1/* 2 * "$Id: auth.h 11093 2013-07-03 20:48:42Z msweet $" 3 * 4 * Authorization definitions for the CUPS scheduler. 5 * 6 * Copyright 2007-2011 by Apple Inc. 7 * Copyright 1997-2006 by Easy Software Products, all rights reserved. 8 * 9 * These coded instructions, statements, and computer programs are the 10 * property of Apple Inc. and are protected by Federal copyright 11 * law. Distribution and use rights are outlined in the file "LICENSE.txt" 12 * which should have been included with this file. If this file is 13 * file is missing or damaged, see the license at "http://www.cups.org/". 14 */ 15 16/* 17 * Include necessary headers... 18 */ 19 20#include <pwd.h> 21 22 23/* 24 * HTTP authorization types and levels... 25 */ 26 27#define CUPSD_AUTH_DEFAULT -1 /* Use DefaultAuthType */ 28#define CUPSD_AUTH_NONE 0 /* No authentication */ 29#define CUPSD_AUTH_BASIC 1 /* Basic authentication */ 30#define CUPSD_AUTH_DIGEST 2 /* Digest authentication */ 31#define CUPSD_AUTH_BASICDIGEST 3 /* Basic authentication w/passwd.md5 */ 32#define CUPSD_AUTH_NEGOTIATE 4 /* Kerberos authentication */ 33#define CUPSD_AUTH_AUTO 5 /* Kerberos or Basic, depending on configuration of server */ 34 35#define CUPSD_AUTH_ANON 0 /* Anonymous access */ 36#define CUPSD_AUTH_USER 1 /* Must have a valid username/password */ 37#define CUPSD_AUTH_GROUP 2 /* Must also be in a named group */ 38 39#define CUPSD_AUTH_ALLOW 0 /* Allow access */ 40#define CUPSD_AUTH_DENY 1 /* Deny access */ 41 42#define CUPSD_AUTH_NAME 0 /* Authorize host by name */ 43#define CUPSD_AUTH_IP 1 /* Authorize host by IP */ 44#define CUPSD_AUTH_INTERFACE 2 /* Authorize host by interface */ 45 46#define CUPSD_AUTH_SATISFY_ALL 0 /* Satisfy both address and auth */ 47#define CUPSD_AUTH_SATISFY_ANY 1 /* Satisfy either address or auth */ 48 49#define CUPSD_AUTH_LIMIT_DELETE 1 /* Limit DELETE requests */ 50#define CUPSD_AUTH_LIMIT_GET 2 /* Limit GET requests */ 51#define CUPSD_AUTH_LIMIT_HEAD 4 /* Limit HEAD requests */ 52#define CUPSD_AUTH_LIMIT_OPTIONS 8 /* Limit OPTIONS requests */ 53#define CUPSD_AUTH_LIMIT_POST 16 /* Limit POST requests */ 54#define CUPSD_AUTH_LIMIT_PUT 32 /* Limit PUT requests */ 55#define CUPSD_AUTH_LIMIT_TRACE 64 /* Limit TRACE requests */ 56#define CUPSD_AUTH_LIMIT_ALL 127 /* Limit all requests */ 57#define CUPSD_AUTH_LIMIT_IPP 128 /* Limit IPP requests */ 58 59#define IPP_ANY_OPERATION (ipp_op_t)0 60 /* Any IPP operation */ 61#define IPP_BAD_OPERATION (ipp_op_t)-1 62 /* No IPP operation */ 63 64 65/* 66 * HTTP access control structures... 67 */ 68 69typedef struct 70{ 71 unsigned address[4], /* IP address */ 72 netmask[4]; /* IP netmask */ 73} cupsd_ipmask_t; 74 75typedef struct 76{ 77 int length; /* Length of name */ 78 char *name; /* Name string */ 79} cupsd_namemask_t; 80 81typedef struct 82{ 83 int type; /* Mask type */ 84 union 85 { 86 cupsd_namemask_t name; /* Host/Domain name */ 87 cupsd_ipmask_t ip; /* IP address/network */ 88 } mask; /* Mask data */ 89} cupsd_authmask_t; 90 91typedef struct 92{ 93 char *location; /* Location of resource */ 94 ipp_op_t op; /* IPP operation */ 95 int limit, /* Limit for these types of requests */ 96 length, /* Length of location string */ 97 order_type, /* Allow or Deny */ 98 type, /* Type of authentication */ 99 level, /* Access level required */ 100 satisfy; /* Satisfy any or all limits? */ 101 cups_array_t *names, /* User or group names */ 102 *allow, /* Allow lines */ 103 *deny; /* Deny lines */ 104 http_encryption_t encryption; /* To encrypt or not to encrypt... */ 105} cupsd_location_t; 106 107typedef struct cupsd_client_s cupsd_client_t; 108 109 110/* 111 * Globals... 112 */ 113 114VAR cups_array_t *Locations VALUE(NULL); 115 /* Authorization locations */ 116#ifdef HAVE_SSL 117VAR http_encryption_t DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED); 118 /* Default encryption for authentication */ 119#endif /* HAVE_SSL */ 120 121 122/* 123 * Prototypes... 124 */ 125 126extern int cupsdAddIPMask(cups_array_t **masks, 127 const unsigned address[4], 128 const unsigned netmask[4]); 129extern void cupsdAddLocation(cupsd_location_t *loc); 130extern void cupsdAddName(cupsd_location_t *loc, char *name); 131extern int cupsdAddNameMask(cups_array_t **masks, char *name); 132extern void cupsdAuthorize(cupsd_client_t *con); 133extern int cupsdCheckAccess(unsigned ip[4], char *name, 134 int namelen, cupsd_location_t *loc); 135extern int cupsdCheckAuth(unsigned ip[4], char *name, int namelen, 136 cups_array_t *masks); 137extern int cupsdCheckGroup(const char *username, 138 struct passwd *user, 139 const char *groupname); 140extern cupsd_location_t *cupsdCopyLocation(cupsd_location_t *loc); 141extern void cupsdDeleteAllLocations(void); 142extern cupsd_location_t *cupsdFindBest(const char *path, http_state_t state); 143extern cupsd_location_t *cupsdFindLocation(const char *location); 144extern void cupsdFreeLocation(cupsd_location_t *loc); 145extern http_status_t cupsdIsAuthorized(cupsd_client_t *con, const char *owner); 146extern cupsd_location_t *cupsdNewLocation(const char *location); 147 148 149/* 150 * End of "$Id: auth.h 11093 2013-07-03 20:48:42Z msweet $". 151 */ 152