[thirdparty/cups.git] / scheduler / policy.c

/*
 * "$Id$"
 *
 *   Policy routines for the Common UNIX Printing System (CUPS).
 *
 *   Copyright 1997-2005 by Easy Software Products, all rights reserved.
 *
 *   These coded instructions, statements, and computer programs are the
 *   property of Easy Software Products and are protected by Federal
 *   copyright law.  Distribution and use rights are outlined in the file
 *   "LICENSE.txt" which should have been included with this file.  If this
 *   file is missing or damaged please contact Easy Software Products
 *   at:
 *
 *       Attn: CUPS Licensing Information
 *       Easy Software Products
 *       44141 Airport View Drive, Suite 204
 *       Hollywood, Maryland 20636 USA
 *
 *       Voice: (301) 373-9600
 *       EMail: cups-info@cups.org
 *         WWW: http://www.cups.org
 *
 * Contents:
 *
 *   cupsdAddPolicy()         - Add a policy to the system.
 *   cupsdAddPolicyOp()       - Add an operation to a policy.
 *   cupsdCheckPolicy()       - Check the IPP operation and username against
 *                              a policy.
 *   cupsdDeleteAllPolicies() - Delete all policies in memory.
 *   cupsdFindPolicy()        - Find a named policy.
 *   cupsdFindPolicyOp()      - Find a policy operation.
 */

/*
 * Include necessary headers...
 */

#include "cupsd.h"


/*
 * 'AddPolicy()' - Add a policy to the system.
 */

cupsd_policy_t *			/* O - Policy */
cupsdAddPolicy(const char *policy)	/* I - Name of policy */
{
  cupsd_policy_t	*temp,		/* Pointer to policy */
			**tempa;	/* Pointer to policy array */


  if (policy == NULL)
    return (NULL);

  if (NumPolicies == 0)
    tempa = malloc(sizeof(cupsd_policy_t *));
  else
    tempa = realloc(Policies, sizeof(cupsd_policy_t *) * (NumPolicies + 1));

  if (tempa == NULL)
    return (NULL);

  Policies = tempa;
  tempa    += NumPolicies;

  if ((temp = calloc(1, sizeof(cupsd_policy_t))) != NULL)
  {
    temp->name = strdup(policy);
    *tempa     = temp;

    NumPolicies ++;
  }

  return (temp);
}


/*
 * 'cupsdAddPolicyOp()' - Add an operation to a policy.
 */

cupsd_location_t *			/* O - New policy operation */
cupsdAddPolicyOp(cupsd_policy_t   *p,	/* I - Policy */
                 cupsd_location_t *po,	/* I - Policy operation to copy */
                 ipp_op_t         op)	/* I - IPP operation code */
{
  int			i;		/* Looping var */
  cupsd_location_t	*temp,		/* New policy operation */
			**tempa;	/* New policy operation array */
  char			name[1024];	/* Interface name */


  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddPolicyOp(p=%p, po=%p, op=%x(%s))",
                  p, po, op, ippOpString(op));

  if (p == NULL)
    return (NULL);

  if (p->num_ops == 0)
    tempa = malloc(sizeof(cupsd_location_t *));
  else
    tempa = realloc(p->ops, sizeof(cupsd_location_t *) * (p->num_ops + 1));

  if (tempa == NULL)
    return (NULL);

  p->ops = tempa;

  if ((temp = calloc(1, sizeof(cupsd_location_t))) != NULL)
  {
    p->ops            = tempa;
    tempa[p->num_ops] = temp;
    p->num_ops ++;

    temp->op    = op;
    temp->limit = AUTH_LIMIT_IPP;

    if (po)
    {
     /*
      * Copy the specified policy to the new one...
      */

      temp->order_type = po->order_type;
      temp->type       = po->type;
      temp->level      = po->level;
      temp->satisfy    = po->satisfy;
      temp->encryption = po->encryption;

      for (i = 0; i < po->num_names; i ++)
        cupsdAddName(temp, po->names[i]);

      for (i = 0; i < po->num_allow; i ++)
        switch (po->allow[i].type)
	{
	  case AUTH_IP :
	      cupsdAllowIP(temp, po->allow[i].mask.ip.address,
	              po->allow[i].mask.ip.netmask);
	      break;

          case AUTH_INTERFACE :
	      snprintf(name, sizeof(name), "@IF(%s)",
	               po->allow[i].mask.name.name);
              cupsdAllowHost(temp, name);
	      break;

          default :
              cupsdAllowHost(temp, po->allow[i].mask.name.name);
	      break;
        }

      for (i = 0; i < po->num_deny; i ++)
        switch (po->deny[i].type)
	{
	  case AUTH_IP :
	      cupsdDenyIP(temp, po->deny[i].mask.ip.address,
	              po->deny[i].mask.ip.netmask);
	      break;

          case AUTH_INTERFACE :
	      snprintf(name, sizeof(name), "@IF(%s)",
	               po->deny[i].mask.name.name);
              cupsdDenyHost(temp, name);
	      break;

          default :
              cupsdDenyHost(temp, po->deny[i].mask.name.name);
	      break;
        }
    }
  }

  return (temp);
}


/*
 * 'cupsdCheckPolicy()' - Check the IPP operation and username against a policy.
 */

int					/* I - 1 if OK, 0 otherwise */
cupsdCheckPolicy(cupsd_policy_t *p,	/* I - Policy */
                 cupsd_client_t *con,	/* I - Client connection */
	         const char     *owner)	/* I - Owner of object */
{
  cupsd_location_t	*po;		/* Current policy operation */


 /*
  * Range check...
  */

  if (!p || !con)
  {
    cupsdLogMessage(CUPSD_LOG_CRIT, "cupsdCheckPolicy: p=%p, con=%p!", p, con);

    return (0);
  }

 /*
  * Find a match for the operation...
  */

  if ((po = cupsdFindPolicyOp(p, con->request->request.op.operation_id)) == NULL)
  {
    cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCheckPolicy: No matching operation, returning 0!");
    return (0);
  }

  con->best = po;

 /*
  * Return the status of the check...
  */

  return (cupsdIsAuthorized(con, owner) == HTTP_OK);
}


/*
 * 'cupsdDeleteAllPolicies()' - Delete all policies in memory.
 */

void
cupsdDeleteAllPolicies(void)
{
  int			i, j;		/* Looping vars */
  cupsd_policy_t	**p;		/* Current policy */
  cupsd_location_t	**po;		/* Current policy op */


  if (NumPolicies == 0)
    return;

  for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
  {
    for (j = (*p)->num_ops, po = (*p)->ops; j > 0; j --, po ++)
    {
      cupsdDeleteLocation(*po);
      free(*po);
    }

    if ((*p)->num_ops > 0)
      free((*p)->ops);

    free(*p);
  }

  free(Policies);

  NumPolicies = 0;
  Policies    = NULL;
}


/*
 * 'cupsdFindPolicy()' - Find a named policy.
 */

cupsd_policy_t *			/* O - Policy */
cupsdFindPolicy(const char *policy)	/* I - Name of policy */
{
  int			i;		/* Looping var */
  cupsd_policy_t	**p;		/* Current policy */


 /*
  * Range check...
  */

  if (policy == NULL)
    return (NULL);

 /*
  * Check the operation against the available policies...
  */

  for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
    if (!strcasecmp(policy, (*p)->name))
      return (*p);

  return (NULL);
}


/*
 * 'cupsdFindPolicyOp()' - Find a policy operation.
 */

cupsd_location_t *			/* O - Policy operation */
cupsdFindPolicyOp(cupsd_policy_t *p,	/* I - Policy */
                  ipp_op_t       op)	/* I - IPP operation */
{
  int			i;		/* Looping var */
  cupsd_location_t	**po;		/* Current policy operation */


  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp(p=%p, op=%x(%s))\n",
                  p, op, ippOpString(op));

 /*
  * Range check...
  */

  if (p == NULL)
    return (NULL);

 /*
  * Check the operation against the available policies...
  */

  for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
    if ((*po)->op == op)
    {
      cupsdLogMessage(CUPSD_LOG_DEBUG2,
                      "cupsdFindPolicyOp: Found exact match...");
      return (*po);
    }

  for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
    if ((*po)->op == IPP_ANY_OPERATION)
    {
      cupsdLogMessage(CUPSD_LOG_DEBUG2,
                      "cupsdFindPolicyOp: Found wildcard match...");
      return (*po);
    }

  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp: No match found!");

  return (NULL);
}


/*
 * End of "$Id$".
 */
Commit	Line	Data
f27bd5ab	1	/*
c9d3f842	2	* "$Id$"
f27bd5ab	3	*
	4	* Policy routines for the Common UNIX Printing System (CUPS).
	5	*
c9d3f842	6	* Copyright 1997-2005 by Easy Software Products, all rights reserved.
f27bd5ab	7	*
	8	* These coded instructions, statements, and computer programs are the
	9	* property of Easy Software Products and are protected by Federal
	10	* copyright law. Distribution and use rights are outlined in the file
	11	* "LICENSE.txt" which should have been included with this file. If this
	12	* file is missing or damaged please contact Easy Software Products
	13	* at:
	14	*
	15	* Attn: CUPS Licensing Information
	16	* Easy Software Products
	17	* 44141 Airport View Drive, Suite 204
c9d3f842	18	* Hollywood, Maryland 20636 USA
f27bd5ab	19	*
9639c4de	20	* Voice: (301) 373-9600
f27bd5ab	21	* EMail: cups-info@cups.org
	22	* WWW: http://www.cups.org
	23	*
	24	* Contents:
	25	*
99baf768	26	* cupsdAddPolicy() - Add a policy to the system.
	27	* cupsdAddPolicyOp() - Add an operation to a policy.
	28	* cupsdCheckPolicy() - Check the IPP operation and username against
	29	* a policy.
	30	* cupsdDeleteAllPolicies() - Delete all policies in memory.
	31	* cupsdFindPolicy() - Find a named policy.
	32	* cupsdFindPolicyOp() - Find a policy operation.
f27bd5ab	33	*/
	34
	35	/*
	36	* Include necessary headers...
	37	*/
	38
	39	#include "cupsd.h"
53ca8055	40
f27bd5ab	41
	42	/*
	43	* 'AddPolicy()' - Add a policy to the system.
	44	*/
	45
99baf768	46	cupsd_policy_t * /* O - Policy */
99baf768	47	cupsdAddPolicy(const char policy) / I - Name of policy */
f27bd5ab	48	{
99baf768	49	cupsd_policy_t temp, / Pointer to policy */
99baf768	50	*tempa; / Pointer to policy array */
53ca8055	51
	52
	53	if (policy == NULL)
	54	return (NULL);
	55
	56	if (NumPolicies == 0)
99baf768	57	tempa = malloc(sizeof(cupsd_policy_t *));
53ca8055	58	else
99baf768	59	tempa = realloc(Policies, sizeof(cupsd_policy_t ) (NumPolicies + 1));
53ca8055	60
4b6bdd9f	61	if (tempa == NULL)
	62	return (NULL);
	63
	64	Policies = tempa;
	65	tempa += NumPolicies;
	66
99baf768	67	if ((temp = calloc(1, sizeof(cupsd_policy_t))) != NULL)
53ca8055	68	{
4b6bdd9f	69	temp->name = strdup(policy);
4b6bdd9f	70	*tempa = temp;
53ca8055	71
4b6bdd9f	72	NumPolicies ++;
53ca8055	73	}
	74
	75	return (temp);
f27bd5ab	76	}
	77
	78
	79	/*
99baf768	80	* 'cupsdAddPolicyOp()' - Add an operation to a policy.
f27bd5ab	81	*/
f27bd5ab	82
f3e786fc	83	cupsd_location_t * /* O - New policy operation */
	84	cupsdAddPolicyOp(cupsd_policy_t p, / I - Policy */
	85	cupsd_location_t po, / I - Policy operation to copy */
	86	ipp_op_t op) /* I - IPP operation code */
f27bd5ab	87	{
f3e786fc	88	int i; /* Looping var */
	89	cupsd_location_t temp, / New policy operation */
	90	*tempa; / New policy operation array */
	91	char name[1024]; /* Interface name */
53ca8055	92
53ca8055	93
f3e786fc	94	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddPolicyOp(p=%p, po=%p, op=%x(%s))",
f3e786fc	95	p, po, op, ippOpString(op));
0051f336	96
53ca8055	97	if (p == NULL)
	98	return (NULL);
	99
	100	if (p->num_ops == 0)
589eb420	101	tempa = malloc(sizeof(cupsd_location_t *));
53ca8055	102	else
589eb420	103	tempa = realloc(p->ops, sizeof(cupsd_location_t ) (p->num_ops + 1));
53ca8055	104
4b6bdd9f	105	if (tempa == NULL)
	106	return (NULL);
	107
	108	p->ops = tempa;
	109
589eb420	110	if ((temp = calloc(1, sizeof(cupsd_location_t))) != NULL)
53ca8055	111	{
4b6bdd9f	112	p->ops = tempa;
4b6bdd9f	113	tempa[p->num_ops] = temp;
53ca8055	114	p->num_ops ++;
53ca8055	115
99baf768	116	temp->op = op;
99baf768	117	temp->limit = AUTH_LIMIT_IPP;
4b6bdd9f	118
	119	if (po)
	120	{
	121	/*
	122	* Copy the specified policy to the new one...
	123	*/
	124
99baf768	125	temp->order_type = po->order_type;
0051f336	126	temp->type = po->type;
99baf768	127	temp->level = po->level;
	128	temp->satisfy = po->satisfy;
	129	temp->encryption = po->encryption;
	130
4b6bdd9f	131	for (i = 0; i < po->num_names; i ++)
589eb420	132	cupsdAddName(temp, po->names[i]);
99baf768	133
	134	for (i = 0; i < po->num_allow; i ++)
	135	switch (po->allow[i].type)
	136	{
	137	case AUTH_IP :
589eb420	138	cupsdAllowIP(temp, po->allow[i].mask.ip.address,
99baf768	139	po->allow[i].mask.ip.netmask);
	140	break;
	141
	142	case AUTH_INTERFACE :
	143	snprintf(name, sizeof(name), "@IF(%s)",
	144	po->allow[i].mask.name.name);
589eb420	145	cupsdAllowHost(temp, name);
99baf768	146	break;
	147
	148	default :
589eb420	149	cupsdAllowHost(temp, po->allow[i].mask.name.name);
99baf768	150	break;
	151	}
	152
	153	for (i = 0; i < po->num_deny; i ++)
	154	switch (po->deny[i].type)
	155	{
	156	case AUTH_IP :
589eb420	157	cupsdDenyIP(temp, po->deny[i].mask.ip.address,
99baf768	158	po->deny[i].mask.ip.netmask);
	159	break;
	160
	161	case AUTH_INTERFACE :
	162	snprintf(name, sizeof(name), "@IF(%s)",
	163	po->deny[i].mask.name.name);
589eb420	164	cupsdDenyHost(temp, name);
99baf768	165	break;
	166
	167	default :
589eb420	168	cupsdDenyHost(temp, po->deny[i].mask.name.name);
99baf768	169	break;
99baf768	170	}
4b6bdd9f	171	}
53ca8055	172	}
	173
	174	return (temp);
f27bd5ab	175	}
	176
	177
	178	/*
99baf768	179	* 'cupsdCheckPolicy()' - Check the IPP operation and username against a policy.
f27bd5ab	180	*/
	181
	182	int /* I - 1 if OK, 0 otherwise */
99baf768	183	cupsdCheckPolicy(cupsd_policy_t p, / I - Policy */
f3e786fc	184	cupsd_client_t con, / I - Client connection */
99baf768	185	const char owner) / I - Owner of object */
f27bd5ab	186	{
f3e786fc	187	cupsd_location_t po; / Current policy operation */
53ca8055	188
	189
	190	/*
	191	* Range check...
	192	*/
	193
bd5510a5	194	if (!p \|\| !con)
fd09381d	195	{
f3e786fc	196	cupsdLogMessage(CUPSD_LOG_CRIT, "cupsdCheckPolicy: p=%p, con=%p!", p, con);
fd09381d	197
53ca8055	198	return (0);
fd09381d	199	}
53ca8055	200
53ca8055	201	/*
4b6bdd9f	202	* Find a match for the operation...
53ca8055	203	*/
53ca8055	204
0051f336	205	if ((po = cupsdFindPolicyOp(p, con->request->request.op.operation_id)) == NULL)
5934328c	206	{
f3e786fc	207	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCheckPolicy: No matching operation, returning 0!");
4b6bdd9f	208	return (0);
5934328c	209	}
4b6bdd9f	210
f32b1ead	211	con->best = po;
53ca8055	212
53ca8055	213	/*
4b6bdd9f	214	* Return the status of the check...
53ca8055	215	*/
53ca8055	216
0051f336	217	return (cupsdIsAuthorized(con, owner) == HTTP_OK);
f27bd5ab	218	}
	219
	220
	221	/*
99baf768	222	* 'cupsdDeleteAllPolicies()' - Delete all policies in memory.
f27bd5ab	223	*/
	224
	225	void
99baf768	226	cupsdDeleteAllPolicies(void)
f27bd5ab	227	{
99baf768	228	int i, j; /* Looping vars */
99baf768	229	cupsd_policy_t *p; / Current policy */
f3e786fc	230	cupsd_location_t *po; / Current policy op */
53ca8055	231
	232
	233	if (NumPolicies == 0)
	234	return;
	235
	236	for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
	237	{
4b6bdd9f	238	for (j = (p)->num_ops, po = (p)->ops; j > 0; j --, po ++)
53ca8055	239	{
99baf768	240	cupsdDeleteLocation(*po);
4b6bdd9f	241	free(*po);
53ca8055	242	}
53ca8055	243
4b6bdd9f	244	if ((*p)->num_ops > 0)
	245	free((*p)->ops);
	246
	247	free(*p);
53ca8055	248	}
	249
	250	free(Policies);
	251
	252	NumPolicies = 0;
	253	Policies = NULL;
f27bd5ab	254	}
	255
	256
	257	/*
99baf768	258	* 'cupsdFindPolicy()' - Find a named policy.
f27bd5ab	259	*/
f27bd5ab	260
99baf768	261	cupsd_policy_t * /* O - Policy */
99baf768	262	cupsdFindPolicy(const char policy) / I - Name of policy */
f27bd5ab	263	{
f32b1ead	264	int i; /* Looping var */
99baf768	265	cupsd_policy_t *p; / Current policy */
53ca8055	266
	267
	268	/*
	269	* Range check...
	270	*/
	271
	272	if (policy == NULL)
	273	return (NULL);
	274
	275	/*
	276	* Check the operation against the available policies...
	277	*/
	278
	279	for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
99baf768	280	if (!strcasecmp(policy, (*p)->name))
4b6bdd9f	281	return (*p);
53ca8055	282
53ca8055	283	return (NULL);
f27bd5ab	284	}
	285
	286
	287	/*
99baf768	288	* 'cupsdFindPolicyOp()' - Find a policy operation.
f27bd5ab	289	*/
f27bd5ab	290
f3e786fc	291	cupsd_location_t * /* O - Policy operation */
99baf768	292	cupsdFindPolicyOp(cupsd_policy_t p, / I - Policy */
99baf768	293	ipp_op_t op) /* I - IPP operation */
f27bd5ab	294	{
f3e786fc	295	int i; /* Looping var */
f3e786fc	296	cupsd_location_t *po; / Current policy operation */
53ca8055	297
53ca8055	298
f3e786fc	299	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp(p=%p, op=%x(%s))\n",
f3e786fc	300	p, op, ippOpString(op));
a8c7842b	301
53ca8055	302	/*
	303	* Range check...
	304	*/
	305
	306	if (p == NULL)
	307	return (NULL);
	308
	309	/*
	310	* Check the operation against the available policies...
	311	*/
	312
	313	for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
4b6bdd9f	314	if ((*po)->op == op)
a8c7842b	315	{
f3e786fc	316	cupsdLogMessage(CUPSD_LOG_DEBUG2,
f3e786fc	317	"cupsdFindPolicyOp: Found exact match...");
4b6bdd9f	318	return (*po);
a8c7842b	319	}
4b6bdd9f	320
	321	for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
	322	if ((*po)->op == IPP_ANY_OPERATION)
a8c7842b	323	{
f3e786fc	324	cupsdLogMessage(CUPSD_LOG_DEBUG2,
f3e786fc	325	"cupsdFindPolicyOp: Found wildcard match...");
4b6bdd9f	326	return (*po);
a8c7842b	327	}
a8c7842b	328
f3e786fc	329	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp: No match found!");
53ca8055	330
	331	return (NULL);
	332	}
	333
	334
4b6bdd9f	335	/*
c9d3f842	336	* End of "$Id$".
f27bd5ab	337	*/