static int /* O - Status */
read_write_tests(int compression) /* I - Use compression? */
{
int i; /* Looping var */
cups_file_t *fp; /* File */
int status; /* Exit status */
char line[1024], /* Line from file */
*value; /* Directive value from line */
int linenum; /* Line number */
unsigned char readbuf[8192], /* Read buffer */
writebuf[8192]; /* Write buffer */
int byte; /* Byte from file */
off_t length; /* Length of file */
static const char *partial_line = "partial line";
/* Partial line */
/*
* No errors so far...
*/
status = 0;
/*
* Initialize the write buffer with random data...
*/
CUPS_SRAND((unsigned)time(NULL));
for (i = 0; i < (int)sizeof(writebuf); i ++)
writebuf[i] = CUPS_RAND();
/*
* cupsFileOpen(write)
*/
printf("cupsFileOpen(write%s): ", compression ? " compressed" : "");
fp = cupsFileOpen(compression ? "testfile.dat.gz" : "testfile.dat",
compression ? "w9" : "w");
if (fp)
{
puts("PASS");
/*
* cupsFileCompression()
*/
fputs("cupsFileCompression(): ", stdout);
if (cupsFileCompression(fp) == compression)
puts("PASS");
else
{
printf("FAIL (Got %d, expected %d)\n", cupsFileCompression(fp),
compression);
status ++;
}
/*
* cupsFilePuts()
*/
fputs("cupsFilePuts(): ", stdout);
if (cupsFilePuts(fp, "# Hello, World\n") > 0)
puts("PASS");
else
{
printf("FAIL (%s)\n", strerror(errno));
status ++;
}
/*
* cupsFilePrintf()
*/
fputs("cupsFilePrintf(): ", stdout);
for (i = 0; i < 1000; i ++)
if (cupsFilePrintf(fp, "TestLine %03d\n", i) < 0)
break;
if (i >= 1000)
puts("PASS");
else
{
printf("FAIL (%s)\n", strerror(errno));
status ++;
}
/*
* cupsFilePutChar()
*/
fputs("cupsFilePutChar(): ", stdout);
for (i = 0; i < 256; i ++)
if (cupsFilePutChar(fp, i) < 0)
break;
if (i >= 256)
puts("PASS");
else
{
printf("FAIL (%s)\n", strerror(errno));
status ++;
}
/*
* cupsFileWrite()
*/
fputs("cupsFileWrite(): ", stdout);
for (i = 0; i < 10000; i ++)
if (cupsFileWrite(fp, (char *)writebuf, sizeof(writebuf)) < 0)
break;
if (i >= 10000)
puts("PASS");
else
{
printf("FAIL (%s)\n", strerror(errno));
status ++;
}
/*
* cupsFilePuts() with partial line...
*/
fputs("cupsFilePuts(\"partial line\"): ", stdout);
if (cupsFilePuts(fp, partial_line) > 0)
puts("PASS");
else
{
printf("FAIL (%s)\n", strerror(errno));
status ++;
}
/*
* cupsFileTell()
*/
fputs("cupsFileTell(): ", stdout);
if ((length = cupsFileTell(fp)) == 81933283)
puts("PASS");
else
{
printf("FAIL (" CUPS_LLFMT " instead of 81933283)\n", CUPS_LLCAST length);
status ++;
}
/*
* cupsFileClose()
*/
fputs("cupsFileClose(): ", stdout);
if (!cupsFileClose(fp))
puts("PASS");
else
{
printf("FAIL (%s)\n", strerror(errno));
status ++;
}
}
else
{
printf("FAIL (%s)\n", strerror(errno));
status ++;
}
/*
* cupsFileOpen(read)
*/
fputs("\ncupsFileOpen(read): ", stdout);
fp = cupsFileOpen(compression ? "testfile.dat.gz" : "testfile.dat", "r");
if (fp)
{
puts("PASS");
/*
* cupsFileGets()
*/
fputs("cupsFileGets(): ", stdout);
if (cupsFileGets(fp, line, sizeof(line)))
{
if (line[0] == '#')
puts("PASS");
else
{
printf("FAIL (Got line \"%s\", expected comment line)\n", line);
status ++;
}
}
else
{
printf("FAIL (%s)\n", strerror(errno));
status ++;
}
/*
* cupsFileCompression()
*/
fputs("cupsFileCompression(): ", stdout);
if (cupsFileCompression(fp) == compression)
puts("PASS");
else
{
printf("FAIL (Got %d, expected %d)\n", cupsFileCompression(fp),
compression);
status ++;
}
/*
* cupsFileGetConf()
*/
linenum = 1;
fputs("cupsFileGetConf(): ", stdout);
for (i = 0; i < 1000; i ++)
if (!cupsFileGetConf(fp, line, sizeof(line), &value, &linenum))
break;
else if (_cups_strcasecmp(line, "TestLine") || !value || atoi(value) != i ||
linenum != (i + 2))
break;
if (i >= 1000)
puts("PASS");
else if (line[0])
{
printf("FAIL (Line %d, directive \"%s\", value \"%s\")\n", linenum,
line, value ? value : "(null)");
status ++;
}
else
{
printf("FAIL (%s)\n", strerror(errno));
status ++;
}
/*
* cupsFileGetChar()
*/
fputs("cupsFileGetChar(): ", stdout);
for (i = 0; i < 256; i ++)
if ((byte = cupsFileGetChar(fp)) != i)
break;
if (i >= 256)
puts("PASS");
else if (byte >= 0)
{
printf("FAIL (Got %d, expected %d)\n", byte, i);
status ++;
}
else
{
printf("FAIL (%s)\n", strerror(errno));
status ++;
}
/*
* cupsFileRead()
*/
fputs("cupsFileRead(): ", stdout);
for (i = 0; i < 10000; i ++)
if ((byte = cupsFileRead(fp, (char *)readbuf, sizeof(readbuf))) < 0)
break;
else if (memcmp(readbuf, writebuf, sizeof(readbuf)))
break;
if (i >= 10000)
puts("PASS");
else if (byte > 0)
{
printf("FAIL (Pass %d, ", i);
for (i = 0; i < (int)sizeof(readbuf); i ++)
if (readbuf[i] != writebuf[i])
break;
printf("match failed at offset %d - got %02X, expected %02X)\n",
i, readbuf[i], writebuf[i]);
}
else
{
printf("FAIL (%s)\n", strerror(errno));
status ++;
}
/*
* cupsFileGetChar() with partial line...
*/
fputs("cupsFileGetChar(partial line): ", stdout);
for (i = 0; i < (int)strlen(partial_line); i ++)
if ((byte = cupsFileGetChar(fp)) < 0)
break;
else if (byte != partial_line[i])
break;
if (!partial_line[i])
puts("PASS");
else
{
printf("FAIL (got '%c', expected '%c')\n", byte, partial_line[i]);
status ++;
}
/*
* cupsFileTell()
*/
fputs("cupsFileTell(): ", stdout);
if ((length = cupsFileTell(fp)) == 81933283)
puts("PASS");
else
{
printf("FAIL (" CUPS_LLFMT " instead of 81933283)\n", CUPS_LLCAST length);
status ++;
}
/*
* cupsFileClose()
*/
fputs("cupsFileClose(): ", stdout);
if (!cupsFileClose(fp))
puts("PASS");
else
{
printf("FAIL (%s)\n", strerror(errno));
status ++;
}
}
else
{
printf("FAIL (%s)\n", strerror(errno));
status ++;
}
/*
* Remove the test file...
*/
unlink(compression ? "testfile.dat.gz" : "testfile.dat");
/*
* Return the test status...
*/
return (status);
}
static int /* O - Status */
random_tests(void)
{
int status, /* Status of tests */
pass, /* Current pass */
count, /* Number of records read */
record, /* Current record */
num_records; /* Number of records */
ssize_t pos, /* Position in file */
expected; /* Expected position in file */
cups_file_t *fp; /* File */
char buffer[512]; /* Data buffer */
/*
* Run 4 passes, each time appending to a data file and then reopening the
* file for reading to validate random records in the file.
*/
for (status = 0, pass = 0; pass < 4; pass ++)
{
/*
* cupsFileOpen(append)
*/
printf("\ncupsFileOpen(append %d): ", pass);
if ((fp = cupsFileOpen("testfile.dat", "a")) == NULL)
{
printf("FAIL (%s)\n", strerror(errno));
status ++;
break;
}
else
puts("PASS");
/*
* cupsFileTell()
*/
expected = 256 * sizeof(buffer) * pass;
fputs("cupsFileTell(): ", stdout);
if ((pos = cupsFileTell(fp)) != expected)
{
printf("FAIL (" CUPS_LLFMT " instead of " CUPS_LLFMT ")\n",
CUPS_LLCAST pos, CUPS_LLCAST expected);
status ++;
break;
}
else
puts("PASS");
/*
* cupsFileWrite()
*/
fputs("cupsFileWrite(256 512-byte records): ", stdout);
for (record = 0; record < 256; record ++)
{
memset(buffer, record, sizeof(buffer));
if (cupsFileWrite(fp, buffer, sizeof(buffer)) < sizeof(buffer))
break;
}
if (record < 256)
{
printf("FAIL (%d: %s)\n", record, strerror(errno));
status ++;
break;
}
else
puts("PASS");
/*
* cupsFileTell()
*/
expected += 256 * sizeof(buffer);
fputs("cupsFileTell(): ", stdout);
if ((pos = cupsFileTell(fp)) != expected)
{
printf("FAIL (" CUPS_LLFMT " instead of " CUPS_LLFMT ")\n",
CUPS_LLCAST pos, CUPS_LLCAST expected);
status ++;
break;
}
else
puts("PASS");
cupsFileClose(fp);
/*
* cupsFileOpen(read)
*/
printf("\ncupsFileOpen(read %d): ", pass);
if ((fp = cupsFileOpen("testfile.dat", "r")) == NULL)
{
printf("FAIL (%s)\n", strerror(errno));
status ++;
break;
}
else
puts("PASS");
/*
* cupsFileSeek, cupsFileRead
*/
fputs("cupsFileSeek(), cupsFileRead(): ", stdout);
for (num_records = (pass + 1) * 256, count = (pass + 1) * 256,
record = CUPS_RAND() % num_records;
count > 0;
count --, record = (record + (CUPS_RAND() & 31) - 16 + num_records) %
num_records)
{
/*
* The last record is always the first...
*/
if (count == 1)
record = 0;
/*
* Try reading the data for the specified record, and validate the
* contents...
*/
expected = sizeof(buffer) * record;
if ((pos = cupsFileSeek(fp, expected)) != expected)
{
printf("FAIL (" CUPS_LLFMT " instead of " CUPS_LLFMT ")\n",
CUPS_LLCAST pos, CUPS_LLCAST expected);
status ++;
break;
}
else
{
if (cupsFileRead(fp, buffer, sizeof(buffer)) != sizeof(buffer))
{
printf("FAIL (%s)\n", strerror(errno));
status ++;
break;
}
else if ((buffer[0] & 255) != (record & 255) ||
memcmp(buffer, buffer + 1, sizeof(buffer) - 1))
{
printf("FAIL (Bad Data - %d instead of %d)\n", buffer[0] & 255,
record & 255);
status ++;
break;
}
}
}
if (count == 0)
puts("PASS");
cupsFileClose(fp);
}
/*
* Remove the test file...
*/
unlink("testfile.dat");
/*
* Return the test status...
*/
return (status);
}
static void
backend_init_supplies(
int snmp_fd, /* I - SNMP socket */
http_addr_t *addr) /* I - Printer address */
{
int i, /* Looping var */
type; /* Current marker type */
cups_file_t *cachefile; /* Cache file */
const char *cachedir; /* CUPS_CACHEDIR value */
char addrstr[1024], /* Address string */
cachefilename[1024], /* Cache filename */
description[CUPS_SNMP_MAX_STRING],
/* Device description string */
value[CUPS_MAX_SUPPLIES * (CUPS_SNMP_MAX_STRING * 4 + 3)],
/* Value string */
*ptr, /* Pointer into value string */
*name_ptr; /* Pointer into name string */
cups_snmp_t packet; /* SNMP response packet */
ppd_file_t *ppd; /* PPD file for this queue */
ppd_attr_t *ppdattr; /* cupsSNMPSupplies attribute */
static const char * const types[] = /* Supply types */
{
"other",
"unknown",
"toner",
"waste-toner",
"ink",
"ink-cartridge",
"ink-ribbon",
"waste-ink",
"opc",
"developer",
"fuser-oil",
"solid-wax",
"ribbon-wax",
"waste-wax",
"fuser",
"corona-wire",
"fuser-oil-wick",
"cleaner-unit",
"fuser-cleaning-pad",
"transfer-unit",
"toner-cartridge",
"fuser-oiler",
"water",
"waste-water",
"glue-water-additive",
"waste-paper",
"binding-supply",
"banding-supply",
"stitching-wire",
"shrink-wrap",
"paper-wrap",
"staples",
"inserts",
"covers"
};
/*
* Reset state information...
*/
current_addr = *addr;
current_state = -1;
num_supplies = -1;
charset = -1;
memset(supplies, 0, sizeof(supplies));
/*
* See if we should be getting supply levels via SNMP...
*/
if ((ppd = ppdOpenFile(getenv("PPD"))) == NULL ||
((ppdattr = ppdFindAttr(ppd, "cupsSNMPSupplies", NULL)) != NULL &&
ppdattr->value && _cups_strcasecmp(ppdattr->value, "true")))
{
ppdClose(ppd);
return;
}
if ((ppdattr = ppdFindAttr(ppd, "cupsSNMPQuirks", NULL)) != NULL)
{
if (!_cups_strcasecmp(ppdattr->value, "capacity"))
quirks |= CUPS_SNMP_CAPACITY;
}
ppdClose(ppd);
/*
* Get the device description...
*/
if (!_cupsSNMPWrite(snmp_fd, addr, CUPS_SNMP_VERSION_1,
_cupsSNMPDefaultCommunity(), CUPS_ASN1_GET_REQUEST, 1,
hrDeviceDescr))
return;
if (!_cupsSNMPRead(snmp_fd, &packet, CUPS_SUPPLY_TIMEOUT) ||
packet.object_type != CUPS_ASN1_OCTET_STRING)
{
strlcpy(description, "Unknown", sizeof(description));
num_supplies = 0;
}
else
strlcpy(description, (char *)packet.object_value.string.bytes,
sizeof(description));
fprintf(stderr, "DEBUG2: hrDeviceDesc=\"%s\"\n", description);
/*
* See if we have already queried this device...
*/
httpAddrString(addr, addrstr, sizeof(addrstr));
if ((cachedir = getenv("CUPS_CACHEDIR")) == NULL)
cachedir = CUPS_CACHEDIR;
snprintf(cachefilename, sizeof(cachefilename), "%s/%s.snmp", cachedir,
addrstr);
if ((cachefile = cupsFileOpen(cachefilename, "r")) != NULL)
{
/*
* Yes, read the cache file:
*
* 3 num_supplies charset
* device description
* supply structures...
*/
if (cupsFileGets(cachefile, value, sizeof(value)))
{
if (sscanf(value, "3 %d%d", &num_supplies, &charset) == 2 &&
num_supplies <= CUPS_MAX_SUPPLIES &&
cupsFileGets(cachefile, value, sizeof(value)))
{
if (!strcmp(description, value))
cupsFileRead(cachefile, (char *)supplies,
(size_t)num_supplies * sizeof(backend_supplies_t));
else
{
num_supplies = -1;
charset = -1;
}
}
else
{
num_supplies = -1;
charset = -1;
}
}
cupsFileClose(cachefile);
}
/*
* If the cache information isn't correct, scan for supplies...
*/
if (charset < 0)
{
/*
* Get the configured character set...
*/
int oid[CUPS_SNMP_MAX_OID]; /* OID for character set */
if (!_cupsSNMPWrite(snmp_fd, ¤t_addr, CUPS_SNMP_VERSION_1,
_cupsSNMPDefaultCommunity(), CUPS_ASN1_GET_REQUEST, 1,
prtGeneralCurrentLocalization))
return;
if (!_cupsSNMPRead(snmp_fd, &packet, CUPS_SUPPLY_TIMEOUT) ||
packet.object_type != CUPS_ASN1_INTEGER)
{
fprintf(stderr,
"DEBUG: prtGeneralCurrentLocalization type is %x, expected %x!\n",
packet.object_type, CUPS_ASN1_INTEGER);
return;
}
fprintf(stderr, "DEBUG2: prtGeneralCurrentLocalization=%d\n",
packet.object_value.integer);
_cupsSNMPCopyOID(oid, prtLocalizationCharacterSet, CUPS_SNMP_MAX_OID);
oid[prtLocalizationCharacterSetOffset - 2] = packet.object_value.integer;
if (!_cupsSNMPWrite(snmp_fd, ¤t_addr, CUPS_SNMP_VERSION_1,
_cupsSNMPDefaultCommunity(), CUPS_ASN1_GET_REQUEST, 1,
oid))
return;
if (!_cupsSNMPRead(snmp_fd, &packet, CUPS_SUPPLY_TIMEOUT) ||
packet.object_type != CUPS_ASN1_INTEGER)
{
fprintf(stderr,
"DEBUG: prtLocalizationCharacterSet type is %x, expected %x!\n",
packet.object_type, CUPS_ASN1_INTEGER);
return;
}
fprintf(stderr, "DEBUG2: prtLocalizationCharacterSet=%d\n",
packet.object_value.integer);
charset = packet.object_value.integer;
}
if (num_supplies < 0)
{
/*
* Walk the printer configuration information...
*/
_cupsSNMPWalk(snmp_fd, ¤t_addr, CUPS_SNMP_VERSION_1,
_cupsSNMPDefaultCommunity(), prtMarkerSuppliesEntry,
CUPS_SUPPLY_TIMEOUT, backend_walk_cb, NULL);
}
/*
* Save the cached information...
*/
if (num_supplies < 0)
num_supplies = 0;
if ((cachefile = cupsFileOpen(cachefilename, "w")) != NULL)
{
cupsFilePrintf(cachefile, "3 %d %d\n", num_supplies, charset);
cupsFilePrintf(cachefile, "%s\n", description);
if (num_supplies > 0)
cupsFileWrite(cachefile, (char *)supplies,
(size_t)num_supplies * sizeof(backend_supplies_t));
cupsFileClose(cachefile);
}
if (num_supplies <= 0)
return;
/*
* Get the colors...
*/
for (i = 0; i < num_supplies; i ++)
strlcpy(supplies[i].color, "none", sizeof(supplies[i].color));
_cupsSNMPWalk(snmp_fd, ¤t_addr, CUPS_SNMP_VERSION_1,
_cupsSNMPDefaultCommunity(), prtMarkerColorantValue,
CUPS_SUPPLY_TIMEOUT, backend_walk_cb, NULL);
/*
* Output the marker-colors attribute...
*/
for (i = 0, ptr = value; i < num_supplies; i ++, ptr += strlen(ptr))
{
if (i)
*ptr++ = ',';
strlcpy(ptr, supplies[i].color, sizeof(value) - (size_t)(ptr - value));
}
fprintf(stderr, "ATTR: marker-colors=%s\n", value);
/*
* Output the marker-names attribute (the double quoting is necessary to deal
* with embedded quotes and commas in the marker names...)
*/
for (i = 0, ptr = value; i < num_supplies; i ++)
{
if (i)
*ptr++ = ',';
*ptr++ = '\'';
*ptr++ = '\"';
for (name_ptr = supplies[i].name; *name_ptr;)
{
if (*name_ptr == '\\' || *name_ptr == '\"' || *name_ptr == '\'')
{
*ptr++ = '\\';
*ptr++ = '\\';
*ptr++ = '\\';
}
*ptr++ = *name_ptr++;
}
*ptr++ = '\"';
*ptr++ = '\'';
}
*ptr = '\0';
fprintf(stderr, "ATTR: marker-names=%s\n", value);
/*
* Output the marker-types attribute...
*/
for (i = 0, ptr = value; i < num_supplies; i ++, ptr += strlen(ptr))
{
if (i)
*ptr++ = ',';
type = supplies[i].type;
if (type < CUPS_TC_other || type > CUPS_TC_covers)
strlcpy(ptr, "unknown", sizeof(value) - (size_t)(ptr - value));
else
strlcpy(ptr, types[type - CUPS_TC_other], sizeof(value) - (size_t)(ptr - value));
}
fprintf(stderr, "ATTR: marker-types=%s\n", value);
}
static int /* O - 1 on success, 0 on failure */
make_certificate(cupsd_client_t *con) /* I - Client connection */
{
gnutls_x509_crt crt; /* Self-signed certificate */
gnutls_x509_privkey key; /* Encryption key */
cups_lang_t *language; /* Default language info */
cups_file_t *fp; /* Key/cert file */
unsigned char buffer[8192]; /* Buffer for x509 data */
size_t bytes; /* Number of bytes of data */
unsigned char serial[4]; /* Serial number buffer */
time_t curtime; /* Current time */
int result; /* Result of GNU TLS calls */
/*
* Create the encryption key...
*/
cupsdLogMessage(CUPSD_LOG_INFO, "Generating SSL server key...");
gnutls_x509_privkey_init(&key);
gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, 2048, 0);
/*
* Save it...
*/
bytes = sizeof(buffer);
if ((result = gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM,
buffer, &bytes)) < 0)
{
cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to export SSL server key - %s",
gnutls_strerror(result));
gnutls_x509_privkey_deinit(key);
return (0);
}
else if ((fp = cupsFileOpen(ServerKey, "w")) != NULL)
{
cupsFileWrite(fp, (char *)buffer, bytes);
cupsFileClose(fp);
cupsdLogMessage(CUPSD_LOG_INFO, "Created SSL server key file \"%s\"...",
ServerKey);
}
else
{
cupsdLogMessage(CUPSD_LOG_ERROR,
"Unable to create SSL server key file \"%s\" - %s",
ServerKey, strerror(errno));
gnutls_x509_privkey_deinit(key);
return (0);
}
/*
* Create the self-signed certificate...
*/
cupsdLogMessage(CUPSD_LOG_INFO, "Generating self-signed SSL certificate...");
language = cupsLangDefault();
curtime = time(NULL);
serial[0] = curtime >> 24;
serial[1] = curtime >> 16;
serial[2] = curtime >> 8;
serial[3] = curtime;
gnutls_x509_crt_init(&crt);
if (strlen(language->language) == 5)
gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COUNTRY_NAME, 0,
language->language + 3, 2);
else
gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COUNTRY_NAME, 0,
"US", 2);
gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COMMON_NAME, 0,
ServerName, strlen(ServerName));
gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_ORGANIZATION_NAME, 0,
ServerName, strlen(ServerName));
gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
0, "Unknown", 7);
gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0,
"Unknown", 7);
gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_LOCALITY_NAME, 0,
"Unknown", 7);
gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_PKCS9_EMAIL, 0,
ServerAdmin, strlen(ServerAdmin));
gnutls_x509_crt_set_key(crt, key);
gnutls_x509_crt_set_serial(crt, serial, sizeof(serial));
gnutls_x509_crt_set_activation_time(crt, curtime);
gnutls_x509_crt_set_expiration_time(crt, curtime + 10 * 365 * 86400);
gnutls_x509_crt_set_ca_status(crt, 0);
gnutls_x509_crt_set_subject_alternative_name(crt, GNUTLS_SAN_DNSNAME,
ServerName);
gnutls_x509_crt_set_key_purpose_oid(crt, GNUTLS_KP_TLS_WWW_SERVER, 0);
gnutls_x509_crt_set_key_usage(crt, GNUTLS_KEY_KEY_ENCIPHERMENT);
gnutls_x509_crt_set_version(crt, 3);
bytes = sizeof(buffer);
if (gnutls_x509_crt_get_key_id(crt, 0, buffer, &bytes) >= 0)
gnutls_x509_crt_set_subject_key_id(crt, buffer, bytes);
gnutls_x509_crt_sign(crt, crt, key);
/*
* Save it...
*/
bytes = sizeof(buffer);
if ((result = gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM,
buffer, &bytes)) < 0)
cupsdLogMessage(CUPSD_LOG_ERROR,
"Unable to export SSL server certificate - %s",
gnutls_strerror(result));
else if ((fp = cupsFileOpen(ServerCertificate, "w")) != NULL)
{
cupsFileWrite(fp, (char *)buffer, bytes);
cupsFileClose(fp);
cupsdLogMessage(CUPSD_LOG_INFO,
"Created SSL server certificate file \"%s\"...",
ServerCertificate);
}
else
cupsdLogMessage(CUPSD_LOG_ERROR,
"Unable to create SSL server certificate file \"%s\" - %s",
ServerCertificate, strerror(errno));
/*
* Cleanup...
*/
gnutls_x509_crt_deinit(crt);
gnutls_x509_privkey_deinit(key);
return (1);
}
int /* O - 1 on success, 0 on failure */
cupsMakeServerCredentials(
const char *path, /* I - Path to keychain/directory */
const char *common_name, /* I - Common name */
int num_alt_names, /* I - Number of subject alternate names */
const char **alt_names, /* I - Subject Alternate Names */
time_t expiration_date) /* I - Expiration date */
{
gnutls_x509_crt_t crt; /* Self-signed certificate */
gnutls_x509_privkey_t key; /* Encryption private key */
char temp[1024], /* Temporary directory name */
crtfile[1024], /* Certificate filename */
keyfile[1024]; /* Private key filename */
cups_lang_t *language; /* Default language info */
cups_file_t *fp; /* Key/cert file */
unsigned char buffer[8192]; /* Buffer for x509 data */
size_t bytes; /* Number of bytes of data */
unsigned char serial[4]; /* Serial number buffer */
time_t curtime; /* Current time */
int result; /* Result of GNU TLS calls */
DEBUG_printf(("cupsMakeServerCredentials(path=\"%s\", common_name=\"%s\", num_alt_names=%d, alt_names=%p, expiration_date=%d)", path, common_name, num_alt_names, alt_names, (int)expiration_date));
/*
* Filenames...
*/
if (!path)
path = http_gnutls_default_path(temp, sizeof(temp));
if (!path || !common_name)
{
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(EINVAL), 0);
return (0);
}
http_gnutls_make_path(crtfile, sizeof(crtfile), path, common_name, "crt");
http_gnutls_make_path(keyfile, sizeof(keyfile), path, common_name, "key");
/*
* Create the encryption key...
*/
DEBUG_puts("1cupsMakeServerCredentials: Creating key pair.");
gnutls_x509_privkey_init(&key);
gnutls_x509_privkey_generate(key, GNUTLS_PK_RSA, 2048, 0);
DEBUG_puts("1cupsMakeServerCredentials: Key pair created.");
/*
* Save it...
*/
bytes = sizeof(buffer);
if ((result = gnutls_x509_privkey_export(key, GNUTLS_X509_FMT_PEM, buffer, &bytes)) < 0)
{
DEBUG_printf(("1cupsMakeServerCredentials: Unable to export private key: %s", gnutls_strerror(result)));
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, gnutls_strerror(result), 0);
gnutls_x509_privkey_deinit(key);
return (0);
}
else if ((fp = cupsFileOpen(keyfile, "w")) != NULL)
{
DEBUG_printf(("1cupsMakeServerCredentials: Writing private key to \"%s\".", keyfile));
cupsFileWrite(fp, (char *)buffer, bytes);
cupsFileClose(fp);
}
else
{
DEBUG_printf(("1cupsMakeServerCredentials: Unable to create private key file \"%s\": %s", keyfile, strerror(errno)));
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(errno), 0);
gnutls_x509_privkey_deinit(key);
return (0);
}
/*
* Create the self-signed certificate...
*/
DEBUG_puts("1cupsMakeServerCredentials: Generating self-signed X.509 certificate.");
language = cupsLangDefault();
curtime = time(NULL);
serial[0] = curtime >> 24;
serial[1] = curtime >> 16;
serial[2] = curtime >> 8;
serial[3] = curtime;
gnutls_x509_crt_init(&crt);
if (strlen(language->language) == 5)
gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COUNTRY_NAME, 0,
language->language + 3, 2);
else
gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COUNTRY_NAME, 0,
"US", 2);
gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_COMMON_NAME, 0,
common_name, strlen(common_name));
gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_ORGANIZATION_NAME, 0,
common_name, strlen(common_name));
gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME,
0, "Unknown", 7);
gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0,
"Unknown", 7);
gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_X520_LOCALITY_NAME, 0,
"Unknown", 7);
/* gnutls_x509_crt_set_dn_by_oid(crt, GNUTLS_OID_PKCS9_EMAIL, 0,
ServerAdmin, strlen(ServerAdmin));*/
gnutls_x509_crt_set_key(crt, key);
gnutls_x509_crt_set_serial(crt, serial, sizeof(serial));
gnutls_x509_crt_set_activation_time(crt, curtime);
gnutls_x509_crt_set_expiration_time(crt, curtime + 10 * 365 * 86400);
gnutls_x509_crt_set_ca_status(crt, 0);
if (num_alt_names > 0)
gnutls_x509_crt_set_subject_alternative_name(crt, GNUTLS_SAN_DNSNAME, alt_names[0]);
gnutls_x509_crt_set_key_purpose_oid(crt, GNUTLS_KP_TLS_WWW_SERVER, 0);
gnutls_x509_crt_set_key_usage(crt, GNUTLS_KEY_KEY_ENCIPHERMENT);
gnutls_x509_crt_set_version(crt, 3);
bytes = sizeof(buffer);
if (gnutls_x509_crt_get_key_id(crt, 0, buffer, &bytes) >= 0)
gnutls_x509_crt_set_subject_key_id(crt, buffer, bytes);
gnutls_x509_crt_sign(crt, crt, key);
/*
* Save it...
*/
bytes = sizeof(buffer);
if ((result = gnutls_x509_crt_export(crt, GNUTLS_X509_FMT_PEM, buffer, &bytes)) < 0)
{
DEBUG_printf(("1cupsMakeServerCredentials: Unable to export public key and X.509 certificate: %s", gnutls_strerror(result)));
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, gnutls_strerror(result), 0);
gnutls_x509_crt_deinit(crt);
gnutls_x509_privkey_deinit(key);
return (0);
}
else if ((fp = cupsFileOpen(crtfile, "w")) != NULL)
{
DEBUG_printf(("1cupsMakeServerCredentials: Writing public key and X.509 certificate to \"%s\".", crtfile));
cupsFileWrite(fp, (char *)buffer, bytes);
cupsFileClose(fp);
}
else
{
DEBUG_printf(("1cupsMakeServerCredentials: Unable to create public key and X.509 certificate file \"%s\": %s", crtfile, strerror(errno)));
_cupsSetError(IPP_STATUS_ERROR_INTERNAL, strerror(errno), 0);
gnutls_x509_crt_deinit(crt);
gnutls_x509_privkey_deinit(key);
return (0);
}
/*
* Cleanup...
*/
gnutls_x509_crt_deinit(crt);
gnutls_x509_privkey_deinit(key);
DEBUG_puts("1cupsMakeServerCredentials: Successfully created credentials.");
return (1);
}
