1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
22 /* All Rights Reserved */
23
24 /*
25 * Copyright 2006 Sun Microsystems, Inc. All rights reserved.
26 * Use is subject to license terms.
27 */
28
29 /* EMACS_MODES: !fill, lnumb, !overwrite, !nodelete, !picture */
30
31 #include "string.h"
32 #include "unistd.h"
33
34 #include "lp.h"
35 #include "access.h"
36 #include <pwd.h>
37 #include <auth_attr.h>
38 #include <auth_list.h>
39 #include <tsol/label.h>
40
41 /**
42 ** is_user_admin() - CHECK IF CURRENT USER IS AN ADMINISTRATOR
43 **/
44
45 int
46 #if defined(__STDC__)
is_user_admin(void)47 is_user_admin (
48 void
49 )
50 #else
51 is_user_admin ()
52 #endif
53 {
54 /* For a labeled system, tsol_check_admin_auth is called
55 * instead of using Access.
56 */
57 if (is_system_labeled()) {
58 /* Check that user has print admin authorization */
59 return (tsol_check_admin_auth(getuid()));
60 } else {
61 return (Access(Lp_A, W_OK) == -1? 0 : 1);
62 }
63 }
64
65 /**
66 ** is_user_allowed() - CHECK USER ACCESS ACCORDING TO ALLOW/DENY LISTS
67 **/
68
69 int
70 #if defined(__STDC__)
is_user_allowed(char * user,char ** allow,char ** deny)71 is_user_allowed (
72 char * user,
73 char ** allow,
74 char ** deny
75 )
76 #else
77 is_user_allowed (user, allow, deny)
78 char *user,
79 **allow,
80 **deny;
81 #endif
82 {
83 if (bangequ(user, LOCAL_LPUSER) || bangequ(user, LOCAL_ROOTUSER))
84 return (1);
85
86 return (allowed(user, allow, deny));
87 }
88
89 /**
90 ** is_user_allowed_form() - CHECK USER ACCESS TO FORM
91 **/
92
93 int
94 #if defined(__STDC__)
is_user_allowed_form(char * user,char * form)95 is_user_allowed_form (
96 char * user,
97 char * form
98 )
99 #else
100 is_user_allowed_form (user, form)
101 char *user,
102 *form;
103 #endif
104 {
105 char **allow,
106 **deny;
107
108 if (loadaccess(Lp_A_Forms, form, "", &allow, &deny) == -1)
109 return (-1);
110
111 return (is_user_allowed(user, allow, deny));
112 }
113
114 /**
115 ** is_user_allowed_printer() - CHECK USER ACCESS TO PRINTER
116 **/
117
118 int
119 #if defined(__STDC__)
is_user_allowed_printer(char * user,char * printer)120 is_user_allowed_printer (
121 char * user,
122 char * printer
123 )
124 #else
125 is_user_allowed_printer (user, printer)
126 char *user,
127 *printer;
128 #endif
129 {
130 char **allow,
131 **deny;
132
133 if (loadaccess(Lp_A_Printers, printer, UACCESSPREFIX, &allow, &deny) == -1)
134 return (-1);
135
136 return (is_user_allowed(user, allow, deny));
137 }
138
139 /**
140 ** is_form_allowed_printer() - CHECK FORM USE ON PRINTER
141 **/
142
143 int
144 #if defined(__STDC__)
is_form_allowed_printer(char * form,char * printer)145 is_form_allowed_printer (
146 char * form,
147 char * printer
148 )
149 #else
150 is_form_allowed_printer (form, printer)
151 char *form,
152 *printer;
153 #endif
154 {
155 char **allow,
156 **deny;
157
158 if (loadaccess(Lp_A_Printers, printer, FACCESSPREFIX, &allow, &deny) == -1)
159 return (-1);
160
161 return (allowed(form, allow, deny));
162 }
163
164 /**
165 ** allowed() - GENERAL ROUTINE TO CHECK ALLOW/DENY LISTS
166 **/
167
168 int
169 #if defined(__STDC__)
allowed(char * item,char ** allow,char ** deny)170 allowed (
171 char * item,
172 char ** allow,
173 char ** deny
174 )
175 #else
176 allowed (item, allow, deny)
177 char *item,
178 **allow,
179 **deny;
180 #endif
181 {
182 if (allow) {
183 if (bang_searchlist(item, allow))
184 return (1);
185 else
186 return (0);
187 }
188
189 if (deny) {
190 if (bang_searchlist(item, deny))
191 return (0);
192 else
193 return (1);
194 }
195
196 return (0);
197 }
198
199 /*
200 * Check to see if the specified user has the administer the printing
201 * system authorization.
202 */
203 int
tsol_check_admin_auth(uid_t uid)204 tsol_check_admin_auth(uid_t uid)
205 {
206 struct passwd *p;
207 char *name;
208
209 p = getpwuid(uid);
210 if (p != NULL && p->pw_name != NULL)
211 name = p->pw_name;
212 else
213 name = "";
214
215 return (chkauthattr(PRINT_ADMIN_AUTH, name));
216 }
217