xref: /titanic_52/usr/src/cmd/lp/lib/secure/secure.c (revision f48205be61a214698b763ff550ab9e657525104c)
17c478bd9Sstevel@tonic-gate /*
27c478bd9Sstevel@tonic-gate  * CDDL HEADER START
37c478bd9Sstevel@tonic-gate  *
47c478bd9Sstevel@tonic-gate  * The contents of this file are subject to the terms of the
545916cd2Sjpk  * Common Development and Distribution License (the "License").
645916cd2Sjpk  * You may not use this file except in compliance with the License.
77c478bd9Sstevel@tonic-gate  *
87c478bd9Sstevel@tonic-gate  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
97c478bd9Sstevel@tonic-gate  * or http://www.opensolaris.org/os/licensing.
107c478bd9Sstevel@tonic-gate  * See the License for the specific language governing permissions
117c478bd9Sstevel@tonic-gate  * and limitations under the License.
127c478bd9Sstevel@tonic-gate  *
137c478bd9Sstevel@tonic-gate  * When distributing Covered Code, include this CDDL HEADER in each
147c478bd9Sstevel@tonic-gate  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
157c478bd9Sstevel@tonic-gate  * If applicable, add the following below this CDDL HEADER, with the
167c478bd9Sstevel@tonic-gate  * fields enclosed by brackets "[]" replaced with your own identifying
177c478bd9Sstevel@tonic-gate  * information: Portions Copyright [yyyy] [name of copyright owner]
187c478bd9Sstevel@tonic-gate  *
197c478bd9Sstevel@tonic-gate  * CDDL HEADER END
207c478bd9Sstevel@tonic-gate  */
210a44ef6dSjacobs 
227c478bd9Sstevel@tonic-gate /*
23*f48205beScasper  * Copyright 2007 Sun Microsystems, Inc.  All rights reserved.
247c478bd9Sstevel@tonic-gate  * Use is subject to license terms.
257c478bd9Sstevel@tonic-gate  */
267c478bd9Sstevel@tonic-gate 
277c478bd9Sstevel@tonic-gate /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
287c478bd9Sstevel@tonic-gate /*	  All Rights Reserved  	*/
297c478bd9Sstevel@tonic-gate 
307c478bd9Sstevel@tonic-gate 
310a44ef6dSjacobs #pragma ident	"%Z%%M%	%I%	%E% SMI"
327c478bd9Sstevel@tonic-gate /* EMACS_MODES: !fill, lnumb, !overwrite, !nodelete, !picture */
337c478bd9Sstevel@tonic-gate 
347c478bd9Sstevel@tonic-gate #include "string.h"
357c478bd9Sstevel@tonic-gate #include "sys/param.h"
367c478bd9Sstevel@tonic-gate #include "stdlib.h"
377c478bd9Sstevel@tonic-gate 
387c478bd9Sstevel@tonic-gate #include "lp.h"
397c478bd9Sstevel@tonic-gate #include "secure.h"
4045916cd2Sjpk #include <tsol/label.h>
417c478bd9Sstevel@tonic-gate 
427c478bd9Sstevel@tonic-gate /**
437c478bd9Sstevel@tonic-gate  ** getsecure() - EXTRACT SECURE REQUEST STRUCTURE FROM DISK FILE
447c478bd9Sstevel@tonic-gate  **/
457c478bd9Sstevel@tonic-gate 
467c478bd9Sstevel@tonic-gate SECURE *
477c478bd9Sstevel@tonic-gate getsecure(char *file)
487c478bd9Sstevel@tonic-gate {
490a44ef6dSjacobs 	SECURE		*secp;
507c478bd9Sstevel@tonic-gate 
517c478bd9Sstevel@tonic-gate 	char			buf[BUFSIZ],
527c478bd9Sstevel@tonic-gate 				*path;
537c478bd9Sstevel@tonic-gate 
547c478bd9Sstevel@tonic-gate 	int fd;
557c478bd9Sstevel@tonic-gate 
567c478bd9Sstevel@tonic-gate 	int			fld;
577c478bd9Sstevel@tonic-gate 
587c478bd9Sstevel@tonic-gate 
597c478bd9Sstevel@tonic-gate 	if (*file == '/')
607c478bd9Sstevel@tonic-gate 		path = Strdup(file);
617c478bd9Sstevel@tonic-gate 	else
627c478bd9Sstevel@tonic-gate 		path = makepath(Lp_Requests, file, (char *)0);
637c478bd9Sstevel@tonic-gate 	if (!path)
647c478bd9Sstevel@tonic-gate 		return (0);
657c478bd9Sstevel@tonic-gate 
667c478bd9Sstevel@tonic-gate 	if ((fd = open_locked(path, "r", MODE_NOREAD)) < 0) {
677c478bd9Sstevel@tonic-gate 		Free (path);
687c478bd9Sstevel@tonic-gate 		return (0);
697c478bd9Sstevel@tonic-gate 	}
707c478bd9Sstevel@tonic-gate 	Free (path);
717c478bd9Sstevel@tonic-gate 
720a44ef6dSjacobs 	secp = calloc(sizeof (*secp), 1);
730a44ef6dSjacobs 
740a44ef6dSjacobs 	secp->user = 0;
757c478bd9Sstevel@tonic-gate 	errno = 0;
767c478bd9Sstevel@tonic-gate 	for (
777c478bd9Sstevel@tonic-gate 		fld = 0;
787c478bd9Sstevel@tonic-gate 		fld < SC_MAX && fdgets(buf, BUFSIZ, fd);
797c478bd9Sstevel@tonic-gate 		fld++
807c478bd9Sstevel@tonic-gate 	) {
817c478bd9Sstevel@tonic-gate 		buf[strlen(buf) - 1] = 0;
827c478bd9Sstevel@tonic-gate 		switch (fld) {
837c478bd9Sstevel@tonic-gate 
847c478bd9Sstevel@tonic-gate 		case SC_REQID:
850a44ef6dSjacobs 			secp->req_id = Strdup(buf);
867c478bd9Sstevel@tonic-gate 			break;
877c478bd9Sstevel@tonic-gate 
887c478bd9Sstevel@tonic-gate 		case SC_UID:
890a44ef6dSjacobs 			secp->uid = (uid_t)atol(buf);
907c478bd9Sstevel@tonic-gate 			break;
917c478bd9Sstevel@tonic-gate 
927c478bd9Sstevel@tonic-gate 		case SC_USER:
930a44ef6dSjacobs 			secp->user = Strdup(buf);
947c478bd9Sstevel@tonic-gate 			break;
957c478bd9Sstevel@tonic-gate 
967c478bd9Sstevel@tonic-gate 		case SC_GID:
970a44ef6dSjacobs 			secp->gid = (gid_t)atol(buf);
987c478bd9Sstevel@tonic-gate 			break;
997c478bd9Sstevel@tonic-gate 
1007c478bd9Sstevel@tonic-gate 		case SC_SIZE:
1010a44ef6dSjacobs 			secp->size = (size_t)atol(buf);
1027c478bd9Sstevel@tonic-gate 			break;
1037c478bd9Sstevel@tonic-gate 
1047c478bd9Sstevel@tonic-gate 		case SC_DATE:
1050a44ef6dSjacobs 			secp->date = (time_t)atol(buf);
1067c478bd9Sstevel@tonic-gate 			break;
10745916cd2Sjpk 
10845916cd2Sjpk 		case SC_SLABEL:
1090a44ef6dSjacobs 			secp->slabel = Strdup(buf);
11045916cd2Sjpk 			break;
1117c478bd9Sstevel@tonic-gate 		}
1127c478bd9Sstevel@tonic-gate 	}
1137c478bd9Sstevel@tonic-gate 	if (errno != 0 || fld != SC_MAX) {
1147c478bd9Sstevel@tonic-gate 		int			save_errno = errno;
1157c478bd9Sstevel@tonic-gate 
1160a44ef6dSjacobs 		freesecure (secp);
1177c478bd9Sstevel@tonic-gate 		close(fd);
1187c478bd9Sstevel@tonic-gate 		errno = save_errno;
1197c478bd9Sstevel@tonic-gate 		return (0);
1207c478bd9Sstevel@tonic-gate 	}
1217c478bd9Sstevel@tonic-gate 	close(fd);
1227c478bd9Sstevel@tonic-gate 
1237c478bd9Sstevel@tonic-gate 	/*
1247c478bd9Sstevel@tonic-gate 	 * Now go through the structure and see if we have
1257c478bd9Sstevel@tonic-gate 	 * anything strange.
1267c478bd9Sstevel@tonic-gate 	 */
1277c478bd9Sstevel@tonic-gate 	if (
128*f48205beScasper 	        secp->uid > MAXUID
1290a44ef6dSjacobs 	     || !secp->user
130*f48205beScasper 	     || secp->gid > MAXUID
1310a44ef6dSjacobs 	     || secp->size == 0
1320a44ef6dSjacobs 	     || secp->date <= 0
1337c478bd9Sstevel@tonic-gate 	) {
1340a44ef6dSjacobs 		freesecure (secp);
1357c478bd9Sstevel@tonic-gate 		errno = EBADF;
1367c478bd9Sstevel@tonic-gate 		return (0);
1377c478bd9Sstevel@tonic-gate 	}
1387c478bd9Sstevel@tonic-gate 
1390a44ef6dSjacobs 	return (secp);
1407c478bd9Sstevel@tonic-gate }
1417c478bd9Sstevel@tonic-gate 
1427c478bd9Sstevel@tonic-gate /**
1437c478bd9Sstevel@tonic-gate  ** putsecure() - WRITE SECURE REQUEST STRUCTURE TO DISK FILE
1447c478bd9Sstevel@tonic-gate  **/
1457c478bd9Sstevel@tonic-gate 
1467c478bd9Sstevel@tonic-gate int
1477c478bd9Sstevel@tonic-gate putsecure(char *file, SECURE *secbufp)
1487c478bd9Sstevel@tonic-gate {
1497c478bd9Sstevel@tonic-gate 	char			*path;
1507c478bd9Sstevel@tonic-gate 
1517c478bd9Sstevel@tonic-gate 	int fd;
1527c478bd9Sstevel@tonic-gate 
1537c478bd9Sstevel@tonic-gate 	int			fld;
1547c478bd9Sstevel@tonic-gate 
1557c478bd9Sstevel@tonic-gate 	if (*file == '/')
1567c478bd9Sstevel@tonic-gate 		path = Strdup(file);
1577c478bd9Sstevel@tonic-gate 	else
1587c478bd9Sstevel@tonic-gate 		path = makepath(Lp_Requests, file, (char *)0);
1597c478bd9Sstevel@tonic-gate 	if (!path)
1607c478bd9Sstevel@tonic-gate 		return (-1);
1617c478bd9Sstevel@tonic-gate 
1627c478bd9Sstevel@tonic-gate 	if ((fd = open_locked(path, "w", MODE_NOREAD)) < 0) {
1637c478bd9Sstevel@tonic-gate 		Free (path);
1647c478bd9Sstevel@tonic-gate 		return (-1);
1657c478bd9Sstevel@tonic-gate 	}
1667c478bd9Sstevel@tonic-gate 	Free (path);
1677c478bd9Sstevel@tonic-gate 
1687c478bd9Sstevel@tonic-gate 	if (
1697c478bd9Sstevel@tonic-gate 		!secbufp->req_id ||
1707c478bd9Sstevel@tonic-gate 		!secbufp->user
1717c478bd9Sstevel@tonic-gate 	)
1727c478bd9Sstevel@tonic-gate 		return (-1);
1737c478bd9Sstevel@tonic-gate 
1747c478bd9Sstevel@tonic-gate 	for (fld = 0; fld < SC_MAX; fld++)
1757c478bd9Sstevel@tonic-gate 
1767c478bd9Sstevel@tonic-gate 		switch (fld) {
1777c478bd9Sstevel@tonic-gate 
1787c478bd9Sstevel@tonic-gate 		case SC_REQID:
1797c478bd9Sstevel@tonic-gate 			(void)fdprintf(fd, "%s\n", secbufp->req_id);
1807c478bd9Sstevel@tonic-gate 			break;
1817c478bd9Sstevel@tonic-gate 
1827c478bd9Sstevel@tonic-gate 		case SC_UID:
183*f48205beScasper 			(void)fdprintf(fd, "%u\n", secbufp->uid);
1847c478bd9Sstevel@tonic-gate 			break;
1857c478bd9Sstevel@tonic-gate 
1867c478bd9Sstevel@tonic-gate 		case SC_USER:
1877c478bd9Sstevel@tonic-gate 			(void)fdprintf(fd, "%s\n", secbufp->user);
1887c478bd9Sstevel@tonic-gate 			break;
1897c478bd9Sstevel@tonic-gate 
1907c478bd9Sstevel@tonic-gate 		case SC_GID:
191*f48205beScasper 			(void)fdprintf(fd, "%u\n", secbufp->gid);
1927c478bd9Sstevel@tonic-gate 			break;
1937c478bd9Sstevel@tonic-gate 
1947c478bd9Sstevel@tonic-gate 		case SC_SIZE:
1957c478bd9Sstevel@tonic-gate 			(void)fdprintf(fd, "%lu\n", secbufp->size);
1967c478bd9Sstevel@tonic-gate 			break;
1977c478bd9Sstevel@tonic-gate 
1987c478bd9Sstevel@tonic-gate 		case SC_DATE:
1997c478bd9Sstevel@tonic-gate 			(void)fdprintf(fd, "%ld\n", secbufp->date);
2007c478bd9Sstevel@tonic-gate 			break;
2017c478bd9Sstevel@tonic-gate 
20245916cd2Sjpk 		case SC_SLABEL:
20345916cd2Sjpk 			if (secbufp->slabel == NULL) {
20445916cd2Sjpk 				if (is_system_labeled()) {
20545916cd2Sjpk 					m_label_t *sl;
20645916cd2Sjpk 
20745916cd2Sjpk 					sl = m_label_alloc(MAC_LABEL);
20845916cd2Sjpk 					(void) getplabel(sl);
20945916cd2Sjpk 					if (label_to_str(sl, &(secbufp->slabel),
21045916cd2Sjpk 					    M_INTERNAL, DEF_NAMES) != 0) {
21145916cd2Sjpk 						perror("label_to_str");
21245916cd2Sjpk 						secbufp->slabel =
21345916cd2Sjpk 						    strdup("bad_label");
21445916cd2Sjpk 					}
21545916cd2Sjpk 					m_label_free(sl);
21645916cd2Sjpk 					(void) fdprintf(fd, "%s\n",
21745916cd2Sjpk 					    secbufp->slabel);
21845916cd2Sjpk 				} else {
21945916cd2Sjpk 					(void) fdprintf(fd, "none\n");
22045916cd2Sjpk 				}
22145916cd2Sjpk 			} else {
22245916cd2Sjpk 				(void) fdprintf(fd, "%s\n", secbufp->slabel);
22345916cd2Sjpk 			}
22445916cd2Sjpk 			break;
22545916cd2Sjpk 		}
2267c478bd9Sstevel@tonic-gate 	close(fd);
2277c478bd9Sstevel@tonic-gate 
2287c478bd9Sstevel@tonic-gate 	return (0);
2297c478bd9Sstevel@tonic-gate }
2307c478bd9Sstevel@tonic-gate 
2317c478bd9Sstevel@tonic-gate /*
2327c478bd9Sstevel@tonic-gate **  rmsecure ()
2337c478bd9Sstevel@tonic-gate **
2347c478bd9Sstevel@tonic-gate **	o  'reqfilep' is of the form 'node-name/request-file'
2357c478bd9Sstevel@tonic-gate **	   e.g. 'sfcalv/123-0'.
2367c478bd9Sstevel@tonic-gate */
2377c478bd9Sstevel@tonic-gate int
2387c478bd9Sstevel@tonic-gate rmsecure (char *reqfilep)
2397c478bd9Sstevel@tonic-gate {
2407c478bd9Sstevel@tonic-gate 	int	n;
2417c478bd9Sstevel@tonic-gate 	char *	pathp;
2427c478bd9Sstevel@tonic-gate 
2437c478bd9Sstevel@tonic-gate 	pathp = makepath (Lp_Requests, reqfilep, (char *) 0);
2447c478bd9Sstevel@tonic-gate 	if (! pathp)
2457c478bd9Sstevel@tonic-gate 		return	-1;
2467c478bd9Sstevel@tonic-gate 
2477c478bd9Sstevel@tonic-gate 	n = Unlink (pathp);
2487c478bd9Sstevel@tonic-gate 	Free (pathp);
2497c478bd9Sstevel@tonic-gate 
2507c478bd9Sstevel@tonic-gate 	return	n;
2517c478bd9Sstevel@tonic-gate }
2527c478bd9Sstevel@tonic-gate 
2537c478bd9Sstevel@tonic-gate /**
2547c478bd9Sstevel@tonic-gate  ** freesecure() - FREE A SECURE STRUCTURE
2557c478bd9Sstevel@tonic-gate  **/
2567c478bd9Sstevel@tonic-gate 
2577c478bd9Sstevel@tonic-gate void
2587c478bd9Sstevel@tonic-gate freesecure(SECURE *secbufp)
2597c478bd9Sstevel@tonic-gate {
2607c478bd9Sstevel@tonic-gate 	if (!secbufp)
2617c478bd9Sstevel@tonic-gate 		return;
2627c478bd9Sstevel@tonic-gate 	if (secbufp->req_id)
2637c478bd9Sstevel@tonic-gate 		Free (secbufp->req_id);
2647c478bd9Sstevel@tonic-gate 	if (secbufp->user)
2657c478bd9Sstevel@tonic-gate 		Free (secbufp->user);
2660a44ef6dSjacobs 	Free (secbufp);
2670a44ef6dSjacobs 
2687c478bd9Sstevel@tonic-gate 	return;
2697c478bd9Sstevel@tonic-gate }
270