[thirdparty/cups.git] / scheduler / policy.c

/*
 * "$Id$"
 *
 *   Policy routines for the Common UNIX Printing System (CUPS).
 *
 *   Copyright 2007 by Apple Inc.
 *   Copyright 1997-2006 by Easy Software Products, all rights reserved.
 *
 *   These coded instructions, statements, and computer programs are the
 *   property of Apple Inc. and are protected by Federal copyright
 *   law.  Distribution and use rights are outlined in the file "LICENSE.txt"
 *   which should have been included with this file.  If this file is
 *   file is missing or damaged, see the license at "http://www.cups.org/".
 *
 * Contents:
 *
 *   cupsdAddPolicy()         - Add a policy to the system.
 *   cupsdAddPolicyOp()       - Add an operation to a policy.
 *   cupsdCheckPolicy()       - Check the IPP operation and username against
 *                              a policy.
 *   cupsdDeleteAllPolicies() - Delete all policies in memory.
 *   cupsdFindPolicy()        - Find a named policy.
 *   cupsdFindPolicyOp()      - Find a policy operation.
 */

/*
 * Include necessary headers...
 */

#include "cupsd.h"


/*
 * 'AddPolicy()' - Add a policy to the system.
 */

cupsd_policy_t *			/* O - Policy */
cupsdAddPolicy(const char *policy)	/* I - Name of policy */
{
  cupsd_policy_t	*temp,		/* Pointer to policy */
			**tempa;	/* Pointer to policy array */


  if (policy == NULL)
    return (NULL);

  if (NumPolicies == 0)
    tempa = malloc(sizeof(cupsd_policy_t *));
  else
    tempa = realloc(Policies, sizeof(cupsd_policy_t *) * (NumPolicies + 1));

  if (tempa == NULL)
    return (NULL);

  Policies = tempa;
  tempa    += NumPolicies;

  if ((temp = calloc(1, sizeof(cupsd_policy_t))) != NULL)
  {
    temp->name = strdup(policy);
    *tempa     = temp;

    NumPolicies ++;
  }

  return (temp);
}


/*
 * 'cupsdAddPolicyOp()' - Add an operation to a policy.
 */

cupsd_location_t *			/* O - New policy operation */
cupsdAddPolicyOp(cupsd_policy_t   *p,	/* I - Policy */
                 cupsd_location_t *po,	/* I - Policy operation to copy */
                 ipp_op_t         op)	/* I - IPP operation code */
{
  int			i;		/* Looping var */
  cupsd_location_t	*temp,		/* New policy operation */
			**tempa;	/* New policy operation array */
  char			name[1024];	/* Interface name */


  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddPolicyOp(p=%p, po=%p, op=%x(%s))",
                  p, po, op, ippOpString(op));

  if (p == NULL)
    return (NULL);

  if (p->num_ops == 0)
    tempa = malloc(sizeof(cupsd_location_t *));
  else
    tempa = realloc(p->ops, sizeof(cupsd_location_t *) * (p->num_ops + 1));

  if (tempa == NULL)
    return (NULL);

  p->ops = tempa;

  if ((temp = calloc(1, sizeof(cupsd_location_t))) != NULL)
  {
    p->ops            = tempa;
    tempa[p->num_ops] = temp;
    p->num_ops ++;

    temp->op    = op;
    temp->limit = AUTH_LIMIT_IPP;

    if (po)
    {
     /*
      * Copy the specified policy to the new one...
      */

      temp->order_type = po->order_type;
      temp->type       = po->type;
      temp->level      = po->level;
      temp->satisfy    = po->satisfy;
      temp->encryption = po->encryption;

      for (i = 0; i < po->num_names; i ++)
        cupsdAddName(temp, po->names[i]);

      for (i = 0; i < po->num_allow; i ++)
        switch (po->allow[i].type)
	{
	  case AUTH_IP :
	      cupsdAllowIP(temp, po->allow[i].mask.ip.address,
	              po->allow[i].mask.ip.netmask);
	      break;

          case AUTH_INTERFACE :
	      snprintf(name, sizeof(name), "@IF(%s)",
	               po->allow[i].mask.name.name);
              cupsdAllowHost(temp, name);
	      break;

          default :
              cupsdAllowHost(temp, po->allow[i].mask.name.name);
	      break;
        }

      for (i = 0; i < po->num_deny; i ++)
        switch (po->deny[i].type)
	{
	  case AUTH_IP :
	      cupsdDenyIP(temp, po->deny[i].mask.ip.address,
	              po->deny[i].mask.ip.netmask);
	      break;

          case AUTH_INTERFACE :
	      snprintf(name, sizeof(name), "@IF(%s)",
	               po->deny[i].mask.name.name);
              cupsdDenyHost(temp, name);
	      break;

          default :
              cupsdDenyHost(temp, po->deny[i].mask.name.name);
	      break;
        }
    }
  }

  return (temp);
}


/*
 * 'cupsdCheckPolicy()' - Check the IPP operation and username against a policy.
 */

http_status_t				/* I - 1 if OK, 0 otherwise */
cupsdCheckPolicy(cupsd_policy_t *p,	/* I - Policy */
                 cupsd_client_t *con,	/* I - Client connection */
	         const char     *owner)	/* I - Owner of object */
{
  cupsd_location_t	*po;		/* Current policy operation */


 /*
  * Range check...
  */

  if (!p || !con)
  {
    cupsdLogMessage(CUPSD_LOG_CRIT, "cupsdCheckPolicy: p=%p, con=%p!", p, con);

    return ((http_status_t)0);
  }

 /*
  * Find a match for the operation...
  */

  if ((po = cupsdFindPolicyOp(p, con->request->request.op.operation_id)) == NULL)
  {
    cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCheckPolicy: No matching operation, returning 0!");
    return ((http_status_t)0);
  }

  con->best = po;

 /*
  * Return the status of the check...
  */

  return (cupsdIsAuthorized(con, owner));
}


/*
 * 'cupsdDeleteAllPolicies()' - Delete all policies in memory.
 */

void
cupsdDeleteAllPolicies(void)
{
  int			i, j;		/* Looping vars */
  cupsd_policy_t	**p;		/* Current policy */
  cupsd_location_t	**po;		/* Current policy op */


  if (NumPolicies == 0)
    return;

  for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
  {
    for (j = (*p)->num_ops, po = (*p)->ops; j > 0; j --, po ++)
      cupsdDeleteLocation(*po);

    if ((*p)->num_ops > 0)
      free((*p)->ops);

    free(*p);
  }

  free(Policies);

  NumPolicies = 0;
  Policies    = NULL;
}


/*
 * 'cupsdFindPolicy()' - Find a named policy.
 */

cupsd_policy_t *			/* O - Policy */
cupsdFindPolicy(const char *policy)	/* I - Name of policy */
{
  int			i;		/* Looping var */
  cupsd_policy_t	**p;		/* Current policy */


 /*
  * Range check...
  */

  if (policy == NULL)
    return (NULL);

 /*
  * Check the operation against the available policies...
  */

  for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
    if (!strcasecmp(policy, (*p)->name))
      return (*p);

  return (NULL);
}


/*
 * 'cupsdFindPolicyOp()' - Find a policy operation.
 */

cupsd_location_t *			/* O - Policy operation */
cupsdFindPolicyOp(cupsd_policy_t *p,	/* I - Policy */
                  ipp_op_t       op)	/* I - IPP operation */
{
  int			i;		/* Looping var */
  cupsd_location_t	**po;		/* Current policy operation */


  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp(p=%p, op=%x(%s))\n",
                  p, op, ippOpString(op));

 /*
  * Range check...
  */

  if (p == NULL)
    return (NULL);

 /*
  * Check the operation against the available policies...
  */

  for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
    if ((*po)->op == op)
    {
      cupsdLogMessage(CUPSD_LOG_DEBUG2,
                      "cupsdFindPolicyOp: Found exact match...");
      return (*po);
    }

  for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
    if ((*po)->op == IPP_ANY_OPERATION)
    {
      cupsdLogMessage(CUPSD_LOG_DEBUG2,
                      "cupsdFindPolicyOp: Found wildcard match...");
      return (*po);
    }

  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp: No match found!");

  return (NULL);
}


/*
 * End of "$Id$".
 */
Commit	Line	Data
f27bd5ab	1	/*
c9d3f842	2	* "$Id$"
f27bd5ab	3	*
	4	* Policy routines for the Common UNIX Printing System (CUPS).
	5	*
4e8d321f	6	* Copyright 2007 by Apple Inc.
dfd3d12a	7	* Copyright 1997-2006 by Easy Software Products, all rights reserved.
f27bd5ab	8	*
f27bd5ab	9	* These coded instructions, statements, and computer programs are the
4e8d321f	10	* property of Apple Inc. and are protected by Federal copyright
	11	* law. Distribution and use rights are outlined in the file "LICENSE.txt"
	12	* which should have been included with this file. If this file is
	13	* file is missing or damaged, see the license at "http://www.cups.org/".
f27bd5ab	14	*
	15	* Contents:
	16	*
99baf768	17	* cupsdAddPolicy() - Add a policy to the system.
	18	* cupsdAddPolicyOp() - Add an operation to a policy.
	19	* cupsdCheckPolicy() - Check the IPP operation and username against
	20	* a policy.
	21	* cupsdDeleteAllPolicies() - Delete all policies in memory.
	22	* cupsdFindPolicy() - Find a named policy.
	23	* cupsdFindPolicyOp() - Find a policy operation.
f27bd5ab	24	*/
	25
	26	/*
	27	* Include necessary headers...
	28	*/
	29
	30	#include "cupsd.h"
53ca8055	31
f27bd5ab	32
	33	/*
	34	* 'AddPolicy()' - Add a policy to the system.
	35	*/
	36
99baf768	37	cupsd_policy_t * /* O - Policy */
99baf768	38	cupsdAddPolicy(const char policy) / I - Name of policy */
f27bd5ab	39	{
99baf768	40	cupsd_policy_t temp, / Pointer to policy */
99baf768	41	*tempa; / Pointer to policy array */
53ca8055	42
	43
	44	if (policy == NULL)
	45	return (NULL);
	46
	47	if (NumPolicies == 0)
99baf768	48	tempa = malloc(sizeof(cupsd_policy_t *));
53ca8055	49	else
99baf768	50	tempa = realloc(Policies, sizeof(cupsd_policy_t ) (NumPolicies + 1));
53ca8055	51
4b6bdd9f	52	if (tempa == NULL)
	53	return (NULL);
	54
	55	Policies = tempa;
	56	tempa += NumPolicies;
	57
99baf768	58	if ((temp = calloc(1, sizeof(cupsd_policy_t))) != NULL)
53ca8055	59	{
4b6bdd9f	60	temp->name = strdup(policy);
4b6bdd9f	61	*tempa = temp;
53ca8055	62
4b6bdd9f	63	NumPolicies ++;
53ca8055	64	}
	65
	66	return (temp);
f27bd5ab	67	}
	68
	69
	70	/*
99baf768	71	* 'cupsdAddPolicyOp()' - Add an operation to a policy.
f27bd5ab	72	*/
f27bd5ab	73
f3e786fc	74	cupsd_location_t * /* O - New policy operation */
	75	cupsdAddPolicyOp(cupsd_policy_t p, / I - Policy */
	76	cupsd_location_t po, / I - Policy operation to copy */
	77	ipp_op_t op) /* I - IPP operation code */
f27bd5ab	78	{
f3e786fc	79	int i; /* Looping var */
	80	cupsd_location_t temp, / New policy operation */
	81	*tempa; / New policy operation array */
	82	char name[1024]; /* Interface name */
53ca8055	83
53ca8055	84
f3e786fc	85	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddPolicyOp(p=%p, po=%p, op=%x(%s))",
f3e786fc	86	p, po, op, ippOpString(op));
0051f336	87
53ca8055	88	if (p == NULL)
	89	return (NULL);
	90
	91	if (p->num_ops == 0)
589eb420	92	tempa = malloc(sizeof(cupsd_location_t *));
53ca8055	93	else
589eb420	94	tempa = realloc(p->ops, sizeof(cupsd_location_t ) (p->num_ops + 1));
53ca8055	95
4b6bdd9f	96	if (tempa == NULL)
	97	return (NULL);
	98
	99	p->ops = tempa;
	100
589eb420	101	if ((temp = calloc(1, sizeof(cupsd_location_t))) != NULL)
53ca8055	102	{
4b6bdd9f	103	p->ops = tempa;
4b6bdd9f	104	tempa[p->num_ops] = temp;
53ca8055	105	p->num_ops ++;
53ca8055	106
99baf768	107	temp->op = op;
99baf768	108	temp->limit = AUTH_LIMIT_IPP;
4b6bdd9f	109
	110	if (po)
	111	{
	112	/*
	113	* Copy the specified policy to the new one...
	114	*/
	115
99baf768	116	temp->order_type = po->order_type;
0051f336	117	temp->type = po->type;
99baf768	118	temp->level = po->level;
	119	temp->satisfy = po->satisfy;
	120	temp->encryption = po->encryption;
	121
4b6bdd9f	122	for (i = 0; i < po->num_names; i ++)
589eb420	123	cupsdAddName(temp, po->names[i]);
99baf768	124
	125	for (i = 0; i < po->num_allow; i ++)
	126	switch (po->allow[i].type)
	127	{
	128	case AUTH_IP :
589eb420	129	cupsdAllowIP(temp, po->allow[i].mask.ip.address,
99baf768	130	po->allow[i].mask.ip.netmask);
	131	break;
	132
	133	case AUTH_INTERFACE :
	134	snprintf(name, sizeof(name), "@IF(%s)",
	135	po->allow[i].mask.name.name);
589eb420	136	cupsdAllowHost(temp, name);
99baf768	137	break;
	138
	139	default :
589eb420	140	cupsdAllowHost(temp, po->allow[i].mask.name.name);
99baf768	141	break;
	142	}
	143
	144	for (i = 0; i < po->num_deny; i ++)
	145	switch (po->deny[i].type)
	146	{
	147	case AUTH_IP :
589eb420	148	cupsdDenyIP(temp, po->deny[i].mask.ip.address,
99baf768	149	po->deny[i].mask.ip.netmask);
	150	break;
	151
	152	case AUTH_INTERFACE :
	153	snprintf(name, sizeof(name), "@IF(%s)",
	154	po->deny[i].mask.name.name);
589eb420	155	cupsdDenyHost(temp, name);
99baf768	156	break;
	157
	158	default :
589eb420	159	cupsdDenyHost(temp, po->deny[i].mask.name.name);
99baf768	160	break;
99baf768	161	}
4b6bdd9f	162	}
53ca8055	163	}
	164
	165	return (temp);
f27bd5ab	166	}
	167
	168
	169	/*
99baf768	170	* 'cupsdCheckPolicy()' - Check the IPP operation and username against a policy.
f27bd5ab	171	*/
f27bd5ab	172
5df46530	173	http_status_t /* I - 1 if OK, 0 otherwise */
99baf768	174	cupsdCheckPolicy(cupsd_policy_t p, / I - Policy */
f3e786fc	175	cupsd_client_t con, / I - Client connection */
99baf768	176	const char owner) / I - Owner of object */
f27bd5ab	177	{
f3e786fc	178	cupsd_location_t po; / Current policy operation */
53ca8055	179
	180
	181	/*
	182	* Range check...
	183	*/
	184
bd5510a5	185	if (!p \|\| !con)
fd09381d	186	{
f3e786fc	187	cupsdLogMessage(CUPSD_LOG_CRIT, "cupsdCheckPolicy: p=%p, con=%p!", p, con);
fd09381d	188
be5262d8	189	return ((http_status_t)0);
fd09381d	190	}
53ca8055	191
53ca8055	192	/*
4b6bdd9f	193	* Find a match for the operation...
53ca8055	194	*/
53ca8055	195
0051f336	196	if ((po = cupsdFindPolicyOp(p, con->request->request.op.operation_id)) == NULL)
5934328c	197	{
f3e786fc	198	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCheckPolicy: No matching operation, returning 0!");
be5262d8	199	return ((http_status_t)0);
5934328c	200	}
4b6bdd9f	201
f32b1ead	202	con->best = po;
53ca8055	203
53ca8055	204	/*
4b6bdd9f	205	* Return the status of the check...
53ca8055	206	*/
53ca8055	207
5df46530	208	return (cupsdIsAuthorized(con, owner));
f27bd5ab	209	}
	210
	211
	212	/*
99baf768	213	* 'cupsdDeleteAllPolicies()' - Delete all policies in memory.
f27bd5ab	214	*/
	215
	216	void
99baf768	217	cupsdDeleteAllPolicies(void)
f27bd5ab	218	{
99baf768	219	int i, j; /* Looping vars */
99baf768	220	cupsd_policy_t *p; / Current policy */
f3e786fc	221	cupsd_location_t *po; / Current policy op */
53ca8055	222
	223
	224	if (NumPolicies == 0)
	225	return;
	226
	227	for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
	228	{
4b6bdd9f	229	for (j = (p)->num_ops, po = (p)->ops; j > 0; j --, po ++)
99baf768	230	cupsdDeleteLocation(*po);
53ca8055	231
4b6bdd9f	232	if ((*p)->num_ops > 0)
	233	free((*p)->ops);
	234
	235	free(*p);
53ca8055	236	}
	237
	238	free(Policies);
	239
	240	NumPolicies = 0;
	241	Policies = NULL;
f27bd5ab	242	}
	243
	244
	245	/*
99baf768	246	* 'cupsdFindPolicy()' - Find a named policy.
f27bd5ab	247	*/
f27bd5ab	248
99baf768	249	cupsd_policy_t * /* O - Policy */
99baf768	250	cupsdFindPolicy(const char policy) / I - Name of policy */
f27bd5ab	251	{
f32b1ead	252	int i; /* Looping var */
99baf768	253	cupsd_policy_t *p; / Current policy */
53ca8055	254
	255
	256	/*
	257	* Range check...
	258	*/
	259
	260	if (policy == NULL)
	261	return (NULL);
	262
	263	/*
	264	* Check the operation against the available policies...
	265	*/
	266
	267	for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
99baf768	268	if (!strcasecmp(policy, (*p)->name))
4b6bdd9f	269	return (*p);
53ca8055	270
53ca8055	271	return (NULL);
f27bd5ab	272	}
	273
	274
	275	/*
99baf768	276	* 'cupsdFindPolicyOp()' - Find a policy operation.
f27bd5ab	277	*/
f27bd5ab	278
f3e786fc	279	cupsd_location_t * /* O - Policy operation */
99baf768	280	cupsdFindPolicyOp(cupsd_policy_t p, / I - Policy */
99baf768	281	ipp_op_t op) /* I - IPP operation */
f27bd5ab	282	{
f3e786fc	283	int i; /* Looping var */
f3e786fc	284	cupsd_location_t *po; / Current policy operation */
53ca8055	285
53ca8055	286
f3e786fc	287	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp(p=%p, op=%x(%s))\n",
f3e786fc	288	p, op, ippOpString(op));
a8c7842b	289
53ca8055	290	/*
	291	* Range check...
	292	*/
	293
	294	if (p == NULL)
	295	return (NULL);
	296
	297	/*
	298	* Check the operation against the available policies...
	299	*/
	300
	301	for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
4b6bdd9f	302	if ((*po)->op == op)
a8c7842b	303	{
f3e786fc	304	cupsdLogMessage(CUPSD_LOG_DEBUG2,
f3e786fc	305	"cupsdFindPolicyOp: Found exact match...");
4b6bdd9f	306	return (*po);
a8c7842b	307	}
4b6bdd9f	308
	309	for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
	310	if ((*po)->op == IPP_ANY_OPERATION)
a8c7842b	311	{
f3e786fc	312	cupsdLogMessage(CUPSD_LOG_DEBUG2,
f3e786fc	313	"cupsdFindPolicyOp: Found wildcard match...");
4b6bdd9f	314	return (*po);
a8c7842b	315	}
a8c7842b	316
f3e786fc	317	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp: No match found!");
53ca8055	318
	319	return (NULL);
	320	}
	321
	322
4b6bdd9f	323	/*
c9d3f842	324	* End of "$Id$".
f27bd5ab	325	*/