1 /*
2 * User, system, and password routines for CUPS.
3 *
4 * Copyright 2007-2019 by Apple Inc.
5 * Copyright 1997-2006 by Easy Software Products.
6 *
7 * Licensed under Apache License v2.0. See the file "LICENSE" for more
8 * information.
9 */
10
11 /*
12 * Include necessary headers...
13 */
14
15 #include "cups-private.h"
16 #include "debug-internal.h"
17 #include <stdlib.h>
18 #include <sys/stat.h>
19 #ifdef _WIN32
20 # include <windows.h>
21 #else
22 # include <pwd.h>
23 # include <termios.h>
24 # include <sys/utsname.h>
25 #endif /* _WIN32 */
26 #ifdef __APPLE__
27 # include <sys/sysctl.h>
28 #endif /* __APPLE__ */
29
30
31 /*
32 * Local constants...
33 */
34
35 #ifdef __APPLE__
36 # if TARGET_OS_OSX
37 # define kCUPSPrintingPrefs CFSTR("org.cups.PrintingPrefs")
38 # define kPREFIX ""
39 # else
40 # define kCUPSPrintingPrefs CFSTR(".GlobalPreferences")
41 # define kPREFIX "AirPrint"
42 # endif /* TARGET_OS_OSX */
43 # define kDigestOptionsKey CFSTR(kPREFIX "DigestOptions")
44 # define kUserKey CFSTR(kPREFIX "User")
45 # define kUserAgentTokensKey CFSTR(kPREFIX "UserAgentTokens")
46 # define kAllowAnyRootKey CFSTR(kPREFIX "AllowAnyRoot")
47 # define kAllowExpiredCertsKey CFSTR(kPREFIX "AllowExpiredCerts")
48 # define kEncryptionKey CFSTR(kPREFIX "Encryption")
49 # define kGSSServiceNameKey CFSTR(kPREFIX "GSSServiceName")
50 # define kSSLOptionsKey CFSTR(kPREFIX "SSLOptions")
51 # define kTrustOnFirstUseKey CFSTR(kPREFIX "TrustOnFirstUse")
52 # define kValidateCertsKey CFSTR(kPREFIX "ValidateCerts")
53 /* Deprecated */
54 # define kAllowRC4 CFSTR(kPREFIX "AllowRC4")
55 # define kAllowSSL3 CFSTR(kPREFIX "AllowSSL3")
56 # define kAllowDH CFSTR(kPREFIX "AllowDH")
57 #endif /* __APPLE__ */
58
59 #define _CUPS_PASSCHAR '*' /* Character that is echoed for password */
60
61
62 /*
63 * Local types...
64 */
65
66 typedef struct _cups_client_conf_s /**** client.conf config data ****/
67 {
68 _cups_digestoptions_t digestoptions; /* DigestOptions values */
69 _cups_uatokens_t uatokens; /* UserAgentTokens values */
70 #ifdef HAVE_SSL
71 int ssl_options, /* SSLOptions values */
72 ssl_min_version,/* Minimum SSL/TLS version */
73 ssl_max_version;/* Maximum SSL/TLS version */
74 #endif /* HAVE_SSL */
75 int trust_first, /* Trust on first use? */
76 any_root, /* Allow any (e.g., self-signed) root */
77 expired_certs, /* Allow expired certs */
78 validate_certs; /* Validate certificates */
79 http_encryption_t encryption; /* Encryption setting */
80 char user[65], /* User name */
81 server_name[256];
82 /* Server hostname */
83 #ifdef HAVE_GSSAPI
84 char gss_service_name[32];
85 /* Kerberos service name */
86 #endif /* HAVE_GSSAPI */
87 } _cups_client_conf_t;
88
89
90 /*
91 * Local functions...
92 */
93
94 #ifdef __APPLE__
95 static int cups_apple_get_boolean(CFStringRef key, int *value);
96 static int cups_apple_get_string(CFStringRef key, char *value, size_t valsize);
97 #endif /* __APPLE__ */
98 static int cups_boolean_value(const char *value);
99 static void cups_finalize_client_conf(_cups_client_conf_t *cc);
100 static void cups_init_client_conf(_cups_client_conf_t *cc);
101 static void cups_read_client_conf(cups_file_t *fp, _cups_client_conf_t *cc);
102 static void cups_set_default_ipp_port(_cups_globals_t *cg);
103 static void cups_set_digestoptions(_cups_client_conf_t *cc, const char *value);
104 static void cups_set_encryption(_cups_client_conf_t *cc, const char *value);
105 #ifdef HAVE_GSSAPI
106 static void cups_set_gss_service_name(_cups_client_conf_t *cc, const char *value);
107 #endif /* HAVE_GSSAPI */
108 static void cups_set_server_name(_cups_client_conf_t *cc, const char *value);
109 #ifdef HAVE_SSL
110 static void cups_set_ssl_options(_cups_client_conf_t *cc, const char *value);
111 #endif /* HAVE_SSL */
112 static void cups_set_uatokens(_cups_client_conf_t *cc, const char *value);
113 static void cups_set_user(_cups_client_conf_t *cc, const char *value);
114
115
116 /*
117 * 'cupsEncryption()' - Get the current encryption settings.
118 *
119 * The default encryption setting comes from the CUPS_ENCRYPTION
120 * environment variable, then the ~/.cups/client.conf file, and finally the
121 * /etc/cups/client.conf file. If not set, the default is
122 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
123 *
124 * Note: The current encryption setting is tracked separately for each thread
125 * in a program. Multi-threaded programs that override the setting via the
126 * @link cupsSetEncryption@ function need to do so in each thread for the same
127 * setting to be used.
128 */
129
130 http_encryption_t /* O - Encryption settings */
cupsEncryption(void)131 cupsEncryption(void)
132 {
133 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
134
135
136 if (cg->encryption == (http_encryption_t)-1)
137 _cupsSetDefaults();
138
139 return (cg->encryption);
140 }
141
142
143 /*
144 * 'cupsGetPassword()' - Get a password from the user.
145 *
146 * Uses the current password callback function. Returns @code NULL@ if the
147 * user does not provide a password.
148 *
149 * Note: The current password callback function is tracked separately for each
150 * thread in a program. Multi-threaded programs that override the setting via
151 * the @link cupsSetPasswordCB@ or @link cupsSetPasswordCB2@ functions need to
152 * do so in each thread for the same function to be used.
153 *
154 * @exclude all@
155 */
156
157 const char * /* O - Password */
cupsGetPassword(const char * prompt)158 cupsGetPassword(const char *prompt) /* I - Prompt string */
159 {
160 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
161
162
163 return ((cg->password_cb)(prompt, NULL, NULL, NULL, cg->password_data));
164 }
165
166
167 /*
168 * 'cupsGetPassword2()' - Get a password from the user using the current
169 * password callback.
170 *
171 * Uses the current password callback function. Returns @code NULL@ if the
172 * user does not provide a password.
173 *
174 * Note: The current password callback function is tracked separately for each
175 * thread in a program. Multi-threaded programs that override the setting via
176 * the @link cupsSetPasswordCB2@ function need to do so in each thread for the
177 * same function to be used.
178 *
179 * @since CUPS 1.4/macOS 10.6@
180 */
181
182 const char * /* O - Password */
cupsGetPassword2(const char * prompt,http_t * http,const char * method,const char * resource)183 cupsGetPassword2(const char *prompt, /* I - Prompt string */
184 http_t *http, /* I - Connection to server or @code CUPS_HTTP_DEFAULT@ */
185 const char *method, /* I - Request method ("GET", "POST", "PUT") */
186 const char *resource) /* I - Resource path */
187 {
188 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
189
190
191 if (!http)
192 http = _cupsConnect();
193
194 return ((cg->password_cb)(prompt, http, method, resource, cg->password_data));
195 }
196
197
198 /*
199 * 'cupsServer()' - Return the hostname/address of the current server.
200 *
201 * The default server comes from the CUPS_SERVER environment variable, then the
202 * ~/.cups/client.conf file, and finally the /etc/cups/client.conf file. If not
203 * set, the default is the local system - either "localhost" or a domain socket
204 * path.
205 *
206 * The returned value can be a fully-qualified hostname, a numeric IPv4 or IPv6
207 * address, or a domain socket pathname.
208 *
209 * Note: The current server is tracked separately for each thread in a program.
210 * Multi-threaded programs that override the server via the
211 * @link cupsSetServer@ function need to do so in each thread for the same
212 * server to be used.
213 */
214
215 const char * /* O - Server name */
cupsServer(void)216 cupsServer(void)
217 {
218 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
219
220
221 if (!cg->server[0])
222 _cupsSetDefaults();
223
224 return (cg->server);
225 }
226
227
228 /*
229 * 'cupsSetClientCertCB()' - Set the client certificate callback.
230 *
231 * Pass @code NULL@ to restore the default callback.
232 *
233 * Note: The current certificate callback is tracked separately for each thread
234 * in a program. Multi-threaded programs that override the callback need to do
235 * so in each thread for the same callback to be used.
236 *
237 * @since CUPS 1.5/macOS 10.7@
238 */
239
240 void
cupsSetClientCertCB(cups_client_cert_cb_t cb,void * user_data)241 cupsSetClientCertCB(
242 cups_client_cert_cb_t cb, /* I - Callback function */
243 void *user_data) /* I - User data pointer */
244 {
245 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
246
247
248 cg->client_cert_cb = cb;
249 cg->client_cert_data = user_data;
250 }
251
252
253 /*
254 * 'cupsSetCredentials()' - Set the default credentials to be used for SSL/TLS
255 * connections.
256 *
257 * Note: The default credentials are tracked separately for each thread in a
258 * program. Multi-threaded programs that override the setting need to do so in
259 * each thread for the same setting to be used.
260 *
261 * @since CUPS 1.5/macOS 10.7@
262 */
263
264 int /* O - Status of call (0 = success) */
cupsSetCredentials(cups_array_t * credentials)265 cupsSetCredentials(
266 cups_array_t *credentials) /* I - Array of credentials */
267 {
268 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
269
270
271 if (cupsArrayCount(credentials) < 1)
272 return (-1);
273
274 #ifdef HAVE_SSL
275 _httpFreeCredentials(cg->tls_credentials);
276 cg->tls_credentials = _httpCreateCredentials(credentials);
277 #endif /* HAVE_SSL */
278
279 return (cg->tls_credentials ? 0 : -1);
280 }
281
282
283 /*
284 * 'cupsSetEncryption()' - Set the encryption preference.
285 *
286 * The default encryption setting comes from the CUPS_ENCRYPTION
287 * environment variable, then the ~/.cups/client.conf file, and finally the
288 * /etc/cups/client.conf file. If not set, the default is
289 * @code HTTP_ENCRYPTION_IF_REQUESTED@.
290 *
291 * Note: The current encryption setting is tracked separately for each thread
292 * in a program. Multi-threaded programs that override the setting need to do
293 * so in each thread for the same setting to be used.
294 */
295
296 void
cupsSetEncryption(http_encryption_t e)297 cupsSetEncryption(http_encryption_t e) /* I - New encryption preference */
298 {
299 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
300
301
302 cg->encryption = e;
303
304 if (cg->http)
305 httpEncryption(cg->http, e);
306 }
307
308
309 /*
310 * 'cupsSetPasswordCB()' - Set the password callback for CUPS.
311 *
312 * Pass @code NULL@ to restore the default (console) password callback, which
313 * reads the password from the console. Programs should call either this
314 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
315 * by a program per thread.
316 *
317 * Note: The current password callback is tracked separately for each thread
318 * in a program. Multi-threaded programs that override the callback need to do
319 * so in each thread for the same callback to be used.
320 *
321 * @exclude all@
322 */
323
324 void
cupsSetPasswordCB(cups_password_cb_t cb)325 cupsSetPasswordCB(cups_password_cb_t cb)/* I - Callback function */
326 {
327 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
328
329
330 if (cb == (cups_password_cb_t)0)
331 cg->password_cb = (cups_password_cb2_t)_cupsGetPassword;
332 else
333 cg->password_cb = (cups_password_cb2_t)cb;
334
335 cg->password_data = NULL;
336 }
337
338
339 /*
340 * 'cupsSetPasswordCB2()' - Set the advanced password callback for CUPS.
341 *
342 * Pass @code NULL@ to restore the default (console) password callback, which
343 * reads the password from the console. Programs should call either this
344 * function or @link cupsSetPasswordCB2@, as only one callback can be registered
345 * by a program per thread.
346 *
347 * Note: The current password callback is tracked separately for each thread
348 * in a program. Multi-threaded programs that override the callback need to do
349 * so in each thread for the same callback to be used.
350 *
351 * @since CUPS 1.4/macOS 10.6@
352 */
353
354 void
cupsSetPasswordCB2(cups_password_cb2_t cb,void * user_data)355 cupsSetPasswordCB2(
356 cups_password_cb2_t cb, /* I - Callback function */
357 void *user_data) /* I - User data pointer */
358 {
359 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
360
361
362 if (cb == (cups_password_cb2_t)0)
363 cg->password_cb = (cups_password_cb2_t)_cupsGetPassword;
364 else
365 cg->password_cb = cb;
366
367 cg->password_data = user_data;
368 }
369
370
371 /*
372 * 'cupsSetServer()' - Set the default server name and port.
373 *
374 * The "server" string can be a fully-qualified hostname, a numeric
375 * IPv4 or IPv6 address, or a domain socket pathname. Hostnames and numeric IP
376 * addresses can be optionally followed by a colon and port number to override
377 * the default port 631, e.g. "hostname:8631". Pass @code NULL@ to restore the
378 * default server name and port.
379 *
380 * Note: The current server is tracked separately for each thread in a program.
381 * Multi-threaded programs that override the server need to do so in each
382 * thread for the same server to be used.
383 */
384
385 void
cupsSetServer(const char * server)386 cupsSetServer(const char *server) /* I - Server name */
387 {
388 char *options, /* Options */
389 *port; /* Pointer to port */
390 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
391
392
393 if (server)
394 {
395 strlcpy(cg->server, server, sizeof(cg->server));
396
397 if (cg->server[0] != '/' && (options = strrchr(cg->server, '/')) != NULL)
398 {
399 *options++ = '\0';
400
401 if (!strcmp(options, "version=1.0"))
402 cg->server_version = 10;
403 else if (!strcmp(options, "version=1.1"))
404 cg->server_version = 11;
405 else if (!strcmp(options, "version=2.0"))
406 cg->server_version = 20;
407 else if (!strcmp(options, "version=2.1"))
408 cg->server_version = 21;
409 else if (!strcmp(options, "version=2.2"))
410 cg->server_version = 22;
411 }
412 else
413 cg->server_version = 20;
414
415 if (cg->server[0] != '/' && (port = strrchr(cg->server, ':')) != NULL &&
416 !strchr(port, ']') && isdigit(port[1] & 255))
417 {
418 *port++ = '\0';
419
420 cg->ipp_port = atoi(port);
421 }
422
423 if (!cg->ipp_port)
424 cups_set_default_ipp_port(cg);
425
426 if (cg->server[0] == '/')
427 strlcpy(cg->servername, "localhost", sizeof(cg->servername));
428 else
429 strlcpy(cg->servername, cg->server, sizeof(cg->servername));
430 }
431 else
432 {
433 cg->server[0] = '\0';
434 cg->servername[0] = '\0';
435 cg->server_version = 20;
436 cg->ipp_port = 0;
437 }
438
439 if (cg->http)
440 {
441 httpClose(cg->http);
442 cg->http = NULL;
443 }
444 }
445
446
447 /*
448 * 'cupsSetServerCertCB()' - Set the server certificate callback.
449 *
450 * Pass @code NULL@ to restore the default callback.
451 *
452 * Note: The current credentials callback is tracked separately for each thread
453 * in a program. Multi-threaded programs that override the callback need to do
454 * so in each thread for the same callback to be used.
455 *
456 * @since CUPS 1.5/macOS 10.7@
457 */
458
459 void
cupsSetServerCertCB(cups_server_cert_cb_t cb,void * user_data)460 cupsSetServerCertCB(
461 cups_server_cert_cb_t cb, /* I - Callback function */
462 void *user_data) /* I - User data pointer */
463 {
464 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
465
466
467 cg->server_cert_cb = cb;
468 cg->server_cert_data = user_data;
469 }
470
471
472 /*
473 * 'cupsSetUser()' - Set the default user name.
474 *
475 * Pass @code NULL@ to restore the default user name.
476 *
477 * Note: The current user name is tracked separately for each thread in a
478 * program. Multi-threaded programs that override the user name need to do so
479 * in each thread for the same user name to be used.
480 */
481
482 void
cupsSetUser(const char * user)483 cupsSetUser(const char *user) /* I - User name */
484 {
485 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
486
487
488 if (user)
489 strlcpy(cg->user, user, sizeof(cg->user));
490 else
491 cg->user[0] = '\0';
492 }
493
494
495 /*
496 * 'cupsSetUserAgent()' - Set the default HTTP User-Agent string.
497 *
498 * Setting the string to NULL forces the default value containing the CUPS
499 * version, IPP version, and operating system version and architecture.
500 *
501 * @since CUPS 1.7/macOS 10.9@
502 */
503
504 void
cupsSetUserAgent(const char * user_agent)505 cupsSetUserAgent(const char *user_agent)/* I - User-Agent string or @code NULL@ */
506 {
507 _cups_globals_t *cg = _cupsGlobals();
508 /* Thread globals */
509 #ifdef _WIN32
510 SYSTEM_INFO sysinfo; /* System information */
511 OSVERSIONINFOA version; /* OS version info */
512 const char *machine; /* Hardware/machine name */
513 #elif defined(__APPLE__)
514 struct utsname name; /* uname info */
515 char version[256]; /* macOS/iOS version */
516 size_t len; /* Length of value */
517 #else
518 struct utsname name; /* uname info */
519 #endif /* _WIN32 */
520
521
522 if (user_agent)
523 {
524 strlcpy(cg->user_agent, user_agent, sizeof(cg->user_agent));
525 return;
526 }
527
528 if (cg->uatokens < _CUPS_UATOKENS_OS)
529 {
530 switch (cg->uatokens)
531 {
532 default :
533 case _CUPS_UATOKENS_NONE :
534 cg->user_agent[0] = '\0';
535 break;
536 case _CUPS_UATOKENS_PRODUCT_ONLY :
537 strlcpy(cg->user_agent, "CUPS IPP", sizeof(cg->user_agent));
538 break;
539 case _CUPS_UATOKENS_MAJOR :
540 snprintf(cg->user_agent, sizeof(cg->user_agent), "CUPS/%d IPP/2", CUPS_VERSION_MAJOR);
541 break;
542 case _CUPS_UATOKENS_MINOR :
543 snprintf(cg->user_agent, sizeof(cg->user_agent), "CUPS/%d.%d IPP/2.1", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR);
544 break;
545 case _CUPS_UATOKENS_MINIMAL :
546 strlcpy(cg->user_agent, CUPS_MINIMAL " IPP/2.1", sizeof(cg->user_agent));
547 break;
548 }
549 }
550
551 #ifdef _WIN32
552 /*
553 * Gather Windows version information for the User-Agent string...
554 */
555
556 version.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
557 GetVersionExA(&version);
558 GetNativeSystemInfo(&sysinfo);
559
560 switch (sysinfo.wProcessorArchitecture)
561 {
562 case PROCESSOR_ARCHITECTURE_AMD64 :
563 machine = "amd64";
564 break;
565
566 case PROCESSOR_ARCHITECTURE_ARM :
567 machine = "arm";
568 break;
569
570 case PROCESSOR_ARCHITECTURE_IA64 :
571 machine = "ia64";
572 break;
573
574 case PROCESSOR_ARCHITECTURE_INTEL :
575 machine = "intel";
576 break;
577
578 default :
579 machine = "unknown";
580 break;
581 }
582
583 if (cg->uatokens == _CUPS_UATOKENS_OS)
584 snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (Windows %d.%d) IPP/2.0", version.dwMajorVersion, version.dwMinorVersion);
585 else
586 snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (Windows %d.%d; %s) IPP/2.0", version.dwMajorVersion, version.dwMinorVersion, machine);
587
588 #elif defined(__APPLE__)
589 /*
590 * Gather macOS/iOS version information for the User-Agent string...
591 */
592
593 uname(&name);
594
595 len = sizeof(version) - 1;
596 if (!sysctlbyname("kern.osproductversion", version, &len, NULL, 0))
597 version[len] = '\0';
598 else
599 strlcpy(version, "unknown", sizeof(version));
600
601 # if TARGET_OS_OSX
602 if (cg->uatokens == _CUPS_UATOKENS_OS)
603 snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (macOS %s) IPP/2.0", version);
604 else
605 snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (macOS %s; %s) IPP/2.0", version, name.machine);
606
607 # else
608 if (cg->uatokens == _CUPS_UATOKENS_OS)
609 snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (iOS %s) IPP/2.0", version);
610 else
611 snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (iOS %s; %s) IPP/2.0", version, name.machine);
612 # endif /* TARGET_OS_OSX */
613
614 #else
615 /*
616 * Gather generic UNIX version information for the User-Agent string...
617 */
618
619 uname(&name);
620
621 if (cg->uatokens == _CUPS_UATOKENS_OS)
622 snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (%s %s) IPP/2.0", name.sysname, name.release);
623 else
624 snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (%s %s; %s) IPP/2.0", name.sysname, name.release, name.machine);
625 #endif /* _WIN32 */
626 }
627
628
629 /*
630 * 'cupsUser()' - Return the current user's name.
631 *
632 * Note: The current user name is tracked separately for each thread in a
633 * program. Multi-threaded programs that override the user name with the
634 * @link cupsSetUser@ function need to do so in each thread for the same user
635 * name to be used.
636 */
637
638 const char * /* O - User name */
cupsUser(void)639 cupsUser(void)
640 {
641 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
642
643
644 if (!cg->user[0])
645 _cupsSetDefaults();
646
647 return (cg->user);
648 }
649
650
651 /*
652 * 'cupsUserAgent()' - Return the default HTTP User-Agent string.
653 *
654 * @since CUPS 1.7/macOS 10.9@
655 */
656
657 const char * /* O - User-Agent string */
cupsUserAgent(void)658 cupsUserAgent(void)
659 {
660 _cups_globals_t *cg = _cupsGlobals(); /* Thread globals */
661
662
663 if (!cg->user_agent[0])
664 cupsSetUserAgent(NULL);
665
666 return (cg->user_agent);
667 }
668
669
670 /*
671 * '_cupsGetPassword()' - Get a password from the user.
672 */
673
674 const char * /* O - Password or @code NULL@ if none */
_cupsGetPassword(const char * prompt)675 _cupsGetPassword(const char *prompt) /* I - Prompt string */
676 {
677 #ifdef _WIN32
678 HANDLE tty; /* Console handle */
679 DWORD mode; /* Console mode */
680 char passch, /* Current key press */
681 *passptr, /* Pointer into password string */
682 *passend; /* End of password string */
683 DWORD passbytes; /* Bytes read */
684 _cups_globals_t *cg = _cupsGlobals();
685 /* Thread globals */
686
687
688 /*
689 * Disable input echo and set raw input...
690 */
691
692 if ((tty = GetStdHandle(STD_INPUT_HANDLE)) == INVALID_HANDLE_VALUE)
693 return (NULL);
694
695 if (!GetConsoleMode(tty, &mode))
696 return (NULL);
697
698 if (!SetConsoleMode(tty, 0))
699 return (NULL);
700
701 /*
702 * Display the prompt...
703 */
704
705 printf("%s ", prompt);
706 fflush(stdout);
707
708 /*
709 * Read the password string from /dev/tty until we get interrupted or get a
710 * carriage return or newline...
711 */
712
713 passptr = cg->password;
714 passend = cg->password + sizeof(cg->password) - 1;
715
716 while (ReadFile(tty, &passch, 1, &passbytes, NULL))
717 {
718 if (passch == 0x0A || passch == 0x0D)
719 {
720 /*
721 * Enter/return...
722 */
723
724 break;
725 }
726 else if (passch == 0x08 || passch == 0x7F)
727 {
728 /*
729 * Backspace/delete (erase character)...
730 */
731
732 if (passptr > cg->password)
733 {
734 passptr --;
735 fputs("\010 \010", stdout);
736 }
737 else
738 putchar(0x07);
739 }
740 else if (passch == 0x15)
741 {
742 /*
743 * CTRL+U (erase line)
744 */
745
746 if (passptr > cg->password)
747 {
748 while (passptr > cg->password)
749 {
750 passptr --;
751 fputs("\010 \010", stdout);
752 }
753 }
754 else
755 putchar(0x07);
756 }
757 else if (passch == 0x03)
758 {
759 /*
760 * CTRL+C...
761 */
762
763 passptr = cg->password;
764 break;
765 }
766 else if ((passch & 255) < 0x20 || passptr >= passend)
767 putchar(0x07);
768 else
769 {
770 *passptr++ = passch;
771 putchar(_CUPS_PASSCHAR);
772 }
773
774 fflush(stdout);
775 }
776
777 putchar('\n');
778 fflush(stdout);
779
780 /*
781 * Cleanup...
782 */
783
784 SetConsoleMode(tty, mode);
785
786 /*
787 * Return the proper value...
788 */
789
790 if (passbytes == 1 && passptr > cg->password)
791 {
792 *passptr = '\0';
793 return (cg->password);
794 }
795 else
796 {
797 memset(cg->password, 0, sizeof(cg->password));
798 return (NULL);
799 }
800
801 #else
802 int tty; /* /dev/tty - never read from stdin */
803 struct termios original, /* Original input mode */
804 noecho; /* No echo input mode */
805 char passch, /* Current key press */
806 *passptr, /* Pointer into password string */
807 *passend; /* End of password string */
808 ssize_t passbytes; /* Bytes read */
809 _cups_globals_t *cg = _cupsGlobals();
810 /* Thread globals */
811
812
813 /*
814 * Disable input echo and set raw input...
815 */
816
817 if ((tty = open("/dev/tty", O_RDONLY)) < 0)
818 return (NULL);
819
820 if (tcgetattr(tty, &original))
821 {
822 close(tty);
823 return (NULL);
824 }
825
826 noecho = original;
827 noecho.c_lflag &= (tcflag_t)~(ICANON | ECHO | ECHOE | ISIG);
828 noecho.c_cc[VMIN] = 1;
829 noecho.c_cc[VTIME] = 0;
830
831 if (tcsetattr(tty, TCSAFLUSH, &noecho))
832 {
833 close(tty);
834 return (NULL);
835 }
836
837 /*
838 * Display the prompt...
839 */
840
841 printf("%s ", prompt);
842 fflush(stdout);
843
844 /*
845 * Read the password string from /dev/tty until we get interrupted or get a
846 * carriage return or newline...
847 */
848
849 passptr = cg->password;
850 passend = cg->password + sizeof(cg->password) - 1;
851
852 while ((passbytes = read(tty, &passch, 1)) == 1)
853 {
854 if (passch == noecho.c_cc[VEOL] ||
855 # ifdef VEOL2
856 passch == noecho.c_cc[VEOL2] ||
857 # endif /* VEOL2 */
858 passch == 0x0A || passch == 0x0D)
859 {
860 /*
861 * Enter/return...
862 */
863
864 break;
865 }
866 else if (passch == noecho.c_cc[VERASE] ||
867 passch == 0x08 || passch == 0x7F)
868 {
869 /*
870 * Backspace/delete (erase character)...
871 */
872
873 if (passptr > cg->password)
874 {
875 passptr --;
876 fputs("\010 \010", stdout);
877 }
878 else
879 putchar(0x07);
880 }
881 else if (passch == noecho.c_cc[VKILL])
882 {
883 /*
884 * CTRL+U (erase line)
885 */
886
887 if (passptr > cg->password)
888 {
889 while (passptr > cg->password)
890 {
891 passptr --;
892 fputs("\010 \010", stdout);
893 }
894 }
895 else
896 putchar(0x07);
897 }
898 else if (passch == noecho.c_cc[VINTR] || passch == noecho.c_cc[VQUIT] ||
899 passch == noecho.c_cc[VEOF])
900 {
901 /*
902 * CTRL+C, CTRL+D, or CTRL+Z...
903 */
904
905 passptr = cg->password;
906 break;
907 }
908 else if ((passch & 255) < 0x20 || passptr >= passend)
909 putchar(0x07);
910 else
911 {
912 *passptr++ = passch;
913 putchar(_CUPS_PASSCHAR);
914 }
915
916 fflush(stdout);
917 }
918
919 putchar('\n');
920 fflush(stdout);
921
922 /*
923 * Cleanup...
924 */
925
926 tcsetattr(tty, TCSAFLUSH, &original);
927 close(tty);
928
929 /*
930 * Return the proper value...
931 */
932
933 if (passbytes == 1 && passptr > cg->password)
934 {
935 *passptr = '\0';
936 return (cg->password);
937 }
938 else
939 {
940 memset(cg->password, 0, sizeof(cg->password));
941 return (NULL);
942 }
943 #endif /* _WIN32 */
944 }
945
946
947 #ifdef HAVE_GSSAPI
948 /*
949 * '_cupsGSSServiceName()' - Get the GSS (Kerberos) service name.
950 */
951
952 const char *
_cupsGSSServiceName(void)953 _cupsGSSServiceName(void)
954 {
955 _cups_globals_t *cg = _cupsGlobals(); /* Thread globals */
956
957
958 if (!cg->gss_service_name[0])
959 _cupsSetDefaults();
960
961 return (cg->gss_service_name);
962 }
963 #endif /* HAVE_GSSAPI */
964
965
966 /*
967 * '_cupsSetDefaults()' - Set the default server, port, and encryption.
968 */
969
970 void
_cupsSetDefaults(void)971 _cupsSetDefaults(void)
972 {
973 cups_file_t *fp; /* File */
974 char filename[1024]; /* Filename */
975 _cups_client_conf_t cc; /* client.conf values */
976 _cups_globals_t *cg = _cupsGlobals(); /* Pointer to library globals */
977
978
979 DEBUG_puts("_cupsSetDefaults()");
980
981 /*
982 * Load initial client.conf values...
983 */
984
985 cups_init_client_conf(&cc);
986
987 /*
988 * Read the /etc/cups/client.conf and ~/.cups/client.conf files, if
989 * present.
990 */
991
992 snprintf(filename, sizeof(filename), "%s/client.conf", cg->cups_serverroot);
993 if ((fp = cupsFileOpen(filename, "r")) != NULL)
994 {
995 cups_read_client_conf(fp, &cc);
996 cupsFileClose(fp);
997 }
998
999 if (cg->home)
1000 {
1001 /*
1002 * Look for ~/.cups/client.conf...
1003 */
1004
1005 snprintf(filename, sizeof(filename), "%s/.cups/client.conf", cg->home);
1006 if ((fp = cupsFileOpen(filename, "r")) != NULL)
1007 {
1008 cups_read_client_conf(fp, &cc);
1009 cupsFileClose(fp);
1010 }
1011 }
1012
1013 /*
1014 * Finalize things so every client.conf value is set...
1015 */
1016
1017 cups_finalize_client_conf(&cc);
1018
1019 cg->uatokens = cc.uatokens;
1020
1021 if (cg->encryption == (http_encryption_t)-1)
1022 cg->encryption = cc.encryption;
1023
1024 if (!cg->server[0] || !cg->ipp_port)
1025 cupsSetServer(cc.server_name);
1026
1027 if (!cg->ipp_port)
1028 cups_set_default_ipp_port(cg);
1029
1030 if (!cg->user[0])
1031 strlcpy(cg->user, cc.user, sizeof(cg->user));
1032
1033 #ifdef HAVE_GSSAPI
1034 if (!cg->gss_service_name[0])
1035 strlcpy(cg->gss_service_name, cc.gss_service_name, sizeof(cg->gss_service_name));
1036 #endif /* HAVE_GSSAPI */
1037
1038 if (cg->trust_first < 0)
1039 cg->trust_first = cc.trust_first;
1040
1041 if (cg->any_root < 0)
1042 cg->any_root = cc.any_root;
1043
1044 if (cg->expired_certs < 0)
1045 cg->expired_certs = cc.expired_certs;
1046
1047 if (cg->validate_certs < 0)
1048 cg->validate_certs = cc.validate_certs;
1049
1050 #ifdef HAVE_SSL
1051 _httpTLSSetOptions(cc.ssl_options | _HTTP_TLS_SET_DEFAULT, cc.ssl_min_version, cc.ssl_max_version);
1052 #endif /* HAVE_SSL */
1053 }
1054
1055
1056 #ifdef __APPLE__
1057 /*
1058 * 'cups_apple_get_boolean()' - Get a boolean setting from the CUPS preferences.
1059 */
1060
1061 static int /* O - 1 if set, 0 otherwise */
cups_apple_get_boolean(CFStringRef key,int * value)1062 cups_apple_get_boolean(
1063 CFStringRef key, /* I - Key (name) */
1064 int *value) /* O - Boolean value */
1065 {
1066 Boolean bval, /* Preference value */
1067 bval_set; /* Value is set? */
1068
1069
1070 bval = CFPreferencesGetAppBooleanValue(key, kCUPSPrintingPrefs, &bval_set);
1071
1072 if (bval_set)
1073 *value = (int)bval;
1074
1075 return ((int)bval_set);
1076 }
1077
1078
1079 /*
1080 * 'cups_apple_get_string()' - Get a string setting from the CUPS preferences.
1081 */
1082
1083 static int /* O - 1 if set, 0 otherwise */
cups_apple_get_string(CFStringRef key,char * value,size_t valsize)1084 cups_apple_get_string(
1085 CFStringRef key, /* I - Key (name) */
1086 char *value, /* O - String value */
1087 size_t valsize) /* I - Size of value buffer */
1088 {
1089 CFStringRef sval; /* String value */
1090
1091
1092 if ((sval = CFPreferencesCopyAppValue(key, kCUPSPrintingPrefs)) != NULL)
1093 {
1094 Boolean result = CFStringGetCString(sval, value, (CFIndex)valsize, kCFStringEncodingUTF8);
1095
1096 CFRelease(sval);
1097
1098 if (result)
1099 return (1);
1100 }
1101
1102 return (0);
1103 }
1104 #endif /* __APPLE__ */
1105
1106
1107 /*
1108 * 'cups_boolean_value()' - Convert a string to a boolean value.
1109 */
1110
1111 static int /* O - Boolean value */
cups_boolean_value(const char * value)1112 cups_boolean_value(const char *value) /* I - String value */
1113 {
1114 return (!_cups_strcasecmp(value, "yes") || !_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "true"));
1115 }
1116
1117
1118 /*
1119 * 'cups_finalize_client_conf()' - Finalize client.conf values.
1120 */
1121
1122 static void
cups_finalize_client_conf(_cups_client_conf_t * cc)1123 cups_finalize_client_conf(
1124 _cups_client_conf_t *cc) /* I - client.conf values */
1125 {
1126 const char *value; /* Environment variable */
1127
1128
1129 if ((value = getenv("CUPS_TRUSTFIRST")) != NULL)
1130 cc->trust_first = cups_boolean_value(value);
1131
1132 if ((value = getenv("CUPS_ANYROOT")) != NULL)
1133 cc->any_root = cups_boolean_value(value);
1134
1135 if ((value = getenv("CUPS_ENCRYPTION")) != NULL)
1136 cups_set_encryption(cc, value);
1137
1138 if ((value = getenv("CUPS_EXPIREDCERTS")) != NULL)
1139 cc->expired_certs = cups_boolean_value(value);
1140
1141 #ifdef HAVE_GSSAPI
1142 if ((value = getenv("CUPS_GSSSERVICENAME")) != NULL)
1143 cups_set_gss_service_name(cc, value);
1144 #endif /* HAVE_GSSAPI */
1145
1146 if ((value = getenv("CUPS_SERVER")) != NULL)
1147 cups_set_server_name(cc, value);
1148
1149 if ((value = getenv("CUPS_USER")) != NULL)
1150 cups_set_user(cc, value);
1151
1152 if ((value = getenv("CUPS_VALIDATECERTS")) != NULL)
1153 cc->validate_certs = cups_boolean_value(value);
1154
1155 /*
1156 * Then apply defaults for those values that haven't been set...
1157 */
1158
1159 if (cc->trust_first < 0)
1160 cc->trust_first = 1;
1161
1162 if (cc->any_root < 0)
1163 cc->any_root = 1;
1164
1165 if (cc->encryption == (http_encryption_t)-1)
1166 cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED;
1167
1168 if (cc->expired_certs < 0)
1169 cc->expired_certs = 0;
1170
1171 #ifdef HAVE_GSSAPI
1172 if (!cc->gss_service_name[0])
1173 cups_set_gss_service_name(cc, CUPS_DEFAULT_GSSSERVICENAME);
1174 #endif /* HAVE_GSSAPI */
1175
1176 if (!cc->server_name[0])
1177 {
1178 /*
1179 * If we are compiled with domain socket support, only use the
1180 * domain socket if it exists and has the right permissions...
1181 */
1182
1183 #if defined(__APPLE__) && !TARGET_OS_OSX
1184 cups_set_server_name(cc, "/private/var/run/printd");
1185
1186 #else
1187 # ifdef CUPS_DEFAULT_DOMAINSOCKET
1188 if (!access(CUPS_DEFAULT_DOMAINSOCKET, R_OK))
1189 cups_set_server_name(cc, CUPS_DEFAULT_DOMAINSOCKET);
1190 else
1191 # endif /* CUPS_DEFAULT_DOMAINSOCKET */
1192 cups_set_server_name(cc, "localhost");
1193 #endif /* __APPLE__ && !TARGET_OS_OSX */
1194 }
1195
1196 if (!cc->user[0])
1197 {
1198 #ifdef _WIN32
1199 /*
1200 * Get the current user name from the OS...
1201 */
1202
1203 DWORD size; /* Size of string */
1204
1205 size = sizeof(cc->user);
1206 if (!GetUserNameA(cc->user, &size))
1207 #else
1208 /*
1209 * Try the USER environment variable as the default username...
1210 */
1211
1212 const char *envuser = getenv("USER");
1213 /* Default username */
1214 struct passwd *pw = NULL; /* Account information */
1215
1216 if (envuser)
1217 {
1218 /*
1219 * Validate USER matches the current UID, otherwise don't allow it to
1220 * override things... This makes sure that printing after doing su
1221 * or sudo records the correct username.
1222 */
1223
1224 if ((pw = getpwnam(envuser)) != NULL && pw->pw_uid != getuid())
1225 pw = NULL;
1226 }
1227
1228 if (!pw)
1229 pw = getpwuid(getuid());
1230
1231 if (pw)
1232 strlcpy(cc->user, pw->pw_name, sizeof(cc->user));
1233 else
1234 #endif /* _WIN32 */
1235 {
1236 /*
1237 * Use the default "unknown" user name...
1238 */
1239
1240 strlcpy(cc->user, "unknown", sizeof(cc->user));
1241 }
1242 }
1243
1244 if (cc->validate_certs < 0)
1245 cc->validate_certs = 0;
1246 }
1247
1248
1249 /*
1250 * 'cups_init_client_conf()' - Initialize client.conf values.
1251 */
1252
1253 static void
cups_init_client_conf(_cups_client_conf_t * cc)1254 cups_init_client_conf(
1255 _cups_client_conf_t *cc) /* I - client.conf values */
1256 {
1257 /*
1258 * Clear all values to "not set"...
1259 */
1260
1261 memset(cc, 0, sizeof(_cups_client_conf_t));
1262
1263 cc->uatokens = _CUPS_UATOKENS_MINIMAL;
1264
1265 #if defined(__APPLE__) && !TARGET_OS_OSX
1266 cups_set_user(cc, "mobile");
1267 #endif /* __APPLE__ && !TARGET_OS_OSX */
1268
1269 #ifdef HAVE_SSL
1270 cc->ssl_min_version = _HTTP_TLS_1_0;
1271 cc->ssl_max_version = _HTTP_TLS_MAX;
1272 #endif /* HAVE_SSL */
1273 cc->encryption = (http_encryption_t)-1;
1274 cc->trust_first = -1;
1275 cc->any_root = -1;
1276 cc->expired_certs = -1;
1277 cc->validate_certs = -1;
1278
1279 /*
1280 * Load settings from the org.cups.PrintingPrefs plist (which trump
1281 * everything...)
1282 */
1283
1284 #if defined(__APPLE__)
1285 char sval[1024]; /* String value */
1286 # ifdef HAVE_SSL
1287 int bval; /* Boolean value */
1288
1289 if (cups_apple_get_boolean(kAllowAnyRootKey, &bval))
1290 cc->any_root = bval;
1291
1292 if (cups_apple_get_boolean(kAllowExpiredCertsKey, &bval))
1293 cc->expired_certs = bval;
1294
1295 if (cups_apple_get_string(kEncryptionKey, sval, sizeof(sval)))
1296 cups_set_encryption(cc, sval);
1297
1298 if (cups_apple_get_string(kSSLOptionsKey, sval, sizeof(sval)))
1299 {
1300 cups_set_ssl_options(cc, sval);
1301 }
1302 else
1303 {
1304 sval[0] = '\0';
1305
1306 if (cups_apple_get_boolean(kAllowRC4, &bval) && bval)
1307 strlcat(sval, " AllowRC4", sizeof(sval));
1308 if (cups_apple_get_boolean(kAllowSSL3, &bval) && bval)
1309 strlcat(sval, " AllowSSL3", sizeof(sval));
1310 if (cups_apple_get_boolean(kAllowDH, &bval) && bval)
1311 strlcat(sval, " AllowDH", sizeof(sval));
1312
1313 if (sval[0])
1314 cups_set_ssl_options(cc, sval);
1315 }
1316
1317 if (cups_apple_get_boolean(kTrustOnFirstUseKey, &bval))
1318 cc->trust_first = bval;
1319
1320 if (cups_apple_get_boolean(kValidateCertsKey, &bval))
1321 cc->validate_certs = bval;
1322 # endif /* HAVE_SSL */
1323
1324 if (cups_apple_get_string(kDigestOptionsKey, sval, sizeof(sval)))
1325 cups_set_digestoptions(cc, sval);
1326
1327 if (cups_apple_get_string(kUserKey, sval, sizeof(sval)))
1328 strlcpy(cc->user, sval, sizeof(cc->user));
1329
1330 if (cups_apple_get_string(kUserAgentTokensKey, sval, sizeof(sval)))
1331 cups_set_uatokens(cc, sval);
1332 #endif /* __APPLE__ */
1333 }
1334
1335
1336 /*
1337 * 'cups_read_client_conf()' - Read a client.conf file.
1338 */
1339
1340 static void
cups_read_client_conf(cups_file_t * fp,_cups_client_conf_t * cc)1341 cups_read_client_conf(
1342 cups_file_t *fp, /* I - File to read */
1343 _cups_client_conf_t *cc) /* I - client.conf values */
1344 {
1345 int linenum; /* Current line number */
1346 char line[1024], /* Line from file */
1347 *value; /* Pointer into line */
1348
1349
1350 /*
1351 * Read from the file...
1352 */
1353
1354 linenum = 0;
1355 while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
1356 {
1357 if (!_cups_strcasecmp(line, "DigestOptions") && value)
1358 cups_set_digestoptions(cc, value);
1359 else if (!_cups_strcasecmp(line, "Encryption") && value)
1360 cups_set_encryption(cc, value);
1361 #ifndef __APPLE__
1362 /*
1363 * The ServerName directive is not supported on macOS due to app
1364 * sandboxing restrictions, i.e. not all apps request network access.
1365 */
1366 else if (!_cups_strcasecmp(line, "ServerName") && value)
1367 cups_set_server_name(cc, value);
1368 #endif /* !__APPLE__ */
1369 else if (!_cups_strcasecmp(line, "User") && value)
1370 cups_set_user(cc, value);
1371 else if (!_cups_strcasecmp(line, "UserAgentTokens") && value)
1372 cups_set_uatokens(cc, value);
1373 else if (!_cups_strcasecmp(line, "TrustOnFirstUse") && value)
1374 cc->trust_first = cups_boolean_value(value);
1375 else if (!_cups_strcasecmp(line, "AllowAnyRoot") && value)
1376 cc->any_root = cups_boolean_value(value);
1377 else if (!_cups_strcasecmp(line, "AllowExpiredCerts") &&
1378 value)
1379 cc->expired_certs = cups_boolean_value(value);
1380 else if (!_cups_strcasecmp(line, "ValidateCerts") && value)
1381 cc->validate_certs = cups_boolean_value(value);
1382 #ifdef HAVE_GSSAPI
1383 else if (!_cups_strcasecmp(line, "GSSServiceName") && value)
1384 cups_set_gss_service_name(cc, value);
1385 #endif /* HAVE_GSSAPI */
1386 #ifdef HAVE_SSL
1387 else if (!_cups_strcasecmp(line, "SSLOptions") && value)
1388 cups_set_ssl_options(cc, value);
1389 #endif /* HAVE_SSL */
1390 }
1391 }
1392
1393
1394 /*
1395 * 'cups_set_default_ipp_port()' - Set the default IPP port value.
1396 */
1397
1398 static void
cups_set_default_ipp_port(_cups_globals_t * cg)1399 cups_set_default_ipp_port(
1400 _cups_globals_t *cg) /* I - Global data */
1401 {
1402 const char *ipp_port; /* IPP_PORT environment variable */
1403
1404
1405 if ((ipp_port = getenv("IPP_PORT")) != NULL)
1406 {
1407 if ((cg->ipp_port = atoi(ipp_port)) <= 0)
1408 cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
1409 }
1410 else
1411 cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
1412 }
1413
1414
1415 /*
1416 * 'cups_set_digestoptions()' - Set the DigestOptions value.
1417 */
1418
1419 static void
cups_set_digestoptions(_cups_client_conf_t * cc,const char * value)1420 cups_set_digestoptions(
1421 _cups_client_conf_t *cc, /* I - client.conf values */
1422 const char *value) /* I - Value */
1423 {
1424 if (!_cups_strcasecmp(value, "DenyMD5"))
1425 cc->digestoptions = _CUPS_DIGESTOPTIONS_DENYMD5;
1426 else if (!_cups_strcasecmp(value, "None"))
1427 cc->digestoptions = _CUPS_DIGESTOPTIONS_NONE;
1428 }
1429
1430
1431 /*
1432 * 'cups_set_encryption()' - Set the Encryption value.
1433 */
1434
1435 static void
cups_set_encryption(_cups_client_conf_t * cc,const char * value)1436 cups_set_encryption(
1437 _cups_client_conf_t *cc, /* I - client.conf values */
1438 const char *value) /* I - Value */
1439 {
1440 if (!_cups_strcasecmp(value, "never"))
1441 cc->encryption = HTTP_ENCRYPTION_NEVER;
1442 else if (!_cups_strcasecmp(value, "always"))
1443 cc->encryption = HTTP_ENCRYPTION_ALWAYS;
1444 else if (!_cups_strcasecmp(value, "required"))
1445 cc->encryption = HTTP_ENCRYPTION_REQUIRED;
1446 else
1447 cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED;
1448 }
1449
1450
1451 /*
1452 * 'cups_set_gss_service_name()' - Set the GSSServiceName value.
1453 */
1454
1455 #ifdef HAVE_GSSAPI
1456 static void
cups_set_gss_service_name(_cups_client_conf_t * cc,const char * value)1457 cups_set_gss_service_name(
1458 _cups_client_conf_t *cc, /* I - client.conf values */
1459 const char *value) /* I - Value */
1460 {
1461 strlcpy(cc->gss_service_name, value, sizeof(cc->gss_service_name));
1462 }
1463 #endif /* HAVE_GSSAPI */
1464
1465
1466 /*
1467 * 'cups_set_server_name()' - Set the ServerName value.
1468 */
1469
1470 static void
cups_set_server_name(_cups_client_conf_t * cc,const char * value)1471 cups_set_server_name(
1472 _cups_client_conf_t *cc, /* I - client.conf values */
1473 const char *value) /* I - Value */
1474 {
1475 strlcpy(cc->server_name, value, sizeof(cc->server_name));
1476 }
1477
1478
1479 /*
1480 * 'cups_set_ssl_options()' - Set the SSLOptions value.
1481 */
1482
1483 #ifdef HAVE_SSL
1484 static void
cups_set_ssl_options(_cups_client_conf_t * cc,const char * value)1485 cups_set_ssl_options(
1486 _cups_client_conf_t *cc, /* I - client.conf values */
1487 const char *value) /* I - Value */
1488 {
1489 /*
1490 * SSLOptions [AllowRC4] [AllowSSL3] [AllowDH] [DenyTLS1.0] [None]
1491 */
1492
1493 int options = _HTTP_TLS_NONE, /* SSL/TLS options */
1494 min_version = _HTTP_TLS_1_0, /* Minimum SSL/TLS version */
1495 max_version = _HTTP_TLS_MAX; /* Maximum SSL/TLS version */
1496 char temp[256], /* Copy of value */
1497 *start, /* Start of option */
1498 *end; /* End of option */
1499
1500
1501 strlcpy(temp, value, sizeof(temp));
1502
1503 for (start = temp; *start; start = end)
1504 {
1505 /*
1506 * Find end of keyword...
1507 */
1508
1509 end = start;
1510 while (*end && !_cups_isspace(*end))
1511 end ++;
1512
1513 if (*end)
1514 *end++ = '\0';
1515
1516 /*
1517 * Compare...
1518 */
1519
1520 if (!_cups_strcasecmp(start, "AllowRC4"))
1521 options |= _HTTP_TLS_ALLOW_RC4;
1522 else if (!_cups_strcasecmp(start, "AllowSSL3"))
1523 min_version = _HTTP_TLS_SSL3;
1524 else if (!_cups_strcasecmp(start, "AllowDH"))
1525 options |= _HTTP_TLS_ALLOW_DH;
1526 else if (!_cups_strcasecmp(start, "DenyCBC"))
1527 options |= _HTTP_TLS_DENY_CBC;
1528 else if (!_cups_strcasecmp(start, "DenyTLS1.0"))
1529 min_version = _HTTP_TLS_1_1;
1530 else if (!_cups_strcasecmp(start, "MaxTLS1.0"))
1531 max_version = _HTTP_TLS_1_0;
1532 else if (!_cups_strcasecmp(start, "MaxTLS1.1"))
1533 max_version = _HTTP_TLS_1_1;
1534 else if (!_cups_strcasecmp(start, "MaxTLS1.2"))
1535 max_version = _HTTP_TLS_1_2;
1536 else if (!_cups_strcasecmp(start, "MaxTLS1.3"))
1537 max_version = _HTTP_TLS_1_3;
1538 else if (!_cups_strcasecmp(start, "MinTLS1.0"))
1539 min_version = _HTTP_TLS_1_0;
1540 else if (!_cups_strcasecmp(start, "MinTLS1.1"))
1541 min_version = _HTTP_TLS_1_1;
1542 else if (!_cups_strcasecmp(start, "MinTLS1.2"))
1543 min_version = _HTTP_TLS_1_2;
1544 else if (!_cups_strcasecmp(start, "MinTLS1.3"))
1545 min_version = _HTTP_TLS_1_3;
1546 else if (!_cups_strcasecmp(start, "None"))
1547 options = _HTTP_TLS_NONE;
1548 }
1549
1550 cc->ssl_options = options;
1551 cc->ssl_max_version = max_version;
1552 cc->ssl_min_version = min_version;
1553
1554 DEBUG_printf(("4cups_set_ssl_options(cc=%p, value=\"%s\") options=%x, min_version=%d, max_version=%d", (void *)cc, value, options, min_version, max_version));
1555 }
1556 #endif /* HAVE_SSL */
1557
1558
1559 /*
1560 * 'cups_set_uatokens()' - Set the UserAgentTokens value.
1561 */
1562
1563 static void
cups_set_uatokens(_cups_client_conf_t * cc,const char * value)1564 cups_set_uatokens(
1565 _cups_client_conf_t *cc, /* I - client.conf values */
1566 const char *value) /* I - Value */
1567 {
1568 int i; /* Looping var */
1569 static const char * const uatokens[] =/* UserAgentTokens values */
1570 {
1571 "NONE",
1572 "PRODUCTONLY",
1573 "MAJOR",
1574 "MINOR",
1575 "MINIMAL",
1576 "OS",
1577 "FULL"
1578 };
1579
1580 for (i = 0; i < (int)(sizeof(uatokens) / sizeof(uatokens[0])); i ++)
1581 {
1582 if (!_cups_strcasecmp(value, uatokens[i]))
1583 {
1584 cc->uatokens = (_cups_uatokens_t)i;
1585 return;
1586 }
1587 }
1588 }
1589
1590
1591 /*
1592 * 'cups_set_user()' - Set the User value.
1593 */
1594
1595 static void
cups_set_user(_cups_client_conf_t * cc,const char * value)1596 cups_set_user(
1597 _cups_client_conf_t *cc, /* I - client.conf values */
1598 const char *value) /* I - Value */
1599 {
1600 strlcpy(cc->user, value, sizeof(cc->user));
1601 }
1602