|
Lines 35-40
Link Here
|
| 35 |
* cancel_all_jobs() - Cancel all or selected print jobs. |
35 |
* cancel_all_jobs() - Cancel all or selected print jobs. |
| 36 |
* cancel_job() - Cancel a print job. |
36 |
* cancel_job() - Cancel a print job. |
| 37 |
* cancel_subscription() - Cancel a subscription. |
37 |
* cancel_subscription() - Cancel a subscription. |
|
|
38 |
* check_context() - Check the SELinux context for a user and job |
| 38 |
* check_rss_recipient() - Check that we do not have a duplicate RSS |
39 |
* check_rss_recipient() - Check that we do not have a duplicate RSS |
| 39 |
* feed URI. |
40 |
* feed URI. |
| 40 |
* check_quotas() - Check quotas for a printer and user. |
41 |
* check_quotas() - Check quotas for a printer and user. |
|
Lines 99-104
Link Here
|
| 99 |
* validate_user() - Validate the user for the request. |
100 |
* validate_user() - Validate the user for the request. |
| 100 |
*/ |
101 |
*/ |
| 101 |
|
102 |
|
|
|
103 |
/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */ |
| 104 |
/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */ |
| 105 |
|
| 102 |
/* |
106 |
/* |
| 103 |
* Include necessary headers... |
107 |
* Include necessary headers... |
| 104 |
*/ |
108 |
*/ |
|
Lines 122-127
extern int mbr_check_membership_by_id(uu
Link Here
|
| 122 |
# endif /* HAVE_MEMBERSHIPPRIV_H */ |
126 |
# endif /* HAVE_MEMBERSHIPPRIV_H */ |
| 123 |
#endif /* __APPLE__ */ |
127 |
#endif /* __APPLE__ */ |
| 124 |
|
128 |
|
|
|
129 |
#ifdef WITH_LSPP |
| 130 |
#include <libaudit.h> |
| 131 |
#include <selinux/selinux.h> |
| 132 |
#include <selinux/context.h> |
| 133 |
#include <selinux/avc.h> |
| 134 |
#include <selinux/flask.h> |
| 135 |
#include <selinux/av_permissions.h> |
| 136 |
#endif /* WITH_LSPP */ |
| 125 |
|
137 |
|
| 126 |
/* |
138 |
/* |
| 127 |
* Local functions... |
139 |
* Local functions... |
|
Lines 146-151
static void cancel_all_jobs(cupsd_client
Link Here
|
| 146 |
static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri); |
158 |
static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri); |
| 147 |
static void cancel_subscription(cupsd_client_t *con, int id); |
159 |
static void cancel_subscription(cupsd_client_t *con, int id); |
| 148 |
static int check_rss_recipient(const char *recipient); |
160 |
static int check_rss_recipient(const char *recipient); |
|
|
161 |
#ifdef WITH_LSPP |
| 162 |
static int check_context(cupsd_client_t *con, cupsd_job_t *job); |
| 163 |
#endif /* WITH_LSPP */ |
| 149 |
static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p); |
164 |
static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p); |
| 150 |
static void close_job(cupsd_client_t *con, ipp_attribute_t *uri); |
165 |
static void close_job(cupsd_client_t *con, ipp_attribute_t *uri); |
| 151 |
static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra, |
166 |
static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra, |
|
Lines 1300-1305
add_job(cupsd_client_t *con, /* I - Cl
Link Here
|
| 1300 |
"time-at-creation", |
1315 |
"time-at-creation", |
| 1301 |
"time-at-processing" |
1316 |
"time-at-processing" |
| 1302 |
}; |
1317 |
}; |
|
|
1318 |
#ifdef WITH_LSPP |
| 1319 |
char *audit_message; /* Audit message string */ |
| 1320 |
char *printerfile; /* device file pointed to by the printer */ |
| 1321 |
char *userheader = NULL; /* User supplied job-sheets[0] */ |
| 1322 |
char *userfooter = NULL; /* User supplied job-sheets[1] */ |
| 1323 |
int override = 0; /* Was a banner overrode on a job */ |
| 1324 |
security_id_t clisid; /* SELinux SID for the client */ |
| 1325 |
security_id_t psid; /* SELinux SID for the printer */ |
| 1326 |
context_t printercon; /* Printer's context string */ |
| 1327 |
struct stat printerstat; /* Printer's stat buffer */ |
| 1328 |
security_context_t devcon; /* Printer's SELinux context */ |
| 1329 |
struct avc_entry_ref avcref; /* Pointer to the access vector cache */ |
| 1330 |
security_class_t tclass; /* Object class for the SELinux check */ |
| 1331 |
access_vector_t avr; /* Access method being requested */ |
| 1332 |
#endif /* WITH_LSPP */ |
| 1303 |
|
1333 |
|
| 1304 |
|
1334 |
|
| 1305 |
cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))", |
1335 |
cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))", |
|
Lines 1640-1645
add_job(cupsd_client_t *con, /* I - Cl
Link Here
|
| 1640 |
} |
1670 |
} |
| 1641 |
} |
1671 |
} |
| 1642 |
|
1672 |
|
|
|
1673 |
#ifdef WITH_LSPP |
| 1674 |
if (is_lspp_config()) |
| 1675 |
{ |
| 1676 |
if (!con->scon || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0) |
| 1677 |
{ |
| 1678 |
cupsdLogMessage(CUPSD_LOG_ERROR, "add_job: missing classification for connection \'%s\'!", printer->name); |
| 1679 |
send_ipp_status(con, IPP_INTERNAL_ERROR, _("Missing required security attributes.")); |
| 1680 |
return (NULL); |
| 1681 |
} |
| 1682 |
|
| 1683 |
/* |
| 1684 |
* Perform an access check so that if the user gets feedback at enqueue time |
| 1685 |
*/ |
| 1686 |
|
| 1687 |
printerfile = strstr(printer->device_uri, "/dev/"); |
| 1688 |
if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0)) |
| 1689 |
printerfile = printer->device_uri + strlen("file:"); |
| 1690 |
|
| 1691 |
if (printerfile != NULL) |
| 1692 |
{ |
| 1693 |
cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: Attempting an access check on printer device %s", |
| 1694 |
printerfile); |
| 1695 |
|
| 1696 |
if (lstat(printerfile, &printerstat) < 0) |
| 1697 |
{ |
| 1698 |
if (errno != ENOENT) |
| 1699 |
{ |
| 1700 |
send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to stat the printer")); |
| 1701 |
return (NULL); |
| 1702 |
} |
| 1703 |
/* |
| 1704 |
* The printer does not exist, so for now assume it's a FileDevice |
| 1705 |
*/ |
| 1706 |
tclass = SECCLASS_FILE; |
| 1707 |
avr = FILE__WRITE; |
| 1708 |
} |
| 1709 |
else if (S_ISCHR(printerstat.st_mode)) |
| 1710 |
{ |
| 1711 |
tclass = SECCLASS_CHR_FILE; |
| 1712 |
avr = CHR_FILE__WRITE; |
| 1713 |
} |
| 1714 |
else if (S_ISREG(printerstat.st_mode)) |
| 1715 |
{ |
| 1716 |
tclass = SECCLASS_FILE; |
| 1717 |
avr = FILE__WRITE; |
| 1718 |
} |
| 1719 |
else |
| 1720 |
{ |
| 1721 |
send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Printer is not a character device or regular file")); |
| 1722 |
return (NULL); |
| 1723 |
} |
| 1724 |
static avc_initialized = 0; |
| 1725 |
if (!avc_initialized++) |
| 1726 |
avc_init("cupsd_enqueue_", NULL, NULL, NULL, NULL); |
| 1727 |
avc_entry_ref_init(&avcref); |
| 1728 |
if (avc_context_to_sid(con->scon, &clisid) != 0) |
| 1729 |
{ |
| 1730 |
send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the client")); |
| 1731 |
return (NULL); |
| 1732 |
} |
| 1733 |
if (getfilecon(printerfile, &devcon) == -1) |
| 1734 |
{ |
| 1735 |
send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux context of the printer")); |
| 1736 |
return (NULL); |
| 1737 |
} |
| 1738 |
printercon = context_new(devcon); |
| 1739 |
cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: printer context %s client context %s", |
| 1740 |
context_str(printercon), con->scon); |
| 1741 |
context_free(printercon); |
| 1742 |
|
| 1743 |
if (avc_context_to_sid(devcon, &psid) != 0) |
| 1744 |
{ |
| 1745 |
send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the printer")); |
| 1746 |
freecon(devcon); |
| 1747 |
return (NULL); |
| 1748 |
} |
| 1749 |
freecon(devcon); |
| 1750 |
if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0) |
| 1751 |
{ |
| 1752 |
/* |
| 1753 |
* The access check failed, so cancel the job and send an audit message |
| 1754 |
*/ |
| 1755 |
if (AuditLog != -1) |
| 1756 |
{ |
| 1757 |
audit_message = NULL; |
| 1758 |
cupsdSetStringf(&audit_message, "job=? auid=%u acct=%s obj=%s refused" |
| 1759 |
" unable to access printer=%s", con->auid, |
| 1760 |
con->username, con->scon, printer->name); |
| 1761 |
audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message, |
| 1762 |
ServerName, NULL, NULL, 0); |
| 1763 |
cupsdClearString(&audit_message); |
| 1764 |
} |
| 1765 |
|
| 1766 |
send_ipp_status(con, IPP_NOT_AUTHORIZED, _("SELinux prohibits access to the printer")); |
| 1767 |
return (NULL); |
| 1768 |
} |
| 1769 |
} |
| 1770 |
} |
| 1771 |
#endif /* WITH_LSPP */ |
| 1772 |
|
| 1643 |
if ((job = cupsdAddJob(priority, printer->name)) == NULL) |
1773 |
if ((job = cupsdAddJob(priority, printer->name)) == NULL) |
| 1644 |
{ |
1774 |
{ |
| 1645 |
send_ipp_status(con, IPP_INTERNAL_ERROR, |
1775 |
send_ipp_status(con, IPP_INTERNAL_ERROR, |
|
Lines 1648-1653
add_job(cupsd_client_t *con, /* I - Cl
Link Here
|
| 1648 |
return (NULL); |
1778 |
return (NULL); |
| 1649 |
} |
1779 |
} |
| 1650 |
|
1780 |
|
|
|
1781 |
#ifdef WITH_LSPP |
| 1782 |
if (is_lspp_config()) |
| 1783 |
{ |
| 1784 |
/* |
| 1785 |
* duplicate the security context and auid of the connection into the job structure |
| 1786 |
*/ |
| 1787 |
job->scon = strdup(con->scon); |
| 1788 |
job->auid = con->auid; |
| 1789 |
|
| 1790 |
/* |
| 1791 |
* add the security context to the request so that on a restart the security |
| 1792 |
* attributes will be able to be restored |
| 1793 |
*/ |
| 1794 |
ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "security-context", |
| 1795 |
NULL, job->scon); |
| 1796 |
} |
| 1797 |
else |
| 1798 |
{ |
| 1799 |
/* |
| 1800 |
* Fill in the security context of the job as unlabeled |
| 1801 |
*/ |
| 1802 |
cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: setting context of job to %s", UNKNOWN_SL); |
| 1803 |
cupsdSetString(&job->scon, UNKNOWN_SL); |
| 1804 |
} |
| 1805 |
#endif /* WITH_LSPP */ |
| 1806 |
|
| 1651 |
job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE); |
1807 |
job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE); |
| 1652 |
job->attrs = con->request; |
1808 |
job->attrs = con->request; |
| 1653 |
job->dirty = 1; |
1809 |
job->dirty = 1; |
|
Lines 1857-1862
add_job(cupsd_client_t *con, /* I - Cl
Link Here
|
| 1857 |
attr->values[0].string.text = _cupsStrRetain(printer->job_sheets[0]); |
2013 |
attr->values[0].string.text = _cupsStrRetain(printer->job_sheets[0]); |
| 1858 |
attr->values[1].string.text = _cupsStrRetain(printer->job_sheets[1]); |
2014 |
attr->values[1].string.text = _cupsStrRetain(printer->job_sheets[1]); |
| 1859 |
} |
2015 |
} |
|
|
2016 |
#ifdef WITH_LSPP |
| 2017 |
else |
| 2018 |
{ |
| 2019 |
/* |
| 2020 |
* The option was present, so capture the user supplied strings |
| 2021 |
*/ |
| 2022 |
userheader = strdup(attr->values[0].string.text); |
| 2023 |
|
| 2024 |
if (attr->num_values > 1) |
| 2025 |
userfooter = strdup(attr->values[1].string.text); |
| 2026 |
|
| 2027 |
if (Classification != NULL && (strcmp(userheader, Classification) == 0) |
| 2028 |
&& userfooter &&(strcmp(userfooter, Classification) == 0)) |
| 2029 |
{ |
| 2030 |
/* |
| 2031 |
* Since both values are Classification, the user is not trying to Override |
| 2032 |
*/ |
| 2033 |
free(userheader); |
| 2034 |
if (userfooter) free(userfooter); |
| 2035 |
userheader = userfooter = NULL; |
| 2036 |
} |
| 2037 |
} |
| 2038 |
#endif /* WITH_LSPP */ |
| 1860 |
|
2039 |
|
| 1861 |
job->job_sheets = attr; |
2040 |
job->job_sheets = attr; |
| 1862 |
|
2041 |
|
|
Lines 1887-1892
add_job(cupsd_client_t *con, /* I - Cl
Link Here
|
| 1887 |
"job-sheets=\"%s,none\", " |
2066 |
"job-sheets=\"%s,none\", " |
| 1888 |
"job-originating-user-name=\"%s\"", |
2067 |
"job-originating-user-name=\"%s\"", |
| 1889 |
Classification, job->username); |
2068 |
Classification, job->username); |
|
|
2069 |
#ifdef WITH_LSPP |
| 2070 |
override = 1; |
| 2071 |
#endif /* WITH_LSPP */ |
| 1890 |
} |
2072 |
} |
| 1891 |
else if (attr->num_values == 2 && |
2073 |
else if (attr->num_values == 2 && |
| 1892 |
strcmp(attr->values[0].string.text, |
2074 |
strcmp(attr->values[0].string.text, |
|
Lines 1905-1910
add_job(cupsd_client_t *con, /* I - Cl
Link Here
|
| 1905 |
"job-originating-user-name=\"%s\"", |
2087 |
"job-originating-user-name=\"%s\"", |
| 1906 |
attr->values[0].string.text, |
2088 |
attr->values[0].string.text, |
| 1907 |
attr->values[1].string.text, job->username); |
2089 |
attr->values[1].string.text, job->username); |
|
|
2090 |
#ifdef WITH_LSPP |
| 2091 |
override = 1; |
| 2092 |
#endif /* WITH_LSPP */ |
| 1908 |
} |
2093 |
} |
| 1909 |
else if (strcmp(attr->values[0].string.text, Classification) && |
2094 |
else if (strcmp(attr->values[0].string.text, Classification) && |
| 1910 |
strcmp(attr->values[0].string.text, "none") && |
2095 |
strcmp(attr->values[0].string.text, "none") && |
|
Lines 1925-1930
add_job(cupsd_client_t *con, /* I - Cl
Link Here
|
| 1925 |
"job-originating-user-name=\"%s\"", |
2110 |
"job-originating-user-name=\"%s\"", |
| 1926 |
attr->values[0].string.text, |
2111 |
attr->values[0].string.text, |
| 1927 |
attr->values[1].string.text, job->username); |
2112 |
attr->values[1].string.text, job->username); |
|
|
2113 |
#ifdef WITH_LSPP |
| 2114 |
override = 1; |
| 2115 |
#endif /* WITH_LSPP */ |
| 1928 |
} |
2116 |
} |
| 1929 |
} |
2117 |
} |
| 1930 |
else if (strcmp(attr->values[0].string.text, Classification) && |
2118 |
else if (strcmp(attr->values[0].string.text, Classification) && |
|
Lines 1965-1972
add_job(cupsd_client_t *con, /* I - Cl
Link Here
|
| 1965 |
"job-sheets=\"%s\", " |
2153 |
"job-sheets=\"%s\", " |
| 1966 |
"job-originating-user-name=\"%s\"", |
2154 |
"job-originating-user-name=\"%s\"", |
| 1967 |
Classification, job->username); |
2155 |
Classification, job->username); |
|
|
2156 |
#ifdef WITH_LSPP |
| 2157 |
override = 1; |
| 2158 |
#endif /* WITH_LSPP */ |
| 2159 |
} |
| 2160 |
#ifdef WITH_LSPP |
| 2161 |
if (is_lspp_config() && AuditLog != -1) |
| 2162 |
{ |
| 2163 |
audit_message = NULL; |
| 2164 |
|
| 2165 |
if (userheader || userfooter) |
| 2166 |
{ |
| 2167 |
if (!override) |
| 2168 |
{ |
| 2169 |
/* |
| 2170 |
* The user overrode the banner, so audit it |
| 2171 |
*/ |
| 2172 |
cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s" |
| 2173 |
" using banners=%s,%s", job->id, userheader, |
| 2174 |
userfooter, attr->values[0].string.text, |
| 2175 |
(attr->num_values > 1) ? attr->values[1].string.text : "(null)"); |
| 2176 |
audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message, |
| 2177 |
ServerName, NULL, NULL, 1); |
| 2178 |
} |
| 2179 |
else |
| 2180 |
{ |
| 2181 |
/* |
| 2182 |
* The user tried to override the banner, audit the failure |
| 2183 |
*/ |
| 2184 |
cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s" |
| 2185 |
" ignored banners=%s,%s", job->id, userheader, |
| 2186 |
userfooter, attr->values[0].string.text, |
| 2187 |
(attr->num_values > 1) ? attr->values[1].string.text : "(null)"); |
| 2188 |
audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message, |
| 2189 |
ServerName, NULL, NULL, 0); |
| 2190 |
} |
| 2191 |
cupsdClearString(&audit_message); |
| 2192 |
} |
| 1968 |
} |
2193 |
} |
|
|
2194 |
|
| 2195 |
if (userheader) |
| 2196 |
free(userheader); |
| 2197 |
if (userfooter) |
| 2198 |
free(userfooter); |
| 2199 |
#endif /* WITH_LSPP */ |
| 1969 |
} |
2200 |
} |
|
|
2201 |
|
| 1970 |
|
2202 |
|
| 1971 |
/* |
2203 |
/* |
| 1972 |
* See if we need to add the starting sheet... |
2204 |
* See if we need to add the starting sheet... |
|
Lines 3730-3735
check_rss_recipient(
Link Here
|
| 3730 |
} |
3962 |
} |
| 3731 |
|
3963 |
|
| 3732 |
|
3964 |
|
|
|
3965 |
#ifdef WITH_LSPP |
| 3966 |
/* |
| 3967 |
* 'check_context()' - Check SELinux security context of a user and job |
| 3968 |
*/ |
| 3969 |
|
| 3970 |
static int /* O - 1 if OK, 0 if not, -1 on error */ |
| 3971 |
check_context(cupsd_client_t *con, /* I - Client connection */ |
| 3972 |
cupsd_job_t *job) /* I - Job */ |
| 3973 |
{ |
| 3974 |
int enforcing; /* is SELinux in enforcing mode */ |
| 3975 |
char filename[1024]; /* Filename of the spool file */ |
| 3976 |
security_id_t clisid; /* SELinux SID of the client */ |
| 3977 |
security_id_t jobsid; /* SELinux SID of the job */ |
| 3978 |
security_id_t filesid; /* SELinux SID of the spool file */ |
| 3979 |
struct avc_entry_ref avcref; /* AVC entry cache pointer */ |
| 3980 |
security_class_t tclass; /* SELinux security class */ |
| 3981 |
access_vector_t avr; /* SELinux access being queried */ |
| 3982 |
security_context_t spoolfilecon; /* SELinux context of the spool file */ |
| 3983 |
|
| 3984 |
|
| 3985 |
/* |
| 3986 |
* Validate the input to be sure there are contexts to work with... |
| 3987 |
*/ |
| 3988 |
|
| 3989 |
if (con->scon == NULL || job->scon == NULL |
| 3990 |
|| strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0 |
| 3991 |
|| strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0) |
| 3992 |
return -1; |
| 3993 |
|
| 3994 |
if ((enforcing = security_getenforce()) == -1) |
| 3995 |
{ |
| 3996 |
cupsdLogMessage(CUPSD_LOG_ERROR, "Error while determining SELinux enforcement"); |
| 3997 |
return -1; |
| 3998 |
} |
| 3999 |
cupsdLogMessage(CUPSD_LOG_DEBUG, "check_context: client context %s job context %s", con->scon, job->scon); |
| 4000 |
|
| 4001 |
|
| 4002 |
/* |
| 4003 |
* Initialize the avc engine... |
| 4004 |
*/ |
| 4005 |
|
| 4006 |
static avc_initialized = 0; |
| 4007 |
if (! avc_initialized++) |
| 4008 |
{ |
| 4009 |
if (avc_init("cupsd", NULL, NULL, NULL, NULL) < 0) |
| 4010 |
{ |
| 4011 |
cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable avc_init"); |
| 4012 |
return -1; |
| 4013 |
} |
| 4014 |
} |
| 4015 |
if (avc_context_to_sid(con->scon, &clisid) != 0) |
| 4016 |
{ |
| 4017 |
cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable to convert %s to SELinux sid", con->scon); |
| 4018 |
return -1; |
| 4019 |
} |
| 4020 |
if (avc_context_to_sid(job->scon, &jobsid) != 0) |
| 4021 |
{ |
| 4022 |
cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable to convert %s to SELinux sid", job->scon); |
| 4023 |
return -1; |
| 4024 |
} |
| 4025 |
avc_entry_ref_init(&avcref); |
| 4026 |
tclass = SECCLASS_FILE; |
| 4027 |
avr = FILE__READ; |
| 4028 |
|
| 4029 |
/* |
| 4030 |
* Perform the check with the client as the subject, first with the job as the object |
| 4031 |
* if that fails then with the spool file as the object... |
| 4032 |
*/ |
| 4033 |
|
| 4034 |
if (avc_has_perm_noaudit(clisid, jobsid, tclass, avr, &avcref, NULL) != 0) |
| 4035 |
{ |
| 4036 |
cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access based on the client context"); |
| 4037 |
|
| 4038 |
snprintf(filename, sizeof(filename), "%s/c%05d", RequestRoot, job->id); |
| 4039 |
if (getfilecon(filename, &spoolfilecon) == -1) |
| 4040 |
{ |
| 4041 |
cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to get spoolfile context"); |
| 4042 |
return -1; |
| 4043 |
} |
| 4044 |
if (avc_context_to_sid(spoolfilecon, &filesid) != 0) |
| 4045 |
{ |
| 4046 |
cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to determine the SELinux sid for the spool file"); |
| 4047 |
freecon(spoolfilecon); |
| 4048 |
return -1; |
| 4049 |
} |
| 4050 |
freecon(spoolfilecon); |
| 4051 |
if (avc_has_perm_noaudit(clisid, filesid, tclass, avr, &avcref, NULL) != 0) |
| 4052 |
{ |
| 4053 |
cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access to the spool file"); |
| 4054 |
return 0; |
| 4055 |
} |
| 4056 |
cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access to the spool file"); |
| 4057 |
return 1; |
| 4058 |
} |
| 4059 |
else |
| 4060 |
if (enforcing == 0) |
| 4061 |
cupsdLogMessage(CUPSD_LOG_INFO, "check_context: allowing operation due to permissive mode"); |
| 4062 |
else |
| 4063 |
cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access based on the client context"); |
| 4064 |
|
| 4065 |
return 1; |
| 4066 |
} |
| 4067 |
#endif /* WITH_LSPP */ |
| 4068 |
|
| 4069 |
|
| 3733 |
/* |
4070 |
/* |
| 3734 |
* 'check_quotas()' - Check quotas for a printer and user. |
4071 |
* 'check_quotas()' - Check quotas for a printer and user. |
| 3735 |
*/ |
4072 |
*/ |
|
Lines 4182-4187
copy_banner(cupsd_client_t *con, /* I -
Link Here
|
| 4182 |
char attrname[255], /* Name of attribute */ |
4519 |
char attrname[255], /* Name of attribute */ |
| 4183 |
*s; /* Pointer into name */ |
4520 |
*s; /* Pointer into name */ |
| 4184 |
ipp_attribute_t *attr; /* Attribute */ |
4521 |
ipp_attribute_t *attr; /* Attribute */ |
|
|
4522 |
#ifdef WITH_LSPP |
| 4523 |
const char *mls_label; /* SL of print job */ |
| 4524 |
char *jobrange; /* SELinux sensitivity range */ |
| 4525 |
char *jobclearance; /* SELinux low end clearance */ |
| 4526 |
context_t jobcon; /* SELinux context of the job */ |
| 4527 |
context_t tmpcon; /* Temp context to set the level */ |
| 4528 |
security_context_t spoolcon; /* Context of the file in the spool */ |
| 4529 |
#endif /* WITH_LSPP */ |
| 4530 |
|
| 4185 |
|
4531 |
|
| 4186 |
|
4532 |
|
| 4187 |
cupsdLogMessage(CUPSD_LOG_DEBUG2, |
4533 |
cupsdLogMessage(CUPSD_LOG_DEBUG2, |
|
Lines 4217-4222
copy_banner(cupsd_client_t *con, /* I -
Link Here
|
| 4217 |
|
4563 |
|
| 4218 |
fchmod(cupsFileNumber(out), 0640); |
4564 |
fchmod(cupsFileNumber(out), 0640); |
| 4219 |
fchown(cupsFileNumber(out), RunUser, Group); |
4565 |
fchown(cupsFileNumber(out), RunUser, Group); |
|
|
4566 |
#ifdef WITH_LSPP |
| 4567 |
if (job->scon != NULL && |
| 4568 |
strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) |
| 4569 |
{ |
| 4570 |
if (getfilecon(filename, &spoolcon) == -1) |
| 4571 |
{ |
| 4572 |
cupsdLogMessage(CUPSD_LOG_ERROR, |
| 4573 |
"copy_banner: Unable to get the context of the banner file %s - %s", |
| 4574 |
filename, strerror(errno)); |
| 4575 |
job->num_files --; |
| 4576 |
return (0); |
| 4577 |
} |
| 4578 |
tmpcon = context_new(spoolcon); |
| 4579 |
jobcon = context_new(job->scon); |
| 4580 |
freecon(spoolcon); |
| 4581 |
if (!tmpcon || !jobcon) |
| 4582 |
{ |
| 4583 |
if (tmpcon) |
| 4584 |
context_free(tmpcon); |
| 4585 |
if (jobcon) |
| 4586 |
context_free(jobcon); |
| 4587 |
cupsdLogMessage(CUPSD_LOG_ERROR, |
| 4588 |
"copy_banner: Unable to get the SELinux contexts"); |
| 4589 |
job->num_files --; |
| 4590 |
return (0); |
| 4591 |
} |
| 4592 |
jobrange = context_range_get(jobcon); |
| 4593 |
if (jobrange) |
| 4594 |
{ |
| 4595 |
jobrange = strdup(jobrange); |
| 4596 |
if ((jobclearance = strtok(jobrange, "-")) != NULL) |
| 4597 |
{ |
| 4598 |
if (context_range_set(tmpcon, jobclearance) == -1) |
| 4599 |
{ |
| 4600 |
cupsdLogMessage(CUPSD_LOG_ERROR, |
| 4601 |
"copy_banner: Unable to set the level of the context for file %s - %s", |
| 4602 |
filename, strerror(errno)); |
| 4603 |
free(jobrange); |
| 4604 |
context_free(jobcon); |
| 4605 |
context_free(tmpcon); |
| 4606 |
job->num_files --; |
| 4607 |
return (0); |
| 4608 |
} |
| 4609 |
} |
| 4610 |
else |
| 4611 |
{ |
| 4612 |
if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1) |
| 4613 |
{ |
| 4614 |
cupsdLogMessage(CUPSD_LOG_ERROR, |
| 4615 |
"copy_banner: Unable to set the level of the context for file %s - %s", |
| 4616 |
filename, strerror(errno)); |
| 4617 |
free(jobrange); |
| 4618 |
context_free(jobcon); |
| 4619 |
context_free(tmpcon); |
| 4620 |
job->num_files --; |
| 4621 |
return (0); |
| 4622 |
} |
| 4623 |
} |
| 4624 |
free(jobrange); |
| 4625 |
} |
| 4626 |
if (setfilecon(filename, context_str(tmpcon)) == -1) |
| 4627 |
{ |
| 4628 |
cupsdLogMessage(CUPSD_LOG_ERROR, |
| 4629 |
"copy_banner: Unable to set the context of the banner file %s - %s", |
| 4630 |
filename, strerror(errno)); |
| 4631 |
context_free(jobcon); |
| 4632 |
context_free(tmpcon); |
| 4633 |
job->num_files --; |
| 4634 |
return (0); |
| 4635 |
} |
| 4636 |
cupsdLogMessage(CUPSD_LOG_DEBUG2, "copy_banner: %s set to %s", |
| 4637 |
filename, context_str(tmpcon)); |
| 4638 |
context_free(jobcon); |
| 4639 |
context_free(tmpcon); |
| 4640 |
} |
| 4641 |
#endif /* WITH_LSPP */ |
| 4220 |
|
4642 |
|
| 4221 |
/* |
4643 |
/* |
| 4222 |
* Try the localized banner file under the subdirectory... |
4644 |
* Try the localized banner file under the subdirectory... |
|
Lines 4311-4316
copy_banner(cupsd_client_t *con, /* I -
Link Here
|
| 4311 |
else |
4733 |
else |
| 4312 |
s = attrname; |
4734 |
s = attrname; |
| 4313 |
|
4735 |
|
|
|
4736 |
#ifdef WITH_LSPP |
| 4737 |
if (strcmp(s, "mls-label") == 0) |
| 4738 |
{ |
| 4739 |
if (job->scon != NULL && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0) |
| 4740 |
{ |
| 4741 |
jobcon = context_new(job->scon); |
| 4742 |
if (_cups_strcasecmp(name, MLS_CONFIG) == 0) |
| 4743 |
mls_label = context_range_get(jobcon); |
| 4744 |
else if (_cups_strcasecmp(name, TE_CONFIG) == 0) |
| 4745 |
mls_label = context_type_get(jobcon); |
| 4746 |
else // default to using the whole context string |
| 4747 |
mls_label = context_str(jobcon); |
| 4748 |
cupsFilePuts(out, mls_label); |
| 4749 |
context_free(jobcon); |
| 4750 |
} |
| 4751 |
continue; |
| 4752 |
} |
| 4753 |
#endif /* WITH_LSPP */ |
| 4314 |
if (!strcmp(s, "printer-name")) |
4754 |
if (!strcmp(s, "printer-name")) |
| 4315 |
{ |
4755 |
{ |
| 4316 |
cupsFilePuts(out, job->dest); |
4756 |
cupsFilePuts(out, job->dest); |
|
Lines 6388-6393
get_job_attrs(cupsd_client_t *con, /* I
Link Here
|
| 6388 |
|
6828 |
|
| 6389 |
exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username); |
6829 |
exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username); |
| 6390 |
|
6830 |
|
|
|
6831 |
|
| 6832 |
#ifdef WITH_LSPP |
| 6833 |
/* |
| 6834 |
* Check SELinux... |
| 6835 |
*/ |
| 6836 |
if (is_lspp_config() && check_context(con, job) != 1) |
| 6837 |
{ |
| 6838 |
/* |
| 6839 |
* Unfortunately we have to lie to the user... |
| 6840 |
*/ |
| 6841 |
send_ipp_status(con, IPP_NOT_FOUND, _("Job #%d does not exist!"), jobid); |
| 6842 |
return; |
| 6843 |
} |
| 6844 |
#endif /* WITH_LSPP */ |
| 6845 |
|
| 6846 |
|
| 6391 |
/* |
6847 |
/* |
| 6392 |
* Copy attributes... |
6848 |
* Copy attributes... |
| 6393 |
*/ |
6849 |
*/ |
|
Lines 6741-6746
get_jobs(cupsd_client_t *con, /* I - C
Link Here
|
| 6741 |
if (username[0] && _cups_strcasecmp(username, job->username)) |
7197 |
if (username[0] && _cups_strcasecmp(username, job->username)) |
| 6742 |
continue; |
7198 |
continue; |
| 6743 |
|
7199 |
|
|
|
7200 |
#ifdef WITH_LSPP |
| 7201 |
if (is_lspp_config() && check_context(con, job) != 1) |
| 7202 |
continue; |
| 7203 |
#endif /* WITH_LSPP */ |
| 7204 |
|
| 6744 |
if (count > 0) |
7205 |
if (count > 0) |
| 6745 |
ippAddSeparator(con->response); |
7206 |
ippAddSeparator(con->response); |
| 6746 |
|
7207 |
|
|
Lines 11303-11308
validate_user(cupsd_job_t *job, /* I
Link Here
|
| 11303 |
|
11764 |
|
| 11304 |
strlcpy(username, get_username(con), userlen); |
11765 |
strlcpy(username, get_username(con), userlen); |
| 11305 |
|
11766 |
|
|
|
11767 |
#ifdef WITH_LSPP |
| 11768 |
if (is_lspp_config() && check_context(con, job) != 1) |
| 11769 |
return 0; |
| 11770 |
#endif /* WITH_LSPP */ |
| 11771 |
|
| 11306 |
/* |
11772 |
/* |
| 11307 |
* Check the username against the owner... |
11773 |
* Check the username against the owner... |
| 11308 |
*/ |
11774 |
*/ |
