diff options
author | msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2015-05-21 01:48:09 +0000 |
---|---|---|
committer | msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be> | 2015-05-21 01:48:09 +0000 |
commit | bdc4056cffedd7c02960bec89a6d536a99020f91 (patch) | |
tree | ffb4c9833db42b6f0c839cf053cb1486ea276e19 /cups/tlscheck.c | |
parent | b37d45d9edf36de04536cdb398ee08a025b5e6bb (diff) | |
download | cups-bdc4056cffedd7c02960bec89a6d536a99020f91.tar.gz |
Update list of blacklisted DH/DHE cipher suites.
Expand what tlscheck can do/report.
git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12649 a1ca3aef-8c08-0410-bb20-df032aa958be
Diffstat (limited to 'cups/tlscheck.c')
-rw-r--r-- | cups/tlscheck.c | 161 |
1 files changed, 146 insertions, 15 deletions
diff --git a/cups/tlscheck.c b/cups/tlscheck.c index 3f495dbb8..a17d73104 100644 --- a/cups/tlscheck.c +++ b/cups/tlscheck.c @@ -23,6 +23,13 @@ /* + * Local functions... + */ + +static void usage(void); + + +/* * 'main()' - Main entry. */ @@ -30,29 +37,100 @@ int /* O - Exit status */ main(int argc, /* I - Number of command-line arguments */ char *argv[]) /* I - Command-line arguments */ { + int i; /* Looping var */ http_t *http; /* HTTP connection */ - const char *server = argv[1]; /* Hostname from command-line */ - int port = 631; /* Port number */ + const char *server = NULL; /* Hostname from command-line */ + int port = 0; /* Port number */ const char *cipherName = "UNKNOWN";/* Cipher suite name */ + int dhBits = 0; /* Diffie-Hellman bits */ int tlsVersion = 0; /* TLS version number */ - - - if (argc < 2 || argc > 3) + char uri[1024], /* Printer URI */ + scheme[32], /* URI scheme */ + host[256], /* Hostname */ + userpass[256], /* Username/password */ + resource[256]; /* Resource path */ + int tls_options = _HTTP_TLS_NONE, + /* TLS options */ + verbose = 0; /* Verbosity */ + ipp_t *request, /* IPP Get-Printer-Attributes request */ + *response; /* IPP Get-Printer-Attributes response */ + ipp_attribute_t *attr; /* Current attribute */ + const char *name; /* Attribute name */ + char value[1024]; /* Attribute (string) value */ + static const char * const pattrs[] = /* Requested attributes */ { - puts("Usage: ./tlscheck server [port]"); - puts(""); - puts("The default port is 631."); - return (1); - } + "color-supported", + "compression-supported", + "document-format-supported", + "pages-per-minute", + "printer-location", + "printer-make-and-model", + "printer-state", + "printer-state-reasons", + "sides-supported", + "uri-authentication-supported", + "uri-security-supported" + }; + - if (argc == 3) + for (i = 1; i < argc; i ++) { - if (argv[2][0] == '=') - port = atoi(argv[2] + 1); + if (!strcmp(argv[i], "--dh")) + { + tls_options |= _HTTP_TLS_ALLOW_DH; + } + else if (!strcmp(argv[i], "--no-tls10")) + { + tls_options |= _HTTP_TLS_DENY_TLS10; + } + else if (!strcmp(argv[i], "--rc4")) + { + tls_options |= _HTTP_TLS_ALLOW_RC4; + } + else if (!strcmp(argv[i], "--verbose") || !strcmp(argv[i], "-v")) + { + verbose = 1; + } + else if (argv[i][0] == '-') + { + printf("tlscheck: Unknown option '%s'.\n", argv[i]); + usage(); + } + else if (!server) + { + if (!strncmp(argv[i], "ipps://", 7)) + { + httpSeparateURI(HTTP_URI_CODING_ALL, argv[i], scheme, sizeof(scheme), userpass, sizeof(userpass), host, sizeof(host), &port, resource, sizeof(resource)); + server = host; + } + else + { + server = argv[i]; + strlcpy(resource, "/ipp/print", sizeof(resource)); + } + } + else if (!port && (argv[i][0] == '=' || isdigit(argv[i][0] & 255))) + { + if (argv[i][0] == '=') + port = atoi(argv[i] + 1); + else + port = atoi(argv[i]); + } else - port = atoi(argv[2]); + { + printf("tlscheck: Unexpected argument '%s'.\n", argv[i]); + usage(); + } } + if (!server) + usage(); + + if (!port) + port = 631; + + _httpTLSSetOptions(tls_options); + http = httpConnect2(server, port, NULL, AF_UNSPEC, HTTP_ENCRYPTION_ALWAYS, 1, 30000, NULL); if (!http) { @@ -588,9 +666,39 @@ main(int argc, /* I - Number of command-line arguments */ httpClose(http); return (1); } + + dhBits = (int)paramsLen * 8; #endif /* __APPLE__ */ - printf("%s: OK (%d.%d, %s)\n", server, tlsVersion / 10, tlsVersion % 10, cipherName); + if (dhBits > 0) + printf("%s: OK (%d.%d, %s, %d DH bits)\n", server, tlsVersion / 10, tlsVersion % 10, cipherName, dhBits); + else + printf("%s: OK (%d.%d, %s)\n", server, tlsVersion / 10, tlsVersion % 10, cipherName); + + if (verbose) + { + httpAssembleURI(HTTP_URI_CODING_ALL, uri, sizeof(uri), "ipps", NULL, host, port, resource); + request = ippNewRequest(IPP_OP_GET_PRINTER_ATTRIBUTES); + ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri); + ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name", NULL, cupsUser()); + ippAddStrings(request, IPP_TAG_OPERATION, IPP_TAG_KEYWORD, "requested-attributes", (int)(sizeof(pattrs) / sizeof(pattrs[0])), NULL, pattrs); + + response = cupsDoRequest(http, request, resource); + + for (attr = ippFirstAttribute(response); attr; attr = ippNextAttribute(response)) + { + if (ippGetGroupTag(attr) != IPP_TAG_PRINTER) + continue; + + if ((name = ippGetName(attr)) == NULL) + continue; + + ippAttributeString(attr, value, sizeof(value)); + printf(" %s=%s\n", name, value); + } + + ippDelete(response); + } httpClose(http); @@ -599,5 +707,28 @@ main(int argc, /* I - Number of command-line arguments */ /* + * 'usage()' - Show program usage. + */ + +static void +usage(void) +{ + puts("Usage: ./tlscheck [options] server [port]"); + puts(" ./tlscheck [options] ipps://server[:port]/path"); + puts(""); + puts("Options:"); + puts(" --dh Allow DH/DHE key exchange"); + puts(" --no-tls10 Disable TLS/1.0"); + puts(" --rc4 Allow RC4 encryption"); + puts(" --verbose Be verbose"); + puts(" -v Be verbose"); + puts(""); + puts("The default port is 631."); + + exit(1); +} + + +/* * End of "$Id$". */ |