[redhat-lspp] Re: Feature complete Trusted Printing patch
Daniel J Walsh
dwalsh at redhat.com
Thu Oct 19 13:15:19 UTC 2006
Matt Anderson wrote:
> Attached is the latest cups-lspp.patch which applies cleanly to
> cups-1.2.4-9. This patch contains additions that set the security level
> of the spool file to match the context of the job. This combined with
> the policy updates allows for the sysadm_r role to properly administer
> the job queue.
>
> The patch cups-policy.patch applies to selinux-policy-2.3.18-8. This
> patch resets some of the file contexts and removes some allow rules in
> order to more closely match what CUPS needs. I understand from previous
> posts that these changes may disrupt other versions of lpd. I'm
> providing my patch as a basis for what CUPS needs, but I expect these
> changes will be incorporated in a way that makes use of a boolean tunable.
>
> Some additional permissions were need in order to allow various
> operations. I've attached cupsmod.te as the basis for building a policy
> module which contains the needed allows.
>
> As with before, in order to make use of the trusted printing additions
> you'll need to setup your system as described here:
> http://free.linux.hp.com/~mra/docs
>
> -matt
>
> ------------------------------------------------------------------------
>
> module cupsmod 1.4;
>
> require {
> class chr_file { getattr relabelfrom relabelto };
> class file { getattr relabelfrom relabelto };
> class file { read rename unlink write };
> class unix_stream_socket { getattr getopt };
> type cupsd_t;
> type cupsd_etc_t;
> type cupsd_var_run_t;
> type print_spool_t;
> type printer_device_t;
> type sysadm_lpr_t;
> type secadm_t;
> type secadm_lpr_t;
> type user_lpr_t;
> role system_r;
> };
>
> # Needed to allow cupsd modify printers.conf
> allow cupsd_t cupsd_etc_t:file { rename unlink write };
>
>
printers.conf should be labeled system_u:object_r:cupsd_rw_etc_t
> # Allow sysadm to read print spool files to mange the queue
> allow sysadm_lpr_t print_spool_t:file read;
>
This should already be in policy
> # Allow secadm to change printer device levels
> allow secadm_t printer_device_t:chr_file { getattr relabelfrom relabelto };
>
>
Just added this to latest policy selinux-policy-2.3.19-4
> # Allow for cupsdisable/cupsenable
> allow sysadm_lpr_t cupsd_var_run_t:file { getattr read };
>
Just added this to latest policy selinux-policy-2.3.19-4
>
> ------------------------------------------------------------------------
>
> --- cups-1.2.4-orig/config.h.in 2006-06-05 14:42:53.000000000 -0400
> +++ cups-1.2.4/config.h.in 2006-09-28 16:31:29.000000000 -0400
> @@ -443,6 +443,13 @@
> #undef HAVE_APPLETALK_AT_PROTO_H
>
>
> +/*
> + * Are we trying to meet LSPP requirements?
> + */
> +
> +#undef WITH_LSPP
> +
> +
> #endif /* !_CUPS_CONFIG_H_ */
>
> /*
> --- cups-1.2.4-orig/configure.in 2006-08-04 12:51:58.000000000 -0400
> +++ cups-1.2.4/configure.in 2006-09-28 16:31:29.000000000 -0400
> @@ -47,6 +47,8 @@
> sinclude(config-scripts/cups-pdf.m4)
> sinclude(config-scripts/cups-scripting.m4)
>
> +sinclude(config-scripts/cups-lspp.m4)
> +
> INSTALL_LANGUAGES=""
> UNINSTALL_LANGUAGES=""
> LANGFILES=""
> --- cups-1.2.4-orig/config-scripts/cups-lspp.m4 1969-12-31 19:00:00.000000000 -0500
> +++ cups-1.2.4/config-scripts/cups-lspp.m4 2006-09-28 16:31:29.000000000 -0400
> @@ -0,0 +1,36 @@
> +dnl
> +dnl LSPP code for the Common UNIX Printing System (CUPS).
> +dnl
> +dnl Copyright 2005-2006 by Hewlett-Packard Development Company, L.P.
> +dnl
> +dnl This program is free software; you can redistribute it and/or modify
> +dnl it under the terms of the GNU General Public License as published by
> +dnl the Free Software Foundation; version 2.
> +dnl
> +dnl This program is distributed in the hope that it will be useful, but
> +dnl WITHOUT ANY WARRANTY; without even the implied warranty of
> +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +dnl General Public License for more details.
> +dnl
> +dnl You should have received a copy of the GNU General Public License
> +dnl along with this program; if not, write to the Free Software Foundation,
> +dnl Inc., 51 Franklin Street, Fifth Floor Boston, MA 02110-1301 USA
> +dnl
> +
> +dnl Are we trying to meet LSPP requirements
> +AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no])
> +
> +if test x"$enable_lspp" != xno; then
> + case "$uname" in
> + Linux)
> + AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)])
> + AC_CHECK_HEADER(libaudit.h)
> + AC_CHECK_LIB(selinux,getpeercon, [LIBSELINUX="-lselinux" AC_SUBST(LIBSELINUX)])
> + AC_CHECK_HEADER(selinux/selinux.h)
> + AC_DEFINE(WITH_LSPP)
> + ;;
> + *)
> + # All others
> + ;;
> + esac
> +fi
> --- cups-1.2.4-orig/cups/cups.h 2006-09-07 15:49:34.000000000 -0400
> +++ cups-1.2.4/cups/cups.h 2006-09-28 16:31:29.000000000 -0400
> @@ -24,6 +24,9 @@
> * This file is subject to the Apple OS-Developed Software exception.
> */
>
> +/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
> +/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
> +
> #ifndef _CUPS_CUPS_H_
> # define _CUPS_CUPS_H_
>
> @@ -68,6 +71,12 @@
> # define CUPS_DATE_ANY -1
>
>
> +# ifdef WITH_LSPP
> +# define MLS_CONFIG "mls"
> +# define TE_CONFIG "te"
> +# define SELINUX_CONFIG "SELinux"
> +# define UNKNOWN_SL "UNKNOWN SL"
> +# endif /* WITH_LSPP */
> /*
> * Types and structures...
> */
> --- cups-1.2.4-orig/data/Makefile 2006-03-18 22:23:34.000000000 -0500
> +++ cups-1.2.4/data/Makefile 2006-09-28 16:31:29.000000000 -0400
> @@ -34,7 +34,10 @@
> secret \
> standard \
> topsecret \
> - unclassified
> + unclassified \
> + selinux \
> + mls \
> + te
>
> CHARMAPS = \
> euc-cn.txt \
> --- cups-1.2.4-orig/data/mls 1969-12-31 19:00:00.000000000 -0500
> +++ cups-1.2.4/data/mls 2006-09-28 16:31:29.000000000 -0400
> @@ -0,0 +1,277 @@
> +%!PS-Adobe-3.0
> +%%BoundingBox: 0 0 612 792
> +%%Pages: 1
> +%%LanguageLevel: 1
> +%%DocumentData: Clean7Bit
> +%%DocumentSuppliedResources: procset bannerprint/1.0
> +%%DocumentNeededResources: font Helvetica Helvetica-Bold Times-Roman
> +%%Creator: Michael Sweet, Easy Software Products
> +%%CreationDate: May 10, 2000
> +%%Title: Test Page
> +%%EndComments
> +%%BeginProlog
> +%%BeginResource procset bannerprint 1.1 0
> +%
> +% PostScript banner page for the Common UNIX Printing System ("CUPS").
> +%
> +% Copyright 1993-2005 by Easy Software Products
> +%
> +% These coded instructions, statements, and computer programs are the
> +% property of Easy Software Products and are protected by Federal
> +% copyright law. Distribution and use rights are outlined in the file
> +% "LICENSE.txt" which should have been included with this file. If this
> +% file is missing or damaged please contact Easy Software Products
> +% at:
> +%
> +% Attn: CUPS Licensing Information
> +% Easy Software Products
> +% 44141 Airport View Drive, Suite 204
> +% Hollywood, Maryland 20636 USA
> +%
> +% Voice: (301) 373-9600
> +% EMail: cups-info at cups.org
> +% WWW: http://www.cups.org
> +%
> +/CENTER { % Draw centered text
> + % (name) CENTER -
> + dup stringwidth pop % Get the width of the string
> + 0.5 mul neg 0 rmoveto % Shift left 1/2 of the distance
> + show % Show the string
> +} bind def
> +/RIGHT { % Draw right-justified text
> + % (name) RIGHT -
> + dup stringwidth pop % Get the width of the string
> + neg 0 rmoveto % Shift left the entire distance
> + show % Show the string
> +} bind def
> +/NUMBER { % Draw a number
> + % power n NUMBER -
> + 1 index 1 eq { % power == 1?
> + round cvi exch pop % Convert "n" to integer
> + } {
> + 1 index mul round exch div % Truncate extra decimal places
> + } ifelse
> + 100 string cvs show % Convert to a string and show it...
> +} bind def
> +/CUPSLOGO { % Draw the CUPS logo
> + % height CUPSLOGO
> + % Start with a big C...
> + /Helvetica findfont 1 index scalefont setfont
> + 0 setgray
> + 0 0 moveto
> + (C) show
> +
> + % Then "UNIX Printing System" much smaller...
> + /Helvetica-Bold findfont 1 index 9 div scalefont setfont
> + 0.25 mul
> + dup dup 2.0 mul moveto
> + (UNIX) show
> + dup dup 1.6 mul moveto
> + (Printing) show
> + dup 1.2 mul moveto
> + (System) show
> +} bind def
> +/ESPLOGO { % Draw the ESP logo
> + % height ESPLOGO
> + % Compute the size of the logo...
> + 0 0
> + 2 index 1.5 mul 3 index
> +
> + % Do the "metallic" fill from 10% black to 40% black...
> + 1 -0.001 0 {
> + dup % loopval
> + -0.15 mul % loopval * -0.15
> + 0.9 add % 0.9 - loopval * 0.15
> + setgray % set gray shade
> +
> + 0 % x
> + 1 index neg % loopval
> + 1 add % 1 - loopval
> + 3 index % height
> + mul % height * (1 - loopval)
> + moveto % starting point
> +
> + dup % loopval
> + 3 index % width
> + mul % loopval * width
> + 2 index % height
> + lineto % Next point
> +
> + 0 % x
> + 2 index % height
> + lineto % Next point
> +
> + closepath
> + fill
> +
> + dup % loopval
> + 0.15 mul % loopval * 0.15
> + 0.6 add % 0.6 + loopval * 0.15
> + setgray
> +
> + dup % loopval
> + neg 1 add % 1 - loopval
> + 3 index % width
> + mul % (1 - loopval) * width
> + 0 % y
> + moveto % Starting point
> +
> + 2 index % width
> + exch % loopval
> + 2 index % height
> + mul % loopval * height
> + lineto % Next point
> +
> + 1 index % width
> + 0 % y
> + lineto % Next point
> +
> + closepath
> + fill
> + } for
> +
> + 0 setgray rectstroke
> +
> + /Helvetica-BoldOblique findfont 1 index 3 div scalefont setfont
> + dup 40 div
> +
> + dup 4 mul 1 index 25 mul moveto (E) show
> + dup 10 mul 1 index 15 mul moveto (S) show
> + dup 16 mul 1 index 5 mul moveto (P) show
> +
> + /Helvetica-BoldOblique findfont 2 index 5 div scalefont setfont
> + dup 14 mul 1 index 29 mul moveto (asy) show
> + dup 20 mul 1 index 19 mul moveto (oftware) show
> + dup 26 mul 1 index 9 mul moveto (roducts) show
> +
> + pop
> +} bind def
> +%%EndResource
> +%%EndProlog
> +%%Page: 1 1
> +gsave
> +
> + % Determine the imageable area and device resolution...
> + initclip newpath clippath pathbbox % Get bounding rectangle
> + 72 div /pageTop exch def % Get top margin in inches
> + 72 div /pageRight exch def % Get right margin in inches
> + 72 div /pageBottom exch def % Get bottom margin in inches
> + 72 div /pageLeft exch def % Get left margin in inches
> +
> + /pageWidth pageRight pageLeft sub def % pageWidth = pageRight - pageLeft
> + /pageHeight pageTop pageBottom sub def% pageHeight = pageTop - pageBottom
> +
> + /boxWidth % width of text box
> + pageWidth pageHeight lt
> + { pageWidth 54 mul }
> + { pageHeight 42 mul }
> + ifelse def
> +
> + newpath % Clear bounding path
> +
> + % Create fonts...
> + /bigFont /Helvetica-Bold findfont % bigFont = Helvetica-Bold
> + pageHeight 3 mul scalefont def % size = pageHeight * 3 (nominally 33)
> +
> + /mediumFont /Helvetica findfont % mediumFont = Helvetica
> + pageHeight 1.5 mul scalefont def % size = pageHeight * 1.5 (nominally 16.5)
> +
> + % Offset page to account for lower-left margin...
> + pageLeft 72 mul
> + pageBottom 72 mul
> + translate
> +
> + % Draw the label at the top and bottom...
> + 0 setgray % Color
> +
> + pageWidth 36 mul % Center of page
> + pageHeight 72 mul % Top of page
> + pageWidth -7 mul add % - 2 lines
> + moveto % Position text
> + bigFont setfont % Font
> + ({mls-label}) CENTER % Show text centered
> +
> + pageWidth 36 mul % Center of page
> + pageHeight 6 mul % Bottom of page
> + moveto % Position text
> + bigFont setfont % Font
> + ({mls-label}) CENTER % Show text centered
> +
> + % Job information box...
> + pageWidth 36 mul 9 add % x = pageWidth * 1/2 * 72 + 9
> + boxWidth 0.5 mul sub % x-= 1/2 box width
> + pageHeight 30 mul 9 sub % y = pageHeight * 1/2 * 72 - 9
> + boxWidth % w = box width
> + pageHeight 14 mul % h = pageHeight * 1/2 * 72
> + 0.5 setgray rectfill % Draw a shadow
> +
> + pageWidth 36 mul % x = pageWidth * 1/2 * 72
> + boxWidth 0.5 mul sub % x-= 1/2 box width
> + pageHeight 30 mul % y = pageHeight * 1/4 * 72
> + boxWidth % w = box width
> + pageHeight 14 mul % h = pageHeight * 1/2 * 72
> +
> + 4 copy 1 setgray rectfill % Clear the box to white
> + 0 setgray rectstroke % Draw a black box around it...
> +
> + % Job information text...
> + mediumFont setfont % Medium sized font
> +
> + pageWidth 36 mul % x = pageWidth * 1/2 * 72
> + pageHeight 36 mul % y = pageHeight * 1/2 * 72
> + pageHeight 5 mul add % y += 2 lines
> + 2 copy % Copy X & Y
> + moveto
> + (Job ID: ) RIGHT
> + moveto
> + ({printer-name}-{job-id}) show
> +
> + pageWidth 36 mul % x = pageWidth * 1/2 * 72
> + pageHeight 36 mul % y = pageHeight * 1/2 * 72
> + pageHeight 2 mul add % y += 1 line
> + 2 copy % Copy X & Y
> + moveto
> + (Title: ) RIGHT
> + moveto
> + ({job-name}) show
> +
> + pageWidth 36 mul % x = pageWidth * 1/2 * 72
> + pageHeight 36 mul % y = pageHeight * 1/2 * 72
> + pageHeight -1 mul add % y -= 1 line
> + 2 copy % Copy X & Y
> + moveto
> + (Requesting User: ) RIGHT
> + moveto
> + ({job-originating-user-name}) show
> +
> + pageWidth 36 mul % x = pageWidth * 1/2 * 72
> + pageHeight 36 mul % y = pageHeight * 1/2 * 72
> + pageHeight -4 mul add % y -= 2 lines
> + 2 copy % Copy X & Y
> + moveto
> + (Billing Info: ) RIGHT
> + moveto
> + ({?job-billing}) show
> +
> + % Then the CUPS logo....
> + gsave
> + pageWidth 4 mul
> + pageWidth 6 mul
> + translate
> + pageWidth 9 mul CUPSLOGO
> + grestore
> +
> + % And the ESP logo....
> + gsave
> + pageWidth 59 mul
> + pageWidth 6 mul
> + translate
> + pageWidth 6 mul ESPLOGO
> + grestore
> +% Show the page...
> +grestore
> +showpage
> +%
> +% End of "$Id: mls_template,v 1.1 2005/06/27 18:44:46 colmo Exp $".
> +%
> +%%EOF
> --- cups-1.2.4-orig/data/selinux 1969-12-31 19:00:00.000000000 -0500
> +++ cups-1.2.4/data/selinux 2006-09-28 16:31:29.000000000 -0400
> @@ -0,0 +1,277 @@
> +%!PS-Adobe-3.0
> +%%BoundingBox: 0 0 612 792
> +%%Pages: 1
> +%%LanguageLevel: 1
> +%%DocumentData: Clean7Bit
> +%%DocumentSuppliedResources: procset bannerprint/1.0
> +%%DocumentNeededResources: font Helvetica Helvetica-Bold Times-Roman
> +%%Creator: Michael Sweet, Easy Software Products
> +%%CreationDate: May 10, 2000
> +%%Title: Test Page
> +%%EndComments
> +%%BeginProlog
> +%%BeginResource procset bannerprint 1.1 0
> +%
> +% PostScript banner page for the Common UNIX Printing System ("CUPS").
> +%
> +% Copyright 1993-2005 by Easy Software Products
> +%
> +% These coded instructions, statements, and computer programs are the
> +% property of Easy Software Products and are protected by Federal
> +% copyright law. Distribution and use rights are outlined in the file
> +% "LICENSE.txt" which should have been included with this file. If this
> +% file is missing or damaged please contact Easy Software Products
> +% at:
> +%
> +% Attn: CUPS Licensing Information
> +% Easy Software Products
> +% 44141 Airport View Drive, Suite 204
> +% Hollywood, Maryland 20636 USA
> +%
> +% Voice: (301) 373-9600
> +% EMail: cups-info at cups.org
> +% WWW: http://www.cups.org
> +%
> +/CENTER { % Draw centered text
> + % (name) CENTER -
> + dup stringwidth pop % Get the width of the string
> + 0.5 mul neg 0 rmoveto % Shift left 1/2 of the distance
> + show % Show the string
> +} bind def
> +/RIGHT { % Draw right-justified text
> + % (name) RIGHT -
> + dup stringwidth pop % Get the width of the string
> + neg 0 rmoveto % Shift left the entire distance
> + show % Show the string
> +} bind def
> +/NUMBER { % Draw a number
> + % power n NUMBER -
> + 1 index 1 eq { % power == 1?
> + round cvi exch pop % Convert "n" to integer
> + } {
> + 1 index mul round exch div % Truncate extra decimal places
> + } ifelse
> + 100 string cvs show % Convert to a string and show it...
> +} bind def
> +/CUPSLOGO { % Draw the CUPS logo
> + % height CUPSLOGO
> + % Start with a big C...
> + /Helvetica findfont 1 index scalefont setfont
> + 0 setgray
> + 0 0 moveto
> + (C) show
> +
> + % Then "UNIX Printing System" much smaller...
> + /Helvetica-Bold findfont 1 index 9 div scalefont setfont
> + 0.25 mul
> + dup dup 2.0 mul moveto
> + (UNIX) show
> + dup dup 1.6 mul moveto
> + (Printing) show
> + dup 1.2 mul moveto
> + (System) show
> +} bind def
> +/ESPLOGO { % Draw the ESP logo
> + % height ESPLOGO
> + % Compute the size of the logo...
> + 0 0
> + 2 index 1.5 mul 3 index
> +
> + % Do the "metallic" fill from 10% black to 40% black...
> + 1 -0.001 0 {
> + dup % loopval
> + -0.15 mul % loopval * -0.15
> + 0.9 add % 0.9 - loopval * 0.15
> + setgray % set gray shade
> +
> + 0 % x
> + 1 index neg % loopval
> + 1 add % 1 - loopval
> + 3 index % height
> + mul % height * (1 - loopval)
> + moveto % starting point
> +
> + dup % loopval
> + 3 index % width
> + mul % loopval * width
> + 2 index % height
> + lineto % Next point
> +
> + 0 % x
> + 2 index % height
> + lineto % Next point
> +
> + closepath
> + fill
> +
> + dup % loopval
> + 0.15 mul % loopval * 0.15
> + 0.6 add % 0.6 + loopval * 0.15
> + setgray
> +
> + dup % loopval
> + neg 1 add % 1 - loopval
> + 3 index % width
> + mul % (1 - loopval) * width
> + 0 % y
> + moveto % Starting point
> +
> + 2 index % width
> + exch % loopval
> + 2 index % height
> + mul % loopval * height
> + lineto % Next point
> +
> + 1 index % width
> + 0 % y
> + lineto % Next point
> +
> + closepath
> + fill
> + } for
> +
> + 0 setgray rectstroke
> +
> + /Helvetica-BoldOblique findfont 1 index 3 div scalefont setfont
> + dup 40 div
> +
> + dup 4 mul 1 index 25 mul moveto (E) show
> + dup 10 mul 1 index 15 mul moveto (S) show
> + dup 16 mul 1 index 5 mul moveto (P) show
> +
> + /Helvetica-BoldOblique findfont 2 index 5 div scalefont setfont
> + dup 14 mul 1 index 29 mul moveto (asy) show
> + dup 20 mul 1 index 19 mul moveto (oftware) show
> + dup 26 mul 1 index 9 mul moveto (roducts) show
> +
> + pop
> +} bind def
> +%%EndResource
> +%%EndProlog
> +%%Page: 1 1
> +gsave
> +
> + % Determine the imageable area and device resolution...
> + initclip newpath clippath pathbbox % Get bounding rectangle
> + 72 div /pageTop exch def % Get top margin in inches
> + 72 div /pageRight exch def % Get right margin in inches
> + 72 div /pageBottom exch def % Get bottom margin in inches
> + 72 div /pageLeft exch def % Get left margin in inches
> +
> + /pageWidth pageRight pageLeft sub def % pageWidth = pageRight - pageLeft
> + /pageHeight pageTop pageBottom sub def% pageHeight = pageTop - pageBottom
> +
> + /boxWidth % width of text box
> + pageWidth pageHeight lt
> + { pageWidth 54 mul }
> + { pageHeight 42 mul }
> + ifelse def
> +
> + newpath % Clear bounding path
> +
> + % Create fonts...
> + /bigFont /Helvetica-Bold findfont % bigFont = Helvetica-Bold
> + pageHeight 3 mul scalefont def % size = pageHeight * 3 (nominally 33)
> +
> + /mediumFont /Helvetica findfont % mediumFont = Helvetica
> + pageHeight 1.5 mul scalefont def % size = pageHeight * 1.5 (nominally 16.5)
> +
> + % Offset page to account for lower-left margin...
> + pageLeft 72 mul
> + pageBottom 72 mul
> + translate
> +
> + % Draw the label at the top and bottom...
> + 0 setgray % Color
> +
> + pageWidth 36 mul % Center of page
> + pageHeight 72 mul % Top of page
> + pageWidth -7 mul add % - 2 lines
> + moveto % Position text
> + bigFont setfont % Font
> + ({mls-label}) CENTER % Show text centered
> +
> + pageWidth 36 mul % Center of page
> + pageHeight 6 mul % Bottom of page
> + moveto % Position text
> + bigFont setfont % Font
> + ({mls-label}) CENTER % Show text centered
> +
> + % Job information box...
> + pageWidth 36 mul 9 add % x = pageWidth * 1/2 * 72 + 9
> + boxWidth 0.5 mul sub % x-= 1/2 box width
> + pageHeight 30 mul 9 sub % y = pageHeight * 1/2 * 72 - 9
> + boxWidth % w = box width
> + pageHeight 14 mul % h = pageHeight * 1/2 * 72
> + 0.5 setgray rectfill % Draw a shadow
> +
> + pageWidth 36 mul % x = pageWidth * 1/2 * 72
> + boxWidth 0.5 mul sub % x-= 1/2 box width
> + pageHeight 30 mul % y = pageHeight * 1/4 * 72
> + boxWidth % w = box width
> + pageHeight 14 mul % h = pageHeight * 1/2 * 72
> +
> + 4 copy 1 setgray rectfill % Clear the box to white
> + 0 setgray rectstroke % Draw a black box around it...
> +
> + % Job information text...
> + mediumFont setfont % Medium sized font
> +
> + pageWidth 36 mul % x = pageWidth * 1/2 * 72
> + pageHeight 36 mul % y = pageHeight * 1/2 * 72
> + pageHeight 5 mul add % y += 2 lines
> + 2 copy % Copy X & Y
> + moveto
> + (Job ID: ) RIGHT
> + moveto
> + ({printer-name}-{job-id}) show
> +
> + pageWidth 36 mul % x = pageWidth * 1/2 * 72
> + pageHeight 36 mul % y = pageHeight * 1/2 * 72
> + pageHeight 2 mul add % y += 1 line
> + 2 copy % Copy X & Y
> + moveto
> + (Title: ) RIGHT
> + moveto
> + ({job-name}) show
> +
> + pageWidth 36 mul % x = pageWidth * 1/2 * 72
> + pageHeight 36 mul % y = pageHeight * 1/2 * 72
> + pageHeight -1 mul add % y -= 1 line
> + 2 copy % Copy X & Y
> + moveto
> + (Requesting User: ) RIGHT
> + moveto
> + ({job-originating-user-name}) show
> +
> + pageWidth 36 mul % x = pageWidth * 1/2 * 72
> + pageHeight 36 mul % y = pageHeight * 1/2 * 72
> + pageHeight -4 mul add % y -= 2 lines
> + 2 copy % Copy X & Y
> + moveto
> + (Billing Info: ) RIGHT
> + moveto
> + ({?job-billing}) show
> +
> + % Then the CUPS logo....
> + gsave
> + pageWidth 4 mul
> + pageWidth 6 mul
> + translate
> + pageWidth 9 mul CUPSLOGO
> + grestore
> +
> + % And the ESP logo....
> + gsave
> + pageWidth 59 mul
> + pageWidth 6 mul
> + translate
> + pageWidth 6 mul ESPLOGO
> + grestore
> +% Show the page...
> +grestore
> +showpage
> +%
> +% End of "$Id: mls_template,v 1.1 2005/06/27 18:44:46 colmo Exp $".
> +%
> +%%EOF
> --- cups-1.2.4-orig/data/te 1969-12-31 19:00:00.000000000 -0500
> +++ cups-1.2.4/data/te 2006-09-28 16:31:29.000000000 -0400
> @@ -0,0 +1,277 @@
> +%!PS-Adobe-3.0
> +%%BoundingBox: 0 0 612 792
> +%%Pages: 1
> +%%LanguageLevel: 1
> +%%DocumentData: Clean7Bit
> +%%DocumentSuppliedResources: procset bannerprint/1.0
> +%%DocumentNeededResources: font Helvetica Helvetica-Bold Times-Roman
> +%%Creator: Michael Sweet, Easy Software Products
> +%%CreationDate: May 10, 2000
> +%%Title: Test Page
> +%%EndComments
> +%%BeginProlog
> +%%BeginResource procset bannerprint 1.1 0
> +%
> +% PostScript banner page for the Common UNIX Printing System ("CUPS").
> +%
> +% Copyright 1993-2005 by Easy Software Products
> +%
> +% These coded instructions, statements, and computer programs are the
> +% property of Easy Software Products and are protected by Federal
> +% copyright law. Distribution and use rights are outlined in the file
> +% "LICENSE.txt" which should have been included with this file. If this
> +% file is missing or damaged please contact Easy Software Products
> +% at:
> +%
> +% Attn: CUPS Licensing Information
> +% Easy Software Products
> +% 44141 Airport View Drive, Suite 204
> +% Hollywood, Maryland 20636 USA
> +%
> +% Voice: (301) 373-9600
> +% EMail: cups-info at cups.org
> +% WWW: http://www.cups.org
> +%
> +/CENTER { % Draw centered text
> + % (name) CENTER -
> + dup stringwidth pop % Get the width of the string
> + 0.5 mul neg 0 rmoveto % Shift left 1/2 of the distance
> + show % Show the string
> +} bind def
> +/RIGHT { % Draw right-justified text
> + % (name) RIGHT -
> + dup stringwidth pop % Get the width of the string
> + neg 0 rmoveto % Shift left the entire distance
> + show % Show the string
> +} bind def
> +/NUMBER { % Draw a number
> + % power n NUMBER -
> + 1 index 1 eq { % power == 1?
> + round cvi exch pop % Convert "n" to integer
> + } {
> + 1 index mul round exch div % Truncate extra decimal places
> + } ifelse
> + 100 string cvs show % Convert to a string and show it...
> +} bind def
> +/CUPSLOGO { % Draw the CUPS logo
> + % height CUPSLOGO
> + % Start with a big C...
> + /Helvetica findfont 1 index scalefont setfont
> + 0 setgray
> + 0 0 moveto
> + (C) show
> +
> + % Then "UNIX Printing System" much smaller...
> + /Helvetica-Bold findfont 1 index 9 div scalefont setfont
> + 0.25 mul
> + dup dup 2.0 mul moveto
> + (UNIX) show
> + dup dup 1.6 mul moveto
> + (Printing) show
> + dup 1.2 mul moveto
> + (System) show
> +} bind def
> +/ESPLOGO { % Draw the ESP logo
> + % height ESPLOGO
> + % Compute the size of the logo...
> + 0 0
> + 2 index 1.5 mul 3 index
> +
> + % Do the "metallic" fill from 10% black to 40% black...
> + 1 -0.001 0 {
> + dup % loopval
> + -0.15 mul % loopval * -0.15
> + 0.9 add % 0.9 - loopval * 0.15
> + setgray % set gray shade
> +
> + 0 % x
> + 1 index neg % loopval
> + 1 add % 1 - loopval
> + 3 index % height
> + mul % height * (1 - loopval)
> + moveto % starting point
> +
> + dup % loopval
> + 3 index % width
> + mul % loopval * width
> + 2 index % height
> + lineto % Next point
> +
> + 0 % x
> + 2 index % height
> + lineto % Next point
> +
> + closepath
> + fill
> +
> + dup % loopval
> + 0.15 mul % loopval * 0.15
> + 0.6 add % 0.6 + loopval * 0.15
> + setgray
> +
> + dup % loopval
> + neg 1 add % 1 - loopval
> + 3 index % width
> + mul % (1 - loopval) * width
> + 0 % y
> + moveto % Starting point
> +
> + 2 index % width
> + exch % loopval
> + 2 index % height
> + mul % loopval * height
> + lineto % Next point
> +
> + 1 index % width
> + 0 % y
> + lineto % Next point
> +
> + closepath
> + fill
> + } for
> +
> + 0 setgray rectstroke
> +
> + /Helvetica-BoldOblique findfont 1 index 3 div scalefont setfont
> + dup 40 div
> +
> + dup 4 mul 1 index 25 mul moveto (E) show
> + dup 10 mul 1 index 15 mul moveto (S) show
> + dup 16 mul 1 index 5 mul moveto (P) show
> +
> + /Helvetica-BoldOblique findfont 2 index 5 div scalefont setfont
> + dup 14 mul 1 index 29 mul moveto (asy) show
> + dup 20 mul 1 index 19 mul moveto (oftware) show
> + dup 26 mul 1 index 9 mul moveto (roducts) show
> +
> + pop
> +} bind def
> +%%EndResource
> +%%EndProlog
> +%%Page: 1 1
> +gsave
> +
> + % Determine the imageable area and device resolution...
> + initclip newpath clippath pathbbox % Get bounding rectangle
> + 72 div /pageTop exch def % Get top margin in inches
> + 72 div /pageRight exch def % Get right margin in inches
> + 72 div /pageBottom exch def % Get bottom margin in inches
> + 72 div /pageLeft exch def % Get left margin in inches
> +
> + /pageWidth pageRight pageLeft sub def % pageWidth = pageRight - pageLeft
> + /pageHeight pageTop pageBottom sub def% pageHeight = pageTop - pageBottom
> +
> + /boxWidth % width of text box
> + pageWidth pageHeight lt
> + { pageWidth 54 mul }
> + { pageHeight 42 mul }
> + ifelse def
> +
> + newpath % Clear bounding path
> +
> + % Create fonts...
> + /bigFont /Helvetica-Bold findfont % bigFont = Helvetica-Bold
> + pageHeight 3 mul scalefont def % size = pageHeight * 3 (nominally 33)
> +
> + /mediumFont /Helvetica findfont % mediumFont = Helvetica
> + pageHeight 1.5 mul scalefont def % size = pageHeight * 1.5 (nominally 16.5)
> +
> + % Offset page to account for lower-left margin...
> + pageLeft 72 mul
> + pageBottom 72 mul
> + translate
> +
> + % Draw the label at the top and bottom...
> + 0 setgray % Color
> +
> + pageWidth 36 mul % Center of page
> + pageHeight 72 mul % Top of page
> + pageWidth -7 mul add % - 2 lines
> + moveto % Position text
> + bigFont setfont % Font
> + ({mls-label}) CENTER % Show text centered
> +
> + pageWidth 36 mul % Center of page
> + pageHeight 6 mul % Bottom of page
> + moveto % Position text
> + bigFont setfont % Font
> + ({mls-label}) CENTER % Show text centered
> +
> + % Job information box...
> + pageWidth 36 mul 9 add % x = pageWidth * 1/2 * 72 + 9
> + boxWidth 0.5 mul sub % x-= 1/2 box width
> + pageHeight 30 mul 9 sub % y = pageHeight * 1/2 * 72 - 9
> + boxWidth % w = box width
> + pageHeight 14 mul % h = pageHeight * 1/2 * 72
> + 0.5 setgray rectfill % Draw a shadow
> +
> + pageWidth 36 mul % x = pageWidth * 1/2 * 72
> + boxWidth 0.5 mul sub % x-= 1/2 box width
> + pageHeight 30 mul % y = pageHeight * 1/4 * 72
> + boxWidth % w = box width
> + pageHeight 14 mul % h = pageHeight * 1/2 * 72
> +
> + 4 copy 1 setgray rectfill % Clear the box to white
> + 0 setgray rectstroke % Draw a black box around it...
> +
> + % Job information text...
> + mediumFont setfont % Medium sized font
> +
> + pageWidth 36 mul % x = pageWidth * 1/2 * 72
> + pageHeight 36 mul % y = pageHeight * 1/2 * 72
> + pageHeight 5 mul add % y += 2 lines
> + 2 copy % Copy X & Y
> + moveto
> + (Job ID: ) RIGHT
> + moveto
> + ({printer-name}-{job-id}) show
> +
> + pageWidth 36 mul % x = pageWidth * 1/2 * 72
> + pageHeight 36 mul % y = pageHeight * 1/2 * 72
> + pageHeight 2 mul add % y += 1 line
> + 2 copy % Copy X & Y
> + moveto
> + (Title: ) RIGHT
> + moveto
> + ({job-name}) show
> +
> + pageWidth 36 mul % x = pageWidth * 1/2 * 72
> + pageHeight 36 mul % y = pageHeight * 1/2 * 72
> + pageHeight -1 mul add % y -= 1 line
> + 2 copy % Copy X & Y
> + moveto
> + (Requesting User: ) RIGHT
> + moveto
> + ({job-originating-user-name}) show
> +
> + pageWidth 36 mul % x = pageWidth * 1/2 * 72
> + pageHeight 36 mul % y = pageHeight * 1/2 * 72
> + pageHeight -4 mul add % y -= 2 lines
> + 2 copy % Copy X & Y
> + moveto
> + (Billing Info: ) RIGHT
> + moveto
> + ({?job-billing}) show
> +
> + % Then the CUPS logo....
> + gsave
> + pageWidth 4 mul
> + pageWidth 6 mul
> + translate
> + pageWidth 9 mul CUPSLOGO
> + grestore
> +
> + % And the ESP logo....
> + gsave
> + pageWidth 59 mul
> + pageWidth 6 mul
> + translate
> + pageWidth 6 mul ESPLOGO
> + grestore
> +% Show the page...
> +grestore
> +showpage
> +%
> +% End of "$Id: mls_template,v 1.1 2005/06/27 18:44:46 colmo Exp $".
> +%
> +%%EOF
> --- cups-1.2.4-orig/Makedefs.in 2006-09-28 11:38:14.000000000 -0400
> +++ cups-1.2.4/Makedefs.in 2006-09-28 16:31:29.000000000 -0400
> @@ -135,7 +135,7 @@
> @LDFLAGS@ @RELROFLAG@ @PIEFLAGS@ $(OPTIM)
> LINKCUPS = @LINKCUPS@ $(SSLLIBS)
> LINKCUPSIMAGE = @LINKCUPSIMAGE@
> -LIBS = $(LINKCUPS) $(COMMONLIBS)
> +LIBS = $(LINKCUPS) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@
> OPTIM = @OPTIM@
> OPTIONS =
> PAMLIBS = @PAMLIBS@
> --- cups-1.2.4-orig/scheduler/client.c 2006-09-19 16:44:07.000000000 -0400
> +++ cups-1.2.4/scheduler/client.c 2006-10-11 17:44:43.000000000 -0400
> @@ -44,12 +44,17 @@
> * make_certificate() - Make a self-signed SSL/TLS certificate.
> * pipe_command() - Pipe the output of a command to the remote client.
> * write_file() - Send a file via HTTP.
> + * client_pid_to_auid() - Get the audit login uid of the client.
> */
>
> +/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
> +/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
> +
> /*
> * Include necessary headers...
> */
>
> +#define _GNU_SOURCE
> #include <cups/http-private.h>
> #include "cupsd.h"
>
> @@ -65,6 +70,12 @@
> # include <gnutls/x509.h>
> #endif /* HAVE_GNUTLS */
>
> +#ifdef WITH_LSPP
> +#include <selinux/selinux.h>
> +#include <selinux/context.h>
> +#include <fcntl.h>
> +#endif /* WITH_LSPP */
> +
>
> /*
> * Local functions...
> @@ -323,6 +334,57 @@
> }
> }
>
> +#ifdef WITH_LSPP
> + if (is_lspp_config())
> + {
> + struct ucred cr;
> + unsigned int cl=sizeof(cr);
> +
> + if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) == 0)
> + {
> + /*
> + * client_pid_to_auid() can be racey
> + * In this case the pid is based on a socket connected to the client
> + */
> + if ((con->auid = client_pid_to_auid(cr.pid)) == -1)
> + {
> + close(con->http.fd);
> + cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: "
> + "unable to determine client auid for client pid=%d", cr.pid);
> + free(con);
> + return;
> + }
> + cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: peer's pid=%d, uid=%d, gid=%d, auid=%d",
> + cr.pid, cr.uid, cr.gid, con->auid);
> + }
> + else
> + {
> + close(con->http.fd);
> + cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getsockopt() failed");
> + free(con);
> + return;
> + }
> +
> + /*
> + * get the context of the peer connection
> + */
> + if (getpeercon(con->http.fd, &con->scon))
> + {
> + close(con->http.fd);
> + cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getpeercon() failed");
> + free(con);
> + return;
> + }
> +
> + cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: client context=%s", con->scon);
> + }
> + else
> + {
> + cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: skipping getpeercon()");
> + cupsdSetString(&con->scon, UNKNOWN_SL);
> + }
> +#endif /* WITH_LSPP */
> +
> #ifdef AF_INET6
> if (con->http.hostaddr->addr.sa_family == AF_INET6)
> cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAcceptClient: %d from %s:%d (IPv6)",
> @@ -711,6 +773,13 @@
> mime_type_t *type; /* MIME type of file */
> cupsd_printer_t *p; /* Printer */
> static unsigned request_id = 0; /* Request ID for temp files */
> +#ifdef WITH_LSPP
> + security_context_t spoolcon; /* context of the job file */
> + context_t clicon; /* contex_t container for con->scon */
> + context_t tmpcon; /* temp context to swap the level */
> + char *clirange; /* SELinux sensitivity range */
> + char *cliclearance; /* SELinux low end clearance */
> +#endif /* WITH_LSPP */
>
>
> status = HTTP_CONTINUE;
> @@ -1797,6 +1866,63 @@
> fchmod(con->file, 0640);
> fchown(con->file, RunUser, Group);
> fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
> +#ifdef WITH_LSPP
> + if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
> + {
> + if (getfilecon(con->filename, &spoolcon) == -1)
> + {
> + cupsdSendError(con, HTTP_SERVER_ERROR);
> + return (cupsdCloseClient(con));
> + }
> + clicon = context_new(con->scon);
> + tmpcon = context_new(spoolcon);
> + freecon(spoolcon);
> + if (!clicon || !tmpcon)
> + {
> + cupsdSendError(con, HTTP_SERVER_ERROR);
> + if (clicon)
> + context_free(clicon);
> + if (tmpcon)
> + context_free(tmpcon);
> + return (cupsdCloseClient(con));
> + }
> + clirange = strdup(context_range_get(clicon));
> + if ((cliclearance = strtok(clirange, "-")) != NULL)
> + {
> + if (context_range_set(tmpcon, cliclearance) == -1)
> + {
> + cupsdSendError(con, HTTP_SERVER_ERROR);
> + free(clirange);
> + context_free(tmpcon);
> + context_free(clicon);
> + return (cupsdCloseClient(con));
> + }
> + }
> + else
> + {
> + if (context_range_set(tmpcon, (context_range_get(clicon))) == -1)
> + {
> + cupsdSendError(con, HTTP_SERVER_ERROR);
> + free(clirange);
> + context_free(tmpcon);
> + context_free(clicon);
> + return (cupsdCloseClient(con));
> + }
> + }
> + free(clirange);
> + if (setfilecon(con->filename, context_str(tmpcon)) == -1)
> + {
> + cupsdSendError(con, HTTP_SERVER_ERROR);
> + context_free(tmpcon);
> + context_free(clicon);
> + return (cupsdCloseClient(con));
> + }
> + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadClient: %s set to %s",
> + con->filename, context_str(tmpcon));
> + context_free(tmpcon);
> + context_free(clicon);
> + }
> +#endif /* WITH_LSPP */
> }
>
> if (con->http.state != HTTP_POST_SEND)
> @@ -3810,6 +3936,50 @@
> #endif /* HAVE_SSL */
>
>
> +#ifdef WITH_LSPP
> +/*
> + * 'client_pid_to_auid()' - Using the client's pid, read /proc and determine the loginuid.
> + */
> +
> +uid_t client_pid_to_auid(pid_t clipid)
> +{
> + uid_t uid;
> + int len, in;
> + char buf[16] = {0};
> + char fname[32] = {0};
> +
> +
> + /*
> + * Hopefully this pid is still the one we are interested in.
> + */
> + snprintf(fname, 32, "/proc/%d/loginuid", clipid);
> + in = open(fname, O_NOFOLLOW|O_RDONLY);
> +
> + if (in < 0)
> + return -1;
> +
> + errno = 0;
> +
> + do {
> + len = read(in, buf, sizeof(buf));
> + } while (len < 0 && errno == EINTR);
> +
> + close(in);
> +
> + if (len < 0 || len >= sizeof(buf))
> + return -1;
> +
> + errno = 0;
> + buf[len] = 0;
> + uid = strtol(buf, 0, 10);
> +
> + if (errno != 0)
> + return -1;
> + else
> + return uid;
> +}
> +#endif /* WITH_LSPP */
> +
> /*
> * 'pipe_command()' - Pipe the output of a command to the remote client.
> */
> --- cups-1.2.4-orig/scheduler/client.h 2006-09-11 10:21:23.000000000 -0400
> +++ cups-1.2.4/scheduler/client.h 2006-09-28 16:31:29.000000000 -0400
> @@ -22,6 +22,13 @@
> * WWW: http://www.cups.org
> */
>
> +/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
> +/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
> +
> +#ifdef WITH_LSPP
> +#include <selinux/selinux.h>
> +#endif /* WITH_LSPP */
> +
> /*
> * HTTP client structure...
> */
> @@ -55,6 +62,10 @@
> http_addr_t clientaddr; /* Client address */
> char servername[256];/* Server name for connection */
> int serverport; /* Server port for connection */
> +#ifdef WITH_LSPP
> + security_context_t scon; /* Security context of connection */
> + uid_t auid; /* Audit loginuid of the client */
> +#endif /* WITH_LSPP */
> };
>
> #define HTTP(con) &((con)->http)
> @@ -119,6 +130,9 @@
> extern void cupsdStopListening(void);
> extern void cupsdUpdateCGI(void);
> extern int cupsdWriteClient(cupsd_client_t *con);
> +#ifdef WITH_LSPP
> +extern uid_t client_pid_to_auid(pid_t clipid);
> +#endif /* WITH_LSPP */
>
>
> /*
> --- cups-1.2.4-orig/scheduler/conf.c 2006-09-28 11:38:08.000000000 -0400
> +++ cups-1.2.4/scheduler/conf.c 2006-09-29 18:23:37.000000000 -0400
> @@ -35,6 +35,7 @@
> * read_configuration() - Read a configuration file.
> * read_location() - Read a <Location path> definition.
> * read_policy() - Read a <Policy name> definition.
> + * is_lspp_config() - Is the system configured for LSPP
> */
>
> /*
> @@ -60,6 +61,9 @@
> # define INADDR_NONE 0xffffffff
> #endif /* !INADDR_NONE */
>
> +#ifdef WITH_LSPP
> +# include <libaudit.h>
> +#endif /* WITH_LSPP */
>
> /*
> * Configuration variable structure...
> @@ -161,6 +165,9 @@
> { "ServerKey", &ServerKey, CUPSD_VARTYPE_STRING },
> # endif /* HAVE_LIBSSL || HAVE_GNUTLS */
> #endif /* HAVE_SSL */
> +#ifdef WITH_LSPP
> + { "AuditLog", &AuditLog, CUPSD_VARTYPE_INTEGER },
> +#endif /* WITH_LSPP */
> #ifdef HAVE_LAUNCHD
> { "LaunchdTimeout", &LaunchdTimeout, CUPSD_VARTYPE_INTEGER },
> { "LaunchdConf", &LaunchdConf, CUPSD_VARTYPE_STRING },
> @@ -223,6 +230,9 @@
> *old_requestroot; /* Old RequestRoot */
> const char *tmpdir; /* TMPDIR environment variable */
> struct stat tmpinfo; /* Temporary directory info */
> +#ifdef WITH_LSPP
> + char *audit_message; /* Audit message string */
> +#endif /* WITH_LSPP */
>
>
> /*
> @@ -470,6 +480,16 @@
>
> RunUser = getuid();
>
> +#ifdef WITH_LSPP
> + /*
> + * ClassifyOverride is set during read_configuration, if its on, report it now
> + */
> + if (ClassifyOverride && AuditLog != -1)
> + audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG,
> + "[Config] ClassifyOverride=enabled Users can override print banners",
> + ServerName, NULL, NULL, 1);
> +#endif /* WITH_LSPP */
> +
> /*
> * See if the ServerName is an IP address...
> */
> @@ -777,11 +797,23 @@
> if (MaxActiveJobs > (MaxFDs / 3))
> MaxActiveJobs = MaxFDs / 3;
>
> - if (Classification && !strcasecmp(Classification, "none"))
> + if (Classification && strcasecmp(Classification, "none") == 0)
> cupsdClearString(&Classification);
>
> if (Classification)
> + {
> cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
> +#ifdef WITH_LSPP
> + if (AuditLog != -1)
> + {
> + audit_message = NULL;
> + cupsdSetStringf(&audit_message, "[Config] Classification=%s", Classification);
> + audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message,
> + ServerName, NULL, NULL, 1);
> + free(audit_message);
> + }
> +#endif /* WITH_LSPP */
> + }
>
> /*
> * Update the MaxClientsPerHost value, as needed...
> @@ -3295,6 +3327,18 @@
> return (0);
> }
>
> +#ifdef WITH_LSPP
> +int is_lspp_config()
> +{
> + if (Classification != NULL)
> + return ((strcasecmp(Classification, MLS_CONFIG) == 0)
> + || (strcasecmp(Classification, TE_CONFIG) == 0)
> + || (strcasecmp(Classification, SELINUX_CONFIG) == 0));
> + else
> + return 0;
> +}
> +#endif /* WITH_LSPP */
> +
>
> /*
> * End of "$Id: conf.c 5905 2006-08-29 20:48:59Z mike $".
> --- cups-1.2.4-orig/scheduler/conf.h 2006-09-28 11:38:08.000000000 -0400
> +++ cups-1.2.4/scheduler/conf.h 2006-09-28 16:31:29.000000000 -0400
> @@ -191,6 +191,10 @@
> /* Server key file */
> # endif /* HAVE_LIBSSL || HAVE_GNUTLS */
> #endif /* HAVE_SSL */
> +#ifdef WITH_LSPP
> +VAR int AuditLog VALUE(-1);
> + /* File descriptor for audit */
> +#endif /* WITH_LSPP */
>
> #ifdef HAVE_LAUNCHD
> VAR int LaunchdTimeout VALUE(DEFAULT_TIMEOUT);
> @@ -213,6 +217,9 @@
> ;
> extern int cupsdLogPage(cupsd_job_t *job, const char *page);
>
> +#ifdef WITH_LSPP
> +extern int is_lspp_config(void);
> +#endif /* WITH_LSPP */
>
> /*
> * End of "$Id: conf.h 5696 2006-06-26 18:34:20Z mike $".
> --- cups-1.2.4-orig/scheduler/ipp.c 2006-09-28 11:38:08.000000000 -0400
> +++ cups-1.2.4/scheduler/ipp.c 2006-10-09 12:16:35.000000000 -0400
> @@ -96,6 +96,9 @@
> * validate_user() - Validate the user for the request.
> */
>
> +/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
> +/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
> +
> /*
> * Include necessary headers...
> */
> @@ -106,6 +109,14 @@
> # include <paper.h>
> #endif /* HAVE_LIBPAPER */
>
> +#ifdef WITH_LSPP
> +#include <libaudit.h>
> +#include <selinux/selinux.h>
> +#include <selinux/context.h>
> +#include <selinux/avc.h>
> +#include <selinux/flask.h>
> +#include <selinux/av_permissions.h>
> +#endif /* WITH_LSPP */
>
> /*
> * PPD default choice structure...
> @@ -1173,6 +1184,20 @@
> int kbytes; /* Size of print file */
> int i; /* Looping var */
> int lowerpagerange; /* Page range bound */
> +#ifdef WITH_LSPP
> + char *audit_message; /* Audit message string */
> + char *printerfile; /* device file pointed to by the printer */
> + char *userheader = NULL; /* User supplied job-sheets[0] */
> + char *userfooter = NULL; /* User supplied job-sheets[1] */
> + int override = 0; /* Was a banner overrode on a job */
> + security_id_t clisid; /* SELinux SID for the client */
> + security_id_t psid; /* SELinux SID for the printer */
> + context_t printercon; /* Printer's context string */
> + security_context_t devcon; /* Printer's SELinux context */
> + struct avc_entry_ref avcref; /* Pointer to the access vector cache */
> + security_class_t tclass; /* Object class for the SELinux check */
> + access_vector_t avr; /* Access method being requested */
> +#endif /* WITH_LSPP */
>
>
> cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %s)", con,
> @@ -1349,6 +1374,101 @@
> return (NULL);
> }
>
> +#ifdef WITH_LSPP
> + if (is_lspp_config())
> + {
> + if (!con->scon || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR, "add_job: missing classification for connection \'%s\'!", dest);
> + send_ipp_status(con, IPP_INTERNAL_ERROR, _("Missing required secuirty attributes."));
> + return (NULL);
> + }
> + else
> + {
> + /*
> + * duplicate the security context and auid of the connection into the job structure
> + */
> + job->scon = strdup(con->scon);
> + job->auid = con->auid;
> +
> + /*
> + * add the security context to the request so that on a restart the security
> + * attributes will be able to be restored
> + */
> + ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "security-context",
> + NULL, job->scon);
> + }
> +
> + /*
> + * Perform an access check so that if the user gets feedback at enqueue time
> + */
> +
> + printerfile = strstr(printer->device_uri, "/dev/");
> + if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0))
> + printerfile = strdup(printer->device_uri + strlen("file:/"));
> +
> + if (printerfile != NULL)
> + {
> + cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: Attempting an access check on printer device %s",
> + printerfile);
> +
> + tclass = SECCLASS_FILE;
> + avr = FILE__WRITE;
> + avc_init("cupsd_enqueue_", NULL, NULL, NULL, NULL);
> + avc_entry_ref_init(&avcref);
> + if (avc_context_to_sid(con->scon, &clisid) != 0)
> + {
> + send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the client"));
> + return (NULL);
> + }
> + if (getfilecon(printerfile, &devcon) == -1)
> + {
> + send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux context of the printer"));
> + return (NULL);
> + }
> + printercon = context_new(devcon);
> + cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: printer context %s client context %s",
> + context_str(printercon), con->scon);
> + context_free(printercon);
> +
> + if (avc_context_to_sid(devcon, &psid) != 0)
> + {
> + send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the printer"));
> + freecon(devcon);
> + return (NULL);
> + }
> + freecon(devcon);
> + if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0)
> + {
> + /*
> + * The access check failed, so cancel the job and send an audit message
> + */
> + if (AuditLog != -1)
> + {
> + audit_message = NULL;
> + cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s obj=%s refused"
> + " unable to access printer=%s", job->id, con->auid,
> + con->username, con->scon, printer->name);
> + audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,
> + ServerName, NULL, NULL, 0);
> + free(audit_message);
> + }
> +
> + send_ipp_status(con, IPP_NOT_AUTHORIZED, _("SELinux prohibits access to the printer"));
> + return (NULL);
> + }
> + }
> + }
> + else
> + {
> + /*
> + * Fill in the security context of the job as unlabeled
> + */
> + cupsdLogMessage(CUPSD_LOG_INFO, "add_job: setting context of job to %s", UNKNOWN_SL);
> + cupsdSetString(&job->scon, UNKNOWN_SL);
> + }
> +#endif /* WITH_LSPP */
> +
> job->dtype = dtype;
> job->attrs = con->request;
> con->request = NULL;
> @@ -1544,6 +1664,29 @@
> attr->values[0].string.text = _cupsStrAlloc(printer->job_sheets[0]);
> attr->values[1].string.text = _cupsStrAlloc(printer->job_sheets[1]);
> }
> +#ifdef WITH_LSPP
> + else
> + {
> + /*
> + * The option was present, so capture the user supplied strings
> + */
> + userheader = strdup(attr->values[0].string.text);
> +
> + if (attr->num_values > 1)
> + userfooter = strdup(attr->values[1].string.text);
> +
> + if (Classification != NULL && (strcmp(userheader, Classification) == 0)
> + && userfooter &&(strcmp(userfooter, Classification) == 0))
> + {
> + /*
> + * Since both values are Classification, the user is not trying to Override
> + */
> + free(userheader);
> + if (userfooter) free(userfooter);
> + userheader = userfooter = NULL;
> + }
> + }
> +#endif /* WITH_LSPP */
>
> job->job_sheets = attr;
>
> @@ -1574,6 +1717,9 @@
> "job-sheets=\"%s,none\", "
> "job-originating-user-name=\"%s\"",
> job->id, Classification, job->username);
> +#ifdef WITH_LSPP
> + override = 1;
> +#endif /* WITH_LSPP */
> }
> else if (attr->num_values == 2 &&
> strcmp(attr->values[0].string.text,
> @@ -1592,6 +1738,9 @@
> "job-originating-user-name=\"%s\"",
> job->id, attr->values[0].string.text,
> attr->values[1].string.text, job->username);
> +#ifdef WITH_LSPP
> + override = 1;
> +#endif /* WITH_LSPP */
> }
> else if (strcmp(attr->values[0].string.text, Classification) &&
> strcmp(attr->values[0].string.text, "none") &&
> @@ -1612,6 +1761,9 @@
> "job-originating-user-name=\"%s\"",
> job->id, attr->values[0].string.text,
> attr->values[1].string.text, job->username);
> +#ifdef WITH_LSPP
> + override = 1;
> +#endif /* WITH_LSPP */
> }
> }
> else if (strcmp(attr->values[0].string.text, Classification) &&
> @@ -1652,7 +1804,50 @@
> "job-sheets=\"%s\", "
> "job-originating-user-name=\"%s\"",
> job->id, Classification, job->username);
> +#ifdef WITH_LSPP
> + override = 1;
> +#endif /* WITH_LSPP */
> + }
> +#ifdef WITH_LSPP
> + if (is_lspp_config() && AuditLog != -1)
> + {
> + audit_message = NULL;
> +
> + if (userheader || userfooter)
> + {
> + if (!override)
> + {
> + /*
> + * The user overrode the banner, so audit it
> + */
> + cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s"
> + " using banners=%s,%s", job->id, userheader,
> + userfooter, attr->values[0].string.text,
> + (attr->num_values > 1) ? attr->values[1].string.text : "(null)");
> + audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message,
> + ServerName, NULL, NULL, 1);
> + }
> + else
> + {
> + /*
> + * The user tried to override the banner, audit the failure
> + */
> + cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s"
> + " ignored banners=%s,%s", job->id, userheader,
> + userfooter, attr->values[0].string.text,
> + (attr->num_values > 1) ? attr->values[1].string.text : "(null)");
> + audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message,
> + ServerName, NULL, NULL, 0);
> }
> + free(audit_message);
> + }
> + }
> +
> + if (userheader)
> + free(userheader);
> + if (userfooter)
> + free(userfooter);
> +#endif /* WITH_LSPP */
> }
>
> /*
> @@ -3504,6 +3699,15 @@
> char attrname[255], /* Name of attribute */
> *s; /* Pointer into name */
> ipp_attribute_t *attr; /* Attribute */
> +#ifdef WITH_LSPP
> + const char *mls_label; /* SL of print job */
> + char *jobrange; /* SELinux sensitivity range */
> + char *jobclearance; /* SELinux low end clearance */
> + context_t jobcon; /* SELinux context of the job */
> + context_t tmpcon; /* Temp context to set the level */
> + security_context_t spoolcon; /* Context of the file in the spool */
> +#endif /* WITH_LSPP */
> +
>
>
> cupsdLogMessage(CUPSD_LOG_DEBUG2, "copy_banner(%p[%d], %p[%d], %s)",
> @@ -3537,6 +3741,77 @@
>
> fchmod(cupsFileNumber(out), 0640);
> fchown(cupsFileNumber(out), RunUser, Group);
> +#ifdef WITH_LSPP
> + if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
> + {
> + if (getfilecon(filename, &spoolcon) == -1)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR,
> + "copy_banner: Unable to get the context of the banner file %s - %s",
> + filename, strerror(errno));
> + job->num_files --;
> + return (0);
> + }
> + tmpcon = context_new(spoolcon);
> + jobcon = context_new(con->scon);
> + freecon(spoolcon);
> + if (!tmpcon || !jobcon)
> + {
> + if (tmpcon)
> + context_free(tmpcon);
> + if (jobcon)
> + context_free(jobcon);
> + cupsdLogMessage(CUPSD_LOG_ERROR,
> + "copy_banner: Unable to get the SELinux contexts");
> + job->num_files --;
> + return (0);
> + }
> + jobrange = strdup(context_range_get(jobcon));
> + if ((jobclearance = strtok(jobrange, "-")) != NULL)
> + {
> + if (context_range_set(tmpcon, jobclearance) == -1)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR,
> + "copy_banner: Unable to set the level of the context for file %s - %s",
> + filename, strerror(errno));
> + free(jobrange);
> + context_free(jobcon);
> + context_free(tmpcon);
> + job->num_files --;
> + return (0);
> + }
> + }
> + else
> + {
> + if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR,
> + "copy_banner: Unable to set the level of the context for file %s - %s",
> + filename, strerror(errno));
> + free(jobrange);
> + context_free(jobcon);
> + context_free(tmpcon);
> + job->num_files --;
> + return (0);
> + }
> + }
> + free(jobrange);
> + if (setfilecon(filename, context_str(tmpcon)) == -1)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR,
> + "copy_banner: Unable to set the context of the banner file %s - %s",
> + filename, strerror(errno));
> + context_free(jobcon);
> + context_free(tmpcon);
> + job->num_files --;
> + return (0);
> + }
> + cupsdLogMessage(CUPSD_LOG_DEBUG2, "copy_banner: %s set to %s",
> + filename, context_str(tmpcon));
> + context_free(jobcon);
> + context_free(tmpcon);
> + }
> +#endif /* WITH_LSPP */
>
> /*
> * Try the localized banner file under the subdirectory...
> @@ -3631,6 +3906,24 @@
> else
> s = attrname;
>
> +#ifdef WITH_LSPP
> + if (strcmp(s, "mls-label") == 0)
> + {
> + if (con->scon != NULL && strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
> + {
> + jobcon = context_new(con->scon);
> + if (strcasecmp(name, MLS_CONFIG) == 0)
> + mls_label = context_range_get(jobcon);
> + else if (strcasecmp(name, TE_CONFIG) == 0)
> + mls_label = context_type_get(jobcon);
> + else // default to using the whole context string
> + mls_label = context_str(jobcon);
> + cupsFilePuts(out, mls_label);
> + context_free(jobcon);
> + }
> + continue;
> + }
> +#endif /* WITH_LSPP */
> if (!strcmp(s, "printer-name"))
> {
> cupsFilePuts(out, job->dest);
> @@ -5352,6 +5645,17 @@
> cupsd_printer_t *printer; /* Printer */
> cups_array_t *list; /* Which job list... */
> cups_array_t *ra; /* Requested attributes array */
> +#ifdef WITH_LSPP
> + int selinuxcheck; /* perform the SELinux access check? */
> + char filename[1024]; /* Filename of the spool file */
> + security_id_t clisid; /* SELinux SID of the client */
> + security_id_t jobsid; /* SELinux SID of the job */
> + security_id_t filesid; /* SELinux SID of the spool file */
> + struct avc_entry_ref avcref; /* AVC entry cache pointer */
> + security_class_t tclass; /* SELinux security class */
> + access_vector_t avr; /* SELinux access being queried */
> + security_context_t spoolfilecon; /* SELinux context of the spool file */
> +#endif /* WITH_LSPP */
>
>
> cupsdLogMessage(CUPSD_LOG_DEBUG2, "get_jobs(%p[%d], %s)", con, con->http.fd,
> @@ -5469,6 +5773,45 @@
>
> ra = create_requested_array(con->request);
>
> +#ifdef WITH_LSPP
> + /*
> + * Determine outside the loop if we are concerned about SELinux
> + */
> + selinuxcheck = is_lspp_config();
> + if (selinuxcheck)
> + {
> + selinuxcheck = security_getenforce();
> + if (selinuxcheck == -1)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR, "get_jobs: unable to determine SELinux enforcement");
> + send_ipp_status(con, IPP_INTERNAL_ERROR, _("Internal SELinux error (getenforce)."));
> + return;
> + }
> + if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
> + selinuxcheck = 0;
> + else
> + {
> + if (avc_init("cups", NULL, NULL, NULL, NULL) < 0)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR, "get_jobs: unable avc_init");
> + send_ipp_status(con, IPP_INTERNAL_ERROR, _("Internal SELinux error (avc_init)."));
> + return;
> + }
> + if (avc_context_to_sid(con->scon, &clisid) != 0)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR, "get_jobs: unable to convert %s to SELinux sid", con->scon);
> + send_ipp_status(con, IPP_INTERNAL_ERROR, _("Internal SELinux error (avc_context_to_sid)."));
> + return;
> + }
> + cupsdLogMessage(CUPSD_LOG_DEBUG, "get_jobs: client context %s", con->scon);
> +
> + avr = FILE__READ;
> + tclass = SECCLASS_FILE;
> + }
> + }
> +#endif /* WITH_LSPP */
> +
> +
> /*
> * OK, build a list of jobs for this printer...
> */
> @@ -5506,6 +5849,42 @@
> if (count > 0)
> ippAddSeparator(con->response);
>
> +#ifdef WITH_LSPP
> + if (selinuxcheck && (strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0))
> + {
> + cupsdLogMessage(CUPSD_LOG_DEBUG, "get_jobs: job context %s", job->scon);
> +
> + avc_context_to_sid(job->scon, &jobsid);
> + avc_entry_ref_init(&avcref);
> +
> + if (avc_has_perm(clisid, jobsid, tclass, avr, &avcref, NULL) != 0)
> + {
> + cupsdLogMessage(CUPSD_LOG_INFO, "get_jobs: SELinux denied access based on the client context");
> + snprintf(filename, sizeof(filename), "%s/c%05d", RequestRoot, job->id);
> + if (getfilecon(filename, &spoolfilecon) == -1)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR, "get_jobs: Unable to get spoolfile context");
> + continue;
> + }
> + if (avc_context_to_sid(spoolfilecon, &filesid) != 0)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR, "get_jobs: Unable to determine the SELinux sid for the spool file");
> + freecon(spoolfilecon);
> + continue;
> + }
> + freecon(spoolfilecon);
> + if (avc_has_perm(clisid, filesid, tclass, avr, &avcref, NULL) != 0)
> + {
> + cupsdLogMessage(CUPSD_LOG_INFO, "get_jobs: SELinux denied access to the spool file");
> + continue;
> + }
> + cupsdLogMessage(CUPSD_LOG_INFO, "get_jobs: SELinux allowed access to the spool file");
> + }
> + else
> + cupsdLogMessage(CUPSD_LOG_INFO, "get_jobs: SELinux allowed access based on the client");
> + }
> +#endif /* WITH_LSPP */
> +
> count ++;
>
> cupsdLogMessage(CUPSD_LOG_DEBUG2, "get_jobs: count = %d", count);
> @@ -7944,12 +8323,22 @@
> * See if we need to add the ending sheet...
> */
>
> +#ifdef WITH_LSPP
> + if (printer &&
> + ( is_lspp_config() ||
> + !(printer->type & (CUPS_PRINTER_REMOTE | CUPS_PRINTER_IMPLICIT)) ) &&
> + (attr = ippFindAttribute(job->attrs, "job-sheets",
> + IPP_TAG_ZERO)) != NULL &&
> + attr->num_values > 1)
> + {
> +#else /* !WITH_LSPP */
> if (printer &&
> !(printer->type & (CUPS_PRINTER_REMOTE | CUPS_PRINTER_IMPLICIT)) &&
> (attr = ippFindAttribute(job->attrs, "job-sheets",
> IPP_TAG_ZERO)) != NULL &&
> attr->num_values > 1)
> {
> +#endif /* WITH_LSPP */
> /*
> * Yes...
> */
> @@ -9201,6 +9590,16 @@
> int userlen) /* I - Length of username */
> {
> cupsd_printer_t *printer; /* Printer for job */
> +#ifdef WITH_LSPP
> + char filename[1024]; /* Job filename */
> + struct avc_entry_ref avcref; /* Pointer to the access vector cache */
> + security_class_t tclass; /* Object class for the SELinux check */
> + access_vector_t avr; /* Access method being requested */
> + security_id_t jobsid; /* SELinux sid for the job */
> + security_id_t consid; /* SELinux sid for the client */
> + security_id_t filesid; /* SELinux sid for the spool file */
> + security_context_t spoolfilecon; /* SELinux context of the spool file */
> +#endif /* WITH_LSPP */
>
>
> cupsdLogMessage(CUPSD_LOG_DEBUG2,
> @@ -9222,6 +9621,59 @@
>
> strlcpy(username, get_username(con), userlen);
>
> +#ifdef WITH_LSPP
> + if (is_lspp_config())
> + {
> + if (!con->scon || !job->scon)
> + return 0;
> +
> + tclass = SECCLASS_FILE;
> + avr = FILE__READ;
> + avc_init("cupsd_validate_user_", NULL, NULL, NULL, NULL);
> + avc_entry_ref_init(&avcref);
> + if (avc_context_to_sid(job->scon, &jobsid) != 0)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR, "validate_user: Unable to determine the SELinux sid for the job");
> + return 0;
> + }
> + if (avc_context_to_sid(con->scon, &consid) != 0)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR, "validate_user: Unable to determine the SELinux sid for the client");
> + return 0;
> + }
> +
> + if (avc_has_perm(consid, jobsid, tclass, avr, &avcref, NULL) != 0)
> + {
> + cupsdLogMessage(CUPSD_LOG_INFO, "validate_user: SELinux denied access for the user");
> + /*
> + * The access check failed, check access on the file
> + */
> + snprintf(filename, sizeof(filename), "%s/c%05d", RequestRoot, job->id);
> + if (getfilecon(filename, &spoolfilecon) == -1)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR, "validate_user: Unable to get spoolfile context");
> + return 0;
> + }
> + if (avc_context_to_sid(spoolfilecon, &filesid) != 0)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR, "validate_user: Unable to determine the SELinux sid for the spool file");
> + freecon(spoolfilecon);
> + return 0;
> + }
> + freecon(spoolfilecon);
> + if (avc_has_perm(consid, filesid, tclass, avr, &avcref, NULL) != 0)
> + {
> + cupsdLogMessage(CUPSD_LOG_INFO, "validate_user: SELinux denied access on the spool file");
> + return 0;
> + }
> + else
> + cupsdLogMessage(CUPSD_LOG_INFO, "validate_user: SELinux allowed access on the spool file");
> + }
> + else
> + cupsdLogMessage(CUPSD_LOG_INFO, "validate_user: SELinux allowed access based on the client context");
> + }
> +#endif /* WITH_LSPP */
> +
> /*
> * Check the username against the owner...
> */
> --- cups-1.2.4-orig/scheduler/job.c 2006-09-28 11:38:08.000000000 -0400
> +++ cups-1.2.4/scheduler/job.c 2006-10-09 12:16:35.000000000 -0400
> @@ -68,6 +68,9 @@
> * unload_job() - Unload a job from memory.
> */
>
> +/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
> +/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
> +
> /*
> * Include necessary headers...
> */
> @@ -77,6 +80,14 @@
> #include <cups/backend.h>
> #include <cups/dir.h>
>
> +#ifdef WITH_LSPP
> +#include <libaudit.h>
> +#include <selinux/selinux.h>
> +#include <selinux/context.h>
> +#include <selinux/avc.h>
> +#include <selinux/flask.h>
> +#include <selinux/av_permissions.h>
> +#endif /* WITH_LSPP */
>
> /*
> * Local globals...
> @@ -1032,6 +1043,23 @@
> cupsdSetString(&job->dest, dest);
> }
>
> +#ifdef WITH_LSPP
> + if ((attr = ippFindAttribute(job->attrs, "security-context", IPP_TAG_NAME)) != NULL)
> + cupsdSetString(&job->scon, attr->values[0].string.text);
> + else if (is_lspp_config())
> + {
> + /*
> + * There was no security context so delete the job
> + */
> + cupsdLogMessage(CUPSD_LOG_ERROR, "LoadAllJobs: Missing or bad security-context attribute in control file \"%s\"!",
> + jobfile);
> + ippDelete(job->attrs);
> + job->attrs = NULL;
> + unlink(jobfile);
> + return;
> + }
> +#endif /* WITH_LSPP */
> +
> job->sheets = ippFindAttribute(job->attrs, "job-media-sheets-completed",
> IPP_TAG_INTEGER);
> job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME);
> @@ -1341,6 +1369,13 @@
> {
> char filename[1024]; /* Job control filename */
> cups_file_t *fp; /* Job file */
> +#ifdef WITH_LSPP
> + security_context_t spoolcon; /* context of the job control file */
> + context_t jobcon; /* contex_t container for job->scon */
> + context_t tmpcon; /* Temp context to swap the level */
> + char *jobclearance; /* SELinux low end clearance */
> + char *jobrange; /* SELinux sensitivity range */
> +#endif /* WITH_LSPP */
>
>
> cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p",
> @@ -1359,6 +1394,72 @@
> fchmod(cupsFileNumber(fp), 0600);
> fchown(cupsFileNumber(fp), RunUser, Group);
>
> +#ifdef WITH_LSPP
> + if (strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
> + {
> + if (getfilecon(filename, &spoolcon) == -1)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR,
> + "Unable to get context of job control file \"%s\" - %s.",
> + filename, strerror(errno));
> + return;
> + }
> + jobcon = context_new(job->scon);
> + tmpcon = context_new(spoolcon);
> + freecon(spoolcon);
> + if (!jobcon || !tmpcon)
> + {
> + if (jobcon)
> + context_free(jobcon);
> + if (tmpcon)
> + context_free(tmpcon);
> + cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get SELinux contexts");
> + return;
> + }
> + jobrange = strdup(context_range_get(jobcon));
> + if ((jobclearance = strtok(jobrange, "-")) != NULL)
> + {
> + if (context_range_set(tmpcon, jobclearance) == -1)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR,
> + "Unable to set the range for job control file \"%s\" - %s.",
> + filename, strerror(errno));
> + free(jobrange);
> + context_free(tmpcon);
> + context_free(jobcon);
> + return;
> + }
> + }
> + else
> + {
> + if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR,
> + "Unable to set the range for job control file \"%s\" - %s.",
> + filename, strerror(errno));
> + free(jobrange);
> + context_free(tmpcon);
> + context_free(jobcon);
> + return;
> + }
> + }
> + free(jobrange);
> + if (setfilecon(filename, context_str(tmpcon)) == -1)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR,
> + "Unable to set context of job control file \"%s\" - %s.",
> + filename, strerror(errno));
> + context_free(tmpcon);
> + context_free(jobcon);
> + return;
> + }
> + cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p): new spool file context=%s",
> + job, context_str(tmpcon));
> + context_free(tmpcon);
> + context_free(jobcon);
> + }
> +#endif /* WITH_LSPP */
> +
> job->attrs->state = IPP_IDLE;
>
> if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL,
> @@ -2487,6 +2588,20 @@
> /* RIP_MAX_CACHE env variable */
> static char *options = NULL;/* Full list of options */
> static int optlength = 0; /* Length of option buffer */
> +#ifdef WITH_LSPP
> + const char *mls_label = NULL; /* SL to put in classification env var */
> + char *label_template = NULL; /* SL to put in classification env var */
> + char *audit_message = NULL; /* Audit message string */
> + char *printerfile = NULL; /* Device file pointed to by the printer */
> + context_t jobcon; /* SELinux context of the job */
> + security_id_t clisid; /* SELinux SID for the client */
> + security_id_t psid; /* SELinux SID for the printer */
> + context_t printercon; /* Printer's context string */
> + security_context_t devcon; /* Printer's SELinux context */
> + struct avc_entry_ref avcref; /* Pointer to the access vector cache */
> + security_class_t tclass; /* Object class for the SELinux check */
> + access_vector_t avr; /* Access method being requested */
> +#endif /* WITH_LSPP */
>
>
> cupsdLogMessage(CUPSD_LOG_DEBUG2, "start_job: id = %d, file = %d/%d",
> @@ -2740,6 +2855,77 @@
>
> cupsdLogMessage(CUPSD_LOG_DEBUG, "banner_page = %d", banner_page);
>
> +#ifdef WITH_LSPP
> + if (is_lspp_config())
> + {
> + /*
> + * Perform an access check before printing, but only if the printer starts with /dev/
> + */
> + printerfile = strstr(printer->device_uri, "/dev/");
> + if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0))
> + printerfile = strdup(printer->device_uri + strlen("file:/"));
> +
> + if (printerfile != NULL)
> + {
> + cupsdLogMessage(CUPSD_LOG_DEBUG,
> + "StartJob: Attempting to check access on printer device %s", printerfile);
> + tclass = SECCLASS_FILE;
> + avr = FILE__WRITE;
> + avc_init("cupsd_dequeue_", NULL, NULL, NULL, NULL);
> + avc_entry_ref_init(&avcref);
> + if (avc_context_to_sid(job->scon, &clisid) != 0)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR,
> + "StartJob: Unable to determine the SELinux sid for the job");
> + cupsdCancelJob(job, 0, IPP_JOB_ABORTED);
> + return ;
> + }
> + if (getfilecon(printerfile, &devcon) == -1)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR, "StartJob: Unable to get the SELinux context of %s",
> + printerfile);
> + cupsdCancelJob(job, 0, IPP_JOB_ABORTED);
> + return ;
> + }
> + printercon = context_new(devcon);
> + cupsdLogMessage(CUPSD_LOG_DEBUG, "StartJob: printer context %s client context %s",
> + context_str(printercon), job->scon);
> + context_free(printercon);
> +
> + if (avc_context_to_sid(devcon, &psid) != 0)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR,
> + "StartJob: Unable to determine the SELinux sid for the printer");
> + freecon(devcon);
> + cupsdCancelJob(job, 0, IPP_JOB_ABORTED);
> + return ;
> + }
> + freecon(devcon);
> +
> + if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0)
> + {
> + /*
> + * The access check failed, so cancel the job and send an audit message
> + */
> + if (AuditLog != -1)
> + {
> + audit_message = NULL;
> + cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s obj=%s canceled"
> + " unable to access printer=%s", job->id,
> + job->auid, (job->username)?job->username:"?", job->scon, printer->name);
> + audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,
> + ServerName, NULL, NULL, 0);
> + free(audit_message);
> + }
> +
> + cupsdCancelJob(job, 0, IPP_JOB_ABORTED);
> +
> + return ;
> + }
> + }
> + }
> +#endif /* WITH_LSPP */
> +
> /*
> * Building the options string is harder than it needs to be, but
> * for the moment we need to pass strings for command-line args and
> @@ -3069,7 +3255,66 @@
> snprintf(classification, sizeof(classification), "CLASSIFICATION=%s",
> attr->values[0].string.text);
>
> +#ifdef WITH_LSPP
> + if (is_lspp_config())
> + {
> + if (!job->scon || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
> + {
> + if (AuditLog != -1)
> + {
> + audit_message = NULL;
> + cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s",
> + job->id, job->auid, job->username, printer->name, title);
> + audit_log_user_message(AuditLog, AUDIT_USER_UNLABELED_EXPORT, audit_message,
> + ServerName, NULL, NULL, 1);
> + free(audit_message);
> + }
> + }
> + else
> + {
> + jobcon = context_new(job->scon);
> +
> + if ((attr = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME)) == NULL)
> + label_template = strdup(Classification);
> + else if (attr->num_values > 1 &&
> + strcmp(attr->values[1].string.text, "none") != 0)
> + label_template = strdup(attr->values[1].string.text);
> + else
> + label_template = strdup(attr->values[0].string.text);
> +
> + if (strcasecmp(label_template, MLS_CONFIG) == 0)
> + mls_label = context_range_get(jobcon);
> + else if (strcasecmp(label_template, TE_CONFIG) == 0)
> + mls_label = context_type_get(jobcon);
> + else if (strcasecmp(label_template, SELINUX_CONFIG) == 0)
> + mls_label = context_str(jobcon);
> + else
> + mls_label = label_template;
> +
> + if (mls_label)
> + snprintf(classification, sizeof(classification), "CLASSIFICATION=%s", mls_label);
> + else
> + bzero(classification, sizeof(classification));
> +
> + if (AuditLog != -1)
> + {
> + audit_message = NULL;
> + cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s"
> + " obj=%s label=%s", job->id, job->auid, job->username,
> + printer->name, title, job->scon, mls_label?mls_label:"none");
> + audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,
> + ServerName, NULL, NULL, 1);
> + free(audit_message);
> + }
> + context_free(jobcon);
> + free(label_template);
> + }
> + }
> + if (classification)
> + envp[envc ++] = classification;
> +#else /* !WITH_LSPP */
> envp[envc ++] = classification;
> +#endif /* WITH_LSPP */
> }
>
> if (job->dtype & (CUPS_PRINTER_CLASS | CUPS_PRINTER_IMPLICIT))
> --- cups-1.2.4-orig/scheduler/job.h 2006-09-19 16:11:08.000000000 -0400
> +++ cups-1.2.4/scheduler/job.h 2006-09-28 16:31:29.000000000 -0400
> @@ -22,6 +22,13 @@
> * WWW: http://www.cups.org
> */
>
> +/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
> +/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
> +
> +#ifdef WITH_LSPP
> +#include <selinux/selinux.h>
> +#endif /* WITH_LSPP */
> +
> /*
> * Job request structure...
> */
> @@ -55,6 +62,10 @@
> int status; /* Status code from filters */
> cupsd_printer_t *printer; /* Printer this job is assigned to */
> int tries; /* Number of tries for this job */
> +#ifdef WITH_LSPP
> + security_context_t scon; /* Security context of job */
> + uid_t auid; /* Audit loginuid for this job */
> +#endif /* WITH_LSPP */
> } cupsd_job_t;
>
>
> --- cups-1.2.4-orig/scheduler/main.c 2006-09-28 11:38:08.000000000 -0400
> +++ cups-1.2.4/scheduler/main.c 2006-09-28 16:31:29.000000000 -0400
> @@ -47,6 +47,8 @@
> * usage() - Show scheduler usage.
> */
>
> +/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
> +
> /*
> * Include necessary headers...
> */
> @@ -69,6 +71,9 @@
> # include <notify.h>
> #endif /* HAVE_NOTIFY_H */
>
> +#ifdef WITH_LSPP
> +# include <libaudit.h>
> +#endif /* WITH_LSPP */
>
> /*
> * Local functions...
> @@ -141,6 +146,9 @@
> int launchd_idle_exit;
> /* Idle exit on select timeout? */
> #endif /* HAVE_LAUNCHD */
> +#if WITH_LSPP
> + auditfail_t failmode; /* Action for audit_open failure */
> +#endif /* WITH_LSPP */
>
>
> /*
> @@ -351,6 +359,25 @@
> #endif /* DEBUG */
> }
>
> +#ifdef WITH_LSPP
> + if ((AuditLog = audit_open()) < 0 )
> + {
> + if (get_auditfail_action(&failmode) == 0)
> + {
> + if (failmode == FAIL_LOG)
> + {
> + cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to connect to audit subsystem.");
> + AuditLog = -1;
> + }
> + else if (failmode == FAIL_TERMINATE)
> + {
> + fprintf(stderr, "cupsd: unable to start auditing, terminating");
> + return -1;
> + }
> + }
> + }
> +#endif /* WITH_LSPP */
> +
> /*
> * Set the timezone info...
> */
> @@ -1115,6 +1142,11 @@
> free(input);
> free(output);
>
> +#ifdef WITH_LSPP
> + if (AuditLog != -1)
> + audit_close(AuditLog);
> +#endif /* WITH_LSPP */
> +
> return (!stop_scheduler);
> }
>
> --- cups-1.2.4-orig/scheduler/printers.c 2006-09-28 11:38:08.000000000 -0400
> +++ cups-1.2.4/scheduler/printers.c 2006-10-02 15:58:22.000000000 -0400
> @@ -57,6 +57,8 @@
> * printing desktop tools.
> */
>
> +/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
> +
> /*
> * Include necessary headers...
> */
> @@ -79,6 +81,10 @@
> static void write_irix_state(cupsd_printer_t *p);
> #endif /* __sgi */
>
> +#ifdef WITH_LSPP
> +# include <libaudit.h>
> +# include <selinux/context.h>
> +#endif /* WITH_LSPP */
>
> /*
> * 'cupsdAddPrinter()' - Add a printer to the system.
> @@ -1472,6 +1478,13 @@
> "two-sided-long-edge",
> "two-sided-short-edge"
> };
> +#ifdef WITH_LSPP
> + char *audit_message; /* Audit message string */
> + char *printerfile; /* Path to a local printer dev */
> + char *rangestr; /* Printer's range if its available */
> + security_context_t devcon; /* Printer SELinux context */
> + context_t printercon; /* context_t for the printer */
> +#endif /* WITH_LSPP */
>
>
> DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name,
> @@ -1579,6 +1592,42 @@
> attr->values[1].string.text = _cupsStrAlloc(Classification ?
> Classification : p->job_sheets[1]);
> }
> +#ifdef WITH_LSPP
> + if (AuditLog != -1)
> + {
> + audit_message = NULL;
> + rangestr = NULL;
> + printercon = 0;
> + printerfile = strstr(p->device_uri, "/dev/");
> + if (printerfile == NULL && (strncmp(p->device_uri, "file:/", 6) == 0))
> + printerfile = strdup(p->device_uri + strlen("file:/"));
> +
> + if (printerfile != NULL)
> + {
> + if (getfilecon(printerfile, &devcon) == -1)
> + cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdSetPrinterAttrs: Unable to get printer context");
> + else
> + {
> + printercon = context_new(devcon);
> + freecon(devcon);
> + }
> + }
> +
> + if (printercon && context_range_get(printercon))
> + rangestr = strdup(context_range_get(printercon));
> + else
> + rangestr = strdup("unknown");
> +
> + cupsdSetStringf(&audit_message, "printer=%s uri=%s banners=%s,%s range=%s",
> + p->name, p->device_uri, p->job_sheets[0], p->job_sheets[1], rangestr);
> + audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message,
> + ServerName, NULL, NULL, 1);
> + if (printercon)
> + context_free(printercon);
> + free(rangestr);
> + free(audit_message);
> + }
> +#endif /* WITH_LSPP */
> }
>
> printer_type = p->type;
>
> ------------------------------------------------------------------------
>
> --- policy/modules/services/cups.te 2006-10-05 11:56:03.000000000 -0400
> +++ policy/modules/services/cups.te-new 2006-10-05 11:55:33.000000000 -0400
> @@ -104,6 +104,9 @@
> allow cupsd_t cupsd_exec_t:dir search;
> allow cupsd_t cupsd_exec_t:lnk_file read;
>
> +allow cupsd_t print_spool_t:file { getattr relabelfrom relabelto write };
> +allow cupsd_t printer_device_t:chr_file getattr;
>
Just added this to latest policy selinux-policy-2.3.19-4
> +
> allow cupsd_t cupsd_log_t:file create_file_perms;
> allow cupsd_t cupsd_log_t:dir { setattr rw_dir_perms };
> logging_log_filetrans(cupsd_t,cupsd_log_t,{ file dir })
> @@ -207,6 +211,13 @@
> # invoking ghostscript needs to read fonts
> miscfiles_read_fonts(cupsd_t)
>
> +mls_fd_use_all_levels(cupsd_t)
> +mls_file_downgrade(cupsd_t)
> +mls_file_write_down(cupsd_t)
> +mls_rangetrans_target(cupsd_t)
> +mls_socket_write_all_levels(cupsd_t)
> +mls_trusted_object(cupsd_var_run_t)
> +
> seutil_read_config(cupsd_t)
>
> sysnet_read_config(cupsd_t)
>
> --- policy/modules/kernel/mls.te 2006-10-05 16:14:14.000000000 -0400
> +++ policy/modules/kernel/mls.te-new 2006-10-05 16:14:07.000000000 -0400
> @@ -65,6 +65,7 @@
>
> ifdef(`enable_mls',`
> range_transition initrc_t auditd_exec_t s15:c0.c1023;
> +range_transition initrc_t cupsd_exec_t s15:c0.c1023;
> range_transition kernel_t init_exec_t s0 - s15:c0.c1023;
> range_transition kernel_t lvm_exec_t s0 - s15:c0.c1023;
> #range_transition initrc_t setrans_exec_t s15:c0.c1023;
>
> --- policy/modules/services/cups.fc 2006-10-04 17:00:01.000000000 -0400
> +++ policy/modules/services/cups.fc-new 2006-10-04 17:01:38.000000000 -0400
> @@ -23,7 +23,7 @@
>
> /usr/libexec/hal_lpadmin -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
>
> -/usr/sbin/cupsd -- gen_context(system_u:object_r:cupsd_exec_t,s0)
> +/usr/sbin/cupsd -- gen_context(system_u:object_r:cupsd_exec_t,s15:c0.c1023)
> /usr/sbin/hal_lpadmin -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
> /usr/sbin/hpiod -- gen_context(system_u:object_r:hplip_exec_t,s0)
> /usr/sbin/printconf-backend -- gen_context(system_u:object_r:cupsd_config_exec_t,s0)
> @@ -37,7 +37,7 @@
>
> /var/cache/alchemist/printconf.* gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
> /var/cache/foomatic(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
> -/var/cache/cups(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
> +/var/cache/cups(/.*)? gen_context(system_u:object_r:cupsd_rw_etc_t,s15:c0.c1023)
>
> /var/lib/cups/certs -d gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
> /var/lib/cups/certs/.* -- gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
> @@ -51,4 +51,4 @@
> /var/run/ptal-printd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
> /var/run/ptal-mlcd(/.*)? gen_context(system_u:object_r:ptal_var_run_t,s0)
>
> -/var/spool/cups(/.*)? gen_context(system_u:object_r:print_spool_t,s0)
> +/var/spool/cups(/.*)? gen_context(system_u:object_r:print_spool_t,s15:c0.c1023)
> --- policy/modules/services/lpd.if 2006-10-03 11:57:03.000000000 -0400
> +++ policy/modules/services/lpd.if-new 2006-10-10 14:55:47.000000000 -0400
> @@ -64,33 +64,9 @@
> allow $1_lpr_t self:udp_socket create_socket_perms;
> allow $1_lpr_t self:netlink_route_socket r_netlink_socket_perms;
>
> - # lpr can run in lightweight mode, without a local print spooler.
> - allow $1_lpr_t lpd_var_run_t:dir search;
> - allow $1_lpr_t lpd_var_run_t:sock_file write;
> - files_read_var_files($1_lpr_t)
> -
> - # Connect to lpd via a Unix domain socket.
> - allow $1_lpr_t printer_t:sock_file rw_file_perms;
> - allow $1_lpr_t lpd_t:unix_stream_socket connectto;
> - # Send SIGHUP to lpd.
> - allow $1_lpr_t lpd_t:process signal;
> -
> can_exec($1_lpr_t,lpr_exec_t)
>
> - allow $1_lpr_t $1_lpr_tmp_t:dir create_dir_perms;
> - allow $1_lpr_t $1_lpr_tmp_t:file create_file_perms;
> - files_tmp_filetrans($1_lpr_t, $1_lpr_tmp_t, { file dir })
> -
> - allow $1_lpr_t $1_print_spool_t:file create_file_perms;
> - allow $1_lpr_t print_spool_t:dir rw_dir_perms;
> - type_transition $1_lpr_t print_spool_t:file $1_print_spool_t;
> - # Read and write shared files in the spool directory.
> - allow $1_lpr_t print_spool_t:file rw_file_perms;
> -
> - allow $1_lpr_t printconf_t:dir r_dir_perms;
> - allow $1_lpr_t printconf_t:file r_file_perms;
> - allow $1_lpr_t printconf_t:lnk_file { getattr read };
> -
> + allow $1_lpr_t printer_device_t:file write;
> dontaudit $1_lpr_t $2:unix_stream_socket { read write };
>
> # Transition from the user domain to the derived domain.
>
More information about the redhat-lspp
mailing list