|
|
a80764 |
diff --git a/cups/usersys.c b/cups/usersys.c
|
|
|
a80764 |
index ae66578..5a78f5d 100644
|
|
|
a80764 |
--- a/cups/usersys.c
|
|
|
a80764 |
+++ b/cups/usersys.c
|
|
|
a80764 |
@@ -59,23 +59,45 @@
|
|
|
a80764 |
|
|
|
a80764 |
|
|
|
a80764 |
/*
|
|
|
a80764 |
- * Local functions...
|
|
|
a80764 |
+ * Local types...
|
|
|
a80764 |
*/
|
|
|
a80764 |
|
|
|
a80764 |
-static void cups_read_client_conf(cups_file_t *fp,
|
|
|
a80764 |
- _cups_globals_t *cg,
|
|
|
a80764 |
- const char *cups_encryption,
|
|
|
a80764 |
- const char *cups_server,
|
|
|
a80764 |
- const char *cups_user,
|
|
|
a80764 |
+typedef struct _cups_client_conf_s /**** client.conf config data ****/
|
|
|
a80764 |
+{
|
|
|
a80764 |
+#ifdef HAVE_SSL
|
|
|
a80764 |
+ int ssl_options; /* SSLOptions values */
|
|
|
a80764 |
+#endif /* HAVE_SSL */
|
|
|
a80764 |
+ int any_root, /* Allow any (e.g., self-signed) root */
|
|
|
a80764 |
+ expired_certs, /* Allow expired certs */
|
|
|
a80764 |
+ expired_root; /* Allow expired root */
|
|
|
a80764 |
+ http_encryption_t encryption; /* Encryption setting */
|
|
|
a80764 |
+ char user[65], /* User name */
|
|
|
a80764 |
+ server_name[256];
|
|
|
a80764 |
+ /* Server hostname */
|
|
|
a80764 |
#ifdef HAVE_GSSAPI
|
|
|
a80764 |
- const char *cups_gssservicename,
|
|
|
a80764 |
+ char gss_service_name[32];
|
|
|
a80764 |
+ /* Kerberos service name */
|
|
|
a80764 |
#endif /* HAVE_GSSAPI */
|
|
|
a80764 |
- const char *cups_anyroot,
|
|
|
a80764 |
- const char *cups_expiredroot,
|
|
|
a80764 |
- const char *cups_expiredcerts,
|
|
|
a80764 |
- int ssl_options);
|
|
|
a80764 |
+} _cups_client_conf_t;
|
|
|
a80764 |
|
|
|
a80764 |
|
|
|
a80764 |
+/*
|
|
|
a80764 |
+ * Local functions...
|
|
|
a80764 |
+ */
|
|
|
a80764 |
+
|
|
|
a80764 |
+static void cups_finalize_client_conf(_cups_client_conf_t *cc);
|
|
|
a80764 |
+static void cups_init_client_conf(_cups_client_conf_t *cc);
|
|
|
a80764 |
+static void cups_read_client_conf(cups_file_t *fp, _cups_client_conf_t *cc);
|
|
|
a80764 |
+static void cups_set_encryption(_cups_client_conf_t *cc, const char *value);
|
|
|
a80764 |
+#ifdef HAVE_GSSAPI
|
|
|
a80764 |
+static void cups_set_gss_service_name(_cups_client_conf_t *cc, const char *value);
|
|
|
a80764 |
+#endif /* HAVE_GSSAPI */
|
|
|
a80764 |
+static void cups_set_server_name(_cups_client_conf_t *cc, const char *value);
|
|
|
a80764 |
+#ifdef HAVE_SSL
|
|
|
a80764 |
+static void cups_set_ssl_options(_cups_client_conf_t *cc, const char *value);
|
|
|
a80764 |
+#endif /* HAVE_SSL */
|
|
|
a80764 |
+static void cups_set_user(_cups_client_conf_t *cc, const char *value);
|
|
|
a80764 |
+
|
|
|
a80764 |
/*
|
|
|
a80764 |
* 'cupsEncryption()' - Get the current encryption settings.
|
|
|
a80764 |
*
|
|
|
a80764 |
@@ -784,119 +806,249 @@ void
|
|
|
a80764 |
_cupsSetDefaults(void)
|
|
|
a80764 |
{
|
|
|
a80764 |
cups_file_t *fp; /* File */
|
|
|
a80764 |
- const char *home, /* Home directory of user */
|
|
|
a80764 |
- *cups_encryption, /* CUPS_ENCRYPTION env var */
|
|
|
a80764 |
- *cups_server, /* CUPS_SERVER env var */
|
|
|
a80764 |
- *cups_user, /* CUPS_USER/USER env var */
|
|
|
a80764 |
-#ifdef HAVE_GSSAPI
|
|
|
a80764 |
- *cups_gssservicename, /* CUPS_GSSSERVICENAME env var */
|
|
|
a80764 |
-#endif /* HAVE_GSSAPI */
|
|
|
a80764 |
- *cups_anyroot, /* CUPS_ANYROOT env var */
|
|
|
a80764 |
- *cups_expiredroot, /* CUPS_EXPIREDROOT env var */
|
|
|
a80764 |
- *cups_expiredcerts; /* CUPS_EXPIREDCERTS env var */
|
|
|
a80764 |
+ const char *home; /* Home directory of user */
|
|
|
a80764 |
char filename[1024]; /* Filename */
|
|
|
a80764 |
+ _cups_client_conf_t cc; /* client.conf values */
|
|
|
a80764 |
_cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
|
|
|
a80764 |
|
|
|
a80764 |
|
|
|
a80764 |
DEBUG_puts("_cupsSetDefaults()");
|
|
|
a80764 |
|
|
|
a80764 |
/*
|
|
|
a80764 |
- * First collect environment variables...
|
|
|
a80764 |
+ * Load initial client.conf values...
|
|
|
a80764 |
*/
|
|
|
a80764 |
|
|
|
a80764 |
- cups_encryption = getenv("CUPS_ENCRYPTION");
|
|
|
a80764 |
- cups_server = getenv("CUPS_SERVER");
|
|
|
a80764 |
-#ifdef HAVE_GSSAPI
|
|
|
a80764 |
- cups_gssservicename = getenv("CUPS_GSSSERVICENAME");
|
|
|
a80764 |
-#endif /* HAVE_GSSAPI */
|
|
|
a80764 |
- cups_anyroot = getenv("CUPS_ANYROOT");
|
|
|
a80764 |
- cups_expiredroot = getenv("CUPS_EXPIREDROOT");
|
|
|
a80764 |
- cups_expiredcerts = getenv("CUPS_EXPIREDCERTS");
|
|
|
a80764 |
+ cups_init_client_conf(&cc);
|
|
|
a80764 |
|
|
|
a80764 |
- if ((cups_user = getenv("CUPS_USER")) == NULL)
|
|
|
a80764 |
+ /*
|
|
|
a80764 |
+ * Read the /etc/cups/client.conf and ~/.cups/client.conf files, if
|
|
|
a80764 |
+ * present.
|
|
|
a80764 |
+ */
|
|
|
a80764 |
+
|
|
|
a80764 |
+ snprintf(filename, sizeof(filename), "%s/client.conf", cg->cups_serverroot);
|
|
|
a80764 |
+ if ((fp = cupsFileOpen(filename, "r")) != NULL)
|
|
|
a80764 |
+ {
|
|
|
a80764 |
+ cups_read_client_conf(fp, &cc);
|
|
|
a80764 |
+ cupsFileClose(fp);
|
|
|
a80764 |
+ }
|
|
|
a80764 |
+
|
|
|
a80764 |
+# ifdef HAVE_GETEUID
|
|
|
a80764 |
+ if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() &&
|
|
|
a80764 |
+ (home = getenv("HOME")) != NULL)
|
|
|
a80764 |
+# else
|
|
|
a80764 |
+ if ((home = getenv("HOME")) != NULL)
|
|
|
a80764 |
+# endif
|
|
|
a80764 |
{
|
|
|
a80764 |
/*
|
|
|
a80764 |
- * Try the USER environment variable...
|
|
|
a80764 |
+ * Look for ~/.cups/client.conf...
|
|
|
a80764 |
*/
|
|
|
a80764 |
|
|
|
a80764 |
- if ((cups_user = getenv("USER")) != NULL)
|
|
|
a80764 |
+ snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home);
|
|
|
a80764 |
+ if ((fp = cupsFileOpen(filename, "r")) != NULL)
|
|
|
a80764 |
{
|
|
|
a80764 |
- /*
|
|
|
a80764 |
- * Validate USER matches the current UID, otherwise don't allow it to
|
|
|
a80764 |
- * override things... This makes sure that printing after doing su or
|
|
|
a80764 |
- * sudo records the correct username.
|
|
|
a80764 |
- */
|
|
|
a80764 |
+ cups_read_client_conf(fp, &cc);
|
|
|
a80764 |
+ cupsFileClose(fp);
|
|
|
a80764 |
+ }
|
|
|
a80764 |
+ }
|
|
|
a80764 |
+
|
|
|
a80764 |
+ /*
|
|
|
a80764 |
+ * Finalize things so every client.conf value is set...
|
|
|
a80764 |
+ */
|
|
|
a80764 |
|
|
|
a80764 |
- struct passwd *pw; /* Account information */
|
|
|
a80764 |
+ cups_finalize_client_conf(&cc);
|
|
|
a80764 |
|
|
|
a80764 |
- if ((pw = getpwnam(cups_user)) == NULL || pw->pw_uid != getuid())
|
|
|
a80764 |
- cups_user = NULL;
|
|
|
a80764 |
+ if (cg->encryption == (http_encryption_t)-1)
|
|
|
a80764 |
+ cg->encryption = cc.encryption;
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if (!cg->server[0] || !cg->ipp_port)
|
|
|
a80764 |
+ cupsSetServer(cc.server_name);
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if (!cg->ipp_port)
|
|
|
a80764 |
+ {
|
|
|
a80764 |
+ const char *ipp_port; /* IPP_PORT environment variable */
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if ((ipp_port = getenv("IPP_PORT")) != NULL)
|
|
|
a80764 |
+ {
|
|
|
a80764 |
+ if ((cg->ipp_port = atoi(ipp_port)) <= 0)
|
|
|
a80764 |
+ cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
|
|
|
a80764 |
}
|
|
|
a80764 |
+ else
|
|
|
a80764 |
+ cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
|
|
|
a80764 |
}
|
|
|
a80764 |
|
|
|
a80764 |
+ if (!cg->user[0])
|
|
|
a80764 |
+ strlcpy(cg->user, cc.user, sizeof(cg->user));
|
|
|
a80764 |
+
|
|
|
a80764 |
+#ifdef HAVE_GSSAPI
|
|
|
a80764 |
+ if (!cg->gss_service_name[0])
|
|
|
a80764 |
+ strlcpy(cg->gss_service_name, cc.gss_service_name, sizeof(cg->gss_service_name));
|
|
|
a80764 |
+#endif /* HAVE_GSSAPI */
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if (cg->any_root < 0)
|
|
|
a80764 |
+ cg->any_root = cc.any_root;
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if (cg->expired_certs < 0)
|
|
|
a80764 |
+ cg->expired_certs = cc.expired_certs;
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if (cg->expired_root < 0)
|
|
|
a80764 |
+ cg->expired_root = cc.expired_root;
|
|
|
a80764 |
+
|
|
|
a80764 |
+#ifdef HAVE_SSL
|
|
|
a80764 |
+ _httpTLSSetOptions(cc.ssl_options);
|
|
|
a80764 |
+#endif /* HAVE_SSL */
|
|
|
a80764 |
+}
|
|
|
a80764 |
+
|
|
|
a80764 |
+
|
|
|
a80764 |
+/*
|
|
|
a80764 |
+ * 'cups_boolean_value()' - Convert a string to a boolean value.
|
|
|
a80764 |
+ */
|
|
|
a80764 |
+
|
|
|
a80764 |
+static int /* O - Boolean value */
|
|
|
a80764 |
+cups_boolean_value(const char *value) /* I - String value */
|
|
|
a80764 |
+{
|
|
|
a80764 |
+ return (!_cups_strcasecmp(value, "yes") || !_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "true"));
|
|
|
a80764 |
+}
|
|
|
a80764 |
+
|
|
|
a80764 |
+
|
|
|
a80764 |
+/*
|
|
|
a80764 |
+ * 'cups_finalize_client_conf()' - Finalize client.conf values.
|
|
|
a80764 |
+ */
|
|
|
a80764 |
+
|
|
|
a80764 |
+static void
|
|
|
a80764 |
+cups_finalize_client_conf(
|
|
|
a80764 |
+ _cups_client_conf_t *cc) /* I - client.conf values */
|
|
|
a80764 |
+{
|
|
|
a80764 |
+ const char *value; /* Environment variable */
|
|
|
a80764 |
+
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if ((value = getenv("CUPS_ANYROOT")) != NULL)
|
|
|
a80764 |
+ cc->any_root = cups_boolean_value(value);
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if ((value = getenv("CUPS_ENCRYPTION")) != NULL)
|
|
|
a80764 |
+ cups_set_encryption(cc, value);
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if ((value = getenv("CUPS_EXPIREDCERTS")) != NULL)
|
|
|
a80764 |
+ cc->expired_certs = cups_boolean_value(value);
|
|
|
a80764 |
+
|
|
|
a80764 |
+#ifdef HAVE_GSSAPI
|
|
|
a80764 |
+ if ((value = getenv("CUPS_GSSSERVICENAME")) != NULL)
|
|
|
a80764 |
+ cups_set_gss_service_name(cc, value);
|
|
|
a80764 |
+#endif /* HAVE_GSSAPI */
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if ((value = getenv("CUPS_SERVER")) != NULL)
|
|
|
a80764 |
+ cups_set_server_name(cc, value);
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if ((value = getenv("CUPS_USER")) != NULL)
|
|
|
a80764 |
+ cups_set_user(cc, value);
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if ((value = getenv("CUPS_EXPIREDROOT")) != NULL)
|
|
|
a80764 |
+ cc->expired_root = cups_boolean_value(value);
|
|
|
a80764 |
+
|
|
|
a80764 |
/*
|
|
|
a80764 |
- * Then, if needed, read the ~/.cups/client.conf or /etc/cups/client.conf
|
|
|
a80764 |
- * files to get the default values...
|
|
|
a80764 |
+ * Then apply defaults for those values that haven't been set...
|
|
|
a80764 |
*/
|
|
|
a80764 |
|
|
|
a80764 |
- if (cg->encryption == (http_encryption_t)-1 || !cg->server[0] ||
|
|
|
a80764 |
- !cg->user[0] || !cg->ipp_port)
|
|
|
a80764 |
+ if (cc->any_root < 0)
|
|
|
a80764 |
+ cc->any_root = 1;
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if (cc->encryption == (http_encryption_t)-1)
|
|
|
a80764 |
+ cc->encryption = HTTP_ENCRYPT_IF_REQUESTED;
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if (cc->expired_certs < 0)
|
|
|
a80764 |
+ cc->expired_certs = 1;
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if (cc->expired_root < 0)
|
|
|
a80764 |
+ cc->expired_root = 0;
|
|
|
a80764 |
+
|
|
|
a80764 |
+#ifdef HAVE_GSSAPI
|
|
|
a80764 |
+ if (!cc->gss_service_name[0])
|
|
|
a80764 |
+ cups_set_gss_service_name(cc, CUPS_DEFAULT_GSSSERVICENAME);
|
|
|
a80764 |
+#endif /* HAVE_GSSAPI */
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if (!cc->server_name[0])
|
|
|
a80764 |
{
|
|
|
a80764 |
+#ifdef CUPS_DEFAULT_DOMAINSOCKET
|
|
|
a80764 |
/*
|
|
|
a80764 |
- * Look for CUPS_SERVERROOT/client.conf...
|
|
|
a80764 |
+ * If we are compiled with domain socket support, only use the
|
|
|
a80764 |
+ * domain socket if it exists and has the right permissions...
|
|
|
a80764 |
*/
|
|
|
a80764 |
|
|
|
a80764 |
- snprintf(filename, sizeof(filename), "%s/client.conf",
|
|
|
a80764 |
- cg->cups_serverroot);
|
|
|
a80764 |
- fp = cupsFileOpen(filename, "r");
|
|
|
a80764 |
+ if (!access(CUPS_DEFAULT_DOMAINSOCKET, R_OK))
|
|
|
a80764 |
+ cups_set_server_name(cc, CUPS_DEFAULT_DOMAINSOCKET);
|
|
|
a80764 |
+ else
|
|
|
a80764 |
+#endif /* CUPS_DEFAULT_DOMAINSOCKET */
|
|
|
a80764 |
+ cups_set_server_name(cc, "localhost");
|
|
|
a80764 |
+ }
|
|
|
a80764 |
|
|
|
a80764 |
+ if (!cc->user[0])
|
|
|
a80764 |
+ {
|
|
|
a80764 |
+#ifdef WIN32
|
|
|
a80764 |
/*
|
|
|
a80764 |
- * Read the configuration file and apply any environment variables; both
|
|
|
a80764 |
- * functions handle NULL cups_file_t pointers...
|
|
|
a80764 |
+ * Get the current user name from the OS...
|
|
|
a80764 |
*/
|
|
|
a80764 |
|
|
|
a80764 |
- cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user,
|
|
|
a80764 |
-#ifdef HAVE_GSSAPI
|
|
|
a80764 |
- cups_gssservicename,
|
|
|
a80764 |
-#endif /* HAVE_GSSAPI */
|
|
|
a80764 |
- cups_anyroot, cups_expiredroot,
|
|
|
a80764 |
- cups_expiredcerts, 1);
|
|
|
a80764 |
- cupsFileClose(fp);
|
|
|
a80764 |
+ DWORD size; /* Size of string */
|
|
|
a80764 |
|
|
|
a80764 |
+ size = sizeof(cc->user);
|
|
|
a80764 |
+ if (!GetUserName(cc->user, &size))
|
|
|
a80764 |
+#else
|
|
|
a80764 |
/*
|
|
|
a80764 |
- * Then user defaults, if it is safe to do so...
|
|
|
a80764 |
+ * Try the USER environment variable as the default username...
|
|
|
a80764 |
*/
|
|
|
a80764 |
|
|
|
a80764 |
-#ifdef HAVE_GETEUID
|
|
|
a80764 |
- if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() &&
|
|
|
a80764 |
- (home = getenv("HOME")) != NULL)
|
|
|
a80764 |
-#else
|
|
|
a80764 |
- if ((home = getenv("HOME")) != NULL)
|
|
|
a80764 |
-#endif
|
|
|
a80764 |
+ const char *envuser = getenv("USER");
|
|
|
a80764 |
+ /* Default username */
|
|
|
a80764 |
+ struct passwd *pw = NULL; /* Account information */
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if (envuser)
|
|
|
a80764 |
{
|
|
|
a80764 |
/*
|
|
|
a80764 |
- * Look for ~/.cups/client.conf...
|
|
|
a80764 |
+ * Validate USER matches the current UID, otherwise don't allow it to
|
|
|
a80764 |
+ * override things... This makes sure that printing after doing su
|
|
|
a80764 |
+ * or sudo records the correct username.
|
|
|
a80764 |
*/
|
|
|
a80764 |
|
|
|
a80764 |
- snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home);
|
|
|
a80764 |
- fp = cupsFileOpen(filename, "r");
|
|
|
a80764 |
+ if ((pw = getpwnam(envuser)) != NULL && pw->pw_uid != getuid())
|
|
|
a80764 |
+ pw = NULL;
|
|
|
a80764 |
+ }
|
|
|
a80764 |
+
|
|
|
a80764 |
+ if (!pw)
|
|
|
a80764 |
+ pw = getpwuid(getuid());
|
|
|
a80764 |
|
|
|
a80764 |
+ if (pw)
|
|
|
a80764 |
+ strlcpy(cc->user, pw->pw_name, sizeof(cc->user));
|
|
|
a80764 |
+ else
|
|
|
a80764 |
+#endif /* WIN32 */
|
|
|
a80764 |
+ {
|
|
|
a80764 |
/*
|
|
|
a80764 |
- * Read the configuration file and apply any environment variables; both
|
|
|
a80764 |
- * functions handle NULL cups_file_t pointers...
|
|
|
a80764 |
+ * Use the default "unknown" user name...
|
|
|
a80764 |
*/
|
|
|
a80764 |
|
|
|
a80764 |
- cups_read_client_conf(fp, cg, cups_encryption, cups_server, cups_user,
|
|
|
a80764 |
-#ifdef HAVE_GSSAPI
|
|
|
a80764 |
- cups_gssservicename,
|
|
|
a80764 |
-#endif /* HAVE_GSSAPI */
|
|
|
a80764 |
- cups_anyroot, cups_expiredroot,
|
|
|
a80764 |
- cups_expiredcerts, 0);
|
|
|
a80764 |
- cupsFileClose(fp);
|
|
|
a80764 |
+ strlcpy(cc->user, "unknown", sizeof(cc->user));
|
|
|
a80764 |
}
|
|
|
a80764 |
}
|
|
|
a80764 |
}
|
|
|
a80764 |
|
|
|
a80764 |
+/*
|
|
|
a80764 |
+ * 'cups_init_client_conf()' - Initialize client.conf values.
|
|
|
a80764 |
+ */
|
|
|
a80764 |
+
|
|
|
a80764 |
+static void
|
|
|
a80764 |
+cups_init_client_conf(
|
|
|
a80764 |
+ _cups_client_conf_t *cc) /* I - client.conf values */
|
|
|
a80764 |
+{
|
|
|
a80764 |
+ /*
|
|
|
a80764 |
+ * Clear all values to "not set"...
|
|
|
a80764 |
+ */
|
|
|
a80764 |
+
|
|
|
a80764 |
+ memset(cc, 0, sizeof(_cups_client_conf_t));
|
|
|
a80764 |
+
|
|
|
a80764 |
+ cc->encryption = (http_encryption_t)-1;
|
|
|
a80764 |
+ cc->any_root = -1;
|
|
|
a80764 |
+ cc->expired_certs = -1;
|
|
|
a80764 |
+ cc->expired_root = -1;
|
|
|
a80764 |
+}
|
|
|
a80764 |
+
|
|
|
a80764 |
|
|
|
a80764 |
/*
|
|
|
a80764 |
* 'cups_read_client_conf()' - Read a client.conf file.
|
|
|
a80764 |
@@ -904,35 +1056,12 @@ _cupsSetDefaults(void)
|
|
|
a80764 |
|
|
|
a80764 |
static void
|
|
|
a80764 |
cups_read_client_conf(
|
|
|
a80764 |
- cups_file_t *fp, /* I - File to read */
|
|
|
a80764 |
- _cups_globals_t *cg, /* I - Global data */
|
|
|
a80764 |
- const char *cups_encryption, /* I - CUPS_ENCRYPTION env var */
|
|
|
a80764 |
- const char *cups_server, /* I - CUPS_SERVER env var */
|
|
|
a80764 |
- const char *cups_user, /* I - CUPS_USER env var */
|
|
|
a80764 |
-#ifdef HAVE_GSSAPI
|
|
|
a80764 |
- const char *cups_gssservicename,
|
|
|
a80764 |
- /* I - CUPS_GSSSERVICENAME env var */
|
|
|
a80764 |
-#endif /* HAVE_GSSAPI */
|
|
|
a80764 |
- const char *cups_anyroot, /* I - CUPS_ANYROOT env var */
|
|
|
a80764 |
- const char *cups_expiredroot, /* I - CUPS_EXPIREDROOT env var */
|
|
|
a80764 |
- const char *cups_expiredcerts, /* I - CUPS_EXPIREDCERTS env var */
|
|
|
a80764 |
- int ssl_options) /* I - Allow setting of SSLOptions? */
|
|
|
a80764 |
+ cups_file_t *fp, /* I - File to read */
|
|
|
a80764 |
+ _cups_client_conf_t *cc) /* I - client.conf values */
|
|
|
a80764 |
{
|
|
|
a80764 |
int linenum; /* Current line number */
|
|
|
a80764 |
char line[1024], /* Line from file */
|
|
|
a80764 |
- *value, /* Pointer into line */
|
|
|
a80764 |
- encryption[1024], /* Encryption value */
|
|
|
a80764 |
-#ifndef __APPLE__
|
|
|
a80764 |
- server_name[1024], /* ServerName value */
|
|
|
a80764 |
-#endif /* !__APPLE__ */
|
|
|
a80764 |
- user[256], /* User value */
|
|
|
a80764 |
- any_root[1024], /* AllowAnyRoot value */
|
|
|
a80764 |
- expired_root[1024], /* AllowExpiredRoot value */
|
|
|
a80764 |
- expired_certs[1024]; /* AllowExpiredCerts value */
|
|
|
a80764 |
-#ifdef HAVE_GSSAPI
|
|
|
a80764 |
- char gss_service_name[32]; /* GSSServiceName value */
|
|
|
a80764 |
-#endif /* HAVE_GSSAPI */
|
|
|
a80764 |
-
|
|
|
a80764 |
+ *value; /* Pointer into line */
|
|
|
a80764 |
|
|
|
a80764 |
/*
|
|
|
a80764 |
* Read from the file...
|
|
|
a80764 |
@@ -941,214 +1070,146 @@ cups_read_client_conf(
|
|
|
a80764 |
linenum = 0;
|
|
|
a80764 |
while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
|
|
|
a80764 |
{
|
|
|
a80764 |
- if (!cups_encryption && cg->encryption == (http_encryption_t)-1 &&
|
|
|
a80764 |
- !_cups_strcasecmp(line, "Encryption") && value)
|
|
|
a80764 |
- {
|
|
|
a80764 |
- strlcpy(encryption, value, sizeof(encryption));
|
|
|
a80764 |
- cups_encryption = encryption;
|
|
|
a80764 |
- }
|
|
|
a80764 |
+ if (!_cups_strcasecmp(line, "Encryption") && value)
|
|
|
a80764 |
+ cups_set_encryption(cc, value);
|
|
|
a80764 |
#ifndef __APPLE__
|
|
|
a80764 |
/*
|
|
|
a80764 |
* The Server directive is not supported on OS X due to app sandboxing
|
|
|
a80764 |
* restrictions, i.e. not all apps request network access.
|
|
|
a80764 |
*/
|
|
|
a80764 |
- else if (!cups_server && (!cg->server[0] || !cg->ipp_port) &&
|
|
|
a80764 |
- !_cups_strcasecmp(line, "ServerName") && value)
|
|
|
a80764 |
- {
|
|
|
a80764 |
- strlcpy(server_name, value, sizeof(server_name));
|
|
|
a80764 |
- cups_server = server_name;
|
|
|
a80764 |
- }
|
|
|
a80764 |
+ else if (!_cups_strcasecmp(line, "ServerName") && value)
|
|
|
a80764 |
+ cups_set_server_name(cc, value);
|
|
|
a80764 |
#endif /* !__APPLE__ */
|
|
|
a80764 |
- else if (!cups_user && !_cups_strcasecmp(line, "User") && value)
|
|
|
a80764 |
- {
|
|
|
a80764 |
- strlcpy(user, value, sizeof(user));
|
|
|
a80764 |
- cups_user = user;
|
|
|
a80764 |
- }
|
|
|
a80764 |
- else if (!cups_anyroot && !_cups_strcasecmp(line, "AllowAnyRoot") && value)
|
|
|
a80764 |
- {
|
|
|
a80764 |
- strlcpy(any_root, value, sizeof(any_root));
|
|
|
a80764 |
- cups_anyroot = any_root;
|
|
|
a80764 |
- }
|
|
|
a80764 |
- else if (!cups_expiredroot && !_cups_strcasecmp(line, "AllowExpiredRoot") &&
|
|
|
a80764 |
- value)
|
|
|
a80764 |
- {
|
|
|
a80764 |
- strlcpy(expired_root, value, sizeof(expired_root));
|
|
|
a80764 |
- cups_expiredroot = expired_root;
|
|
|
a80764 |
- }
|
|
|
a80764 |
- else if (!cups_expiredcerts && !_cups_strcasecmp(line, "AllowExpiredCerts") &&
|
|
|
a80764 |
- value)
|
|
|
a80764 |
- {
|
|
|
a80764 |
- strlcpy(expired_certs, value, sizeof(expired_certs));
|
|
|
a80764 |
- cups_expiredcerts = expired_certs;
|
|
|
a80764 |
- }
|
|
|
a80764 |
+ else if (!_cups_strcasecmp(line, "User") && value)
|
|
|
a80764 |
+ cups_set_user(cc, value);
|
|
|
a80764 |
+ else if (!_cups_strcasecmp(line, "AllowAnyRoot") && value)
|
|
|
a80764 |
+ cc->any_root = cups_boolean_value(value);
|
|
|
a80764 |
+ else if (!_cups_strcasecmp(line, "AllowExpiredRoot") && value)
|
|
|
a80764 |
+ cc->expired_root = cups_boolean_value(value);
|
|
|
a80764 |
+ else if (!_cups_strcasecmp(line, "AllowExpiredCerts") && value)
|
|
|
a80764 |
+ cc->expired_certs = cups_boolean_value(value);
|
|
|
a80764 |
#ifdef HAVE_GSSAPI
|
|
|
a80764 |
- else if (!cups_gssservicename && !_cups_strcasecmp(line, "GSSServiceName") &&
|
|
|
a80764 |
- value)
|
|
|
a80764 |
- {
|
|
|
a80764 |
- strlcpy(gss_service_name, value, sizeof(gss_service_name));
|
|
|
a80764 |
- cups_gssservicename = gss_service_name;
|
|
|
a80764 |
- }
|
|
|
a80764 |
+ else if (!_cups_strcasecmp(line, "GSSServiceName") && value)
|
|
|
a80764 |
+ cups_set_gss_service_name(cc, value);
|
|
|
a80764 |
#endif /* HAVE_GSSAPI */
|
|
|
a80764 |
- else if (ssl_options && !_cups_strcasecmp(line, "SSLOptions") && value)
|
|
|
a80764 |
- {
|
|
|
a80764 |
- /*
|
|
|
a80764 |
- * SSLOptions [AllowRC4] [AllowSSL3] [MinTLS1.2] [None]
|
|
|
a80764 |
- */
|
|
|
a80764 |
-
|
|
|
a80764 |
- int options = 0; /* SSL/TLS options */
|
|
|
a80764 |
- char *start, /* Start of option */
|
|
|
a80764 |
- *end; /* End of option */
|
|
|
a80764 |
-
|
|
|
a80764 |
- for (start = value; *start; start = end)
|
|
|
a80764 |
- {
|
|
|
a80764 |
- /*
|
|
|
a80764 |
- * Find end of keyword...
|
|
|
a80764 |
- */
|
|
|
a80764 |
-
|
|
|
a80764 |
- end = start;
|
|
|
a80764 |
- while (*end && !_cups_isspace(*end))
|
|
|
a80764 |
- end++;
|
|
|
a80764 |
-
|
|
|
a80764 |
- if (*end)
|
|
|
a80764 |
- *end++ = '\0';
|
|
|
a80764 |
-
|
|
|
a80764 |
- /*
|
|
|
a80764 |
- * Compare...
|
|
|
a80764 |
- */
|
|
|
a80764 |
-
|
|
|
a80764 |
- if (!_cups_strcasecmp(start, "AllowRC4"))
|
|
|
a80764 |
- options |= _HTTP_TLS_ALLOW_RC4;
|
|
|
a80764 |
- else if (!_cups_strcasecmp(start, "AllowSSL3"))
|
|
|
a80764 |
- options |= _HTTP_TLS_ALLOW_SSL3;
|
|
|
a80764 |
- else if (!_cups_strcasecmp(start, "MinTLS1.2"))
|
|
|
a80764 |
- options |= _HTTP_TLS_MIN_TLS12;
|
|
|
a80764 |
- else if (!_cups_strcasecmp(start, "None"))
|
|
|
a80764 |
- options = 0;
|
|
|
a80764 |
- }
|
|
|
a80764 |
-
|
|
|
a80764 |
- _httpTLSSetOptions(options);
|
|
|
a80764 |
- }
|
|
|
a80764 |
+ else if (!_cups_strcasecmp(line, "SSLOptions") && value)
|
|
|
a80764 |
+ cups_set_ssl_options(cc, value);
|
|
|
a80764 |
}
|
|
|
a80764 |
+}
|
|
|
a80764 |
|
|
|
a80764 |
- /*
|
|
|
a80764 |
- * Set values...
|
|
|
a80764 |
- */
|
|
|
a80764 |
+/*
|
|
|
a80764 |
+ * 'cups_set_encryption()' - Set the Encryption value.
|
|
|
a80764 |
+ */
|
|
|
a80764 |
|
|
|
a80764 |
- if (cg->encryption == (http_encryption_t)-1 && cups_encryption)
|
|
|
a80764 |
- {
|
|
|
a80764 |
- if (!_cups_strcasecmp(cups_encryption, "never"))
|
|
|
a80764 |
- cg->encryption = HTTP_ENCRYPT_NEVER;
|
|
|
a80764 |
- else if (!_cups_strcasecmp(cups_encryption, "always"))
|
|
|
a80764 |
- cg->encryption = HTTP_ENCRYPT_ALWAYS;
|
|
|
a80764 |
- else if (!_cups_strcasecmp(cups_encryption, "required"))
|
|
|
a80764 |
- cg->encryption = HTTP_ENCRYPT_REQUIRED;
|
|
|
a80764 |
- else
|
|
|
a80764 |
- cg->encryption = HTTP_ENCRYPT_IF_REQUESTED;
|
|
|
a80764 |
- }
|
|
|
a80764 |
+static void
|
|
|
a80764 |
+cups_set_encryption(
|
|
|
a80764 |
+ _cups_client_conf_t *cc, /* I - client.conf values */
|
|
|
a80764 |
+ const char *value) /* I - Value */
|
|
|
a80764 |
+{
|
|
|
a80764 |
+ if (!_cups_strcasecmp(value, "never"))
|
|
|
a80764 |
+ cc->encryption = HTTP_ENCRYPT_NEVER;
|
|
|
a80764 |
+ else if (!_cups_strcasecmp(value, "always"))
|
|
|
a80764 |
+ cc->encryption = HTTP_ENCRYPT_ALWAYS;
|
|
|
a80764 |
+ else if (!_cups_strcasecmp(value, "required"))
|
|
|
a80764 |
+ cc->encryption = HTTP_ENCRYPT_REQUIRED;
|
|
|
a80764 |
+ else
|
|
|
a80764 |
+ cc->encryption = HTTP_ENCRYPT_IF_REQUESTED;
|
|
|
a80764 |
+}
|
|
|
a80764 |
|
|
|
a80764 |
- if ((!cg->server[0] || !cg->ipp_port) && cups_server)
|
|
|
a80764 |
- cupsSetServer(cups_server);
|
|
|
a80764 |
|
|
|
a80764 |
- if (!cg->server[0])
|
|
|
a80764 |
- {
|
|
|
a80764 |
-#ifdef CUPS_DEFAULT_DOMAINSOCKET
|
|
|
a80764 |
- /*
|
|
|
a80764 |
- * If we are compiled with domain socket support, only use the
|
|
|
a80764 |
- * domain socket if it exists and has the right permissions...
|
|
|
a80764 |
- */
|
|
|
a80764 |
|
|
|
a80764 |
- struct stat sockinfo; /* Domain socket information */
|
|
|
a80764 |
+/*
|
|
|
a80764 |
+ * 'cups_set_gss_service_name()' - Set the GSSServiceName value.
|
|
|
a80764 |
+ */
|
|
|
a80764 |
|
|
|
a80764 |
- if (!stat(CUPS_DEFAULT_DOMAINSOCKET, &sockinfo) &&
|
|
|
a80764 |
- (sockinfo.st_mode & (S_IROTH | S_IWOTH)) == (S_IROTH | S_IWOTH))
|
|
|
a80764 |
- cups_server = CUPS_DEFAULT_DOMAINSOCKET;
|
|
|
a80764 |
- else
|
|
|
a80764 |
-#endif /* CUPS_DEFAULT_DOMAINSOCKET */
|
|
|
a80764 |
- cups_server = "localhost";
|
|
|
a80764 |
+#ifdef HAVE_GSSAPI
|
|
|
a80764 |
+static void
|
|
|
a80764 |
+cups_set_gss_service_name(
|
|
|
a80764 |
+ _cups_client_conf_t *cc, /* I - client.conf values */
|
|
|
a80764 |
+ const char *value) /* I - Value */
|
|
|
a80764 |
+{
|
|
|
a80764 |
+ strlcpy(cc->gss_service_name, value, sizeof(cc->gss_service_name));
|
|
|
a80764 |
+}
|
|
|
a80764 |
+#endif /* HAVE_GSSAPI */
|
|
|
a80764 |
|
|
|
a80764 |
- cupsSetServer(cups_server);
|
|
|
a80764 |
- }
|
|
|
a80764 |
|
|
|
a80764 |
- if (!cg->ipp_port)
|
|
|
a80764 |
- {
|
|
|
a80764 |
- const char *ipp_port; /* IPP_PORT environment variable */
|
|
|
a80764 |
+/*
|
|
|
a80764 |
+ * 'cups_set_server_name()' - Set the ServerName value.
|
|
|
a80764 |
+ */
|
|
|
a80764 |
|
|
|
a80764 |
- if ((ipp_port = getenv("IPP_PORT")) != NULL)
|
|
|
a80764 |
- {
|
|
|
a80764 |
- if ((cg->ipp_port = atoi(ipp_port)) <= 0)
|
|
|
a80764 |
- cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
|
|
|
a80764 |
- }
|
|
|
a80764 |
- else
|
|
|
a80764 |
- cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
|
|
|
a80764 |
- }
|
|
|
a80764 |
+static void
|
|
|
a80764 |
+cups_set_server_name(
|
|
|
a80764 |
+ _cups_client_conf_t *cc, /* I - client.conf values */
|
|
|
a80764 |
+ const char *value) /* I - Value */
|
|
|
a80764 |
+{
|
|
|
a80764 |
+ strlcpy(cc->server_name, value, sizeof(cc->server_name));
|
|
|
a80764 |
+}
|
|
|
a80764 |
|
|
|
a80764 |
- if (!cg->user[0])
|
|
|
a80764 |
- {
|
|
|
a80764 |
- if (cups_user)
|
|
|
a80764 |
- strlcpy(cg->user, cups_user, sizeof(cg->user));
|
|
|
a80764 |
- else
|
|
|
a80764 |
- {
|
|
|
a80764 |
-#ifdef WIN32
|
|
|
a80764 |
- /*
|
|
|
a80764 |
- * Get the current user name from the OS...
|
|
|
a80764 |
- */
|
|
|
a80764 |
|
|
|
a80764 |
- DWORD size; /* Size of string */
|
|
|
a80764 |
+/*
|
|
|
a80764 |
+ * 'cups_set_ssl_options()' - Set the SSLOptions value.
|
|
|
a80764 |
+ */
|
|
|
a80764 |
|
|
|
a80764 |
- size = sizeof(cg->user);
|
|
|
a80764 |
- if (!GetUserName(cg->user, &size))
|
|
|
a80764 |
-#else
|
|
|
a80764 |
- /*
|
|
|
a80764 |
- * Get the user name corresponding to the current UID...
|
|
|
a80764 |
- */
|
|
|
a80764 |
+#ifdef HAVE_SSL
|
|
|
a80764 |
+static void
|
|
|
a80764 |
+cups_set_ssl_options(
|
|
|
a80764 |
+ _cups_client_conf_t *cc, /* I - client.conf values */
|
|
|
a80764 |
+ const char *value) /* I - Value */
|
|
|
a80764 |
+{
|
|
|
a80764 |
+ /*
|
|
|
a80764 |
+ * SSLOptions [AllowRC4] [AllowSSL3] [MinTLS1.2] [None]
|
|
|
a80764 |
+ */
|
|
|
a80764 |
|
|
|
a80764 |
- struct passwd *pwd; /* User/password entry */
|
|
|
a80764 |
+ int options = 0; /* SSL/TLS options */
|
|
|
a80764 |
+ char temp[256], /* Copy of value */
|
|
|
a80764 |
+ *start, /* Start of option */
|
|
|
a80764 |
+ *end; /* End of option */
|
|
|
a80764 |
|
|
|
a80764 |
- setpwent();
|
|
|
a80764 |
- if ((pwd = getpwuid(getuid())) != NULL)
|
|
|
a80764 |
- {
|
|
|
a80764 |
- /*
|
|
|
a80764 |
- * Found a match!
|
|
|
a80764 |
- */
|
|
|
a80764 |
|
|
|
a80764 |
- strlcpy(cg->user, pwd->pw_name, sizeof(cg->user));
|
|
|
a80764 |
- }
|
|
|
a80764 |
- else
|
|
|
a80764 |
-#endif /* WIN32 */
|
|
|
a80764 |
- {
|
|
|
a80764 |
- /*
|
|
|
a80764 |
- * Use the default "unknown" user name...
|
|
|
a80764 |
- */
|
|
|
a80764 |
+ strlcpy(temp, value, sizeof(temp));
|
|
|
a80764 |
|
|
|
a80764 |
- strcpy(cg->user, "unknown");
|
|
|
a80764 |
- }
|
|
|
a80764 |
- }
|
|
|
a80764 |
- }
|
|
|
a80764 |
+ for (start = temp; *start; start = end)
|
|
|
a80764 |
+ {
|
|
|
a80764 |
+ /*
|
|
|
a80764 |
+ * Find end of keyword...
|
|
|
a80764 |
+ */
|
|
|
a80764 |
|
|
|
a80764 |
-#ifdef HAVE_GSSAPI
|
|
|
a80764 |
- if (!cups_gssservicename)
|
|
|
a80764 |
- cups_gssservicename = CUPS_DEFAULT_GSSSERVICENAME;
|
|
|
a80764 |
+ end = start;
|
|
|
a80764 |
+ while (*end && !_cups_isspace(*end))
|
|
|
a80764 |
+ end ++;
|
|
|
a80764 |
|
|
|
a80764 |
- strlcpy(cg->gss_service_name, cups_gssservicename,
|
|
|
a80764 |
- sizeof(cg->gss_service_name));
|
|
|
a80764 |
-#endif /* HAVE_GSSAPI */
|
|
|
a80764 |
+ if (*end)
|
|
|
a80764 |
+ *end++ = '\0';
|
|
|
a80764 |
|
|
|
a80764 |
- if (cups_anyroot)
|
|
|
a80764 |
- cg->any_root = !_cups_strcasecmp(cups_anyroot, "yes") ||
|
|
|
a80764 |
- !_cups_strcasecmp(cups_anyroot, "on") ||
|
|
|
a80764 |
- !_cups_strcasecmp(cups_anyroot, "true");
|
|
|
a80764 |
+ /*
|
|
|
a80764 |
+ * Compare...
|
|
|
a80764 |
+ */
|
|
|
a80764 |
|
|
|
a80764 |
- if (cups_expiredroot)
|
|
|
a80764 |
- cg->expired_root = !_cups_strcasecmp(cups_expiredroot, "yes") ||
|
|
|
a80764 |
- !_cups_strcasecmp(cups_expiredroot, "on") ||
|
|
|
a80764 |
- !_cups_strcasecmp(cups_expiredroot, "true");
|
|
|
a80764 |
+ if (!_cups_strcasecmp(start, "AllowRC4"))
|
|
|
a80764 |
+ options |= _HTTP_TLS_ALLOW_RC4;
|
|
|
a80764 |
+ else if (!_cups_strcasecmp(start, "AllowSSL3"))
|
|
|
a80764 |
+ options |= _HTTP_TLS_ALLOW_SSL3;
|
|
|
a80764 |
+ else if ( !_cups_strcasecmp(start, "MinTLS1.2"))
|
|
|
a80764 |
+ options|= _HTTP_TLS_MIN_TLS12;
|
|
|
a80764 |
+ else if (!_cups_strcasecmp(start, "None"))
|
|
|
a80764 |
+ options = 0;
|
|
|
a80764 |
+ }
|
|
|
a80764 |
|
|
|
a80764 |
- if (cups_expiredcerts)
|
|
|
a80764 |
- cg->expired_certs = !_cups_strcasecmp(cups_expiredcerts, "yes") ||
|
|
|
a80764 |
- !_cups_strcasecmp(cups_expiredcerts, "on") ||
|
|
|
a80764 |
- !_cups_strcasecmp(cups_expiredcerts, "true");
|
|
|
a80764 |
+ cc->ssl_options = options;
|
|
|
a80764 |
}
|
|
|
a80764 |
+#endif /* HAVE_SSL */
|
|
|
a80764 |
+
|
|
|
a80764 |
+/*
|
|
|
a80764 |
+ * 'cups_set_user()' - Set the User value.
|
|
|
a80764 |
+ */
|
|
|
a80764 |
|
|
|
a80764 |
+static void
|
|
|
a80764 |
+cups_set_user(
|
|
|
a80764 |
+ _cups_client_conf_t *cc, /* I - client.conf values */
|
|
|
a80764 |
+ const char *value) /* I - Value */
|
|
|
a80764 |
+{
|
|
|
a80764 |
+ strlcpy(cc->user, value, sizeof(cc->user));
|
|
|
a80764 |
+}
|
|
|
a80764 |
|
|
|
a80764 |
/*
|
|
|
a80764 |
* End of "$Id: usersys.c 8498 2009-04-13 17:03:15Z mike $".
|