xref: /titanic_52/usr/src/cmd/lp/lib/secure/secure.c (revision 3ee0e49223f178da635734759b9167f924321ff0)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2006 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
27 /*	  All Rights Reserved  	*/
28 
29 
30 #pragma ident	"%Z%%M%	%I%	%E% SMI"	/* SVr4.0 1.14	*/
31 /* EMACS_MODES: !fill, lnumb, !overwrite, !nodelete, !picture */
32 
33 #include "string.h"
34 #include "sys/param.h"
35 #include "stdlib.h"
36 
37 #include "lp.h"
38 #include "secure.h"
39 #include <tsol/label.h>
40 
41 /**
42  ** getsecure() - EXTRACT SECURE REQUEST STRUCTURE FROM DISK FILE
43  **/
44 
45 SECURE *
46 getsecure(char *file)
47 {
48 	static SECURE		secbuf;
49 
50 	char			buf[BUFSIZ],
51 				*path;
52 
53 	int fd;
54 
55 	int			fld;
56 
57 
58 	if (*file == '/')
59 		path = Strdup(file);
60 	else
61 		path = makepath(Lp_Requests, file, (char *)0);
62 	if (!path)
63 		return (0);
64 
65 	if ((fd = open_locked(path, "r", MODE_NOREAD)) < 0) {
66 		Free (path);
67 		return (0);
68 	}
69 	Free (path);
70 
71 	secbuf.user = 0;
72 	errno = 0;
73 	for (
74 		fld = 0;
75 		fld < SC_MAX && fdgets(buf, BUFSIZ, fd);
76 		fld++
77 	) {
78 		buf[strlen(buf) - 1] = 0;
79 		switch (fld) {
80 
81 		case SC_REQID:
82 			secbuf.req_id = Strdup(buf);
83 			break;
84 
85 		case SC_UID:
86 			secbuf.uid = (uid_t)atol(buf);
87 			break;
88 
89 		case SC_USER:
90 			secbuf.user = Strdup(buf);
91 			break;
92 
93 		case SC_GID:
94 			secbuf.gid = (gid_t)atol(buf);
95 			break;
96 
97 		case SC_SIZE:
98 			secbuf.size = (size_t)atol(buf);
99 			break;
100 
101 		case SC_DATE:
102 			secbuf.date = (time_t)atol(buf);
103 			break;
104 
105 		case SC_SYSTEM:
106 			secbuf.system = Strdup(buf);
107 			break;
108 
109 		case SC_SLABEL:
110 			secbuf.slabel = Strdup(buf);
111 			break;
112 		}
113 	}
114 	if (errno != 0 || fld != SC_MAX) {
115 		int			save_errno = errno;
116 
117 		freesecure (&secbuf);
118 		close(fd);
119 		errno = save_errno;
120 		return (0);
121 	}
122 	close(fd);
123 
124 	/*
125 	 * Now go through the structure and see if we have
126 	 * anything strange.
127 	 */
128 	if (
129 	        secbuf.uid > MAXUID || secbuf.uid < -1
130 	     || !secbuf.user
131 	     || secbuf.gid > MAXUID || secbuf.gid < -1
132 	     || secbuf.size == 0
133 	     || secbuf.date <= 0
134 	) {
135 		freesecure (&secbuf);
136 		errno = EBADF;
137 		return (0);
138 	}
139 
140 	return (&secbuf);
141 }
142 
143 /**
144  ** putsecure() - WRITE SECURE REQUEST STRUCTURE TO DISK FILE
145  **/
146 
147 int
148 putsecure(char *file, SECURE *secbufp)
149 {
150 	char			*path;
151 
152 	int fd;
153 
154 	int			fld;
155 
156 	if (*file == '/')
157 		path = Strdup(file);
158 	else
159 		path = makepath(Lp_Requests, file, (char *)0);
160 	if (!path)
161 		return (-1);
162 
163 	if ((fd = open_locked(path, "w", MODE_NOREAD)) < 0) {
164 		Free (path);
165 		return (-1);
166 	}
167 	Free (path);
168 
169 	if (
170 		!secbufp->req_id ||
171 		!secbufp->user
172 	)
173 		return (-1);
174 
175 	for (fld = 0; fld < SC_MAX; fld++)
176 
177 		switch (fld) {
178 
179 		case SC_REQID:
180 			(void)fdprintf(fd, "%s\n", secbufp->req_id);
181 			break;
182 
183 		case SC_UID:
184 			(void)fdprintf(fd, "%ld\n", secbufp->uid);
185 			break;
186 
187 		case SC_USER:
188 			(void)fdprintf(fd, "%s\n", secbufp->user);
189 			break;
190 
191 		case SC_GID:
192 			(void)fdprintf(fd, "%ld\n", secbufp->gid);
193 			break;
194 
195 		case SC_SIZE:
196 			(void)fdprintf(fd, "%lu\n", secbufp->size);
197 			break;
198 
199 		case SC_DATE:
200 			(void)fdprintf(fd, "%ld\n", secbufp->date);
201 			break;
202 
203 		case SC_SYSTEM:
204 			(void)fdprintf(fd, "%s\n", secbufp->system);
205 			break;
206 
207 		case SC_SLABEL:
208 			if (secbufp->slabel == NULL) {
209 				if (is_system_labeled()) {
210 					m_label_t *sl;
211 
212 					sl = m_label_alloc(MAC_LABEL);
213 					(void) getplabel(sl);
214 					if (label_to_str(sl, &(secbufp->slabel),
215 					    M_INTERNAL, DEF_NAMES) != 0) {
216 						perror("label_to_str");
217 						secbufp->slabel =
218 						    strdup("bad_label");
219 					}
220 					m_label_free(sl);
221 					(void) fdprintf(fd, "%s\n",
222 					    secbufp->slabel);
223 				} else {
224 					(void) fdprintf(fd, "none\n");
225 				}
226 			} else {
227 				(void) fdprintf(fd, "%s\n", secbufp->slabel);
228 			}
229 			break;
230 		}
231 	close(fd);
232 
233 	return (0);
234 }
235 
236 /*
237 **  rmsecure ()
238 **
239 **	o  'reqfilep' is of the form 'node-name/request-file'
240 **	   e.g. 'sfcalv/123-0'.
241 */
242 int
243 rmsecure (char *reqfilep)
244 {
245 	int	n;
246 	char *	pathp;
247 
248 	pathp = makepath (Lp_Requests, reqfilep, (char *) 0);
249 	if (! pathp)
250 		return	-1;
251 
252 	n = Unlink (pathp);
253 	Free (pathp);
254 
255 	return	n;
256 }
257 
258 /**
259  ** freesecure() - FREE A SECURE STRUCTURE
260  **/
261 
262 void
263 freesecure(SECURE *secbufp)
264 {
265 	if (!secbufp)
266 		return;
267 	if (secbufp->req_id)
268 		Free (secbufp->req_id);
269 	if (secbufp->user)
270 		Free (secbufp->user);
271 	if (secbufp->system)
272 		Free (secbufp->system);
273 	return;
274 }
275 
276