temp, value, sizeof(temp));
2957 else
2958 snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value);
2959
2960 if (access(temp, 0))
2961 {
2962 cupsdLogMessage(CUPSD_LOG_ERROR,
2963 "File or directory for \"%s %s\" on line %d of %s "
2964 "does not exist.", line, value, linenum, filename);
2965 return (0);
2966 }
2967
2968 cupsdSetString((char **)var->ptr, temp);
2969 break;
2970
2971 case CUPSD_VARTYPE_STRING :
2972 cupsdSetString((char **)var->ptr, value);
2973 break;
2974 }
2975
2976 return (1);
2977 }
2978
2979
2980 /*
2981 * 'read_cupsd_conf()' - Read the cupsd.conf configuration file.
2982 */
2983
2984 static int /* O - 1 on success, 0 on failure */
2985 read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
2986 {
2987 int linenum; /* Current line number */
2988 char line[HTTP_MAX_BUFFER],
2989 /* Line from file */
2990 temp[HTTP_MAX_BUFFER],
2991 /* Temporary buffer for value */
2992 *value, /* Pointer to value */
2993 *valueptr; /* Pointer into value */
2994 int valuelen; /* Length of value */
2995 http_addrlist_t *addrlist, /* Address list */
2996 *addr; /* Current address */
2997 cups_file_t *incfile; /* Include file */
2998 char incname[1024]; /* Include filename */
2999
3000
3001 /*
3002 * Loop through each line in the file...
3003 */
3004
3005 linenum = 0;
3006
3007 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3008 {
3009 /*
3010 * Decode the directive...
3011 */
3012
3013 if (!_cups_strcasecmp(line, "Include") && value)
3014 {
3015 /*
3016 * Include filename
3017 */
3018
3019 if (value[0] == '/')
3020 strlcpy(incname, value, sizeof(incname));
3021 else
3022 snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value);
3023
3024 if ((incfile = cupsFileOpen(incname, "rb")) == NULL)
3025 cupsdLogMessage(CUPSD_LOG_ERROR,
3026 "Unable to include config file \"%s\" - %s",
3027 incname, strerror(errno));
3028 else
3029 {
3030 read_cupsd_conf(incfile);
3031 cupsFileClose(incfile);
3032 }
3033 }
3034 else if (!_cups_strcasecmp(line, "<Location") && value)
3035 {
3036 /*
3037 * <Location path>
3038 */
3039
3040 linenum = read_location(fp, value, linenum);
3041 if (linenum == 0)
3042 return (0);
3043 }
3044 else if (!_cups_strcasecmp(line, "<Policy") && value)
3045 {
3046 /*
3047 * <Policy name>
3048 */
3049
3050 linenum = read_policy(fp, value, linenum);
3051 if (linenum == 0)
3052 return (0);
3053 }
3054 else if (!_cups_strcasecmp(line, "FaxRetryInterval") && value)
3055 {
3056 JobRetryInterval = atoi(value);
3057 cupsdLogMessage(CUPSD_LOG_WARN,
3058 "FaxRetryInterval is deprecated; use "
3059 "JobRetryInterval on line %d of %s.", linenum, ConfigurationFile);
3060 }
3061 else if (!_cups_strcasecmp(line, "FaxRetryLimit") && value)
3062 {
3063 JobRetryLimit = atoi(value);
3064 cupsdLogMessage(CUPSD_LOG_WARN,
3065 "FaxRetryLimit is deprecated; use "
3066 "JobRetryLimit on line %d of %s.", linenum, ConfigurationFile);
3067 }
3068 #ifdef HAVE_SSL
3069 else if (!_cups_strcasecmp(line, "SSLOptions"))
3070 {
3071 /*
3072 * SSLOptions [AllowRC4] [AllowSSL3] [None]
3073 */
3074
3075 int options = 0; /* SSL/TLS options */
3076
3077 if (value)
3078 {
3079 char *start, /* Start of option */
3080 *end; /* End of option */
3081
3082 for (start = value; *start; start = end)
3083 {
3084 /*
3085 * Find end of keyword...
3086 */
3087
3088 end = start;
3089 while (*end && !_cups_isspace(*end))
3090 end ++;
3091
3092 if (*end)
3093 *end++ = '\0';
3094
3095 /*
3096 * Compare...
3097 */
3098
3099 if (!_cups_strcasecmp(start, "AllowRC4"))
3100 options |= _HTTP_TLS_ALLOW_RC4;
3101 else if (!_cups_strcasecmp(start, "AllowSSL3"))
3102 options |= _HTTP_TLS_ALLOW_SSL3;
3103 else if (!_cups_strcasecmp(start, "None"))
3104 options = 0;
3105 else if (_cups_strcasecmp(start, "NoEmptyFragments"))
3106 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown SSL option %s at line %d.", start, linenum);
3107 }
3108 }
3109
3110 _httpTLSSetOptions(options);
3111 }
3112 #endif /* HAVE_SSL */
3113 else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")
3114 #ifdef HAVE_SSL
3115 || !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen")
3116 #endif /* HAVE_SSL */
3117 ) && value)
3118 {
3119 /*
3120 * Add listening address(es) to the list...
3121 */
3122
3123 cupsd_listener_t *lis; /* New listeners array */
3124
3125
3126 /*
3127 * Get the address list...
3128 */
3129
3130 addrlist = get_address(value, IPP_PORT);
3131
3132 if (!addrlist)
3133 {
3134 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad %s address %s at line %d.", line,
3135 value, linenum);
3136 continue;
3137 }
3138
3139 /*
3140 * Add each address...
3141 */
3142
3143 for (addr = addrlist; addr; addr = addr->next)
3144 {
3145 /*
3146 * See if this address is already present...
3147 */
3148
3149 for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners);
3150 lis;
3151 lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
3152 if (httpAddrEqual(&(addr->addr), &(lis->address)) &&
3153 httpAddrPort(&(addr->addr)) == httpAddrPort(&(lis->address)))
3154 break;
3155
3156 if (lis)
3157 {
3158 #ifdef HAVE_ONDEMAND
3159 if (!lis->on_demand)
3160 #endif /* HAVE_ONDEMAND */
3161 {
3162 httpAddrString(&lis->address, temp, sizeof(temp));
3163 cupsdLogMessage(CUPSD_LOG_WARN,
3164 "Duplicate listen address \"%s\" ignored.", temp);
3165 }
3166
3167 continue;
3168 }
3169
3170 /*
3171 * Allocate another listener...
3172 */
3173
3174 if (!Listeners)
3175 Listeners = cupsArrayNew(NULL, NULL);
3176
3177 if (!Listeners)
3178 {
3179 cupsdLogMessage(CUPSD_LOG_ERROR,
3180 "Unable to allocate %s at line %d - %s.",
3181 line, linenum, strerror(errno));
3182 break;
3183 }
3184
3185 if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
3186 {
3187 cupsdLogMessage(CUPSD_LOG_ERROR,
3188 "Unable to allocate %s at line %d - %s.",
3189 line, linenum, strerror(errno));
3190 break;
3191 }
3192
3193 cupsArrayAdd(Listeners, lis);
3194
3195 /*
3196 * Copy the current address and log it...
3197 */
3198
3199 memcpy(&(lis->address), &(addr->addr), sizeof(lis->address));
3200 lis->fd = -1;
3201
3202 #ifdef HAVE_SSL
3203 if (!_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen"))
3204 lis->encryption = HTTP_ENCRYPT_ALWAYS;
3205 #endif /* HAVE_SSL */
3206
3207 httpAddrString(&lis->address, temp, sizeof(temp));
3208
3209 #ifdef AF_LOCAL
3210 if (lis->address.addr.sa_family == AF_LOCAL)
3211 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s (Domain)", temp);
3212 else
3213 #endif /* AF_LOCAL */
3214 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s:%d (IPv%d)", temp,
3215 httpAddrPort(&(lis->address)),
3216 httpAddrFamily(&(lis->address)) == AF_INET ? 4 : 6);
3217
3218 if (!httpAddrLocalhost(&(lis->address)))
3219 RemotePort = httpAddrPort(&(lis->address));
3220 }
3221
3222 /*
3223 * Free the list...
3224 */
3225
3226 httpAddrFreeList(addrlist);
3227 }
3228 else if (!_cups_strcasecmp(line, "BrowseProtocols") ||
3229 !_cups_strcasecmp(line, "BrowseLocalProtocols"))
3230 {
3231 /*
3232 * "BrowseProtocols name [... name]"
3233 * "BrowseLocalProtocols name [... name]"
3234 */
3235
3236 int protocols = parse_protocols(value);
3237
3238 if (protocols < 0)
3239 {
3240 cupsdLogMessage(CUPSD_LOG_ERROR,
3241 "Unknown browse protocol \"%s\" on line %d of %s.",
3242 value, linenum, ConfigurationFile);
3243 break;
3244 }
3245
3246 BrowseLocalProtocols = protocols;
3247 }
3248 else if (!_cups_strcasecmp(line, "DefaultAuthType") && value)
3249 {
3250 /*
3251 * DefaultAuthType {basic,digest,basicdigest,negotiate}
3252 */
3253
3254 if (!_cups_strcasecmp(value, "none"))
3255 default_auth_type = CUPSD_AUTH_NONE;
3256 else if (!_cups_strcasecmp(value, "basic"))
3257 default_auth_type = CUPSD_AUTH_BASIC;
3258 #ifdef HAVE_GSSAPI
3259 else if (!_cups_strcasecmp(value, "negotiate"))
3260 default_auth_type = CUPSD_AUTH_NEGOTIATE;
3261 #endif /* HAVE_GSSAPI */
3262 else if (!_cups_strcasecmp(value, "auto"))
3263 default_auth_type = CUPSD_AUTH_AUTO;
3264 else
3265 {
3266 cupsdLogMessage(CUPSD_LOG_WARN,
3267 "Unknown default authorization type %s on line %d of %s.",
3268 value, linenum, ConfigurationFile);
3269 if (FatalErrors & CUPSD_FATAL_CONFIG)
3270 return (0);
3271 }
3272 }
3273 #ifdef HAVE_SSL
3274 else if (!_cups_strcasecmp(line, "DefaultEncryption"))
3275 {
3276 /*
3277 * DefaultEncryption {Never,IfRequested,Required}
3278 */
3279
3280 if (!value || !_cups_strcasecmp(value, "never"))
3281 DefaultEncryption = HTTP_ENCRYPT_NEVER;
3282 else if (!_cups_strcasecmp(value, "required"))
3283 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
3284 else if (!_cups_strcasecmp(value, "ifrequested"))
3285 DefaultEncryption = HTTP_ENCRYPT_IF_REQUESTED;
3286 else
3287 {
3288 cupsdLogMessage(CUPSD_LOG_WARN,
3289 "Unknown default encryption %s on line %d of %s.",
3290 value, linenum, ConfigurationFile);
3291 if (FatalErrors & CUPSD_FATAL_CONFIG)
3292 return (0);
3293 }
3294 }
3295 #endif /* HAVE_SSL */
3296 else if (!_cups_strcasecmp(line, "HostNameLookups") && value)
3297 {
3298 /*
3299 * Do hostname lookups?
3300 */
3301
3302 if (!_cups_strcasecmp(value, "off") || !_cups_strcasecmp(value, "no") ||
3303 !_cups_strcasecmp(value, "false"))
3304 HostNameLookups = 0;
3305 else if (!_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "yes") ||
3306 !_cups_strcasecmp(value, "true"))
3307 HostNameLookups = 1;
3308 else if (!_cups_strcasecmp(value, "double"))
3309 HostNameLookups = 2;
3310 else
3311 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown HostNameLookups %s on line %d of %s.",
3312 value, linenum, ConfigurationFile);
3313 }
3314 else if (!_cups_strcasecmp(line, "AccessLogLevel") && value)
3315 {
3316 /*
3317 * Amount of logging to do to access log...
3318 */
3319
3320 if (!_cups_strcasecmp(value, "all"))
3321 AccessLogLevel = CUPSD_ACCESSLOG_ALL;
3322 else if (!_cups_strcasecmp(value, "actions"))
3323 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
3324 else if (!_cups_strcasecmp(value, "config"))
3325 AccessLogLevel = CUPSD_ACCESSLOG_CONFIG;
3326 else if (!_cups_strcasecmp(value, "none"))
3327 AccessLogLevel = CUPSD_ACCESSLOG_NONE;
3328 else
3329 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown AccessLogLevel %s on line %d of %s.",
3330 value, linenum, ConfigurationFile);
3331 }
3332 else if (!_cups_strcasecmp(line, "LogLevel") && value)
3333 {
3334 /*
3335 * Amount of logging to do to error log...
3336 */
3337
3338 if (!_cups_strcasecmp(value, "debug2"))
3339 LogLevel = CUPSD_LOG_DEBUG2;
3340 else if (!_cups_strcasecmp(value, "debug"))
3341 LogLevel = CUPSD_LOG_DEBUG;
3342 else if (!_cups_strcasecmp(value, "info"))
3343 LogLevel = CUPSD_LOG_INFO;
3344 else if (!_cups_strcasecmp(value, "notice"))
3345 LogLevel = CUPSD_LOG_NOTICE;
3346 else if (!_cups_strcasecmp(value, "warn"))
3347 LogLevel = CUPSD_LOG_WARN;
3348 else if (!_cups_strcasecmp(value, "error"))
3349 LogLevel = CUPSD_LOG_ERROR;
3350 else if (!_cups_strcasecmp(value, "crit"))
3351 LogLevel = CUPSD_LOG_CRIT;
3352 else if (!_cups_strcasecmp(value, "alert"))
3353 LogLevel = CUPSD_LOG_ALERT;
3354 else if (!_cups_strcasecmp(value, "emerg"))
3355 LogLevel = CUPSD_LOG_EMERG;
3356 else if (!_cups_strcasecmp(value, "none"))
3357 LogLevel = CUPSD_LOG_NONE;
3358 else
3359 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogLevel %s on line %d of %s.",
3360 value, linenum, ConfigurationFile);
3361 }
3362 else if (!_cups_strcasecmp(line, "LogTimeFormat") && value)
3363 {
3364 /*
3365 * Amount of logging to do to error log...
3366 */
3367
3368 if (!_cups_strcasecmp(value, "standard"))
3369 LogTimeFormat = CUPSD_TIME_STANDARD;
3370 else if (!_cups_strcasecmp(value, "usecs"))
3371 LogTimeFormat = CUPSD_TIME_USECS;
3372 else
3373 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogTimeFormat %s on line %d of %s.",
3374 value, linenum, ConfigurationFile);
3375 }
3376 else if (!_cups_strcasecmp(line, "ServerTokens") && value)
3377 {
3378 /*
3379 * Set the string used for the Server header...
3380 */
3381
3382 struct utsname plat; /* Platform info */
3383
3384
3385 uname(&plat);
3386
3387 if (!_cups_strcasecmp(value, "ProductOnly"))
3388 cupsdSetString(&ServerHeader, "CUPS IPP");
3389 else if (!_cups_strcasecmp(value, "Major"))
3390 cupsdSetStringf(&ServerHeader, "CUPS/%d IPP/2", CUPS_VERSION_MAJOR);
3391 else if (!_cups_strcasecmp(value, "Minor"))
3392 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d IPP/2.1", CUPS_VERSION_MAJOR,
3393 CUPS_VERSION_MINOR);
3394 else if (!_cups_strcasecmp(value, "Minimal"))
3395 cupsdSetString(&ServerHeader, CUPS_MINIMAL " IPP/2.1");
3396 else if (!_cups_strcasecmp(value, "OS"))
3397 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s %s) IPP/2.1",
3398 plat.sysname, plat.release);
3399 else if (!_cups_strcasecmp(value, "Full"))
3400 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s %s; %s) IPP/2.1",
3401 plat.sysname, plat.release, plat.machine);
3402 else if (!_cups_strcasecmp(value, "None"))
3403 cupsdClearString(&ServerHeader);
3404 else
3405 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d of %s.",
3406 value, linenum, ConfigurationFile);
3407 }
3408 else if (!_cups_strcasecmp(line, "PassEnv") && value)
3409 {
3410 /*
3411 * PassEnv variable [... variable]
3412 */
3413
3414 for (; *value;)
3415 {
3416 for (valuelen = 0; value[valuelen]; valuelen ++)
3417 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3418 break;
3419
3420 if (value[valuelen])
3421 {
3422 value[valuelen] = '\0';
3423 valuelen ++;
3424 }
3425
3426 cupsdSetEnv(value, NULL);
3427
3428 for (value += valuelen; *value; value ++)
3429 if (!_cups_isspace(*value) || *value != ',')
3430 break;
3431 }
3432 }
3433 else if (!_cups_strcasecmp(line, "ServerAlias") && value)
3434 {
3435 /*
3436 * ServerAlias name [... name]
3437 */
3438
3439 if (!ServerAlias)
3440 ServerAlias = cupsArrayNew(NULL, NULL);
3441
3442 for (; *value;)
3443 {
3444 for (valuelen = 0; value[valuelen]; valuelen ++)
3445 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3446 break;
3447
3448 if (value[valuelen])
3449 {
3450 value[valuelen] = '\0';
3451 valuelen ++;
3452 }
3453
3454 cupsdAddAlias(ServerAlias, value);
3455
3456 for (value += valuelen; *value; value ++)
3457 if (!_cups_isspace(*value) || *value != ',')
3458 break;
3459 }
3460 }
3461 else if (!_cups_strcasecmp(line, "SetEnv") && value)
3462 {
3463 /*
3464 * SetEnv variable value
3465 */
3466
3467 for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
3468
3469 if (*valueptr)
3470 {
3471 /*
3472 * Found a value...
3473 */
3474
3475 while (isspace(*valueptr & 255))
3476 *valueptr++ = '\0';
3477
3478 cupsdSetEnv(value, valueptr);
3479 }
3480 else
3481 cupsdLogMessage(CUPSD_LOG_ERROR,
3482 "Missing value for SetEnv directive on line %d of %s.",
3483 linenum, ConfigurationFile);
3484 }
3485 else if (!_cups_strcasecmp(line, "AccessLog") ||
3486 !_cups_strcasecmp(line, "CacheDir") ||
3487 !_cups_strcasecmp(line, "ConfigFilePerm") ||
3488 !_cups_strcasecmp(line, "DataDir") ||
3489 !_cups_strcasecmp(line, "DocumentRoot") ||
3490 !_cups_strcasecmp(line, "ErrorLog") ||
3491 !_cups_strcasecmp(line, "FatalErrors") ||
3492 !_cups_strcasecmp(line, "FileDevice") ||
3493 !_cups_strcasecmp(line, "FontPath") ||
3494 !_cups_strcasecmp(line, "Group") ||
3495 !_cups_strcasecmp(line, "LogFilePerm") ||
3496 !_cups_strcasecmp(line, "LPDConfigFile") ||
3497 !_cups_strcasecmp(line, "PageLog") ||
3498 !_cups_strcasecmp(line, "Printcap") ||
3499 !_cups_strcasecmp(line, "PrintcapFormat") ||
3500 !_cups_strcasecmp(line, "RemoteRoot") ||
3501 !_cups_strcasecmp(line, "RequestRoot") ||
3502 !_cups_strcasecmp(line, "ServerBin") ||
3503 !_cups_strcasecmp(line, "ServerCertificate") ||
3504 !_cups_strcasecmp(line, "ServerKey") ||
3505 !_cups_strcasecmp(line, "ServerKeychain") ||
3506 !_cups_strcasecmp(line, "ServerRoot") ||
3507 !_cups_strcasecmp(line, "SMBConfigFile") ||
3508 !_cups_strcasecmp(line, "StateDir") ||
3509 !_cups_strcasecmp(line, "SystemGroup") ||
3510 !_cups_strcasecmp(line, "SystemGroupAuthKey") ||
3511 !_cups_strcasecmp(line, "TempDir") ||
3512 !_cups_strcasecmp(line, "User"))
3513 {
3514 cupsdLogMessage(CUPSD_LOG_INFO,
3515 "Please move \"%s%s%s\" on line %d of %s to the %s file; "
3516 "this will become an error in a future release.",
3517 line, value ? " " : "", value ? value : "", linenum,
3518 ConfigurationFile, CupsFilesFile);
3519 }
3520 else
3521 parse_variable(ConfigurationFile, linenum, line, value,
3522 sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars);
3523 }
3524
3525 return (1);
3526 }
3527
3528
3529 /*
3530 * 'read_cups_files_conf()' - Read the cups-files.conf configuration file.
3531 */
3532
3533 static int /* O - 1 on success, 0 on failure */
3534 read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
3535 {
3536 int linenum; /* Current line number */
3537 char line[HTTP_MAX_BUFFER], /* Line from file */
3538 *value; /* Value from line */
3539 struct group *group; /* Group */
3540
3541
3542 /*
3543 * Loop through each line in the file...
3544 */
3545
3546 linenum = 0;
3547
3548 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3549 {
3550 if (!_cups_strcasecmp(line, "FatalErrors"))
3551 FatalErrors = parse_fatal_errors(value);
3552 else if (!_cups_strcasecmp(line, "Group") && value)
3553 {
3554 /*
3555 * Group ID to run as...
3556 */
3557
3558 if (isdigit(value[0]))
3559 Group = (gid_t)atoi(value);
3560 else
3561 {
3562 endgrent();
3563 group = getgrnam(value);
3564
3565 if (group != NULL)
3566 Group = group->gr_gid;
3567 else
3568 {
3569 cupsdLogMessage(CUPSD_LOG_ERROR,
3570 "Unknown Group \"%s\" on line %d of %s.", value,
3571 linenum, CupsFilesFile);
3572 if (FatalErrors & CUPSD_FATAL_CONFIG)
3573 return (0);
3574 }
3575 }
3576 }
3577 else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
3578 {
3579 /*
3580 * Format of printcap file?
3581 */
3582
3583 if (!_cups_strcasecmp(value, "bsd"))
3584 PrintcapFormat = PRINTCAP_BSD;
3585 else if (!_cups_strcasecmp(value, "plist"))
3586 PrintcapFormat = PRINTCAP_PLIST;
3587 else if (!_cups_strcasecmp(value, "solaris"))
3588 PrintcapFormat = PRINTCAP_SOLARIS;
3589 else
3590 {
3591 cupsdLogMessage(CUPSD_LOG_ERROR,
3592 "Unknown PrintcapFormat \"%s\" on line %d of %s.",
3593 value, linenum, CupsFilesFile);
3594 if (FatalErrors & CUPSD_FATAL_CONFIG)
3595 return (0);
3596 }
3597 }
3598 else if (!_cups_strcasecmp(line, "Sandboxing") && value)
3599 {
3600 /*
3601 * Level of sandboxing?
3602 */
3603
3604 if (!_cups_strcasecmp(value, "off") && getuid())
3605 {
3606 Sandboxing = CUPSD_SANDBOXING_OFF;
3607 cupsdLogMessage(CUPSD_LOG_WARN, "Disabling sandboxing is not recommended (line %d of %s)", linenum, CupsFilesFile);
3608 }
3609 else if (!_cups_strcasecmp(value, "relaxed"))
3610 Sandboxing = CUPSD_SANDBOXING_RELAXED;
3611 else if (!_cups_strcasecmp(value, "strict"))
3612 Sandboxing = CUPSD_SANDBOXING_STRICT;
3613 else
3614 {
3615 cupsdLogMessage(CUPSD_LOG_ERROR,
3616 "Unknown Sandboxing \"%s\" on line %d of %s.",
3617 value, linenum, CupsFilesFile);
3618 if (FatalErrors & CUPSD_FATAL_CONFIG)
3619 return (0);
3620 }
3621 }
3622 else if (!_cups_strcasecmp(line, "SystemGroup") && value)
3623 {
3624 /*
3625 * SystemGroup (admin) group(s)...
3626 */
3627
3628 if (!parse_groups(value))
3629 {
3630 cupsdLogMessage(CUPSD_LOG_ERROR,
3631 "Unknown SystemGroup \"%s\" on line %d of %s.", value,
3632 linenum, CupsFilesFile);
3633 if (FatalErrors & CUPSD_FATAL_CONFIG)
3634 return (0);
3635 }
3636 }
3637 else if (!_cups_strcasecmp(line, "User") && value)
3638 {
3639 /*
3640 * User ID to run as...
3641 */
3642
3643 if (isdigit(value[0] & 255))
3644 {
3645 int uid = atoi(value);
3646
3647 if (!uid)
3648 {
3649 cupsdLogMessage(CUPSD_LOG_ERROR,
3650 "Will not use User 0 as specified on line %d of %s "
3651 "for security reasons. You must use a non-"
3652 "privileged account instead.",
3653 linenum, CupsFilesFile);
3654 if (FatalErrors & CUPSD_FATAL_CONFIG)
3655 return (0);
3656 }
3657 else
3658 User = (uid_t)atoi(value);
3659 }
3660 else
3661 {
3662 struct passwd *p; /* Password information */
3663
3664 endpwent();
3665 p = getpwnam(value);
3666
3667 if (p)
3668 {
3669 if (!p->pw_uid)
3670 {
3671 cupsdLogMessage(CUPSD_LOG_ERROR,
3672 "Will not use User %s (UID=0) as specified on line "
3673 "%d of %s for security reasons. You must use a "
3674 "non-privileged account instead.",
3675 value, linenum, CupsFilesFile);
3676 if (FatalErrors & CUPSD_FATAL_CONFIG)
3677 return (0);
3678 }
3679 else
3680 User = p->pw_uid;
3681 }
3682 else
3683 {
3684 cupsdLogMessage(CUPSD_LOG_ERROR,
3685 "Unknown User \"%s\" on line %d of %s.",
3686 value, linenum, CupsFilesFile);
3687 if (FatalErrors & CUPSD_FATAL_CONFIG)
3688 return (0);
3689 }
3690 }
3691 }
3692 else if (!_cups_strcasecmp(line, "ServerCertificate") ||
3693 !_cups_strcasecmp(line, "ServerKey"))
3694 {
3695 cupsdLogMessage(CUPSD_LOG_INFO,
3696 "The \"%s\" directive on line %d of %s is no longer "
3697 "supported; this will become an error in a future "
3698 "release.",
3699 line, linenum, CupsFilesFile);
3700 }
3701 else if (!parse_variable(CupsFilesFile, linenum, line, value,
3702 sizeof(cupsfiles_vars) / sizeof(cupsfiles_vars[0]),
3703 cupsfiles_vars) &&
3704 (FatalErrors & CUPSD_FATAL_CONFIG))
3705 return (0);
3706 }
3707
3708 return (1);
3709 }
3710
3711
3712 /*
3713 * 'read_location()' - Read a <Location path> definition.
3714 */
3715
3716 static int /* O - New line number or 0 on error */
3717 read_location(cups_file_t *fp, /* I - Configuration file */
3718 char *location, /* I - Location name/path */
3719 int linenum) /* I - Current line number */
3720 {
3721 cupsd_location_t *loc, /* New location */
3722 *parent; /* Parent location */
3723 char line[HTTP_MAX_BUFFER],
3724 /* Line buffer */
3725 *value, /* Value for directive */
3726 *valptr; /* Pointer into value */
3727
3728
3729 if ((parent = cupsdFindLocation(location)) != NULL)
3730 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Location %s> on line %d of %s.",
3731 location, linenum, ConfigurationFile);
3732 else if ((parent = cupsdNewLocation(location)) == NULL)
3733 return (0);
3734 else
3735 {
3736 cupsdAddLocation(parent);
3737
3738 parent->limit = CUPSD_AUTH_LIMIT_ALL;
3739 }
3740
3741 loc = parent;
3742
3743 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3744 {
3745 /*
3746 * Decode the directive...
3747 */
3748
3749 if (!_cups_strcasecmp(line, "</Location>"))
3750 return (linenum);
3751 else if (!_cups_strcasecmp(line, "<Limit") ||
3752 !_cups_strcasecmp(line, "<LimitExcept"))
3753 {
3754 if (!value)
3755 {
3756 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d of %s.", linenum, ConfigurationFile);
3757 if (FatalErrors & CUPSD_FATAL_CONFIG)
3758 return (0);
3759 else
3760 continue;
3761 }
3762
3763 if ((loc = cupsdCopyLocation(parent)) == NULL)
3764 return (0);
3765
3766 cupsdAddLocation(loc);
3767
3768 loc->limit = 0;
3769 while (*value)
3770 {
3771 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3772
3773 if (*valptr)
3774 *valptr++ = '\0';
3775
3776 if (!strcmp(value, "ALL"))
3777 loc->limit = CUPSD_AUTH_LIMIT_ALL;
3778 else if (!strcmp(value, "GET"))
3779 loc->limit |= CUPSD_AUTH_LIMIT_GET;
3780 else if (!strcmp(value, "HEAD"))
3781 loc->limit |= CUPSD_AUTH_LIMIT_HEAD;
3782 else if (!strcmp(value, "OPTIONS"))
3783 loc->limit |= CUPSD_AUTH_LIMIT_OPTIONS;
3784 else if (!strcmp(value, "POST"))
3785 loc->limit |= CUPSD_AUTH_LIMIT_POST;
3786 else if (!strcmp(value, "PUT"))
3787 loc->limit |= CUPSD_AUTH_LIMIT_PUT;
3788 else if (!strcmp(value, "TRACE"))
3789 loc->limit |= CUPSD_AUTH_LIMIT_TRACE;
3790 else
3791 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown request type %s on line %d of %s.",
3792 value, linenum, ConfigurationFile);
3793
3794 for (value = valptr; isspace(*value & 255); value ++);
3795 }
3796
3797 if (!_cups_strcasecmp(line, "<LimitExcept"))
3798 loc->limit = CUPSD_AUTH_LIMIT_ALL ^ loc->limit;
3799
3800 parent->limit &= ~loc->limit;
3801 }
3802 else if (!_cups_strcasecmp(line, "</Limit>") ||
3803 !_cups_strcasecmp(line, "</LimitExcept>"))
3804 loc = parent;
3805 else if (!value)
3806 {
3807 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d of %s.", linenum, ConfigurationFile);
3808 if (FatalErrors & CUPSD_FATAL_CONFIG)
3809 return (0);
3810 }
3811 else if (!parse_aaa(loc, line, value, linenum))
3812 {
3813 cupsdLogMessage(CUPSD_LOG_ERROR,
3814 "Unknown Location directive %s on line %d of %s.",
3815 line, linenum, ConfigurationFile);
3816 if (FatalErrors & CUPSD_FATAL_CONFIG)
3817 return (0);
3818 }
3819 }
3820
3821 cupsdLogMessage(CUPSD_LOG_ERROR,
3822 "Unexpected end-of-file at line %d while reading location.",
3823 linenum);
3824
3825 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
3826 }
3827
3828
3829 /*
3830 * 'read_policy()' - Read a <Policy name> definition.
3831 */
3832
3833 static int /* O - New line number or 0 on error */
3834 read_policy(cups_file_t *fp, /* I - Configuration file */
3835 char *policy, /* I - Location name/path */
3836 int linenum) /* I - Current line number */
3837 {
3838 int i; /* Looping var */
3839 cupsd_policy_t *pol; /* Policy */
3840 cupsd_location_t *op; /* Policy operation */
3841 int num_ops; /* Number of IPP operations */
3842 ipp_op_t ops[100]; /* Operations */
3843 char line[HTTP_MAX_BUFFER],
3844 /* Line buffer */
3845 *value, /* Value for directive */
3846 *valptr; /* Pointer into value */
3847
3848
3849 /*
3850 * Create the policy...
3851 */
3852
3853 if ((pol = cupsdFindPolicy(policy)) != NULL)
3854 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Policy %s> on line %d of %s.",
3855 policy, linenum, ConfigurationFile);
3856 else if ((pol = cupsdAddPolicy(policy)) == NULL)
3857 return (0);
3858
3859 /*
3860 * Read from the file...
3861 */
3862
3863 op = NULL;
3864 num_ops = 0;
3865
3866 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3867 {
3868 /*
3869 * Decode the directive...
3870 */
3871
3872 if (!_cups_strcasecmp(line, "</Policy>"))
3873 {
3874 if (op)
3875 cupsdLogMessage(CUPSD_LOG_WARN,
3876 "Missing </Limit> before </Policy> on line %d of %s.",
3877 linenum, ConfigurationFile);
3878
3879 set_policy_defaults(pol);
3880
3881 return (linenum);
3882 }
3883 else if (!_cups_strcasecmp(line, "<Limit") && !op)
3884 {
3885 if (!value)
3886 {
3887 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d of %s.", linenum, ConfigurationFile);
3888 if (FatalErrors & CUPSD_FATAL_CONFIG)
3889 return (0);
3890 else
3891 continue;
3892 }
3893
3894 /*
3895 * Scan for IPP operation names...
3896 */
3897
3898 num_ops = 0;
3899
3900 while (*value)
3901 {
3902 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3903
3904 if (*valptr)
3905 *valptr++ = '\0';
3906
3907 if (num_ops < (int)(sizeof(ops) / sizeof(ops[0])))
3908 {
3909 if (!_cups_strcasecmp(value, "All"))
3910 ops[num_ops] = IPP_ANY_OPERATION;
3911 else if ((ops[num_ops] = ippOpValue(value)) == IPP_BAD_OPERATION)
3912 cupsdLogMessage(CUPSD_LOG_ERROR,
3913 "Bad IPP operation name \"%s\" on line %d of %s.",
3914 value, linenum, ConfigurationFile);
3915 else
3916 num_ops ++;
3917 }
3918 else
3919 cupsdLogMessage(CUPSD_LOG_ERROR,
3920 "Too many operations listed on line %d of %s.",
3921 linenum, ConfigurationFile);
3922
3923 for (value = valptr; isspace(*value & 255); value ++);
3924 }
3925
3926 /*
3927 * If none are specified, apply the policy to all operations...
3928 */
3929
3930 if (num_ops == 0)
3931 {
3932 ops[0] = IPP_ANY_OPERATION;
3933 num_ops = 1;
3934 }
3935
3936 /*
3937 * Add a new policy for the first operation...
3938 */
3939
3940 op = cupsdAddPolicyOp(pol, NULL, ops[0]);
3941 }
3942 else if (!_cups_strcasecmp(line, "</Limit>") && op)
3943 {
3944 /*
3945 * Finish the current operation limit...
3946 */
3947
3948 if (num_ops > 1)
3949 {
3950 /*
3951 * Copy the policy to the other operations...
3952 */
3953
3954 for (i = 1; i < num_ops; i ++)
3955 cupsdAddPolicyOp(pol, op, ops[i]);
3956 }
3957
3958 op = NULL;
3959 }
3960 else if (!value)
3961 {
3962 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d of %s.", linenum, ConfigurationFile);
3963 if (FatalErrors & CUPSD_FATAL_CONFIG)
3964 return (0);
3965 }
3966 else if (!_cups_strcasecmp(line, "JobPrivateAccess") ||
3967 !_cups_strcasecmp(line, "JobPrivateValues") ||
3968 !_cups_strcasecmp(line, "SubscriptionPrivateAccess") ||
3969 !_cups_strcasecmp(line, "SubscriptionPrivateValues"))
3970 {
3971 if (op)
3972 {
3973 cupsdLogMessage(CUPSD_LOG_ERROR,
3974 "%s directive must appear outside <Limit>...</Limit> "
3975 "on line %d of %s.", line, linenum, ConfigurationFile);
3976 if (FatalErrors & CUPSD_FATAL_CONFIG)
3977 return (0);
3978 }
3979 else
3980 {
3981 /*
3982 * Pull out whitespace-delimited values...
3983 */
3984
3985 while (*value)
3986 {
3987 /*
3988 * Find the end of the current value...
3989 */
3990
3991 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3992
3993 if (*valptr)
3994 *valptr++ = '\0';
3995
3996 /*
3997 * Save it appropriately...
3998 */
3999
4000 if (!_cups_strcasecmp(line, "JobPrivateAccess"))
4001 {
4002 /*
4003 * JobPrivateAccess {all|default|user/group list|@@ACL}
4004 */
4005
4006 if (!_cups_strcasecmp(value, "default"))
4007 {
4008 cupsdAddString(&(pol->job_access), "@OWNER");
4009 cupsdAddString(&(pol->job_access), "@SYSTEM");
4010 }
4011 else
4012 cupsdAddString(&(pol->job_access), value);
4013 }
4014 else if (!_cups_strcasecmp(line, "JobPrivateValues"))
4015 {
4016 /*
4017 * JobPrivateValues {all|none|default|attribute list}
4018 */
4019
4020 if (!_cups_strcasecmp(value, "default"))
4021 {
4022 cupsdAddString(&(pol->job_attrs), "job-name");
4023 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
4024 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
4025 cupsdAddString(&(pol->job_attrs), "phone");
4026 }
4027 else
4028 cupsdAddString(&(pol->job_attrs), value);
4029 }
4030 else if (!_cups_strcasecmp(line, "SubscriptionPrivateAccess"))
4031 {
4032 /*
4033 * SubscriptionPrivateAccess {all|default|user/group list|@@ACL}
4034 */
4035
4036 if (!_cups_strcasecmp(value, "default"))
4037 {
4038 cupsdAddString(&(pol->sub_access), "@OWNER");
4039 cupsdAddString(&(pol->sub_access), "@SYSTEM");
4040 }
4041 else
4042 cupsdAddString(&(pol->sub_access), value);
4043 }
4044 else /* if (!_cups_strcasecmp(line, "SubscriptionPrivateValues")) */
4045 {
4046 /*
4047 * SubscriptionPrivateValues {all|none|default|attribute list}
4048 */
4049
4050 if (!_cups_strcasecmp(value, "default"))
4051 {
4052 cupsdAddString(&(pol->sub_attrs), "notify-events");
4053 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
4054 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
4055 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
4056 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
4057 }
4058 else
4059 cupsdAddString(&(pol->sub_attrs), value);
4060 }
4061
4062 /*
4063 * Find the next string on the line...
4064 */
4065
4066 for (value = valptr; isspace(*value & 255); value ++);
4067 }
4068 }
4069 }
4070 else if (!op)
4071 {
4072 cupsdLogMessage(CUPSD_LOG_ERROR,
4073 "Missing <Limit ops> directive before %s on line %d of %s.",
4074 line, linenum, ConfigurationFile);
4075 if (FatalErrors & CUPSD_FATAL_CONFIG)
4076 return (0);
4077 }
4078 else if (!parse_aaa(op, line, value, linenum))
4079 {
4080 cupsdLogMessage(CUPSD_LOG_ERROR,
4081 "Unknown Policy Limit directive %s on line %d of %s.",
4082 line, linenum, ConfigurationFile);
4083
4084 if (FatalErrors & CUPSD_FATAL_CONFIG)
4085 return (0);
4086 }
4087 }
4088
4089 cupsdLogMessage(CUPSD_LOG_ERROR,
4090 "Unexpected end-of-file at line %d while reading policy "
4091 "\"%s\".", linenum, policy);
4092
4093 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
4094 }
4095
4096
4097 /*
4098 * 'set_policy_defaults()' - Set default policy values as needed.
4099 */
4100
4101 static void
4102 set_policy_defaults(cupsd_policy_t *pol)/* I - Policy */
4103 {
4104 cupsd_location_t *op; /* Policy operation */
4105
4106
4107 /*
4108 * Verify that we have an explicit policy for Validate-Job, Cancel-Jobs,
4109 * Cancel-My-Jobs, Close-Job, and CUPS-Get-Document, which ensures that
4110 * upgrades do not introduce new security issues...
4111 *
4112 * CUPS STR #4659: Allow a lone <Limit All> policy.
4113 */
4114
4115 if (cupsArrayCount(pol->ops) > 1)
4116 {
4117 if ((op = cupsdFindPolicyOp(pol, IPP_VALIDATE_JOB)) == NULL ||
4118 op->op == IPP_ANY_OPERATION)
4119 {
4120 if ((op = cupsdFindPolicyOp(pol, IPP_PRINT_JOB)) != NULL &&
4121 op->op != IPP_ANY_OPERATION)
4122 {
4123 /*
4124 * Add a new limit for Validate-Job using the Print-Job limit as a
4125 * template...
4126 */
4127
4128 cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Validate-Job defined in policy %s - using Print-Job's policy.", pol->name);
4129
4130 cupsdAddPolicyOp(pol, op, IPP_VALIDATE_JOB);
4131 }
4132 else
4133 cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Validate-Job defined in policy %s and no suitable template found.", pol->name);
4134 }
4135
4136 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_JOBS)) == NULL ||
4137 op->op == IPP_ANY_OPERATION)
4138 {
4139 if ((op = cupsdFindPolicyOp(pol, IPP_PAUSE_PRINTER)) != NULL &&
4140 op->op != IPP_ANY_OPERATION)
4141 {
4142 /*
4143 * Add a new limit for Cancel-Jobs using the Pause-Printer limit as a
4144 * template...
4145 */
4146
4147 cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Cancel-Jobs defined in policy %s - using Pause-Printer's policy.", pol->name);
4148
4149 cupsdAddPolicyOp(pol, op, IPP_CANCEL_JOBS);
4150 }
4151 else
4152 cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Cancel-Jobs defined in policy %s and no suitable template found.", pol->name);
4153 }
4154
4155 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_MY_JOBS)) == NULL ||
4156 op->op == IPP_ANY_OPERATION)
4157 {
4158 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
4159 op->op != IPP_ANY_OPERATION)
4160 {
4161 /*
4162 * Add a new limit for Cancel-My-Jobs using the Send-Document limit as
4163 * a template...
4164 */
4165
4166 cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Cancel-My-Jobs defined in policy %s - using Send-Document's policy.", pol->name);
4167
4168 cupsdAddPolicyOp(pol, op, IPP_CANCEL_MY_JOBS);
4169 }
4170 else
4171 cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Cancel-My-Jobs defined in policy %s and no suitable template found.", pol->name);
4172 }
4173
4174 if ((op = cupsdFindPolicyOp(pol, IPP_CLOSE_JOB)) == NULL ||
4175 op->op == IPP_ANY_OPERATION)
4176 {
4177 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
4178 op->op != IPP_ANY_OPERATION)
4179 {
4180 /*
4181 * Add a new limit for Close-Job using the Send-Document limit as a
4182 * template...
4183 */
4184
4185 cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Close-Job defined in policy %s - using Send-Document's policy.", pol->name);
4186
4187 cupsdAddPolicyOp(pol, op, IPP_CLOSE_JOB);
4188 }
4189 else
4190 cupsdLogMessage(CUPSD_LOG_WARN, "No limit for Close-Job defined in policy %s and no suitable template found.", pol->name);
4191 }
4192
4193 if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL ||
4194 op->op == IPP_ANY_OPERATION)
4195 {
4196 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
4197 op->op != IPP_ANY_OPERATION)
4198 {
4199 /*
4200 * Add a new limit for CUPS-Get-Document using the Send-Document
4201 * limit as a template...
4202 */
4203
4204 cupsdLogMessage(CUPSD_LOG_WARN, "No limit for CUPS-Get-Document defined in policy %s - using Send-Document's policy.", pol->name);
4205
4206 cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT);
4207 }
4208 else
4209 cupsdLogMessage(CUPSD_LOG_WARN, "No limit for CUPS-Get-Document defined in policy %s and no suitable template found.", pol->name);
4210 }
4211 }
4212
4213 /*
4214 * Verify we have JobPrivateAccess, JobPrivateValues,
4215 * SubscriptionPrivateAccess, and SubscriptionPrivateValues in the policy.
4216 */
4217
4218 if (!pol->job_access)
4219 {
4220 cupsdLogMessage(CUPSD_LOG_WARN, "No JobPrivateAccess defined in policy %s - using defaults.", pol->name);
4221 cupsdAddString(&(pol->job_access), "@OWNER");
4222 cupsdAddString(&(pol->job_access), "@SYSTEM");
4223 }
4224
4225 if (!pol->job_attrs)
4226 {
4227 cupsdLogMessage(CUPSD_LOG_WARN, "No JobPrivateValues defined in policy %s - using defaults.", pol->name);
4228 cupsdAddString(&(pol->job_attrs), "job-name");
4229 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
4230 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
4231 cupsdAddString(&(pol->job_attrs), "phone");
4232 }
4233
4234 if (!pol->sub_access)
4235 {
4236 cupsdLogMessage(CUPSD_LOG_WARN, "No SubscriptionPrivateAccess defined in policy %s - using defaults.", pol->name);
4237 cupsdAddString(&(pol->sub_access), "@OWNER");
4238 cupsdAddString(&(pol->sub_access), "@SYSTEM");
4239 }
4240
4241 if (!pol->sub_attrs)
4242 {
4243 cupsdLogMessage(CUPSD_LOG_WARN, "No SubscriptionPrivateValues defined in policy %s - using defaults.", pol->name);
4244 cupsdAddString(&(pol->sub_attrs), "notify-events");
4245 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
4246 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
4247 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
4248 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
4249 }
4250 }
Unnamed repository; edit this file 'description' to name the repository.