xref: /illumos-gate/usr/src/cmd/lp/lib/access/allowed.c (revision 09fcda9fe16a733cc35aa3156a47ef4b909251a6)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
22 /*	  All Rights Reserved  	*/
23 
24 
25 #pragma ident	"%Z%%M%	%I%	%E% SMI"
26 
27 /*
28  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
29  * Use is subject to license terms.
30  */
31 
32 /* EMACS_MODES: !fill, lnumb, !overwrite, !nodelete, !picture */
33 
34 #include "string.h"
35 #include "unistd.h"
36 
37 #include "lp.h"
38 #include "access.h"
39 #include <pwd.h>
40 #include <auth_attr.h>
41 #include <auth_list.h>
42 #include <tsol/label.h>
43 
44 /**
45  ** is_user_admin() - CHECK IF CURRENT USER IS AN ADMINISTRATOR
46  **/
47 
48 int
49 #if	defined(__STDC__)
50 is_user_admin (
51 	void
52 )
53 #else
54 is_user_admin ()
55 #endif
56 {
57 	/* For a labeled system, tsol_check_admin_auth is called
58 	 * instead of using Access.
59 	 */
60 	if (is_system_labeled()) {
61 		/* Check that user has print admin authorization */
62 		return (tsol_check_admin_auth(getuid()));
63 	} else {
64 		return (Access(Lp_A, W_OK) == -1? 0 : 1);
65 	}
66 }
67 
68 /**
69  ** is_user_allowed() - CHECK USER ACCESS ACCORDING TO ALLOW/DENY LISTS
70  **/
71 
72 int
73 #if	defined(__STDC__)
74 is_user_allowed (
75 	char *			user,
76 	char **			allow,
77 	char **			deny
78 )
79 #else
80 is_user_allowed (user, allow, deny)
81 	char			*user,
82 				**allow,
83 				**deny;
84 #endif
85 {
86 	if (bangequ(user, LOCAL_LPUSER) || bangequ(user, LOCAL_ROOTUSER))
87 		return (1);
88 
89 	return (allowed(user, allow, deny));
90 }
91 
92 /**
93  ** is_user_allowed_form() - CHECK USER ACCESS TO FORM
94  **/
95 
96 int
97 #if	defined(__STDC__)
98 is_user_allowed_form (
99 	char *			user,
100 	char *			form
101 )
102 #else
103 is_user_allowed_form (user, form)
104 	char			*user,
105 				*form;
106 #endif
107 {
108 	char			**allow,
109 				**deny;
110 
111 	if (loadaccess(Lp_A_Forms, form, "", &allow, &deny) == -1)
112 		return (-1);
113 
114 	return (is_user_allowed(user, allow, deny));
115 }
116 
117 /**
118  ** is_user_allowed_printer() - CHECK USER ACCESS TO PRINTER
119  **/
120 
121 int
122 #if	defined(__STDC__)
123 is_user_allowed_printer (
124 	char *			user,
125 	char *			printer
126 )
127 #else
128 is_user_allowed_printer (user, printer)
129 	char			*user,
130 				*printer;
131 #endif
132 {
133 	char			**allow,
134 				**deny;
135 
136 	if (loadaccess(Lp_A_Printers, printer, UACCESSPREFIX, &allow, &deny) == -1)
137 		return (-1);
138 
139 	return (is_user_allowed(user, allow, deny));
140 }
141 
142 /**
143  ** is_form_allowed_printer() - CHECK FORM USE ON PRINTER
144  **/
145 
146 int
147 #if	defined(__STDC__)
148 is_form_allowed_printer (
149 	char *			form,
150 	char *			printer
151 )
152 #else
153 is_form_allowed_printer (form, printer)
154 	char			*form,
155 				*printer;
156 #endif
157 {
158 	char			**allow,
159 				**deny;
160 
161 	if (loadaccess(Lp_A_Printers, printer, FACCESSPREFIX, &allow, &deny) == -1)
162 		return (-1);
163 
164 	return (allowed(form, allow, deny));
165 }
166 
167 /**
168  ** allowed() - GENERAL ROUTINE TO CHECK ALLOW/DENY LISTS
169  **/
170 
171 int
172 #if	defined(__STDC__)
173 allowed (
174 	char *			item,
175 	char **			allow,
176 	char **			deny
177 )
178 #else
179 allowed (item, allow, deny)
180 	char			*item,
181 				**allow,
182 				**deny;
183 #endif
184 {
185 	if (allow) {
186 		if (bang_searchlist(item, allow))
187 			return (1);
188 		else
189 			return (0);
190 	}
191 
192 	if (deny) {
193 		if (bang_searchlist(item, deny))
194 			return (0);
195 		else
196 			return (1);
197 	}
198 
199 	return (0);
200 }
201 
202 /*
203  * Check to see if the specified user has the administer the printing
204  * system authorization.
205  */
206 int
207 tsol_check_admin_auth(uid_t uid)
208 {
209 	struct passwd *p;
210 	char *name;
211 
212 	p = getpwuid(uid);
213 	if (p != NULL && p->pw_name != NULL)
214 		name = p->pw_name;
215 	else
216 		name = "";
217 
218 	return (chkauthattr(PRINT_ADMIN_AUTH, name));
219 }
220