1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
|
/*
* Authorization definitions for the CUPS scheduler.
*
* Copyright 2007-2014 by Apple Inc.
* Copyright 1997-2006 by Easy Software Products, all rights reserved.
*
* Licensed under Apache License v2.0. See the file "LICENSE" for more information.
*/
/*
* Include necessary headers...
*/
#include <pwd.h>
/*
* HTTP authorization types and levels...
*/
#define CUPSD_AUTH_DEFAULT -1 /* Use DefaultAuthType */
#define CUPSD_AUTH_NONE 0 /* No authentication */
#define CUPSD_AUTH_BASIC 1 /* Basic authentication */
#define CUPSD_AUTH_NEGOTIATE 2 /* Kerberos authentication */
#define CUPSD_AUTH_AUTO 3 /* Kerberos or Basic, depending on configuration of server */
#define CUPSD_AUTH_ANON 0 /* Anonymous access */
#define CUPSD_AUTH_USER 1 /* Must have a valid username/password */
#define CUPSD_AUTH_GROUP 2 /* Must also be in a named group */
#define CUPSD_AUTH_ALLOW 0 /* Allow access */
#define CUPSD_AUTH_DENY 1 /* Deny access */
#define CUPSD_AUTH_NAME 0 /* Authorize host by name */
#define CUPSD_AUTH_IP 1 /* Authorize host by IP */
#define CUPSD_AUTH_INTERFACE 2 /* Authorize host by interface */
#define CUPSD_AUTH_SATISFY_ALL 0 /* Satisfy both address and auth */
#define CUPSD_AUTH_SATISFY_ANY 1 /* Satisfy either address or auth */
#define CUPSD_AUTH_LIMIT_DELETE 1 /* Limit DELETE requests */
#define CUPSD_AUTH_LIMIT_GET 2 /* Limit GET requests */
#define CUPSD_AUTH_LIMIT_HEAD 4 /* Limit HEAD requests */
#define CUPSD_AUTH_LIMIT_OPTIONS 8 /* Limit OPTIONS requests */
#define CUPSD_AUTH_LIMIT_POST 16 /* Limit POST requests */
#define CUPSD_AUTH_LIMIT_PUT 32 /* Limit PUT requests */
#define CUPSD_AUTH_LIMIT_TRACE 64 /* Limit TRACE requests */
#define CUPSD_AUTH_LIMIT_ALL 127 /* Limit all requests */
#define CUPSD_AUTH_LIMIT_IPP 128 /* Limit IPP requests */
#define IPP_ANY_OPERATION (ipp_op_t)0
/* Any IPP operation */
#define IPP_BAD_OPERATION (ipp_op_t)-1
/* No IPP operation */
/*
* HTTP access control structures...
*/
typedef struct
{
unsigned address[4], /* IP address */
netmask[4]; /* IP netmask */
} cupsd_ipmask_t;
typedef struct
{
size_t length; /* Length of name */
char *name; /* Name string */
} cupsd_namemask_t;
typedef struct
{
int type; /* Mask type */
union
{
cupsd_namemask_t name; /* Host/Domain name */
cupsd_ipmask_t ip; /* IP address/network */
} mask; /* Mask data */
} cupsd_authmask_t;
typedef struct
{
char *location; /* Location of resource */
size_t length; /* Length of location string */
ipp_op_t op; /* IPP operation */
int limit, /* Limit for these types of requests */
order_type, /* Allow or Deny */
type, /* Type of authentication */
level, /* Access level required */
satisfy; /* Satisfy any or all limits? */
cups_array_t *names, /* User or group names */
*allow, /* Allow lines */
*deny; /* Deny lines */
http_encryption_t encryption; /* To encrypt or not to encrypt... */
} cupsd_location_t;
typedef struct cupsd_client_s cupsd_client_t;
/*
* Globals...
*/
VAR cups_array_t *Locations VALUE(NULL);
/* Authorization locations */
#ifdef HAVE_SSL
VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
/* Default encryption for authentication */
#endif /* HAVE_SSL */
/*
* Prototypes...
*/
extern int cupsdAddIPMask(cups_array_t **masks,
const unsigned address[4],
const unsigned netmask[4]);
extern void cupsdAddLocation(cupsd_location_t *loc);
extern void cupsdAddName(cupsd_location_t *loc, char *name);
extern int cupsdAddNameMask(cups_array_t **masks, char *name);
extern void cupsdAuthorize(cupsd_client_t *con);
extern int cupsdCheckAccess(unsigned ip[4], const char *name, size_t namelen, cupsd_location_t *loc);
extern int cupsdCheckAuth(unsigned ip[4], const char *name, size_t namelen, cups_array_t *masks);
extern int cupsdCheckGroup(const char *username,
struct passwd *user,
const char *groupname);
extern cupsd_location_t *cupsdCopyLocation(cupsd_location_t *loc);
extern void cupsdDeleteAllLocations(void);
extern cupsd_location_t *cupsdFindBest(const char *path, http_state_t state);
extern cupsd_location_t *cupsdFindLocation(const char *location);
extern void cupsdFreeLocation(cupsd_location_t *loc);
extern http_status_t cupsdIsAuthorized(cupsd_client_t *con, const char *owner);
extern cupsd_location_t *cupsdNewLocation(const char *location);
|