]>
Commit | Line | Data |
---|---|---|
ef416fc2 | 1 | /* |
bc44d920 | 2 | * "$Id: policy.c 6649 2007-07-11 21:46:42Z mike $" |
ef416fc2 | 3 | * |
4 | * Policy routines for the Common UNIX Printing System (CUPS). | |
5 | * | |
bc44d920 | 6 | * Copyright 2007 by Apple Inc. |
480ef0fe | 7 | * Copyright 1997-2006 by Easy Software Products, all rights reserved. |
ef416fc2 | 8 | * |
9 | * These coded instructions, statements, and computer programs are the | |
bc44d920 | 10 | * property of Apple Inc. and are protected by Federal copyright |
11 | * law. Distribution and use rights are outlined in the file "LICENSE.txt" | |
12 | * which should have been included with this file. If this file is | |
13 | * file is missing or damaged, see the license at "http://www.cups.org/". | |
ef416fc2 | 14 | * |
15 | * Contents: | |
16 | * | |
17 | * cupsdAddPolicy() - Add a policy to the system. | |
18 | * cupsdAddPolicyOp() - Add an operation to a policy. | |
19 | * cupsdCheckPolicy() - Check the IPP operation and username against | |
20 | * a policy. | |
21 | * cupsdDeleteAllPolicies() - Delete all policies in memory. | |
22 | * cupsdFindPolicy() - Find a named policy. | |
23 | * cupsdFindPolicyOp() - Find a policy operation. | |
24 | */ | |
25 | ||
26 | /* | |
27 | * Include necessary headers... | |
28 | */ | |
29 | ||
30 | #include "cupsd.h" | |
31 | ||
32 | ||
33 | /* | |
34 | * 'AddPolicy()' - Add a policy to the system. | |
35 | */ | |
36 | ||
37 | cupsd_policy_t * /* O - Policy */ | |
38 | cupsdAddPolicy(const char *policy) /* I - Name of policy */ | |
39 | { | |
40 | cupsd_policy_t *temp, /* Pointer to policy */ | |
41 | **tempa; /* Pointer to policy array */ | |
42 | ||
43 | ||
44 | if (policy == NULL) | |
45 | return (NULL); | |
46 | ||
47 | if (NumPolicies == 0) | |
48 | tempa = malloc(sizeof(cupsd_policy_t *)); | |
49 | else | |
50 | tempa = realloc(Policies, sizeof(cupsd_policy_t *) * (NumPolicies + 1)); | |
51 | ||
52 | if (tempa == NULL) | |
53 | return (NULL); | |
54 | ||
55 | Policies = tempa; | |
56 | tempa += NumPolicies; | |
57 | ||
58 | if ((temp = calloc(1, sizeof(cupsd_policy_t))) != NULL) | |
59 | { | |
60 | temp->name = strdup(policy); | |
61 | *tempa = temp; | |
62 | ||
63 | NumPolicies ++; | |
64 | } | |
65 | ||
66 | return (temp); | |
67 | } | |
68 | ||
69 | ||
70 | /* | |
71 | * 'cupsdAddPolicyOp()' - Add an operation to a policy. | |
72 | */ | |
73 | ||
74 | cupsd_location_t * /* O - New policy operation */ | |
75 | cupsdAddPolicyOp(cupsd_policy_t *p, /* I - Policy */ | |
76 | cupsd_location_t *po, /* I - Policy operation to copy */ | |
77 | ipp_op_t op) /* I - IPP operation code */ | |
78 | { | |
79 | int i; /* Looping var */ | |
80 | cupsd_location_t *temp, /* New policy operation */ | |
81 | **tempa; /* New policy operation array */ | |
82 | char name[1024]; /* Interface name */ | |
83 | ||
84 | ||
85 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddPolicyOp(p=%p, po=%p, op=%x(%s))", | |
86 | p, po, op, ippOpString(op)); | |
87 | ||
88 | if (p == NULL) | |
89 | return (NULL); | |
90 | ||
91 | if (p->num_ops == 0) | |
92 | tempa = malloc(sizeof(cupsd_location_t *)); | |
93 | else | |
94 | tempa = realloc(p->ops, sizeof(cupsd_location_t *) * (p->num_ops + 1)); | |
95 | ||
96 | if (tempa == NULL) | |
97 | return (NULL); | |
98 | ||
99 | p->ops = tempa; | |
100 | ||
101 | if ((temp = calloc(1, sizeof(cupsd_location_t))) != NULL) | |
102 | { | |
103 | p->ops = tempa; | |
104 | tempa[p->num_ops] = temp; | |
105 | p->num_ops ++; | |
106 | ||
107 | temp->op = op; | |
108 | temp->limit = AUTH_LIMIT_IPP; | |
109 | ||
110 | if (po) | |
111 | { | |
112 | /* | |
113 | * Copy the specified policy to the new one... | |
114 | */ | |
115 | ||
116 | temp->order_type = po->order_type; | |
117 | temp->type = po->type; | |
118 | temp->level = po->level; | |
119 | temp->satisfy = po->satisfy; | |
120 | temp->encryption = po->encryption; | |
121 | ||
122 | for (i = 0; i < po->num_names; i ++) | |
123 | cupsdAddName(temp, po->names[i]); | |
124 | ||
125 | for (i = 0; i < po->num_allow; i ++) | |
126 | switch (po->allow[i].type) | |
127 | { | |
128 | case AUTH_IP : | |
129 | cupsdAllowIP(temp, po->allow[i].mask.ip.address, | |
130 | po->allow[i].mask.ip.netmask); | |
131 | break; | |
132 | ||
133 | case AUTH_INTERFACE : | |
134 | snprintf(name, sizeof(name), "@IF(%s)", | |
135 | po->allow[i].mask.name.name); | |
136 | cupsdAllowHost(temp, name); | |
137 | break; | |
138 | ||
139 | default : | |
140 | cupsdAllowHost(temp, po->allow[i].mask.name.name); | |
141 | break; | |
142 | } | |
143 | ||
144 | for (i = 0; i < po->num_deny; i ++) | |
145 | switch (po->deny[i].type) | |
146 | { | |
147 | case AUTH_IP : | |
148 | cupsdDenyIP(temp, po->deny[i].mask.ip.address, | |
149 | po->deny[i].mask.ip.netmask); | |
150 | break; | |
151 | ||
152 | case AUTH_INTERFACE : | |
153 | snprintf(name, sizeof(name), "@IF(%s)", | |
154 | po->deny[i].mask.name.name); | |
155 | cupsdDenyHost(temp, name); | |
156 | break; | |
157 | ||
158 | default : | |
159 | cupsdDenyHost(temp, po->deny[i].mask.name.name); | |
160 | break; | |
161 | } | |
162 | } | |
163 | } | |
164 | ||
165 | return (temp); | |
166 | } | |
167 | ||
168 | ||
169 | /* | |
170 | * 'cupsdCheckPolicy()' - Check the IPP operation and username against a policy. | |
171 | */ | |
172 | ||
173 | http_status_t /* I - 1 if OK, 0 otherwise */ | |
174 | cupsdCheckPolicy(cupsd_policy_t *p, /* I - Policy */ | |
175 | cupsd_client_t *con, /* I - Client connection */ | |
176 | const char *owner) /* I - Owner of object */ | |
177 | { | |
178 | cupsd_location_t *po; /* Current policy operation */ | |
179 | ||
180 | ||
181 | /* | |
182 | * Range check... | |
183 | */ | |
184 | ||
185 | if (!p || !con) | |
186 | { | |
187 | cupsdLogMessage(CUPSD_LOG_CRIT, "cupsdCheckPolicy: p=%p, con=%p!", p, con); | |
188 | ||
d09495fa | 189 | return ((http_status_t)0); |
ef416fc2 | 190 | } |
191 | ||
192 | /* | |
193 | * Find a match for the operation... | |
194 | */ | |
195 | ||
196 | if ((po = cupsdFindPolicyOp(p, con->request->request.op.operation_id)) == NULL) | |
197 | { | |
198 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCheckPolicy: No matching operation, returning 0!"); | |
d09495fa | 199 | return ((http_status_t)0); |
ef416fc2 | 200 | } |
201 | ||
202 | con->best = po; | |
203 | ||
204 | /* | |
205 | * Return the status of the check... | |
206 | */ | |
207 | ||
208 | return (cupsdIsAuthorized(con, owner)); | |
209 | } | |
210 | ||
211 | ||
212 | /* | |
213 | * 'cupsdDeleteAllPolicies()' - Delete all policies in memory. | |
214 | */ | |
215 | ||
216 | void | |
217 | cupsdDeleteAllPolicies(void) | |
218 | { | |
219 | int i, j; /* Looping vars */ | |
220 | cupsd_policy_t **p; /* Current policy */ | |
221 | cupsd_location_t **po; /* Current policy op */ | |
222 | ||
223 | ||
224 | if (NumPolicies == 0) | |
225 | return; | |
226 | ||
227 | for (i = NumPolicies, p = Policies; i > 0; i --, p ++) | |
228 | { | |
229 | for (j = (*p)->num_ops, po = (*p)->ops; j > 0; j --, po ++) | |
ef416fc2 | 230 | cupsdDeleteLocation(*po); |
ef416fc2 | 231 | |
232 | if ((*p)->num_ops > 0) | |
233 | free((*p)->ops); | |
234 | ||
235 | free(*p); | |
236 | } | |
237 | ||
238 | free(Policies); | |
239 | ||
240 | NumPolicies = 0; | |
241 | Policies = NULL; | |
242 | } | |
243 | ||
244 | ||
245 | /* | |
246 | * 'cupsdFindPolicy()' - Find a named policy. | |
247 | */ | |
248 | ||
249 | cupsd_policy_t * /* O - Policy */ | |
250 | cupsdFindPolicy(const char *policy) /* I - Name of policy */ | |
251 | { | |
252 | int i; /* Looping var */ | |
253 | cupsd_policy_t **p; /* Current policy */ | |
254 | ||
255 | ||
256 | /* | |
257 | * Range check... | |
258 | */ | |
259 | ||
260 | if (policy == NULL) | |
261 | return (NULL); | |
262 | ||
263 | /* | |
264 | * Check the operation against the available policies... | |
265 | */ | |
266 | ||
267 | for (i = NumPolicies, p = Policies; i > 0; i --, p ++) | |
268 | if (!strcasecmp(policy, (*p)->name)) | |
269 | return (*p); | |
270 | ||
271 | return (NULL); | |
272 | } | |
273 | ||
274 | ||
275 | /* | |
276 | * 'cupsdFindPolicyOp()' - Find a policy operation. | |
277 | */ | |
278 | ||
279 | cupsd_location_t * /* O - Policy operation */ | |
280 | cupsdFindPolicyOp(cupsd_policy_t *p, /* I - Policy */ | |
281 | ipp_op_t op) /* I - IPP operation */ | |
282 | { | |
283 | int i; /* Looping var */ | |
284 | cupsd_location_t **po; /* Current policy operation */ | |
285 | ||
286 | ||
287 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp(p=%p, op=%x(%s))\n", | |
288 | p, op, ippOpString(op)); | |
289 | ||
290 | /* | |
291 | * Range check... | |
292 | */ | |
293 | ||
294 | if (p == NULL) | |
295 | return (NULL); | |
296 | ||
297 | /* | |
298 | * Check the operation against the available policies... | |
299 | */ | |
300 | ||
301 | for (i = p->num_ops, po = p->ops; i > 0; i --, po ++) | |
302 | if ((*po)->op == op) | |
303 | { | |
304 | cupsdLogMessage(CUPSD_LOG_DEBUG2, | |
305 | "cupsdFindPolicyOp: Found exact match..."); | |
306 | return (*po); | |
307 | } | |
308 | ||
309 | for (i = p->num_ops, po = p->ops; i > 0; i --, po ++) | |
310 | if ((*po)->op == IPP_ANY_OPERATION) | |
311 | { | |
312 | cupsdLogMessage(CUPSD_LOG_DEBUG2, | |
313 | "cupsdFindPolicyOp: Found wildcard match..."); | |
314 | return (*po); | |
315 | } | |
316 | ||
317 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp: No match found!"); | |
318 | ||
319 | return (NULL); | |
320 | } | |
321 | ||
322 | ||
323 | /* | |
bc44d920 | 324 | * End of "$Id: policy.c 6649 2007-07-11 21:46:42Z mike $". |
ef416fc2 | 325 | */ |