1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <sys/types.h>
29 #include <stdarg.h>
30 #include <unistd.h>
31 #include <limits.h>
32 #include <string.h>
33 #include <syslog.h>
34 #include <errno.h>
35 #include <locale.h>
36 #ifndef SUNOS_4
37 #include <libintl.h>
38 #endif
39 #include <pwd.h>
40 #include <alloca.h>
41
42 #include <ns.h>
43 #include <list.h>
44
45 extern char *optarg;
46 extern int optind, opterr, optopt;
47 extern char *getenv(const char *);
48
49 static void _decode_ldapResult(int result, char *printerName);
50
51 static int
authorized()52 authorized()
53 {
54 struct passwd *pw;
55 uid_t uid;
56 gid_t *list;
57 int len;
58 int maxgrp;
59
60 if ((uid = getuid()) == 0)
61 return (1); /* "root" is authorized */
62
63 if (((pw = getpwnam("lp")) != NULL) && (uid == pw->pw_uid))
64 return (1); /* "lp" is authorized */
65
66 if ((pw = getpwuid(uid)) == NULL)
67 return (0); /* intruders are not authorized */
68
69 if (chkauthattr("solaris.print.admin", pw->pw_name) == 1)
70 return (1); /* "solaris.print.admin" is authorized */
71
72 /* How many supplemental groups do we have? */
73 maxgrp = getgroups(0, NULL);
74 list = alloca(maxgrp * sizeof (gid_t));
75
76 if ((len = getgroups(maxgrp, list)) != -1)
77 while (len-- > 0)
78 if (list[len] == 14)
79 return (1); /* group 14 is authorized */
80
81 return (0); /* nobody else is authorized */
82 }
83
84 static void
Usage(char * name)85 Usage(char *name)
86 {
87 (void) fprintf(stderr,
88 gettext("Usage: %s [-n files | ldap] [-x] "
89 "[-h ldaphost] [-D binddn] [-w passwd] "
90 "[-a key=value] [-d key] (printer)\n"),
91 name);
92 exit(1);
93 }
94
95
96 /*
97 * main() calls the appropriate routine to parse the command line arguments
98 * and then calls the local remove routine, followed by the remote remove
99 * routine to remove jobs.
100 */
101 int
main(int ac,char * av[])102 main(int ac, char *av[])
103 {
104 int result = 0;
105 int delete_printer = 0;
106 int c;
107 char *program = NULL,
108 *printer = NULL,
109 *host = NULL,
110 *binddn = NULL,
111 *passwd = NULL,
112 *ins = NULL,
113 *ons = "files";
114 char **changes = NULL;
115 ns_cred_t *cred = NULL;
116 ns_printer_t *printer_obj = NULL;
117
118 (void) setlocale(LC_ALL, "");
119
120 #if !defined(TEXT_DOMAIN)
121 #define TEXT_DOMAIN "SYS_TEST"
122 #endif
123 (void) textdomain(TEXT_DOMAIN);
124
125 if ((program = strrchr(av[0], '/')) == NULL)
126 program = av[0];
127 else
128 program++;
129
130 openlog(program, LOG_PID, LOG_LPR);
131
132 if (ac < 2)
133 Usage(program);
134
135 while ((c = getopt(ac, av, "a:d:D:h:n:r:w:x")) != EOF)
136 switch (c) {
137 case 'd':
138 if (strchr(optarg, '=') != NULL)
139 Usage(program);
140 /* FALLTHRU */
141 case 'a':
142 changes = (char **)list_append((void**)changes,
143 (void *)strdup(optarg));
144 break;
145 case 'D':
146 binddn = optarg;
147 break;
148 case 'h':
149 host = optarg;
150 break;
151 case 'n':
152 ons = optarg;
153 break;
154 case 'r':
155 ins = optarg;
156 break;
157 case 'w':
158 passwd = optarg;
159 break;
160 case 'x':
161 delete_printer++;
162 break;
163 default:
164 Usage(program);
165 }
166
167 if (optind != ac-1)
168 Usage(program);
169
170 /*
171 * Check required options have been given: [ -x | [ -a | -d ]]
172 */
173 if ((changes == NULL) && (delete_printer == 0)) {
174 Usage(program);
175 }
176
177 printer = av[optind];
178
179 if (strchr(printer, ':') != NULL) {
180 (void) fprintf(stderr, gettext(
181 "POSIX-Style names are not valid destinations (%s)\n"),
182 printer);
183 return (1);
184 }
185
186 ins = normalize_ns_name(ins);
187 ons = normalize_ns_name(ons);
188 if (ins == NULL)
189 ins = ons;
190
191 /* check / set the name service for writing */
192 if (strcasecmp("user", ons) == 0) {
193 (void) setuid(getuid());
194 ons = "user";
195 } else if (strcasecmp("files", ons) == 0) {
196 if (authorized() == 0) {
197 (void) fprintf(stderr, gettext(
198 "Permission denied: not authorized\n"));
199 return (1);
200 }
201 ons = "files";
202 } else if (strcasecmp("ldap", ons) == 0) {
203 if ((cred = calloc(1, sizeof (*cred))) == NULL) {
204 (void) fprintf(stderr,
205 gettext("could not initialize credential\n"));
206 return (1);
207 }
208
209 if (binddn == NULL) {
210 (void) fprintf(stderr,
211 gettext("Distinguished Name is required.\n"));
212 return (1);
213 }
214
215 if (passwd == NULL) {
216 passwd = getpassphrase(gettext("Bind Password:"));
217 }
218
219 /*
220 * Setup LDAP bind credentials, so that it uses
221 * the default ldap port, and the NS domain for this
222 * ldapclient box. Note: passwdType is currently not
223 * used but once the ldap native function can select
224 * secure or insure password it will pass the user selected
225 * security type.
226 */
227 cred->passwd = passwd;
228 cred->passwdType = NS_PW_INSECURE; /* use default */
229 cred->binddn = binddn;
230 cred->host = host;
231 cred->port = 0; /* use default */
232 cred->domainDN = NULL; /* use default */
233
234 ons = "ldap";
235 (void) setuid(getuid());
236 } else {
237 (void) fprintf(stderr,
238 gettext("%s is not a supported name service.\n"),
239 ons);
240 return (1);
241 }
242
243 if (strcasecmp(NS_SVC_LDAP, ons) != 0) {
244
245 /* Naming Service is not LDAP */
246
247 /* get the printer object */
248 if ((printer_obj = ns_printer_get_name(printer, ins)) == NULL) {
249 if (delete_printer != 0) {
250 (void) fprintf(stderr, gettext
251 ("%s: unknown printer\n"), printer);
252 return (1);
253 }
254 if ((printer_obj = calloc(1, sizeof (*printer_obj)))
255 == NULL) {
256 (void) fprintf(stderr, gettext(
257 "could not initialize printer object\n"));
258 return (1);
259 }
260 printer_obj->name = strdup(printer);
261 }
262
263 printer_obj->source = ons;
264
265 if (cred != NULL) {
266 printer_obj->cred = cred;
267 }
268
269 /* make the changes to it */
270 while (changes != NULL && *changes != NULL) {
271 int has_equals = (strchr(*changes, '=') != NULL);
272 char *p, *key = NULL, *value = NULL;
273
274 key = *(changes++);
275
276 for (p = key; ((p != NULL) && (*p != NULL)); p++)
277 if (*p == '=') {
278 *p = NULL;
279 value = ++p;
280 break;
281 } else if (*p == '\\')
282 p++;
283
284 if ((value != NULL) && (*value == NULL))
285 value = NULL;
286
287 if ((key != NULL) && (key[0] != NULL)) {
288 if ((value == NULL) &&
289 (ns_get_value(key, printer_obj) == NULL) &&
290 (has_equals == 0)) {
291 fprintf(stderr,
292 gettext("%s: unknown attribute\n"),
293 key);
294 result = 1;
295 } else
296 (void) ns_set_value_from_string(key, value,
297 printer_obj);
298 }
299 }
300 if (delete_printer != 0)
301 printer_obj->attributes = NULL;
302
303 /* write it back */
304 if (ns_printer_put(printer_obj) != 0) {
305 (void) fprintf(stderr,
306 gettext("Failed to write into %s database\n"),
307 ons);
308 result = 1;
309 }
310 }
311
312 else {
313 /*
314 * Naming Service is LDAP
315 *
316 * Action the request by calling ns ldap functions to
317 * add, modify or delete the printer object.
318 */
319
320 if ((printer_obj = calloc(1, sizeof (*printer_obj))) == NULL) {
321 (void) fprintf(stderr, gettext(
322 "could not initialize printer object\n"));
323 return (1);
324 }
325
326 if ((cred != NULL) && (printer_obj != NULL)) {
327 printer_obj->name = strdup(printer);
328 printer_obj->cred = cred;
329 printer_obj->cred->domainDN = NULL; /* use default */
330 printer_obj->source = ons;
331 printer_obj->nsdata = malloc(sizeof (NS_LDAPDATA));
332
333 if (printer_obj->nsdata != NULL) {
334 /*
335 * Update the LDAP directory for this printer
336 */
337
338 if (delete_printer != 0) {
339 /* Delete the printer object */
340 ((NS_LDAPDATA *)
341 (printer_obj->nsdata))->attrList
342 = NULL;
343 } else {
344 /* Add or modify the printer object */
345 ((NS_LDAPDATA *)
346 (printer_obj->nsdata))->attrList =
347 changes;
348 }
349
350 result = ns_printer_put(printer_obj);
351 if (result != 0) {
352 /* display LDAP specific message */
353 _decode_ldapResult(result, printer);
354
355 (void) fprintf(stderr, gettext(
356 "Failed to update %s database\n"), ons);
357 result = 1;
358 }
359
360 free(printer_obj->nsdata);
361 }
362
363 else {
364 _decode_ldapResult(NSL_ERR_MEMORY, NULL);
365 result = 1;
366 }
367 }
368
369 else {
370 result = 1;
371 (void) fprintf(stderr,
372 gettext("Error - no LDAP credentials\n"));
373 }
374
375 if (printer_obj != NULL) {
376 if (printer_obj->name != NULL) {
377 free(printer_obj->name);
378 }
379 free(printer_obj);
380 }
381
382 }
383
384 return (result);
385 } /* main */
386
387
388
389
390 /*
391 * *****************************************************************************
392 *
393 * Function: _decode_ldapResult()
394 *
395 * Description: Decode the ldap_put_printer specific error codes and display
396 * the appropriate error message.
397 *
398 * Parameters:
399 * Input: int result - contains the NSL_RESULT codes
400 * char *printerName - name of printer
401 * Output: None
402 *
403 * Returns: void
404 *
405 * *****************************************************************************
406 */
407
408 static void
_decode_ldapResult(int result,char * printerName)409 _decode_ldapResult(int result, char *printerName)
410
411 {
412 NSL_RESULT lresult = (NSL_RESULT)result;
413
414 /* ------------- */
415
416 switch (lresult)
417 {
418 case NSL_OK:
419 {
420 break;
421 }
422
423 case NSL_ERR_INTERNAL:
424 {
425 (void) fprintf(stderr,
426 gettext("Unexpected software error\n"));
427 break;
428 }
429
430 case NSL_ERR_ADD_FAILED:
431 {
432 (void) fprintf(stderr, "%s %s\n",
433 gettext("Failed to add printer:"), printerName);
434 break;
435 }
436
437 case NSL_ERR_MOD_FAILED:
438 {
439 (void) fprintf(stderr, "%s %s\n",
440 gettext("Failed to modify printer:"),
441 printerName);
442 break;
443 }
444
445 case NSL_ERR_DEL_FAILED:
446 {
447 (void) fprintf(stderr, "%s %s\n",
448 gettext("Failed to delete printer:"),
449 printerName);
450 break;
451 }
452
453
454 case NSL_ERR_UNKNOWN_PRINTER:
455 {
456 (void) fprintf(stderr, "%s %s\n",
457 gettext("Unknown printer:"), printerName);
458 break;
459 }
460
461 case NSL_ERR_CREDENTIALS:
462 {
463 (void) fprintf(stderr, "%s\n",
464 gettext("Missing LDAP credential information for printer:"));
465 break;
466 }
467
468 case NSL_ERR_CONNECT:
469 {
470 (void) fprintf(stderr, "%s\n",
471 gettext("Failed to connect to LDAP server"));
472 break;
473 }
474
475 case NSL_ERR_BIND:
476 {
477 (void) fprintf(stderr, gettext("LDAP bind failed\n"));
478 break;
479 }
480
481 case NSL_ERR_RENAME:
482 {
483 (void) fprintf(stderr, "%s %s\n",
484 gettext("Object rename not allowed for printer:"),
485 printerName);
486 break;
487 }
488
489 case NSL_ERR_KVP:
490 {
491 (void) fprintf(stderr, "%s",
492 gettext("Setting sun-printer-kvp attribute is "
493 "not supported through this command.\n"));
494 break;
495 }
496
497 case NSL_ERR_BSDADDR:
498 {
499 (void) fprintf(stderr, "%s",
500 gettext("Setting sun-printer-bsdaddr attribute is "
501 "not supported through this command.\n"
502 "Use the bsaddr attribute instead.\n"));
503 break;
504 }
505
506 case NSL_ERR_PNAME:
507 {
508 (void) fprintf(stderr, "%s",
509 gettext("Setting printer-name attribute is "
510 "not supported through this command.\n"));
511 break;
512 }
513
514 case NSL_ERR_MEMORY:
515 {
516 (void) fprintf(stderr,
517 gettext("Memory allocation error\n"));
518 break;
519 }
520
521 case NSL_ERR_MULTIOP:
522 {
523 (void) fprintf(stderr,
524 gettext("Delete and add operation on the "
525 "same key attribute is not allowed\n"));
526 break;
527 }
528
529 case NSL_ERR_NOTALLOWED:
530 {
531 (void) fprintf(stderr,
532 gettext("KVP attribute is not allowed\n"));
533 break;
534 }
535
536 default:
537 {
538 (void) fprintf(stderr,
539 gettext("Error code = %d\n"), result);
540 break;
541 }
542 }
543
544 } /* _decode_ldapResult */
545