]> git.ipfire.org Git - thirdparty/cups.git/blob - scheduler/conf.c
projects / thirdparty / cups.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge changes from CUPS 1.6svn-r10510.
[thirdparty/cups.git] / scheduler / conf.c
1 /*
2 * "$Id: conf.c 9352 2010-11-06 04:55:26Z mike $"
3 *
4 * Configuration routines for the CUPS scheduler.
5 *
6 * Copyright 2007-2012 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
8 *
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
14 *
15 * Contents:
16 *
17 * cupsdAddAlias() - Add a host alias.
18 * cupsdCheckPermissions() - Fix the mode and ownership of a file or
19 * directory.
20 * cupsdDefaultAuthType() - Get the default AuthType.
21 * cupsdFreeAliases() - Free all of the alias entries.
22 * cupsdReadConfiguration() - Read the cupsd.conf file.
23 * get_address() - Get an address + port number from a line.
24 * get_addr_and_mask() - Get an IP address and netmask.
25 * mime_error_cb() - Log a MIME error.
26 * parse_aaa() - Parse authentication, authorization, and access
27 * control lines.
28 * parse_fatal_errors() - Parse FatalErrors values in a string.
29 * parse_groups() - Parse system group names in a string.
30 * parse_protocols() - Parse browse protocols in a string.
31 * read_configuration() - Read a configuration file.
32 * read_location() - Read a <Location path> definition.
33 * read_policy() - Read a <Policy name> definition.
34 * set_policy_defaults() - Set default policy values as needed.
35 */
36
37 /*
38 * Include necessary headers...
39 */
40
41 #include "cupsd.h"
42 #include <stdarg.h>
43 #include <grp.h>
44 #include <sys/utsname.h>
45 #include <syslog.h>
46
47 #ifdef HAVE_LIBPAPER
48 # include <paper.h>
49 #endif /* HAVE_LIBPAPER */
50
51
52 /*
53 * Possibly missing network definitions...
54 */
55
56 #ifndef INADDR_NONE
57 # define INADDR_NONE 0xffffffff
58 #endif /* !INADDR_NONE */
59
60
61 /*
62 * Configuration variable structure...
63 */
64
65 typedef enum
66 {
67 CUPSD_VARTYPE_INTEGER, /* Integer option */
68 CUPSD_VARTYPE_TIME, /* Time interval option */
69 CUPSD_VARTYPE_STRING, /* String option */
70 CUPSD_VARTYPE_BOOLEAN, /* Boolean option */
71 CUPSD_VARTYPE_PATHNAME /* File/directory name option */
72 } cupsd_vartype_t;
73
74 typedef struct
75 {
76 const char *name; /* Name of variable */
77 void *ptr; /* Pointer to variable */
78 cupsd_vartype_t type; /* Type (int, string, address) */
79 } cupsd_var_t;
80
81
82 /*
83 * Local globals...
84 */
85
86 static int default_auth_type = CUPSD_AUTH_AUTO;
87 /* Default AuthType, if not specified */
88 static const cupsd_var_t variables[] =
89 {
90 { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
91 { "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN },
92 #ifdef HAVE_DNSSD
93 { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_STRING },
94 #endif /* HAVE_DNSSD */
95 { "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN },
96 { "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN },
97 { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
98 { "Classification", &Classification, CUPSD_VARTYPE_STRING },
99 { "ClassifyOverride", &ClassifyOverride, CUPSD_VARTYPE_BOOLEAN },
100 { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_INTEGER },
101 { "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
102 { "DefaultLanguage", &DefaultLanguage, CUPSD_VARTYPE_STRING },
103 { "DefaultLeaseDuration", &DefaultLeaseDuration, CUPSD_VARTYPE_TIME },
104 { "DefaultPaperSize", &DefaultPaperSize, CUPSD_VARTYPE_STRING },
105 { "DefaultPolicy", &DefaultPolicy, CUPSD_VARTYPE_STRING },
106 { "DefaultShared", &DefaultShared, CUPSD_VARTYPE_BOOLEAN },
107 { "DirtyCleanInterval", &DirtyCleanInterval, CUPSD_VARTYPE_TIME },
108 { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
109 { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
110 { "ErrorPolicy", &ErrorPolicy, CUPSD_VARTYPE_STRING },
111 { "FileDevice", &FileDevice, CUPSD_VARTYPE_BOOLEAN },
112 { "FilterLimit", &FilterLimit, CUPSD_VARTYPE_INTEGER },
113 { "FilterNice", &FilterNice, CUPSD_VARTYPE_INTEGER },
114 { "FontPath", &FontPath, CUPSD_VARTYPE_STRING },
115 #ifdef HAVE_GSSAPI
116 { "GSSServiceName", &GSSServiceName, CUPSD_VARTYPE_STRING },
117 #endif /* HAVE_GSSAPI */
118 { "JobKillDelay", &JobKillDelay, CUPSD_VARTYPE_TIME },
119 { "JobRetryLimit", &JobRetryLimit, CUPSD_VARTYPE_INTEGER },
120 { "JobRetryInterval", &JobRetryInterval, CUPSD_VARTYPE_TIME },
121 { "KeepAliveTimeout", &KeepAliveTimeout, CUPSD_VARTYPE_TIME },
122 { "KeepAlive", &KeepAlive, CUPSD_VARTYPE_BOOLEAN },
123 #ifdef HAVE_LAUNCHD
124 { "LaunchdTimeout", &LaunchdTimeout, CUPSD_VARTYPE_TIME },
125 #endif /* HAVE_LAUNCHD */
126 { "LimitRequestBody", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
127 { "ListenBackLog", &ListenBackLog, CUPSD_VARTYPE_INTEGER },
128 { "LogDebugHistory", &LogDebugHistory, CUPSD_VARTYPE_INTEGER },
129 { "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_INTEGER },
130 { "LPDConfigFile", &LPDConfigFile, CUPSD_VARTYPE_STRING },
131 { "MaxActiveJobs", &MaxActiveJobs, CUPSD_VARTYPE_INTEGER },
132 { "MaxClients", &MaxClients, CUPSD_VARTYPE_INTEGER },
133 { "MaxClientsPerHost", &MaxClientsPerHost, CUPSD_VARTYPE_INTEGER },
134 { "MaxCopies", &MaxCopies, CUPSD_VARTYPE_INTEGER },
135 { "MaxEvents", &MaxEvents, CUPSD_VARTYPE_INTEGER },
136 { "MaxHoldTime", &MaxHoldTime, CUPSD_VARTYPE_TIME },
137 { "MaxJobs", &MaxJobs, CUPSD_VARTYPE_INTEGER },
138 { "MaxJobsPerPrinter", &MaxJobsPerPrinter, CUPSD_VARTYPE_INTEGER },
139 { "MaxJobsPerUser", &MaxJobsPerUser, CUPSD_VARTYPE_INTEGER },
140 { "MaxJobTime", &MaxJobTime, CUPSD_VARTYPE_INTEGER },
141 { "MaxLeaseDuration", &MaxLeaseDuration, CUPSD_VARTYPE_TIME },
142 { "MaxLogSize", &MaxLogSize, CUPSD_VARTYPE_INTEGER },
143 { "MaxRequestSize", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
144 { "MaxSubscriptions", &MaxSubscriptions, CUPSD_VARTYPE_INTEGER },
145 { "MaxSubscriptionsPerJob", &MaxSubscriptionsPerJob, CUPSD_VARTYPE_INTEGER },
146 { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER },
147 { "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER },
148 { "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_TIME },
149 { "PageLog", &PageLog, CUPSD_VARTYPE_STRING },
150 { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING },
151 { "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_TIME },
152 { "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_TIME },
153 { "Printcap", &Printcap, CUPSD_VARTYPE_STRING },
154 { "PrintcapGUI", &PrintcapGUI, CUPSD_VARTYPE_STRING },
155 { "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_TIME },
156 { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
157 { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
158 { "RIPCache", &RIPCache, CUPSD_VARTYPE_STRING },
159 { "RootCertDuration", &RootCertDuration, CUPSD_VARTYPE_TIME },
160 { "ServerAdmin", &ServerAdmin, CUPSD_VARTYPE_STRING },
161 { "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME },
162 #ifdef HAVE_SSL
163 { "ServerCertificate", &ServerCertificate, CUPSD_VARTYPE_PATHNAME },
164 # if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
165 { "ServerKey", &ServerKey, CUPSD_VARTYPE_PATHNAME },
166 # endif /* HAVE_LIBSSL || HAVE_GNUTLS */
167 #endif /* HAVE_SSL */
168 { "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
169 { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME },
170 { "SMBConfigFile", &SMBConfigFile, CUPSD_VARTYPE_STRING },
171 { "StateDir", &StateDir, CUPSD_VARTYPE_STRING },
172 { "StrictConformance", &StrictConformance, CUPSD_VARTYPE_BOOLEAN },
173 #ifdef HAVE_AUTHORIZATION_H
174 { "SystemGroupAuthKey", &SystemGroupAuthKey, CUPSD_VARTYPE_STRING },
175 #endif /* HAVE_AUTHORIZATION_H */
176 { "TempDir", &TempDir, CUPSD_VARTYPE_PATHNAME },
177 { "Timeout", &Timeout, CUPSD_VARTYPE_TIME },
178 { "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN }
179 };
180 #define NUM_VARS (sizeof(variables) / sizeof(variables[0]))
181
182
183 static const unsigned ones[4] =
184 {
185 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff
186 };
187 static const unsigned zeros[4] =
188 {
189 0x00000000, 0x00000000, 0x00000000, 0x00000000
190 };
191
192
193 /*
194 * Local functions...
195 */
196
197 static http_addrlist_t *get_address(const char *value, int defport);
198 static int get_addr_and_mask(const char *value, unsigned *ip,
199 unsigned *mask);
200 static void mime_error_cb(void *ctx, const char *message);
201 static int parse_aaa(cupsd_location_t *loc, char *line,
202 char *value, int linenum);
203 static int parse_fatal_errors(const char *s);
204 static int parse_groups(const char *s);
205 static int parse_protocols(const char *s);
206 static int read_configuration(cups_file_t *fp);
207 static int read_location(cups_file_t *fp, char *name, int linenum);
208 static int read_policy(cups_file_t *fp, char *name, int linenum);
209 static void set_policy_defaults(cupsd_policy_t *pol);
210
211
212 /*
213 * 'cupsdAddAlias()' - Add a host alias.
214 */
215
216 void
217 cupsdAddAlias(cups_array_t *aliases, /* I - Array of aliases */
218 const char *name) /* I - Name to add */
219 {
220 cupsd_alias_t *a; /* New alias */
221 size_t namelen; /* Length of name */
222
223
224 namelen = strlen(name);
225
226 if ((a = (cupsd_alias_t *)malloc(sizeof(cupsd_alias_t) + namelen)) == NULL)
227 return;
228
229 a->namelen = namelen;
230 strcpy(a->name, name); /* OK since a->name is allocated */
231
232 cupsArrayAdd(aliases, a);
233 }
234
235
236 /*
237 * 'cupsdCheckPermissions()' - Fix the mode and ownership of a file or directory.
238 */
239
240 int /* O - 0 on success, -1 on error, 1 on warning */
241 cupsdCheckPermissions(
242 const char *filename, /* I - File/directory name */
243 const char *suffix, /* I - Additional file/directory name */
244 int mode, /* I - Permissions */
245 int user, /* I - Owner */
246 int group, /* I - Group */
247 int is_dir, /* I - 1 = directory, 0 = file */
248 int create_dir) /* I - 1 = create directory, -1 = create w/o logging, 0 = not */
249 {
250 int dir_created = 0; /* Did we create a directory? */
251 char pathname[1024]; /* File name with prefix */
252 struct stat fileinfo; /* Stat buffer */
253 int is_symlink; /* Is "filename" a symlink? */
254
255
256 /*
257 * Prepend the given root to the filename before testing it...
258 */
259
260 if (suffix)
261 {
262 snprintf(pathname, sizeof(pathname), "%s/%s", filename, suffix);
263 filename = pathname;
264 }
265
266 /*
267 * See if we can stat the file/directory...
268 */
269
270 if (lstat(filename, &fileinfo))
271 {
272 if (errno == ENOENT && create_dir)
273 {
274 if (create_dir > 0)
275 cupsdLogMessage(CUPSD_LOG_DEBUG, "Creating missing directory \"%s\"",
276 filename);
277
278 if (mkdir(filename, mode))
279 {
280 if (create_dir > 0)
281 cupsdLogMessage(CUPSD_LOG_ERROR,
282 "Unable to create directory \"%s\" - %s", filename,
283 strerror(errno));
284 else
285 syslog(LOG_ERR, "Unable to create directory \"%s\" - %s", filename,
286 strerror(errno));
287
288 return (-1);
289 }
290
291 dir_created = 1;
292 fileinfo.st_mode = mode | S_IFDIR;
293 }
294 else
295 return (create_dir ? -1 : 1);
296 }
297
298 if ((is_symlink = S_ISLNK(fileinfo.st_mode)) != 0)
299 {
300 if (stat(filename, &fileinfo))
301 {
302 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is a bad symlink - %s",
303 filename, strerror(errno));
304 return (-1);
305 }
306 }
307
308 /*
309 * Make sure it's a regular file or a directory as needed...
310 */
311
312 if (!dir_created && !is_dir && !S_ISREG(fileinfo.st_mode))
313 {
314 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a regular file.", filename);
315 return (-1);
316 }
317
318 if (!dir_created && is_dir && !S_ISDIR(fileinfo.st_mode))
319 {
320 if (create_dir >= 0)
321 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a directory.", filename);
322 else
323 syslog(LOG_ERR, "\"%s\" is not a directory.", filename);
324
325 return (-1);
326 }
327
328 /*
329 * If the filename is a symlink, do not change permissions (STR #2937)...
330 */
331
332 if (is_symlink)
333 return (0);
334
335 /*
336 * Fix owner, group, and mode as needed...
337 */
338
339 if (dir_created || fileinfo.st_uid != user || fileinfo.st_gid != group)
340 {
341 if (create_dir >= 0)
342 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing ownership of \"%s\"",
343 filename);
344
345 if (chown(filename, user, group) && !getuid())
346 {
347 if (create_dir >= 0)
348 cupsdLogMessage(CUPSD_LOG_ERROR,
349 "Unable to change ownership of \"%s\" - %s", filename,
350 strerror(errno));
351 else
352 syslog(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename,
353 strerror(errno));
354
355 return (1);
356 }
357 }
358
359 if (dir_created || (fileinfo.st_mode & 07777) != mode)
360 {
361 if (create_dir >= 0)
362 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing access permissions of \"%s\"",
363 filename);
364
365 if (chmod(filename, mode))
366 {
367 if (create_dir >= 0)
368 cupsdLogMessage(CUPSD_LOG_ERROR,
369 "Unable to change permissions of \"%s\" - %s", filename,
370 strerror(errno));
371 else
372 syslog(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename,
373 strerror(errno));
374
375 return (1);
376 }
377 }
378
379 /*
380 * Everything is OK...
381 */
382
383 return (0);
384 }
385
386
387 /*
388 * 'cupsdDefaultAuthType()' - Get the default AuthType.
389 *
390 * When the default_auth_type is "auto", this function tries to get the GSS
391 * credentials for the server. If that succeeds we use Kerberos authentication,
392 * otherwise we do a fallback to Basic authentication against the local user
393 * accounts.
394 */
395
396 int /* O - Default AuthType value */
397 cupsdDefaultAuthType(void)
398 {
399 #ifdef HAVE_GSSAPI
400 OM_uint32 major_status, /* Major status code */
401 minor_status; /* Minor status code */
402 gss_name_t server_name; /* Server name */
403 gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
404 /* Service name token */
405 char buf[1024]; /* Service name buffer */
406 #endif /* HAVE_GSSAPI */
407
408
409 /*
410 * If we have already determined the correct default AuthType, use it...
411 */
412
413 if (default_auth_type != CUPSD_AUTH_AUTO)
414 return (default_auth_type);
415
416 #ifdef HAVE_GSSAPI
417 # ifdef __APPLE__
418 /*
419 * If the weak-linked GSSAPI/Kerberos library is not present, don't try
420 * to use it...
421 */
422
423 if (gss_init_sec_context == NULL)
424 return (default_auth_type = CUPSD_AUTH_BASIC);
425 # endif /* __APPLE__ */
426
427 /*
428 * Try to obtain the server's GSS credentials (GSSServiceName@servername). If
429 * that fails we must use Basic...
430 */
431
432 snprintf(buf, sizeof(buf), "%s@%s", GSSServiceName, ServerName);
433
434 token.value = buf;
435 token.length = strlen(buf);
436 server_name = GSS_C_NO_NAME;
437 major_status = gss_import_name(&minor_status, &token,
438 GSS_C_NT_HOSTBASED_SERVICE,
439 &server_name);
440
441 memset(&token, 0, sizeof(token));
442
443 if (GSS_ERROR(major_status))
444 {
445 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
446 "cupsdDefaultAuthType: gss_import_name(%s) failed", buf);
447 return (default_auth_type = CUPSD_AUTH_BASIC);
448 }
449
450 major_status = gss_display_name(&minor_status, server_name, &token, NULL);
451
452 if (GSS_ERROR(major_status))
453 {
454 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
455 "cupsdDefaultAuthType: gss_display_name(%s) failed",
456 buf);
457 return (default_auth_type = CUPSD_AUTH_BASIC);
458 }
459
460 cupsdLogMessage(CUPSD_LOG_DEBUG,
461 "cupsdDefaultAuthType: Attempting to acquire Kerberos "
462 "credentials for %s...", (char *)token.value);
463
464 ServerCreds = GSS_C_NO_CREDENTIAL;
465 major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE,
466 GSS_C_NO_OID_SET, GSS_C_ACCEPT,
467 &ServerCreds, NULL, NULL);
468 if (GSS_ERROR(major_status))
469 {
470 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
471 "cupsdDefaultAuthType: gss_acquire_cred(%s) failed",
472 (char *)token.value);
473 gss_release_name(&minor_status, &server_name);
474 gss_release_buffer(&minor_status, &token);
475 return (default_auth_type = CUPSD_AUTH_BASIC);
476 }
477
478 cupsdLogMessage(CUPSD_LOG_DEBUG,
479 "cupsdDefaultAuthType: Kerberos credentials acquired "
480 "successfully for %s.", (char *)token.value);
481
482 gss_release_name(&minor_status, &server_name);
483 gss_release_buffer(&minor_status, &token);
484
485 HaveServerCreds = 1;
486
487 return (default_auth_type = CUPSD_AUTH_NEGOTIATE);
488
489 #else
490 /*
491 * No Kerberos support compiled in so just use Basic all the time...
492 */
493
494 return (default_auth_type = CUPSD_AUTH_BASIC);
495 #endif /* HAVE_GSSAPI */
496 }
497
498
499 /*
500 * 'cupsdFreeAliases()' - Free all of the alias entries.
501 */
502
503 void
504 cupsdFreeAliases(cups_array_t *aliases) /* I - Array of aliases */
505 {
506 cupsd_alias_t *a; /* Current alias */
507
508
509 for (a = (cupsd_alias_t *)cupsArrayFirst(aliases);
510 a;
511 a = (cupsd_alias_t *)cupsArrayNext(aliases))
512 free(a);
513
514 cupsArrayDelete(aliases);
515 }
516
517
518 /*
519 * 'cupsdReadConfiguration()' - Read the cupsd.conf file.
520 */
521
522 int /* O - 1 on success, 0 otherwise */
523 cupsdReadConfiguration(void)
524 {
525 int i; /* Looping var */
526 cups_file_t *fp; /* Configuration file */
527 int status; /* Return status */
528 char temp[1024], /* Temporary buffer */
529 mimedir[1024], /* MIME directory */
530 *slash; /* Directory separator */
531 cups_lang_t *language; /* Language */
532 struct passwd *user; /* Default user */
533 struct group *group; /* Default group */
534 char *old_serverroot, /* Old ServerRoot */
535 *old_requestroot; /* Old RequestRoot */
536 int old_remote_port; /* Old RemotePort */
537 const char *tmpdir; /* TMPDIR environment variable */
538 struct stat tmpinfo; /* Temporary directory info */
539 cupsd_policy_t *p; /* Policy */
540
541
542 /*
543 * Save the old root paths...
544 */
545
546 old_serverroot = NULL;
547 cupsdSetString(&old_serverroot, ServerRoot);
548 old_requestroot = NULL;
549 cupsdSetString(&old_requestroot, RequestRoot);
550
551 /*
552 * Reset the server configuration data...
553 */
554
555 cupsdDeleteAllLocations();
556
557 cupsdDeleteAllListeners();
558
559 old_remote_port = RemotePort;
560 RemotePort = 0;
561
562 /*
563 * String options...
564 */
565
566 cupsdFreeAliases(ServerAlias);
567 ServerAlias = NULL;
568
569 cupsdClearString(&ServerName);
570 cupsdClearString(&ServerAdmin);
571 cupsdSetString(&ServerBin, CUPS_SERVERBIN);
572 cupsdSetString(&RequestRoot, CUPS_REQUESTS);
573 cupsdSetString(&CacheDir, CUPS_CACHEDIR);
574 cupsdSetString(&DataDir, CUPS_DATADIR);
575 cupsdSetString(&DocumentRoot, CUPS_DOCROOT);
576 cupsdSetString(&AccessLog, CUPS_LOGDIR "/access_log");
577 cupsdClearString(&ErrorLog);
578 cupsdSetString(&PageLog, CUPS_LOGDIR "/page_log");
579 cupsdSetString(&PageLogFormat,
580 "%p %u %j %T %P %C %{job-billing} "
581 "%{job-originating-host-name} %{job-name} %{media} %{sides}");
582 cupsdSetString(&Printcap, CUPS_DEFAULT_PRINTCAP);
583 cupsdSetString(&PrintcapGUI, "/usr/bin/glpoptions");
584 cupsdSetString(&FontPath, CUPS_FONTPATH);
585 cupsdSetString(&RemoteRoot, "remroot");
586 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d", CUPS_VERSION_MAJOR,
587 CUPS_VERSION_MINOR);
588 cupsdSetString(&StateDir, CUPS_STATEDIR);
589
590 if (!strcmp(CUPS_DEFAULT_PRINTCAP, "/etc/printers.conf"))
591 PrintcapFormat = PRINTCAP_SOLARIS;
592 else if (!strcmp(CUPS_DEFAULT_PRINTCAP,
593 "/Library/Preferences/org.cups.printers.plist"))
594 PrintcapFormat = PRINTCAP_PLIST;
595 else
596 PrintcapFormat = PRINTCAP_BSD;
597
598 strlcpy(temp, ConfigurationFile, sizeof(temp));
599 if ((slash = strrchr(temp, '/')) != NULL)
600 *slash = '\0';
601
602 cupsdSetString(&ServerRoot, temp);
603
604 cupsdClearString(&Classification);
605 ClassifyOverride = 0;
606
607 #ifdef HAVE_SSL
608 # ifdef HAVE_CDSASSL
609 cupsdSetString(&ServerCertificate, "/Library/Keychains/System.keychain");
610 # else
611 cupsdSetString(&ServerCertificate, "ssl/server.crt");
612 cupsdSetString(&ServerKey, "ssl/server.key");
613 # endif /* HAVE_CDSASSL */
614 #endif /* HAVE_SSL */
615
616 language = cupsLangDefault();
617
618 if (!strcmp(language->language, "C") || !strcmp(language->language, "POSIX"))
619 cupsdSetString(&DefaultLanguage, "en");
620 else
621 cupsdSetString(&DefaultLanguage, language->language);
622
623 cupsdClearString(&DefaultPaperSize);
624
625 cupsdSetString(&RIPCache, "128m");
626
627 cupsdSetString(&TempDir, NULL);
628
629 #ifdef HAVE_GSSAPI
630 cupsdSetString(&GSSServiceName, CUPS_DEFAULT_GSSSERVICENAME);
631
632 if (HaveServerCreds)
633 {
634 OM_uint32 minor_status; /* Minor status code */
635
636 gss_release_cred(&minor_status, &ServerCreds);
637
638 HaveServerCreds = 0;
639 }
640
641 ServerCreds = GSS_C_NO_CREDENTIAL;
642 #endif /* HAVE_GSSAPI */
643
644 /*
645 * Find the default user...
646 */
647
648 if ((user = getpwnam(CUPS_DEFAULT_USER)) != NULL)
649 User = user->pw_uid;
650 else
651 {
652 /*
653 * Use the (historical) NFS nobody user ID (-2 as a 16-bit twos-
654 * complement number...)
655 */
656
657 User = 65534;
658 }
659
660 endpwent();
661
662 /*
663 * Find the default group...
664 */
665
666 group = getgrnam(CUPS_DEFAULT_GROUP);
667 endgrent();
668
669 if (group)
670 Group = group->gr_gid;
671 else
672 {
673 /*
674 * Fallback to group "nobody"...
675 */
676
677 group = getgrnam("nobody");
678 endgrent();
679
680 if (group)
681 Group = group->gr_gid;
682 else
683 {
684 /*
685 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
686 * complement number...)
687 */
688
689 Group = 65534;
690 }
691 }
692
693 /*
694 * Numeric options...
695 */
696
697 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
698 ConfigFilePerm = CUPS_DEFAULT_CONFIG_FILE_PERM;
699 FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS);
700 default_auth_type = CUPSD_AUTH_BASIC;
701 #ifdef HAVE_SSL
702 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
703 SSLOptions = CUPSD_SSL_NONE;
704 #endif /* HAVE_SSL */
705 DirtyCleanInterval = DEFAULT_KEEPALIVE;
706 JobKillDelay = DEFAULT_TIMEOUT;
707 JobRetryLimit = 5;
708 JobRetryInterval = 300;
709 FileDevice = FALSE;
710 FilterLevel = 0;
711 FilterLimit = 0;
712 FilterNice = 0;
713 HostNameLookups = FALSE;
714 KeepAlive = TRUE;
715 KeepAliveTimeout = DEFAULT_KEEPALIVE;
716 ListenBackLog = SOMAXCONN;
717 LogDebugHistory = 200;
718 LogFilePerm = CUPS_DEFAULT_LOG_FILE_PERM;
719 LogLevel = CUPSD_LOG_WARN;
720 LogTimeFormat = CUPSD_TIME_STANDARD;
721 MaxClients = 100;
722 MaxClientsPerHost = 0;
723 MaxLogSize = 1024 * 1024;
724 MaxRequestSize = 0;
725 MultipleOperationTimeout = DEFAULT_TIMEOUT;
726 NumSystemGroups = 0;
727 ReloadTimeout = DEFAULT_KEEPALIVE;
728 RootCertDuration = 300;
729 StrictConformance = FALSE;
730 Timeout = DEFAULT_TIMEOUT;
731 WebInterface = CUPS_DEFAULT_WEBIF;
732
733 BrowseLocalProtocols = parse_protocols(CUPS_DEFAULT_BROWSE_LOCAL_PROTOCOLS);
734 BrowseWebIF = FALSE;
735 Browsing = CUPS_DEFAULT_BROWSING;
736 DefaultShared = CUPS_DEFAULT_DEFAULT_SHARED;
737
738 #ifdef HAVE_DNSSD
739 cupsdSetString(&DNSSDSubTypes, "_cups,_print");
740 #endif /* HAVE_DNSSD */
741
742 cupsdSetString(&LPDConfigFile, CUPS_DEFAULT_LPD_CONFIG_FILE);
743 cupsdSetString(&SMBConfigFile, CUPS_DEFAULT_SMB_CONFIG_FILE);
744
745 cupsdSetString(&ErrorPolicy, "stop-printer");
746
747 JobHistory = DEFAULT_HISTORY;
748 JobFiles = DEFAULT_FILES;
749 JobAutoPurge = 0;
750 MaxHoldTime = 0;
751 MaxJobs = 500;
752 MaxActiveJobs = 0;
753 MaxJobsPerUser = 0;
754 MaxJobsPerPrinter = 0;
755 MaxJobTime = 3 * 60 * 60; /* 3 hours */
756 MaxCopies = CUPS_DEFAULT_MAX_COPIES;
757
758 cupsdDeleteAllPolicies();
759 cupsdClearString(&DefaultPolicy);
760
761 #ifdef HAVE_AUTHORIZATION_H
762 cupsdClearString(&SystemGroupAuthKey);
763 #endif /* HAVE_AUTHORIZATION_H */
764
765 MaxSubscriptions = 100;
766 MaxSubscriptionsPerJob = 0;
767 MaxSubscriptionsPerPrinter = 0;
768 MaxSubscriptionsPerUser = 0;
769 DefaultLeaseDuration = 86400;
770 MaxLeaseDuration = 0;
771
772 #ifdef HAVE_LAUNCHD
773 LaunchdTimeout = 10;
774 #endif /* HAVE_LAUNCHD */
775
776 /*
777 * Setup environment variables...
778 */
779
780 cupsdInitEnv();
781
782 /*
783 * Read the configuration file...
784 */
785
786 if ((fp = cupsFileOpen(ConfigurationFile, "r")) == NULL)
787 return (0);
788
789 status = read_configuration(fp);
790
791 cupsFileClose(fp);
792
793 if (!status)
794 return (0);
795
796 if (!ErrorLog)
797 cupsdSetString(&ErrorLog, CUPS_LOGDIR "/error_log");
798
799 RunUser = getuid();
800
801 cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
802 RemotePort ? "enabled" : "disabled");
803
804 if (!RemotePort)
805 BrowseLocalProtocols = 0; /* Disable sharing - no remote access */
806
807 /*
808 * See if the ServerName is an IP address...
809 */
810
811 if (ServerName)
812 {
813 if (!ServerAlias)
814 ServerAlias = cupsArrayNew(NULL, NULL);
815
816 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", ServerName);
817 }
818 else
819 {
820 if (gethostname(temp, sizeof(temp)))
821 {
822 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get hostname: %s",
823 strerror(errno));
824 strlcpy(temp, "localhost", sizeof(temp));
825 }
826
827 cupsdSetString(&ServerName, temp);
828
829 if (!ServerAlias)
830 ServerAlias = cupsArrayNew(NULL, NULL);
831
832 cupsdAddAlias(ServerAlias, temp);
833 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
834
835 if (HostNameLookups || RemotePort)
836 {
837 struct hostent *host; /* Host entry to get FQDN */
838
839 if ((host = gethostbyname(temp)) != NULL)
840 {
841 if (_cups_strcasecmp(temp, host->h_name))
842 {
843 cupsdSetString(&ServerName, host->h_name);
844 cupsdAddAlias(ServerAlias, host->h_name);
845 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
846 host->h_name);
847 }
848
849 if (host->h_aliases)
850 {
851 for (i = 0; host->h_aliases[i]; i ++)
852 if (_cups_strcasecmp(temp, host->h_aliases[i]))
853 {
854 cupsdAddAlias(ServerAlias, host->h_aliases[i]);
855 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
856 host->h_aliases[i]);
857 }
858 }
859 }
860 }
861
862 /*
863 * Make sure we have the base hostname added as an alias, too!
864 */
865
866 if ((slash = strchr(temp, '.')) != NULL)
867 {
868 *slash = '\0';
869 cupsdAddAlias(ServerAlias, temp);
870 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
871 }
872 }
873
874 for (slash = ServerName; isdigit(*slash & 255) || *slash == '.'; slash ++);
875
876 ServerNameIsIP = !*slash;
877
878 /*
879 * Make sure ServerAdmin is initialized...
880 */
881
882 if (!ServerAdmin)
883 cupsdSetStringf(&ServerAdmin, "root@%s", ServerName);
884
885 /*
886 * Use the default system group if none was supplied in cupsd.conf...
887 */
888
889 if (NumSystemGroups == 0)
890 {
891 if (!parse_groups(CUPS_DEFAULT_SYSTEM_GROUPS))
892 {
893 /*
894 * Find the group associated with GID 0...
895 */
896
897 group = getgrgid(0);
898 endgrent();
899
900 if (group != NULL)
901 cupsdSetString(&SystemGroups[0], group->gr_name);
902 else
903 cupsdSetString(&SystemGroups[0], "unknown");
904
905 SystemGroupIDs[0] = 0;
906 NumSystemGroups = 1;
907 }
908 }
909
910 /*
911 * Open the system log for cupsd if necessary...
912 */
913
914 #ifdef HAVE_VSYSLOG
915 if (!strcmp(AccessLog, "syslog") ||
916 !strcmp(ErrorLog, "syslog") ||
917 !strcmp(PageLog, "syslog"))
918 openlog("cupsd", LOG_PID | LOG_NOWAIT | LOG_NDELAY, LOG_LPR);
919 #endif /* HAVE_VSYSLOG */
920
921 /*
922 * Make sure each of the log files exists and gets rotated as necessary...
923 */
924
925 if (strcmp(AccessLog, "syslog"))
926 cupsdCheckLogFile(&AccessFile, AccessLog);
927
928 if (strcmp(ErrorLog, "syslog"))
929 cupsdCheckLogFile(&ErrorFile, ErrorLog);
930
931 if (strcmp(PageLog, "syslog"))
932 cupsdCheckLogFile(&PageFile, PageLog);
933
934 /*
935 * Log the configuration file that was used...
936 */
937
938 cupsdLogMessage(CUPSD_LOG_INFO, "Loaded configuration file \"%s\"",
939 ConfigurationFile);
940
941 /*
942 * Validate the Group and SystemGroup settings - they cannot be the same,
943 * otherwise the CGI programs will be able to authenticate as root without
944 * a password!
945 */
946
947 if (!RunUser)
948 {
949 for (i = 0; i < NumSystemGroups; i ++)
950 if (Group == SystemGroupIDs[i])
951 break;
952
953 if (i < NumSystemGroups)
954 {
955 /*
956 * Log the error and reset the group to a safe value...
957 */
958
959 cupsdLogMessage(CUPSD_LOG_NOTICE,
960 "Group and SystemGroup cannot use the same groups.");
961 cupsdLogMessage(CUPSD_LOG_INFO, "Resetting Group to \"nobody\"...");
962
963 group = getgrnam("nobody");
964 endgrent();
965
966 if (group != NULL)
967 Group = group->gr_gid;
968 else
969 {
970 /*
971 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
972 * complement number...)
973 */
974
975 Group = 65534;
976 }
977 }
978 }
979
980 /*
981 * Check that we have at least one listen/port line; if not, report this
982 * as an error and exit!
983 */
984
985 if (cupsArrayCount(Listeners) == 0)
986 {
987 /*
988 * No listeners!
989 */
990
991 cupsdLogMessage(CUPSD_LOG_EMERG,
992 "No valid Listen or Port lines were found in the "
993 "configuration file.");
994
995 /*
996 * Commit suicide...
997 */
998
999 cupsdEndProcess(getpid(), 0);
1000 }
1001
1002 /*
1003 * Set the default locale using the language and charset...
1004 */
1005
1006 cupsdSetStringf(&DefaultLocale, "%s.UTF-8", DefaultLanguage);
1007
1008 /*
1009 * Update all relative filenames to include the full path from ServerRoot...
1010 */
1011
1012 if (DocumentRoot[0] != '/')
1013 cupsdSetStringf(&DocumentRoot, "%s/%s", ServerRoot, DocumentRoot);
1014
1015 if (RequestRoot[0] != '/')
1016 cupsdSetStringf(&RequestRoot, "%s/%s", ServerRoot, RequestRoot);
1017
1018 if (ServerBin[0] != '/')
1019 cupsdSetStringf(&ServerBin, "%s/%s", ServerRoot, ServerBin);
1020
1021 if (StateDir[0] != '/')
1022 cupsdSetStringf(&StateDir, "%s/%s", ServerRoot, StateDir);
1023
1024 if (CacheDir[0] != '/')
1025 cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir);
1026
1027 #ifdef HAVE_SSL
1028 if (ServerCertificate[0] != '/')
1029 cupsdSetStringf(&ServerCertificate, "%s/%s", ServerRoot, ServerCertificate);
1030
1031 if (!strncmp(ServerRoot, ServerCertificate, strlen(ServerRoot)) &&
1032 cupsdCheckPermissions(ServerCertificate, NULL, 0600, RunUser, Group,
1033 0, 0) < 0 &&
1034 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1035 return (0);
1036
1037 # if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
1038 if (ServerKey[0] != '/')
1039 cupsdSetStringf(&ServerKey, "%s/%s", ServerRoot, ServerKey);
1040
1041 if (!strncmp(ServerRoot, ServerKey, strlen(ServerRoot)) &&
1042 cupsdCheckPermissions(ServerKey, NULL, 0600, RunUser, Group, 0, 0) < 0 &&
1043 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1044 return (0);
1045 # endif /* HAVE_LIBSSL || HAVE_GNUTLS */
1046 #endif /* HAVE_SSL */
1047
1048 /*
1049 * Make sure that directories and config files are owned and
1050 * writable by the user and group in the cupsd.conf file...
1051 */
1052
1053 snprintf(temp, sizeof(temp), "%s/rss", CacheDir);
1054
1055 if ((cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser,
1056 Group, 1, 1) < 0 ||
1057 cupsdCheckPermissions(CacheDir, NULL, 0775, RunUser,
1058 Group, 1, 1) < 0 ||
1059 cupsdCheckPermissions(temp, NULL, 0775, RunUser,
1060 Group, 1, 1) < 0 ||
1061 cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
1062 Group, 1, 1) < 0 ||
1063 cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
1064 SystemGroupIDs[0], 1, 1) < 0 ||
1065 cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
1066 Group, 1, 0) < 0 ||
1067 cupsdCheckPermissions(ServerRoot, "ppd", 0755, RunUser,
1068 Group, 1, 1) < 0 ||
1069 cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser,
1070 Group, 1, 0) < 0 ||
1071 cupsdCheckPermissions(ServerRoot, "cupsd.conf", ConfigFilePerm, RunUser,
1072 Group, 0, 0) < 0 ||
1073 cupsdCheckPermissions(ServerRoot, "classes.conf", 0600, RunUser,
1074 Group, 0, 0) < 0 ||
1075 cupsdCheckPermissions(ServerRoot, "printers.conf", 0600, RunUser,
1076 Group, 0, 0) < 0 ||
1077 cupsdCheckPermissions(ServerRoot, "passwd.md5", 0600, User,
1078 Group, 0, 0) < 0) &&
1079 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1080 return (0);
1081
1082 /*
1083 * Update TempDir to the default if it hasn't been set already...
1084 */
1085
1086 if (!TempDir)
1087 {
1088 #ifdef __APPLE__
1089 if ((tmpdir = getenv("TMPDIR")) != NULL &&
1090 strncmp(tmpdir, "/private/tmp", 12))
1091 #else
1092 if ((tmpdir = getenv("TMPDIR")) != NULL)
1093 #endif /* __APPLE__ */
1094 {
1095 /*
1096 * TMPDIR is defined, see if it is OK for us to use...
1097 */
1098
1099 if (stat(tmpdir, &tmpinfo))
1100 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to access TMPDIR (%s): %s",
1101 tmpdir, strerror(errno));
1102 else if (!S_ISDIR(tmpinfo.st_mode))
1103 cupsdLogMessage(CUPSD_LOG_ERROR, "TMPDIR (%s) is not a directory.",
1104 tmpdir);
1105 else if ((tmpinfo.st_uid != User || !(tmpinfo.st_mode & S_IWUSR)) &&
1106 (tmpinfo.st_gid != Group || !(tmpinfo.st_mode & S_IWGRP)) &&
1107 !(tmpinfo.st_mode & S_IWOTH))
1108 cupsdLogMessage(CUPSD_LOG_ERROR,
1109 "TMPDIR (%s) has the wrong permissions.", tmpdir);
1110 else
1111 cupsdSetString(&TempDir, tmpdir);
1112 }
1113
1114 if (!TempDir)
1115 {
1116 cupsdLogMessage(CUPSD_LOG_INFO, "Using default TempDir of %s/tmp...",
1117 RequestRoot);
1118 cupsdSetStringf(&TempDir, "%s/tmp", RequestRoot);
1119 }
1120 }
1121
1122 /*
1123 * Make sure the temporary directory has the right permissions...
1124 */
1125
1126 if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)) ||
1127 access(TempDir, 0))
1128 {
1129 /*
1130 * Update ownership and permissions if the CUPS temp directory
1131 * is under the spool directory or does not exist...
1132 */
1133
1134 if (cupsdCheckPermissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0 &&
1135 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1136 return (0);
1137 }
1138
1139 /*
1140 * Update environment variables...
1141 */
1142
1143 cupsdUpdateEnv();
1144
1145 /*
1146 * Update default paper size setting as needed...
1147 */
1148
1149 if (!DefaultPaperSize)
1150 {
1151 #ifdef HAVE_LIBPAPER
1152 char *paper_result; /* Paper size name from libpaper */
1153
1154 if ((paper_result = systempapername()) != NULL)
1155 cupsdSetString(&DefaultPaperSize, paper_result);
1156 else
1157 #endif /* HAVE_LIBPAPER */
1158 if (!DefaultLanguage ||
1159 !_cups_strcasecmp(DefaultLanguage, "C") ||
1160 !_cups_strcasecmp(DefaultLanguage, "POSIX") ||
1161 !_cups_strcasecmp(DefaultLanguage, "en") ||
1162 !_cups_strncasecmp(DefaultLanguage, "en.", 3) ||
1163 !_cups_strncasecmp(DefaultLanguage, "en_US", 5) ||
1164 !_cups_strncasecmp(DefaultLanguage, "en_CA", 5) ||
1165 !_cups_strncasecmp(DefaultLanguage, "fr_CA", 5))
1166 {
1167 /*
1168 * These are the only locales that will default to "letter" size...
1169 */
1170
1171 cupsdSetString(&DefaultPaperSize, "Letter");
1172 }
1173 else
1174 cupsdSetString(&DefaultPaperSize, "A4");
1175 }
1176
1177 /*
1178 * Update classification setting as needed...
1179 */
1180
1181 if (Classification && !_cups_strcasecmp(Classification, "none"))
1182 cupsdClearString(&Classification);
1183
1184 if (Classification)
1185 cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
1186
1187 /*
1188 * Check the MaxClients setting, and then allocate memory for it...
1189 */
1190
1191 if (MaxClients > (MaxFDs / 3) || MaxClients <= 0)
1192 {
1193 if (MaxClients > 0)
1194 cupsdLogMessage(CUPSD_LOG_INFO,
1195 "MaxClients limited to 1/3 (%d) of the file descriptor "
1196 "limit (%d)...",
1197 MaxFDs / 3, MaxFDs);
1198
1199 MaxClients = MaxFDs / 3;
1200 }
1201
1202 cupsdLogMessage(CUPSD_LOG_INFO, "Configured for up to %d clients.",
1203 MaxClients);
1204
1205 /*
1206 * Check the MaxActiveJobs setting; limit to 1/3 the available
1207 * file descriptors, since we need a pipe for each job...
1208 */
1209
1210 if (MaxActiveJobs > (MaxFDs / 3))
1211 MaxActiveJobs = MaxFDs / 3;
1212
1213 /*
1214 * Update the MaxClientsPerHost value, as needed...
1215 */
1216
1217 if (MaxClientsPerHost <= 0)
1218 MaxClientsPerHost = MaxClients;
1219
1220 if (MaxClientsPerHost > MaxClients)
1221 MaxClientsPerHost = MaxClients;
1222
1223 cupsdLogMessage(CUPSD_LOG_INFO,
1224 "Allowing up to %d client connections per host.",
1225 MaxClientsPerHost);
1226
1227 /*
1228 * Update the default policy, as needed...
1229 */
1230
1231 if (DefaultPolicy)
1232 DefaultPolicyPtr = cupsdFindPolicy(DefaultPolicy);
1233 else
1234 DefaultPolicyPtr = NULL;
1235
1236 if (!DefaultPolicyPtr)
1237 {
1238 cupsd_location_t *po; /* New policy operation */
1239
1240
1241 if (DefaultPolicy)
1242 cupsdLogMessage(CUPSD_LOG_ERROR, "Default policy \"%s\" not found.",
1243 DefaultPolicy);
1244
1245 cupsdSetString(&DefaultPolicy, "default");
1246
1247 if ((DefaultPolicyPtr = cupsdFindPolicy("default")) != NULL)
1248 cupsdLogMessage(CUPSD_LOG_INFO,
1249 "Using policy \"default\" as the default.");
1250 else
1251 {
1252 cupsdLogMessage(CUPSD_LOG_INFO,
1253 "Creating CUPS default administrative policy:");
1254
1255 DefaultPolicyPtr = p = cupsdAddPolicy("default");
1256
1257 cupsdLogMessage(CUPSD_LOG_INFO, "<Policy default>");
1258
1259 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateAccess default");
1260 cupsdAddString(&(p->job_access), "@OWNER");
1261 cupsdAddString(&(p->job_access), "@SYSTEM");
1262
1263 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateValues default");
1264 cupsdAddString(&(p->job_attrs), "job-name");
1265 cupsdAddString(&(p->job_attrs), "job-originating-host-name");
1266 cupsdAddString(&(p->job_attrs), "job-originating-user-name");
1267
1268 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateAccess default");
1269 cupsdAddString(&(p->sub_access), "@OWNER");
1270 cupsdAddString(&(p->sub_access), "@SYSTEM");
1271
1272 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateValues default");
1273 cupsdAddString(&(p->job_attrs), "notify-events");
1274 cupsdAddString(&(p->job_attrs), "notify-pull-method");
1275 cupsdAddString(&(p->job_attrs), "notify-recipient-uri");
1276 cupsdAddString(&(p->job_attrs), "notify-subscriber-user-name");
1277 cupsdAddString(&(p->job_attrs), "notify-user-data");
1278
1279 cupsdLogMessage(CUPSD_LOG_INFO,
1280 "<Limit Create-Job Print-Job Print-URI Validate-Job>");
1281 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1282
1283 po = cupsdAddPolicyOp(p, NULL, IPP_CREATE_JOB);
1284 po->order_type = CUPSD_AUTH_ALLOW;
1285
1286 cupsdAddPolicyOp(p, po, IPP_PRINT_JOB);
1287 cupsdAddPolicyOp(p, po, IPP_PRINT_URI);
1288 cupsdAddPolicyOp(p, po, IPP_VALIDATE_JOB);
1289
1290 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1291
1292 cupsdLogMessage(CUPSD_LOG_INFO,
1293 "<Limit Send-Document Send-URI Cancel-Job Hold-Job "
1294 "Release-Job Restart-Job Purge-Jobs "
1295 "Set-Job-Attributes Create-Job-Subscription "
1296 "Renew-Subscription Cancel-Subscription "
1297 "Get-Notifications Reprocess-Job Cancel-Current-Job "
1298 "Suspend-Current-Job Resume-Job "
1299 "Cancel-My-Jobs Close-Job CUPS-Move-Job "
1300 "CUPS-Authenticate-Job CUPS-Get-Document>");
1301 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1302
1303 po = cupsdAddPolicyOp(p, NULL, IPP_SEND_DOCUMENT);
1304 po->order_type = CUPSD_AUTH_ALLOW;
1305 po->level = CUPSD_AUTH_USER;
1306
1307 cupsdAddName(po, "@OWNER");
1308 cupsdAddName(po, "@SYSTEM");
1309 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @OWNER @SYSTEM");
1310
1311 cupsdAddPolicyOp(p, po, IPP_SEND_URI);
1312 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOB);
1313 cupsdAddPolicyOp(p, po, IPP_HOLD_JOB);
1314 cupsdAddPolicyOp(p, po, IPP_RELEASE_JOB);
1315 cupsdAddPolicyOp(p, po, IPP_RESTART_JOB);
1316 cupsdAddPolicyOp(p, po, IPP_PURGE_JOBS);
1317 cupsdAddPolicyOp(p, po, IPP_SET_JOB_ATTRIBUTES);
1318 cupsdAddPolicyOp(p, po, IPP_CREATE_JOB_SUBSCRIPTION);
1319 cupsdAddPolicyOp(p, po, IPP_RENEW_SUBSCRIPTION);
1320 cupsdAddPolicyOp(p, po, IPP_CANCEL_SUBSCRIPTION);
1321 cupsdAddPolicyOp(p, po, IPP_GET_NOTIFICATIONS);
1322 cupsdAddPolicyOp(p, po, IPP_REPROCESS_JOB);
1323 cupsdAddPolicyOp(p, po, IPP_CANCEL_CURRENT_JOB);
1324 cupsdAddPolicyOp(p, po, IPP_SUSPEND_CURRENT_JOB);
1325 cupsdAddPolicyOp(p, po, IPP_RESUME_JOB);
1326 cupsdAddPolicyOp(p, po, IPP_CANCEL_MY_JOBS);
1327 cupsdAddPolicyOp(p, po, IPP_CLOSE_JOB);
1328 cupsdAddPolicyOp(p, po, CUPS_MOVE_JOB);
1329 cupsdAddPolicyOp(p, po, CUPS_AUTHENTICATE_JOB);
1330 cupsdAddPolicyOp(p, po, CUPS_GET_DOCUMENT);
1331
1332 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1333
1334 cupsdLogMessage(CUPSD_LOG_INFO,
1335 "<Limit Pause-Printer Resume-Printer "
1336 "Set-Printer-Attributes Enable-Printer "
1337 "Disable-Printer Pause-Printer-After-Current-Job "
1338 "Hold-New-Jobs Release-Held-New-Jobs "
1339 "Deactivate-Printer Activate-Printer Restart-Printer "
1340 "Shutdown-Printer Startup-Printer Promote-Job "
1341 "Schedule-Job-After Cancel-Jobs CUPS-Add-Printer "
1342 "CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class "
1343 "CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>");
1344 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1345 cupsdLogMessage(CUPSD_LOG_INFO, "AuthType Default");
1346
1347 po = cupsdAddPolicyOp(p, NULL, IPP_PAUSE_PRINTER);
1348 po->order_type = CUPSD_AUTH_ALLOW;
1349 po->type = CUPSD_AUTH_DEFAULT;
1350 po->level = CUPSD_AUTH_USER;
1351
1352 cupsdAddName(po, "@SYSTEM");
1353 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @SYSTEM");
1354
1355 cupsdAddPolicyOp(p, po, IPP_RESUME_PRINTER);
1356 cupsdAddPolicyOp(p, po, IPP_SET_PRINTER_ATTRIBUTES);
1357 cupsdAddPolicyOp(p, po, IPP_ENABLE_PRINTER);
1358 cupsdAddPolicyOp(p, po, IPP_DISABLE_PRINTER);
1359 cupsdAddPolicyOp(p, po, IPP_PAUSE_PRINTER_AFTER_CURRENT_JOB);
1360 cupsdAddPolicyOp(p, po, IPP_HOLD_NEW_JOBS);
1361 cupsdAddPolicyOp(p, po, IPP_RELEASE_HELD_NEW_JOBS);
1362 cupsdAddPolicyOp(p, po, IPP_DEACTIVATE_PRINTER);
1363 cupsdAddPolicyOp(p, po, IPP_ACTIVATE_PRINTER);
1364 cupsdAddPolicyOp(p, po, IPP_RESTART_PRINTER);
1365 cupsdAddPolicyOp(p, po, IPP_SHUTDOWN_PRINTER);
1366 cupsdAddPolicyOp(p, po, IPP_STARTUP_PRINTER);
1367 cupsdAddPolicyOp(p, po, IPP_PROMOTE_JOB);
1368 cupsdAddPolicyOp(p, po, IPP_SCHEDULE_JOB_AFTER);
1369 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOBS);
1370 cupsdAddPolicyOp(p, po, CUPS_ADD_PRINTER);
1371 cupsdAddPolicyOp(p, po, CUPS_DELETE_PRINTER);
1372 cupsdAddPolicyOp(p, po, CUPS_ADD_CLASS);
1373 cupsdAddPolicyOp(p, po, CUPS_DELETE_CLASS);
1374 cupsdAddPolicyOp(p, po, CUPS_ACCEPT_JOBS);
1375 cupsdAddPolicyOp(p, po, CUPS_REJECT_JOBS);
1376 cupsdAddPolicyOp(p, po, CUPS_SET_DEFAULT);
1377
1378 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1379
1380 cupsdLogMessage(CUPSD_LOG_INFO, "<Limit All>");
1381 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1382
1383 po = cupsdAddPolicyOp(p, NULL, IPP_ANY_OPERATION);
1384 po->order_type = CUPSD_AUTH_ALLOW;
1385
1386 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1387 cupsdLogMessage(CUPSD_LOG_INFO, "</Policy>");
1388 }
1389 }
1390
1391 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: NumPolicies=%d",
1392 cupsArrayCount(Policies));
1393 for (i = 0, p = (cupsd_policy_t *)cupsArrayFirst(Policies);
1394 p;
1395 i ++, p = (cupsd_policy_t *)cupsArrayNext(Policies))
1396 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1397 "cupsdReadConfiguration: Policies[%d]=\"%s\"", i, p->name);
1398
1399 /*
1400 * If we are doing a full reload or the server root has changed, flush
1401 * the jobs, printers, etc. and start from scratch...
1402 */
1403
1404 if (NeedReload == RELOAD_ALL ||
1405 old_remote_port != RemotePort ||
1406 !old_serverroot || !ServerRoot || strcmp(old_serverroot, ServerRoot) ||
1407 !old_requestroot || !RequestRoot || strcmp(old_requestroot, RequestRoot))
1408 {
1409 mime_type_t *type; /* Current type */
1410 char mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE];
1411 /* MIME type name */
1412
1413
1414 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload is required.");
1415
1416 /*
1417 * Free all memory...
1418 */
1419
1420 cupsdDeleteAllSubscriptions();
1421 cupsdFreeAllJobs();
1422 cupsdDeleteAllPrinters();
1423
1424 DefaultPrinter = NULL;
1425
1426 if (MimeDatabase != NULL)
1427 mimeDelete(MimeDatabase);
1428
1429 if (NumMimeTypes)
1430 {
1431 for (i = 0; i < NumMimeTypes; i ++)
1432 _cupsStrFree(MimeTypes[i]);
1433
1434 free(MimeTypes);
1435 }
1436
1437 /*
1438 * Read the MIME type and conversion database...
1439 */
1440
1441 snprintf(temp, sizeof(temp), "%s/filter", ServerBin);
1442 snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir);
1443
1444 MimeDatabase = mimeNew();
1445 mimeSetErrorCallback(MimeDatabase, mime_error_cb, NULL);
1446
1447 MimeDatabase = mimeLoadTypes(MimeDatabase, mimedir);
1448 MimeDatabase = mimeLoadTypes(MimeDatabase, ServerRoot);
1449 MimeDatabase = mimeLoadFilters(MimeDatabase, mimedir, temp);
1450 MimeDatabase = mimeLoadFilters(MimeDatabase, ServerRoot, temp);
1451
1452 if (!MimeDatabase)
1453 {
1454 cupsdLogMessage(CUPSD_LOG_EMERG,
1455 "Unable to load MIME database from \"%s\" or \"%s\".",
1456 mimedir, ServerRoot);
1457 if (FatalErrors & CUPSD_FATAL_CONFIG)
1458 return (0);
1459 }
1460
1461 cupsdLogMessage(CUPSD_LOG_INFO,
1462 "Loaded MIME database from \"%s\" and \"%s\": %d types, "
1463 "%d filters...", mimedir, ServerRoot,
1464 mimeNumTypes(MimeDatabase), mimeNumFilters(MimeDatabase));
1465
1466 /*
1467 * Create a list of MIME types for the document-format-supported
1468 * attribute...
1469 */
1470
1471 NumMimeTypes = mimeNumTypes(MimeDatabase);
1472 if (!mimeType(MimeDatabase, "application", "octet-stream"))
1473 NumMimeTypes ++;
1474
1475 if ((MimeTypes = calloc(NumMimeTypes, sizeof(const char *))) == NULL)
1476 {
1477 cupsdLogMessage(CUPSD_LOG_ERROR,
1478 "Unable to allocate memory for %d MIME types.",
1479 NumMimeTypes);
1480 NumMimeTypes = 0;
1481 }
1482 else
1483 {
1484 for (i = 0, type = mimeFirstType(MimeDatabase);
1485 type;
1486 i ++, type = mimeNextType(MimeDatabase))
1487 {
1488 snprintf(mimetype, sizeof(mimetype), "%s/%s", type->super, type->type);
1489
1490 MimeTypes[i] = _cupsStrAlloc(mimetype);
1491 }
1492
1493 if (i < NumMimeTypes)
1494 MimeTypes[i] = _cupsStrAlloc("application/octet-stream");
1495 }
1496
1497 if (LogLevel == CUPSD_LOG_DEBUG2)
1498 {
1499 mime_filter_t *filter; /* Current filter */
1500
1501
1502 for (type = mimeFirstType(MimeDatabase);
1503 type;
1504 type = mimeNextType(MimeDatabase))
1505 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: type %s/%s",
1506 type->super, type->type);
1507
1508 for (filter = mimeFirstFilter(MimeDatabase);
1509 filter;
1510 filter = mimeNextFilter(MimeDatabase))
1511 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1512 "cupsdReadConfiguration: filter %s/%s to %s/%s %d %s",
1513 filter->src->super, filter->src->type,
1514 filter->dst->super, filter->dst->type,
1515 filter->cost, filter->filter);
1516 }
1517
1518 /*
1519 * Load banners...
1520 */
1521
1522 snprintf(temp, sizeof(temp), "%s/banners", DataDir);
1523 cupsdLoadBanners(temp);
1524
1525 /*
1526 * Load printers and classes...
1527 */
1528
1529 cupsdLoadAllPrinters();
1530 cupsdLoadAllClasses();
1531
1532 cupsdCreateCommonData();
1533
1534 /*
1535 * Update the printcap file as needed...
1536 */
1537
1538 if (Printcap && *Printcap && access(Printcap, 0))
1539 cupsdWritePrintcap();
1540
1541 /*
1542 * Load queued jobs...
1543 */
1544
1545 cupsdLoadAllJobs();
1546
1547 /*
1548 * Load subscriptions...
1549 */
1550
1551 cupsdLoadAllSubscriptions();
1552
1553 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload complete.");
1554 }
1555 else
1556 {
1557 /*
1558 * Not a full reload, so recreate the common printer attributes...
1559 */
1560
1561 cupsdCreateCommonData();
1562
1563 /*
1564 * Update all jobs as needed...
1565 */
1566
1567 cupsdUpdateJobs();
1568
1569 /*
1570 * Update all printers as needed...
1571 */
1572
1573 cupsdUpdatePrinters();
1574 cupsdMarkDirty(CUPSD_DIRTY_PRINTCAP);
1575
1576 cupsdLogMessage(CUPSD_LOG_INFO, "Partial reload complete.");
1577 }
1578
1579 /*
1580 * Reset the reload state...
1581 */
1582
1583 NeedReload = RELOAD_NONE;
1584
1585 cupsdClearString(&old_serverroot);
1586 cupsdClearString(&old_requestroot);
1587
1588 return (1);
1589 }
1590
1591
1592 /*
1593 * 'get_address()' - Get an address + port number from a line.
1594 */
1595
1596 static http_addrlist_t * /* O - Pointer to list if address good, NULL if bad */
1597 get_address(const char *value, /* I - Value string */
1598 int defport) /* I - Default port */
1599 {
1600 char buffer[1024], /* Hostname + port number buffer */
1601 defpname[255], /* Default port name */
1602 *hostname, /* Hostname or IP */
1603 *portname; /* Port number or name */
1604 http_addrlist_t *addrlist; /* Address list */
1605
1606
1607 /*
1608 * Check for an empty value...
1609 */
1610
1611 if (!*value)
1612 {
1613 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad (empty) address.");
1614 return (NULL);
1615 }
1616
1617 /*
1618 * Grab a hostname and port number; if there is no colon and the port name
1619 * is only digits, then we have a port number by itself...
1620 */
1621
1622 strlcpy(buffer, value, sizeof(buffer));
1623
1624 if ((portname = strrchr(buffer, ':')) != NULL && !strchr(portname, ']'))
1625 {
1626 *portname++ = '\0';
1627 hostname = buffer;
1628 }
1629 else
1630 {
1631 for (portname = buffer; isdigit(*portname & 255); portname ++);
1632
1633 if (*portname)
1634 {
1635 /*
1636 * Use the default port...
1637 */
1638
1639 sprintf(defpname, "%d", defport);
1640 portname = defpname;
1641 hostname = buffer;
1642 }
1643 else
1644 {
1645 /*
1646 * The buffer contains just a port number...
1647 */
1648
1649 portname = buffer;
1650 hostname = NULL;
1651 }
1652 }
1653
1654 if (hostname && !strcmp(hostname, "*"))
1655 hostname = NULL;
1656
1657 /*
1658 * Now lookup the address using httpAddrGetList()...
1659 */
1660
1661 if ((addrlist = httpAddrGetList(hostname, AF_UNSPEC, portname)) == NULL)
1662 cupsdLogMessage(CUPSD_LOG_ERROR, "Hostname lookup for \"%s\" failed.",
1663 hostname ? hostname : "(nil)");
1664
1665 return (addrlist);
1666 }
1667
1668
1669 /*
1670 * 'get_addr_and_mask()' - Get an IP address and netmask.
1671 */
1672
1673 static int /* O - 1 on success, 0 on failure */
1674 get_addr_and_mask(const char *value, /* I - String from config file */
1675 unsigned *ip, /* O - Address value */
1676 unsigned *mask) /* O - Mask value */
1677 {
1678 int i, j, /* Looping vars */
1679 family, /* Address family */
1680 ipcount; /* Count of fields in address */
1681 unsigned ipval; /* Value */
1682 const char *maskval, /* Pointer to start of mask value */
1683 *ptr, /* Pointer into value */
1684 *ptr2; /* ... */
1685
1686
1687 /*
1688 * Get the address...
1689 */
1690
1691 ip[0] = ip[1] = ip[2] = ip[3] = 0x00000000;
1692 mask[0] = mask[1] = mask[2] = mask[3] = 0xffffffff;
1693
1694 if ((maskval = strchr(value, '/')) != NULL)
1695 maskval ++;
1696 else
1697 maskval = value + strlen(value);
1698
1699 #ifdef AF_INET6
1700 /*
1701 * Check for an IPv6 address...
1702 */
1703
1704 if (*value == '[')
1705 {
1706 /*
1707 * Parse hexadecimal IPv6/IPv4 address...
1708 */
1709
1710 family = AF_INET6;
1711
1712 for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
1713 {
1714 if (*ptr == ']')
1715 break;
1716 else if (!strncmp(ptr, "::", 2))
1717 {
1718 for (ptr2 = strchr(ptr + 2, ':'), j = 0;
1719 ptr2;
1720 ptr2 = strchr(ptr2 + 1, ':'), j ++);
1721
1722 i = 6 - j;
1723 ptr += 2;
1724 }
1725 else if (isdigit(*ptr & 255) && strchr(ptr + 1, '.') && i >= 6)
1726 {
1727 /*
1728 * Read IPv4 dotted quad...
1729 */
1730
1731 unsigned val[4] = { 0, 0, 0, 0 };
1732 /* IPv4 address values */
1733
1734 ipcount = sscanf(ptr, "%u.%u.%u.%u", val + 0, val + 1, val + 2,
1735 val + 3);
1736
1737 /*
1738 * Range check the IP numbers...
1739 */
1740
1741 for (i = 0; i < ipcount; i ++)
1742 if (val[i] > 255)
1743 return (0);
1744
1745 /*
1746 * Merge everything into a 32-bit IPv4 address in ip[3]...
1747 */
1748
1749 ip[3] = (((((val[0] << 8) | val[1]) << 8) | val[2]) << 8) | val[3];
1750
1751 if (ipcount < 4)
1752 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1753
1754 /*
1755 * If the leading words are all 0's then this is an IPv4 address...
1756 */
1757
1758 if (!val[0] && !val[1] && !val[2])
1759 family = AF_INET;
1760
1761 while (isdigit(*ptr & 255) || *ptr == '.')
1762 ptr ++;
1763 break;
1764 }
1765 else if (isxdigit(*ptr & 255))
1766 {
1767 ipval = strtoul(ptr, (char **)&ptr, 16);
1768
1769 if (*ptr == ':' && ptr[1] != ':')
1770 ptr ++;
1771
1772 if (ipval > 0xffff)
1773 return (0);
1774
1775 if (i & 1)
1776 ip[i / 2] |= ipval;
1777 else
1778 ip[i / 2] |= ipval << 16;
1779 }
1780 else
1781 return (0);
1782 }
1783
1784 if (*ptr != ']')
1785 return (0);
1786
1787 ptr ++;
1788
1789 if (*ptr && *ptr != '/')
1790 return (0);
1791 }
1792 else
1793 #endif /* AF_INET6 */
1794 {
1795 /*
1796 * Parse dotted-decimal IPv4 address...
1797 */
1798
1799 unsigned val[4] = { 0, 0, 0, 0 }; /* IPv4 address values */
1800
1801
1802 family = AF_INET;
1803 ipcount = sscanf(value, "%u.%u.%u.%u", val + 0, val + 1, val + 2, val + 3);
1804
1805 /*
1806 * Range check the IP numbers...
1807 */
1808
1809 for (i = 0; i < ipcount; i ++)
1810 if (val[i] > 255)
1811 return (0);
1812
1813 /*
1814 * Merge everything into a 32-bit IPv4 address in ip[3]...
1815 */
1816
1817 ip[3] = (((((val[0] << 8) | val[1]) << 8) | val[2]) << 8) | val[3];
1818
1819 if (ipcount < 4)
1820 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1821 }
1822
1823 if (*maskval)
1824 {
1825 /*
1826 * Get the netmask value(s)...
1827 */
1828
1829 memset(mask, 0, sizeof(unsigned) * 4);
1830
1831 if (strchr(maskval, '.'))
1832 {
1833 /*
1834 * Get dotted-decimal mask...
1835 */
1836
1837 if (family != AF_INET)
1838 return (0);
1839
1840 if (sscanf(maskval, "%u.%u.%u.%u", mask + 0, mask + 1, mask + 2,
1841 mask + 3) != 4)
1842 return (0);
1843
1844 mask[3] |= ((((mask[0] << 8) | mask[1]) << 8) | mask[2]) << 8;
1845 mask[0] = mask[1] = mask[2] = 0;
1846 }
1847 else
1848 {
1849 /*
1850 * Get address/bits format...
1851 */
1852
1853 i = atoi(maskval);
1854
1855 #ifdef AF_INET6
1856 if (family == AF_INET6)
1857 {
1858 if (i > 128)
1859 return (0);
1860
1861 i = 128 - i;
1862
1863 if (i <= 96)
1864 mask[0] = 0xffffffff;
1865 else
1866 mask[0] = (0xffffffff << (i - 96)) & 0xffffffff;
1867
1868 if (i <= 64)
1869 mask[1] = 0xffffffff;
1870 else if (i >= 96)
1871 mask[1] = 0;
1872 else
1873 mask[1] = (0xffffffff << (i - 64)) & 0xffffffff;
1874
1875 if (i <= 32)
1876 mask[2] = 0xffffffff;
1877 else if (i >= 64)
1878 mask[2] = 0;
1879 else
1880 mask[2] = (0xffffffff << (i - 32)) & 0xffffffff;
1881
1882 if (i == 0)
1883 mask[3] = 0xffffffff;
1884 else if (i >= 32)
1885 mask[3] = 0;
1886 else
1887 mask[3] = (0xffffffff << i) & 0xffffffff;
1888 }
1889 else
1890 #endif /* AF_INET6 */
1891 {
1892 if (i > 32)
1893 return (0);
1894
1895 mask[0] = 0xffffffff;
1896 mask[1] = 0xffffffff;
1897 mask[2] = 0xffffffff;
1898
1899 if (i < 32)
1900 mask[3] = (0xffffffff << (32 - i)) & 0xffffffff;
1901 else
1902 mask[3] = 0xffffffff;
1903 }
1904 }
1905 }
1906
1907 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1908 "get_addr_and_mask(value=\"%s\", "
1909 "ip=[%08x:%08x:%08x:%08x], mask=[%08x:%08x:%08x:%08x])",
1910 value, ip[0], ip[1], ip[2], ip[3], mask[0], mask[1], mask[2],
1911 mask[3]);
1912
1913 /*
1914 * Check for a valid netmask; no fallback like in CUPS 1.1.x!
1915 */
1916
1917 if ((ip[0] & ~mask[0]) != 0 ||
1918 (ip[1] & ~mask[1]) != 0 ||
1919 (ip[2] & ~mask[2]) != 0 ||
1920 (ip[3] & ~mask[3]) != 0)
1921 return (0);
1922
1923 return (1);
1924 }
1925
1926
1927 /*
1928 * 'mime_error_cb()' - Log a MIME error.
1929 */
1930
1931 static void
1932 mime_error_cb(void *ctx, /* I - Context pointer (unused) */
1933 const char *message) /* I - Message */
1934 {
1935 (void)ctx;
1936
1937 cupsdLogMessage(CUPSD_LOG_ERROR, "%s", message);
1938 }
1939
1940
1941 /*
1942 * 'parse_aaa()' - Parse authentication, authorization, and access control lines.
1943 */
1944
1945 static int /* O - 1 on success, 0 on failure */
1946 parse_aaa(cupsd_location_t *loc, /* I - Location */
1947 char *line, /* I - Line from file */
1948 char *value, /* I - Start of value data */
1949 int linenum) /* I - Current line number */
1950 {
1951 char *valptr; /* Pointer into value */
1952 unsigned ip[4], /* IP address components */
1953 mask[4]; /* IP netmask components */
1954
1955
1956 if (!_cups_strcasecmp(line, "Encryption"))
1957 {
1958 /*
1959 * "Encryption xxx" - set required encryption level...
1960 */
1961
1962 if (!_cups_strcasecmp(value, "never"))
1963 loc->encryption = HTTP_ENCRYPT_NEVER;
1964 else if (!_cups_strcasecmp(value, "always"))
1965 {
1966 cupsdLogMessage(CUPSD_LOG_ERROR,
1967 "Encryption value \"%s\" on line %d is invalid in this "
1968 "context. Using \"required\" instead.", value, linenum);
1969
1970 loc->encryption = HTTP_ENCRYPT_REQUIRED;
1971 }
1972 else if (!_cups_strcasecmp(value, "required"))
1973 loc->encryption = HTTP_ENCRYPT_REQUIRED;
1974 else if (!_cups_strcasecmp(value, "ifrequested"))
1975 loc->encryption = HTTP_ENCRYPT_IF_REQUESTED;
1976 else
1977 {
1978 cupsdLogMessage(CUPSD_LOG_ERROR,
1979 "Unknown Encryption value %s on line %d.", value, linenum);
1980 return (0);
1981 }
1982 }
1983 else if (!_cups_strcasecmp(line, "Order"))
1984 {
1985 /*
1986 * "Order Deny,Allow" or "Order Allow,Deny"...
1987 */
1988
1989 if (!_cups_strncasecmp(value, "deny", 4))
1990 loc->order_type = CUPSD_AUTH_ALLOW;
1991 else if (!_cups_strncasecmp(value, "allow", 5))
1992 loc->order_type = CUPSD_AUTH_DENY;
1993 else
1994 {
1995 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown Order value %s on line %d.",
1996 value, linenum);
1997 return (0);
1998 }
1999 }
2000 else if (!_cups_strcasecmp(line, "Allow") || !_cups_strcasecmp(line, "Deny"))
2001 {
2002 /*
2003 * Allow [From] host/ip...
2004 * Deny [From] host/ip...
2005 */
2006
2007 while (*value)
2008 {
2009 if (!_cups_strncasecmp(value, "from", 4))
2010 {
2011 /*
2012 * Strip leading "from"...
2013 */
2014
2015 value += 4;
2016
2017 while (_cups_isspace(*value))
2018 value ++;
2019
2020 if (!*value)
2021 break;
2022 }
2023
2024 /*
2025 * Find the end of the value...
2026 */
2027
2028 for (valptr = value; *valptr && !_cups_isspace(*valptr); valptr ++);
2029
2030 while (_cups_isspace(*valptr))
2031 *valptr++ = '\0';
2032
2033 /*
2034 * Figure out what form the allow/deny address takes:
2035 *
2036 * All
2037 * None
2038 * *.domain.com
2039 * .domain.com
2040 * host.domain.com
2041 * nnn.*
2042 * nnn.nnn.*
2043 * nnn.nnn.nnn.*
2044 * nnn.nnn.nnn.nnn
2045 * nnn.nnn.nnn.nnn/mm
2046 * nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
2047 */
2048
2049 if (!_cups_strcasecmp(value, "all"))
2050 {
2051 /*
2052 * All hosts...
2053 */
2054
2055 if (!_cups_strcasecmp(line, "Allow"))
2056 cupsdAddIPMask(&(loc->allow), zeros, zeros);
2057 else
2058 cupsdAddIPMask(&(loc->deny), zeros, zeros);
2059 }
2060 else if (!_cups_strcasecmp(value, "none"))
2061 {
2062 /*
2063 * No hosts...
2064 */
2065
2066 if (!_cups_strcasecmp(line, "Allow"))
2067 cupsdAddIPMask(&(loc->allow), ones, zeros);
2068 else
2069 cupsdAddIPMask(&(loc->deny), ones, zeros);
2070 }
2071 #ifdef AF_INET6
2072 else if (value[0] == '*' || value[0] == '.' ||
2073 (!isdigit(value[0] & 255) && value[0] != '['))
2074 #else
2075 else if (value[0] == '*' || value[0] == '.' || !isdigit(value[0] & 255))
2076 #endif /* AF_INET6 */
2077 {
2078 /*
2079 * Host or domain name...
2080 */
2081
2082 if (value[0] == '*')
2083 value ++;
2084
2085 if (!_cups_strcasecmp(line, "Allow"))
2086 cupsdAddNameMask(&(loc->allow), value);
2087 else
2088 cupsdAddNameMask(&(loc->deny), value);
2089 }
2090 else
2091 {
2092 /*
2093 * One of many IP address forms...
2094 */
2095
2096 if (!get_addr_and_mask(value, ip, mask))
2097 {
2098 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d.",
2099 value, linenum);
2100 return (0);
2101 }
2102
2103 if (!_cups_strcasecmp(line, "Allow"))
2104 cupsdAddIPMask(&(loc->allow), ip, mask);
2105 else
2106 cupsdAddIPMask(&(loc->deny), ip, mask);
2107 }
2108
2109 /*
2110 * Advance to next value...
2111 */
2112
2113 value = valptr;
2114 }
2115 }
2116 else if (!_cups_strcasecmp(line, "AuthType"))
2117 {
2118 /*
2119 * AuthType {none,basic,digest,basicdigest,negotiate,default}
2120 */
2121
2122 if (!_cups_strcasecmp(value, "none"))
2123 {
2124 loc->type = CUPSD_AUTH_NONE;
2125 loc->level = CUPSD_AUTH_ANON;
2126 }
2127 else if (!_cups_strcasecmp(value, "basic"))
2128 {
2129 loc->type = CUPSD_AUTH_BASIC;
2130
2131 if (loc->level == CUPSD_AUTH_ANON)
2132 loc->level = CUPSD_AUTH_USER;
2133 }
2134 else if (!_cups_strcasecmp(value, "digest"))
2135 {
2136 loc->type = CUPSD_AUTH_DIGEST;
2137
2138 if (loc->level == CUPSD_AUTH_ANON)
2139 loc->level = CUPSD_AUTH_USER;
2140 }
2141 else if (!_cups_strcasecmp(value, "basicdigest"))
2142 {
2143 loc->type = CUPSD_AUTH_BASICDIGEST;
2144
2145 if (loc->level == CUPSD_AUTH_ANON)
2146 loc->level = CUPSD_AUTH_USER;
2147 }
2148 else if (!_cups_strcasecmp(value, "default"))
2149 {
2150 loc->type = CUPSD_AUTH_DEFAULT;
2151
2152 if (loc->level == CUPSD_AUTH_ANON)
2153 loc->level = CUPSD_AUTH_USER;
2154 }
2155 #ifdef HAVE_GSSAPI
2156 else if (!_cups_strcasecmp(value, "negotiate"))
2157 {
2158 loc->type = CUPSD_AUTH_NEGOTIATE;
2159
2160 if (loc->level == CUPSD_AUTH_ANON)
2161 loc->level = CUPSD_AUTH_USER;
2162 }
2163 #endif /* HAVE_GSSAPI */
2164 else
2165 {
2166 cupsdLogMessage(CUPSD_LOG_WARN,
2167 "Unknown authorization type %s on line %d.",
2168 value, linenum);
2169 return (0);
2170 }
2171 }
2172 else if (!_cups_strcasecmp(line, "AuthClass"))
2173 {
2174 /*
2175 * AuthClass anonymous, user, system, group
2176 */
2177
2178 if (!_cups_strcasecmp(value, "anonymous"))
2179 {
2180 loc->type = CUPSD_AUTH_NONE;
2181 loc->level = CUPSD_AUTH_ANON;
2182
2183 cupsdLogMessage(CUPSD_LOG_WARN,
2184 "\"AuthClass %s\" is deprecated; consider removing "
2185 "it from line %d.",
2186 value, linenum);
2187 }
2188 else if (!_cups_strcasecmp(value, "user"))
2189 {
2190 loc->level = CUPSD_AUTH_USER;
2191
2192 cupsdLogMessage(CUPSD_LOG_WARN,
2193 "\"AuthClass %s\" is deprecated; consider using "
2194 "\"Require valid-user\" on line %d.",
2195 value, linenum);
2196 }
2197 else if (!_cups_strcasecmp(value, "group"))
2198 {
2199 loc->level = CUPSD_AUTH_GROUP;
2200
2201 cupsdLogMessage(CUPSD_LOG_WARN,
2202 "\"AuthClass %s\" is deprecated; consider using "
2203 "\"Require user @groupname\" on line %d.",
2204 value, linenum);
2205 }
2206 else if (!_cups_strcasecmp(value, "system"))
2207 {
2208 loc->level = CUPSD_AUTH_GROUP;
2209
2210 cupsdAddName(loc, "@SYSTEM");
2211
2212 cupsdLogMessage(CUPSD_LOG_WARN,
2213 "\"AuthClass %s\" is deprecated; consider using "
2214 "\"Require user @SYSTEM\" on line %d.",
2215 value, linenum);
2216 }
2217 else
2218 {
2219 cupsdLogMessage(CUPSD_LOG_WARN,
2220 "Unknown authorization class %s on line %d.",
2221 value, linenum);
2222 return (0);
2223 }
2224 }
2225 else if (!_cups_strcasecmp(line, "AuthGroupName"))
2226 {
2227 cupsdAddName(loc, value);
2228
2229 cupsdLogMessage(CUPSD_LOG_WARN,
2230 "\"AuthGroupName %s\" directive is deprecated; consider "
2231 "using \"Require user @%s\" on line %d.",
2232 value, value, linenum);
2233 }
2234 else if (!_cups_strcasecmp(line, "Require"))
2235 {
2236 /*
2237 * Apache synonym for AuthClass and AuthGroupName...
2238 *
2239 * Get initial word:
2240 *
2241 * Require valid-user
2242 * Require group names
2243 * Require user names
2244 */
2245
2246 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
2247
2248 if (*valptr)
2249 *valptr++ = '\0';
2250
2251 if (!_cups_strcasecmp(value, "valid-user") ||
2252 !_cups_strcasecmp(value, "user"))
2253 loc->level = CUPSD_AUTH_USER;
2254 else if (!_cups_strcasecmp(value, "group"))
2255 loc->level = CUPSD_AUTH_GROUP;
2256 else
2257 {
2258 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Require type %s on line %d.",
2259 value, linenum);
2260 return (0);
2261 }
2262
2263 /*
2264 * Get the list of names from the line...
2265 */
2266
2267 for (value = valptr; *value;)
2268 {
2269 while (_cups_isspace(*value))
2270 value ++;
2271
2272 #ifdef HAVE_AUTHORIZATION_H
2273 if (!strncmp(value, "@AUTHKEY(", 9))
2274 {
2275 /*
2276 * Grab "@AUTHKEY(name)" value...
2277 */
2278
2279 for (valptr = value + 9; *valptr != ')' && *valptr; valptr ++);
2280
2281 if (*valptr)
2282 *valptr++ = '\0';
2283 }
2284 else
2285 #endif /* HAVE_AUTHORIZATION_H */
2286 if (*value == '\"' || *value == '\'')
2287 {
2288 /*
2289 * Grab quoted name...
2290 */
2291
2292 for (valptr = value + 1; *valptr != *value && *valptr; valptr ++);
2293
2294 value ++;
2295 }
2296 else
2297 {
2298 /*
2299 * Grab literal name.
2300 */
2301
2302 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
2303 }
2304
2305 if (*valptr)
2306 *valptr++ = '\0';
2307
2308 cupsdAddName(loc, value);
2309
2310 for (value = valptr; _cups_isspace(*value); value ++);
2311 }
2312 }
2313 else if (!_cups_strcasecmp(line, "Satisfy"))
2314 {
2315 if (!_cups_strcasecmp(value, "all"))
2316 loc->satisfy = CUPSD_AUTH_SATISFY_ALL;
2317 else if (!_cups_strcasecmp(value, "any"))
2318 loc->satisfy = CUPSD_AUTH_SATISFY_ANY;
2319 else
2320 {
2321 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Satisfy value %s on line %d.",
2322 value, linenum);
2323 return (0);
2324 }
2325 }
2326 else
2327 return (0);
2328
2329 return (1);
2330 }
2331
2332
2333 /*
2334 * 'parse_fatal_errors()' - Parse FatalErrors values in a string.
2335 */
2336
2337 static int /* O - FatalErrors bits */
2338 parse_fatal_errors(const char *s) /* I - FatalErrors string */
2339 {
2340 int fatal; /* FatalErrors bits */
2341 char value[1024], /* Value string */
2342 *valstart, /* Pointer into value */
2343 *valend; /* End of value */
2344
2345
2346 /*
2347 * Empty FatalErrors line yields NULL pointer...
2348 */
2349
2350 if (!s)
2351 return (CUPSD_FATAL_NONE);
2352
2353 /*
2354 * Loop through the value string,...
2355 */
2356
2357 strlcpy(value, s, sizeof(value));
2358
2359 fatal = CUPSD_FATAL_NONE;
2360
2361 for (valstart = value; *valstart;)
2362 {
2363 /*
2364 * Get the current space/comma-delimited kind name...
2365 */
2366
2367 for (valend = valstart; *valend; valend ++)
2368 if (_cups_isspace(*valend) || *valend == ',')
2369 break;
2370
2371 if (*valend)
2372 *valend++ = '\0';
2373
2374 /*
2375 * Add the error to the bitmask...
2376 */
2377
2378 if (!_cups_strcasecmp(valstart, "all"))
2379 fatal = CUPSD_FATAL_ALL;
2380 else if (!_cups_strcasecmp(valstart, "browse"))
2381 fatal |= CUPSD_FATAL_BROWSE;
2382 else if (!_cups_strcasecmp(valstart, "-browse"))
2383 fatal &= ~CUPSD_FATAL_BROWSE;
2384 else if (!_cups_strcasecmp(valstart, "config"))
2385 fatal |= CUPSD_FATAL_CONFIG;
2386 else if (!_cups_strcasecmp(valstart, "-config"))
2387 fatal &= ~CUPSD_FATAL_CONFIG;
2388 else if (!_cups_strcasecmp(valstart, "listen"))
2389 fatal |= CUPSD_FATAL_LISTEN;
2390 else if (!_cups_strcasecmp(valstart, "-listen"))
2391 fatal &= ~CUPSD_FATAL_LISTEN;
2392 else if (!_cups_strcasecmp(valstart, "log"))
2393 fatal |= CUPSD_FATAL_LOG;
2394 else if (!_cups_strcasecmp(valstart, "-log"))
2395 fatal &= ~CUPSD_FATAL_LOG;
2396 else if (!_cups_strcasecmp(valstart, "permissions"))
2397 fatal |= CUPSD_FATAL_PERMISSIONS;
2398 else if (!_cups_strcasecmp(valstart, "-permissions"))
2399 fatal &= ~CUPSD_FATAL_PERMISSIONS;
2400 else if (_cups_strcasecmp(valstart, "none"))
2401 cupsdLogMessage(CUPSD_LOG_ERROR,
2402 "Unknown FatalErrors kind \"%s\" ignored.", valstart);
2403
2404 for (valstart = valend; *valstart; valstart ++)
2405 if (!_cups_isspace(*valstart) || *valstart != ',')
2406 break;
2407 }
2408
2409 return (fatal);
2410 }
2411
2412
2413 /*
2414 * 'parse_groups()' - Parse system group names in a string.
2415 */
2416
2417 static int /* O - 1 on success, 0 on failure */
2418 parse_groups(const char *s) /* I - Space-delimited groups */
2419 {
2420 int status; /* Return status */
2421 char value[1024], /* Value string */
2422 *valstart, /* Pointer into value */
2423 *valend, /* End of value */
2424 quote; /* Quote character */
2425 struct group *group; /* Group */
2426
2427
2428 /*
2429 * Make a copy of the string and parse out the groups...
2430 */
2431
2432 strlcpy(value, s, sizeof(value));
2433
2434 status = 1;
2435 valstart = value;
2436
2437 while (*valstart && NumSystemGroups < MAX_SYSTEM_GROUPS)
2438 {
2439 if (*valstart == '\'' || *valstart == '\"')
2440 {
2441 /*
2442 * Scan quoted name...
2443 */
2444
2445 quote = *valstart++;
2446
2447 for (valend = valstart; *valend; valend ++)
2448 if (*valend == quote)
2449 break;
2450 }
2451 else
2452 {
2453 /*
2454 * Scan space or comma-delimited name...
2455 */
2456
2457 for (valend = valstart; *valend; valend ++)
2458 if (_cups_isspace(*valend) || *valend == ',')
2459 break;
2460 }
2461
2462 if (*valend)
2463 *valend++ = '\0';
2464
2465 group = getgrnam(valstart);
2466 if (group)
2467 {
2468 cupsdSetString(SystemGroups + NumSystemGroups, valstart);
2469 SystemGroupIDs[NumSystemGroups] = group->gr_gid;
2470
2471 NumSystemGroups ++;
2472 }
2473 else
2474 status = 0;
2475
2476 endgrent();
2477
2478 valstart = valend;
2479
2480 while (*valstart == ',' || _cups_isspace(*valstart))
2481 valstart ++;
2482 }
2483
2484 return (status);
2485 }
2486
2487
2488 /*
2489 * 'parse_protocols()' - Parse browse protocols in a string.
2490 */
2491
2492 static int /* O - Browse protocol bits */
2493 parse_protocols(const char *s) /* I - Space-delimited protocols */
2494 {
2495 int protocols; /* Browse protocol bits */
2496 char value[1024], /* Value string */
2497 *valstart, /* Pointer into value */
2498 *valend; /* End of value */
2499
2500
2501 /*
2502 * Empty protocol line yields NULL pointer...
2503 */
2504
2505 if (!s)
2506 return (0);
2507
2508 /*
2509 * Loop through the value string,...
2510 */
2511
2512 strlcpy(value, s, sizeof(value));
2513
2514 protocols = 0;
2515
2516 for (valstart = value; *valstart;)
2517 {
2518 /*
2519 * Get the current space/comma-delimited protocol name...
2520 */
2521
2522 for (valend = valstart; *valend; valend ++)
2523 if (_cups_isspace(*valend) || *valend == ',')
2524 break;
2525
2526 if (*valend)
2527 *valend++ = '\0';
2528
2529 /*
2530 * Add the protocol to the bitmask...
2531 */
2532
2533 if (!_cups_strcasecmp(valstart, "dnssd") ||
2534 !_cups_strcasecmp(valstart, "dns-sd") ||
2535 !_cups_strcasecmp(valstart, "bonjour"))
2536 protocols |= BROWSE_DNSSD;
2537 else if (!_cups_strcasecmp(valstart, "all"))
2538 protocols |= BROWSE_ALL;
2539 else if (_cups_strcasecmp(valstart, "none"))
2540 cupsdLogMessage(CUPSD_LOG_ERROR,
2541 "Unknown browse protocol \"%s\" ignored.", valstart);
2542
2543 for (valstart = valend; *valstart; valstart ++)
2544 if (!_cups_isspace(*valstart) || *valstart != ',')
2545 break;
2546 }
2547
2548 return (protocols);
2549 }
2550
2551
2552 /*
2553 * 'read_configuration()' - Read a configuration file.
2554 */
2555
2556 static int /* O - 1 on success, 0 on failure */
2557 read_configuration(cups_file_t *fp) /* I - File to read from */
2558 {
2559 int i; /* Looping var */
2560 int linenum; /* Current line number */
2561 char line[HTTP_MAX_BUFFER],
2562 /* Line from file */
2563 temp[HTTP_MAX_BUFFER],
2564 /* Temporary buffer for value */
2565 *value, /* Pointer to value */
2566 *valueptr; /* Pointer into value */
2567 int valuelen; /* Length of value */
2568 cupsd_var_t const *var; /* Current variable */
2569 http_addrlist_t *addrlist, /* Address list */
2570 *addr; /* Current address */
2571 cups_file_t *incfile; /* Include file */
2572 char incname[1024]; /* Include filename */
2573 struct group *group; /* Group */
2574
2575
2576 /*
2577 * Loop through each line in the file...
2578 */
2579
2580 linenum = 0;
2581
2582 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
2583 {
2584 /*
2585 * Decode the directive...
2586 */
2587
2588 if (!_cups_strcasecmp(line, "Include") && value)
2589 {
2590 /*
2591 * Include filename
2592 */
2593
2594 if (value[0] == '/')
2595 strlcpy(incname, value, sizeof(incname));
2596 else
2597 snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value);
2598
2599 if ((incfile = cupsFileOpen(incname, "rb")) == NULL)
2600 cupsdLogMessage(CUPSD_LOG_ERROR,
2601 "Unable to include config file \"%s\" - %s",
2602 incname, strerror(errno));
2603 else
2604 {
2605 read_configuration(incfile);
2606 cupsFileClose(incfile);
2607 }
2608 }
2609 else if (!_cups_strcasecmp(line, "<Location") && value)
2610 {
2611 /*
2612 * <Location path>
2613 */
2614
2615 linenum = read_location(fp, value, linenum);
2616 if (linenum == 0)
2617 return (0);
2618 }
2619 else if (!_cups_strcasecmp(line, "<Policy") && value)
2620 {
2621 /*
2622 * <Policy name>
2623 */
2624
2625 linenum = read_policy(fp, value, linenum);
2626 if (linenum == 0)
2627 return (0);
2628 }
2629 else if (!_cups_strcasecmp(line, "FatalErrors"))
2630 FatalErrors = parse_fatal_errors(value);
2631 else if (!_cups_strcasecmp(line, "FaxRetryInterval") && value)
2632 {
2633 JobRetryInterval = atoi(value);
2634 cupsdLogMessage(CUPSD_LOG_WARN,
2635 "FaxRetryInterval is deprecated; use "
2636 "JobRetryInterval on line %d.", linenum);
2637 }
2638 else if (!_cups_strcasecmp(line, "FaxRetryLimit") && value)
2639 {
2640 JobRetryLimit = atoi(value);
2641 cupsdLogMessage(CUPSD_LOG_WARN,
2642 "FaxRetryLimit is deprecated; use "
2643 "JobRetryLimit on line %d.", linenum);
2644 }
2645 else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")
2646 #ifdef HAVE_SSL
2647 || !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen")
2648 #endif /* HAVE_SSL */
2649 ) && value)
2650 {
2651 /*
2652 * Add listening address(es) to the list...
2653 */
2654
2655 cupsd_listener_t *lis; /* New listeners array */
2656
2657
2658 /*
2659 * Get the address list...
2660 */
2661
2662 addrlist = get_address(value, IPP_PORT);
2663
2664 if (!addrlist)
2665 {
2666 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad %s address %s at line %d.", line,
2667 value, linenum);
2668 continue;
2669 }
2670
2671 /*
2672 * Add each address...
2673 */
2674
2675 for (addr = addrlist; addr; addr = addr->next)
2676 {
2677 /*
2678 * See if this address is already present...
2679 */
2680
2681 for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners);
2682 lis;
2683 lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
2684 if (httpAddrEqual(&(addr->addr), &(lis->address)) &&
2685 _httpAddrPort(&(addr->addr)) == _httpAddrPort(&(lis->address)))
2686 break;
2687
2688 if (lis)
2689 {
2690 httpAddrString(&lis->address, temp, sizeof(temp));
2691 cupsdLogMessage(CUPSD_LOG_WARN,
2692 "Duplicate listen address \"%s\" ignored.", temp);
2693 continue;
2694 }
2695
2696 /*
2697 * Allocate another listener...
2698 */
2699
2700 if (!Listeners)
2701 Listeners = cupsArrayNew(NULL, NULL);
2702
2703 if (!Listeners)
2704 {
2705 cupsdLogMessage(CUPSD_LOG_ERROR,
2706 "Unable to allocate %s at line %d - %s.",
2707 line, linenum, strerror(errno));
2708 break;
2709 }
2710
2711 if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
2712 {
2713 cupsdLogMessage(CUPSD_LOG_ERROR,
2714 "Unable to allocate %s at line %d - %s.",
2715 line, linenum, strerror(errno));
2716 break;
2717 }
2718
2719 cupsArrayAdd(Listeners, lis);
2720
2721 /*
2722 * Copy the current address and log it...
2723 */
2724
2725 memcpy(&(lis->address), &(addr->addr), sizeof(lis->address));
2726 lis->fd = -1;
2727
2728 #ifdef HAVE_SSL
2729 if (!_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen"))
2730 lis->encryption = HTTP_ENCRYPT_ALWAYS;
2731 #endif /* HAVE_SSL */
2732
2733 httpAddrString(&lis->address, temp, sizeof(temp));
2734
2735 #ifdef AF_LOCAL
2736 if (lis->address.addr.sa_family == AF_LOCAL)
2737 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s (Domain)", temp);
2738 else
2739 #endif /* AF_LOCAL */
2740 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s:%d (IPv%d)", temp,
2741 _httpAddrPort(&(lis->address)),
2742 _httpAddrFamily(&(lis->address)) == AF_INET ? 4 : 6);
2743
2744 if (!httpAddrLocalhost(&(lis->address)))
2745 RemotePort = _httpAddrPort(&(lis->address));
2746 }
2747
2748 /*
2749 * Free the list...
2750 */
2751
2752 httpAddrFreeList(addrlist);
2753 }
2754 else if (!_cups_strcasecmp(line, "BrowseProtocols") ||
2755 !_cups_strcasecmp(line, "BrowseLocalProtocols"))
2756 {
2757 /*
2758 * "BrowseProtocols name [... name]"
2759 * "BrowseLocalProtocols name [... name]"
2760 */
2761
2762 int protocols = parse_protocols(value);
2763
2764 if (protocols < 0)
2765 {
2766 cupsdLogMessage(CUPSD_LOG_ERROR,
2767 "Unknown browse protocol \"%s\" on line %d.",
2768 value, linenum);
2769 break;
2770 }
2771
2772 BrowseLocalProtocols = protocols;
2773 }
2774 else if (!_cups_strcasecmp(line, "default_auth_type") && value)
2775 {
2776 /*
2777 * default_auth_type {basic,digest,basicdigest,negotiate}
2778 */
2779
2780 if (!_cups_strcasecmp(value, "none"))
2781 default_auth_type = CUPSD_AUTH_NONE;
2782 else if (!_cups_strcasecmp(value, "basic"))
2783 default_auth_type = CUPSD_AUTH_BASIC;
2784 else if (!_cups_strcasecmp(value, "digest"))
2785 default_auth_type = CUPSD_AUTH_DIGEST;
2786 else if (!_cups_strcasecmp(value, "basicdigest"))
2787 default_auth_type = CUPSD_AUTH_BASICDIGEST;
2788 #ifdef HAVE_GSSAPI
2789 else if (!_cups_strcasecmp(value, "negotiate"))
2790 default_auth_type = CUPSD_AUTH_NEGOTIATE;
2791 #endif /* HAVE_GSSAPI */
2792 else if (!_cups_strcasecmp(value, "auto"))
2793 default_auth_type = CUPSD_AUTH_AUTO;
2794 else
2795 {
2796 cupsdLogMessage(CUPSD_LOG_WARN,
2797 "Unknown default authorization type %s on line %d.",
2798 value, linenum);
2799 if (FatalErrors & CUPSD_FATAL_CONFIG)
2800 return (0);
2801 }
2802 }
2803 #ifdef HAVE_SSL
2804 else if (!_cups_strcasecmp(line, "DefaultEncryption"))
2805 {
2806 /*
2807 * DefaultEncryption {Never,IfRequested,Required}
2808 */
2809
2810 if (!value || !_cups_strcasecmp(value, "never"))
2811 DefaultEncryption = HTTP_ENCRYPT_NEVER;
2812 else if (!_cups_strcasecmp(value, "required"))
2813 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
2814 else if (!_cups_strcasecmp(value, "ifrequested"))
2815 DefaultEncryption = HTTP_ENCRYPT_IF_REQUESTED;
2816 else
2817 {
2818 cupsdLogMessage(CUPSD_LOG_WARN,
2819 "Unknown default encryption %s on line %d.",
2820 value, linenum);
2821 if (FatalErrors & CUPSD_FATAL_CONFIG)
2822 return (0);
2823 }
2824 }
2825 #endif /* HAVE_SSL */
2826 else if (!_cups_strcasecmp(line, "User") && value)
2827 {
2828 /*
2829 * User ID to run as...
2830 */
2831
2832 if (isdigit(value[0] & 255))
2833 {
2834 int uid = atoi(value);
2835
2836 if (!uid)
2837 cupsdLogMessage(CUPSD_LOG_ERROR,
2838 "Will not use User 0 as specified on line %d "
2839 "for security reasons. You must use a non-"
2840 "privileged account instead.",
2841 linenum);
2842 else
2843 User = atoi(value);
2844 }
2845 else
2846 {
2847 struct passwd *p; /* Password information */
2848
2849 endpwent();
2850 p = getpwnam(value);
2851
2852 if (p)
2853 {
2854 if (!p->pw_uid)
2855 cupsdLogMessage(CUPSD_LOG_ERROR,
2856 "Will not use User %s (UID=0) as specified on line "
2857 "%d for security reasons. You must use a non-"
2858 "privileged account instead.",
2859 value, linenum);
2860 else
2861 User = p->pw_uid;
2862 }
2863 else
2864 cupsdLogMessage(CUPSD_LOG_ERROR,
2865 "Unknown User \"%s\" on line %d, ignoring.",
2866 value, linenum);
2867 }
2868 }
2869 else if (!_cups_strcasecmp(line, "Group") && value)
2870 {
2871 /*
2872 * Group ID to run as...
2873 */
2874
2875 if (isdigit(value[0]))
2876 Group = atoi(value);
2877 else
2878 {
2879 endgrent();
2880 group = getgrnam(value);
2881
2882 if (group != NULL)
2883 Group = group->gr_gid;
2884 else
2885 cupsdLogMessage(CUPSD_LOG_ERROR,
2886 "Unknown Group \"%s\" on line %d, ignoring.",
2887 value, linenum);
2888 }
2889 }
2890 else if (!_cups_strcasecmp(line, "SystemGroup") && value)
2891 {
2892 /*
2893 * SystemGroup (admin) group(s)...
2894 */
2895
2896 if (!parse_groups(value))
2897 cupsdLogMessage(CUPSD_LOG_ERROR,
2898 "Unknown SystemGroup \"%s\" on line %d, ignoring.",
2899 value, linenum);
2900 }
2901 else if (!_cups_strcasecmp(line, "HostNameLookups") && value)
2902 {
2903 /*
2904 * Do hostname lookups?
2905 */
2906
2907 if (!_cups_strcasecmp(value, "off") || !_cups_strcasecmp(value, "no") ||
2908 !_cups_strcasecmp(value, "false"))
2909 HostNameLookups = 0;
2910 else if (!_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "yes") ||
2911 !_cups_strcasecmp(value, "true"))
2912 HostNameLookups = 1;
2913 else if (!_cups_strcasecmp(value, "double"))
2914 HostNameLookups = 2;
2915 else
2916 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown HostNameLookups %s on line %d.",
2917 value, linenum);
2918 }
2919 else if (!_cups_strcasecmp(line, "AccessLogLevel") && value)
2920 {
2921 /*
2922 * Amount of logging to do to access log...
2923 */
2924
2925 if (!_cups_strcasecmp(value, "all"))
2926 AccessLogLevel = CUPSD_ACCESSLOG_ALL;
2927 else if (!_cups_strcasecmp(value, "actions"))
2928 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
2929 else if (!_cups_strcasecmp(value, "config"))
2930 AccessLogLevel = CUPSD_ACCESSLOG_CONFIG;
2931 else
2932 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown AccessLogLevel %s on line %d.",
2933 value, linenum);
2934 }
2935 else if (!_cups_strcasecmp(line, "LogLevel") && value)
2936 {
2937 /*
2938 * Amount of logging to do to error log...
2939 */
2940
2941 if (!_cups_strcasecmp(value, "debug2"))
2942 LogLevel = CUPSD_LOG_DEBUG2;
2943 else if (!_cups_strcasecmp(value, "debug"))
2944 LogLevel = CUPSD_LOG_DEBUG;
2945 else if (!_cups_strcasecmp(value, "info"))
2946 LogLevel = CUPSD_LOG_INFO;
2947 else if (!_cups_strcasecmp(value, "notice"))
2948 LogLevel = CUPSD_LOG_NOTICE;
2949 else if (!_cups_strcasecmp(value, "warn"))
2950 LogLevel = CUPSD_LOG_WARN;
2951 else if (!_cups_strcasecmp(value, "error"))
2952 LogLevel = CUPSD_LOG_ERROR;
2953 else if (!_cups_strcasecmp(value, "crit"))
2954 LogLevel = CUPSD_LOG_CRIT;
2955 else if (!_cups_strcasecmp(value, "alert"))
2956 LogLevel = CUPSD_LOG_ALERT;
2957 else if (!_cups_strcasecmp(value, "emerg"))
2958 LogLevel = CUPSD_LOG_EMERG;
2959 else if (!_cups_strcasecmp(value, "none"))
2960 LogLevel = CUPSD_LOG_NONE;
2961 else
2962 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogLevel %s on line %d.",
2963 value, linenum);
2964 }
2965 else if (!_cups_strcasecmp(line, "LogTimeFormat") && value)
2966 {
2967 /*
2968 * Amount of logging to do to error log...
2969 */
2970
2971 if (!_cups_strcasecmp(value, "standard"))
2972 LogTimeFormat = CUPSD_TIME_STANDARD;
2973 else if (!_cups_strcasecmp(value, "usecs"))
2974 LogTimeFormat = CUPSD_TIME_USECS;
2975 else
2976 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogTimeFormat %s on line %d.",
2977 value, linenum);
2978 }
2979 else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
2980 {
2981 /*
2982 * Format of printcap file?
2983 */
2984
2985 if (!_cups_strcasecmp(value, "bsd"))
2986 PrintcapFormat = PRINTCAP_BSD;
2987 else if (!_cups_strcasecmp(value, "plist"))
2988 PrintcapFormat = PRINTCAP_PLIST;
2989 else if (!_cups_strcasecmp(value, "solaris"))
2990 PrintcapFormat = PRINTCAP_SOLARIS;
2991 else
2992 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown PrintcapFormat %s on line %d.",
2993 value, linenum);
2994 }
2995 else if (!_cups_strcasecmp(line, "ServerTokens") && value)
2996 {
2997 /*
2998 * Set the string used for the Server header...
2999 */
3000
3001 struct utsname plat; /* Platform info */
3002
3003
3004 uname(&plat);
3005
3006 if (!_cups_strcasecmp(value, "ProductOnly"))
3007 cupsdSetString(&ServerHeader, "CUPS");
3008 else if (!_cups_strcasecmp(value, "Major"))
3009 cupsdSetStringf(&ServerHeader, "CUPS/%d", CUPS_VERSION_MAJOR);
3010 else if (!_cups_strcasecmp(value, "Minor"))
3011 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d", CUPS_VERSION_MAJOR,
3012 CUPS_VERSION_MINOR);
3013 else if (!_cups_strcasecmp(value, "Minimal"))
3014 cupsdSetString(&ServerHeader, CUPS_MINIMAL);
3015 else if (!_cups_strcasecmp(value, "OS"))
3016 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s)", plat.sysname);
3017 else if (!_cups_strcasecmp(value, "Full"))
3018 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s) IPP/2.1",
3019 plat.sysname);
3020 else if (!_cups_strcasecmp(value, "None"))
3021 cupsdClearString(&ServerHeader);
3022 else
3023 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d.",
3024 value, linenum);
3025 }
3026 else if (!_cups_strcasecmp(line, "PassEnv") && value)
3027 {
3028 /*
3029 * PassEnv variable [... variable]
3030 */
3031
3032 for (; *value;)
3033 {
3034 for (valuelen = 0; value[valuelen]; valuelen ++)
3035 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3036 break;
3037
3038 if (value[valuelen])
3039 {
3040 value[valuelen] = '\0';
3041 valuelen ++;
3042 }
3043
3044 cupsdSetEnv(value, NULL);
3045
3046 for (value += valuelen; *value; value ++)
3047 if (!_cups_isspace(*value) || *value != ',')
3048 break;
3049 }
3050 }
3051 else if (!_cups_strcasecmp(line, "ServerAlias") && value)
3052 {
3053 /*
3054 * ServerAlias name [... name]
3055 */
3056
3057 if (!ServerAlias)
3058 ServerAlias = cupsArrayNew(NULL, NULL);
3059
3060 for (; *value;)
3061 {
3062 for (valuelen = 0; value[valuelen]; valuelen ++)
3063 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3064 break;
3065
3066 if (value[valuelen])
3067 {
3068 value[valuelen] = '\0';
3069 valuelen ++;
3070 }
3071
3072 cupsdAddAlias(ServerAlias, value);
3073
3074 for (value += valuelen; *value; value ++)
3075 if (!_cups_isspace(*value) || *value != ',')
3076 break;
3077 }
3078 }
3079 else if (!_cups_strcasecmp(line, "SetEnv") && value)
3080 {
3081 /*
3082 * SetEnv variable value
3083 */
3084
3085 for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
3086
3087 if (*valueptr)
3088 {
3089 /*
3090 * Found a value...
3091 */
3092
3093 while (isspace(*valueptr & 255))
3094 *valueptr++ = '\0';
3095
3096 cupsdSetEnv(value, valueptr);
3097 }
3098 else
3099 cupsdLogMessage(CUPSD_LOG_ERROR,
3100 "Missing value for SetEnv directive on line %d.",
3101 linenum);
3102 }
3103 #ifdef HAVE_SSL
3104 else if (!_cups_strcasecmp(line, "SSLOptions"))
3105 {
3106 /*
3107 * SSLOptions options
3108 */
3109
3110 if (!value || !_cups_strcasecmp(value, "none"))
3111 SSLOptions = CUPSD_SSL_NONE;
3112 else if (!_cups_strcasecmp(value, "noemptyfragments"))
3113 SSLOptions = CUPSD_SSL_NOEMPTY;
3114 else
3115 cupsdLogMessage(CUPSD_LOG_ERROR,
3116 "Unknown value \"%s\" for SSLOptions directive on "
3117 "line %d.", value, linenum);
3118 }
3119 #endif /* HAVE_SSL */
3120 else
3121 {
3122 /*
3123 * Find a simple variable in the list...
3124 */
3125
3126 for (i = NUM_VARS, var = variables; i > 0; i --, var ++)
3127 if (!_cups_strcasecmp(line, var->name))
3128 break;
3129
3130 if (i == 0)
3131 {
3132 /*
3133 * Unknown directive! Output an error message and continue...
3134 */
3135
3136 if (!value)
3137 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d.",
3138 line, linenum);
3139 else
3140 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d.",
3141 line, linenum);
3142 continue;
3143 }
3144
3145 switch (var->type)
3146 {
3147 case CUPSD_VARTYPE_INTEGER :
3148 if (!value)
3149 cupsdLogMessage(CUPSD_LOG_ERROR,
3150 "Missing integer value for %s on line %d.",
3151 line, linenum);
3152 else if (!isdigit(*value & 255))
3153 cupsdLogMessage(CUPSD_LOG_ERROR,
3154 "Bad integer value for %s on line %d.",
3155 line, linenum);
3156 else
3157 {
3158 int n; /* Number */
3159 char *units; /* Units */
3160
3161 n = strtol(value, &units, 0);
3162
3163 if (units && *units)
3164 {
3165 if (tolower(units[0] & 255) == 'g')
3166 n *= 1024 * 1024 * 1024;
3167 else if (tolower(units[0] & 255) == 'm')
3168 n *= 1024 * 1024;
3169 else if (tolower(units[0] & 255) == 'k')
3170 n *= 1024;
3171 else if (tolower(units[0] & 255) == 't')
3172 n *= 262144;
3173 else
3174 {
3175 cupsdLogMessage(CUPSD_LOG_ERROR,
3176 "Unknown integer value for %s on line %d.",
3177 line, linenum);
3178 break;
3179 }
3180 }
3181
3182 if (n < 0)
3183 cupsdLogMessage(CUPSD_LOG_ERROR,
3184 "Bad negative integer value for %s on line %d.",
3185 line, linenum);
3186 else
3187 *((int *)var->ptr) = n;
3188 }
3189 break;
3190
3191 case CUPSD_VARTYPE_TIME :
3192 if (!value)
3193 cupsdLogMessage(CUPSD_LOG_ERROR,
3194 "Missing time interval value for %s on line %d.",
3195 line, linenum);
3196 else if (!_cups_strncasecmp(line, "PreserveJob", 11) &&
3197 (!_cups_strcasecmp(value, "true") ||
3198 !_cups_strcasecmp(value, "on") ||
3199 !_cups_strcasecmp(value, "enabled") ||
3200 !_cups_strcasecmp(value, "yes")))
3201 *((int *)var->ptr) = INT_MAX;
3202 else if (!_cups_strcasecmp(value, "false") ||
3203 !_cups_strcasecmp(value, "off") ||
3204 !_cups_strcasecmp(value, "disabled") ||
3205 !_cups_strcasecmp(value, "no"))
3206 *((int *)var->ptr) = 0;
3207 else if (!isdigit(*value & 255))
3208 cupsdLogMessage(CUPSD_LOG_ERROR,
3209 "Unknown time interval value for %s on line %d.",
3210 line, linenum);
3211 else
3212 {
3213 double n; /* Number */
3214 char *units; /* Units */
3215
3216 n = strtod(value, &units);
3217
3218 if (units && *units)
3219 {
3220 if (tolower(units[0] & 255) == 'w')
3221 n *= 7 * 24 * 60 * 60;
3222 else if (tolower(units[0] & 255) == 'd')
3223 n *= 24 * 60 * 60;
3224 else if (tolower(units[0] & 255) == 'h')
3225 n *= 60 * 60;
3226 else if (tolower(units[0] & 255) == 'm')
3227 n *= 60;
3228 else
3229 {
3230 cupsdLogMessage(CUPSD_LOG_ERROR,
3231 "Unknown time interval value for %s on line "
3232 "%d.", line, linenum);
3233 break;
3234 }
3235 }
3236
3237 if (n < 0.0 || n > INT_MAX)
3238 cupsdLogMessage(CUPSD_LOG_ERROR,
3239 "Bad time value for %s on line %d.",
3240 line, linenum);
3241 else
3242 *((int *)var->ptr) = (int)n;
3243 }
3244 break;
3245
3246 case CUPSD_VARTYPE_BOOLEAN :
3247 if (!value)
3248 cupsdLogMessage(CUPSD_LOG_ERROR,
3249 "Missing boolean value for %s on line %d.",
3250 line, linenum);
3251 else if (!_cups_strcasecmp(value, "true") ||
3252 !_cups_strcasecmp(value, "on") ||
3253 !_cups_strcasecmp(value, "enabled") ||
3254 !_cups_strcasecmp(value, "yes") ||
3255 atoi(value) != 0)
3256 *((int *)var->ptr) = TRUE;
3257 else if (!_cups_strcasecmp(value, "false") ||
3258 !_cups_strcasecmp(value, "off") ||
3259 !_cups_strcasecmp(value, "disabled") ||
3260 !_cups_strcasecmp(value, "no") ||
3261 !_cups_strcasecmp(value, "0"))
3262 *((int *)var->ptr) = FALSE;
3263 else
3264 cupsdLogMessage(CUPSD_LOG_ERROR,
3265 "Unknown boolean value %s on line %d.",
3266 value, linenum);
3267 break;
3268
3269 case CUPSD_VARTYPE_PATHNAME :
3270 if (!value)
3271 {
3272 cupsdLogMessage(CUPSD_LOG_ERROR,
3273 "Missing pathname value for %s on line %d.",
3274 line, linenum);
3275 break;
3276 }
3277
3278 if (value[0] == '/')
3279 strlcpy(temp, value, sizeof(temp));
3280 else
3281 snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value);
3282
3283 if (access(temp, 0))
3284 {
3285 cupsdLogMessage(CUPSD_LOG_ERROR,
3286 "File or directory for \"%s %s\" on line %d "
3287 "does not exist.", line, value, linenum);
3288 break;
3289 }
3290
3291 case CUPSD_VARTYPE_STRING :
3292 cupsdSetString((char **)var->ptr, value);
3293 break;
3294 }
3295 }
3296 }
3297
3298 return (1);
3299 }
3300
3301
3302 /*
3303 * 'read_location()' - Read a <Location path> definition.
3304 */
3305
3306 static int /* O - New line number or 0 on error */
3307 read_location(cups_file_t *fp, /* I - Configuration file */
3308 char *location, /* I - Location name/path */
3309 int linenum) /* I - Current line number */
3310 {
3311 cupsd_location_t *loc, /* New location */
3312 *parent; /* Parent location */
3313 char line[HTTP_MAX_BUFFER],
3314 /* Line buffer */
3315 *value, /* Value for directive */
3316 *valptr; /* Pointer into value */
3317
3318
3319 if ((parent = cupsdFindLocation(location)) != NULL)
3320 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Location %s> on line %d.",
3321 location, linenum);
3322 else if ((parent = cupsdNewLocation(location)) == NULL)
3323 return (0);
3324 else
3325 {
3326 cupsdAddLocation(parent);
3327
3328 parent->limit = CUPSD_AUTH_LIMIT_ALL;
3329 }
3330
3331 loc = parent;
3332
3333 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3334 {
3335 /*
3336 * Decode the directive...
3337 */
3338
3339 if (!_cups_strcasecmp(line, "</Location>"))
3340 return (linenum);
3341 else if (!_cups_strcasecmp(line, "<Limit") ||
3342 !_cups_strcasecmp(line, "<LimitExcept"))
3343 {
3344 if (!value)
3345 {
3346 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
3347 if (FatalErrors & CUPSD_FATAL_CONFIG)
3348 return (0);
3349 else
3350 continue;
3351 }
3352
3353 if ((loc = cupsdCopyLocation(parent)) == NULL)
3354 return (0);
3355
3356 cupsdAddLocation(loc);
3357
3358 loc->limit = 0;
3359 while (*value)
3360 {
3361 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3362
3363 if (*valptr)
3364 *valptr++ = '\0';
3365
3366 if (!strcmp(value, "ALL"))
3367 loc->limit = CUPSD_AUTH_LIMIT_ALL;
3368 else if (!strcmp(value, "GET"))
3369 loc->limit |= CUPSD_AUTH_LIMIT_GET;
3370 else if (!strcmp(value, "HEAD"))
3371 loc->limit |= CUPSD_AUTH_LIMIT_HEAD;
3372 else if (!strcmp(value, "OPTIONS"))
3373 loc->limit |= CUPSD_AUTH_LIMIT_OPTIONS;
3374 else if (!strcmp(value, "POST"))
3375 loc->limit |= CUPSD_AUTH_LIMIT_POST;
3376 else if (!strcmp(value, "PUT"))
3377 loc->limit |= CUPSD_AUTH_LIMIT_PUT;
3378 else if (!strcmp(value, "TRACE"))
3379 loc->limit |= CUPSD_AUTH_LIMIT_TRACE;
3380 else
3381 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown request type %s on line %d.",
3382 value, linenum);
3383
3384 for (value = valptr; isspace(*value & 255); value ++);
3385 }
3386
3387 if (!_cups_strcasecmp(line, "<LimitExcept"))
3388 loc->limit = CUPSD_AUTH_LIMIT_ALL ^ loc->limit;
3389
3390 parent->limit &= ~loc->limit;
3391 }
3392 else if (!_cups_strcasecmp(line, "</Limit>") ||
3393 !_cups_strcasecmp(line, "</LimitExcept>"))
3394 loc = parent;
3395 else if (!value)
3396 {
3397 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d.", linenum);
3398 if (FatalErrors & CUPSD_FATAL_CONFIG)
3399 return (0);
3400 }
3401 else if (!parse_aaa(loc, line, value, linenum))
3402 {
3403 cupsdLogMessage(CUPSD_LOG_ERROR,
3404 "Unknown Location directive %s on line %d.",
3405 line, linenum);
3406 if (FatalErrors & CUPSD_FATAL_CONFIG)
3407 return (0);
3408 }
3409 }
3410
3411 cupsdLogMessage(CUPSD_LOG_ERROR,
3412 "Unexpected end-of-file at line %d while reading location.",
3413 linenum);
3414
3415 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
3416 }
3417
3418
3419 /*
3420 * 'read_policy()' - Read a <Policy name> definition.
3421 */
3422
3423 static int /* O - New line number or 0 on error */
3424 read_policy(cups_file_t *fp, /* I - Configuration file */
3425 char *policy, /* I - Location name/path */
3426 int linenum) /* I - Current line number */
3427 {
3428 int i; /* Looping var */
3429 cupsd_policy_t *pol; /* Policy */
3430 cupsd_location_t *op; /* Policy operation */
3431 int num_ops; /* Number of IPP operations */
3432 ipp_op_t ops[100]; /* Operations */
3433 char line[HTTP_MAX_BUFFER],
3434 /* Line buffer */
3435 *value, /* Value for directive */
3436 *valptr; /* Pointer into value */
3437
3438
3439 /*
3440 * Create the policy...
3441 */
3442
3443 if ((pol = cupsdFindPolicy(policy)) != NULL)
3444 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Policy %s> on line %d.",
3445 policy, linenum);
3446 else if ((pol = cupsdAddPolicy(policy)) == NULL)
3447 return (0);
3448
3449 /*
3450 * Read from the file...
3451 */
3452
3453 op = NULL;
3454 num_ops = 0;
3455
3456 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3457 {
3458 /*
3459 * Decode the directive...
3460 */
3461
3462 if (!_cups_strcasecmp(line, "</Policy>"))
3463 {
3464 if (op)
3465 cupsdLogMessage(CUPSD_LOG_WARN,
3466 "Missing </Limit> before </Policy> on line %d.",
3467 linenum);
3468
3469 set_policy_defaults(pol);
3470
3471 return (linenum);
3472 }
3473 else if (!_cups_strcasecmp(line, "<Limit") && !op)
3474 {
3475 if (!value)
3476 {
3477 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d.", linenum);
3478 if (FatalErrors & CUPSD_FATAL_CONFIG)
3479 return (0);
3480 else
3481 continue;
3482 }
3483
3484 /*
3485 * Scan for IPP operation names...
3486 */
3487
3488 num_ops = 0;
3489
3490 while (*value)
3491 {
3492 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3493
3494 if (*valptr)
3495 *valptr++ = '\0';
3496
3497 if (num_ops < (int)(sizeof(ops) / sizeof(ops[0])))
3498 {
3499 if (!_cups_strcasecmp(value, "All"))
3500 ops[num_ops] = IPP_ANY_OPERATION;
3501 else if ((ops[num_ops] = ippOpValue(value)) == IPP_BAD_OPERATION)
3502 cupsdLogMessage(CUPSD_LOG_ERROR,
3503 "Bad IPP operation name \"%s\" on line %d.",
3504 value, linenum);
3505 else
3506 num_ops ++;
3507 }
3508 else
3509 cupsdLogMessage(CUPSD_LOG_ERROR,
3510 "Too many operations listed on line %d.",
3511 linenum);
3512
3513 for (value = valptr; isspace(*value & 255); value ++);
3514 }
3515
3516 /*
3517 * If none are specified, apply the policy to all operations...
3518 */
3519
3520 if (num_ops == 0)
3521 {
3522 ops[0] = IPP_ANY_OPERATION;
3523 num_ops = 1;
3524 }
3525
3526 /*
3527 * Add a new policy for the first operation...
3528 */
3529
3530 op = cupsdAddPolicyOp(pol, NULL, ops[0]);
3531 }
3532 else if (!_cups_strcasecmp(line, "</Limit>") && op)
3533 {
3534 /*
3535 * Finish the current operation limit...
3536 */
3537
3538 if (num_ops > 1)
3539 {
3540 /*
3541 * Copy the policy to the other operations...
3542 */
3543
3544 for (i = 1; i < num_ops; i ++)
3545 cupsdAddPolicyOp(pol, op, ops[i]);
3546 }
3547
3548 op = NULL;
3549 }
3550 else if (!value)
3551 {
3552 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d.", linenum);
3553 if (FatalErrors & CUPSD_FATAL_CONFIG)
3554 return (0);
3555 }
3556 else if (!_cups_strcasecmp(line, "JobPrivateAccess") ||
3557 !_cups_strcasecmp(line, "JobPrivateValues") ||
3558 !_cups_strcasecmp(line, "SubscriptionPrivateAccess") ||
3559 !_cups_strcasecmp(line, "SubscriptionPrivateValues"))
3560 {
3561 if (op)
3562 {
3563 cupsdLogMessage(CUPSD_LOG_ERROR,
3564 "%s directive must appear outside <Limit>...</Limit> "
3565 "on line %d.", line, linenum);
3566 if (FatalErrors & CUPSD_FATAL_CONFIG)
3567 return (0);
3568 }
3569 else
3570 {
3571 /*
3572 * Pull out whitespace-delimited values...
3573 */
3574
3575 while (*value)
3576 {
3577 /*
3578 * Find the end of the current value...
3579 */
3580
3581 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3582
3583 if (*valptr)
3584 *valptr++ = '\0';
3585
3586 /*
3587 * Save it appropriately...
3588 */
3589
3590 if (!_cups_strcasecmp(line, "JobPrivateAccess"))
3591 {
3592 /*
3593 * JobPrivateAccess {all|default|user/group list|@@ACL}
3594 */
3595
3596 if (!_cups_strcasecmp(value, "default"))
3597 {
3598 cupsdAddString(&(pol->job_access), "@OWNER");
3599 cupsdAddString(&(pol->job_access), "@SYSTEM");
3600 }
3601 else
3602 cupsdAddString(&(pol->job_access), value);
3603 }
3604 else if (!_cups_strcasecmp(line, "JobPrivateValues"))
3605 {
3606 /*
3607 * JobPrivateValues {all|none|default|attribute list}
3608 */
3609
3610 if (!_cups_strcasecmp(value, "default"))
3611 {
3612 cupsdAddString(&(pol->job_attrs), "job-name");
3613 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
3614 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
3615 cupsdAddString(&(pol->job_attrs), "phone");
3616 }
3617 else
3618 cupsdAddString(&(pol->job_attrs), value);
3619 }
3620 else if (!_cups_strcasecmp(line, "SubscriptionPrivateAccess"))
3621 {
3622 /*
3623 * SubscriptionPrivateAccess {all|default|user/group list|@@ACL}
3624 */
3625
3626 if (!_cups_strcasecmp(value, "default"))
3627 {
3628 cupsdAddString(&(pol->sub_access), "@OWNER");
3629 cupsdAddString(&(pol->sub_access), "@SYSTEM");
3630 }
3631 else
3632 cupsdAddString(&(pol->sub_access), value);
3633 }
3634 else /* if (!_cups_strcasecmp(line, "SubscriptionPrivateValues")) */
3635 {
3636 /*
3637 * SubscriptionPrivateValues {all|none|default|attribute list}
3638 */
3639
3640 if (!_cups_strcasecmp(value, "default"))
3641 {
3642 cupsdAddString(&(pol->sub_attrs), "notify-events");
3643 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
3644 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
3645 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
3646 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
3647 }
3648 else
3649 cupsdAddString(&(pol->sub_attrs), value);
3650 }
3651
3652 /*
3653 * Find the next string on the line...
3654 */
3655
3656 for (value = valptr; isspace(*value & 255); value ++);
3657 }
3658 }
3659 }
3660 else if (!op)
3661 {
3662 cupsdLogMessage(CUPSD_LOG_ERROR,
3663 "Missing <Limit ops> directive before %s on line %d.",
3664 line, linenum);
3665 if (FatalErrors & CUPSD_FATAL_CONFIG)
3666 return (0);
3667 }
3668 else if (!parse_aaa(op, line, value, linenum))
3669 {
3670 cupsdLogMessage(CUPSD_LOG_ERROR,
3671 "Unknown Policy Limit directive %s on line %d.",
3672 line, linenum);
3673
3674 if (FatalErrors & CUPSD_FATAL_CONFIG)
3675 return (0);
3676 }
3677 }
3678
3679 cupsdLogMessage(CUPSD_LOG_ERROR,
3680 "Unexpected end-of-file at line %d while reading policy "
3681 "\"%s\".", linenum, policy);
3682
3683 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
3684 }
3685
3686
3687 /*
3688 * 'set_policy_defaults()' - Set default policy values as needed.
3689 */
3690
3691 static void
3692 set_policy_defaults(cupsd_policy_t *pol)/* I - Policy */
3693 {
3694 cupsd_location_t *op; /* Policy operation */
3695
3696
3697 /*
3698 * Verify that we have an explicit policy for Validate-Job, Cancel-Jobs,
3699 * Cancel-My-Jobs, Close-Job, and CUPS-Get-Document, which ensures that
3700 * upgrades do not introduce new security issues...
3701 */
3702
3703 if ((op = cupsdFindPolicyOp(pol, IPP_VALIDATE_JOB)) == NULL ||
3704 op->op == IPP_ANY_OPERATION)
3705 {
3706 if ((op = cupsdFindPolicyOp(pol, IPP_PRINT_JOB)) != NULL &&
3707 op->op != IPP_ANY_OPERATION)
3708 {
3709 /*
3710 * Add a new limit for Validate-Job using the Print-Job limit as a
3711 * template...
3712 */
3713
3714 cupsdLogMessage(CUPSD_LOG_WARN,
3715 "No limit for Validate-Job defined in policy %s "
3716 "- using Print-Job's policy.", pol->name);
3717
3718 cupsdAddPolicyOp(pol, op, IPP_VALIDATE_JOB);
3719 }
3720 else
3721 cupsdLogMessage(CUPSD_LOG_WARN,
3722 "No limit for Validate-Job defined in policy %s "
3723 "and no suitable template found.", pol->name);
3724 }
3725
3726 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_JOBS)) == NULL ||
3727 op->op == IPP_ANY_OPERATION)
3728 {
3729 if ((op = cupsdFindPolicyOp(pol, IPP_PAUSE_PRINTER)) != NULL &&
3730 op->op != IPP_ANY_OPERATION)
3731 {
3732 /*
3733 * Add a new limit for Cancel-Jobs using the Pause-Printer limit as a
3734 * template...
3735 */
3736
3737 cupsdLogMessage(CUPSD_LOG_WARN,
3738 "No limit for Cancel-Jobs defined in policy %s "
3739 "- using Pause-Printer's policy.", pol->name);
3740
3741 cupsdAddPolicyOp(pol, op, IPP_CANCEL_JOBS);
3742 }
3743 else
3744 cupsdLogMessage(CUPSD_LOG_WARN,
3745 "No limit for Cancel-Jobs defined in policy %s "
3746 "and no suitable template found.", pol->name);
3747 }
3748
3749 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_MY_JOBS)) == NULL ||
3750 op->op == IPP_ANY_OPERATION)
3751 {
3752 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3753 op->op != IPP_ANY_OPERATION)
3754 {
3755 /*
3756 * Add a new limit for Cancel-My-Jobs using the Send-Document limit as
3757 * a template...
3758 */
3759
3760 cupsdLogMessage(CUPSD_LOG_WARN,
3761 "No limit for Cancel-My-Jobs defined in policy %s "
3762 "- using Send-Document's policy.", pol->name);
3763
3764 cupsdAddPolicyOp(pol, op, IPP_CANCEL_MY_JOBS);
3765 }
3766 else
3767 cupsdLogMessage(CUPSD_LOG_WARN,
3768 "No limit for Cancel-My-Jobs defined in policy %s "
3769 "and no suitable template found.", pol->name);
3770 }
3771
3772 if ((op = cupsdFindPolicyOp(pol, IPP_CLOSE_JOB)) == NULL ||
3773 op->op == IPP_ANY_OPERATION)
3774 {
3775 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3776 op->op != IPP_ANY_OPERATION)
3777 {
3778 /*
3779 * Add a new limit for Close-Job using the Send-Document limit as a
3780 * template...
3781 */
3782
3783 cupsdLogMessage(CUPSD_LOG_WARN,
3784 "No limit for Close-Job defined in policy %s "
3785 "- using Send-Document's policy.", pol->name);
3786
3787 cupsdAddPolicyOp(pol, op, IPP_CLOSE_JOB);
3788 }
3789 else
3790 cupsdLogMessage(CUPSD_LOG_WARN,
3791 "No limit for Close-Job defined in policy %s "
3792 "and no suitable template found.", pol->name);
3793 }
3794
3795 if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL ||
3796 op->op == IPP_ANY_OPERATION)
3797 {
3798 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
3799 op->op != IPP_ANY_OPERATION)
3800 {
3801 /*
3802 * Add a new limit for CUPS-Get-Document using the Send-Document
3803 * limit as a template...
3804 */
3805
3806 cupsdLogMessage(CUPSD_LOG_WARN,
3807 "No limit for CUPS-Get-Document defined in policy %s "
3808 "- using Send-Document's policy.", pol->name);
3809
3810 cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT);
3811 }
3812 else
3813 cupsdLogMessage(CUPSD_LOG_WARN,
3814 "No limit for CUPS-Get-Document defined in policy %s "
3815 "and no suitable template found.", pol->name);
3816 }
3817
3818 /*
3819 * Verify we have JobPrivateAccess, JobPrivateValues,
3820 * SubscriptionPrivateAccess, and SubscriptionPrivateValues in the policy.
3821 */
3822
3823 if (!pol->job_access)
3824 {
3825 cupsdLogMessage(CUPSD_LOG_WARN,
3826 "No JobPrivateAccess defined in policy %s "
3827 "- using defaults.", pol->name);
3828 cupsdAddString(&(pol->job_access), "@OWNER");
3829 cupsdAddString(&(pol->job_access), "@SYSTEM");
3830 }
3831
3832 if (!pol->job_attrs)
3833 {
3834 cupsdLogMessage(CUPSD_LOG_WARN,
3835 "No JobPrivateValues defined in policy %s "
3836 "- using defaults.", pol->name);
3837 cupsdAddString(&(pol->job_attrs), "job-name");
3838 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
3839 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
3840 cupsdAddString(&(pol->job_attrs), "phone");
3841 }
3842
3843 if (!pol->sub_access)
3844 {
3845 cupsdLogMessage(CUPSD_LOG_WARN,
3846 "No SubscriptionPrivateAccess defined in policy %s "
3847 "- using defaults.", pol->name);
3848 cupsdAddString(&(pol->sub_access), "@OWNER");
3849 cupsdAddString(&(pol->sub_access), "@SYSTEM");
3850 }
3851
3852 if (!pol->sub_attrs)
3853 {
3854 cupsdLogMessage(CUPSD_LOG_WARN,
3855 "No SubscriptionPrivateValues defined in policy %s "
3856 "- using defaults.", pol->name);
3857 cupsdAddString(&(pol->sub_attrs), "notify-events");
3858 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
3859 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
3860 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
3861 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
3862 }
3863 }
3864
3865
3866 /*
3867 * End of "$Id: conf.c 9352 2010-11-06 04:55:26Z mike $".
3868 */
Unnamed repository; edit this file 'description' to name the repository.