]> git.ipfire.org Git - thirdparty/cups.git/blob - scheduler/conf.c
projects / thirdparty / cups.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
The scheduler now validates ErrorPolicy values in config files (STR #4591)
[thirdparty/cups.git] / scheduler / conf.c
1 /*
2 * "$Id$"
3 *
4 * Configuration routines for the CUPS scheduler.
5 *
6 * Copyright 2007-2015 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
8 *
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
14 */
15
16 /*
17 * Include necessary headers...
18 */
19
20 #include "cupsd.h"
21 #include <stdarg.h>
22 #include <grp.h>
23 #include <sys/utsname.h>
24 #include <syslog.h>
25
26 #ifdef HAVE_LIBPAPER
27 # include <paper.h>
28 #endif /* HAVE_LIBPAPER */
29
30
31 /*
32 * Possibly missing network definitions...
33 */
34
35 #ifndef INADDR_NONE
36 # define INADDR_NONE 0xffffffff
37 #endif /* !INADDR_NONE */
38
39
40 /*
41 * Configuration variable structure...
42 */
43
44 typedef enum
45 {
46 CUPSD_VARTYPE_INTEGER, /* Integer option */
47 CUPSD_VARTYPE_TIME, /* Time interval option */
48 CUPSD_VARTYPE_STRING, /* String option */
49 CUPSD_VARTYPE_BOOLEAN, /* Boolean option */
50 CUPSD_VARTYPE_PATHNAME, /* File/directory name option */
51 CUPSD_VARTYPE_PERM /* File/directory permissions */
52 } cupsd_vartype_t;
53
54 typedef struct
55 {
56 const char *name; /* Name of variable */
57 void *ptr; /* Pointer to variable */
58 cupsd_vartype_t type; /* Type (int, string, address) */
59 } cupsd_var_t;
60
61
62 /*
63 * Local globals...
64 */
65
66 static const cupsd_var_t cupsd_vars[] =
67 {
68 { "AutoPurgeJobs", &JobAutoPurge, CUPSD_VARTYPE_BOOLEAN },
69 #if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
70 { "BrowseDNSSDSubTypes", &DNSSDSubTypes, CUPSD_VARTYPE_STRING },
71 #endif /* HAVE_DNSSD || HAVE_AVAHI */
72 { "BrowseWebIF", &BrowseWebIF, CUPSD_VARTYPE_BOOLEAN },
73 { "Browsing", &Browsing, CUPSD_VARTYPE_BOOLEAN },
74 { "Classification", &Classification, CUPSD_VARTYPE_STRING },
75 { "ClassifyOverride", &ClassifyOverride, CUPSD_VARTYPE_BOOLEAN },
76 { "DefaultLanguage", &DefaultLanguage, CUPSD_VARTYPE_STRING },
77 { "DefaultLeaseDuration", &DefaultLeaseDuration, CUPSD_VARTYPE_TIME },
78 { "DefaultPaperSize", &DefaultPaperSize, CUPSD_VARTYPE_STRING },
79 { "DefaultPolicy", &DefaultPolicy, CUPSD_VARTYPE_STRING },
80 { "DefaultShared", &DefaultShared, CUPSD_VARTYPE_BOOLEAN },
81 { "DirtyCleanInterval", &DirtyCleanInterval, CUPSD_VARTYPE_TIME },
82 { "ErrorPolicy", &ErrorPolicy, CUPSD_VARTYPE_STRING },
83 { "FilterLimit", &FilterLimit, CUPSD_VARTYPE_INTEGER },
84 { "FilterNice", &FilterNice, CUPSD_VARTYPE_INTEGER },
85 #ifdef HAVE_GSSAPI
86 { "GSSServiceName", &GSSServiceName, CUPSD_VARTYPE_STRING },
87 #endif /* HAVE_GSSAPI */
88 #if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
89 { "IdleExitTimeout", &IdleExitTimeout, CUPSD_VARTYPE_TIME },
90 #endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
91 { "JobKillDelay", &JobKillDelay, CUPSD_VARTYPE_TIME },
92 { "JobRetryLimit", &JobRetryLimit, CUPSD_VARTYPE_INTEGER },
93 { "JobRetryInterval", &JobRetryInterval, CUPSD_VARTYPE_TIME },
94 { "KeepAliveTimeout", &KeepAliveTimeout, CUPSD_VARTYPE_TIME },
95 { "KeepAlive", &KeepAlive, CUPSD_VARTYPE_BOOLEAN },
96 #ifdef HAVE_LAUNCHD
97 { "LaunchdTimeout", &IdleExitTimeout, CUPSD_VARTYPE_TIME },
98 #endif /* HAVE_LAUNCHD */
99 { "LimitRequestBody", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
100 { "ListenBackLog", &ListenBackLog, CUPSD_VARTYPE_INTEGER },
101 { "LogDebugHistory", &LogDebugHistory, CUPSD_VARTYPE_INTEGER },
102 { "MaxActiveJobs", &MaxActiveJobs, CUPSD_VARTYPE_INTEGER },
103 { "MaxClients", &MaxClients, CUPSD_VARTYPE_INTEGER },
104 { "MaxClientsPerHost", &MaxClientsPerHost, CUPSD_VARTYPE_INTEGER },
105 { "MaxCopies", &MaxCopies, CUPSD_VARTYPE_INTEGER },
106 { "MaxEvents", &MaxEvents, CUPSD_VARTYPE_INTEGER },
107 { "MaxHoldTime", &MaxHoldTime, CUPSD_VARTYPE_TIME },
108 { "MaxJobs", &MaxJobs, CUPSD_VARTYPE_INTEGER },
109 { "MaxJobsPerPrinter", &MaxJobsPerPrinter, CUPSD_VARTYPE_INTEGER },
110 { "MaxJobsPerUser", &MaxJobsPerUser, CUPSD_VARTYPE_INTEGER },
111 { "MaxJobTime", &MaxJobTime, CUPSD_VARTYPE_TIME },
112 { "MaxLeaseDuration", &MaxLeaseDuration, CUPSD_VARTYPE_TIME },
113 { "MaxLogSize", &MaxLogSize, CUPSD_VARTYPE_INTEGER },
114 { "MaxRequestSize", &MaxRequestSize, CUPSD_VARTYPE_INTEGER },
115 { "MaxSubscriptions", &MaxSubscriptions, CUPSD_VARTYPE_INTEGER },
116 { "MaxSubscriptionsPerJob", &MaxSubscriptionsPerJob, CUPSD_VARTYPE_INTEGER },
117 { "MaxSubscriptionsPerPrinter",&MaxSubscriptionsPerPrinter, CUPSD_VARTYPE_INTEGER },
118 { "MaxSubscriptionsPerUser", &MaxSubscriptionsPerUser, CUPSD_VARTYPE_INTEGER },
119 { "MultipleOperationTimeout", &MultipleOperationTimeout, CUPSD_VARTYPE_TIME },
120 { "PageLogFormat", &PageLogFormat, CUPSD_VARTYPE_STRING },
121 { "PreserveJobFiles", &JobFiles, CUPSD_VARTYPE_TIME },
122 { "PreserveJobHistory", &JobHistory, CUPSD_VARTYPE_TIME },
123 { "ReloadTimeout", &ReloadTimeout, CUPSD_VARTYPE_TIME },
124 { "RIPCache", &RIPCache, CUPSD_VARTYPE_STRING },
125 { "RootCertDuration", &RootCertDuration, CUPSD_VARTYPE_TIME },
126 { "ServerAdmin", &ServerAdmin, CUPSD_VARTYPE_STRING },
127 { "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
128 { "StrictConformance", &StrictConformance, CUPSD_VARTYPE_BOOLEAN },
129 { "Timeout", &Timeout, CUPSD_VARTYPE_TIME },
130 { "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN }
131 };
132 static const cupsd_var_t cupsfiles_vars[] =
133 {
134 { "AccessLog", &AccessLog, CUPSD_VARTYPE_STRING },
135 { "CacheDir", &CacheDir, CUPSD_VARTYPE_STRING },
136 { "ConfigFilePerm", &ConfigFilePerm, CUPSD_VARTYPE_PERM },
137 { "DataDir", &DataDir, CUPSD_VARTYPE_STRING },
138 { "DocumentRoot", &DocumentRoot, CUPSD_VARTYPE_STRING },
139 { "ErrorLog", &ErrorLog, CUPSD_VARTYPE_STRING },
140 { "FileDevice", &FileDevice, CUPSD_VARTYPE_BOOLEAN },
141 { "FontPath", &FontPath, CUPSD_VARTYPE_STRING },
142 { "LogFilePerm", &LogFilePerm, CUPSD_VARTYPE_PERM },
143 { "LPDConfigFile", &LPDConfigFile, CUPSD_VARTYPE_STRING },
144 { "PageLog", &PageLog, CUPSD_VARTYPE_STRING },
145 { "Printcap", &Printcap, CUPSD_VARTYPE_STRING },
146 { "RemoteRoot", &RemoteRoot, CUPSD_VARTYPE_STRING },
147 { "RequestRoot", &RequestRoot, CUPSD_VARTYPE_STRING },
148 { "ServerBin", &ServerBin, CUPSD_VARTYPE_PATHNAME },
149 #ifdef HAVE_SSL
150 { "ServerKeychain", &ServerKeychain, CUPSD_VARTYPE_PATHNAME },
151 #endif /* HAVE_SSL */
152 { "ServerRoot", &ServerRoot, CUPSD_VARTYPE_PATHNAME },
153 { "SMBConfigFile", &SMBConfigFile, CUPSD_VARTYPE_STRING },
154 { "StateDir", &StateDir, CUPSD_VARTYPE_STRING },
155 { "SyncOnClose", &SyncOnClose, CUPSD_VARTYPE_BOOLEAN },
156 #ifdef HAVE_AUTHORIZATION_H
157 { "SystemGroupAuthKey", &SystemGroupAuthKey, CUPSD_VARTYPE_STRING },
158 #endif /* HAVE_AUTHORIZATION_H */
159 { "TempDir", &TempDir, CUPSD_VARTYPE_PATHNAME }
160 };
161
162 static int default_auth_type = CUPSD_AUTH_AUTO;
163 /* Default AuthType, if not specified */
164
165 static const unsigned ones[4] =
166 {
167 0xffffffff, 0xffffffff, 0xffffffff, 0xffffffff
168 };
169 static const unsigned zeros[4] =
170 {
171 0x00000000, 0x00000000, 0x00000000, 0x00000000
172 };
173
174
175 /*
176 * Local functions...
177 */
178
179 static http_addrlist_t *get_address(const char *value, int defport);
180 static int get_addr_and_mask(const char *value, unsigned *ip,
181 unsigned *mask);
182 static void mime_error_cb(void *ctx, const char *message);
183 static int parse_aaa(cupsd_location_t *loc, char *line,
184 char *value, int linenum);
185 static int parse_fatal_errors(const char *s);
186 static int parse_groups(const char *s);
187 static int parse_protocols(const char *s);
188 static int parse_variable(const char *filename, int linenum,
189 const char *line, const char *value,
190 size_t num_vars,
191 const cupsd_var_t *vars);
192 static int read_cupsd_conf(cups_file_t *fp);
193 static int read_cups_files_conf(cups_file_t *fp);
194 static int read_location(cups_file_t *fp, char *name, int linenum);
195 static int read_policy(cups_file_t *fp, char *name, int linenum);
196 static void set_policy_defaults(cupsd_policy_t *pol);
197
198
199 /*
200 * 'cupsdAddAlias()' - Add a host alias.
201 */
202
203 void
204 cupsdAddAlias(cups_array_t *aliases, /* I - Array of aliases */
205 const char *name) /* I - Name to add */
206 {
207 cupsd_alias_t *a; /* New alias */
208 size_t namelen; /* Length of name */
209
210
211 namelen = strlen(name);
212
213 if ((a = (cupsd_alias_t *)malloc(sizeof(cupsd_alias_t) + namelen)) == NULL)
214 return;
215
216 a->namelen = namelen;
217 memcpy(a->name, name, namelen + 1); /* OK since a->name is allocated */
218
219 cupsArrayAdd(aliases, a);
220 }
221
222
223 /*
224 * 'cupsdCheckPermissions()' - Fix the mode and ownership of a file or directory.
225 */
226
227 int /* O - 0 on success, -1 on error, 1 on warning */
228 cupsdCheckPermissions(
229 const char *filename, /* I - File/directory name */
230 const char *suffix, /* I - Additional file/directory name */
231 mode_t mode, /* I - Permissions */
232 uid_t user, /* I - Owner */
233 gid_t group, /* I - Group */
234 int is_dir, /* I - 1 = directory, 0 = file */
235 int create_dir) /* I - 1 = create directory, -1 = create w/o logging, 0 = not */
236 {
237 int dir_created = 0; /* Did we create a directory? */
238 char pathname[1024]; /* File name with prefix */
239 struct stat fileinfo; /* Stat buffer */
240 int is_symlink; /* Is "filename" a symlink? */
241
242
243 /*
244 * Prepend the given root to the filename before testing it...
245 */
246
247 if (suffix)
248 {
249 snprintf(pathname, sizeof(pathname), "%s/%s", filename, suffix);
250 filename = pathname;
251 }
252
253 /*
254 * See if we can stat the file/directory...
255 */
256
257 if (lstat(filename, &fileinfo))
258 {
259 if (errno == ENOENT && create_dir)
260 {
261 if (create_dir > 0)
262 cupsdLogMessage(CUPSD_LOG_DEBUG, "Creating missing directory \"%s\"",
263 filename);
264
265 if (mkdir(filename, mode))
266 {
267 if (create_dir > 0)
268 cupsdLogMessage(CUPSD_LOG_ERROR,
269 "Unable to create directory \"%s\" - %s", filename,
270 strerror(errno));
271 else
272 syslog(LOG_ERR, "Unable to create directory \"%s\" - %s", filename,
273 strerror(errno));
274
275 return (-1);
276 }
277
278 dir_created = 1;
279 fileinfo.st_mode = mode | S_IFDIR;
280 }
281 else
282 return (create_dir ? -1 : 1);
283 }
284
285 if ((is_symlink = S_ISLNK(fileinfo.st_mode)) != 0)
286 {
287 if (stat(filename, &fileinfo))
288 {
289 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is a bad symlink - %s",
290 filename, strerror(errno));
291 return (-1);
292 }
293 }
294
295 /*
296 * Make sure it's a regular file or a directory as needed...
297 */
298
299 if (!dir_created && !is_dir && !S_ISREG(fileinfo.st_mode))
300 {
301 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a regular file.", filename);
302 return (-1);
303 }
304
305 if (!dir_created && is_dir && !S_ISDIR(fileinfo.st_mode))
306 {
307 if (create_dir >= 0)
308 cupsdLogMessage(CUPSD_LOG_ERROR, "\"%s\" is not a directory.", filename);
309 else
310 syslog(LOG_ERR, "\"%s\" is not a directory.", filename);
311
312 return (-1);
313 }
314
315 /*
316 * If the filename is a symlink, do not change permissions (STR #2937)...
317 */
318
319 if (is_symlink)
320 return (0);
321
322 /*
323 * Fix owner, group, and mode as needed...
324 */
325
326 if (dir_created || fileinfo.st_uid != user || fileinfo.st_gid != group)
327 {
328 if (create_dir >= 0)
329 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing ownership of \"%s\"",
330 filename);
331
332 if (chown(filename, user, group) && !getuid())
333 {
334 if (create_dir >= 0)
335 cupsdLogMessage(CUPSD_LOG_ERROR,
336 "Unable to change ownership of \"%s\" - %s", filename,
337 strerror(errno));
338 else
339 syslog(LOG_ERR, "Unable to change ownership of \"%s\" - %s", filename,
340 strerror(errno));
341
342 return (1);
343 }
344 }
345
346 if (dir_created || (fileinfo.st_mode & 07777) != mode)
347 {
348 if (create_dir >= 0)
349 cupsdLogMessage(CUPSD_LOG_DEBUG, "Repairing access permissions of \"%s\"",
350 filename);
351
352 if (chmod(filename, mode))
353 {
354 if (create_dir >= 0)
355 cupsdLogMessage(CUPSD_LOG_ERROR,
356 "Unable to change permissions of \"%s\" - %s", filename,
357 strerror(errno));
358 else
359 syslog(LOG_ERR, "Unable to change permissions of \"%s\" - %s", filename,
360 strerror(errno));
361
362 return (1);
363 }
364 }
365
366 /*
367 * Everything is OK...
368 */
369
370 return (0);
371 }
372
373
374 /*
375 * 'cupsdDefaultAuthType()' - Get the default AuthType.
376 *
377 * When the default_auth_type is "auto", this function tries to get the GSS
378 * credentials for the server. If that succeeds we use Kerberos authentication,
379 * otherwise we do a fallback to Basic authentication against the local user
380 * accounts.
381 */
382
383 int /* O - Default AuthType value */
384 cupsdDefaultAuthType(void)
385 {
386 #ifdef HAVE_GSSAPI
387 OM_uint32 major_status, /* Major status code */
388 minor_status; /* Minor status code */
389 gss_name_t server_name; /* Server name */
390 gss_buffer_desc token = GSS_C_EMPTY_BUFFER;
391 /* Service name token */
392 char buf[1024]; /* Service name buffer */
393 #endif /* HAVE_GSSAPI */
394
395
396 /*
397 * If we have already determined the correct default AuthType, use it...
398 */
399
400 if (default_auth_type != CUPSD_AUTH_AUTO)
401 return (default_auth_type);
402
403 #ifdef HAVE_GSSAPI
404 # ifdef __APPLE__
405 /*
406 * If the weak-linked GSSAPI/Kerberos library is not present, don't try
407 * to use it...
408 */
409
410 if (&gss_init_sec_context == NULL)
411 return (default_auth_type = CUPSD_AUTH_BASIC);
412 # endif /* __APPLE__ */
413
414 /*
415 * Try to obtain the server's GSS credentials (GSSServiceName@servername). If
416 * that fails we must use Basic...
417 */
418
419 snprintf(buf, sizeof(buf), "%s@%s", GSSServiceName, ServerName);
420
421 token.value = buf;
422 token.length = strlen(buf);
423 server_name = GSS_C_NO_NAME;
424 major_status = gss_import_name(&minor_status, &token,
425 GSS_C_NT_HOSTBASED_SERVICE,
426 &server_name);
427
428 memset(&token, 0, sizeof(token));
429
430 if (GSS_ERROR(major_status))
431 {
432 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
433 "cupsdDefaultAuthType: gss_import_name(%s) failed", buf);
434 return (default_auth_type = CUPSD_AUTH_BASIC);
435 }
436
437 major_status = gss_display_name(&minor_status, server_name, &token, NULL);
438
439 if (GSS_ERROR(major_status))
440 {
441 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
442 "cupsdDefaultAuthType: gss_display_name(%s) failed",
443 buf);
444 return (default_auth_type = CUPSD_AUTH_BASIC);
445 }
446
447 cupsdLogMessage(CUPSD_LOG_DEBUG,
448 "cupsdDefaultAuthType: Attempting to acquire Kerberos "
449 "credentials for %s...", (char *)token.value);
450
451 ServerCreds = GSS_C_NO_CREDENTIAL;
452 major_status = gss_acquire_cred(&minor_status, server_name, GSS_C_INDEFINITE,
453 GSS_C_NO_OID_SET, GSS_C_ACCEPT,
454 &ServerCreds, NULL, NULL);
455 if (GSS_ERROR(major_status))
456 {
457 cupsdLogGSSMessage(CUPSD_LOG_DEBUG, major_status, minor_status,
458 "cupsdDefaultAuthType: gss_acquire_cred(%s) failed",
459 (char *)token.value);
460 gss_release_name(&minor_status, &server_name);
461 gss_release_buffer(&minor_status, &token);
462 return (default_auth_type = CUPSD_AUTH_BASIC);
463 }
464
465 cupsdLogMessage(CUPSD_LOG_DEBUG,
466 "cupsdDefaultAuthType: Kerberos credentials acquired "
467 "successfully for %s.", (char *)token.value);
468
469 gss_release_name(&minor_status, &server_name);
470 gss_release_buffer(&minor_status, &token);
471
472 HaveServerCreds = 1;
473
474 return (default_auth_type = CUPSD_AUTH_NEGOTIATE);
475
476 #else
477 /*
478 * No Kerberos support compiled in so just use Basic all the time...
479 */
480
481 return (default_auth_type = CUPSD_AUTH_BASIC);
482 #endif /* HAVE_GSSAPI */
483 }
484
485
486 /*
487 * 'cupsdFreeAliases()' - Free all of the alias entries.
488 */
489
490 void
491 cupsdFreeAliases(cups_array_t *aliases) /* I - Array of aliases */
492 {
493 cupsd_alias_t *a; /* Current alias */
494
495
496 for (a = (cupsd_alias_t *)cupsArrayFirst(aliases);
497 a;
498 a = (cupsd_alias_t *)cupsArrayNext(aliases))
499 free(a);
500
501 cupsArrayDelete(aliases);
502 }
503
504
505 /*
506 * 'cupsdReadConfiguration()' - Read the cupsd.conf file.
507 */
508
509 int /* O - 1 on success, 0 otherwise */
510 cupsdReadConfiguration(void)
511 {
512 int i; /* Looping var */
513 cups_file_t *fp; /* Configuration file */
514 int status; /* Return status */
515 char temp[1024], /* Temporary buffer */
516 mimedir[1024], /* MIME directory */
517 *slash; /* Directory separator */
518 cups_lang_t *language; /* Language */
519 struct passwd *user; /* Default user */
520 struct group *group; /* Default group */
521 char *old_serverroot, /* Old ServerRoot */
522 *old_requestroot; /* Old RequestRoot */
523 int old_remote_port; /* Old RemotePort */
524 const char *tmpdir; /* TMPDIR environment variable */
525 struct stat tmpinfo; /* Temporary directory info */
526 cupsd_policy_t *p; /* Policy */
527
528
529 /*
530 * Save the old root paths...
531 */
532
533 old_serverroot = NULL;
534 cupsdSetString(&old_serverroot, ServerRoot);
535 old_requestroot = NULL;
536 cupsdSetString(&old_requestroot, RequestRoot);
537
538 /*
539 * Reset the server configuration data...
540 */
541
542 cupsdDeleteAllLocations();
543
544 cupsdDeleteAllListeners();
545
546 old_remote_port = RemotePort;
547 RemotePort = 0;
548
549 /*
550 * String options...
551 */
552
553 cupsdFreeAliases(ServerAlias);
554 ServerAlias = NULL;
555
556 cupsdClearString(&ServerName);
557 cupsdClearString(&ServerAdmin);
558 cupsdSetString(&ServerBin, CUPS_SERVERBIN);
559 cupsdSetString(&RequestRoot, CUPS_REQUESTS);
560 cupsdSetString(&CacheDir, CUPS_CACHEDIR);
561 cupsdSetString(&DataDir, CUPS_DATADIR);
562 cupsdSetString(&DocumentRoot, CUPS_DOCROOT);
563 cupsdSetString(&AccessLog, CUPS_LOGDIR "/access_log");
564 cupsdClearString(&ErrorLog);
565 cupsdSetString(&PageLog, CUPS_LOGDIR "/page_log");
566 cupsdSetString(&PageLogFormat,
567 "%p %u %j %T %P %C %{job-billing} "
568 "%{job-originating-host-name} %{job-name} %{media} %{sides}");
569 cupsdSetString(&Printcap, CUPS_DEFAULT_PRINTCAP);
570 cupsdSetString(&FontPath, CUPS_FONTPATH);
571 cupsdSetString(&RemoteRoot, "remroot");
572 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d IPP/2.1", CUPS_VERSION_MAJOR,
573 CUPS_VERSION_MINOR);
574 cupsdSetString(&StateDir, CUPS_STATEDIR);
575
576 if (!strcmp(CUPS_DEFAULT_PRINTCAP, "/etc/printers.conf"))
577 PrintcapFormat = PRINTCAP_SOLARIS;
578 else if (!strcmp(CUPS_DEFAULT_PRINTCAP,
579 "/Library/Preferences/org.cups.printers.plist"))
580 PrintcapFormat = PRINTCAP_PLIST;
581 else
582 PrintcapFormat = PRINTCAP_BSD;
583
584 strlcpy(temp, ConfigurationFile, sizeof(temp));
585 if ((slash = strrchr(temp, '/')) != NULL)
586 *slash = '\0';
587
588 cupsdSetString(&ServerRoot, temp);
589
590 cupsdClearString(&Classification);
591 ClassifyOverride = 0;
592
593 #ifdef HAVE_SSL
594 # ifdef HAVE_GNUTLS
595 cupsdSetString(&ServerKeychain, "ssl");
596 # else
597 cupsdSetString(&ServerKeychain, "/Library/Keychains/System.keychain");
598 # endif /* HAVE_GNUTLS */
599
600 _httpTLSSetOptions(0);
601 #endif /* HAVE_SSL */
602
603 language = cupsLangDefault();
604
605 if (!strcmp(language->language, "C") || !strcmp(language->language, "POSIX"))
606 cupsdSetString(&DefaultLanguage, "en");
607 else
608 cupsdSetString(&DefaultLanguage, language->language);
609
610 cupsdClearString(&DefaultPaperSize);
611
612 cupsdSetString(&RIPCache, "128m");
613
614 cupsdSetString(&TempDir, NULL);
615
616 #ifdef HAVE_GSSAPI
617 cupsdSetString(&GSSServiceName, CUPS_DEFAULT_GSSSERVICENAME);
618
619 if (HaveServerCreds)
620 {
621 OM_uint32 minor_status; /* Minor status code */
622
623 gss_release_cred(&minor_status, &ServerCreds);
624
625 HaveServerCreds = 0;
626 }
627
628 ServerCreds = GSS_C_NO_CREDENTIAL;
629 #endif /* HAVE_GSSAPI */
630
631 /*
632 * Find the default user...
633 */
634
635 if ((user = getpwnam(CUPS_DEFAULT_USER)) != NULL)
636 User = user->pw_uid;
637 else
638 {
639 /*
640 * Use the (historical) NFS nobody user ID (-2 as a 16-bit twos-
641 * complement number...)
642 */
643
644 User = 65534;
645 }
646
647 endpwent();
648
649 /*
650 * Find the default group...
651 */
652
653 group = getgrnam(CUPS_DEFAULT_GROUP);
654 endgrent();
655
656 if (group)
657 Group = group->gr_gid;
658 else
659 {
660 /*
661 * Fallback to group "nobody"...
662 */
663
664 group = getgrnam("nobody");
665 endgrent();
666
667 if (group)
668 Group = group->gr_gid;
669 else
670 {
671 /*
672 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
673 * complement number...)
674 */
675
676 Group = 65534;
677 }
678 }
679
680 /*
681 * Numeric options...
682 */
683
684 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
685 ConfigFilePerm = CUPS_DEFAULT_CONFIG_FILE_PERM;
686 FatalErrors = parse_fatal_errors(CUPS_DEFAULT_FATAL_ERRORS);
687 default_auth_type = CUPSD_AUTH_BASIC;
688 #ifdef HAVE_SSL
689 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
690 #endif /* HAVE_SSL */
691 DirtyCleanInterval = DEFAULT_KEEPALIVE;
692 JobKillDelay = DEFAULT_TIMEOUT;
693 JobRetryLimit = 5;
694 JobRetryInterval = 300;
695 FileDevice = FALSE;
696 FilterLevel = 0;
697 FilterLimit = 0;
698 FilterNice = 0;
699 HostNameLookups = FALSE;
700 KeepAlive = TRUE;
701 KeepAliveTimeout = DEFAULT_KEEPALIVE;
702 ListenBackLog = SOMAXCONN;
703 LogDebugHistory = 200;
704 LogFilePerm = CUPS_DEFAULT_LOG_FILE_PERM;
705 LogLevel = CUPSD_LOG_WARN;
706 LogTimeFormat = CUPSD_TIME_STANDARD;
707 MaxClients = 100;
708 MaxClientsPerHost = 0;
709 MaxLogSize = 1024 * 1024;
710 MaxRequestSize = 0;
711 MultipleOperationTimeout = DEFAULT_TIMEOUT;
712 NumSystemGroups = 0;
713 ReloadTimeout = DEFAULT_KEEPALIVE;
714 RootCertDuration = 300;
715 Sandboxing = CUPSD_SANDBOXING_STRICT;
716 StrictConformance = FALSE;
717 SyncOnClose = FALSE;
718 Timeout = DEFAULT_TIMEOUT;
719 WebInterface = CUPS_DEFAULT_WEBIF;
720
721 BrowseLocalProtocols = parse_protocols(CUPS_DEFAULT_BROWSE_LOCAL_PROTOCOLS);
722 BrowseWebIF = FALSE;
723 Browsing = CUPS_DEFAULT_BROWSING;
724 DefaultShared = CUPS_DEFAULT_DEFAULT_SHARED;
725
726 #if defined(HAVE_DNSSD) || defined(HAVE_AVAHI)
727 cupsdSetString(&DNSSDSubTypes, "_cups,_print");
728 #endif /* HAVE_DNSSD || HAVE_AVAHI */
729
730 cupsdSetString(&LPDConfigFile, CUPS_DEFAULT_LPD_CONFIG_FILE);
731 cupsdSetString(&SMBConfigFile, CUPS_DEFAULT_SMB_CONFIG_FILE);
732
733 cupsdSetString(&ErrorPolicy, "stop-printer");
734
735 JobHistory = DEFAULT_HISTORY;
736 JobFiles = DEFAULT_FILES;
737 JobAutoPurge = 0;
738 MaxHoldTime = 0;
739 MaxJobs = 500;
740 MaxActiveJobs = 0;
741 MaxJobsPerUser = 0;
742 MaxJobsPerPrinter = 0;
743 MaxJobTime = 3 * 60 * 60; /* 3 hours */
744 MaxCopies = CUPS_DEFAULT_MAX_COPIES;
745
746 cupsdDeleteAllPolicies();
747 cupsdClearString(&DefaultPolicy);
748
749 #ifdef HAVE_AUTHORIZATION_H
750 cupsdSetString(&SystemGroupAuthKey, CUPS_DEFAULT_SYSTEM_AUTHKEY);
751 #endif /* HAVE_AUTHORIZATION_H */
752
753 MaxSubscriptions = 100;
754 MaxSubscriptionsPerJob = 0;
755 MaxSubscriptionsPerPrinter = 0;
756 MaxSubscriptionsPerUser = 0;
757 DefaultLeaseDuration = 86400;
758 MaxLeaseDuration = 0;
759
760 #if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
761 IdleExitTimeout = 60;
762 #endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
763
764 /*
765 * Setup environment variables...
766 */
767
768 cupsdInitEnv();
769
770 /*
771 * Read the cups-files.conf file...
772 */
773
774 if ((fp = cupsFileOpen(CupsFilesFile, "r")) != NULL)
775 {
776 status = read_cups_files_conf(fp);
777
778 cupsFileClose(fp);
779
780 if (!status)
781 {
782 if (TestConfigFile)
783 printf("\"%s\" contains errors.\n", CupsFilesFile);
784 else
785 syslog(LOG_LPR, "Unable to read \"%s\" due to errors.",
786 CupsFilesFile);
787
788 return (0);
789 }
790 }
791 else if (errno == ENOENT)
792 cupsdLogMessage(CUPSD_LOG_INFO, "No %s, using defaults.", CupsFilesFile);
793 else
794 {
795 syslog(LOG_LPR, "Unable to open \"%s\": %s", CupsFilesFile,
796 strerror(errno));
797 return (0);
798 }
799
800 if (!ErrorLog)
801 cupsdSetString(&ErrorLog, CUPS_LOGDIR "/error_log");
802
803 /*
804 * Read the cupsd.conf file...
805 */
806
807 if ((fp = cupsFileOpen(ConfigurationFile, "r")) == NULL)
808 {
809 syslog(LOG_LPR, "Unable to open \"%s\": %s", ConfigurationFile,
810 strerror(errno));
811 return (0);
812 }
813
814 status = read_cupsd_conf(fp);
815
816 cupsFileClose(fp);
817
818 if (!status)
819 {
820 if (TestConfigFile)
821 printf("\"%s\" contains errors.\n", ConfigurationFile);
822 else
823 syslog(LOG_LPR, "Unable to read \"%s\" due to errors.",
824 ConfigurationFile);
825
826 return (0);
827 }
828
829 RunUser = getuid();
830
831 cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
832 RemotePort ? "enabled" : "disabled");
833
834 if (!RemotePort)
835 BrowseLocalProtocols = 0; /* Disable sharing - no remote access */
836
837 /*
838 * See if the ServerName is an IP address...
839 */
840
841 if (ServerName)
842 {
843 if (!ServerAlias)
844 ServerAlias = cupsArrayNew(NULL, NULL);
845
846 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", ServerName);
847 }
848 else
849 {
850 if (gethostname(temp, sizeof(temp)))
851 {
852 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get hostname: %s",
853 strerror(errno));
854 strlcpy(temp, "localhost", sizeof(temp));
855 }
856
857 cupsdSetString(&ServerName, temp);
858
859 if (!ServerAlias)
860 ServerAlias = cupsArrayNew(NULL, NULL);
861
862 cupsdAddAlias(ServerAlias, temp);
863 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
864
865 if (HostNameLookups || RemotePort)
866 {
867 struct hostent *host; /* Host entry to get FQDN */
868
869 if ((host = gethostbyname(temp)) != NULL)
870 {
871 if (_cups_strcasecmp(temp, host->h_name))
872 {
873 cupsdSetString(&ServerName, host->h_name);
874 cupsdAddAlias(ServerAlias, host->h_name);
875 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
876 host->h_name);
877 }
878
879 if (host->h_aliases)
880 {
881 for (i = 0; host->h_aliases[i]; i ++)
882 if (_cups_strcasecmp(temp, host->h_aliases[i]))
883 {
884 cupsdAddAlias(ServerAlias, host->h_aliases[i]);
885 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s",
886 host->h_aliases[i]);
887 }
888 }
889 }
890 }
891
892 /*
893 * Make sure we have the base hostname added as an alias, too!
894 */
895
896 if ((slash = strchr(temp, '.')) != NULL)
897 {
898 *slash = '\0';
899 cupsdAddAlias(ServerAlias, temp);
900 cupsdLogMessage(CUPSD_LOG_DEBUG, "Added auto ServerAlias %s", temp);
901 }
902 }
903
904 for (slash = ServerName; isdigit(*slash & 255) || *slash == '.'; slash ++);
905
906 ServerNameIsIP = !*slash;
907
908 /*
909 * Make sure ServerAdmin is initialized...
910 */
911
912 if (!ServerAdmin)
913 cupsdSetStringf(&ServerAdmin, "root@%s", ServerName);
914
915 /*
916 * Use the default system group if none was supplied in cupsd.conf...
917 */
918
919 if (NumSystemGroups == 0)
920 {
921 if (!parse_groups(CUPS_DEFAULT_SYSTEM_GROUPS))
922 {
923 /*
924 * Find the group associated with GID 0...
925 */
926
927 group = getgrgid(0);
928 endgrent();
929
930 if (group != NULL)
931 cupsdSetString(&SystemGroups[0], group->gr_name);
932 else
933 cupsdSetString(&SystemGroups[0], "unknown");
934
935 SystemGroupIDs[0] = 0;
936 NumSystemGroups = 1;
937 }
938 }
939
940 /*
941 * Make sure ConfigFilePerm and LogFilePerm have sane values...
942 */
943
944 ConfigFilePerm &= 0664;
945 LogFilePerm &= 0664;
946
947 /*
948 * Open the system log for cupsd if necessary...
949 */
950
951 #ifdef HAVE_VSYSLOG
952 if (!strcmp(AccessLog, "syslog") ||
953 !strcmp(ErrorLog, "syslog") ||
954 !strcmp(PageLog, "syslog"))
955 openlog("cupsd", LOG_PID | LOG_NOWAIT | LOG_NDELAY, LOG_LPR);
956 #endif /* HAVE_VSYSLOG */
957
958 /*
959 * Make sure each of the log files exists and gets rotated as necessary...
960 */
961
962 if (strcmp(AccessLog, "syslog"))
963 cupsdCheckLogFile(&AccessFile, AccessLog);
964
965 if (strcmp(ErrorLog, "syslog"))
966 cupsdCheckLogFile(&ErrorFile, ErrorLog);
967
968 if (strcmp(PageLog, "syslog"))
969 cupsdCheckLogFile(&PageFile, PageLog);
970
971 /*
972 * Log the configuration file that was used...
973 */
974
975 cupsdLogMessage(CUPSD_LOG_INFO, "Loaded configuration file \"%s\"",
976 ConfigurationFile);
977
978 /*
979 * Validate the Group and SystemGroup settings - they cannot be the same,
980 * otherwise the CGI programs will be able to authenticate as root without
981 * a password!
982 */
983
984 if (!RunUser)
985 {
986 for (i = 0; i < NumSystemGroups; i ++)
987 if (Group == SystemGroupIDs[i])
988 break;
989
990 if (i < NumSystemGroups)
991 {
992 /*
993 * Log the error and reset the group to a safe value...
994 */
995
996 cupsdLogMessage(CUPSD_LOG_ERROR,
997 "Group and SystemGroup cannot use the same groups.");
998 if (FatalErrors & (CUPSD_FATAL_CONFIG | CUPSD_FATAL_PERMISSIONS))
999 return (0);
1000
1001 cupsdLogMessage(CUPSD_LOG_INFO, "Resetting Group to \"nobody\"...");
1002
1003 group = getgrnam("nobody");
1004 endgrent();
1005
1006 if (group != NULL)
1007 Group = group->gr_gid;
1008 else
1009 {
1010 /*
1011 * Use the (historical) NFS nobody group ID (-2 as a 16-bit twos-
1012 * complement number...)
1013 */
1014
1015 Group = 65534;
1016 }
1017 }
1018 }
1019
1020 /*
1021 * Check that we have at least one listen/port line; if not, report this
1022 * as an error and exit!
1023 */
1024
1025 if (cupsArrayCount(Listeners) == 0)
1026 {
1027 /*
1028 * No listeners!
1029 */
1030
1031 cupsdLogMessage(CUPSD_LOG_EMERG,
1032 "No valid Listen or Port lines were found in the "
1033 "configuration file.");
1034
1035 /*
1036 * Commit suicide...
1037 */
1038
1039 cupsdEndProcess(getpid(), 0);
1040 }
1041
1042 /*
1043 * Set the default locale using the language and charset...
1044 */
1045
1046 cupsdSetStringf(&DefaultLocale, "%s.UTF-8", DefaultLanguage);
1047
1048 /*
1049 * Update all relative filenames to include the full path from ServerRoot...
1050 */
1051
1052 if (DocumentRoot[0] != '/')
1053 cupsdSetStringf(&DocumentRoot, "%s/%s", ServerRoot, DocumentRoot);
1054
1055 if (RequestRoot[0] != '/')
1056 cupsdSetStringf(&RequestRoot, "%s/%s", ServerRoot, RequestRoot);
1057
1058 if (ServerBin[0] != '/')
1059 cupsdSetStringf(&ServerBin, "%s/%s", ServerRoot, ServerBin);
1060
1061 if (StateDir[0] != '/')
1062 cupsdSetStringf(&StateDir, "%s/%s", ServerRoot, StateDir);
1063
1064 if (CacheDir[0] != '/')
1065 cupsdSetStringf(&CacheDir, "%s/%s", ServerRoot, CacheDir);
1066
1067 #ifdef HAVE_SSL
1068 if (ServerKeychain[0] != '/')
1069 cupsdSetStringf(&ServerKeychain, "%s/%s", ServerRoot, ServerKeychain);
1070
1071 cupsdLogMessage(CUPSD_LOG_DEBUG, "Using keychain \"%s\" for server name \"%s\".", ServerKeychain, ServerName);
1072 cupsSetServerCredentials(ServerKeychain, ServerName, 1);
1073 #endif /* HAVE_SSL */
1074
1075 /*
1076 * Make sure that directories and config files are owned and
1077 * writable by the user and group in the cupsd.conf file...
1078 */
1079
1080 snprintf(temp, sizeof(temp), "%s/rss", CacheDir);
1081
1082 if ((cupsdCheckPermissions(RequestRoot, NULL, 0710, RunUser,
1083 Group, 1, 1) < 0 ||
1084 cupsdCheckPermissions(CacheDir, NULL, 0770, RunUser,
1085 Group, 1, 1) < 0 ||
1086 cupsdCheckPermissions(temp, NULL, 0775, RunUser,
1087 Group, 1, 1) < 0 ||
1088 cupsdCheckPermissions(StateDir, NULL, 0755, RunUser,
1089 Group, 1, 1) < 0 ||
1090 cupsdCheckPermissions(StateDir, "certs", RunUser ? 0711 : 0511, User,
1091 SystemGroupIDs[0], 1, 1) < 0 ||
1092 cupsdCheckPermissions(ServerRoot, NULL, 0755, RunUser,
1093 Group, 1, 0) < 0 ||
1094 cupsdCheckPermissions(ServerRoot, "ppd", 0755, RunUser,
1095 Group, 1, 1) < 0 ||
1096 cupsdCheckPermissions(ServerRoot, "ssl", 0700, RunUser,
1097 Group, 1, 0) < 0 ||
1098 cupsdCheckPermissions(ConfigurationFile, NULL, ConfigFilePerm, RunUser,
1099 Group, 0, 0) < 0 ||
1100 cupsdCheckPermissions(CupsFilesFile, NULL, ConfigFilePerm, RunUser,
1101 Group, 0, 0) < 0 ||
1102 cupsdCheckPermissions(ServerRoot, "classes.conf", 0600, RunUser,
1103 Group, 0, 0) < 0 ||
1104 cupsdCheckPermissions(ServerRoot, "printers.conf", 0600, RunUser,
1105 Group, 0, 0) < 0 ||
1106 cupsdCheckPermissions(ServerRoot, "passwd.md5", 0600, User,
1107 Group, 0, 0) < 0) &&
1108 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1109 return (0);
1110
1111 /*
1112 * Update TempDir to the default if it hasn't been set already...
1113 */
1114
1115 #ifdef __APPLE__
1116 if (TempDir && !RunUser &&
1117 (!strncmp(TempDir, "/private/tmp", 12) || !strncmp(TempDir, "/tmp", 4)))
1118 {
1119 cupsdLogMessage(CUPSD_LOG_ERROR, "Cannot use %s for TempDir.", TempDir);
1120 cupsdClearString(&TempDir);
1121 }
1122 #endif /* __APPLE__ */
1123
1124 if (!TempDir)
1125 {
1126 #ifdef __APPLE__
1127 if ((tmpdir = getenv("TMPDIR")) != NULL &&
1128 strncmp(tmpdir, "/private/tmp", 12) && strncmp(tmpdir, "/tmp", 4))
1129 #else
1130 if ((tmpdir = getenv("TMPDIR")) != NULL)
1131 #endif /* __APPLE__ */
1132 {
1133 /*
1134 * TMPDIR is defined, see if it is OK for us to use...
1135 */
1136
1137 if (stat(tmpdir, &tmpinfo))
1138 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to access TMPDIR (%s): %s",
1139 tmpdir, strerror(errno));
1140 else if (!S_ISDIR(tmpinfo.st_mode))
1141 cupsdLogMessage(CUPSD_LOG_ERROR, "TMPDIR (%s) is not a directory.",
1142 tmpdir);
1143 else if ((tmpinfo.st_uid != User || !(tmpinfo.st_mode & S_IWUSR)) &&
1144 (tmpinfo.st_gid != Group || !(tmpinfo.st_mode & S_IWGRP)) &&
1145 !(tmpinfo.st_mode & S_IWOTH))
1146 cupsdLogMessage(CUPSD_LOG_ERROR,
1147 "TMPDIR (%s) has the wrong permissions.", tmpdir);
1148 else
1149 cupsdSetString(&TempDir, tmpdir);
1150 }
1151 }
1152
1153 if (!TempDir)
1154 {
1155 cupsdLogMessage(CUPSD_LOG_INFO, "Using default TempDir of %s/tmp...",
1156 RequestRoot);
1157 cupsdSetStringf(&TempDir, "%s/tmp", RequestRoot);
1158 }
1159
1160 setenv("TMPDIR", TempDir, 1);
1161
1162 /*
1163 * Make sure the temporary directory has the right permissions...
1164 */
1165
1166 if (!strncmp(TempDir, RequestRoot, strlen(RequestRoot)) ||
1167 access(TempDir, 0))
1168 {
1169 /*
1170 * Update ownership and permissions if the CUPS temp directory
1171 * is under the spool directory or does not exist...
1172 */
1173
1174 if (cupsdCheckPermissions(TempDir, NULL, 01770, RunUser, Group, 1, 1) < 0 &&
1175 (FatalErrors & CUPSD_FATAL_PERMISSIONS))
1176 return (0);
1177 }
1178
1179 /*
1180 * Update environment variables...
1181 */
1182
1183 cupsdUpdateEnv();
1184
1185 /*
1186 * Validate the default error policy...
1187 */
1188
1189 if (strcmp(ErrorPolicy, "retry-current-job") &&
1190 strcmp(ErrorPolicy, "abort-job") &&
1191 strcmp(ErrorPolicy, "retry-job") &&
1192 strcmp(ErrorPolicy, "stop-printer"))
1193 {
1194 cupsdLogMessage(CUPSD_LOG_ALERT, "Invalid ErrorPolicy \"%s\", resetting to \"stop-printer\".", ErrorPolicy);
1195 cupsdSetString(&ErrorPolicy, "stop-printer");
1196 }
1197
1198 /*
1199 * Update default paper size setting as needed...
1200 */
1201
1202 if (!DefaultPaperSize)
1203 {
1204 #ifdef HAVE_LIBPAPER
1205 char *paper_result; /* Paper size name from libpaper */
1206
1207 if ((paper_result = systempapername()) != NULL)
1208 cupsdSetString(&DefaultPaperSize, paper_result);
1209 else
1210 #endif /* HAVE_LIBPAPER */
1211 if (!DefaultLanguage ||
1212 !_cups_strcasecmp(DefaultLanguage, "C") ||
1213 !_cups_strcasecmp(DefaultLanguage, "POSIX") ||
1214 !_cups_strcasecmp(DefaultLanguage, "en") ||
1215 !_cups_strncasecmp(DefaultLanguage, "en.", 3) ||
1216 !_cups_strncasecmp(DefaultLanguage, "en_US", 5) ||
1217 !_cups_strncasecmp(DefaultLanguage, "en_CA", 5) ||
1218 !_cups_strncasecmp(DefaultLanguage, "fr_CA", 5))
1219 {
1220 /*
1221 * These are the only locales that will default to "letter" size...
1222 */
1223
1224 cupsdSetString(&DefaultPaperSize, "Letter");
1225 }
1226 else
1227 cupsdSetString(&DefaultPaperSize, "A4");
1228 }
1229
1230 /*
1231 * Update classification setting as needed...
1232 */
1233
1234 if (Classification && !_cups_strcasecmp(Classification, "none"))
1235 cupsdClearString(&Classification);
1236
1237 if (Classification)
1238 cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
1239
1240 /*
1241 * Check the MaxClients setting, and then allocate memory for it...
1242 */
1243
1244 if (MaxClients > (MaxFDs / 3) || MaxClients <= 0)
1245 {
1246 if (MaxClients > 0)
1247 cupsdLogMessage(CUPSD_LOG_INFO,
1248 "MaxClients limited to 1/3 (%d) of the file descriptor "
1249 "limit (%d)...",
1250 MaxFDs / 3, MaxFDs);
1251
1252 MaxClients = MaxFDs / 3;
1253 }
1254
1255 cupsdLogMessage(CUPSD_LOG_INFO, "Configured for up to %d clients.",
1256 MaxClients);
1257
1258 /*
1259 * Check the MaxActiveJobs setting; limit to 1/3 the available
1260 * file descriptors, since we need a pipe for each job...
1261 */
1262
1263 if (MaxActiveJobs > (MaxFDs / 3))
1264 MaxActiveJobs = MaxFDs / 3;
1265
1266 /*
1267 * Update the MaxClientsPerHost value, as needed...
1268 */
1269
1270 if (MaxClientsPerHost <= 0)
1271 MaxClientsPerHost = MaxClients;
1272
1273 if (MaxClientsPerHost > MaxClients)
1274 MaxClientsPerHost = MaxClients;
1275
1276 cupsdLogMessage(CUPSD_LOG_INFO,
1277 "Allowing up to %d client connections per host.",
1278 MaxClientsPerHost);
1279
1280 /*
1281 * Update the default policy, as needed...
1282 */
1283
1284 if (DefaultPolicy)
1285 DefaultPolicyPtr = cupsdFindPolicy(DefaultPolicy);
1286 else
1287 DefaultPolicyPtr = NULL;
1288
1289 if (!DefaultPolicyPtr)
1290 {
1291 cupsd_location_t *po; /* New policy operation */
1292
1293
1294 if (DefaultPolicy)
1295 cupsdLogMessage(CUPSD_LOG_ERROR, "Default policy \"%s\" not found.",
1296 DefaultPolicy);
1297
1298 cupsdSetString(&DefaultPolicy, "default");
1299
1300 if ((DefaultPolicyPtr = cupsdFindPolicy("default")) != NULL)
1301 cupsdLogMessage(CUPSD_LOG_INFO,
1302 "Using policy \"default\" as the default.");
1303 else
1304 {
1305 cupsdLogMessage(CUPSD_LOG_INFO,
1306 "Creating CUPS default administrative policy:");
1307
1308 DefaultPolicyPtr = p = cupsdAddPolicy("default");
1309
1310 cupsdLogMessage(CUPSD_LOG_INFO, "<Policy default>");
1311
1312 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateAccess default");
1313 cupsdAddString(&(p->job_access), "@OWNER");
1314 cupsdAddString(&(p->job_access), "@SYSTEM");
1315
1316 cupsdLogMessage(CUPSD_LOG_INFO, "JobPrivateValues default");
1317 cupsdAddString(&(p->job_attrs), "job-name");
1318 cupsdAddString(&(p->job_attrs), "job-originating-host-name");
1319 cupsdAddString(&(p->job_attrs), "job-originating-user-name");
1320 cupsdAddString(&(p->job_attrs), "phone");
1321
1322 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateAccess default");
1323 cupsdAddString(&(p->sub_access), "@OWNER");
1324 cupsdAddString(&(p->sub_access), "@SYSTEM");
1325
1326 cupsdLogMessage(CUPSD_LOG_INFO, "SubscriptionPrivateValues default");
1327 cupsdAddString(&(p->job_attrs), "notify-events");
1328 cupsdAddString(&(p->job_attrs), "notify-pull-method");
1329 cupsdAddString(&(p->job_attrs), "notify-recipient-uri");
1330 cupsdAddString(&(p->job_attrs), "notify-subscriber-user-name");
1331 cupsdAddString(&(p->job_attrs), "notify-user-data");
1332
1333 cupsdLogMessage(CUPSD_LOG_INFO,
1334 "<Limit Create-Job Print-Job Print-URI Validate-Job>");
1335 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1336
1337 po = cupsdAddPolicyOp(p, NULL, IPP_CREATE_JOB);
1338 po->order_type = CUPSD_AUTH_ALLOW;
1339
1340 cupsdAddPolicyOp(p, po, IPP_PRINT_JOB);
1341 cupsdAddPolicyOp(p, po, IPP_PRINT_URI);
1342 cupsdAddPolicyOp(p, po, IPP_VALIDATE_JOB);
1343
1344 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1345
1346 cupsdLogMessage(CUPSD_LOG_INFO,
1347 "<Limit Send-Document Send-URI Cancel-Job Hold-Job "
1348 "Release-Job Restart-Job Purge-Jobs "
1349 "Set-Job-Attributes Create-Job-Subscription "
1350 "Renew-Subscription Cancel-Subscription "
1351 "Get-Notifications Reprocess-Job Cancel-Current-Job "
1352 "Suspend-Current-Job Resume-Job "
1353 "Cancel-My-Jobs Close-Job CUPS-Move-Job "
1354 "CUPS-Authenticate-Job CUPS-Get-Document>");
1355 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1356
1357 po = cupsdAddPolicyOp(p, NULL, IPP_SEND_DOCUMENT);
1358 po->order_type = CUPSD_AUTH_ALLOW;
1359 po->level = CUPSD_AUTH_USER;
1360
1361 cupsdAddName(po, "@OWNER");
1362 cupsdAddName(po, "@SYSTEM");
1363 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @OWNER @SYSTEM");
1364
1365 cupsdAddPolicyOp(p, po, IPP_SEND_URI);
1366 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOB);
1367 cupsdAddPolicyOp(p, po, IPP_HOLD_JOB);
1368 cupsdAddPolicyOp(p, po, IPP_RELEASE_JOB);
1369 cupsdAddPolicyOp(p, po, IPP_RESTART_JOB);
1370 cupsdAddPolicyOp(p, po, IPP_PURGE_JOBS);
1371 cupsdAddPolicyOp(p, po, IPP_SET_JOB_ATTRIBUTES);
1372 cupsdAddPolicyOp(p, po, IPP_CREATE_JOB_SUBSCRIPTION);
1373 cupsdAddPolicyOp(p, po, IPP_RENEW_SUBSCRIPTION);
1374 cupsdAddPolicyOp(p, po, IPP_CANCEL_SUBSCRIPTION);
1375 cupsdAddPolicyOp(p, po, IPP_GET_NOTIFICATIONS);
1376 cupsdAddPolicyOp(p, po, IPP_REPROCESS_JOB);
1377 cupsdAddPolicyOp(p, po, IPP_CANCEL_CURRENT_JOB);
1378 cupsdAddPolicyOp(p, po, IPP_SUSPEND_CURRENT_JOB);
1379 cupsdAddPolicyOp(p, po, IPP_RESUME_JOB);
1380 cupsdAddPolicyOp(p, po, IPP_CANCEL_MY_JOBS);
1381 cupsdAddPolicyOp(p, po, IPP_CLOSE_JOB);
1382 cupsdAddPolicyOp(p, po, CUPS_MOVE_JOB);
1383 cupsdAddPolicyOp(p, po, CUPS_AUTHENTICATE_JOB);
1384 cupsdAddPolicyOp(p, po, CUPS_GET_DOCUMENT);
1385
1386 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1387
1388 cupsdLogMessage(CUPSD_LOG_INFO,
1389 "<Limit Pause-Printer Resume-Printer "
1390 "Set-Printer-Attributes Enable-Printer "
1391 "Disable-Printer Pause-Printer-After-Current-Job "
1392 "Hold-New-Jobs Release-Held-New-Jobs "
1393 "Deactivate-Printer Activate-Printer Restart-Printer "
1394 "Shutdown-Printer Startup-Printer Promote-Job "
1395 "Schedule-Job-After Cancel-Jobs CUPS-Add-Printer "
1396 "CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class "
1397 "CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>");
1398 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1399 cupsdLogMessage(CUPSD_LOG_INFO, "AuthType Default");
1400
1401 po = cupsdAddPolicyOp(p, NULL, IPP_PAUSE_PRINTER);
1402 po->order_type = CUPSD_AUTH_ALLOW;
1403 po->type = CUPSD_AUTH_DEFAULT;
1404 po->level = CUPSD_AUTH_USER;
1405
1406 cupsdAddName(po, "@SYSTEM");
1407 cupsdLogMessage(CUPSD_LOG_INFO, "Require user @SYSTEM");
1408
1409 cupsdAddPolicyOp(p, po, IPP_RESUME_PRINTER);
1410 cupsdAddPolicyOp(p, po, IPP_SET_PRINTER_ATTRIBUTES);
1411 cupsdAddPolicyOp(p, po, IPP_ENABLE_PRINTER);
1412 cupsdAddPolicyOp(p, po, IPP_DISABLE_PRINTER);
1413 cupsdAddPolicyOp(p, po, IPP_PAUSE_PRINTER_AFTER_CURRENT_JOB);
1414 cupsdAddPolicyOp(p, po, IPP_HOLD_NEW_JOBS);
1415 cupsdAddPolicyOp(p, po, IPP_RELEASE_HELD_NEW_JOBS);
1416 cupsdAddPolicyOp(p, po, IPP_DEACTIVATE_PRINTER);
1417 cupsdAddPolicyOp(p, po, IPP_ACTIVATE_PRINTER);
1418 cupsdAddPolicyOp(p, po, IPP_RESTART_PRINTER);
1419 cupsdAddPolicyOp(p, po, IPP_SHUTDOWN_PRINTER);
1420 cupsdAddPolicyOp(p, po, IPP_STARTUP_PRINTER);
1421 cupsdAddPolicyOp(p, po, IPP_PROMOTE_JOB);
1422 cupsdAddPolicyOp(p, po, IPP_SCHEDULE_JOB_AFTER);
1423 cupsdAddPolicyOp(p, po, IPP_CANCEL_JOBS);
1424 cupsdAddPolicyOp(p, po, CUPS_ADD_PRINTER);
1425 cupsdAddPolicyOp(p, po, CUPS_DELETE_PRINTER);
1426 cupsdAddPolicyOp(p, po, CUPS_ADD_CLASS);
1427 cupsdAddPolicyOp(p, po, CUPS_DELETE_CLASS);
1428 cupsdAddPolicyOp(p, po, CUPS_ACCEPT_JOBS);
1429 cupsdAddPolicyOp(p, po, CUPS_REJECT_JOBS);
1430 cupsdAddPolicyOp(p, po, CUPS_SET_DEFAULT);
1431
1432 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1433
1434 cupsdLogMessage(CUPSD_LOG_INFO, "<Limit All>");
1435 cupsdLogMessage(CUPSD_LOG_INFO, "Order Deny,Allow");
1436
1437 po = cupsdAddPolicyOp(p, NULL, IPP_ANY_OPERATION);
1438 po->order_type = CUPSD_AUTH_ALLOW;
1439
1440 cupsdLogMessage(CUPSD_LOG_INFO, "</Limit>");
1441 cupsdLogMessage(CUPSD_LOG_INFO, "</Policy>");
1442 }
1443 }
1444
1445 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: NumPolicies=%d",
1446 cupsArrayCount(Policies));
1447 for (i = 0, p = (cupsd_policy_t *)cupsArrayFirst(Policies);
1448 p;
1449 i ++, p = (cupsd_policy_t *)cupsArrayNext(Policies))
1450 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1451 "cupsdReadConfiguration: Policies[%d]=\"%s\"", i, p->name);
1452
1453 /*
1454 * If we are doing a full reload or the server root has changed, flush
1455 * the jobs, printers, etc. and start from scratch...
1456 */
1457
1458 if (NeedReload == RELOAD_ALL ||
1459 old_remote_port != RemotePort ||
1460 !old_serverroot || !ServerRoot || strcmp(old_serverroot, ServerRoot) ||
1461 !old_requestroot || !RequestRoot || strcmp(old_requestroot, RequestRoot))
1462 {
1463 mime_type_t *type; /* Current type */
1464 char mimetype[MIME_MAX_SUPER + MIME_MAX_TYPE];
1465 /* MIME type name */
1466
1467
1468 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload is required.");
1469
1470 /*
1471 * Free all memory...
1472 */
1473
1474 cupsdDeleteAllSubscriptions();
1475 cupsdFreeAllJobs();
1476 cupsdDeleteAllPrinters();
1477
1478 DefaultPrinter = NULL;
1479
1480 if (MimeDatabase != NULL)
1481 mimeDelete(MimeDatabase);
1482
1483 if (NumMimeTypes)
1484 {
1485 for (i = 0; i < NumMimeTypes; i ++)
1486 _cupsStrFree(MimeTypes[i]);
1487
1488 free(MimeTypes);
1489 }
1490
1491 /*
1492 * Read the MIME type and conversion database...
1493 */
1494
1495 snprintf(temp, sizeof(temp), "%s/filter", ServerBin);
1496 snprintf(mimedir, sizeof(mimedir), "%s/mime", DataDir);
1497
1498 MimeDatabase = mimeNew();
1499 mimeSetErrorCallback(MimeDatabase, mime_error_cb, NULL);
1500
1501 MimeDatabase = mimeLoadTypes(MimeDatabase, mimedir);
1502 MimeDatabase = mimeLoadTypes(MimeDatabase, ServerRoot);
1503 MimeDatabase = mimeLoadFilters(MimeDatabase, mimedir, temp);
1504 MimeDatabase = mimeLoadFilters(MimeDatabase, ServerRoot, temp);
1505
1506 if (!MimeDatabase)
1507 {
1508 cupsdLogMessage(CUPSD_LOG_EMERG,
1509 "Unable to load MIME database from \"%s\" or \"%s\".",
1510 mimedir, ServerRoot);
1511 if (FatalErrors & CUPSD_FATAL_CONFIG)
1512 return (0);
1513 }
1514
1515 cupsdLogMessage(CUPSD_LOG_INFO,
1516 "Loaded MIME database from \"%s\" and \"%s\": %d types, "
1517 "%d filters...", mimedir, ServerRoot,
1518 mimeNumTypes(MimeDatabase), mimeNumFilters(MimeDatabase));
1519
1520 /*
1521 * Create a list of MIME types for the document-format-supported
1522 * attribute...
1523 */
1524
1525 NumMimeTypes = mimeNumTypes(MimeDatabase);
1526 if (!mimeType(MimeDatabase, "application", "octet-stream"))
1527 NumMimeTypes ++;
1528
1529 if ((MimeTypes = calloc((size_t)NumMimeTypes, sizeof(const char *))) == NULL)
1530 {
1531 cupsdLogMessage(CUPSD_LOG_ERROR,
1532 "Unable to allocate memory for %d MIME types.",
1533 NumMimeTypes);
1534 NumMimeTypes = 0;
1535 }
1536 else
1537 {
1538 for (i = 0, type = mimeFirstType(MimeDatabase);
1539 type;
1540 i ++, type = mimeNextType(MimeDatabase))
1541 {
1542 snprintf(mimetype, sizeof(mimetype), "%s/%s", type->super, type->type);
1543
1544 MimeTypes[i] = _cupsStrAlloc(mimetype);
1545 }
1546
1547 if (i < NumMimeTypes)
1548 MimeTypes[i] = _cupsStrAlloc("application/octet-stream");
1549 }
1550
1551 if (LogLevel == CUPSD_LOG_DEBUG2)
1552 {
1553 mime_filter_t *filter; /* Current filter */
1554
1555
1556 for (type = mimeFirstType(MimeDatabase);
1557 type;
1558 type = mimeNextType(MimeDatabase))
1559 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadConfiguration: type %s/%s",
1560 type->super, type->type);
1561
1562 for (filter = mimeFirstFilter(MimeDatabase);
1563 filter;
1564 filter = mimeNextFilter(MimeDatabase))
1565 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1566 "cupsdReadConfiguration: filter %s/%s to %s/%s %d %s",
1567 filter->src->super, filter->src->type,
1568 filter->dst->super, filter->dst->type,
1569 filter->cost, filter->filter);
1570 }
1571
1572 /*
1573 * Load banners...
1574 */
1575
1576 snprintf(temp, sizeof(temp), "%s/banners", DataDir);
1577 cupsdLoadBanners(temp);
1578
1579 /*
1580 * Load printers and classes...
1581 */
1582
1583 cupsdLoadAllPrinters();
1584 cupsdLoadAllClasses();
1585
1586 cupsdCreateCommonData();
1587
1588 /*
1589 * Update the printcap file as needed...
1590 */
1591
1592 if (Printcap && *Printcap && access(Printcap, 0))
1593 cupsdWritePrintcap();
1594
1595 /*
1596 * Load queued jobs...
1597 */
1598
1599 cupsdLoadAllJobs();
1600
1601 /*
1602 * Load subscriptions...
1603 */
1604
1605 cupsdLoadAllSubscriptions();
1606
1607 cupsdLogMessage(CUPSD_LOG_INFO, "Full reload complete.");
1608 }
1609 else
1610 {
1611 /*
1612 * Not a full reload, so recreate the common printer attributes...
1613 */
1614
1615 cupsdCreateCommonData();
1616
1617 /*
1618 * Update all jobs as needed...
1619 */
1620
1621 cupsdUpdateJobs();
1622
1623 /*
1624 * Update all printers as needed...
1625 */
1626
1627 cupsdUpdatePrinters();
1628 cupsdMarkDirty(CUPSD_DIRTY_PRINTCAP);
1629
1630 cupsdLogMessage(CUPSD_LOG_INFO, "Partial reload complete.");
1631 }
1632
1633 /*
1634 * Reset the reload state...
1635 */
1636
1637 NeedReload = RELOAD_NONE;
1638
1639 cupsdClearString(&old_serverroot);
1640 cupsdClearString(&old_requestroot);
1641
1642 return (1);
1643 }
1644
1645
1646 /*
1647 * 'get_address()' - Get an address + port number from a line.
1648 */
1649
1650 static http_addrlist_t * /* O - Pointer to list if address good, NULL if bad */
1651 get_address(const char *value, /* I - Value string */
1652 int defport) /* I - Default port */
1653 {
1654 char buffer[1024], /* Hostname + port number buffer */
1655 defpname[255], /* Default port name */
1656 *hostname, /* Hostname or IP */
1657 *portname; /* Port number or name */
1658 http_addrlist_t *addrlist; /* Address list */
1659
1660
1661 /*
1662 * Check for an empty value...
1663 */
1664
1665 if (!*value)
1666 {
1667 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad (empty) address.");
1668 return (NULL);
1669 }
1670
1671 /*
1672 * Grab a hostname and port number; if there is no colon and the port name
1673 * is only digits, then we have a port number by itself...
1674 */
1675
1676 strlcpy(buffer, value, sizeof(buffer));
1677
1678 if ((portname = strrchr(buffer, ':')) != NULL && !strchr(portname, ']'))
1679 {
1680 *portname++ = '\0';
1681 hostname = buffer;
1682 }
1683 else
1684 {
1685 for (portname = buffer; isdigit(*portname & 255); portname ++);
1686
1687 if (*portname)
1688 {
1689 /*
1690 * Use the default port...
1691 */
1692
1693 sprintf(defpname, "%d", defport);
1694 portname = defpname;
1695 hostname = buffer;
1696 }
1697 else
1698 {
1699 /*
1700 * The buffer contains just a port number...
1701 */
1702
1703 portname = buffer;
1704 hostname = NULL;
1705 }
1706 }
1707
1708 if (hostname && !strcmp(hostname, "*"))
1709 hostname = NULL;
1710
1711 /*
1712 * Now lookup the address using httpAddrGetList()...
1713 */
1714
1715 if ((addrlist = httpAddrGetList(hostname, AF_UNSPEC, portname)) == NULL)
1716 cupsdLogMessage(CUPSD_LOG_ERROR, "Hostname lookup for \"%s\" failed.",
1717 hostname ? hostname : "(nil)");
1718
1719 return (addrlist);
1720 }
1721
1722
1723 /*
1724 * 'get_addr_and_mask()' - Get an IP address and netmask.
1725 */
1726
1727 static int /* O - 1 on success, 0 on failure */
1728 get_addr_and_mask(const char *value, /* I - String from config file */
1729 unsigned *ip, /* O - Address value */
1730 unsigned *mask) /* O - Mask value */
1731 {
1732 int i, j, /* Looping vars */
1733 family, /* Address family */
1734 ipcount; /* Count of fields in address */
1735 unsigned ipval; /* Value */
1736 const char *maskval, /* Pointer to start of mask value */
1737 *ptr, /* Pointer into value */
1738 *ptr2; /* ... */
1739
1740
1741 /*
1742 * Get the address...
1743 */
1744
1745 ip[0] = ip[1] = ip[2] = ip[3] = 0x00000000;
1746 mask[0] = mask[1] = mask[2] = mask[3] = 0xffffffff;
1747
1748 if ((maskval = strchr(value, '/')) != NULL)
1749 maskval ++;
1750 else
1751 maskval = value + strlen(value);
1752
1753 #ifdef AF_INET6
1754 /*
1755 * Check for an IPv6 address...
1756 */
1757
1758 if (*value == '[')
1759 {
1760 /*
1761 * Parse hexadecimal IPv6/IPv4 address...
1762 */
1763
1764 family = AF_INET6;
1765
1766 for (i = 0, ptr = value + 1; *ptr && i < 8; i ++)
1767 {
1768 if (*ptr == ']')
1769 break;
1770 else if (!strncmp(ptr, "::", 2))
1771 {
1772 for (ptr2 = strchr(ptr + 2, ':'), j = 0;
1773 ptr2;
1774 ptr2 = strchr(ptr2 + 1, ':'), j ++);
1775
1776 i = 6 - j;
1777 ptr += 2;
1778 }
1779 else if (isdigit(*ptr & 255) && strchr(ptr + 1, '.') && i >= 6)
1780 {
1781 /*
1782 * Read IPv4 dotted quad...
1783 */
1784
1785 unsigned val[4] = { 0, 0, 0, 0 };
1786 /* IPv4 address values */
1787
1788 ipcount = sscanf(ptr, "%u.%u.%u.%u", val + 0, val + 1, val + 2,
1789 val + 3);
1790
1791 /*
1792 * Range check the IP numbers...
1793 */
1794
1795 for (i = 0; i < ipcount; i ++)
1796 if (val[i] > 255)
1797 return (0);
1798
1799 /*
1800 * Merge everything into a 32-bit IPv4 address in ip[3]...
1801 */
1802
1803 ip[3] = ((((((unsigned)val[0] << 8) | (unsigned)val[1]) << 8) |
1804 (unsigned)val[2]) << 8) | (unsigned)val[3];
1805
1806 if (ipcount < 4)
1807 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1808
1809 /*
1810 * If the leading words are all 0's then this is an IPv4 address...
1811 */
1812
1813 if (!val[0] && !val[1] && !val[2])
1814 family = AF_INET;
1815
1816 while (isdigit(*ptr & 255) || *ptr == '.')
1817 ptr ++;
1818 break;
1819 }
1820 else if (isxdigit(*ptr & 255))
1821 {
1822 ipval = strtoul(ptr, (char **)&ptr, 16);
1823
1824 if (*ptr == ':' && ptr[1] != ':')
1825 ptr ++;
1826
1827 if (ipval > 0xffff)
1828 return (0);
1829
1830 if (i & 1)
1831 ip[i / 2] |= ipval;
1832 else
1833 ip[i / 2] |= ipval << 16;
1834 }
1835 else
1836 return (0);
1837 }
1838
1839 if (*ptr != ']')
1840 return (0);
1841
1842 ptr ++;
1843
1844 if (*ptr && *ptr != '/')
1845 return (0);
1846 }
1847 else
1848 #endif /* AF_INET6 */
1849 {
1850 /*
1851 * Parse dotted-decimal IPv4 address...
1852 */
1853
1854 unsigned val[4] = { 0, 0, 0, 0 }; /* IPv4 address values */
1855
1856
1857 family = AF_INET;
1858 ipcount = sscanf(value, "%u.%u.%u.%u", val + 0, val + 1, val + 2, val + 3);
1859
1860 /*
1861 * Range check the IP numbers...
1862 */
1863
1864 for (i = 0; i < ipcount; i ++)
1865 if (val[i] > 255)
1866 return (0);
1867
1868 /*
1869 * Merge everything into a 32-bit IPv4 address in ip[3]...
1870 */
1871
1872 ip[3] = ((((((unsigned)val[0] << 8) | (unsigned)val[1]) << 8) |
1873 (unsigned)val[2]) << 8) | (unsigned)val[3];
1874
1875 if (ipcount < 4)
1876 mask[3] = (0xffffffff << (32 - 8 * ipcount)) & 0xffffffff;
1877 }
1878
1879 if (*maskval)
1880 {
1881 /*
1882 * Get the netmask value(s)...
1883 */
1884
1885 memset(mask, 0, sizeof(unsigned) * 4);
1886
1887 if (strchr(maskval, '.'))
1888 {
1889 /*
1890 * Get dotted-decimal mask...
1891 */
1892
1893 if (family != AF_INET)
1894 return (0);
1895
1896 if (sscanf(maskval, "%u.%u.%u.%u", mask + 0, mask + 1, mask + 2,
1897 mask + 3) != 4)
1898 return (0);
1899
1900 mask[3] |= (((((unsigned)mask[0] << 8) | (unsigned)mask[1]) << 8) |
1901 (unsigned)mask[2]) << 8;
1902 mask[0] = mask[1] = mask[2] = 0;
1903 }
1904 else
1905 {
1906 /*
1907 * Get address/bits format...
1908 */
1909
1910 i = atoi(maskval);
1911
1912 #ifdef AF_INET6
1913 if (family == AF_INET6)
1914 {
1915 if (i > 128)
1916 return (0);
1917
1918 i = 128 - i;
1919
1920 if (i <= 96)
1921 mask[0] = 0xffffffff;
1922 else
1923 mask[0] = (0xffffffff << (i - 96)) & 0xffffffff;
1924
1925 if (i <= 64)
1926 mask[1] = 0xffffffff;
1927 else if (i >= 96)
1928 mask[1] = 0;
1929 else
1930 mask[1] = (0xffffffff << (i - 64)) & 0xffffffff;
1931
1932 if (i <= 32)
1933 mask[2] = 0xffffffff;
1934 else if (i >= 64)
1935 mask[2] = 0;
1936 else
1937 mask[2] = (0xffffffff << (i - 32)) & 0xffffffff;
1938
1939 if (i == 0)
1940 mask[3] = 0xffffffff;
1941 else if (i >= 32)
1942 mask[3] = 0;
1943 else
1944 mask[3] = (0xffffffff << i) & 0xffffffff;
1945 }
1946 else
1947 #endif /* AF_INET6 */
1948 {
1949 if (i > 32)
1950 return (0);
1951
1952 mask[0] = 0xffffffff;
1953 mask[1] = 0xffffffff;
1954 mask[2] = 0xffffffff;
1955
1956 if (i < 32)
1957 mask[3] = (0xffffffff << (32 - i)) & 0xffffffff;
1958 else
1959 mask[3] = 0xffffffff;
1960 }
1961 }
1962 }
1963
1964 cupsdLogMessage(CUPSD_LOG_DEBUG2,
1965 "get_addr_and_mask(value=\"%s\", "
1966 "ip=[%08x:%08x:%08x:%08x], mask=[%08x:%08x:%08x:%08x])",
1967 value, ip[0], ip[1], ip[2], ip[3], mask[0], mask[1], mask[2],
1968 mask[3]);
1969
1970 /*
1971 * Check for a valid netmask; no fallback like in CUPS 1.1.x!
1972 */
1973
1974 if ((ip[0] & ~mask[0]) != 0 ||
1975 (ip[1] & ~mask[1]) != 0 ||
1976 (ip[2] & ~mask[2]) != 0 ||
1977 (ip[3] & ~mask[3]) != 0)
1978 return (0);
1979
1980 return (1);
1981 }
1982
1983
1984 /*
1985 * 'mime_error_cb()' - Log a MIME error.
1986 */
1987
1988 static void
1989 mime_error_cb(void *ctx, /* I - Context pointer (unused) */
1990 const char *message) /* I - Message */
1991 {
1992 (void)ctx;
1993
1994 cupsdLogMessage(CUPSD_LOG_ERROR, "%s", message);
1995 }
1996
1997
1998 /*
1999 * 'parse_aaa()' - Parse authentication, authorization, and access control lines.
2000 */
2001
2002 static int /* O - 1 on success, 0 on failure */
2003 parse_aaa(cupsd_location_t *loc, /* I - Location */
2004 char *line, /* I - Line from file */
2005 char *value, /* I - Start of value data */
2006 int linenum) /* I - Current line number */
2007 {
2008 char *valptr; /* Pointer into value */
2009 unsigned ip[4], /* IP address components */
2010 mask[4]; /* IP netmask components */
2011
2012
2013 if (!_cups_strcasecmp(line, "Encryption"))
2014 {
2015 /*
2016 * "Encryption xxx" - set required encryption level...
2017 */
2018
2019 if (!_cups_strcasecmp(value, "never"))
2020 loc->encryption = HTTP_ENCRYPT_NEVER;
2021 else if (!_cups_strcasecmp(value, "always"))
2022 {
2023 cupsdLogMessage(CUPSD_LOG_ERROR,
2024 "Encryption value \"%s\" on line %d of %s is invalid in this "
2025 "context. Using \"required\" instead.", value, linenum, ConfigurationFile);
2026
2027 loc->encryption = HTTP_ENCRYPT_REQUIRED;
2028 }
2029 else if (!_cups_strcasecmp(value, "required"))
2030 loc->encryption = HTTP_ENCRYPT_REQUIRED;
2031 else if (!_cups_strcasecmp(value, "ifrequested"))
2032 loc->encryption = HTTP_ENCRYPT_IF_REQUESTED;
2033 else
2034 {
2035 cupsdLogMessage(CUPSD_LOG_ERROR,
2036 "Unknown Encryption value %s on line %d of %s.", value, linenum, ConfigurationFile);
2037 return (0);
2038 }
2039 }
2040 else if (!_cups_strcasecmp(line, "Order"))
2041 {
2042 /*
2043 * "Order Deny,Allow" or "Order Allow,Deny"...
2044 */
2045
2046 if (!_cups_strncasecmp(value, "deny", 4))
2047 loc->order_type = CUPSD_AUTH_ALLOW;
2048 else if (!_cups_strncasecmp(value, "allow", 5))
2049 loc->order_type = CUPSD_AUTH_DENY;
2050 else
2051 {
2052 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown Order value %s on line %d of %s.",
2053 value, linenum, ConfigurationFile);
2054 return (0);
2055 }
2056 }
2057 else if (!_cups_strcasecmp(line, "Allow") || !_cups_strcasecmp(line, "Deny"))
2058 {
2059 /*
2060 * Allow [From] host/ip...
2061 * Deny [From] host/ip...
2062 */
2063
2064 while (*value)
2065 {
2066 if (!_cups_strncasecmp(value, "from", 4))
2067 {
2068 /*
2069 * Strip leading "from"...
2070 */
2071
2072 value += 4;
2073
2074 while (_cups_isspace(*value))
2075 value ++;
2076
2077 if (!*value)
2078 break;
2079 }
2080
2081 /*
2082 * Find the end of the value...
2083 */
2084
2085 for (valptr = value; *valptr && !_cups_isspace(*valptr); valptr ++);
2086
2087 while (_cups_isspace(*valptr))
2088 *valptr++ = '\0';
2089
2090 /*
2091 * Figure out what form the allow/deny address takes:
2092 *
2093 * All
2094 * None
2095 * *.domain.com
2096 * .domain.com
2097 * host.domain.com
2098 * nnn.*
2099 * nnn.nnn.*
2100 * nnn.nnn.nnn.*
2101 * nnn.nnn.nnn.nnn
2102 * nnn.nnn.nnn.nnn/mm
2103 * nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
2104 */
2105
2106 if (!_cups_strcasecmp(value, "all"))
2107 {
2108 /*
2109 * All hosts...
2110 */
2111
2112 if (!_cups_strcasecmp(line, "Allow"))
2113 cupsdAddIPMask(&(loc->allow), zeros, zeros);
2114 else
2115 cupsdAddIPMask(&(loc->deny), zeros, zeros);
2116 }
2117 else if (!_cups_strcasecmp(value, "none"))
2118 {
2119 /*
2120 * No hosts...
2121 */
2122
2123 if (!_cups_strcasecmp(line, "Allow"))
2124 cupsdAddIPMask(&(loc->allow), ones, zeros);
2125 else
2126 cupsdAddIPMask(&(loc->deny), ones, zeros);
2127 }
2128 #ifdef AF_INET6
2129 else if (value[0] == '*' || value[0] == '.' ||
2130 (!isdigit(value[0] & 255) && value[0] != '['))
2131 #else
2132 else if (value[0] == '*' || value[0] == '.' || !isdigit(value[0] & 255))
2133 #endif /* AF_INET6 */
2134 {
2135 /*
2136 * Host or domain name...
2137 */
2138
2139 if (value[0] == '*')
2140 value ++;
2141
2142 if (!_cups_strcasecmp(line, "Allow"))
2143 cupsdAddNameMask(&(loc->allow), value);
2144 else
2145 cupsdAddNameMask(&(loc->deny), value);
2146 }
2147 else
2148 {
2149 /*
2150 * One of many IP address forms...
2151 */
2152
2153 if (!get_addr_and_mask(value, ip, mask))
2154 {
2155 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad netmask value %s on line %d of %s.",
2156 value, linenum, ConfigurationFile);
2157 return (0);
2158 }
2159
2160 if (!_cups_strcasecmp(line, "Allow"))
2161 cupsdAddIPMask(&(loc->allow), ip, mask);
2162 else
2163 cupsdAddIPMask(&(loc->deny), ip, mask);
2164 }
2165
2166 /*
2167 * Advance to next value...
2168 */
2169
2170 value = valptr;
2171 }
2172 }
2173 else if (!_cups_strcasecmp(line, "AuthType"))
2174 {
2175 /*
2176 * AuthType {none,basic,digest,basicdigest,negotiate,default}
2177 */
2178
2179 if (!_cups_strcasecmp(value, "none"))
2180 {
2181 loc->type = CUPSD_AUTH_NONE;
2182 loc->level = CUPSD_AUTH_ANON;
2183 }
2184 else if (!_cups_strcasecmp(value, "basic"))
2185 {
2186 loc->type = CUPSD_AUTH_BASIC;
2187
2188 if (loc->level == CUPSD_AUTH_ANON)
2189 loc->level = CUPSD_AUTH_USER;
2190 }
2191 else if (!_cups_strcasecmp(value, "default"))
2192 {
2193 loc->type = CUPSD_AUTH_DEFAULT;
2194
2195 if (loc->level == CUPSD_AUTH_ANON)
2196 loc->level = CUPSD_AUTH_USER;
2197 }
2198 #ifdef HAVE_GSSAPI
2199 else if (!_cups_strcasecmp(value, "negotiate"))
2200 {
2201 loc->type = CUPSD_AUTH_NEGOTIATE;
2202
2203 if (loc->level == CUPSD_AUTH_ANON)
2204 loc->level = CUPSD_AUTH_USER;
2205 }
2206 #endif /* HAVE_GSSAPI */
2207 else
2208 {
2209 cupsdLogMessage(CUPSD_LOG_WARN,
2210 "Unknown authorization type %s on line %d of %s.",
2211 value, linenum, ConfigurationFile);
2212 return (0);
2213 }
2214 }
2215 else if (!_cups_strcasecmp(line, "AuthClass"))
2216 {
2217 /*
2218 * AuthClass anonymous, user, system, group
2219 */
2220
2221 if (!_cups_strcasecmp(value, "anonymous"))
2222 {
2223 loc->type = CUPSD_AUTH_NONE;
2224 loc->level = CUPSD_AUTH_ANON;
2225
2226 cupsdLogMessage(CUPSD_LOG_WARN,
2227 "\"AuthClass %s\" is deprecated; consider removing "
2228 "it from line %d.",
2229 value, linenum);
2230 }
2231 else if (!_cups_strcasecmp(value, "user"))
2232 {
2233 loc->level = CUPSD_AUTH_USER;
2234
2235 cupsdLogMessage(CUPSD_LOG_WARN,
2236 "\"AuthClass %s\" is deprecated; consider using "
2237 "\"Require valid-user\" on line %d of %s.",
2238 value, linenum, ConfigurationFile);
2239 }
2240 else if (!_cups_strcasecmp(value, "group"))
2241 {
2242 loc->level = CUPSD_AUTH_GROUP;
2243
2244 cupsdLogMessage(CUPSD_LOG_WARN,
2245 "\"AuthClass %s\" is deprecated; consider using "
2246 "\"Require user @groupname\" on line %d of %s.",
2247 value, linenum, ConfigurationFile);
2248 }
2249 else if (!_cups_strcasecmp(value, "system"))
2250 {
2251 loc->level = CUPSD_AUTH_GROUP;
2252
2253 cupsdAddName(loc, "@SYSTEM");
2254
2255 cupsdLogMessage(CUPSD_LOG_WARN,
2256 "\"AuthClass %s\" is deprecated; consider using "
2257 "\"Require user @SYSTEM\" on line %d of %s.",
2258 value, linenum, ConfigurationFile);
2259 }
2260 else
2261 {
2262 cupsdLogMessage(CUPSD_LOG_WARN,
2263 "Unknown authorization class %s on line %d of %s.",
2264 value, linenum, ConfigurationFile);
2265 return (0);
2266 }
2267 }
2268 else if (!_cups_strcasecmp(line, "AuthGroupName"))
2269 {
2270 cupsdAddName(loc, value);
2271
2272 cupsdLogMessage(CUPSD_LOG_WARN,
2273 "\"AuthGroupName %s\" directive is deprecated; consider "
2274 "using \"Require user @%s\" on line %d of %s.",
2275 value, value, linenum, ConfigurationFile);
2276 }
2277 else if (!_cups_strcasecmp(line, "Require"))
2278 {
2279 /*
2280 * Apache synonym for AuthClass and AuthGroupName...
2281 *
2282 * Get initial word:
2283 *
2284 * Require valid-user
2285 * Require group names
2286 * Require user names
2287 */
2288
2289 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
2290
2291 if (*valptr)
2292 *valptr++ = '\0';
2293
2294 if (!_cups_strcasecmp(value, "valid-user") ||
2295 !_cups_strcasecmp(value, "user"))
2296 loc->level = CUPSD_AUTH_USER;
2297 else if (!_cups_strcasecmp(value, "group"))
2298 loc->level = CUPSD_AUTH_GROUP;
2299 else
2300 {
2301 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Require type %s on line %d of %s.",
2302 value, linenum, ConfigurationFile);
2303 return (0);
2304 }
2305
2306 /*
2307 * Get the list of names from the line...
2308 */
2309
2310 for (value = valptr; *value;)
2311 {
2312 while (_cups_isspace(*value))
2313 value ++;
2314
2315 #ifdef HAVE_AUTHORIZATION_H
2316 if (!strncmp(value, "@AUTHKEY(", 9))
2317 {
2318 /*
2319 * Grab "@AUTHKEY(name)" value...
2320 */
2321
2322 for (valptr = value + 9; *valptr != ')' && *valptr; valptr ++);
2323
2324 if (*valptr)
2325 *valptr++ = '\0';
2326 }
2327 else
2328 #endif /* HAVE_AUTHORIZATION_H */
2329 if (*value == '\"' || *value == '\'')
2330 {
2331 /*
2332 * Grab quoted name...
2333 */
2334
2335 for (valptr = value + 1; *valptr != *value && *valptr; valptr ++);
2336
2337 value ++;
2338 }
2339 else
2340 {
2341 /*
2342 * Grab literal name.
2343 */
2344
2345 for (valptr = value; !_cups_isspace(*valptr) && *valptr; valptr ++);
2346 }
2347
2348 if (*valptr)
2349 *valptr++ = '\0';
2350
2351 cupsdAddName(loc, value);
2352
2353 for (value = valptr; _cups_isspace(*value); value ++);
2354 }
2355 }
2356 else if (!_cups_strcasecmp(line, "Satisfy"))
2357 {
2358 if (!_cups_strcasecmp(value, "all"))
2359 loc->satisfy = CUPSD_AUTH_SATISFY_ALL;
2360 else if (!_cups_strcasecmp(value, "any"))
2361 loc->satisfy = CUPSD_AUTH_SATISFY_ANY;
2362 else
2363 {
2364 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown Satisfy value %s on line %d of %s.",
2365 value, linenum, ConfigurationFile);
2366 return (0);
2367 }
2368 }
2369 else
2370 return (0);
2371
2372 return (1);
2373 }
2374
2375
2376 /*
2377 * 'parse_fatal_errors()' - Parse FatalErrors values in a string.
2378 */
2379
2380 static int /* O - FatalErrors bits */
2381 parse_fatal_errors(const char *s) /* I - FatalErrors string */
2382 {
2383 int fatal; /* FatalErrors bits */
2384 char value[1024], /* Value string */
2385 *valstart, /* Pointer into value */
2386 *valend; /* End of value */
2387
2388
2389 /*
2390 * Empty FatalErrors line yields NULL pointer...
2391 */
2392
2393 if (!s)
2394 return (CUPSD_FATAL_NONE);
2395
2396 /*
2397 * Loop through the value string,...
2398 */
2399
2400 strlcpy(value, s, sizeof(value));
2401
2402 fatal = CUPSD_FATAL_NONE;
2403
2404 for (valstart = value; *valstart;)
2405 {
2406 /*
2407 * Get the current space/comma-delimited kind name...
2408 */
2409
2410 for (valend = valstart; *valend; valend ++)
2411 if (_cups_isspace(*valend) || *valend == ',')
2412 break;
2413
2414 if (*valend)
2415 *valend++ = '\0';
2416
2417 /*
2418 * Add the error to the bitmask...
2419 */
2420
2421 if (!_cups_strcasecmp(valstart, "all"))
2422 fatal = CUPSD_FATAL_ALL;
2423 else if (!_cups_strcasecmp(valstart, "browse"))
2424 fatal |= CUPSD_FATAL_BROWSE;
2425 else if (!_cups_strcasecmp(valstart, "-browse"))
2426 fatal &= ~CUPSD_FATAL_BROWSE;
2427 else if (!_cups_strcasecmp(valstart, "config"))
2428 fatal |= CUPSD_FATAL_CONFIG;
2429 else if (!_cups_strcasecmp(valstart, "-config"))
2430 fatal &= ~CUPSD_FATAL_CONFIG;
2431 else if (!_cups_strcasecmp(valstart, "listen"))
2432 fatal |= CUPSD_FATAL_LISTEN;
2433 else if (!_cups_strcasecmp(valstart, "-listen"))
2434 fatal &= ~CUPSD_FATAL_LISTEN;
2435 else if (!_cups_strcasecmp(valstart, "log"))
2436 fatal |= CUPSD_FATAL_LOG;
2437 else if (!_cups_strcasecmp(valstart, "-log"))
2438 fatal &= ~CUPSD_FATAL_LOG;
2439 else if (!_cups_strcasecmp(valstart, "permissions"))
2440 fatal |= CUPSD_FATAL_PERMISSIONS;
2441 else if (!_cups_strcasecmp(valstart, "-permissions"))
2442 fatal &= ~CUPSD_FATAL_PERMISSIONS;
2443 else if (_cups_strcasecmp(valstart, "none"))
2444 cupsdLogMessage(CUPSD_LOG_ERROR,
2445 "Unknown FatalErrors kind \"%s\" ignored.", valstart);
2446
2447 for (valstart = valend; *valstart; valstart ++)
2448 if (!_cups_isspace(*valstart) || *valstart != ',')
2449 break;
2450 }
2451
2452 return (fatal);
2453 }
2454
2455
2456 /*
2457 * 'parse_groups()' - Parse system group names in a string.
2458 */
2459
2460 static int /* O - 1 on success, 0 on failure */
2461 parse_groups(const char *s) /* I - Space-delimited groups */
2462 {
2463 int status; /* Return status */
2464 char value[1024], /* Value string */
2465 *valstart, /* Pointer into value */
2466 *valend, /* End of value */
2467 quote; /* Quote character */
2468 struct group *group; /* Group */
2469
2470
2471 /*
2472 * Make a copy of the string and parse out the groups...
2473 */
2474
2475 strlcpy(value, s, sizeof(value));
2476
2477 status = 1;
2478 valstart = value;
2479
2480 while (*valstart && NumSystemGroups < MAX_SYSTEM_GROUPS)
2481 {
2482 if (*valstart == '\'' || *valstart == '\"')
2483 {
2484 /*
2485 * Scan quoted name...
2486 */
2487
2488 quote = *valstart++;
2489
2490 for (valend = valstart; *valend; valend ++)
2491 if (*valend == quote)
2492 break;
2493 }
2494 else
2495 {
2496 /*
2497 * Scan space or comma-delimited name...
2498 */
2499
2500 for (valend = valstart; *valend; valend ++)
2501 if (_cups_isspace(*valend) || *valend == ',')
2502 break;
2503 }
2504
2505 if (*valend)
2506 *valend++ = '\0';
2507
2508 group = getgrnam(valstart);
2509 if (group)
2510 {
2511 cupsdSetString(SystemGroups + NumSystemGroups, valstart);
2512 SystemGroupIDs[NumSystemGroups] = group->gr_gid;
2513
2514 NumSystemGroups ++;
2515 }
2516 else
2517 status = 0;
2518
2519 endgrent();
2520
2521 valstart = valend;
2522
2523 while (*valstart == ',' || _cups_isspace(*valstart))
2524 valstart ++;
2525 }
2526
2527 return (status);
2528 }
2529
2530
2531 /*
2532 * 'parse_protocols()' - Parse browse protocols in a string.
2533 */
2534
2535 static int /* O - Browse protocol bits */
2536 parse_protocols(const char *s) /* I - Space-delimited protocols */
2537 {
2538 int protocols; /* Browse protocol bits */
2539 char value[1024], /* Value string */
2540 *valstart, /* Pointer into value */
2541 *valend; /* End of value */
2542
2543
2544 /*
2545 * Empty protocol line yields NULL pointer...
2546 */
2547
2548 if (!s)
2549 return (0);
2550
2551 /*
2552 * Loop through the value string,...
2553 */
2554
2555 strlcpy(value, s, sizeof(value));
2556
2557 protocols = 0;
2558
2559 for (valstart = value; *valstart;)
2560 {
2561 /*
2562 * Get the current space/comma-delimited protocol name...
2563 */
2564
2565 for (valend = valstart; *valend; valend ++)
2566 if (_cups_isspace(*valend) || *valend == ',')
2567 break;
2568
2569 if (*valend)
2570 *valend++ = '\0';
2571
2572 /*
2573 * Add the protocol to the bitmask...
2574 */
2575
2576 if (!_cups_strcasecmp(valstart, "dnssd") ||
2577 !_cups_strcasecmp(valstart, "dns-sd") ||
2578 !_cups_strcasecmp(valstart, "bonjour"))
2579 protocols |= BROWSE_DNSSD;
2580 else if (!_cups_strcasecmp(valstart, "all"))
2581 protocols |= BROWSE_ALL;
2582 else if (_cups_strcasecmp(valstart, "none"))
2583 cupsdLogMessage(CUPSD_LOG_ERROR,
2584 "Unknown browse protocol \"%s\" ignored.", valstart);
2585
2586 for (valstart = valend; *valstart; valstart ++)
2587 if (!_cups_isspace(*valstart) || *valstart != ',')
2588 break;
2589 }
2590
2591 return (protocols);
2592 }
2593
2594
2595 /*
2596 * 'parse_variable()' - Parse a variable line.
2597 */
2598
2599 static int /* O - 1 on success, 0 on failure */
2600 parse_variable(
2601 const char *filename, /* I - Name of configuration file */
2602 int linenum, /* I - Line in configuration file */
2603 const char *line, /* I - Line from configuration file */
2604 const char *value, /* I - Value from configuration file */
2605 size_t num_vars, /* I - Number of variables */
2606 const cupsd_var_t *vars) /* I - Variables */
2607 {
2608 size_t i; /* Looping var */
2609 const cupsd_var_t *var; /* Variables */
2610 char temp[1024]; /* Temporary string */
2611
2612
2613 for (i = num_vars, var = vars; i > 0; i --, var ++)
2614 if (!_cups_strcasecmp(line, var->name))
2615 break;
2616
2617 if (i == 0)
2618 {
2619 /*
2620 * Unknown directive! Output an error message and continue...
2621 */
2622
2623 if (!value)
2624 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value for %s on line %d of %s.",
2625 line, linenum, filename);
2626 else
2627 cupsdLogMessage(CUPSD_LOG_ERROR, "Unknown directive %s on line %d of %s.",
2628 line, linenum, filename);
2629
2630 return (0);
2631 }
2632
2633 switch (var->type)
2634 {
2635 case CUPSD_VARTYPE_INTEGER :
2636 if (!value)
2637 {
2638 cupsdLogMessage(CUPSD_LOG_ERROR,
2639 "Missing integer value for %s on line %d of %s.",
2640 line, linenum, filename);
2641 return (0);
2642 }
2643 else if (!isdigit(*value & 255))
2644 {
2645 cupsdLogMessage(CUPSD_LOG_ERROR,
2646 "Bad integer value for %s on line %d of %s.",
2647 line, linenum, filename);
2648 return (0);
2649 }
2650 else
2651 {
2652 int n; /* Number */
2653 char *units; /* Units */
2654
2655 n = strtol(value, &units, 0);
2656
2657 if (units && *units)
2658 {
2659 if (tolower(units[0] & 255) == 'g')
2660 n *= 1024 * 1024 * 1024;
2661 else if (tolower(units[0] & 255) == 'm')
2662 n *= 1024 * 1024;
2663 else if (tolower(units[0] & 255) == 'k')
2664 n *= 1024;
2665 else if (tolower(units[0] & 255) == 't')
2666 n *= 262144;
2667 else
2668 {
2669 cupsdLogMessage(CUPSD_LOG_ERROR,
2670 "Unknown integer value for %s on line %d of %s.",
2671 line, linenum, filename);
2672 return (0);
2673 }
2674 }
2675
2676 if (n < 0)
2677 {
2678 cupsdLogMessage(CUPSD_LOG_ERROR,
2679 "Bad negative integer value for %s on line %d of "
2680 "%s.", line, linenum, filename);
2681 return (0);
2682 }
2683 else
2684 {
2685 *((int *)var->ptr) = n;
2686 }
2687 }
2688 break;
2689
2690 case CUPSD_VARTYPE_PERM :
2691 if (!value)
2692 {
2693 cupsdLogMessage(CUPSD_LOG_ERROR,
2694 "Missing permissions value for %s on line %d of %s.",
2695 line, linenum, filename);
2696 return (0);
2697 }
2698 else if (!isdigit(*value & 255))
2699 {
2700 /* TODO: Add chmod UGO syntax support */
2701 cupsdLogMessage(CUPSD_LOG_ERROR,
2702 "Bad permissions value for %s on line %d of %s.",
2703 line, linenum, filename);
2704 return (0);
2705 }
2706 else
2707 {
2708 int n = strtol(value, NULL, 8);
2709 /* Permissions value */
2710
2711 if (n < 0)
2712 {
2713 cupsdLogMessage(CUPSD_LOG_ERROR,
2714 "Bad negative permissions value for %s on line %d of "
2715 "%s.", line, linenum, filename);
2716 return (0);
2717 }
2718 else
2719 {
2720 *((mode_t *)var->ptr) = (mode_t)n;
2721 }
2722 }
2723 break;
2724
2725 case CUPSD_VARTYPE_TIME :
2726 if (!value)
2727 {
2728 cupsdLogMessage(CUPSD_LOG_ERROR,
2729 "Missing time interval value for %s on line %d of "
2730 "%s.", line, linenum, filename);
2731 return (0);
2732 }
2733 else if (!_cups_strncasecmp(line, "PreserveJob", 11) &&
2734 (!_cups_strcasecmp(value, "true") ||
2735 !_cups_strcasecmp(value, "on") ||
2736 !_cups_strcasecmp(value, "enabled") ||
2737 !_cups_strcasecmp(value, "yes")))
2738 {
2739 *((int *)var->ptr) = INT_MAX;
2740 }
2741 else if (!_cups_strcasecmp(value, "false") ||
2742 !_cups_strcasecmp(value, "off") ||
2743 !_cups_strcasecmp(value, "disabled") ||
2744 !_cups_strcasecmp(value, "no"))
2745 {
2746 *((int *)var->ptr) = 0;
2747 }
2748 else if (!isdigit(*value & 255))
2749 {
2750 cupsdLogMessage(CUPSD_LOG_ERROR,
2751 "Unknown time interval value for %s on line %d of "
2752 "%s.", line, linenum, filename);
2753 return (0);
2754 }
2755 else
2756 {
2757 double n; /* Number */
2758 char *units; /* Units */
2759
2760 n = strtod(value, &units);
2761
2762 if (units && *units)
2763 {
2764 if (tolower(units[0] & 255) == 'w')
2765 n *= 7 * 24 * 60 * 60;
2766 else if (tolower(units[0] & 255) == 'd')
2767 n *= 24 * 60 * 60;
2768 else if (tolower(units[0] & 255) == 'h')
2769 n *= 60 * 60;
2770 else if (tolower(units[0] & 255) == 'm')
2771 n *= 60;
2772 else
2773 {
2774 cupsdLogMessage(CUPSD_LOG_ERROR,
2775 "Unknown time interval value for %s on line "
2776 "%d of %s.", line, linenum, filename);
2777 return (0);
2778 }
2779 }
2780
2781 if (n < 0.0 || n > INT_MAX)
2782 {
2783 cupsdLogMessage(CUPSD_LOG_ERROR,
2784 "Bad time value for %s on line %d of %s.",
2785 line, linenum, filename);
2786 return (0);
2787 }
2788 else
2789 {
2790 *((int *)var->ptr) = (int)n;
2791 }
2792 }
2793 break;
2794
2795 case CUPSD_VARTYPE_BOOLEAN :
2796 if (!value)
2797 {
2798 cupsdLogMessage(CUPSD_LOG_ERROR,
2799 "Missing boolean value for %s on line %d of %s.",
2800 line, linenum, filename);
2801 return (0);
2802 }
2803 else if (!_cups_strcasecmp(value, "true") ||
2804 !_cups_strcasecmp(value, "on") ||
2805 !_cups_strcasecmp(value, "enabled") ||
2806 !_cups_strcasecmp(value, "yes") ||
2807 atoi(value) != 0)
2808 {
2809 *((int *)var->ptr) = TRUE;
2810 }
2811 else if (!_cups_strcasecmp(value, "false") ||
2812 !_cups_strcasecmp(value, "off") ||
2813 !_cups_strcasecmp(value, "disabled") ||
2814 !_cups_strcasecmp(value, "no") ||
2815 !_cups_strcasecmp(value, "0"))
2816 {
2817 *((int *)var->ptr) = FALSE;
2818 }
2819 else
2820 {
2821 cupsdLogMessage(CUPSD_LOG_ERROR,
2822 "Unknown boolean value %s on line %d of %s.",
2823 value, linenum, filename);
2824 return (0);
2825 }
2826 break;
2827
2828 case CUPSD_VARTYPE_PATHNAME :
2829 if (!value)
2830 {
2831 cupsdLogMessage(CUPSD_LOG_ERROR,
2832 "Missing pathname value for %s on line %d of %s.",
2833 line, linenum, filename);
2834 return (0);
2835 }
2836
2837 if (value[0] == '/')
2838 strlcpy(temp, value, sizeof(temp));
2839 else
2840 snprintf(temp, sizeof(temp), "%s/%s", ServerRoot, value);
2841
2842 if (access(temp, 0))
2843 {
2844 cupsdLogMessage(CUPSD_LOG_ERROR,
2845 "File or directory for \"%s %s\" on line %d of %s "
2846 "does not exist.", line, value, linenum, filename);
2847 return (0);
2848 }
2849
2850 cupsdSetString((char **)var->ptr, temp);
2851 break;
2852
2853 case CUPSD_VARTYPE_STRING :
2854 cupsdSetString((char **)var->ptr, value);
2855 break;
2856 }
2857
2858 return (1);
2859 }
2860
2861
2862 /*
2863 * 'read_cupsd_conf()' - Read the cupsd.conf configuration file.
2864 */
2865
2866 static int /* O - 1 on success, 0 on failure */
2867 read_cupsd_conf(cups_file_t *fp) /* I - File to read from */
2868 {
2869 int linenum; /* Current line number */
2870 char line[HTTP_MAX_BUFFER],
2871 /* Line from file */
2872 temp[HTTP_MAX_BUFFER],
2873 /* Temporary buffer for value */
2874 *value, /* Pointer to value */
2875 *valueptr; /* Pointer into value */
2876 int valuelen; /* Length of value */
2877 http_addrlist_t *addrlist, /* Address list */
2878 *addr; /* Current address */
2879 cups_file_t *incfile; /* Include file */
2880 char incname[1024]; /* Include filename */
2881
2882
2883 /*
2884 * Loop through each line in the file...
2885 */
2886
2887 linenum = 0;
2888
2889 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
2890 {
2891 /*
2892 * Decode the directive...
2893 */
2894
2895 if (!_cups_strcasecmp(line, "Include") && value)
2896 {
2897 /*
2898 * Include filename
2899 */
2900
2901 if (value[0] == '/')
2902 strlcpy(incname, value, sizeof(incname));
2903 else
2904 snprintf(incname, sizeof(incname), "%s/%s", ServerRoot, value);
2905
2906 if ((incfile = cupsFileOpen(incname, "rb")) == NULL)
2907 cupsdLogMessage(CUPSD_LOG_ERROR,
2908 "Unable to include config file \"%s\" - %s",
2909 incname, strerror(errno));
2910 else
2911 {
2912 read_cupsd_conf(incfile);
2913 cupsFileClose(incfile);
2914 }
2915 }
2916 else if (!_cups_strcasecmp(line, "<Location") && value)
2917 {
2918 /*
2919 * <Location path>
2920 */
2921
2922 linenum = read_location(fp, value, linenum);
2923 if (linenum == 0)
2924 return (0);
2925 }
2926 else if (!_cups_strcasecmp(line, "<Policy") && value)
2927 {
2928 /*
2929 * <Policy name>
2930 */
2931
2932 linenum = read_policy(fp, value, linenum);
2933 if (linenum == 0)
2934 return (0);
2935 }
2936 else if (!_cups_strcasecmp(line, "FaxRetryInterval") && value)
2937 {
2938 JobRetryInterval = atoi(value);
2939 cupsdLogMessage(CUPSD_LOG_WARN,
2940 "FaxRetryInterval is deprecated; use "
2941 "JobRetryInterval on line %d of %s.", linenum, ConfigurationFile);
2942 }
2943 else if (!_cups_strcasecmp(line, "FaxRetryLimit") && value)
2944 {
2945 JobRetryLimit = atoi(value);
2946 cupsdLogMessage(CUPSD_LOG_WARN,
2947 "FaxRetryLimit is deprecated; use "
2948 "JobRetryLimit on line %d of %s.", linenum, ConfigurationFile);
2949 }
2950 #ifdef HAVE_SSL
2951 else if (!_cups_strcasecmp(line, "SSLOptions"))
2952 {
2953 /*
2954 * SSLOptions [AllowRC4] [AllowSSL3] [None]
2955 */
2956
2957 int options = 0; /* SSL/TLS options */
2958
2959 if (value)
2960 {
2961 char *start, /* Start of option */
2962 *end; /* End of option */
2963
2964 for (start = value; *start; start = end)
2965 {
2966 /*
2967 * Find end of keyword...
2968 */
2969
2970 end = start;
2971 while (*end && !_cups_isspace(*end))
2972 end ++;
2973
2974 if (*end)
2975 *end++ = '\0';
2976
2977 /*
2978 * Compare...
2979 */
2980
2981 if (!_cups_strcasecmp(start, "AllowRC4"))
2982 options |= _HTTP_TLS_ALLOW_RC4;
2983 else if (!_cups_strcasecmp(start, "AllowSSL3"))
2984 options |= _HTTP_TLS_ALLOW_SSL3;
2985 else if (!_cups_strcasecmp(start, "None"))
2986 options = 0;
2987 else if (_cups_strcasecmp(start, "NoEmptyFragments"))
2988 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown SSL option %s at line %d.", start, linenum);
2989 }
2990 }
2991
2992 _httpTLSSetOptions(options);
2993 }
2994 #endif /* HAVE_SSL */
2995 else if ((!_cups_strcasecmp(line, "Port") || !_cups_strcasecmp(line, "Listen")
2996 #ifdef HAVE_SSL
2997 || !_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen")
2998 #endif /* HAVE_SSL */
2999 ) && value)
3000 {
3001 /*
3002 * Add listening address(es) to the list...
3003 */
3004
3005 cupsd_listener_t *lis; /* New listeners array */
3006
3007
3008 /*
3009 * Get the address list...
3010 */
3011
3012 addrlist = get_address(value, IPP_PORT);
3013
3014 if (!addrlist)
3015 {
3016 cupsdLogMessage(CUPSD_LOG_ERROR, "Bad %s address %s at line %d.", line,
3017 value, linenum);
3018 continue;
3019 }
3020
3021 /*
3022 * Add each address...
3023 */
3024
3025 for (addr = addrlist; addr; addr = addr->next)
3026 {
3027 /*
3028 * See if this address is already present...
3029 */
3030
3031 for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners);
3032 lis;
3033 lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
3034 if (httpAddrEqual(&(addr->addr), &(lis->address)) &&
3035 httpAddrPort(&(addr->addr)) == httpAddrPort(&(lis->address)))
3036 break;
3037
3038 if (lis)
3039 {
3040 #if defined(HAVE_LAUNCHD) || defined(HAVE_SYSTEMD)
3041 if (!lis->on_demand)
3042 #endif /* HAVE_LAUNCHD || HAVE_SYSTEMD */
3043 {
3044 httpAddrString(&lis->address, temp, sizeof(temp));
3045 cupsdLogMessage(CUPSD_LOG_WARN,
3046 "Duplicate listen address \"%s\" ignored.", temp);
3047 }
3048
3049 continue;
3050 }
3051
3052 /*
3053 * Allocate another listener...
3054 */
3055
3056 if (!Listeners)
3057 Listeners = cupsArrayNew(NULL, NULL);
3058
3059 if (!Listeners)
3060 {
3061 cupsdLogMessage(CUPSD_LOG_ERROR,
3062 "Unable to allocate %s at line %d - %s.",
3063 line, linenum, strerror(errno));
3064 break;
3065 }
3066
3067 if ((lis = calloc(1, sizeof(cupsd_listener_t))) == NULL)
3068 {
3069 cupsdLogMessage(CUPSD_LOG_ERROR,
3070 "Unable to allocate %s at line %d - %s.",
3071 line, linenum, strerror(errno));
3072 break;
3073 }
3074
3075 cupsArrayAdd(Listeners, lis);
3076
3077 /*
3078 * Copy the current address and log it...
3079 */
3080
3081 memcpy(&(lis->address), &(addr->addr), sizeof(lis->address));
3082 lis->fd = -1;
3083
3084 #ifdef HAVE_SSL
3085 if (!_cups_strcasecmp(line, "SSLPort") || !_cups_strcasecmp(line, "SSLListen"))
3086 lis->encryption = HTTP_ENCRYPT_ALWAYS;
3087 #endif /* HAVE_SSL */
3088
3089 httpAddrString(&lis->address, temp, sizeof(temp));
3090
3091 #ifdef AF_LOCAL
3092 if (lis->address.addr.sa_family == AF_LOCAL)
3093 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s (Domain)", temp);
3094 else
3095 #endif /* AF_LOCAL */
3096 cupsdLogMessage(CUPSD_LOG_INFO, "Listening to %s:%d (IPv%d)", temp,
3097 httpAddrPort(&(lis->address)),
3098 httpAddrFamily(&(lis->address)) == AF_INET ? 4 : 6);
3099
3100 if (!httpAddrLocalhost(&(lis->address)))
3101 RemotePort = httpAddrPort(&(lis->address));
3102 }
3103
3104 /*
3105 * Free the list...
3106 */
3107
3108 httpAddrFreeList(addrlist);
3109 }
3110 else if (!_cups_strcasecmp(line, "BrowseProtocols") ||
3111 !_cups_strcasecmp(line, "BrowseLocalProtocols"))
3112 {
3113 /*
3114 * "BrowseProtocols name [... name]"
3115 * "BrowseLocalProtocols name [... name]"
3116 */
3117
3118 int protocols = parse_protocols(value);
3119
3120 if (protocols < 0)
3121 {
3122 cupsdLogMessage(CUPSD_LOG_ERROR,
3123 "Unknown browse protocol \"%s\" on line %d of %s.",
3124 value, linenum, ConfigurationFile);
3125 break;
3126 }
3127
3128 BrowseLocalProtocols = protocols;
3129 }
3130 else if (!_cups_strcasecmp(line, "DefaultAuthType") && value)
3131 {
3132 /*
3133 * DefaultAuthType {basic,digest,basicdigest,negotiate}
3134 */
3135
3136 if (!_cups_strcasecmp(value, "none"))
3137 default_auth_type = CUPSD_AUTH_NONE;
3138 else if (!_cups_strcasecmp(value, "basic"))
3139 default_auth_type = CUPSD_AUTH_BASIC;
3140 #ifdef HAVE_GSSAPI
3141 else if (!_cups_strcasecmp(value, "negotiate"))
3142 default_auth_type = CUPSD_AUTH_NEGOTIATE;
3143 #endif /* HAVE_GSSAPI */
3144 else if (!_cups_strcasecmp(value, "auto"))
3145 default_auth_type = CUPSD_AUTH_AUTO;
3146 else
3147 {
3148 cupsdLogMessage(CUPSD_LOG_WARN,
3149 "Unknown default authorization type %s on line %d of %s.",
3150 value, linenum, ConfigurationFile);
3151 if (FatalErrors & CUPSD_FATAL_CONFIG)
3152 return (0);
3153 }
3154 }
3155 #ifdef HAVE_SSL
3156 else if (!_cups_strcasecmp(line, "DefaultEncryption"))
3157 {
3158 /*
3159 * DefaultEncryption {Never,IfRequested,Required}
3160 */
3161
3162 if (!value || !_cups_strcasecmp(value, "never"))
3163 DefaultEncryption = HTTP_ENCRYPT_NEVER;
3164 else if (!_cups_strcasecmp(value, "required"))
3165 DefaultEncryption = HTTP_ENCRYPT_REQUIRED;
3166 else if (!_cups_strcasecmp(value, "ifrequested"))
3167 DefaultEncryption = HTTP_ENCRYPT_IF_REQUESTED;
3168 else
3169 {
3170 cupsdLogMessage(CUPSD_LOG_WARN,
3171 "Unknown default encryption %s on line %d of %s.",
3172 value, linenum, ConfigurationFile);
3173 if (FatalErrors & CUPSD_FATAL_CONFIG)
3174 return (0);
3175 }
3176 }
3177 #endif /* HAVE_SSL */
3178 else if (!_cups_strcasecmp(line, "HostNameLookups") && value)
3179 {
3180 /*
3181 * Do hostname lookups?
3182 */
3183
3184 if (!_cups_strcasecmp(value, "off") || !_cups_strcasecmp(value, "no") ||
3185 !_cups_strcasecmp(value, "false"))
3186 HostNameLookups = 0;
3187 else if (!_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "yes") ||
3188 !_cups_strcasecmp(value, "true"))
3189 HostNameLookups = 1;
3190 else if (!_cups_strcasecmp(value, "double"))
3191 HostNameLookups = 2;
3192 else
3193 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown HostNameLookups %s on line %d of %s.",
3194 value, linenum, ConfigurationFile);
3195 }
3196 else if (!_cups_strcasecmp(line, "AccessLogLevel") && value)
3197 {
3198 /*
3199 * Amount of logging to do to access log...
3200 */
3201
3202 if (!_cups_strcasecmp(value, "all"))
3203 AccessLogLevel = CUPSD_ACCESSLOG_ALL;
3204 else if (!_cups_strcasecmp(value, "actions"))
3205 AccessLogLevel = CUPSD_ACCESSLOG_ACTIONS;
3206 else if (!_cups_strcasecmp(value, "config"))
3207 AccessLogLevel = CUPSD_ACCESSLOG_CONFIG;
3208 else if (!_cups_strcasecmp(value, "none"))
3209 AccessLogLevel = CUPSD_ACCESSLOG_NONE;
3210 else
3211 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown AccessLogLevel %s on line %d of %s.",
3212 value, linenum, ConfigurationFile);
3213 }
3214 else if (!_cups_strcasecmp(line, "LogLevel") && value)
3215 {
3216 /*
3217 * Amount of logging to do to error log...
3218 */
3219
3220 if (!_cups_strcasecmp(value, "debug2"))
3221 LogLevel = CUPSD_LOG_DEBUG2;
3222 else if (!_cups_strcasecmp(value, "debug"))
3223 LogLevel = CUPSD_LOG_DEBUG;
3224 else if (!_cups_strcasecmp(value, "info"))
3225 LogLevel = CUPSD_LOG_INFO;
3226 else if (!_cups_strcasecmp(value, "notice"))
3227 LogLevel = CUPSD_LOG_NOTICE;
3228 else if (!_cups_strcasecmp(value, "warn"))
3229 LogLevel = CUPSD_LOG_WARN;
3230 else if (!_cups_strcasecmp(value, "error"))
3231 LogLevel = CUPSD_LOG_ERROR;
3232 else if (!_cups_strcasecmp(value, "crit"))
3233 LogLevel = CUPSD_LOG_CRIT;
3234 else if (!_cups_strcasecmp(value, "alert"))
3235 LogLevel = CUPSD_LOG_ALERT;
3236 else if (!_cups_strcasecmp(value, "emerg"))
3237 LogLevel = CUPSD_LOG_EMERG;
3238 else if (!_cups_strcasecmp(value, "none"))
3239 LogLevel = CUPSD_LOG_NONE;
3240 else
3241 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogLevel %s on line %d of %s.",
3242 value, linenum, ConfigurationFile);
3243 }
3244 else if (!_cups_strcasecmp(line, "LogTimeFormat") && value)
3245 {
3246 /*
3247 * Amount of logging to do to error log...
3248 */
3249
3250 if (!_cups_strcasecmp(value, "standard"))
3251 LogTimeFormat = CUPSD_TIME_STANDARD;
3252 else if (!_cups_strcasecmp(value, "usecs"))
3253 LogTimeFormat = CUPSD_TIME_USECS;
3254 else
3255 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown LogTimeFormat %s on line %d of %s.",
3256 value, linenum, ConfigurationFile);
3257 }
3258 else if (!_cups_strcasecmp(line, "ServerTokens") && value)
3259 {
3260 /*
3261 * Set the string used for the Server header...
3262 */
3263
3264 struct utsname plat; /* Platform info */
3265
3266
3267 uname(&plat);
3268
3269 if (!_cups_strcasecmp(value, "ProductOnly"))
3270 cupsdSetString(&ServerHeader, "CUPS IPP");
3271 else if (!_cups_strcasecmp(value, "Major"))
3272 cupsdSetStringf(&ServerHeader, "CUPS/%d IPP/2", CUPS_VERSION_MAJOR);
3273 else if (!_cups_strcasecmp(value, "Minor"))
3274 cupsdSetStringf(&ServerHeader, "CUPS/%d.%d IPP/2.1", CUPS_VERSION_MAJOR,
3275 CUPS_VERSION_MINOR);
3276 else if (!_cups_strcasecmp(value, "Minimal"))
3277 cupsdSetString(&ServerHeader, CUPS_MINIMAL " IPP/2.1");
3278 else if (!_cups_strcasecmp(value, "OS"))
3279 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s %s) IPP/2.1",
3280 plat.sysname, plat.release);
3281 else if (!_cups_strcasecmp(value, "Full"))
3282 cupsdSetStringf(&ServerHeader, CUPS_MINIMAL " (%s %s; %s) IPP/2.1",
3283 plat.sysname, plat.release, plat.machine);
3284 else if (!_cups_strcasecmp(value, "None"))
3285 cupsdClearString(&ServerHeader);
3286 else
3287 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown ServerTokens %s on line %d of %s.",
3288 value, linenum, ConfigurationFile);
3289 }
3290 else if (!_cups_strcasecmp(line, "PassEnv") && value)
3291 {
3292 /*
3293 * PassEnv variable [... variable]
3294 */
3295
3296 for (; *value;)
3297 {
3298 for (valuelen = 0; value[valuelen]; valuelen ++)
3299 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3300 break;
3301
3302 if (value[valuelen])
3303 {
3304 value[valuelen] = '\0';
3305 valuelen ++;
3306 }
3307
3308 cupsdSetEnv(value, NULL);
3309
3310 for (value += valuelen; *value; value ++)
3311 if (!_cups_isspace(*value) || *value != ',')
3312 break;
3313 }
3314 }
3315 else if (!_cups_strcasecmp(line, "ServerAlias") && value)
3316 {
3317 /*
3318 * ServerAlias name [... name]
3319 */
3320
3321 if (!ServerAlias)
3322 ServerAlias = cupsArrayNew(NULL, NULL);
3323
3324 for (; *value;)
3325 {
3326 for (valuelen = 0; value[valuelen]; valuelen ++)
3327 if (_cups_isspace(value[valuelen]) || value[valuelen] == ',')
3328 break;
3329
3330 if (value[valuelen])
3331 {
3332 value[valuelen] = '\0';
3333 valuelen ++;
3334 }
3335
3336 cupsdAddAlias(ServerAlias, value);
3337
3338 for (value += valuelen; *value; value ++)
3339 if (!_cups_isspace(*value) || *value != ',')
3340 break;
3341 }
3342 }
3343 else if (!_cups_strcasecmp(line, "SetEnv") && value)
3344 {
3345 /*
3346 * SetEnv variable value
3347 */
3348
3349 for (valueptr = value; *valueptr && !isspace(*valueptr & 255); valueptr ++);
3350
3351 if (*valueptr)
3352 {
3353 /*
3354 * Found a value...
3355 */
3356
3357 while (isspace(*valueptr & 255))
3358 *valueptr++ = '\0';
3359
3360 cupsdSetEnv(value, valueptr);
3361 }
3362 else
3363 cupsdLogMessage(CUPSD_LOG_ERROR,
3364 "Missing value for SetEnv directive on line %d of %s.",
3365 linenum, ConfigurationFile);
3366 }
3367 else if (!_cups_strcasecmp(line, "AccessLog") ||
3368 !_cups_strcasecmp(line, "CacheDir") ||
3369 !_cups_strcasecmp(line, "ConfigFilePerm") ||
3370 !_cups_strcasecmp(line, "DataDir") ||
3371 !_cups_strcasecmp(line, "DocumentRoot") ||
3372 !_cups_strcasecmp(line, "ErrorLog") ||
3373 !_cups_strcasecmp(line, "FatalErrors") ||
3374 !_cups_strcasecmp(line, "FileDevice") ||
3375 !_cups_strcasecmp(line, "FontPath") ||
3376 !_cups_strcasecmp(line, "Group") ||
3377 !_cups_strcasecmp(line, "LogFilePerm") ||
3378 !_cups_strcasecmp(line, "LPDConfigFile") ||
3379 !_cups_strcasecmp(line, "PageLog") ||
3380 !_cups_strcasecmp(line, "Printcap") ||
3381 !_cups_strcasecmp(line, "PrintcapFormat") ||
3382 !_cups_strcasecmp(line, "RemoteRoot") ||
3383 !_cups_strcasecmp(line, "RequestRoot") ||
3384 !_cups_strcasecmp(line, "ServerBin") ||
3385 !_cups_strcasecmp(line, "ServerCertificate") ||
3386 !_cups_strcasecmp(line, "ServerKey") ||
3387 !_cups_strcasecmp(line, "ServerKeychain") ||
3388 !_cups_strcasecmp(line, "ServerRoot") ||
3389 !_cups_strcasecmp(line, "SMBConfigFile") ||
3390 !_cups_strcasecmp(line, "StateDir") ||
3391 !_cups_strcasecmp(line, "SystemGroup") ||
3392 !_cups_strcasecmp(line, "SystemGroupAuthKey") ||
3393 !_cups_strcasecmp(line, "TempDir") ||
3394 !_cups_strcasecmp(line, "User"))
3395 {
3396 cupsdLogMessage(CUPSD_LOG_INFO,
3397 "Please move \"%s%s%s\" on line %d of %s to the %s file; "
3398 "this will become an error in a future release.",
3399 line, value ? " " : "", value ? value : "", linenum,
3400 ConfigurationFile, CupsFilesFile);
3401 }
3402 else
3403 parse_variable(ConfigurationFile, linenum, line, value,
3404 sizeof(cupsd_vars) / sizeof(cupsd_vars[0]), cupsd_vars);
3405 }
3406
3407 return (1);
3408 }
3409
3410
3411 /*
3412 * 'read_cups_files_conf()' - Read the cups-files.conf configuration file.
3413 */
3414
3415 static int /* O - 1 on success, 0 on failure */
3416 read_cups_files_conf(cups_file_t *fp) /* I - File to read from */
3417 {
3418 int linenum; /* Current line number */
3419 char line[HTTP_MAX_BUFFER], /* Line from file */
3420 *value; /* Value from line */
3421 struct group *group; /* Group */
3422
3423
3424 /*
3425 * Loop through each line in the file...
3426 */
3427
3428 linenum = 0;
3429
3430 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3431 {
3432 if (!_cups_strcasecmp(line, "FatalErrors"))
3433 FatalErrors = parse_fatal_errors(value);
3434 else if (!_cups_strcasecmp(line, "Group") && value)
3435 {
3436 /*
3437 * Group ID to run as...
3438 */
3439
3440 if (isdigit(value[0]))
3441 Group = (gid_t)atoi(value);
3442 else
3443 {
3444 endgrent();
3445 group = getgrnam(value);
3446
3447 if (group != NULL)
3448 Group = group->gr_gid;
3449 else
3450 {
3451 cupsdLogMessage(CUPSD_LOG_ERROR,
3452 "Unknown Group \"%s\" on line %d of %s.", value,
3453 linenum, CupsFilesFile);
3454 if (FatalErrors & CUPSD_FATAL_CONFIG)
3455 return (0);
3456 }
3457 }
3458 }
3459 else if (!_cups_strcasecmp(line, "PrintcapFormat") && value)
3460 {
3461 /*
3462 * Format of printcap file?
3463 */
3464
3465 if (!_cups_strcasecmp(value, "bsd"))
3466 PrintcapFormat = PRINTCAP_BSD;
3467 else if (!_cups_strcasecmp(value, "plist"))
3468 PrintcapFormat = PRINTCAP_PLIST;
3469 else if (!_cups_strcasecmp(value, "solaris"))
3470 PrintcapFormat = PRINTCAP_SOLARIS;
3471 else
3472 {
3473 cupsdLogMessage(CUPSD_LOG_ERROR,
3474 "Unknown PrintcapFormat \"%s\" on line %d of %s.",
3475 value, linenum, CupsFilesFile);
3476 if (FatalErrors & CUPSD_FATAL_CONFIG)
3477 return (0);
3478 }
3479 }
3480 else if (!_cups_strcasecmp(line, "Sandboxing") && value)
3481 {
3482 /*
3483 * Level of sandboxing?
3484 */
3485
3486 if (!_cups_strcasecmp(value, "off") && getuid())
3487 {
3488 Sandboxing = CUPSD_SANDBOXING_OFF;
3489 cupsdLogMessage(CUPSD_LOG_WARN, "Disabling sandboxing is not recommended (line %d of %s)", linenum, CupsFilesFile);
3490 }
3491 else if (!_cups_strcasecmp(value, "relaxed"))
3492 Sandboxing = CUPSD_SANDBOXING_RELAXED;
3493 else if (!_cups_strcasecmp(value, "strict"))
3494 Sandboxing = CUPSD_SANDBOXING_STRICT;
3495 else
3496 {
3497 cupsdLogMessage(CUPSD_LOG_ERROR,
3498 "Unknown Sandboxing \"%s\" on line %d of %s.",
3499 value, linenum, CupsFilesFile);
3500 if (FatalErrors & CUPSD_FATAL_CONFIG)
3501 return (0);
3502 }
3503 }
3504 else if (!_cups_strcasecmp(line, "SystemGroup") && value)
3505 {
3506 /*
3507 * SystemGroup (admin) group(s)...
3508 */
3509
3510 if (!parse_groups(value))
3511 {
3512 cupsdLogMessage(CUPSD_LOG_ERROR,
3513 "Unknown SystemGroup \"%s\" on line %d of %s.", value,
3514 linenum, CupsFilesFile);
3515 if (FatalErrors & CUPSD_FATAL_CONFIG)
3516 return (0);
3517 }
3518 }
3519 else if (!_cups_strcasecmp(line, "User") && value)
3520 {
3521 /*
3522 * User ID to run as...
3523 */
3524
3525 if (isdigit(value[0] & 255))
3526 {
3527 int uid = atoi(value);
3528
3529 if (!uid)
3530 {
3531 cupsdLogMessage(CUPSD_LOG_ERROR,
3532 "Will not use User 0 as specified on line %d of %s "
3533 "for security reasons. You must use a non-"
3534 "privileged account instead.",
3535 linenum, CupsFilesFile);
3536 if (FatalErrors & CUPSD_FATAL_CONFIG)
3537 return (0);
3538 }
3539 else
3540 User = (uid_t)atoi(value);
3541 }
3542 else
3543 {
3544 struct passwd *p; /* Password information */
3545
3546 endpwent();
3547 p = getpwnam(value);
3548
3549 if (p)
3550 {
3551 if (!p->pw_uid)
3552 {
3553 cupsdLogMessage(CUPSD_LOG_ERROR,
3554 "Will not use User %s (UID=0) as specified on line "
3555 "%d of %s for security reasons. You must use a "
3556 "non-privileged account instead.",
3557 value, linenum, CupsFilesFile);
3558 if (FatalErrors & CUPSD_FATAL_CONFIG)
3559 return (0);
3560 }
3561 else
3562 User = p->pw_uid;
3563 }
3564 else
3565 {
3566 cupsdLogMessage(CUPSD_LOG_ERROR,
3567 "Unknown User \"%s\" on line %d of %s.",
3568 value, linenum, CupsFilesFile);
3569 if (FatalErrors & CUPSD_FATAL_CONFIG)
3570 return (0);
3571 }
3572 }
3573 }
3574 else if (!_cups_strcasecmp(line, "ServerCertificate") ||
3575 !_cups_strcasecmp(line, "ServerKey"))
3576 {
3577 cupsdLogMessage(CUPSD_LOG_INFO,
3578 "The \"%s\" directive on line %d of %s is no longer "
3579 "supported; this will become an error in a future "
3580 "release.",
3581 line, linenum, CupsFilesFile);
3582 }
3583 else if (!parse_variable(CupsFilesFile, linenum, line, value,
3584 sizeof(cupsfiles_vars) / sizeof(cupsfiles_vars[0]),
3585 cupsfiles_vars) &&
3586 (FatalErrors & CUPSD_FATAL_CONFIG))
3587 return (0);
3588 }
3589
3590 return (1);
3591 }
3592
3593
3594 /*
3595 * 'read_location()' - Read a <Location path> definition.
3596 */
3597
3598 static int /* O - New line number or 0 on error */
3599 read_location(cups_file_t *fp, /* I - Configuration file */
3600 char *location, /* I - Location name/path */
3601 int linenum) /* I - Current line number */
3602 {
3603 cupsd_location_t *loc, /* New location */
3604 *parent; /* Parent location */
3605 char line[HTTP_MAX_BUFFER],
3606 /* Line buffer */
3607 *value, /* Value for directive */
3608 *valptr; /* Pointer into value */
3609
3610
3611 if ((parent = cupsdFindLocation(location)) != NULL)
3612 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Location %s> on line %d of %s.",
3613 location, linenum, ConfigurationFile);
3614 else if ((parent = cupsdNewLocation(location)) == NULL)
3615 return (0);
3616 else
3617 {
3618 cupsdAddLocation(parent);
3619
3620 parent->limit = CUPSD_AUTH_LIMIT_ALL;
3621 }
3622
3623 loc = parent;
3624
3625 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3626 {
3627 /*
3628 * Decode the directive...
3629 */
3630
3631 if (!_cups_strcasecmp(line, "</Location>"))
3632 return (linenum);
3633 else if (!_cups_strcasecmp(line, "<Limit") ||
3634 !_cups_strcasecmp(line, "<LimitExcept"))
3635 {
3636 if (!value)
3637 {
3638 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d of %s.", linenum, ConfigurationFile);
3639 if (FatalErrors & CUPSD_FATAL_CONFIG)
3640 return (0);
3641 else
3642 continue;
3643 }
3644
3645 if ((loc = cupsdCopyLocation(parent)) == NULL)
3646 return (0);
3647
3648 cupsdAddLocation(loc);
3649
3650 loc->limit = 0;
3651 while (*value)
3652 {
3653 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3654
3655 if (*valptr)
3656 *valptr++ = '\0';
3657
3658 if (!strcmp(value, "ALL"))
3659 loc->limit = CUPSD_AUTH_LIMIT_ALL;
3660 else if (!strcmp(value, "GET"))
3661 loc->limit |= CUPSD_AUTH_LIMIT_GET;
3662 else if (!strcmp(value, "HEAD"))
3663 loc->limit |= CUPSD_AUTH_LIMIT_HEAD;
3664 else if (!strcmp(value, "OPTIONS"))
3665 loc->limit |= CUPSD_AUTH_LIMIT_OPTIONS;
3666 else if (!strcmp(value, "POST"))
3667 loc->limit |= CUPSD_AUTH_LIMIT_POST;
3668 else if (!strcmp(value, "PUT"))
3669 loc->limit |= CUPSD_AUTH_LIMIT_PUT;
3670 else if (!strcmp(value, "TRACE"))
3671 loc->limit |= CUPSD_AUTH_LIMIT_TRACE;
3672 else
3673 cupsdLogMessage(CUPSD_LOG_WARN, "Unknown request type %s on line %d of %s.",
3674 value, linenum, ConfigurationFile);
3675
3676 for (value = valptr; isspace(*value & 255); value ++);
3677 }
3678
3679 if (!_cups_strcasecmp(line, "<LimitExcept"))
3680 loc->limit = CUPSD_AUTH_LIMIT_ALL ^ loc->limit;
3681
3682 parent->limit &= ~loc->limit;
3683 }
3684 else if (!_cups_strcasecmp(line, "</Limit>") ||
3685 !_cups_strcasecmp(line, "</LimitExcept>"))
3686 loc = parent;
3687 else if (!value)
3688 {
3689 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d of %s.", linenum, ConfigurationFile);
3690 if (FatalErrors & CUPSD_FATAL_CONFIG)
3691 return (0);
3692 }
3693 else if (!parse_aaa(loc, line, value, linenum))
3694 {
3695 cupsdLogMessage(CUPSD_LOG_ERROR,
3696 "Unknown Location directive %s on line %d of %s.",
3697 line, linenum, ConfigurationFile);
3698 if (FatalErrors & CUPSD_FATAL_CONFIG)
3699 return (0);
3700 }
3701 }
3702
3703 cupsdLogMessage(CUPSD_LOG_ERROR,
3704 "Unexpected end-of-file at line %d while reading location.",
3705 linenum);
3706
3707 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
3708 }
3709
3710
3711 /*
3712 * 'read_policy()' - Read a <Policy name> definition.
3713 */
3714
3715 static int /* O - New line number or 0 on error */
3716 read_policy(cups_file_t *fp, /* I - Configuration file */
3717 char *policy, /* I - Location name/path */
3718 int linenum) /* I - Current line number */
3719 {
3720 int i; /* Looping var */
3721 cupsd_policy_t *pol; /* Policy */
3722 cupsd_location_t *op; /* Policy operation */
3723 int num_ops; /* Number of IPP operations */
3724 ipp_op_t ops[100]; /* Operations */
3725 char line[HTTP_MAX_BUFFER],
3726 /* Line buffer */
3727 *value, /* Value for directive */
3728 *valptr; /* Pointer into value */
3729
3730
3731 /*
3732 * Create the policy...
3733 */
3734
3735 if ((pol = cupsdFindPolicy(policy)) != NULL)
3736 cupsdLogMessage(CUPSD_LOG_WARN, "Duplicate <Policy %s> on line %d of %s.",
3737 policy, linenum, ConfigurationFile);
3738 else if ((pol = cupsdAddPolicy(policy)) == NULL)
3739 return (0);
3740
3741 /*
3742 * Read from the file...
3743 */
3744
3745 op = NULL;
3746 num_ops = 0;
3747
3748 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
3749 {
3750 /*
3751 * Decode the directive...
3752 */
3753
3754 if (!_cups_strcasecmp(line, "</Policy>"))
3755 {
3756 if (op)
3757 cupsdLogMessage(CUPSD_LOG_WARN,
3758 "Missing </Limit> before </Policy> on line %d of %s.",
3759 linenum, ConfigurationFile);
3760
3761 set_policy_defaults(pol);
3762
3763 return (linenum);
3764 }
3765 else if (!_cups_strcasecmp(line, "<Limit") && !op)
3766 {
3767 if (!value)
3768 {
3769 cupsdLogMessage(CUPSD_LOG_ERROR, "Syntax error on line %d of %s.", linenum, ConfigurationFile);
3770 if (FatalErrors & CUPSD_FATAL_CONFIG)
3771 return (0);
3772 else
3773 continue;
3774 }
3775
3776 /*
3777 * Scan for IPP operation names...
3778 */
3779
3780 num_ops = 0;
3781
3782 while (*value)
3783 {
3784 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3785
3786 if (*valptr)
3787 *valptr++ = '\0';
3788
3789 if (num_ops < (int)(sizeof(ops) / sizeof(ops[0])))
3790 {
3791 if (!_cups_strcasecmp(value, "All"))
3792 ops[num_ops] = IPP_ANY_OPERATION;
3793 else if ((ops[num_ops] = ippOpValue(value)) == IPP_BAD_OPERATION)
3794 cupsdLogMessage(CUPSD_LOG_ERROR,
3795 "Bad IPP operation name \"%s\" on line %d of %s.",
3796 value, linenum, ConfigurationFile);
3797 else
3798 num_ops ++;
3799 }
3800 else
3801 cupsdLogMessage(CUPSD_LOG_ERROR,
3802 "Too many operations listed on line %d of %s.",
3803 linenum, ConfigurationFile);
3804
3805 for (value = valptr; isspace(*value & 255); value ++);
3806 }
3807
3808 /*
3809 * If none are specified, apply the policy to all operations...
3810 */
3811
3812 if (num_ops == 0)
3813 {
3814 ops[0] = IPP_ANY_OPERATION;
3815 num_ops = 1;
3816 }
3817
3818 /*
3819 * Add a new policy for the first operation...
3820 */
3821
3822 op = cupsdAddPolicyOp(pol, NULL, ops[0]);
3823 }
3824 else if (!_cups_strcasecmp(line, "</Limit>") && op)
3825 {
3826 /*
3827 * Finish the current operation limit...
3828 */
3829
3830 if (num_ops > 1)
3831 {
3832 /*
3833 * Copy the policy to the other operations...
3834 */
3835
3836 for (i = 1; i < num_ops; i ++)
3837 cupsdAddPolicyOp(pol, op, ops[i]);
3838 }
3839
3840 op = NULL;
3841 }
3842 else if (!value)
3843 {
3844 cupsdLogMessage(CUPSD_LOG_ERROR, "Missing value on line %d of %s.", linenum, ConfigurationFile);
3845 if (FatalErrors & CUPSD_FATAL_CONFIG)
3846 return (0);
3847 }
3848 else if (!_cups_strcasecmp(line, "JobPrivateAccess") ||
3849 !_cups_strcasecmp(line, "JobPrivateValues") ||
3850 !_cups_strcasecmp(line, "SubscriptionPrivateAccess") ||
3851 !_cups_strcasecmp(line, "SubscriptionPrivateValues"))
3852 {
3853 if (op)
3854 {
3855 cupsdLogMessage(CUPSD_LOG_ERROR,
3856 "%s directive must appear outside <Limit>...</Limit> "
3857 "on line %d of %s.", line, linenum, ConfigurationFile);
3858 if (FatalErrors & CUPSD_FATAL_CONFIG)
3859 return (0);
3860 }
3861 else
3862 {
3863 /*
3864 * Pull out whitespace-delimited values...
3865 */
3866
3867 while (*value)
3868 {
3869 /*
3870 * Find the end of the current value...
3871 */
3872
3873 for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++);
3874
3875 if (*valptr)
3876 *valptr++ = '\0';
3877
3878 /*
3879 * Save it appropriately...
3880 */
3881
3882 if (!_cups_strcasecmp(line, "JobPrivateAccess"))
3883 {
3884 /*
3885 * JobPrivateAccess {all|default|user/group list|@@ACL}
3886 */
3887
3888 if (!_cups_strcasecmp(value, "default"))
3889 {
3890 cupsdAddString(&(pol->job_access), "@OWNER");
3891 cupsdAddString(&(pol->job_access), "@SYSTEM");
3892 }
3893 else
3894 cupsdAddString(&(pol->job_access), value);
3895 }
3896 else if (!_cups_strcasecmp(line, "JobPrivateValues"))
3897 {
3898 /*
3899 * JobPrivateValues {all|none|default|attribute list}
3900 */
3901
3902 if (!_cups_strcasecmp(value, "default"))
3903 {
3904 cupsdAddString(&(pol->job_attrs), "job-name");
3905 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
3906 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
3907 cupsdAddString(&(pol->job_attrs), "phone");
3908 }
3909 else
3910 cupsdAddString(&(pol->job_attrs), value);
3911 }
3912 else if (!_cups_strcasecmp(line, "SubscriptionPrivateAccess"))
3913 {
3914 /*
3915 * SubscriptionPrivateAccess {all|default|user/group list|@@ACL}
3916 */
3917
3918 if (!_cups_strcasecmp(value, "default"))
3919 {
3920 cupsdAddString(&(pol->sub_access), "@OWNER");
3921 cupsdAddString(&(pol->sub_access), "@SYSTEM");
3922 }
3923 else
3924 cupsdAddString(&(pol->sub_access), value);
3925 }
3926 else /* if (!_cups_strcasecmp(line, "SubscriptionPrivateValues")) */
3927 {
3928 /*
3929 * SubscriptionPrivateValues {all|none|default|attribute list}
3930 */
3931
3932 if (!_cups_strcasecmp(value, "default"))
3933 {
3934 cupsdAddString(&(pol->sub_attrs), "notify-events");
3935 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
3936 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
3937 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
3938 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
3939 }
3940 else
3941 cupsdAddString(&(pol->sub_attrs), value);
3942 }
3943
3944 /*
3945 * Find the next string on the line...
3946 */
3947
3948 for (value = valptr; isspace(*value & 255); value ++);
3949 }
3950 }
3951 }
3952 else if (!op)
3953 {
3954 cupsdLogMessage(CUPSD_LOG_ERROR,
3955 "Missing <Limit ops> directive before %s on line %d of %s.",
3956 line, linenum, ConfigurationFile);
3957 if (FatalErrors & CUPSD_FATAL_CONFIG)
3958 return (0);
3959 }
3960 else if (!parse_aaa(op, line, value, linenum))
3961 {
3962 cupsdLogMessage(CUPSD_LOG_ERROR,
3963 "Unknown Policy Limit directive %s on line %d of %s.",
3964 line, linenum, ConfigurationFile);
3965
3966 if (FatalErrors & CUPSD_FATAL_CONFIG)
3967 return (0);
3968 }
3969 }
3970
3971 cupsdLogMessage(CUPSD_LOG_ERROR,
3972 "Unexpected end-of-file at line %d while reading policy "
3973 "\"%s\".", linenum, policy);
3974
3975 return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
3976 }
3977
3978
3979 /*
3980 * 'set_policy_defaults()' - Set default policy values as needed.
3981 */
3982
3983 static void
3984 set_policy_defaults(cupsd_policy_t *pol)/* I - Policy */
3985 {
3986 cupsd_location_t *op; /* Policy operation */
3987
3988
3989 /*
3990 * Verify that we have an explicit policy for Validate-Job, Cancel-Jobs,
3991 * Cancel-My-Jobs, Close-Job, and CUPS-Get-Document, which ensures that
3992 * upgrades do not introduce new security issues...
3993 */
3994
3995 if ((op = cupsdFindPolicyOp(pol, IPP_VALIDATE_JOB)) == NULL ||
3996 op->op == IPP_ANY_OPERATION)
3997 {
3998 if ((op = cupsdFindPolicyOp(pol, IPP_PRINT_JOB)) != NULL &&
3999 op->op != IPP_ANY_OPERATION)
4000 {
4001 /*
4002 * Add a new limit for Validate-Job using the Print-Job limit as a
4003 * template...
4004 */
4005
4006 cupsdLogMessage(CUPSD_LOG_WARN,
4007 "No limit for Validate-Job defined in policy %s "
4008 "- using Print-Job's policy.", pol->name);
4009
4010 cupsdAddPolicyOp(pol, op, IPP_VALIDATE_JOB);
4011 }
4012 else
4013 cupsdLogMessage(CUPSD_LOG_WARN,
4014 "No limit for Validate-Job defined in policy %s "
4015 "and no suitable template found.", pol->name);
4016 }
4017
4018 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_JOBS)) == NULL ||
4019 op->op == IPP_ANY_OPERATION)
4020 {
4021 if ((op = cupsdFindPolicyOp(pol, IPP_PAUSE_PRINTER)) != NULL &&
4022 op->op != IPP_ANY_OPERATION)
4023 {
4024 /*
4025 * Add a new limit for Cancel-Jobs using the Pause-Printer limit as a
4026 * template...
4027 */
4028
4029 cupsdLogMessage(CUPSD_LOG_WARN,
4030 "No limit for Cancel-Jobs defined in policy %s "
4031 "- using Pause-Printer's policy.", pol->name);
4032
4033 cupsdAddPolicyOp(pol, op, IPP_CANCEL_JOBS);
4034 }
4035 else
4036 cupsdLogMessage(CUPSD_LOG_WARN,
4037 "No limit for Cancel-Jobs defined in policy %s "
4038 "and no suitable template found.", pol->name);
4039 }
4040
4041 if ((op = cupsdFindPolicyOp(pol, IPP_CANCEL_MY_JOBS)) == NULL ||
4042 op->op == IPP_ANY_OPERATION)
4043 {
4044 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
4045 op->op != IPP_ANY_OPERATION)
4046 {
4047 /*
4048 * Add a new limit for Cancel-My-Jobs using the Send-Document limit as
4049 * a template...
4050 */
4051
4052 cupsdLogMessage(CUPSD_LOG_WARN,
4053 "No limit for Cancel-My-Jobs defined in policy %s "
4054 "- using Send-Document's policy.", pol->name);
4055
4056 cupsdAddPolicyOp(pol, op, IPP_CANCEL_MY_JOBS);
4057 }
4058 else
4059 cupsdLogMessage(CUPSD_LOG_WARN,
4060 "No limit for Cancel-My-Jobs defined in policy %s "
4061 "and no suitable template found.", pol->name);
4062 }
4063
4064 if ((op = cupsdFindPolicyOp(pol, IPP_CLOSE_JOB)) == NULL ||
4065 op->op == IPP_ANY_OPERATION)
4066 {
4067 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
4068 op->op != IPP_ANY_OPERATION)
4069 {
4070 /*
4071 * Add a new limit for Close-Job using the Send-Document limit as a
4072 * template...
4073 */
4074
4075 cupsdLogMessage(CUPSD_LOG_WARN,
4076 "No limit for Close-Job defined in policy %s "
4077 "- using Send-Document's policy.", pol->name);
4078
4079 cupsdAddPolicyOp(pol, op, IPP_CLOSE_JOB);
4080 }
4081 else
4082 cupsdLogMessage(CUPSD_LOG_WARN,
4083 "No limit for Close-Job defined in policy %s "
4084 "and no suitable template found.", pol->name);
4085 }
4086
4087 if ((op = cupsdFindPolicyOp(pol, CUPS_GET_DOCUMENT)) == NULL ||
4088 op->op == IPP_ANY_OPERATION)
4089 {
4090 if ((op = cupsdFindPolicyOp(pol, IPP_SEND_DOCUMENT)) != NULL &&
4091 op->op != IPP_ANY_OPERATION)
4092 {
4093 /*
4094 * Add a new limit for CUPS-Get-Document using the Send-Document
4095 * limit as a template...
4096 */
4097
4098 cupsdLogMessage(CUPSD_LOG_WARN,
4099 "No limit for CUPS-Get-Document defined in policy %s "
4100 "- using Send-Document's policy.", pol->name);
4101
4102 cupsdAddPolicyOp(pol, op, CUPS_GET_DOCUMENT);
4103 }
4104 else
4105 cupsdLogMessage(CUPSD_LOG_WARN,
4106 "No limit for CUPS-Get-Document defined in policy %s "
4107 "and no suitable template found.", pol->name);
4108 }
4109
4110 /*
4111 * Verify we have JobPrivateAccess, JobPrivateValues,
4112 * SubscriptionPrivateAccess, and SubscriptionPrivateValues in the policy.
4113 */
4114
4115 if (!pol->job_access)
4116 {
4117 cupsdLogMessage(CUPSD_LOG_WARN,
4118 "No JobPrivateAccess defined in policy %s "
4119 "- using defaults.", pol->name);
4120 cupsdAddString(&(pol->job_access), "@OWNER");
4121 cupsdAddString(&(pol->job_access), "@SYSTEM");
4122 }
4123
4124 if (!pol->job_attrs)
4125 {
4126 cupsdLogMessage(CUPSD_LOG_WARN,
4127 "No JobPrivateValues defined in policy %s "
4128 "- using defaults.", pol->name);
4129 cupsdAddString(&(pol->job_attrs), "job-name");
4130 cupsdAddString(&(pol->job_attrs), "job-originating-host-name");
4131 cupsdAddString(&(pol->job_attrs), "job-originating-user-name");
4132 cupsdAddString(&(pol->job_attrs), "phone");
4133 }
4134
4135 if (!pol->sub_access)
4136 {
4137 cupsdLogMessage(CUPSD_LOG_WARN,
4138 "No SubscriptionPrivateAccess defined in policy %s "
4139 "- using defaults.", pol->name);
4140 cupsdAddString(&(pol->sub_access), "@OWNER");
4141 cupsdAddString(&(pol->sub_access), "@SYSTEM");
4142 }
4143
4144 if (!pol->sub_attrs)
4145 {
4146 cupsdLogMessage(CUPSD_LOG_WARN,
4147 "No SubscriptionPrivateValues defined in policy %s "
4148 "- using defaults.", pol->name);
4149 cupsdAddString(&(pol->sub_attrs), "notify-events");
4150 cupsdAddString(&(pol->sub_attrs), "notify-pull-method");
4151 cupsdAddString(&(pol->sub_attrs), "notify-recipient-uri");
4152 cupsdAddString(&(pol->sub_attrs), "notify-subscriber-user-name");
4153 cupsdAddString(&(pol->sub_attrs), "notify-user-data");
4154 }
4155 }
4156
4157
4158 /*
4159 * End of "$Id$".
4160 */
Unnamed repository; edit this file 'description' to name the repository.