#include "cups-private.h"
#include <stdlib.h>
#include <sys/stat.h>
#ifdef WIN32
# include <windows.h>
#else
# include <pwd.h>
# include <termios.h>
# include <sys/utsname.h>
#endif
#define _CUPS_PASSCHAR '*'
typedef struct _cups_client_conf_s
{
#ifdef HAVE_SSL
int ssl_options;
#endif
int any_root,
expired_certs,
validate_certs;
http_encryption_t encryption;
char user[65],
server_name[256];
#ifdef HAVE_GSSAPI
char gss_service_name[32];
#endif
} _cups_client_conf_t;
static void cups_finalize_client_conf(_cups_client_conf_t *cc);
static void cups_init_client_conf(_cups_client_conf_t *cc);
static void cups_read_client_conf(cups_file_t *fp, _cups_client_conf_t *cc);
static void cups_set_default_ipp_port(_cups_globals_t *cg);
static void cups_set_encryption(_cups_client_conf_t *cc, const char *value);
#ifdef HAVE_GSSAPI
static void cups_set_gss_service_name(_cups_client_conf_t *cc, const char *value);
#endif
static void cups_set_server_name(_cups_client_conf_t *cc, const char *value);
#ifdef HAVE_SSL
static void cups_set_ssl_options(_cups_client_conf_t *cc, const char *value);
#endif
static void cups_set_user(_cups_client_conf_t *cc, const char *value);
http_encryption_t
cupsEncryption(void)
{
_cups_globals_t *cg = _cupsGlobals();
if (cg->encryption == (http_encryption_t)-1)
_cupsSetDefaults();
return (cg->encryption);
}
const char *
cupsGetPassword(const char *prompt)
{
_cups_globals_t *cg = _cupsGlobals();
return ((cg->password_cb)(prompt, NULL, NULL, NULL, cg->password_data));
}
const char *
cupsGetPassword2(const char *prompt,
http_t *http,
const char *method,
const char *resource)
{
_cups_globals_t *cg = _cupsGlobals();
if (!http)
http = _cupsConnect();
return ((cg->password_cb)(prompt, http, method, resource, cg->password_data));
}
const char *
cupsServer(void)
{
_cups_globals_t *cg = _cupsGlobals();
if (!cg->server[0])
_cupsSetDefaults();
return (cg->server);
}
void
cupsSetClientCertCB(
cups_client_cert_cb_t cb,
void *user_data)
{
_cups_globals_t *cg = _cupsGlobals();
cg->client_cert_cb = cb;
cg->client_cert_data = user_data;
}
int
cupsSetCredentials(
cups_array_t *credentials)
{
_cups_globals_t *cg = _cupsGlobals();
if (cupsArrayCount(credentials) < 1)
return (-1);
#ifdef HAVE_SSL
_httpFreeCredentials(cg->tls_credentials);
cg->tls_credentials = _httpCreateCredentials(credentials);
#endif
return (cg->tls_credentials ? 0 : -1);
}
void
cupsSetEncryption(http_encryption_t e)
{
_cups_globals_t *cg = _cupsGlobals();
cg->encryption = e;
if (cg->http)
httpEncryption(cg->http, e);
}
void
cupsSetPasswordCB(cups_password_cb_t cb)
{
_cups_globals_t *cg = _cupsGlobals();
if (cb == (cups_password_cb_t)0)
cg->password_cb = (cups_password_cb2_t)_cupsGetPassword;
else
cg->password_cb = (cups_password_cb2_t)cb;
cg->password_data = NULL;
}
void
cupsSetPasswordCB2(
cups_password_cb2_t cb,
void *user_data)
{
_cups_globals_t *cg = _cupsGlobals();
if (cb == (cups_password_cb2_t)0)
cg->password_cb = (cups_password_cb2_t)_cupsGetPassword;
else
cg->password_cb = cb;
cg->password_data = user_data;
}
void
cupsSetServer(const char *server)
{
char *options,
*port;
_cups_globals_t *cg = _cupsGlobals();
if (server)
{
strlcpy(cg->server, server, sizeof(cg->server));
if (cg->server[0] != '/' && (options = strrchr(cg->server, '/')) != NULL)
{
*options++ = '\0';
if (!strcmp(options, "version=1.0"))
cg->server_version = 10;
else if (!strcmp(options, "version=1.1"))
cg->server_version = 11;
else if (!strcmp(options, "version=2.0"))
cg->server_version = 20;
else if (!strcmp(options, "version=2.1"))
cg->server_version = 21;
else if (!strcmp(options, "version=2.2"))
cg->server_version = 22;
}
else
cg->server_version = 20;
if (cg->server[0] != '/' && (port = strrchr(cg->server, ':')) != NULL &&
!strchr(port, ']') && isdigit(port[1] & 255))
{
*port++ = '\0';
cg->ipp_port = atoi(port);
}
if (!cg->ipp_port)
cups_set_default_ipp_port(cg);
if (cg->server[0] == '/')
strlcpy(cg->servername, "localhost", sizeof(cg->servername));
else
strlcpy(cg->servername, cg->server, sizeof(cg->servername));
}
else
{
cg->server[0] = '\0';
cg->servername[0] = '\0';
cg->server_version = 20;
cg->ipp_port = 0;
}
if (cg->http)
{
httpClose(cg->http);
cg->http = NULL;
}
}
void
cupsSetServerCertCB(
cups_server_cert_cb_t cb,
void *user_data)
{
_cups_globals_t *cg = _cupsGlobals();
cg->server_cert_cb = cb;
cg->server_cert_data = user_data;
}
void
cupsSetUser(const char *user)
{
_cups_globals_t *cg = _cupsGlobals();
if (user)
strlcpy(cg->user, user, sizeof(cg->user));
else
cg->user[0] = '\0';
}
void
cupsSetUserAgent(const char *user_agent)
{
_cups_globals_t *cg = _cupsGlobals();
#ifdef WIN32
SYSTEM_INFO sysinfo;
OSVERSIONINFO version;
#else
struct utsname name;
#endif
if (user_agent)
{
strlcpy(cg->user_agent, user_agent, sizeof(cg->user_agent));
return;
}
#ifdef WIN32
version.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionEx(&version);
GetNativeSystemInfo(&sysinfo);
snprintf(cg->user_agent, sizeof(cg->user_agent),
CUPS_MINIMAL " (Windows %d.%d; %s) IPP/2.0",
version.dwMajorVersion, version.dwMinorVersion,
sysinfo.wProcessorArchitecture
== PROCESSOR_ARCHITECTURE_AMD64 ? "amd64" :
sysinfo.wProcessorArchitecture
== PROCESSOR_ARCHITECTURE_ARM ? "arm" :
sysinfo.wProcessorArchitecture
== PROCESSOR_ARCHITECTURE_IA64 ? "ia64" :
sysinfo.wProcessorArchitecture
== PROCESSOR_ARCHITECTURE_INTEL ? "intel" :
"unknown");
#else
uname(&name);
snprintf(cg->user_agent, sizeof(cg->user_agent),
CUPS_MINIMAL " (%s %s; %s) IPP/2.0",
name.sysname, name.release, name.machine);
#endif
}
const char *
cupsUser(void)
{
_cups_globals_t *cg = _cupsGlobals();
if (!cg->user[0])
_cupsSetDefaults();
return (cg->user);
}
const char *
cupsUserAgent(void)
{
_cups_globals_t *cg = _cupsGlobals();
if (!cg->user_agent[0])
cupsSetUserAgent(NULL);
return (cg->user_agent);
}
const char *
_cupsGetPassword(const char *prompt)
{
#ifdef WIN32
HANDLE tty;
DWORD mode;
char passch,
*passptr,
*passend;
DWORD passbytes;
_cups_globals_t *cg = _cupsGlobals();
if ((tty = GetStdHandle(STD_INPUT_HANDLE)) == INVALID_HANDLE_VALUE)
return (NULL);
if (!GetConsoleMode(tty, &mode))
return (NULL);
if (!SetConsoleMode(tty, 0))
return (NULL);
printf("%s ", prompt);
fflush(stdout);
passptr = cg->password;
passend = cg->password + sizeof(cg->password) - 1;
while (ReadFile(tty, &passch, 1, &passbytes, NULL))
{
if (passch == 0x0A || passch == 0x0D)
{
break;
}
else if (passch == 0x08 || passch == 0x7F)
{
if (passptr > cg->password)
{
passptr --;
fputs("\010 \010", stdout);
}
else
putchar(0x07);
}
else if (passch == 0x15)
{
if (passptr > cg->password)
{
while (passptr > cg->password)
{
passptr --;
fputs("\010 \010", stdout);
}
}
else
putchar(0x07);
}
else if (passch == 0x03)
{
passptr = cg->password;
break;
}
else if ((passch & 255) < 0x20 || passptr >= passend)
putchar(0x07);
else
{
*passptr++ = passch;
putchar(_CUPS_PASSCHAR);
}
fflush(stdout);
}
putchar('\n');
fflush(stdout);
SetConsoleMode(tty, mode);
if (passbytes == 1 && passptr > cg->password)
{
*passptr = '\0';
return (cg->password);
}
else
{
memset(cg->password, 0, sizeof(cg->password));
return (NULL);
}
#else
int tty;
struct termios original,
noecho;
char passch,
*passptr,
*passend;
ssize_t passbytes;
_cups_globals_t *cg = _cupsGlobals();
if ((tty = open("/dev/tty", O_RDONLY)) < 0)
return (NULL);
if (tcgetattr(tty, &original))
{
close(tty);
return (NULL);
}
noecho = original;
noecho.c_lflag &= (tcflag_t)~(ICANON | ECHO | ECHOE | ISIG);
if (tcsetattr(tty, TCSAFLUSH, &noecho))
{
close(tty);
return (NULL);
}
printf("%s ", prompt);
fflush(stdout);
passptr = cg->password;
passend = cg->password + sizeof(cg->password) - 1;
while ((passbytes = read(tty, &passch, 1)) == 1)
{
if (passch == noecho.c_cc[VEOL] ||
# ifdef VEOL2
passch == noecho.c_cc[VEOL2] ||
# endif
passch == 0x0A || passch == 0x0D)
{
break;
}
else if (passch == noecho.c_cc[VERASE] ||
passch == 0x08 || passch == 0x7F)
{
if (passptr > cg->password)
{
passptr --;
fputs("\010 \010", stdout);
}
else
putchar(0x07);
}
else if (passch == noecho.c_cc[VKILL])
{
if (passptr > cg->password)
{
while (passptr > cg->password)
{
passptr --;
fputs("\010 \010", stdout);
}
}
else
putchar(0x07);
}
else if (passch == noecho.c_cc[VINTR] || passch == noecho.c_cc[VQUIT] ||
passch == noecho.c_cc[VEOF])
{
passptr = cg->password;
break;
}
else if ((passch & 255) < 0x20 || passptr >= passend)
putchar(0x07);
else
{
*passptr++ = passch;
putchar(_CUPS_PASSCHAR);
}
fflush(stdout);
}
putchar('\n');
fflush(stdout);
tcsetattr(tty, TCSAFLUSH, &original);
close(tty);
if (passbytes == 1 && passptr > cg->password)
{
*passptr = '\0';
return (cg->password);
}
else
{
memset(cg->password, 0, sizeof(cg->password));
return (NULL);
}
#endif
}
#ifdef HAVE_GSSAPI
const char *
_cupsGSSServiceName(void)
{
_cups_globals_t *cg = _cupsGlobals();
if (!cg->gss_service_name[0])
_cupsSetDefaults();
return (cg->gss_service_name);
}
#endif
void
_cupsSetDefaults(void)
{
cups_file_t *fp;
const char *home;
char filename[1024];
_cups_client_conf_t cc;
_cups_globals_t *cg = _cupsGlobals();
DEBUG_puts("_cupsSetDefaults()");
cups_init_client_conf(&cc);
snprintf(filename, sizeof(filename), "%s/client.conf", cg->cups_serverroot);
if ((fp = cupsFileOpen(filename, "r")) != NULL)
{
cups_read_client_conf(fp, &cc);
cupsFileClose(fp);
}
# ifdef HAVE_GETEUID
if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home = getenv("HOME")) != NULL)
# elif !defined(WIN32)
if (getuid() && (home = getenv("HOME")) != NULL)
# else
if ((home = getenv("HOME")) != NULL)
# endif
{
snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home);
if ((fp = cupsFileOpen(filename, "r")) != NULL)
{
cups_read_client_conf(fp, &cc);
cupsFileClose(fp);
}
}
cups_finalize_client_conf(&cc);
if (cg->encryption == (http_encryption_t)-1)
cg->encryption = cc.encryption;
if (!cg->server[0] || !cg->ipp_port)
cupsSetServer(cc.server_name);
if (!cg->ipp_port)
cups_set_default_ipp_port(cg);
if (!cg->user[0])
strlcpy(cg->user, cc.user, sizeof(cg->user));
#ifdef HAVE_GSSAPI
if (!cg->gss_service_name[0])
strlcpy(cg->gss_service_name, cc.gss_service_name, sizeof(cg->gss_service_name));
#endif
if (cg->any_root < 0)
cg->any_root = cc.any_root;
if (cg->expired_certs < 0)
cg->expired_certs = cc.expired_certs;
if (cg->validate_certs < 0)
cg->validate_certs = cc.validate_certs;
#ifdef HAVE_SSL
_httpTLSSetOptions(cc.ssl_options);
#endif
}
static int
cups_boolean_value(const char *value)
{
return (!_cups_strcasecmp(value, "yes") || !_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "true"));
}
static void
cups_finalize_client_conf(
_cups_client_conf_t *cc)
{
const char *value;
if ((value = getenv("CUPS_ANYROOT")) != NULL)
cc->any_root = cups_boolean_value(value);
if ((value = getenv("CUPS_ENCRYPTION")) != NULL)
cups_set_encryption(cc, value);
if ((value = getenv("CUPS_EXPIREDCERTS")) != NULL)
cc->expired_certs = cups_boolean_value(value);
#ifdef HAVE_GSSAPI
if ((value = getenv("CUPS_GSSSERVICENAME")) != NULL)
cups_set_gss_service_name(cc, value);
#endif
if ((value = getenv("CUPS_SERVER")) != NULL)
cups_set_server_name(cc, value);
if ((value = getenv("CUPS_USER")) != NULL)
cups_set_user(cc, value);
if ((value = getenv("CUPS_VALIDATECERTS")) != NULL)
cc->validate_certs = cups_boolean_value(value);
if (cc->any_root < 0)
cc->any_root = 1;
if (cc->encryption == (http_encryption_t)-1)
cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED;
if (cc->expired_certs < 0)
cc->expired_certs = 1;
#ifdef HAVE_GSSAPI
if (!cc->gss_service_name[0])
cups_set_gss_service_name(cc, CUPS_DEFAULT_GSSSERVICENAME);
#endif
if (!cc->server_name[0])
{
#ifdef CUPS_DEFAULT_DOMAINSOCKET
struct stat sockinfo;
if (!stat(CUPS_DEFAULT_DOMAINSOCKET, &sockinfo) &&
(sockinfo.st_mode & (S_IROTH | S_IWOTH)) == (S_IROTH | S_IWOTH))
cups_set_server_name(cc, CUPS_DEFAULT_DOMAINSOCKET);
else
#endif
cups_set_server_name(cc, "localhost");
}
if (!cc->user[0])
{
#ifdef WIN32
DWORD size;
size = sizeof(cc->user);
if (!GetUserName(cc->user, &size))
#else
const char *envuser = getenv("USER");
struct passwd *pw = NULL;
if (envuser)
{
if ((pw = getpwnam(envuser)) != NULL && pw->pw_uid != getuid())
pw = NULL;
}
if (!pw)
pw = getpwuid(getuid());
if (pw)
strlcpy(cc->user, pw->pw_name, sizeof(cc->user));
else
#endif
{
strlcpy(cc->user, "unknown", sizeof(cc->user));
}
}
if (cc->validate_certs < 0)
cc->validate_certs = 0;
}
static void
cups_init_client_conf(
_cups_client_conf_t *cc)
{
memset(cc, 0, sizeof(_cups_client_conf_t));
cc->encryption = (http_encryption_t)-1;
cc->any_root = -1;
cc->expired_certs = -1;
cc->validate_certs = -1;
}
static void
cups_read_client_conf(
cups_file_t *fp,
_cups_client_conf_t *cc)
{
int linenum;
char line[1024],
*value;
linenum = 0;
while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
{
if (!_cups_strcasecmp(line, "Encryption") && value)
cups_set_encryption(cc, value);
#ifndef __APPLE__
else if (!_cups_strcasecmp(line, "ServerName") && value)
cups_set_server_name(cc, value);
#endif
else if (!_cups_strcasecmp(line, "User") && value)
cups_set_user(cc, value);
else if (!_cups_strcasecmp(line, "AllowAnyRoot") && value)
cc->any_root = cups_boolean_value(value);
else if (!_cups_strcasecmp(line, "AllowExpiredCerts") &&
value)
cc->expired_certs = cups_boolean_value(value);
else if (!_cups_strcasecmp(line, "ValidateCerts") && value)
cc->validate_certs = cups_boolean_value(value);
#ifdef HAVE_GSSAPI
else if (!_cups_strcasecmp(line, "GSSServiceName") && value)
cups_set_gss_service_name(cc, value);
#endif
#ifdef HAVE_SSL
else if (!_cups_strcasecmp(line, "SSLOptions") && value)
cups_set_ssl_options(cc, value);
#endif
}
}
static void
cups_set_default_ipp_port(
_cups_globals_t *cg)
{
const char *ipp_port;
if ((ipp_port = getenv("IPP_PORT")) != NULL)
{
if ((cg->ipp_port = atoi(ipp_port)) <= 0)
cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
}
else
cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
}
static void
cups_set_encryption(
_cups_client_conf_t *cc,
const char *value)
{
if (!_cups_strcasecmp(value, "never"))
cc->encryption = HTTP_ENCRYPTION_NEVER;
else if (!_cups_strcasecmp(value, "always"))
cc->encryption = HTTP_ENCRYPTION_ALWAYS;
else if (!_cups_strcasecmp(value, "required"))
cc->encryption = HTTP_ENCRYPTION_REQUIRED;
else
cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED;
}
#ifdef HAVE_GSSAPI
static void
cups_set_gss_service_name(
_cups_client_conf_t *cc,
const char *value)
{
strlcpy(cc->gss_service_name, value, sizeof(cc->gss_service_name));
}
#endif
static void
cups_set_server_name(
_cups_client_conf_t *cc,
const char *value)
{
strlcpy(cc->server_name, value, sizeof(cc->server_name));
}
#ifdef HAVE_SSL
static void
cups_set_ssl_options(
_cups_client_conf_t *cc,
const char *value)
{
int options = _HTTP_TLS_NONE;
char temp[256],
*start,
*end;
strlcpy(temp, value, sizeof(temp));
for (start = temp; *start; start = end)
{
end = start;
while (*end && !_cups_isspace(*end))
end ++;
if (*end)
*end++ = '\0';
if (!_cups_strcasecmp(start, "AllowRC4"))
options |= _HTTP_TLS_ALLOW_RC4;
else if (!_cups_strcasecmp(start, "AllowSSL3"))
options |= _HTTP_TLS_ALLOW_SSL3;
else if (!_cups_strcasecmp(start, "AllowDH"))
options |= _HTTP_TLS_ALLOW_DH;
else if (!_cups_strcasecmp(start, "DenyTLS1.0"))
options |= _HTTP_TLS_DENY_TLS10;
else if (!_cups_strcasecmp(start, "None"))
options = _HTTP_TLS_NONE;
}
cc->ssl_options = options;
DEBUG_printf(("4cups_set_ssl_options(cc=%p, value=\"%s\") options=%x", cc, value, options));
}
#endif
static void
cups_set_user(
_cups_client_conf_t *cc,
const char *value)
{
strlcpy(cc->user, value, sizeof(cc->user));
}