#include "cups-private.h"
#include "debug-internal.h"
#include <stdlib.h>
#include <sys/stat.h>
#ifdef _WIN32
# include <windows.h>
#else
# include <pwd.h>
# include <termios.h>
# include <sys/utsname.h>
#endif
#ifdef __APPLE__
# include <sys/sysctl.h>
#endif
#ifdef __APPLE__
# if TARGET_OS_OSX
# define kCUPSPrintingPrefs CFSTR("org.cups.PrintingPrefs")
# define kPREFIX ""
# else
# define kCUPSPrintingPrefs CFSTR(".GlobalPreferences")
# define kPREFIX "AirPrint"
# endif
# define kUserKey CFSTR(kPREFIX "User")
# define kUserAgentTokensKey CFSTR(kPREFIX "UserAgentTokens")
# define kAllowAnyRootKey CFSTR(kPREFIX "AllowAnyRoot")
# define kAllowExpiredCertsKey CFSTR(kPREFIX "AllowExpiredCerts")
# define kEncryptionKey CFSTR(kPREFIX "Encryption")
# define kGSSServiceNameKey CFSTR(kPREFIX "GSSServiceName")
# define kSSLOptionsKey CFSTR(kPREFIX "SSLOptions")
# define kTrustOnFirstUseKey CFSTR(kPREFIX "TrustOnFirstUse")
# define kValidateCertsKey CFSTR(kPREFIX "ValidateCerts")
# define kAllowRC4 CFSTR(kPREFIX "AllowRC4")
# define kAllowSSL3 CFSTR(kPREFIX "AllowSSL3")
# define kAllowDH CFSTR(kPREFIX "AllowDH")
#endif
#define _CUPS_PASSCHAR '*'
typedef struct _cups_client_conf_s
{
_cups_uatokens_t uatokens;
#ifdef HAVE_SSL
int ssl_options,
ssl_min_version,
ssl_max_version;
#endif
int trust_first,
any_root,
expired_certs,
validate_certs;
http_encryption_t encryption;
char user[65],
server_name[256];
#ifdef HAVE_GSSAPI
char gss_service_name[32];
#endif
} _cups_client_conf_t;
#ifdef __APPLE__
static int cups_apple_get_boolean(CFStringRef key, int *value);
static int cups_apple_get_string(CFStringRef key, char *value, size_t valsize);
#endif
static int cups_boolean_value(const char *value);
static void cups_finalize_client_conf(_cups_client_conf_t *cc);
static void cups_init_client_conf(_cups_client_conf_t *cc);
static void cups_read_client_conf(cups_file_t *fp, _cups_client_conf_t *cc);
static void cups_set_default_ipp_port(_cups_globals_t *cg);
static void cups_set_encryption(_cups_client_conf_t *cc, const char *value);
#ifdef HAVE_GSSAPI
static void cups_set_gss_service_name(_cups_client_conf_t *cc, const char *value);
#endif
static void cups_set_server_name(_cups_client_conf_t *cc, const char *value);
#ifdef HAVE_SSL
static void cups_set_ssl_options(_cups_client_conf_t *cc, const char *value);
#endif
static void cups_set_uatokens(_cups_client_conf_t *cc, const char *value);
static void cups_set_user(_cups_client_conf_t *cc, const char *value);
http_encryption_t
cupsEncryption(void)
{
_cups_globals_t *cg = _cupsGlobals();
if (cg->encryption == (http_encryption_t)-1)
_cupsSetDefaults();
return (cg->encryption);
}
const char *
cupsGetPassword(const char *prompt)
{
_cups_globals_t *cg = _cupsGlobals();
return ((cg->password_cb)(prompt, NULL, NULL, NULL, cg->password_data));
}
const char *
cupsGetPassword2(const char *prompt,
http_t *http,
const char *method,
const char *resource)
{
_cups_globals_t *cg = _cupsGlobals();
if (!http)
http = _cupsConnect();
return ((cg->password_cb)(prompt, http, method, resource, cg->password_data));
}
const char *
cupsServer(void)
{
_cups_globals_t *cg = _cupsGlobals();
if (!cg->server[0])
_cupsSetDefaults();
return (cg->server);
}
void
cupsSetClientCertCB(
cups_client_cert_cb_t cb,
void *user_data)
{
_cups_globals_t *cg = _cupsGlobals();
cg->client_cert_cb = cb;
cg->client_cert_data = user_data;
}
int
cupsSetCredentials(
cups_array_t *credentials)
{
_cups_globals_t *cg = _cupsGlobals();
if (cupsArrayCount(credentials) < 1)
return (-1);
#ifdef HAVE_SSL
_httpFreeCredentials(cg->tls_credentials);
cg->tls_credentials = _httpCreateCredentials(credentials);
#endif
return (cg->tls_credentials ? 0 : -1);
}
void
cupsSetEncryption(http_encryption_t e)
{
_cups_globals_t *cg = _cupsGlobals();
cg->encryption = e;
if (cg->http)
httpEncryption(cg->http, e);
}
void
cupsSetPasswordCB(cups_password_cb_t cb)
{
_cups_globals_t *cg = _cupsGlobals();
if (cb == (cups_password_cb_t)0)
cg->password_cb = (cups_password_cb2_t)_cupsGetPassword;
else
cg->password_cb = (cups_password_cb2_t)cb;
cg->password_data = NULL;
}
void
cupsSetPasswordCB2(
cups_password_cb2_t cb,
void *user_data)
{
_cups_globals_t *cg = _cupsGlobals();
if (cb == (cups_password_cb2_t)0)
cg->password_cb = (cups_password_cb2_t)_cupsGetPassword;
else
cg->password_cb = cb;
cg->password_data = user_data;
}
void
cupsSetServer(const char *server)
{
char *options,
*port;
_cups_globals_t *cg = _cupsGlobals();
if (server)
{
strlcpy(cg->server, server, sizeof(cg->server));
if (cg->server[0] != '/' && (options = strrchr(cg->server, '/')) != NULL)
{
*options++ = '\0';
if (!strcmp(options, "version=1.0"))
cg->server_version = 10;
else if (!strcmp(options, "version=1.1"))
cg->server_version = 11;
else if (!strcmp(options, "version=2.0"))
cg->server_version = 20;
else if (!strcmp(options, "version=2.1"))
cg->server_version = 21;
else if (!strcmp(options, "version=2.2"))
cg->server_version = 22;
}
else
cg->server_version = 20;
if (cg->server[0] != '/' && (port = strrchr(cg->server, ':')) != NULL &&
!strchr(port, ']') && isdigit(port[1] & 255))
{
*port++ = '\0';
cg->ipp_port = atoi(port);
}
if (!cg->ipp_port)
cups_set_default_ipp_port(cg);
if (cg->server[0] == '/')
strlcpy(cg->servername, "localhost", sizeof(cg->servername));
else
strlcpy(cg->servername, cg->server, sizeof(cg->servername));
}
else
{
cg->server[0] = '\0';
cg->servername[0] = '\0';
cg->server_version = 20;
cg->ipp_port = 0;
}
if (cg->http)
{
httpClose(cg->http);
cg->http = NULL;
}
}
void
cupsSetServerCertCB(
cups_server_cert_cb_t cb,
void *user_data)
{
_cups_globals_t *cg = _cupsGlobals();
cg->server_cert_cb = cb;
cg->server_cert_data = user_data;
}
void
cupsSetUser(const char *user)
{
_cups_globals_t *cg = _cupsGlobals();
if (user)
strlcpy(cg->user, user, sizeof(cg->user));
else
cg->user[0] = '\0';
}
void
cupsSetUserAgent(const char *user_agent)
{
_cups_globals_t *cg = _cupsGlobals();
#ifdef _WIN32
SYSTEM_INFO sysinfo;
OSVERSIONINFOA version;
const char *machine;
#elif defined(__APPLE__)
struct utsname name;
char version[256];
size_t len;
#else
struct utsname name;
#endif
if (user_agent)
{
strlcpy(cg->user_agent, user_agent, sizeof(cg->user_agent));
return;
}
if (cg->uatokens < _CUPS_UATOKENS_OS)
{
switch (cg->uatokens)
{
default :
case _CUPS_UATOKENS_NONE :
cg->user_agent[0] = '\0';
break;
case _CUPS_UATOKENS_PRODUCT_ONLY :
strlcpy(cg->user_agent, "CUPS IPP", sizeof(cg->user_agent));
break;
case _CUPS_UATOKENS_MAJOR :
snprintf(cg->user_agent, sizeof(cg->user_agent), "CUPS/%d IPP/2", CUPS_VERSION_MAJOR);
break;
case _CUPS_UATOKENS_MINOR :
snprintf(cg->user_agent, sizeof(cg->user_agent), "CUPS/%d.%d IPP/2.1", CUPS_VERSION_MAJOR, CUPS_VERSION_MINOR);
break;
case _CUPS_UATOKENS_MINIMAL :
strlcpy(cg->user_agent, CUPS_MINIMAL " IPP/2.1", sizeof(cg->user_agent));
break;
}
}
#ifdef _WIN32
version.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
GetVersionExA(&version);
GetNativeSystemInfo(&sysinfo);
switch (sysinfo.wProcessorArchitecture)
{
case PROCESSOR_ARCHITECTURE_AMD64 :
machine = "amd64";
break;
case PROCESSOR_ARCHITECTURE_ARM :
machine = "arm";
break;
case PROCESSOR_ARCHITECTURE_IA64 :
machine = "ia64";
break;
case PROCESSOR_ARCHITECTURE_INTEL :
machine = "intel";
break;
default :
machine = "unknown";
break;
}
if (cg->uatokens == _CUPS_UATOKENS_OS)
snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (Windows %d.%d) IPP/2.0", version.dwMajorVersion, version.dwMinorVersion);
else
snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (Windows %d.%d; %s) IPP/2.0", version.dwMajorVersion, version.dwMinorVersion, machine);
#elif defined(__APPLE__)
uname(&name);
len = sizeof(version) - 1;
if (!sysctlbyname("kern.osproductversion", version, &len, NULL, 0))
version[len] = '\0';
else
strlcpy(version, "unknown", sizeof(version));
# if TARGET_OS_OSX
if (cg->uatokens == _CUPS_UATOKENS_OS)
snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (macOS %s) IPP/2.0", version);
else
snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (macOS %s; %s) IPP/2.0", version, name.machine);
# else
if (cg->uatokens == _CUPS_UATOKENS_OS)
snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (iOS %s) IPP/2.0", version);
else
snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (iOS %s; %s) IPP/2.0", version, name.machine);
# endif
#else
uname(&name);
if (cg->uatokens == _CUPS_UATOKENS_OS)
snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (%s %s) IPP/2.0", name.sysname, name.release);
else
snprintf(cg->user_agent, sizeof(cg->user_agent), CUPS_MINIMAL " (%s %s; %s) IPP/2.0", name.sysname, name.release, name.machine);
#endif
}
const char *
cupsUser(void)
{
_cups_globals_t *cg = _cupsGlobals();
if (!cg->user[0])
_cupsSetDefaults();
return (cg->user);
}
const char *
cupsUserAgent(void)
{
_cups_globals_t *cg = _cupsGlobals();
if (!cg->user_agent[0])
cupsSetUserAgent(NULL);
return (cg->user_agent);
}
const char *
_cupsGetPassword(const char *prompt)
{
#ifdef _WIN32
HANDLE tty;
DWORD mode;
char passch,
*passptr,
*passend;
DWORD passbytes;
_cups_globals_t *cg = _cupsGlobals();
if ((tty = GetStdHandle(STD_INPUT_HANDLE)) == INVALID_HANDLE_VALUE)
return (NULL);
if (!GetConsoleMode(tty, &mode))
return (NULL);
if (!SetConsoleMode(tty, 0))
return (NULL);
printf("%s ", prompt);
fflush(stdout);
passptr = cg->password;
passend = cg->password + sizeof(cg->password) - 1;
while (ReadFile(tty, &passch, 1, &passbytes, NULL))
{
if (passch == 0x0A || passch == 0x0D)
{
break;
}
else if (passch == 0x08 || passch == 0x7F)
{
if (passptr > cg->password)
{
passptr --;
fputs("\010 \010", stdout);
}
else
putchar(0x07);
}
else if (passch == 0x15)
{
if (passptr > cg->password)
{
while (passptr > cg->password)
{
passptr --;
fputs("\010 \010", stdout);
}
}
else
putchar(0x07);
}
else if (passch == 0x03)
{
passptr = cg->password;
break;
}
else if ((passch & 255) < 0x20 || passptr >= passend)
putchar(0x07);
else
{
*passptr++ = passch;
putchar(_CUPS_PASSCHAR);
}
fflush(stdout);
}
putchar('\n');
fflush(stdout);
SetConsoleMode(tty, mode);
if (passbytes == 1 && passptr > cg->password)
{
*passptr = '\0';
return (cg->password);
}
else
{
memset(cg->password, 0, sizeof(cg->password));
return (NULL);
}
#else
int tty;
struct termios original,
noecho;
char passch,
*passptr,
*passend;
ssize_t passbytes;
_cups_globals_t *cg = _cupsGlobals();
if ((tty = open("/dev/tty", O_RDONLY)) < 0)
return (NULL);
if (tcgetattr(tty, &original))
{
close(tty);
return (NULL);
}
noecho = original;
noecho.c_lflag &= (tcflag_t)~(ICANON | ECHO | ECHOE | ISIG);
noecho.c_cc[VMIN] = 1;
noecho.c_cc[VTIME] = 0;
if (tcsetattr(tty, TCSAFLUSH, &noecho))
{
close(tty);
return (NULL);
}
printf("%s ", prompt);
fflush(stdout);
passptr = cg->password;
passend = cg->password + sizeof(cg->password) - 1;
while ((passbytes = read(tty, &passch, 1)) == 1)
{
if (passch == noecho.c_cc[VEOL] ||
# ifdef VEOL2
passch == noecho.c_cc[VEOL2] ||
# endif
passch == 0x0A || passch == 0x0D)
{
break;
}
else if (passch == noecho.c_cc[VERASE] ||
passch == 0x08 || passch == 0x7F)
{
if (passptr > cg->password)
{
passptr --;
fputs("\010 \010", stdout);
}
else
putchar(0x07);
}
else if (passch == noecho.c_cc[VKILL])
{
if (passptr > cg->password)
{
while (passptr > cg->password)
{
passptr --;
fputs("\010 \010", stdout);
}
}
else
putchar(0x07);
}
else if (passch == noecho.c_cc[VINTR] || passch == noecho.c_cc[VQUIT] ||
passch == noecho.c_cc[VEOF])
{
passptr = cg->password;
break;
}
else if ((passch & 255) < 0x20 || passptr >= passend)
putchar(0x07);
else
{
*passptr++ = passch;
putchar(_CUPS_PASSCHAR);
}
fflush(stdout);
}
putchar('\n');
fflush(stdout);
tcsetattr(tty, TCSAFLUSH, &original);
close(tty);
if (passbytes == 1 && passptr > cg->password)
{
*passptr = '\0';
return (cg->password);
}
else
{
memset(cg->password, 0, sizeof(cg->password));
return (NULL);
}
#endif
}
#ifdef HAVE_GSSAPI
const char *
_cupsGSSServiceName(void)
{
_cups_globals_t *cg = _cupsGlobals();
if (!cg->gss_service_name[0])
_cupsSetDefaults();
return (cg->gss_service_name);
}
#endif
void
_cupsSetDefaults(void)
{
cups_file_t *fp;
char filename[1024];
_cups_client_conf_t cc;
_cups_globals_t *cg = _cupsGlobals();
DEBUG_puts("_cupsSetDefaults()");
cups_init_client_conf(&cc);
snprintf(filename, sizeof(filename), "%s/client.conf", cg->cups_serverroot);
if ((fp = cupsFileOpen(filename, "r")) != NULL)
{
cups_read_client_conf(fp, &cc);
cupsFileClose(fp);
}
if (cg->home)
{
snprintf(filename, sizeof(filename), "%s/.cups/client.conf", cg->home);
if ((fp = cupsFileOpen(filename, "r")) != NULL)
{
cups_read_client_conf(fp, &cc);
cupsFileClose(fp);
}
}
cups_finalize_client_conf(&cc);
cg->uatokens = cc.uatokens;
if (cg->encryption == (http_encryption_t)-1)
cg->encryption = cc.encryption;
if (!cg->server[0] || !cg->ipp_port)
cupsSetServer(cc.server_name);
if (!cg->ipp_port)
cups_set_default_ipp_port(cg);
if (!cg->user[0])
strlcpy(cg->user, cc.user, sizeof(cg->user));
#ifdef HAVE_GSSAPI
if (!cg->gss_service_name[0])
strlcpy(cg->gss_service_name, cc.gss_service_name, sizeof(cg->gss_service_name));
#endif
if (cg->trust_first < 0)
cg->trust_first = cc.trust_first;
if (cg->any_root < 0)
cg->any_root = cc.any_root;
if (cg->expired_certs < 0)
cg->expired_certs = cc.expired_certs;
if (cg->validate_certs < 0)
cg->validate_certs = cc.validate_certs;
#ifdef HAVE_SSL
_httpTLSSetOptions(cc.ssl_options | _HTTP_TLS_SET_DEFAULT, cc.ssl_min_version, cc.ssl_max_version);
#endif
}
#ifdef __APPLE__
static int
cups_apple_get_boolean(
CFStringRef key,
int *value)
{
Boolean bval,
bval_set;
bval = CFPreferencesGetAppBooleanValue(key, kCUPSPrintingPrefs, &bval_set);
if (bval_set)
*value = (int)bval;
return ((int)bval_set);
}
static int
cups_apple_get_string(
CFStringRef key,
char *value,
size_t valsize)
{
CFStringRef sval;
if ((sval = CFPreferencesCopyAppValue(key, kCUPSPrintingPrefs)) != NULL)
{
Boolean result = CFStringGetCString(sval, value, (CFIndex)valsize, kCFStringEncodingUTF8);
CFRelease(sval);
if (result)
return (1);
}
return (0);
}
#endif
static int
cups_boolean_value(const char *value)
{
return (!_cups_strcasecmp(value, "yes") || !_cups_strcasecmp(value, "on") || !_cups_strcasecmp(value, "true"));
}
static void
cups_finalize_client_conf(
_cups_client_conf_t *cc)
{
const char *value;
if ((value = getenv("CUPS_TRUSTFIRST")) != NULL)
cc->trust_first = cups_boolean_value(value);
if ((value = getenv("CUPS_ANYROOT")) != NULL)
cc->any_root = cups_boolean_value(value);
if ((value = getenv("CUPS_ENCRYPTION")) != NULL)
cups_set_encryption(cc, value);
if ((value = getenv("CUPS_EXPIREDCERTS")) != NULL)
cc->expired_certs = cups_boolean_value(value);
#ifdef HAVE_GSSAPI
if ((value = getenv("CUPS_GSSSERVICENAME")) != NULL)
cups_set_gss_service_name(cc, value);
#endif
if ((value = getenv("CUPS_SERVER")) != NULL)
cups_set_server_name(cc, value);
if ((value = getenv("CUPS_USER")) != NULL)
cups_set_user(cc, value);
if ((value = getenv("CUPS_VALIDATECERTS")) != NULL)
cc->validate_certs = cups_boolean_value(value);
if (cc->trust_first < 0)
cc->trust_first = 1;
if (cc->any_root < 0)
cc->any_root = 1;
if (cc->encryption == (http_encryption_t)-1)
cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED;
if (cc->expired_certs < 0)
cc->expired_certs = 0;
#ifdef HAVE_GSSAPI
if (!cc->gss_service_name[0])
cups_set_gss_service_name(cc, CUPS_DEFAULT_GSSSERVICENAME);
#endif
if (!cc->server_name[0])
{
#if defined(__APPLE__) && !TARGET_OS_OSX
cups_set_server_name(cc, "/private/var/run/printd");
#else
# ifdef CUPS_DEFAULT_DOMAINSOCKET
if (!access(CUPS_DEFAULT_DOMAINSOCKET, R_OK))
cups_set_server_name(cc, CUPS_DEFAULT_DOMAINSOCKET);
else
# endif
cups_set_server_name(cc, "localhost");
#endif
}
if (!cc->user[0])
{
#ifdef _WIN32
DWORD size;
size = sizeof(cc->user);
if (!GetUserNameA(cc->user, &size))
#else
const char *envuser = getenv("USER");
struct passwd *pw = NULL;
if (envuser)
{
if ((pw = getpwnam(envuser)) != NULL && pw->pw_uid != getuid())
pw = NULL;
}
if (!pw)
pw = getpwuid(getuid());
if (pw)
strlcpy(cc->user, pw->pw_name, sizeof(cc->user));
else
#endif
{
strlcpy(cc->user, "unknown", sizeof(cc->user));
}
}
if (cc->validate_certs < 0)
cc->validate_certs = 0;
}
static void
cups_init_client_conf(
_cups_client_conf_t *cc)
{
memset(cc, 0, sizeof(_cups_client_conf_t));
cc->uatokens = _CUPS_UATOKENS_MINIMAL;
#if defined(__APPLE__) && !TARGET_OS_OSX
cups_set_user(cc, "mobile");
#endif
#ifdef HAVE_SSL
cc->ssl_min_version = _HTTP_TLS_1_0;
cc->ssl_max_version = _HTTP_TLS_MAX;
#endif
cc->encryption = (http_encryption_t)-1;
cc->trust_first = -1;
cc->any_root = -1;
cc->expired_certs = -1;
cc->validate_certs = -1;
#if defined(__APPLE__)
char sval[1024];
# ifdef HAVE_SSL
int bval;
if (cups_apple_get_boolean(kAllowAnyRootKey, &bval))
cc->any_root = bval;
if (cups_apple_get_boolean(kAllowExpiredCertsKey, &bval))
cc->expired_certs = bval;
if (cups_apple_get_string(kEncryptionKey, sval, sizeof(sval)))
cups_set_encryption(cc, sval);
if (cups_apple_get_string(kSSLOptionsKey, sval, sizeof(sval)))
{
cups_set_ssl_options(cc, sval);
}
else
{
sval[0] = '\0';
if (cups_apple_get_boolean(kAllowRC4, &bval) && bval)
strlcat(sval, " AllowRC4", sizeof(sval));
if (cups_apple_get_boolean(kAllowSSL3, &bval) && bval)
strlcat(sval, " AllowSSL3", sizeof(sval));
if (cups_apple_get_boolean(kAllowDH, &bval) && bval)
strlcat(sval, " AllowDH", sizeof(sval));
if (sval[0])
cups_set_ssl_options(cc, sval);
}
if (cups_apple_get_boolean(kTrustOnFirstUseKey, &bval))
cc->trust_first = bval;
if (cups_apple_get_boolean(kValidateCertsKey, &bval))
cc->validate_certs = bval;
# endif
if (cups_apple_get_string(kUserKey, sval, sizeof(sval)))
strlcpy(cc->user, sval, sizeof(cc->user));
if (cups_apple_get_string(kUserAgentTokensKey, sval, sizeof(sval)))
cups_set_uatokens(cc, sval);
#endif
}
static void
cups_read_client_conf(
cups_file_t *fp,
_cups_client_conf_t *cc)
{
int linenum;
char line[1024],
*value;
linenum = 0;
while (cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
{
if (!_cups_strcasecmp(line, "Encryption") && value)
cups_set_encryption(cc, value);
#ifndef __APPLE__
else if (!_cups_strcasecmp(line, "ServerName") && value)
cups_set_server_name(cc, value);
#endif
else if (!_cups_strcasecmp(line, "User") && value)
cups_set_user(cc, value);
else if (!_cups_strcasecmp(line, "UserAgentTokens") && value)
cups_set_uatokens(cc, value);
else if (!_cups_strcasecmp(line, "TrustOnFirstUse") && value)
cc->trust_first = cups_boolean_value(value);
else if (!_cups_strcasecmp(line, "AllowAnyRoot") && value)
cc->any_root = cups_boolean_value(value);
else if (!_cups_strcasecmp(line, "AllowExpiredCerts") &&
value)
cc->expired_certs = cups_boolean_value(value);
else if (!_cups_strcasecmp(line, "ValidateCerts") && value)
cc->validate_certs = cups_boolean_value(value);
#ifdef HAVE_GSSAPI
else if (!_cups_strcasecmp(line, "GSSServiceName") && value)
cups_set_gss_service_name(cc, value);
#endif
#ifdef HAVE_SSL
else if (!_cups_strcasecmp(line, "SSLOptions") && value)
cups_set_ssl_options(cc, value);
#endif
}
}
static void
cups_set_default_ipp_port(
_cups_globals_t *cg)
{
const char *ipp_port;
if ((ipp_port = getenv("IPP_PORT")) != NULL)
{
if ((cg->ipp_port = atoi(ipp_port)) <= 0)
cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
}
else
cg->ipp_port = CUPS_DEFAULT_IPP_PORT;
}
static void
cups_set_encryption(
_cups_client_conf_t *cc,
const char *value)
{
if (!_cups_strcasecmp(value, "never"))
cc->encryption = HTTP_ENCRYPTION_NEVER;
else if (!_cups_strcasecmp(value, "always"))
cc->encryption = HTTP_ENCRYPTION_ALWAYS;
else if (!_cups_strcasecmp(value, "required"))
cc->encryption = HTTP_ENCRYPTION_REQUIRED;
else
cc->encryption = HTTP_ENCRYPTION_IF_REQUESTED;
}
#ifdef HAVE_GSSAPI
static void
cups_set_gss_service_name(
_cups_client_conf_t *cc,
const char *value)
{
strlcpy(cc->gss_service_name, value, sizeof(cc->gss_service_name));
}
#endif
static void
cups_set_server_name(
_cups_client_conf_t *cc,
const char *value)
{
strlcpy(cc->server_name, value, sizeof(cc->server_name));
}
#ifdef HAVE_SSL
static void
cups_set_ssl_options(
_cups_client_conf_t *cc,
const char *value)
{
int options = _HTTP_TLS_NONE,
min_version = _HTTP_TLS_1_0,
max_version = _HTTP_TLS_MAX;
char temp[256],
*start,
*end;
strlcpy(temp, value, sizeof(temp));
for (start = temp; *start; start = end)
{
end = start;
while (*end && !_cups_isspace(*end))
end ++;
if (*end)
*end++ = '\0';
if (!_cups_strcasecmp(start, "AllowRC4"))
options |= _HTTP_TLS_ALLOW_RC4;
else if (!_cups_strcasecmp(start, "AllowSSL3"))
min_version = _HTTP_TLS_SSL3;
else if (!_cups_strcasecmp(start, "AllowDH"))
options |= _HTTP_TLS_ALLOW_DH;
else if (!_cups_strcasecmp(start, "DenyCBC"))
options |= _HTTP_TLS_DENY_CBC;
else if (!_cups_strcasecmp(start, "DenyTLS1.0"))
min_version = _HTTP_TLS_1_1;
else if (!_cups_strcasecmp(start, "MaxTLS1.0"))
max_version = _HTTP_TLS_1_0;
else if (!_cups_strcasecmp(start, "MaxTLS1.1"))
max_version = _HTTP_TLS_1_1;
else if (!_cups_strcasecmp(start, "MaxTLS1.2"))
max_version = _HTTP_TLS_1_2;
else if (!_cups_strcasecmp(start, "MaxTLS1.3"))
max_version = _HTTP_TLS_1_3;
else if (!_cups_strcasecmp(start, "MinTLS1.0"))
min_version = _HTTP_TLS_1_0;
else if (!_cups_strcasecmp(start, "MinTLS1.1"))
min_version = _HTTP_TLS_1_1;
else if (!_cups_strcasecmp(start, "MinTLS1.2"))
min_version = _HTTP_TLS_1_2;
else if (!_cups_strcasecmp(start, "MinTLS1.3"))
min_version = _HTTP_TLS_1_3;
else if (!_cups_strcasecmp(start, "None"))
options = _HTTP_TLS_NONE;
}
cc->ssl_options = options;
cc->ssl_max_version = max_version;
cc->ssl_min_version = min_version;
DEBUG_printf(("4cups_set_ssl_options(cc=%p, value=\"%s\") options=%x, min_version=%d, max_version=%d", (void *)cc, value, options, min_version, max_version));
}
#endif
static void
cups_set_uatokens(
_cups_client_conf_t *cc,
const char *value)
{
int i;
static const char * const uatokens[] =
{
"NONE",
"PRODUCTONLY",
"MAJOR",
"MINOR",
"MINIMAL",
"OS",
"FULL"
};
for (i = 0; i < (int)(sizeof(uatokens) / sizeof(uatokens[0])); i ++)
{
if (!_cups_strcasecmp(value, uatokens[i]))
{
cc->uatokens = (_cups_uatokens_t)i;
return;
}
}
}
static void
cups_set_user(
_cups_client_conf_t *cc,
const char *value)
{
strlcpy(cc->user, value, sizeof(cc->user));
}