xref: /illumos-gate/usr/src/cmd/lp/lib/access/allowed.c (revision 2a8bcb4e) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
22 /*	  All Rights Reserved  	*/
23 
24 /*
25  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
26  * Use is subject to license terms.
27  */
28 
29 /* EMACS_MODES: !fill, lnumb, !overwrite, !nodelete, !picture */
30 
31 #include "string.h"
32 #include "unistd.h"
33 
34 #include "lp.h"
35 #include "access.h"
36 #include <pwd.h>
37 #include <auth_attr.h>
38 #include <auth_list.h>
39 #include <tsol/label.h>
40 
41 /**
42  ** is_user_admin() - CHECK IF CURRENT USER IS AN ADMINISTRATOR
43  **/
44 
45 int
46 #if	defined(__STDC__)
is_user_admin(void)47 is_user_admin (
48 	void
49 )
50 #else
51 is_user_admin ()
52 #endif
53 {
54 	/* For a labeled system, tsol_check_admin_auth is called
55 	 * instead of using Access.
56 	 */
57 	if (is_system_labeled()) {
58 		/* Check that user has print admin authorization */
59 		return (tsol_check_admin_auth(getuid()));
60 	} else {
61 		return (Access(Lp_A, W_OK) == -1? 0 : 1);
62 	}
63 }
64 
65 /**
66  ** is_user_allowed() - CHECK USER ACCESS ACCORDING TO ALLOW/DENY LISTS
67  **/
68 
69 int
70 #if	defined(__STDC__)
is_user_allowed(char * user,char ** allow,char ** deny)71 is_user_allowed (
72 	char *			user,
73 	char **			allow,
74 	char **			deny
75 )
76 #else
77 is_user_allowed (user, allow, deny)
78 	char			*user,
79 				**allow,
80 				**deny;
81 #endif
82 {
83 	if (bangequ(user, LOCAL_LPUSER) || bangequ(user, LOCAL_ROOTUSER))
84 		return (1);
85 
86 	return (allowed(user, allow, deny));
87 }
88 
89 /**
90  ** is_user_allowed_form() - CHECK USER ACCESS TO FORM
91  **/
92 
93 int
94 #if	defined(__STDC__)
is_user_allowed_form(char * user,char * form)95 is_user_allowed_form (
96 	char *			user,
97 	char *			form
98 )
99 #else
100 is_user_allowed_form (user, form)
101 	char			*user,
102 				*form;
103 #endif
104 {
105 	char			**allow,
106 				**deny;
107 
108 	if (loadaccess(Lp_A_Forms, form, "", &allow, &deny) == -1)
109 		return (-1);
110 
111 	return (is_user_allowed(user, allow, deny));
112 }
113 
114 /**
115  ** is_user_allowed_printer() - CHECK USER ACCESS TO PRINTER
116  **/
117 
118 int
119 #if	defined(__STDC__)
is_user_allowed_printer(char * user,char * printer)120 is_user_allowed_printer (
121 	char *			user,
122 	char *			printer
123 )
124 #else
125 is_user_allowed_printer (user, printer)
126 	char			*user,
127 				*printer;
128 #endif
129 {
130 	char			**allow,
131 				**deny;
132 
133 	if (loadaccess(Lp_A_Printers, printer, UACCESSPREFIX, &allow, &deny) == -1)
134 		return (-1);
135 
136 	return (is_user_allowed(user, allow, deny));
137 }
138 
139 /**
140  ** is_form_allowed_printer() - CHECK FORM USE ON PRINTER
141  **/
142 
143 int
144 #if	defined(__STDC__)
is_form_allowed_printer(char * form,char * printer)145 is_form_allowed_printer (
146 	char *			form,
147 	char *			printer
148 )
149 #else
150 is_form_allowed_printer (form, printer)
151 	char			*form,
152 				*printer;
153 #endif
154 {
155 	char			**allow,
156 				**deny;
157 
158 	if (loadaccess(Lp_A_Printers, printer, FACCESSPREFIX, &allow, &deny) == -1)
159 		return (-1);
160 
161 	return (allowed(form, allow, deny));
162 }
163 
164 /**
165  ** allowed() - GENERAL ROUTINE TO CHECK ALLOW/DENY LISTS
166  **/
167 
168 int
169 #if	defined(__STDC__)
allowed(char * item,char ** allow,char ** deny)170 allowed (
171 	char *			item,
172 	char **			allow,
173 	char **			deny
174 )
175 #else
176 allowed (item, allow, deny)
177 	char			*item,
178 				**allow,
179 				**deny;
180 #endif
181 {
182 	if (allow) {
183 		if (bang_searchlist(item, allow))
184 			return (1);
185 		else
186 			return (0);
187 	}
188 
189 	if (deny) {
190 		if (bang_searchlist(item, deny))
191 			return (0);
192 		else
193 			return (1);
194 	}
195 
196 	return (0);
197 }
198 
199 /*
200  * Check to see if the specified user has the administer the printing
201  * system authorization.
202  */
203 int
tsol_check_admin_auth(uid_t uid)204 tsol_check_admin_auth(uid_t uid)
205 {
206 	struct passwd *p;
207 	char *name;
208 
209 	p = getpwuid(uid);
210 	if (p != NULL && p->pw_name != NULL)
211 		name = p->pw_name;
212 	else
213 		name = "";
214 
215 	return (chkauthattr(PRINT_ADMIN_AUTH, name));
216 }
217