|
Packit |
2fc92b |
/*
|
|
Packit |
2fc92b |
* Authorization definitions for the CUPS scheduler.
|
|
Packit |
2fc92b |
*
|
|
Packit |
2fc92b |
* Copyright 2007-2014 by Apple Inc.
|
|
Packit |
2fc92b |
* Copyright 1997-2006 by Easy Software Products, all rights reserved.
|
|
Packit |
2fc92b |
*
|
|
Packit |
2fc92b |
* These coded instructions, statements, and computer programs are the
|
|
Packit |
2fc92b |
* property of Apple Inc. and are protected by Federal copyright
|
|
Packit |
2fc92b |
* law. Distribution and use rights are outlined in the file "LICENSE.txt"
|
|
Packit |
2fc92b |
* which should have been included with this file. If this file is
|
|
Packit |
2fc92b |
* missing or damaged, see the license at "http://www.cups.org/".
|
|
Packit |
2fc92b |
*/
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
/*
|
|
Packit |
2fc92b |
* Include necessary headers...
|
|
Packit |
2fc92b |
*/
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
#include <pwd.h>
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
/*
|
|
Packit |
2fc92b |
* HTTP authorization types and levels...
|
|
Packit |
2fc92b |
*/
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_DEFAULT -1 /* Use DefaultAuthType */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_NONE 0 /* No authentication */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_BASIC 1 /* Basic authentication */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_NEGOTIATE 2 /* Kerberos authentication */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_AUTO 3 /* Kerberos or Basic, depending on configuration of server */
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_ANON 0 /* Anonymous access */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_USER 1 /* Must have a valid username/password */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_GROUP 2 /* Must also be in a named group */
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_ALLOW 0 /* Allow access */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_DENY 1 /* Deny access */
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_NAME 0 /* Authorize host by name */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_IP 1 /* Authorize host by IP */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_INTERFACE 2 /* Authorize host by interface */
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_SATISFY_ALL 0 /* Satisfy both address and auth */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_SATISFY_ANY 1 /* Satisfy either address or auth */
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_LIMIT_DELETE 1 /* Limit DELETE requests */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_LIMIT_GET 2 /* Limit GET requests */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_LIMIT_HEAD 4 /* Limit HEAD requests */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_LIMIT_OPTIONS 8 /* Limit OPTIONS requests */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_LIMIT_POST 16 /* Limit POST requests */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_LIMIT_PUT 32 /* Limit PUT requests */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_LIMIT_TRACE 64 /* Limit TRACE requests */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_LIMIT_ALL 127 /* Limit all requests */
|
|
Packit |
2fc92b |
#define CUPSD_AUTH_LIMIT_IPP 128 /* Limit IPP requests */
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
#define IPP_ANY_OPERATION (ipp_op_t)0
|
|
Packit |
2fc92b |
/* Any IPP operation */
|
|
Packit |
2fc92b |
#define IPP_BAD_OPERATION (ipp_op_t)-1
|
|
Packit |
2fc92b |
/* No IPP operation */
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
/*
|
|
Packit |
2fc92b |
* HTTP access control structures...
|
|
Packit |
2fc92b |
*/
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
typedef struct
|
|
Packit |
2fc92b |
{
|
|
Packit |
2fc92b |
unsigned address[4], /* IP address */
|
|
Packit |
2fc92b |
netmask[4]; /* IP netmask */
|
|
Packit |
2fc92b |
} cupsd_ipmask_t;
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
typedef struct
|
|
Packit |
2fc92b |
{
|
|
Packit |
2fc92b |
size_t length; /* Length of name */
|
|
Packit |
2fc92b |
char *name; /* Name string */
|
|
Packit |
2fc92b |
} cupsd_namemask_t;
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
typedef struct
|
|
Packit |
2fc92b |
{
|
|
Packit |
2fc92b |
int type; /* Mask type */
|
|
Packit |
2fc92b |
union
|
|
Packit |
2fc92b |
{
|
|
Packit |
2fc92b |
cupsd_namemask_t name; /* Host/Domain name */
|
|
Packit |
2fc92b |
cupsd_ipmask_t ip; /* IP address/network */
|
|
Packit |
2fc92b |
} mask; /* Mask data */
|
|
Packit |
2fc92b |
} cupsd_authmask_t;
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
typedef struct
|
|
Packit |
2fc92b |
{
|
|
Packit |
2fc92b |
char *location; /* Location of resource */
|
|
Packit |
2fc92b |
size_t length; /* Length of location string */
|
|
Packit |
2fc92b |
ipp_op_t op; /* IPP operation */
|
|
Packit |
2fc92b |
int limit, /* Limit for these types of requests */
|
|
Packit |
2fc92b |
order_type, /* Allow or Deny */
|
|
Packit |
2fc92b |
type, /* Type of authentication */
|
|
Packit |
2fc92b |
level, /* Access level required */
|
|
Packit |
2fc92b |
satisfy; /* Satisfy any or all limits? */
|
|
Packit |
2fc92b |
cups_array_t *names, /* User or group names */
|
|
Packit |
2fc92b |
*allow, /* Allow lines */
|
|
Packit |
2fc92b |
*deny; /* Deny lines */
|
|
Packit |
2fc92b |
http_encryption_t encryption; /* To encrypt or not to encrypt... */
|
|
Packit |
2fc92b |
} cupsd_location_t;
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
typedef struct cupsd_client_s cupsd_client_t;
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
/*
|
|
Packit |
2fc92b |
* Globals...
|
|
Packit |
2fc92b |
*/
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
VAR cups_array_t *Locations VALUE(NULL);
|
|
Packit |
2fc92b |
/* Authorization locations */
|
|
Packit |
2fc92b |
#ifdef HAVE_SSL
|
|
Packit |
2fc92b |
VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
|
|
Packit |
2fc92b |
/* Default encryption for authentication */
|
|
Packit |
2fc92b |
#endif /* HAVE_SSL */
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
/*
|
|
Packit |
2fc92b |
* Prototypes...
|
|
Packit |
2fc92b |
*/
|
|
Packit |
2fc92b |
|
|
Packit |
2fc92b |
extern int cupsdAddIPMask(cups_array_t **masks,
|
|
Packit |
2fc92b |
const unsigned address[4],
|
|
Packit |
2fc92b |
const unsigned netmask[4]);
|
|
Packit |
2fc92b |
extern void cupsdAddLocation(cupsd_location_t *loc);
|
|
Packit |
2fc92b |
extern void cupsdAddName(cupsd_location_t *loc, char *name);
|
|
Packit |
2fc92b |
extern int cupsdAddNameMask(cups_array_t **masks, char *name);
|
|
Packit |
2fc92b |
extern void cupsdAuthorize(cupsd_client_t *con);
|
|
Packit |
2fc92b |
extern int cupsdCheckAccess(unsigned ip[4], const char *name, size_t namelen, cupsd_location_t *loc);
|
|
Packit |
2fc92b |
extern int cupsdCheckAuth(unsigned ip[4], const char *name, size_t namelen, cups_array_t *masks);
|
|
Packit |
2fc92b |
extern int cupsdCheckGroup(const char *username,
|
|
Packit |
2fc92b |
struct passwd *user,
|
|
Packit |
2fc92b |
const char *groupname);
|
|
Packit |
2fc92b |
extern cupsd_location_t *cupsdCopyLocation(cupsd_location_t *loc);
|
|
Packit |
2fc92b |
extern void cupsdDeleteAllLocations(void);
|
|
Packit |
2fc92b |
extern cupsd_location_t *cupsdFindBest(const char *path, http_state_t state);
|
|
Packit |
2fc92b |
extern cupsd_location_t *cupsdFindLocation(const char *location);
|
|
Packit |
2fc92b |
extern void cupsdFreeLocation(cupsd_location_t *loc);
|
|
Packit |
2fc92b |
extern http_status_t cupsdIsAuthorized(cupsd_client_t *con, const char *owner);
|
|
Packit |
2fc92b |
extern cupsd_location_t *cupsdNewLocation(const char *location);
|