Fetch the repository succeeded.
diff --git a/Makedefs.in b/Makedefs.in
index 9211338..8a1e0be 100644
--- a/Makedefs.in
+++ b/Makedefs.in
@@ -162,7 +162,7 @@ ARFLAGS = @ARFLAGS@
BACKLIBS = @BACKLIBS@
BUILDDIRS = @BUILDDIRS@
CFLAGS = @CPPFLAGS@ @CFLAGS@
-COMMONLIBS = @LIBS@
+COMMONLIBS = @LIBS@ @LIBAUDIT@ @LIBSELINUX@
CXXFLAGS = @CPPFLAGS@ @CXXFLAGS@
CXXLIBS = @CXXLIBS@
DBUS_NOTIFIER = @DBUS_NOTIFIER@
diff --git a/config-scripts/cups-lspp.m4 b/config-scripts/cups-lspp.m4
new file mode 100644
index 0000000..55bd1bb
--- /dev/null
+++ b/config-scripts/cups-lspp.m4
@@ -0,0 +1,36 @@
+dnl
+dnl LSPP code for the Common UNIX Printing System (CUPS).
+dnl
+dnl Copyright 2005-2006 by Hewlett-Packard Development Company, L.P.
+dnl
+dnl This program is free software; you can redistribute it and/or modify
+dnl it under the terms of the GNU General Public License as published by
+dnl the Free Software Foundation; version 2.
+dnl
+dnl This program is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU General Public License
+dnl along with this program; if not, write to the Free Software Foundation,
+dnl Inc., 51 Franklin Street, Fifth Floor Boston, MA 02110-1301 USA
+dnl
+
+dnl Are we trying to meet LSPP requirements
+AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no])
+
+if test x"$enable_lspp" != xno; then
+ case "$(uname)" in
+ Linux)
+ AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)])
+ AC_CHECK_HEADER(libaudit.h)
+ AC_CHECK_LIB(selinux,getpeercon, [LIBSELINUX="-lselinux" AC_SUBST(LIBSELINUX)])
+ AC_CHECK_HEADER(selinux/selinux.h)
+ AC_DEFINE(WITH_LSPP)
+ ;;
+ *)
+ # All others
+ ;;
+ esac
+fi
diff --git a/config.h.in b/config.h.in
index 6940b96..363780a 100644
--- a/config.h.in
+++ b/config.h.in
@@ -684,6 +684,13 @@ static __inline int _cups_abs(int i) { return (i < 0 ? -i : i); }
#endif /* !HAVE_ABS && !abs */
+/*
+ * Are we trying to meet LSPP requirements?
+ */
+
+#undef WITH_LSPP
+
+
/*
* Building as a snap (snapcraft.io)?
*/
diff --git a/configure.ac b/configure.ac
index 3b5dd73..0e61044 100644
--- a/configure.ac
+++ b/configure.ac
@@ -40,6 +40,8 @@ sinclude(config-scripts/cups-container.m4)
sinclude(config-scripts/cups-startup.m4)
sinclude(config-scripts/cups-defaults.m4)
+sinclude(config-scripts/cups-lspp.m4)
+
dnl See what languages are available and make sure we generate the localization
dnl files as needed...
INSTALL_LANGUAGES=""
diff --git a/filter/common.c b/filter/common.c
index 22217be..b8629e6 100644
--- a/filter/common.c
+++ b/filter/common.c
@@ -12,6 +12,12 @@
* Include necessary headers...
*/
+#include "config.h"
+#ifdef WITH_LSPP
+#define _GNU_SOURCE
+#include <string.h>
+#endif /* WITH_LSPP */
+
#include "common.h"
#include <locale.h>
@@ -294,6 +300,18 @@ WriteLabelProlog(const char *label, /* I - Page label */
{
const char *classification; /* CLASSIFICATION environment variable */
const char *ptr; /* Temporary string pointer */
+#ifdef WITH_LSPP
+ int i, /* counter */
+ n, /* counter */
+ lines, /* number of lines needed */
+ line_len, /* index into tmp_label */
+ label_len, /* length of the label in characters */
+ label_index, /* index into the label */
+ longest, /* length of the longest line */
+ longest_line, /* index to the longest line */
+ max_width; /* maximum width in characters */
+ char **wrapped_label; /* label with line breaks */
+#endif /* WITH_LSPP */
/*
@@ -316,6 +334,128 @@ WriteLabelProlog(const char *label, /* I - Page label */
return;
}
+#ifdef WITH_LSPP
+ if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL)
+ {
+ /*
+ * Based on the 12pt fixed width font below determine the max_width
+ */
+ max_width = width / 8;
+ longest_line = 0;
+ longest = 0;
+ classification += 5; // Skip the "LSPP:"
+ label_len = strlen(classification);
+
+ if (label_len > max_width)
+ {
+ lines = 1 + (int)(label_len / max_width);
+ line_len = (int)(label_len / lines);
+ wrapped_label = malloc(sizeof(*wrapped_label) * lines);
+ label_index = i = n = 0;
+ while (classification[label_index])
+ {
+ if ((label_index + line_len) > label_len)
+ break;
+ switch (classification[label_index + line_len + i])
+ {
+ case ':':
+ case ',':
+ case '-':
+ i++;
+ wrapped_label[n++] = strndup(&classification[label_index], (line_len + i));
+ label_index += line_len + i;
+ i = 0;
+ break;
+ default:
+ i++;
+ break;
+ }
+ if ((i + line_len) == max_width)
+ {
+ wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i));
+ label_index = label_index + line_len + i;
+ i = 0;
+ }
+ }
+ wrapped_label[n] = strndup(&classification[label_index], label_len - label_index);
+ }
+ else
+ {
+ lines = 1;
+ wrapped_label = malloc(sizeof(*wrapped_label));
+ wrapped_label[0] = (char*)classification;
+ }
+
+ for (n = 0; n < lines; n++ )
+ {
+ printf("userdict/ESPp%c(", ('a' + n));
+ for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)
+ if (*ptr < 32 || *ptr > 126)
+ printf("\\%03o", *ptr);
+ else
+ {
+ if (*ptr == '(' || *ptr == ')' || *ptr == '\\')
+ putchar('\\');
+
+ printf("%c", *ptr);
+ }
+ if (i > longest)
+ {
+ longest = i;
+ longest_line = n;
+ }
+ printf(")put\n");
+ }
+
+ /*
+ * For LSPP use a fixed width font so that line wrapping can be calculated
+ */
+
+ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put");
+
+ /*
+ * Finally, the procedure to write the labels on the page...
+ */
+
+ printf("userdict/ESPwl{\n"
+ " ESPlf setfont\n");
+ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ",
+ 'a' + longest_line, width * 0.5f);
+
+ for (n = 1; n < lines; n++)
+ printf(" dup");
+
+ printf("\n 1 setgray\n");
+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n",
+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n",
+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
+ printf(" 0 setgray\n");
+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n",
+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n",
+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
+
+ for (n = 0; n < lines; n ++)
+ {
+ printf(" dup %.0f moveto ESPp%c show\n",
+ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n);
+ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n);
+ }
+
+ printf(" pop\n"
+ "}bind put\n");
+
+ /*
+ * Do some clean up at the end of the LSPP special case
+ */
+ free(wrapped_label);
+
+ }
+ else
+ {
+#endif /* !WITH_LSPP */
+
/*
* Set the classification + page label string...
*/
@@ -396,7 +536,10 @@ WriteLabelProlog(const char *label, /* I - Page label */
printf(" %.0f moveto ESPpl show\n", top - 14.0);
puts("pop");
puts("}bind put");
+ }
+#ifdef WITH_LSPP
}
+#endif /* WITH_LSPP */
/*
diff --git a/filter/pstops.c b/filter/pstops.c
index 41090c8..87da143 100644
--- a/filter/pstops.c
+++ b/filter/pstops.c
@@ -3171,6 +3171,18 @@ write_label_prolog(pstops_doc_t *doc, /* I - Document info */
{
const char *classification; /* CLASSIFICATION environment variable */
const char *ptr; /* Temporary string pointer */
+#ifdef WITH_LSPP
+ int i, /* counter */
+ n, /* counter */
+ lines, /* number of lines needed */
+ line_len, /* index into tmp_label */
+ label_len, /* length of the label in characters */
+ label_index, /* index into the label */
+ longest, /* length of the longest line */
+ longest_line, /* index to the longest line */
+ max_width; /* maximum width in characters */
+ char **wrapped_label; /* label with line breaks */
+#endif /* WITH_LSPP */
/*
@@ -3193,6 +3205,124 @@ write_label_prolog(pstops_doc_t *doc, /* I - Document info */
return;
}
+#ifdef WITH_LSPP
+ if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL)
+ {
+ /*
+ * Based on the 12pt fixed width font below determine the max_width
+ */
+ max_width = width / 8;
+ longest_line = 0;
+ longest = 0;
+ classification += 5; // Skip the "LSPP:"
+ label_len = strlen(classification);
+
+ if (label_len > max_width)
+ {
+ lines = 1 + (int)(label_len / max_width);
+ line_len = (int)(label_len / lines);
+ wrapped_label = malloc(sizeof(*wrapped_label) * lines);
+ label_index = i = n = 0;
+ while (classification[label_index])
+ {
+ if ((label_index + line_len) > label_len)
+ break;
+ switch (classification[label_index + line_len + i])
+ {
+ case ':':
+ case ',':
+ case '-':
+ i++;
+ wrapped_label[n++] = strndup(&classification[label_index], (line_len + i));
+ label_index += line_len + i;
+ i = 0;
+ break;
+ default:
+ i++;
+ break;
+ }
+ if ((i + line_len) == max_width)
+ {
+ wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i));
+ label_index = label_index + line_len + i;
+ i = 0;
+ }
+ }
+ wrapped_label[n] = strndup(&classification[label_index], label_len - label_index);
+ }
+ else
+ {
+ lines = 1;
+ wrapped_label = malloc(sizeof(*wrapped_label));
+ wrapped_label[0] = (char*)classification;
+ }
+
+ for (n = 0; n < lines; n++ )
+ {
+ printf("userdict/ESPp%c(", ('a' + n));
+ for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)
+ if (*ptr < 32 || *ptr > 126)
+ printf("\\%03o", *ptr);
+ else
+ {
+ if (*ptr == '(' || *ptr == ')' || *ptr == '\\')
+ putchar('\\');
+
+ printf("%c", *ptr);
+ }
+ if (i > longest)
+ {
+ longest = i;
+ longest_line = n;
+ }
+ printf(")put\n");
+ }
+
+ /*
+ * For LSPP use a fixed width font so that line wrapping can be calculated
+ */
+
+ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put");
+
+ /*
+ * Finally, the procedure to write the labels on the page...
+ */
+
+ printf("userdict/ESPwl{\n"
+ " ESPlf setfont\n");
+ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ",
+ 'a' + longest_line, width * 0.5f);
+ for (n = 1; n < lines; n++)
+ printf(" dup");
+ printf("\n 1 setgray\n");
+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n",
+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n",
+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
+ printf(" 0 setgray\n");
+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n",
+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n",
+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
+ for (n = 0; n < lines; n ++)
+ {
+ printf(" dup %.0f moveto ESPp%c show\n",
+ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n);
+ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n);
+ }
+ printf(" pop\n"
+ "}bind put\n");
+
+ /*
+ * Do some clean up at the end of the LSPP special case
+ */
+ free(wrapped_label);
+
+ }
+ else
+ {
+#endif /* !WITH_LSPP */
+
/*
* Set the classification + page label string...
*/
@@ -3271,7 +3401,10 @@ write_label_prolog(pstops_doc_t *doc, /* I - Document info */
doc_printf(doc, " %.0f moveto ESPpl show\n", top - 14.0);
doc_puts(doc, "pop\n");
doc_puts(doc, "}bind put\n");
+ }
+#ifdef WITH_LSPP
}
+#endif /* WITH_LSPP */
/*
diff --git a/scheduler/client.c b/scheduler/client.c
index 779404c..7044ebd 100644
--- a/scheduler/client.c
+++ b/scheduler/client.c
@@ -20,12 +20,20 @@
#define _HTTP_NO_PRIVATE
#include "cupsd.h"
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif /* !defined(_GNU_SOURCE) */
#ifdef __APPLE__
# include <libproc.h>
#endif /* __APPLE__ */
#ifdef HAVE_TCPD_H
# include <tcpd.h>
#endif /* HAVE_TCPD_H */
+#ifdef WITH_LSPP
+# include <selinux/selinux.h>
+# include <selinux/context.h>
+# include <fcntl.h>
+#endif /* WITH_LSPP */
/*
@@ -264,6 +272,59 @@ cupsdAcceptClient(cupsd_listener_t *lis)/* I - Listener socket */
}
#endif /* HAVE_TCPD_H */
+#ifdef WITH_LSPP
+ if (is_lspp_config())
+ {
+ struct ucred cr;
+ unsigned int cl=sizeof(cr);
+
+ if (getsockopt(httpGetFd(con->http), SOL_SOCKET, SO_PEERCRED, &cr, &cl) == 0)
+ {
+ /*
+ * client_pid_to_auid() can be racey
+ * In this case the pid is based on a socket connected to the client
+ */
+ if ((con->auid = client_pid_to_auid(cr.pid)) == -1)
+ {
+ httpClose(con->http);
+ cupsdLogClient(con, CUPSD_LOG_ERROR,
+ "Unable to determine client auid for client pid=%d",
+ cr.pid);
+ free(con);
+ return;
+ }
+ cupsdLogClient(con, CUPSD_LOG_INFO,
+ "peer's pid=%d, uid=%d, gid=%d, auid=%d",
+ cr.pid, cr.uid, cr.gid, con->auid);
+ }
+ else
+ {
+ httpClose(con->http);
+ cupsdLogClient(con, CUPSD_LOG_ERROR, "getsockopt() failed");
+ free(con);
+ return;
+ }
+
+ /*
+ * get the context of the peer connection
+ */
+ if (getpeercon(httpGetFd(con->http), &con->scon))
+ {
+ httpClose(con->http);
+ cupsdLogClient(con, CUPSD_LOG_ERROR, "getpeercon() failed");
+ free(con);
+ return;
+ }
+
+ cupsdLogClient(con, CUPSD_LOG_INFO, "client context=%s", con->scon);
+ }
+ else
+ {
+ cupsdLogClient(con, CUPSD_LOG_DEBUG, "skipping getpeercon()");
+ cupsdSetString(&con->scon, UNKNOWN_SL);
+ }
+#endif /* WITH_LSPP */
+
#ifdef AF_LOCAL
if (httpAddrFamily(httpGetAddress(con->http)) == AF_LOCAL)
{
@@ -526,6 +587,11 @@ cupsdCloseClient(cupsd_client_t *con) /* I - Client to close */
}
#endif /* HAVE_AUTHORIZATION_H */
+#ifdef WITH_LSPP
+ if (con->scon)
+ cupsdClearString(&con->scon);
+#endif /* WITH_LSPP */
+
/*
* Re-enable new client connections if we are going back under the
* limit...
@@ -566,6 +632,13 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
struct stat filestats; /* File information */
mime_type_t *type; /* MIME type of file */
static unsigned request_id = 0; /* Request ID for temp files */
+#ifdef WITH_LSPP
+ security_context_t spoolcon; /* context of the job file */
+ context_t clicon; /* contex_t container for con->scon */
+ context_t tmpcon; /* temp context to swap the level */
+ char *clirange; /* SELinux sensitivity range */
+ char *cliclearance; /* SELinux low end clearance */
+#endif /* WITH_LSPP */
status = HTTP_STATUS_CONTINUE;
@@ -1737,7 +1810,75 @@ cupsdReadClient(cupsd_client_t *con) /* I - Client to read from */
fchmod(con->file, 0640);
fchown(con->file, RunUser, Group);
fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
- }
+
+#ifdef WITH_LSPP
+ if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
+ {
+ if (getfilecon(con->filename, &spoolcon) == -1)
+ {
+ cupsdSendError(con, HTTP_STATUS_SERVER_ERROR, CUPSD_AUTH_NONE);
+ cupsdCloseClient(con);
+ return;
+ }
+ clicon = context_new(con->scon);
+ tmpcon = context_new(spoolcon);
+ freecon(spoolcon);
+ if (!clicon || !tmpcon)
+ {
+ cupsdSendError(con, HTTP_STATUS_SERVER_ERROR, CUPSD_AUTH_NONE);
+ if (clicon)
+ context_free(clicon);
+ if (tmpcon)
+ context_free(tmpcon);
+ cupsdCloseClient(con);
+ return;
+ }
+ clirange = (char *) context_range_get(clicon);
+ if (clirange)
+ {
+ clirange = strdup(clirange);
+ if ((cliclearance = strtok(clirange, "-")) != NULL)
+ {
+ if (context_range_set(tmpcon, cliclearance) == -1)
+ {
+ cupsdSendError(con, HTTP_STATUS_SERVER_ERROR, CUPSD_AUTH_NONE);
+ free(clirange);
+ context_free(tmpcon);
+ context_free(clicon);
+ cupsdCloseClient(con);
+ return;
+ }
+ }
+ else
+ {
+ if (context_range_set(tmpcon, (context_range_get(clicon))) == -1)
+ {
+ cupsdSendError(con, HTTP_STATUS_SERVER_ERROR, CUPSD_AUTH_NONE);
+ free(clirange);
+ context_free(tmpcon);
+ context_free(clicon);
+ cupsdCloseClient(con);
+ return;
+ }
+ }
+ free(clirange);
+ }
+ if (setfilecon(con->filename, context_str(tmpcon)) == -1)
+ {
+ cupsdSendError(con, HTTP_STATUS_SERVER_ERROR, CUPSD_AUTH_NONE);
+ context_free(tmpcon);
+ context_free(clicon);
+ cupsdCloseClient(con);
+ return;
+ }
+ cupsdLogClient(con, CUPSD_LOG_DEBUG2, "%s set to %s",
+ con->filename, context_str(tmpcon));
+ context_free(tmpcon);
+ context_free(clicon);
+ }
+#endif /* WITH_LSPP */
+
+ }
if (httpGetState(con->http) != HTTP_STATE_POST_SEND)
{
@@ -3235,6 +3376,49 @@ is_path_absolute(const char *path) /* I - Input path */
return (1);
}
+#ifdef WITH_LSPP
+/*
+ * 'client_pid_to_auid()' - Using the client's pid, read /proc and determine the loginuid.
+ */
+
+uid_t client_pid_to_auid(pid_t clipid)
+{
+ uid_t uid;
+ int len, in;
+ char buf[16] = {0};
+ char fname[32] = {0};
+
+
+ /*
+ * Hopefully this pid is still the one we are interested in.
+ */
+ snprintf(fname, 32, "/proc/%d/loginuid", clipid);
+ in = open(fname, O_NOFOLLOW|O_RDONLY);
+
+ if (in < 0)
+ return (uid_t) -1;
+
+ errno = 0;
+
+ do {
+ len = read(in, buf, sizeof(buf));
+ } while (len < 0 && errno == EINTR);
+
+ close(in);
+
+ if (len < 0 || len >= sizeof(buf))
+ return (uid_t) -1;
+
+ errno = 0;
+ buf[len] = 0;
+ uid = strtol(buf, 0, 10);
+
+ if (errno != 0)
+ return (uid_t) -1;
+ else
+ return uid;
+}
+#endif /* WITH_LSPP */
/*
* 'pipe_command()' - Pipe the output of a command to the remote client.
diff --git a/scheduler/client.h b/scheduler/client.h
index 9fe4e2e..51c3ab5 100644
--- a/scheduler/client.h
+++ b/scheduler/client.h
@@ -14,6 +14,13 @@
#endif /* HAVE_AUTHORIZATION_H */
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
+#ifdef WITH_LSPP
+#include <selinux/selinux.h>
+#endif /* WITH_LSPP */
+
/*
* HTTP client structure...
*/
@@ -66,6 +73,10 @@ struct cupsd_client_s
#ifdef HAVE_AUTHORIZATION_H
AuthorizationRef authref; /* Authorization ref */
#endif /* HAVE_AUTHORIZATION_H */
+#ifdef WITH_LSPP
+ security_context_t scon; /* Security context of connection */
+ uid_t auid; /* Audit loginuid of the client */
+#endif /* WITH_LSPP */
};
#define HTTP(con) ((con)->http)
@@ -138,6 +149,10 @@ extern void cupsdStopListening(void);
extern void cupsdUpdateCGI(void);
extern void cupsdWriteClient(cupsd_client_t *con);
+#ifdef WITH_LSPP
+extern uid_t client_pid_to_auid(pid_t clipid);
+#endif /* WITH_LSPP */
+
#ifdef HAVE_TLS
extern int cupsdEndTLS(cupsd_client_t *con);
extern int cupsdStartTLS(cupsd_client_t *con);
diff --git a/scheduler/conf.c b/scheduler/conf.c
index 0d4bb6a..88d67cf 100644
--- a/scheduler/conf.c
+++ b/scheduler/conf.c
@@ -38,6 +38,9 @@
# define INADDR_NONE 0xffffffff
#endif /* !INADDR_NONE */
+#ifdef WITH_LSPP
+# include <libaudit.h>
+#endif /* WITH_LSPP */
/*
* Configuration variable structure...
@@ -129,6 +132,10 @@ static const cupsd_var_t cupsd_vars[] =
{ "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
{ "StrictConformance", &StrictConformance, CUPSD_VARTYPE_BOOLEAN },
{ "Timeout", &Timeout, CUPSD_VARTYPE_TIME },
+#ifdef WITH_LSPP
+ { "AuditLog", &AuditLog, CUPSD_VARTYPE_INTEGER },
+ { "PerPageLabels", &PerPageLabels, CUPSD_VARTYPE_BOOLEAN },
+#endif /* WITH_LSPP */
{ "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN }
};
static const cupsd_var_t cupsfiles_vars[] =
@@ -539,6 +546,9 @@ cupsdReadConfiguration(void)
const char *tmpdir; /* TMPDIR environment variable */
struct stat tmpinfo; /* Temporary directory info */
cupsd_policy_t *p; /* Policy */
+#ifdef WITH_LSPP
+ char *audit_message; /* Audit message string */
+#endif /* WITH_LSPP */
/*
@@ -866,6 +876,25 @@ cupsdReadConfiguration(void)
RunUser = getuid();
+#ifdef WITH_LSPP
+ if (AuditLog != -1)
+ {
+ /*
+ * ClassifyOverride is set during read_configuration, if its ON, report it now
+ */
+ if (ClassifyOverride)
+ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG,
+ "[Config] ClassifyOverride=enabled Users can override print banners",
+ ServerName, NULL, NULL, 1);
+ /*
+ * PerPageLabel is set during read_configuration, if its OFF, report it now
+ */
+ if (!PerPageLabels)
+ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG,
+ "[Config] PerPageLabels=disabled", ServerName, NULL, NULL, 1);
+ }
+#endif /* WITH_LSPP */
+
cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
RemotePort ? "enabled" : "disabled");
@@ -1272,7 +1301,19 @@ cupsdReadConfiguration(void)
cupsdClearString(&Classification);
if (Classification)
+ {
cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
+#ifdef WITH_LSPP
+ if (AuditLog != -1)
+ {
+ audit_message = NULL;
+ cupsdSetStringf(&audit_message, "[Config] Classification=%s", Classification);
+ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message,
+ ServerName, NULL, NULL, 1);
+ cupsdClearString(&audit_message);
+ }
+#endif /* WITH_LSPP */
+ }
/*
* Check the MaxClients setting, and then allocate memory for it...
@@ -3880,6 +3921,18 @@ read_location(cups_file_t *fp, /* I - Configuration file */
return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
}
+#ifdef WITH_LSPP
+int is_lspp_config()
+{
+ if (Classification != NULL)
+ return ((_cups_strcasecmp(Classification, MLS_CONFIG) == 0)
+ || (_cups_strcasecmp(Classification, TE_CONFIG) == 0)
+ || (_cups_strcasecmp(Classification, SELINUX_CONFIG) == 0));
+ else
+ return 0;
+}
+#endif /* WITH_LSPP */
+
/*
* 'read_policy()' - Read a <Policy name> definition.
diff --git a/scheduler/conf.h b/scheduler/conf.h
index 2e5aac6..df22b07 100644
--- a/scheduler/conf.h
+++ b/scheduler/conf.h
@@ -242,6 +242,13 @@ VAR char *ServerKeychain VALUE(NULL);
/* Keychain holding cert + key */
#endif /* HAVE_TLS */
+#ifdef WITH_LSPP
+VAR int AuditLog VALUE(-1),
+ /* File descriptor for audit */
+ PerPageLabels VALUE(TRUE);
+ /* Put the label on each page */
+#endif /* WITH_LSPP */
+
#ifdef HAVE_ONDEMAND
VAR int IdleExitTimeout VALUE(60);
/* Time after which an idle cupsd will exit */
@@ -260,6 +267,9 @@ VAR int HaveServerCreds VALUE(0);
VAR gss_cred_id_t ServerCreds; /* Server's GSS credentials */
#endif /* HAVE_GSSAPI */
+#ifdef WITH_LSPP
+extern int is_lspp_config(void);
+#endif /* WITH_LSPP */
/*
* Prototypes...
diff --git a/scheduler/cupsd.h b/scheduler/cupsd.h
index 164df6e..2d66464 100644
--- a/scheduler/cupsd.h
+++ b/scheduler/cupsd.h
@@ -9,6 +9,8 @@
* information.
*/
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
/*
* Include necessary headers.
@@ -34,6 +36,14 @@
# include <unistd.h>
#endif /* _WIN32 */
+#include "config.h"
+#ifdef WITH_LSPP
+# define MLS_CONFIG "mls"
+# define TE_CONFIG "te"
+# define SELINUX_CONFIG "SELinux"
+# define UNKNOWN_SL "UNKNOWN SL"
+#endif /* WITH_LSPP */
+
#include "mime.h"
#if defined(HAVE_CDSASSL)
diff --git a/scheduler/ipp.c b/scheduler/ipp.c
index 67ee8ed..e7fa758 100644
--- a/scheduler/ipp.c
+++ b/scheduler/ipp.c
@@ -12,6 +12,9 @@
* information.
*/
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
/*
* Include necessary headers...
*/
@@ -28,6 +31,12 @@ extern int mbr_group_name_to_uuid(const char* name, uuid_t uu);
extern int mbr_check_membership_by_id(uuid_t user, gid_t group, int* ismember);
#endif /* __APPLE__ */
+#ifdef WITH_LSPP
+#include <libaudit.h>
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+#include <selinux/avc.h>
+#endif /* WITH_LSPP */
/*
* Local functions...
@@ -52,6 +61,9 @@ static void cancel_all_jobs(cupsd_client_t *con, ipp_attribute_t *uri);
static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri);
static void cancel_subscription(cupsd_client_t *con, int id);
static int check_rss_recipient(const char *recipient);
+#ifdef WITH_LSPP
+static int check_context(cupsd_client_t *con, cupsd_job_t *job);
+#endif /* WITH_LSPP */
static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p);
static void close_job(cupsd_client_t *con, ipp_attribute_t *uri);
static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra,
@@ -1188,6 +1200,21 @@ add_job(cupsd_client_t *con, /* I - Client connection */
"time-at-creation",
"time-at-processing"
};
+#ifdef WITH_LSPP
+ char *audit_message; /* Audit message string */
+ char *printerfile; /* device file pointed to by the printer */
+ char *userheader = NULL; /* User supplied job-sheets[0] */
+ char *userfooter = NULL; /* User supplied job-sheets[1] */
+ int override = 0; /* Was a banner overrode on a job */
+ security_id_t clisid; /* SELinux SID for the client */
+ security_id_t psid; /* SELinux SID for the printer */
+ context_t printercon; /* Printer's context string */
+ struct stat printerstat; /* Printer's stat buffer */
+ security_context_t devcon; /* Printer's SELinux context */
+ struct avc_entry_ref avcref; /* Pointer to the access vector cache */
+ security_class_t tclass; /* Object class for the SELinux check */
+ access_vector_t avr; /* Access method being requested */
+#endif /* WITH_LSPP */
cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))",
@@ -1516,6 +1543,106 @@ add_job(cupsd_client_t *con, /* I - Client connection */
attr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
+#ifdef WITH_LSPP
+ if (is_lspp_config())
+ {
+ if (!con->scon || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR, "add_job: missing classification for connection \'%s\'!", printer->name);
+ send_ipp_status(con, IPP_INTERNAL_ERROR, _("Missing required security attributes."));
+ return (NULL);
+ }
+
+ /*
+ * Perform an access check so that if the user gets feedback at enqueue time
+ */
+
+ printerfile = strstr(printer->device_uri, "/dev/");
+ if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0))
+ printerfile = printer->device_uri + strlen("file:");
+
+ if (printerfile != NULL)
+ {
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: Attempting an access check on printer device %s",
+ printerfile);
+
+ if (lstat(printerfile, &printerstat) < 0)
+ {
+ if (errno != ENOENT)
+ {
+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to stat the printer"));
+ return (NULL);
+ }
+ /*
+ * The printer does not exist, so for now assume it's a FileDevice
+ */
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "write");
+ }
+ else if (S_ISCHR(printerstat.st_mode))
+ {
+ tclass = string_to_security_class("chr_file");
+ avr = string_to_av_perm(tclass, "write");
+ }
+ else if (S_ISREG(printerstat.st_mode))
+ {
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "write");
+ }
+ else
+ {
+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Printer is not a character device or regular file"));
+ return (NULL);
+ }
+ static int avc_initialized = 0;
+ if (!avc_initialized++)
+ avc_init("cupsd_enqueue_", NULL, NULL, NULL, NULL);
+ avc_entry_ref_init(&avcref);
+ if (avc_context_to_sid(con->scon, &clisid) != 0)
+ {
+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the client"));
+ return (NULL);
+ }
+ if (getfilecon(printerfile, &devcon) == -1)
+ {
+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux context of the printer"));
+ return (NULL);
+ }
+ printercon = context_new(devcon);
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: printer context %s client context %s",
+ context_str(printercon), con->scon);
+ context_free(printercon);
+
+ if (avc_context_to_sid(devcon, &psid) != 0)
+ {
+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the printer"));
+ freecon(devcon);
+ return (NULL);
+ }
+ freecon(devcon);
+ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0)
+ {
+ /*
+ * The access check failed, so cancel the job and send an audit message
+ */
+ if (AuditLog != -1)
+ {
+ audit_message = NULL;
+ cupsdSetStringf(&audit_message, "job=? auid=%u acct=%s obj=%s refused"
+ " unable to access printer=%s", con->auid,
+ con->username, con->scon, printer->name);
+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,
+ ServerName, NULL, NULL, 0);
+ cupsdClearString(&audit_message);
+ }
+
+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("SELinux prohibits access to the printer"));
+ return (NULL);
+ }
+ }
+ }
+#endif /* WITH_LSPP */
+
if ((job = cupsdAddJob(priority, printer->name)) == NULL)
{
send_ipp_status(con, IPP_INTERNAL_ERROR,
@@ -1524,6 +1651,32 @@ add_job(cupsd_client_t *con, /* I - Client connection */
return (NULL);
}
+#ifdef WITH_LSPP
+ if (is_lspp_config())
+ {
+ /*
+ * duplicate the security context and auid of the connection into the job structure
+ */
+ job->scon = strdup(con->scon);
+ job->auid = con->auid;
+
+ /*
+ * add the security context to the request so that on a restart the security
+ * attributes will be able to be restored
+ */
+ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "security-context",
+ NULL, job->scon);
+ }
+ else
+ {
+ /*
+ * Fill in the security context of the job as unlabeled
+ */
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: setting context of job to %s", UNKNOWN_SL);
+ cupsdSetString(&job->scon, UNKNOWN_SL);
+ }
+#endif /* WITH_LSPP */
+
job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE);
job->attrs = con->request;
job->dirty = 1;
@@ -1711,6 +1864,29 @@ add_job(cupsd_client_t *con, /* I - Client connection */
ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]);
ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]);
}
+#ifdef WITH_LSPP
+ else
+ {
+ /*
+ * The option was present, so capture the user supplied strings
+ */
+ userheader = strdup(attr->values[0].string.text);
+
+ if (attr->num_values > 1)
+ userfooter = strdup(attr->values[1].string.text);
+
+ if (Classification != NULL && (strcmp(userheader, Classification) == 0)
+ && userfooter &&(strcmp(userfooter, Classification) == 0))
+ {
+ /*
+ * Since both values are Classification, the user is not trying to Override
+ */
+ free(userheader);
+ if (userfooter) free(userfooter);
+ userheader = userfooter = NULL;
+ }
+ }
+#endif /* WITH_LSPP */
job->job_sheets = attr;
@@ -1741,6 +1917,9 @@ add_job(cupsd_client_t *con, /* I - Client connection */
"job-sheets=\"%s,none\", "
"job-originating-user-name=\"%s\"",
Classification, job->username);
+#ifdef WITH_LSPP
+ override = 1;
+#endif /* WITH_LSPP */
}
else if (attr->num_values == 2 &&
strcmp(attr->values[0].string.text,
@@ -1759,6 +1938,9 @@ add_job(cupsd_client_t *con, /* I - Client connection */
"job-originating-user-name=\"%s\"",
attr->values[0].string.text,
attr->values[1].string.text, job->username);
+#ifdef WITH_LSPP
+ override = 1;
+#endif /* WITH_LSPP */
}
else if (strcmp(attr->values[0].string.text, Classification) &&
strcmp(attr->values[0].string.text, "none") &&
@@ -1779,6 +1961,9 @@ add_job(cupsd_client_t *con, /* I - Client connection */
"job-originating-user-name=\"%s\"",
attr->values[0].string.text,
attr->values[1].string.text, job->username);
+#ifdef WITH_LSPP
+ override = 1;
+#endif /* WITH_LSPP */
}
}
else if (strcmp(attr->values[0].string.text, Classification) &&
@@ -1819,9 +2004,55 @@ add_job(cupsd_client_t *con, /* I - Client connection */
"job-sheets=\"%s\", "
"job-originating-user-name=\"%s\"",
Classification, job->username);
+#ifdef WITH_LSPP
+ override = 1;
+#endif /* WITH_LSPP */
+ }
+#ifdef WITH_LSPP
+ if (is_lspp_config() && AuditLog != -1)
+ {
+ audit_message = NULL;
+
+ if (userheader || userfooter)
+ {
+ if (!override)
+ {
+ /*
+ * The user overrode the banner, so audit it
+ */
+ cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s"
+ " using banners=%s,%s", job->id, userheader,
+ userfooter, attr->values[0].string.text,
+ (attr->num_values > 1) ? attr->values[1].string.text : "(null)");
+ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message,
+ ServerName, NULL, NULL, 1);
+ }
+ else
+ {
+ /*
+ * The user tried to override the banner, audit the failure
+ */
+ cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s"
+ " ignored banners=%s,%s", job->id, userheader,
+ userfooter, attr->values[0].string.text,
+ (attr->num_values > 1) ? attr->values[1].string.text : "(null)");
+ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message,
+ ServerName, NULL, NULL, 0);
+ }
+ cupsdClearString(&audit_message);
+ }
}
+#endif /* WITH_LSPP */
}
+#ifdef WITH_LSPP
+ if (userheader)
+ free(userheader);
+ if (userfooter)
+ free(userfooter);
+#endif /* WITH_LSPP */
+
+
/*
* See if we need to add the starting sheet...
*/
@@ -3647,6 +3878,128 @@ check_rss_recipient(
}
+#ifdef WITH_LSPP
+/*
+ * 'check_context()' - Check SELinux security context of a user and job
+ */
+
+static int /* O - 1 if OK, 0 if not, -1 on error */
+check_context(cupsd_client_t *con, /* I - Client connection */
+ cupsd_job_t *job) /* I - Job */
+{
+ int enforcing; /* is SELinux in enforcing mode */
+ char filename[1024]; /* Filename of the spool file */
+ security_id_t clisid; /* SELinux SID of the client */
+ security_id_t jobsid; /* SELinux SID of the job */
+ security_id_t filesid; /* SELinux SID of the spool file */
+ struct avc_entry_ref avcref; /* AVC entry cache pointer */
+ security_class_t tclass; /* SELinux security class */
+ access_vector_t avr; /* SELinux access being queried */
+ security_context_t spoolfilecon; /* SELinux context of the spool file */
+
+
+ /*
+ * Validate the input to be sure there are contexts to work with...
+ */
+
+ if (con->scon == NULL || job->scon == NULL
+ || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0
+ || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
+ return -1;
+
+ if ((enforcing = security_getenforce()) == -1)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "Error while determining SELinux enforcement");
+ return -1;
+ }
+ cupsdLogJob(job, CUPSD_LOG_DEBUG,
+ "check_context: client context %s job context %s",
+ con->scon, job->scon);
+
+
+ /*
+ * Initialize the avc engine...
+ */
+
+ static int avc_initialized = 0;
+ if (! avc_initialized++)
+ {
+ if (avc_init("cupsd", NULL, NULL, NULL, NULL) < 0)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR, "check_context: unable avc_init");
+ return -1;
+ }
+ }
+ if (avc_context_to_sid(con->scon, &clisid) != 0)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "check_context: unable to convert %s to SELinux sid",
+ con->scon);
+ return -1;
+ }
+ if (avc_context_to_sid(job->scon, &jobsid) != 0)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "check_context: unable to convert %s to SELinux sid",
+ job->scon);
+ return -1;
+ }
+ avc_entry_ref_init(&avcref);
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "read");
+
+ /*
+ * Perform the check with the client as the subject, first with the job as the object
+ * if that fails then with the spool file as the object...
+ */
+
+ if (avc_has_perm_noaudit(clisid, jobsid, tclass, avr, &avcref, NULL) != 0)
+ {
+ cupsdLogJob(job, CUPSD_LOG_INFO,
+ "check_context: SELinux denied access "
+ "based on the client context");
+
+ snprintf(filename, sizeof(filename), "%s/c%05d", RequestRoot, job->id);
+ if (getfilecon(filename, &spoolfilecon) == -1)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "check_context: Unable to get spoolfile context");
+ return -1;
+ }
+ if (avc_context_to_sid(spoolfilecon, &filesid) != 0)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "check_context: Unable to determine the "
+ "SELinux sid for the spool file");
+ freecon(spoolfilecon);
+ return -1;
+ }
+ freecon(spoolfilecon);
+ if (avc_has_perm_noaudit(clisid, filesid, tclass, avr, &avcref, NULL) != 0)
+ {
+ cupsdLogJob(job, CUPSD_LOG_INFO,
+ "check_context: SELinux denied access to the spool file");
+ return 0;
+ }
+ cupsdLogJob(job, CUPSD_LOG_INFO,
+ "check_context: SELinux allowed access to the spool file");
+ return 1;
+ }
+ else
+ if (enforcing == 0)
+ cupsdLogJob(job, CUPSD_LOG_INFO,
+ "check_context: allowing operation due to permissive mode");
+ else
+ cupsdLogJob(job, CUPSD_LOG_INFO,
+ "check_context: SELinux allowed access based on the "
+ "client context");
+
+ return 1;
+}
+#endif /* WITH_LSPP */
+
+
/*
* 'check_quotas()' - Check quotas for a printer and user.
*/
@@ -4102,6 +4455,15 @@ copy_banner(cupsd_client_t *con, /* I - Client connection */
char attrname[255], /* Name of attribute */
*s; /* Pointer into name */
ipp_attribute_t *attr; /* Attribute */
+#ifdef WITH_LSPP
+ const char *mls_label; /* SL of print job */
+ char *jobrange; /* SELinux sensitivity range */
+ char *jobclearance; /* SELinux low end clearance */
+ context_t jobcon; /* SELinux context of the job */
+ context_t tmpcon; /* Temp context to set the level */
+ security_context_t spoolcon; /* Context of the file in the spool */
+#endif /* WITH_LSPP */
+
cupsdLogMessage(CUPSD_LOG_DEBUG2,
@@ -4137,6 +4499,85 @@ copy_banner(cupsd_client_t *con, /* I - Client connection */
fchmod(cupsFileNumber(out), 0640);
fchown(cupsFileNumber(out), RunUser, Group);
+#ifdef WITH_LSPP
+ if (job->scon != NULL &&
+ strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
+ {
+ if (getfilecon(filename, &spoolcon) == -1)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "Unable to get the context of the banner file %s - %s",
+ filename, strerror(errno));
+ job->num_files --;
+ return (0);
+ }
+ tmpcon = context_new(spoolcon);
+ jobcon = context_new(job->scon);
+ freecon(spoolcon);
+ if (!tmpcon || !jobcon)
+ {
+ if (tmpcon)
+ context_free(tmpcon);
+ if (jobcon)
+ context_free(jobcon);
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "copy_banner: Unable to get the SELinux contexts");
+ job->num_files --;
+ return (0);
+ }
+ jobrange = (char *) context_range_get(jobcon);
+ if (jobrange)
+ {
+ jobrange = strdup(jobrange);
+ if ((jobclearance = strtok(jobrange, "-")) != NULL)
+ {
+ if (context_range_set(tmpcon, jobclearance) == -1)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "copy_banner: Unable to set the "
+ "level of the context for file %s - %s",
+ filename, strerror(errno));
+ free(jobrange);
+ context_free(jobcon);
+ context_free(tmpcon);
+ job->num_files --;
+ return (0);
+ }
+ }
+ else
+ {
+ if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "copy_banner: Unable to set the "
+ "level of the context for file %s - %s",
+ filename, strerror(errno));
+ free(jobrange);
+ context_free(jobcon);
+ context_free(tmpcon);
+ job->num_files --;
+ return (0);
+ }
+ }
+ free(jobrange);
+ }
+ if (setfilecon(filename, context_str(tmpcon)) == -1)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "copy_banner: Unable to set the "
+ "context of the banner file %s - %s",
+ filename, strerror(errno));
+ context_free(jobcon);
+ context_free(tmpcon);
+ job->num_files --;
+ return (0);
+ }
+ cupsdLogJob(job, CUPSD_LOG_DEBUG2, "copy_banner: %s set to %s",
+ filename, context_str(tmpcon));
+ context_free(jobcon);
+ context_free(tmpcon);
+ }
+#endif /* WITH_LSPP */
/*
* Try the localized banner file under the subdirectory...
@@ -4231,6 +4672,24 @@ copy_banner(cupsd_client_t *con, /* I - Client connection */
else
s = attrname;
+#ifdef WITH_LSPP
+ if (strcmp(s, "mls-label") == 0)
+ {
+ if (job->scon != NULL && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
+ {
+ jobcon = context_new(job->scon);
+ if (_cups_strcasecmp(name, MLS_CONFIG) == 0)
+ mls_label = context_range_get(jobcon);
+ else if (_cups_strcasecmp(name, TE_CONFIG) == 0)
+ mls_label = context_type_get(jobcon);
+ else // default to using the whole context string
+ mls_label = context_str(jobcon);
+ cupsFilePuts(out, mls_label);
+ context_free(jobcon);
+ }
+ continue;
+ }
+#endif /* WITH_LSPP */
if (!strcmp(s, "printer-name"))
{
cupsFilePuts(out, job->dest);
@@ -6681,6 +7140,22 @@ get_job_attrs(cupsd_client_t *con, /* I - Client connection */
exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username);
+
+#ifdef WITH_LSPP
+ /*
+ * Check SELinux...
+ */
+ if (is_lspp_config() && check_context(con, job) != 1)
+ {
+ /*
+ * Unfortunately we have to lie to the user...
+ */
+ send_ipp_status(con, IPP_NOT_FOUND, _("Job #%d does not exist!"), jobid);
+ return;
+ }
+#endif /* WITH_LSPP */
+
+
/*
* Copy attributes...
*/
@@ -7079,6 +7554,11 @@ get_jobs(cupsd_client_t *con, /* I - Client connection */
if (username[0] && _cups_strcasecmp(username, job->username))
continue;
+#ifdef WITH_LSPP
+ if (is_lspp_config() && check_context(con, job) != 1)
+ continue;
+#endif /* WITH_LSPP */
+
if (count > 0)
ippAddSeparator(con->response);
@@ -11810,6 +12290,11 @@ validate_user(cupsd_job_t *job, /* I - Job */
strlcpy(username, get_username(con), userlen);
+#ifdef WITH_LSPP
+ if (is_lspp_config() && check_context(con, job) != 1)
+ return 0;
+#endif /* WITH_LSPP */
+
/*
* Check the username against the owner...
*/
diff --git a/scheduler/job.c b/scheduler/job.c
index 822a247..2f952bc 100644
--- a/scheduler/job.c
+++ b/scheduler/job.c
@@ -9,6 +9,9 @@
* information.
*/
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
/*
* Include necessary headers...
*/
@@ -24,6 +27,12 @@
# endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */
#endif /* __APPLE__ */
+#ifdef WITH_LSPP
+#include <libaudit.h>
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+#include <selinux/avc.h>
+#endif /* WITH_LSPP */
/*
* Design Notes for Job Management
@@ -544,6 +553,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */
/* PRINTER env variable */
*printer_state_reasons = NULL;
/* PRINTER_STATE_REASONS env var */
+#ifdef WITH_LSPP
+ char *audit_message = NULL; /* Audit message string */
+ context_t jobcon; /* SELinux context of the job */
+ char *label_template = NULL; /* SL to put in classification
+ env var */
+ const char *mls_label = NULL; /* SL to put in classification
+ env var */
+#endif /* WITH_LSPP */
cupsdLogMessage(CUPSD_LOG_DEBUG2,
@@ -1070,6 +1087,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I - Job */
if (final_content_type[0])
envp[envc ++] = final_content_type;
+#ifdef WITH_LSPP
+ if (is_lspp_config())
+ {
+ if (!job->scon || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
+ {
+ if (AuditLog != -1)
+ {
+ audit_message = NULL;
+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s",
+ job->id, job->auid, job->username, job->printer->name, title);
+ audit_log_user_message(AuditLog, AUDIT_USER_UNLABELED_EXPORT, audit_message,
+ ServerName, NULL, NULL, 1);
+ cupsdClearString(&audit_message);
+ }
+ }
+ else
+ {
+ jobcon = context_new(job->scon);
+
+ if ((attr = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME)) == NULL)
+ label_template = strdup(Classification);
+ else if (attr->num_values > 1 &&
+ strcmp(attr->values[1].string.text, "none") != 0)
+ label_template = strdup(attr->values[1].string.text);
+ else
+ label_template = strdup(attr->values[0].string.text);
+
+ if (_cups_strcasecmp(label_template, MLS_CONFIG) == 0)
+ mls_label = context_range_get(jobcon);
+ else if (_cups_strcasecmp(label_template, TE_CONFIG) == 0)
+ mls_label = context_type_get(jobcon);
+ else if (_cups_strcasecmp(label_template, SELINUX_CONFIG) == 0)
+ mls_label = context_str(jobcon);
+ else
+ mls_label = label_template;
+
+ if (mls_label && (PerPageLabels || banner_page))
+ {
+ snprintf(classification, sizeof(classification), "CLASSIFICATION=LSPP:%s", mls_label);
+ envp[envc ++] = classification;
+ }
+
+ if ((AuditLog != -1) && !banner_page)
+ {
+ audit_message = NULL;
+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s"
+ " obj=%s label=%s", job->id, job->auid, job->username,
+ job->printer->name, title, job->scon, mls_label?mls_label:"none");
+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,
+ ServerName, NULL, NULL, 1);
+ cupsdClearString(&audit_message);
+ }
+ context_free(jobcon);
+ free(label_template);
+ }
+ }
+ else
+ /*
+ * Fall through to the non-LSPP behavior
+ */
+#endif /* WITH_LSPP */
if (Classification && !banner_page)
{
if ((attr = ippFindAttribute(job->attrs, "job-sheets",
@@ -1404,6 +1482,11 @@ cupsdDeleteJob(cupsd_job_t *job, /* I - Job */
cupsdClearString(&job->username);
cupsdClearString(&job->dest);
+
+#ifdef WITH_LSPP
+ cupsdClearString(&job->scon);
+#endif
+
for (i = 0;
i < (int)(sizeof(job->auth_env) / sizeof(job->auth_env[0]));
i ++)
@@ -1856,6 +1939,22 @@ cupsdLoadJob(cupsd_job_t *job) /* I - Job */
ippSetString(job->attrs, &job->reasons, 0, "job-completed-successfully");
}
+#ifdef WITH_LSPP
+ if ((attr = ippFindAttribute(job->attrs, "security-context", IPP_TAG_NAME)) != NULL)
+ cupsdSetString(&job->scon, attr->values[0].string.text);
+ else if (is_lspp_config())
+ {
+ /*
+ * There was no security context so delete the job
+ */
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "Missing or bad security-context attribute "
+ "in control file \"%s\"!",
+ jobfile);
+ goto error;
+ }
+#endif /* WITH_LSPP */
+
job->impressions = ippFindAttribute(job->attrs, "job-impressions-completed", IPP_TAG_INTEGER);
job->sheets = ippFindAttribute(job->attrs, "job-media-sheets-completed", IPP_TAG_INTEGER);
job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME);
@@ -2268,6 +2367,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - Job */
{
char filename[1024]; /* Job control filename */
cups_file_t *fp; /* Job file */
+#ifdef WITH_LSPP
+ security_context_t spoolcon; /* context of the job control file */
+ context_t jobcon; /* contex_t container for job->scon */
+ context_t tmpcon; /* Temp context to swap the level */
+ char *jobclearance; /* SELinux low end clearance */
+ const char *jobrange; /* SELinux sensitivity range */
+ char *jobrange_copy; /* SELinux sensitivity range */
+#endif /* WITH_LSPP */
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p",
@@ -2290,6 +2397,78 @@ cupsdSaveJob(cupsd_job_t *job) /* I - Job */
fchown(cupsFileNumber(fp), RunUser, Group);
+#ifdef WITH_LSPP
+ if (job->scon && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
+ {
+ if (getfilecon(filename, &spoolcon) == -1)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "Unable to get context of job control file \"%s\" - %s.",
+ filename, strerror(errno));
+ return;
+ }
+ jobcon = context_new(job->scon);
+ tmpcon = context_new(spoolcon);
+ freecon(spoolcon);
+ if (!jobcon || !tmpcon)
+ {
+ if (jobcon)
+ context_free(jobcon);
+ if (tmpcon)
+ context_free(tmpcon);
+ cupsdLogJob(job, CUPSD_LOG_ERROR, "Unable to get SELinux contexts");
+ return;
+ }
+ jobrange = context_range_get(jobcon);
+ if (jobrange)
+ {
+ jobrange_copy = strdup(jobrange);
+ if ((jobclearance = strtok(jobrange_copy, "-")) != NULL)
+ {
+ if (context_range_set(tmpcon, jobclearance) == -1)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "Unable to set the range for "
+ "job control file \"%s\" - %s.",
+ filename, strerror(errno));
+ free(jobrange_copy);
+ context_free(tmpcon);
+ context_free(jobcon);
+ return;
+ }
+ }
+ else
+ {
+ if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "Unable to set the range for "
+ "job control file \"%s\" - %s.",
+ filename, strerror(errno));
+ free(jobrange_copy);
+ context_free(tmpcon);
+ context_free(jobcon);
+ return;
+ }
+ }
+ free(jobrange_copy);
+ }
+ if (setfilecon(filename, context_str(tmpcon)) == -1)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "Unable to set context of job control file \"%s\" - %s.",
+ filename, strerror(errno));
+ context_free(tmpcon);
+ context_free(jobcon);
+ return;
+ }
+ cupsdLogJob(job, CUPSD_LOG_DEBUG2, "New spool file context=%s",
+ context_str(tmpcon));
+ context_free(tmpcon);
+ context_free(jobcon);
+ }
+#endif /* WITH_LSPP */
+
job->attrs->state = IPP_IDLE;
if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL,
@@ -4020,6 +4199,19 @@ get_options(cupsd_job_t *job, /* I - Job */
banner_page)
continue;
+#ifdef WITH_LSPP
+ /*
+ * In LSPP mode refuse to honor the page-label
+ */
+ if (is_lspp_config() &&
+ !strcmp(attr->name, "page-label"))
+ {
+ cupsdLogJob(job, CUPSD_LOG_DEBUG,
+ "Ignoring page-label option due to LSPP mode");
+ continue;
+ }
+#endif /* WITH_LSPP */
+
/*
* Otherwise add them to the list...
*/
@@ -4834,6 +5026,18 @@ start_job(cupsd_job_t *job, /* I - Job ID */
cupsd_printer_t *printer) /* I - Printer to print job */
{
const char *filename; /* Support filename */
+#ifdef WITH_LSPP
+ char *audit_message = NULL; /* Audit message string */
+ char *printerfile = NULL; /* Device file pointed to by the printer */
+ security_id_t clisid; /* SELinux SID for the client */
+ security_id_t psid; /* SELinux SID for the printer */
+ context_t printercon; /* Printer's context string */
+ struct stat printerstat; /* Printer's stat buffer */
+ security_context_t devcon; /* Printer's SELinux context */
+ struct avc_entry_ref avcref; /* Pointer to the access vector cache */
+ security_class_t tclass; /* Object class for the SELinux check */
+ access_vector_t avr; /* Access method being requested */
+#endif /* WITH_LSPP */
ipp_attribute_t *cancel_after = ippFindAttribute(job->attrs,
"job-cancel-after",
IPP_TAG_INTEGER);
@@ -5022,6 +5226,113 @@ start_job(cupsd_job_t *job, /* I - Job ID */
fcntl(job->side_pipes[1], F_SETFD,
fcntl(job->side_pipes[1], F_GETFD) | FD_CLOEXEC);
+#ifdef WITH_LSPP
+ if (is_lspp_config())
+ {
+ /*
+ * Perform an access check before printing, but only if the printer starts with /dev/
+ */
+ printerfile = strstr(printer->device_uri, "/dev/");
+ if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0))
+ printerfile = printer->device_uri + strlen("file:");
+
+ if (printerfile != NULL)
+ {
+ cupsdLogJob(job, CUPSD_LOG_DEBUG,
+ "Attempting to check access on printer device %s",
+ printerfile);
+ if (lstat(printerfile, &printerstat) < 0)
+ {
+ if (errno != ENOENT)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "Unable to stat the printer");
+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
+ return ;
+ }
+ /*
+ * The printer does not exist, so for now assume it's a FileDevice
+ */
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "write");
+ }
+ else if (S_ISCHR(printerstat.st_mode))
+ {
+ tclass = string_to_security_class("chr_file");
+ avr = string_to_av_perm(tclass, "write");
+ }
+ else if (S_ISREG(printerstat.st_mode))
+ {
+ tclass = string_to_security_class("file");
+ avr = string_to_av_perm(tclass, "write");
+ }
+ else
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "StartJob: Printer is not a character device or "
+ "regular file");
+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
+ return ;
+ }
+ static int avc_initialized = 0;
+ if (!avc_initialized++)
+ avc_init("cupsd_dequeue_", NULL, NULL, NULL, NULL);
+ avc_entry_ref_init(&avcref);
+ if (avc_context_to_sid(job->scon, &clisid) != 0)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "Unable to determine the SELinux sid for the job");
+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
+ return ;
+ }
+ if (getfilecon(printerfile, &devcon) == -1)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "Unable to get the SELinux context of %s",
+ printerfile);
+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
+ return ;
+ }
+ printercon = context_new(devcon);
+ cupsdLogJob(job, CUPSD_LOG_DEBUG,
+ "Printer context %s client context %s",
+ context_str(printercon), job->scon);
+ context_free(printercon);
+
+ if (avc_context_to_sid(devcon, &psid) != 0)
+ {
+ cupsdLogJob(job, CUPSD_LOG_ERROR,
+ "Unable to determine the SELinux sid for the printer");
+ freecon(devcon);
+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
+ return ;
+ }
+ freecon(devcon);
+
+ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0)
+ {
+ /*
+ * The access check failed, so cancel the job and send an audit message
+ */
+ if (AuditLog != -1)
+ {
+ audit_message = NULL;
+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s obj=%s canceled"
+ " unable to access printer=%s", job->id,
+ job->auid, (job->username)?job->username:"?", job->scon, printer->name);
+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,
+ ServerName, NULL, NULL, 0);
+ cupsdClearString(&audit_message);
+ }
+
+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
+
+ return ;
+ }
+ }
+ }
+#endif /* WITH_LSPP */
+
/*
* Now start the first file in the job...
*/
diff --git a/scheduler/job.h b/scheduler/job.h
index 619353d..310b66a 100644
--- a/scheduler/job.h
+++ b/scheduler/job.h
@@ -8,6 +8,13 @@
* Licensed under Apache License v2.0. See the file "LICENSE" for more information.
*/
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
+#ifdef WITH_LSPP
+#include <selinux/selinux.h>
+#endif /* WITH_LSPP */
+
/*
* Constants...
*/
@@ -85,6 +92,10 @@ struct cupsd_job_s /**** Job request ****/
int progress; /* Printing progress */
int num_keywords; /* Number of PPD keywords */
cups_option_t *keywords; /* PPD keywords */
+#ifdef WITH_LSPP
+ security_context_t scon; /* Security context of job */
+ uid_t auid; /* Audit loginuid for this job */
+#endif /* WITH_LSPP */
};
typedef struct cupsd_joblog_s /**** Job log message ****/
diff --git a/scheduler/main.c b/scheduler/main.c
index ae2409e..21bd989 100644
--- a/scheduler/main.c
+++ b/scheduler/main.c
@@ -58,6 +58,9 @@
# include <sys/param.h>
#endif /* HAVE_SYS_PARAM_H */
+#ifdef WITH_LSPP
+# include <libaudit.h>
+#endif /* WITH_LSPP */
/*
* Local functions...
@@ -124,6 +127,9 @@ main(int argc, /* I - Number of command-line args */
#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
struct sigaction action; /* Actions for POSIX signals */
#endif /* HAVE_SIGACTION && !HAVE_SIGSET */
+#if WITH_LSPP
+ auditfail_t failmode; /* Action for audit_open failure */
+#endif /* WITH_LSPP */
#ifdef __APPLE__
int use_sysman = 1; /* Use system management functions? */
#else
@@ -494,6 +500,25 @@ main(int argc, /* I - Number of command-line args */
exit(errno);
}
+#ifdef WITH_LSPP
+ if ((AuditLog = audit_open()) < 0 )
+ {
+ if (get_auditfail_action(&failmode) == 0)
+ {
+ if (failmode == FAIL_LOG)
+ {
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to connect to audit subsystem.");
+ AuditLog = -1;
+ }
+ else if (failmode == FAIL_TERMINATE)
+ {
+ fprintf(stderr, "cupsd: unable to start auditing, terminating");
+ return -1;
+ }
+ }
+ }
+#endif /* WITH_LSPP */
+
/*
* Let the system know we are busy while we bring up cupsd...
*/
@@ -1203,6 +1228,11 @@ main(int argc, /* I - Number of command-line args */
cupsdStopSelect();
+#ifdef WITH_LSPP
+ if (AuditLog != -1)
+ audit_close(AuditLog);
+#endif /* WITH_LSPP */
+
return (!stop_scheduler);
}
diff --git a/scheduler/printers.c b/scheduler/printers.c
index bf493a3..d06bd93 100644
--- a/scheduler/printers.c
+++ b/scheduler/printers.c
@@ -9,6 +9,8 @@
* information.
*/
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
+
/*
* Include necessary headers...
*/
@@ -33,6 +35,10 @@
# include <asl.h>
#endif /* __APPLE__ */
+#ifdef WITH_LSPP
+# include <libaudit.h>
+# include <selinux/context.h>
+#endif /* WITH_LSPP */
/*
* Local functions...
@@ -2184,6 +2190,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)/* I - Printer to setup */
ipp_attribute_t *attr; /* Attribute data */
char *name, /* Current user/group name */
*filter; /* Current filter */
+#ifdef WITH_LSPP
+ char *audit_message; /* Audit message string */
+ char *printerfile; /* Path to a local printer dev */
+ char *rangestr; /* Printer's range if its available */
+ security_context_t devcon; /* Printer SELinux context */
+ context_t printercon; /* context_t for the printer */
+#endif /* WITH_LSPP */
/*
@@ -2309,6 +2322,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)/* I - Printer to setup */
attr->values[1].string.text = _cupsStrAlloc(Classification ?
Classification : p->job_sheets[1]);
}
+#ifdef WITH_LSPP
+ if (AuditLog != -1)
+ {
+ audit_message = NULL;
+ rangestr = NULL;
+ printercon = 0;
+ printerfile = strstr(p->device_uri, "/dev/");
+ if (printerfile == NULL && (strncmp(p->device_uri, "file:/", 6) == 0))
+ printerfile = p->device_uri + strlen("file:");
+
+ if (printerfile != NULL)
+ {
+ if (getfilecon(printerfile, &devcon) == -1)
+ {
+ if(is_selinux_enabled())
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdSetPrinterAttrs: Unable to get printer context");
+ }
+ else
+ {
+ printercon = context_new(devcon);
+ freecon(devcon);
+ }
+ }
+
+ if (printercon && context_range_get(printercon))
+ rangestr = strdup(context_range_get(printercon));
+ else
+ rangestr = strdup("unknown");
+
+ cupsdSetStringf(&audit_message, "printer=%s uri=%s banners=%s,%s range=%s",
+ p->name, p->sanitized_device_uri, p->job_sheets[0], p->job_sheets[1], rangestr);
+ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message,
+ ServerName, NULL, NULL, 1);
+ if (printercon)
+ context_free(printercon);
+ free(rangestr);
+ cupsdClearString(&audit_message);
+ }
+#endif /* WITH_LSPP */
}
p->raw = 0;
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手