File: auth.h

package info (click to toggle)
cups 1.4.4-7+squeeze10
  • links: PTS, VCS
  • area: main
  • in suites: squeeze-lts
  • size: 25,548 kB
  • ctags: 9,583
  • sloc: ansic: 138,214; sh: 37,926; cpp: 25,469; makefile: 3,285; perl: 190; python: 127; php: 28
file content (162 lines) | stat: -rw-r--r-- 5,464 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
/*
 * "$Id: auth.h 8525 2009-04-19 23:09:54Z mike $"
 *
 *   Authorization definitions for the Common UNIX Printing System (CUPS)
 *   scheduler.
 *
 *   Copyright 2007-2009 by Apple Inc.
 *   Copyright 1997-2006 by Easy Software Products, all rights reserved.
 *
 *   These coded instructions, statements, and computer programs are the
 *   property of Apple Inc. and are protected by Federal copyright
 *   law.  Distribution and use rights are outlined in the file "LICENSE.txt"
 *   which should have been included with this file.  If this file is
 *   file is missing or damaged, see the license at "http://www.cups.org/".
 */

/*
 * Include necessary headers...
 */

#include <pwd.h>


/*
 * HTTP authorization types and levels...
 */

#define CUPSD_AUTH_DEFAULT	-1	/* Use DefaultAuthType */
#define CUPSD_AUTH_NONE		0	/* No authentication */
#define CUPSD_AUTH_BASIC	1	/* Basic authentication */
#define CUPSD_AUTH_DIGEST	2	/* Digest authentication */
#define CUPSD_AUTH_BASICDIGEST	3	/* Basic authentication w/passwd.md5 */
#define CUPSD_AUTH_NEGOTIATE	4	/* Kerberos authentication */

#define CUPSD_AUTH_ANON		0	/* Anonymous access */
#define CUPSD_AUTH_USER		1	/* Must have a valid username/password */
#define CUPSD_AUTH_GROUP	2	/* Must also be in a named group */

#define CUPSD_AUTH_ALLOW	0	/* Allow access */
#define CUPSD_AUTH_DENY		1	/* Deny access */

#define CUPSD_AUTH_NAME		0	/* Authorize host by name */
#define CUPSD_AUTH_IP		1	/* Authorize host by IP */
#define CUPSD_AUTH_INTERFACE	2	/* Authorize host by interface */

#define CUPSD_AUTH_SATISFY_ALL	0	/* Satisfy both address and auth */
#define CUPSD_AUTH_SATISFY_ANY	1	/* Satisfy either address or auth */

#define CUPSD_AUTH_LIMIT_DELETE	1	/* Limit DELETE requests */
#define CUPSD_AUTH_LIMIT_GET	2	/* Limit GET requests */
#define CUPSD_AUTH_LIMIT_HEAD	4	/* Limit HEAD requests */
#define CUPSD_AUTH_LIMIT_OPTIONS 8	/* Limit OPTIONS requests */
#define CUPSD_AUTH_LIMIT_POST	16	/* Limit POST requests */
#define CUPSD_AUTH_LIMIT_PUT	32	/* Limit PUT requests */
#define CUPSD_AUTH_LIMIT_TRACE	64	/* Limit TRACE requests */
#define CUPSD_AUTH_LIMIT_ALL	127	/* Limit all requests */
#define CUPSD_AUTH_LIMIT_IPP	128	/* Limit IPP requests */

#define IPP_ANY_OPERATION	(ipp_op_t)0
					/* Any IPP operation */
#define IPP_BAD_OPERATION	(ipp_op_t)-1
					/* No IPP operation */


/*
 * HTTP access control structures...
 */

typedef struct
{
  unsigned	address[4],		/* IP address */
		netmask[4];		/* IP netmask */
} cupsd_ipmask_t;

typedef struct
{
  int		length;			/* Length of name */
  char		*name;			/* Name string */
} cupsd_namemask_t;

typedef struct
{
  int		type;			/* Mask type */
  union
  {
    cupsd_namemask_t	name;		/* Host/Domain name */
    cupsd_ipmask_t	ip;		/* IP address/network */
  }		mask;			/* Mask data */
} cupsd_authmask_t;

typedef struct
{
  char			*location;	/* Location of resource */
  ipp_op_t		op;		/* IPP operation */
  int			limit,		/* Limit for these types of requests */
			length,		/* Length of location string */
			order_type,	/* Allow or Deny */
			type,		/* Type of authentication */
			level,		/* Access level required */
			satisfy;	/* Satisfy any or all limits? */
  int			num_names;	/* Number of names */
  char			**names;	/* User or group names */
  int			num_allow;	/* Number of Allow lines */
  cupsd_authmask_t	*allow;		/* Allow lines */
  int			num_deny;	/* Number of Deny lines */
  cupsd_authmask_t	*deny;		/* Deny lines */
  http_encryption_t	encryption;	/* To encrypt or not to encrypt... */
} cupsd_location_t;

typedef struct cupsd_client_s cupsd_client_t;


/*
 * Globals...
 */

VAR cups_array_t	*Locations	VALUE(NULL);
					/* Authorization locations */
VAR int			DefaultAuthType	VALUE(CUPSD_AUTH_BASIC);
					/* Default AuthType, if not specified */
#ifdef HAVE_SSL
VAR http_encryption_t	DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
					/* Default encryption for authentication */
#endif /* HAVE_SSL */


/*
 * Prototypes...
 */

extern cupsd_location_t	*cupsdAddLocation(const char *location);
extern void		cupsdAddName(cupsd_location_t *loc, char *name);
extern void		cupsdAllowHost(cupsd_location_t *loc, char *name);
extern void		cupsdAllowIP(cupsd_location_t *loc, 
				     const unsigned address[4],
			             const unsigned netmask[4]);
extern void		cupsdAuthorize(cupsd_client_t *con);
extern int		cupsdCheckAccess(unsigned ip[4], char *name,
			                 int namelen, cupsd_location_t *loc);
extern int		cupsdCheckAuth(unsigned ip[4], char *name, int namelen,
				       int num_masks, cupsd_authmask_t *masks);
extern int		cupsdCheckGroup(const char *username,
			                struct passwd *user,
			                const char *groupname);
#ifdef HAVE_GSSAPI
extern krb5_ccache	cupsdCopyKrb5Creds(cupsd_client_t *con);
#endif /* HAVE_GSSAPI */
extern cupsd_location_t	*cupsdCopyLocation(cupsd_location_t **loc);
extern void		cupsdDeleteAllLocations(void);
extern void		cupsdDeleteLocation(cupsd_location_t *loc);
extern void		cupsdDenyHost(cupsd_location_t *loc, char *name);
extern void		cupsdDenyIP(cupsd_location_t *loc, 
				    const unsigned address[4],
			            const unsigned netmask[4]);
extern cupsd_location_t	*cupsdFindBest(const char *path, http_state_t state);
extern cupsd_location_t	*cupsdFindLocation(const char *location);
extern http_status_t	cupsdIsAuthorized(cupsd_client_t *con, const char *owner);


/*
 * End of "$Id: auth.h 8525 2009-04-19 23:09:54Z mike $".
 */