[thirdparty/cups.git] / scheduler / policy.c

/*
 * "$Id$"
 *
 *   Policy routines for the Common UNIX Printing System (CUPS).
 *
 *   Copyright 1997-2006 by Easy Software Products, all rights reserved.
 *
 *   These coded instructions, statements, and computer programs are the
 *   property of Easy Software Products and are protected by Federal
 *   copyright law.  Distribution and use rights are outlined in the file
 *   "LICENSE.txt" which should have been included with this file.  If this
 *   file is missing or damaged please contact Easy Software Products
 *   at:
 *
 *       Attn: CUPS Licensing Information
 *       Easy Software Products
 *       44141 Airport View Drive, Suite 204
 *       Hollywood, Maryland 20636 USA
 *
 *       Voice: (301) 373-9600
 *       EMail: cups-info@cups.org
 *         WWW: http://www.cups.org
 *
 * Contents:
 *
 *   cupsdAddPolicy()         - Add a policy to the system.
 *   cupsdAddPolicyOp()       - Add an operation to a policy.
 *   cupsdCheckPolicy()       - Check the IPP operation and username against
 *                              a policy.
 *   cupsdDeleteAllPolicies() - Delete all policies in memory.
 *   cupsdFindPolicy()        - Find a named policy.
 *   cupsdFindPolicyOp()      - Find a policy operation.
 */

/*
 * Include necessary headers...
 */

#include "cupsd.h"


/*
 * 'AddPolicy()' - Add a policy to the system.
 */

cupsd_policy_t *			/* O - Policy */
cupsdAddPolicy(const char *policy)	/* I - Name of policy */
{
  cupsd_policy_t	*temp,		/* Pointer to policy */
			**tempa;	/* Pointer to policy array */


  if (policy == NULL)
    return (NULL);

  if (NumPolicies == 0)
    tempa = malloc(sizeof(cupsd_policy_t *));
  else
    tempa = realloc(Policies, sizeof(cupsd_policy_t *) * (NumPolicies + 1));

  if (tempa == NULL)
    return (NULL);

  Policies = tempa;
  tempa    += NumPolicies;

  if ((temp = calloc(1, sizeof(cupsd_policy_t))) != NULL)
  {
    temp->name = strdup(policy);
    *tempa     = temp;

    NumPolicies ++;
  }

  return (temp);
}


/*
 * 'cupsdAddPolicyOp()' - Add an operation to a policy.
 */

cupsd_location_t *			/* O - New policy operation */
cupsdAddPolicyOp(cupsd_policy_t   *p,	/* I - Policy */
                 cupsd_location_t *po,	/* I - Policy operation to copy */
                 ipp_op_t         op)	/* I - IPP operation code */
{
  int			i;		/* Looping var */
  cupsd_location_t	*temp,		/* New policy operation */
			**tempa;	/* New policy operation array */
  char			name[1024];	/* Interface name */


  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddPolicyOp(p=%p, po=%p, op=%x(%s))",
                  p, po, op, ippOpString(op));

  if (p == NULL)
    return (NULL);

  if (p->num_ops == 0)
    tempa = malloc(sizeof(cupsd_location_t *));
  else
    tempa = realloc(p->ops, sizeof(cupsd_location_t *) * (p->num_ops + 1));

  if (tempa == NULL)
    return (NULL);

  p->ops = tempa;

  if ((temp = calloc(1, sizeof(cupsd_location_t))) != NULL)
  {
    p->ops            = tempa;
    tempa[p->num_ops] = temp;
    p->num_ops ++;

    temp->op    = op;
    temp->limit = AUTH_LIMIT_IPP;

    if (po)
    {
     /*
      * Copy the specified policy to the new one...
      */

      temp->order_type = po->order_type;
      temp->type       = po->type;
      temp->level      = po->level;
      temp->satisfy    = po->satisfy;
      temp->encryption = po->encryption;

      for (i = 0; i < po->num_names; i ++)
        cupsdAddName(temp, po->names[i]);

      for (i = 0; i < po->num_allow; i ++)
        switch (po->allow[i].type)
	{
	  case AUTH_IP :
	      cupsdAllowIP(temp, po->allow[i].mask.ip.address,
	              po->allow[i].mask.ip.netmask);
	      break;

          case AUTH_INTERFACE :
	      snprintf(name, sizeof(name), "@IF(%s)",
	               po->allow[i].mask.name.name);
              cupsdAllowHost(temp, name);
	      break;

          default :
              cupsdAllowHost(temp, po->allow[i].mask.name.name);
	      break;
        }

      for (i = 0; i < po->num_deny; i ++)
        switch (po->deny[i].type)
	{
	  case AUTH_IP :
	      cupsdDenyIP(temp, po->deny[i].mask.ip.address,
	              po->deny[i].mask.ip.netmask);
	      break;

          case AUTH_INTERFACE :
	      snprintf(name, sizeof(name), "@IF(%s)",
	               po->deny[i].mask.name.name);
              cupsdDenyHost(temp, name);
	      break;

          default :
              cupsdDenyHost(temp, po->deny[i].mask.name.name);
	      break;
        }
    }
  }

  return (temp);
}


/*
 * 'cupsdCheckPolicy()' - Check the IPP operation and username against a policy.
 */

http_status_t				/* I - 1 if OK, 0 otherwise */
cupsdCheckPolicy(cupsd_policy_t *p,	/* I - Policy */
                 cupsd_client_t *con,	/* I - Client connection */
	         const char     *owner)	/* I - Owner of object */
{
  cupsd_location_t	*po;		/* Current policy operation */


 /*
  * Range check...
  */

  if (!p || !con)
  {
    cupsdLogMessage(CUPSD_LOG_CRIT, "cupsdCheckPolicy: p=%p, con=%p!", p, con);

    return ((http_status_t)0);
  }

 /*
  * Find a match for the operation...
  */

  if ((po = cupsdFindPolicyOp(p, con->request->request.op.operation_id)) == NULL)
  {
    cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCheckPolicy: No matching operation, returning 0!");
    return ((http_status_t)0);
  }

  con->best = po;

 /*
  * Return the status of the check...
  */

  return (cupsdIsAuthorized(con, owner));
}


/*
 * 'cupsdDeleteAllPolicies()' - Delete all policies in memory.
 */

void
cupsdDeleteAllPolicies(void)
{
  int			i, j;		/* Looping vars */
  cupsd_policy_t	**p;		/* Current policy */
  cupsd_location_t	**po;		/* Current policy op */


  if (NumPolicies == 0)
    return;

  for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
  {
    for (j = (*p)->num_ops, po = (*p)->ops; j > 0; j --, po ++)
      cupsdDeleteLocation(*po);

    if ((*p)->num_ops > 0)
      free((*p)->ops);

    free(*p);
  }

  free(Policies);

  NumPolicies = 0;
  Policies    = NULL;
}


/*
 * 'cupsdFindPolicy()' - Find a named policy.
 */

cupsd_policy_t *			/* O - Policy */
cupsdFindPolicy(const char *policy)	/* I - Name of policy */
{
  int			i;		/* Looping var */
  cupsd_policy_t	**p;		/* Current policy */


 /*
  * Range check...
  */

  if (policy == NULL)
    return (NULL);

 /*
  * Check the operation against the available policies...
  */

  for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
    if (!strcasecmp(policy, (*p)->name))
      return (*p);

  return (NULL);
}


/*
 * 'cupsdFindPolicyOp()' - Find a policy operation.
 */

cupsd_location_t *			/* O - Policy operation */
cupsdFindPolicyOp(cupsd_policy_t *p,	/* I - Policy */
                  ipp_op_t       op)	/* I - IPP operation */
{
  int			i;		/* Looping var */
  cupsd_location_t	**po;		/* Current policy operation */


  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp(p=%p, op=%x(%s))\n",
                  p, op, ippOpString(op));

 /*
  * Range check...
  */

  if (p == NULL)
    return (NULL);

 /*
  * Check the operation against the available policies...
  */

  for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
    if ((*po)->op == op)
    {
      cupsdLogMessage(CUPSD_LOG_DEBUG2,
                      "cupsdFindPolicyOp: Found exact match...");
      return (*po);
    }

  for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
    if ((*po)->op == IPP_ANY_OPERATION)
    {
      cupsdLogMessage(CUPSD_LOG_DEBUG2,
                      "cupsdFindPolicyOp: Found wildcard match...");
      return (*po);
    }

  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp: No match found!");

  return (NULL);
}


/*
 * End of "$Id$".
 */
Commit	Line	Data
f27bd5ab	1	/*
c9d3f842	2	* "$Id$"
f27bd5ab	3	*
	4	* Policy routines for the Common UNIX Printing System (CUPS).
	5	*
dfd3d12a	6	* Copyright 1997-2006 by Easy Software Products, all rights reserved.
f27bd5ab	7	*
	8	* These coded instructions, statements, and computer programs are the
	9	* property of Easy Software Products and are protected by Federal
	10	* copyright law. Distribution and use rights are outlined in the file
	11	* "LICENSE.txt" which should have been included with this file. If this
	12	* file is missing or damaged please contact Easy Software Products
	13	* at:
	14	*
	15	* Attn: CUPS Licensing Information
	16	* Easy Software Products
	17	* 44141 Airport View Drive, Suite 204
c9d3f842	18	* Hollywood, Maryland 20636 USA
f27bd5ab	19	*
9639c4de	20	* Voice: (301) 373-9600
f27bd5ab	21	* EMail: cups-info@cups.org
	22	* WWW: http://www.cups.org
	23	*
	24	* Contents:
	25	*
99baf768	26	* cupsdAddPolicy() - Add a policy to the system.
	27	* cupsdAddPolicyOp() - Add an operation to a policy.
	28	* cupsdCheckPolicy() - Check the IPP operation and username against
	29	* a policy.
	30	* cupsdDeleteAllPolicies() - Delete all policies in memory.
	31	* cupsdFindPolicy() - Find a named policy.
	32	* cupsdFindPolicyOp() - Find a policy operation.
f27bd5ab	33	*/
	34
	35	/*
	36	* Include necessary headers...
	37	*/
	38
	39	#include "cupsd.h"
53ca8055	40
f27bd5ab	41
	42	/*
	43	* 'AddPolicy()' - Add a policy to the system.
	44	*/
	45
99baf768	46	cupsd_policy_t * /* O - Policy */
99baf768	47	cupsdAddPolicy(const char policy) / I - Name of policy */
f27bd5ab	48	{
99baf768	49	cupsd_policy_t temp, / Pointer to policy */
99baf768	50	*tempa; / Pointer to policy array */
53ca8055	51
	52
	53	if (policy == NULL)
	54	return (NULL);
	55
	56	if (NumPolicies == 0)
99baf768	57	tempa = malloc(sizeof(cupsd_policy_t *));
53ca8055	58	else
99baf768	59	tempa = realloc(Policies, sizeof(cupsd_policy_t ) (NumPolicies + 1));
53ca8055	60
4b6bdd9f	61	if (tempa == NULL)
	62	return (NULL);
	63
	64	Policies = tempa;
	65	tempa += NumPolicies;
	66
99baf768	67	if ((temp = calloc(1, sizeof(cupsd_policy_t))) != NULL)
53ca8055	68	{
4b6bdd9f	69	temp->name = strdup(policy);
4b6bdd9f	70	*tempa = temp;
53ca8055	71
4b6bdd9f	72	NumPolicies ++;
53ca8055	73	}
	74
	75	return (temp);
f27bd5ab	76	}
	77
	78
	79	/*
99baf768	80	* 'cupsdAddPolicyOp()' - Add an operation to a policy.
f27bd5ab	81	*/
f27bd5ab	82
f3e786fc	83	cupsd_location_t * /* O - New policy operation */
	84	cupsdAddPolicyOp(cupsd_policy_t p, / I - Policy */
	85	cupsd_location_t po, / I - Policy operation to copy */
	86	ipp_op_t op) /* I - IPP operation code */
f27bd5ab	87	{
f3e786fc	88	int i; /* Looping var */
	89	cupsd_location_t temp, / New policy operation */
	90	*tempa; / New policy operation array */
	91	char name[1024]; /* Interface name */
53ca8055	92
53ca8055	93
f3e786fc	94	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddPolicyOp(p=%p, po=%p, op=%x(%s))",
f3e786fc	95	p, po, op, ippOpString(op));
0051f336	96
53ca8055	97	if (p == NULL)
	98	return (NULL);
	99
	100	if (p->num_ops == 0)
589eb420	101	tempa = malloc(sizeof(cupsd_location_t *));
53ca8055	102	else
589eb420	103	tempa = realloc(p->ops, sizeof(cupsd_location_t ) (p->num_ops + 1));
53ca8055	104
4b6bdd9f	105	if (tempa == NULL)
	106	return (NULL);
	107
	108	p->ops = tempa;
	109
589eb420	110	if ((temp = calloc(1, sizeof(cupsd_location_t))) != NULL)
53ca8055	111	{
4b6bdd9f	112	p->ops = tempa;
4b6bdd9f	113	tempa[p->num_ops] = temp;
53ca8055	114	p->num_ops ++;
53ca8055	115
99baf768	116	temp->op = op;
99baf768	117	temp->limit = AUTH_LIMIT_IPP;
4b6bdd9f	118
	119	if (po)
	120	{
	121	/*
	122	* Copy the specified policy to the new one...
	123	*/
	124
99baf768	125	temp->order_type = po->order_type;
0051f336	126	temp->type = po->type;
99baf768	127	temp->level = po->level;
	128	temp->satisfy = po->satisfy;
	129	temp->encryption = po->encryption;
	130
4b6bdd9f	131	for (i = 0; i < po->num_names; i ++)
589eb420	132	cupsdAddName(temp, po->names[i]);
99baf768	133
	134	for (i = 0; i < po->num_allow; i ++)
	135	switch (po->allow[i].type)
	136	{
	137	case AUTH_IP :
589eb420	138	cupsdAllowIP(temp, po->allow[i].mask.ip.address,
99baf768	139	po->allow[i].mask.ip.netmask);
	140	break;
	141
	142	case AUTH_INTERFACE :
	143	snprintf(name, sizeof(name), "@IF(%s)",
	144	po->allow[i].mask.name.name);
589eb420	145	cupsdAllowHost(temp, name);
99baf768	146	break;
	147
	148	default :
589eb420	149	cupsdAllowHost(temp, po->allow[i].mask.name.name);
99baf768	150	break;
	151	}
	152
	153	for (i = 0; i < po->num_deny; i ++)
	154	switch (po->deny[i].type)
	155	{
	156	case AUTH_IP :
589eb420	157	cupsdDenyIP(temp, po->deny[i].mask.ip.address,
99baf768	158	po->deny[i].mask.ip.netmask);
	159	break;
	160
	161	case AUTH_INTERFACE :
	162	snprintf(name, sizeof(name), "@IF(%s)",
	163	po->deny[i].mask.name.name);
589eb420	164	cupsdDenyHost(temp, name);
99baf768	165	break;
	166
	167	default :
589eb420	168	cupsdDenyHost(temp, po->deny[i].mask.name.name);
99baf768	169	break;
99baf768	170	}
4b6bdd9f	171	}
53ca8055	172	}
	173
	174	return (temp);
f27bd5ab	175	}
	176
	177
	178	/*
99baf768	179	* 'cupsdCheckPolicy()' - Check the IPP operation and username against a policy.
f27bd5ab	180	*/
f27bd5ab	181
5df46530	182	http_status_t /* I - 1 if OK, 0 otherwise */
99baf768	183	cupsdCheckPolicy(cupsd_policy_t p, / I - Policy */
f3e786fc	184	cupsd_client_t con, / I - Client connection */
99baf768	185	const char owner) / I - Owner of object */
f27bd5ab	186	{
f3e786fc	187	cupsd_location_t po; / Current policy operation */
53ca8055	188
	189
	190	/*
	191	* Range check...
	192	*/
	193
bd5510a5	194	if (!p \|\| !con)
fd09381d	195	{
f3e786fc	196	cupsdLogMessage(CUPSD_LOG_CRIT, "cupsdCheckPolicy: p=%p, con=%p!", p, con);
fd09381d	197
be5262d8	198	return ((http_status_t)0);
fd09381d	199	}
53ca8055	200
53ca8055	201	/*
4b6bdd9f	202	* Find a match for the operation...
53ca8055	203	*/
53ca8055	204
0051f336	205	if ((po = cupsdFindPolicyOp(p, con->request->request.op.operation_id)) == NULL)
5934328c	206	{
f3e786fc	207	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCheckPolicy: No matching operation, returning 0!");
be5262d8	208	return ((http_status_t)0);
5934328c	209	}
4b6bdd9f	210
f32b1ead	211	con->best = po;
53ca8055	212
53ca8055	213	/*
4b6bdd9f	214	* Return the status of the check...
53ca8055	215	*/
53ca8055	216
5df46530	217	return (cupsdIsAuthorized(con, owner));
f27bd5ab	218	}
	219
	220
	221	/*
99baf768	222	* 'cupsdDeleteAllPolicies()' - Delete all policies in memory.
f27bd5ab	223	*/
	224
	225	void
99baf768	226	cupsdDeleteAllPolicies(void)
f27bd5ab	227	{
99baf768	228	int i, j; /* Looping vars */
99baf768	229	cupsd_policy_t *p; / Current policy */
f3e786fc	230	cupsd_location_t *po; / Current policy op */
53ca8055	231
	232
	233	if (NumPolicies == 0)
	234	return;
	235
	236	for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
	237	{
4b6bdd9f	238	for (j = (p)->num_ops, po = (p)->ops; j > 0; j --, po ++)
99baf768	239	cupsdDeleteLocation(*po);
53ca8055	240
4b6bdd9f	241	if ((*p)->num_ops > 0)
	242	free((*p)->ops);
	243
	244	free(*p);
53ca8055	245	}
	246
	247	free(Policies);
	248
	249	NumPolicies = 0;
	250	Policies = NULL;
f27bd5ab	251	}
	252
	253
	254	/*
99baf768	255	* 'cupsdFindPolicy()' - Find a named policy.
f27bd5ab	256	*/
f27bd5ab	257
99baf768	258	cupsd_policy_t * /* O - Policy */
99baf768	259	cupsdFindPolicy(const char policy) / I - Name of policy */
f27bd5ab	260	{
f32b1ead	261	int i; /* Looping var */
99baf768	262	cupsd_policy_t *p; / Current policy */
53ca8055	263
	264
	265	/*
	266	* Range check...
	267	*/
	268
	269	if (policy == NULL)
	270	return (NULL);
	271
	272	/*
	273	* Check the operation against the available policies...
	274	*/
	275
	276	for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
99baf768	277	if (!strcasecmp(policy, (*p)->name))
4b6bdd9f	278	return (*p);
53ca8055	279
53ca8055	280	return (NULL);
f27bd5ab	281	}
	282
	283
	284	/*
99baf768	285	* 'cupsdFindPolicyOp()' - Find a policy operation.
f27bd5ab	286	*/
f27bd5ab	287
f3e786fc	288	cupsd_location_t * /* O - Policy operation */
99baf768	289	cupsdFindPolicyOp(cupsd_policy_t p, / I - Policy */
99baf768	290	ipp_op_t op) /* I - IPP operation */
f27bd5ab	291	{
f3e786fc	292	int i; /* Looping var */
f3e786fc	293	cupsd_location_t *po; / Current policy operation */
53ca8055	294
53ca8055	295
f3e786fc	296	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp(p=%p, op=%x(%s))\n",
f3e786fc	297	p, op, ippOpString(op));
a8c7842b	298
53ca8055	299	/*
	300	* Range check...
	301	*/
	302
	303	if (p == NULL)
	304	return (NULL);
	305
	306	/*
	307	* Check the operation against the available policies...
	308	*/
	309
	310	for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
4b6bdd9f	311	if ((*po)->op == op)
a8c7842b	312	{
f3e786fc	313	cupsdLogMessage(CUPSD_LOG_DEBUG2,
f3e786fc	314	"cupsdFindPolicyOp: Found exact match...");
4b6bdd9f	315	return (*po);
a8c7842b	316	}
4b6bdd9f	317
	318	for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
	319	if ((*po)->op == IPP_ANY_OPERATION)
a8c7842b	320	{
f3e786fc	321	cupsdLogMessage(CUPSD_LOG_DEBUG2,
f3e786fc	322	"cupsdFindPolicyOp: Found wildcard match...");
4b6bdd9f	323	return (*po);
a8c7842b	324	}
a8c7842b	325
f3e786fc	326	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp: No match found!");
53ca8055	327
	328	return (NULL);
	329	}
	330
	331
4b6bdd9f	332	/*
c9d3f842	333	* End of "$Id$".
f27bd5ab	334	*/