[thirdparty/cups.git] / scheduler / policy.c

/*
 * "$Id: policy.c 5838 2006-08-17 14:41:42Z mike $"
 *
 *   Policy routines for the Common UNIX Printing System (CUPS).
 *
 *   Copyright 1997-2006 by Easy Software Products, all rights reserved.
 *
 *   These coded instructions, statements, and computer programs are the
 *   property of Easy Software Products and are protected by Federal
 *   copyright law.  Distribution and use rights are outlined in the file
 *   "LICENSE.txt" which should have been included with this file.  If this
 *   file is missing or damaged please contact Easy Software Products
 *   at:
 *
 *       Attn: CUPS Licensing Information
 *       Easy Software Products
 *       44141 Airport View Drive, Suite 204
 *       Hollywood, Maryland 20636 USA
 *
 *       Voice: (301) 373-9600
 *       EMail: cups-info@cups.org
 *         WWW: http://www.cups.org
 *
 * Contents:
 *
 *   cupsdAddPolicy()         - Add a policy to the system.
 *   cupsdAddPolicyOp()       - Add an operation to a policy.
 *   cupsdCheckPolicy()       - Check the IPP operation and username against
 *                              a policy.
 *   cupsdDeleteAllPolicies() - Delete all policies in memory.
 *   cupsdFindPolicy()        - Find a named policy.
 *   cupsdFindPolicyOp()      - Find a policy operation.
 */

/*
 * Include necessary headers...
 */

#include "cupsd.h"


/*
 * 'AddPolicy()' - Add a policy to the system.
 */

cupsd_policy_t *			/* O - Policy */
cupsdAddPolicy(const char *policy)	/* I - Name of policy */
{
  cupsd_policy_t	*temp,		/* Pointer to policy */
			**tempa;	/* Pointer to policy array */


  if (policy == NULL)
    return (NULL);

  if (NumPolicies == 0)
    tempa = malloc(sizeof(cupsd_policy_t *));
  else
    tempa = realloc(Policies, sizeof(cupsd_policy_t *) * (NumPolicies + 1));

  if (tempa == NULL)
    return (NULL);

  Policies = tempa;
  tempa    += NumPolicies;

  if ((temp = calloc(1, sizeof(cupsd_policy_t))) != NULL)
  {
    temp->name = strdup(policy);
    *tempa     = temp;

    NumPolicies ++;
  }

  return (temp);
}


/*
 * 'cupsdAddPolicyOp()' - Add an operation to a policy.
 */

cupsd_location_t *			/* O - New policy operation */
cupsdAddPolicyOp(cupsd_policy_t   *p,	/* I - Policy */
                 cupsd_location_t *po,	/* I - Policy operation to copy */
                 ipp_op_t         op)	/* I - IPP operation code */
{
  int			i;		/* Looping var */
  cupsd_location_t	*temp,		/* New policy operation */
			**tempa;	/* New policy operation array */
  char			name[1024];	/* Interface name */


  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddPolicyOp(p=%p, po=%p, op=%x(%s))",
                  p, po, op, ippOpString(op));

  if (p == NULL)
    return (NULL);

  if (p->num_ops == 0)
    tempa = malloc(sizeof(cupsd_location_t *));
  else
    tempa = realloc(p->ops, sizeof(cupsd_location_t *) * (p->num_ops + 1));

  if (tempa == NULL)
    return (NULL);

  p->ops = tempa;

  if ((temp = calloc(1, sizeof(cupsd_location_t))) != NULL)
  {
    p->ops            = tempa;
    tempa[p->num_ops] = temp;
    p->num_ops ++;

    temp->op    = op;
    temp->limit = AUTH_LIMIT_IPP;

    if (po)
    {
     /*
      * Copy the specified policy to the new one...
      */

      temp->order_type = po->order_type;
      temp->type       = po->type;
      temp->level      = po->level;
      temp->satisfy    = po->satisfy;
      temp->encryption = po->encryption;

      for (i = 0; i < po->num_names; i ++)
        cupsdAddName(temp, po->names[i]);

      for (i = 0; i < po->num_allow; i ++)
        switch (po->allow[i].type)
	{
	  case AUTH_IP :
	      cupsdAllowIP(temp, po->allow[i].mask.ip.address,
	              po->allow[i].mask.ip.netmask);
	      break;

          case AUTH_INTERFACE :
	      snprintf(name, sizeof(name), "@IF(%s)",
	               po->allow[i].mask.name.name);
              cupsdAllowHost(temp, name);
	      break;

          default :
              cupsdAllowHost(temp, po->allow[i].mask.name.name);
	      break;
        }

      for (i = 0; i < po->num_deny; i ++)
        switch (po->deny[i].type)
	{
	  case AUTH_IP :
	      cupsdDenyIP(temp, po->deny[i].mask.ip.address,
	              po->deny[i].mask.ip.netmask);
	      break;

          case AUTH_INTERFACE :
	      snprintf(name, sizeof(name), "@IF(%s)",
	               po->deny[i].mask.name.name);
              cupsdDenyHost(temp, name);
	      break;

          default :
              cupsdDenyHost(temp, po->deny[i].mask.name.name);
	      break;
        }
    }
  }

  return (temp);
}


/*
 * 'cupsdCheckPolicy()' - Check the IPP operation and username against a policy.
 */

http_status_t				/* I - 1 if OK, 0 otherwise */
cupsdCheckPolicy(cupsd_policy_t *p,	/* I - Policy */
                 cupsd_client_t *con,	/* I - Client connection */
	         const char     *owner)	/* I - Owner of object */
{
  cupsd_location_t	*po;		/* Current policy operation */


 /*
  * Range check...
  */

  if (!p || !con)
  {
    cupsdLogMessage(CUPSD_LOG_CRIT, "cupsdCheckPolicy: p=%p, con=%p!", p, con);

    return ((http_status_t)0);
  }

 /*
  * Find a match for the operation...
  */

  if ((po = cupsdFindPolicyOp(p, con->request->request.op.operation_id)) == NULL)
  {
    cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCheckPolicy: No matching operation, returning 0!");
    return ((http_status_t)0);
  }

  con->best = po;

 /*
  * Return the status of the check...
  */

  return (cupsdIsAuthorized(con, owner));
}


/*
 * 'cupsdDeleteAllPolicies()' - Delete all policies in memory.
 */

void
cupsdDeleteAllPolicies(void)
{
  int			i, j;		/* Looping vars */
  cupsd_policy_t	**p;		/* Current policy */
  cupsd_location_t	**po;		/* Current policy op */


  if (NumPolicies == 0)
    return;

  for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
  {
    for (j = (*p)->num_ops, po = (*p)->ops; j > 0; j --, po ++)
      cupsdDeleteLocation(*po);

    if ((*p)->num_ops > 0)
      free((*p)->ops);

    free(*p);
  }

  free(Policies);

  NumPolicies = 0;
  Policies    = NULL;
}


/*
 * 'cupsdFindPolicy()' - Find a named policy.
 */

cupsd_policy_t *			/* O - Policy */
cupsdFindPolicy(const char *policy)	/* I - Name of policy */
{
  int			i;		/* Looping var */
  cupsd_policy_t	**p;		/* Current policy */


 /*
  * Range check...
  */

  if (policy == NULL)
    return (NULL);

 /*
  * Check the operation against the available policies...
  */

  for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
    if (!strcasecmp(policy, (*p)->name))
      return (*p);

  return (NULL);
}


/*
 * 'cupsdFindPolicyOp()' - Find a policy operation.
 */

cupsd_location_t *			/* O - Policy operation */
cupsdFindPolicyOp(cupsd_policy_t *p,	/* I - Policy */
                  ipp_op_t       op)	/* I - IPP operation */
{
  int			i;		/* Looping var */
  cupsd_location_t	**po;		/* Current policy operation */


  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp(p=%p, op=%x(%s))\n",
                  p, op, ippOpString(op));

 /*
  * Range check...
  */

  if (p == NULL)
    return (NULL);

 /*
  * Check the operation against the available policies...
  */

  for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
    if ((*po)->op == op)
    {
      cupsdLogMessage(CUPSD_LOG_DEBUG2,
                      "cupsdFindPolicyOp: Found exact match...");
      return (*po);
    }

  for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
    if ((*po)->op == IPP_ANY_OPERATION)
    {
      cupsdLogMessage(CUPSD_LOG_DEBUG2,
                      "cupsdFindPolicyOp: Found wildcard match...");
      return (*po);
    }

  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp: No match found!");

  return (NULL);
}


/*
 * End of "$Id: policy.c 5838 2006-08-17 14:41:42Z mike $".
 */
Commit	Line	Data
ef416fc2	1	/*
d09495fa	2	* "$Id: policy.c 5838 2006-08-17 14:41:42Z mike $"
ef416fc2	3	*
	4	* Policy routines for the Common UNIX Printing System (CUPS).
	5	*
480ef0fe	6	* Copyright 1997-2006 by Easy Software Products, all rights reserved.
ef416fc2	7	*
	8	* These coded instructions, statements, and computer programs are the
	9	* property of Easy Software Products and are protected by Federal
	10	* copyright law. Distribution and use rights are outlined in the file
	11	* "LICENSE.txt" which should have been included with this file. If this
	12	* file is missing or damaged please contact Easy Software Products
	13	* at:
	14	*
	15	* Attn: CUPS Licensing Information
	16	* Easy Software Products
	17	* 44141 Airport View Drive, Suite 204
	18	* Hollywood, Maryland 20636 USA
	19	*
	20	* Voice: (301) 373-9600
	21	* EMail: cups-info@cups.org
	22	* WWW: http://www.cups.org
	23	*
	24	* Contents:
	25	*
	26	* cupsdAddPolicy() - Add a policy to the system.
	27	* cupsdAddPolicyOp() - Add an operation to a policy.
	28	* cupsdCheckPolicy() - Check the IPP operation and username against
	29	* a policy.
	30	* cupsdDeleteAllPolicies() - Delete all policies in memory.
	31	* cupsdFindPolicy() - Find a named policy.
	32	* cupsdFindPolicyOp() - Find a policy operation.
	33	*/
	34
	35	/*
	36	* Include necessary headers...
	37	*/
	38
	39	#include "cupsd.h"
	40
	41
	42	/*
	43	* 'AddPolicy()' - Add a policy to the system.
	44	*/
	45
	46	cupsd_policy_t * /* O - Policy */
	47	cupsdAddPolicy(const char policy) / I - Name of policy */
	48	{
	49	cupsd_policy_t temp, / Pointer to policy */
	50	*tempa; / Pointer to policy array */
	51
	52
	53	if (policy == NULL)
	54	return (NULL);
	55
	56	if (NumPolicies == 0)
	57	tempa = malloc(sizeof(cupsd_policy_t *));
	58	else
	59	tempa = realloc(Policies, sizeof(cupsd_policy_t ) (NumPolicies + 1));
	60
	61	if (tempa == NULL)
	62	return (NULL);
	63
	64	Policies = tempa;
	65	tempa += NumPolicies;
	66
	67	if ((temp = calloc(1, sizeof(cupsd_policy_t))) != NULL)
	68	{
	69	temp->name = strdup(policy);
	70	*tempa = temp;
71
72	NumPolicies ++;
73	}
74
75	return (temp);
76	}
77
78
79	/*
80	* 'cupsdAddPolicyOp()' - Add an operation to a policy.
81	*/
82
83	cupsd_location_t * /* O - New policy operation */
84	cupsdAddPolicyOp(cupsd_policy_t p, / I - Policy */
85	cupsd_location_t po, / I - Policy operation to copy */
86	ipp_op_t op) /* I - IPP operation code */
87	{
88	int i; /* Looping var */
89	cupsd_location_t temp, / New policy operation */
90	*tempa; / New policy operation array */
91	char name[1024]; /* Interface name */
92
93
94	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdAddPolicyOp(p=%p, po=%p, op=%x(%s))",
95	p, po, op, ippOpString(op));
96
97	if (p == NULL)
98	return (NULL);
99
100	if (p->num_ops == 0)
101	tempa = malloc(sizeof(cupsd_location_t *));
102	else
103	tempa = realloc(p->ops, sizeof(cupsd_location_t ) (p->num_ops + 1));
104
105	if (tempa == NULL)
106	return (NULL);
107
108	p->ops = tempa;
109
110	if ((temp = calloc(1, sizeof(cupsd_location_t))) != NULL)
111	{
112	p->ops = tempa;
113	tempa[p->num_ops] = temp;
114	p->num_ops ++;
115
116	temp->op = op;
117	temp->limit = AUTH_LIMIT_IPP;
118
119	if (po)
120	{
121	/*
122	* Copy the specified policy to the new one...
123	*/
124
125	temp->order_type = po->order_type;
126	temp->type = po->type;
127	temp->level = po->level;
128	temp->satisfy = po->satisfy;
129	temp->encryption = po->encryption;
130
131	for (i = 0; i < po->num_names; i ++)
132	cupsdAddName(temp, po->names[i]);
133
134	for (i = 0; i < po->num_allow; i ++)
135	switch (po->allow[i].type)
136	{
137	case AUTH_IP :
138	cupsdAllowIP(temp, po->allow[i].mask.ip.address,
139	po->allow[i].mask.ip.netmask);
140	break;
141
142	case AUTH_INTERFACE :
143	snprintf(name, sizeof(name), "@IF(%s)",
144	po->allow[i].mask.name.name);
145	cupsdAllowHost(temp, name);
146	break;
147
148	default :
149	cupsdAllowHost(temp, po->allow[i].mask.name.name);
150	break;
151	}
152
153	for (i = 0; i < po->num_deny; i ++)
154	switch (po->deny[i].type)
155	{
156	case AUTH_IP :
157	cupsdDenyIP(temp, po->deny[i].mask.ip.address,
158	po->deny[i].mask.ip.netmask);
159	break;
160
161	case AUTH_INTERFACE :
162	snprintf(name, sizeof(name), "@IF(%s)",
163	po->deny[i].mask.name.name);
164	cupsdDenyHost(temp, name);
165	break;
166
167	default :
168	cupsdDenyHost(temp, po->deny[i].mask.name.name);
169	break;
170	}
171	}
172	}
173
174	return (temp);
175	}
176
177
178	/*
179	* 'cupsdCheckPolicy()' - Check the IPP operation and username against a policy.
180	*/
181
182	http_status_t /* I - 1 if OK, 0 otherwise */
183	cupsdCheckPolicy(cupsd_policy_t p, / I - Policy */
184	cupsd_client_t con, / I - Client connection */
185	const char owner) / I - Owner of object */
186	{
187	cupsd_location_t po; / Current policy operation */
188
189
190	/*
191	* Range check...
192	*/
193
194	if (!p \|\| !con)
195	{
196	cupsdLogMessage(CUPSD_LOG_CRIT, "cupsdCheckPolicy: p=%p, con=%p!", p, con);
197
d09495fa	198	return ((http_status_t)0);
ef416fc2	199	}
	200
	201	/*
	202	* Find a match for the operation...
	203	*/
	204
	205	if ((po = cupsdFindPolicyOp(p, con->request->request.op.operation_id)) == NULL)
	206	{
	207	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCheckPolicy: No matching operation, returning 0!");
d09495fa	208	return ((http_status_t)0);
ef416fc2	209	}
	210
	211	con->best = po;
	212
	213	/*
	214	* Return the status of the check...
	215	*/
	216
	217	return (cupsdIsAuthorized(con, owner));
	218	}
	219
	220
	221	/*
	222	* 'cupsdDeleteAllPolicies()' - Delete all policies in memory.
	223	*/
	224
	225	void
	226	cupsdDeleteAllPolicies(void)
	227	{
	228	int i, j; /* Looping vars */
	229	cupsd_policy_t *p; / Current policy */
	230	cupsd_location_t *po; / Current policy op */
	231
	232
	233	if (NumPolicies == 0)
	234	return;
	235
	236	for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
	237	{
	238	for (j = (p)->num_ops, po = (p)->ops; j > 0; j --, po ++)
ef416fc2	239	cupsdDeleteLocation(*po);
ef416fc2	240
	241	if ((*p)->num_ops > 0)
	242	free((*p)->ops);
	243
	244	free(*p);
	245	}
	246
	247	free(Policies);
	248
	249	NumPolicies = 0;
	250	Policies = NULL;
	251	}
	252
	253
	254	/*
	255	* 'cupsdFindPolicy()' - Find a named policy.
	256	*/
	257
	258	cupsd_policy_t * /* O - Policy */
	259	cupsdFindPolicy(const char policy) / I - Name of policy */
	260	{
	261	int i; /* Looping var */
	262	cupsd_policy_t *p; / Current policy */
	263
	264
	265	/*
	266	* Range check...
	267	*/
	268
	269	if (policy == NULL)
	270	return (NULL);
	271
	272	/*
	273	* Check the operation against the available policies...
	274	*/
	275
	276	for (i = NumPolicies, p = Policies; i > 0; i --, p ++)
	277	if (!strcasecmp(policy, (*p)->name))
	278	return (*p);
	279
	280	return (NULL);
	281	}
	282
	283
	284	/*
	285	* 'cupsdFindPolicyOp()' - Find a policy operation.
	286	*/
	287
	288	cupsd_location_t * /* O - Policy operation */
	289	cupsdFindPolicyOp(cupsd_policy_t p, / I - Policy */
	290	ipp_op_t op) /* I - IPP operation */
	291	{
	292	int i; /* Looping var */
	293	cupsd_location_t *po; / Current policy operation */
	294
	295
	296	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp(p=%p, op=%x(%s))\n",
	297	p, op, ippOpString(op));
	298
	299	/*
	300	* Range check...
	301	*/
	302
	303	if (p == NULL)
304	return (NULL);
305
306	/*
307	* Check the operation against the available policies...
308	*/
309
310	for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
311	if ((*po)->op == op)
312	{
313	cupsdLogMessage(CUPSD_LOG_DEBUG2,
314	"cupsdFindPolicyOp: Found exact match...");
315	return (*po);
316	}
317
318	for (i = p->num_ops, po = p->ops; i > 0; i --, po ++)
319	if ((*po)->op == IPP_ANY_OPERATION)
320	{
321	cupsdLogMessage(CUPSD_LOG_DEBUG2,
322	"cupsdFindPolicyOp: Found wildcard match...");
323	return (*po);
324	}
325
326	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFindPolicyOp: No match found!");
327
328	return (NULL);
329	}
330
331
332	/*
d09495fa	333	* End of "$Id: policy.c 5838 2006-08-17 14:41:42Z mike $".
ef416fc2	334	*/