📄 conf.c
字号:
parent->limit = AUTH_LIMIT_ALL; loc = parent; while (cupsFileGets(fp, line, sizeof(line)) != NULL) { linenum ++; /* * Skip comment lines... */ if (line[0] == '#') continue; /* * Strip trailing whitespace, if any... */ len = strlen(line); while (len > 0 && isspace(line[len - 1] & 255)) { len --; line[len] = '\0'; } /* * Extract the name from the beginning of the line... */ for (value = line; isspace(*value & 255); value ++); for (nameptr = name; *value != '\0' && !isspace(*value & 255) && nameptr < (name + sizeof(name) - 1);) *nameptr++ = *value++; *nameptr = '\0'; while (isspace(*value & 255)) value ++; if (name[0] == '\0') continue; /* * Decode the directive... */ if (strcasecmp(name, "</Location>") == 0) return (linenum); else if (strcasecmp(name, "<Limit") == 0 || strcasecmp(name, "<LimitExcept") == 0) { if ((loc = CopyLocation(&parent)) == NULL) return (0); loc->limit = 0; while (*value) { for (valptr = value; !isspace(*valptr & 255) && *valptr != '>' && *valptr; valptr ++); if (*valptr) *valptr++ = '\0'; if (strcmp(value, "ALL") == 0) loc->limit = AUTH_LIMIT_ALL; else if (strcmp(value, "GET") == 0) loc->limit |= AUTH_LIMIT_GET; else if (strcmp(value, "HEAD") == 0) loc->limit |= AUTH_LIMIT_HEAD; else if (strcmp(value, "OPTIONS") == 0) loc->limit |= AUTH_LIMIT_OPTIONS; else if (strcmp(value, "POST") == 0) loc->limit |= AUTH_LIMIT_POST; else if (strcmp(value, "PUT") == 0) loc->limit |= AUTH_LIMIT_PUT; else if (strcmp(value, "TRACE") == 0) loc->limit |= AUTH_LIMIT_TRACE; else LogMessage(L_WARN, "Unknown request type %s on line %d!", value, linenum); for (value = valptr; isspace(*value & 255) || *value == '>'; value ++); } if (strcasecmp(name, "<LimitExcept") == 0) loc->limit = AUTH_LIMIT_ALL ^ loc->limit; parent->limit &= ~loc->limit; } else if (strcasecmp(name, "</Limit>") == 0) loc = parent; else if (strcasecmp(name, "Encryption") == 0) { /* * "Encryption xxx" - set required encryption level... */ if (strcasecmp(value, "never") == 0) loc->encryption = HTTP_ENCRYPT_NEVER; else if (strcasecmp(value, "always") == 0) { LogMessage(L_ERROR, "Encryption value \"%s\" on line %d is invalid in this context. " "Using \"required\" instead.", value, linenum); loc->encryption = HTTP_ENCRYPT_REQUIRED; } else if (strcasecmp(value, "required") == 0) loc->encryption = HTTP_ENCRYPT_REQUIRED; else if (strcasecmp(value, "ifrequested") == 0) loc->encryption = HTTP_ENCRYPT_IF_REQUESTED; else LogMessage(L_ERROR, "Unknown Encryption value %s on line %d.", value, linenum); } else if (strcasecmp(name, "Order") == 0) { /* * "Order Deny,Allow" or "Order Allow,Deny"... */ if (strncasecmp(value, "deny", 4) == 0) loc->order_type = AUTH_ALLOW; else if (strncasecmp(value, "allow", 5) == 0) loc->order_type = AUTH_DENY; else LogMessage(L_ERROR, "Unknown Order value %s on line %d.", value, linenum); } else if (strcasecmp(name, "Allow") == 0 || strcasecmp(name, "Deny") == 0) { /* * Allow [From] host/ip... * Deny [From] host/ip... */ if (strncasecmp(value, "from", 4) == 0) { /* * Strip leading "from"... */ value += 4; while (isspace(*value & 255)) value ++; } /* * Figure out what form the allow/deny address takes: * * All * None * *.domain.com * .domain.com * host.domain.com * nnn.* * nnn.nnn.* * nnn.nnn.nnn.* * nnn.nnn.nnn.nnn * nnn.nnn.nnn.nnn/mm * nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm */ if (strcasecmp(value, "all") == 0) { /* * All hosts... */ if (strcasecmp(name, "Allow") == 0) AllowIP(loc, 0, 0); else DenyIP(loc, 0, 0); } else if (strcasecmp(value, "none") == 0) { /* * No hosts... */ if (strcasecmp(name, "Allow") == 0) AllowIP(loc, ~0, 0); else DenyIP(loc, ~0, 0); } else if (value[0] == '*' || value[0] == '.' || !isdigit(value[0] & 255)) { /* * Host or domain name... */ if (value[0] == '*') value ++; if (strcasecmp(name, "Allow") == 0) AllowHost(loc, value); else DenyHost(loc, value); } else { /* * One of many IP address forms... */ memset(ip, 0, sizeof(ip)); ipcount = sscanf(value, "%d.%d.%d.%d", ip + 0, ip + 1, ip + 2, ip + 3); address = (((((ip[0] << 8) | ip[1]) << 8) | ip[2]) << 8) | ip[3]; if ((value = strchr(value, '/')) != NULL) { value ++; memset(mask, 0, sizeof(mask)); switch (sscanf(value, "%d.%d.%d.%d", mask + 0, mask + 1, mask + 2, mask + 3)) { case 1 : netmask = (0xffffffff << (32 - mask[0])) & 0xffffffff; break; case 4 : netmask = (((((mask[0] << 8) | mask[1]) << 8) | mask[2]) << 8) | mask[3]; break; default : LogMessage(L_ERROR, "Bad netmask value %s on line %d.", value, linenum); netmask = 0xffffffff; break; } } else netmask = netmasks[ipcount - 1]; if ((address & ~netmask) != 0) { LogMessage(L_WARN, "Discarding extra bits in %s address %08x for netmask %08x...", name, address, netmask); address &= netmask; } if (strcasecmp(name, "Allow") == 0) AllowIP(loc, address, netmask); else DenyIP(loc, address, netmask); } } else if (strcasecmp(name, "AuthType") == 0) { /* * AuthType {none,basic,digest,basicdigest} */ if (strcasecmp(value, "none") == 0) { loc->type = AUTH_NONE; loc->level = AUTH_ANON; } else if (strcasecmp(value, "basic") == 0) { loc->type = AUTH_BASIC; if (loc->level == AUTH_ANON) loc->level = AUTH_USER; } else if (strcasecmp(value, "digest") == 0) { loc->type = AUTH_DIGEST; if (loc->level == AUTH_ANON) loc->level = AUTH_USER; } else if (strcasecmp(value, "basicdigest") == 0) { loc->type = AUTH_BASICDIGEST; if (loc->level == AUTH_ANON) loc->level = AUTH_USER; } else LogMessage(L_WARN, "Unknown authorization type %s on line %d.", value, linenum); } else if (strcasecmp(name, "AuthClass") == 0) { /* * AuthClass anonymous, user, system, group */ if (strcasecmp(value, "anonymous") == 0) { loc->type = AUTH_NONE; loc->level = AUTH_ANON; } else if (strcasecmp(value, "user") == 0) loc->level = AUTH_USER; else if (strcasecmp(value, "group") == 0) loc->level = AUTH_GROUP; else if (strcasecmp(value, "system") == 0) { loc->level = AUTH_GROUP; /* * Use the default system group if none is defined so far... */ if (NumSystemGroups == 0) NumSystemGroups = 1; for (i = 0; i < NumSystemGroups; i ++) AddName(loc, SystemGroups[i]); } else LogMessage(L_WARN, "Unknown authorization class %s on line %d.", value, linenum); } else if (strcasecmp(name, "AuthGroupName") == 0) AddName(loc, value); else if (strcasecmp(name, "Require") == 0) { /* * Apache synonym for AuthClass and AuthGroupName... * * Get initial word: * * Require valid-user * Require group names * Require user names */ for (valptr = value; !isspace(*valptr & 255) && *valptr != '>' && *valptr; valptr ++); if (*valptr) *valptr++ = '\0'; if (strcasecmp(value, "valid-user") == 0 || strcasecmp(value, "user") == 0) loc->level = AUTH_USER; else if (strcasecmp(value, "group") == 0) loc->level = AUTH_GROUP; else { LogMessage(L_WARN, "Unknown Require type %s on line %d.", value, linenum); continue; } /* * Get the list of names from the line... */ for (value = valptr; *value;) { for (valptr = value; !isspace(*valptr & 255) && *valptr; valptr ++); if (*valptr) *valptr++ = '\0'; AddName(loc, value); for (value = valptr; isspace(*value & 255); value ++); } } else if (strcasecmp(name, "Satisfy") == 0) { if (strcasecmp(value, "all") == 0) loc->satisfy = AUTH_SATISFY_ALL; else if (strcasecmp(value, "any") == 0) loc->satisfy = AUTH_SATISFY_ANY; else LogMessage(L_WARN, "Unknown Satisfy value %s on line %d.", value, linenum); } else LogMessage(L_ERROR, "Unknown Location directive %s on line %d.", name, linenum); } return (0);}#endif/* * 'get_address()' - Get an address + port number from a line. */static int /* O - 1 if address good, 0 if bad */get_address(char *value, /* I - Value string */ unsigned defaddress, /* I - Default address */ int defport, /* I - Default port */ struct sockaddr_in *address) /* O - Socket address */{ char hostname[256], /* Hostname or IP */ portname[256]; /* Port number or name */ struct hostent *host; /* Host address */ struct servent *port; /* Port number */ /* * Initialize the socket address to the defaults... */ memset(address, 0, sizeof(struct sockaddr_in)); address->sin_family = AF_INET; address->sin_addr.s_addr = htonl(defaddress); address->sin_port = htons(defport); /* * Try to grab a hostname and port number... */ switch (sscanf(value, "%255[^:]:%255s", hostname, portname)) { case 1 : if (strchr(hostname, '.') == NULL && defaddress == INADDR_ANY) { /* * Hostname is a port number... */ strlcpy(portname, hostname, sizeof(portname)); hostname[0] = '\0'; } else portname[0] = '\0'; break; case 2 : break; default : LogMessage(L_ERROR, "Unable to decode address \"%s\"!", value); return (0); } /* * Decode the hostname and port number as needed... */ if (hostname[0] && strcmp(hostname, "*")) { if ((host = httpGetHostByName(hostname)) == NULL) { LogMessage(L_ERROR, "httpGetHostByName(\"%s\") failed - %s!", hostname, hstrerror(h_errno)); return (0); } memcpy(&(address->sin_addr), host->h_addr, host->h_length); address->sin_port = htons(defport); } if (portname[0] != '\0') { if (isdigit(portname[0] & 255)) address->sin_port = htons(atoi(portname)); else { if ((port = getservbyname(portname, NULL)) == NULL) { LogMessage(L_ERROR, "getservbyname(\"%s\") failed - %s!", portname, strerror(errno)); return (0); } else address->sin_port = htons(port->s_port); } } return (1);}#ifdef HAVE_CDSASSL/* * 'CDSAGetServerCerts()' - Convert a keychain name into the CFArrayRef * required by SSLSetCertificate. * * For now we assumes that there is exactly one SecIdentity in the * keychain - i.e. there is exactly one matching cert/private key pair. * In the future we will search a keychain for a SecIdentity matching a * specific criteria. We also skip the operation of adding additional * non-signing certs from the keychain to the CFArrayRef. * * To create a self-signed certificate for testing use the certtool. * Executing the following as root will do it: * * certtool c c v k=CUPS */static CFArrayRefCDSAGetServerCerts(void){ OSStatus err; /* Error info */ SecKeychainRef kcRef; /* Keychain reference */ SecIdentitySearchRef srchRef; /* Search reference */ SecIdentityRef identity; /* Identity */ CFArrayRef ca; /* Certificate array */ kcRef = NULL; srchRef = NULL; identity = NULL; ca = NULL; err = SecKeychainOpen(ServerCertificate, &kcRef); if (err) LogMessage(L_ERROR, "Cannot open keychain \"%s\", error %d.", ServerCertificate, err); else { /* * Search for "any" identity matching specified key use; * in this app, we expect there to be exactly one. */ err = SecIdentitySearchCreate(kcRef, CSSM_KEYUSE_SIGN, &srchRef); if (err) LogMessage(L_ERROR, "Cannot find signing key in keychain \"%s\", error %d", ServerCertificate, err); else { err = SecIdentitySearchCopyNext(srchRef, &identity); if (err) LogMessage(L_ERROR, "Cannot find signing key in keychain \"%s\", error %d", ServerCertificate, err); else { if (CFGetTypeID(identity) != SecIdentityGetTypeID()) LogMessage(L_ERROR, "SecIdentitySearchCopyNext CFTypeID failure!"); else { /* * Found one. Place it in a CFArray. * TBD: snag other (non-identity) certs from keychain and add them * to array as well. */ ca = CFArrayCreate(NULL, (const void **)&identity, 1, NULL); if (ca == nil) LogMessage(L_ERROR, "CFArrayCreate error"); } /*CFRelease(identity);*/ } /*CFRelease(srchRef);*/ } /*CFRelease(kcRef);*/ } return ca;}#endif /* HAVE_CDSASSL *//* * End of "$Id: conf.c,v 1.152 2005/01/03 19:29:59 mike Exp $". */⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -