1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
/*
* "$Id: auth.h 10996 2013-05-29 11:51:34Z msweet $"
*
* Authorization definitions for the CUPS scheduler.
*
* Copyright 2007-2011 by Apple Inc.
* Copyright 1997-2006 by Easy Software Products, all rights reserved.
*
* These coded instructions, statements, and computer programs are the
* property of Apple Inc. and are protected by Federal copyright
* law. Distribution and use rights are outlined in the file "LICENSE.txt"
* which should have been included with this file. If this file is
* file is missing or damaged, see the license at "http://www.cups.org/".
*/
/*
* Include necessary headers...
*/
#include <pwd.h>
/*
* HTTP authorization types and levels...
*/
#define CUPSD_AUTH_DEFAULT -1 /* Use DefaultAuthType */
#define CUPSD_AUTH_NONE 0 /* No authentication */
#define CUPSD_AUTH_BASIC 1 /* Basic authentication */
#define CUPSD_AUTH_DIGEST 2 /* Digest authentication */
#define CUPSD_AUTH_BASICDIGEST 3 /* Basic authentication w/passwd.md5 */
#define CUPSD_AUTH_NEGOTIATE 4 /* Kerberos authentication */
#define CUPSD_AUTH_AUTO 5 /* Kerberos or Basic, depending on configuration of server */
#define CUPSD_AUTH_ANON 0 /* Anonymous access */
#define CUPSD_AUTH_USER 1 /* Must have a valid username/password */
#define CUPSD_AUTH_GROUP 2 /* Must also be in a named group */
#define CUPSD_AUTH_ALLOW 0 /* Allow access */
#define CUPSD_AUTH_DENY 1 /* Deny access */
#define CUPSD_AUTH_NAME 0 /* Authorize host by name */
#define CUPSD_AUTH_IP 1 /* Authorize host by IP */
#define CUPSD_AUTH_INTERFACE 2 /* Authorize host by interface */
#define CUPSD_AUTH_SATISFY_ALL 0 /* Satisfy both address and auth */
#define CUPSD_AUTH_SATISFY_ANY 1 /* Satisfy either address or auth */
#define CUPSD_AUTH_LIMIT_DELETE 1 /* Limit DELETE requests */
#define CUPSD_AUTH_LIMIT_GET 2 /* Limit GET requests */
#define CUPSD_AUTH_LIMIT_HEAD 4 /* Limit HEAD requests */
#define CUPSD_AUTH_LIMIT_OPTIONS 8 /* Limit OPTIONS requests */
#define CUPSD_AUTH_LIMIT_POST 16 /* Limit POST requests */
#define CUPSD_AUTH_LIMIT_PUT 32 /* Limit PUT requests */
#define CUPSD_AUTH_LIMIT_TRACE 64 /* Limit TRACE requests */
#define CUPSD_AUTH_LIMIT_ALL 127 /* Limit all requests */
#define CUPSD_AUTH_LIMIT_IPP 128 /* Limit IPP requests */
#define IPP_ANY_OPERATION (ipp_op_t)0
/* Any IPP operation */
#define IPP_BAD_OPERATION (ipp_op_t)-1
/* No IPP operation */
/*
* HTTP access control structures...
*/
typedef struct
{
unsigned address[4], /* IP address */
netmask[4]; /* IP netmask */
} cupsd_ipmask_t;
typedef struct
{
int length; /* Length of name */
char *name; /* Name string */
} cupsd_namemask_t;
typedef struct
{
int type; /* Mask type */
union
{
cupsd_namemask_t name; /* Host/Domain name */
cupsd_ipmask_t ip; /* IP address/network */
} mask; /* Mask data */
} cupsd_authmask_t;
typedef struct
{
char *location; /* Location of resource */
ipp_op_t op; /* IPP operation */
int limit, /* Limit for these types of requests */
length, /* Length of location string */
order_type, /* Allow or Deny */
type, /* Type of authentication */
level, /* Access level required */
satisfy; /* Satisfy any or all limits? */
cups_array_t *names, /* User or group names */
*allow, /* Allow lines */
*deny; /* Deny lines */
http_encryption_t encryption; /* To encrypt or not to encrypt... */
} cupsd_location_t;
typedef struct cupsd_client_s cupsd_client_t;
/*
* Globals...
*/
VAR cups_array_t *Locations VALUE(NULL);
/* Authorization locations */
#ifdef HAVE_SSL
VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
/* Default encryption for authentication */
#endif /* HAVE_SSL */
/*
* Prototypes...
*/
extern int cupsdAddIPMask(cups_array_t **masks,
const unsigned address[4],
const unsigned netmask[4]);
extern void cupsdAddLocation(cupsd_location_t *loc);
extern void cupsdAddName(cupsd_location_t *loc, char *name);
extern int cupsdAddNameMask(cups_array_t **masks, char *name);
extern void cupsdAuthorize(cupsd_client_t *con);
extern int cupsdCheckAccess(unsigned ip[4], char *name,
int namelen, cupsd_location_t *loc);
extern int cupsdCheckAuth(unsigned ip[4], char *name, int namelen,
cups_array_t *masks);
extern int cupsdCheckGroup(const char *username,
struct passwd *user,
const char *groupname);
extern cupsd_location_t *cupsdCopyLocation(cupsd_location_t *loc);
extern void cupsdDeleteAllLocations(void);
extern cupsd_location_t *cupsdFindBest(const char *path, http_state_t state);
extern cupsd_location_t *cupsdFindLocation(const char *location);
extern void cupsdFreeLocation(cupsd_location_t *loc);
extern http_status_t cupsdIsAuthorized(cupsd_client_t *con, const char *owner);
extern cupsd_location_t *cupsdNewLocation(const char *location);
/*
* End of "$Id: auth.h 10996 2013-05-29 11:51:34Z msweet $".
*/
|