]> git.ipfire.org Git - thirdparty/cups.git/blob - scheduler/conf.c
projects / thirdparty / cups.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Save work.
[thirdparty/cups.git] / scheduler / conf.c
1 /*
2 * "$Id$"
3 *
4 * Configuration routines for the CUPS scheduler.
5 *
6 * Copyright 2007-2013 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
8 *
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
14 */
15
16 /*
17 * Include necessary headers...
18 */
19
20 #include "cupsd.h"
21 #include <stdarg.h>
22 #include <grp.h>
23 #include <sys/utsname.h>
24 #include <syslog.h>
25
26 #ifdef HAVE_LIBPAPER
27 # include <paper.h>
28 #endif /* HAVE_LIBPAPER */
29
30
31 /*
32 * Possibly missing network definitions...
33 */
34
35 #ifndef INADDR_NONE
36 # define INADDR_NONE 0xffffffff
37 #endif /* !INADDR_NONE */
38
39
40 /*
41 * Configuration variable structure...
42 */
43
44 typedef enum
45 {
46 CUPSD_VARTYPE_INTEGER, /* Integer option */
47 CUPSD_VARTYPE_TIME, /* Time interval option */
48 CUPSD_VARTYPE_STRING, /* String option */
49 CUPSD_VARTYPE_BOOLEAN, /* Boolean option */
50 CUPSD_VARTYPE_PATHNAME /* File/directory name option */
51 } cupsd_vartype_t;
52
53 typedef struct
54 {
55 const char *name; /* Name of variable */
56 void *ptr; /* Pointer to variable */
57 cupsd_vartype_t type; /* Type (int, string, address) */
58 } cupsd_var_t;
59
60
61 /*
62 * Local globals...
63 */
64
65 static const cupsd_var_t cupsd_vars[] =
66 {
67 { "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN },
68 #if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
69 { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_STRING },
70 #endif /* HAVE_DNSSD || HAVE_AVAHI */
71 { "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN },
72 { "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN },
73 { "Classification", &Classification, CUPSD_VARTYPE_STRING },
74 { "ClassifyOverride", &ClassifyOverride, CUPSD_VARTYPE_BOOLEAN },
75 { "DefaultLanguage", &DefaultLanguage, CUPSD_VARTYPE_STRING },
76 { "DefaultLeaseDuration", &DefaultLeaseDuration, CUPSD_VARTYPE_TIME },
77 { "DefaultPaperSize", &DefaultPaperSize, CUPSD_VARTYPE_STRING },
78 { "DefaultPolicy", &DefaultPolicy, CUPSD_VARTYPE_STRING },
79 { "DefaultShared", &DefaultShared, CUPSD_VARTYPE_BOOLEAN },
80 { "DirtyCleanInterval", &DirtyCleanInterval, CUPSD_VARTYPE_TIME },
81 { "ErrorPolicy", &ErrorPolicy, CUPSD_VARTYPE_STRING },
82 { "FilterLimit", &FilterLimit, CUPSD_VARTYPE_INTEGER },
83 { "FilterNice", &FilterNice, CUPSD_VARTYPE_INTEGER },
84 #ifdef HAVE_GSSAPI
85 { "GSSServiceName", &GSSServiceName, CUPSD_VARTYPE_STRING },
86 #endif /* HAVE_GSSAPI */
87 { "JobKillDelay", &JobKillDelay, CUPSD_VARTYPE_TIME },
88 { "JobRetryLimit", &JobRetryLimit, CUPSD_VARTYPE_INTEGER },
89 { "JobRetryInterval", &JobRetryInterval, CUPSD_VARTYPE_TIME },
90 { "KeepAliveTimeout", &KeepAliveTimeout, CUPSD_VARTYPE_TIME },
91 { "KeepAlive", &KeepAlive, CUPSD_VARTYPE_BOOLEAN },
92 #ifdef HAVE_LAUNCHD
93 { "LaunchdTimeout", &LaunchdTimeout, CUPSD_VARTYPE_TIME },
94 #endif /* HAVE_LAUNCHD */
95 { "LimitRequestBody", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
96 { "ListenBackLog", &ListenBackLog, CUPSD_VARTYPE_INTEGER },
97 { "LogDebugHistory", &LogDebugHistory, CUPSD_VARTYPE_INTEGER },
98 { "MaxActiveJobs", &MaxActiveJobs, CUPSD_VARTYPE_INTEGER },
99 { "MaxClients", &MaxClients, CUPSD_VARTYPE_INTEGER },
100 { "MaxClientsPerHost", &MaxClientsPerHost, CUPSD_VARTYPE_INTEGER },
101 { "MaxCopies", &MaxCopies, CUPSD_VARTYPE_INTEGER },
102 { "MaxEvents", &MaxEvents, CUPSD_VARTYPE_INTEGER },
103 { "MaxHoldTime", &MaxHoldTime, CUPSD_VARTYPE_TIME },
104 { "MaxJobs", &MaxJobs, CUPSD_VARTYPE_INTEGER },
105 { "MaxJobsPerPrinter", &MaxJobsPerPrinter, CUPSD_VARTYPE_INTEGER },
106 { "MaxJobsPerUser", &MaxJobsPerUser, CUPSD_VARTYPE_INTEGER },
107 { "MaxJobTime", &MaxJobTime, CUPSD_VARTYPE_INTEGER },
108 { "MaxLeaseDuration", &MaxLeaseDuration, CUPSD_VARTYPE_TIME },
109 { "MaxLogSize", &MaxLogSize, CUPSD_VARTYPE_INTEGER },
110 { "MaxRequestSize", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
111 { "MaxSubscriptions", &MaxSubscriptions, CUPSD_VARTYPE_INTEGER },
112 { "MaxSubscriptionsPerJob", &MaxSubscriptionsPerJob, CUPSD_VARTYPE_INTEGER },
113 { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER },
114 { "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER },
115 { "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_TIME },
116 { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING },
117 { "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_TIME },
118 { "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_TIME },
119 { "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_TIME },
120 { "RIPCache", &RIPCache, CUPSD_VARTYPE_STRING },
121 { "RootCertDuration", &RootCertDuration, CUPSD_VARTYPE_TIME },
122 { "ServerAdmin", &ServerAdmin, CUPSD_VARTYPE_STRING },
123 { "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
124 { "StrictConformance", &StrictConformance, CUPSD_VARTYPE_BOOLEAN },
125 { "Timeout", &Timeout, CUPSD_VARTYPE_TIME },
126 { "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN }
127 };
128 static const cupsd_var_t cupsfiles_vars[] =
129 {
130 { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
131 { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
132 { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_INTEGER },
133 { "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
134 { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
135 { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
136 { "FileDevice", &FileDevice, CUPSD_VARTYPE_BOOLEAN },
137 { "FontPath", &FontPath, CUPSD_VARTYPE_STRING },
138 { "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_INTEGER },
139 { "LPDConfigFile", &LPDConfigFile, CUPSD_VARTYPE_STRING },
140 { "PageLog", &PageLog, CUPSD_VARTYPE_STRING },
141 { "Printcap", &Printcap, CUPSD_VARTYPE_STRING },
142 { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
143 { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
144 { "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME },
145 #ifdef HAVE_SSL
146 # ifdef HAVE_GNUTLS
147 { "ServerCertificate", &ServerCertificate, CUPSD_VARTYPE_PATHNAME },
148 { "ServerKey", &ServerKey, CUPSD_VARTYPE_PATHNAME },
149 # endif /* HAVE_GNUTLS */
150 { "ServerKeychain", &ServerKeychain, CUPSD_VARTYPE_PATHNAME },
151 #endif /* HAVE_SSL */
152 { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME },
153 { "SMBConfigFile", &SMBConfigFile, CUPSD_VARTYPE_STRING },
154 { "StateDir", &StateDir, CUPSD_VARTYPE_STRING },
155 { "SyncOnClose", &SyncOnClose, CUPSD_VARTYPE_BOOLEAN },
156 #ifdef HAVE_AUTHORIZATION_H
157 { "SystemGroupAuthKey", &SystemGroupAuthKey, CUPSD_VARTYPE_STRING },
158 #endif /* HAVE_AUTHORIZATION_H */
159 { "TempDir", &TempDir, CUPSD_VARTYPE_PATHNAME }
160 };
161
162 static int default_auth_type = CUPSD_AUTH_AUTO;
163 /* Default AuthType, if not specified */
164
165 static const unsigned ones[4] =
166 {
167 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff
168 };
169 static const unsigned zeros[4] =
170 {
171 0x00000000, 0x00000000, 0x00000000, 0x00000000
172 };
173
174
175 /*
176 * Local functions...
177 */
178
179 static http_addrlist_t *get_address(const char *value, int defport);
180 static int get_addr_and_mask(const char *value, unsigned *ip,
181 unsigned *mask);
182 static void mime_error_cb(void *ctx, const char *message);
183 static int parse_aaa(cupsd_location_t *loc, char *line,
184 char *value, int linenum);
185 static int parse_fatal_errors(const char *s);
186 static int parse_groups(const char *s);
187 static int parse_protocols(const char *s);
188 static int parse_variable(const char *filename, int linenum,
189 const char *line, const char *value,
190 size_t num_vars,
191 const cupsd_var_t *vars);
192 static int read_cupsd_conf(cups_file_t *fp);
193 static int read_cups_files_conf(cups_file_t *fp);
194 static int read_location(cups_file_t *fp, char *name, int linenum);
195 static int read_policy(cups_file_t *fp, char *name, int linenum);
196 static void set_policy_defaults(cupsd_policy_t *pol);
197
198
199 /*
200 * 'cupsdAddAlias()' - Add a host alias.
201 */
202
203 void
204 cupsdAddAlias(cups_array_t *aliases, /* I - Array of aliases */
205 const char *name) /* I - Name to add */
206 {
207 cupsd_alias_t *a; /* New alias */
208 size_t namelen; /* Length of name */
209
210
211 namelen = strlen(name);
212
213 if ((a = (cupsd_alias_t *)malloc(sizeof(cupsd_alias_t) + namelen)) == NULL)
214 return;
215
216 a->namelen = namelen;
217 memcpy(a->name, name, namelen + 1); /* OK since a->name is allocated */
218
219 cupsArrayAdd(aliases, a);
220 }
221
222
223 /*
224 * 'cupsdCheckPermissions()' - Fix the mode and ownership of a file or directory.
225 */
226
227 int /* O - 0 on success, -1 on error, 1 on warning */
228 cupsdCheckPermissions(
229 const char *filename, /* I - File/directory name */
230 const char *suffix, /* I - Additional file/directory name */
231 int mode, /* I - Permissions */
232 int user, /* I - Owner */
233 int group, /* I - Group */
234 int is_dir, /* I - 1 = directory, 0 = file */
235 int create_dir) /* I - 1 = create directory, -1 = create w/o logging, 0 = not */
236 {
237 int dir_created = 0; /* Did we create a directory? */
238 char pathname[1024]; /* File name with prefix */
239 struct stat fileinfo; /* Stat buffer */
240 int is_symlink; /* Is "filename" a symlink? */
241
242
243 /*
244 * Prepend the given root to the filename before testing it...
245 */
246
247 if (suffix)
248 {
249 snprintf(pathname, sizeof(pathname), "%s/%s", filename, suffix);
250 filename = pathname;
251 }
252
253 /*
254 * See if we can stat the file/directory...
255 */
256
257 if (lstat(filename, &fileinfo))
258 {
259 if (errno == ENOENT && create_dir)
260 {
261 if (create_dir > 0)
262 cupsdLogMessage(CUPSD_LOG_DEBUG, "Creating missing directory \"%s\"",
263 filename);
264
265 if (mkdir(filename, mode))
266 {
267 if (create_dir > 0)
268 cupsdLogMessage(CUPSD_LOG_ERROR,
269 "Unable to create directory \"%s\" - %s", filename,
270 strerror(errno));
271 else
272 syslog(LOG_ERR, "Unable to create directory \"%s\" - %s", filename,
273 strerror(errno));
274
275 return (-1);
276 }
277
278 dir_created = 1;
279 fileinfo.st_mode = mode | S_IFDIR;
280 }
281 else
282 return (create_dir ? -1 : 1);
283 }
284
285 if ((is_symlink = S_ISLNK(fileinfo.st_mode)) != 0)
286 {
287 if (stat(filename, &fileinfo))
288 {
289 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is a bad symlink - %s",
290 filename, strerror(errno));
291 return (-1);
292 }
293 }
294
295 /*
296 * Make sure it's a regular file or a directory as needed...
297 */
298
299 if (!dir_created && !is_dir && !S_ISREG(fileinfo.st_mode))
300 {
301 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a regular file.", filename);
302 return (-1);
303 }
304
305 if (!dir_created && is_dir && !S_ISDIR(fileinfo.st_mode))
306 {
307 if (create_dir >= 0)
308 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a directory.", filename);
309 else
310 syslog(LOG_ERR, "\"%s\" is not a directory.", filename);
311
312 return (-1);
313 }
314
315 /*
316 * If the filename is a symlink, do not change permissions (STR #2937)...
317 */
318
319 if (is_symlink)
320 return (0);
321
322 /*
323 * Fix owner, group, and mode as needed...
324 */
325
326 if (dir_created || fileinfo.st_uid != user || fileinfo.st_gid != group)
327 {
328 if (create_dir >= 0)
329 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing ownership of \"%s\"",
330 filename);
331
332 if (chown(filename, user, group) && !getuid())
333 {
334 if (create_dir >= 0)
335 cupsdLogMessage(CUPSD_LOG_ERROR,
336 "Unable to change ownership of \"%s\" - %s", filename,
337 strerror(errno));
338 else
339 syslog(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename,
340 strerror(errno));
341
342 return (1);
343 }
344 }
345
346 if (dir_created || (fileinfo.st_mode & 07777) != mode)
347 {
348 if (create_dir >= 0)
349 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing access permissions of \"%s\"",
350 filename);
351
352 if (chmod(filename, mode))
353 {
354 if (create_dir >= 0)
355 cupsdLogMessage(CUPSD_LOG_ERROR,
356 "Unable to change permissions of \"%s\" - %s", filename,
357 strerror(errno));
358 else
359 syslog(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename,
360 strerror(errno));
361
362 return (1);
363 }
364 }
365
366 /*
367 * Everything is OK...
368 */
369
370 return (0);
371 }
372
373
374 /*
375 * 'cupsdDefaultAuthType()' - Get the default AuthType.
376 *
377 * When the default_auth_type is "auto", this function tries to get the GSS
378 * credentials for the server. If that succeeds we use Kerberos authentication,
379 * otherwise we do a fallback to Basic authentication against the local user
380 * accounts.
381 */
382
383 int /* O - Default AuthType value */
384 cupsdDefaultAuthType(void)
385 {
386 #ifdef HAVE_GSSAPI
387 OM_uint32 major_status, /* Major status code */
388 minor_status; /* Minor status code */
389 gss_name_t server_name; /* Server name */
390 gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
391 /* Service name token */
392 char buf[1024]; /* Service name buffer */
393 #endif /* HAVE_GSSAPI */
394
395
396 /*
397 * If we have already determined the correct default AuthType, use it...
398 */
399
400 if (default_auth_type != CUPSD_AUTH_AUTO)
401 return (default_auth_type);
402
403 #ifdef HAVE_GSSAPI
404 # ifdef __APPLE__
405 /*
406 * If the weak-linked GSSAPI/Kerberos library is not present, don't try
407 * to use it...
408 */
409
410 if (gss_init_sec_context == NULL)
411 return (default_auth_type = CUPSD_AUTH_BASIC);
412 # endif /* __APPLE__ */
413
414 /*
415 * Try to obtain the server's GSS credentials (GSSServiceName@servername). If
416 * that fails we must use Basic...
417 */
418
419 snprintf(buf, sizeof(buf), "%s@%s", GSSServiceName, ServerName);
420
421 token.value = buf;
422 token.length = strlen(buf);
423 server_name = GSS_C_NO_NAME;
424 major_status = gss_import_name(&minor_status, &token,
425 GSS_C_NT_HOSTBASED_SERVICE,
426 &server_name);
427
428 memset(&token, 0, sizeof(token));
429
430 if (GSS_ERROR(major_status))
431 {
432 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
433 "cupsdDefaultAuthType: gss_import_name(%s) failed", buf);
434 return (default_auth_type = CUPSD_AUTH_BASIC);
435 }
436
437 major_status = gss_display_name(&minor_status, server_name, &token, NULL);
438
439 if (GSS_ERROR(major_status))
440 {
441 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
442 "cupsdDefaultAuthType: gss_display_name(%s) failed",
443 buf);
444 return (default_auth_type = CUPSD_AUTH_BASIC);
445 }
446
447 cupsdLogMessage(CUPSD_LOG_DEBUG,
448 "cupsdDefaultAuthType: Attempting to acquire Kerberos "
449 "credentials for %s...", (char *)token.value);
450
451 ServerCreds = GSS_C_NO_CREDENTIAL;
452 major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE,
453 GSS_C_NO_OID_SET, GSS_C_ACCEPT,
454 &ServerCreds, NULL, NULL);
455 if (GSS_ERROR(major_status))
456 {
457 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
458 "cupsdDefaultAuthType: gss_acquire_cred(%s) failed",
459 (char *)token.value);
460 gss_release_name(&minor_status, &server_name);
461 gss_release_buffer(&minor_status, &token);
462 return (default_auth_type = CUPSD_AUTH_BASIC);
463 }
464
465 cupsdLogMessage(CUPSD_LOG_DEBUG,
466 "cupsdDefaultAuthType: Kerberos credentials acquired "
467 "successfully for %s.", (char *)token.value);
468
469 gss_release_name(&minor_status, &server_name);
470 gss_release_buffer(&minor_status, &token);
471
472 HaveServerCreds = 1;
473
474 return (default_auth_type = CUPSD_AUTH_NEGOTIATE);
475
476 #else
477 /*
478 * No Kerberos support compiled in so just use Basic all the time...
479 */
480
481 return (default_auth_type = CUPSD_AUTH_BASIC);
482 #endif /* HAVE_GSSAPI */
483 }
484
485
486 /*
487 * 'cupsdFreeAliases()' - Free all of the alias entries.
488 */
489
490 void
491 cupsdFreeAliases(cups_array_t *aliases) /* I - Array of aliases */
492 {
493 cupsd_alias_t *a; /* Current alias */
494
495
496 for (a = (cupsd_alias_t *)cupsArrayFirst(aliases);
497 a;
498 a = (cupsd_alias_t *)cupsArrayNext(aliases))
499 free(a);
500
501 cupsArrayDelete(aliases);
502 }
503
504
505 /*
506 * 'cupsdReadConfiguration()' - Read the cupsd.conf file.
507 */
508
509 int /* O - 1 on success, 0 otherwise */
510 cupsdReadConfiguration(void)
511 {
512 int i; /* Looping var */
513 cups_file_t *fp; /* Configuration file */
514 int status; /* Return status */
515 char temp[1024], /* Temporary buffer */
516 mimedir[1024], /* MIME directory */
517 *slash; /* Directory separator */
518 cups_lang_t *language; /* Language */
519 struct passwd *user; /* Default user */
520 struct group *group; /* Default group */
521 char *old_serverroot, /* Old ServerRoot */
522 *old_requestroot; /* Old RequestRoot */
523 int old_remote_port; /* Old RemotePort */
524 const char *tmpdir; /* TMPDIR environment variable */
525 struct stat tmpinfo; /* Temporary directory info */
526 cupsd_policy_t *p; /* Policy */
527
528
529 /*
530 * Save the old root paths...
531 */
532
533 old_serverroot = NULL;
534 cupsdSetString(&old_serverroot, ServerRoot);
535 old_requestroot = NULL;
536 cupsdSetString(&old_requestroot, RequestRoot);
537
538 /*
539 * Reset the server configuration data...
540 */
541
542 cupsdDeleteAllLocations();
543
544 cupsdDeleteAllListeners();
545
546 old_remote_port = RemotePort;
547 RemotePort = 0;
548
549 /*
550 * String options...
551 */
552
553 cupsdFreeAliases(ServerAlias);
554 ServerAlias = NULL;
555
556 cupsdClearString(&ServerName);
557 cupsdClearString(&ServerAdmin);
558 cupsdSetString(&ServerBin, CUPS_SERVERBIN);
559 cupsdSetString(&RequestRoot, CUPS_REQUESTS);
560 cupsdSetString(&CacheDir, CUPS_CACHEDIR);
561 cupsdSetString(&DataDir, CUPS_DATADIR);
562 cupsdSetString(&DocumentRoot, CUPS_DOCROOT);
563 cupsdSetString(&AccessLog, CUPS_LOGDIR "/access_log");
564 cupsdClearString(&ErrorLog);
565 cupsdSetString(&PageLog, CUPS_LOGDIR "/page_log");
566 cupsdSetString(&PageLogFormat,
567 "%p %u %j %T %P %C %{job-billing} "
568 "%{job-originating-host-name} %{job-name} %{media} %{sides}");
569 cupsdSetString(&Printcap, CUPS_DEFAULT_PRINTCAP);
570 cupsdSetString(&FontPath, CUPS_FONTPATH);
571 cupsdSetString(&RemoteRoot, "remroot");
572 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d IPP/2.1", CUPS_VERSION_MAJOR,
573 CUPS_VERSION_MINOR);
574 cupsdSetString(&StateDir, CUPS_STATEDIR);
575
576 if (!strcmp(CUPS_DEFAULT_PRINTCAP, "/etc/printers.conf"))
577 PrintcapFormat = PRINTCAP_SOLARIS;
578 else if (!strcmp(CUPS_DEFAULT_PRINTCAP,
579 "/Library/Preferences/org.cups.printers.plist"))
580 PrintcapFormat = PRINTCAP_PLIST;
581 else
582 PrintcapFormat = PRINTCAP_BSD;
583
584 strlcpy(temp, ConfigurationFile, sizeof(temp));
585 if ((slash = strrchr(temp, '/')) != NULL)
586 *slash = '\0';
587
588 cupsdSetString(&ServerRoot, temp);
589
590 cupsdClearString(&Classification);
591 ClassifyOverride = 0;
592
593 #ifdef HAVE_SSL
594 # ifdef HAVE_GNUTLS
595 cupsdClearString(&ServerKeychain);
596 cupsdSetString(&ServerCertificate, "ssl/server.crt");
597 cupsdSetString(&ServerKey, "ssl/server.key");
598 # else
599 cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain");
600 # endif /* HAVE_GNUTLS */
601 #endif /* HAVE_SSL */
602
603 language = cupsLangDefault();
604
605 if (!strcmp(language->language, "C") || !strcmp(language->language, "POSIX"))
606 cupsdSetString(&DefaultLanguage, "en");
607 else
608 cupsdSetString(&DefaultLanguage, language->language);
609
610 cupsdClearString(&DefaultPaperSize);
611
612 cupsdSetString(&RIPCache, "128m");
613
614 cupsdSetString(&TempDir, NULL);
615
616 #ifdef HAVE_GSSAPI
617 cupsdSetString(&GSSServiceName, CUPS_DEFAULT_GSSSERVICENAME);
618
619 if (HaveServerCreds)
620 {
621 OM_uint32 minor_status; /* Minor status code */
622
623 gss_release_cred(&minor_status, &ServerCreds);
624
625 HaveServerCreds = 0;
626 }
627
628 ServerCreds = GSS_C_NO_CREDENTIAL;
629 #endif /* HAVE_GSSAPI */
630
631 /*
632 * Find the default user...
633 */
634
635 if ((user = getpwnam(CUPS_DEFAULT_USER)) != NULL)
636 User = user->pw_uid;
637 else
638 {
639 /*
640 * Use the (historical) NFS nobody user ID (-2 as a 16-bit twos-
641 * complement number...)
642 */
643
644 User = 65534;
645 }
646
647 endpwent();
648
649 /*
650 * Find the default group...
651 */
652
653 group = getgrnam(CUPS_DEFAULT_GROUP);
654 endgrent();
655
656 if (group)
657 Group = group->gr_gid;
658 else
659 {
660 /*
661 * Fallback to group "nobody"...
662 */
663
664 group = getgrnam("nobody");
665 endgrent();
666
667 if (group)
668 Group = group->gr_gid;
669 else
670 {
671 /*
672 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
673 * complement number...)
674 */
675
676 Group = 65534;
677 }
678 }
679
680 /*
681 * Numeric options...
682 */
683
684 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
685 ConfigFilePerm = CUPS_DEFAULT_CONFIG_FILE_PERM;
686 FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS);
687 default_auth_type = CUPSD_AUTH_BASIC;
688 #ifdef HAVE_SSL
689 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
690 #endif /* HAVE_SSL */
691 DirtyCleanInterval = DEFAULT_KEEPALIVE;
692 JobKillDelay = DEFAULT_TIMEOUT;
693 JobRetryLimit = 5;
694 JobRetryInterval = 300;
695 FileDevice = FALSE;
696 FilterLevel = 0;
697 FilterLimit = 0;
698 FilterNice = 0;
699 HostNameLookups = FALSE;
700 KeepAlive = TRUE;
701 KeepAliveTimeout = DEFAULT_KEEPALIVE;
702 ListenBackLog = SOMAXCONN;
703 LogDebugHistory = 200;
704 LogFilePerm = CUPS_DEFAULT_LOG_FILE_PERM;
705 LogLevel = CUPSD_LOG_WARN;
706 LogTimeFormat = CUPSD_TIME_STANDARD;
707 MaxClients = 100;
708 MaxClientsPerHost = 0;
709 MaxLogSize = 1024 * 1024;
710 MaxRequestSize = 0;
711 MultipleOperationTimeout = DEFAULT_TIMEOUT;
712 NumSystemGroups = 0;
713 ReloadTimeout = DEFAULT_KEEPALIVE;
714 RootCertDuration = 300;
715 StrictConformance = FALSE;
716 SyncOnClose = FALSE;
717 Timeout = DEFAULT_TIMEOUT;
718 WebInterface = CUPS_DEFAULT_WEBIF;
719
720 BrowseLocalProtocols = parse_protocols(CUPS_DEFAULT_BROWSE_LOCAL_PROTOCOLS);
721 BrowseWebIF = FALSE;
722 Browsing = CUPS_DEFAULT_BROWSING;
723 DefaultShared = CUPS_DEFAULT_DEFAULT_SHARED;
724
725 #if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
726 cupsdSetString(&DNSSDSubTypes, "_cups,_print");
727 #endif /* HAVE_DNSSD || HAVE_AVAHI */
728
729 cupsdSetString(&LPDConfigFile, CUPS_DEFAULT_LPD_CONFIG_FILE);
730 cupsdSetString(&SMBConfigFile, CUPS_DEFAULT_SMB_CONFIG_FILE);
731
732 cupsdSetString(&ErrorPolicy, "stop-printer");
733
734 JobHistory = DEFAULT_HISTORY;
735 JobFiles = DEFAULT_FILES;
736 JobAutoPurge = 0;
737 MaxHoldTime = 0;
738 MaxJobs = 500;
739 MaxActiveJobs = 0;
740 MaxJobsPerUser = 0;
741 MaxJobsPerPrinter = 0;
742 MaxJobTime = 3 * 60 * 60; /* 3 hours */
743 MaxCopies = CUPS_DEFAULT_MAX_COPIES;
744
745 cupsdDeleteAllPolicies();
746 cupsdClearString(&DefaultPolicy);
747
748 #ifdef HAVE_AUTHORIZATION_H
749 cupsdSetString(&SystemGroupAuthKey, CUPS_DEFAULT_SYSTEM_AUTHKEY);
750 #endif /* HAVE_AUTHORIZATION_H */
751
752 MaxSubscriptions = 100;
753 MaxSubscriptionsPerJob = 0;
754 MaxSubscriptionsPerPrinter = 0;
755 MaxSubscriptionsPerUser = 0;
756 DefaultLeaseDuration = 86400;
757 MaxLeaseDuration = 0;
758
759 #ifdef HAVE_LAUNCHD
760 LaunchdTimeout = 10;
761 #endif /* HAVE_LAUNCHD */
762
763 /*
764 * Setup environment variables...
765 */
766
767 cupsdInitEnv();
768
769 /*
770 * Read the cups-files.conf file...
771 */
772
773 if ((fp = cupsFileOpen(CupsFilesFile, "r")) != NULL)
774 {
775 status = read_cups_files_conf(fp);
776
777 cupsFileClose(fp);
778
779 if (!status)
780 {
781 if (TestConfigFile)
782 printf("\"%s\" contains errors.\n", CupsFilesFile);
783 else
784 syslog(LOG_LPR, "Unable to read \"%s\" due to errors.",
785 CupsFilesFile);
786
787 return (0);
788 }
789 }
790 else if (errno == ENOENT)
791 cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile);
792 else
793 {
794 syslog(LOG_LPR, "Unable to open \"%s\": %s", CupsFilesFile,
795 strerror(errno));
796 return (0);
797 }
798
799 if (!ErrorLog)
800 cupsdSetString(&ErrorLog, CUPS_LOGDIR "/error_log");
801
802 /*
803 * Read the cupsd.conf file...
804 */
805
806 if ((fp = cupsFileOpen(ConfigurationFile, "r")) == NULL)
807 {
808 syslog(LOG_LPR, "Unable to open \"%s\": %s", ConfigurationFile,
809 strerror(errno));
810 return (0);
811 }
812
813 status = read_cupsd_conf(fp);
814
815 cupsFileClose(fp);
816
817 if (!status)
818 {
819 if (TestConfigFile)
820 printf("\"%s\" contains errors.\n", ConfigurationFile);
821 else
822 syslog(LOG_LPR, "Unable to read \"%s\" due to errors.",
823 ConfigurationFile);
824
825 return (0);
826 }
827
828 RunUser = getuid();
829
830 cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
831 RemotePort ? "enabled" : "disabled");
832
833 if (!RemotePort)
834 BrowseLocalProtocols = 0; /* Disable sharing - no remote access */
835
836 /*
837 * See if the ServerName is an IP address...
838 */
839
840 if (ServerName)
841 {
842 if (!ServerAlias)
843 ServerAlias = cupsArrayNew(NULL, NULL);
844
845 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", ServerName);
846 }
847 else
848 {
849 if (gethostname(temp, sizeof(temp)))
850 {
851 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get hostname: %s",
852 strerror(errno));
853 strlcpy(temp, "localhost", sizeof(temp));
854 }
855
856 cupsdSetString(&ServerName, temp);
857
858 if (!ServerAlias)
859 ServerAlias = cupsArrayNew(NULL, NULL);
860
861 cupsdAddAlias(ServerAlias, temp);
862 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
863
864 if (HostNameLookups || RemotePort)
865 {
866 struct hostent *host; /* Host entry to get FQDN */
867
868 if ((host = gethostbyname(temp)) != NULL)
869 {
870 if (_cups_strcasecmp(temp, host->h_name))
871 {
872 cupsdSetString(&ServerName, host->h_name);
873 cupsdAddAlias(ServerAlias, host->h_name);
874 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
875 host->h_name);
876 }
877
878 if (host->h_aliases)
879 {
880 for (i = 0; host->h_aliases[i]; i ++)
881 if (_cups_strcasecmp(temp, host->h_aliases[i]))
882 {
883 cupsdAddAlias(ServerAlias, host->h_aliases[i]);
884 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
885 host->h_aliases[i]);
886 }
887 }
888 }
889 }
890
891 /*
892 * Make sure we have the base hostname added as an alias, too!
893 */
894
895 if ((slash = strchr(temp, '.')) != NULL)
896 {
897 *slash = '\0';
898 cupsdAddAlias(ServerAlias, temp);
899 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
900 }
901 }
902
903 for (slash = ServerName; isdigit(*slash & 255) || *slash == '.'; slash ++);
904
905 ServerNameIsIP = !*slash;
906
907 /*
908 * Make sure ServerAdmin is initialized...
909 */
910
911 if (!ServerAdmin)
912 cupsdSetStringf(&ServerAdmin, "root@%s", ServerName);
913
914 /*
915 * Use the default system group if none was supplied in cupsd.conf...
916 */
917
918 if (NumSystemGroups == 0)
919 {
920 if (!parse_groups(CUPS_DEFAULT_SYSTEM_GROUPS))
921 {
922 /*
923 * Find the group associated with GID 0...
924 */
925
926 group = getgrgid(0);
927 endgrent();
928
929 if (group != NULL)
930 cupsdSetString(&SystemGroups[0], group->gr_name);
931 else
932 cupsdSetString(&SystemGroups[0], "unknown");
933
934 SystemGroupIDs[0] = 0;
935 NumSystemGroups = 1;
936 }
937 }
938
939 /*
940 * Make sure ConfigFilePerm and LogFilePerm have sane values...
941 */
942
943 ConfigFilePerm &= 0664;
944 LogFilePerm &= 0664;
945
946 /*
947 * Open the system log for cupsd if necessary...
948 */
949
950 #ifdef HAVE_VSYSLOG
951 if (!strcmp(AccessLog, "syslog") ||
952 !strcmp(ErrorLog, "syslog") ||
953 !strcmp(PageLog, "syslog"))
954 openlog("cupsd", LOG_PID | LOG_NOWAIT | LOG_NDELAY, LOG_LPR);
955 #endif /* HAVE_VSYSLOG */
956
957 /*
958 * Make sure each of the log files exists and gets rotated as necessary...
959 */
960
961 if (strcmp(AccessLog, "syslog"))
962 cupsdCheckLogFile(&AccessFile, AccessLog);
963
964 if (strcmp(ErrorLog, "syslog"))
965 cupsdCheckLogFile(&ErrorFile, ErrorLog);
966
967 if (strcmp(PageLog, "syslog"))
968 cupsdCheckLogFile(&PageFile, PageLog);
969
970 /*
971 * Log the configuration file that was used...
972 */
973
974 cupsdLogMessage(CUPSD_LOG_INFO, "Loaded configuration file \"%s\"",
975 ConfigurationFile);
976
977 /*
978 * Validate the Group and SystemGroup settings - they cannot be the same,
979 * otherwise the CGI programs will be able to authenticate as root without
980 * a password!
981 */
982
983 if (!RunUser)
984 {
985 for (i = 0; i < NumSystemGroups; i ++)
986 if (Group == SystemGroupIDs[i])
987 break;
988
989 if (i < NumSystemGroups)
990 {
991 /*
992 * Log the error and reset the group to a safe value...
993 */
994
995 cupsdLogMessage(CUPSD_LOG_NOTICE,
996 "Group and SystemGroup cannot use the same groups.");
997 cupsdLogMessage(CUPSD_LOG_INFO, "Resetting Group to \"nobody\"...");
998
999 group = getgrnam("nobody");
1000 endgrent();
1001
1002 if (group != NULL)
1003 Group = group->gr_gid;
1004 else
1005 {
1006 /*
1007 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
1008 * complement number...)
1009 */
1010
1011 Group = 65534;
1012 }
1013 }
1014 }
1015
1016 /*
1017 * Check that we have at least one listen/port line; if not, report this
1018 * as an error and exit!
1019 */
1020
1021 if (cupsArrayCount(Listeners) == 0)
1022 {
1023 /*
1024 * No listeners!
1025 */
1026
1027 cupsdLogMessage(CUPSD_LOG_EMERG,
1028 "No valid Listen or Port lines were found in the "
1029 "configuration file.");
1030
1031 /*
1032 * Commit suicide...
1033 */
1034
1035 cupsdEndProcess(getpid(), 0);
1036 }
1037
1038 /*
1039 * Set the default locale using the language and charset...
1040 */
1041
1042 cupsdSetStringf(&DefaultLocale, "%s.UTF-8", DefaultLanguage);
1043
1044 /*
1045 * Update all relative filenames to include the full path from ServerRoot...
1046 */
1047
1048 if (DocumentRoot[0] != '/')
1049 cupsdSetStringf(&DocumentRoot, "%s/%s", ServerRoot, DocumentRoot);
1050
1051 if (RequestRoot[0] != '/')
1052 cupsdSetStringf(&RequestRoot, "%s/%s", ServerRoot, RequestRoot);
1053
1054 if (ServerBin[0] != '/')
1055 cupsdSetStringf(&ServerBin, "%s/%s", ServerRoot, ServerBin);
1056
1057 if (StateDir[0] != '/')
1058 cupsdSetStringf(&StateDir, "%s/%s", ServerRoot, StateDir);
1059
1060 if (CacheDir[0] != '/')
1061 cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir);
1062
1063 #ifdef HAVE_SSL
1064 # ifdef HAVE_GNUTLS
1065 if (ServerCertificate[0] != '/')
1066 cupsdSetStringf(&ServerCertificate, "%s/%s", ServerRoot, ServerCertificate);
1067
1068 if (!strncmp(ServerRoot, ServerCertificate, strlen(ServerRoot)) &&
1069 cupsdCheckPermissions(ServerCertificate, NULL, 0600, RunUser, Group,
1070 0, 0) < 0 &&
1071 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1072 return (0);
1073
1074 if (ServerKey[0] != '/')
1075 cupsdSetStringf(&ServerKey, "%s/%s", ServerRoot, ServerKey);
1076
1077 if (!strncmp(ServerRoot, ServerKey, strlen(ServerRoot)) &&
1078 cupsdCheckPermissions(ServerKey, NULL, 0600, RunUser, Group, 0, 0) < 0 &&
1079 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1080 return (0);
1081 # endif /* HAVE_GNUTLS */
1082
1083 if (ServerKeychain[0] != '/')
1084 cupsdSetStringf(&ServerKeychain, "%s/%s", ServerRoot, ServerKeychain);
1085 #endif /* HAVE_SSL */
1086
1087 /*
1088 * Make sure that directories and config files are owned and
1089 * writable by the user and group in the cupsd.conf file...
1090 */
1091
1092 snprintf(temp, sizeof(temp), "%s/rss", CacheDir);
1093
1094 if ((cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser,
1095 Group, 1, 1) < 0 ||
1096 cupsdCheckPermissions(CacheDir, NULL, 0775, RunUser,
1097 Group, 1, 1) < 0 ||
1098 cupsdCheckPermissions(temp, NULL, 0775, RunUser,
1099 Group, 1, 1) < 0 ||
1100 cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
1101 Group, 1, 1) < 0 ||
1102 cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
1103 SystemGroupIDs[0], 1, 1) < 0 ||
1104 cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
1105 Group, 1, 0) < 0 ||
1106 cupsdCheckPermissions(ServerRoot, "ppd", 0755, RunUser,
1107 Group, 1, 1) < 0 ||
1108 cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser,
1109 Group, 1, 0) < 0 ||
1110 cupsdCheckPermissions(ConfigurationFile, NULL, ConfigFilePerm, RunUser,
1111 Group, 0, 0) < 0 ||
1112 cupsdCheckPermissions(CupsFilesFile, NULL, ConfigFilePerm, RunUser,
1113 Group, 0, 0) < 0 ||
1114 cupsdCheckPermissions(ServerRoot, "classes.conf", 0600, RunUser,
1115 Group, 0, 0) < 0 ||
1116 cupsdCheckPermissions(ServerRoot, "printers.conf", 0600, RunUser,
1117 Group, 0, 0) < 0 ||
1118 cupsdCheckPermissions(ServerRoot, "passwd.md5", 0600, User,
1119 Group, 0, 0) < 0) &&
1120 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1121 return (0);
1122
1123 /*
1124 * Update TempDir to the default if it hasn't been set already...
1125 */
1126
1127 #ifdef __APPLE__
1128 if (TempDir && !RunUser &&
1129 (!strncmp(TempDir, "/private/tmp", 12) || !strncmp(TempDir, "/tmp", 4)))
1130 {
1131 cupsdLogMessage(CUPSD_LOG_ERROR, "Cannot use %s for TempDir.", TempDir);
1132 cupsdClearString(&TempDir);
1133 }
1134 #endif /* __APPLE__ */
1135
1136 if (!TempDir)
1137 {
1138 #ifdef __APPLE__
1139 if ((tmpdir = getenv("TMPDIR")) != NULL &&
1140 strncmp(tmpdir, "/private/tmp", 12) && strncmp(tmpdir, "/tmp", 4))
1141 #else
1142 if ((tmpdir = getenv("TMPDIR")) != NULL)
1143 #endif /* __APPLE__ */
1144 {
1145 /*
1146 * TMPDIR is defined, see if it is OK for us to use...
1147 */
1148
1149 if (stat(tmpdir, &tmpinfo))
1150 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to access TMPDIR (%s): %s",
1151 tmpdir, strerror(errno));
1152 else if (!S_ISDIR(tmpinfo.st_mode))
1153 cupsdLogMessage(CUPSD_LOG_ERROR, "TMPDIR (%s) is not a directory.",
1154 tmpdir);
1155 else if ((tmpinfo.st_uid != User || !(tmpinfo.st_mode & S_IWUSR)) &&
1156 (tmpinfo.st_gid != Group || !(tmpinfo.st_mode & S_IWGRP)) &&
1157 !(tmpinfo.st_mode & S_IWOTH))
1158 cupsdLogMessage(CUPSD_LOG_ERROR,
1159 "TMPDIR (%s) has the wrong permissions.", tmpdir);
1160 else
1161 cupsdSetString(&TempDir, tmpdir);
1162 }
1163 }
1164
1165 if (!TempDir)
1166 {
1167 cupsdLogMessage(CUPSD_LOG_INFO, "Using default TempDir of %s/tmp...",
1168 RequestRoot);
1169 cupsdSetStringf(&TempDir, "%s/tmp", RequestRoot);
1170 }
1171
1172 /*
1173 * Make sure the temporary directory has the right permissions...
1174 */
1175
1176 if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)) ||
1177 access(TempDir, 0))
1178 {
1179 /*
1180 * Update ownership and permissions if the CUPS temp directory
1181 * is under the spool directory or does not exist...
1182 */
1183
1184 if (cupsdCheckPermissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0 &&
1185 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1186 return (0);
1187 }
1188
1189 /*
1190 * Update environment variables...
1191 */
1192
1193 cupsdUpdateEnv();
1194
1195 /*
1196 * Update default paper size setting as needed...
1197 */
1198
1199 if (!DefaultPaperSize)
1200 {
1201 #ifdef HAVE_LIBPAPER
1202 char *paper_result; /* Paper size name from libpaper */
1203
1204 if ((paper_result = systempapername()) != NULL)
1205 cupsdSetString(&DefaultPaperSize, paper_result);
1206 else
1207 #endif /* HAVE_LIBPAPER */
1208 if (!DefaultLanguage ||
1209 !_cups_strcasecmp(DefaultLanguage, "C") ||
1210 !_cups_strcasecmp(DefaultLanguage, "POSIX") ||
1211 !_cups_strcasecmp(DefaultLanguage, "en") ||
1212 !_cups_strncasecmp(DefaultLanguage, "en.", 3) ||
1213 !_cups_strncasecmp(DefaultLanguage, "en_US", 5) ||
1214 !_cups_strncasecmp(DefaultLanguage, "en_CA", 5) ||
1215 !_cups_strncasecmp(DefaultLanguage, "fr_CA", 5))
1216 {
1217 /*
1218 * These are the only locales that will default to "letter" size...
1219 */
1220
1221 cupsdSetString(&DefaultPaperSize, "Letter");
1222 }
1223 else
1224 cupsdSetString(&DefaultPaperSize, "A4");
1225 }
1226
1227 /*
1228 * Update classification setting as needed...
1229 */
1230
1231 if (Classification && !_cups_strcasecmp(Classification, "none"))
1232 cupsdClearString(&Classification);
1233
1234 if (Classification)
1235 cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
1236
1237 /*
1238 * Check the MaxClients setting, and then allocate memory for it...
1239 */
1240
1241 if (MaxClients > (MaxFDs / 3) || MaxClients <= 0)
1242 {
1243 if (MaxClients > 0)
1244 cupsdLogMessage(CUPSD_LOG_INFO,
1245 "MaxClients limited to 1/3 (%d) of the file descriptor "
1246 "limit (%d)...",
1247 MaxFDs / 3, MaxFDs);
1248
1249 MaxClients = MaxFDs / 3;
1250 }
1251
1252 cupsdLogMessage(CUPSD_LOG_INFO, "Configured for up to %d clients.",
1253 MaxClients);
1254
1255 /*
1256 * Check the MaxActiveJobs setting; limit to 1/3 the available
1257 * file descriptors, since we need a pipe for each job...
1258 */
1259
1260 if (MaxActiveJobs > (MaxFDs / 3))
1261 MaxActiveJobs = MaxFDs / 3;
1262
1263 /*
1264 * Update the MaxClientsPerHost value, as needed...
1265 */
1266
1267 if (MaxClientsPerHost <= 0)
1268 MaxClientsPerHost = MaxClients;
1269
1270 if (MaxClientsPerHost > MaxClients)
1271 MaxClientsPerHost = MaxClients;
1272
1273 cupsdLogMessage(CUPSD_LOG_INFO,
1274 "Allowing up to %d client connections per host.",
1275 MaxClientsPerHost);
1276
1277 /*
1278 * Update the default policy, as needed...
1279 */
1280
1281 if (DefaultPolicy)
1282 DefaultPolicyPtr = cupsdFindPolicy(DefaultPolicy);
1283 else
1284 DefaultPolicyPtr = NULL;
1285
1286 if (!DefaultPolicyPtr)
1287 {
1288 cupsd_location_t *po; /* New policy operation */
1289
1290
1291 if (DefaultPolicy)
1292 cupsdLogMessage(CUPSD_LOG_ERROR, "Default policy \"%s\" not found.",
1293 DefaultPolicy);
1294
1295 cupsdSetString(&DefaultPolicy, "default");
1296
1297 if ((DefaultPolicyPtr = cupsdFindPolicy("default")) != NULL)
1298 cupsdLogMessage(CUPSD_LOG_INFO,
1299 "Using policy \"default\" as the default.");
1300 else
1301 {
1302 cupsdLogMessage(CUPSD_LOG_INFO,
1303 "Creating CUPS default administrative policy:");
1304
1305 DefaultPolicyPtr = p = cupsdAddPolicy("default");
1306
1307 cupsdLogMessage(CUPSD_LOG_INFO, "<Policy default>");
1308
1309 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateAccess default");
1310 cupsdAddString(&(p->job_access), "@OWNER");
1311 cupsdAddString(&(p->job_access), "@SYSTEM");
1312
1313 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateValues default");
1314 cupsdAddString(&(p->job_attrs), "job-name");
1315 cupsdAddString(&(p->job_attrs), "job-originating-host-name");
1316 cupsdAddString(&(p->job_attrs), "job-originating-user-name");
1317
1318 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateAccess default");
1319 cupsdAddString(&(p->sub_access), "@OWNER");
1320 cupsdAddString(&(p->sub_access), "@SYSTEM");
1321
1322 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateValues default");
1323 cupsdAddString(&(p->job_attrs), "notify-events");
1324 cupsdAddString(&(p->job_attrs), "notify-pull-method");
1325 cupsdAddString(&(p->job_attrs), "notify-recipient-uri");
1326 cupsdAddString(&(p->job_attrs), "notify-subscriber-user-name");
1327 cupsdAddString(&(p->job_attrs), "notify-user-data");
1328
1329 cupsdLogMessage(CUPSD_LOG_INFO,
1330 "<Limit Create-Job Print-Job Print-URI Validate-Job>");
1331 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1332
1333 po = cupsdAddPolicyOp(p, NULL, IPP_CREATE_JOB);
1334 po->order_type = CUPSD_AUTH_ALLOW;
1335
1336 cupsdAddPolicyOp(p, po, IPP_PRINT_JOB);
1337 cupsdAddPolicyOp(p, po, IPP_PRINT_URI);
1338 cupsdAddPolicyOp(p, po, IPP_VALIDATE_JOB);
1339
1340 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1341
1342 cupsdLogMessage(CUPSD_LOG_INFO,
1343 "<Limit Send-Document Send-URI Cancel-Job Hold-Job "
1344 "Release-Job Restart-Job Purge-Jobs "
1345 "Set-Job-Attributes Create-Job-Subscription "
1346 "Renew-Subscription Cancel-Subscription "
1347 "Get-Notifications Reprocess-Job Cancel-Current-Job "
1348 "Suspend-Current-Job Resume-Job "
1349 "Cancel-My-Jobs Close-Job CUPS-Move-Job "
1350 "CUPS-Authenticate-Job CUPS-Get-Document>");
1351 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1352
1353 po = cupsdAddPolicyOp(p, NULL, IPP_SEND_DOCUMENT);
1354 po->order_type = CUPSD_AUTH_ALLOW;
1355 po->level = CUPSD_AUTH_USER;
1356
1357 cupsdAddName(po, "@OWNER");
1358 cupsdAddName(po, "@SYSTEM");
1359 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @OWNER @SYSTEM");
1360
1361 cupsdAddPolicyOp(p, po, IPP_SEND_URI);
1362 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOB);
1363 cupsdAddPolicyOp(p, po, IPP_HOLD_JOB);
1364 cupsdAddPolicyOp(p, po, IPP_RELEASE_JOB);
1365 cupsdAddPolicyOp(p, po, IPP_RESTART_JOB);
1366 cupsdAddPolicyOp(p, po, IPP_PURGE_JOBS);
1367 cupsdAddPolicyOp(p, po, IPP_SET_JOB_ATTRIBUTES);
1368 cupsdAddPolicyOp(p, po, IPP_CREATE_JOB_SUBSCRIPTION);
1369 cupsdAddPolicyOp(p, po, IPP_RENEW_SUBSCRIPTION);
1370 cupsdAddPolicyOp(p, po, IPP_CANCEL_SUBSCRIPTION);
1371 cupsdAddPolicyOp(p, po, IPP_GET_NOTIFICATIONS);
1372 cupsdAddPolicyOp(p, po, IPP_REPROCESS_JOB);
1373 cupsdAddPolicyOp(p, po, IPP_CANCEL_CURRENT_JOB);
1374 cupsdAddPolicyOp(p, po, IPP_SUSPEND_CURRENT_JOB);
1375 cupsdAddPolicyOp(p, po, IPP_RESUME_JOB);
1376 cupsdAddPolicyOp(p, po, IPP_CANCEL_MY_JOBS);
1377 cupsdAddPolicyOp(p, po, IPP_CLOSE_JOB);
1378 cupsdAddPolicyOp(p, po, CUPS_MOVE_JOB);
1379 cupsdAddPolicyOp(p, po, CUPS_AUTHENTICATE_JOB);
1380 cupsdAddPolicyOp(p, po, CUPS_GET_DOCUMENT);
1381
1382 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1383
1384 cupsdLogMessage(CUPSD_LOG_INFO,
1385 "<Limit Pause-Printer Resume-Printer "
1386 "Set-Printer-Attributes Enable-Printer "
1387 "Disable-Printer Pause-Printer-After-Current-Job "
1388 "Hold-New-Jobs Release-Held-New-Jobs "
1389 "Deactivate-Printer Activate-Printer Restart-Printer "
1390 "Shutdown-Printer Startup-Printer Promote-Job "
1391 "Schedule-Job-After Cancel-Jobs CUPS-Add-Printer "
1392 "CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class "
1393 "CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>");
1394 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1395 cupsdLogMessage(CUPSD_LOG_INFO, "AuthType Default");
1396
1397 po = cupsdAddPolicyOp(p, NULL, IPP_PAUSE_PRINTER);
1398 po->order_type = CUPSD_AUTH_ALLOW;
1399 po->type = CUPSD_AUTH_DEFAULT;
1400 po->level = CUPSD_AUTH_USER;
1401
1402 cupsdAddName(po, "@SYSTEM");
1403 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @SYSTEM");
1404
1405 cupsdAddPolicyOp(p, po, IPP_RESUME_PRINTER);
1406 cupsdAddPolicyOp(p, po, IPP_SET_PRINTER_ATTRIBUTES);
1407 cupsdAddPolicyOp(p, po, IPP_ENABLE_PRINTER);
1408 cupsdAddPolicyOp(p, po, IPP_DISABLE_PRINTER);
1409 cupsdAddPolicyOp(p, po, IPP_PAUSE_PRINTER_AFTER_CURRENT_JOB);
1410 cupsdAddPolicyOp(p, po, IPP_HOLD_NEW_JOBS);
1411 cupsdAddPolicyOp(p, po, IPP_RELEASE_HELD_NEW_JOBS);
1412 cupsdAddPolicyOp(p, po, IPP_DEACTIVATE_PRINTER);
1413 cupsdAddPolicyOp(p, po, IPP_ACTIVATE_PRINTER);
1414 cupsdAddPolicyOp(p, po, IPP_RESTART_PRINTER);
1415 cupsdAddPolicyOp(p, po, IPP_SHUTDOWN_PRINTER);
1416 cupsdAddPolicyOp(p, po, IPP_STARTUP_PRINTER);
1417 cupsdAddPolicyOp(p, po, IPP_PROMOTE_JOB);
1418 cupsdAddPolicyOp(p, po, IPP_SCHEDULE_JOB_AFTER);
1419 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOBS);
1420 cupsdAddPolicyOp(p, po, CUPS_ADD_PRINTER);
1421 cupsdAddPolicyOp(p, po, CUPS_DELETE_PRINTER);
1422 cupsdAddPolicyOp(p, po, CUPS_ADD_CLASS);
1423 cupsdAddPolicyOp(p, po, CUPS_DELETE_CLASS);
1424 cupsdAddPolicyOp(p, po, CUPS_ACCEPT_JOBS);
1425 cupsdAddPolicyOp(p, po, CUPS_REJECT_JOBS);
1426 cupsdAddPolicyOp(p, po, CUPS_SET_DEFAULT);
1427
1428 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1429
1430 cupsdLogMessage(CUPSD_LOG_INFO, "<Limit All>");
1431 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1432
1433 po = cupsdAddPolicyOp(p, NULL, IPP_ANY_OPERATION);
1434 po->order_type = CUPSD_AUTH_ALLOW;
1435
1436 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1437 cupsdLogMessage(CUPSD_LOG_INFO, "</Policy>");
1438 }
1439 }
1440
1441 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: NumPolicies=%d",
1442 cupsArrayCount(Policies));
1443 for (i = 0, p = (cupsd_policy_t *)cupsArrayFirst(Policies);
1444 p;
1445 i ++, p = (cupsd_policy_t *)cupsArrayNext(Policies))
1446 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1447 "cupsdReadConfiguration: Policies[%d]=\"%s\"", i, p->name);
1448
1449 /*
1450 * If we are doing a full reload or the server root has changed, flush
1451 * the jobs, printers, etc. and start from scratch...
1452 */
1453
1454 if (NeedReload == RELOAD_ALL ||
1455 old_remote_port != RemotePort ||
1456 !old_serverroot || !ServerRoot || strcmp(old_serverroot, ServerRoot) ||
1457 !old_requestroot || !RequestRoot || strcmp(old_requestroot, RequestRoot))
1458 {
1459 mime_type_t *type; /* Current type */
1460 char mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE];
1461 /* MIME type name */
1462
1463
1464 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload is required.");
1465
1466 /*
1467 * Free all memory...
1468 */
1469
1470 cupsdDeleteAllSubscriptions();
1471 cupsdFreeAllJobs();
1472 cupsdDeleteAllPrinters();
1473
1474 DefaultPrinter = NULL;
1475
1476 if (MimeDatabase != NULL)
1477 mimeDelete(MimeDatabase);
1478
1479 if (NumMimeTypes)
1480 {
1481 for (i = 0; i < NumMimeTypes; i ++)
1482 _cupsStrFree(MimeTypes[i]);
1483
1484 free(MimeTypes);
1485 }
1486
1487 /*
1488 * Read the MIME type and conversion database...
1489 */
1490
1491 snprintf(temp, sizeof(temp), "%s/filter", ServerBin);
1492 snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir);
1493
1494 MimeDatabase = mimeNew();
1495 mimeSetErrorCallback(MimeDatabase, mime_error_cb, NULL);
1496
1497 MimeDatabase = mimeLoadTypes(MimeDatabase, mimedir);
1498 MimeDatabase = mimeLoadTypes(MimeDatabase, ServerRoot);
1499 MimeDatabase = mimeLoadFilters(MimeDatabase, mimedir, temp);
1500 MimeDatabase = mimeLoadFilters(MimeDatabase, ServerRoot, temp);
1501
1502 if (!MimeDatabase)
1503 {
1504 cupsdLogMessage(CUPSD_LOG_EMERG,
1505 "Unable to load MIME database from \"%s\" or \"%s\".",
1506 mimedir, ServerRoot);
1507 if (FatalErrors & CUPSD_FATAL_CONFIG)
1508 return (0);
1509 }
1510
1511 cupsdLogMessage(CUPSD_LOG_INFO,
1512 "Loaded MIME database from \"%s\" and \"%s\": %d types, "
1513 "%d filters...", mimedir, ServerRoot,
1514 mimeNumTypes(MimeDatabase), mimeNumFilters(MimeDatabase));
1515
1516 /*
1517 * Create a list of MIME types for the document-format-supported
1518 * attribute...
1519 */
1520
1521 NumMimeTypes = mimeNumTypes(MimeDatabase);
1522 if (!mimeType(MimeDatabase, "application", "octet-stream"))
1523 NumMimeTypes ++;
1524
1525 if ((MimeTypes = calloc(NumMimeTypes, sizeof(const char *))) == NULL)
1526 {
1527 cupsdLogMessage(CUPSD_LOG_ERROR,
1528 "Unable to allocate memory for %d MIME types.",
1529 NumMimeTypes);
1530 NumMimeTypes = 0;
1531 }
1532 else
1533 {
1534 for (i = 0, type = mimeFirstType(MimeDatabase);
1535 type;
1536 i ++, type = mimeNextType(MimeDatabase))
1537 {
1538 snprintf(mimetype, sizeof(mimetype), "%s/%s", type->super, type->type);
1539
1540 MimeTypes[i] = _cupsStrAlloc(mimetype);
1541 }
1542
1543 if (i < NumMimeTypes)
1544 MimeTypes[i] = _cupsStrAlloc("application/octet-stream");
1545 }
1546
1547 if (LogLevel == CUPSD_LOG_DEBUG2)
1548 {
1549 mime_filter_t *filter; /* Current filter */
1550
1551
1552 for (type = mimeFirstType(MimeDatabase);
1553 type;
1554 type = mimeNextType(MimeDatabase))
1555 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: type %s/%s",
1556 type->super, type->type);
1557
1558 for (filter = mimeFirstFilter(MimeDatabase);
1559 filter;
1560 filter = mimeNextFilter(MimeDatabase))
1561 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1562 "cupsdReadConfiguration: filter %s/%s to %s/%s %d %s",
1563 filter->src->super, filter->src->type,
1564 filter->dst->super, filter->dst->type,
1565 filter->cost, filter->filter);
1566 }
1567
1568 /*
1569 * Load banners...
1570 */
1571
1572 snprintf(temp, sizeof(temp), "%s/banners", DataDir);
1573 cupsdLoadBanners(temp);
1574
1575 /*
1576 * Load printers and classes...
1577 */
1578
1579 cupsdLoadAllPrinters();
1580 cupsdLoadAllClasses();
1581
1582 cupsdCreateCommonData();
1583
1584 /*
1585 * Update the printcap file as needed...
1586 */
1587
1588 if (Printcap && *Printcap && access(Printcap, 0))
1589 cupsdWritePrintcap();
1590
1591 /*
1592 * Load queued jobs...
1593 */
1594
1595 cupsdLoadAllJobs();
1596
1597 /*
1598 * Load subscriptions...
1599 */
1600
1601 cupsdLoadAllSubscriptions();
1602
1603 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload complete.");
1604 }
1605 else
1606 {
1607 /*
1608 * Not a full reload, so recreate the common printer attributes...
1609 */
1610
1611 cupsdCreateCommonData();
1612
1613 /*
1614 * Update all jobs as needed...
1615 */
1616
1617 cupsdUpdateJobs();
1618
1619 /*
1620 * Update all printers as needed...
1621 */
1622
1623 cupsdUpdatePrinters();
1624 cupsdMarkDirty(CUPSD_DIRTY_PRINTCAP);
1625
1626 cupsdLogMessage(CUPSD_LOG_INFO, "Partial reload complete.");
1627 }
1628
1629 /*
1630 * Reset the reload state...
1631 */
1632
1633 NeedReload = RELOAD_NONE;
1634
1635 cupsdClearString(&old_serverroot);
1636 cupsdClearString(&old_requestroot);
1637
1638 return (1);
1639 }
1640
1641
1642 /*
1643 * 'get_address()' - Get an address + port number from a line.
1644 */
1645
1646 static http_addrlist_t * /* O - Pointer to list if address good, NULL if bad */
1647 get_address(const char *value, /* I - Value string */
1648 int defport) /* I - Default port */
1649 {
1650 char buffer[1024], /* Hostname + port number buffer */
1651 defpname[255], /* Default port name */
1652 *hostname, /* Hostname or IP */
1653 *portname; /* Port number or name */
1654 http_addrlist_t *addrlist; /* Address list */
1655
1656
1657 /*
1658 * Check for an empty value...
1659 */
1660
1661 if (!*value)
1662 {
1663 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad (empty) address.");
1664 return (NULL);
1665 }
1666
1667 /*
1668 * Grab a hostname and port number; if there is no colon and the port name
1669 * is only digits, then we have a port number by itself...
1670 */
1671
1672 strlcpy(buffer, value, sizeof(buffer));
1673
1674 if ((portname = strrchr(buffer, ':')) != NULL && !strchr(portname, ']'))
1675 {
1676 *portname++ = '\0';
1677 hostname = buffer;
1678 }
1679 else
1680 {
1681 for (portname = buffer; isdigit(*portname & 255); portname ++);
1682
1683 if (*portname)
1684 {
1685 /*
1686 * Use the default port...
1687 */
1688
1689 sprintf(defpname, "%d", defport);
1690 portname = defpname;
1691 hostname = buffer;
1692 }
1693 else
1694 {
1695 /*
1696 * The buffer contains just a port number...
1697 */
1698
1699 portname = buffer;
1700 hostname = NULL;
1701 }
1702 }
1703
1704 if (hostname && !strcmp(hostname, "*"))
1705 hostname = NULL;
1706
1707 /*
1708 * Now lookup the address using httpAddrGetList()...
1709 */
1710
1711 if ((addrlist = httpAddrGetList(hostname, AF_UNSPEC, portname)) == NULL)
1712 cupsdLogMessage(CUPSD_LOG_ERROR, "Hostname lookup for \"%s\" failed.",
1713 hostname ? hostname : "(nil)");
1714
1715 return (addrlist);
1716 }
1717
1718
1719 /*
1720 * 'get_addr_and_mask()' - Get an IP address and netmask.
1721 */
1722
1723 static int /* O - 1 on success, 0 on failure */
1724 get_addr_and_mask(const char *value, /* I - String from config file */
1725 unsigned *ip, /* O - Address value */
1726 unsigned *mask) /* O - Mask value */
1727 {
1728 int i, j, /* Looping vars */
1729 family, /* Address family */
1730 ipcount; /* Count of fields in address */
1731 unsigned ipval; /* Value */
1732 const char *maskval, /* Pointer to start of mask value */
1733 *ptr, /* Pointer into value */
1734 *ptr2; /* ... */
1735
1736
1737 /*
1738 * Get the address...
1739 */
1740
1741 ip[0] = ip[1] = ip[2] = ip[3] = 0x00000000;
1742 mask[0] = mask[1] = mask[2] = mask[3] = 0xffffffff;
1743
1744 if ((maskval = strchr(value, '/')) != NULL)
1745 maskval ++;
1746 else
1747 maskval = value + strlen(value);
1748
1749 #ifdef AF_INET6
1750 /*
1751 * Check for an IPv6 address...
1752 */
1753
1754 if (*value == '[')
1755 {
1756 /*
1757 * Parse hexadecimal IPv6/IPv4 address...
1758 */
1759
1760 family = AF_INET6;
1761
1762 for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
1763 {
1764 if (*ptr == ']')
1765 break;
1766 else if (!strncmp(ptr, "::", 2))
1767 {
1768 for (ptr2 = strchr(ptr + 2, ':'), j = 0;
1769 ptr2;
1770 ptr2 = strchr(ptr2 + 1, ':'), j ++);
1771
1772 i = 6 - j;
1773 ptr += 2;
1774 }
1775 else if (isdigit(*ptr & 255) && strchr(ptr + 1, '.') && i >= 6)
1776 {
1777 /*
1778 * Read IPv4 dotted quad...
1779 */
1780
1781 unsigned val[4] = { 0, 0, 0, 0 };
1782 /* IPv4 address values */
1783
1784 ipcount = sscanf(ptr, "%u.%u.%u.%u", val + 0, val + 1, val + 2,
1785 val + 3);
1786
1787 /*
1788 * Range check the IP numbers...
1789 */
1790
1791 for (i = 0; i < ipcount; i ++)
1792 if (val[i] > 255)
1793 return (0);
1794
1795 /*
1796 * Merge everything into a 32-bit IPv4 address in ip[3]...
1797 */
1798
1799 ip[3] = ((((((unsigned)val[0] << 8) | (unsigned)val[1]) << 8) |
1800 (unsigned)val[2]) << 8) | (unsigned)val[3];
1801
1802 if (ipcount < 4)
1803 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1804
1805 /*
1806 * If the leading words are all 0's then this is an IPv4 address...
1807 */
1808
1809 if (!val[0] && !val[1] && !val[2])
1810 family = AF_INET;
1811
1812 while (isdigit(*ptr & 255) || *ptr == '.')
1813 ptr ++;
1814 break;
1815 }
1816 else if (isxdigit(*ptr & 255))
1817 {
1818 ipval = strtoul(ptr, (char **)&ptr, 16);
1819
1820 if (*ptr == ':' && ptr[1] != ':')
1821 ptr ++;
1822
1823 if (ipval > 0xffff)
1824 return (0);
1825
1826 if (i & 1)
1827 ip[i / 2] |= ipval;
1828 else
1829 ip[i / 2] |= ipval << 16;
1830 }
1831 else
1832 return (0);
1833 }
1834
1835 if (*ptr != ']')
1836 return (0);
1837
1838 ptr ++;
1839
1840 if (*ptr && *ptr != '/')
1841 return (0);
1842 }
1843 else
1844 #endif /* AF_INET6 */
1845 {
1846 /*
1847 * Parse dotted-decimal IPv4 address...
1848 */
1849
1850 unsigned val[4] = { 0, 0, 0, 0 }; /* IPv4 address values */
1851
1852
1853 family = AF_INET;
1854 ipcount = sscanf(value, "%u.%u.%u.%u", val + 0, val + 1, val + 2, val + 3);
1855
1856 /*
1857 * Range check the IP numbers...
1858 */
1859
1860 for (i = 0; i < ipcount; i ++)
1861 if (val[i] > 255)
1862 return (0);
1863
1864 /*
1865 * Merge everything into a 32-bit IPv4 address in ip[3]...
1866 */
1867
1868 ip[3] = ((((((unsigned)val[0] << 8) | (unsigned)val[1]) << 8) |
1869 (unsigned)val[2]) << 8) | (unsigned)val[3];
1870
1871 if (ipcount < 4)
1872 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1873 }
1874
1875 if (*maskval)
1876 {
1877 /*
1878 * Get the netmask value(s)...
1879 */
1880
1881 memset(mask, 0, sizeof(unsigned) * 4);
1882
1883 if (strchr(maskval, '.'))
1884 {
1885 /*
1886 * Get dotted-decimal mask...
1887 */
1888
1889 if (family != AF_INET)
1890 return (0);
1891
1892 if (sscanf(maskval, "%u.%u.%u.%u", mask + 0, mask + 1, mask + 2,
1893 mask + 3) != 4)
1894 return (0);
1895
1896 mask[3] |= (((((unsigned)mask[0] << 8) | (unsigned)mask[1]) << 8) |
1897 (unsigned)mask[2]) << 8;
1898 mask[0] = mask[1] = mask[2] = 0;
1899 }
1900 else
1901 {
1902 /*
1903 * Get address/bits format...
1904 */
1905
1906 i = atoi(maskval);
1907
1908 #ifdef AF_INET6
1909 if (family == AF_INET6)
1910 {
1911 if (i > 128)
1912 return (0);
1913
1914 i = 128 - i;
1915
1916 if (i <= 96)
1917 mask[0] = 0xffffffff;
1918 else
1919 mask[0] = (0xffffffff << (i - 96)) & 0xffffffff;
1920
1921 if (i <= 64)
1922 mask[1] = 0xffffffff;
1923 else if (i >= 96)
1924 mask[1] = 0;
1925 else
1926 mask[1] = (0xffffffff << (i - 64)) & 0xffffffff;
1927
1928 if (i <= 32)
1929 mask[2] = 0xffffffff;
1930 else if (i >= 64)
1931 mask[2] = 0;
1932 else
1933 mask[2] = (0xffffffff << (i - 32)) & 0xffffffff;
1934
1935 if (i == 0)
1936 mask[3] = 0xffffffff;
1937 else if (i >= 32)
1938 mask[3] = 0;
1939 else
1940 mask[3] = (0xffffffff << i) & 0xffffffff;
1941 }
1942 else
1943 #endif /* AF_INET6 */
1944 {
1945 if (i > 32)
1946 return (0);
1947
1948 mask[0] = 0xffffffff;
1949 mask[1] = 0xffffffff;
1950 mask[2] = 0xffffffff;
1951
1952 if (i < 32)
1953 mask[3] = (0xffffffff << (32 - i)) & 0xffffffff;
1954 else
1955 mask[3] = 0xffffffff;
1956 }
1957 }
1958 }
1959
1960 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1961 "get_addr_and_mask(value=\"%s\", "
1962 "ip=[%08x:%08x:%08x:%08x], mask=[%08x:%08x:%08x:%08x])",
1963 value, ip[0], ip[1], ip[2], ip[3], mask[0], mask[1], mask[2],
1964 mask[3]);
1965
1966 /*
1967 * Check for a valid netmask; no fallback like in CUPS 1.1.x!
1968 */
1969
1970 if ((ip[0] & ~mask[0]) != 0 ||
1971 (ip[1] & ~mask[1]) != 0 ||
1972 (ip[2] & ~mask[2]) != 0 ||
1973 (ip[3] & ~mask[3]) != 0)
1974 return (0);
1975
1976 return (1);
1977 }
1978
1979
1980 /*
1981 * 'mime_error_cb()' - Log a MIME error.
1982 */
1983
1984 static void
1985 mime_error_cb(void *ctx, /* I - Context pointer (unused) */
1986 const char *message) /* I - Message */
1987 {
1988 (void)ctx;
1989
1990 cupsdLogMessage(CUPSD_LOG_ERROR, "%s", message);
1991 }
1992
1993
1994 /*
1995 * 'parse_aaa()' - Parse authentication, authorization, and access control lines.
1996 */
1997
1998 static int /* O - 1 on success, 0 on failure */
1999 parse_aaa(cupsd_location_t *loc, /* I - Location */
2000 char *line, /* I - Line from file */
2001 char *value, /* I - Start of value data */
2002 int linenum) /* I - Current line number */
2003 {
2004 char *valptr; /* Pointer into value */
2005 unsigned ip[4], /* IP address components */
2006 mask[4]; /* IP netmask components */
2007
2008
2009 if (!_cups_strcasecmp(line, "Encryption"))
2010 {
2011 /*
2012 * "Encryption xxx" - set required encryption level...
2013 */
2014
2015 if (!_cups_strcasecmp(value, "never"))
2016 loc->encryption = HTTP_ENCRYPT_NEVER;
2017 else if (!_cups_strcasecmp(value, "always"))
2018 {
2019 cupsdLogMessage(CUPSD_LOG_ERROR,
2020 "Encryption value \"%s\" on line %d is invalid in this "
2021 "context. Using \"required\" instead.", value, linenum);
2022
2023 loc->encryption = HTTP_ENCRYPT_REQUIRED;
2024 }
2025 else if (!_cups_strcasecmp(value, "required"))
2026 loc->encryption = HTTP_ENCRYPT_REQUIRED;
2027 else if (!_cups_strcasecmp(value, "ifrequested"))
2028 loc->encryption = HTTP_ENCRYPT_IF_REQUESTED;
2029 else
2030 {
2031 cupsdLogMessage(CUPSD_LOG_ERROR,
2032 "Unknown Encryption value %s on line %d.", value, linenum);
2033 return (0);
2034 }
2035 }
2036 else if (!_cups_strcasecmp(line, "Order"))
2037 {
2038 /*
2039 * "Order Deny,Allow" or "Order Allow,Deny"...
2040 */
2041
2042 if (!_cups_strncasecmp(value, "deny", 4))
2043 loc->order_type = CUPSD_AUTH_ALLOW;
2044 else if (!_cups_strncasecmp(value, "allow", 5))
2045 loc->order_type = CUPSD_AUTH_DENY;
2046 else
2047 {
2048 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown Order value %s on line %d.",
2049 value, linenum);
2050 return (0);
2051 }
2052 }
2053 else if (!_cups_strcasecmp(line, "Allow") || !_cups_strcasecmp(line, "Deny"))
2054 {
2055 /*
2056 * Allow [From] host/ip...
2057 * Deny [From] host/ip...
2058 */
2059
2060 while (*value)
2061 {
2062 if (!_cups_strncasecmp(value, "from", 4))
2063 {
2064 /*
2065 * Strip leading "from"...
2066 */
2067
2068 value += 4;
2069
2070 while (_cups_isspace(*value))
2071 value ++;
2072
2073 if (!*value)
2074 break;
2075 }
2076
2077 /*
2078 * Find the end of the value...
2079 */
2080
2081 for (valptr = value; *valptr && !_cups_isspace(*valptr); valptr ++);
2082
2083 while (_cups_isspace(*valptr))
2084 *valptr++ = '\0';
2085
2086 /*
2087 * Figure out what form the allow/deny address takes:
2088 *
2089 * All
2090 * None
2091 * *.domain.com
2092 * .domain.com
2093 * host.domain.com
2094 * nnn.*
2095 * nnn.nnn.*
2096 * nnn.nnn.nnn.*
2097 * nnn.nnn.nnn.nnn
2098 * nnn.nnn.nnn.nnn/mm
2099 * nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
2100 */
2101
2102 if (!_cups_strcasecmp(value, "all"))
2103 {
2104 /*
2105 * All hosts...
2106 */
2107
2108 if (!_cups_strcasecmp(line, "Allow"))
2109 cupsdAddIPMask(&(loc->allow), zeros, zeros);
2110 else
2111 cupsdAddIPMask(&(loc->deny), zeros, zeros);
2112 }
2113 else if (!_cups_strcasecmp(value, "none"))
2114 {
2115 /*
2116 * No hosts...
2117 */
2118
2119 if (!_cups_strcasecmp(line, "Allow"))
2120 cupsdAddIPMask(&(loc->allow), ones, zeros);
2121 else
2122 cupsdAddIPMask(&(loc->deny), ones, zeros);
2123 }
2124 #ifdef AF_INET6
2125 else if (value[0] == '*' || value[0] == '.' ||
2126 (!isdigit(value[0] & 255) && value[0] != '['))
2127 #else
2128 else if (value[0] == '*' || value[0] == '.' || !isdigit(value[0] & 255))
2129 #endif /* AF_INET6 */
2130 {
2131 /*
2132 * Host or domain name...
2133 */
2134
2135 if (value[0] == '*')
2136 value ++;
2137
2138 if (!_cups_strcasecmp(line, "Allow"))
2139 cupsdAddNameMask(&(loc->allow), value);
2140 else
2141 cupsdAddNameMask(&(loc->deny), value);
2142 }
2143 else
2144 {
2145 /*
2146 * One of many IP address forms...
2147 */
2148
2149 if (!get_addr_and_mask(value, ip, mask))
2150 {
2151 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d.",
2152 value, linenum);
2153 return (0);
2154 }
2155
2156 if (!_cups_strcasecmp(line, "Allow"))
2157 cupsdAddIPMask(&(loc->allow), ip, mask);
2158 else
2159 cupsdAddIPMask(&(loc->deny), ip, mask);
2160 }
2161
2162 /*
2163 * Advance to next value...
2164 */
2165
2166 value = valptr;
2167 }
2168 }
2169 else if (!_cups_strcasecmp(line, "AuthType"))
2170 {
2171 /*
2172 * AuthType {none,basic,digest,basicdigest,negotiate,default}
2173 */
2174
2175 if (!_cups_strcasecmp(value, "none"))
2176 {
2177 loc->type = CUPSD_AUTH_NONE;
2178 loc->level = CUPSD_AUTH_ANON;
2179 }
2180 else if (!_cups_strcasecmp(value, "basic"))
2181 {
2182 loc->type = CUPSD_AUTH_BASIC;
2183
2184 if (loc->level == CUPSD_AUTH_ANON)
2185 loc->level = CUPSD_AUTH_USER;
2186 }
2187 else if (!_cups_strcasecmp(value, "digest"))
2188 {
2189 loc->type = CUPSD_AUTH_DIGEST;
2190
2191 if (loc->level == CUPSD_AUTH_ANON)
2192 loc->level = CUPSD_AUTH_USER;
2193 }
2194 else if (!_cups_strcasecmp(value, "basicdigest"))
2195 {
2196 loc->type = CUPSD_AUTH_BASICDIGEST;
2197
2198 if (loc->level == CUPSD_AUTH_ANON)
2199 loc->level = CUPSD_AUTH_USER;
2200 }
2201 else if (!_cups_strcasecmp(value, "default"))
2202 {
2203 loc->type = CUPSD_AUTH_DEFAULT;
2204
2205 if (loc->level == CUPSD_AUTH_ANON)
2206 loc->level = CUPSD_AUTH_USER;
2207 }
2208 #ifdef HAVE_GSSAPI
2209 else if (!_cups_strcasecmp(value, "negotiate"))
2210 {
2211 loc->type = CUPSD_AUTH_NEGOTIATE;
2212
2213 if (loc->level == CUPSD_AUTH_ANON)
2214 loc->level = CUPSD_AUTH_USER;
2215 }
2216 #endif /* HAVE_GSSAPI */
2217 else
2218 {
2219 cupsdLogMessage(CUPSD_LOG_WARN,
2220 "Unknown authorization type %s on line %d.",
2221 value, linenum);
2222 return (0);
2223 }
2224 }
2225 else if (!_cups_strcasecmp(line, "AuthClass"))
2226 {
2227 /*
2228 * AuthClass anonymous, user, system, group
2229 */
2230
2231 if (!_cups_strcasecmp(value, "anonymous"))
2232 {
2233 loc->type = CUPSD_AUTH_NONE;
2234 loc->level = CUPSD_AUTH_ANON;
2235
2236 cupsdLogMessage(CUPSD_LOG_WARN,
2237 "\"AuthClass %s\" is deprecated; consider removing "
2238 "it from line %d.",
2239 value, linenum);
2240 }
2241 else if (!_cups_strcasecmp(value, "user"))
2242 {
2243 loc->level = CUPSD_AUTH_USER;
2244
2245 cupsdLogMessage(CUPSD_LOG_WARN,
2246 "\"AuthClass %s\" is deprecated; consider using "
2247 "\"Require valid-user\" on line %d.",
2248 value, linenum);
2249 }
2250 else if (!_cups_strcasecmp(value, "group"))
2251 {
2252 loc->level = CUPSD_AUTH_GROUP;
2253
2254 cupsdLogMessage(CUPSD_LOG_WARN,
2255 "\"AuthClass %s\" is deprecated; consider using "
2256 "\"Require user @groupname\" on line %d.",
2257 value, linenum);
2258 }
2259 else if (!_cups_strcasecmp(value, "system"))
2260 {
2261 loc->level = CUPSD_AUTH_GROUP;
2262
2263 cupsdAddName(loc, "@SYSTEM");
2264
2265 cupsdLogMessage(CUPSD_LOG_WARN,
2266 "\"AuthClass %s\" is deprecated; consider using "
2267 "\"Require user @SYSTEM\" on line %d.",
2268 value, linenum);
2269 }
2270 else
2271 {
2272 cupsdLogMessage(CUPSD_LOG_WARN,
2273 "Unknown authorization class %s on line %d.",
2274 value, linenum);
2275 return (0);
2276 }
2277 }
2278 else if (!_cups_strcasecmp(line, "AuthGroupName"))
2279 {
2280 cupsdAddName(loc, value);
2281
2282 cupsdLogMessage(CUPSD_LOG_WARN,
2283 "\"AuthGroupName %s\" directive is deprecated; consider "
2284 "using \"Require user @%s\" on line %d.",
2285 value, value, linenum);
2286 }
2287 else if (!_cups_strcasecmp(line, "Require"))
2288 {
2289 /*
2290 * Apache synonym for AuthClass and AuthGroupName...
2291 *
2292 * Get initial word:
2293 *
2294 * Require valid-user
2295 * Require group names
2296 * Require user names
2297 */
2298
2299 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
2300
2301 if (*valptr)
2302 *valptr++ = '\0';
2303
2304 if (!_cups_strcasecmp(value, "valid-user") ||
2305 !_cups_strcasecmp(value, "user"))
2306 loc->level = CUPSD_AUTH_USER;
2307 else if (!_cups_strcasecmp(value, "group"))
2308 loc->level = CUPSD_AUTH_GROUP;
2309 else
2310 {
2311 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Require type %s on line %d.",
2312 value, linenum);
2313 return (0);
2314 }
2315
2316 /*
2317 * Get the list of names from the line...
2318 */
2319
2320 for (value = valptr; *value;)
2321 {
2322 while (_cups_isspace(*value))
2323 value ++;
2324
2325 #ifdef HAVE_AUTHORIZATION_H
2326 if (!strncmp(value, "@AUTHKEY(", 9))
2327 {
2328 /*
2329 * Grab "@AUTHKEY(name)" value...
2330 */
2331
2332 for (valptr = value + 9; *valptr != ')' && *valptr; valptr ++);
2333
2334 if (*valptr)
2335 *valptr++ = '\0';
2336 }
2337 else
2338 #endif /* HAVE_AUTHORIZATION_H */
2339 if (*value == '\"' || *value == '\'')
2340 {
2341 /*
2342 * Grab quoted name...
2343 */
2344
2345 for (valptr = value + 1; *valptr != *value && *valptr; valptr ++);
2346
2347 value ++;
2348 }
2349 else
2350 {
2351 /*
2352 * Grab literal name.
2353 */
2354
2355 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
2356 }
2357
2358 if (*valptr)
2359 *valptr++ = '\0';
2360
2361 cupsdAddName(loc, value);
2362
2363 for (value = valptr; _cups_isspace(*value); value ++);
2364 }
2365 }
2366 else if (!_cups_strcasecmp(line, "Satisfy"))
2367 {
2368 if (!_cups_strcasecmp(value, "all"))
2369 loc->satisfy = CUPSD_AUTH_SATISFY_ALL;
2370 else if (!_cups_strcasecmp(value, "any"))
2371 loc->satisfy = CUPSD_AUTH_SATISFY_ANY;
2372 else
2373 {
2374 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Satisfy value %s on line %d.",
2375 value, linenum);
2376 return (0);
2377 }
2378 }
2379 else
2380 return (0);
2381
2382 return (1);
2383 }
2384
2385
2386 /*
2387 * 'parse_fatal_errors()' - Parse FatalErrors values in a string.
2388 */
2389
2390 static int /* O - FatalErrors bits */
2391 parse_fatal_errors(const char *s) /* I - FatalErrors string */
2392 {
2393 int fatal; /* FatalErrors bits */
2394 char value[1024], /* Value string */
2395 *valstart, /* Pointer into value */
2396 *valend; /* End of value */
2397
2398
2399 /*
2400 * Empty FatalErrors line yields NULL pointer...
2401 */
2402
2403 if (!s)
2404 return (CUPSD_FATAL_NONE);
2405
2406 /*
2407 * Loop through the value string,...
2408 */
2409
2410 strlcpy(value, s, sizeof(value));
2411
2412 fatal = CUPSD_FATAL_NONE;
2413
2414 for (valstart = value; *valstart;)
2415 {
2416 /*
2417 * Get the current space/comma-delimited kind name...
2418 */
2419
2420 for (valend = valstart; *valend; valend ++)
2421 if (_cups_isspace(*valend) || *valend == ',')
2422 break;
2423
2424 if (*valend)
2425 *valend++ = '\0';
2426
2427 /*
2428 * Add the error to the bitmask...
2429 */
2430
2431 if (!_cups_strcasecmp(valstart, "all"))
2432 fatal = CUPSD_FATAL_ALL;
2433 else if (!_cups_strcasecmp(valstart, "browse"))
2434 fatal |= CUPSD_FATAL_BROWSE;
2435 else if (!_cups_strcasecmp(valstart, "-browse"))
2436 fatal &= ~CUPSD_FATAL_BROWSE;
2437 else if (!_cups_strcasecmp(valstart, "config"))
2438 fatal |= CUPSD_FATAL_CONFIG;
2439 else if (!_cups_strcasecmp(valstart, "-config"))
2440 fatal &= ~CUPSD_FATAL_CONFIG;
2441 else if (!_cups_strcasecmp(valstart, "listen"))
2442 fatal |= CUPSD_FATAL_LISTEN;
2443 else if (!_cups_strcasecmp(valstart, "-listen"))
2444 fatal &= ~CUPSD_FATAL_LISTEN;
2445 else if (!_cups_strcasecmp(valstart, "log"))
2446 fatal |= CUPSD_FATAL_LOG;
2447 else if (!_cups_strcasecmp(valstart, "-log"))
2448 fatal &= ~CUPSD_FATAL_LOG;
2449 else if (!_cups_strcasecmp(valstart, "permissions"))
2450 fatal |= CUPSD_FATAL_PERMISSIONS;
2451 else if (!_cups_strcasecmp(valstart, "-permissions"))
2452 fatal &= ~CUPSD_FATAL_PERMISSIONS;
2453 else if (_cups_strcasecmp(valstart, "none"))
2454 cupsdLogMessage(CUPSD_LOG_ERROR,
2455 "Unknown FatalErrors kind \"%s\" ignored.", valstart);
2456
2457 for (valstart = valend; *valstart; valstart ++)
2458 if (!_cups_isspace(*valstart) || *valstart != ',')
2459 break;
2460 }
2461
2462 return (fatal);
2463 }
2464
2465
2466 /*
2467 * 'parse_groups()' - Parse system group names in a string.
2468 */
2469
2470 static int /* O - 1 on success, 0 on failure */
2471 parse_groups(const char *s) /* I - Space-delimited groups */
2472 {
2473 int status; /* Return status */
2474 char value[1024], /* Value string */
2475 *valstart, /* Pointer into value */
2476 *valend, /* End of value */
2477 quote; /* Quote character */
2478 struct group *group; /* Group */
2479
2480
2481 /*
2482 * Make a copy of the string and parse out the groups...
2483 */
2484
2485 strlcpy(value, s, sizeof(value));
2486
2487 status = 1;
2488 valstart = value;
2489
2490 while (*valstart && NumSystemGroups < MAX_SYSTEM_GROUPS)
2491 {
2492 if (*valstart == '\'' || *valstart == '\"')
2493 {
2494 /*
2495 * Scan quoted name...
2496 */
2497
2498 quote = *valstart++;
2499
2500 for (valend = valstart; *valend; valend ++)
2501 if (*valend == quote)
2502 break;
2503 }
2504 else
2505 {
2506 /*
2507 * Scan space or comma-delimited name...
2508 */
2509
2510 for (valend = valstart; *valend; valend ++)
2511 if (_cups_isspace(*valend) || *valend == ',')
2512 break;
2513 }
2514
2515 if (*valend)
2516 *valend++ = '\0';
2517
2518 group = getgrnam(valstart);
2519 if (group)
2520 {
2521 cupsdSetString(SystemGroups + NumSystemGroups, valstart);
2522 SystemGroupIDs[NumSystemGroups] = group->gr_gid;
2523
2524 NumSystemGroups ++;
2525 }
2526 else
2527 status = 0;
2528
2529 endgrent();
2530
2531 valstart = valend;
2532
2533 while (*valstart == ',' || _cups_isspace(*valstart))
2534 valstart ++;
2535 }
2536
2537 return (status);
2538 }
2539
2540
2541 /*
2542 * 'parse_protocols()' - Parse browse protocols in a string.
2543 */
2544
2545 static int /* O - Browse protocol bits */
2546 parse_protocols(const char *s) /* I - Space-delimited protocols */
2547 {
2548 int protocols; /* Browse protocol bits */
2549 char value[1024], /* Value string */
2550 *valstart, /* Pointer into value */
2551 *valend; /* End of value */
2552
2553
2554 /*
2555 * Empty protocol line yields NULL pointer...
2556 */
2557
2558 if (!s)
2559 return (0);
2560
2561 /*
2562 * Loop through the value string,...
2563 */
2564
2565 strlcpy(value, s, sizeof(value));
2566
2567 protocols = 0;
2568
2569 for (valstart = value; *valstart;)
2570 {
2571 /*
2572 * Get the current space/comma-delimited protocol name...
2573 */
2574
2575 for (valend = valstart; *valend; valend ++)
2576 if (_cups_isspace(*valend) || *valend == ',')
2577 break;
2578
2579 if (*valend)
2580 *valend++ = '\0';
2581
2582 /*
2583 * Add the protocol to the bitmask...
2584 */
2585
2586 if (!_cups_strcasecmp(valstart, "dnssd") ||
2587 !_cups_strcasecmp(valstart, "dns-sd") ||
2588 !_cups_strcasecmp(valstart, "bonjour"))
2589 protocols |= BROWSE_DNSSD;
2590 else if (!_cups_strcasecmp(valstart, "all"))
2591 protocols |= BROWSE_ALL;
2592 else if (_cups_strcasecmp(valstart, "none"))
2593 cupsdLogMessage(CUPSD_LOG_ERROR,
2594 "Unknown browse protocol \"%s\" ignored.", valstart);
2595
2596 for (valstart = valend; *valstart; valstart ++)
2597 if (!_cups_isspace(*valstart) || *valstart != ',')
2598 break;
2599 }
2600
2601 return (protocols);
2602 }
2603
2604
2605 /*
2606 * 'parse_variable()' - Parse a variable line.
2607 */
2608
2609 static int /* O - 1 on success, 0 on failure */
2610 parse_variable(
2611 const char *filename, /* I - Name of configuration file */
2612 int linenum, /* I - Line in configuration file */
2613 const char *line, /* I - Line from configuration file */
2614 const char *value, /* I - Value from configuration file */
2615 size_t num_vars, /* I - Number of variables */
2616 const cupsd_var_t *vars) /* I - Variables */
2617 {
2618 size_t i; /* Looping var */
2619 const cupsd_var_t *var; /* Variables */
2620 char temp[1024]; /* Temporary string */
2621
2622
2623 for (i = num_vars, var = vars; i > 0; i --, var ++)
2624 if (!_cups_strcasecmp(line, var->name))
2625 break;
2626
2627 if (i == 0)
2628 {
2629 /*
2630 * Unknown directive! Output an error message and continue...
2631 */
2632
2633 if (!value)
2634 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.",
2635 line, linenum, filename);
2636 else
2637 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
2638 line, linenum, filename);
2639
2640 return (0);
2641 }
2642
2643 switch (var->type)
2644 {
2645 case CUPSD_VARTYPE_INTEGER :
2646 if (!value)
2647 {
2648 cupsdLogMessage(CUPSD_LOG_ERROR,
2649 "Missing integer value for %s on line %d of %s.",
2650 line, linenum, filename);
2651 return (0);
2652 }
2653 else if (!isdigit(*value & 255))
2654 {
2655 cupsdLogMessage(CUPSD_LOG_ERROR,
2656 "Bad integer value for %s on line %d of %s.",
2657 line, linenum, filename);
2658 return (0);
2659 }
2660 else
2661 {
2662 int n; /* Number */
2663 char *units; /* Units */
2664
2665 n = strtol(value, &units, 0);
2666
2667 if (units && *units)
2668 {
2669 if (tolower(units[0] & 255) == 'g')
2670 n *= 1024 * 1024 * 1024;
2671 else if (tolower(units[0] & 255) == 'm')
2672 n *= 1024 * 1024;
2673 else if (tolower(units[0] & 255) == 'k')
2674 n *= 1024;
2675 else if (tolower(units[0] & 255) == 't')
2676 n *= 262144;
2677 else
2678 {
2679 cupsdLogMessage(CUPSD_LOG_ERROR,
2680 "Unknown integer value for %s on line %d of %s.",
2681 line, linenum, filename);
2682 return (0);
2683 }
2684 }
2685
2686 if (n < 0)
2687 {
2688 cupsdLogMessage(CUPSD_LOG_ERROR,
2689 "Bad negative integer value for %s on line %d of "
2690 "%s.", line, linenum, filename);
2691 return (0);
2692 }
2693 else
2694 {
2695 *((int *)var->ptr) = n;
2696 }
2697 }
2698 break;
2699
2700 case CUPSD_VARTYPE_TIME :
2701 if (!value)
2702 {
2703 cupsdLogMessage(CUPSD_LOG_ERROR,
2704 "Missing time interval value for %s on line %d of "
2705 "%s.", line, linenum, filename);
2706 return (0);
2707 }
2708 else if (!_cups_strncasecmp(line, "PreserveJob", 11) &&
2709 (!_cups_strcasecmp(value, "true") ||
2710 !_cups_strcasecmp(value, "on") ||
2711 !_cups_strcasecmp(value, "enabled") ||
2712 !_cups_strcasecmp(value, "yes")))
2713 {
2714 *((int *)var->ptr) = INT_MAX;
2715 }
2716 else if (!_cups_strcasecmp(value, "false") ||
2717 !_cups_strcasecmp(value, "off") ||
2718 !_cups_strcasecmp(value, "disabled") ||
2719 !_cups_strcasecmp(value, "no"))
2720 {
2721 *((int *)var->ptr) = 0;
2722 }
2723 else if (!isdigit(*value & 255))
2724 {
2725 cupsdLogMessage(CUPSD_LOG_ERROR,
2726 "Unknown time interval value for %s on line %d of "
2727 "%s.", line, linenum, filename);
2728 return (0);
2729 }
2730 else
2731 {
2732 double n; /* Number */
2733 char *units; /* Units */
2734
2735 n = strtod(value, &units);
2736
2737 if (units && *units)
2738 {
2739 if (tolower(units[0] & 255) == 'w')
2740 n *= 7 * 24 * 60 * 60;
2741 else if (tolower(units[0] & 255) == 'd')
2742 n *= 24 * 60 * 60;
2743 else if (tolower(units[0] & 255) == 'h')
2744 n *= 60 * 60;
2745 else if (tolower(units[0] & 255) == 'm')
2746 n *= 60;
2747 else
2748 {
2749 cupsdLogMessage(CUPSD_LOG_ERROR,
2750 "Unknown time interval value for %s on line "
2751 "%d of %s.", line, linenum, filename);
2752 return (0);
2753 }
2754 }
2755
2756 if (n < 0.0 || n > INT_MAX)
2757 {
2758 cupsdLogMessage(CUPSD_LOG_ERROR,
2759 "Bad time value for %s on line %d of %s.",
2760 line, linenum, filename);
2761 return (0);
2762 }
2763 else
2764 {
2765 *((int *)var->ptr) = (int)n;
2766 }
2767 }
2768 break;
2769
2770 case CUPSD_VARTYPE_BOOLEAN :
2771 if (!value)
2772 {
2773 cupsdLogMessage(CUPSD_LOG_ERROR,
2774 "Missing boolean value for %s on line %d of %s.",
2775 line, linenum, filename);
2776 return (0);
2777 }
2778 else if (!_cups_strcasecmp(value, "true") ||
2779 !_cups_strcasecmp(value, "on") ||
2780 !_cups_strcasecmp(value, "enabled") ||
2781 !_cups_strcasecmp(value, "yes") ||
2782 atoi(value) != 0)
2783 {
2784 *((int *)var->ptr) = TRUE;
2785 }
2786 else if (!_cups_strcasecmp(value, "false") ||
2787 !_cups_strcasecmp(value, "off") ||
2788 !_cups_strcasecmp(value, "disabled") ||
2789 !_cups_strcasecmp(value, "no") ||
2790 !_cups_strcasecmp(value, "0"))
2791 {
2792 *((int *)var->ptr) = FALSE;
2793 }
2794 else
2795 {
2796 cupsdLogMessage(CUPSD_LOG_ERROR,
2797 "Unknown boolean value %s on line %d of %s.",
2798 value, linenum, filename);
2799 return (0);
2800 }
2801 break;
2802
2803 case CUPSD_VARTYPE_PATHNAME :
2804 if (!value)
2805 {
2806 cupsdLogMessage(CUPSD_LOG_ERROR,
2807 "Missing pathname value for %s on line %d of %s.",
2808 line, linenum, filename);
2809 return (0);
2810 }
2811
2812 if (value[0] == '/')
2813 strlcpy(temp, value, sizeof(temp));
2814 else
2815 snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value);
2816
2817 if (access(temp, 0))
2818 {
2819 cupsdLogMessage(CUPSD_LOG_ERROR,
2820 "File or directory for \"%s %s\" on line %d of %s "
2821 "does not exist.", line, value, linenum, filename);
2822 return (0);
2823 }
2824
2825 cupsdSetString((char **)var->ptr, temp);
2826 break;
2827
2828 case CUPSD_VARTYPE_STRING :
2829 cupsdSetString((char **)var->ptr, value);
2830 break;
2831 }
2832
2833 return (1);
2834 }
2835
2836
2837 /*
2838 * 'read_cupsd_conf()' - Read the cupsd.conf configuration file.
2839 */
2840
2841 static int /* O - 1 on success, 0 on failure */
2842 read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
2843 {
2844 int linenum; /* Current line number */
2845 char line[HTTP_MAX_BUFFER],
2846 /* Line from file */
2847 temp[HTTP_MAX_BUFFER],
2848 /* Temporary buffer for value */
2849 *value, /* Pointer to value */
2850 *valueptr; /* Pointer into value */
2851 int valuelen; /* Length of value */
2852 http_addrlist_t *addrlist, /* Address list */
2853 *addr; /* Current address */
2854 cups_file_t *incfile; /* Include file */
2855 char incname[1024]; /* Include filename */
2856
2857
2858 /*
2859 * Loop through each line in the file...
2860 */
2861
2862 linenum = 0;
2863
2864 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
2865 {
2866 /*
2867 * Decode the directive...
2868 */
2869
2870 if (!_cups_strcasecmp(line, "Include") && value)
2871 {
2872 /*
2873 * Include filename
2874 */
2875
2876 if (value[0] == '/')
2877 strlcpy(incname, value, sizeof(incname));
2878 else
2879 snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value);
2880
2881 if ((incfile = cupsFileOpen(incname, "rb")) == NULL)
2882 cupsdLogMessage(CUPSD_LOG_ERROR,
2883 "Unable to include config file \"%s\" - %s",
2884 incname, strerror(errno));
2885 else
2886 {
2887 read_cupsd_conf(incfile);
2888 cupsFileClose(incfile);
2889 }
2890 }
2891 else if (!_cups_strcasecmp(line, "<Location") && value)
2892 {
2893 /*
2894 * <Location path>
2895 */
2896
2897 linenum = read_location(fp, value, linenum);
2898 if (linenum == 0)
2899 return (0);
2900 }
2901 else if (!_cups_strcasecmp(line, "<Policy") && value)
2902 {
2903 /*
2904 * <Policy name>
2905 */
2906
2907 linenum = read_policy(fp, value, linenum);
2908 if (linenum == 0)
2909 return (0);
2910 }
2911 else if (!_cups_strcasecmp(line, "FaxRetryInterval") && value)
2912 {
2913 JobRetryInterval = atoi(value);
2914 cupsdLogMessage(CUPSD_LOG_WARN,
2915 "FaxRetryInterval is deprecated; use "
2916 "JobRetryInterval on line %d.", linenum);
2917 }
2918 else if (!_cups_strcasecmp(line, "FaxRetryLimit") && value)
2919 {
2920 JobRetryLimit = atoi(value);
2921 cupsdLogMessage(CUPSD_LOG_WARN,
2922 "FaxRetryLimit is deprecated; use "
2923 "JobRetryLimit on line %d.", linenum);
2924 }
2925 else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")
2926 #ifdef HAVE_SSL
2927 || !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen")
2928 #endif /* HAVE_SSL */
2929 ) && value)
2930 {
2931 /*
2932 * Add listening address(es) to the list...
2933 */
2934
2935 cupsd_listener_t *lis; /* New listeners array */
2936
2937
2938 /*
2939 * Get the address list...
2940 */
2941
2942 addrlist = get_address(value, IPP_PORT);
2943
2944 if (!addrlist)
2945 {
2946 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad %s address %s at line %d.", line,
2947 value, linenum);
2948 continue;
2949 }
2950
2951 /*
2952 * Add each address...
2953 */
2954
2955 for (addr = addrlist; addr; addr = addr->next)
2956 {
2957 /*
2958 * See if this address is already present...
2959 */
2960
2961 for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners);
2962 lis;
2963 lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
2964 if (httpAddrEqual(&(addr->addr), &(lis->address)) &&
2965 httpAddrPort(&(addr->addr)) == httpAddrPort(&(lis->address)))
2966 break;
2967
2968 if (lis)
2969 {
2970 httpAddrString(&lis->address, temp, sizeof(temp));
2971 cupsdLogMessage(CUPSD_LOG_WARN,
2972 "Duplicate listen address \"%s\" ignored.", temp);
2973 continue;
2974 }
2975
2976 /*
2977 * Allocate another listener...
2978 */
2979
2980 if (!Listeners)
2981 Listeners = cupsArrayNew(NULL, NULL);
2982
2983 if (!Listeners)
2984 {
2985 cupsdLogMessage(CUPSD_LOG_ERROR,
2986 "Unable to allocate %s at line %d - %s.",
2987 line, linenum, strerror(errno));
2988 break;
2989 }
2990
2991 if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
2992 {
2993 cupsdLogMessage(CUPSD_LOG_ERROR,
2994 "Unable to allocate %s at line %d - %s.",
2995 line, linenum, strerror(errno));
2996 break;
2997 }
2998
2999 cupsArrayAdd(Listeners, lis);
3000
3001 /*
3002 * Copy the current address and log it...
3003 */
3004
3005 memcpy(&(lis->address), &(addr->addr), sizeof(lis->address));
3006 lis->fd = -1;
3007
3008 #ifdef HAVE_SSL
3009 if (!_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen"))
3010 lis->encryption = HTTP_ENCRYPT_ALWAYS;
3011 #endif /* HAVE_SSL */
3012
3013 httpAddrString(&lis->address, temp, sizeof(temp));
3014
3015 #ifdef AF_LOCAL
3016 if (lis->address.addr.sa_family == AF_LOCAL)
3017 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s (Domain)", temp);
3018 else
3019 #endif /* AF_LOCAL */
3020 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s:%d (IPv%d)", temp,
3021 httpAddrPort(&(lis->address)),
3022 httpAddrFamily(&(lis->address)) == AF_INET ? 4 : 6);
3023
3024 if (!httpAddrLocalhost(&(lis->address)))
3025 RemotePort = httpAddrPort(&(lis->address));
3026 }
3027
3028 /*
3029 * Free the list...
3030 */
3031
3032 httpAddrFreeList(addrlist);
3033 }
3034 else if (!_cups_strcasecmp(line, "BrowseProtocols") ||
3035 !_cups_strcasecmp(line, "BrowseLocalProtocols"))
3036 {
3037 /*
3038 * "BrowseProtocols name [... name]"
3039 * "BrowseLocalProtocols name [... name]"
3040 */
3041
3042 int protocols = parse_protocols(value);
3043
3044 if (protocols < 0)
3045 {
3046 cupsdLogMessage(CUPSD_LOG_ERROR,
3047 "Unknown browse protocol \"%s\" on line %d.",
3048 value, linenum);
3049 break;
3050 }
3051
3052 BrowseLocalProtocols = protocols;
3053 }
3054 else if (!_cups_strcasecmp(line, "DefaultAuthType") && value)
3055 {
3056 /*
3057 * DefaultAuthType {basic,digest,basicdigest,negotiate}
3058 */
3059
3060 if (!_cups_strcasecmp(value, "none"))
3061 default_auth_type = CUPSD_AUTH_NONE;
3062 else if (!_cups_strcasecmp(value, "basic"))
3063 default_auth_type = CUPSD_AUTH_BASIC;
3064 else if (!_cups_strcasecmp(value, "digest"))
3065 default_auth_type = CUPSD_AUTH_DIGEST;
3066 else if (!_cups_strcasecmp(value, "basicdigest"))
3067 default_auth_type = CUPSD_AUTH_BASICDIGEST;
3068 #ifdef HAVE_GSSAPI
3069 else if (!_cups_strcasecmp(value, "negotiate"))
3070 default_auth_type = CUPSD_AUTH_NEGOTIATE;
3071 #endif /* HAVE_GSSAPI */
3072 else if (!_cups_strcasecmp(value, "auto"))
3073 default_auth_type = CUPSD_AUTH_AUTO;
3074 else
3075 {
3076 cupsdLogMessage(CUPSD_LOG_WARN,
3077 "Unknown default authorization type %s on line %d.",
3078 value, linenum);
3079 if (FatalErrors & CUPSD_FATAL_CONFIG)
3080 return (0);
3081 }
3082 }
3083 #ifdef HAVE_SSL
3084 else if (!_cups_strcasecmp(line, "DefaultEncryption"))
3085 {
3086 /*
3087 * DefaultEncryption {Never,IfRequested,Required}
3088 */
3089
3090 if (!value || !_cups_strcasecmp(value, "never"))
3091 DefaultEncryption = HTTP_ENCRYPT_NEVER;
3092 else if (!_cups_strcasecmp(value, "required"))
3093 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
3094 else if (!_cups_strcasecmp(value, "ifrequested"))
3095 DefaultEncryption = HTTP_ENCRYPT_IF_REQUESTED;
3096 else
3097 {
3098 cupsdLogMessage(CUPSD_LOG_WARN,
3099 "Unknown default encryption %s on line %d.",
3100 value, linenum);
3101 if (FatalErrors & CUPSD_FATAL_CONFIG)
3102 return (0);
3103 }
3104 }
3105 #endif /* HAVE_SSL */
3106 else if (!_cups_strcasecmp(line, "HostNameLookups") && value)
3107 {
3108 /*
3109 * Do hostname lookups?
3110 */
3111
3112 if (!_cups_strcasecmp(value, "off") || !_cups_strcasecmp(value, "no") ||
3113 !_cups_strcasecmp(value, "false"))
3114 HostNameLookups = 0;
3115 else if (!_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "yes") ||
3116 !_cups_strcasecmp(value, "true"))
3117 HostNameLookups = 1;
3118 else if (!_cups_strcasecmp(value, "double"))
3119 HostNameLookups = 2;
3120 else
3121 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown HostNameLookups %s on line %d.",
3122 value, linenum);
3123 }
3124 else if (!_cups_strcasecmp(line, "AccessLogLevel") && value)
3125 {
3126 /*
3127 * Amount of logging to do to access log...
3128 */
3129
3130 if (!_cups_strcasecmp(value, "all"))
3131 AccessLogLevel = CUPSD_ACCESSLOG_ALL;
3132 else if (!_cups_strcasecmp(value, "actions"))
3133 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
3134 else if (!_cups_strcasecmp(value, "config"))
3135 AccessLogLevel = CUPSD_ACCESSLOG_CONFIG;
3136 else
3137 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown AccessLogLevel %s on line %d.",
3138 value, linenum);
3139 }
3140 else if (!_cups_strcasecmp(line, "LogLevel") && value)
3141 {
3142 /*
3143 * Amount of logging to do to error log...
3144 */
3145
3146 if (!_cups_strcasecmp(value, "debug2"))
3147 LogLevel = CUPSD_LOG_DEBUG2;
3148 else if (!_cups_strcasecmp(value, "debug"))
3149 LogLevel = CUPSD_LOG_DEBUG;
3150 else if (!_cups_strcasecmp(value, "info"))
3151 LogLevel = CUPSD_LOG_INFO;
3152 else if (!_cups_strcasecmp(value, "notice"))
3153 LogLevel = CUPSD_LOG_NOTICE;
3154 else if (!_cups_strcasecmp(value, "warn"))
3155 LogLevel = CUPSD_LOG_WARN;
3156 else if (!_cups_strcasecmp(value, "error"))
3157 LogLevel = CUPSD_LOG_ERROR;
3158 else if (!_cups_strcasecmp(value, "crit"))
3159 LogLevel = CUPSD_LOG_CRIT;
3160 else if (!_cups_strcasecmp(value, "alert"))
3161 LogLevel = CUPSD_LOG_ALERT;
3162 else if (!_cups_strcasecmp(value, "emerg"))
3163 LogLevel = CUPSD_LOG_EMERG;
3164 else if (!_cups_strcasecmp(value, "none"))
3165 LogLevel = CUPSD_LOG_NONE;
3166 else
3167 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogLevel %s on line %d.",
3168 value, linenum);
3169 }
3170 else if (!_cups_strcasecmp(line, "LogTimeFormat") && value)
3171 {
3172 /*
3173 * Amount of logging to do to error log...
3174 */
3175
3176 if (!_cups_strcasecmp(value, "standard"))
3177 LogTimeFormat = CUPSD_TIME_STANDARD;
3178 else if (!_cups_strcasecmp(value, "usecs"))
3179 LogTimeFormat = CUPSD_TIME_USECS;
3180 else
3181 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogTimeFormat %s on line %d.",
3182 value, linenum);
3183 }
3184 else if (!_cups_strcasecmp(line, "ServerTokens") && value)
3185 {
3186 /*
3187 * Set the string used for the Server header...
3188 */
3189
3190 struct utsname plat; /* Platform info */
3191
3192
3193 uname(&plat);
3194
3195 if (!_cups_strcasecmp(value, "ProductOnly"))
3196 cupsdSetString(&ServerHeader, "CUPS IPP");
3197 else if (!_cups_strcasecmp(value, "Major"))
3198 cupsdSetStringf(&ServerHeader, "CUPS/%d IPP/2", CUPS_VERSION_MAJOR);
3199 else if (!_cups_strcasecmp(value, "Minor"))
3200 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d IPP/2.1", CUPS_VERSION_MAJOR,
3201 CUPS_VERSION_MINOR);
3202 else if (!_cups_strcasecmp(value, "Minimal"))
3203 cupsdSetString(&ServerHeader, CUPS_MINIMAL " IPP/2.1");
3204 else if (!_cups_strcasecmp(value, "OS"))
3205 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s %s) IPP/2.1",
3206 plat.sysname, plat.release);
3207 else if (!_cups_strcasecmp(value, "Full"))
3208 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s %s; %s) IPP/2.1",
3209 plat.sysname, plat.release, plat.machine);
3210 else if (!_cups_strcasecmp(value, "None"))
3211 cupsdClearString(&ServerHeader);
3212 else
3213 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d.",
3214 value, linenum);
3215 }
3216 else if (!_cups_strcasecmp(line, "PassEnv") && value)
3217 {
3218 /*
3219 * PassEnv variable [... variable]
3220 */
3221
3222 for (; *value;)
3223 {
3224 for (valuelen = 0; value[valuelen]; valuelen ++)
3225 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3226 break;
3227
3228 if (value[valuelen])
3229 {
3230 value[valuelen] = '\0';
3231 valuelen ++;
3232 }
3233
3234 cupsdSetEnv(value, NULL);
3235
3236 for (value += valuelen; *value; value ++)
3237 if (!_cups_isspace(*value) || *value != ',')
3238 break;
3239 }
3240 }
3241 else if (!_cups_strcasecmp(line, "ServerAlias") && value)
3242 {
3243 /*
3244 * ServerAlias name [... name]
3245 */
3246
3247 if (!ServerAlias)
3248 ServerAlias = cupsArrayNew(NULL, NULL);
3249
3250 for (; *value;)
3251 {
3252 for (valuelen = 0; value[valuelen]; valuelen ++)
3253 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3254 break;
3255
3256 if (value[valuelen])
3257 {
3258 value[valuelen] = '\0';
3259 valuelen ++;
3260 }
3261
3262 cupsdAddAlias(ServerAlias, value);
3263
3264 for (value += valuelen; *value; value ++)
3265 if (!_cups_isspace(*value) || *value != ',')
3266 break;
3267 }
3268 }
3269 else if (!_cups_strcasecmp(line, "SetEnv") && value)
3270 {
3271 /*
3272 * SetEnv variable value
3273 */
3274
3275 for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
3276
3277 if (*valueptr)
3278 {
3279 /*
3280 * Found a value...
3281 */
3282
3283 while (isspace(*valueptr & 255))
3284 *valueptr++ = '\0';
3285
3286 cupsdSetEnv(value, valueptr);
3287 }
3288 else
3289 cupsdLogMessage(CUPSD_LOG_ERROR,
3290 "Missing value for SetEnv directive on line %d.",
3291 linenum);
3292 }
3293 else if (!_cups_strcasecmp(line, "AccessLog") ||
3294 !_cups_strcasecmp(line, "CacheDir") ||
3295 !_cups_strcasecmp(line, "ConfigFilePerm") ||
3296 !_cups_strcasecmp(line, "DataDir") ||
3297 !_cups_strcasecmp(line, "DocumentRoot") ||
3298 !_cups_strcasecmp(line, "ErrorLog") ||
3299 !_cups_strcasecmp(line, "FatalErrors") ||
3300 !_cups_strcasecmp(line, "FileDevice") ||
3301 !_cups_strcasecmp(line, "FontPath") ||
3302 !_cups_strcasecmp(line, "Group") ||
3303 !_cups_strcasecmp(line, "LogFilePerm") ||
3304 !_cups_strcasecmp(line, "LPDConfigFile") ||
3305 !_cups_strcasecmp(line, "PageLog") ||
3306 !_cups_strcasecmp(line, "Printcap") ||
3307 !_cups_strcasecmp(line, "PrintcapFormat") ||
3308 !_cups_strcasecmp(line, "RemoteRoot") ||
3309 !_cups_strcasecmp(line, "RequestRoot") ||
3310 !_cups_strcasecmp(line, "ServerBin") ||
3311 !_cups_strcasecmp(line, "ServerCertificate") ||
3312 !_cups_strcasecmp(line, "ServerKey") ||
3313 !_cups_strcasecmp(line, "ServerRoot") ||
3314 !_cups_strcasecmp(line, "SMBConfigFile") ||
3315 !_cups_strcasecmp(line, "StateDir") ||
3316 !_cups_strcasecmp(line, "SystemGroup") ||
3317 !_cups_strcasecmp(line, "SystemGroupAuthKey") ||
3318 !_cups_strcasecmp(line, "TempDir") ||
3319 !_cups_strcasecmp(line, "User"))
3320 {
3321 cupsdLogMessage(CUPSD_LOG_INFO,
3322 "Please move \"%s%s%s\" on line %d of %s to the %s file; "
3323 "this will become an error in a future release.",
3324 line, value ? " " : "", value ? value : "", linenum,
3325 ConfigurationFile, CupsFilesFile);
3326 }
3327 else
3328 parse_variable(ConfigurationFile, linenum, line, value,
3329 sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars);
3330 }
3331
3332 return (1);
3333 }
3334
3335
3336 /*
3337 * 'read_cups_files_conf()' - Read the cups-files.conf configuration file.
3338 */
3339
3340 static int /* O - 1 on success, 0 on failure */
3341 read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
3342 {
3343 int linenum; /* Current line number */
3344 char line[HTTP_MAX_BUFFER], /* Line from file */
3345 *value; /* Value from line */
3346 struct group *group; /* Group */
3347
3348
3349 /*
3350 * Loop through each line in the file...
3351 */
3352
3353 linenum = 0;
3354
3355 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3356 {
3357 if (!_cups_strcasecmp(line, "FatalErrors"))
3358 FatalErrors = parse_fatal_errors(value);
3359 else if (!_cups_strcasecmp(line, "Group") && value)
3360 {
3361 /*
3362 * Group ID to run as...
3363 */
3364
3365 if (isdigit(value[0]))
3366 Group = atoi(value);
3367 else
3368 {
3369 endgrent();
3370 group = getgrnam(value);
3371
3372 if (group != NULL)
3373 Group = group->gr_gid;
3374 else
3375 {
3376 cupsdLogMessage(CUPSD_LOG_ERROR,
3377 "Unknown Group \"%s\" on line %d of %s.", value,
3378 linenum, CupsFilesFile);
3379 if (FatalErrors & CUPSD_FATAL_CONFIG)
3380 return (0);
3381 }
3382 }
3383 }
3384 else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
3385 {
3386 /*
3387 * Format of printcap file?
3388 */
3389
3390 if (!_cups_strcasecmp(value, "bsd"))
3391 PrintcapFormat = PRINTCAP_BSD;
3392 else if (!_cups_strcasecmp(value, "plist"))
3393 PrintcapFormat = PRINTCAP_PLIST;
3394 else if (!_cups_strcasecmp(value, "solaris"))
3395 PrintcapFormat = PRINTCAP_SOLARIS;
3396 else
3397 {
3398 cupsdLogMessage(CUPSD_LOG_ERROR,
3399 "Unknown PrintcapFormat \"%s\" on line %d of %s.",
3400 value, linenum, CupsFilesFile);
3401 if (FatalErrors & CUPSD_FATAL_CONFIG)
3402 return (0);
3403 }
3404 }
3405 else if (!_cups_strcasecmp(line, "SystemGroup") && value)
3406 {
3407 /*
3408 * SystemGroup (admin) group(s)...
3409 */
3410
3411 if (!parse_groups(value))
3412 {
3413 cupsdLogMessage(CUPSD_LOG_ERROR,
3414 "Unknown SystemGroup \"%s\" on line %d of %s.", value,
3415 linenum, CupsFilesFile);
3416 if (FatalErrors & CUPSD_FATAL_CONFIG)
3417 return (0);
3418 }
3419 }
3420 else if (!_cups_strcasecmp(line, "User") && value)
3421 {
3422 /*
3423 * User ID to run as...
3424 */
3425
3426 if (isdigit(value[0] & 255))
3427 {
3428 int uid = atoi(value);
3429
3430 if (!uid)
3431 {
3432 cupsdLogMessage(CUPSD_LOG_ERROR,
3433 "Will not use User 0 as specified on line %d of %s "
3434 "for security reasons. You must use a non-"
3435 "privileged account instead.",
3436 linenum, CupsFilesFile);
3437 if (FatalErrors & CUPSD_FATAL_CONFIG)
3438 return (0);
3439 }
3440 else
3441 User = atoi(value);
3442 }
3443 else
3444 {
3445 struct passwd *p; /* Password information */
3446
3447 endpwent();
3448 p = getpwnam(value);
3449
3450 if (p)
3451 {
3452 if (!p->pw_uid)
3453 {
3454 cupsdLogMessage(CUPSD_LOG_ERROR,
3455 "Will not use User %s (UID=0) as specified on line "
3456 "%d of %s for security reasons. You must use a "
3457 "non-privileged account instead.",
3458 value, linenum, CupsFilesFile);
3459 if (FatalErrors & CUPSD_FATAL_CONFIG)
3460 return (0);
3461 }
3462 else
3463 User = p->pw_uid;
3464 }
3465 else
3466 {
3467 cupsdLogMessage(CUPSD_LOG_ERROR,
3468 "Unknown User \"%s\" on line %d of %s.",
3469 value, linenum, CupsFilesFile);
3470 if (FatalErrors & CUPSD_FATAL_CONFIG)
3471 return (0);
3472 }
3473 }
3474 }
3475 else if (!parse_variable(CupsFilesFile, linenum, line, value,
3476 sizeof(cupsfiles_vars) / sizeof(cupsfiles_vars[0]),
3477 cupsfiles_vars) &&
3478 (FatalErrors & CUPSD_FATAL_CONFIG))
3479 return (0);
3480 }
3481
3482 return (1);
3483 }
3484
3485
3486 /*
3487 * 'read_location()' - Read a <Location path> definition.
3488 */
3489
3490 static int /* O - New line number or 0 on error */
3491 read_location(cups_file_t *fp, /* I - Configuration file */
3492 char *location, /* I - Location name/path */
3493 int linenum) /* I - Current line number */
3494 {
3495 cupsd_location_t *loc, /* New location */
3496 *parent; /* Parent location */
3497 char line[HTTP_MAX_BUFFER],
3498 /* Line buffer */
3499 *value, /* Value for directive */
3500 *valptr; /* Pointer into value */
3501
3502
3503 if ((parent = cupsdFindLocation(location)) != NULL)
3504 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Location %s> on line %d.",
3505 location, linenum);
3506 else if ((parent = cupsdNewLocation(location)) == NULL)
3507 return (0);
3508 else
3509 {
3510 cupsdAddLocation(parent);
3511
3512 parent->limit = CUPSD_AUTH_LIMIT_ALL;
3513 }
3514
3515 loc = parent;
3516
3517 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3518 {
3519 /*
3520 * Decode the directive...
3521 */
3522
3523 if (!_cups_strcasecmp(line, "</Location>"))
3524 return (linenum);
3525 else if (!_cups_strcasecmp(line, "<Limit") ||
3526 !_cups_strcasecmp(line, "<LimitExcept"))
3527 {
3528 if (!value)
3529 {
3530 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
3531 if (FatalErrors & CUPSD_FATAL_CONFIG)
3532 return (0);
3533 else
3534 continue;
3535 }
3536
3537 if ((loc = cupsdCopyLocation(parent)) == NULL)
3538 return (0);
3539
3540 cupsdAddLocation(loc);
3541
3542 loc->limit = 0;
3543 while (*value)
3544 {
3545 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3546
3547 if (*valptr)
3548 *valptr++ = '\0';
3549
3550 if (!strcmp(value, "ALL"))
3551 loc->limit = CUPSD_AUTH_LIMIT_ALL;
3552 else if (!strcmp(value, "GET"))
3553 loc->limit |= CUPSD_AUTH_LIMIT_GET;
3554 else if (!strcmp(value, "HEAD"))
3555 loc->limit |= CUPSD_AUTH_LIMIT_HEAD;
3556 else if (!strcmp(value, "OPTIONS"))
3557 loc->limit |= CUPSD_AUTH_LIMIT_OPTIONS;
3558 else if (!strcmp(value, "POST"))
3559 loc->limit |= CUPSD_AUTH_LIMIT_POST;
3560 else if (!strcmp(value, "PUT"))
3561 loc->limit |= CUPSD_AUTH_LIMIT_PUT;
3562 else if (!strcmp(value, "TRACE"))
3563 loc->limit |= CUPSD_AUTH_LIMIT_TRACE;
3564 else
3565 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown request type %s on line %d.",
3566 value, linenum);
3567
3568 for (value = valptr; isspace(*value & 255); value ++);
3569 }
3570
3571 if (!_cups_strcasecmp(line, "<LimitExcept"))
3572 loc->limit = CUPSD_AUTH_LIMIT_ALL ^ loc->limit;
3573
3574 parent->limit &= ~loc->limit;
3575 }
3576 else if (!_cups_strcasecmp(line, "</Limit>") ||
3577 !_cups_strcasecmp(line, "</LimitExcept>"))
3578 loc = parent;
3579 else if (!value)
3580 {
3581 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d.", linenum);
3582 if (FatalErrors & CUPSD_FATAL_CONFIG)
3583 return (0);
3584 }
3585 else if (!parse_aaa(loc, line, value, linenum))
3586 {
3587 cupsdLogMessage(CUPSD_LOG_ERROR,
3588 "Unknown Location directive %s on line %d.",
3589 line, linenum);
3590 if (FatalErrors & CUPSD_FATAL_CONFIG)
3591 return (0);
3592 }
3593 }
3594
3595 cupsdLogMessage(CUPSD_LOG_ERROR,
3596 "Unexpected end-of-file at line %d while reading location.",
3597 linenum);
3598
3599 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
3600 }
3601
3602
3603 /*
3604 * 'read_policy()' - Read a <Policy name> definition.
3605 */
3606
3607 static int /* O - New line number or 0 on error */
3608 read_policy(cups_file_t *fp, /* I - Configuration file */
3609 char *policy, /* I - Location name/path */
3610 int linenum) /* I - Current line number */
3611 {
3612 int i; /* Looping var */
3613 cupsd_policy_t *pol; /* Policy */
3614 cupsd_location_t *op; /* Policy operation */
3615 int num_ops; /* Number of IPP operations */
3616 ipp_op_t ops[100]; /* Operations */
3617 char line[HTTP_MAX_BUFFER],
3618 /* Line buffer */
3619 *value, /* Value for directive */
3620 *valptr; /* Pointer into value */
3621
3622
3623 /*
3624 * Create the policy...
3625 */
3626
3627 if ((pol = cupsdFindPolicy(policy)) != NULL)
3628 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Policy %s> on line %d.",
3629 policy, linenum);
3630 else if ((pol = cupsdAddPolicy(policy)) == NULL)
3631 return (0);
3632
3633 /*
3634 * Read from the file...
3635 */
3636
3637 op = NULL;
3638 num_ops = 0;
3639
3640 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3641 {
3642 /*
3643 * Decode the directive...
3644 */
3645
3646 if (!_cups_strcasecmp(line, "</Policy>"))
3647 {
3648 if (op)
3649 cupsdLogMessage(CUPSD_LOG_WARN,
3650 "Missing </Limit> before </Policy> on line %d.",
3651 linenum);
3652
3653 set_policy_defaults(pol);
3654
3655 return (linenum);
3656 }
3657 else if (!_cups_strcasecmp(line, "<Limit") && !op)
3658 {
3659 if (!value)
3660 {
3661 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
3662 if (FatalErrors & CUPSD_FATAL_CONFIG)
3663 return (0);
3664 else
3665 continue;
3666 }
3667
3668 /*
3669 * Scan for IPP operation names...
3670 */
3671
3672 num_ops = 0;
3673
3674 while (*value)
3675 {
3676 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3677
3678 if (*valptr)
3679 *valptr++ = '\0';
3680
3681 if (num_ops < (int)(sizeof(ops) / sizeof(ops[0])))
3682 {
3683 if (!_cups_strcasecmp(value, "All"))
3684 ops[num_ops] = IPP_ANY_OPERATION;
3685 else if ((ops[num_ops] = ippOpValue(value)) == IPP_BAD_OPERATION)
3686 cupsdLogMessage(CUPSD_LOG_ERROR,
3687 "Bad IPP operation name \"%s\" on line %d.",
3688 value, linenum);
3689 else
3690 num_ops ++;
3691 }
3692 else
3693 cupsdLogMessage(CUPSD_LOG_ERROR,
3694 "Too many operations listed on line %d.",
3695 linenum);
3696
3697 for (value = valptr; isspace(*value & 255); value ++);
3698 }
3699
3700 /*
3701 * If none are specified, apply the policy to all operations...
3702 */
3703
3704 if (num_ops == 0)
3705 {
3706 ops[0] = IPP_ANY_OPERATION;
3707 num_ops = 1;
3708 }
3709
3710 /*
3711 * Add a new policy for the first operation...
3712 */
3713
3714 op = cupsdAddPolicyOp(pol, NULL, ops[0]);
3715 }
3716 else if (!_cups_strcasecmp(line, "</Limit>") && op)
3717 {
3718 /*
3719 * Finish the current operation limit...
3720 */
3721
3722 if (num_ops > 1)
3723 {
3724 /*
3725 * Copy the policy to the other operations...
3726 */
3727
3728 for (i = 1; i < num_ops; i ++)
3729 cupsdAddPolicyOp(pol, op, ops[i]);
3730 }
3731
3732 op = NULL;
3733 }
3734 else if (!value)
3735 {
3736 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d.", linenum);
3737 if (FatalErrors & CUPSD_FATAL_CONFIG)
3738 return (0);
3739 }
3740 else if (!_cups_strcasecmp(line, "JobPrivateAccess") ||
3741 !_cups_strcasecmp(line, "JobPrivateValues") ||
3742 !_cups_strcasecmp(line, "SubscriptionPrivateAccess") ||
3743 !_cups_strcasecmp(line, "SubscriptionPrivateValues"))
3744 {
3745 if (op)
3746 {
3747 cupsdLogMessage(CUPSD_LOG_ERROR,
3748 "%s directive must appear outside <Limit>...</Limit> "
3749 "on line %d.", line, linenum);
3750 if (FatalErrors & CUPSD_FATAL_CONFIG)
3751 return (0);
3752 }
3753 else
3754 {
3755 /*
3756 * Pull out whitespace-delimited values...
3757 */
3758
3759 while (*value)
3760 {
3761 /*
3762 * Find the end of the current value...
3763 */
3764
3765 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3766
3767 if (*valptr)
3768 *valptr++ = '\0';
3769
3770 /*
3771 * Save it appropriately...
3772 */
3773
3774 if (!_cups_strcasecmp(line, "JobPrivateAccess"))
3775 {
3776 /*
3777 * JobPrivateAccess {all|default|user/group list|@@ACL}
3778 */
3779
3780 if (!_cups_strcasecmp(value, "default"))
3781 {
3782 cupsdAddString(&(pol->job_access), "@OWNER");
3783 cupsdAddString(&(pol->job_access), "@SYSTEM");
3784 }
3785 else
3786 cupsdAddString(&(pol->job_access), value);
3787 }
3788 else if (!_cups_strcasecmp(line, "JobPrivateValues"))
3789 {
3790 /*
3791 * JobPrivateValues {all|none|default|attribute list}
3792 */
3793
3794 if (!_cups_strcasecmp(value, "default"))
3795 {
3796 cupsdAddString(&(pol->job_attrs), "job-name");
3797 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
3798 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
3799 cupsdAddString(&(pol->job_attrs), "phone");
3800 }
3801 else
3802 cupsdAddString(&(pol->job_attrs), value);
3803 }
3804 else if (!_cups_strcasecmp(line, "SubscriptionPrivateAccess"))
3805 {
3806 /*
3807 * SubscriptionPrivateAccess {all|default|user/group list|@@ACL}
3808 */
3809
3810 if (!_cups_strcasecmp(value, "default"))
3811 {
3812 cupsdAddString(&(pol->sub_access), "@OWNER");
3813 cupsdAddString(&(pol->sub_access), "@SYSTEM");
3814 }
3815 else
3816 cupsdAddString(&(pol->sub_access), value);
3817 }
3818 else /* if (!_cups_strcasecmp(line, "SubscriptionPrivateValues")) */
3819 {
3820 /*
3821 * SubscriptionPrivateValues {all|none|default|attribute list}
3822 */
3823
3824 if (!_cups_strcasecmp(value, "default"))
3825 {
3826 cupsdAddString(&(pol->sub_attrs), "notify-events");
3827 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
3828 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
3829 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
3830 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
3831 }
3832 else
3833 cupsdAddString(&(pol->sub_attrs), value);
3834 }
3835
3836 /*
3837 * Find the next string on the line...
3838 */
3839
3840 for (value = valptr; isspace(*value & 255); value ++);
3841 }
3842 }
3843 }
3844 else if (!op)
3845 {
3846 cupsdLogMessage(CUPSD_LOG_ERROR,
3847 "Missing <Limit ops> directive before %s on line %d.",
3848 line, linenum);
3849 if (FatalErrors & CUPSD_FATAL_CONFIG)
3850 return (0);
3851 }
3852 else if (!parse_aaa(op, line, value, linenum))
3853 {
3854 cupsdLogMessage(CUPSD_LOG_ERROR,
3855 "Unknown Policy Limit directive %s on line %d.",
3856 line, linenum);
3857
3858 if (FatalErrors & CUPSD_FATAL_CONFIG)
3859 return (0);
3860 }
3861 }
3862
3863 cupsdLogMessage(CUPSD_LOG_ERROR,
3864 "Unexpected end-of-file at line %d while reading policy "
3865 "\"%s\".", linenum, policy);
3866
3867 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
3868 }
3869
3870
3871 /*
3872 * 'set_policy_defaults()' - Set default policy values as needed.
3873 */
3874
3875 static void
3876 set_policy_defaults(cupsd_policy_t *pol)/* I - Policy */
3877 {
3878 cupsd_location_t *op; /* Policy operation */
3879
3880
3881 /*
3882 * Verify that we have an explicit policy for Validate-Job, Cancel-Jobs,
3883 * Cancel-My-Jobs, Close-Job, and CUPS-Get-Document, which ensures that
3884 * upgrades do not introduce new security issues...
3885 */
3886
3887 if ((op = cupsdFindPolicyOp(pol, IPP_VALIDATE_JOB)) == NULL ||
3888 op->op == IPP_ANY_OPERATION)
3889 {
3890 if ((op = cupsdFindPolicyOp(pol, IPP_PRINT_JOB)) != NULL &&
3891 op->op != IPP_ANY_OPERATION)
3892 {
3893 /*
3894 * Add a new limit for Validate-Job using the Print-Job limit as a
3895 * template...
3896 */
3897
3898 cupsdLogMessage(CUPSD_LOG_WARN,
3899 "No limit for Validate-Job defined in policy %s "
3900 "- using Print-Job's policy.", pol->name);
3901
3902 cupsdAddPolicyOp(pol, op, IPP_VALIDATE_JOB);
3903 }
3904 else
3905 cupsdLogMessage(CUPSD_LOG_WARN,
3906 "No limit for Validate-Job defined in policy %s "
3907 "and no suitable template found.", pol->name);
3908 }
3909
3910 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_JOBS)) == NULL ||
3911 op->op == IPP_ANY_OPERATION)
3912 {
3913 if ((op = cupsdFindPolicyOp(pol, IPP_PAUSE_PRINTER)) != NULL &&
3914 op->op != IPP_ANY_OPERATION)
3915 {
3916 /*
3917 * Add a new limit for Cancel-Jobs using the Pause-Printer limit as a
3918 * template...
3919 */
3920
3921 cupsdLogMessage(CUPSD_LOG_WARN,
3922 "No limit for Cancel-Jobs defined in policy %s "
3923 "- using Pause-Printer's policy.", pol->name);
3924
3925 cupsdAddPolicyOp(pol, op, IPP_CANCEL_JOBS);
3926 }
3927 else
3928 cupsdLogMessage(CUPSD_LOG_WARN,
3929 "No limit for Cancel-Jobs defined in policy %s "
3930 "and no suitable template found.", pol->name);
3931 }
3932
3933 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_MY_JOBS)) == NULL ||
3934 op->op == IPP_ANY_OPERATION)
3935 {
3936 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3937 op->op != IPP_ANY_OPERATION)
3938 {
3939 /*
3940 * Add a new limit for Cancel-My-Jobs using the Send-Document limit as
3941 * a template...
3942 */
3943
3944 cupsdLogMessage(CUPSD_LOG_WARN,
3945 "No limit for Cancel-My-Jobs defined in policy %s "
3946 "- using Send-Document's policy.", pol->name);
3947
3948 cupsdAddPolicyOp(pol, op, IPP_CANCEL_MY_JOBS);
3949 }
3950 else
3951 cupsdLogMessage(CUPSD_LOG_WARN,
3952 "No limit for Cancel-My-Jobs defined in policy %s "
3953 "and no suitable template found.", pol->name);
3954 }
3955
3956 if ((op = cupsdFindPolicyOp(pol, IPP_CLOSE_JOB)) == NULL ||
3957 op->op == IPP_ANY_OPERATION)
3958 {
3959 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3960 op->op != IPP_ANY_OPERATION)
3961 {
3962 /*
3963 * Add a new limit for Close-Job using the Send-Document limit as a
3964 * template...
3965 */
3966
3967 cupsdLogMessage(CUPSD_LOG_WARN,
3968 "No limit for Close-Job defined in policy %s "
3969 "- using Send-Document's policy.", pol->name);
3970
3971 cupsdAddPolicyOp(pol, op, IPP_CLOSE_JOB);
3972 }
3973 else
3974 cupsdLogMessage(CUPSD_LOG_WARN,
3975 "No limit for Close-Job defined in policy %s "
3976 "and no suitable template found.", pol->name);
3977 }
3978
3979 if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL ||
3980 op->op == IPP_ANY_OPERATION)
3981 {
3982 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3983 op->op != IPP_ANY_OPERATION)
3984 {
3985 /*
3986 * Add a new limit for CUPS-Get-Document using the Send-Document
3987 * limit as a template...
3988 */
3989
3990 cupsdLogMessage(CUPSD_LOG_WARN,
3991 "No limit for CUPS-Get-Document defined in policy %s "
3992 "- using Send-Document's policy.", pol->name);
3993
3994 cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT);
3995 }
3996 else
3997 cupsdLogMessage(CUPSD_LOG_WARN,
3998 "No limit for CUPS-Get-Document defined in policy %s "
3999 "and no suitable template found.", pol->name);
4000 }
4001
4002 /*
4003 * Verify we have JobPrivateAccess, JobPrivateValues,
4004 * SubscriptionPrivateAccess, and SubscriptionPrivateValues in the policy.
4005 */
4006
4007 if (!pol->job_access)
4008 {
4009 cupsdLogMessage(CUPSD_LOG_WARN,
4010 "No JobPrivateAccess defined in policy %s "
4011 "- using defaults.", pol->name);
4012 cupsdAddString(&(pol->job_access), "@OWNER");
4013 cupsdAddString(&(pol->job_access), "@SYSTEM");
4014 }
4015
4016 if (!pol->job_attrs)
4017 {
4018 cupsdLogMessage(CUPSD_LOG_WARN,
4019 "No JobPrivateValues defined in policy %s "
4020 "- using defaults.", pol->name);
4021 cupsdAddString(&(pol->job_attrs), "job-name");
4022 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
4023 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
4024 cupsdAddString(&(pol->job_attrs), "phone");
4025 }
4026
4027 if (!pol->sub_access)
4028 {
4029 cupsdLogMessage(CUPSD_LOG_WARN,
4030 "No SubscriptionPrivateAccess defined in policy %s "
4031 "- using defaults.", pol->name);
4032 cupsdAddString(&(pol->sub_access), "@OWNER");
4033 cupsdAddString(&(pol->sub_access), "@SYSTEM");
4034 }
4035
4036 if (!pol->sub_attrs)
4037 {
4038 cupsdLogMessage(CUPSD_LOG_WARN,
4039 "No SubscriptionPrivateValues defined in policy %s "
4040 "- using defaults.", pol->name);
4041 cupsdAddString(&(pol->sub_attrs), "notify-events");
4042 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
4043 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
4044 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
4045 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
4046 }
4047 }
4048
4049
4050 /*
4051 * End of "$Id$".
4052 */
Unnamed repository; edit this file 'description' to name the repository.