]>
Commit | Line | Data |
---|---|---|
ef416fc2 | 1 | /* |
bd7854cb | 2 | * "$Id: policy.c 5122 2006-02-17 15:41:40Z mike $" |
ef416fc2 | 3 | * |
4 | * Policy routines for the Common UNIX Printing System (CUPS). | |
5 | * | |
6 | * Copyright 1997-2005 by Easy Software Products, all rights reserved. | |
7 | * | |
8 | * These coded instructions, statements, and computer programs are the | |
9 | * property of Easy Software Products and are protected by Federal | |
10 | * copyright law. Distribution and use rights are outlined in the file | |
11 | * "LICENSE.txt" which should have been included with this file. If this | |
12 | * file is missing or damaged please contact Easy Software Products | |
13 | * at: | |
14 | * | |
15 | * Attn: CUPS Licensing Information | |
16 | * Easy Software Products | |
17 | * 44141 Airport View Drive, Suite 204 | |
18 | * Hollywood, Maryland 20636 USA | |
19 | * | |
20 | * Voice: (301) 373-9600 | |
21 | * EMail: cups-info@cups.org | |
22 | * WWW: http://www.cups.org | |
23 | * | |
24 | * Contents: | |
25 | * | |
26 | * cupsdAddPolicy() - Add a policy to the system. | |
27 | * cupsdAddPolicyOp() - Add an operation to a policy. | |
28 | * cupsdCheckPolicy() - Check the IPP operation and username against | |
29 | * a policy. | |
30 | * cupsdDeleteAllPolicies() - Delete all policies in memory. | |
31 | * cupsdFindPolicy() - Find a named policy. | |
32 | * cupsdFindPolicyOp() - Find a policy operation. | |
33 | */ | |
34 | ||
35 | /* | |
36 | * Include necessary headers... | |
37 | */ | |
38 | ||
39 | #include "cupsd.h" | |
40 | ||
41 | ||
42 | /* | |
43 | * 'AddPolicy()' - Add a policy to the system. | |
44 | */ | |
45 | ||
46 | cupsd_policy_t * /* O - Policy */ | |
47 | cupsdAddPolicy(const char *policy) /* I - Name of policy */ | |
48 | { | |
49 | cupsd_policy_t *temp, /* Pointer to policy */ | |
50 | **tempa; /* Pointer to policy array */ | |
51 | ||
52 | ||
53 | if (policy == NULL) | |
54 | return (NULL); | |
55 | ||
56 | if (NumPolicies == 0) | |
57 | tempa = malloc(sizeof(cupsd_policy_t *)); | |
58 | else | |
59 | tempa = realloc(Policies, sizeof(cupsd_policy_t *) * (NumPolicies + 1)); | |
60 | ||
61 | if (tempa == NULL) | |
62 | return (NULL); | |
63 | ||
64 | Policies = tempa; | |
65 | tempa += NumPolicies; | |
66 | ||
67 | if ((temp = calloc(1, sizeof(cupsd_policy_t))) != NULL) | |
68 | { | |
69 | temp->name = strdup(policy); | |
70 | *tempa = temp; | |
71 | ||
72 | NumPolicies ++; | |
73 | } | |
74 | ||
75 | return (temp); | |
76 | } | |
77 | ||
78 | ||
79 | /* | |
80 | * 'cupsdAddPolicyOp()' - Add an operation to a policy. | |
81 | */ | |
82 | ||
83 | cupsd_location_t * /* O - New policy operation */ | |
84 | cupsdAddPolicyOp(cupsd_policy_t *p, /* I - Policy */ | |
85 | cupsd_location_t *po, /* I - Policy operation to copy */ | |
86 | ipp_op_t op) /* I - IPP operation code */ | |
87 | { | |
88 | int i; /* Looping var */ | |
89 | cupsd_location_t *temp, /* New policy operation */ | |
90 | **tempa; /* New policy operation array */ | |
91 | char name[1024]; /* Interface name */ | |
92 | ||
93 | ||
94 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddPolicyOp(p=%p, po=%p, op=%x(%s))", | |
95 | p, po, op, ippOpString(op)); | |
96 | ||
97 | if (p == NULL) | |
98 | return (NULL); | |
99 | ||
100 | if (p->num_ops == 0) | |
101 | tempa = malloc(sizeof(cupsd_location_t *)); | |
102 | else | |
103 | tempa = realloc(p->ops, sizeof(cupsd_location_t *) * (p->num_ops + 1)); | |
104 | ||
105 | if (tempa == NULL) | |
106 | return (NULL); | |
107 | ||
108 | p->ops = tempa; | |
109 | ||
110 | if ((temp = calloc(1, sizeof(cupsd_location_t))) != NULL) | |
111 | { | |
112 | p->ops = tempa; | |
113 | tempa[p->num_ops] = temp; | |
114 | p->num_ops ++; | |
115 | ||
116 | temp->op = op; | |
117 | temp->limit = AUTH_LIMIT_IPP; | |
118 | ||
119 | if (po) | |
120 | { | |
121 | /* | |
122 | * Copy the specified policy to the new one... | |
123 | */ | |
124 | ||
125 | temp->order_type = po->order_type; | |
126 | temp->type = po->type; | |
127 | temp->level = po->level; | |
128 | temp->satisfy = po->satisfy; | |
129 | temp->encryption = po->encryption; | |
130 | ||
131 | for (i = 0; i < po->num_names; i ++) | |
132 | cupsdAddName(temp, po->names[i]); | |
133 | ||
134 | for (i = 0; i < po->num_allow; i ++) | |
135 | switch (po->allow[i].type) | |
136 | { | |
137 | case AUTH_IP : | |
138 | cupsdAllowIP(temp, po->allow[i].mask.ip.address, | |
139 | po->allow[i].mask.ip.netmask); | |
140 | break; | |
141 | ||
142 | case AUTH_INTERFACE : | |
143 | snprintf(name, sizeof(name), "@IF(%s)", | |
144 | po->allow[i].mask.name.name); | |
145 | cupsdAllowHost(temp, name); | |
146 | break; | |
147 | ||
148 | default : | |
149 | cupsdAllowHost(temp, po->allow[i].mask.name.name); | |
150 | break; | |
151 | } | |
152 | ||
153 | for (i = 0; i < po->num_deny; i ++) | |
154 | switch (po->deny[i].type) | |
155 | { | |
156 | case AUTH_IP : | |
157 | cupsdDenyIP(temp, po->deny[i].mask.ip.address, | |
158 | po->deny[i].mask.ip.netmask); | |
159 | break; | |
160 | ||
161 | case AUTH_INTERFACE : | |
162 | snprintf(name, sizeof(name), "@IF(%s)", | |
163 | po->deny[i].mask.name.name); | |
164 | cupsdDenyHost(temp, name); | |
165 | break; | |
166 | ||
167 | default : | |
168 | cupsdDenyHost(temp, po->deny[i].mask.name.name); | |
169 | break; | |
170 | } | |
171 | } | |
172 | } | |
173 | ||
174 | return (temp); | |
175 | } | |
176 | ||
177 | ||
178 | /* | |
179 | * 'cupsdCheckPolicy()' - Check the IPP operation and username against a policy. | |
180 | */ | |
181 | ||
182 | http_status_t /* I - 1 if OK, 0 otherwise */ | |
183 | cupsdCheckPolicy(cupsd_policy_t *p, /* I - Policy */ | |
184 | cupsd_client_t *con, /* I - Client connection */ | |
185 | const char *owner) /* I - Owner of object */ | |
186 | { | |
187 | cupsd_location_t *po; /* Current policy operation */ | |
188 | ||
189 | ||
190 | /* | |
191 | * Range check... | |
192 | */ | |
193 | ||
194 | if (!p || !con) | |
195 | { | |
196 | cupsdLogMessage(CUPSD_LOG_CRIT, "cupsdCheckPolicy: p=%p, con=%p!", p, con); | |
197 | ||
198 | return (0); | |
199 | } | |
200 | ||
201 | /* | |
202 | * Find a match for the operation... | |
203 | */ | |
204 | ||
205 | if ((po = cupsdFindPolicyOp(p, con->request->request.op.operation_id)) == NULL) | |
206 | { | |
207 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCheckPolicy: No matching operation, returning 0!"); | |
208 | return (0); | |
209 | } | |
210 | ||
211 | con->best = po; | |
212 | ||
213 | /* | |
214 | * Return the status of the check... | |
215 | */ | |
216 | ||
217 | return (cupsdIsAuthorized(con, owner)); | |
218 | } | |
219 | ||
220 | ||
221 | /* | |
222 | * 'cupsdDeleteAllPolicies()' - Delete all policies in memory. | |
223 | */ | |
224 | ||
225 | void | |
226 | cupsdDeleteAllPolicies(void) | |
227 | { | |
228 | int i, j; /* Looping vars */ | |
229 | cupsd_policy_t **p; /* Current policy */ | |
230 | cupsd_location_t **po; /* Current policy op */ | |
231 | ||
232 | ||
233 | if (NumPolicies == 0) | |
234 | return; | |
235 | ||
236 | for (i = NumPolicies, p = Policies; i > 0; i --, p ++) | |
237 | { | |
238 | for (j = (*p)->num_ops, po = (*p)->ops; j > 0; j --, po ++) | |
ef416fc2 | 239 | cupsdDeleteLocation(*po); |
ef416fc2 | 240 | |
241 | if ((*p)->num_ops > 0) | |
242 | free((*p)->ops); | |
243 | ||
244 | free(*p); | |
245 | } | |
246 | ||
247 | free(Policies); | |
248 | ||
249 | NumPolicies = 0; | |
250 | Policies = NULL; | |
251 | } | |
252 | ||
253 | ||
254 | /* | |
255 | * 'cupsdFindPolicy()' - Find a named policy. | |
256 | */ | |
257 | ||
258 | cupsd_policy_t * /* O - Policy */ | |
259 | cupsdFindPolicy(const char *policy) /* I - Name of policy */ | |
260 | { | |
261 | int i; /* Looping var */ | |
262 | cupsd_policy_t **p; /* Current policy */ | |
263 | ||
264 | ||
265 | /* | |
266 | * Range check... | |
267 | */ | |
268 | ||
269 | if (policy == NULL) | |
270 | return (NULL); | |
271 | ||
272 | /* | |
273 | * Check the operation against the available policies... | |
274 | */ | |
275 | ||
276 | for (i = NumPolicies, p = Policies; i > 0; i --, p ++) | |
277 | if (!strcasecmp(policy, (*p)->name)) | |
278 | return (*p); | |
279 | ||
280 | return (NULL); | |
281 | } | |
282 | ||
283 | ||
284 | /* | |
285 | * 'cupsdFindPolicyOp()' - Find a policy operation. | |
286 | */ | |
287 | ||
288 | cupsd_location_t * /* O - Policy operation */ | |
289 | cupsdFindPolicyOp(cupsd_policy_t *p, /* I - Policy */ | |
290 | ipp_op_t op) /* I - IPP operation */ | |
291 | { | |
292 | int i; /* Looping var */ | |
293 | cupsd_location_t **po; /* Current policy operation */ | |
294 | ||
295 | ||
296 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp(p=%p, op=%x(%s))\n", | |
297 | p, op, ippOpString(op)); | |
298 | ||
299 | /* | |
300 | * Range check... | |
301 | */ | |
302 | ||
303 | if (p == NULL) | |
304 | return (NULL); | |
305 | ||
306 | /* | |
307 | * Check the operation against the available policies... | |
308 | */ | |
309 | ||
310 | for (i = p->num_ops, po = p->ops; i > 0; i --, po ++) | |
311 | if ((*po)->op == op) | |
312 | { | |
313 | cupsdLogMessage(CUPSD_LOG_DEBUG2, | |
314 | "cupsdFindPolicyOp: Found exact match..."); | |
315 | return (*po); | |
316 | } | |
317 | ||
318 | for (i = p->num_ops, po = p->ops; i > 0; i --, po ++) | |
319 | if ((*po)->op == IPP_ANY_OPERATION) | |
320 | { | |
321 | cupsdLogMessage(CUPSD_LOG_DEBUG2, | |
322 | "cupsdFindPolicyOp: Found wildcard match..."); | |
323 | return (*po); | |
324 | } | |
325 | ||
326 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp: No match found!"); | |
327 | ||
328 | return (NULL); | |
329 | } | |
330 | ||
331 | ||
332 | /* | |
bd7854cb | 333 | * End of "$Id: policy.c 5122 2006-02-17 15:41:40Z mike $". |
ef416fc2 | 334 | */ |