Tree - rpms/cups - CentOS Git server

rpms / cups

Blame cups-lspp.patch

Blob History Raw

	d82520	`diff -up cups-1.6.3/config.h.in.lspp cups-1.6.3/config.h.in`
	d82520	`--- cups-1.6.3/config.h.in.lspp 2013-07-12 11:54:00.974623350 +0200`
	d82520	`+++ cups-1.6.3/config.h.in 2013-07-12 11:54:01.013622809 +0200`
	d82520	`@@ -747,6 +747,13 @@ static __inline int _cups_abs(int i) { r`
	47ca1c	`# endif /* __GNUC__ \|\| __STDC_VERSION__ */`
	47ca1c	`#endif /* !HAVE_ABS && !abs */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+/*`
Tim Waugh	8936a5	`+ * Are we trying to meet LSPP requirements?`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+`
Tim Waugh	8936a5	`+#undef WITH_LSPP`
Tim Waugh	8936a5	`+`
	47ca1c	`+`
Tim Waugh	8936a5	`#endif /* !_CUPS_CONFIG_H_ */`
Tim Waugh	8936a5
	47ca1c	`/*`
	d82520	`diff -up cups-1.6.3/config-scripts/cups-lspp.m4.lspp cups-1.6.3/config-scripts/cups-lspp.m4`
	d82520	`--- cups-1.6.3/config-scripts/cups-lspp.m4.lspp 2013-07-12 11:54:01.013622809 +0200`
	d82520	`+++ cups-1.6.3/config-scripts/cups-lspp.m4 2013-07-12 11:54:01.013622809 +0200`
Tim Waugh	8936a5	`@@ -0,0 +1,36 @@`
Tim Waugh	8936a5	`+dnl`
Tim Waugh	8936a5	`+dnl LSPP code for the Common UNIX Printing System (CUPS).`
Tim Waugh	8936a5	`+dnl`
Tim Waugh	8936a5	`+dnl Copyright 2005-2006 by Hewlett-Packard Development Company, L.P.`
Tim Waugh	8936a5	`+dnl`
Tim Waugh	8936a5	`+dnl This program is free software; you can redistribute it and/or modify`
Tim Waugh	8936a5	`+dnl it under the terms of the GNU General Public License as published by`
Tim Waugh	8936a5	`+dnl the Free Software Foundation; version 2.`
Tim Waugh	8936a5	`+dnl`
Tim Waugh	8936a5	`+dnl This program is distributed in the hope that it will be useful, but`
Tim Waugh	8936a5	`+dnl WITHOUT ANY WARRANTY; without even the implied warranty of`
Tim Waugh	8936a5	`+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
Tim Waugh	8936a5	`+dnl General Public License for more details.`
Tim Waugh	8936a5	`+dnl`
Tim Waugh	8936a5	`+dnl You should have received a copy of the GNU General Public License`
Tim Waugh	8936a5	`+dnl along with this program; if not, write to the Free Software Foundation,`
Tim Waugh	8936a5	`+dnl Inc., 51 Franklin Street, Fifth Floor Boston, MA 02110-1301 USA`
Tim Waugh	8936a5	`+dnl`
Tim Waugh	8936a5	`+`
Tim Waugh	8936a5	`+dnl Are we trying to meet LSPP requirements`
Tim Waugh	8936a5	`+AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no])`
Tim Waugh	8936a5	`+`
Tim Waugh	8936a5	`+if test x"$enable_lspp" != xno; then`
Tim Waugh	8936a5	`+ case "$uname" in`
Tim Waugh	8936a5	`+ Linux)`
Tim Waugh	8936a5	`+ AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)])`
Tim Waugh	8936a5	`+ AC_CHECK_HEADER(libaudit.h)`
Tim Waugh	8936a5	`+ AC_CHECK_LIB(selinux,getpeercon, [LIBSELINUX="-lselinux" AC_SUBST(LIBSELINUX)])`
Tim Waugh	8936a5	`+ AC_CHECK_HEADER(selinux/selinux.h)`
Tim Waugh	8936a5	`+ AC_DEFINE(WITH_LSPP)`
Tim Waugh	8936a5	`+ ;;`
Tim Waugh	8936a5	`+ *)`
Tim Waugh	8936a5	`+ # All others`
Tim Waugh	8936a5	`+ ;;`
Tim Waugh	8936a5	`+ esac`
Tim Waugh	8936a5	`+fi`
	d82520	`diff -up cups-1.6.3/configure.in.lspp cups-1.6.3/configure.in`
	d82520	`--- cups-1.6.3/configure.in.lspp 2013-07-12 11:54:00.974623350 +0200`
	d82520	`+++ cups-1.6.3/configure.in 2013-07-12 11:54:01.013622809 +0200`
	47ca1c	`@@ -37,6 +37,8 @@ sinclude(config-scripts/cups-systemd.m4)`
	47ca1c	`sinclude(config-scripts/cups-defaults.m4)`
Tim Waugh	8936a5	`sinclude(config-scripts/cups-scripting.m4)`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+sinclude(config-scripts/cups-lspp.m4)`
Tim Waugh	8936a5	`+`
Tim Waugh	8936a5	`INSTALL_LANGUAGES=""`
Tim Waugh	8936a5	`UNINSTALL_LANGUAGES=""`
Tim Waugh	8936a5	`LANGFILES=""`
	d82520	`diff -up cups-1.6.3/filter/common.c.lspp cups-1.6.3/filter/common.c`
	d82520	`--- cups-1.6.3/filter/common.c.lspp 2013-06-07 03:12:52.000000000 +0200`
	d82520	`+++ cups-1.6.3/filter/common.c 2013-07-12 11:54:01.014622795 +0200`
Tim Waugh	8936a5	`@@ -30,6 +30,12 @@`
Tim Waugh	8936a5	`* Include necessary headers...`
Tim Waugh	8936a5	`*/`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#include "config.h"`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+#define _GNU_SOURCE`
Tim Waugh	8936a5	`+#include <string.h>`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5	`+`
Tim Waugh	8936a5	`#include "common.h"`
Tim Waugh	8936a5	`#include <locale.h>`
Tim Waugh	8936a5
Tim Waugh	8936a5	`@@ -312,6 +318,18 @@ WriteLabelProlog(const char label, / I`
Tim Waugh	8936a5	`{`
Tim Waugh	8936a5	`const char classification; / CLASSIFICATION environment variable */`
Tim Waugh	8936a5	`const char ptr; / Temporary string pointer */`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ int i, /* counter */`
Tim Waugh	8936a5	`+ n, /* counter */`
Tim Waugh	8936a5	`+ lines, /* number of lines needed */`
Tim Waugh	8936a5	`+ line_len, /* index into tmp_label */`
Tim Waugh	8936a5	`+ label_len, /* length of the label in characters */`
Tim Waugh	8936a5	`+ label_index, /* index into the label */`
Tim Waugh	8936a5	`+ longest, /* length of the longest line */`
Tim Waugh	8936a5	`+ longest_line, /* index to the longest line */`
Tim Waugh	8936a5	`+ max_width; /* maximum width in characters */`
Tim Waugh	8936a5	`+ char *wrapped_label; / label with line breaks */`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5
Tim Waugh	8936a5
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`@@ -334,6 +352,124 @@ WriteLabelProlog(const char label, / I`
Tim Waugh	8936a5	`return;`
Tim Waugh	8936a5	`}`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * Based on the 12pt fixed width font below determine the max_width`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ max_width = width / 8;`
Tim Waugh	8936a5	`+ longest_line = 0;`
Tim Waugh	8936a5	`+ longest = 0;`
Tim Waugh	8936a5	`+ classification += 5; // Skip the "LSPP:"`
Tim Waugh	8936a5	`+ label_len = strlen(classification);`
Tim Waugh	8936a5	`+`
Tim Waugh	8936a5	`+ if (label_len > max_width)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ lines = 1 + (int)(label_len / max_width);`
Tim Waugh	8936a5	`+ line_len = (int)(label_len / lines);`
	85d072	`+ wrapped_label = malloc(sizeof(wrapped_label) lines);`
Tim Waugh	8936a5	`+ label_index = i = n = 0;`
Tim Waugh	8936a5	`+ while (classification[label_index])`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if ((label_index + line_len) > label_len)`
Tim Waugh	8936a5	`+ break;`
Tim Waugh	8936a5	`+ switch (classification[label_index + line_len + i])`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ case ':':`
Tim Waugh	8936a5	`+ case ',':`
Tim Waugh	8936a5	`+ case '-':`
Tim Waugh	8936a5	`+ i++;`
Tim Waugh	8936a5	`+ wrapped_label[n++] = strndup(&classification[label_index], (line_len + i));`
Tim Waugh	8936a5	`+ label_index += line_len + i;`
Tim Waugh	8936a5	`+ i = 0;`
Tim Waugh	8936a5	`+ break;`
Tim Waugh	8936a5	`+ default:`
Tim Waugh	8936a5	`+ i++;`
Tim Waugh	8936a5	`+ break;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ if ((i + line_len) == max_width)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i));`
Tim Waugh	8936a5	`+ label_index = label_index + line_len + i;`
Tim Waugh	8936a5	`+ i = 0;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ wrapped_label[n] = strndup(&classification[label_index], label_len - label_index);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ lines = 1;`
	85d072	`+ wrapped_label = malloc(sizeof(*wrapped_label));`
Tim Waugh	8936a5	`+ wrapped_label[0] = (char*)classification;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+`
Tim Waugh	8936a5	`+ for (n = 0; n < lines; n++ )`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ printf("userdict/ESPp%c(", ('a' + n));`
Tim Waugh	8936a5	`+ for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)`
Tim Waugh	8936a5	`+ if (ptr < 32 \|\| ptr > 126)`
Tim Waugh	8936a5	`+ printf("\\%03o", *ptr);`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (ptr == '(' \|\| ptr == ')' \|\| *ptr == '\\')`
Tim Waugh	8936a5	`+ putchar('\\');`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`+ printf("%c", *ptr);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ if (i > longest)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ longest = i;`
Tim Waugh	8936a5	`+ longest_line = n;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ printf(")put\n");`
Tim Waugh	8936a5	`+ }`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * For LSPP use a fixed width font so that line wrapping can be calculated`
Tim Waugh	8936a5	`+ */`
Tim Waugh	75d0e8	`+`
Tim Waugh	8936a5	`+ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put");`
Tim Waugh	75d0e8	`+`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * Finally, the procedure to write the labels on the page...`
Tim Waugh	8936a5	`+ */`
Tim Waugh	75d0e8	`+`
Tim Waugh	8936a5	`+ printf("userdict/ESPwl{\n"`
Tim Waugh	8936a5	`+ " ESPlf setfont\n");`
Tim Waugh	8936a5	`+ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ",`
Tim Waugh	8936a5	`+ 'a' + longest_line, width * 0.5f);`
Tim Waugh	8936a5	`+ for (n = 1; n < lines; n++)`
Tim Waugh	8936a5	`+ printf(" dup");`
Tim Waugh	8936a5	`+ printf("\n 1 setgray\n");`
Tim Waugh	8936a5	`+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n",`
Tim Waugh	8936a5	`+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));`
Tim Waugh	8936a5	`+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n",`
Tim Waugh	8936a5	`+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));`
Tim Waugh	8936a5	`+ printf(" 0 setgray\n");`
Tim Waugh	8936a5	`+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n",`
Tim Waugh	8936a5	`+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));`
Tim Waugh	8936a5	`+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n",`
Tim Waugh	8936a5	`+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));`
Tim Waugh	8936a5	`+ for (n = 0; n < lines; n ++)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ printf(" dup %.0f moveto ESPp%c show\n",`
Tim Waugh	8936a5	`+ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n);`
Tim Waugh	8936a5	`+ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ printf(" pop\n"`
Tim Waugh	8936a5	`+ "}bind put\n");`
Tim Waugh	22cc21	`+`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * Do some clean up at the end of the LSPP special case`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ free(wrapped_label);`
Tim Waugh	75d0e8	`+`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+#endif /* !WITH_LSPP */`
Tim Waugh	8936a5	`+`
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* Set the classification + page label string...`
Tim Waugh	8936a5	`*/`
Tim Waugh	8936a5	`@@ -414,7 +550,10 @@ WriteLabelProlog(const char label, / I`
Tim Waugh	8936a5	`printf(" %.0f moveto ESPpl show\n", top - 14.0);`
Tim Waugh	8936a5	`puts("pop");`
Tim Waugh	8936a5	`puts("}bind put");`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`}`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5
Tim Waugh	8936a5
Tim Waugh	8936a5	`/*`
	d82520	`diff -up cups-1.6.3/filter/pstops.c.lspp cups-1.6.3/filter/pstops.c`
	d82520	`--- cups-1.6.3/filter/pstops.c.lspp 2013-06-07 03:12:52.000000000 +0200`
	d82520	`+++ cups-1.6.3/filter/pstops.c 2013-07-12 11:54:01.015622781 +0200`
	47ca1c	`@@ -3202,6 +3202,18 @@ write_label_prolog(pstops_doc_t doc, /`
Tim Waugh	92b094	`{`
Tim Waugh	92b094	`const char classification; / CLASSIFICATION environment variable */`
Tim Waugh	92b094	`const char ptr; / Temporary string pointer */`
Tim Waugh	92b094	`+#ifdef WITH_LSPP`
Tim Waugh	92b094	`+ int i, /* counter */`
Tim Waugh	92b094	`+ n, /* counter */`
Tim Waugh	92b094	`+ lines, /* number of lines needed */`
Tim Waugh	92b094	`+ line_len, /* index into tmp_label */`
Tim Waugh	92b094	`+ label_len, /* length of the label in characters */`
Tim Waugh	92b094	`+ label_index, /* index into the label */`
Tim Waugh	92b094	`+ longest, /* length of the longest line */`
Tim Waugh	92b094	`+ longest_line, /* index to the longest line */`
Tim Waugh	92b094	`+ max_width; /* maximum width in characters */`
Tim Waugh	92b094	`+ char *wrapped_label; / label with line breaks */`
Tim Waugh	92b094	`+#endif /* WITH_LSPP */`
Tim Waugh	92b094
Tim Waugh	92b094
Tim Waugh	92b094	`/*`
	47ca1c	`@@ -3224,6 +3236,124 @@ write_label_prolog(pstops_doc_t doc, /`
Tim Waugh	92b094	`return;`
Tim Waugh	92b094	`}`
Tim Waugh	92b094
Tim Waugh	92b094	`+#ifdef WITH_LSPP`
Tim Waugh	92b094	`+ if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL)`
Tim Waugh	92b094	`+ {`
Tim Waugh	92b094	`+ /*`
Tim Waugh	92b094	`+ * Based on the 12pt fixed width font below determine the max_width`
Tim Waugh	92b094	`+ */`
Tim Waugh	92b094	`+ max_width = width / 8;`
Tim Waugh	92b094	`+ longest_line = 0;`
Tim Waugh	92b094	`+ longest = 0;`
Tim Waugh	92b094	`+ classification += 5; // Skip the "LSPP:"`
Tim Waugh	92b094	`+ label_len = strlen(classification);`
Tim Waugh	92b094	`+`
Tim Waugh	92b094	`+ if (label_len > max_width)`
Tim Waugh	92b094	`+ {`
Tim Waugh	92b094	`+ lines = 1 + (int)(label_len / max_width);`
Tim Waugh	92b094	`+ line_len = (int)(label_len / lines);`
	85d072	`+ wrapped_label = malloc(sizeof(wrapped_label) lines);`
Tim Waugh	92b094	`+ label_index = i = n = 0;`
Tim Waugh	92b094	`+ while (classification[label_index])`
Tim Waugh	92b094	`+ {`
Tim Waugh	92b094	`+ if ((label_index + line_len) > label_len)`
Tim Waugh	92b094	`+ break;`
Tim Waugh	92b094	`+ switch (classification[label_index + line_len + i])`
Tim Waugh	92b094	`+ {`
Tim Waugh	92b094	`+ case ':':`
Tim Waugh	92b094	`+ case ',':`
Tim Waugh	92b094	`+ case '-':`
Tim Waugh	92b094	`+ i++;`
Tim Waugh	92b094	`+ wrapped_label[n++] = strndup(&classification[label_index], (line_len + i));`
Tim Waugh	92b094	`+ label_index += line_len + i;`
Tim Waugh	92b094	`+ i = 0;`
Tim Waugh	92b094	`+ break;`
Tim Waugh	92b094	`+ default:`
Tim Waugh	92b094	`+ i++;`
Tim Waugh	92b094	`+ break;`
Tim Waugh	92b094	`+ }`
Tim Waugh	92b094	`+ if ((i + line_len) == max_width)`
Tim Waugh	92b094	`+ {`
Tim Waugh	92b094	`+ wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i));`
Tim Waugh	92b094	`+ label_index = label_index + line_len + i;`
Tim Waugh	92b094	`+ i = 0;`
Tim Waugh	92b094	`+ }`
Tim Waugh	92b094	`+ }`
Tim Waugh	92b094	`+ wrapped_label[n] = strndup(&classification[label_index], label_len - label_index);`
Tim Waugh	92b094	`+ }`
Tim Waugh	92b094	`+ else`
Tim Waugh	92b094	`+ {`
Tim Waugh	92b094	`+ lines = 1;`
	85d072	`+ wrapped_label = malloc(sizeof(*wrapped_label));`
Tim Waugh	92b094	`+ wrapped_label[0] = (char*)classification;`
Tim Waugh	92b094	`+ }`
Tim Waugh	92b094	`+`
Tim Waugh	92b094	`+ for (n = 0; n < lines; n++ )`
Tim Waugh	92b094	`+ {`
Tim Waugh	92b094	`+ printf("userdict/ESPp%c(", ('a' + n));`
Tim Waugh	92b094	`+ for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)`
Tim Waugh	92b094	`+ if (ptr < 32 \|\| ptr > 126)`
Tim Waugh	92b094	`+ printf("\\%03o", *ptr);`
Tim Waugh	92b094	`+ else`
Tim Waugh	92b094	`+ {`
Tim Waugh	92b094	`+ if (ptr == '(' \|\| ptr == ')' \|\| *ptr == '\\')`
Tim Waugh	92b094	`+ putchar('\\');`
Tim Waugh	92b094	`+`
Tim Waugh	92b094	`+ printf("%c", *ptr);`
Tim Waugh	92b094	`+ }`
Tim Waugh	92b094	`+ if (i > longest)`
Tim Waugh	92b094	`+ {`
Tim Waugh	92b094	`+ longest = i;`
Tim Waugh	92b094	`+ longest_line = n;`
Tim Waugh	92b094	`+ }`
Tim Waugh	92b094	`+ printf(")put\n");`
Tim Waugh	92b094	`+ }`
Tim Waugh	92b094	`+`
Tim Waugh	92b094	`+ /*`
Tim Waugh	92b094	`+ * For LSPP use a fixed width font so that line wrapping can be calculated`
Tim Waugh	92b094	`+ */`
Tim Waugh	92b094	`+`
Tim Waugh	92b094	`+ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put");`
Tim Waugh	92b094	`+`
Tim Waugh	92b094	`+ /*`
Tim Waugh	92b094	`+ * Finally, the procedure to write the labels on the page...`
Tim Waugh	92b094	`+ */`
Tim Waugh	92b094	`+`
Tim Waugh	92b094	`+ printf("userdict/ESPwl{\n"`
Tim Waugh	92b094	`+ " ESPlf setfont\n");`
Tim Waugh	92b094	`+ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ",`
Tim Waugh	92b094	`+ 'a' + longest_line, width * 0.5f);`
Tim Waugh	92b094	`+ for (n = 1; n < lines; n++)`
Tim Waugh	92b094	`+ printf(" dup");`
Tim Waugh	92b094	`+ printf("\n 1 setgray\n");`
Tim Waugh	92b094	`+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n",`
Tim Waugh	92b094	`+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));`
Tim Waugh	92b094	`+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n",`
Tim Waugh	92b094	`+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));`
Tim Waugh	92b094	`+ printf(" 0 setgray\n");`
Tim Waugh	92b094	`+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n",`
Tim Waugh	92b094	`+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));`
Tim Waugh	92b094	`+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n",`
Tim Waugh	92b094	`+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));`
Tim Waugh	92b094	`+ for (n = 0; n < lines; n ++)`
Tim Waugh	92b094	`+ {`
Tim Waugh	92b094	`+ printf(" dup %.0f moveto ESPp%c show\n",`
Tim Waugh	92b094	`+ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n);`
Tim Waugh	92b094	`+ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n);`
Tim Waugh	92b094	`+ }`
Tim Waugh	92b094	`+ printf(" pop\n"`
Tim Waugh	92b094	`+ "}bind put\n");`
Tim Waugh	92b094	`+`
Tim Waugh	92b094	`+ /*`
Tim Waugh	92b094	`+ * Do some clean up at the end of the LSPP special case`
Tim Waugh	92b094	`+ */`
Tim Waugh	92b094	`+ free(wrapped_label);`
Tim Waugh	92b094	`+`
Tim Waugh	92b094	`+ }`
Tim Waugh	92b094	`+ else`
Tim Waugh	92b094	`+ {`
Tim Waugh	92b094	`+#endif /* !WITH_LSPP */`
Tim Waugh	92b094	`+`
Tim Waugh	92b094	`/*`
Tim Waugh	92b094	`* Set the classification + page label string...`
Tim Waugh	92b094	`*/`
	47ca1c	`@@ -3302,7 +3432,10 @@ write_label_prolog(pstops_doc_t doc, /`
Tim Waugh	92b094	`doc_printf(doc, " %.0f moveto ESPpl show\n", top - 14.0);`
Tim Waugh	92b094	`doc_puts(doc, "pop\n");`
Tim Waugh	92b094	`doc_puts(doc, "}bind put\n");`
Tim Waugh	92b094	`+ }`
Tim Waugh	92b094	`+#ifdef WITH_LSPP`
Tim Waugh	92b094	`}`
Tim Waugh	92b094	`+#endif /* WITH_LSPP */`
Tim Waugh	92b094
Tim Waugh	92b094
Tim Waugh	92b094	`/*`
	d82520	`diff -up cups-1.6.3/Makedefs.in.lspp cups-1.6.3/Makedefs.in`
	d82520	`--- cups-1.6.3/Makedefs.in.lspp 2013-07-12 11:54:00.976623322 +0200`
	d82520	`+++ cups-1.6.3/Makedefs.in 2013-07-12 11:54:01.015622781 +0200`
	47ca1c	`@@ -146,7 +146,7 @@ LDFLAGS = -L../cgi-bin -L../cups -L../f`
	47ca1c	`@LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM)`
	4743e1	`LINKCUPS = @LINKCUPS@ $(LIBGSSAPI) $(SSLLIBS) $(DNSSDLIBS) $(LIBZ)`
Tim Waugh	8936a5	`LINKCUPSIMAGE = @LINKCUPSIMAGE@`
Tim Waugh	8936a5	`-LIBS = $(LINKCUPS) $(COMMONLIBS)`
Tim Waugh	8936a5	`+LIBS = $(LINKCUPS) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@`
Tim Waugh	8936a5	`OPTIM = @OPTIM@`
Tim Waugh	8936a5	`OPTIONS =`
Tim Waugh	8936a5	`PAMLIBS = @PAMLIBS@`
	d82520	`diff -up cups-1.6.3/scheduler/client.c.lspp cups-1.6.3/scheduler/client.c`
	d82520	`--- cups-1.6.3/scheduler/client.c.lspp 2013-06-07 03:12:52.000000000 +0200`
	d82520	`+++ cups-1.6.3/scheduler/client.c 2013-07-12 11:54:01.017622754 +0200`
	47ca1c	`@@ -41,6 +41,7 @@`
	47ca1c	`* valid_host() - Is the Host: field valid?`
	47ca1c	`* write_file() - Send a file via HTTP.`
	47ca1c	`* write_pipe() - Flag that data is available on the CGI pipe.`
	47ca1c	`+ * client_pid_to_auid() - Get the audit login uid of the client.`
Tim Waugh	8936a5	`*/`
Tim Waugh	8936a5
Tim Waugh	8936a5	`/*`
	47ca1c	`@@ -49,10 +50,16 @@`
Tim Waugh	8936a5
Tim Waugh	8936a5	`#include "cupsd.h"`
Tim Waugh	8936a5
Tim Waugh	cb06f2	`+#define _GNU_SOURCE`
	4743e1	`#ifdef HAVE_TCPD_H`
Tim Waugh	cb06f2	`# include <tcpd.h>`
Tim Waugh	cb06f2	`#endif /* HAVE_TCPD_H */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+#include <selinux/selinux.h>`
Tim Waugh	8936a5	`+#include <selinux/context.h>`
Tim Waugh	8936a5	`+#include <fcntl.h>`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`/*`
	47ca1c	`* Local globals...`
	47ca1c	`@@ -371,6 +378,57 @@ cupsdAcceptClient(cupsd_listener_t *lis)`
Tim Waugh	8936a5	`}`
Tim Waugh	cb06f2	`#endif /* HAVE_TCPD_H */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if (is_lspp_config())`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ struct ucred cr;`
Tim Waugh	8936a5	`+ unsigned int cl=sizeof(cr);`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`+ if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) == 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * client_pid_to_auid() can be racey`
Tim Waugh	8936a5	`+ * In this case the pid is based on a socket connected to the client`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ if ((con->auid = client_pid_to_auid(cr.pid)) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ close(con->http.fd);`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: "`
Tim Waugh	8936a5	`+ "unable to determine client auid for client pid=%d", cr.pid);`
Tim Waugh	8936a5	`+ free(con);`
Tim Waugh	8936a5	`+ return;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: peer's pid=%d, uid=%d, gid=%d, auid=%d",`
Tim Waugh	8936a5	`+ cr.pid, cr.uid, cr.gid, con->auid);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ close(con->http.fd);`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getsockopt() failed");`
Tim Waugh	8936a5	`+ free(con);`
Tim Waugh	8936a5	`+ return;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * get the context of the peer connection`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ if (getpeercon(con->http.fd, &con->scon))`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ close(con->http.fd);`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getpeercon() failed");`
Tim Waugh	8936a5	`+ free(con);`
Tim Waugh	8936a5	`+ return;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: client context=%s", con->scon);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAcceptClient: skipping getpeercon()");`
Tim Waugh	8936a5	`+ cupsdSetString(&con->scon, UNKNOWN_SL);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5	`+`
	4743e1	`#ifdef AF_LOCAL`
	4743e1	`if (con->http.hostaddr->addr.sa_family == AF_LOCAL)`
	47ca1c	`cupsdLogMessage(CUPSD_LOG_DEBUG, "[Client %d] Accepted from %s (Domain)",`
	47ca1c	`@@ -678,6 +736,13 @@ cupsdReadClient(cupsd_client_t con) /`
Tim Waugh	8936a5	`mime_type_t type; / MIME type of file */`
Tim Waugh	8936a5	`cupsd_printer_t p; / Printer */`
Tim Waugh	8936a5	`static unsigned request_id = 0; /* Request ID for temp files */`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ security_context_t spoolcon; /* context of the job file */`
Tim Waugh	8936a5	`+ context_t clicon; /* contex_t container for con->scon */`
Tim Waugh	8936a5	`+ context_t tmpcon; /* temp context to swap the level */`
Tim Waugh	8936a5	`+ char clirange; / SELinux sensitivity range */`
Tim Waugh	8936a5	`+ char cliclearance; / SELinux low end clearance */`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5
Tim Waugh	8936a5
Tim Waugh	8936a5	`status = HTTP_CONTINUE;`
	389e11	`@@ -2134,6 +2199,67 @@ cupsdReadClient(cupsd_client_t con) /`
Tim Waugh	8936a5	`fchmod(con->file, 0640);`
Tim Waugh	8936a5	`fchown(con->file, RunUser, Group);`
Tim Waugh	8936a5	`fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) \| FD_CLOEXEC);`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (getfilecon(con->filename, &spoolcon) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);`
Tim Waugh	8936a5	`+ return (cupsdCloseClient(con));`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ clicon = context_new(con->scon);`
Tim Waugh	8936a5	`+ tmpcon = context_new(spoolcon);`
Tim Waugh	8936a5	`+ freecon(spoolcon);`
Tim Waugh	8936a5	`+ if (!clicon \|\| !tmpcon)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);`
Tim Waugh	8936a5	`+ if (clicon)`
Tim Waugh	8936a5	`+ context_free(clicon);`
Tim Waugh	8936a5	`+ if (tmpcon)`
Tim Waugh	8936a5	`+ context_free(tmpcon);`
Tim Waugh	8936a5	`+ return (cupsdCloseClient(con));`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ clirange = context_range_get(clicon);`
Tim Waugh	8936a5	`+ if (clirange)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ clirange = strdup(clirange);`
Tim Waugh	8936a5	`+ if ((cliclearance = strtok(clirange, "-")) != NULL)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (context_range_set(tmpcon, cliclearance) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);`
Tim Waugh	8936a5	`+ free(clirange);`
Tim Waugh	8936a5	`+ context_free(tmpcon);`
Tim Waugh	8936a5	`+ context_free(clicon);`
Tim Waugh	8936a5	`+ return (cupsdCloseClient(con));`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (context_range_set(tmpcon, (context_range_get(clicon))) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);`
Tim Waugh	8936a5	`+ free(clirange);`
Tim Waugh	8936a5	`+ context_free(tmpcon);`
Tim Waugh	8936a5	`+ context_free(clicon);`
Tim Waugh	8936a5	`+ return (cupsdCloseClient(con));`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ free(clirange);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ if (setfilecon(con->filename, context_str(tmpcon)) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);`
Tim Waugh	8936a5	`+ context_free(tmpcon);`
Tim Waugh	8936a5	`+ context_free(clicon);`
Tim Waugh	8936a5	`+ return (cupsdCloseClient(con));`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadClient: %s set to %s",`
Tim Waugh	8936a5	`+ con->filename, context_str(tmpcon));`
Tim Waugh	8936a5	`+ context_free(tmpcon);`
Tim Waugh	8936a5	`+ context_free(clicon);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5	`}`
Tim Waugh	8936a5
Tim Waugh	8936a5	`if (con->http.state != HTTP_POST_SEND)`
	d82520	`@@ -3579,6 +3705,49 @@ is_path_absolute(const char path) / I`
	47ca1c	`return (1);`
	47ca1c	`}`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+/*`
Tim Waugh	8936a5	`+ * 'client_pid_to_auid()' - Using the client's pid, read /proc and determine the loginuid.`
Tim Waugh	8936a5	`+ */`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`+uid_t client_pid_to_auid(pid_t clipid)`
Tim Waugh	8936a5	`+{`
Tim Waugh	8936a5	`+ uid_t uid;`
Tim Waugh	8936a5	`+ int len, in;`
Tim Waugh	8936a5	`+ char buf[16] = {0};`
Tim Waugh	8936a5	`+ char fname[32] = {0};`
Tim Waugh	e7076f	`+`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * Hopefully this pid is still the one we are interested in.`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ snprintf(fname, 32, "/proc/%d/loginuid", clipid);`
Tim Waugh	8936a5	`+ in = open(fname, O_NOFOLLOW\|O_RDONLY);`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`+ if (in < 0)`
Tim Waugh	8936a5	`+ return -1;`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`+ errno = 0;`
Tim Waugh	75d0e8	`+`
Tim Waugh	8936a5	`+ do {`
Tim Waugh	8936a5	`+ len = read(in, buf, sizeof(buf));`
Tim Waugh	8936a5	`+ } while (len < 0 && errno == EINTR);`
Tim Waugh	22cc21	`+`
Tim Waugh	8936a5	`+ close(in);`
Tim Waugh	38627a	`+`
Tim Waugh	8936a5	`+ if (len < 0 \|\| len >= sizeof(buf))`
Tim Waugh	8936a5	`+ return -1;`
Tim Waugh	38627a	`+`
Tim Waugh	8936a5	`+ errno = 0;`
Tim Waugh	8936a5	`+ buf[len] = 0;`
Tim Waugh	8936a5	`+ uid = strtol(buf, 0, 10);`
Tim Waugh	75d0e8	`+`
Tim Waugh	8936a5	`+ if (errno != 0)`
Tim Waugh	8936a5	`+ return -1;`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ return uid;`
Tim Waugh	8936a5	`+}`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
	47ca1c
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* 'pipe_command()' - Pipe the output of a command to the remote client.`
	d82520	`diff -up cups-1.6.3/scheduler/client.h.lspp cups-1.6.3/scheduler/client.h`
	d82520	`--- cups-1.6.3/scheduler/client.h.lspp 2013-07-12 11:54:00.976623322 +0200`
	d82520	`+++ cups-1.6.3/scheduler/client.h 2013-07-12 11:54:01.017622754 +0200`
Tim Waugh	cb06f2	`@@ -18,6 +18,13 @@`
Tim Waugh	8936a5	`#endif /* HAVE_AUTHORIZATION_H */`
Tim Waugh	8936a5
Tim Waugh	cb06f2
Tim Waugh	8936a5	`+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */`
Tim Waugh	8936a5	`+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */`
Tim Waugh	9ad376	`+`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+#include <selinux/selinux.h>`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	d04237	`+`
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* HTTP client structure...`
Tim Waugh	8936a5	`*/`
	47ca1c	`@@ -63,6 +70,10 @@ struct cupsd_client_s`
Tim Waugh	8936a5	`#ifdef HAVE_AUTHORIZATION_H`
Tim Waugh	8936a5	`AuthorizationRef authref; /* Authorization ref */`
Tim Waugh	8936a5	`#endif /* HAVE_AUTHORIZATION_H */`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ security_context_t scon; /* Security context of connection */`
Tim Waugh	8936a5	`+ uid_t auid; /* Audit loginuid of the client */`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5	`};`
Tim Waugh	8936a5
Tim Waugh	8936a5	`#define HTTP(con) &((con)->http)`
	47ca1c	`@@ -135,6 +146,9 @@ extern void cupsdStartListening(void);`
Tim Waugh	8936a5	`extern void cupsdStopListening(void);`
Tim Waugh	8936a5	`extern void cupsdUpdateCGI(void);`
Tim Waugh	8936a5	`extern void cupsdWriteClient(cupsd_client_t *con);`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+extern uid_t client_pid_to_auid(pid_t clipid);`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5
	47ca1c	`#ifdef HAVE_SSL`
	47ca1c	`extern int cupsdEndTLS(cupsd_client_t *con);`
	d82520	`diff -up cups-1.6.3/scheduler/conf.c.lspp cups-1.6.3/scheduler/conf.c`
	d82520	`--- cups-1.6.3/scheduler/conf.c.lspp 2013-07-12 11:54:00.911624224 +0200`
	d82520	`+++ cups-1.6.3/scheduler/conf.c 2013-07-12 11:54:01.018622740 +0200`
Tim Waugh	2ca5fd	`@@ -34,6 +34,7 @@`
Tim Waugh	2ca5fd	`* read_location() - Read a <Location path> definition.`
Tim Waugh	2ca5fd	`* read_policy() - Read a <Policy name> definition.`
	4743e1	`* set_policy_defaults() - Set default policy values as needed.`
Tim Waugh	8936a5	`+ * is_lspp_config() - Is the system configured for LSPP`
Tim Waugh	8936a5	`*/`
Tim Waugh	8936a5
Tim Waugh	8936a5	`/*`
Tim Waugh	2ca5fd	`@@ -59,6 +60,9 @@`
Tim Waugh	8936a5	`# define INADDR_NONE 0xffffffff`
Tim Waugh	8936a5	`#endif /* !INADDR_NONE */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+# include <libaudit.h>`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* Configuration variable structure...`
	389e11	`@@ -146,6 +150,10 @@ static const cupsd_var_t cupsd_vars[] =`
Tim Waugh	2ca5fd	`{ "ServerName", &ServerName, CUPSD_VARTYPE_STRING },`
Tim Waugh	2ca5fd	`{ "StrictConformance", &StrictConformance, CUPSD_VARTYPE_BOOLEAN },`
Tim Waugh	2ca5fd	`{ "Timeout", &Timeout, CUPSD_VARTYPE_TIME },`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ { "AuditLog", &AuditLog, CUPSD_VARTYPE_INTEGER },`
Tim Waugh	8936a5	`+ { "PerPageLabels", &PerPageLabels, CUPSD_VARTYPE_BOOLEAN },`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	2ca5fd	`{ "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN }`
Tim Waugh	2ca5fd	`};`
Tim Waugh	2ca5fd	`static const cupsd_var_t cupsfiles_vars[] =`
Tim Waugh	2ca5fd	`@@ -545,6 +553,9 @@ cupsdReadConfiguration(void)`
Tim Waugh	8936a5	`const char tmpdir; / TMPDIR environment variable */`
Tim Waugh	8936a5	`struct stat tmpinfo; /* Temporary directory info */`
Tim Waugh	cb06f2	`cupsd_policy_t p; / Policy */`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ char audit_message; / Audit message string */`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5
Tim Waugh	8936a5
Tim Waugh	8936a5	`/*`
	389e11	`@@ -851,6 +862,25 @@ cupsdReadConfiguration(void)`
Tim Waugh	8936a5
Tim Waugh	8936a5	`RunUser = getuid();`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if (AuditLog != -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * ClassifyOverride is set during read_configuration, if its ON, report it now`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ if (ClassifyOverride)`
Tim Waugh	8936a5	`+ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG,`
Tim Waugh	8936a5	`+ "[Config] ClassifyOverride=enabled Users can override print banners",`
Tim Waugh	8936a5	`+ ServerName, NULL, NULL, 1);`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * PerPageLabel is set during read_configuration, if its OFF, report it now`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ if (!PerPageLabels)`
Tim Waugh	8936a5	`+ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG,`
Tim Waugh	8936a5	`+ "[Config] PerPageLabels=disabled", ServerName, NULL, NULL, 1);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	f4b662	`+`
Tim Waugh	a1088d	`cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",`
Tim Waugh	ca53cd	`RemotePort ? "enabled" : "disabled");`
Tim Waugh	a1088d
	389e11	`@@ -1253,7 +1283,19 @@ cupsdReadConfiguration(void)`
Tim Waugh	8936a5	`cupsdClearString(&Classification);`
Tim Waugh	8936a5
Tim Waugh	8936a5	`if (Classification)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if (AuditLog != -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ audit_message = NULL;`
Tim Waugh	8936a5	`+ cupsdSetStringf(&audit_message, "[Config] Classification=%s", Classification);`
Tim Waugh	8936a5	`+ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message,`
Tim Waugh	8936a5	`+ ServerName, NULL, NULL, 1);`
Tim Waugh	8936a5	`+ cupsdClearString(&audit_message);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5
Tim Waugh	8936a5	`/*`
Tim Waugh	cb06f2	`* Check the MaxClients setting, and then allocate memory for it...`
	389e11	`@@ -3639,6 +3681,18 @@ read_location(cups_file_t fp, / I - C`
Tim Waugh	cb98b4	`return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);`
Tim Waugh	8936a5	`}`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+int is_lspp_config()`
Tim Waugh	8936a5	`+{`
Tim Waugh	8936a5	`+ if (Classification != NULL)`
	5bd20b	`+ return ((_cups_strcasecmp(Classification, MLS_CONFIG) == 0)`
	5bd20b	`+ \|\| (_cups_strcasecmp(Classification, TE_CONFIG) == 0)`
	5bd20b	`+ \|\| (_cups_strcasecmp(Classification, SELINUX_CONFIG) == 0));`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ return 0;`
Tim Waugh	8936a5	`+}`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5
Tim Waugh	8936a5	`/*`
Tim Waugh	cb98b4	`* 'read_policy()' - Read a <Policy name> definition.`
	d82520	`diff -up cups-1.6.3/scheduler/conf.h.lspp cups-1.6.3/scheduler/conf.h`
	d82520	`--- cups-1.6.3/scheduler/conf.h.lspp 2013-07-12 11:54:00.911624224 +0200`
	d82520	`+++ cups-1.6.3/scheduler/conf.h 2013-07-12 11:54:01.019622726 +0200`
Tim Waugh	2ca5fd	`@@ -249,6 +249,13 @@ VAR int SSLOptions VALUE(CUPSD_SSL_NO`
Tim Waugh	cb06f2	`/* SSL/TLS options */`
Tim Waugh	8936a5	`#endif /* HAVE_SSL */`
	47ca1c
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+VAR int AuditLog VALUE(-1),`
Tim Waugh	8936a5	`+ /* File descriptor for audit */`
Tim Waugh	8936a5	`+ PerPageLabels VALUE(TRUE);`
Tim Waugh	8936a5	`+ /* Put the label on each page */`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
	47ca1c	`+`
Tim Waugh	8936a5	`#ifdef HAVE_LAUNCHD`
	47ca1c	`VAR int LaunchdTimeout VALUE(10);`
	47ca1c	`/* Time after which an idle cupsd will exit */`
Tim Waugh	2ca5fd	`@@ -267,6 +274,9 @@ int HaveServerCreds VALUE(0);`
	47ca1c	`gss_cred_id_t ServerCreds; /* Server's GSS credentials */`
	47ca1c	`#endif /* HAVE_GSSAPI */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
	47ca1c	`+extern int is_lspp_config(void);`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* Prototypes...`
	d82520	`diff -up cups-1.6.3/scheduler/cupsd.h.lspp cups-1.6.3/scheduler/cupsd.h`
	d82520	`--- cups-1.6.3/scheduler/cupsd.h.lspp 2013-07-12 11:54:01.005622920 +0200`
	d82520	`+++ cups-1.6.3/scheduler/cupsd.h 2013-07-12 11:54:01.019622726 +0200`
	770e27	`@@ -13,6 +13,8 @@`
	770e27	`* file is missing or damaged, see the license at "http://www.cups.org/".`
	770e27	`*/`
	770e27
	770e27	`+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */`
	770e27	`+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */`
	770e27
	770e27	`/*`
	770e27	`* Include necessary headers.`
	770e27	`@@ -37,13 +39,20 @@`
	770e27	`# include <unistd.h>`
	770e27	`#endif /* WIN32 */`
	770e27
	770e27	`+#include "config.h"`
	770e27	`+#ifdef WITH_LSPP`
	770e27	`+# define MLS_CONFIG "mls"`
	770e27	`+# define TE_CONFIG "te"`
	770e27	`+# define SELINUX_CONFIG "SELinux"`
	770e27	`+# define UNKNOWN_SL "UNKNOWN SL"`
	770e27	`+#endif /* WITH_LSPP */`
	770e27	`+`
	770e27	`#include "mime.h"`
	770e27
	770e27	`#if defined(HAVE_CDSASSL)`
	770e27	`# include <CoreFoundation/CoreFoundation.h>`
	770e27	`#endif /* HAVE_CDSASSL */`
	770e27
	770e27	`-`
	770e27	`/*`
	770e27	`* Some OS's don't have hstrerror(), most notably Solaris...`
	770e27	`*/`
	d82520	`diff -up cups-1.6.3/scheduler/ipp.c.lspp cups-1.6.3/scheduler/ipp.c`
	d82520	`--- cups-1.6.3/scheduler/ipp.c.lspp 2013-07-12 11:54:00.940623822 +0200`
	d82520	`+++ cups-1.6.3/scheduler/ipp.c 2013-07-12 11:54:01.022622684 +0200`
	47ca1c	`@@ -35,6 +35,7 @@`
	4743e1	`* cancel_all_jobs() - Cancel all or selected print jobs.`
Tim Waugh	8936a5	`* cancel_job() - Cancel a print job.`
Tim Waugh	8936a5	`* cancel_subscription() - Cancel a subscription.`
Tim Waugh	8936a5	`+ * check_context() - Check the SELinux context for a user and job`
Tim Waugh	34fc0f	`* check_rss_recipient() - Check that we do not have a duplicate RSS`
Tim Waugh	34fc0f	`* feed URI.`
	4743e1	`* check_quotas() - Check quotas for a printer and user.`
	47ca1c	`@@ -99,6 +100,9 @@`
Tim Waugh	8936a5	`* validate_user() - Validate the user for the request.`
Tim Waugh	8936a5	`*/`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */`
Tim Waugh	8936a5	`+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* Include necessary headers...`
Tim Waugh	8936a5	`*/`
	47ca1c	`@@ -122,6 +126,14 @@ extern int mbr_check_membership_by_id(uu`
Tim Waugh	8936a5	`# endif /* HAVE_MEMBERSHIPPRIV_H */`
Tim Waugh	8936a5	`#endif /* __APPLE__ */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+#include <libaudit.h>`
Tim Waugh	8936a5	`+#include <selinux/selinux.h>`
Tim Waugh	8936a5	`+#include <selinux/context.h>`
Tim Waugh	8936a5	`+#include <selinux/avc.h>`
Tim Waugh	8936a5	`+#include <selinux/flask.h>`
Tim Waugh	8936a5	`+#include <selinux/av_permissions.h>`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* Local functions...`
	47ca1c	`@@ -146,6 +158,9 @@ static void cancel_all_jobs(cupsd_client`
Tim Waugh	8936a5	`static void cancel_job(cupsd_client_t con, ipp_attribute_t uri);`
Tim Waugh	8936a5	`static void cancel_subscription(cupsd_client_t *con, int id);`
Tim Waugh	34fc0f	`static int check_rss_recipient(const char *recipient);`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+static int check_context(cupsd_client_t con, cupsd_job_t job);`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5	`static int check_quotas(cupsd_client_t con, cupsd_printer_t p);`
	47ca1c	`static void close_job(cupsd_client_t con, ipp_attribute_t uri);`
	47ca1c	`static void copy_attrs(ipp_t to, ipp_t from, cups_array_t *ra,`
	389e11	`@@ -1300,6 +1315,21 @@ add_job(cupsd_client_t con, / I - Cl`
	389e11	`"time-at-creation",`
	389e11	`"time-at-processing"`
	389e11	`};`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ char audit_message; / Audit message string */`
Tim Waugh	8936a5	`+ char printerfile; / device file pointed to by the printer */`
Tim Waugh	8936a5	`+ char userheader = NULL; / User supplied job-sheets[0] */`
Tim Waugh	8936a5	`+ char userfooter = NULL; / User supplied job-sheets[1] */`
Tim Waugh	8936a5	`+ int override = 0; /* Was a banner overrode on a job */`
Tim Waugh	8936a5	`+ security_id_t clisid; /* SELinux SID for the client */`
Tim Waugh	8936a5	`+ security_id_t psid; /* SELinux SID for the printer */`
Tim Waugh	8936a5	`+ context_t printercon; /* Printer's context string */`
Tim Waugh	8936a5	`+ struct stat printerstat; /* Printer's stat buffer */`
Tim Waugh	8936a5	`+ security_context_t devcon; /* Printer's SELinux context */`
Tim Waugh	8936a5	`+ struct avc_entry_ref avcref; /* Pointer to the access vector cache */`
Tim Waugh	8936a5	`+ security_class_t tclass; /* Object class for the SELinux check */`
Tim Waugh	8936a5	`+ access_vector_t avr; /* Access method being requested */`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5
Tim Waugh	8936a5
Tim Waugh	8936a5	`cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))",`
	389e11	`@@ -1640,6 +1670,106 @@ add_job(cupsd_client_t con, / I - Cl`
	389e11	`}`
	389e11	`}`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if (is_lspp_config())`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (!con->scon \|\| strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR, "add_job: missing classification for connection \'%s\'!", printer->name);`
Tim Waugh	8936a5	`+ send_ipp_status(con, IPP_INTERNAL_ERROR, _("Missing required security attributes."));`
Tim Waugh	8936a5	`+ return (NULL);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * Perform an access check so that if the user gets feedback at enqueue time`
Tim Waugh	8936a5	`+ */`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`+ printerfile = strstr(printer->device_uri, "/dev/");`
Tim Waugh	8936a5	`+ if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0))`
Tim Waugh	08a85d	`+ printerfile = printer->device_uri + strlen("file:");`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`+ if (printerfile != NULL)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: Attempting an access check on printer device %s",`
Tim Waugh	8936a5	`+ printerfile);`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`+ if (lstat(printerfile, &printerstat) < 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (errno != ENOENT)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to stat the printer"));`
Tim Waugh	8936a5	`+ return (NULL);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * The printer does not exist, so for now assume it's a FileDevice`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ tclass = SECCLASS_FILE;`
Tim Waugh	8936a5	`+ avr = FILE__WRITE;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ else if (S_ISCHR(printerstat.st_mode))`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ tclass = SECCLASS_CHR_FILE;`
Tim Waugh	8936a5	`+ avr = CHR_FILE__WRITE;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ else if (S_ISREG(printerstat.st_mode))`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ tclass = SECCLASS_FILE;`
Tim Waugh	8936a5	`+ avr = FILE__WRITE;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Printer is not a character device or regular file"));`
Tim Waugh	8936a5	`+ return (NULL);`
Tim Waugh	8936a5	`+ }`
	9ed0ac	`+ static avc_initialized = 0;`
	9ed0ac	`+ if (!avc_initialized++)`
	9ed0ac	`+ avc_init("cupsd_enqueue_", NULL, NULL, NULL, NULL);`
Tim Waugh	8936a5	`+ avc_entry_ref_init(&avcref);`
Tim Waugh	8936a5	`+ if (avc_context_to_sid(con->scon, &clisid) != 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the client"));`
Tim Waugh	8936a5	`+ return (NULL);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ if (getfilecon(printerfile, &devcon) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux context of the printer"));`
Tim Waugh	8936a5	`+ return (NULL);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ printercon = context_new(devcon);`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: printer context %s client context %s",`
Tim Waugh	8936a5	`+ context_str(printercon), con->scon);`
Tim Waugh	8936a5	`+ context_free(printercon);`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`+ if (avc_context_to_sid(devcon, &psid) != 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the printer"));`
Tim Waugh	8936a5	`+ freecon(devcon);`
Tim Waugh	8936a5	`+ return (NULL);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ freecon(devcon);`
Tim Waugh	8936a5	`+ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * The access check failed, so cancel the job and send an audit message`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ if (AuditLog != -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ audit_message = NULL;`
Tim Waugh	8936a5	`+ cupsdSetStringf(&audit_message, "job=? auid=%u acct=%s obj=%s refused"`
Tim Waugh	8936a5	`+ " unable to access printer=%s", con->auid,`
Tim Waugh	8936a5	`+ con->username, con->scon, printer->name);`
Tim Waugh	8936a5	`+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,`
Tim Waugh	8936a5	`+ ServerName, NULL, NULL, 0);`
Tim Waugh	8936a5	`+ cupsdClearString(&audit_message);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("SELinux prohibits access to the printer"));`
Tim Waugh	8936a5	`+ return (NULL);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`if ((job = cupsdAddJob(priority, printer->name)) == NULL)`
Tim Waugh	8936a5	`{`
Tim Waugh	8936a5	`send_ipp_status(con, IPP_INTERNAL_ERROR,`
	389e11	`@@ -1648,6 +1778,32 @@ add_job(cupsd_client_t con, / I - Cl`
Tim Waugh	8936a5	`return (NULL);`
Tim Waugh	8936a5	`}`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if (is_lspp_config())`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * duplicate the security context and auid of the connection into the job structure`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ job->scon = strdup(con->scon);`
Tim Waugh	8936a5	`+ job->auid = con->auid;`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * add the security context to the request so that on a restart the security`
Tim Waugh	8936a5	`+ * attributes will be able to be restored`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "security-context",`
Tim Waugh	8936a5	`+ NULL, job->scon);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * Fill in the security context of the job as unlabeled`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: setting context of job to %s", UNKNOWN_SL);`
Tim Waugh	8936a5	`+ cupsdSetString(&job->scon, UNKNOWN_SL);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	f4b662	`+`
	47ca1c	`job->dtype = printer->type & (CUPS_PRINTER_CLASS \| CUPS_PRINTER_REMOTE);`
Tim Waugh	8936a5	`job->attrs = con->request;`
	47ca1c	`job->dirty = 1;`
	389e11	`@@ -1857,6 +2013,29 @@ add_job(cupsd_client_t con, / I - Cl`
Tim Waugh	1e5683	`attr->values[0].string.text = _cupsStrRetain(printer->job_sheets[0]);`
Tim Waugh	1e5683	`attr->values[1].string.text = _cupsStrRetain(printer->job_sheets[1]);`
Tim Waugh	8936a5	`}`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * The option was present, so capture the user supplied strings`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ userheader = strdup(attr->values[0].string.text);`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`+ if (attr->num_values > 1)`
Tim Waugh	8936a5	`+ userfooter = strdup(attr->values[1].string.text);`
Tim Waugh	8936a5	`+`
Tim Waugh	8936a5	`+ if (Classification != NULL && (strcmp(userheader, Classification) == 0)`
Tim Waugh	8936a5	`+ && userfooter &&(strcmp(userfooter, Classification) == 0))`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * Since both values are Classification, the user is not trying to Override`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ free(userheader);`
Tim Waugh	8936a5	`+ if (userfooter) free(userfooter);`
Tim Waugh	8936a5	`+ userheader = userfooter = NULL;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`job->job_sheets = attr;`
Tim Waugh	8936a5
	389e11	`@@ -1887,6 +2066,9 @@ add_job(cupsd_client_t con, / I - Cl`
Tim Waugh	cb06f2	`"job-sheets=\"%s,none\", "`
Tim Waugh	cb06f2	`"job-originating-user-name=\"%s\"",`
Tim Waugh	cb06f2	`Classification, job->username);`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	cb06f2	`+ override = 1;`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5	`}`
Tim Waugh	8936a5	`else if (attr->num_values == 2 &&`
Tim Waugh	8936a5	`strcmp(attr->values[0].string.text,`
	389e11	`@@ -1905,6 +2087,9 @@ add_job(cupsd_client_t con, / I - Cl`
Tim Waugh	cb06f2	`"job-originating-user-name=\"%s\"",`
Tim Waugh	cb06f2	`attr->values[0].string.text,`
Tim Waugh	cb06f2	`attr->values[1].string.text, job->username);`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	cb06f2	`+ override = 1;`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5	`}`
Tim Waugh	8936a5	`else if (strcmp(attr->values[0].string.text, Classification) &&`
Tim Waugh	8936a5	`strcmp(attr->values[0].string.text, "none") &&`
	389e11	`@@ -1925,6 +2110,9 @@ add_job(cupsd_client_t con, / I - Cl`
Tim Waugh	cb06f2	`"job-originating-user-name=\"%s\"",`
Tim Waugh	cb06f2	`attr->values[0].string.text,`
Tim Waugh	cb06f2	`attr->values[1].string.text, job->username);`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	cb06f2	`+ override = 1;`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5	`}`
Tim Waugh	8936a5	`}`
Tim Waugh	8936a5	`else if (strcmp(attr->values[0].string.text, Classification) &&`
	389e11	`@@ -1965,8 +2153,52 @@ add_job(cupsd_client_t con, / I - Cl`
Tim Waugh	cb06f2	`"job-sheets=\"%s\", "`
Tim Waugh	cb06f2	`"job-originating-user-name=\"%s\"",`
Tim Waugh	cb06f2	`Classification, job->username);`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	cb06f2	`+ override = 1;`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if (is_lspp_config() && AuditLog != -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ audit_message = NULL;`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`+ if (userheader \|\| userfooter)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (!override)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * The user overrode the banner, so audit it`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s"`
Tim Waugh	8936a5	`+ " using banners=%s,%s", job->id, userheader,`
Tim Waugh	8936a5	`+ userfooter, attr->values[0].string.text,`
Tim Waugh	8936a5	`+ (attr->num_values > 1) ? attr->values[1].string.text : "(null)");`
Tim Waugh	8936a5	`+ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message,`
Tim Waugh	8936a5	`+ ServerName, NULL, NULL, 1);`
Tim Waugh	cb06f2	`+ }`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * The user tried to override the banner, audit the failure`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s"`
Tim Waugh	8936a5	`+ " ignored banners=%s,%s", job->id, userheader,`
Tim Waugh	8936a5	`+ userfooter, attr->values[0].string.text,`
Tim Waugh	8936a5	`+ (attr->num_values > 1) ? attr->values[1].string.text : "(null)");`
Tim Waugh	8936a5	`+ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message,`
Tim Waugh	8936a5	`+ ServerName, NULL, NULL, 0);`
Tim Waugh	cb06f2	`+ }`
Tim Waugh	8936a5	`+ cupsdClearString(&audit_message);`
Tim Waugh	cb06f2	`+ }`
Tim Waugh	8936a5	`}`
Tim Waugh	cb06f2	`+`
Tim Waugh	8936a5	`+ if (userheader)`
Tim Waugh	8936a5	`+ free(userheader);`
Tim Waugh	8936a5	`+ if (userfooter)`
Tim Waugh	8936a5	`+ free(userfooter);`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	cb06f2	`}`
Tim Waugh	cb06f2	`+`
Tim Waugh	cb06f2
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* See if we need to add the starting sheet...`
	389e11	`@@ -3730,6 +3962,111 @@ check_rss_recipient(`
Tim Waugh	8936a5	`}`
Tim Waugh	8936a5
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+/*`
Tim Waugh	8936a5	`+ * 'check_context()' - Check SELinux security context of a user and job`
Tim Waugh	8936a5	`+ */`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`+static int /* O - 1 if OK, 0 if not, -1 on error */`
Tim Waugh	8936a5	`+check_context(cupsd_client_t con, / I - Client connection */`
Tim Waugh	8936a5	`+ cupsd_job_t job) / I - Job */`
Tim Waugh	8936a5	`+{`
Tim Waugh	8936a5	`+ int enforcing; /* is SELinux in enforcing mode */`
Tim Waugh	8936a5	`+ char filename[1024]; /* Filename of the spool file */`
Tim Waugh	8936a5	`+ security_id_t clisid; /* SELinux SID of the client */`
Tim Waugh	8936a5	`+ security_id_t jobsid; /* SELinux SID of the job */`
Tim Waugh	8936a5	`+ security_id_t filesid; /* SELinux SID of the spool file */`
Tim Waugh	8936a5	`+ struct avc_entry_ref avcref; /* AVC entry cache pointer */`
Tim Waugh	8936a5	`+ security_class_t tclass; /* SELinux security class */`
Tim Waugh	8936a5	`+ access_vector_t avr; /* SELinux access being queried */`
Tim Waugh	8936a5	`+ security_context_t spoolfilecon; /* SELinux context of the spool file */`
Tim Waugh	f4b662	`+`
Tim Waugh	75d0e8	`+`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * Validate the input to be sure there are contexts to work with...`
Tim Waugh	8936a5	`+ */`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`+ if (con->scon == NULL \|\| job->scon == NULL`
Tim Waugh	8936a5	`+ \|\| strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0`
Tim Waugh	8936a5	`+ \|\| strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)`
Tim Waugh	8936a5	`+ return -1;`
Tim Waugh	75d0e8	`+`
Tim Waugh	8936a5	`+ if ((enforcing = security_getenforce()) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR, "Error while determining SELinux enforcement");`
Tim Waugh	8936a5	`+ return -1;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_DEBUG, "check_context: client context %s job context %s", con->scon, job->scon);`
Tim Waugh	75d0e8	`+`
Tim Waugh	75d0e8	`+`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * Initialize the avc engine...`
Tim Waugh	8936a5	`+ */`
Tim Waugh	22cc21	`+`
	9ed0ac	`+ static avc_initialized = 0;`
	9ed0ac	`+ if (! avc_initialized++)`
Tim Waugh	8936a5	`+ {`
	9ed0ac	`+ if (avc_init("cupsd", NULL, NULL, NULL, NULL) < 0)`
	9ed0ac	`+ {`
	9ed0ac	`+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable avc_init");`
	9ed0ac	`+ return -1;`
	9ed0ac	`+ }`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ if (avc_context_to_sid(con->scon, &clisid) != 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable to convert %s to SELinux sid", con->scon);`
Tim Waugh	8936a5	`+ return -1;`
Tim Waugh	8936a5	`+ }`
	85d072	`+ if (avc_context_to_sid(job->scon, &jobsid) != 0)`
	85d072	`+ {`
	85d072	`+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable to convert %s to SELinux sid", job->scon);`
	85d072	`+ return -1;`
	85d072	`+ }`
Tim Waugh	8936a5	`+ avc_entry_ref_init(&avcref);`
Tim Waugh	8936a5	`+ tclass = SECCLASS_FILE;`
Tim Waugh	8936a5	`+ avr = FILE__READ;`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * Perform the check with the client as the subject, first with the job as the object`
Tim Waugh	8936a5	`+ * if that fails then with the spool file as the object...`
Tim Waugh	8936a5	`+ */`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`+ if (avc_has_perm_noaudit(clisid, jobsid, tclass, avr, &avcref, NULL) != 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access based on the client context");`
Tim Waugh	5dd986	`+`
Tim Waugh	8936a5	`+ snprintf(filename, sizeof(filename), "%s/c%05d", RequestRoot, job->id);`
Tim Waugh	8936a5	`+ if (getfilecon(filename, &spoolfilecon) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to get spoolfile context");`
Tim Waugh	8936a5	`+ return -1;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ if (avc_context_to_sid(spoolfilecon, &filesid) != 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to determine the SELinux sid for the spool file");`
Tim Waugh	8936a5	`+ freecon(spoolfilecon);`
Tim Waugh	8936a5	`+ return -1;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ freecon(spoolfilecon);`
Tim Waugh	8936a5	`+ if (avc_has_perm_noaudit(clisid, filesid, tclass, avr, &avcref, NULL) != 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access to the spool file");`
Tim Waugh	8936a5	`+ return 0;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access to the spool file");`
Tim Waugh	8936a5	`+ return 1;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ if (enforcing == 0)`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: allowing operation due to permissive mode");`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access based on the client context");`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`+ return 1;`
Tim Waugh	8936a5	`+}`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	f4b662	`+`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* 'check_quotas()' - Check quotas for a printer and user.`
Tim Waugh	8936a5	`*/`
	389e11	`@@ -4182,6 +4519,15 @@ copy_banner(cupsd_client_t con, / I -`
Tim Waugh	8936a5	`char attrname[255], /* Name of attribute */`
Tim Waugh	8936a5	`s; / Pointer into name */`
Tim Waugh	8936a5	`ipp_attribute_t attr; / Attribute */`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ const char mls_label; / SL of print job */`
Tim Waugh	8936a5	`+ char jobrange; / SELinux sensitivity range */`
Tim Waugh	8936a5	`+ char jobclearance; / SELinux low end clearance */`
Tim Waugh	8936a5	`+ context_t jobcon; /* SELinux context of the job */`
Tim Waugh	8936a5	`+ context_t tmpcon; /* Temp context to set the level */`
Tim Waugh	8936a5	`+ security_context_t spoolcon; /* Context of the file in the spool */`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5
Tim Waugh	8936a5
Tim Waugh	34fc0f	`cupsdLogMessage(CUPSD_LOG_DEBUG2,`
	389e11	`@@ -4217,6 +4563,82 @@ copy_banner(cupsd_client_t con, / I -`
Tim Waugh	8936a5
Tim Waugh	8936a5	`fchmod(cupsFileNumber(out), 0640);`
Tim Waugh	8936a5	`fchown(cupsFileNumber(out), RunUser, Group);`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if (job->scon != NULL &&`
Tim Waugh	8936a5	`+ strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (getfilecon(filename, &spoolcon) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR,`
Tim Waugh	8936a5	`+ "copy_banner: Unable to get the context of the banner file %s - %s",`
Tim Waugh	8936a5	`+ filename, strerror(errno));`
Tim Waugh	8936a5	`+ job->num_files --;`
Tim Waugh	8936a5	`+ return (0);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ tmpcon = context_new(spoolcon);`
Tim Waugh	8936a5	`+ jobcon = context_new(job->scon);`
Tim Waugh	8936a5	`+ freecon(spoolcon);`
Tim Waugh	8936a5	`+ if (!tmpcon \|\| !jobcon)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (tmpcon)`
Tim Waugh	8936a5	`+ context_free(tmpcon);`
Tim Waugh	8936a5	`+ if (jobcon)`
Tim Waugh	8936a5	`+ context_free(jobcon);`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR,`
Tim Waugh	8936a5	`+ "copy_banner: Unable to get the SELinux contexts");`
Tim Waugh	8936a5	`+ job->num_files --;`
Tim Waugh	8936a5	`+ return (0);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ jobrange = context_range_get(jobcon);`
Tim Waugh	8936a5	`+ if (jobrange)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ jobrange = strdup(jobrange);`
Tim Waugh	8936a5	`+ if ((jobclearance = strtok(jobrange, "-")) != NULL)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (context_range_set(tmpcon, jobclearance) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR,`
Tim Waugh	8936a5	`+ "copy_banner: Unable to set the level of the context for file %s - %s",`
Tim Waugh	8936a5	`+ filename, strerror(errno));`
Tim Waugh	8936a5	`+ free(jobrange);`
Tim Waugh	8936a5	`+ context_free(jobcon);`
Tim Waugh	8936a5	`+ context_free(tmpcon);`
Tim Waugh	8936a5	`+ job->num_files --;`
Tim Waugh	8936a5	`+ return (0);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR,`
Tim Waugh	8936a5	`+ "copy_banner: Unable to set the level of the context for file %s - %s",`
Tim Waugh	8936a5	`+ filename, strerror(errno));`
Tim Waugh	8936a5	`+ free(jobrange);`
Tim Waugh	8936a5	`+ context_free(jobcon);`
Tim Waugh	8936a5	`+ context_free(tmpcon);`
Tim Waugh	8936a5	`+ job->num_files --;`
Tim Waugh	8936a5	`+ return (0);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ free(jobrange);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ if (setfilecon(filename, context_str(tmpcon)) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR,`
Tim Waugh	8936a5	`+ "copy_banner: Unable to set the context of the banner file %s - %s",`
Tim Waugh	8936a5	`+ filename, strerror(errno));`
Tim Waugh	8936a5	`+ context_free(jobcon);`
Tim Waugh	8936a5	`+ context_free(tmpcon);`
Tim Waugh	8936a5	`+ job->num_files --;`
Tim Waugh	8936a5	`+ return (0);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "copy_banner: %s set to %s",`
Tim Waugh	8936a5	`+ filename, context_str(tmpcon));`
Tim Waugh	8936a5	`+ context_free(jobcon);`
Tim Waugh	8936a5	`+ context_free(tmpcon);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* Try the localized banner file under the subdirectory...`
	389e11	`@@ -4311,6 +4733,24 @@ copy_banner(cupsd_client_t con, / I -`
Tim Waugh	8936a5	`else`
Tim Waugh	8936a5	`s = attrname;`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if (strcmp(s, "mls-label") == 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (job->scon != NULL && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ jobcon = context_new(job->scon);`
	5bd20b	`+ if (_cups_strcasecmp(name, MLS_CONFIG) == 0)`
Tim Waugh	8936a5	`+ mls_label = context_range_get(jobcon);`
	5bd20b	`+ else if (_cups_strcasecmp(name, TE_CONFIG) == 0)`
Tim Waugh	8936a5	`+ mls_label = context_type_get(jobcon);`
Tim Waugh	8936a5	`+ else // default to using the whole context string`
Tim Waugh	8936a5	`+ mls_label = context_str(jobcon);`
Tim Waugh	8936a5	`+ cupsFilePuts(out, mls_label);`
Tim Waugh	8936a5	`+ context_free(jobcon);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ continue;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5	`if (!strcmp(s, "printer-name"))`
Tim Waugh	8936a5	`{`
Tim Waugh	8936a5	`cupsFilePuts(out, job->dest);`
	389e11	`@@ -6388,6 +6828,22 @@ get_job_attrs(cupsd_client_t con, / I`
	4743e1
	4743e1	`exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username);`
Tim Waugh	8936a5
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * Check SELinux...`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ if (is_lspp_config() && check_context(con, job) != 1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * Unfortunately we have to lie to the user...`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ send_ipp_status(con, IPP_NOT_FOUND, _("Job #%d does not exist!"), jobid);`
Tim Waugh	8936a5	`+ return;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	d04237	`+`
Tim Waugh	ee6b34	`+`
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* Copy attributes...`
Tim Waugh	8936a5	`*/`
	389e11	`@@ -6741,6 +7197,11 @@ get_jobs(cupsd_client_t con, / I - C`
	4743e1	`if (username[0] && _cups_strcasecmp(username, job->username))`
	4743e1	`continue;`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
	4743e1	`+ if (is_lspp_config() && check_context(con, job) != 1)`
	4743e1	`+ continue;`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	e7076f	`+`
	4743e1	`if (count > 0)`
	4743e1	`ippAddSeparator(con->response);`
Tim Waugh	8936a5
	d82520	`@@ -11309,6 +11770,11 @@ validate_user(cupsd_job_t job, / I`
Tim Waugh	8936a5
Tim Waugh	8936a5	`strlcpy(username, get_username(con), userlen);`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if (is_lspp_config() && check_context(con, job) != 1)`
Tim Waugh	8936a5	`+ return 0;`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* Check the username against the owner...`
Tim Waugh	8936a5	`*/`
	d82520	`diff -up cups-1.6.3/scheduler/job.c.lspp cups-1.6.3/scheduler/job.c`
	d82520	`--- cups-1.6.3/scheduler/job.c.lspp 2013-07-12 11:54:00.955623614 +0200`
	d82520	`+++ cups-1.6.3/scheduler/job.c 2013-07-12 11:59:53.147736756 +0200`
	47ca1c	`@@ -68,6 +68,9 @@`
	47ca1c	`* update_job_attrs() - Update the job-printer-* attributes.`
Tim Waugh	8936a5	`*/`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */`
Tim Waugh	8936a5	`+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* Include necessary headers...`
Tim Waugh	8936a5	`*/`
	47ca1c	`@@ -83,6 +86,14 @@`
	4743e1	`# endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */`
	4743e1	`#endif /* __APPLE__ */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+#include <libaudit.h>`
Tim Waugh	8936a5	`+#include <selinux/selinux.h>`
Tim Waugh	8936a5	`+#include <selinux/context.h>`
Tim Waugh	8936a5	`+#include <selinux/avc.h>`
Tim Waugh	8936a5	`+#include <selinux/flask.h>`
Tim Waugh	8936a5	`+#include <selinux/av_permissions.h>`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`/*`
Tim Waugh	a1088d	`* Design Notes for Job Management`
	47ca1c	`@@ -580,6 +591,14 @@ cupsdContinueJob(cupsd_job_t job) / I`
	4743e1	`/* PRINTER_STATE_REASONS env var */`
Tim Waugh	a1088d	`rip_max_cache[255];`
Tim Waugh	a1088d	`/* RIP_MAX_CACHE env variable */`
Tim Waugh	a1088d	`+#ifdef WITH_LSPP`
Tim Waugh	a1088d	`+ char audit_message = NULL; / Audit message string */`
Tim Waugh	a1088d	`+ context_t jobcon; /* SELinux context of the job */`
Tim Waugh	a1088d	`+ char label_template = NULL; / SL to put in classification`
Tim Waugh	a1088d	`+ env var */`
Tim Waugh	a1088d	`+ const char mls_label = NULL; / SL to put in classification`
Tim Waugh	a1088d	`+ env var */`
Tim Waugh	a1088d	`+#endif /* WITH_LSPP */`
Tim Waugh	a1088d
Tim Waugh	a1088d
Tim Waugh	a1088d	`cupsdLogMessage(CUPSD_LOG_DEBUG2,`
	d82520	`@@ -1092,6 +1111,67 @@ cupsdContinueJob(cupsd_job_t job) / I`
	d82520	`if (final_content_type[0])`
	d82520	`envp[envc ++] = final_content_type;`
Tim Waugh	a1088d
Tim Waugh	a1088d	`+#ifdef WITH_LSPP`
Tim Waugh	a1088d	`+ if (is_lspp_config())`
Tim Waugh	a1088d	`+ {`
Tim Waugh	a1088d	`+ if (!job->scon \|\| strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)`
Tim Waugh	a1088d	`+ {`
Tim Waugh	a1088d	`+ if (AuditLog != -1)`
Tim Waugh	a1088d	`+ {`
Tim Waugh	a1088d	`+ audit_message = NULL;`
Tim Waugh	a1088d	`+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s",`
Tim Waugh	a1088d	`+ job->id, job->auid, job->username, job->printer->name, title);`
Tim Waugh	a1088d	`+ audit_log_user_message(AuditLog, AUDIT_USER_UNLABELED_EXPORT, audit_message,`
Tim Waugh	a1088d	`+ ServerName, NULL, NULL, 1);`
Tim Waugh	a1088d	`+ cupsdClearString(&audit_message);`
Tim Waugh	a1088d	`+ }`
Tim Waugh	a1088d	`+ }`
Tim Waugh	a1088d	`+ else`
Tim Waugh	a1088d	`+ {`
Tim Waugh	a1088d	`+ jobcon = context_new(job->scon);`
Tim Waugh	a1088d	`+`
Tim Waugh	a1088d	`+ if ((attr = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME)) == NULL)`
Tim Waugh	a1088d	`+ label_template = strdup(Classification);`
Tim Waugh	a1088d	`+ else if (attr->num_values > 1 &&`
Tim Waugh	a1088d	`+ strcmp(attr->values[1].string.text, "none") != 0)`
Tim Waugh	a1088d	`+ label_template = strdup(attr->values[1].string.text);`
Tim Waugh	a1088d	`+ else`
Tim Waugh	a1088d	`+ label_template = strdup(attr->values[0].string.text);`
Tim Waugh	a1088d	`+`
	5bd20b	`+ if (_cups_strcasecmp(label_template, MLS_CONFIG) == 0)`
Tim Waugh	a1088d	`+ mls_label = context_range_get(jobcon);`
	5bd20b	`+ else if (_cups_strcasecmp(label_template, TE_CONFIG) == 0)`
Tim Waugh	a1088d	`+ mls_label = context_type_get(jobcon);`
	5bd20b	`+ else if (_cups_strcasecmp(label_template, SELINUX_CONFIG) == 0)`
Tim Waugh	a1088d	`+ mls_label = context_str(jobcon);`
Tim Waugh	a1088d	`+ else`
Tim Waugh	a1088d	`+ mls_label = label_template;`
Tim Waugh	a1088d	`+`
Tim Waugh	a1088d	`+ if (mls_label && (PerPageLabels \|\| banner_page))`
Tim Waugh	a1088d	`+ {`
Tim Waugh	a1088d	`+ snprintf(classification, sizeof(classification), "CLASSIFICATION=LSPP:%s", mls_label);`
Tim Waugh	a1088d	`+ envp[envc ++] = classification;`
Tim Waugh	a1088d	`+ }`
Tim Waugh	a1088d	`+`
Tim Waugh	a1088d	`+ if ((AuditLog != -1) && !banner_page)`
Tim Waugh	a1088d	`+ {`
Tim Waugh	a1088d	`+ audit_message = NULL;`
Tim Waugh	a1088d	`+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s"`
Tim Waugh	a1088d	`+ " obj=%s label=%s", job->id, job->auid, job->username,`
Tim Waugh	a1088d	`+ job->printer->name, title, job->scon, mls_label?mls_label:"none");`
Tim Waugh	a1088d	`+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,`
Tim Waugh	a1088d	`+ ServerName, NULL, NULL, 1);`
Tim Waugh	a1088d	`+ cupsdClearString(&audit_message);`
Tim Waugh	a1088d	`+ }`
Tim Waugh	a1088d	`+ context_free(jobcon);`
Tim Waugh	a1088d	`+ free(label_template);`
Tim Waugh	a1088d	`+ }`
Tim Waugh	a1088d	`+ }`
Tim Waugh	a1088d	`+ else`
Tim Waugh	a1088d	`+ /*`
Tim Waugh	a1088d	`+ * Fall through to the non-LSPP behavior`
Tim Waugh	a1088d	`+ */`
Tim Waugh	a1088d	`+#endif /* WITH_LSPP */`
Tim Waugh	a1088d	`if (Classification && !banner_page)`
Tim Waugh	a1088d	`{`
Tim Waugh	a1088d	`if ((attr = ippFindAttribute(job->attrs, "job-sheets",`
	d82520	`@@ -1866,6 +1946,20 @@ cupsdLoadJob(cupsd_job_t job) / I - J`
	47ca1c	`ippSetString(job->attrs, &job->reasons, 0, "none");`
Tim Waugh	8936a5	`}`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if ((attr = ippFindAttribute(job->attrs, "security-context", IPP_TAG_NAME)) != NULL)`
Tim Waugh	8936a5	`+ cupsdSetString(&job->scon, attr->values[0].string.text);`
Tim Waugh	8936a5	`+ else if (is_lspp_config())`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * There was no security context so delete the job`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR, "LoadAllJobs: Missing or bad security-context attribute in control file \"%s\"!",`
Tim Waugh	8936a5	`+ jobfile);`
Tim Waugh	3244c6	`+ goto error;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`job->sheets = ippFindAttribute(job->attrs, "job-media-sheets-completed",`
Tim Waugh	8936a5	`IPP_TAG_INTEGER);`
Tim Waugh	8936a5	`job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME);`
	d82520	`@@ -2259,6 +2353,14 @@ cupsdSaveJob(cupsd_job_t job) / I - J`
	47ca1c	`{`
	47ca1c	`char filename[1024]; /* Job control filename */`
Tim Waugh	8936a5	`cups_file_t fp; / Job file */`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ security_context_t spoolcon; /* context of the job control file */`
Tim Waugh	8936a5	`+ context_t jobcon; /* contex_t container for job->scon */`
Tim Waugh	8936a5	`+ context_t tmpcon; /* Temp context to swap the level */`
Tim Waugh	a1088d	`+ char jobclearance; / SELinux low end clearance */`
Tim Waugh	a1088d	`+ const char jobrange; / SELinux sensitivity range */`
Tim Waugh	a1088d	`+ char jobrange_copy; / SELinux sensitivity range */`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5
Tim Waugh	8936a5
Tim Waugh	8936a5	`cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p",`
	d82520	`@@ -2271,6 +2373,76 @@ cupsdSaveJob(cupsd_job_t job) / I - J`
	47ca1c
Tim Waugh	8936a5	`fchown(cupsFileNumber(fp), RunUser, Group);`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if (job->scon && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (getfilecon(filename, &spoolcon) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR,`
Tim Waugh	8936a5	`+ "Unable to get context of job control file \"%s\" - %s.",`
Tim Waugh	8936a5	`+ filename, strerror(errno));`
Tim Waugh	8936a5	`+ return;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ jobcon = context_new(job->scon);`
Tim Waugh	8936a5	`+ tmpcon = context_new(spoolcon);`
Tim Waugh	8936a5	`+ freecon(spoolcon);`
Tim Waugh	8936a5	`+ if (!jobcon \|\| !tmpcon)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (jobcon)`
Tim Waugh	8936a5	`+ context_free(jobcon);`
Tim Waugh	8936a5	`+ if (tmpcon)`
Tim Waugh	8936a5	`+ context_free(tmpcon);`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get SELinux contexts");`
Tim Waugh	8936a5	`+ return;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ jobrange = context_range_get(jobcon);`
Tim Waugh	8936a5	`+ if (jobrange)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	a1088d	`+ jobrange_copy = strdup(jobrange);`
Tim Waugh	a1088d	`+ if ((jobclearance = strtok(jobrange_copy, "-")) != NULL)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (context_range_set(tmpcon, jobclearance) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR,`
Tim Waugh	8936a5	`+ "Unable to set the range for job control file \"%s\" - %s.",`
Tim Waugh	8936a5	`+ filename, strerror(errno));`
Tim Waugh	a1088d	`+ free(jobrange_copy);`
Tim Waugh	8936a5	`+ context_free(tmpcon);`
Tim Waugh	8936a5	`+ context_free(jobcon);`
Tim Waugh	8936a5	`+ return;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR,`
Tim Waugh	8936a5	`+ "Unable to set the range for job control file \"%s\" - %s.",`
Tim Waugh	8936a5	`+ filename, strerror(errno));`
Tim Waugh	a1088d	`+ free(jobrange_copy);`
Tim Waugh	8936a5	`+ context_free(tmpcon);`
Tim Waugh	8936a5	`+ context_free(jobcon);`
Tim Waugh	8936a5	`+ return;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ }`
Tim Waugh	a1088d	`+ free(jobrange_copy);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ if (setfilecon(filename, context_str(tmpcon)) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR,`
Tim Waugh	8936a5	`+ "Unable to set context of job control file \"%s\" - %s.",`
Tim Waugh	8936a5	`+ filename, strerror(errno));`
Tim Waugh	8936a5	`+ context_free(tmpcon);`
Tim Waugh	8936a5	`+ context_free(jobcon);`
Tim Waugh	8936a5	`+ return;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p): new spool file context=%s",`
Tim Waugh	8936a5	`+ job, context_str(tmpcon));`
Tim Waugh	8936a5	`+ context_free(tmpcon);`
Tim Waugh	8936a5	`+ context_free(jobcon);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`job->attrs->state = IPP_IDLE;`
Tim Waugh	8936a5
Tim Waugh	8936a5	`if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL,`
	d82520	`@@ -3780,6 +3952,18 @@ get_options(cupsd_job_t job, / I - Jo`
Tim Waugh	a1088d	`banner_page)`
Tim Waugh	a1088d	`continue;`
Tim Waugh	a1088d
Tim Waugh	a1088d	`+#ifdef WITH_LSPP`
Tim Waugh	a1088d	`+ /*`
Tim Waugh	a1088d	`+ * In LSPP mode refuse to honor the page-label`
Tim Waugh	a1088d	`+ */`
Tim Waugh	a1088d	`+ if (is_lspp_config() &&`
Tim Waugh	a1088d	`+ !strcmp(attr->name, "page-label"))`
Tim Waugh	a1088d	`+ {`
Tim Waugh	a1088d	`+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Ignoring page-label option due to LSPP mode");`
Tim Waugh	a1088d	`+ continue;`
Tim Waugh	a1088d	`+ }`
Tim Waugh	a1088d	`+#endif /* WITH_LSPP */`
Tim Waugh	a1088d	`+`
Tim Waugh	a1088d	`/*`
Tim Waugh	a1088d	`* Otherwise add them to the list...`
Tim Waugh	a1088d	`*/`
	d82520	`@@ -4504,6 +4688,19 @@ static void`
Tim Waugh	a1088d	`start_job(cupsd_job_t job, / I - Job ID */`
Tim Waugh	a1088d	`cupsd_printer_t printer) / I - Printer to print job */`
Tim Waugh	a1088d	`{`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ char audit_message = NULL; / Audit message string */`
Tim Waugh	8936a5	`+ char printerfile = NULL; / Device file pointed to by the printer */`
Tim Waugh	8936a5	`+ security_id_t clisid; /* SELinux SID for the client */`
Tim Waugh	8936a5	`+ security_id_t psid; /* SELinux SID for the printer */`
Tim Waugh	8936a5	`+ context_t printercon; /* Printer's context string */`
Tim Waugh	8936a5	`+ struct stat printerstat; /* Printer's stat buffer */`
Tim Waugh	8936a5	`+ security_context_t devcon; /* Printer's SELinux context */`
Tim Waugh	8936a5	`+ struct avc_entry_ref avcref; /* Pointer to the access vector cache */`
Tim Waugh	8936a5	`+ security_class_t tclass; /* Object class for the SELinux check */`
Tim Waugh	8936a5	`+ access_vector_t avr; /* Access method being requested */`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	a1088d	`+`
Tim Waugh	a1088d	`cupsdLogMessage(CUPSD_LOG_DEBUG2, "start_job(job=%p(%d), printer=%p(%s))",`
Tim Waugh	a1088d	`job, job->id, printer, printer->name);`
Tim Waugh	8936a5
	d82520	`@@ -4646,6 +4843,108 @@ start_job(cupsd_job_t job, / I -`
Tim Waugh	7e278a	`fcntl(job->side_pipes[1], F_SETFD,`
Tim Waugh	7e278a	`fcntl(job->side_pipes[1], F_GETFD) \| FD_CLOEXEC);`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if (is_lspp_config())`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * Perform an access check before printing, but only if the printer starts with /dev/`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ printerfile = strstr(printer->device_uri, "/dev/");`
Tim Waugh	8936a5	`+ if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0))`
Tim Waugh	08a85d	`+ printerfile = printer->device_uri + strlen("file:");`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`+ if (printerfile != NULL)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_DEBUG,`
Tim Waugh	8936a5	`+ "StartJob: Attempting to check access on printer device %s", printerfile);`
Tim Waugh	8936a5	`+ if (lstat(printerfile, &printerstat) < 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (errno != ENOENT)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR, "StartJob: Unable to stat the printer");`
Tim Waugh	a1088d	`+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);`
Tim Waugh	8936a5	`+ return ;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * The printer does not exist, so for now assume it's a FileDevice`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ tclass = SECCLASS_FILE;`
Tim Waugh	8936a5	`+ avr = FILE__WRITE;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ else if (S_ISCHR(printerstat.st_mode))`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ tclass = SECCLASS_CHR_FILE;`
Tim Waugh	8936a5	`+ avr = CHR_FILE__WRITE;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ else if (S_ISREG(printerstat.st_mode))`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ tclass = SECCLASS_FILE;`
Tim Waugh	8936a5	`+ avr = FILE__WRITE;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR,`
Tim Waugh	8936a5	`+ "StartJob: Printer is not a character device or regular file");`
Tim Waugh	a1088d	`+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);`
Tim Waugh	8936a5	`+ return ;`
Tim Waugh	8936a5	`+ }`
	9ed0ac	`+ static avc_initialized = 0;`
	9ed0ac	`+ if (!avc_initialized++)`
	9ed0ac	`+ avc_init("cupsd_dequeue_", NULL, NULL, NULL, NULL);`
Tim Waugh	8936a5	`+ avc_entry_ref_init(&avcref);`
Tim Waugh	8936a5	`+ if (avc_context_to_sid(job->scon, &clisid) != 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR,`
Tim Waugh	8936a5	`+ "StartJob: Unable to determine the SELinux sid for the job");`
Tim Waugh	a1088d	`+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);`
Tim Waugh	8936a5	`+ return ;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ if (getfilecon(printerfile, &devcon) == -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR, "StartJob: Unable to get the SELinux context of %s",`
Tim Waugh	8936a5	`+ printerfile);`
Tim Waugh	a1088d	`+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);`
Tim Waugh	8936a5	`+ return ;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ printercon = context_new(devcon);`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_DEBUG, "StartJob: printer context %s client context %s",`
Tim Waugh	8936a5	`+ context_str(printercon), job->scon);`
Tim Waugh	8936a5	`+ context_free(printercon);`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`+ if (avc_context_to_sid(devcon, &psid) != 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR,`
Tim Waugh	8936a5	`+ "StartJob: Unable to determine the SELinux sid for the printer");`
Tim Waugh	8936a5	`+ freecon(devcon);`
Tim Waugh	a1088d	`+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);`
Tim Waugh	8936a5	`+ return ;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ freecon(devcon);`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`+ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ /*`
Tim Waugh	8936a5	`+ * The access check failed, so cancel the job and send an audit message`
Tim Waugh	8936a5	`+ */`
Tim Waugh	8936a5	`+ if (AuditLog != -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ audit_message = NULL;`
Tim Waugh	8936a5	`+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s obj=%s canceled"`
Tim Waugh	8936a5	`+ " unable to access printer=%s", job->id,`
Tim Waugh	8936a5	`+ job->auid, (job->username)?job->username:"?", job->scon, printer->name);`
Tim Waugh	8936a5	`+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,`
Tim Waugh	8936a5	`+ ServerName, NULL, NULL, 0);`
Tim Waugh	8936a5	`+ cupsdClearString(&audit_message);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	ee6b34	`+`
Tim Waugh	a1088d	`+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);`
Tim Waugh	ee6b34	`+`
Tim Waugh	8936a5	`+ return ;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	ee6b34	`+`
Tim Waugh	8936a5	`/*`
Tim Waugh	a1088d	`* Now start the first file in the job...`
Tim Waugh	8936a5	`*/`
	d82520	`diff -up cups-1.6.3/scheduler/job.h.lspp cups-1.6.3/scheduler/job.h`
	d82520	`--- cups-1.6.3/scheduler/job.h.lspp 2013-06-07 03:12:52.000000000 +0200`
	d82520	`+++ cups-1.6.3/scheduler/job.h 2013-07-12 11:54:01.024622656 +0200`
Tim Waugh	8936a5	`@@ -13,6 +13,13 @@`
Tim Waugh	8936a5	`* file is missing or damaged, see the license at "http://www.cups.org/".`
Tim Waugh	8936a5	`*/`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */`
Tim Waugh	8936a5	`+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */`
Tim Waugh	d04237	`+`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+#include <selinux/selinux.h>`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	f4b662	`+`
Tim Waugh	8936a5	`/*`
Tim Waugh	a1088d	`* Constants...`
Tim Waugh	8936a5	`*/`
	47ca1c	`@@ -82,6 +89,10 @@ struct cupsd_job_s /**** Job request *`
	4743e1	`int progress; /* Printing progress */`
	47ca1c	`int num_keywords; /* Number of PPD keywords */`
	47ca1c	`cups_option_t keywords; / PPD keywords */`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ security_context_t scon; /* Security context of job */`
Tim Waugh	8936a5	`+ uid_t auid; /* Audit loginuid for this job */`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	ca53cd	`};`
Tim Waugh	8936a5
Tim Waugh	ca53cd	`typedef struct cupsd_joblog_s /** Job log message **/`
	d82520	`diff -up cups-1.6.3/scheduler/main.c.lspp cups-1.6.3/scheduler/main.c`
	d82520	`--- cups-1.6.3/scheduler/main.c.lspp 2013-07-12 11:54:01.007622892 +0200`
	d82520	`+++ cups-1.6.3/scheduler/main.c 2013-07-12 11:54:01.025622643 +0200`
Tim Waugh	1d73f2	`@@ -38,6 +38,8 @@`
Tim Waugh	bf1ed4	`* usage() - Show scheduler usage.`
Tim Waugh	8936a5	`*/`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */`
Tim Waugh	ee6b34	`+`
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* Include necessary headers...`
Tim Waugh	8936a5	`*/`
	389e11	`@@ -80,6 +82,9 @@`
	389e11	`# include <sys/param.h>`
	389e11	`#endif /* HAVE_SYS_PARAM_H */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+# include <libaudit.h>`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* Local functions...`
	389e11	`@@ -143,6 +148,9 @@ main(int argc, /* I - Number of comm`
Tim Waugh	0b2684	`#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)`
Tim Waugh	0b2684	`struct sigaction action; /* Actions for POSIX signals */`
Tim Waugh	0b2684	`#endif /* HAVE_SIGACTION && !HAVE_SIGSET */`
Tim Waugh	8936a5	`+#if WITH_LSPP`
Tim Waugh	8936a5	`+ auditfail_t failmode; /* Action for audit_open failure */`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	0b2684	`#ifdef __sgi`
Tim Waugh	0b2684	`cups_file_t fp; / Fake lpsched lock file */`
Tim Waugh	0b2684	`struct stat statbuf; /* Needed for checking lpsched FIFO */`
	d82520	`@@ -526,6 +534,25 @@ main(int argc, /* I - Number of comm`
Tim Waugh	8936a5	`#endif /* DEBUG */`
Tim Waugh	8936a5	`}`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if ((AuditLog = audit_open()) < 0 )`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (get_auditfail_action(&failmode) == 0)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (failmode == FAIL_LOG)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to connect to audit subsystem.");`
Tim Waugh	8936a5	`+ AuditLog = -1;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ else if (failmode == FAIL_TERMINATE)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ fprintf(stderr, "cupsd: unable to start auditing, terminating");`
Tim Waugh	8936a5	`+ return -1;`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* Set the timezone info...`
Tim Waugh	8936a5	`*/`
	d82520	`@@ -1238,6 +1265,11 @@ main(int argc, /* I - Number of comm`
Tim Waugh	8936a5
Tim Waugh	8936a5	`cupsdStopSelect();`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if (AuditLog != -1)`
Tim Waugh	8936a5	`+ audit_close(AuditLog);`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	ee6b34	`+`
Tim Waugh	8936a5	`return (!stop_scheduler);`
Tim Waugh	8936a5	`}`
Tim Waugh	8936a5
	d82520	`diff -up cups-1.6.3/scheduler/printers.c.lspp cups-1.6.3/scheduler/printers.c`
	d82520	`--- cups-1.6.3/scheduler/printers.c.lspp 2013-07-12 11:54:00.993623087 +0200`
	d82520	`+++ cups-1.6.3/scheduler/printers.c 2013-07-12 11:54:01.026622629 +0200`
	4743e1	`@@ -56,6 +56,8 @@`
Tim Waugh	a1088d	`* write_xml_string() - Write a string with XML escaping.`
Tim Waugh	8936a5	`*/`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */`
Tim Waugh	ee6b34	`+`
Tim Waugh	8936a5	`/*`
Tim Waugh	8936a5	`* Include necessary headers...`
Tim Waugh	8936a5	`*/`
	47ca1c	`@@ -80,6 +82,10 @@`
	47ca1c	`# include <asl.h>`
	47ca1c	`#endif /* __APPLE__ */`
Tim Waugh	8936a5
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+# include <libaudit.h>`
Tim Waugh	8936a5	`+# include <selinux/context.h>`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
	47ca1c
	4743e1	`/*`
	4743e1	`* Local functions...`
	d82520	`@@ -2107,6 +2113,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)`
	389e11	`ipp_attribute_t attr; / Attribute data */`
	389e11	`char name, / Current user/group name */`
	389e11	`filter; / Current filter */`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ char audit_message; / Audit message string */`
Tim Waugh	8936a5	`+ char printerfile; / Path to a local printer dev */`
Tim Waugh	8936a5	`+ char rangestr; / Printer's range if its available */`
Tim Waugh	8936a5	`+ security_context_t devcon; /* Printer SELinux context */`
Tim Waugh	8936a5	`+ context_t printercon; /* context_t for the printer */`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5
Tim Waugh	8936a5
Tim Waugh	8936a5	`DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name,`
	d82520	`@@ -2229,6 +2242,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)`
Tim Waugh	8936a5	`attr->values[1].string.text = _cupsStrAlloc(Classification ?`
Tim Waugh	8936a5	`Classification : p->job_sheets[1]);`
Tim Waugh	8936a5	`}`
Tim Waugh	8936a5	`+#ifdef WITH_LSPP`
Tim Waugh	8936a5	`+ if (AuditLog != -1)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ audit_message = NULL;`
Tim Waugh	8936a5	`+ rangestr = NULL;`
Tim Waugh	8936a5	`+ printercon = 0;`
Tim Waugh	8936a5	`+ printerfile = strstr(p->device_uri, "/dev/");`
Tim Waugh	8936a5	`+ if (printerfile == NULL && (strncmp(p->device_uri, "file:/", 6) == 0))`
Tim Waugh	08a85d	`+ printerfile = p->device_uri + strlen("file:");`
Tim Waugh	4f25cb	`+`
Tim Waugh	8936a5	`+ if (printerfile != NULL)`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ if (getfilecon(printerfile, &devcon) == -1)`
Jiří Popelka	e0e1f2	`+ {`
Jiří Popelka	e0e1f2	`+ if(is_selinux_enabled())`
Tim Waugh	39e46c	`+ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdSetPrinterAttrs: Unable to get printer context");`
Jiří Popelka	e0e1f2	`+ }`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ {`
Tim Waugh	8936a5	`+ printercon = context_new(devcon);`
Tim Waugh	8936a5	`+ freecon(devcon);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+ }`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`+ if (printercon && context_range_get(printercon))`
Tim Waugh	8936a5	`+ rangestr = strdup(context_range_get(printercon));`
Tim Waugh	8936a5	`+ else`
Tim Waugh	8936a5	`+ rangestr = strdup("unknown");`
Tim Waugh	e7076f	`+`
Tim Waugh	8936a5	`+ cupsdSetStringf(&audit_message, "printer=%s uri=%s banners=%s,%s range=%s",`
Tim Waugh	cb06f2	`+ p->name, p->sanitized_device_uri, p->job_sheets[0], p->job_sheets[1], rangestr);`
Tim Waugh	8936a5	`+ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message,`
Tim Waugh	8936a5	`+ ServerName, NULL, NULL, 1);`
Tim Waugh	8936a5	`+ if (printercon)`
Tim Waugh	8936a5	`+ context_free(printercon);`
Tim Waugh	8936a5	`+ free(rangestr);`
Tim Waugh	8936a5	`+ cupsdClearString(&audit_message);`
Tim Waugh	8936a5	`+ }`
Tim Waugh	8936a5	`+#endif /* WITH_LSPP */`
Tim Waugh	8936a5	`}`
Tim Waugh	8936a5
Tim Waugh	8936a5	`p->raw = 0;`
	d82520	`@@ -5315,7 +5367,6 @@ write_irix_state(cupsd_printer_t p) /`
Tim Waugh	cb06f2	`}`
Tim Waugh	cb06f2	`#endif /* __sgi */`
Tim Waugh	cb06f2
Tim Waugh	cb06f2	`-`
Tim Waugh	cb06f2	`/*`
Tim Waugh	cb06f2	`* 'write_xml_string()' - Write a string with XML escaping.`
Tim Waugh	cb06f2	`*/`

rpms / cups

Source Code

Blame cups-lspp.patch