|
 |
dc9527 |
diff -up cups-1.6.3/config.h.in.lspp cups-1.6.3/config.h.in
|
|
|
dc9527 |
--- cups-1.6.3/config.h.in.lspp 2015-06-10 11:45:38.074441762 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/config.h.in 2015-06-10 11:45:38.158441533 +0200
|
|
|
dc9527 |
@@ -747,6 +747,13 @@ static __inline int _cups_abs(int i) { r
|
|
|
dc9527 |
# endif /* __GNUC__ || __STDC_VERSION__ */
|
|
|
dc9527 |
#endif /* !HAVE_ABS && !abs */
|
|
|
dc9527 |
|
|
|
dc9527 |
+/*
|
|
|
dc9527 |
+ * Are we trying to meet LSPP requirements?
|
|
|
dc9527 |
+ */
|
|
|
dc9527 |
+
|
|
|
dc9527 |
+#undef WITH_LSPP
|
|
|
dc9527 |
+
|
|
|
dc9527 |
+
|
|
|
dc9527 |
#endif /* !_CUPS_CONFIG_H_ */
|
|
|
dc9527 |
|
|
|
dc9527 |
/*
|
|
|
ea9550 |
diff -up cups-1.6.3/config-scripts/cups-lspp.m4.lspp cups-1.6.3/config-scripts/cups-lspp.m4
|
|
|
dc9527 |
--- cups-1.6.3/config-scripts/cups-lspp.m4.lspp 2015-06-10 11:45:38.157441536 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/config-scripts/cups-lspp.m4 2015-06-10 11:45:38.157441536 +0200
|
|
|
ea9550 |
@@ -0,0 +1,36 @@
|
|
|
ea9550 |
+dnl
|
|
|
ea9550 |
+dnl LSPP code for the Common UNIX Printing System (CUPS).
|
|
|
ea9550 |
+dnl
|
|
|
ea9550 |
+dnl Copyright 2005-2006 by Hewlett-Packard Development Company, L.P.
|
|
|
ea9550 |
+dnl
|
|
|
ea9550 |
+dnl This program is free software; you can redistribute it and/or modify
|
|
|
ea9550 |
+dnl it under the terms of the GNU General Public License as published by
|
|
|
ea9550 |
+dnl the Free Software Foundation; version 2.
|
|
|
ea9550 |
+dnl
|
|
|
ea9550 |
+dnl This program is distributed in the hope that it will be useful, but
|
|
|
ea9550 |
+dnl WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
ea9550 |
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
ea9550 |
+dnl General Public License for more details.
|
|
|
ea9550 |
+dnl
|
|
|
ea9550 |
+dnl You should have received a copy of the GNU General Public License
|
|
|
ea9550 |
+dnl along with this program; if not, write to the Free Software Foundation,
|
|
|
ea9550 |
+dnl Inc., 51 Franklin Street, Fifth Floor Boston, MA 02110-1301 USA
|
|
|
ea9550 |
+dnl
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+dnl Are we trying to meet LSPP requirements
|
|
|
ea9550 |
+AC_ARG_ENABLE(lspp, [ --enable-lspp turn on auditing and label support, default=no])
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+if test x"$enable_lspp" != xno; then
|
|
|
ea9550 |
+ case "$uname" in
|
|
|
ea9550 |
+ Linux)
|
|
|
ea9550 |
+ AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)])
|
|
|
ea9550 |
+ AC_CHECK_HEADER(libaudit.h)
|
|
|
ea9550 |
+ AC_CHECK_LIB(selinux,getpeercon, [LIBSELINUX="-lselinux" AC_SUBST(LIBSELINUX)])
|
|
|
ea9550 |
+ AC_CHECK_HEADER(selinux/selinux.h)
|
|
|
ea9550 |
+ AC_DEFINE(WITH_LSPP)
|
|
|
ea9550 |
+ ;;
|
|
|
ea9550 |
+ *)
|
|
|
ea9550 |
+ # All others
|
|
|
ea9550 |
+ ;;
|
|
|
ea9550 |
+ esac
|
|
|
ea9550 |
+fi
|
|
|
ea9550 |
diff -up cups-1.6.3/configure.in.lspp cups-1.6.3/configure.in
|
|
|
dc9527 |
--- cups-1.6.3/configure.in.lspp 2015-06-10 11:45:38.075441759 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/configure.in 2015-06-10 11:45:38.158441533 +0200
|
|
|
ea9550 |
@@ -37,6 +37,8 @@ sinclude(config-scripts/cups-systemd.m4)
|
|
|
ea9550 |
sinclude(config-scripts/cups-defaults.m4)
|
|
|
ea9550 |
sinclude(config-scripts/cups-scripting.m4)
|
|
|
ea9550 |
|
|
|
ea9550 |
+sinclude(config-scripts/cups-lspp.m4)
|
|
|
ea9550 |
+
|
|
|
ea9550 |
INSTALL_LANGUAGES=""
|
|
|
ea9550 |
UNINSTALL_LANGUAGES=""
|
|
|
ea9550 |
LANGFILES=""
|
|
|
ea9550 |
diff -up cups-1.6.3/data/Makefile.lspp cups-1.6.3/data/Makefile
|
|
|
dc9527 |
--- cups-1.6.3/data/Makefile.lspp 2015-06-10 11:45:38.075441759 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/data/Makefile 2015-06-10 11:45:38.158441533 +0200
|
|
|
ea9550 |
@@ -25,7 +25,11 @@ BANNERS = \
|
|
|
ea9550 |
secret \
|
|
|
ea9550 |
standard \
|
|
|
ea9550 |
topsecret \
|
|
|
ea9550 |
- unclassified
|
|
|
ea9550 |
+ unclassified \
|
|
|
ea9550 |
+ selinux \
|
|
|
ea9550 |
+ mls \
|
|
|
ea9550 |
+ te
|
|
|
ea9550 |
+
|
|
|
ea9550 |
|
|
|
ea9550 |
DATAFILES = \
|
|
|
ea9550 |
testprint
|
|
|
ea9550 |
diff -up cups-1.6.3/data/mls.lspp cups-1.6.3/data/mls
|
|
|
dc9527 |
--- cups-1.6.3/data/mls.lspp 2015-06-10 11:45:38.158441533 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/data/mls 2015-06-10 11:45:38.158441533 +0200
|
|
|
ea9550 |
@@ -0,0 +1,261 @@
|
|
|
ea9550 |
+%!PS-Adobe-3.0
|
|
|
ea9550 |
+%%BoundingBox: 0 0 612 792
|
|
|
ea9550 |
+%%Pages: 1
|
|
|
ea9550 |
+%%LanguageLevel: 1
|
|
|
ea9550 |
+%%DocumentData: Clean7Bit
|
|
|
ea9550 |
+%%DocumentSuppliedResources: procset bannerprint/1.0
|
|
|
ea9550 |
+%%DocumentNeededResources: font Helvetica Helvetica-Bold Times-Roman
|
|
|
ea9550 |
+%%Creator: Michael Sweet, Easy Software Products
|
|
|
ea9550 |
+%%CreationDate: May 10, 2000
|
|
|
ea9550 |
+%%Title: Test Page
|
|
|
ea9550 |
+%%EndComments
|
|
|
ea9550 |
+%%BeginProlog
|
|
|
ea9550 |
+%%BeginResource procset bannerprint 1.1 0
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% PostScript banner page for the Common UNIX Printing System ("CUPS").
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% Copyright 1993-2005 by Easy Software Products
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% These coded instructions, statements, and computer programs are the
|
|
|
ea9550 |
+% property of Easy Software Products and are protected by Federal
|
|
|
ea9550 |
+% copyright law. Distribution and use rights are outlined in the file
|
|
|
ea9550 |
+% "LICENSE.txt" which should have been included with this file. If this
|
|
|
ea9550 |
+% file is missing or damaged please contact Easy Software Products
|
|
|
ea9550 |
+% at:
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% Attn: CUPS Licensing Information
|
|
|
ea9550 |
+% Easy Software Products
|
|
|
ea9550 |
+% 44141 Airport View Drive, Suite 204
|
|
|
ea9550 |
+% Hollywood, Maryland 20636 USA
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% Voice: (301) 373-9600
|
|
|
ea9550 |
+% EMail: cups-info@cups.org
|
|
|
ea9550 |
+% WWW: http://www.cups.org
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+/CENTER { % Draw centered text
|
|
|
ea9550 |
+ % (name) CENTER -
|
|
|
ea9550 |
+ dup stringwidth pop % Get the width of the string
|
|
|
ea9550 |
+ 0.5 mul neg 0 rmoveto % Shift left 1/2 of the distance
|
|
|
ea9550 |
+ show % Show the string
|
|
|
ea9550 |
+} bind def
|
|
|
ea9550 |
+/RIGHT { % Draw right-justified text
|
|
|
ea9550 |
+ % (name) RIGHT -
|
|
|
ea9550 |
+ dup stringwidth pop % Get the width of the string
|
|
|
ea9550 |
+ neg 0 rmoveto % Shift left the entire distance
|
|
|
ea9550 |
+ show % Show the string
|
|
|
ea9550 |
+} bind def
|
|
|
ea9550 |
+/NUMBER { % Draw a number
|
|
|
ea9550 |
+ % power n NUMBER -
|
|
|
ea9550 |
+ 1 index 1 eq { % power == 1?
|
|
|
ea9550 |
+ round cvi exch pop % Convert "n" to integer
|
|
|
ea9550 |
+ } {
|
|
|
ea9550 |
+ 1 index mul round exch div % Truncate extra decimal places
|
|
|
ea9550 |
+ } ifelse
|
|
|
ea9550 |
+ 100 string cvs show % Convert to a string and show it...
|
|
|
ea9550 |
+} bind def
|
|
|
ea9550 |
+/CUPSLOGO { % Draw the CUPS logo
|
|
|
ea9550 |
+ % height CUPSLOGO
|
|
|
ea9550 |
+ % Start with a big C...
|
|
|
ea9550 |
+ /Helvetica findfont 1 index scalefont setfont
|
|
|
ea9550 |
+ 0 setgray
|
|
|
ea9550 |
+ 0 0 moveto
|
|
|
ea9550 |
+ (C) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Then "UNIX Printing System" much smaller...
|
|
|
ea9550 |
+ /Helvetica-Bold findfont 1 index 9 div scalefont setfont
|
|
|
ea9550 |
+ 0.25 mul
|
|
|
ea9550 |
+ dup dup 2.0 mul moveto
|
|
|
ea9550 |
+ (UNIX) show
|
|
|
ea9550 |
+ dup dup 1.6 mul moveto
|
|
|
ea9550 |
+ (Printing) show
|
|
|
ea9550 |
+ dup 1.2 mul moveto
|
|
|
ea9550 |
+ (System) show
|
|
|
ea9550 |
+} bind def
|
|
|
ea9550 |
+/ESPLOGO { % Draw the ESP logo
|
|
|
ea9550 |
+ % height ESPLOGO
|
|
|
ea9550 |
+ % Compute the size of the logo...
|
|
|
ea9550 |
+ 0 0
|
|
|
ea9550 |
+ 2 index 1.5 mul 3 index
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Do the "metallic" fill from 10% black to 40% black...
|
|
|
ea9550 |
+ 1 -0.001 0 {
|
|
|
ea9550 |
+ dup % loopval
|
|
|
ea9550 |
+ -0.15 mul % loopval * -0.15
|
|
|
ea9550 |
+ 0.9 add % 0.9 - loopval * 0.15
|
|
|
ea9550 |
+ setgray % set gray shade
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 0 % x
|
|
|
ea9550 |
+ 1 index neg % loopval
|
|
|
ea9550 |
+ 1 add % 1 - loopval
|
|
|
ea9550 |
+ 3 index % height
|
|
|
ea9550 |
+ mul % height * (1 - loopval)
|
|
|
ea9550 |
+ moveto % starting point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ dup % loopval
|
|
|
ea9550 |
+ 3 index % width
|
|
|
ea9550 |
+ mul % loopval * width
|
|
|
ea9550 |
+ 2 index % height
|
|
|
ea9550 |
+ lineto % Next point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 0 % x
|
|
|
ea9550 |
+ 2 index % height
|
|
|
ea9550 |
+ lineto % Next point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ closepath
|
|
|
ea9550 |
+ fill
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ dup % loopval
|
|
|
ea9550 |
+ 0.15 mul % loopval * 0.15
|
|
|
ea9550 |
+ 0.6 add % 0.6 + loopval * 0.15
|
|
|
ea9550 |
+ setgray
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ dup % loopval
|
|
|
ea9550 |
+ neg 1 add % 1 - loopval
|
|
|
ea9550 |
+ 3 index % width
|
|
|
ea9550 |
+ mul % (1 - loopval) * width
|
|
|
ea9550 |
+ 0 % y
|
|
|
ea9550 |
+ moveto % Starting point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 2 index % width
|
|
|
ea9550 |
+ exch % loopval
|
|
|
ea9550 |
+ 2 index % height
|
|
|
ea9550 |
+ mul % loopval * height
|
|
|
ea9550 |
+ lineto % Next point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 1 index % width
|
|
|
ea9550 |
+ 0 % y
|
|
|
ea9550 |
+ lineto % Next point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ closepath
|
|
|
ea9550 |
+ fill
|
|
|
ea9550 |
+ } for
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 0 setgray rectstroke
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /Helvetica-BoldOblique findfont 1 index 3 div scalefont setfont
|
|
|
ea9550 |
+ dup 40 div
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ dup 4 mul 1 index 25 mul moveto (E) show
|
|
|
ea9550 |
+ dup 10 mul 1 index 15 mul moveto (S) show
|
|
|
ea9550 |
+ dup 16 mul 1 index 5 mul moveto (P) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /Helvetica-BoldOblique findfont 2 index 5 div scalefont setfont
|
|
|
ea9550 |
+ dup 14 mul 1 index 29 mul moveto (asy) show
|
|
|
ea9550 |
+ dup 20 mul 1 index 19 mul moveto (oftware) show
|
|
|
ea9550 |
+ dup 26 mul 1 index 9 mul moveto (roducts) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pop
|
|
|
ea9550 |
+} bind def
|
|
|
ea9550 |
+%%EndResource
|
|
|
ea9550 |
+%%EndProlog
|
|
|
ea9550 |
+%%Page: 1 1
|
|
|
ea9550 |
+gsave
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Determine the imageable area and device resolution...
|
|
|
ea9550 |
+ initclip newpath clippath pathbbox % Get bounding rectangle
|
|
|
ea9550 |
+ 72 div /pageTop exch def % Get top margin in inches
|
|
|
ea9550 |
+ 72 div /pageRight exch def % Get right margin in inches
|
|
|
ea9550 |
+ 72 div /pageBottom exch def % Get bottom margin in inches
|
|
|
ea9550 |
+ 72 div /pageLeft exch def % Get left margin in inches
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /pageWidth pageRight pageLeft sub def % pageWidth = pageRight - pageLeft
|
|
|
ea9550 |
+ /pageHeight pageTop pageBottom sub def% pageHeight = pageTop - pageBottom
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /boxWidth % width of text box
|
|
|
ea9550 |
+ pageWidth pageHeight lt
|
|
|
ea9550 |
+ { pageWidth 54 mul }
|
|
|
ea9550 |
+ { pageHeight 42 mul }
|
|
|
ea9550 |
+ ifelse def
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ newpath % Clear bounding path
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Create fonts...
|
|
|
ea9550 |
+ /bigFont /Helvetica-Bold findfont % bigFont = Helvetica-Bold
|
|
|
ea9550 |
+ pageHeight 3 mul scalefont def % size = pageHeight * 3 (nominally 33)
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /mediumFont /Helvetica findfont % mediumFont = Helvetica
|
|
|
ea9550 |
+ pageHeight 1.5 mul scalefont def % size = pageHeight * 1.5 (nominally 16.5)
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Offset page to account for lower-left margin...
|
|
|
ea9550 |
+ pageLeft 72 mul
|
|
|
ea9550 |
+ pageBottom 72 mul
|
|
|
ea9550 |
+ translate
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Job information box...
|
|
|
ea9550 |
+ pageWidth 36 mul 9 add % x = pageWidth * 1/2 * 72 + 9
|
|
|
ea9550 |
+ boxWidth 0.5 mul sub % x-= 1/2 box width
|
|
|
ea9550 |
+ pageHeight 30 mul 9 sub % y = pageHeight * 1/2 * 72 - 9
|
|
|
ea9550 |
+ boxWidth % w = box width
|
|
|
ea9550 |
+ pageHeight 14 mul % h = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+ 0.5 setgray rectfill % Draw a shadow
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
|
|
|
ea9550 |
+ boxWidth 0.5 mul sub % x-= 1/2 box width
|
|
|
ea9550 |
+ pageHeight 30 mul % y = pageHeight * 1/4 * 72
|
|
|
ea9550 |
+ boxWidth % w = box width
|
|
|
ea9550 |
+ pageHeight 14 mul % h = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 4 copy 1 setgray rectfill % Clear the box to white
|
|
|
ea9550 |
+ 0 setgray rectstroke % Draw a black box around it...
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Job information text...
|
|
|
ea9550 |
+ mediumFont setfont % Medium sized font
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 36 mul % y = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 5 mul add % y += 2 lines
|
|
|
ea9550 |
+ 2 copy % Copy X & Y
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ (Job ID: ) RIGHT
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ ({printer-name}-{job-id}) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 36 mul % y = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 2 mul add % y += 1 line
|
|
|
ea9550 |
+ 2 copy % Copy X & Y
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ (Title: ) RIGHT
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ ({job-name}) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 36 mul % y = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight -1 mul add % y -= 1 line
|
|
|
ea9550 |
+ 2 copy % Copy X & Y
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ (Requesting User: ) RIGHT
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ ({job-originating-user-name}) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 36 mul % y = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight -4 mul add % y -= 2 lines
|
|
|
ea9550 |
+ 2 copy % Copy X & Y
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ (Billing Info: ) RIGHT
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ ({?job-billing}) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Then the CUPS logo....
|
|
|
ea9550 |
+ gsave
|
|
|
ea9550 |
+ pageWidth 4 mul
|
|
|
ea9550 |
+ pageWidth 6 mul
|
|
|
ea9550 |
+ translate
|
|
|
ea9550 |
+ pageWidth 9 mul CUPSLOGO
|
|
|
ea9550 |
+ grestore
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % And the ESP logo....
|
|
|
ea9550 |
+ gsave
|
|
|
ea9550 |
+ pageWidth 59 mul
|
|
|
ea9550 |
+ pageWidth 6 mul
|
|
|
ea9550 |
+ translate
|
|
|
ea9550 |
+ pageWidth 6 mul ESPLOGO
|
|
|
ea9550 |
+ grestore
|
|
|
ea9550 |
+% Show the page...
|
|
|
ea9550 |
+grestore
|
|
|
ea9550 |
+showpage
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% End of "$Id: mls_template,v 1.1 2005/06/27 18:44:46 colmo Exp $".
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+%%EOF
|
|
|
ea9550 |
diff -up cups-1.6.3/data/selinux.lspp cups-1.6.3/data/selinux
|
|
|
dc9527 |
--- cups-1.6.3/data/selinux.lspp 2015-06-10 11:45:38.158441533 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/data/selinux 2015-06-10 11:45:38.158441533 +0200
|
|
|
ea9550 |
@@ -0,0 +1,261 @@
|
|
|
ea9550 |
+%!PS-Adobe-3.0
|
|
|
ea9550 |
+%%BoundingBox: 0 0 612 792
|
|
|
ea9550 |
+%%Pages: 1
|
|
|
ea9550 |
+%%LanguageLevel: 1
|
|
|
ea9550 |
+%%DocumentData: Clean7Bit
|
|
|
ea9550 |
+%%DocumentSuppliedResources: procset bannerprint/1.0
|
|
|
ea9550 |
+%%DocumentNeededResources: font Helvetica Helvetica-Bold Times-Roman
|
|
|
ea9550 |
+%%Creator: Michael Sweet, Easy Software Products
|
|
|
ea9550 |
+%%CreationDate: May 10, 2000
|
|
|
ea9550 |
+%%Title: Test Page
|
|
|
ea9550 |
+%%EndComments
|
|
|
ea9550 |
+%%BeginProlog
|
|
|
ea9550 |
+%%BeginResource procset bannerprint 1.1 0
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% PostScript banner page for the Common UNIX Printing System ("CUPS").
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% Copyright 1993-2005 by Easy Software Products
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% These coded instructions, statements, and computer programs are the
|
|
|
ea9550 |
+% property of Easy Software Products and are protected by Federal
|
|
|
ea9550 |
+% copyright law. Distribution and use rights are outlined in the file
|
|
|
ea9550 |
+% "LICENSE.txt" which should have been included with this file. If this
|
|
|
ea9550 |
+% file is missing or damaged please contact Easy Software Products
|
|
|
ea9550 |
+% at:
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% Attn: CUPS Licensing Information
|
|
|
ea9550 |
+% Easy Software Products
|
|
|
ea9550 |
+% 44141 Airport View Drive, Suite 204
|
|
|
ea9550 |
+% Hollywood, Maryland 20636 USA
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% Voice: (301) 373-9600
|
|
|
ea9550 |
+% EMail: cups-info@cups.org
|
|
|
ea9550 |
+% WWW: http://www.cups.org
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+/CENTER { % Draw centered text
|
|
|
ea9550 |
+ % (name) CENTER -
|
|
|
ea9550 |
+ dup stringwidth pop % Get the width of the string
|
|
|
ea9550 |
+ 0.5 mul neg 0 rmoveto % Shift left 1/2 of the distance
|
|
|
ea9550 |
+ show % Show the string
|
|
|
ea9550 |
+} bind def
|
|
|
ea9550 |
+/RIGHT { % Draw right-justified text
|
|
|
ea9550 |
+ % (name) RIGHT -
|
|
|
ea9550 |
+ dup stringwidth pop % Get the width of the string
|
|
|
ea9550 |
+ neg 0 rmoveto % Shift left the entire distance
|
|
|
ea9550 |
+ show % Show the string
|
|
|
ea9550 |
+} bind def
|
|
|
ea9550 |
+/NUMBER { % Draw a number
|
|
|
ea9550 |
+ % power n NUMBER -
|
|
|
ea9550 |
+ 1 index 1 eq { % power == 1?
|
|
|
ea9550 |
+ round cvi exch pop % Convert "n" to integer
|
|
|
ea9550 |
+ } {
|
|
|
ea9550 |
+ 1 index mul round exch div % Truncate extra decimal places
|
|
|
ea9550 |
+ } ifelse
|
|
|
ea9550 |
+ 100 string cvs show % Convert to a string and show it...
|
|
|
ea9550 |
+} bind def
|
|
|
ea9550 |
+/CUPSLOGO { % Draw the CUPS logo
|
|
|
ea9550 |
+ % height CUPSLOGO
|
|
|
ea9550 |
+ % Start with a big C...
|
|
|
ea9550 |
+ /Helvetica findfont 1 index scalefont setfont
|
|
|
ea9550 |
+ 0 setgray
|
|
|
ea9550 |
+ 0 0 moveto
|
|
|
ea9550 |
+ (C) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Then "UNIX Printing System" much smaller...
|
|
|
ea9550 |
+ /Helvetica-Bold findfont 1 index 9 div scalefont setfont
|
|
|
ea9550 |
+ 0.25 mul
|
|
|
ea9550 |
+ dup dup 2.0 mul moveto
|
|
|
ea9550 |
+ (UNIX) show
|
|
|
ea9550 |
+ dup dup 1.6 mul moveto
|
|
|
ea9550 |
+ (Printing) show
|
|
|
ea9550 |
+ dup 1.2 mul moveto
|
|
|
ea9550 |
+ (System) show
|
|
|
ea9550 |
+} bind def
|
|
|
ea9550 |
+/ESPLOGO { % Draw the ESP logo
|
|
|
ea9550 |
+ % height ESPLOGO
|
|
|
ea9550 |
+ % Compute the size of the logo...
|
|
|
ea9550 |
+ 0 0
|
|
|
ea9550 |
+ 2 index 1.5 mul 3 index
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Do the "metallic" fill from 10% black to 40% black...
|
|
|
ea9550 |
+ 1 -0.001 0 {
|
|
|
ea9550 |
+ dup % loopval
|
|
|
ea9550 |
+ -0.15 mul % loopval * -0.15
|
|
|
ea9550 |
+ 0.9 add % 0.9 - loopval * 0.15
|
|
|
ea9550 |
+ setgray % set gray shade
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 0 % x
|
|
|
ea9550 |
+ 1 index neg % loopval
|
|
|
ea9550 |
+ 1 add % 1 - loopval
|
|
|
ea9550 |
+ 3 index % height
|
|
|
ea9550 |
+ mul % height * (1 - loopval)
|
|
|
ea9550 |
+ moveto % starting point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ dup % loopval
|
|
|
ea9550 |
+ 3 index % width
|
|
|
ea9550 |
+ mul % loopval * width
|
|
|
ea9550 |
+ 2 index % height
|
|
|
ea9550 |
+ lineto % Next point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 0 % x
|
|
|
ea9550 |
+ 2 index % height
|
|
|
ea9550 |
+ lineto % Next point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ closepath
|
|
|
ea9550 |
+ fill
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ dup % loopval
|
|
|
ea9550 |
+ 0.15 mul % loopval * 0.15
|
|
|
ea9550 |
+ 0.6 add % 0.6 + loopval * 0.15
|
|
|
ea9550 |
+ setgray
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ dup % loopval
|
|
|
ea9550 |
+ neg 1 add % 1 - loopval
|
|
|
ea9550 |
+ 3 index % width
|
|
|
ea9550 |
+ mul % (1 - loopval) * width
|
|
|
ea9550 |
+ 0 % y
|
|
|
ea9550 |
+ moveto % Starting point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 2 index % width
|
|
|
ea9550 |
+ exch % loopval
|
|
|
ea9550 |
+ 2 index % height
|
|
|
ea9550 |
+ mul % loopval * height
|
|
|
ea9550 |
+ lineto % Next point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 1 index % width
|
|
|
ea9550 |
+ 0 % y
|
|
|
ea9550 |
+ lineto % Next point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ closepath
|
|
|
ea9550 |
+ fill
|
|
|
ea9550 |
+ } for
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 0 setgray rectstroke
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /Helvetica-BoldOblique findfont 1 index 3 div scalefont setfont
|
|
|
ea9550 |
+ dup 40 div
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ dup 4 mul 1 index 25 mul moveto (E) show
|
|
|
ea9550 |
+ dup 10 mul 1 index 15 mul moveto (S) show
|
|
|
ea9550 |
+ dup 16 mul 1 index 5 mul moveto (P) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /Helvetica-BoldOblique findfont 2 index 5 div scalefont setfont
|
|
|
ea9550 |
+ dup 14 mul 1 index 29 mul moveto (asy) show
|
|
|
ea9550 |
+ dup 20 mul 1 index 19 mul moveto (oftware) show
|
|
|
ea9550 |
+ dup 26 mul 1 index 9 mul moveto (roducts) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pop
|
|
|
ea9550 |
+} bind def
|
|
|
ea9550 |
+%%EndResource
|
|
|
ea9550 |
+%%EndProlog
|
|
|
ea9550 |
+%%Page: 1 1
|
|
|
ea9550 |
+gsave
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Determine the imageable area and device resolution...
|
|
|
ea9550 |
+ initclip newpath clippath pathbbox % Get bounding rectangle
|
|
|
ea9550 |
+ 72 div /pageTop exch def % Get top margin in inches
|
|
|
ea9550 |
+ 72 div /pageRight exch def % Get right margin in inches
|
|
|
ea9550 |
+ 72 div /pageBottom exch def % Get bottom margin in inches
|
|
|
ea9550 |
+ 72 div /pageLeft exch def % Get left margin in inches
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /pageWidth pageRight pageLeft sub def % pageWidth = pageRight - pageLeft
|
|
|
ea9550 |
+ /pageHeight pageTop pageBottom sub def% pageHeight = pageTop - pageBottom
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /boxWidth % width of text box
|
|
|
ea9550 |
+ pageWidth pageHeight lt
|
|
|
ea9550 |
+ { pageWidth 54 mul }
|
|
|
ea9550 |
+ { pageHeight 42 mul }
|
|
|
ea9550 |
+ ifelse def
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ newpath % Clear bounding path
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Create fonts...
|
|
|
ea9550 |
+ /bigFont /Helvetica-Bold findfont % bigFont = Helvetica-Bold
|
|
|
ea9550 |
+ pageHeight 3 mul scalefont def % size = pageHeight * 3 (nominally 33)
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /mediumFont /Helvetica findfont % mediumFont = Helvetica
|
|
|
ea9550 |
+ pageHeight 1.5 mul scalefont def % size = pageHeight * 1.5 (nominally 16.5)
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Offset page to account for lower-left margin...
|
|
|
ea9550 |
+ pageLeft 72 mul
|
|
|
ea9550 |
+ pageBottom 72 mul
|
|
|
ea9550 |
+ translate
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Job information box...
|
|
|
ea9550 |
+ pageWidth 36 mul 9 add % x = pageWidth * 1/2 * 72 + 9
|
|
|
ea9550 |
+ boxWidth 0.5 mul sub % x-= 1/2 box width
|
|
|
ea9550 |
+ pageHeight 30 mul 9 sub % y = pageHeight * 1/2 * 72 - 9
|
|
|
ea9550 |
+ boxWidth % w = box width
|
|
|
ea9550 |
+ pageHeight 14 mul % h = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+ 0.5 setgray rectfill % Draw a shadow
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
|
|
|
ea9550 |
+ boxWidth 0.5 mul sub % x-= 1/2 box width
|
|
|
ea9550 |
+ pageHeight 30 mul % y = pageHeight * 1/4 * 72
|
|
|
ea9550 |
+ boxWidth % w = box width
|
|
|
ea9550 |
+ pageHeight 14 mul % h = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 4 copy 1 setgray rectfill % Clear the box to white
|
|
|
ea9550 |
+ 0 setgray rectstroke % Draw a black box around it...
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Job information text...
|
|
|
ea9550 |
+ mediumFont setfont % Medium sized font
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 36 mul % y = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 5 mul add % y += 2 lines
|
|
|
ea9550 |
+ 2 copy % Copy X & Y
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ (Job ID: ) RIGHT
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ ({printer-name}-{job-id}) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 36 mul % y = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 2 mul add % y += 1 line
|
|
|
ea9550 |
+ 2 copy % Copy X & Y
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ (Title: ) RIGHT
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ ({job-name}) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 36 mul % y = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight -1 mul add % y -= 1 line
|
|
|
ea9550 |
+ 2 copy % Copy X & Y
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ (Requesting User: ) RIGHT
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ ({job-originating-user-name}) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 36 mul % y = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight -4 mul add % y -= 2 lines
|
|
|
ea9550 |
+ 2 copy % Copy X & Y
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ (Billing Info: ) RIGHT
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ ({?job-billing}) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Then the CUPS logo....
|
|
|
ea9550 |
+ gsave
|
|
|
ea9550 |
+ pageWidth 4 mul
|
|
|
ea9550 |
+ pageWidth 6 mul
|
|
|
ea9550 |
+ translate
|
|
|
ea9550 |
+ pageWidth 9 mul CUPSLOGO
|
|
|
ea9550 |
+ grestore
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % And the ESP logo....
|
|
|
ea9550 |
+ gsave
|
|
|
ea9550 |
+ pageWidth 59 mul
|
|
|
ea9550 |
+ pageWidth 6 mul
|
|
|
ea9550 |
+ translate
|
|
|
ea9550 |
+ pageWidth 6 mul ESPLOGO
|
|
|
ea9550 |
+ grestore
|
|
|
ea9550 |
+% Show the page...
|
|
|
ea9550 |
+grestore
|
|
|
ea9550 |
+showpage
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% End of "$Id: mls_template,v 1.1 2005/06/27 18:44:46 colmo Exp $".
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+%%EOF
|
|
|
ea9550 |
diff -up cups-1.6.3/data/te.lspp cups-1.6.3/data/te
|
|
|
dc9527 |
--- cups-1.6.3/data/te.lspp 2015-06-10 11:45:38.159441530 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/data/te 2015-06-10 11:45:38.159441530 +0200
|
|
|
ea9550 |
@@ -0,0 +1,261 @@
|
|
|
ea9550 |
+%!PS-Adobe-3.0
|
|
|
ea9550 |
+%%BoundingBox: 0 0 612 792
|
|
|
ea9550 |
+%%Pages: 1
|
|
|
ea9550 |
+%%LanguageLevel: 1
|
|
|
ea9550 |
+%%DocumentData: Clean7Bit
|
|
|
ea9550 |
+%%DocumentSuppliedResources: procset bannerprint/1.0
|
|
|
ea9550 |
+%%DocumentNeededResources: font Helvetica Helvetica-Bold Times-Roman
|
|
|
ea9550 |
+%%Creator: Michael Sweet, Easy Software Products
|
|
|
ea9550 |
+%%CreationDate: May 10, 2000
|
|
|
ea9550 |
+%%Title: Test Page
|
|
|
ea9550 |
+%%EndComments
|
|
|
ea9550 |
+%%BeginProlog
|
|
|
ea9550 |
+%%BeginResource procset bannerprint 1.1 0
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% PostScript banner page for the Common UNIX Printing System ("CUPS").
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% Copyright 1993-2005 by Easy Software Products
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% These coded instructions, statements, and computer programs are the
|
|
|
ea9550 |
+% property of Easy Software Products and are protected by Federal
|
|
|
ea9550 |
+% copyright law. Distribution and use rights are outlined in the file
|
|
|
ea9550 |
+% "LICENSE.txt" which should have been included with this file. If this
|
|
|
ea9550 |
+% file is missing or damaged please contact Easy Software Products
|
|
|
ea9550 |
+% at:
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% Attn: CUPS Licensing Information
|
|
|
ea9550 |
+% Easy Software Products
|
|
|
ea9550 |
+% 44141 Airport View Drive, Suite 204
|
|
|
ea9550 |
+% Hollywood, Maryland 20636 USA
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% Voice: (301) 373-9600
|
|
|
ea9550 |
+% EMail: cups-info@cups.org
|
|
|
ea9550 |
+% WWW: http://www.cups.org
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+/CENTER { % Draw centered text
|
|
|
ea9550 |
+ % (name) CENTER -
|
|
|
ea9550 |
+ dup stringwidth pop % Get the width of the string
|
|
|
ea9550 |
+ 0.5 mul neg 0 rmoveto % Shift left 1/2 of the distance
|
|
|
ea9550 |
+ show % Show the string
|
|
|
ea9550 |
+} bind def
|
|
|
ea9550 |
+/RIGHT { % Draw right-justified text
|
|
|
ea9550 |
+ % (name) RIGHT -
|
|
|
ea9550 |
+ dup stringwidth pop % Get the width of the string
|
|
|
ea9550 |
+ neg 0 rmoveto % Shift left the entire distance
|
|
|
ea9550 |
+ show % Show the string
|
|
|
ea9550 |
+} bind def
|
|
|
ea9550 |
+/NUMBER { % Draw a number
|
|
|
ea9550 |
+ % power n NUMBER -
|
|
|
ea9550 |
+ 1 index 1 eq { % power == 1?
|
|
|
ea9550 |
+ round cvi exch pop % Convert "n" to integer
|
|
|
ea9550 |
+ } {
|
|
|
ea9550 |
+ 1 index mul round exch div % Truncate extra decimal places
|
|
|
ea9550 |
+ } ifelse
|
|
|
ea9550 |
+ 100 string cvs show % Convert to a string and show it...
|
|
|
ea9550 |
+} bind def
|
|
|
ea9550 |
+/CUPSLOGO { % Draw the CUPS logo
|
|
|
ea9550 |
+ % height CUPSLOGO
|
|
|
ea9550 |
+ % Start with a big C...
|
|
|
ea9550 |
+ /Helvetica findfont 1 index scalefont setfont
|
|
|
ea9550 |
+ 0 setgray
|
|
|
ea9550 |
+ 0 0 moveto
|
|
|
ea9550 |
+ (C) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Then "UNIX Printing System" much smaller...
|
|
|
ea9550 |
+ /Helvetica-Bold findfont 1 index 9 div scalefont setfont
|
|
|
ea9550 |
+ 0.25 mul
|
|
|
ea9550 |
+ dup dup 2.0 mul moveto
|
|
|
ea9550 |
+ (UNIX) show
|
|
|
ea9550 |
+ dup dup 1.6 mul moveto
|
|
|
ea9550 |
+ (Printing) show
|
|
|
ea9550 |
+ dup 1.2 mul moveto
|
|
|
ea9550 |
+ (System) show
|
|
|
ea9550 |
+} bind def
|
|
|
ea9550 |
+/ESPLOGO { % Draw the ESP logo
|
|
|
ea9550 |
+ % height ESPLOGO
|
|
|
ea9550 |
+ % Compute the size of the logo...
|
|
|
ea9550 |
+ 0 0
|
|
|
ea9550 |
+ 2 index 1.5 mul 3 index
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Do the "metallic" fill from 10% black to 40% black...
|
|
|
ea9550 |
+ 1 -0.001 0 {
|
|
|
ea9550 |
+ dup % loopval
|
|
|
ea9550 |
+ -0.15 mul % loopval * -0.15
|
|
|
ea9550 |
+ 0.9 add % 0.9 - loopval * 0.15
|
|
|
ea9550 |
+ setgray % set gray shade
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 0 % x
|
|
|
ea9550 |
+ 1 index neg % loopval
|
|
|
ea9550 |
+ 1 add % 1 - loopval
|
|
|
ea9550 |
+ 3 index % height
|
|
|
ea9550 |
+ mul % height * (1 - loopval)
|
|
|
ea9550 |
+ moveto % starting point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ dup % loopval
|
|
|
ea9550 |
+ 3 index % width
|
|
|
ea9550 |
+ mul % loopval * width
|
|
|
ea9550 |
+ 2 index % height
|
|
|
ea9550 |
+ lineto % Next point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 0 % x
|
|
|
ea9550 |
+ 2 index % height
|
|
|
ea9550 |
+ lineto % Next point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ closepath
|
|
|
ea9550 |
+ fill
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ dup % loopval
|
|
|
ea9550 |
+ 0.15 mul % loopval * 0.15
|
|
|
ea9550 |
+ 0.6 add % 0.6 + loopval * 0.15
|
|
|
ea9550 |
+ setgray
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ dup % loopval
|
|
|
ea9550 |
+ neg 1 add % 1 - loopval
|
|
|
ea9550 |
+ 3 index % width
|
|
|
ea9550 |
+ mul % (1 - loopval) * width
|
|
|
ea9550 |
+ 0 % y
|
|
|
ea9550 |
+ moveto % Starting point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 2 index % width
|
|
|
ea9550 |
+ exch % loopval
|
|
|
ea9550 |
+ 2 index % height
|
|
|
ea9550 |
+ mul % loopval * height
|
|
|
ea9550 |
+ lineto % Next point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 1 index % width
|
|
|
ea9550 |
+ 0 % y
|
|
|
ea9550 |
+ lineto % Next point
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ closepath
|
|
|
ea9550 |
+ fill
|
|
|
ea9550 |
+ } for
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 0 setgray rectstroke
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /Helvetica-BoldOblique findfont 1 index 3 div scalefont setfont
|
|
|
ea9550 |
+ dup 40 div
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ dup 4 mul 1 index 25 mul moveto (E) show
|
|
|
ea9550 |
+ dup 10 mul 1 index 15 mul moveto (S) show
|
|
|
ea9550 |
+ dup 16 mul 1 index 5 mul moveto (P) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /Helvetica-BoldOblique findfont 2 index 5 div scalefont setfont
|
|
|
ea9550 |
+ dup 14 mul 1 index 29 mul moveto (asy) show
|
|
|
ea9550 |
+ dup 20 mul 1 index 19 mul moveto (oftware) show
|
|
|
ea9550 |
+ dup 26 mul 1 index 9 mul moveto (roducts) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pop
|
|
|
ea9550 |
+} bind def
|
|
|
ea9550 |
+%%EndResource
|
|
|
ea9550 |
+%%EndProlog
|
|
|
ea9550 |
+%%Page: 1 1
|
|
|
ea9550 |
+gsave
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Determine the imageable area and device resolution...
|
|
|
ea9550 |
+ initclip newpath clippath pathbbox % Get bounding rectangle
|
|
|
ea9550 |
+ 72 div /pageTop exch def % Get top margin in inches
|
|
|
ea9550 |
+ 72 div /pageRight exch def % Get right margin in inches
|
|
|
ea9550 |
+ 72 div /pageBottom exch def % Get bottom margin in inches
|
|
|
ea9550 |
+ 72 div /pageLeft exch def % Get left margin in inches
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /pageWidth pageRight pageLeft sub def % pageWidth = pageRight - pageLeft
|
|
|
ea9550 |
+ /pageHeight pageTop pageBottom sub def% pageHeight = pageTop - pageBottom
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /boxWidth % width of text box
|
|
|
ea9550 |
+ pageWidth pageHeight lt
|
|
|
ea9550 |
+ { pageWidth 54 mul }
|
|
|
ea9550 |
+ { pageHeight 42 mul }
|
|
|
ea9550 |
+ ifelse def
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ newpath % Clear bounding path
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Create fonts...
|
|
|
ea9550 |
+ /bigFont /Helvetica-Bold findfont % bigFont = Helvetica-Bold
|
|
|
ea9550 |
+ pageHeight 3 mul scalefont def % size = pageHeight * 3 (nominally 33)
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /mediumFont /Helvetica findfont % mediumFont = Helvetica
|
|
|
ea9550 |
+ pageHeight 1.5 mul scalefont def % size = pageHeight * 1.5 (nominally 16.5)
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Offset page to account for lower-left margin...
|
|
|
ea9550 |
+ pageLeft 72 mul
|
|
|
ea9550 |
+ pageBottom 72 mul
|
|
|
ea9550 |
+ translate
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Job information box...
|
|
|
ea9550 |
+ pageWidth 36 mul 9 add % x = pageWidth * 1/2 * 72 + 9
|
|
|
ea9550 |
+ boxWidth 0.5 mul sub % x-= 1/2 box width
|
|
|
ea9550 |
+ pageHeight 30 mul 9 sub % y = pageHeight * 1/2 * 72 - 9
|
|
|
ea9550 |
+ boxWidth % w = box width
|
|
|
ea9550 |
+ pageHeight 14 mul % h = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+ 0.5 setgray rectfill % Draw a shadow
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
|
|
|
ea9550 |
+ boxWidth 0.5 mul sub % x-= 1/2 box width
|
|
|
ea9550 |
+ pageHeight 30 mul % y = pageHeight * 1/4 * 72
|
|
|
ea9550 |
+ boxWidth % w = box width
|
|
|
ea9550 |
+ pageHeight 14 mul % h = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ 4 copy 1 setgray rectfill % Clear the box to white
|
|
|
ea9550 |
+ 0 setgray rectstroke % Draw a black box around it...
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Job information text...
|
|
|
ea9550 |
+ mediumFont setfont % Medium sized font
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 36 mul % y = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 5 mul add % y += 2 lines
|
|
|
ea9550 |
+ 2 copy % Copy X & Y
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ (Job ID: ) RIGHT
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ ({printer-name}-{job-id}) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 36 mul % y = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 2 mul add % y += 1 line
|
|
|
ea9550 |
+ 2 copy % Copy X & Y
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ (Title: ) RIGHT
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ ({job-name}) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 36 mul % y = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight -1 mul add % y -= 1 line
|
|
|
ea9550 |
+ 2 copy % Copy X & Y
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ (Requesting User: ) RIGHT
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ ({job-originating-user-name}) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ pageWidth 36 mul % x = pageWidth * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight 36 mul % y = pageHeight * 1/2 * 72
|
|
|
ea9550 |
+ pageHeight -4 mul add % y -= 2 lines
|
|
|
ea9550 |
+ 2 copy % Copy X & Y
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ (Billing Info: ) RIGHT
|
|
|
ea9550 |
+ moveto
|
|
|
ea9550 |
+ ({?job-billing}) show
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % Then the CUPS logo....
|
|
|
ea9550 |
+ gsave
|
|
|
ea9550 |
+ pageWidth 4 mul
|
|
|
ea9550 |
+ pageWidth 6 mul
|
|
|
ea9550 |
+ translate
|
|
|
ea9550 |
+ pageWidth 9 mul CUPSLOGO
|
|
|
ea9550 |
+ grestore
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ % And the ESP logo....
|
|
|
ea9550 |
+ gsave
|
|
|
ea9550 |
+ pageWidth 59 mul
|
|
|
ea9550 |
+ pageWidth 6 mul
|
|
|
ea9550 |
+ translate
|
|
|
ea9550 |
+ pageWidth 6 mul ESPLOGO
|
|
|
ea9550 |
+ grestore
|
|
|
ea9550 |
+% Show the page...
|
|
|
ea9550 |
+grestore
|
|
|
ea9550 |
+showpage
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+% End of "$Id: mls_template,v 1.1 2005/06/27 18:44:46 colmo Exp $".
|
|
|
ea9550 |
+%
|
|
|
ea9550 |
+%%EOF
|
|
|
ea9550 |
diff -up cups-1.6.3/filter/common.c.lspp cups-1.6.3/filter/common.c
|
|
|
dc9527 |
--- cups-1.6.3/filter/common.c.lspp 2013-06-07 03:12:52.000000000 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/filter/common.c 2015-06-10 11:45:38.159441530 +0200
|
|
|
ea9550 |
@@ -30,6 +30,12 @@
|
|
|
ea9550 |
* Include necessary headers...
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
|
|
|
ea9550 |
+#include "config.h"
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+#define _GNU_SOURCE
|
|
|
ea9550 |
+#include <string.h>
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
#include "common.h"
|
|
|
ea9550 |
#include <locale.h>
|
|
|
ea9550 |
|
|
|
ea9550 |
@@ -312,6 +318,18 @@ WriteLabelProlog(const char *label, /* I
|
|
|
ea9550 |
{
|
|
|
ea9550 |
const char *classification; /* CLASSIFICATION environment variable */
|
|
|
ea9550 |
const char *ptr; /* Temporary string pointer */
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ int i, /* counter */
|
|
|
ea9550 |
+ n, /* counter */
|
|
|
ea9550 |
+ lines, /* number of lines needed */
|
|
|
ea9550 |
+ line_len, /* index into tmp_label */
|
|
|
ea9550 |
+ label_len, /* length of the label in characters */
|
|
|
ea9550 |
+ label_index, /* index into the label */
|
|
|
ea9550 |
+ longest, /* length of the longest line */
|
|
|
ea9550 |
+ longest_line, /* index to the longest line */
|
|
|
ea9550 |
+ max_width; /* maximum width in characters */
|
|
|
ea9550 |
+ char **wrapped_label; /* label with line breaks */
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
@@ -334,6 +352,124 @@ WriteLabelProlog(const char *label, /* I
|
|
|
ea9550 |
return;
|
|
|
ea9550 |
}
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Based on the 12pt fixed width font below determine the max_width
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ max_width = width / 8;
|
|
|
ea9550 |
+ longest_line = 0;
|
|
|
ea9550 |
+ longest = 0;
|
|
|
ea9550 |
+ classification += 5; // Skip the "LSPP:"
|
|
|
ea9550 |
+ label_len = strlen(classification);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (label_len > max_width)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ lines = 1 + (int)(label_len / max_width);
|
|
|
ea9550 |
+ line_len = (int)(label_len / lines);
|
|
|
ea9550 |
+ wrapped_label = malloc(sizeof(*wrapped_label) * lines);
|
|
|
ea9550 |
+ label_index = i = n = 0;
|
|
|
ea9550 |
+ while (classification[label_index])
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if ((label_index + line_len) > label_len)
|
|
|
ea9550 |
+ break;
|
|
|
ea9550 |
+ switch (classification[label_index + line_len + i])
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ case ':':
|
|
|
ea9550 |
+ case ',':
|
|
|
ea9550 |
+ case '-':
|
|
|
ea9550 |
+ i++;
|
|
|
ea9550 |
+ wrapped_label[n++] = strndup(&classification[label_index], (line_len + i));
|
|
|
ea9550 |
+ label_index += line_len + i;
|
|
|
ea9550 |
+ i = 0;
|
|
|
ea9550 |
+ break;
|
|
|
ea9550 |
+ default:
|
|
|
ea9550 |
+ i++;
|
|
|
ea9550 |
+ break;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ if ((i + line_len) == max_width)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i));
|
|
|
ea9550 |
+ label_index = label_index + line_len + i;
|
|
|
ea9550 |
+ i = 0;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ wrapped_label[n] = strndup(&classification[label_index], label_len - label_index);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ lines = 1;
|
|
|
ea9550 |
+ wrapped_label = malloc(sizeof(*wrapped_label));
|
|
|
ea9550 |
+ wrapped_label[0] = (char*)classification;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ for (n = 0; n < lines; n++ )
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ printf("userdict/ESPp%c(", ('a' + n));
|
|
|
ea9550 |
+ for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)
|
|
|
ea9550 |
+ if (*ptr < 32 || *ptr > 126)
|
|
|
ea9550 |
+ printf("\\%03o", *ptr);
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (*ptr == '(' || *ptr == ')' || *ptr == '\\')
|
|
|
ea9550 |
+ putchar('\\');
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ printf("%c", *ptr);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ if (i > longest)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ longest = i;
|
|
|
ea9550 |
+ longest_line = n;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ printf(")put\n");
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * For LSPP use a fixed width font so that line wrapping can be calculated
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put");
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Finally, the procedure to write the labels on the page...
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ printf("userdict/ESPwl{\n"
|
|
|
ea9550 |
+ " ESPlf setfont\n");
|
|
|
ea9550 |
+ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ",
|
|
|
ea9550 |
+ 'a' + longest_line, width * 0.5f);
|
|
|
ea9550 |
+ for (n = 1; n < lines; n++)
|
|
|
ea9550 |
+ printf(" dup");
|
|
|
ea9550 |
+ printf("\n 1 setgray\n");
|
|
|
ea9550 |
+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n",
|
|
|
ea9550 |
+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
|
|
|
ea9550 |
+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n",
|
|
|
ea9550 |
+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
|
|
|
ea9550 |
+ printf(" 0 setgray\n");
|
|
|
ea9550 |
+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n",
|
|
|
ea9550 |
+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
|
|
|
ea9550 |
+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n",
|
|
|
ea9550 |
+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
|
|
|
ea9550 |
+ for (n = 0; n < lines; n ++)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ printf(" dup %.0f moveto ESPp%c show\n",
|
|
|
ea9550 |
+ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n);
|
|
|
ea9550 |
+ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ printf(" pop\n"
|
|
|
ea9550 |
+ "}bind put\n");
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Do some clean up at the end of the LSPP special case
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ free(wrapped_label);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+#endif /* !WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Set the classification + page label string...
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
@@ -414,7 +550,10 @@ WriteLabelProlog(const char *label, /* I
|
|
|
ea9550 |
printf(" %.0f moveto ESPpl show\n", top - 14.0);
|
|
|
ea9550 |
puts("pop");
|
|
|
ea9550 |
puts("}bind put");
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
}
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
diff -up cups-1.6.3/filter/pstops.c.lspp cups-1.6.3/filter/pstops.c
|
|
|
dc9527 |
--- cups-1.6.3/filter/pstops.c.lspp 2013-06-07 03:12:52.000000000 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/filter/pstops.c 2015-06-10 11:45:38.159441530 +0200
|
|
|
ea9550 |
@@ -3202,6 +3202,18 @@ write_label_prolog(pstops_doc_t *doc, /*
|
|
|
ea9550 |
{
|
|
|
ea9550 |
const char *classification; /* CLASSIFICATION environment variable */
|
|
|
ea9550 |
const char *ptr; /* Temporary string pointer */
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ int i, /* counter */
|
|
|
ea9550 |
+ n, /* counter */
|
|
|
ea9550 |
+ lines, /* number of lines needed */
|
|
|
ea9550 |
+ line_len, /* index into tmp_label */
|
|
|
ea9550 |
+ label_len, /* length of the label in characters */
|
|
|
ea9550 |
+ label_index, /* index into the label */
|
|
|
ea9550 |
+ longest, /* length of the longest line */
|
|
|
ea9550 |
+ longest_line, /* index to the longest line */
|
|
|
ea9550 |
+ max_width; /* maximum width in characters */
|
|
|
ea9550 |
+ char **wrapped_label; /* label with line breaks */
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
@@ -3224,6 +3236,124 @@ write_label_prolog(pstops_doc_t *doc, /*
|
|
|
ea9550 |
return;
|
|
|
ea9550 |
}
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Based on the 12pt fixed width font below determine the max_width
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ max_width = width / 8;
|
|
|
ea9550 |
+ longest_line = 0;
|
|
|
ea9550 |
+ longest = 0;
|
|
|
ea9550 |
+ classification += 5; // Skip the "LSPP:"
|
|
|
ea9550 |
+ label_len = strlen(classification);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (label_len > max_width)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ lines = 1 + (int)(label_len / max_width);
|
|
|
ea9550 |
+ line_len = (int)(label_len / lines);
|
|
|
ea9550 |
+ wrapped_label = malloc(sizeof(*wrapped_label) * lines);
|
|
|
ea9550 |
+ label_index = i = n = 0;
|
|
|
ea9550 |
+ while (classification[label_index])
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if ((label_index + line_len) > label_len)
|
|
|
ea9550 |
+ break;
|
|
|
ea9550 |
+ switch (classification[label_index + line_len + i])
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ case ':':
|
|
|
ea9550 |
+ case ',':
|
|
|
ea9550 |
+ case '-':
|
|
|
ea9550 |
+ i++;
|
|
|
ea9550 |
+ wrapped_label[n++] = strndup(&classification[label_index], (line_len + i));
|
|
|
ea9550 |
+ label_index += line_len + i;
|
|
|
ea9550 |
+ i = 0;
|
|
|
ea9550 |
+ break;
|
|
|
ea9550 |
+ default:
|
|
|
ea9550 |
+ i++;
|
|
|
ea9550 |
+ break;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ if ((i + line_len) == max_width)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i));
|
|
|
ea9550 |
+ label_index = label_index + line_len + i;
|
|
|
ea9550 |
+ i = 0;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ wrapped_label[n] = strndup(&classification[label_index], label_len - label_index);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ lines = 1;
|
|
|
ea9550 |
+ wrapped_label = malloc(sizeof(*wrapped_label));
|
|
|
ea9550 |
+ wrapped_label[0] = (char*)classification;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ for (n = 0; n < lines; n++ )
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ printf("userdict/ESPp%c(", ('a' + n));
|
|
|
ea9550 |
+ for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)
|
|
|
ea9550 |
+ if (*ptr < 32 || *ptr > 126)
|
|
|
ea9550 |
+ printf("\\%03o", *ptr);
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (*ptr == '(' || *ptr == ')' || *ptr == '\\')
|
|
|
ea9550 |
+ putchar('\\');
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ printf("%c", *ptr);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ if (i > longest)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ longest = i;
|
|
|
ea9550 |
+ longest_line = n;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ printf(")put\n");
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * For LSPP use a fixed width font so that line wrapping can be calculated
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put");
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Finally, the procedure to write the labels on the page...
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ printf("userdict/ESPwl{\n"
|
|
|
ea9550 |
+ " ESPlf setfont\n");
|
|
|
ea9550 |
+ printf(" ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ",
|
|
|
ea9550 |
+ 'a' + longest_line, width * 0.5f);
|
|
|
ea9550 |
+ for (n = 1; n < lines; n++)
|
|
|
ea9550 |
+ printf(" dup");
|
|
|
ea9550 |
+ printf("\n 1 setgray\n");
|
|
|
ea9550 |
+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n",
|
|
|
ea9550 |
+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
|
|
|
ea9550 |
+ printf(" dup 6 sub %.0f %d index %.0f ESPrf\n",
|
|
|
ea9550 |
+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
|
|
|
ea9550 |
+ printf(" 0 setgray\n");
|
|
|
ea9550 |
+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n",
|
|
|
ea9550 |
+ (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
|
|
|
ea9550 |
+ printf(" dup 6 sub %.0f %d index %.0f ESPrs\n",
|
|
|
ea9550 |
+ (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
|
|
|
ea9550 |
+ for (n = 0; n < lines; n ++)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ printf(" dup %.0f moveto ESPp%c show\n",
|
|
|
ea9550 |
+ bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n);
|
|
|
ea9550 |
+ printf(" %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ printf(" pop\n"
|
|
|
ea9550 |
+ "}bind put\n");
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Do some clean up at the end of the LSPP special case
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ free(wrapped_label);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+#endif /* !WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Set the classification + page label string...
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
@@ -3302,7 +3432,10 @@ write_label_prolog(pstops_doc_t *doc, /*
|
|
|
ea9550 |
doc_printf(doc, " %.0f moveto ESPpl show\n", top - 14.0);
|
|
|
ea9550 |
doc_puts(doc, "pop\n");
|
|
|
ea9550 |
doc_puts(doc, "}bind put\n");
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
}
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
dc9527 |
diff -up cups-1.6.3/Makedefs.in.lspp cups-1.6.3/Makedefs.in
|
|
|
dc9527 |
--- cups-1.6.3/Makedefs.in.lspp 2015-06-10 11:45:38.075441759 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/Makedefs.in 2015-06-10 11:45:38.157441536 +0200
|
|
|
dc9527 |
@@ -146,7 +146,7 @@ LDFLAGS = -L../cgi-bin -L../cups -L../f
|
|
|
dc9527 |
@LDFLAGS@ @RELROFLAGS@ @PIEFLAGS@ $(OPTIM)
|
|
|
dc9527 |
LINKCUPS = @LINKCUPS@ $(LIBGSSAPI) $(SSLLIBS) $(DNSSDLIBS) $(LIBZ)
|
|
|
dc9527 |
LINKCUPSIMAGE = @LINKCUPSIMAGE@
|
|
|
dc9527 |
-LIBS = $(LINKCUPS) $(COMMONLIBS)
|
|
|
dc9527 |
+LIBS = $(LINKCUPS) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@
|
|
|
dc9527 |
OPTIM = @OPTIM@
|
|
|
dc9527 |
OPTIONS =
|
|
|
dc9527 |
PAMLIBS = @PAMLIBS@
|
|
|
ea9550 |
diff -up cups-1.6.3/scheduler/client.c.lspp cups-1.6.3/scheduler/client.c
|
|
|
dc9527 |
--- cups-1.6.3/scheduler/client.c.lspp 2015-06-10 11:45:38.140441582 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/scheduler/client.c 2015-06-10 11:45:38.160441528 +0200
|
|
|
ea9550 |
@@ -41,6 +41,7 @@
|
|
|
ea9550 |
* valid_host() - Is the Host: field valid?
|
|
|
ea9550 |
* write_file() - Send a file via HTTP.
|
|
|
ea9550 |
* write_pipe() - Flag that data is available on the CGI pipe.
|
|
|
ea9550 |
+ * client_pid_to_auid() - Get the audit login uid of the client.
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
@@ -49,10 +50,16 @@
|
|
|
ea9550 |
|
|
|
ea9550 |
#include "cupsd.h"
|
|
|
ea9550 |
|
|
|
ea9550 |
+#define _GNU_SOURCE
|
|
|
ea9550 |
#ifdef HAVE_TCPD_H
|
|
|
ea9550 |
# include <tcpd.h>
|
|
|
ea9550 |
#endif /* HAVE_TCPD_H */
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+#include <selinux/selinux.h>
|
|
|
ea9550 |
+#include <selinux/context.h>
|
|
|
ea9550 |
+#include <fcntl.h>
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Local globals...
|
|
|
ea9550 |
@@ -371,6 +378,57 @@ cupsdAcceptClient(cupsd_listener_t *lis)
|
|
|
ea9550 |
}
|
|
|
ea9550 |
#endif /* HAVE_TCPD_H */
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (is_lspp_config())
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ struct ucred cr;
|
|
|
ea9550 |
+ unsigned int cl=sizeof(cr);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) == 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * client_pid_to_auid() can be racey
|
|
|
ea9550 |
+ * In this case the pid is based on a socket connected to the client
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ if ((con->auid = client_pid_to_auid(cr.pid)) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ close(con->http.fd);
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: "
|
|
|
ea9550 |
+ "unable to determine client auid for client pid=%d", cr.pid);
|
|
|
ea9550 |
+ free(con);
|
|
|
ea9550 |
+ return;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: peer's pid=%d, uid=%d, gid=%d, auid=%d",
|
|
|
ea9550 |
+ cr.pid, cr.uid, cr.gid, con->auid);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ close(con->http.fd);
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getsockopt() failed");
|
|
|
ea9550 |
+ free(con);
|
|
|
ea9550 |
+ return;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * get the context of the peer connection
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ if (getpeercon(con->http.fd, &con->scon))
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ close(con->http.fd);
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getpeercon() failed");
|
|
|
ea9550 |
+ free(con);
|
|
|
ea9550 |
+ return;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: client context=%s", con->scon);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAcceptClient: skipping getpeercon()");
|
|
|
ea9550 |
+ cupsdSetString(&con->scon, UNKNOWN_SL);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
#ifdef AF_LOCAL
|
|
|
ea9550 |
if (con->http.hostaddr->addr.sa_family == AF_LOCAL)
|
|
|
ea9550 |
cupsdLogMessage(CUPSD_LOG_DEBUG, "[Client %d] Accepted from %s (Domain)",
|
|
|
ea9550 |
@@ -678,6 +736,13 @@ cupsdReadClient(cupsd_client_t *con) /*
|
|
|
ea9550 |
mime_type_t *type; /* MIME type of file */
|
|
|
ea9550 |
cupsd_printer_t *p; /* Printer */
|
|
|
ea9550 |
static unsigned request_id = 0; /* Request ID for temp files */
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ security_context_t spoolcon; /* context of the job file */
|
|
|
ea9550 |
+ context_t clicon; /* contex_t container for con->scon */
|
|
|
ea9550 |
+ context_t tmpcon; /* temp context to swap the level */
|
|
|
ea9550 |
+ char *clirange; /* SELinux sensitivity range */
|
|
|
ea9550 |
+ char *cliclearance; /* SELinux low end clearance */
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
|
|
|
ea9550 |
status = HTTP_CONTINUE;
|
|
|
dc9527 |
@@ -2137,6 +2202,67 @@ cupsdReadClient(cupsd_client_t *con) /*
|
|
|
ea9550 |
fchmod(con->file, 0640);
|
|
|
ea9550 |
fchown(con->file, RunUser, Group);
|
|
|
ea9550 |
fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (getfilecon(con->filename, &spoolcon) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);
|
|
|
ea9550 |
+ return (cupsdCloseClient(con));
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ clicon = context_new(con->scon);
|
|
|
ea9550 |
+ tmpcon = context_new(spoolcon);
|
|
|
ea9550 |
+ freecon(spoolcon);
|
|
|
ea9550 |
+ if (!clicon || !tmpcon)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);
|
|
|
ea9550 |
+ if (clicon)
|
|
|
ea9550 |
+ context_free(clicon);
|
|
|
ea9550 |
+ if (tmpcon)
|
|
|
ea9550 |
+ context_free(tmpcon);
|
|
|
ea9550 |
+ return (cupsdCloseClient(con));
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ clirange = context_range_get(clicon);
|
|
|
ea9550 |
+ if (clirange)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ clirange = strdup(clirange);
|
|
|
ea9550 |
+ if ((cliclearance = strtok(clirange, "-")) != NULL)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (context_range_set(tmpcon, cliclearance) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);
|
|
|
ea9550 |
+ free(clirange);
|
|
|
ea9550 |
+ context_free(tmpcon);
|
|
|
ea9550 |
+ context_free(clicon);
|
|
|
ea9550 |
+ return (cupsdCloseClient(con));
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (context_range_set(tmpcon, (context_range_get(clicon))) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);
|
|
|
ea9550 |
+ free(clirange);
|
|
|
ea9550 |
+ context_free(tmpcon);
|
|
|
ea9550 |
+ context_free(clicon);
|
|
|
ea9550 |
+ return (cupsdCloseClient(con));
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ free(clirange);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ if (setfilecon(con->filename, context_str(tmpcon)) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);
|
|
|
ea9550 |
+ context_free(tmpcon);
|
|
|
ea9550 |
+ context_free(clicon);
|
|
|
ea9550 |
+ return (cupsdCloseClient(con));
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadClient: %s set to %s",
|
|
|
ea9550 |
+ con->filename, context_str(tmpcon));
|
|
|
ea9550 |
+ context_free(tmpcon);
|
|
|
ea9550 |
+ context_free(clicon);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
}
|
|
|
ea9550 |
|
|
|
ea9550 |
if (con->http.state != HTTP_POST_SEND)
|
|
|
dc9527 |
@@ -3647,6 +3773,49 @@ is_path_absolute(const char *path) /* I
|
|
|
ea9550 |
return (1);
|
|
|
ea9550 |
}
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+/*
|
|
|
ea9550 |
+ * 'client_pid_to_auid()' - Using the client's pid, read /proc and determine the loginuid.
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+uid_t client_pid_to_auid(pid_t clipid)
|
|
|
ea9550 |
+{
|
|
|
ea9550 |
+ uid_t uid;
|
|
|
ea9550 |
+ int len, in;
|
|
|
ea9550 |
+ char buf[16] = {0};
|
|
|
ea9550 |
+ char fname[32] = {0};
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Hopefully this pid is still the one we are interested in.
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ snprintf(fname, 32, "/proc/%d/loginuid", clipid);
|
|
|
ea9550 |
+ in = open(fname, O_NOFOLLOW|O_RDONLY);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (in < 0)
|
|
|
ea9550 |
+ return -1;
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ errno = 0;
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ do {
|
|
|
ea9550 |
+ len = read(in, buf, sizeof(buf));
|
|
|
ea9550 |
+ } while (len < 0 && errno == EINTR);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ close(in);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (len < 0 || len >= sizeof(buf))
|
|
|
ea9550 |
+ return -1;
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ errno = 0;
|
|
|
ea9550 |
+ buf[len] = 0;
|
|
|
ea9550 |
+ uid = strtol(buf, 0, 10);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (errno != 0)
|
|
|
ea9550 |
+ return -1;
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ return uid;
|
|
|
ea9550 |
+}
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* 'pipe_command()' - Pipe the output of a command to the remote client.
|
|
|
ea9550 |
diff -up cups-1.6.3/scheduler/client.h.lspp cups-1.6.3/scheduler/client.h
|
|
|
dc9527 |
--- cups-1.6.3/scheduler/client.h.lspp 2015-06-10 11:45:38.076441756 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/scheduler/client.h 2015-06-10 11:45:38.160441528 +0200
|
|
|
ea9550 |
@@ -18,6 +18,13 @@
|
|
|
ea9550 |
#endif /* HAVE_AUTHORIZATION_H */
|
|
|
ea9550 |
|
|
|
ea9550 |
|
|
|
ea9550 |
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
|
|
|
ea9550 |
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+#include <selinux/selinux.h>
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* HTTP client structure...
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
@@ -63,6 +70,10 @@ struct cupsd_client_s
|
|
|
ea9550 |
#ifdef HAVE_AUTHORIZATION_H
|
|
|
ea9550 |
AuthorizationRef authref; /* Authorization ref */
|
|
|
ea9550 |
#endif /* HAVE_AUTHORIZATION_H */
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ security_context_t scon; /* Security context of connection */
|
|
|
ea9550 |
+ uid_t auid; /* Audit loginuid of the client */
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
};
|
|
|
ea9550 |
|
|
|
ea9550 |
#define HTTP(con) &((con)->http)
|
|
|
ea9550 |
@@ -135,6 +146,9 @@ extern void cupsdStartListening(void);
|
|
|
ea9550 |
extern void cupsdStopListening(void);
|
|
|
ea9550 |
extern void cupsdUpdateCGI(void);
|
|
|
ea9550 |
extern void cupsdWriteClient(cupsd_client_t *con);
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+extern uid_t client_pid_to_auid(pid_t clipid);
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
#ifdef HAVE_SSL
|
|
|
ea9550 |
extern int cupsdEndTLS(cupsd_client_t *con);
|
|
|
ea9550 |
diff -up cups-1.6.3/scheduler/conf.c.lspp cups-1.6.3/scheduler/conf.c
|
|
|
dc9527 |
--- cups-1.6.3/scheduler/conf.c.lspp 2015-06-10 11:45:38.140441582 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/scheduler/conf.c 2015-06-10 11:45:38.161441525 +0200
|
|
|
ea9550 |
@@ -34,6 +34,7 @@
|
|
|
ea9550 |
* read_location() - Read a <Location path> definition.
|
|
|
ea9550 |
* read_policy() - Read a <Policy name> definition.
|
|
|
ea9550 |
* set_policy_defaults() - Set default policy values as needed.
|
|
|
ea9550 |
+ * is_lspp_config() - Is the system configured for LSPP
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
@@ -59,6 +60,9 @@
|
|
|
ea9550 |
# define INADDR_NONE 0xffffffff
|
|
|
ea9550 |
#endif /* !INADDR_NONE */
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+# include <libaudit.h>
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Configuration variable structure...
|
|
|
ea9550 |
@@ -146,6 +150,10 @@ static const cupsd_var_t cupsd_vars[] =
|
|
|
ea9550 |
{ "ServerName", &ServerName, CUPSD_VARTYPE_STRING },
|
|
|
ea9550 |
{ "StrictConformance", &StrictConformance, CUPSD_VARTYPE_BOOLEAN },
|
|
|
ea9550 |
{ "Timeout", &Timeout, CUPSD_VARTYPE_TIME },
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ { "AuditLog", &AuditLog, CUPSD_VARTYPE_INTEGER },
|
|
|
ea9550 |
+ { "PerPageLabels", &PerPageLabels, CUPSD_VARTYPE_BOOLEAN },
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
{ "WebInterface", &WebInterface, CUPSD_VARTYPE_BOOLEAN }
|
|
|
ea9550 |
};
|
|
|
ea9550 |
static const cupsd_var_t cupsfiles_vars[] =
|
|
|
ea9550 |
@@ -546,6 +554,9 @@ cupsdReadConfiguration(void)
|
|
|
ea9550 |
const char *tmpdir; /* TMPDIR environment variable */
|
|
|
ea9550 |
struct stat tmpinfo; /* Temporary directory info */
|
|
|
ea9550 |
cupsd_policy_t *p; /* Policy */
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ char *audit_message; /* Audit message string */
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
@@ -853,6 +864,25 @@ cupsdReadConfiguration(void)
|
|
|
ea9550 |
|
|
|
ea9550 |
RunUser = getuid();
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (AuditLog != -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * ClassifyOverride is set during read_configuration, if its ON, report it now
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ if (ClassifyOverride)
|
|
|
ea9550 |
+ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG,
|
|
|
ea9550 |
+ "[Config] ClassifyOverride=enabled Users can override print banners",
|
|
|
ea9550 |
+ ServerName, NULL, NULL, 1);
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * PerPageLabel is set during read_configuration, if its OFF, report it now
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ if (!PerPageLabels)
|
|
|
ea9550 |
+ audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG,
|
|
|
ea9550 |
+ "[Config] PerPageLabels=disabled", ServerName, NULL, NULL, 1);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
|
|
|
ea9550 |
RemotePort ? "enabled" : "disabled");
|
|
|
ea9550 |
|
|
|
ea9550 |
@@ -1255,7 +1285,19 @@ cupsdReadConfiguration(void)
|
|
|
ea9550 |
cupsdClearString(&Classification);
|
|
|
ea9550 |
|
|
|
ea9550 |
if (Classification)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (AuditLog != -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ audit_message = NULL;
|
|
|
ea9550 |
+ cupsdSetStringf(&audit_message, "[Config] Classification=%s", Classification);
|
|
|
ea9550 |
+ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message,
|
|
|
ea9550 |
+ ServerName, NULL, NULL, 1);
|
|
|
ea9550 |
+ cupsdClearString(&audit_message);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Check the MaxClients setting, and then allocate memory for it...
|
|
|
ea9550 |
@@ -3641,6 +3683,18 @@ read_location(cups_file_t *fp, /* I - C
|
|
|
ea9550 |
return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
|
|
|
ea9550 |
}
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+int is_lspp_config()
|
|
|
ea9550 |
+{
|
|
|
ea9550 |
+ if (Classification != NULL)
|
|
|
ea9550 |
+ return ((_cups_strcasecmp(Classification, MLS_CONFIG) == 0)
|
|
|
ea9550 |
+ || (_cups_strcasecmp(Classification, TE_CONFIG) == 0)
|
|
|
ea9550 |
+ || (_cups_strcasecmp(Classification, SELINUX_CONFIG) == 0));
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ return 0;
|
|
|
ea9550 |
+}
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* 'read_policy()' - Read a <Policy name> definition.
|
|
|
ea9550 |
diff -up cups-1.6.3/scheduler/conf.h.lspp cups-1.6.3/scheduler/conf.h
|
|
|
dc9527 |
--- cups-1.6.3/scheduler/conf.h.lspp 2015-06-10 11:45:38.108441669 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/scheduler/conf.h 2015-06-10 11:45:38.161441525 +0200
|
|
|
ea9550 |
@@ -251,6 +251,13 @@ VAR int SSLOptions VALUE(CUPSD_SSL_NO
|
|
|
ea9550 |
/* SSL/TLS options */
|
|
|
ea9550 |
#endif /* HAVE_SSL */
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+VAR int AuditLog VALUE(-1),
|
|
|
ea9550 |
+ /* File descriptor for audit */
|
|
|
ea9550 |
+ PerPageLabels VALUE(TRUE);
|
|
|
ea9550 |
+ /* Put the label on each page */
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
#ifdef HAVE_LAUNCHD
|
|
|
ea9550 |
VAR int LaunchdTimeout VALUE(10);
|
|
|
ea9550 |
/* Time after which an idle cupsd will exit */
|
|
|
ea9550 |
@@ -269,6 +276,9 @@ int HaveServerCreds VALUE(0);
|
|
|
ea9550 |
gss_cred_id_t ServerCreds; /* Server's GSS credentials */
|
|
|
ea9550 |
#endif /* HAVE_GSSAPI */
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+extern int is_lspp_config(void);
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Prototypes...
|
|
|
ea9550 |
diff -up cups-1.6.3/scheduler/cupsd.h.lspp cups-1.6.3/scheduler/cupsd.h
|
|
|
dc9527 |
--- cups-1.6.3/scheduler/cupsd.h.lspp 2015-06-10 11:45:38.093441710 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/scheduler/cupsd.h 2015-06-10 11:45:38.161441525 +0200
|
|
|
ea9550 |
@@ -13,6 +13,8 @@
|
|
|
ea9550 |
* file is missing or damaged, see the license at "http://www.cups.org/".
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
|
|
|
ea9550 |
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
|
|
|
ea9550 |
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Include necessary headers.
|
|
|
ea9550 |
@@ -37,13 +39,20 @@
|
|
|
ea9550 |
# include <unistd.h>
|
|
|
ea9550 |
#endif /* WIN32 */
|
|
|
ea9550 |
|
|
|
ea9550 |
+#include "config.h"
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+# define MLS_CONFIG "mls"
|
|
|
ea9550 |
+# define TE_CONFIG "te"
|
|
|
ea9550 |
+# define SELINUX_CONFIG "SELinux"
|
|
|
ea9550 |
+# define UNKNOWN_SL "UNKNOWN SL"
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
#include "mime.h"
|
|
|
ea9550 |
|
|
|
ea9550 |
#if defined(HAVE_CDSASSL)
|
|
|
ea9550 |
# include <CoreFoundation/CoreFoundation.h>
|
|
|
ea9550 |
#endif /* HAVE_CDSASSL */
|
|
|
ea9550 |
|
|
|
ea9550 |
-
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Some OS's don't have hstrerror(), most notably Solaris...
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
diff -up cups-1.6.3/scheduler/ipp.c.lspp cups-1.6.3/scheduler/ipp.c
|
|
|
dc9527 |
--- cups-1.6.3/scheduler/ipp.c.lspp 2015-06-10 11:45:38.155441541 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/scheduler/ipp.c 2015-06-10 11:46:28.871303698 +0200
|
|
|
ea9550 |
@@ -35,6 +35,7 @@
|
|
|
ea9550 |
* cancel_all_jobs() - Cancel all or selected print jobs.
|
|
|
ea9550 |
* cancel_job() - Cancel a print job.
|
|
|
ea9550 |
* cancel_subscription() - Cancel a subscription.
|
|
|
ea9550 |
+ * check_context() - Check the SELinux context for a user and job
|
|
|
ea9550 |
* check_rss_recipient() - Check that we do not have a duplicate RSS
|
|
|
ea9550 |
* feed URI.
|
|
|
ea9550 |
* check_quotas() - Check quotas for a printer and user.
|
|
|
ea9550 |
@@ -99,6 +100,9 @@
|
|
|
ea9550 |
* validate_user() - Validate the user for the request.
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
|
|
|
ea9550 |
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
|
|
|
ea9550 |
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Include necessary headers...
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
@@ -122,6 +126,14 @@ extern int mbr_check_membership_by_id(uu
|
|
|
ea9550 |
# endif /* HAVE_MEMBERSHIPPRIV_H */
|
|
|
ea9550 |
#endif /* __APPLE__ */
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+#include <libaudit.h>
|
|
|
ea9550 |
+#include <selinux/selinux.h>
|
|
|
ea9550 |
+#include <selinux/context.h>
|
|
|
ea9550 |
+#include <selinux/avc.h>
|
|
|
ea9550 |
+#include <selinux/flask.h>
|
|
|
ea9550 |
+#include <selinux/av_permissions.h>
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Local functions...
|
|
|
ea9550 |
@@ -146,6 +158,9 @@ static void cancel_all_jobs(cupsd_client
|
|
|
ea9550 |
static void cancel_job(cupsd_client_t *con, ipp_attribute_t *uri);
|
|
|
ea9550 |
static void cancel_subscription(cupsd_client_t *con, int id);
|
|
|
ea9550 |
static int check_rss_recipient(const char *recipient);
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+static int check_context(cupsd_client_t *con, cupsd_job_t *job);
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
static int check_quotas(cupsd_client_t *con, cupsd_printer_t *p);
|
|
|
ea9550 |
static void close_job(cupsd_client_t *con, ipp_attribute_t *uri);
|
|
|
ea9550 |
static void copy_attrs(ipp_t *to, ipp_t *from, cups_array_t *ra,
|
|
|
dc9527 |
@@ -1299,6 +1314,21 @@ add_job(cupsd_client_t *con, /* I - Cl
|
|
|
ea9550 |
"time-at-creation",
|
|
|
ea9550 |
"time-at-processing"
|
|
|
ea9550 |
};
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ char *audit_message; /* Audit message string */
|
|
|
ea9550 |
+ char *printerfile; /* device file pointed to by the printer */
|
|
|
ea9550 |
+ char *userheader = NULL; /* User supplied job-sheets[0] */
|
|
|
ea9550 |
+ char *userfooter = NULL; /* User supplied job-sheets[1] */
|
|
|
ea9550 |
+ int override = 0; /* Was a banner overrode on a job */
|
|
|
ea9550 |
+ security_id_t clisid; /* SELinux SID for the client */
|
|
|
ea9550 |
+ security_id_t psid; /* SELinux SID for the printer */
|
|
|
ea9550 |
+ context_t printercon; /* Printer's context string */
|
|
|
ea9550 |
+ struct stat printerstat; /* Printer's stat buffer */
|
|
|
ea9550 |
+ security_context_t devcon; /* Printer's SELinux context */
|
|
|
ea9550 |
+ struct avc_entry_ref avcref; /* Pointer to the access vector cache */
|
|
|
ea9550 |
+ security_class_t tclass; /* Object class for the SELinux check */
|
|
|
ea9550 |
+ access_vector_t avr; /* Access method being requested */
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
|
|
|
ea9550 |
cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))",
|
|
|
dc9527 |
@@ -1639,6 +1669,106 @@ add_job(cupsd_client_t *con, /* I - Cl
|
|
|
ea9550 |
}
|
|
|
ea9550 |
}
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (is_lspp_config())
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (!con->scon || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "add_job: missing classification for connection \'%s\'!", printer->name);
|
|
|
ea9550 |
+ send_ipp_status(con, IPP_INTERNAL_ERROR, _("Missing required security attributes."));
|
|
|
ea9550 |
+ return (NULL);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Perform an access check so that if the user gets feedback at enqueue time
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ printerfile = strstr(printer->device_uri, "/dev/");
|
|
|
ea9550 |
+ if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0))
|
|
|
ea9550 |
+ printerfile = printer->device_uri + strlen("file:");
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (printerfile != NULL)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: Attempting an access check on printer device %s",
|
|
|
ea9550 |
+ printerfile);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (lstat(printerfile, &printerstat) < 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (errno != ENOENT)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to stat the printer"));
|
|
|
ea9550 |
+ return (NULL);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * The printer does not exist, so for now assume it's a FileDevice
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ tclass = SECCLASS_FILE;
|
|
|
ea9550 |
+ avr = FILE__WRITE;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else if (S_ISCHR(printerstat.st_mode))
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ tclass = SECCLASS_CHR_FILE;
|
|
|
ea9550 |
+ avr = CHR_FILE__WRITE;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else if (S_ISREG(printerstat.st_mode))
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ tclass = SECCLASS_FILE;
|
|
|
ea9550 |
+ avr = FILE__WRITE;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Printer is not a character device or regular file"));
|
|
|
ea9550 |
+ return (NULL);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ static avc_initialized = 0;
|
|
|
ea9550 |
+ if (!avc_initialized++)
|
|
|
ea9550 |
+ avc_init("cupsd_enqueue_", NULL, NULL, NULL, NULL);
|
|
|
ea9550 |
+ avc_entry_ref_init(&avcref);
|
|
|
ea9550 |
+ if (avc_context_to_sid(con->scon, &clisid) != 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the client"));
|
|
|
ea9550 |
+ return (NULL);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ if (getfilecon(printerfile, &devcon) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux context of the printer"));
|
|
|
ea9550 |
+ return (NULL);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ printercon = context_new(devcon);
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: printer context %s client context %s",
|
|
|
ea9550 |
+ context_str(printercon), con->scon);
|
|
|
ea9550 |
+ context_free(printercon);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (avc_context_to_sid(devcon, &psid) != 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the printer"));
|
|
|
ea9550 |
+ freecon(devcon);
|
|
|
ea9550 |
+ return (NULL);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ freecon(devcon);
|
|
|
ea9550 |
+ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * The access check failed, so cancel the job and send an audit message
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ if (AuditLog != -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ audit_message = NULL;
|
|
|
ea9550 |
+ cupsdSetStringf(&audit_message, "job=? auid=%u acct=%s obj=%s refused"
|
|
|
ea9550 |
+ " unable to access printer=%s", con->auid,
|
|
|
ea9550 |
+ con->username, con->scon, printer->name);
|
|
|
ea9550 |
+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,
|
|
|
ea9550 |
+ ServerName, NULL, NULL, 0);
|
|
|
ea9550 |
+ cupsdClearString(&audit_message);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ send_ipp_status(con, IPP_NOT_AUTHORIZED, _("SELinux prohibits access to the printer"));
|
|
|
ea9550 |
+ return (NULL);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
if ((job = cupsdAddJob(priority, printer->name)) == NULL)
|
|
|
ea9550 |
{
|
|
|
ea9550 |
send_ipp_status(con, IPP_INTERNAL_ERROR,
|
|
|
dc9527 |
@@ -1647,6 +1777,32 @@ add_job(cupsd_client_t *con, /* I - Cl
|
|
|
ea9550 |
return (NULL);
|
|
|
ea9550 |
}
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (is_lspp_config())
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * duplicate the security context and auid of the connection into the job structure
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ job->scon = strdup(con->scon);
|
|
|
ea9550 |
+ job->auid = con->auid;
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * add the security context to the request so that on a restart the security
|
|
|
ea9550 |
+ * attributes will be able to be restored
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "security-context",
|
|
|
ea9550 |
+ NULL, job->scon);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Fill in the security context of the job as unlabeled
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: setting context of job to %s", UNKNOWN_SL);
|
|
|
ea9550 |
+ cupsdSetString(&job->scon, UNKNOWN_SL);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
job->dtype = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_REMOTE);
|
|
|
ea9550 |
job->attrs = con->request;
|
|
|
ea9550 |
job->dirty = 1;
|
|
|
dc9527 |
@@ -1818,6 +1974,29 @@ add_job(cupsd_client_t *con, /* I - Cl
|
|
|
dc9527 |
ippSetString(job->attrs, &attr, 0, printer->job_sheets[0]);
|
|
|
dc9527 |
ippSetString(job->attrs, &attr, 1, printer->job_sheets[1]);
|
|
|
ea9550 |
}
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * The option was present, so capture the user supplied strings
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ userheader = strdup(attr->values[0].string.text);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (attr->num_values > 1)
|
|
|
ea9550 |
+ userfooter = strdup(attr->values[1].string.text);
|
|
|
dc9527 |
+
|
|
|
ea9550 |
+ if (Classification != NULL && (strcmp(userheader, Classification) == 0)
|
|
|
ea9550 |
+ && userfooter &&(strcmp(userfooter, Classification) == 0))
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Since both values are Classification, the user is not trying to Override
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ free(userheader);
|
|
|
ea9550 |
+ if (userfooter) free(userfooter);
|
|
|
ea9550 |
+ userheader = userfooter = NULL;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
job->job_sheets = attr;
|
|
|
ea9550 |
|
|
|
dc9527 |
@@ -1848,6 +2027,9 @@ add_job(cupsd_client_t *con, /* I - Cl
|
|
|
ea9550 |
"job-sheets=\"%s,none\", "
|
|
|
ea9550 |
"job-originating-user-name=\"%s\"",
|
|
|
ea9550 |
Classification, job->username);
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ override = 1;
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
}
|
|
|
ea9550 |
else if (attr->num_values == 2 &&
|
|
|
ea9550 |
strcmp(attr->values[0].string.text,
|
|
|
dc9527 |
@@ -1866,6 +2048,9 @@ add_job(cupsd_client_t *con, /* I - Cl
|
|
|
ea9550 |
"job-originating-user-name=\"%s\"",
|
|
|
ea9550 |
attr->values[0].string.text,
|
|
|
ea9550 |
attr->values[1].string.text, job->username);
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ override = 1;
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
}
|
|
|
ea9550 |
else if (strcmp(attr->values[0].string.text, Classification) &&
|
|
|
ea9550 |
strcmp(attr->values[0].string.text, "none") &&
|
|
|
dc9527 |
@@ -1886,6 +2071,9 @@ add_job(cupsd_client_t *con, /* I - Cl
|
|
|
ea9550 |
"job-originating-user-name=\"%s\"",
|
|
|
ea9550 |
attr->values[0].string.text,
|
|
|
ea9550 |
attr->values[1].string.text, job->username);
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ override = 1;
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
}
|
|
|
ea9550 |
}
|
|
|
ea9550 |
else if (strcmp(attr->values[0].string.text, Classification) &&
|
|
|
dc9527 |
@@ -1926,8 +2114,52 @@ add_job(cupsd_client_t *con, /* I - Cl
|
|
|
ea9550 |
"job-sheets=\"%s\", "
|
|
|
ea9550 |
"job-originating-user-name=\"%s\"",
|
|
|
ea9550 |
Classification, job->username);
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ override = 1;
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (is_lspp_config() && AuditLog != -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ audit_message = NULL;
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (userheader || userfooter)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (!override)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * The user overrode the banner, so audit it
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s"
|
|
|
ea9550 |
+ " using banners=%s,%s", job->id, userheader,
|
|
|
ea9550 |
+ userfooter, attr->values[0].string.text,
|
|
|
ea9550 |
+ (attr->num_values > 1) ? attr->values[1].string.text : "(null)");
|
|
|
ea9550 |
+ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message,
|
|
|
ea9550 |
+ ServerName, NULL, NULL, 1);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * The user tried to override the banner, audit the failure
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s"
|
|
|
ea9550 |
+ " ignored banners=%s,%s", job->id, userheader,
|
|
|
ea9550 |
+ userfooter, attr->values[0].string.text,
|
|
|
ea9550 |
+ (attr->num_values > 1) ? attr->values[1].string.text : "(null)");
|
|
|
ea9550 |
+ audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message,
|
|
|
ea9550 |
+ ServerName, NULL, NULL, 0);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ cupsdClearString(&audit_message);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
}
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (userheader)
|
|
|
ea9550 |
+ free(userheader);
|
|
|
ea9550 |
+ if (userfooter)
|
|
|
ea9550 |
+ free(userfooter);
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
}
|
|
|
ea9550 |
+
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* See if we need to add the starting sheet...
|
|
|
dc9527 |
@@ -3690,6 +3922,111 @@ check_rss_recipient(
|
|
|
ea9550 |
}
|
|
|
ea9550 |
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+/*
|
|
|
ea9550 |
+ * 'check_context()' - Check SELinux security context of a user and job
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+static int /* O - 1 if OK, 0 if not, -1 on error */
|
|
|
ea9550 |
+check_context(cupsd_client_t *con, /* I - Client connection */
|
|
|
ea9550 |
+ cupsd_job_t *job) /* I - Job */
|
|
|
ea9550 |
+{
|
|
|
ea9550 |
+ int enforcing; /* is SELinux in enforcing mode */
|
|
|
ea9550 |
+ char filename[1024]; /* Filename of the spool file */
|
|
|
ea9550 |
+ security_id_t clisid; /* SELinux SID of the client */
|
|
|
ea9550 |
+ security_id_t jobsid; /* SELinux SID of the job */
|
|
|
ea9550 |
+ security_id_t filesid; /* SELinux SID of the spool file */
|
|
|
ea9550 |
+ struct avc_entry_ref avcref; /* AVC entry cache pointer */
|
|
|
ea9550 |
+ security_class_t tclass; /* SELinux security class */
|
|
|
ea9550 |
+ access_vector_t avr; /* SELinux access being queried */
|
|
|
ea9550 |
+ security_context_t spoolfilecon; /* SELinux context of the spool file */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Validate the input to be sure there are contexts to work with...
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (con->scon == NULL || job->scon == NULL
|
|
|
ea9550 |
+ || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0
|
|
|
ea9550 |
+ || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
|
|
|
ea9550 |
+ return -1;
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if ((enforcing = security_getenforce()) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Error while determining SELinux enforcement");
|
|
|
ea9550 |
+ return -1;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "check_context: client context %s job context %s", con->scon, job->scon);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Initialize the avc engine...
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ static avc_initialized = 0;
|
|
|
ea9550 |
+ if (! avc_initialized++)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (avc_init("cupsd", NULL, NULL, NULL, NULL) < 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable avc_init");
|
|
|
ea9550 |
+ return -1;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ if (avc_context_to_sid(con->scon, &clisid) != 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable to convert %s to SELinux sid", con->scon);
|
|
|
ea9550 |
+ return -1;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ if (avc_context_to_sid(job->scon, &jobsid) != 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable to convert %s to SELinux sid", job->scon);
|
|
|
ea9550 |
+ return -1;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ avc_entry_ref_init(&avcref);
|
|
|
ea9550 |
+ tclass = SECCLASS_FILE;
|
|
|
ea9550 |
+ avr = FILE__READ;
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Perform the check with the client as the subject, first with the job as the object
|
|
|
ea9550 |
+ * if that fails then with the spool file as the object...
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (avc_has_perm_noaudit(clisid, jobsid, tclass, avr, &avcref, NULL) != 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access based on the client context");
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ snprintf(filename, sizeof(filename), "%s/c%05d", RequestRoot, job->id);
|
|
|
ea9550 |
+ if (getfilecon(filename, &spoolfilecon) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to get spoolfile context");
|
|
|
ea9550 |
+ return -1;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ if (avc_context_to_sid(spoolfilecon, &filesid) != 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to determine the SELinux sid for the spool file");
|
|
|
ea9550 |
+ freecon(spoolfilecon);
|
|
|
ea9550 |
+ return -1;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ freecon(spoolfilecon);
|
|
|
ea9550 |
+ if (avc_has_perm_noaudit(clisid, filesid, tclass, avr, &avcref, NULL) != 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access to the spool file");
|
|
|
ea9550 |
+ return 0;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access to the spool file");
|
|
|
ea9550 |
+ return 1;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ if (enforcing == 0)
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: allowing operation due to permissive mode");
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access based on the client context");
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ return 1;
|
|
|
ea9550 |
+}
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* 'check_quotas()' - Check quotas for a printer and user.
|
|
|
ea9550 |
*/
|
|
|
dc9527 |
@@ -4142,6 +4479,15 @@ copy_banner(cupsd_client_t *con, /* I -
|
|
|
ea9550 |
char attrname[255], /* Name of attribute */
|
|
|
ea9550 |
*s; /* Pointer into name */
|
|
|
ea9550 |
ipp_attribute_t *attr; /* Attribute */
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ const char *mls_label; /* SL of print job */
|
|
|
ea9550 |
+ char *jobrange; /* SELinux sensitivity range */
|
|
|
ea9550 |
+ char *jobclearance; /* SELinux low end clearance */
|
|
|
ea9550 |
+ context_t jobcon; /* SELinux context of the job */
|
|
|
ea9550 |
+ context_t tmpcon; /* Temp context to set the level */
|
|
|
ea9550 |
+ security_context_t spoolcon; /* Context of the file in the spool */
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
|
|
|
ea9550 |
|
|
|
ea9550 |
cupsdLogMessage(CUPSD_LOG_DEBUG2,
|
|
|
dc9527 |
@@ -4177,6 +4523,82 @@ copy_banner(cupsd_client_t *con, /* I -
|
|
|
ea9550 |
|
|
|
ea9550 |
fchmod(cupsFileNumber(out), 0640);
|
|
|
ea9550 |
fchown(cupsFileNumber(out), RunUser, Group);
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (job->scon != NULL &&
|
|
|
ea9550 |
+ strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (getfilecon(filename, &spoolcon) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
|
ea9550 |
+ "copy_banner: Unable to get the context of the banner file %s - %s",
|
|
|
ea9550 |
+ filename, strerror(errno));
|
|
|
ea9550 |
+ job->num_files --;
|
|
|
ea9550 |
+ return (0);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ tmpcon = context_new(spoolcon);
|
|
|
ea9550 |
+ jobcon = context_new(job->scon);
|
|
|
ea9550 |
+ freecon(spoolcon);
|
|
|
ea9550 |
+ if (!tmpcon || !jobcon)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (tmpcon)
|
|
|
ea9550 |
+ context_free(tmpcon);
|
|
|
ea9550 |
+ if (jobcon)
|
|
|
ea9550 |
+ context_free(jobcon);
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
|
ea9550 |
+ "copy_banner: Unable to get the SELinux contexts");
|
|
|
ea9550 |
+ job->num_files --;
|
|
|
ea9550 |
+ return (0);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ jobrange = context_range_get(jobcon);
|
|
|
ea9550 |
+ if (jobrange)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ jobrange = strdup(jobrange);
|
|
|
ea9550 |
+ if ((jobclearance = strtok(jobrange, "-")) != NULL)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (context_range_set(tmpcon, jobclearance) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
|
ea9550 |
+ "copy_banner: Unable to set the level of the context for file %s - %s",
|
|
|
ea9550 |
+ filename, strerror(errno));
|
|
|
ea9550 |
+ free(jobrange);
|
|
|
ea9550 |
+ context_free(jobcon);
|
|
|
ea9550 |
+ context_free(tmpcon);
|
|
|
ea9550 |
+ job->num_files --;
|
|
|
ea9550 |
+ return (0);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
|
ea9550 |
+ "copy_banner: Unable to set the level of the context for file %s - %s",
|
|
|
ea9550 |
+ filename, strerror(errno));
|
|
|
ea9550 |
+ free(jobrange);
|
|
|
ea9550 |
+ context_free(jobcon);
|
|
|
ea9550 |
+ context_free(tmpcon);
|
|
|
ea9550 |
+ job->num_files --;
|
|
|
ea9550 |
+ return (0);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ free(jobrange);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ if (setfilecon(filename, context_str(tmpcon)) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
|
ea9550 |
+ "copy_banner: Unable to set the context of the banner file %s - %s",
|
|
|
ea9550 |
+ filename, strerror(errno));
|
|
|
ea9550 |
+ context_free(jobcon);
|
|
|
ea9550 |
+ context_free(tmpcon);
|
|
|
ea9550 |
+ job->num_files --;
|
|
|
ea9550 |
+ return (0);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "copy_banner: %s set to %s",
|
|
|
ea9550 |
+ filename, context_str(tmpcon));
|
|
|
ea9550 |
+ context_free(jobcon);
|
|
|
ea9550 |
+ context_free(tmpcon);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Try the localized banner file under the subdirectory...
|
|
|
dc9527 |
@@ -4271,6 +4693,24 @@ copy_banner(cupsd_client_t *con, /* I -
|
|
|
ea9550 |
else
|
|
|
ea9550 |
s = attrname;
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (strcmp(s, "mls-label") == 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (job->scon != NULL && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ jobcon = context_new(job->scon);
|
|
|
ea9550 |
+ if (_cups_strcasecmp(name, MLS_CONFIG) == 0)
|
|
|
ea9550 |
+ mls_label = context_range_get(jobcon);
|
|
|
ea9550 |
+ else if (_cups_strcasecmp(name, TE_CONFIG) == 0)
|
|
|
ea9550 |
+ mls_label = context_type_get(jobcon);
|
|
|
ea9550 |
+ else // default to using the whole context string
|
|
|
ea9550 |
+ mls_label = context_str(jobcon);
|
|
|
ea9550 |
+ cupsFilePuts(out, mls_label);
|
|
|
ea9550 |
+ context_free(jobcon);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ continue;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
if (!strcmp(s, "printer-name"))
|
|
|
ea9550 |
{
|
|
|
ea9550 |
cupsFilePuts(out, job->dest);
|
|
|
dc9527 |
@@ -6348,6 +6788,22 @@ get_job_attrs(cupsd_client_t *con, /* I
|
|
|
ea9550 |
|
|
|
ea9550 |
exclude = cupsdGetPrivateAttrs(policy, con, printer, job->username);
|
|
|
ea9550 |
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Check SELinux...
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ if (is_lspp_config() && check_context(con, job) != 1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Unfortunately we have to lie to the user...
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ send_ipp_status(con, IPP_NOT_FOUND, _("Job #%d does not exist!"), jobid);
|
|
|
ea9550 |
+ return;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Copy attributes...
|
|
|
ea9550 |
*/
|
|
|
dc9527 |
@@ -6701,6 +7157,11 @@ get_jobs(cupsd_client_t *con, /* I - C
|
|
|
ea9550 |
if (username[0] && _cups_strcasecmp(username, job->username))
|
|
|
ea9550 |
continue;
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (is_lspp_config() && check_context(con, job) != 1)
|
|
|
ea9550 |
+ continue;
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
if (count > 0)
|
|
|
ea9550 |
ippAddSeparator(con->response);
|
|
|
ea9550 |
|
|
|
dc9527 |
@@ -11259,6 +11720,11 @@ validate_user(cupsd_job_t *job, /* I
|
|
|
ea9550 |
|
|
|
ea9550 |
strlcpy(username, get_username(con), userlen);
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (is_lspp_config() && check_context(con, job) != 1)
|
|
|
ea9550 |
+ return 0;
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Check the username against the owner...
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
diff -up cups-1.6.3/scheduler/job.c.lspp cups-1.6.3/scheduler/job.c
|
|
|
dc9527 |
--- cups-1.6.3/scheduler/job.c.lspp 2015-06-10 11:45:38.155441541 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/scheduler/job.c 2015-06-10 11:45:38.164441517 +0200
|
|
|
ea9550 |
@@ -68,6 +68,9 @@
|
|
|
ea9550 |
* update_job_attrs() - Update the job-printer-* attributes.
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
|
|
|
ea9550 |
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
|
|
|
ea9550 |
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Include necessary headers...
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
@@ -83,6 +86,14 @@
|
|
|
ea9550 |
# endif /* HAVE_IOKIT_PWR_MGT_IOPMLIBPRIVATE_H */
|
|
|
ea9550 |
#endif /* __APPLE__ */
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+#include <libaudit.h>
|
|
|
ea9550 |
+#include <selinux/selinux.h>
|
|
|
ea9550 |
+#include <selinux/context.h>
|
|
|
ea9550 |
+#include <selinux/avc.h>
|
|
|
ea9550 |
+#include <selinux/flask.h>
|
|
|
ea9550 |
+#include <selinux/av_permissions.h>
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Design Notes for Job Management
|
|
|
ea9550 |
@@ -580,6 +591,14 @@ cupsdContinueJob(cupsd_job_t *job) /* I
|
|
|
ea9550 |
/* PRINTER_STATE_REASONS env var */
|
|
|
ea9550 |
rip_max_cache[255];
|
|
|
ea9550 |
/* RIP_MAX_CACHE env variable */
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ char *audit_message = NULL; /* Audit message string */
|
|
|
ea9550 |
+ context_t jobcon; /* SELinux context of the job */
|
|
|
ea9550 |
+ char *label_template = NULL; /* SL to put in classification
|
|
|
ea9550 |
+ env var */
|
|
|
ea9550 |
+ const char *mls_label = NULL; /* SL to put in classification
|
|
|
ea9550 |
+ env var */
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
|
|
|
ea9550 |
cupsdLogMessage(CUPSD_LOG_DEBUG2,
|
|
|
dc9527 |
@@ -1092,6 +1111,67 @@ cupsdContinueJob(cupsd_job_t *job) /* I
|
|
|
ea9550 |
if (final_content_type[0])
|
|
|
ea9550 |
envp[envc ++] = final_content_type;
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (is_lspp_config())
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (!job->scon || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (AuditLog != -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ audit_message = NULL;
|
|
|
ea9550 |
+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s",
|
|
|
ea9550 |
+ job->id, job->auid, job->username, job->printer->name, title);
|
|
|
ea9550 |
+ audit_log_user_message(AuditLog, AUDIT_USER_UNLABELED_EXPORT, audit_message,
|
|
|
ea9550 |
+ ServerName, NULL, NULL, 1);
|
|
|
ea9550 |
+ cupsdClearString(&audit_message);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ jobcon = context_new(job->scon);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if ((attr = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME)) == NULL)
|
|
|
ea9550 |
+ label_template = strdup(Classification);
|
|
|
ea9550 |
+ else if (attr->num_values > 1 &&
|
|
|
ea9550 |
+ strcmp(attr->values[1].string.text, "none") != 0)
|
|
|
ea9550 |
+ label_template = strdup(attr->values[1].string.text);
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ label_template = strdup(attr->values[0].string.text);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (_cups_strcasecmp(label_template, MLS_CONFIG) == 0)
|
|
|
ea9550 |
+ mls_label = context_range_get(jobcon);
|
|
|
ea9550 |
+ else if (_cups_strcasecmp(label_template, TE_CONFIG) == 0)
|
|
|
ea9550 |
+ mls_label = context_type_get(jobcon);
|
|
|
ea9550 |
+ else if (_cups_strcasecmp(label_template, SELINUX_CONFIG) == 0)
|
|
|
ea9550 |
+ mls_label = context_str(jobcon);
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ mls_label = label_template;
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (mls_label && (PerPageLabels || banner_page))
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ snprintf(classification, sizeof(classification), "CLASSIFICATION=LSPP:%s", mls_label);
|
|
|
ea9550 |
+ envp[envc ++] = classification;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if ((AuditLog != -1) && !banner_page)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ audit_message = NULL;
|
|
|
ea9550 |
+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s"
|
|
|
ea9550 |
+ " obj=%s label=%s", job->id, job->auid, job->username,
|
|
|
ea9550 |
+ job->printer->name, title, job->scon, mls_label?mls_label:"none");
|
|
|
ea9550 |
+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,
|
|
|
ea9550 |
+ ServerName, NULL, NULL, 1);
|
|
|
ea9550 |
+ cupsdClearString(&audit_message);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ context_free(jobcon);
|
|
|
ea9550 |
+ free(label_template);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Fall through to the non-LSPP behavior
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
if (Classification && !banner_page)
|
|
|
ea9550 |
{
|
|
|
ea9550 |
if ((attr = ippFindAttribute(job->attrs, "job-sheets",
|
|
|
dc9527 |
@@ -1866,6 +1946,20 @@ cupsdLoadJob(cupsd_job_t *job) /* I - J
|
|
|
ea9550 |
ippSetString(job->attrs, &job->reasons, 0, "none");
|
|
|
ea9550 |
}
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if ((attr = ippFindAttribute(job->attrs, "security-context", IPP_TAG_NAME)) != NULL)
|
|
|
ea9550 |
+ cupsdSetString(&job->scon, attr->values[0].string.text);
|
|
|
ea9550 |
+ else if (is_lspp_config())
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * There was no security context so delete the job
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "LoadAllJobs: Missing or bad security-context attribute in control file \"%s\"!",
|
|
|
ea9550 |
+ jobfile);
|
|
|
ea9550 |
+ goto error;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
job->sheets = ippFindAttribute(job->attrs, "job-media-sheets-completed",
|
|
|
ea9550 |
IPP_TAG_INTEGER);
|
|
|
ea9550 |
job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME);
|
|
|
dc9527 |
@@ -2259,6 +2353,14 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J
|
|
|
ea9550 |
{
|
|
|
ea9550 |
char filename[1024]; /* Job control filename */
|
|
|
ea9550 |
cups_file_t *fp; /* Job file */
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ security_context_t spoolcon; /* context of the job control file */
|
|
|
ea9550 |
+ context_t jobcon; /* contex_t container for job->scon */
|
|
|
ea9550 |
+ context_t tmpcon; /* Temp context to swap the level */
|
|
|
ea9550 |
+ char *jobclearance; /* SELinux low end clearance */
|
|
|
ea9550 |
+ const char *jobrange; /* SELinux sensitivity range */
|
|
|
ea9550 |
+ char *jobrange_copy; /* SELinux sensitivity range */
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
|
|
|
ea9550 |
cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p",
|
|
|
dc9527 |
@@ -2271,6 +2373,76 @@ cupsdSaveJob(cupsd_job_t *job) /* I - J
|
|
|
ea9550 |
|
|
|
ea9550 |
fchown(cupsFileNumber(fp), RunUser, Group);
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (job->scon && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (getfilecon(filename, &spoolcon) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
|
ea9550 |
+ "Unable to get context of job control file \"%s\" - %s.",
|
|
|
ea9550 |
+ filename, strerror(errno));
|
|
|
ea9550 |
+ return;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ jobcon = context_new(job->scon);
|
|
|
ea9550 |
+ tmpcon = context_new(spoolcon);
|
|
|
ea9550 |
+ freecon(spoolcon);
|
|
|
ea9550 |
+ if (!jobcon || !tmpcon)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (jobcon)
|
|
|
ea9550 |
+ context_free(jobcon);
|
|
|
ea9550 |
+ if (tmpcon)
|
|
|
ea9550 |
+ context_free(tmpcon);
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get SELinux contexts");
|
|
|
ea9550 |
+ return;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ jobrange = context_range_get(jobcon);
|
|
|
ea9550 |
+ if (jobrange)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ jobrange_copy = strdup(jobrange);
|
|
|
ea9550 |
+ if ((jobclearance = strtok(jobrange_copy, "-")) != NULL)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (context_range_set(tmpcon, jobclearance) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
|
ea9550 |
+ "Unable to set the range for job control file \"%s\" - %s.",
|
|
|
ea9550 |
+ filename, strerror(errno));
|
|
|
ea9550 |
+ free(jobrange_copy);
|
|
|
ea9550 |
+ context_free(tmpcon);
|
|
|
ea9550 |
+ context_free(jobcon);
|
|
|
ea9550 |
+ return;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
|
ea9550 |
+ "Unable to set the range for job control file \"%s\" - %s.",
|
|
|
ea9550 |
+ filename, strerror(errno));
|
|
|
ea9550 |
+ free(jobrange_copy);
|
|
|
ea9550 |
+ context_free(tmpcon);
|
|
|
ea9550 |
+ context_free(jobcon);
|
|
|
ea9550 |
+ return;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ free(jobrange_copy);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ if (setfilecon(filename, context_str(tmpcon)) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
|
ea9550 |
+ "Unable to set context of job control file \"%s\" - %s.",
|
|
|
ea9550 |
+ filename, strerror(errno));
|
|
|
ea9550 |
+ context_free(tmpcon);
|
|
|
ea9550 |
+ context_free(jobcon);
|
|
|
ea9550 |
+ return;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p): new spool file context=%s",
|
|
|
ea9550 |
+ job, context_str(tmpcon));
|
|
|
ea9550 |
+ context_free(tmpcon);
|
|
|
ea9550 |
+ context_free(jobcon);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
job->attrs->state = IPP_IDLE;
|
|
|
ea9550 |
|
|
|
ea9550 |
if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL,
|
|
|
dc9527 |
@@ -3780,6 +3952,18 @@ get_options(cupsd_job_t *job, /* I - Jo
|
|
|
ea9550 |
banner_page)
|
|
|
ea9550 |
continue;
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * In LSPP mode refuse to honor the page-label
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ if (is_lspp_config() &&
|
|
|
ea9550 |
+ !strcmp(attr->name, "page-label"))
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "Ignoring page-label option due to LSPP mode");
|
|
|
ea9550 |
+ continue;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Otherwise add them to the list...
|
|
|
ea9550 |
*/
|
|
|
dc9527 |
@@ -4504,6 +4688,19 @@ static void
|
|
|
ea9550 |
start_job(cupsd_job_t *job, /* I - Job ID */
|
|
|
ea9550 |
cupsd_printer_t *printer) /* I - Printer to print job */
|
|
|
ea9550 |
{
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ char *audit_message = NULL; /* Audit message string */
|
|
|
ea9550 |
+ char *printerfile = NULL; /* Device file pointed to by the printer */
|
|
|
ea9550 |
+ security_id_t clisid; /* SELinux SID for the client */
|
|
|
ea9550 |
+ security_id_t psid; /* SELinux SID for the printer */
|
|
|
ea9550 |
+ context_t printercon; /* Printer's context string */
|
|
|
ea9550 |
+ struct stat printerstat; /* Printer's stat buffer */
|
|
|
ea9550 |
+ security_context_t devcon; /* Printer's SELinux context */
|
|
|
ea9550 |
+ struct avc_entry_ref avcref; /* Pointer to the access vector cache */
|
|
|
ea9550 |
+ security_class_t tclass; /* Object class for the SELinux check */
|
|
|
ea9550 |
+ access_vector_t avr; /* Access method being requested */
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
cupsdLogMessage(CUPSD_LOG_DEBUG2, "start_job(job=%p(%d), printer=%p(%s))",
|
|
|
ea9550 |
job, job->id, printer, printer->name);
|
|
|
ea9550 |
|
|
|
dc9527 |
@@ -4646,6 +4843,108 @@ start_job(cupsd_job_t *job, /* I -
|
|
|
ea9550 |
fcntl(job->side_pipes[1], F_SETFD,
|
|
|
ea9550 |
fcntl(job->side_pipes[1], F_GETFD) | FD_CLOEXEC);
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (is_lspp_config())
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * Perform an access check before printing, but only if the printer starts with /dev/
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ printerfile = strstr(printer->device_uri, "/dev/");
|
|
|
ea9550 |
+ if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0))
|
|
|
ea9550 |
+ printerfile = printer->device_uri + strlen("file:");
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (printerfile != NULL)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_DEBUG,
|
|
|
ea9550 |
+ "StartJob: Attempting to check access on printer device %s", printerfile);
|
|
|
ea9550 |
+ if (lstat(printerfile, &printerstat) < 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (errno != ENOENT)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "StartJob: Unable to stat the printer");
|
|
|
ea9550 |
+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
|
|
|
ea9550 |
+ return ;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * The printer does not exist, so for now assume it's a FileDevice
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ tclass = SECCLASS_FILE;
|
|
|
ea9550 |
+ avr = FILE__WRITE;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else if (S_ISCHR(printerstat.st_mode))
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ tclass = SECCLASS_CHR_FILE;
|
|
|
ea9550 |
+ avr = CHR_FILE__WRITE;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else if (S_ISREG(printerstat.st_mode))
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ tclass = SECCLASS_FILE;
|
|
|
ea9550 |
+ avr = FILE__WRITE;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
|
ea9550 |
+ "StartJob: Printer is not a character device or regular file");
|
|
|
ea9550 |
+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
|
|
|
ea9550 |
+ return ;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ static avc_initialized = 0;
|
|
|
ea9550 |
+ if (!avc_initialized++)
|
|
|
ea9550 |
+ avc_init("cupsd_dequeue_", NULL, NULL, NULL, NULL);
|
|
|
ea9550 |
+ avc_entry_ref_init(&avcref);
|
|
|
ea9550 |
+ if (avc_context_to_sid(job->scon, &clisid) != 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
|
ea9550 |
+ "StartJob: Unable to determine the SELinux sid for the job");
|
|
|
ea9550 |
+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
|
|
|
ea9550 |
+ return ;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ if (getfilecon(printerfile, &devcon) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "StartJob: Unable to get the SELinux context of %s",
|
|
|
ea9550 |
+ printerfile);
|
|
|
ea9550 |
+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
|
|
|
ea9550 |
+ return ;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ printercon = context_new(devcon);
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "StartJob: printer context %s client context %s",
|
|
|
ea9550 |
+ context_str(printercon), job->scon);
|
|
|
ea9550 |
+ context_free(printercon);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (avc_context_to_sid(devcon, &psid) != 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR,
|
|
|
ea9550 |
+ "StartJob: Unable to determine the SELinux sid for the printer");
|
|
|
ea9550 |
+ freecon(devcon);
|
|
|
ea9550 |
+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
|
|
|
ea9550 |
+ return ;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ freecon(devcon);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ /*
|
|
|
ea9550 |
+ * The access check failed, so cancel the job and send an audit message
|
|
|
ea9550 |
+ */
|
|
|
ea9550 |
+ if (AuditLog != -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ audit_message = NULL;
|
|
|
ea9550 |
+ cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s obj=%s canceled"
|
|
|
ea9550 |
+ " unable to access printer=%s", job->id,
|
|
|
ea9550 |
+ job->auid, (job->username)?job->username:"?", job->scon, printer->name);
|
|
|
ea9550 |
+ audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,
|
|
|
ea9550 |
+ ServerName, NULL, NULL, 0);
|
|
|
ea9550 |
+ cupsdClearString(&audit_message);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ cupsdSetJobState(job, IPP_JOB_ABORTED, CUPSD_JOB_DEFAULT, NULL);
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ return ;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Now start the first file in the job...
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
diff -up cups-1.6.3/scheduler/job.h.lspp cups-1.6.3/scheduler/job.h
|
|
|
dc9527 |
--- cups-1.6.3/scheduler/job.h.lspp 2013-06-07 03:12:52.000000000 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/scheduler/job.h 2015-06-10 11:45:38.164441517 +0200
|
|
|
ea9550 |
@@ -13,6 +13,13 @@
|
|
|
ea9550 |
* file is missing or damaged, see the license at "http://www.cups.org/".
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
|
|
|
ea9550 |
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
|
|
|
ea9550 |
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+#include <selinux/selinux.h>
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Constants...
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
@@ -82,6 +89,10 @@ struct cupsd_job_s /**** Job request *
|
|
|
ea9550 |
int progress; /* Printing progress */
|
|
|
ea9550 |
int num_keywords; /* Number of PPD keywords */
|
|
|
ea9550 |
cups_option_t *keywords; /* PPD keywords */
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ security_context_t scon; /* Security context of job */
|
|
|
ea9550 |
+ uid_t auid; /* Audit loginuid for this job */
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
};
|
|
|
ea9550 |
|
|
|
ea9550 |
typedef struct cupsd_joblog_s /**** Job log message ****/
|
|
|
ea9550 |
diff -up cups-1.6.3/scheduler/main.c.lspp cups-1.6.3/scheduler/main.c
|
|
|
dc9527 |
--- cups-1.6.3/scheduler/main.c.lspp 2015-06-10 11:45:38.095441704 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/scheduler/main.c 2015-06-10 11:45:38.164441517 +0200
|
|
|
ea9550 |
@@ -38,6 +38,8 @@
|
|
|
ea9550 |
* usage() - Show scheduler usage.
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
|
|
|
ea9550 |
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Include necessary headers...
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
@@ -80,6 +82,9 @@
|
|
|
ea9550 |
# include <sys/param.h>
|
|
|
ea9550 |
#endif /* HAVE_SYS_PARAM_H */
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+# include <libaudit.h>
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Local functions...
|
|
|
ea9550 |
@@ -143,6 +148,9 @@ main(int argc, /* I - Number of comm
|
|
|
ea9550 |
#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
|
|
|
ea9550 |
struct sigaction action; /* Actions for POSIX signals */
|
|
|
ea9550 |
#endif /* HAVE_SIGACTION && !HAVE_SIGSET */
|
|
|
ea9550 |
+#if WITH_LSPP
|
|
|
ea9550 |
+ auditfail_t failmode; /* Action for audit_open failure */
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
#ifdef __sgi
|
|
|
ea9550 |
cups_file_t *fp; /* Fake lpsched lock file */
|
|
|
ea9550 |
struct stat statbuf; /* Needed for checking lpsched FIFO */
|
|
|
ea9550 |
@@ -526,6 +534,25 @@ main(int argc, /* I - Number of comm
|
|
|
ea9550 |
#endif /* DEBUG */
|
|
|
ea9550 |
}
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if ((AuditLog = audit_open()) < 0 )
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (get_auditfail_action(&failmode) == 0)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (failmode == FAIL_LOG)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to connect to audit subsystem.");
|
|
|
ea9550 |
+ AuditLog = -1;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else if (failmode == FAIL_TERMINATE)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ fprintf(stderr, "cupsd: unable to start auditing, terminating");
|
|
|
ea9550 |
+ return -1;
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Set the timezone info...
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
@@ -1238,6 +1265,11 @@ main(int argc, /* I - Number of comm
|
|
|
ea9550 |
|
|
|
ea9550 |
cupsdStopSelect();
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (AuditLog != -1)
|
|
|
ea9550 |
+ audit_close(AuditLog);
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
return (!stop_scheduler);
|
|
|
ea9550 |
}
|
|
|
ea9550 |
|
|
|
ea9550 |
diff -up cups-1.6.3/scheduler/printers.c.lspp cups-1.6.3/scheduler/printers.c
|
|
|
dc9527 |
--- cups-1.6.3/scheduler/printers.c.lspp 2015-06-10 11:45:38.087441726 +0200
|
|
|
dc9527 |
+++ cups-1.6.3/scheduler/printers.c 2015-06-10 11:45:38.165441514 +0200
|
|
|
ea9550 |
@@ -56,6 +56,8 @@
|
|
|
ea9550 |
* write_xml_string() - Write a string with XML escaping.
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
|
|
|
ea9550 |
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
|
|
|
ea9550 |
+
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Include necessary headers...
|
|
|
ea9550 |
*/
|
|
|
ea9550 |
@@ -80,6 +82,10 @@
|
|
|
ea9550 |
# include <asl.h>
|
|
|
ea9550 |
#endif /* __APPLE__ */
|
|
|
ea9550 |
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+# include <libaudit.h>
|
|
|
ea9550 |
+# include <selinux/context.h>
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* Local functions...
|
|
|
ea9550 |
@@ -2107,6 +2113,13 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
|
|
|
ea9550 |
ipp_attribute_t *attr; /* Attribute data */
|
|
|
ea9550 |
char *name, /* Current user/group name */
|
|
|
ea9550 |
*filter; /* Current filter */
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ char *audit_message; /* Audit message string */
|
|
|
ea9550 |
+ char *printerfile; /* Path to a local printer dev */
|
|
|
ea9550 |
+ char *rangestr; /* Printer's range if its available */
|
|
|
ea9550 |
+ security_context_t devcon; /* Printer SELinux context */
|
|
|
ea9550 |
+ context_t printercon; /* context_t for the printer */
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
|
|
|
ea9550 |
|
|
|
ea9550 |
DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name,
|
|
|
ea9550 |
@@ -2229,6 +2242,45 @@ cupsdSetPrinterAttrs(cupsd_printer_t *p)
|
|
|
ea9550 |
attr->values[1].string.text = _cupsStrAlloc(Classification ?
|
|
|
ea9550 |
Classification : p->job_sheets[1]);
|
|
|
ea9550 |
}
|
|
|
ea9550 |
+#ifdef WITH_LSPP
|
|
|
ea9550 |
+ if (AuditLog != -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ audit_message = NULL;
|
|
|
ea9550 |
+ rangestr = NULL;
|
|
|
ea9550 |
+ printercon = 0;
|
|
|
ea9550 |
+ printerfile = strstr(p->device_uri, "/dev/");
|
|
|
ea9550 |
+ if (printerfile == NULL && (strncmp(p->device_uri, "file:/", 6) == 0))
|
|
|
ea9550 |
+ printerfile = p->device_uri + strlen("file:");
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (printerfile != NULL)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if (getfilecon(printerfile, &devcon) == -1)
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ if(is_selinux_enabled())
|
|
|
ea9550 |
+ cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdSetPrinterAttrs: Unable to get printer context");
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ {
|
|
|
ea9550 |
+ printercon = context_new(devcon);
|
|
|
ea9550 |
+ freecon(devcon);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ if (printercon && context_range_get(printercon))
|
|
|
ea9550 |
+ rangestr = strdup(context_range_get(printercon));
|
|
|
ea9550 |
+ else
|
|
|
ea9550 |
+ rangestr = strdup("unknown");
|
|
|
ea9550 |
+
|
|
|
ea9550 |
+ cupsdSetStringf(&audit_message, "printer=%s uri=%s banners=%s,%s range=%s",
|
|
|
ea9550 |
+ p->name, p->sanitized_device_uri, p->job_sheets[0], p->job_sheets[1], rangestr);
|
|
|
ea9550 |
+ audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message,
|
|
|
ea9550 |
+ ServerName, NULL, NULL, 1);
|
|
|
ea9550 |
+ if (printercon)
|
|
|
ea9550 |
+ context_free(printercon);
|
|
|
ea9550 |
+ free(rangestr);
|
|
|
ea9550 |
+ cupsdClearString(&audit_message);
|
|
|
ea9550 |
+ }
|
|
|
ea9550 |
+#endif /* WITH_LSPP */
|
|
|
ea9550 |
}
|
|
|
ea9550 |
|
|
|
ea9550 |
p->raw = 0;
|
|
|
ea9550 |
@@ -5315,7 +5367,6 @@ write_irix_state(cupsd_printer_t *p) /*
|
|
|
ea9550 |
}
|
|
|
ea9550 |
#endif /* __sgi */
|
|
|
ea9550 |
|
|
|
ea9550 |
-
|
|
|
ea9550 |
/*
|
|
|
ea9550 |
* 'write_xml_string()' - Write a string with XML escaping.
|
|
|
ea9550 |
*/
|