1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21/*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
22/*	  All Rights Reserved  	*/
23
24
25#pragma ident	"%Z%%M%	%I%	%E% SMI"
26
27/*
28 * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
29 * Use is subject to license terms.
30 */
31
32/* EMACS_MODES: !fill, lnumb, !overwrite, !nodelete, !picture */
33
34#include "string.h"
35#include "unistd.h"
36
37#include "lp.h"
38#include "access.h"
39#include <pwd.h>
40#include <auth_attr.h>
41#include <auth_list.h>
42#include <tsol/label.h>
43
44/**
45 ** is_user_admin() - CHECK IF CURRENT USER IS AN ADMINISTRATOR
46 **/
47
48int
49#if	defined(__STDC__)
50is_user_admin (
51	void
52)
53#else
54is_user_admin ()
55#endif
56{
57	/* For a labeled system, tsol_check_admin_auth is called
58	 * instead of using Access.
59	 */
60	if (is_system_labeled()) {
61		/* Check that user has print admin authorization */
62		return (tsol_check_admin_auth(getuid()));
63	} else {
64		return (Access(Lp_A, W_OK) == -1? 0 : 1);
65	}
66}
67
68/**
69 ** is_user_allowed() - CHECK USER ACCESS ACCORDING TO ALLOW/DENY LISTS
70 **/
71
72int
73#if	defined(__STDC__)
74is_user_allowed (
75	char *			user,
76	char **			allow,
77	char **			deny
78)
79#else
80is_user_allowed (user, allow, deny)
81	char			*user,
82				**allow,
83				**deny;
84#endif
85{
86	if (bangequ(user, LOCAL_LPUSER) || bangequ(user, LOCAL_ROOTUSER))
87		return (1);
88
89	return (allowed(user, allow, deny));
90}
91
92/**
93 ** is_user_allowed_form() - CHECK USER ACCESS TO FORM
94 **/
95
96int
97#if	defined(__STDC__)
98is_user_allowed_form (
99	char *			user,
100	char *			form
101)
102#else
103is_user_allowed_form (user, form)
104	char			*user,
105				*form;
106#endif
107{
108	char			**allow,
109				**deny;
110
111	if (loadaccess(Lp_A_Forms, form, "", &allow, &deny) == -1)
112		return (-1);
113
114	return (is_user_allowed(user, allow, deny));
115}
116
117/**
118 ** is_user_allowed_printer() - CHECK USER ACCESS TO PRINTER
119 **/
120
121int
122#if	defined(__STDC__)
123is_user_allowed_printer (
124	char *			user,
125	char *			printer
126)
127#else
128is_user_allowed_printer (user, printer)
129	char			*user,
130				*printer;
131#endif
132{
133	char			**allow,
134				**deny;
135
136	if (loadaccess(Lp_A_Printers, printer, UACCESSPREFIX, &allow, &deny) == -1)
137		return (-1);
138
139	return (is_user_allowed(user, allow, deny));
140}
141
142/**
143 ** is_form_allowed_printer() - CHECK FORM USE ON PRINTER
144 **/
145
146int
147#if	defined(__STDC__)
148is_form_allowed_printer (
149	char *			form,
150	char *			printer
151)
152#else
153is_form_allowed_printer (form, printer)
154	char			*form,
155				*printer;
156#endif
157{
158	char			**allow,
159				**deny;
160
161	if (loadaccess(Lp_A_Printers, printer, FACCESSPREFIX, &allow, &deny) == -1)
162		return (-1);
163
164	return (allowed(form, allow, deny));
165}
166
167/**
168 ** allowed() - GENERAL ROUTINE TO CHECK ALLOW/DENY LISTS
169 **/
170
171int
172#if	defined(__STDC__)
173allowed (
174	char *			item,
175	char **			allow,
176	char **			deny
177)
178#else
179allowed (item, allow, deny)
180	char			*item,
181				**allow,
182				**deny;
183#endif
184{
185	if (allow) {
186		if (bang_searchlist(item, allow))
187			return (1);
188		else
189			return (0);
190	}
191
192	if (deny) {
193		if (bang_searchlist(item, deny))
194			return (0);
195		else
196			return (1);
197	}
198
199	return (0);
200}
201
202/*
203 * Check to see if the specified user has the administer the printing
204 * system authorization.
205 */
206int
207tsol_check_admin_auth(uid_t uid)
208{
209	struct passwd *p;
210	char *name;
211
212	p = getpwuid(uid);
213	if (p != NULL && p->pw_name != NULL)
214		name = p->pw_name;
215	else
216		name = "";
217
218	return (chkauthattr(PRINT_ADMIN_AUTH, name));
219}
220