1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
|
/*
* "$Id: auth.c 5961 2006-09-16 19:08:36Z mike $"
*
* Authentication functions for the Common UNIX Printing System (CUPS).
*
* Copyright 1997-2006 by Easy Software Products.
*
* These coded instructions, statements, and computer programs are the
* property of Easy Software Products and are protected by Federal
* copyright law. Distribution and use rights are outlined in the file
* "LICENSE.txt" which should have been included with this file. If this
* file is missing or damaged please contact Easy Software Products
* at:
*
* Attn: CUPS Licensing Information
* Easy Software Products
* 44141 Airport View Drive, Suite 204
* Hollywood, Maryland 20636 USA
*
* Voice: (301) 373-9600
* EMail: cups-info@cups.org
* WWW: http://www.cups.org
*
* This file is subject to the Apple OS-Developed Software exception.
*
* Contents:
*
* cupsDoAuthentication() - Authenticate a request.
* cups_local_auth() - Get the local authorization certificate if
* available/applicable...
*/
/*
* Include necessary headers...
*/
#include "globals.h"
#include "debug.h"
#include <stdlib.h>
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <sys/stat.h>
#if defined(WIN32) || defined(__EMX__)
# include <io.h>
#else
# include <unistd.h>
#endif /* WIN32 || __EMX__ */
/*
* Local functions...
*/
static int cups_local_auth(http_t *http);
/*
* 'cupsDoAuthentication()' - Authenticate a request.
*
* This function should be called in response to a HTTP_UNAUTHORIZED
* status, prior to resubmitting your request.
*
* @since CUPS 1.1.20@
*/
int /* O - 0 on success, -1 on error */
cupsDoAuthentication(http_t *http, /* I - HTTP connection to server */
const char *method,/* I - Request method (GET, POST, PUT) */
const char *resource)
/* I - Resource path */
{
const char *password; /* Password string */
char prompt[1024], /* Prompt for user */
realm[HTTP_MAX_VALUE], /* realm="xyz" string */
nonce[HTTP_MAX_VALUE], /* nonce="xyz" string */
encode[512]; /* Encoded username:password */
DEBUG_printf(("cupsDoAuthentication(http=%p, method=\"%s\", resource=\"%s\")\n",
http, method, resource));
DEBUG_printf(("cupsDoAuthentication: digest_tries=%d, userpass=\"%s\"\n",
http->digest_tries, http->userpass));
DEBUG_printf(("cupsDoAuthentication: WWW-Authenticate=\"%s\"\n",
httpGetField(http, HTTP_FIELD_WWW_AUTHENTICATE)));
/*
* Clear the current authentication string...
*/
http->authstring[0] = '\0';
/*
* See if we can do local authentication...
*/
if (http->digest_tries < 3 && !cups_local_auth(http))
{
DEBUG_printf(("cupsDoAuthentication: authstring=\"%s\"\n", http->authstring));
if (http->status == HTTP_UNAUTHORIZED)
http->digest_tries ++;
return (0);
}
/*
* Nope, see if we should retry the current username:password...
*/
if (http->digest_tries > 1 || !http->userpass[0])
{
/*
* Nope - get a new password from the user...
*/
snprintf(prompt, sizeof(prompt), _("Password for %s on %s? "), cupsUser(),
http->hostname[0] == '/' ? "localhost" : http->hostname);
http->digest_tries = strncasecmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE],
"Digest", 5) != 0;
http->userpass[0] = '\0';
if ((password = cupsGetPassword(prompt)) == NULL)
return (-1);
if (!password[0])
return (-1);
snprintf(http->userpass, sizeof(http->userpass), "%s:%s", cupsUser(),
password);
}
else if (http->status == HTTP_UNAUTHORIZED)
http->digest_tries ++;
/*
* Got a password; encode it for the server...
*/
if (strncmp(http->fields[HTTP_FIELD_WWW_AUTHENTICATE], "Digest", 6))
{
/*
* Basic authentication...
*/
httpEncode64_2(encode, sizeof(encode), http->userpass,
strlen(http->userpass));
snprintf(http->authstring, sizeof(http->authstring), "Basic %s", encode);
}
else
{
/*
* Digest authentication...
*/
httpGetSubField(http, HTTP_FIELD_WWW_AUTHENTICATE, "realm", realm);
httpGetSubField(http, HTTP_FIELD_WWW_AUTHENTICATE, "nonce", nonce);
httpMD5(cupsUser(), realm, strchr(http->userpass, ':') + 1, encode);
httpMD5Final(nonce, method, resource, encode);
snprintf(http->authstring, sizeof(http->authstring),
"Digest username=\"%s\", realm=\"%s\", nonce=\"%s\", "
"uri=\"%s\", response=\"%s\"", cupsUser(), realm, nonce,
resource, encode);
}
DEBUG_printf(("cupsDoAuthentication: authstring=\"%s\"\n", http->authstring));
return (0);
}
/*
* 'cups_local_auth()' - Get the local authorization certificate if
* available/applicable...
*/
static int /* O - 0 if available, -1 if not */
cups_local_auth(http_t *http) /* I - HTTP connection to server */
{
#if defined(WIN32) || defined(__EMX__)
/*
* Currently WIN32 and OS-2 do not support the CUPS server...
*/
return (-1);
#else
int pid; /* Current process ID */
FILE *fp; /* Certificate file */
char filename[1024], /* Certificate filename */
certificate[33]; /* Certificate string */
_cups_globals_t *cg = _cupsGlobals(); /* Global data */
DEBUG_printf(("cups_local_auth(http=%p) hostaddr=%s, hostname=\"%s\"\n",
http, httpAddrString(http->hostaddr, filename, sizeof(filename)), http->hostname));
/*
* See if we are accessing localhost...
*/
if (!httpAddrLocalhost(http->hostaddr) &&
strcasecmp(http->hostname, "localhost") != 0)
{
DEBUG_puts("cups_local_auth: Not a local connection!");
return (-1);
}
/*
* Try opening a certificate file for this PID. If that fails,
* try the root certificate...
*/
pid = getpid();
snprintf(filename, sizeof(filename), "%s/certs/%d", cg->cups_statedir, pid);
if ((fp = fopen(filename, "r")) == NULL && pid > 0)
{
DEBUG_printf(("cups_local_auth: Unable to open file %s: %s\n",
filename, strerror(errno)));
snprintf(filename, sizeof(filename), "%s/certs/0", cg->cups_statedir);
fp = fopen(filename, "r");
}
if (fp == NULL)
{
DEBUG_printf(("cups_local_auth: Unable to open file %s: %s\n",
filename, strerror(errno)));
return (-1);
}
/*
* Read the certificate from the file...
*/
fgets(certificate, sizeof(certificate), fp);
fclose(fp);
/*
* Set the authorization string and return...
*/
snprintf(http->authstring, sizeof(http->authstring), "Local %s", certificate);
DEBUG_printf(("cups_local_auth: Returning authstring = \"%s\"\n",
http->authstring));
return (0);
#endif /* WIN32 || __EMX__ */
}
/*
* End of "$Id: auth.c 5961 2006-09-16 19:08:36Z mike $".
*/
|
