xref: /aosp_15_r20/external/libcups/scheduler/auth.h (revision 5e7646d21f1134fb0638875d812ef646c12ab91e) 
1*5e7646d2SAndroid Build Coastguard Worker /*
2*5e7646d2SAndroid Build Coastguard Worker  * Authorization definitions for the CUPS scheduler.
3*5e7646d2SAndroid Build Coastguard Worker  *
4*5e7646d2SAndroid Build Coastguard Worker  * Copyright 2007-2014 by Apple Inc.
5*5e7646d2SAndroid Build Coastguard Worker  * Copyright 1997-2006 by Easy Software Products, all rights reserved.
6*5e7646d2SAndroid Build Coastguard Worker  *
7*5e7646d2SAndroid Build Coastguard Worker  * Licensed under Apache License v2.0.  See the file "LICENSE" for more information.
8*5e7646d2SAndroid Build Coastguard Worker  */
9*5e7646d2SAndroid Build Coastguard Worker 
10*5e7646d2SAndroid Build Coastguard Worker /*
11*5e7646d2SAndroid Build Coastguard Worker  * Include necessary headers...
12*5e7646d2SAndroid Build Coastguard Worker  */
13*5e7646d2SAndroid Build Coastguard Worker 
14*5e7646d2SAndroid Build Coastguard Worker #include <pwd.h>
15*5e7646d2SAndroid Build Coastguard Worker 
16*5e7646d2SAndroid Build Coastguard Worker 
17*5e7646d2SAndroid Build Coastguard Worker /*
18*5e7646d2SAndroid Build Coastguard Worker  * HTTP authorization types and levels...
19*5e7646d2SAndroid Build Coastguard Worker  */
20*5e7646d2SAndroid Build Coastguard Worker 
21*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_DEFAULT	-1	/* Use DefaultAuthType */
22*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_NONE		0	/* No authentication */
23*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_BASIC	1	/* Basic authentication */
24*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_NEGOTIATE	2	/* Kerberos authentication */
25*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_AUTO		3	/* Kerberos or Basic, depending on configuration of server */
26*5e7646d2SAndroid Build Coastguard Worker 
27*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_ANON		0	/* Anonymous access */
28*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_USER		1	/* Must have a valid username/password */
29*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_GROUP	2	/* Must also be in a named group */
30*5e7646d2SAndroid Build Coastguard Worker 
31*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_ALLOW	0	/* Allow access */
32*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_DENY		1	/* Deny access */
33*5e7646d2SAndroid Build Coastguard Worker 
34*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_NAME		0	/* Authorize host by name */
35*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_IP		1	/* Authorize host by IP */
36*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_INTERFACE	2	/* Authorize host by interface */
37*5e7646d2SAndroid Build Coastguard Worker 
38*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_SATISFY_ALL	0	/* Satisfy both address and auth */
39*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_SATISFY_ANY	1	/* Satisfy either address or auth */
40*5e7646d2SAndroid Build Coastguard Worker 
41*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_LIMIT_DELETE	1	/* Limit DELETE requests */
42*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_LIMIT_GET	2	/* Limit GET requests */
43*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_LIMIT_HEAD	4	/* Limit HEAD requests */
44*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_LIMIT_OPTIONS 8	/* Limit OPTIONS requests */
45*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_LIMIT_POST	16	/* Limit POST requests */
46*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_LIMIT_PUT	32	/* Limit PUT requests */
47*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_LIMIT_TRACE	64	/* Limit TRACE requests */
48*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_LIMIT_ALL	127	/* Limit all requests */
49*5e7646d2SAndroid Build Coastguard Worker #define CUPSD_AUTH_LIMIT_IPP	128	/* Limit IPP requests */
50*5e7646d2SAndroid Build Coastguard Worker 
51*5e7646d2SAndroid Build Coastguard Worker #define IPP_ANY_OPERATION	(ipp_op_t)0
52*5e7646d2SAndroid Build Coastguard Worker 					/* Any IPP operation */
53*5e7646d2SAndroid Build Coastguard Worker #define IPP_BAD_OPERATION	(ipp_op_t)-1
54*5e7646d2SAndroid Build Coastguard Worker 					/* No IPP operation */
55*5e7646d2SAndroid Build Coastguard Worker 
56*5e7646d2SAndroid Build Coastguard Worker 
57*5e7646d2SAndroid Build Coastguard Worker /*
58*5e7646d2SAndroid Build Coastguard Worker  * HTTP access control structures...
59*5e7646d2SAndroid Build Coastguard Worker  */
60*5e7646d2SAndroid Build Coastguard Worker 
61*5e7646d2SAndroid Build Coastguard Worker typedef struct
62*5e7646d2SAndroid Build Coastguard Worker {
63*5e7646d2SAndroid Build Coastguard Worker   unsigned	address[4],		/* IP address */
64*5e7646d2SAndroid Build Coastguard Worker 		netmask[4];		/* IP netmask */
65*5e7646d2SAndroid Build Coastguard Worker } cupsd_ipmask_t;
66*5e7646d2SAndroid Build Coastguard Worker 
67*5e7646d2SAndroid Build Coastguard Worker typedef struct
68*5e7646d2SAndroid Build Coastguard Worker {
69*5e7646d2SAndroid Build Coastguard Worker   size_t	length;			/* Length of name */
70*5e7646d2SAndroid Build Coastguard Worker   char		*name;			/* Name string */
71*5e7646d2SAndroid Build Coastguard Worker } cupsd_namemask_t;
72*5e7646d2SAndroid Build Coastguard Worker 
73*5e7646d2SAndroid Build Coastguard Worker typedef struct
74*5e7646d2SAndroid Build Coastguard Worker {
75*5e7646d2SAndroid Build Coastguard Worker   int		type;			/* Mask type */
76*5e7646d2SAndroid Build Coastguard Worker   union
77*5e7646d2SAndroid Build Coastguard Worker   {
78*5e7646d2SAndroid Build Coastguard Worker     cupsd_namemask_t	name;		/* Host/Domain name */
79*5e7646d2SAndroid Build Coastguard Worker     cupsd_ipmask_t	ip;		/* IP address/network */
80*5e7646d2SAndroid Build Coastguard Worker   }		mask;			/* Mask data */
81*5e7646d2SAndroid Build Coastguard Worker } cupsd_authmask_t;
82*5e7646d2SAndroid Build Coastguard Worker 
83*5e7646d2SAndroid Build Coastguard Worker typedef struct
84*5e7646d2SAndroid Build Coastguard Worker {
85*5e7646d2SAndroid Build Coastguard Worker   char			*location;	/* Location of resource */
86*5e7646d2SAndroid Build Coastguard Worker   size_t		length;		/* Length of location string */
87*5e7646d2SAndroid Build Coastguard Worker   ipp_op_t		op;		/* IPP operation */
88*5e7646d2SAndroid Build Coastguard Worker   int			limit,		/* Limit for these types of requests */
89*5e7646d2SAndroid Build Coastguard Worker 			order_type,	/* Allow or Deny */
90*5e7646d2SAndroid Build Coastguard Worker 			type,		/* Type of authentication */
91*5e7646d2SAndroid Build Coastguard Worker 			level,		/* Access level required */
92*5e7646d2SAndroid Build Coastguard Worker 			satisfy;	/* Satisfy any or all limits? */
93*5e7646d2SAndroid Build Coastguard Worker   cups_array_t		*names,		/* User or group names */
94*5e7646d2SAndroid Build Coastguard Worker 			*allow,		/* Allow lines */
95*5e7646d2SAndroid Build Coastguard Worker 			*deny;		/* Deny lines */
96*5e7646d2SAndroid Build Coastguard Worker   http_encryption_t	encryption;	/* To encrypt or not to encrypt... */
97*5e7646d2SAndroid Build Coastguard Worker } cupsd_location_t;
98*5e7646d2SAndroid Build Coastguard Worker 
99*5e7646d2SAndroid Build Coastguard Worker typedef struct cupsd_client_s cupsd_client_t;
100*5e7646d2SAndroid Build Coastguard Worker 
101*5e7646d2SAndroid Build Coastguard Worker 
102*5e7646d2SAndroid Build Coastguard Worker /*
103*5e7646d2SAndroid Build Coastguard Worker  * Globals...
104*5e7646d2SAndroid Build Coastguard Worker  */
105*5e7646d2SAndroid Build Coastguard Worker 
106*5e7646d2SAndroid Build Coastguard Worker VAR cups_array_t	*Locations	VALUE(NULL);
107*5e7646d2SAndroid Build Coastguard Worker 					/* Authorization locations */
108*5e7646d2SAndroid Build Coastguard Worker #ifdef HAVE_SSL
109*5e7646d2SAndroid Build Coastguard Worker VAR http_encryption_t	DefaultEncryption VALUE(HTTP_ENCRYPT_REQUIRED);
110*5e7646d2SAndroid Build Coastguard Worker 					/* Default encryption for authentication */
111*5e7646d2SAndroid Build Coastguard Worker #endif /* HAVE_SSL */
112*5e7646d2SAndroid Build Coastguard Worker 
113*5e7646d2SAndroid Build Coastguard Worker 
114*5e7646d2SAndroid Build Coastguard Worker /*
115*5e7646d2SAndroid Build Coastguard Worker  * Prototypes...
116*5e7646d2SAndroid Build Coastguard Worker  */
117*5e7646d2SAndroid Build Coastguard Worker 
118*5e7646d2SAndroid Build Coastguard Worker extern int		cupsdAddIPMask(cups_array_t **masks,
119*5e7646d2SAndroid Build Coastguard Worker 				       const unsigned address[4],
120*5e7646d2SAndroid Build Coastguard Worker 				       const unsigned netmask[4]);
121*5e7646d2SAndroid Build Coastguard Worker extern void		cupsdAddLocation(cupsd_location_t *loc);
122*5e7646d2SAndroid Build Coastguard Worker extern void		cupsdAddName(cupsd_location_t *loc, char *name);
123*5e7646d2SAndroid Build Coastguard Worker extern int		cupsdAddNameMask(cups_array_t **masks, char *name);
124*5e7646d2SAndroid Build Coastguard Worker extern void		cupsdAuthorize(cupsd_client_t *con);
125*5e7646d2SAndroid Build Coastguard Worker extern int		cupsdCheckAccess(unsigned ip[4], const char *name, size_t namelen, cupsd_location_t *loc);
126*5e7646d2SAndroid Build Coastguard Worker extern int		cupsdCheckAuth(unsigned ip[4], const char *name, size_t namelen, cups_array_t *masks);
127*5e7646d2SAndroid Build Coastguard Worker extern int		cupsdCheckGroup(const char *username,
128*5e7646d2SAndroid Build Coastguard Worker 			                struct passwd *user,
129*5e7646d2SAndroid Build Coastguard Worker 			                const char *groupname);
130*5e7646d2SAndroid Build Coastguard Worker extern cupsd_location_t	*cupsdCopyLocation(cupsd_location_t *loc);
131*5e7646d2SAndroid Build Coastguard Worker extern void		cupsdDeleteAllLocations(void);
132*5e7646d2SAndroid Build Coastguard Worker extern cupsd_location_t	*cupsdFindBest(const char *path, http_state_t state);
133*5e7646d2SAndroid Build Coastguard Worker extern cupsd_location_t	*cupsdFindLocation(const char *location);
134*5e7646d2SAndroid Build Coastguard Worker extern void		cupsdFreeLocation(cupsd_location_t *loc);
135*5e7646d2SAndroid Build Coastguard Worker extern http_status_t	cupsdIsAuthorized(cupsd_client_t *con, const char *owner);
136*5e7646d2SAndroid Build Coastguard Worker extern cupsd_location_t	*cupsdNewLocation(const char *location);
137