[thirdparty/cups.git] / scheduler / policy.c

/*
 * "$Id: policy.c 6649 2007-07-11 21:46:42Z mike $"
 *
 *   Policy routines for the Common UNIX Printing System (CUPS).
 *
 *   Copyright 2007 by Apple Inc.
 *   Copyright 1997-2006 by Easy Software Products, all rights reserved.
 *
 *   These coded instructions, statements, and computer programs are the
 *   property of Apple Inc. and are protected by Federal copyright
 *   law.  Distribution and use rights are outlined in the file "LICENSE.txt"
 *   which should have been included with this file.  If this file is
 *   file is missing or damaged, see the license at "http://www.cups.org/".
 *
 * Contents:
 *
 *   cupsdAddPolicy()         - Add a policy to the system.
 *   cupsdAddPolicyOp()       - Add an operation to a policy.
 *   cupsdCheckPolicy()       - Check the IPP operation and username against
 *                              a policy.
 *   cupsdDeleteAllPolicies() - Delete all policies in memory.
 *   cupsdFindPolicy()        - Find a named policy.
 *   cupsdFindPolicyOp()      - Find a policy operation.
 */

/*
 * Include necessary headers...
 */

#include "cupsd.h"


/*
 * 'AddPolicy()' - Add a policy to the system.
 */

cupsd_policy_t *			/* O - Policy */
cupsdAddPolicy(const char *policy)	/* I - Name of policy */
{
  cupsd_policy_t	*temp,		/* Pointer to policy */
			**tempa;	/* Pointer to policy array */


  if (policy == NULL)
    return (NULL);

  if (NumPolicies == 0)
    tempa = malloc(sizeof(cupsd_policy_t *));
  else
    tempa = realloc(Policies, sizeof(cupsd_policy_t *) * (NumPolicies + 1));

  if (tempa == NULL)
    return (NULL);

  Policies = tempa;
  tempa    += NumPolicies;

  if ((temp = calloc(1, sizeof(cupsd_policy_t))) != NULL)
  {
    temp->name = strdup(policy);
    *tempa     = temp;

    NumPolicies ++;
  }

  return (temp);
}


/*
 * 'cupsdAddPolicyOp()' - Add an operation to a policy.
 */

cupsd_location_t *			/* O - New policy operation */
cupsdAddPolicyOp(cupsd_policy_t   *p,	/* I - Policy */
                 cupsd_location_t *po,	/* I - Policy operation to copy */
                 ipp_op_t         op)	/* I - IPP operation code */
{
  int			i;		/* Looping var */
  cupsd_location_t	*temp,		/* New policy operation */
			**tempa;	/* New policy operation array */
  char			name[1024];	/* Interface name */


  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddPolicyOp(p=%p, po=%p, op=%x(%s))",
                  p, po, op, ippOpString(op));

  if (p == NULL)
    return (NULL);

  if (p->num_ops == 0)
    tempa = malloc(sizeof(cupsd_location_t *));
  else
    tempa = realloc(p->ops, sizeof(cupsd_location_t *) * (p->num_ops + 1));

  if (tempa == NULL)
    return (NULL);

  p->ops = tempa;

  if ((temp = calloc(1, sizeof(cupsd_location_t))) != NULL)
  {
    p->ops            = tempa;
    tempa[p->num_ops] = temp;
    p->num_ops ++;

    temp->op    = op;
    temp->limit = AUTH_LIMIT_IPP;

    if (po)
    {
     /*
      * Copy the specified policy to the new one...
      */

      temp->order_type = po->order_type;
      temp->type       = po->type;
      temp->level      = po->level;
      temp->satisfy    = po->satisfy;
      temp->encryption = po->encryption;

      for (i = 0; i < po->num_names; i ++)
        cupsdAddName(temp, po->names[i]);

      for (i = 0; i < po->num_allow; i ++)
        switch (po->allow[i].type)
	{
	  case AUTH_IP :
	      cupsdAllowIP(temp, po->allow[i].mask.ip.address,
	              po->allow[i].mask.ip.netmask);
	      break;

          case AUTH_INTERFACE :
	      snprintf(name, sizeof(name), "@IF(%s)",
	               po->allow[i].mask.name.name);
              cupsdAllowHost(temp, name);
	      break;

          default :
              cupsdAllowHost(temp, po->allow[i].mask.name.name);
	      break;
        }

      for (i = 0; i < po->num_deny; i ++)
        switch (po->deny[i].type)
	{
	  case AUTH_IP :
	      cupsdDenyIP(temp, po->deny[i].mask.ip.address,
	              po->deny[i].mask.ip.netmask);
	      break;

          case AUTH_INTERFACE :
	      snprintf(name, sizeof(name), "@IF(%s)",
	               po->deny[i].mask.name.name);
              cupsdDenyHost(temp, name);
	      break;

          default :
              cupsdDenyHost(temp, po->deny[i].mask.name.name);
	      break;
        }
    }
  }

  return (temp);
}


/*
 * 'cupsdCheckPolicy()' - Check the IPP operation and username against a policy.
 */

http_status_t				/* I - 1 if OK, 0 otherwise */
cupsdCheckPolicy(cupsd_policy_t *p,	/* I - Policy */
                 cupsd_client_t *con,	/* I - Client connection */
	         const char     *owner)	/* I - Owner of object */
{
  cupsd_location_t	*po;		/* Current policy operation */


 /*
  * Range check...
  */

  if (!p || !con)
  {
    cupsdLogMessage(CUPSD_LOG_CRIT, "cupsdCheckPolicy: p=%p, con=%p!", p, con);

    return ((http_status_t)0);
  }

 /*
  * Find a match for the operation...
  */

  if ((po = cupsdFindPolicyOp(p, con->request->request.op.operation_id)) == NULL)
  {
    cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCheckPolicy: No matching operation, returning 0!");
    return ((http_status_t)0);
  }

  con->best = po;

 /*
  * Return the status of the check...
  */

  return (cupsdIsAuthorized(con, owner));
}


/*
 * 'cupsdDeleteAllPolicies()' - Delete all policies in memory.
 */

void
cupsdDeleteAllPolicies(void)
{
  int			i, j;		/* Looping vars */
  cupsd_policy_t	**p;		/* Current policy */
  cupsd_location_t	**po;		/* Current policy op */


  if (NumPolicies == 0)
    return;

  for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
  {
    for (j = (*p)->num_ops, po = (*p)->ops; j > 0; j --, po ++)
      cupsdDeleteLocation(*po);

    if ((*p)->num_ops > 0)
      free((*p)->ops);

    free(*p);
  }

  free(Policies);

  NumPolicies = 0;
  Policies    = NULL;
}


/*
 * 'cupsdFindPolicy()' - Find a named policy.
 */

cupsd_policy_t *			/* O - Policy */
cupsdFindPolicy(const char *policy)	/* I - Name of policy */
{
  int			i;		/* Looping var */
  cupsd_policy_t	**p;		/* Current policy */


 /*
  * Range check...
  */

  if (policy == NULL)
    return (NULL);

 /*
  * Check the operation against the available policies...
  */

  for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
    if (!strcasecmp(policy, (*p)->name))
      return (*p);

  return (NULL);
}


/*
 * 'cupsdFindPolicyOp()' - Find a policy operation.
 */

cupsd_location_t *			/* O - Policy operation */
cupsdFindPolicyOp(cupsd_policy_t *p,	/* I - Policy */
                  ipp_op_t       op)	/* I - IPP operation */
{
  int			i;		/* Looping var */
  cupsd_location_t	**po;		/* Current policy operation */


  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp(p=%p, op=%x(%s))\n",
                  p, op, ippOpString(op));

 /*
  * Range check...
  */

  if (p == NULL)
    return (NULL);

 /*
  * Check the operation against the available policies...
  */

  for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
    if ((*po)->op == op)
    {
      cupsdLogMessage(CUPSD_LOG_DEBUG2,
                      "cupsdFindPolicyOp: Found exact match...");
      return (*po);
    }

  for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
    if ((*po)->op == IPP_ANY_OPERATION)
    {
      cupsdLogMessage(CUPSD_LOG_DEBUG2,
                      "cupsdFindPolicyOp: Found wildcard match...");
      return (*po);
    }

  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp: No match found!");

  return (NULL);
}


/*
 * End of "$Id: policy.c 6649 2007-07-11 21:46:42Z mike $".
 */
Commit	Line	Data
ef416fc2	1	/*
bc44d920	2	* "$Id: policy.c 6649 2007-07-11 21:46:42Z mike $"
ef416fc2	3	*
	4	* Policy routines for the Common UNIX Printing System (CUPS).
	5	*
bc44d920	6	* Copyright 2007 by Apple Inc.
480ef0fe	7	* Copyright 1997-2006 by Easy Software Products, all rights reserved.
ef416fc2	8	*
ef416fc2	9	* These coded instructions, statements, and computer programs are the
bc44d920	10	* property of Apple Inc. and are protected by Federal copyright
	11	* law. Distribution and use rights are outlined in the file "LICENSE.txt"
	12	* which should have been included with this file. If this file is
	13	* file is missing or damaged, see the license at "http://www.cups.org/".
ef416fc2	14	*
	15	* Contents:
	16	*
	17	* cupsdAddPolicy() - Add a policy to the system.
	18	* cupsdAddPolicyOp() - Add an operation to a policy.
	19	* cupsdCheckPolicy() - Check the IPP operation and username against
	20	* a policy.
	21	* cupsdDeleteAllPolicies() - Delete all policies in memory.
	22	* cupsdFindPolicy() - Find a named policy.
	23	* cupsdFindPolicyOp() - Find a policy operation.
	24	*/
	25
	26	/*
	27	* Include necessary headers...
	28	*/
	29
	30	#include "cupsd.h"
	31
	32
	33	/*
	34	* 'AddPolicy()' - Add a policy to the system.
	35	*/
	36
	37	cupsd_policy_t * /* O - Policy */
	38	cupsdAddPolicy(const char policy) / I - Name of policy */
	39	{
	40	cupsd_policy_t temp, / Pointer to policy */
	41	*tempa; / Pointer to policy array */
	42
	43
	44	if (policy == NULL)
	45	return (NULL);
	46
	47	if (NumPolicies == 0)
	48	tempa = malloc(sizeof(cupsd_policy_t *));
	49	else
	50	tempa = realloc(Policies, sizeof(cupsd_policy_t ) (NumPolicies + 1));
	51
	52	if (tempa == NULL)
	53	return (NULL);
	54
	55	Policies = tempa;
	56	tempa += NumPolicies;
	57
	58	if ((temp = calloc(1, sizeof(cupsd_policy_t))) != NULL)
	59	{
	60	temp->name = strdup(policy);
	61	*tempa = temp;
	62
	63	NumPolicies ++;
	64	}
	65
	66	return (temp);
	67	}
	68
	69
	70	/*
	71	* 'cupsdAddPolicyOp()' - Add an operation to a policy.
	72	*/
	73
	74	cupsd_location_t * /* O - New policy operation */
	75	cupsdAddPolicyOp(cupsd_policy_t p, / I - Policy */
	76	cupsd_location_t po, / I - Policy operation to copy */
	77	ipp_op_t op) /* I - IPP operation code */
78	{
79	int i; /* Looping var */
80	cupsd_location_t temp, / New policy operation */
81	*tempa; / New policy operation array */
82	char name[1024]; /* Interface name */
83
84
85	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddPolicyOp(p=%p, po=%p, op=%x(%s))",
86	p, po, op, ippOpString(op));
87
88	if (p == NULL)
89	return (NULL);
90
91	if (p->num_ops == 0)
92	tempa = malloc(sizeof(cupsd_location_t *));
93	else
94	tempa = realloc(p->ops, sizeof(cupsd_location_t ) (p->num_ops + 1));
95
96	if (tempa == NULL)
97	return (NULL);
98
99	p->ops = tempa;
100
101	if ((temp = calloc(1, sizeof(cupsd_location_t))) != NULL)
102	{
103	p->ops = tempa;
104	tempa[p->num_ops] = temp;
105	p->num_ops ++;
106
107	temp->op = op;
108	temp->limit = AUTH_LIMIT_IPP;
109
110	if (po)
111	{
112	/*
113	* Copy the specified policy to the new one...
114	*/
115
116	temp->order_type = po->order_type;
117	temp->type = po->type;
118	temp->level = po->level;
119	temp->satisfy = po->satisfy;
120	temp->encryption = po->encryption;
121
122	for (i = 0; i < po->num_names; i ++)
123	cupsdAddName(temp, po->names[i]);
124
125	for (i = 0; i < po->num_allow; i ++)
126	switch (po->allow[i].type)
127	{
128	case AUTH_IP :
129	cupsdAllowIP(temp, po->allow[i].mask.ip.address,
130	po->allow[i].mask.ip.netmask);
131	break;
132
133	case AUTH_INTERFACE :
134	snprintf(name, sizeof(name), "@IF(%s)",
135	po->allow[i].mask.name.name);
136	cupsdAllowHost(temp, name);
137	break;
138
139	default :
140	cupsdAllowHost(temp, po->allow[i].mask.name.name);
141	break;
142	}
143
144	for (i = 0; i < po->num_deny; i ++)
145	switch (po->deny[i].type)
146	{
147	case AUTH_IP :
148	cupsdDenyIP(temp, po->deny[i].mask.ip.address,
149	po->deny[i].mask.ip.netmask);
150	break;
151
152	case AUTH_INTERFACE :
153	snprintf(name, sizeof(name), "@IF(%s)",
154	po->deny[i].mask.name.name);
155	cupsdDenyHost(temp, name);
156	break;
157
158	default :
159	cupsdDenyHost(temp, po->deny[i].mask.name.name);
160	break;
161	}
162	}
163	}
164
165	return (temp);
166	}
167
168
169	/*
170	* 'cupsdCheckPolicy()' - Check the IPP operation and username against a policy.
171	*/
172
173	http_status_t /* I - 1 if OK, 0 otherwise */
174	cupsdCheckPolicy(cupsd_policy_t p, / I - Policy */
175	cupsd_client_t con, / I - Client connection */
176	const char owner) / I - Owner of object */
177	{
178	cupsd_location_t po; / Current policy operation */
179
180
181	/*
182	* Range check...
183	*/
184
185	if (!p \|\| !con)
186	{
187	cupsdLogMessage(CUPSD_LOG_CRIT, "cupsdCheckPolicy: p=%p, con=%p!", p, con);
188
d09495fa	189	return ((http_status_t)0);
ef416fc2	190	}
	191
	192	/*
	193	* Find a match for the operation...
	194	*/
	195
	196	if ((po = cupsdFindPolicyOp(p, con->request->request.op.operation_id)) == NULL)
	197	{
	198	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCheckPolicy: No matching operation, returning 0!");
d09495fa	199	return ((http_status_t)0);
ef416fc2	200	}
	201
	202	con->best = po;
	203
	204	/*
	205	* Return the status of the check...
	206	*/
	207
	208	return (cupsdIsAuthorized(con, owner));
	209	}
	210
	211
	212	/*
	213	* 'cupsdDeleteAllPolicies()' - Delete all policies in memory.
	214	*/
	215
	216	void
	217	cupsdDeleteAllPolicies(void)
	218	{
	219	int i, j; /* Looping vars */
	220	cupsd_policy_t *p; / Current policy */
	221	cupsd_location_t *po; / Current policy op */
	222
	223
	224	if (NumPolicies == 0)
	225	return;
	226
	227	for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
	228	{
	229	for (j = (p)->num_ops, po = (p)->ops; j > 0; j --, po ++)
ef416fc2	230	cupsdDeleteLocation(*po);
ef416fc2	231
	232	if ((*p)->num_ops > 0)
	233	free((*p)->ops);
	234
	235	free(*p);
	236	}
	237
	238	free(Policies);
	239
	240	NumPolicies = 0;
	241	Policies = NULL;
	242	}
	243
	244
	245	/*
	246	* 'cupsdFindPolicy()' - Find a named policy.
	247	*/
	248
	249	cupsd_policy_t * /* O - Policy */
	250	cupsdFindPolicy(const char policy) / I - Name of policy */
	251	{
	252	int i; /* Looping var */
	253	cupsd_policy_t *p; / Current policy */
	254
	255
	256	/*
	257	* Range check...
	258	*/
	259
	260	if (policy == NULL)
	261	return (NULL);
	262
	263	/*
	264	* Check the operation against the available policies...
	265	*/
	266
	267	for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
	268	if (!strcasecmp(policy, (*p)->name))
	269	return (*p);
	270
	271	return (NULL);
	272	}
	273
	274
	275	/*
	276	* 'cupsdFindPolicyOp()' - Find a policy operation.
	277	*/
	278
	279	cupsd_location_t * /* O - Policy operation */
	280	cupsdFindPolicyOp(cupsd_policy_t p, / I - Policy */
	281	ipp_op_t op) /* I - IPP operation */
	282	{
	283	int i; /* Looping var */
	284	cupsd_location_t *po; / Current policy operation */
	285
	286
	287	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp(p=%p, op=%x(%s))\n",
	288	p, op, ippOpString(op));
	289
	290	/*
	291	* Range check...
	292	*/
	293
	294	if (p == NULL)
295	return (NULL);
296
297	/*
298	* Check the operation against the available policies...
299	*/
300
301	for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
302	if ((*po)->op == op)
303	{
304	cupsdLogMessage(CUPSD_LOG_DEBUG2,
305	"cupsdFindPolicyOp: Found exact match...");
306	return (*po);
307	}
308
309	for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
310	if ((*po)->op == IPP_ANY_OPERATION)
311	{
312	cupsdLogMessage(CUPSD_LOG_DEBUG2,
313	"cupsdFindPolicyOp: Found wildcard match...");
314	return (*po);
315	}
316
317	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp: No match found!");
318
319	return (NULL);
320	}
321
322
323	/*
bc44d920	324	* End of "$Id: policy.c 6649 2007-07-11 21:46:42Z mike $".
ef416fc2	325	*/