]> git.ipfire.org Git - thirdparty/cups.git/blob - scheduler/conf.c
projects / thirdparty / cups.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Shared printers could become inaccessible after a few days on OS X (<rdar://problem...
[thirdparty/cups.git] / scheduler / conf.c
1 /*
2 * "$Id$"
3 *
4 * Configuration routines for the CUPS scheduler.
5 *
6 * Copyright 2007-2013 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
8 *
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
14 */
15
16 /*
17 * Include necessary headers...
18 */
19
20 #include "cupsd.h"
21 #include <stdarg.h>
22 #include <grp.h>
23 #include <sys/utsname.h>
24 #include <syslog.h>
25
26 #ifdef HAVE_LIBPAPER
27 # include <paper.h>
28 #endif /* HAVE_LIBPAPER */
29
30
31 /*
32 * Possibly missing network definitions...
33 */
34
35 #ifndef INADDR_NONE
36 # define INADDR_NONE 0xffffffff
37 #endif /* !INADDR_NONE */
38
39
40 /*
41 * Configuration variable structure...
42 */
43
44 typedef enum
45 {
46 CUPSD_VARTYPE_INTEGER, /* Integer option */
47 CUPSD_VARTYPE_TIME, /* Time interval option */
48 CUPSD_VARTYPE_STRING, /* String option */
49 CUPSD_VARTYPE_BOOLEAN, /* Boolean option */
50 CUPSD_VARTYPE_PATHNAME /* File/directory name option */
51 } cupsd_vartype_t;
52
53 typedef struct
54 {
55 const char *name; /* Name of variable */
56 void *ptr; /* Pointer to variable */
57 cupsd_vartype_t type; /* Type (int, string, address) */
58 } cupsd_var_t;
59
60
61 /*
62 * Local globals...
63 */
64
65 static const cupsd_var_t cupsd_vars[] =
66 {
67 { "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN },
68 #if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
69 { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_STRING },
70 #endif /* HAVE_DNSSD || HAVE_AVAHI */
71 { "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN },
72 { "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN },
73 { "Classification", &Classification, CUPSD_VARTYPE_STRING },
74 { "ClassifyOverride", &ClassifyOverride, CUPSD_VARTYPE_BOOLEAN },
75 { "DefaultLanguage", &DefaultLanguage, CUPSD_VARTYPE_STRING },
76 { "DefaultLeaseDuration", &DefaultLeaseDuration, CUPSD_VARTYPE_TIME },
77 { "DefaultPaperSize", &DefaultPaperSize, CUPSD_VARTYPE_STRING },
78 { "DefaultPolicy", &DefaultPolicy, CUPSD_VARTYPE_STRING },
79 { "DefaultShared", &DefaultShared, CUPSD_VARTYPE_BOOLEAN },
80 { "DirtyCleanInterval", &DirtyCleanInterval, CUPSD_VARTYPE_TIME },
81 { "ErrorPolicy", &ErrorPolicy, CUPSD_VARTYPE_STRING },
82 { "FilterLimit", &FilterLimit, CUPSD_VARTYPE_INTEGER },
83 { "FilterNice", &FilterNice, CUPSD_VARTYPE_INTEGER },
84 #ifdef HAVE_GSSAPI
85 { "GSSServiceName", &GSSServiceName, CUPSD_VARTYPE_STRING },
86 #endif /* HAVE_GSSAPI */
87 { "JobKillDelay", &JobKillDelay, CUPSD_VARTYPE_TIME },
88 { "JobRetryLimit", &JobRetryLimit, CUPSD_VARTYPE_INTEGER },
89 { "JobRetryInterval", &JobRetryInterval, CUPSD_VARTYPE_TIME },
90 { "KeepAliveTimeout", &KeepAliveTimeout, CUPSD_VARTYPE_TIME },
91 { "KeepAlive", &KeepAlive, CUPSD_VARTYPE_BOOLEAN },
92 #ifdef HAVE_LAUNCHD
93 { "LaunchdTimeout", &LaunchdTimeout, CUPSD_VARTYPE_TIME },
94 #endif /* HAVE_LAUNCHD */
95 { "LimitRequestBody", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
96 { "ListenBackLog", &ListenBackLog, CUPSD_VARTYPE_INTEGER },
97 { "LogDebugHistory", &LogDebugHistory, CUPSD_VARTYPE_INTEGER },
98 { "MaxActiveJobs", &MaxActiveJobs, CUPSD_VARTYPE_INTEGER },
99 { "MaxClients", &MaxClients, CUPSD_VARTYPE_INTEGER },
100 { "MaxClientsPerHost", &MaxClientsPerHost, CUPSD_VARTYPE_INTEGER },
101 { "MaxCopies", &MaxCopies, CUPSD_VARTYPE_INTEGER },
102 { "MaxEvents", &MaxEvents, CUPSD_VARTYPE_INTEGER },
103 { "MaxHoldTime", &MaxHoldTime, CUPSD_VARTYPE_TIME },
104 { "MaxJobs", &MaxJobs, CUPSD_VARTYPE_INTEGER },
105 { "MaxJobsPerPrinter", &MaxJobsPerPrinter, CUPSD_VARTYPE_INTEGER },
106 { "MaxJobsPerUser", &MaxJobsPerUser, CUPSD_VARTYPE_INTEGER },
107 { "MaxJobTime", &MaxJobTime, CUPSD_VARTYPE_INTEGER },
108 { "MaxLeaseDuration", &MaxLeaseDuration, CUPSD_VARTYPE_TIME },
109 { "MaxLogSize", &MaxLogSize, CUPSD_VARTYPE_INTEGER },
110 { "MaxRequestSize", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
111 { "MaxSubscriptions", &MaxSubscriptions, CUPSD_VARTYPE_INTEGER },
112 { "MaxSubscriptionsPerJob", &MaxSubscriptionsPerJob, CUPSD_VARTYPE_INTEGER },
113 { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER },
114 { "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER },
115 { "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_TIME },
116 { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING },
117 { "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_TIME },
118 { "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_TIME },
119 { "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_TIME },
120 { "RIPCache", &RIPCache, CUPSD_VARTYPE_STRING },
121 { "RootCertDuration", &RootCertDuration, CUPSD_VARTYPE_TIME },
122 { "ServerAdmin", &ServerAdmin, CUPSD_VARTYPE_STRING },
123 { "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
124 { "StrictConformance", &StrictConformance, CUPSD_VARTYPE_BOOLEAN },
125 { "Timeout", &Timeout, CUPSD_VARTYPE_TIME },
126 { "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN }
127 };
128 static const cupsd_var_t cupsfiles_vars[] =
129 {
130 { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
131 { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
132 { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_INTEGER },
133 { "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
134 { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
135 { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
136 { "FileDevice", &FileDevice, CUPSD_VARTYPE_BOOLEAN },
137 { "FontPath", &FontPath, CUPSD_VARTYPE_STRING },
138 { "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_INTEGER },
139 { "LPDConfigFile", &LPDConfigFile, CUPSD_VARTYPE_STRING },
140 { "PageLog", &PageLog, CUPSD_VARTYPE_STRING },
141 { "Printcap", &Printcap, CUPSD_VARTYPE_STRING },
142 { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
143 { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
144 { "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME },
145 #ifdef HAVE_SSL
146 { "ServerKeychain", &ServerKeychain, CUPSD_VARTYPE_PATHNAME },
147 #endif /* HAVE_SSL */
148 { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME },
149 { "SMBConfigFile", &SMBConfigFile, CUPSD_VARTYPE_STRING },
150 { "StateDir", &StateDir, CUPSD_VARTYPE_STRING },
151 { "SyncOnClose", &SyncOnClose, CUPSD_VARTYPE_BOOLEAN },
152 #ifdef HAVE_AUTHORIZATION_H
153 { "SystemGroupAuthKey", &SystemGroupAuthKey, CUPSD_VARTYPE_STRING },
154 #endif /* HAVE_AUTHORIZATION_H */
155 { "TempDir", &TempDir, CUPSD_VARTYPE_PATHNAME }
156 };
157
158 static int default_auth_type = CUPSD_AUTH_AUTO;
159 /* Default AuthType, if not specified */
160
161 static const unsigned ones[4] =
162 {
163 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff
164 };
165 static const unsigned zeros[4] =
166 {
167 0x00000000, 0x00000000, 0x00000000, 0x00000000
168 };
169
170
171 /*
172 * Local functions...
173 */
174
175 static http_addrlist_t *get_address(const char *value, int defport);
176 static int get_addr_and_mask(const char *value, unsigned *ip,
177 unsigned *mask);
178 static void mime_error_cb(void *ctx, const char *message);
179 static int parse_aaa(cupsd_location_t *loc, char *line,
180 char *value, int linenum);
181 static int parse_fatal_errors(const char *s);
182 static int parse_groups(const char *s);
183 static int parse_protocols(const char *s);
184 static int parse_variable(const char *filename, int linenum,
185 const char *line, const char *value,
186 size_t num_vars,
187 const cupsd_var_t *vars);
188 static int read_cupsd_conf(cups_file_t *fp);
189 static int read_cups_files_conf(cups_file_t *fp);
190 static int read_location(cups_file_t *fp, char *name, int linenum);
191 static int read_policy(cups_file_t *fp, char *name, int linenum);
192 static void set_policy_defaults(cupsd_policy_t *pol);
193
194
195 /*
196 * 'cupsdAddAlias()' - Add a host alias.
197 */
198
199 void
200 cupsdAddAlias(cups_array_t *aliases, /* I - Array of aliases */
201 const char *name) /* I - Name to add */
202 {
203 cupsd_alias_t *a; /* New alias */
204 size_t namelen; /* Length of name */
205
206
207 namelen = strlen(name);
208
209 if ((a = (cupsd_alias_t *)malloc(sizeof(cupsd_alias_t) + namelen)) == NULL)
210 return;
211
212 a->namelen = namelen;
213 memcpy(a->name, name, namelen + 1); /* OK since a->name is allocated */
214
215 cupsArrayAdd(aliases, a);
216 }
217
218
219 /*
220 * 'cupsdCheckPermissions()' - Fix the mode and ownership of a file or directory.
221 */
222
223 int /* O - 0 on success, -1 on error, 1 on warning */
224 cupsdCheckPermissions(
225 const char *filename, /* I - File/directory name */
226 const char *suffix, /* I - Additional file/directory name */
227 int mode, /* I - Permissions */
228 int user, /* I - Owner */
229 int group, /* I - Group */
230 int is_dir, /* I - 1 = directory, 0 = file */
231 int create_dir) /* I - 1 = create directory, -1 = create w/o logging, 0 = not */
232 {
233 int dir_created = 0; /* Did we create a directory? */
234 char pathname[1024]; /* File name with prefix */
235 struct stat fileinfo; /* Stat buffer */
236 int is_symlink; /* Is "filename" a symlink? */
237
238
239 /*
240 * Prepend the given root to the filename before testing it...
241 */
242
243 if (suffix)
244 {
245 snprintf(pathname, sizeof(pathname), "%s/%s", filename, suffix);
246 filename = pathname;
247 }
248
249 /*
250 * See if we can stat the file/directory...
251 */
252
253 if (lstat(filename, &fileinfo))
254 {
255 if (errno == ENOENT && create_dir)
256 {
257 if (create_dir > 0)
258 cupsdLogMessage(CUPSD_LOG_DEBUG, "Creating missing directory \"%s\"",
259 filename);
260
261 if (mkdir(filename, mode))
262 {
263 if (create_dir > 0)
264 cupsdLogMessage(CUPSD_LOG_ERROR,
265 "Unable to create directory \"%s\" - %s", filename,
266 strerror(errno));
267 else
268 syslog(LOG_ERR, "Unable to create directory \"%s\" - %s", filename,
269 strerror(errno));
270
271 return (-1);
272 }
273
274 dir_created = 1;
275 fileinfo.st_mode = mode | S_IFDIR;
276 }
277 else
278 return (create_dir ? -1 : 1);
279 }
280
281 if ((is_symlink = S_ISLNK(fileinfo.st_mode)) != 0)
282 {
283 if (stat(filename, &fileinfo))
284 {
285 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is a bad symlink - %s",
286 filename, strerror(errno));
287 return (-1);
288 }
289 }
290
291 /*
292 * Make sure it's a regular file or a directory as needed...
293 */
294
295 if (!dir_created && !is_dir && !S_ISREG(fileinfo.st_mode))
296 {
297 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a regular file.", filename);
298 return (-1);
299 }
300
301 if (!dir_created && is_dir && !S_ISDIR(fileinfo.st_mode))
302 {
303 if (create_dir >= 0)
304 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a directory.", filename);
305 else
306 syslog(LOG_ERR, "\"%s\" is not a directory.", filename);
307
308 return (-1);
309 }
310
311 /*
312 * If the filename is a symlink, do not change permissions (STR #2937)...
313 */
314
315 if (is_symlink)
316 return (0);
317
318 /*
319 * Fix owner, group, and mode as needed...
320 */
321
322 if (dir_created || fileinfo.st_uid != user || fileinfo.st_gid != group)
323 {
324 if (create_dir >= 0)
325 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing ownership of \"%s\"",
326 filename);
327
328 if (chown(filename, user, group) && !getuid())
329 {
330 if (create_dir >= 0)
331 cupsdLogMessage(CUPSD_LOG_ERROR,
332 "Unable to change ownership of \"%s\" - %s", filename,
333 strerror(errno));
334 else
335 syslog(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename,
336 strerror(errno));
337
338 return (1);
339 }
340 }
341
342 if (dir_created || (fileinfo.st_mode & 07777) != mode)
343 {
344 if (create_dir >= 0)
345 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing access permissions of \"%s\"",
346 filename);
347
348 if (chmod(filename, mode))
349 {
350 if (create_dir >= 0)
351 cupsdLogMessage(CUPSD_LOG_ERROR,
352 "Unable to change permissions of \"%s\" - %s", filename,
353 strerror(errno));
354 else
355 syslog(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename,
356 strerror(errno));
357
358 return (1);
359 }
360 }
361
362 /*
363 * Everything is OK...
364 */
365
366 return (0);
367 }
368
369
370 /*
371 * 'cupsdDefaultAuthType()' - Get the default AuthType.
372 *
373 * When the default_auth_type is "auto", this function tries to get the GSS
374 * credentials for the server. If that succeeds we use Kerberos authentication,
375 * otherwise we do a fallback to Basic authentication against the local user
376 * accounts.
377 */
378
379 int /* O - Default AuthType value */
380 cupsdDefaultAuthType(void)
381 {
382 #ifdef HAVE_GSSAPI
383 OM_uint32 major_status, /* Major status code */
384 minor_status; /* Minor status code */
385 gss_name_t server_name; /* Server name */
386 gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
387 /* Service name token */
388 char buf[1024]; /* Service name buffer */
389 #endif /* HAVE_GSSAPI */
390
391
392 /*
393 * If we have already determined the correct default AuthType, use it...
394 */
395
396 if (default_auth_type != CUPSD_AUTH_AUTO)
397 return (default_auth_type);
398
399 #ifdef HAVE_GSSAPI
400 # ifdef __APPLE__
401 /*
402 * If the weak-linked GSSAPI/Kerberos library is not present, don't try
403 * to use it...
404 */
405
406 if (gss_init_sec_context == NULL)
407 return (default_auth_type = CUPSD_AUTH_BASIC);
408 # endif /* __APPLE__ */
409
410 /*
411 * Try to obtain the server's GSS credentials (GSSServiceName@servername). If
412 * that fails we must use Basic...
413 */
414
415 snprintf(buf, sizeof(buf), "%s@%s", GSSServiceName, ServerName);
416
417 token.value = buf;
418 token.length = strlen(buf);
419 server_name = GSS_C_NO_NAME;
420 major_status = gss_import_name(&minor_status, &token,
421 GSS_C_NT_HOSTBASED_SERVICE,
422 &server_name);
423
424 memset(&token, 0, sizeof(token));
425
426 if (GSS_ERROR(major_status))
427 {
428 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
429 "cupsdDefaultAuthType: gss_import_name(%s) failed", buf);
430 return (default_auth_type = CUPSD_AUTH_BASIC);
431 }
432
433 major_status = gss_display_name(&minor_status, server_name, &token, NULL);
434
435 if (GSS_ERROR(major_status))
436 {
437 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
438 "cupsdDefaultAuthType: gss_display_name(%s) failed",
439 buf);
440 return (default_auth_type = CUPSD_AUTH_BASIC);
441 }
442
443 cupsdLogMessage(CUPSD_LOG_DEBUG,
444 "cupsdDefaultAuthType: Attempting to acquire Kerberos "
445 "credentials for %s...", (char *)token.value);
446
447 ServerCreds = GSS_C_NO_CREDENTIAL;
448 major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE,
449 GSS_C_NO_OID_SET, GSS_C_ACCEPT,
450 &ServerCreds, NULL, NULL);
451 if (GSS_ERROR(major_status))
452 {
453 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
454 "cupsdDefaultAuthType: gss_acquire_cred(%s) failed",
455 (char *)token.value);
456 gss_release_name(&minor_status, &server_name);
457 gss_release_buffer(&minor_status, &token);
458 return (default_auth_type = CUPSD_AUTH_BASIC);
459 }
460
461 cupsdLogMessage(CUPSD_LOG_DEBUG,
462 "cupsdDefaultAuthType: Kerberos credentials acquired "
463 "successfully for %s.", (char *)token.value);
464
465 gss_release_name(&minor_status, &server_name);
466 gss_release_buffer(&minor_status, &token);
467
468 HaveServerCreds = 1;
469
470 return (default_auth_type = CUPSD_AUTH_NEGOTIATE);
471
472 #else
473 /*
474 * No Kerberos support compiled in so just use Basic all the time...
475 */
476
477 return (default_auth_type = CUPSD_AUTH_BASIC);
478 #endif /* HAVE_GSSAPI */
479 }
480
481
482 /*
483 * 'cupsdFreeAliases()' - Free all of the alias entries.
484 */
485
486 void
487 cupsdFreeAliases(cups_array_t *aliases) /* I - Array of aliases */
488 {
489 cupsd_alias_t *a; /* Current alias */
490
491
492 for (a = (cupsd_alias_t *)cupsArrayFirst(aliases);
493 a;
494 a = (cupsd_alias_t *)cupsArrayNext(aliases))
495 free(a);
496
497 cupsArrayDelete(aliases);
498 }
499
500
501 /*
502 * 'cupsdReadConfiguration()' - Read the cupsd.conf file.
503 */
504
505 int /* O - 1 on success, 0 otherwise */
506 cupsdReadConfiguration(void)
507 {
508 int i; /* Looping var */
509 cups_file_t *fp; /* Configuration file */
510 int status; /* Return status */
511 char temp[1024], /* Temporary buffer */
512 mimedir[1024], /* MIME directory */
513 *slash; /* Directory separator */
514 cups_lang_t *language; /* Language */
515 struct passwd *user; /* Default user */
516 struct group *group; /* Default group */
517 char *old_serverroot, /* Old ServerRoot */
518 *old_requestroot; /* Old RequestRoot */
519 int old_remote_port; /* Old RemotePort */
520 const char *tmpdir; /* TMPDIR environment variable */
521 struct stat tmpinfo; /* Temporary directory info */
522 cupsd_policy_t *p; /* Policy */
523
524
525 /*
526 * Save the old root paths...
527 */
528
529 old_serverroot = NULL;
530 cupsdSetString(&old_serverroot, ServerRoot);
531 old_requestroot = NULL;
532 cupsdSetString(&old_requestroot, RequestRoot);
533
534 /*
535 * Reset the server configuration data...
536 */
537
538 cupsdDeleteAllLocations();
539
540 cupsdDeleteAllListeners();
541
542 old_remote_port = RemotePort;
543 RemotePort = 0;
544
545 /*
546 * String options...
547 */
548
549 cupsdFreeAliases(ServerAlias);
550 ServerAlias = NULL;
551
552 cupsdClearString(&ServerName);
553 cupsdClearString(&ServerAdmin);
554 cupsdSetString(&ServerBin, CUPS_SERVERBIN);
555 cupsdSetString(&RequestRoot, CUPS_REQUESTS);
556 cupsdSetString(&CacheDir, CUPS_CACHEDIR);
557 cupsdSetString(&DataDir, CUPS_DATADIR);
558 cupsdSetString(&DocumentRoot, CUPS_DOCROOT);
559 cupsdSetString(&AccessLog, CUPS_LOGDIR "/access_log");
560 cupsdClearString(&ErrorLog);
561 cupsdSetString(&PageLog, CUPS_LOGDIR "/page_log");
562 cupsdSetString(&PageLogFormat,
563 "%p %u %j %T %P %C %{job-billing} "
564 "%{job-originating-host-name} %{job-name} %{media} %{sides}");
565 cupsdSetString(&Printcap, CUPS_DEFAULT_PRINTCAP);
566 cupsdSetString(&FontPath, CUPS_FONTPATH);
567 cupsdSetString(&RemoteRoot, "remroot");
568 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d IPP/2.1", CUPS_VERSION_MAJOR,
569 CUPS_VERSION_MINOR);
570 cupsdSetString(&StateDir, CUPS_STATEDIR);
571
572 if (!strcmp(CUPS_DEFAULT_PRINTCAP, "/etc/printers.conf"))
573 PrintcapFormat = PRINTCAP_SOLARIS;
574 else if (!strcmp(CUPS_DEFAULT_PRINTCAP,
575 "/Library/Preferences/org.cups.printers.plist"))
576 PrintcapFormat = PRINTCAP_PLIST;
577 else
578 PrintcapFormat = PRINTCAP_BSD;
579
580 strlcpy(temp, ConfigurationFile, sizeof(temp));
581 if ((slash = strrchr(temp, '/')) != NULL)
582 *slash = '\0';
583
584 cupsdSetString(&ServerRoot, temp);
585
586 cupsdClearString(&Classification);
587 ClassifyOverride = 0;
588
589 #ifdef HAVE_SSL
590 # ifdef HAVE_GNUTLS
591 cupsdSetString(&ServerKeychain, "ssl");
592 # else
593 cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain");
594 # endif /* HAVE_GNUTLS */
595 #endif /* HAVE_SSL */
596
597 language = cupsLangDefault();
598
599 if (!strcmp(language->language, "C") || !strcmp(language->language, "POSIX"))
600 cupsdSetString(&DefaultLanguage, "en");
601 else
602 cupsdSetString(&DefaultLanguage, language->language);
603
604 cupsdClearString(&DefaultPaperSize);
605
606 cupsdSetString(&RIPCache, "128m");
607
608 cupsdSetString(&TempDir, NULL);
609
610 #ifdef HAVE_GSSAPI
611 cupsdSetString(&GSSServiceName, CUPS_DEFAULT_GSSSERVICENAME);
612
613 if (HaveServerCreds)
614 {
615 OM_uint32 minor_status; /* Minor status code */
616
617 gss_release_cred(&minor_status, &ServerCreds);
618
619 HaveServerCreds = 0;
620 }
621
622 ServerCreds = GSS_C_NO_CREDENTIAL;
623 #endif /* HAVE_GSSAPI */
624
625 /*
626 * Find the default user...
627 */
628
629 if ((user = getpwnam(CUPS_DEFAULT_USER)) != NULL)
630 User = user->pw_uid;
631 else
632 {
633 /*
634 * Use the (historical) NFS nobody user ID (-2 as a 16-bit twos-
635 * complement number...)
636 */
637
638 User = 65534;
639 }
640
641 endpwent();
642
643 /*
644 * Find the default group...
645 */
646
647 group = getgrnam(CUPS_DEFAULT_GROUP);
648 endgrent();
649
650 if (group)
651 Group = group->gr_gid;
652 else
653 {
654 /*
655 * Fallback to group "nobody"...
656 */
657
658 group = getgrnam("nobody");
659 endgrent();
660
661 if (group)
662 Group = group->gr_gid;
663 else
664 {
665 /*
666 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
667 * complement number...)
668 */
669
670 Group = 65534;
671 }
672 }
673
674 /*
675 * Numeric options...
676 */
677
678 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
679 ConfigFilePerm = CUPS_DEFAULT_CONFIG_FILE_PERM;
680 FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS);
681 default_auth_type = CUPSD_AUTH_BASIC;
682 #ifdef HAVE_SSL
683 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
684 #endif /* HAVE_SSL */
685 DirtyCleanInterval = DEFAULT_KEEPALIVE;
686 JobKillDelay = DEFAULT_TIMEOUT;
687 JobRetryLimit = 5;
688 JobRetryInterval = 300;
689 FileDevice = FALSE;
690 FilterLevel = 0;
691 FilterLimit = 0;
692 FilterNice = 0;
693 HostNameLookups = FALSE;
694 KeepAlive = TRUE;
695 KeepAliveTimeout = DEFAULT_KEEPALIVE;
696 ListenBackLog = SOMAXCONN;
697 LogDebugHistory = 200;
698 LogFilePerm = CUPS_DEFAULT_LOG_FILE_PERM;
699 LogLevel = CUPSD_LOG_WARN;
700 LogTimeFormat = CUPSD_TIME_STANDARD;
701 MaxClients = 100;
702 MaxClientsPerHost = 0;
703 MaxLogSize = 1024 * 1024;
704 MaxRequestSize = 0;
705 MultipleOperationTimeout = DEFAULT_TIMEOUT;
706 NumSystemGroups = 0;
707 ReloadTimeout = DEFAULT_KEEPALIVE;
708 RootCertDuration = 300;
709 StrictConformance = FALSE;
710 SyncOnClose = FALSE;
711 Timeout = DEFAULT_TIMEOUT;
712 WebInterface = CUPS_DEFAULT_WEBIF;
713
714 BrowseLocalProtocols = parse_protocols(CUPS_DEFAULT_BROWSE_LOCAL_PROTOCOLS);
715 BrowseWebIF = FALSE;
716 Browsing = CUPS_DEFAULT_BROWSING;
717 DefaultShared = CUPS_DEFAULT_DEFAULT_SHARED;
718
719 #if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
720 cupsdSetString(&DNSSDSubTypes, "_cups,_print");
721 #endif /* HAVE_DNSSD || HAVE_AVAHI */
722
723 cupsdSetString(&LPDConfigFile, CUPS_DEFAULT_LPD_CONFIG_FILE);
724 cupsdSetString(&SMBConfigFile, CUPS_DEFAULT_SMB_CONFIG_FILE);
725
726 cupsdSetString(&ErrorPolicy, "stop-printer");
727
728 JobHistory = DEFAULT_HISTORY;
729 JobFiles = DEFAULT_FILES;
730 JobAutoPurge = 0;
731 MaxHoldTime = 0;
732 MaxJobs = 500;
733 MaxActiveJobs = 0;
734 MaxJobsPerUser = 0;
735 MaxJobsPerPrinter = 0;
736 MaxJobTime = 3 * 60 * 60; /* 3 hours */
737 MaxCopies = CUPS_DEFAULT_MAX_COPIES;
738
739 cupsdDeleteAllPolicies();
740 cupsdClearString(&DefaultPolicy);
741
742 #ifdef HAVE_AUTHORIZATION_H
743 cupsdSetString(&SystemGroupAuthKey, CUPS_DEFAULT_SYSTEM_AUTHKEY);
744 #endif /* HAVE_AUTHORIZATION_H */
745
746 MaxSubscriptions = 100;
747 MaxSubscriptionsPerJob = 0;
748 MaxSubscriptionsPerPrinter = 0;
749 MaxSubscriptionsPerUser = 0;
750 DefaultLeaseDuration = 86400;
751 MaxLeaseDuration = 0;
752
753 #ifdef HAVE_LAUNCHD
754 LaunchdTimeout = 10;
755 #endif /* HAVE_LAUNCHD */
756
757 /*
758 * Setup environment variables...
759 */
760
761 cupsdInitEnv();
762
763 /*
764 * Read the cups-files.conf file...
765 */
766
767 if ((fp = cupsFileOpen(CupsFilesFile, "r")) != NULL)
768 {
769 status = read_cups_files_conf(fp);
770
771 cupsFileClose(fp);
772
773 if (!status)
774 {
775 if (TestConfigFile)
776 printf("\"%s\" contains errors.\n", CupsFilesFile);
777 else
778 syslog(LOG_LPR, "Unable to read \"%s\" due to errors.",
779 CupsFilesFile);
780
781 return (0);
782 }
783 }
784 else if (errno == ENOENT)
785 cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile);
786 else
787 {
788 syslog(LOG_LPR, "Unable to open \"%s\": %s", CupsFilesFile,
789 strerror(errno));
790 return (0);
791 }
792
793 if (!ErrorLog)
794 cupsdSetString(&ErrorLog, CUPS_LOGDIR "/error_log");
795
796 /*
797 * Read the cupsd.conf file...
798 */
799
800 if ((fp = cupsFileOpen(ConfigurationFile, "r")) == NULL)
801 {
802 syslog(LOG_LPR, "Unable to open \"%s\": %s", ConfigurationFile,
803 strerror(errno));
804 return (0);
805 }
806
807 status = read_cupsd_conf(fp);
808
809 cupsFileClose(fp);
810
811 if (!status)
812 {
813 if (TestConfigFile)
814 printf("\"%s\" contains errors.\n", ConfigurationFile);
815 else
816 syslog(LOG_LPR, "Unable to read \"%s\" due to errors.",
817 ConfigurationFile);
818
819 return (0);
820 }
821
822 RunUser = getuid();
823
824 cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
825 RemotePort ? "enabled" : "disabled");
826
827 if (!RemotePort)
828 BrowseLocalProtocols = 0; /* Disable sharing - no remote access */
829
830 /*
831 * See if the ServerName is an IP address...
832 */
833
834 if (ServerName)
835 {
836 if (!ServerAlias)
837 ServerAlias = cupsArrayNew(NULL, NULL);
838
839 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", ServerName);
840 }
841 else
842 {
843 if (gethostname(temp, sizeof(temp)))
844 {
845 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get hostname: %s",
846 strerror(errno));
847 strlcpy(temp, "localhost", sizeof(temp));
848 }
849
850 cupsdSetString(&ServerName, temp);
851
852 if (!ServerAlias)
853 ServerAlias = cupsArrayNew(NULL, NULL);
854
855 cupsdAddAlias(ServerAlias, temp);
856 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
857
858 if (HostNameLookups || RemotePort)
859 {
860 struct hostent *host; /* Host entry to get FQDN */
861
862 if ((host = gethostbyname(temp)) != NULL)
863 {
864 if (_cups_strcasecmp(temp, host->h_name))
865 {
866 cupsdSetString(&ServerName, host->h_name);
867 cupsdAddAlias(ServerAlias, host->h_name);
868 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
869 host->h_name);
870 }
871
872 if (host->h_aliases)
873 {
874 for (i = 0; host->h_aliases[i]; i ++)
875 if (_cups_strcasecmp(temp, host->h_aliases[i]))
876 {
877 cupsdAddAlias(ServerAlias, host->h_aliases[i]);
878 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
879 host->h_aliases[i]);
880 }
881 }
882 }
883 }
884
885 /*
886 * Make sure we have the base hostname added as an alias, too!
887 */
888
889 if ((slash = strchr(temp, '.')) != NULL)
890 {
891 *slash = '\0';
892 cupsdAddAlias(ServerAlias, temp);
893 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
894 }
895 }
896
897 for (slash = ServerName; isdigit(*slash & 255) || *slash == '.'; slash ++);
898
899 ServerNameIsIP = !*slash;
900
901 /*
902 * Make sure ServerAdmin is initialized...
903 */
904
905 if (!ServerAdmin)
906 cupsdSetStringf(&ServerAdmin, "root@%s", ServerName);
907
908 /*
909 * Use the default system group if none was supplied in cupsd.conf...
910 */
911
912 if (NumSystemGroups == 0)
913 {
914 if (!parse_groups(CUPS_DEFAULT_SYSTEM_GROUPS))
915 {
916 /*
917 * Find the group associated with GID 0...
918 */
919
920 group = getgrgid(0);
921 endgrent();
922
923 if (group != NULL)
924 cupsdSetString(&SystemGroups[0], group->gr_name);
925 else
926 cupsdSetString(&SystemGroups[0], "unknown");
927
928 SystemGroupIDs[0] = 0;
929 NumSystemGroups = 1;
930 }
931 }
932
933 /*
934 * Make sure ConfigFilePerm and LogFilePerm have sane values...
935 */
936
937 ConfigFilePerm &= 0664;
938 LogFilePerm &= 0664;
939
940 /*
941 * Open the system log for cupsd if necessary...
942 */
943
944 #ifdef HAVE_VSYSLOG
945 if (!strcmp(AccessLog, "syslog") ||
946 !strcmp(ErrorLog, "syslog") ||
947 !strcmp(PageLog, "syslog"))
948 openlog("cupsd", LOG_PID | LOG_NOWAIT | LOG_NDELAY, LOG_LPR);
949 #endif /* HAVE_VSYSLOG */
950
951 /*
952 * Make sure each of the log files exists and gets rotated as necessary...
953 */
954
955 if (strcmp(AccessLog, "syslog"))
956 cupsdCheckLogFile(&AccessFile, AccessLog);
957
958 if (strcmp(ErrorLog, "syslog"))
959 cupsdCheckLogFile(&ErrorFile, ErrorLog);
960
961 if (strcmp(PageLog, "syslog"))
962 cupsdCheckLogFile(&PageFile, PageLog);
963
964 /*
965 * Log the configuration file that was used...
966 */
967
968 cupsdLogMessage(CUPSD_LOG_INFO, "Loaded configuration file \"%s\"",
969 ConfigurationFile);
970
971 /*
972 * Validate the Group and SystemGroup settings - they cannot be the same,
973 * otherwise the CGI programs will be able to authenticate as root without
974 * a password!
975 */
976
977 if (!RunUser)
978 {
979 for (i = 0; i < NumSystemGroups; i ++)
980 if (Group == SystemGroupIDs[i])
981 break;
982
983 if (i < NumSystemGroups)
984 {
985 /*
986 * Log the error and reset the group to a safe value...
987 */
988
989 cupsdLogMessage(CUPSD_LOG_NOTICE,
990 "Group and SystemGroup cannot use the same groups.");
991 cupsdLogMessage(CUPSD_LOG_INFO, "Resetting Group to \"nobody\"...");
992
993 group = getgrnam("nobody");
994 endgrent();
995
996 if (group != NULL)
997 Group = group->gr_gid;
998 else
999 {
1000 /*
1001 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
1002 * complement number...)
1003 */
1004
1005 Group = 65534;
1006 }
1007 }
1008 }
1009
1010 /*
1011 * Check that we have at least one listen/port line; if not, report this
1012 * as an error and exit!
1013 */
1014
1015 if (cupsArrayCount(Listeners) == 0)
1016 {
1017 /*
1018 * No listeners!
1019 */
1020
1021 cupsdLogMessage(CUPSD_LOG_EMERG,
1022 "No valid Listen or Port lines were found in the "
1023 "configuration file.");
1024
1025 /*
1026 * Commit suicide...
1027 */
1028
1029 cupsdEndProcess(getpid(), 0);
1030 }
1031
1032 /*
1033 * Set the default locale using the language and charset...
1034 */
1035
1036 cupsdSetStringf(&DefaultLocale, "%s.UTF-8", DefaultLanguage);
1037
1038 /*
1039 * Update all relative filenames to include the full path from ServerRoot...
1040 */
1041
1042 if (DocumentRoot[0] != '/')
1043 cupsdSetStringf(&DocumentRoot, "%s/%s", ServerRoot, DocumentRoot);
1044
1045 if (RequestRoot[0] != '/')
1046 cupsdSetStringf(&RequestRoot, "%s/%s", ServerRoot, RequestRoot);
1047
1048 if (ServerBin[0] != '/')
1049 cupsdSetStringf(&ServerBin, "%s/%s", ServerRoot, ServerBin);
1050
1051 if (StateDir[0] != '/')
1052 cupsdSetStringf(&StateDir, "%s/%s", ServerRoot, StateDir);
1053
1054 if (CacheDir[0] != '/')
1055 cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir);
1056
1057 #ifdef HAVE_SSL
1058 if (ServerKeychain[0] != '/')
1059 cupsdSetStringf(&ServerKeychain, "%s/%s", ServerRoot, ServerKeychain);
1060
1061 cupsSetServerCredentials(ServerKeychain, ServerName, 1);
1062 #endif /* HAVE_SSL */
1063
1064 /*
1065 * Make sure that directories and config files are owned and
1066 * writable by the user and group in the cupsd.conf file...
1067 */
1068
1069 snprintf(temp, sizeof(temp), "%s/rss", CacheDir);
1070
1071 if ((cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser,
1072 Group, 1, 1) < 0 ||
1073 cupsdCheckPermissions(CacheDir, NULL, 0775, RunUser,
1074 Group, 1, 1) < 0 ||
1075 cupsdCheckPermissions(temp, NULL, 0775, RunUser,
1076 Group, 1, 1) < 0 ||
1077 cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
1078 Group, 1, 1) < 0 ||
1079 cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
1080 SystemGroupIDs[0], 1, 1) < 0 ||
1081 cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
1082 Group, 1, 0) < 0 ||
1083 cupsdCheckPermissions(ServerRoot, "ppd", 0755, RunUser,
1084 Group, 1, 1) < 0 ||
1085 cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser,
1086 Group, 1, 0) < 0 ||
1087 cupsdCheckPermissions(ConfigurationFile, NULL, ConfigFilePerm, RunUser,
1088 Group, 0, 0) < 0 ||
1089 cupsdCheckPermissions(CupsFilesFile, NULL, ConfigFilePerm, RunUser,
1090 Group, 0, 0) < 0 ||
1091 cupsdCheckPermissions(ServerRoot, "classes.conf", 0600, RunUser,
1092 Group, 0, 0) < 0 ||
1093 cupsdCheckPermissions(ServerRoot, "printers.conf", 0600, RunUser,
1094 Group, 0, 0) < 0 ||
1095 cupsdCheckPermissions(ServerRoot, "passwd.md5", 0600, User,
1096 Group, 0, 0) < 0) &&
1097 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1098 return (0);
1099
1100 /*
1101 * Update TempDir to the default if it hasn't been set already...
1102 */
1103
1104 #ifdef __APPLE__
1105 if (TempDir && !RunUser &&
1106 (!strncmp(TempDir, "/private/tmp", 12) || !strncmp(TempDir, "/tmp", 4)))
1107 {
1108 cupsdLogMessage(CUPSD_LOG_ERROR, "Cannot use %s for TempDir.", TempDir);
1109 cupsdClearString(&TempDir);
1110 }
1111 #endif /* __APPLE__ */
1112
1113 if (!TempDir)
1114 {
1115 #ifdef __APPLE__
1116 if ((tmpdir = getenv("TMPDIR")) != NULL &&
1117 strncmp(tmpdir, "/private/tmp", 12) && strncmp(tmpdir, "/tmp", 4))
1118 #else
1119 if ((tmpdir = getenv("TMPDIR")) != NULL)
1120 #endif /* __APPLE__ */
1121 {
1122 /*
1123 * TMPDIR is defined, see if it is OK for us to use...
1124 */
1125
1126 if (stat(tmpdir, &tmpinfo))
1127 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to access TMPDIR (%s): %s",
1128 tmpdir, strerror(errno));
1129 else if (!S_ISDIR(tmpinfo.st_mode))
1130 cupsdLogMessage(CUPSD_LOG_ERROR, "TMPDIR (%s) is not a directory.",
1131 tmpdir);
1132 else if ((tmpinfo.st_uid != User || !(tmpinfo.st_mode & S_IWUSR)) &&
1133 (tmpinfo.st_gid != Group || !(tmpinfo.st_mode & S_IWGRP)) &&
1134 !(tmpinfo.st_mode & S_IWOTH))
1135 cupsdLogMessage(CUPSD_LOG_ERROR,
1136 "TMPDIR (%s) has the wrong permissions.", tmpdir);
1137 else
1138 cupsdSetString(&TempDir, tmpdir);
1139 }
1140 }
1141
1142 if (!TempDir)
1143 {
1144 cupsdLogMessage(CUPSD_LOG_INFO, "Using default TempDir of %s/tmp...",
1145 RequestRoot);
1146 cupsdSetStringf(&TempDir, "%s/tmp", RequestRoot);
1147 }
1148
1149 setenv("TMPDIR", TempDir, 1);
1150
1151 /*
1152 * Make sure the temporary directory has the right permissions...
1153 */
1154
1155 if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)) ||
1156 access(TempDir, 0))
1157 {
1158 /*
1159 * Update ownership and permissions if the CUPS temp directory
1160 * is under the spool directory or does not exist...
1161 */
1162
1163 if (cupsdCheckPermissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0 &&
1164 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1165 return (0);
1166 }
1167
1168 /*
1169 * Update environment variables...
1170 */
1171
1172 cupsdUpdateEnv();
1173
1174 /*
1175 * Update default paper size setting as needed...
1176 */
1177
1178 if (!DefaultPaperSize)
1179 {
1180 #ifdef HAVE_LIBPAPER
1181 char *paper_result; /* Paper size name from libpaper */
1182
1183 if ((paper_result = systempapername()) != NULL)
1184 cupsdSetString(&DefaultPaperSize, paper_result);
1185 else
1186 #endif /* HAVE_LIBPAPER */
1187 if (!DefaultLanguage ||
1188 !_cups_strcasecmp(DefaultLanguage, "C") ||
1189 !_cups_strcasecmp(DefaultLanguage, "POSIX") ||
1190 !_cups_strcasecmp(DefaultLanguage, "en") ||
1191 !_cups_strncasecmp(DefaultLanguage, "en.", 3) ||
1192 !_cups_strncasecmp(DefaultLanguage, "en_US", 5) ||
1193 !_cups_strncasecmp(DefaultLanguage, "en_CA", 5) ||
1194 !_cups_strncasecmp(DefaultLanguage, "fr_CA", 5))
1195 {
1196 /*
1197 * These are the only locales that will default to "letter" size...
1198 */
1199
1200 cupsdSetString(&DefaultPaperSize, "Letter");
1201 }
1202 else
1203 cupsdSetString(&DefaultPaperSize, "A4");
1204 }
1205
1206 /*
1207 * Update classification setting as needed...
1208 */
1209
1210 if (Classification && !_cups_strcasecmp(Classification, "none"))
1211 cupsdClearString(&Classification);
1212
1213 if (Classification)
1214 cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
1215
1216 /*
1217 * Check the MaxClients setting, and then allocate memory for it...
1218 */
1219
1220 if (MaxClients > (MaxFDs / 3) || MaxClients <= 0)
1221 {
1222 if (MaxClients > 0)
1223 cupsdLogMessage(CUPSD_LOG_INFO,
1224 "MaxClients limited to 1/3 (%d) of the file descriptor "
1225 "limit (%d)...",
1226 MaxFDs / 3, MaxFDs);
1227
1228 MaxClients = MaxFDs / 3;
1229 }
1230
1231 cupsdLogMessage(CUPSD_LOG_INFO, "Configured for up to %d clients.",
1232 MaxClients);
1233
1234 /*
1235 * Check the MaxActiveJobs setting; limit to 1/3 the available
1236 * file descriptors, since we need a pipe for each job...
1237 */
1238
1239 if (MaxActiveJobs > (MaxFDs / 3))
1240 MaxActiveJobs = MaxFDs / 3;
1241
1242 /*
1243 * Update the MaxClientsPerHost value, as needed...
1244 */
1245
1246 if (MaxClientsPerHost <= 0)
1247 MaxClientsPerHost = MaxClients;
1248
1249 if (MaxClientsPerHost > MaxClients)
1250 MaxClientsPerHost = MaxClients;
1251
1252 cupsdLogMessage(CUPSD_LOG_INFO,
1253 "Allowing up to %d client connections per host.",
1254 MaxClientsPerHost);
1255
1256 /*
1257 * Update the default policy, as needed...
1258 */
1259
1260 if (DefaultPolicy)
1261 DefaultPolicyPtr = cupsdFindPolicy(DefaultPolicy);
1262 else
1263 DefaultPolicyPtr = NULL;
1264
1265 if (!DefaultPolicyPtr)
1266 {
1267 cupsd_location_t *po; /* New policy operation */
1268
1269
1270 if (DefaultPolicy)
1271 cupsdLogMessage(CUPSD_LOG_ERROR, "Default policy \"%s\" not found.",
1272 DefaultPolicy);
1273
1274 cupsdSetString(&DefaultPolicy, "default");
1275
1276 if ((DefaultPolicyPtr = cupsdFindPolicy("default")) != NULL)
1277 cupsdLogMessage(CUPSD_LOG_INFO,
1278 "Using policy \"default\" as the default.");
1279 else
1280 {
1281 cupsdLogMessage(CUPSD_LOG_INFO,
1282 "Creating CUPS default administrative policy:");
1283
1284 DefaultPolicyPtr = p = cupsdAddPolicy("default");
1285
1286 cupsdLogMessage(CUPSD_LOG_INFO, "<Policy default>");
1287
1288 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateAccess default");
1289 cupsdAddString(&(p->job_access), "@OWNER");
1290 cupsdAddString(&(p->job_access), "@SYSTEM");
1291
1292 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateValues default");
1293 cupsdAddString(&(p->job_attrs), "job-name");
1294 cupsdAddString(&(p->job_attrs), "job-originating-host-name");
1295 cupsdAddString(&(p->job_attrs), "job-originating-user-name");
1296
1297 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateAccess default");
1298 cupsdAddString(&(p->sub_access), "@OWNER");
1299 cupsdAddString(&(p->sub_access), "@SYSTEM");
1300
1301 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateValues default");
1302 cupsdAddString(&(p->job_attrs), "notify-events");
1303 cupsdAddString(&(p->job_attrs), "notify-pull-method");
1304 cupsdAddString(&(p->job_attrs), "notify-recipient-uri");
1305 cupsdAddString(&(p->job_attrs), "notify-subscriber-user-name");
1306 cupsdAddString(&(p->job_attrs), "notify-user-data");
1307
1308 cupsdLogMessage(CUPSD_LOG_INFO,
1309 "<Limit Create-Job Print-Job Print-URI Validate-Job>");
1310 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1311
1312 po = cupsdAddPolicyOp(p, NULL, IPP_CREATE_JOB);
1313 po->order_type = CUPSD_AUTH_ALLOW;
1314
1315 cupsdAddPolicyOp(p, po, IPP_PRINT_JOB);
1316 cupsdAddPolicyOp(p, po, IPP_PRINT_URI);
1317 cupsdAddPolicyOp(p, po, IPP_VALIDATE_JOB);
1318
1319 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1320
1321 cupsdLogMessage(CUPSD_LOG_INFO,
1322 "<Limit Send-Document Send-URI Cancel-Job Hold-Job "
1323 "Release-Job Restart-Job Purge-Jobs "
1324 "Set-Job-Attributes Create-Job-Subscription "
1325 "Renew-Subscription Cancel-Subscription "
1326 "Get-Notifications Reprocess-Job Cancel-Current-Job "
1327 "Suspend-Current-Job Resume-Job "
1328 "Cancel-My-Jobs Close-Job CUPS-Move-Job "
1329 "CUPS-Authenticate-Job CUPS-Get-Document>");
1330 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1331
1332 po = cupsdAddPolicyOp(p, NULL, IPP_SEND_DOCUMENT);
1333 po->order_type = CUPSD_AUTH_ALLOW;
1334 po->level = CUPSD_AUTH_USER;
1335
1336 cupsdAddName(po, "@OWNER");
1337 cupsdAddName(po, "@SYSTEM");
1338 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @OWNER @SYSTEM");
1339
1340 cupsdAddPolicyOp(p, po, IPP_SEND_URI);
1341 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOB);
1342 cupsdAddPolicyOp(p, po, IPP_HOLD_JOB);
1343 cupsdAddPolicyOp(p, po, IPP_RELEASE_JOB);
1344 cupsdAddPolicyOp(p, po, IPP_RESTART_JOB);
1345 cupsdAddPolicyOp(p, po, IPP_PURGE_JOBS);
1346 cupsdAddPolicyOp(p, po, IPP_SET_JOB_ATTRIBUTES);
1347 cupsdAddPolicyOp(p, po, IPP_CREATE_JOB_SUBSCRIPTION);
1348 cupsdAddPolicyOp(p, po, IPP_RENEW_SUBSCRIPTION);
1349 cupsdAddPolicyOp(p, po, IPP_CANCEL_SUBSCRIPTION);
1350 cupsdAddPolicyOp(p, po, IPP_GET_NOTIFICATIONS);
1351 cupsdAddPolicyOp(p, po, IPP_REPROCESS_JOB);
1352 cupsdAddPolicyOp(p, po, IPP_CANCEL_CURRENT_JOB);
1353 cupsdAddPolicyOp(p, po, IPP_SUSPEND_CURRENT_JOB);
1354 cupsdAddPolicyOp(p, po, IPP_RESUME_JOB);
1355 cupsdAddPolicyOp(p, po, IPP_CANCEL_MY_JOBS);
1356 cupsdAddPolicyOp(p, po, IPP_CLOSE_JOB);
1357 cupsdAddPolicyOp(p, po, CUPS_MOVE_JOB);
1358 cupsdAddPolicyOp(p, po, CUPS_AUTHENTICATE_JOB);
1359 cupsdAddPolicyOp(p, po, CUPS_GET_DOCUMENT);
1360
1361 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1362
1363 cupsdLogMessage(CUPSD_LOG_INFO,
1364 "<Limit Pause-Printer Resume-Printer "
1365 "Set-Printer-Attributes Enable-Printer "
1366 "Disable-Printer Pause-Printer-After-Current-Job "
1367 "Hold-New-Jobs Release-Held-New-Jobs "
1368 "Deactivate-Printer Activate-Printer Restart-Printer "
1369 "Shutdown-Printer Startup-Printer Promote-Job "
1370 "Schedule-Job-After Cancel-Jobs CUPS-Add-Printer "
1371 "CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class "
1372 "CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>");
1373 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1374 cupsdLogMessage(CUPSD_LOG_INFO, "AuthType Default");
1375
1376 po = cupsdAddPolicyOp(p, NULL, IPP_PAUSE_PRINTER);
1377 po->order_type = CUPSD_AUTH_ALLOW;
1378 po->type = CUPSD_AUTH_DEFAULT;
1379 po->level = CUPSD_AUTH_USER;
1380
1381 cupsdAddName(po, "@SYSTEM");
1382 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @SYSTEM");
1383
1384 cupsdAddPolicyOp(p, po, IPP_RESUME_PRINTER);
1385 cupsdAddPolicyOp(p, po, IPP_SET_PRINTER_ATTRIBUTES);
1386 cupsdAddPolicyOp(p, po, IPP_ENABLE_PRINTER);
1387 cupsdAddPolicyOp(p, po, IPP_DISABLE_PRINTER);
1388 cupsdAddPolicyOp(p, po, IPP_PAUSE_PRINTER_AFTER_CURRENT_JOB);
1389 cupsdAddPolicyOp(p, po, IPP_HOLD_NEW_JOBS);
1390 cupsdAddPolicyOp(p, po, IPP_RELEASE_HELD_NEW_JOBS);
1391 cupsdAddPolicyOp(p, po, IPP_DEACTIVATE_PRINTER);
1392 cupsdAddPolicyOp(p, po, IPP_ACTIVATE_PRINTER);
1393 cupsdAddPolicyOp(p, po, IPP_RESTART_PRINTER);
1394 cupsdAddPolicyOp(p, po, IPP_SHUTDOWN_PRINTER);
1395 cupsdAddPolicyOp(p, po, IPP_STARTUP_PRINTER);
1396 cupsdAddPolicyOp(p, po, IPP_PROMOTE_JOB);
1397 cupsdAddPolicyOp(p, po, IPP_SCHEDULE_JOB_AFTER);
1398 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOBS);
1399 cupsdAddPolicyOp(p, po, CUPS_ADD_PRINTER);
1400 cupsdAddPolicyOp(p, po, CUPS_DELETE_PRINTER);
1401 cupsdAddPolicyOp(p, po, CUPS_ADD_CLASS);
1402 cupsdAddPolicyOp(p, po, CUPS_DELETE_CLASS);
1403 cupsdAddPolicyOp(p, po, CUPS_ACCEPT_JOBS);
1404 cupsdAddPolicyOp(p, po, CUPS_REJECT_JOBS);
1405 cupsdAddPolicyOp(p, po, CUPS_SET_DEFAULT);
1406
1407 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1408
1409 cupsdLogMessage(CUPSD_LOG_INFO, "<Limit All>");
1410 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1411
1412 po = cupsdAddPolicyOp(p, NULL, IPP_ANY_OPERATION);
1413 po->order_type = CUPSD_AUTH_ALLOW;
1414
1415 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1416 cupsdLogMessage(CUPSD_LOG_INFO, "</Policy>");
1417 }
1418 }
1419
1420 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: NumPolicies=%d",
1421 cupsArrayCount(Policies));
1422 for (i = 0, p = (cupsd_policy_t *)cupsArrayFirst(Policies);
1423 p;
1424 i ++, p = (cupsd_policy_t *)cupsArrayNext(Policies))
1425 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1426 "cupsdReadConfiguration: Policies[%d]=\"%s\"", i, p->name);
1427
1428 /*
1429 * If we are doing a full reload or the server root has changed, flush
1430 * the jobs, printers, etc. and start from scratch...
1431 */
1432
1433 if (NeedReload == RELOAD_ALL ||
1434 old_remote_port != RemotePort ||
1435 !old_serverroot || !ServerRoot || strcmp(old_serverroot, ServerRoot) ||
1436 !old_requestroot || !RequestRoot || strcmp(old_requestroot, RequestRoot))
1437 {
1438 mime_type_t *type; /* Current type */
1439 char mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE];
1440 /* MIME type name */
1441
1442
1443 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload is required.");
1444
1445 /*
1446 * Free all memory...
1447 */
1448
1449 cupsdDeleteAllSubscriptions();
1450 cupsdFreeAllJobs();
1451 cupsdDeleteAllPrinters();
1452
1453 DefaultPrinter = NULL;
1454
1455 if (MimeDatabase != NULL)
1456 mimeDelete(MimeDatabase);
1457
1458 if (NumMimeTypes)
1459 {
1460 for (i = 0; i < NumMimeTypes; i ++)
1461 _cupsStrFree(MimeTypes[i]);
1462
1463 free(MimeTypes);
1464 }
1465
1466 /*
1467 * Read the MIME type and conversion database...
1468 */
1469
1470 snprintf(temp, sizeof(temp), "%s/filter", ServerBin);
1471 snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir);
1472
1473 MimeDatabase = mimeNew();
1474 mimeSetErrorCallback(MimeDatabase, mime_error_cb, NULL);
1475
1476 MimeDatabase = mimeLoadTypes(MimeDatabase, mimedir);
1477 MimeDatabase = mimeLoadTypes(MimeDatabase, ServerRoot);
1478 MimeDatabase = mimeLoadFilters(MimeDatabase, mimedir, temp);
1479 MimeDatabase = mimeLoadFilters(MimeDatabase, ServerRoot, temp);
1480
1481 if (!MimeDatabase)
1482 {
1483 cupsdLogMessage(CUPSD_LOG_EMERG,
1484 "Unable to load MIME database from \"%s\" or \"%s\".",
1485 mimedir, ServerRoot);
1486 if (FatalErrors & CUPSD_FATAL_CONFIG)
1487 return (0);
1488 }
1489
1490 cupsdLogMessage(CUPSD_LOG_INFO,
1491 "Loaded MIME database from \"%s\" and \"%s\": %d types, "
1492 "%d filters...", mimedir, ServerRoot,
1493 mimeNumTypes(MimeDatabase), mimeNumFilters(MimeDatabase));
1494
1495 /*
1496 * Create a list of MIME types for the document-format-supported
1497 * attribute...
1498 */
1499
1500 NumMimeTypes = mimeNumTypes(MimeDatabase);
1501 if (!mimeType(MimeDatabase, "application", "octet-stream"))
1502 NumMimeTypes ++;
1503
1504 if ((MimeTypes = calloc(NumMimeTypes, sizeof(const char *))) == NULL)
1505 {
1506 cupsdLogMessage(CUPSD_LOG_ERROR,
1507 "Unable to allocate memory for %d MIME types.",
1508 NumMimeTypes);
1509 NumMimeTypes = 0;
1510 }
1511 else
1512 {
1513 for (i = 0, type = mimeFirstType(MimeDatabase);
1514 type;
1515 i ++, type = mimeNextType(MimeDatabase))
1516 {
1517 snprintf(mimetype, sizeof(mimetype), "%s/%s", type->super, type->type);
1518
1519 MimeTypes[i] = _cupsStrAlloc(mimetype);
1520 }
1521
1522 if (i < NumMimeTypes)
1523 MimeTypes[i] = _cupsStrAlloc("application/octet-stream");
1524 }
1525
1526 if (LogLevel == CUPSD_LOG_DEBUG2)
1527 {
1528 mime_filter_t *filter; /* Current filter */
1529
1530
1531 for (type = mimeFirstType(MimeDatabase);
1532 type;
1533 type = mimeNextType(MimeDatabase))
1534 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: type %s/%s",
1535 type->super, type->type);
1536
1537 for (filter = mimeFirstFilter(MimeDatabase);
1538 filter;
1539 filter = mimeNextFilter(MimeDatabase))
1540 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1541 "cupsdReadConfiguration: filter %s/%s to %s/%s %d %s",
1542 filter->src->super, filter->src->type,
1543 filter->dst->super, filter->dst->type,
1544 filter->cost, filter->filter);
1545 }
1546
1547 /*
1548 * Load banners...
1549 */
1550
1551 snprintf(temp, sizeof(temp), "%s/banners", DataDir);
1552 cupsdLoadBanners(temp);
1553
1554 /*
1555 * Load printers and classes...
1556 */
1557
1558 cupsdLoadAllPrinters();
1559 cupsdLoadAllClasses();
1560
1561 cupsdCreateCommonData();
1562
1563 /*
1564 * Update the printcap file as needed...
1565 */
1566
1567 if (Printcap && *Printcap && access(Printcap, 0))
1568 cupsdWritePrintcap();
1569
1570 /*
1571 * Load queued jobs...
1572 */
1573
1574 cupsdLoadAllJobs();
1575
1576 /*
1577 * Load subscriptions...
1578 */
1579
1580 cupsdLoadAllSubscriptions();
1581
1582 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload complete.");
1583 }
1584 else
1585 {
1586 /*
1587 * Not a full reload, so recreate the common printer attributes...
1588 */
1589
1590 cupsdCreateCommonData();
1591
1592 /*
1593 * Update all jobs as needed...
1594 */
1595
1596 cupsdUpdateJobs();
1597
1598 /*
1599 * Update all printers as needed...
1600 */
1601
1602 cupsdUpdatePrinters();
1603 cupsdMarkDirty(CUPSD_DIRTY_PRINTCAP);
1604
1605 cupsdLogMessage(CUPSD_LOG_INFO, "Partial reload complete.");
1606 }
1607
1608 /*
1609 * Reset the reload state...
1610 */
1611
1612 NeedReload = RELOAD_NONE;
1613
1614 cupsdClearString(&old_serverroot);
1615 cupsdClearString(&old_requestroot);
1616
1617 return (1);
1618 }
1619
1620
1621 /*
1622 * 'get_address()' - Get an address + port number from a line.
1623 */
1624
1625 static http_addrlist_t * /* O - Pointer to list if address good, NULL if bad */
1626 get_address(const char *value, /* I - Value string */
1627 int defport) /* I - Default port */
1628 {
1629 char buffer[1024], /* Hostname + port number buffer */
1630 defpname[255], /* Default port name */
1631 *hostname, /* Hostname or IP */
1632 *portname; /* Port number or name */
1633 http_addrlist_t *addrlist; /* Address list */
1634
1635
1636 /*
1637 * Check for an empty value...
1638 */
1639
1640 if (!*value)
1641 {
1642 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad (empty) address.");
1643 return (NULL);
1644 }
1645
1646 /*
1647 * Grab a hostname and port number; if there is no colon and the port name
1648 * is only digits, then we have a port number by itself...
1649 */
1650
1651 strlcpy(buffer, value, sizeof(buffer));
1652
1653 if ((portname = strrchr(buffer, ':')) != NULL && !strchr(portname, ']'))
1654 {
1655 *portname++ = '\0';
1656 hostname = buffer;
1657 }
1658 else
1659 {
1660 for (portname = buffer; isdigit(*portname & 255); portname ++);
1661
1662 if (*portname)
1663 {
1664 /*
1665 * Use the default port...
1666 */
1667
1668 sprintf(defpname, "%d", defport);
1669 portname = defpname;
1670 hostname = buffer;
1671 }
1672 else
1673 {
1674 /*
1675 * The buffer contains just a port number...
1676 */
1677
1678 portname = buffer;
1679 hostname = NULL;
1680 }
1681 }
1682
1683 if (hostname && !strcmp(hostname, "*"))
1684 hostname = NULL;
1685
1686 /*
1687 * Now lookup the address using httpAddrGetList()...
1688 */
1689
1690 if ((addrlist = httpAddrGetList(hostname, AF_UNSPEC, portname)) == NULL)
1691 cupsdLogMessage(CUPSD_LOG_ERROR, "Hostname lookup for \"%s\" failed.",
1692 hostname ? hostname : "(nil)");
1693
1694 return (addrlist);
1695 }
1696
1697
1698 /*
1699 * 'get_addr_and_mask()' - Get an IP address and netmask.
1700 */
1701
1702 static int /* O - 1 on success, 0 on failure */
1703 get_addr_and_mask(const char *value, /* I - String from config file */
1704 unsigned *ip, /* O - Address value */
1705 unsigned *mask) /* O - Mask value */
1706 {
1707 int i, j, /* Looping vars */
1708 family, /* Address family */
1709 ipcount; /* Count of fields in address */
1710 unsigned ipval; /* Value */
1711 const char *maskval, /* Pointer to start of mask value */
1712 *ptr, /* Pointer into value */
1713 *ptr2; /* ... */
1714
1715
1716 /*
1717 * Get the address...
1718 */
1719
1720 ip[0] = ip[1] = ip[2] = ip[3] = 0x00000000;
1721 mask[0] = mask[1] = mask[2] = mask[3] = 0xffffffff;
1722
1723 if ((maskval = strchr(value, '/')) != NULL)
1724 maskval ++;
1725 else
1726 maskval = value + strlen(value);
1727
1728 #ifdef AF_INET6
1729 /*
1730 * Check for an IPv6 address...
1731 */
1732
1733 if (*value == '[')
1734 {
1735 /*
1736 * Parse hexadecimal IPv6/IPv4 address...
1737 */
1738
1739 family = AF_INET6;
1740
1741 for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
1742 {
1743 if (*ptr == ']')
1744 break;
1745 else if (!strncmp(ptr, "::", 2))
1746 {
1747 for (ptr2 = strchr(ptr + 2, ':'), j = 0;
1748 ptr2;
1749 ptr2 = strchr(ptr2 + 1, ':'), j ++);
1750
1751 i = 6 - j;
1752 ptr += 2;
1753 }
1754 else if (isdigit(*ptr & 255) && strchr(ptr + 1, '.') && i >= 6)
1755 {
1756 /*
1757 * Read IPv4 dotted quad...
1758 */
1759
1760 unsigned val[4] = { 0, 0, 0, 0 };
1761 /* IPv4 address values */
1762
1763 ipcount = sscanf(ptr, "%u.%u.%u.%u", val + 0, val + 1, val + 2,
1764 val + 3);
1765
1766 /*
1767 * Range check the IP numbers...
1768 */
1769
1770 for (i = 0; i < ipcount; i ++)
1771 if (val[i] > 255)
1772 return (0);
1773
1774 /*
1775 * Merge everything into a 32-bit IPv4 address in ip[3]...
1776 */
1777
1778 ip[3] = ((((((unsigned)val[0] << 8) | (unsigned)val[1]) << 8) |
1779 (unsigned)val[2]) << 8) | (unsigned)val[3];
1780
1781 if (ipcount < 4)
1782 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1783
1784 /*
1785 * If the leading words are all 0's then this is an IPv4 address...
1786 */
1787
1788 if (!val[0] && !val[1] && !val[2])
1789 family = AF_INET;
1790
1791 while (isdigit(*ptr & 255) || *ptr == '.')
1792 ptr ++;
1793 break;
1794 }
1795 else if (isxdigit(*ptr & 255))
1796 {
1797 ipval = strtoul(ptr, (char **)&ptr, 16);
1798
1799 if (*ptr == ':' && ptr[1] != ':')
1800 ptr ++;
1801
1802 if (ipval > 0xffff)
1803 return (0);
1804
1805 if (i & 1)
1806 ip[i / 2] |= ipval;
1807 else
1808 ip[i / 2] |= ipval << 16;
1809 }
1810 else
1811 return (0);
1812 }
1813
1814 if (*ptr != ']')
1815 return (0);
1816
1817 ptr ++;
1818
1819 if (*ptr && *ptr != '/')
1820 return (0);
1821 }
1822 else
1823 #endif /* AF_INET6 */
1824 {
1825 /*
1826 * Parse dotted-decimal IPv4 address...
1827 */
1828
1829 unsigned val[4] = { 0, 0, 0, 0 }; /* IPv4 address values */
1830
1831
1832 family = AF_INET;
1833 ipcount = sscanf(value, "%u.%u.%u.%u", val + 0, val + 1, val + 2, val + 3);
1834
1835 /*
1836 * Range check the IP numbers...
1837 */
1838
1839 for (i = 0; i < ipcount; i ++)
1840 if (val[i] > 255)
1841 return (0);
1842
1843 /*
1844 * Merge everything into a 32-bit IPv4 address in ip[3]...
1845 */
1846
1847 ip[3] = ((((((unsigned)val[0] << 8) | (unsigned)val[1]) << 8) |
1848 (unsigned)val[2]) << 8) | (unsigned)val[3];
1849
1850 if (ipcount < 4)
1851 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1852 }
1853
1854 if (*maskval)
1855 {
1856 /*
1857 * Get the netmask value(s)...
1858 */
1859
1860 memset(mask, 0, sizeof(unsigned) * 4);
1861
1862 if (strchr(maskval, '.'))
1863 {
1864 /*
1865 * Get dotted-decimal mask...
1866 */
1867
1868 if (family != AF_INET)
1869 return (0);
1870
1871 if (sscanf(maskval, "%u.%u.%u.%u", mask + 0, mask + 1, mask + 2,
1872 mask + 3) != 4)
1873 return (0);
1874
1875 mask[3] |= (((((unsigned)mask[0] << 8) | (unsigned)mask[1]) << 8) |
1876 (unsigned)mask[2]) << 8;
1877 mask[0] = mask[1] = mask[2] = 0;
1878 }
1879 else
1880 {
1881 /*
1882 * Get address/bits format...
1883 */
1884
1885 i = atoi(maskval);
1886
1887 #ifdef AF_INET6
1888 if (family == AF_INET6)
1889 {
1890 if (i > 128)
1891 return (0);
1892
1893 i = 128 - i;
1894
1895 if (i <= 96)
1896 mask[0] = 0xffffffff;
1897 else
1898 mask[0] = (0xffffffff << (i - 96)) & 0xffffffff;
1899
1900 if (i <= 64)
1901 mask[1] = 0xffffffff;
1902 else if (i >= 96)
1903 mask[1] = 0;
1904 else
1905 mask[1] = (0xffffffff << (i - 64)) & 0xffffffff;
1906
1907 if (i <= 32)
1908 mask[2] = 0xffffffff;
1909 else if (i >= 64)
1910 mask[2] = 0;
1911 else
1912 mask[2] = (0xffffffff << (i - 32)) & 0xffffffff;
1913
1914 if (i == 0)
1915 mask[3] = 0xffffffff;
1916 else if (i >= 32)
1917 mask[3] = 0;
1918 else
1919 mask[3] = (0xffffffff << i) & 0xffffffff;
1920 }
1921 else
1922 #endif /* AF_INET6 */
1923 {
1924 if (i > 32)
1925 return (0);
1926
1927 mask[0] = 0xffffffff;
1928 mask[1] = 0xffffffff;
1929 mask[2] = 0xffffffff;
1930
1931 if (i < 32)
1932 mask[3] = (0xffffffff << (32 - i)) & 0xffffffff;
1933 else
1934 mask[3] = 0xffffffff;
1935 }
1936 }
1937 }
1938
1939 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1940 "get_addr_and_mask(value=\"%s\", "
1941 "ip=[%08x:%08x:%08x:%08x], mask=[%08x:%08x:%08x:%08x])",
1942 value, ip[0], ip[1], ip[2], ip[3], mask[0], mask[1], mask[2],
1943 mask[3]);
1944
1945 /*
1946 * Check for a valid netmask; no fallback like in CUPS 1.1.x!
1947 */
1948
1949 if ((ip[0] & ~mask[0]) != 0 ||
1950 (ip[1] & ~mask[1]) != 0 ||
1951 (ip[2] & ~mask[2]) != 0 ||
1952 (ip[3] & ~mask[3]) != 0)
1953 return (0);
1954
1955 return (1);
1956 }
1957
1958
1959 /*
1960 * 'mime_error_cb()' - Log a MIME error.
1961 */
1962
1963 static void
1964 mime_error_cb(void *ctx, /* I - Context pointer (unused) */
1965 const char *message) /* I - Message */
1966 {
1967 (void)ctx;
1968
1969 cupsdLogMessage(CUPSD_LOG_ERROR, "%s", message);
1970 }
1971
1972
1973 /*
1974 * 'parse_aaa()' - Parse authentication, authorization, and access control lines.
1975 */
1976
1977 static int /* O - 1 on success, 0 on failure */
1978 parse_aaa(cupsd_location_t *loc, /* I - Location */
1979 char *line, /* I - Line from file */
1980 char *value, /* I - Start of value data */
1981 int linenum) /* I - Current line number */
1982 {
1983 char *valptr; /* Pointer into value */
1984 unsigned ip[4], /* IP address components */
1985 mask[4]; /* IP netmask components */
1986
1987
1988 if (!_cups_strcasecmp(line, "Encryption"))
1989 {
1990 /*
1991 * "Encryption xxx" - set required encryption level...
1992 */
1993
1994 if (!_cups_strcasecmp(value, "never"))
1995 loc->encryption = HTTP_ENCRYPT_NEVER;
1996 else if (!_cups_strcasecmp(value, "always"))
1997 {
1998 cupsdLogMessage(CUPSD_LOG_ERROR,
1999 "Encryption value \"%s\" on line %d is invalid in this "
2000 "context. Using \"required\" instead.", value, linenum);
2001
2002 loc->encryption = HTTP_ENCRYPT_REQUIRED;
2003 }
2004 else if (!_cups_strcasecmp(value, "required"))
2005 loc->encryption = HTTP_ENCRYPT_REQUIRED;
2006 else if (!_cups_strcasecmp(value, "ifrequested"))
2007 loc->encryption = HTTP_ENCRYPT_IF_REQUESTED;
2008 else
2009 {
2010 cupsdLogMessage(CUPSD_LOG_ERROR,
2011 "Unknown Encryption value %s on line %d.", value, linenum);
2012 return (0);
2013 }
2014 }
2015 else if (!_cups_strcasecmp(line, "Order"))
2016 {
2017 /*
2018 * "Order Deny,Allow" or "Order Allow,Deny"...
2019 */
2020
2021 if (!_cups_strncasecmp(value, "deny", 4))
2022 loc->order_type = CUPSD_AUTH_ALLOW;
2023 else if (!_cups_strncasecmp(value, "allow", 5))
2024 loc->order_type = CUPSD_AUTH_DENY;
2025 else
2026 {
2027 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown Order value %s on line %d.",
2028 value, linenum);
2029 return (0);
2030 }
2031 }
2032 else if (!_cups_strcasecmp(line, "Allow") || !_cups_strcasecmp(line, "Deny"))
2033 {
2034 /*
2035 * Allow [From] host/ip...
2036 * Deny [From] host/ip...
2037 */
2038
2039 while (*value)
2040 {
2041 if (!_cups_strncasecmp(value, "from", 4))
2042 {
2043 /*
2044 * Strip leading "from"...
2045 */
2046
2047 value += 4;
2048
2049 while (_cups_isspace(*value))
2050 value ++;
2051
2052 if (!*value)
2053 break;
2054 }
2055
2056 /*
2057 * Find the end of the value...
2058 */
2059
2060 for (valptr = value; *valptr && !_cups_isspace(*valptr); valptr ++);
2061
2062 while (_cups_isspace(*valptr))
2063 *valptr++ = '\0';
2064
2065 /*
2066 * Figure out what form the allow/deny address takes:
2067 *
2068 * All
2069 * None
2070 * *.domain.com
2071 * .domain.com
2072 * host.domain.com
2073 * nnn.*
2074 * nnn.nnn.*
2075 * nnn.nnn.nnn.*
2076 * nnn.nnn.nnn.nnn
2077 * nnn.nnn.nnn.nnn/mm
2078 * nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
2079 */
2080
2081 if (!_cups_strcasecmp(value, "all"))
2082 {
2083 /*
2084 * All hosts...
2085 */
2086
2087 if (!_cups_strcasecmp(line, "Allow"))
2088 cupsdAddIPMask(&(loc->allow), zeros, zeros);
2089 else
2090 cupsdAddIPMask(&(loc->deny), zeros, zeros);
2091 }
2092 else if (!_cups_strcasecmp(value, "none"))
2093 {
2094 /*
2095 * No hosts...
2096 */
2097
2098 if (!_cups_strcasecmp(line, "Allow"))
2099 cupsdAddIPMask(&(loc->allow), ones, zeros);
2100 else
2101 cupsdAddIPMask(&(loc->deny), ones, zeros);
2102 }
2103 #ifdef AF_INET6
2104 else if (value[0] == '*' || value[0] == '.' ||
2105 (!isdigit(value[0] & 255) && value[0] != '['))
2106 #else
2107 else if (value[0] == '*' || value[0] == '.' || !isdigit(value[0] & 255))
2108 #endif /* AF_INET6 */
2109 {
2110 /*
2111 * Host or domain name...
2112 */
2113
2114 if (value[0] == '*')
2115 value ++;
2116
2117 if (!_cups_strcasecmp(line, "Allow"))
2118 cupsdAddNameMask(&(loc->allow), value);
2119 else
2120 cupsdAddNameMask(&(loc->deny), value);
2121 }
2122 else
2123 {
2124 /*
2125 * One of many IP address forms...
2126 */
2127
2128 if (!get_addr_and_mask(value, ip, mask))
2129 {
2130 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d.",
2131 value, linenum);
2132 return (0);
2133 }
2134
2135 if (!_cups_strcasecmp(line, "Allow"))
2136 cupsdAddIPMask(&(loc->allow), ip, mask);
2137 else
2138 cupsdAddIPMask(&(loc->deny), ip, mask);
2139 }
2140
2141 /*
2142 * Advance to next value...
2143 */
2144
2145 value = valptr;
2146 }
2147 }
2148 else if (!_cups_strcasecmp(line, "AuthType"))
2149 {
2150 /*
2151 * AuthType {none,basic,digest,basicdigest,negotiate,default}
2152 */
2153
2154 if (!_cups_strcasecmp(value, "none"))
2155 {
2156 loc->type = CUPSD_AUTH_NONE;
2157 loc->level = CUPSD_AUTH_ANON;
2158 }
2159 else if (!_cups_strcasecmp(value, "basic"))
2160 {
2161 loc->type = CUPSD_AUTH_BASIC;
2162
2163 if (loc->level == CUPSD_AUTH_ANON)
2164 loc->level = CUPSD_AUTH_USER;
2165 }
2166 else if (!_cups_strcasecmp(value, "digest"))
2167 {
2168 loc->type = CUPSD_AUTH_DIGEST;
2169
2170 if (loc->level == CUPSD_AUTH_ANON)
2171 loc->level = CUPSD_AUTH_USER;
2172 }
2173 else if (!_cups_strcasecmp(value, "basicdigest"))
2174 {
2175 loc->type = CUPSD_AUTH_BASICDIGEST;
2176
2177 if (loc->level == CUPSD_AUTH_ANON)
2178 loc->level = CUPSD_AUTH_USER;
2179 }
2180 else if (!_cups_strcasecmp(value, "default"))
2181 {
2182 loc->type = CUPSD_AUTH_DEFAULT;
2183
2184 if (loc->level == CUPSD_AUTH_ANON)
2185 loc->level = CUPSD_AUTH_USER;
2186 }
2187 #ifdef HAVE_GSSAPI
2188 else if (!_cups_strcasecmp(value, "negotiate"))
2189 {
2190 loc->type = CUPSD_AUTH_NEGOTIATE;
2191
2192 if (loc->level == CUPSD_AUTH_ANON)
2193 loc->level = CUPSD_AUTH_USER;
2194 }
2195 #endif /* HAVE_GSSAPI */
2196 else
2197 {
2198 cupsdLogMessage(CUPSD_LOG_WARN,
2199 "Unknown authorization type %s on line %d.",
2200 value, linenum);
2201 return (0);
2202 }
2203 }
2204 else if (!_cups_strcasecmp(line, "AuthClass"))
2205 {
2206 /*
2207 * AuthClass anonymous, user, system, group
2208 */
2209
2210 if (!_cups_strcasecmp(value, "anonymous"))
2211 {
2212 loc->type = CUPSD_AUTH_NONE;
2213 loc->level = CUPSD_AUTH_ANON;
2214
2215 cupsdLogMessage(CUPSD_LOG_WARN,
2216 "\"AuthClass %s\" is deprecated; consider removing "
2217 "it from line %d.",
2218 value, linenum);
2219 }
2220 else if (!_cups_strcasecmp(value, "user"))
2221 {
2222 loc->level = CUPSD_AUTH_USER;
2223
2224 cupsdLogMessage(CUPSD_LOG_WARN,
2225 "\"AuthClass %s\" is deprecated; consider using "
2226 "\"Require valid-user\" on line %d.",
2227 value, linenum);
2228 }
2229 else if (!_cups_strcasecmp(value, "group"))
2230 {
2231 loc->level = CUPSD_AUTH_GROUP;
2232
2233 cupsdLogMessage(CUPSD_LOG_WARN,
2234 "\"AuthClass %s\" is deprecated; consider using "
2235 "\"Require user @groupname\" on line %d.",
2236 value, linenum);
2237 }
2238 else if (!_cups_strcasecmp(value, "system"))
2239 {
2240 loc->level = CUPSD_AUTH_GROUP;
2241
2242 cupsdAddName(loc, "@SYSTEM");
2243
2244 cupsdLogMessage(CUPSD_LOG_WARN,
2245 "\"AuthClass %s\" is deprecated; consider using "
2246 "\"Require user @SYSTEM\" on line %d.",
2247 value, linenum);
2248 }
2249 else
2250 {
2251 cupsdLogMessage(CUPSD_LOG_WARN,
2252 "Unknown authorization class %s on line %d.",
2253 value, linenum);
2254 return (0);
2255 }
2256 }
2257 else if (!_cups_strcasecmp(line, "AuthGroupName"))
2258 {
2259 cupsdAddName(loc, value);
2260
2261 cupsdLogMessage(CUPSD_LOG_WARN,
2262 "\"AuthGroupName %s\" directive is deprecated; consider "
2263 "using \"Require user @%s\" on line %d.",
2264 value, value, linenum);
2265 }
2266 else if (!_cups_strcasecmp(line, "Require"))
2267 {
2268 /*
2269 * Apache synonym for AuthClass and AuthGroupName...
2270 *
2271 * Get initial word:
2272 *
2273 * Require valid-user
2274 * Require group names
2275 * Require user names
2276 */
2277
2278 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
2279
2280 if (*valptr)
2281 *valptr++ = '\0';
2282
2283 if (!_cups_strcasecmp(value, "valid-user") ||
2284 !_cups_strcasecmp(value, "user"))
2285 loc->level = CUPSD_AUTH_USER;
2286 else if (!_cups_strcasecmp(value, "group"))
2287 loc->level = CUPSD_AUTH_GROUP;
2288 else
2289 {
2290 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Require type %s on line %d.",
2291 value, linenum);
2292 return (0);
2293 }
2294
2295 /*
2296 * Get the list of names from the line...
2297 */
2298
2299 for (value = valptr; *value;)
2300 {
2301 while (_cups_isspace(*value))
2302 value ++;
2303
2304 #ifdef HAVE_AUTHORIZATION_H
2305 if (!strncmp(value, "@AUTHKEY(", 9))
2306 {
2307 /*
2308 * Grab "@AUTHKEY(name)" value...
2309 */
2310
2311 for (valptr = value + 9; *valptr != ')' && *valptr; valptr ++);
2312
2313 if (*valptr)
2314 *valptr++ = '\0';
2315 }
2316 else
2317 #endif /* HAVE_AUTHORIZATION_H */
2318 if (*value == '\"' || *value == '\'')
2319 {
2320 /*
2321 * Grab quoted name...
2322 */
2323
2324 for (valptr = value + 1; *valptr != *value && *valptr; valptr ++);
2325
2326 value ++;
2327 }
2328 else
2329 {
2330 /*
2331 * Grab literal name.
2332 */
2333
2334 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
2335 }
2336
2337 if (*valptr)
2338 *valptr++ = '\0';
2339
2340 cupsdAddName(loc, value);
2341
2342 for (value = valptr; _cups_isspace(*value); value ++);
2343 }
2344 }
2345 else if (!_cups_strcasecmp(line, "Satisfy"))
2346 {
2347 if (!_cups_strcasecmp(value, "all"))
2348 loc->satisfy = CUPSD_AUTH_SATISFY_ALL;
2349 else if (!_cups_strcasecmp(value, "any"))
2350 loc->satisfy = CUPSD_AUTH_SATISFY_ANY;
2351 else
2352 {
2353 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Satisfy value %s on line %d.",
2354 value, linenum);
2355 return (0);
2356 }
2357 }
2358 else
2359 return (0);
2360
2361 return (1);
2362 }
2363
2364
2365 /*
2366 * 'parse_fatal_errors()' - Parse FatalErrors values in a string.
2367 */
2368
2369 static int /* O - FatalErrors bits */
2370 parse_fatal_errors(const char *s) /* I - FatalErrors string */
2371 {
2372 int fatal; /* FatalErrors bits */
2373 char value[1024], /* Value string */
2374 *valstart, /* Pointer into value */
2375 *valend; /* End of value */
2376
2377
2378 /*
2379 * Empty FatalErrors line yields NULL pointer...
2380 */
2381
2382 if (!s)
2383 return (CUPSD_FATAL_NONE);
2384
2385 /*
2386 * Loop through the value string,...
2387 */
2388
2389 strlcpy(value, s, sizeof(value));
2390
2391 fatal = CUPSD_FATAL_NONE;
2392
2393 for (valstart = value; *valstart;)
2394 {
2395 /*
2396 * Get the current space/comma-delimited kind name...
2397 */
2398
2399 for (valend = valstart; *valend; valend ++)
2400 if (_cups_isspace(*valend) || *valend == ',')
2401 break;
2402
2403 if (*valend)
2404 *valend++ = '\0';
2405
2406 /*
2407 * Add the error to the bitmask...
2408 */
2409
2410 if (!_cups_strcasecmp(valstart, "all"))
2411 fatal = CUPSD_FATAL_ALL;
2412 else if (!_cups_strcasecmp(valstart, "browse"))
2413 fatal |= CUPSD_FATAL_BROWSE;
2414 else if (!_cups_strcasecmp(valstart, "-browse"))
2415 fatal &= ~CUPSD_FATAL_BROWSE;
2416 else if (!_cups_strcasecmp(valstart, "config"))
2417 fatal |= CUPSD_FATAL_CONFIG;
2418 else if (!_cups_strcasecmp(valstart, "-config"))
2419 fatal &= ~CUPSD_FATAL_CONFIG;
2420 else if (!_cups_strcasecmp(valstart, "listen"))
2421 fatal |= CUPSD_FATAL_LISTEN;
2422 else if (!_cups_strcasecmp(valstart, "-listen"))
2423 fatal &= ~CUPSD_FATAL_LISTEN;
2424 else if (!_cups_strcasecmp(valstart, "log"))
2425 fatal |= CUPSD_FATAL_LOG;
2426 else if (!_cups_strcasecmp(valstart, "-log"))
2427 fatal &= ~CUPSD_FATAL_LOG;
2428 else if (!_cups_strcasecmp(valstart, "permissions"))
2429 fatal |= CUPSD_FATAL_PERMISSIONS;
2430 else if (!_cups_strcasecmp(valstart, "-permissions"))
2431 fatal &= ~CUPSD_FATAL_PERMISSIONS;
2432 else if (_cups_strcasecmp(valstart, "none"))
2433 cupsdLogMessage(CUPSD_LOG_ERROR,
2434 "Unknown FatalErrors kind \"%s\" ignored.", valstart);
2435
2436 for (valstart = valend; *valstart; valstart ++)
2437 if (!_cups_isspace(*valstart) || *valstart != ',')
2438 break;
2439 }
2440
2441 return (fatal);
2442 }
2443
2444
2445 /*
2446 * 'parse_groups()' - Parse system group names in a string.
2447 */
2448
2449 static int /* O - 1 on success, 0 on failure */
2450 parse_groups(const char *s) /* I - Space-delimited groups */
2451 {
2452 int status; /* Return status */
2453 char value[1024], /* Value string */
2454 *valstart, /* Pointer into value */
2455 *valend, /* End of value */
2456 quote; /* Quote character */
2457 struct group *group; /* Group */
2458
2459
2460 /*
2461 * Make a copy of the string and parse out the groups...
2462 */
2463
2464 strlcpy(value, s, sizeof(value));
2465
2466 status = 1;
2467 valstart = value;
2468
2469 while (*valstart && NumSystemGroups < MAX_SYSTEM_GROUPS)
2470 {
2471 if (*valstart == '\'' || *valstart == '\"')
2472 {
2473 /*
2474 * Scan quoted name...
2475 */
2476
2477 quote = *valstart++;
2478
2479 for (valend = valstart; *valend; valend ++)
2480 if (*valend == quote)
2481 break;
2482 }
2483 else
2484 {
2485 /*
2486 * Scan space or comma-delimited name...
2487 */
2488
2489 for (valend = valstart; *valend; valend ++)
2490 if (_cups_isspace(*valend) || *valend == ',')
2491 break;
2492 }
2493
2494 if (*valend)
2495 *valend++ = '\0';
2496
2497 group = getgrnam(valstart);
2498 if (group)
2499 {
2500 cupsdSetString(SystemGroups + NumSystemGroups, valstart);
2501 SystemGroupIDs[NumSystemGroups] = group->gr_gid;
2502
2503 NumSystemGroups ++;
2504 }
2505 else
2506 status = 0;
2507
2508 endgrent();
2509
2510 valstart = valend;
2511
2512 while (*valstart == ',' || _cups_isspace(*valstart))
2513 valstart ++;
2514 }
2515
2516 return (status);
2517 }
2518
2519
2520 /*
2521 * 'parse_protocols()' - Parse browse protocols in a string.
2522 */
2523
2524 static int /* O - Browse protocol bits */
2525 parse_protocols(const char *s) /* I - Space-delimited protocols */
2526 {
2527 int protocols; /* Browse protocol bits */
2528 char value[1024], /* Value string */
2529 *valstart, /* Pointer into value */
2530 *valend; /* End of value */
2531
2532
2533 /*
2534 * Empty protocol line yields NULL pointer...
2535 */
2536
2537 if (!s)
2538 return (0);
2539
2540 /*
2541 * Loop through the value string,...
2542 */
2543
2544 strlcpy(value, s, sizeof(value));
2545
2546 protocols = 0;
2547
2548 for (valstart = value; *valstart;)
2549 {
2550 /*
2551 * Get the current space/comma-delimited protocol name...
2552 */
2553
2554 for (valend = valstart; *valend; valend ++)
2555 if (_cups_isspace(*valend) || *valend == ',')
2556 break;
2557
2558 if (*valend)
2559 *valend++ = '\0';
2560
2561 /*
2562 * Add the protocol to the bitmask...
2563 */
2564
2565 if (!_cups_strcasecmp(valstart, "dnssd") ||
2566 !_cups_strcasecmp(valstart, "dns-sd") ||
2567 !_cups_strcasecmp(valstart, "bonjour"))
2568 protocols |= BROWSE_DNSSD;
2569 else if (!_cups_strcasecmp(valstart, "all"))
2570 protocols |= BROWSE_ALL;
2571 else if (_cups_strcasecmp(valstart, "none"))
2572 cupsdLogMessage(CUPSD_LOG_ERROR,
2573 "Unknown browse protocol \"%s\" ignored.", valstart);
2574
2575 for (valstart = valend; *valstart; valstart ++)
2576 if (!_cups_isspace(*valstart) || *valstart != ',')
2577 break;
2578 }
2579
2580 return (protocols);
2581 }
2582
2583
2584 /*
2585 * 'parse_variable()' - Parse a variable line.
2586 */
2587
2588 static int /* O - 1 on success, 0 on failure */
2589 parse_variable(
2590 const char *filename, /* I - Name of configuration file */
2591 int linenum, /* I - Line in configuration file */
2592 const char *line, /* I - Line from configuration file */
2593 const char *value, /* I - Value from configuration file */
2594 size_t num_vars, /* I - Number of variables */
2595 const cupsd_var_t *vars) /* I - Variables */
2596 {
2597 size_t i; /* Looping var */
2598 const cupsd_var_t *var; /* Variables */
2599 char temp[1024]; /* Temporary string */
2600
2601
2602 for (i = num_vars, var = vars; i > 0; i --, var ++)
2603 if (!_cups_strcasecmp(line, var->name))
2604 break;
2605
2606 if (i == 0)
2607 {
2608 /*
2609 * Unknown directive! Output an error message and continue...
2610 */
2611
2612 if (!value)
2613 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.",
2614 line, linenum, filename);
2615 else
2616 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
2617 line, linenum, filename);
2618
2619 return (0);
2620 }
2621
2622 switch (var->type)
2623 {
2624 case CUPSD_VARTYPE_INTEGER :
2625 if (!value)
2626 {
2627 cupsdLogMessage(CUPSD_LOG_ERROR,
2628 "Missing integer value for %s on line %d of %s.",
2629 line, linenum, filename);
2630 return (0);
2631 }
2632 else if (!isdigit(*value & 255))
2633 {
2634 cupsdLogMessage(CUPSD_LOG_ERROR,
2635 "Bad integer value for %s on line %d of %s.",
2636 line, linenum, filename);
2637 return (0);
2638 }
2639 else
2640 {
2641 int n; /* Number */
2642 char *units; /* Units */
2643
2644 n = strtol(value, &units, 0);
2645
2646 if (units && *units)
2647 {
2648 if (tolower(units[0] & 255) == 'g')
2649 n *= 1024 * 1024 * 1024;
2650 else if (tolower(units[0] & 255) == 'm')
2651 n *= 1024 * 1024;
2652 else if (tolower(units[0] & 255) == 'k')
2653 n *= 1024;
2654 else if (tolower(units[0] & 255) == 't')
2655 n *= 262144;
2656 else
2657 {
2658 cupsdLogMessage(CUPSD_LOG_ERROR,
2659 "Unknown integer value for %s on line %d of %s.",
2660 line, linenum, filename);
2661 return (0);
2662 }
2663 }
2664
2665 if (n < 0)
2666 {
2667 cupsdLogMessage(CUPSD_LOG_ERROR,
2668 "Bad negative integer value for %s on line %d of "
2669 "%s.", line, linenum, filename);
2670 return (0);
2671 }
2672 else
2673 {
2674 *((int *)var->ptr) = n;
2675 }
2676 }
2677 break;
2678
2679 case CUPSD_VARTYPE_TIME :
2680 if (!value)
2681 {
2682 cupsdLogMessage(CUPSD_LOG_ERROR,
2683 "Missing time interval value for %s on line %d of "
2684 "%s.", line, linenum, filename);
2685 return (0);
2686 }
2687 else if (!_cups_strncasecmp(line, "PreserveJob", 11) &&
2688 (!_cups_strcasecmp(value, "true") ||
2689 !_cups_strcasecmp(value, "on") ||
2690 !_cups_strcasecmp(value, "enabled") ||
2691 !_cups_strcasecmp(value, "yes")))
2692 {
2693 *((int *)var->ptr) = INT_MAX;
2694 }
2695 else if (!_cups_strcasecmp(value, "false") ||
2696 !_cups_strcasecmp(value, "off") ||
2697 !_cups_strcasecmp(value, "disabled") ||
2698 !_cups_strcasecmp(value, "no"))
2699 {
2700 *((int *)var->ptr) = 0;
2701 }
2702 else if (!isdigit(*value & 255))
2703 {
2704 cupsdLogMessage(CUPSD_LOG_ERROR,
2705 "Unknown time interval value for %s on line %d of "
2706 "%s.", line, linenum, filename);
2707 return (0);
2708 }
2709 else
2710 {
2711 double n; /* Number */
2712 char *units; /* Units */
2713
2714 n = strtod(value, &units);
2715
2716 if (units && *units)
2717 {
2718 if (tolower(units[0] & 255) == 'w')
2719 n *= 7 * 24 * 60 * 60;
2720 else if (tolower(units[0] & 255) == 'd')
2721 n *= 24 * 60 * 60;
2722 else if (tolower(units[0] & 255) == 'h')
2723 n *= 60 * 60;
2724 else if (tolower(units[0] & 255) == 'm')
2725 n *= 60;
2726 else
2727 {
2728 cupsdLogMessage(CUPSD_LOG_ERROR,
2729 "Unknown time interval value for %s on line "
2730 "%d of %s.", line, linenum, filename);
2731 return (0);
2732 }
2733 }
2734
2735 if (n < 0.0 || n > INT_MAX)
2736 {
2737 cupsdLogMessage(CUPSD_LOG_ERROR,
2738 "Bad time value for %s on line %d of %s.",
2739 line, linenum, filename);
2740 return (0);
2741 }
2742 else
2743 {
2744 *((int *)var->ptr) = (int)n;
2745 }
2746 }
2747 break;
2748
2749 case CUPSD_VARTYPE_BOOLEAN :
2750 if (!value)
2751 {
2752 cupsdLogMessage(CUPSD_LOG_ERROR,
2753 "Missing boolean value for %s on line %d of %s.",
2754 line, linenum, filename);
2755 return (0);
2756 }
2757 else if (!_cups_strcasecmp(value, "true") ||
2758 !_cups_strcasecmp(value, "on") ||
2759 !_cups_strcasecmp(value, "enabled") ||
2760 !_cups_strcasecmp(value, "yes") ||
2761 atoi(value) != 0)
2762 {
2763 *((int *)var->ptr) = TRUE;
2764 }
2765 else if (!_cups_strcasecmp(value, "false") ||
2766 !_cups_strcasecmp(value, "off") ||
2767 !_cups_strcasecmp(value, "disabled") ||
2768 !_cups_strcasecmp(value, "no") ||
2769 !_cups_strcasecmp(value, "0"))
2770 {
2771 *((int *)var->ptr) = FALSE;
2772 }
2773 else
2774 {
2775 cupsdLogMessage(CUPSD_LOG_ERROR,
2776 "Unknown boolean value %s on line %d of %s.",
2777 value, linenum, filename);
2778 return (0);
2779 }
2780 break;
2781
2782 case CUPSD_VARTYPE_PATHNAME :
2783 if (!value)
2784 {
2785 cupsdLogMessage(CUPSD_LOG_ERROR,
2786 "Missing pathname value for %s on line %d of %s.",
2787 line, linenum, filename);
2788 return (0);
2789 }
2790
2791 if (value[0] == '/')
2792 strlcpy(temp, value, sizeof(temp));
2793 else
2794 snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value);
2795
2796 if (access(temp, 0))
2797 {
2798 cupsdLogMessage(CUPSD_LOG_ERROR,
2799 "File or directory for \"%s %s\" on line %d of %s "
2800 "does not exist.", line, value, linenum, filename);
2801 return (0);
2802 }
2803
2804 cupsdSetString((char **)var->ptr, temp);
2805 break;
2806
2807 case CUPSD_VARTYPE_STRING :
2808 cupsdSetString((char **)var->ptr, value);
2809 break;
2810 }
2811
2812 return (1);
2813 }
2814
2815
2816 /*
2817 * 'read_cupsd_conf()' - Read the cupsd.conf configuration file.
2818 */
2819
2820 static int /* O - 1 on success, 0 on failure */
2821 read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
2822 {
2823 int linenum; /* Current line number */
2824 char line[HTTP_MAX_BUFFER],
2825 /* Line from file */
2826 temp[HTTP_MAX_BUFFER],
2827 /* Temporary buffer for value */
2828 *value, /* Pointer to value */
2829 *valueptr; /* Pointer into value */
2830 int valuelen; /* Length of value */
2831 http_addrlist_t *addrlist, /* Address list */
2832 *addr; /* Current address */
2833 cups_file_t *incfile; /* Include file */
2834 char incname[1024]; /* Include filename */
2835
2836
2837 /*
2838 * Loop through each line in the file...
2839 */
2840
2841 linenum = 0;
2842
2843 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
2844 {
2845 /*
2846 * Decode the directive...
2847 */
2848
2849 if (!_cups_strcasecmp(line, "Include") && value)
2850 {
2851 /*
2852 * Include filename
2853 */
2854
2855 if (value[0] == '/')
2856 strlcpy(incname, value, sizeof(incname));
2857 else
2858 snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value);
2859
2860 if ((incfile = cupsFileOpen(incname, "rb")) == NULL)
2861 cupsdLogMessage(CUPSD_LOG_ERROR,
2862 "Unable to include config file \"%s\" - %s",
2863 incname, strerror(errno));
2864 else
2865 {
2866 read_cupsd_conf(incfile);
2867 cupsFileClose(incfile);
2868 }
2869 }
2870 else if (!_cups_strcasecmp(line, "<Location") && value)
2871 {
2872 /*
2873 * <Location path>
2874 */
2875
2876 linenum = read_location(fp, value, linenum);
2877 if (linenum == 0)
2878 return (0);
2879 }
2880 else if (!_cups_strcasecmp(line, "<Policy") && value)
2881 {
2882 /*
2883 * <Policy name>
2884 */
2885
2886 linenum = read_policy(fp, value, linenum);
2887 if (linenum == 0)
2888 return (0);
2889 }
2890 else if (!_cups_strcasecmp(line, "FaxRetryInterval") && value)
2891 {
2892 JobRetryInterval = atoi(value);
2893 cupsdLogMessage(CUPSD_LOG_WARN,
2894 "FaxRetryInterval is deprecated; use "
2895 "JobRetryInterval on line %d.", linenum);
2896 }
2897 else if (!_cups_strcasecmp(line, "FaxRetryLimit") && value)
2898 {
2899 JobRetryLimit = atoi(value);
2900 cupsdLogMessage(CUPSD_LOG_WARN,
2901 "FaxRetryLimit is deprecated; use "
2902 "JobRetryLimit on line %d.", linenum);
2903 }
2904 else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")
2905 #ifdef HAVE_SSL
2906 || !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen")
2907 #endif /* HAVE_SSL */
2908 ) && value)
2909 {
2910 /*
2911 * Add listening address(es) to the list...
2912 */
2913
2914 cupsd_listener_t *lis; /* New listeners array */
2915
2916
2917 /*
2918 * Get the address list...
2919 */
2920
2921 addrlist = get_address(value, IPP_PORT);
2922
2923 if (!addrlist)
2924 {
2925 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad %s address %s at line %d.", line,
2926 value, linenum);
2927 continue;
2928 }
2929
2930 /*
2931 * Add each address...
2932 */
2933
2934 for (addr = addrlist; addr; addr = addr->next)
2935 {
2936 /*
2937 * See if this address is already present...
2938 */
2939
2940 for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners);
2941 lis;
2942 lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
2943 if (httpAddrEqual(&(addr->addr), &(lis->address)) &&
2944 httpAddrPort(&(addr->addr)) == httpAddrPort(&(lis->address)))
2945 break;
2946
2947 if (lis)
2948 {
2949 httpAddrString(&lis->address, temp, sizeof(temp));
2950 cupsdLogMessage(CUPSD_LOG_WARN,
2951 "Duplicate listen address \"%s\" ignored.", temp);
2952 continue;
2953 }
2954
2955 /*
2956 * Allocate another listener...
2957 */
2958
2959 if (!Listeners)
2960 Listeners = cupsArrayNew(NULL, NULL);
2961
2962 if (!Listeners)
2963 {
2964 cupsdLogMessage(CUPSD_LOG_ERROR,
2965 "Unable to allocate %s at line %d - %s.",
2966 line, linenum, strerror(errno));
2967 break;
2968 }
2969
2970 if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
2971 {
2972 cupsdLogMessage(CUPSD_LOG_ERROR,
2973 "Unable to allocate %s at line %d - %s.",
2974 line, linenum, strerror(errno));
2975 break;
2976 }
2977
2978 cupsArrayAdd(Listeners, lis);
2979
2980 /*
2981 * Copy the current address and log it...
2982 */
2983
2984 memcpy(&(lis->address), &(addr->addr), sizeof(lis->address));
2985 lis->fd = -1;
2986
2987 #ifdef HAVE_SSL
2988 if (!_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen"))
2989 lis->encryption = HTTP_ENCRYPT_ALWAYS;
2990 #endif /* HAVE_SSL */
2991
2992 httpAddrString(&lis->address, temp, sizeof(temp));
2993
2994 #ifdef AF_LOCAL
2995 if (lis->address.addr.sa_family == AF_LOCAL)
2996 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s (Domain)", temp);
2997 else
2998 #endif /* AF_LOCAL */
2999 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s:%d (IPv%d)", temp,
3000 httpAddrPort(&(lis->address)),
3001 httpAddrFamily(&(lis->address)) == AF_INET ? 4 : 6);
3002
3003 if (!httpAddrLocalhost(&(lis->address)))
3004 RemotePort = httpAddrPort(&(lis->address));
3005 }
3006
3007 /*
3008 * Free the list...
3009 */
3010
3011 httpAddrFreeList(addrlist);
3012 }
3013 else if (!_cups_strcasecmp(line, "BrowseProtocols") ||
3014 !_cups_strcasecmp(line, "BrowseLocalProtocols"))
3015 {
3016 /*
3017 * "BrowseProtocols name [... name]"
3018 * "BrowseLocalProtocols name [... name]"
3019 */
3020
3021 int protocols = parse_protocols(value);
3022
3023 if (protocols < 0)
3024 {
3025 cupsdLogMessage(CUPSD_LOG_ERROR,
3026 "Unknown browse protocol \"%s\" on line %d.",
3027 value, linenum);
3028 break;
3029 }
3030
3031 BrowseLocalProtocols = protocols;
3032 }
3033 else if (!_cups_strcasecmp(line, "DefaultAuthType") && value)
3034 {
3035 /*
3036 * DefaultAuthType {basic,digest,basicdigest,negotiate}
3037 */
3038
3039 if (!_cups_strcasecmp(value, "none"))
3040 default_auth_type = CUPSD_AUTH_NONE;
3041 else if (!_cups_strcasecmp(value, "basic"))
3042 default_auth_type = CUPSD_AUTH_BASIC;
3043 else if (!_cups_strcasecmp(value, "digest"))
3044 default_auth_type = CUPSD_AUTH_DIGEST;
3045 else if (!_cups_strcasecmp(value, "basicdigest"))
3046 default_auth_type = CUPSD_AUTH_BASICDIGEST;
3047 #ifdef HAVE_GSSAPI
3048 else if (!_cups_strcasecmp(value, "negotiate"))
3049 default_auth_type = CUPSD_AUTH_NEGOTIATE;
3050 #endif /* HAVE_GSSAPI */
3051 else if (!_cups_strcasecmp(value, "auto"))
3052 default_auth_type = CUPSD_AUTH_AUTO;
3053 else
3054 {
3055 cupsdLogMessage(CUPSD_LOG_WARN,
3056 "Unknown default authorization type %s on line %d.",
3057 value, linenum);
3058 if (FatalErrors & CUPSD_FATAL_CONFIG)
3059 return (0);
3060 }
3061 }
3062 #ifdef HAVE_SSL
3063 else if (!_cups_strcasecmp(line, "DefaultEncryption"))
3064 {
3065 /*
3066 * DefaultEncryption {Never,IfRequested,Required}
3067 */
3068
3069 if (!value || !_cups_strcasecmp(value, "never"))
3070 DefaultEncryption = HTTP_ENCRYPT_NEVER;
3071 else if (!_cups_strcasecmp(value, "required"))
3072 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
3073 else if (!_cups_strcasecmp(value, "ifrequested"))
3074 DefaultEncryption = HTTP_ENCRYPT_IF_REQUESTED;
3075 else
3076 {
3077 cupsdLogMessage(CUPSD_LOG_WARN,
3078 "Unknown default encryption %s on line %d.",
3079 value, linenum);
3080 if (FatalErrors & CUPSD_FATAL_CONFIG)
3081 return (0);
3082 }
3083 }
3084 #endif /* HAVE_SSL */
3085 else if (!_cups_strcasecmp(line, "HostNameLookups") && value)
3086 {
3087 /*
3088 * Do hostname lookups?
3089 */
3090
3091 if (!_cups_strcasecmp(value, "off") || !_cups_strcasecmp(value, "no") ||
3092 !_cups_strcasecmp(value, "false"))
3093 HostNameLookups = 0;
3094 else if (!_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "yes") ||
3095 !_cups_strcasecmp(value, "true"))
3096 HostNameLookups = 1;
3097 else if (!_cups_strcasecmp(value, "double"))
3098 HostNameLookups = 2;
3099 else
3100 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown HostNameLookups %s on line %d.",
3101 value, linenum);
3102 }
3103 else if (!_cups_strcasecmp(line, "AccessLogLevel") && value)
3104 {
3105 /*
3106 * Amount of logging to do to access log...
3107 */
3108
3109 if (!_cups_strcasecmp(value, "all"))
3110 AccessLogLevel = CUPSD_ACCESSLOG_ALL;
3111 else if (!_cups_strcasecmp(value, "actions"))
3112 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
3113 else if (!_cups_strcasecmp(value, "config"))
3114 AccessLogLevel = CUPSD_ACCESSLOG_CONFIG;
3115 else
3116 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown AccessLogLevel %s on line %d.",
3117 value, linenum);
3118 }
3119 else if (!_cups_strcasecmp(line, "LogLevel") && value)
3120 {
3121 /*
3122 * Amount of logging to do to error log...
3123 */
3124
3125 if (!_cups_strcasecmp(value, "debug2"))
3126 LogLevel = CUPSD_LOG_DEBUG2;
3127 else if (!_cups_strcasecmp(value, "debug"))
3128 LogLevel = CUPSD_LOG_DEBUG;
3129 else if (!_cups_strcasecmp(value, "info"))
3130 LogLevel = CUPSD_LOG_INFO;
3131 else if (!_cups_strcasecmp(value, "notice"))
3132 LogLevel = CUPSD_LOG_NOTICE;
3133 else if (!_cups_strcasecmp(value, "warn"))
3134 LogLevel = CUPSD_LOG_WARN;
3135 else if (!_cups_strcasecmp(value, "error"))
3136 LogLevel = CUPSD_LOG_ERROR;
3137 else if (!_cups_strcasecmp(value, "crit"))
3138 LogLevel = CUPSD_LOG_CRIT;
3139 else if (!_cups_strcasecmp(value, "alert"))
3140 LogLevel = CUPSD_LOG_ALERT;
3141 else if (!_cups_strcasecmp(value, "emerg"))
3142 LogLevel = CUPSD_LOG_EMERG;
3143 else if (!_cups_strcasecmp(value, "none"))
3144 LogLevel = CUPSD_LOG_NONE;
3145 else
3146 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogLevel %s on line %d.",
3147 value, linenum);
3148 }
3149 else if (!_cups_strcasecmp(line, "LogTimeFormat") && value)
3150 {
3151 /*
3152 * Amount of logging to do to error log...
3153 */
3154
3155 if (!_cups_strcasecmp(value, "standard"))
3156 LogTimeFormat = CUPSD_TIME_STANDARD;
3157 else if (!_cups_strcasecmp(value, "usecs"))
3158 LogTimeFormat = CUPSD_TIME_USECS;
3159 else
3160 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogTimeFormat %s on line %d.",
3161 value, linenum);
3162 }
3163 else if (!_cups_strcasecmp(line, "ServerTokens") && value)
3164 {
3165 /*
3166 * Set the string used for the Server header...
3167 */
3168
3169 struct utsname plat; /* Platform info */
3170
3171
3172 uname(&plat);
3173
3174 if (!_cups_strcasecmp(value, "ProductOnly"))
3175 cupsdSetString(&ServerHeader, "CUPS IPP");
3176 else if (!_cups_strcasecmp(value, "Major"))
3177 cupsdSetStringf(&ServerHeader, "CUPS/%d IPP/2", CUPS_VERSION_MAJOR);
3178 else if (!_cups_strcasecmp(value, "Minor"))
3179 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d IPP/2.1", CUPS_VERSION_MAJOR,
3180 CUPS_VERSION_MINOR);
3181 else if (!_cups_strcasecmp(value, "Minimal"))
3182 cupsdSetString(&ServerHeader, CUPS_MINIMAL " IPP/2.1");
3183 else if (!_cups_strcasecmp(value, "OS"))
3184 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s %s) IPP/2.1",
3185 plat.sysname, plat.release);
3186 else if (!_cups_strcasecmp(value, "Full"))
3187 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s %s; %s) IPP/2.1",
3188 plat.sysname, plat.release, plat.machine);
3189 else if (!_cups_strcasecmp(value, "None"))
3190 cupsdClearString(&ServerHeader);
3191 else
3192 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d.",
3193 value, linenum);
3194 }
3195 else if (!_cups_strcasecmp(line, "PassEnv") && value)
3196 {
3197 /*
3198 * PassEnv variable [... variable]
3199 */
3200
3201 for (; *value;)
3202 {
3203 for (valuelen = 0; value[valuelen]; valuelen ++)
3204 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3205 break;
3206
3207 if (value[valuelen])
3208 {
3209 value[valuelen] = '\0';
3210 valuelen ++;
3211 }
3212
3213 cupsdSetEnv(value, NULL);
3214
3215 for (value += valuelen; *value; value ++)
3216 if (!_cups_isspace(*value) || *value != ',')
3217 break;
3218 }
3219 }
3220 else if (!_cups_strcasecmp(line, "ServerAlias") && value)
3221 {
3222 /*
3223 * ServerAlias name [... name]
3224 */
3225
3226 if (!ServerAlias)
3227 ServerAlias = cupsArrayNew(NULL, NULL);
3228
3229 for (; *value;)
3230 {
3231 for (valuelen = 0; value[valuelen]; valuelen ++)
3232 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3233 break;
3234
3235 if (value[valuelen])
3236 {
3237 value[valuelen] = '\0';
3238 valuelen ++;
3239 }
3240
3241 cupsdAddAlias(ServerAlias, value);
3242
3243 for (value += valuelen; *value; value ++)
3244 if (!_cups_isspace(*value) || *value != ',')
3245 break;
3246 }
3247 }
3248 else if (!_cups_strcasecmp(line, "SetEnv") && value)
3249 {
3250 /*
3251 * SetEnv variable value
3252 */
3253
3254 for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
3255
3256 if (*valueptr)
3257 {
3258 /*
3259 * Found a value...
3260 */
3261
3262 while (isspace(*valueptr & 255))
3263 *valueptr++ = '\0';
3264
3265 cupsdSetEnv(value, valueptr);
3266 }
3267 else
3268 cupsdLogMessage(CUPSD_LOG_ERROR,
3269 "Missing value for SetEnv directive on line %d.",
3270 linenum);
3271 }
3272 else if (!_cups_strcasecmp(line, "AccessLog") ||
3273 !_cups_strcasecmp(line, "CacheDir") ||
3274 !_cups_strcasecmp(line, "ConfigFilePerm") ||
3275 !_cups_strcasecmp(line, "DataDir") ||
3276 !_cups_strcasecmp(line, "DocumentRoot") ||
3277 !_cups_strcasecmp(line, "ErrorLog") ||
3278 !_cups_strcasecmp(line, "FatalErrors") ||
3279 !_cups_strcasecmp(line, "FileDevice") ||
3280 !_cups_strcasecmp(line, "FontPath") ||
3281 !_cups_strcasecmp(line, "Group") ||
3282 !_cups_strcasecmp(line, "LogFilePerm") ||
3283 !_cups_strcasecmp(line, "LPDConfigFile") ||
3284 !_cups_strcasecmp(line, "PageLog") ||
3285 !_cups_strcasecmp(line, "Printcap") ||
3286 !_cups_strcasecmp(line, "PrintcapFormat") ||
3287 !_cups_strcasecmp(line, "RemoteRoot") ||
3288 !_cups_strcasecmp(line, "RequestRoot") ||
3289 !_cups_strcasecmp(line, "ServerBin") ||
3290 !_cups_strcasecmp(line, "ServerCertificate") ||
3291 !_cups_strcasecmp(line, "ServerKey") ||
3292 !_cups_strcasecmp(line, "ServerKeychain") ||
3293 !_cups_strcasecmp(line, "ServerRoot") ||
3294 !_cups_strcasecmp(line, "SMBConfigFile") ||
3295 !_cups_strcasecmp(line, "StateDir") ||
3296 !_cups_strcasecmp(line, "SystemGroup") ||
3297 !_cups_strcasecmp(line, "SystemGroupAuthKey") ||
3298 !_cups_strcasecmp(line, "TempDir") ||
3299 !_cups_strcasecmp(line, "User"))
3300 {
3301 cupsdLogMessage(CUPSD_LOG_INFO,
3302 "Please move \"%s%s%s\" on line %d of %s to the %s file; "
3303 "this will become an error in a future release.",
3304 line, value ? " " : "", value ? value : "", linenum,
3305 ConfigurationFile, CupsFilesFile);
3306 }
3307 else
3308 parse_variable(ConfigurationFile, linenum, line, value,
3309 sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars);
3310 }
3311
3312 return (1);
3313 }
3314
3315
3316 /*
3317 * 'read_cups_files_conf()' - Read the cups-files.conf configuration file.
3318 */
3319
3320 static int /* O - 1 on success, 0 on failure */
3321 read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
3322 {
3323 int linenum; /* Current line number */
3324 char line[HTTP_MAX_BUFFER], /* Line from file */
3325 *value; /* Value from line */
3326 struct group *group; /* Group */
3327
3328
3329 /*
3330 * Loop through each line in the file...
3331 */
3332
3333 linenum = 0;
3334
3335 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3336 {
3337 if (!_cups_strcasecmp(line, "FatalErrors"))
3338 FatalErrors = parse_fatal_errors(value);
3339 else if (!_cups_strcasecmp(line, "Group") && value)
3340 {
3341 /*
3342 * Group ID to run as...
3343 */
3344
3345 if (isdigit(value[0]))
3346 Group = atoi(value);
3347 else
3348 {
3349 endgrent();
3350 group = getgrnam(value);
3351
3352 if (group != NULL)
3353 Group = group->gr_gid;
3354 else
3355 {
3356 cupsdLogMessage(CUPSD_LOG_ERROR,
3357 "Unknown Group \"%s\" on line %d of %s.", value,
3358 linenum, CupsFilesFile);
3359 if (FatalErrors & CUPSD_FATAL_CONFIG)
3360 return (0);
3361 }
3362 }
3363 }
3364 else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
3365 {
3366 /*
3367 * Format of printcap file?
3368 */
3369
3370 if (!_cups_strcasecmp(value, "bsd"))
3371 PrintcapFormat = PRINTCAP_BSD;
3372 else if (!_cups_strcasecmp(value, "plist"))
3373 PrintcapFormat = PRINTCAP_PLIST;
3374 else if (!_cups_strcasecmp(value, "solaris"))
3375 PrintcapFormat = PRINTCAP_SOLARIS;
3376 else
3377 {
3378 cupsdLogMessage(CUPSD_LOG_ERROR,
3379 "Unknown PrintcapFormat \"%s\" on line %d of %s.",
3380 value, linenum, CupsFilesFile);
3381 if (FatalErrors & CUPSD_FATAL_CONFIG)
3382 return (0);
3383 }
3384 }
3385 else if (!_cups_strcasecmp(line, "SystemGroup") && value)
3386 {
3387 /*
3388 * SystemGroup (admin) group(s)...
3389 */
3390
3391 if (!parse_groups(value))
3392 {
3393 cupsdLogMessage(CUPSD_LOG_ERROR,
3394 "Unknown SystemGroup \"%s\" on line %d of %s.", value,
3395 linenum, CupsFilesFile);
3396 if (FatalErrors & CUPSD_FATAL_CONFIG)
3397 return (0);
3398 }
3399 }
3400 else if (!_cups_strcasecmp(line, "User") && value)
3401 {
3402 /*
3403 * User ID to run as...
3404 */
3405
3406 if (isdigit(value[0] & 255))
3407 {
3408 int uid = atoi(value);
3409
3410 if (!uid)
3411 {
3412 cupsdLogMessage(CUPSD_LOG_ERROR,
3413 "Will not use User 0 as specified on line %d of %s "
3414 "for security reasons. You must use a non-"
3415 "privileged account instead.",
3416 linenum, CupsFilesFile);
3417 if (FatalErrors & CUPSD_FATAL_CONFIG)
3418 return (0);
3419 }
3420 else
3421 User = atoi(value);
3422 }
3423 else
3424 {
3425 struct passwd *p; /* Password information */
3426
3427 endpwent();
3428 p = getpwnam(value);
3429
3430 if (p)
3431 {
3432 if (!p->pw_uid)
3433 {
3434 cupsdLogMessage(CUPSD_LOG_ERROR,
3435 "Will not use User %s (UID=0) as specified on line "
3436 "%d of %s for security reasons. You must use a "
3437 "non-privileged account instead.",
3438 value, linenum, CupsFilesFile);
3439 if (FatalErrors & CUPSD_FATAL_CONFIG)
3440 return (0);
3441 }
3442 else
3443 User = p->pw_uid;
3444 }
3445 else
3446 {
3447 cupsdLogMessage(CUPSD_LOG_ERROR,
3448 "Unknown User \"%s\" on line %d of %s.",
3449 value, linenum, CupsFilesFile);
3450 if (FatalErrors & CUPSD_FATAL_CONFIG)
3451 return (0);
3452 }
3453 }
3454 }
3455 else if (!_cups_strcasecmp(line, "ServerCertificate") ||
3456 !_cups_strcasecmp(line, "ServerKey"))
3457 {
3458 cupsdLogMessage(CUPSD_LOG_INFO,
3459 "The \"%s\" directive on line %d of %s is no longer "
3460 "supported; this will become an error in a future "
3461 "release.",
3462 line, linenum, CupsFilesFile);
3463 }
3464 else if (!parse_variable(CupsFilesFile, linenum, line, value,
3465 sizeof(cupsfiles_vars) / sizeof(cupsfiles_vars[0]),
3466 cupsfiles_vars) &&
3467 (FatalErrors & CUPSD_FATAL_CONFIG))
3468 return (0);
3469 }
3470
3471 return (1);
3472 }
3473
3474
3475 /*
3476 * 'read_location()' - Read a <Location path> definition.
3477 */
3478
3479 static int /* O - New line number or 0 on error */
3480 read_location(cups_file_t *fp, /* I - Configuration file */
3481 char *location, /* I - Location name/path */
3482 int linenum) /* I - Current line number */
3483 {
3484 cupsd_location_t *loc, /* New location */
3485 *parent; /* Parent location */
3486 char line[HTTP_MAX_BUFFER],
3487 /* Line buffer */
3488 *value, /* Value for directive */
3489 *valptr; /* Pointer into value */
3490
3491
3492 if ((parent = cupsdFindLocation(location)) != NULL)
3493 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Location %s> on line %d.",
3494 location, linenum);
3495 else if ((parent = cupsdNewLocation(location)) == NULL)
3496 return (0);
3497 else
3498 {
3499 cupsdAddLocation(parent);
3500
3501 parent->limit = CUPSD_AUTH_LIMIT_ALL;
3502 }
3503
3504 loc = parent;
3505
3506 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3507 {
3508 /*
3509 * Decode the directive...
3510 */
3511
3512 if (!_cups_strcasecmp(line, "</Location>"))
3513 return (linenum);
3514 else if (!_cups_strcasecmp(line, "<Limit") ||
3515 !_cups_strcasecmp(line, "<LimitExcept"))
3516 {
3517 if (!value)
3518 {
3519 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
3520 if (FatalErrors & CUPSD_FATAL_CONFIG)
3521 return (0);
3522 else
3523 continue;
3524 }
3525
3526 if ((loc = cupsdCopyLocation(parent)) == NULL)
3527 return (0);
3528
3529 cupsdAddLocation(loc);
3530
3531 loc->limit = 0;
3532 while (*value)
3533 {
3534 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3535
3536 if (*valptr)
3537 *valptr++ = '\0';
3538
3539 if (!strcmp(value, "ALL"))
3540 loc->limit = CUPSD_AUTH_LIMIT_ALL;
3541 else if (!strcmp(value, "GET"))
3542 loc->limit |= CUPSD_AUTH_LIMIT_GET;
3543 else if (!strcmp(value, "HEAD"))
3544 loc->limit |= CUPSD_AUTH_LIMIT_HEAD;
3545 else if (!strcmp(value, "OPTIONS"))
3546 loc->limit |= CUPSD_AUTH_LIMIT_OPTIONS;
3547 else if (!strcmp(value, "POST"))
3548 loc->limit |= CUPSD_AUTH_LIMIT_POST;
3549 else if (!strcmp(value, "PUT"))
3550 loc->limit |= CUPSD_AUTH_LIMIT_PUT;
3551 else if (!strcmp(value, "TRACE"))
3552 loc->limit |= CUPSD_AUTH_LIMIT_TRACE;
3553 else
3554 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown request type %s on line %d.",
3555 value, linenum);
3556
3557 for (value = valptr; isspace(*value & 255); value ++);
3558 }
3559
3560 if (!_cups_strcasecmp(line, "<LimitExcept"))
3561 loc->limit = CUPSD_AUTH_LIMIT_ALL ^ loc->limit;
3562
3563 parent->limit &= ~loc->limit;
3564 }
3565 else if (!_cups_strcasecmp(line, "</Limit>") ||
3566 !_cups_strcasecmp(line, "</LimitExcept>"))
3567 loc = parent;
3568 else if (!value)
3569 {
3570 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d.", linenum);
3571 if (FatalErrors & CUPSD_FATAL_CONFIG)
3572 return (0);
3573 }
3574 else if (!parse_aaa(loc, line, value, linenum))
3575 {
3576 cupsdLogMessage(CUPSD_LOG_ERROR,
3577 "Unknown Location directive %s on line %d.",
3578 line, linenum);
3579 if (FatalErrors & CUPSD_FATAL_CONFIG)
3580 return (0);
3581 }
3582 }
3583
3584 cupsdLogMessage(CUPSD_LOG_ERROR,
3585 "Unexpected end-of-file at line %d while reading location.",
3586 linenum);
3587
3588 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
3589 }
3590
3591
3592 /*
3593 * 'read_policy()' - Read a <Policy name> definition.
3594 */
3595
3596 static int /* O - New line number or 0 on error */
3597 read_policy(cups_file_t *fp, /* I - Configuration file */
3598 char *policy, /* I - Location name/path */
3599 int linenum) /* I - Current line number */
3600 {
3601 int i; /* Looping var */
3602 cupsd_policy_t *pol; /* Policy */
3603 cupsd_location_t *op; /* Policy operation */
3604 int num_ops; /* Number of IPP operations */
3605 ipp_op_t ops[100]; /* Operations */
3606 char line[HTTP_MAX_BUFFER],
3607 /* Line buffer */
3608 *value, /* Value for directive */
3609 *valptr; /* Pointer into value */
3610
3611
3612 /*
3613 * Create the policy...
3614 */
3615
3616 if ((pol = cupsdFindPolicy(policy)) != NULL)
3617 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Policy %s> on line %d.",
3618 policy, linenum);
3619 else if ((pol = cupsdAddPolicy(policy)) == NULL)
3620 return (0);
3621
3622 /*
3623 * Read from the file...
3624 */
3625
3626 op = NULL;
3627 num_ops = 0;
3628
3629 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3630 {
3631 /*
3632 * Decode the directive...
3633 */
3634
3635 if (!_cups_strcasecmp(line, "</Policy>"))
3636 {
3637 if (op)
3638 cupsdLogMessage(CUPSD_LOG_WARN,
3639 "Missing </Limit> before </Policy> on line %d.",
3640 linenum);
3641
3642 set_policy_defaults(pol);
3643
3644 return (linenum);
3645 }
3646 else if (!_cups_strcasecmp(line, "<Limit") && !op)
3647 {
3648 if (!value)
3649 {
3650 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
3651 if (FatalErrors & CUPSD_FATAL_CONFIG)
3652 return (0);
3653 else
3654 continue;
3655 }
3656
3657 /*
3658 * Scan for IPP operation names...
3659 */
3660
3661 num_ops = 0;
3662
3663 while (*value)
3664 {
3665 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3666
3667 if (*valptr)
3668 *valptr++ = '\0';
3669
3670 if (num_ops < (int)(sizeof(ops) / sizeof(ops[0])))
3671 {
3672 if (!_cups_strcasecmp(value, "All"))
3673 ops[num_ops] = IPP_ANY_OPERATION;
3674 else if ((ops[num_ops] = ippOpValue(value)) == IPP_BAD_OPERATION)
3675 cupsdLogMessage(CUPSD_LOG_ERROR,
3676 "Bad IPP operation name \"%s\" on line %d.",
3677 value, linenum);
3678 else
3679 num_ops ++;
3680 }
3681 else
3682 cupsdLogMessage(CUPSD_LOG_ERROR,
3683 "Too many operations listed on line %d.",
3684 linenum);
3685
3686 for (value = valptr; isspace(*value & 255); value ++);
3687 }
3688
3689 /*
3690 * If none are specified, apply the policy to all operations...
3691 */
3692
3693 if (num_ops == 0)
3694 {
3695 ops[0] = IPP_ANY_OPERATION;
3696 num_ops = 1;
3697 }
3698
3699 /*
3700 * Add a new policy for the first operation...
3701 */
3702
3703 op = cupsdAddPolicyOp(pol, NULL, ops[0]);
3704 }
3705 else if (!_cups_strcasecmp(line, "</Limit>") && op)
3706 {
3707 /*
3708 * Finish the current operation limit...
3709 */
3710
3711 if (num_ops > 1)
3712 {
3713 /*
3714 * Copy the policy to the other operations...
3715 */
3716
3717 for (i = 1; i < num_ops; i ++)
3718 cupsdAddPolicyOp(pol, op, ops[i]);
3719 }
3720
3721 op = NULL;
3722 }
3723 else if (!value)
3724 {
3725 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d.", linenum);
3726 if (FatalErrors & CUPSD_FATAL_CONFIG)
3727 return (0);
3728 }
3729 else if (!_cups_strcasecmp(line, "JobPrivateAccess") ||
3730 !_cups_strcasecmp(line, "JobPrivateValues") ||
3731 !_cups_strcasecmp(line, "SubscriptionPrivateAccess") ||
3732 !_cups_strcasecmp(line, "SubscriptionPrivateValues"))
3733 {
3734 if (op)
3735 {
3736 cupsdLogMessage(CUPSD_LOG_ERROR,
3737 "%s directive must appear outside <Limit>...</Limit> "
3738 "on line %d.", line, linenum);
3739 if (FatalErrors & CUPSD_FATAL_CONFIG)
3740 return (0);
3741 }
3742 else
3743 {
3744 /*
3745 * Pull out whitespace-delimited values...
3746 */
3747
3748 while (*value)
3749 {
3750 /*
3751 * Find the end of the current value...
3752 */
3753
3754 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3755
3756 if (*valptr)
3757 *valptr++ = '\0';
3758
3759 /*
3760 * Save it appropriately...
3761 */
3762
3763 if (!_cups_strcasecmp(line, "JobPrivateAccess"))
3764 {
3765 /*
3766 * JobPrivateAccess {all|default|user/group list|@@ACL}
3767 */
3768
3769 if (!_cups_strcasecmp(value, "default"))
3770 {
3771 cupsdAddString(&(pol->job_access), "@OWNER");
3772 cupsdAddString(&(pol->job_access), "@SYSTEM");
3773 }
3774 else
3775 cupsdAddString(&(pol->job_access), value);
3776 }
3777 else if (!_cups_strcasecmp(line, "JobPrivateValues"))
3778 {
3779 /*
3780 * JobPrivateValues {all|none|default|attribute list}
3781 */
3782
3783 if (!_cups_strcasecmp(value, "default"))
3784 {
3785 cupsdAddString(&(pol->job_attrs), "job-name");
3786 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
3787 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
3788 cupsdAddString(&(pol->job_attrs), "phone");
3789 }
3790 else
3791 cupsdAddString(&(pol->job_attrs), value);
3792 }
3793 else if (!_cups_strcasecmp(line, "SubscriptionPrivateAccess"))
3794 {
3795 /*
3796 * SubscriptionPrivateAccess {all|default|user/group list|@@ACL}
3797 */
3798
3799 if (!_cups_strcasecmp(value, "default"))
3800 {
3801 cupsdAddString(&(pol->sub_access), "@OWNER");
3802 cupsdAddString(&(pol->sub_access), "@SYSTEM");
3803 }
3804 else
3805 cupsdAddString(&(pol->sub_access), value);
3806 }
3807 else /* if (!_cups_strcasecmp(line, "SubscriptionPrivateValues")) */
3808 {
3809 /*
3810 * SubscriptionPrivateValues {all|none|default|attribute list}
3811 */
3812
3813 if (!_cups_strcasecmp(value, "default"))
3814 {
3815 cupsdAddString(&(pol->sub_attrs), "notify-events");
3816 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
3817 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
3818 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
3819 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
3820 }
3821 else
3822 cupsdAddString(&(pol->sub_attrs), value);
3823 }
3824
3825 /*
3826 * Find the next string on the line...
3827 */
3828
3829 for (value = valptr; isspace(*value & 255); value ++);
3830 }
3831 }
3832 }
3833 else if (!op)
3834 {
3835 cupsdLogMessage(CUPSD_LOG_ERROR,
3836 "Missing <Limit ops> directive before %s on line %d.",
3837 line, linenum);
3838 if (FatalErrors & CUPSD_FATAL_CONFIG)
3839 return (0);
3840 }
3841 else if (!parse_aaa(op, line, value, linenum))
3842 {
3843 cupsdLogMessage(CUPSD_LOG_ERROR,
3844 "Unknown Policy Limit directive %s on line %d.",
3845 line, linenum);
3846
3847 if (FatalErrors & CUPSD_FATAL_CONFIG)
3848 return (0);
3849 }
3850 }
3851
3852 cupsdLogMessage(CUPSD_LOG_ERROR,
3853 "Unexpected end-of-file at line %d while reading policy "
3854 "\"%s\".", linenum, policy);
3855
3856 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
3857 }
3858
3859
3860 /*
3861 * 'set_policy_defaults()' - Set default policy values as needed.
3862 */
3863
3864 static void
3865 set_policy_defaults(cupsd_policy_t *pol)/* I - Policy */
3866 {
3867 cupsd_location_t *op; /* Policy operation */
3868
3869
3870 /*
3871 * Verify that we have an explicit policy for Validate-Job, Cancel-Jobs,
3872 * Cancel-My-Jobs, Close-Job, and CUPS-Get-Document, which ensures that
3873 * upgrades do not introduce new security issues...
3874 */
3875
3876 if ((op = cupsdFindPolicyOp(pol, IPP_VALIDATE_JOB)) == NULL ||
3877 op->op == IPP_ANY_OPERATION)
3878 {
3879 if ((op = cupsdFindPolicyOp(pol, IPP_PRINT_JOB)) != NULL &&
3880 op->op != IPP_ANY_OPERATION)
3881 {
3882 /*
3883 * Add a new limit for Validate-Job using the Print-Job limit as a
3884 * template...
3885 */
3886
3887 cupsdLogMessage(CUPSD_LOG_WARN,
3888 "No limit for Validate-Job defined in policy %s "
3889 "- using Print-Job's policy.", pol->name);
3890
3891 cupsdAddPolicyOp(pol, op, IPP_VALIDATE_JOB);
3892 }
3893 else
3894 cupsdLogMessage(CUPSD_LOG_WARN,
3895 "No limit for Validate-Job defined in policy %s "
3896 "and no suitable template found.", pol->name);
3897 }
3898
3899 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_JOBS)) == NULL ||
3900 op->op == IPP_ANY_OPERATION)
3901 {
3902 if ((op = cupsdFindPolicyOp(pol, IPP_PAUSE_PRINTER)) != NULL &&
3903 op->op != IPP_ANY_OPERATION)
3904 {
3905 /*
3906 * Add a new limit for Cancel-Jobs using the Pause-Printer limit as a
3907 * template...
3908 */
3909
3910 cupsdLogMessage(CUPSD_LOG_WARN,
3911 "No limit for Cancel-Jobs defined in policy %s "
3912 "- using Pause-Printer's policy.", pol->name);
3913
3914 cupsdAddPolicyOp(pol, op, IPP_CANCEL_JOBS);
3915 }
3916 else
3917 cupsdLogMessage(CUPSD_LOG_WARN,
3918 "No limit for Cancel-Jobs defined in policy %s "
3919 "and no suitable template found.", pol->name);
3920 }
3921
3922 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_MY_JOBS)) == NULL ||
3923 op->op == IPP_ANY_OPERATION)
3924 {
3925 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3926 op->op != IPP_ANY_OPERATION)
3927 {
3928 /*
3929 * Add a new limit for Cancel-My-Jobs using the Send-Document limit as
3930 * a template...
3931 */
3932
3933 cupsdLogMessage(CUPSD_LOG_WARN,
3934 "No limit for Cancel-My-Jobs defined in policy %s "
3935 "- using Send-Document's policy.", pol->name);
3936
3937 cupsdAddPolicyOp(pol, op, IPP_CANCEL_MY_JOBS);
3938 }
3939 else
3940 cupsdLogMessage(CUPSD_LOG_WARN,
3941 "No limit for Cancel-My-Jobs defined in policy %s "
3942 "and no suitable template found.", pol->name);
3943 }
3944
3945 if ((op = cupsdFindPolicyOp(pol, IPP_CLOSE_JOB)) == NULL ||
3946 op->op == IPP_ANY_OPERATION)
3947 {
3948 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3949 op->op != IPP_ANY_OPERATION)
3950 {
3951 /*
3952 * Add a new limit for Close-Job using the Send-Document limit as a
3953 * template...
3954 */
3955
3956 cupsdLogMessage(CUPSD_LOG_WARN,
3957 "No limit for Close-Job defined in policy %s "
3958 "- using Send-Document's policy.", pol->name);
3959
3960 cupsdAddPolicyOp(pol, op, IPP_CLOSE_JOB);
3961 }
3962 else
3963 cupsdLogMessage(CUPSD_LOG_WARN,
3964 "No limit for Close-Job defined in policy %s "
3965 "and no suitable template found.", pol->name);
3966 }
3967
3968 if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL ||
3969 op->op == IPP_ANY_OPERATION)
3970 {
3971 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3972 op->op != IPP_ANY_OPERATION)
3973 {
3974 /*
3975 * Add a new limit for CUPS-Get-Document using the Send-Document
3976 * limit as a template...
3977 */
3978
3979 cupsdLogMessage(CUPSD_LOG_WARN,
3980 "No limit for CUPS-Get-Document defined in policy %s "
3981 "- using Send-Document's policy.", pol->name);
3982
3983 cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT);
3984 }
3985 else
3986 cupsdLogMessage(CUPSD_LOG_WARN,
3987 "No limit for CUPS-Get-Document defined in policy %s "
3988 "and no suitable template found.", pol->name);
3989 }
3990
3991 /*
3992 * Verify we have JobPrivateAccess, JobPrivateValues,
3993 * SubscriptionPrivateAccess, and SubscriptionPrivateValues in the policy.
3994 */
3995
3996 if (!pol->job_access)
3997 {
3998 cupsdLogMessage(CUPSD_LOG_WARN,
3999 "No JobPrivateAccess defined in policy %s "
4000 "- using defaults.", pol->name);
4001 cupsdAddString(&(pol->job_access), "@OWNER");
4002 cupsdAddString(&(pol->job_access), "@SYSTEM");
4003 }
4004
4005 if (!pol->job_attrs)
4006 {
4007 cupsdLogMessage(CUPSD_LOG_WARN,
4008 "No JobPrivateValues defined in policy %s "
4009 "- using defaults.", pol->name);
4010 cupsdAddString(&(pol->job_attrs), "job-name");
4011 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
4012 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
4013 cupsdAddString(&(pol->job_attrs), "phone");
4014 }
4015
4016 if (!pol->sub_access)
4017 {
4018 cupsdLogMessage(CUPSD_LOG_WARN,
4019 "No SubscriptionPrivateAccess defined in policy %s "
4020 "- using defaults.", pol->name);
4021 cupsdAddString(&(pol->sub_access), "@OWNER");
4022 cupsdAddString(&(pol->sub_access), "@SYSTEM");
4023 }
4024
4025 if (!pol->sub_attrs)
4026 {
4027 cupsdLogMessage(CUPSD_LOG_WARN,
4028 "No SubscriptionPrivateValues defined in policy %s "
4029 "- using defaults.", pol->name);
4030 cupsdAddString(&(pol->sub_attrs), "notify-events");
4031 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
4032 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
4033 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
4034 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
4035 }
4036 }
4037
4038
4039 /*
4040 * End of "$Id$".
4041 */
Unnamed repository; edit this file 'description' to name the repository.