rpms / cups

Clone
Source Code
GIT

Blame cups-lspp.patch

2.0 enumdest f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f7 f8 f9 main private-zdohnal-devel rawhide
  1.   812ed7011af480f7b94109f7dc570f4090ef90bd
  2.   cups-lspp.patch
Blob History Raw
f4b6623 
--- cups-1.2.8/Makedefs.in.lspp	2007-03-02 14:06:43.000000000 +0000
f4b6623 
+++ cups-1.2.8/Makedefs.in	2007-03-02 14:06:46.000000000 +0000
f4b6623 
@@ -136,7 +136,7 @@
f4b6623 
 			@LDFLAGS@ @RELROFLAG@ @PIEFLAGS@ $(OPTIM)
f4b6623 
 LINKCUPS	=	@LINKCUPS@ $(SSLLIBS)
f4b6623 
 LINKCUPSIMAGE	=	@LINKCUPSIMAGE@
f4b6623 
-LIBS		=	$(LINKCUPS) $(COMMONLIBS)
f4b6623 
+LIBS		=	$(LINKCUPS) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@
f4b6623 
 OPTIM		=	@OPTIM@
f4b6623 
 OPTIONS		=
f4b6623 
 PAMLIBS		=	@PAMLIBS@
f4b6623 
@@ -239,7 +239,7 @@
f4b6623 
 # Rules...
f4b6623 
 #
f4b6623
f4b6623 
-.SILENT:
f4b6623 
+
f4b6623 
 .SUFFIXES:	.1 .1.gz .1m .1m.gz .5 .5.gz .7 .7.gz .8 .8.gz .a .c .cxx .h .man .o .32.o .64.o .gz
f4b6623
f4b6623 
 .c.o:
f4b6623 
--- /dev/null	2007-03-02 08:56:41.811642143 +0000
f4b6623 
+++ cups-1.2.8/config-scripts/cups-lspp.m4	2007-03-02 14:06:43.000000000 +0000
9ad376b 
@@ -0,0 +1,36 @@
9ad376b 
+dnl
9ad376b 
+dnl   LSPP code for the Common UNIX Printing System (CUPS).
9ad376b 
+dnl
9ad376b 
+dnl   Copyright 2005-2006 by Hewlett-Packard Development Company, L.P.
9ad376b 
+dnl
9ad376b 
+dnl   This program is free software; you can redistribute it and/or modify
9ad376b 
+dnl   it under the terms of the GNU General Public License as published by
9ad376b 
+dnl   the Free Software Foundation; version 2.
9ad376b 
+dnl
9ad376b 
+dnl   This program is distributed in the hope that it will be useful, but
9ad376b 
+dnl   WITHOUT ANY WARRANTY; without even the implied warranty of
9ad376b 
+dnl   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
9ad376b 
+dnl   General Public License for more details.
9ad376b 
+dnl
9ad376b 
+dnl   You should have received a copy of the GNU General Public License
9ad376b 
+dnl   along with this program; if not, write to the Free Software Foundation,
9ad376b 
+dnl   Inc., 51 Franklin Street, Fifth Floor Boston, MA 02110-1301 USA
9ad376b 
+dnl
9ad376b 
+
9ad376b 
+dnl Are we trying to meet LSPP requirements
9ad376b 
+AC_ARG_ENABLE(lspp, [  --enable-lspp           turn on auditing and label support, default=no])
9ad376b 
+
9ad376b 
+if test x"$enable_lspp" != xno; then
9ad376b 
+    case "$uname" in
9ad376b 
+        Linux)
9ad376b 
+            AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)])
9ad376b 
+            AC_CHECK_HEADER(libaudit.h)
9ad376b 
+            AC_CHECK_LIB(selinux,getpeercon, [LIBSELINUX="-lselinux" AC_SUBST(LIBSELINUX)])
9ad376b 
+            AC_CHECK_HEADER(selinux/selinux.h)
9ad376b 
+            AC_DEFINE(WITH_LSPP)
9ad376b 
+            ;;
9ad376b 
+        *)
9ad376b 
+            # All others
9ad376b 
+            ;;
9ad376b 
+    esac
9ad376b 
+fi
ee6b344 
--- cups-1.2.8/data/mls	2007-03-02 14:06:43.000000000 +0000
ee6b344 
+++ cups-1.2.4-secheck/data/mls	2007-03-07 10:33:09.000000000 -0500
ee6b344 
@@ -0,0 +1,261 @@
75d0e82 
+%!PS-Adobe-3.0
75d0e82 
+%%BoundingBox: 0 0 612 792
75d0e82 
+%%Pages: 1
75d0e82 
+%%LanguageLevel: 1
75d0e82 
+%%DocumentData: Clean7Bit
75d0e82 
+%%DocumentSuppliedResources: procset bannerprint/1.0
75d0e82 
+%%DocumentNeededResources: font Helvetica Helvetica-Bold Times-Roman
75d0e82 
+%%Creator: Michael Sweet, Easy Software Products
75d0e82 
+%%CreationDate: May 10, 2000
75d0e82 
+%%Title: Test Page
75d0e82 
+%%EndComments
75d0e82 
+%%BeginProlog
75d0e82 
+%%BeginResource procset bannerprint 1.1 0
75d0e82 
+%
75d0e82 
+%   PostScript banner page for the Common UNIX Printing System ("CUPS").
75d0e82 
+%
75d0e82 
+%   Copyright 1993-2005 by Easy Software Products
75d0e82 
+%
75d0e82 
+%   These coded instructions, statements, and computer programs are the
75d0e82 
+%   property of Easy Software Products and are protected by Federal
75d0e82 
+%   copyright law.  Distribution and use rights are outlined in the file
75d0e82 
+%   "LICENSE.txt" which should have been included with this file.  If this
75d0e82 
+%   file is missing or damaged please contact Easy Software Products
75d0e82 
+%   at:
75d0e82 
+%
75d0e82 
+%       Attn: CUPS Licensing Information
75d0e82 
+%       Easy Software Products
75d0e82 
+%       44141 Airport View Drive, Suite 204
75d0e82 
+%       Hollywood, Maryland 20636 USA
75d0e82 
+%
75d0e82 
+%       Voice: (301) 373-9600
75d0e82 
+%       EMail: cups-info@cups.org
75d0e82 
+%         WWW: http://www.cups.org
75d0e82 
+%
75d0e82 
+/CENTER {			% Draw centered text
75d0e82 
+				% (name) CENTER -
75d0e82 
+  dup stringwidth pop		% Get the width of the string
75d0e82 
+  0.5 mul neg 0 rmoveto		% Shift left 1/2 of the distance
75d0e82 
+  show				% Show the string
75d0e82 
+} bind def
75d0e82 
+/RIGHT {			% Draw right-justified text
75d0e82 
+				% (name) RIGHT -
75d0e82 
+  dup stringwidth pop		% Get the width of the string
75d0e82 
+  neg 0 rmoveto			% Shift left the entire distance
75d0e82 
+  show				% Show the string
75d0e82 
+} bind def
75d0e82 
+/NUMBER {			% Draw a number
75d0e82 
+				% power n NUMBER -
75d0e82 
+  1 index 1 eq {		% power == 1?
75d0e82 
+    round cvi exch pop		% Convert "n" to integer
75d0e82 
+  } {
75d0e82 
+    1 index mul round exch div	% Truncate extra decimal places
75d0e82 
+  } ifelse
75d0e82 
+  100 string cvs show		% Convert to a string and show it...
75d0e82 
+} bind def
75d0e82 
+/CUPSLOGO {			% Draw the CUPS logo
75d0e82 
+				% height CUPSLOGO
75d0e82 
+  % Start with a big C...
75d0e82 
+  /Helvetica findfont 1 index scalefont setfont
75d0e82 
+  0 setgray
75d0e82 
+  0 0 moveto
75d0e82 
+  (C) show
75d0e82 
+
75d0e82 
+  % Then "UNIX Printing System" much smaller...
75d0e82 
+  /Helvetica-Bold findfont 1 index 9 div scalefont setfont
75d0e82 
+  0.25 mul
75d0e82 
+  dup dup 2.0 mul moveto
75d0e82 
+  (UNIX) show
75d0e82 
+  dup dup 1.6 mul moveto
75d0e82 
+  (Printing) show
75d0e82 
+  dup 1.2 mul moveto
75d0e82 
+  (System) show
75d0e82 
+} bind def
75d0e82 
+/ESPLOGO {			% Draw the ESP logo
75d0e82 
+				% height ESPLOGO
75d0e82 
+  % Compute the size of the logo...
75d0e82 
+  0 0
75d0e82 
+  2 index 1.5 mul 3 index
75d0e82 
+
75d0e82 
+  % Do the "metallic" fill from 10% black to 40% black...
75d0e82 
+  1 -0.001 0 {
75d0e82 
+    dup			% loopval
75d0e82 
+    -0.15 mul		% loopval * -0.15
75d0e82 
+    0.9 add		% 0.9 - loopval * 0.15
75d0e82 
+    setgray		% set gray shade
75d0e82 
+
75d0e82 
+    0			% x
75d0e82 
+    1 index neg		% loopval
75d0e82 
+    1 add		% 1 - loopval
75d0e82 
+    3 index		% height
75d0e82 
+    mul			% height * (1 - loopval)
75d0e82 
+    moveto		% starting point
75d0e82 
+
75d0e82 
+    dup			% loopval
75d0e82 
+    3 index		% width
75d0e82 
+    mul			% loopval * width
75d0e82 
+    2 index		% height
75d0e82 
+    lineto		% Next point
75d0e82 
+
75d0e82 
+    0			% x
75d0e82 
+    2 index		% height
75d0e82 
+    lineto		% Next point
75d0e82 
+
75d0e82 
+    closepath
75d0e82 
+    fill
75d0e82 
+
75d0e82 
+    dup			% loopval
75d0e82 
+    0.15 mul		% loopval * 0.15
75d0e82 
+    0.6 add		% 0.6 + loopval * 0.15
75d0e82 
+    setgray
75d0e82 
+
75d0e82 
+    dup			% loopval
75d0e82 
+    neg 1 add		% 1 - loopval
75d0e82 
+    3 index		% width
75d0e82 
+    mul			% (1 - loopval) * width
75d0e82 
+    0			% y
75d0e82 
+    moveto		% Starting point
75d0e82 
+
75d0e82 
+    2 index		% width
75d0e82 
+    exch		% loopval
75d0e82 
+    2 index		% height
75d0e82 
+    mul			% loopval * height
75d0e82 
+    lineto		% Next point
75d0e82 
+
75d0e82 
+    1 index		% width
75d0e82 
+    0			% y
75d0e82 
+    lineto		% Next point
75d0e82 
+
75d0e82 
+    closepath
75d0e82 
+    fill
75d0e82 
+  } for
75d0e82 
+
75d0e82 
+  0 setgray rectstroke
75d0e82 
+
75d0e82 
+  /Helvetica-BoldOblique findfont 1 index 3 div scalefont setfont
75d0e82 
+  dup 40 div
75d0e82 
+
75d0e82 
+  dup 4 mul 1 index 25 mul moveto (E) show
75d0e82 
+  dup 10 mul 1 index 15 mul moveto (S) show
75d0e82 
+  dup 16 mul 1 index 5 mul moveto (P) show
75d0e82 
+
75d0e82 
+  /Helvetica-BoldOblique findfont 2 index 5 div scalefont setfont
75d0e82 
+  dup 14 mul 1 index 29 mul moveto (asy) show
75d0e82 
+  dup 20 mul 1 index 19 mul moveto (oftware) show
75d0e82 
+  dup 26 mul 1 index 9 mul moveto (roducts) show
75d0e82 
+
75d0e82 
+  pop
75d0e82 
+} bind def
75d0e82 
+%%EndResource
75d0e82 
+%%EndProlog
75d0e82 
+%%Page: 1 1
75d0e82 
+gsave
75d0e82 
+
75d0e82 
+  % Determine the imageable area and device resolution...
75d0e82 
+  initclip newpath clippath pathbbox	% Get bounding rectangle
75d0e82 
+  72 div /pageTop exch def		% Get top margin in inches
75d0e82 
+  72 div /pageRight exch def		% Get right margin in inches
75d0e82 
+  72 div /pageBottom exch def		% Get bottom margin in inches
75d0e82 
+  72 div /pageLeft exch def		% Get left margin in inches
75d0e82 
+
75d0e82 
+  /pageWidth pageRight pageLeft sub def	% pageWidth = pageRight - pageLeft
75d0e82 
+  /pageHeight pageTop pageBottom sub def% pageHeight = pageTop - pageBottom
75d0e82 
+
75d0e82 
+  /boxWidth				% width of text box
75d0e82 
+  pageWidth pageHeight lt
75d0e82 
+  { pageWidth 54 mul }
75d0e82 
+  { pageHeight 42 mul }
75d0e82 
+  ifelse def
75d0e82 
+
75d0e82 
+  newpath				% Clear bounding path
75d0e82 
+
75d0e82 
+  % Create fonts...
75d0e82 
+  /bigFont /Helvetica-Bold findfont	% bigFont = Helvetica-Bold
75d0e82 
+  pageHeight 3 mul scalefont def	% size = pageHeight * 3 (nominally 33)
75d0e82 
+
75d0e82 
+  /mediumFont /Helvetica findfont	% mediumFont = Helvetica
75d0e82 
+  pageHeight 1.5 mul scalefont def	% size = pageHeight * 1.5 (nominally 16.5)
75d0e82 
+
75d0e82 
+  % Offset page to account for lower-left margin...
75d0e82 
+  pageLeft 72 mul
75d0e82 
+  pageBottom 72 mul
75d0e82 
+  translate
75d0e82 
+
75d0e82 
+  % Job information box...
75d0e82 
+  pageWidth 36 mul 9 add		% x = pageWidth * 1/2 * 72 + 9
75d0e82 
+  boxWidth 0.5 mul sub			% x-= 1/2 box width
75d0e82 
+  pageHeight 30 mul 9 sub		% y = pageHeight * 1/2 * 72 - 9
75d0e82 
+  boxWidth				% w = box width
75d0e82 
+  pageHeight 14 mul			% h = pageHeight * 1/2 * 72
75d0e82 
+  0.5 setgray rectfill			% Draw a shadow
75d0e82 
+
75d0e82 
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
75d0e82 
+  boxWidth 0.5 mul sub			% x-= 1/2 box width
75d0e82 
+  pageHeight 30 mul			% y = pageHeight * 1/4 * 72
75d0e82 
+  boxWidth				% w = box width
75d0e82 
+  pageHeight 14 mul			% h = pageHeight * 1/2 * 72
75d0e82 
+
75d0e82 
+  4 copy 1 setgray rectfill		% Clear the box to white
75d0e82 
+  0 setgray rectstroke			% Draw a black box around it...
75d0e82 
+
75d0e82 
+  % Job information text...
75d0e82 
+  mediumFont setfont			% Medium sized font
75d0e82 
+
75d0e82 
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
75d0e82 
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
75d0e82 
+  pageHeight 5 mul add			% y += 2 lines
75d0e82 
+  2 copy				% Copy X & Y
75d0e82 
+  moveto
75d0e82 
+  (Job ID: ) RIGHT
75d0e82 
+  moveto
75d0e82 
+  ({printer-name}-{job-id}) show
75d0e82 
+
75d0e82 
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
75d0e82 
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
75d0e82 
+  pageHeight 2 mul add			% y += 1 line
75d0e82 
+  2 copy				% Copy X & Y
75d0e82 
+  moveto
75d0e82 
+  (Title: ) RIGHT
75d0e82 
+  moveto
75d0e82 
+  ({job-name}) show
75d0e82 
+
75d0e82 
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
75d0e82 
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
75d0e82 
+  pageHeight -1 mul add			% y -= 1 line
75d0e82 
+  2 copy				% Copy X & Y
75d0e82 
+  moveto
75d0e82 
+  (Requesting User: ) RIGHT
75d0e82 
+  moveto
75d0e82 
+  ({job-originating-user-name}) show
75d0e82 
+
75d0e82 
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
75d0e82 
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
75d0e82 
+  pageHeight -4 mul add			% y -= 2 lines
75d0e82 
+  2 copy				% Copy X & Y
75d0e82 
+  moveto
75d0e82 
+  (Billing Info: ) RIGHT
75d0e82 
+  moveto
75d0e82 
+  ({?job-billing}) show
75d0e82 
+
75d0e82 
+  % Then the CUPS logo....
75d0e82 
+  gsave
75d0e82 
+    pageWidth 4 mul
75d0e82 
+    pageWidth 6 mul
75d0e82 
+    translate
75d0e82 
+    pageWidth 9 mul CUPSLOGO
75d0e82 
+  grestore
75d0e82 
+
75d0e82 
+  % And the ESP logo....
75d0e82 
+  gsave
75d0e82 
+    pageWidth 59 mul
75d0e82 
+    pageWidth 6 mul
75d0e82 
+    translate
75d0e82 
+    pageWidth 6 mul ESPLOGO
75d0e82 
+  grestore
75d0e82 
+% Show the page...
75d0e82 
+grestore
75d0e82 
+showpage
75d0e82 
+%
75d0e82 
+% End of "$Id: mls_template,v 1.1 2005/06/27 18:44:46 colmo Exp $".
75d0e82 
+%
75d0e82 
+%%EOF
ee6b344 
--- cups-1.2.8/data/selinux	2007-03-02 14:06:43.000000000 +0000
ee6b344 
+++ cups-1.2.4-secheck/data/selinux	2007-03-07 10:33:09.000000000 -0500
ee6b344 
@@ -0,0 +1,261 @@
75d0e82 
+%!PS-Adobe-3.0
75d0e82 
+%%BoundingBox: 0 0 612 792
75d0e82 
+%%Pages: 1
75d0e82 
+%%LanguageLevel: 1
75d0e82 
+%%DocumentData: Clean7Bit
75d0e82 
+%%DocumentSuppliedResources: procset bannerprint/1.0
75d0e82 
+%%DocumentNeededResources: font Helvetica Helvetica-Bold Times-Roman
75d0e82 
+%%Creator: Michael Sweet, Easy Software Products
75d0e82 
+%%CreationDate: May 10, 2000
75d0e82 
+%%Title: Test Page
75d0e82 
+%%EndComments
75d0e82 
+%%BeginProlog
75d0e82 
+%%BeginResource procset bannerprint 1.1 0
75d0e82 
+%
75d0e82 
+%   PostScript banner page for the Common UNIX Printing System ("CUPS").
75d0e82 
+%
75d0e82 
+%   Copyright 1993-2005 by Easy Software Products
75d0e82 
+%
75d0e82 
+%   These coded instructions, statements, and computer programs are the
75d0e82 
+%   property of Easy Software Products and are protected by Federal
75d0e82 
+%   copyright law.  Distribution and use rights are outlined in the file
75d0e82 
+%   "LICENSE.txt" which should have been included with this file.  If this
75d0e82 
+%   file is missing or damaged please contact Easy Software Products
75d0e82 
+%   at:
75d0e82 
+%
75d0e82 
+%       Attn: CUPS Licensing Information
75d0e82 
+%       Easy Software Products
75d0e82 
+%       44141 Airport View Drive, Suite 204
75d0e82 
+%       Hollywood, Maryland 20636 USA
75d0e82 
+%
75d0e82 
+%       Voice: (301) 373-9600
75d0e82 
+%       EMail: cups-info@cups.org
75d0e82 
+%         WWW: http://www.cups.org
75d0e82 
+%
75d0e82 
+/CENTER {			% Draw centered text
75d0e82 
+				% (name) CENTER -
75d0e82 
+  dup stringwidth pop		% Get the width of the string
75d0e82 
+  0.5 mul neg 0 rmoveto		% Shift left 1/2 of the distance
75d0e82 
+  show				% Show the string
75d0e82 
+} bind def
75d0e82 
+/RIGHT {			% Draw right-justified text
75d0e82 
+				% (name) RIGHT -
75d0e82 
+  dup stringwidth pop		% Get the width of the string
75d0e82 
+  neg 0 rmoveto			% Shift left the entire distance
75d0e82 
+  show				% Show the string
75d0e82 
+} bind def
75d0e82 
+/NUMBER {			% Draw a number
75d0e82 
+				% power n NUMBER -
75d0e82 
+  1 index 1 eq {		% power == 1?
75d0e82 
+    round cvi exch pop		% Convert "n" to integer
75d0e82 
+  } {
75d0e82 
+    1 index mul round exch div	% Truncate extra decimal places
75d0e82 
+  } ifelse
75d0e82 
+  100 string cvs show		% Convert to a string and show it...
75d0e82 
+} bind def
75d0e82 
+/CUPSLOGO {			% Draw the CUPS logo
75d0e82 
+				% height CUPSLOGO
75d0e82 
+  % Start with a big C...
75d0e82 
+  /Helvetica findfont 1 index scalefont setfont
75d0e82 
+  0 setgray
75d0e82 
+  0 0 moveto
75d0e82 
+  (C) show
75d0e82 
+
75d0e82 
+  % Then "UNIX Printing System" much smaller...
75d0e82 
+  /Helvetica-Bold findfont 1 index 9 div scalefont setfont
75d0e82 
+  0.25 mul
75d0e82 
+  dup dup 2.0 mul moveto
75d0e82 
+  (UNIX) show
75d0e82 
+  dup dup 1.6 mul moveto
75d0e82 
+  (Printing) show
75d0e82 
+  dup 1.2 mul moveto
75d0e82 
+  (System) show
75d0e82 
+} bind def
75d0e82 
+/ESPLOGO {			% Draw the ESP logo
75d0e82 
+				% height ESPLOGO
75d0e82 
+  % Compute the size of the logo...
75d0e82 
+  0 0
75d0e82 
+  2 index 1.5 mul 3 index
75d0e82 
+
75d0e82 
+  % Do the "metallic" fill from 10% black to 40% black...
75d0e82 
+  1 -0.001 0 {
75d0e82 
+    dup			% loopval
75d0e82 
+    -0.15 mul		% loopval * -0.15
75d0e82 
+    0.9 add		% 0.9 - loopval * 0.15
75d0e82 
+    setgray		% set gray shade
75d0e82 
+
75d0e82 
+    0			% x
75d0e82 
+    1 index neg		% loopval
75d0e82 
+    1 add		% 1 - loopval
75d0e82 
+    3 index		% height
75d0e82 
+    mul			% height * (1 - loopval)
75d0e82 
+    moveto		% starting point
75d0e82 
+
75d0e82 
+    dup			% loopval
75d0e82 
+    3 index		% width
75d0e82 
+    mul			% loopval * width
75d0e82 
+    2 index		% height
75d0e82 
+    lineto		% Next point
75d0e82 
+
75d0e82 
+    0			% x
75d0e82 
+    2 index		% height
75d0e82 
+    lineto		% Next point
75d0e82 
+
75d0e82 
+    closepath
75d0e82 
+    fill
75d0e82 
+
75d0e82 
+    dup			% loopval
75d0e82 
+    0.15 mul		% loopval * 0.15
75d0e82 
+    0.6 add		% 0.6 + loopval * 0.15
75d0e82 
+    setgray
75d0e82 
+
75d0e82 
+    dup			% loopval
75d0e82 
+    neg 1 add		% 1 - loopval
75d0e82 
+    3 index		% width
75d0e82 
+    mul			% (1 - loopval) * width
75d0e82 
+    0			% y
75d0e82 
+    moveto		% Starting point
75d0e82 
+
75d0e82 
+    2 index		% width
75d0e82 
+    exch		% loopval
75d0e82 
+    2 index		% height
75d0e82 
+    mul			% loopval * height
75d0e82 
+    lineto		% Next point
75d0e82 
+
75d0e82 
+    1 index		% width
75d0e82 
+    0			% y
75d0e82 
+    lineto		% Next point
75d0e82 
+
75d0e82 
+    closepath
75d0e82 
+    fill
75d0e82 
+  } for
75d0e82 
+
75d0e82 
+  0 setgray rectstroke
75d0e82 
+
75d0e82 
+  /Helvetica-BoldOblique findfont 1 index 3 div scalefont setfont
75d0e82 
+  dup 40 div
75d0e82 
+
75d0e82 
+  dup 4 mul 1 index 25 mul moveto (E) show
75d0e82 
+  dup 10 mul 1 index 15 mul moveto (S) show
75d0e82 
+  dup 16 mul 1 index 5 mul moveto (P) show
75d0e82 
+
75d0e82 
+  /Helvetica-BoldOblique findfont 2 index 5 div scalefont setfont
75d0e82 
+  dup 14 mul 1 index 29 mul moveto (asy) show
75d0e82 
+  dup 20 mul 1 index 19 mul moveto (oftware) show
75d0e82 
+  dup 26 mul 1 index 9 mul moveto (roducts) show
75d0e82 
+
75d0e82 
+  pop
75d0e82 
+} bind def
75d0e82 
+%%EndResource
75d0e82 
+%%EndProlog
75d0e82 
+%%Page: 1 1
75d0e82 
+gsave
75d0e82 
+
75d0e82 
+  % Determine the imageable area and device resolution...
75d0e82 
+  initclip newpath clippath pathbbox	% Get bounding rectangle
75d0e82 
+  72 div /pageTop exch def		% Get top margin in inches
75d0e82 
+  72 div /pageRight exch def		% Get right margin in inches
75d0e82 
+  72 div /pageBottom exch def		% Get bottom margin in inches
75d0e82 
+  72 div /pageLeft exch def		% Get left margin in inches
75d0e82 
+
75d0e82 
+  /pageWidth pageRight pageLeft sub def	% pageWidth = pageRight - pageLeft
75d0e82 
+  /pageHeight pageTop pageBottom sub def% pageHeight = pageTop - pageBottom
75d0e82 
+
75d0e82 
+  /boxWidth				% width of text box
75d0e82 
+  pageWidth pageHeight lt
75d0e82 
+  { pageWidth 54 mul }
75d0e82 
+  { pageHeight 42 mul }
75d0e82 
+  ifelse def
75d0e82 
+
75d0e82 
+  newpath				% Clear bounding path
75d0e82 
+
75d0e82 
+  % Create fonts...
75d0e82 
+  /bigFont /Helvetica-Bold findfont	% bigFont = Helvetica-Bold
75d0e82 
+  pageHeight 3 mul scalefont def	% size = pageHeight * 3 (nominally 33)
75d0e82 
+
75d0e82 
+  /mediumFont /Helvetica findfont	% mediumFont = Helvetica
75d0e82 
+  pageHeight 1.5 mul scalefont def	% size = pageHeight * 1.5 (nominally 16.5)
75d0e82 
+
75d0e82 
+  % Offset page to account for lower-left margin...
75d0e82 
+  pageLeft 72 mul
75d0e82 
+  pageBottom 72 mul
75d0e82 
+  translate
75d0e82 
+
75d0e82 
+  % Job information box...
75d0e82 
+  pageWidth 36 mul 9 add		% x = pageWidth * 1/2 * 72 + 9
75d0e82 
+  boxWidth 0.5 mul sub			% x-= 1/2 box width
75d0e82 
+  pageHeight 30 mul 9 sub		% y = pageHeight * 1/2 * 72 - 9
75d0e82 
+  boxWidth				% w = box width
75d0e82 
+  pageHeight 14 mul			% h = pageHeight * 1/2 * 72
75d0e82 
+  0.5 setgray rectfill			% Draw a shadow
75d0e82 
+
75d0e82 
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
75d0e82 
+  boxWidth 0.5 mul sub			% x-= 1/2 box width
75d0e82 
+  pageHeight 30 mul			% y = pageHeight * 1/4 * 72
75d0e82 
+  boxWidth				% w = box width
75d0e82 
+  pageHeight 14 mul			% h = pageHeight * 1/2 * 72
75d0e82 
+
75d0e82 
+  4 copy 1 setgray rectfill		% Clear the box to white
75d0e82 
+  0 setgray rectstroke			% Draw a black box around it...
75d0e82 
+
75d0e82 
+  % Job information text...
75d0e82 
+  mediumFont setfont			% Medium sized font
75d0e82 
+
75d0e82 
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
75d0e82 
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
75d0e82 
+  pageHeight 5 mul add			% y += 2 lines
75d0e82 
+  2 copy				% Copy X & Y
75d0e82 
+  moveto
75d0e82 
+  (Job ID: ) RIGHT
75d0e82 
+  moveto
75d0e82 
+  ({printer-name}-{job-id}) show
75d0e82 
+
75d0e82 
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
75d0e82 
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
75d0e82 
+  pageHeight 2 mul add			% y += 1 line
75d0e82 
+  2 copy				% Copy X & Y
75d0e82 
+  moveto
75d0e82 
+  (Title: ) RIGHT
75d0e82 
+  moveto
75d0e82 
+  ({job-name}) show
75d0e82 
+
75d0e82 
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
75d0e82 
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
75d0e82 
+  pageHeight -1 mul add			% y -= 1 line
75d0e82 
+  2 copy				% Copy X & Y
75d0e82 
+  moveto
75d0e82 
+  (Requesting User: ) RIGHT
75d0e82 
+  moveto
75d0e82 
+  ({job-originating-user-name}) show
75d0e82 
+
75d0e82 
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
75d0e82 
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
75d0e82 
+  pageHeight -4 mul add			% y -= 2 lines
75d0e82 
+  2 copy				% Copy X & Y
75d0e82 
+  moveto
75d0e82 
+  (Billing Info: ) RIGHT
75d0e82 
+  moveto
75d0e82 
+  ({?job-billing}) show
75d0e82 
+
75d0e82 
+  % Then the CUPS logo....
75d0e82 
+  gsave
75d0e82 
+    pageWidth 4 mul
75d0e82 
+    pageWidth 6 mul
75d0e82 
+    translate
75d0e82 
+    pageWidth 9 mul CUPSLOGO
75d0e82 
+  grestore
75d0e82 
+
75d0e82 
+  % And the ESP logo....
75d0e82 
+  gsave
75d0e82 
+    pageWidth 59 mul
75d0e82 
+    pageWidth 6 mul
75d0e82 
+    translate
75d0e82 
+    pageWidth 6 mul ESPLOGO
75d0e82 
+  grestore
75d0e82 
+% Show the page...
75d0e82 
+grestore
75d0e82 
+showpage
75d0e82 
+%
75d0e82 
+% End of "$Id: mls_template,v 1.1 2005/06/27 18:44:46 colmo Exp $".
75d0e82 
+%
75d0e82 
+%%EOF
f4b6623 
--- cups-1.2.8/data/Makefile.lspp	2006-03-19 03:23:34.000000000 +0000
f4b6623 
+++ cups-1.2.8/data/Makefile	2007-03-02 14:06:43.000000000 +0000
f4b6623 
@@ -34,7 +34,10 @@
f4b6623 
 		secret \
f4b6623 
 		standard \
f4b6623 
 		topsecret \
f4b6623 
-		unclassified
f4b6623 
+		unclassified \
f4b6623 
+		selinux \
f4b6623 
+		mls \
f4b6623 
+		te
f4b6623
f4b6623 
 CHARMAPS =	\
f4b6623 
 		euc-cn.txt \
ee6b344 
--- cups-1.2.8/data/te	2007-03-02 14:06:43.000000000 +0000
ee6b344 
+++ cups-1.2.4-secheck/data/te	2007-03-07 10:33:09.000000000 -0500
ee6b344 
@@ -0,0 +1,261 @@
75d0e82 
+%!PS-Adobe-3.0
75d0e82 
+%%BoundingBox: 0 0 612 792
75d0e82 
+%%Pages: 1
75d0e82 
+%%LanguageLevel: 1
75d0e82 
+%%DocumentData: Clean7Bit
75d0e82 
+%%DocumentSuppliedResources: procset bannerprint/1.0
75d0e82 
+%%DocumentNeededResources: font Helvetica Helvetica-Bold Times-Roman
75d0e82 
+%%Creator: Michael Sweet, Easy Software Products
75d0e82 
+%%CreationDate: May 10, 2000
75d0e82 
+%%Title: Test Page
75d0e82 
+%%EndComments
75d0e82 
+%%BeginProlog
75d0e82 
+%%BeginResource procset bannerprint 1.1 0
75d0e82 
+%
75d0e82 
+%   PostScript banner page for the Common UNIX Printing System ("CUPS").
75d0e82 
+%
75d0e82 
+%   Copyright 1993-2005 by Easy Software Products
75d0e82 
+%
75d0e82 
+%   These coded instructions, statements, and computer programs are the
75d0e82 
+%   property of Easy Software Products and are protected by Federal
75d0e82 
+%   copyright law.  Distribution and use rights are outlined in the file
75d0e82 
+%   "LICENSE.txt" which should have been included with this file.  If this
75d0e82 
+%   file is missing or damaged please contact Easy Software Products
75d0e82 
+%   at:
75d0e82 
+%
75d0e82 
+%       Attn: CUPS Licensing Information
75d0e82 
+%       Easy Software Products
75d0e82 
+%       44141 Airport View Drive, Suite 204
75d0e82 
+%       Hollywood, Maryland 20636 USA
75d0e82 
+%
75d0e82 
+%       Voice: (301) 373-9600
75d0e82 
+%       EMail: cups-info@cups.org
75d0e82 
+%         WWW: http://www.cups.org
75d0e82 
+%
75d0e82 
+/CENTER {			% Draw centered text
75d0e82 
+				% (name) CENTER -
75d0e82 
+  dup stringwidth pop		% Get the width of the string
75d0e82 
+  0.5 mul neg 0 rmoveto		% Shift left 1/2 of the distance
75d0e82 
+  show				% Show the string
75d0e82 
+} bind def
75d0e82 
+/RIGHT {			% Draw right-justified text
75d0e82 
+				% (name) RIGHT -
75d0e82 
+  dup stringwidth pop		% Get the width of the string
75d0e82 
+  neg 0 rmoveto			% Shift left the entire distance
75d0e82 
+  show				% Show the string
75d0e82 
+} bind def
75d0e82 
+/NUMBER {			% Draw a number
75d0e82 
+				% power n NUMBER -
75d0e82 
+  1 index 1 eq {		% power == 1?
75d0e82 
+    round cvi exch pop		% Convert "n" to integer
75d0e82 
+  } {
75d0e82 
+    1 index mul round exch div	% Truncate extra decimal places
75d0e82 
+  } ifelse
75d0e82 
+  100 string cvs show		% Convert to a string and show it...
75d0e82 
+} bind def
75d0e82 
+/CUPSLOGO {			% Draw the CUPS logo
75d0e82 
+				% height CUPSLOGO
75d0e82 
+  % Start with a big C...
75d0e82 
+  /Helvetica findfont 1 index scalefont setfont
75d0e82 
+  0 setgray
75d0e82 
+  0 0 moveto
75d0e82 
+  (C) show
75d0e82 
+
75d0e82 
+  % Then "UNIX Printing System" much smaller...
75d0e82 
+  /Helvetica-Bold findfont 1 index 9 div scalefont setfont
75d0e82 
+  0.25 mul
75d0e82 
+  dup dup 2.0 mul moveto
75d0e82 
+  (UNIX) show
75d0e82 
+  dup dup 1.6 mul moveto
75d0e82 
+  (Printing) show
75d0e82 
+  dup 1.2 mul moveto
75d0e82 
+  (System) show
75d0e82 
+} bind def
75d0e82 
+/ESPLOGO {			% Draw the ESP logo
75d0e82 
+				% height ESPLOGO
75d0e82 
+  % Compute the size of the logo...
75d0e82 
+  0 0
75d0e82 
+  2 index 1.5 mul 3 index
75d0e82 
+
75d0e82 
+  % Do the "metallic" fill from 10% black to 40% black...
75d0e82 
+  1 -0.001 0 {
75d0e82 
+    dup			% loopval
75d0e82 
+    -0.15 mul		% loopval * -0.15
75d0e82 
+    0.9 add		% 0.9 - loopval * 0.15
75d0e82 
+    setgray		% set gray shade
75d0e82 
+
75d0e82 
+    0			% x
75d0e82 
+    1 index neg		% loopval
75d0e82 
+    1 add		% 1 - loopval
75d0e82 
+    3 index		% height
75d0e82 
+    mul			% height * (1 - loopval)
75d0e82 
+    moveto		% starting point
75d0e82 
+
75d0e82 
+    dup			% loopval
75d0e82 
+    3 index		% width
75d0e82 
+    mul			% loopval * width
75d0e82 
+    2 index		% height
75d0e82 
+    lineto		% Next point
75d0e82 
+
75d0e82 
+    0			% x
75d0e82 
+    2 index		% height
75d0e82 
+    lineto		% Next point
75d0e82 
+
75d0e82 
+    closepath
75d0e82 
+    fill
75d0e82 
+
75d0e82 
+    dup			% loopval
75d0e82 
+    0.15 mul		% loopval * 0.15
75d0e82 
+    0.6 add		% 0.6 + loopval * 0.15
75d0e82 
+    setgray
75d0e82 
+
75d0e82 
+    dup			% loopval
75d0e82 
+    neg 1 add		% 1 - loopval
75d0e82 
+    3 index		% width
75d0e82 
+    mul			% (1 - loopval) * width
75d0e82 
+    0			% y
75d0e82 
+    moveto		% Starting point
75d0e82 
+
75d0e82 
+    2 index		% width
75d0e82 
+    exch		% loopval
75d0e82 
+    2 index		% height
75d0e82 
+    mul			% loopval * height
75d0e82 
+    lineto		% Next point
75d0e82 
+
75d0e82 
+    1 index		% width
75d0e82 
+    0			% y
75d0e82 
+    lineto		% Next point
75d0e82 
+
75d0e82 
+    closepath
75d0e82 
+    fill
75d0e82 
+  } for
75d0e82 
+
75d0e82 
+  0 setgray rectstroke
75d0e82 
+
75d0e82 
+  /Helvetica-BoldOblique findfont 1 index 3 div scalefont setfont
75d0e82 
+  dup 40 div
75d0e82 
+
75d0e82 
+  dup 4 mul 1 index 25 mul moveto (E) show
75d0e82 
+  dup 10 mul 1 index 15 mul moveto (S) show
75d0e82 
+  dup 16 mul 1 index 5 mul moveto (P) show
75d0e82 
+
75d0e82 
+  /Helvetica-BoldOblique findfont 2 index 5 div scalefont setfont
75d0e82 
+  dup 14 mul 1 index 29 mul moveto (asy) show
75d0e82 
+  dup 20 mul 1 index 19 mul moveto (oftware) show
75d0e82 
+  dup 26 mul 1 index 9 mul moveto (roducts) show
75d0e82 
+
75d0e82 
+  pop
75d0e82 
+} bind def
75d0e82 
+%%EndResource
75d0e82 
+%%EndProlog
75d0e82 
+%%Page: 1 1
75d0e82 
+gsave
75d0e82 
+
75d0e82 
+  % Determine the imageable area and device resolution...
75d0e82 
+  initclip newpath clippath pathbbox	% Get bounding rectangle
75d0e82 
+  72 div /pageTop exch def		% Get top margin in inches
75d0e82 
+  72 div /pageRight exch def		% Get right margin in inches
75d0e82 
+  72 div /pageBottom exch def		% Get bottom margin in inches
75d0e82 
+  72 div /pageLeft exch def		% Get left margin in inches
75d0e82 
+
75d0e82 
+  /pageWidth pageRight pageLeft sub def	% pageWidth = pageRight - pageLeft
75d0e82 
+  /pageHeight pageTop pageBottom sub def% pageHeight = pageTop - pageBottom
75d0e82 
+
75d0e82 
+  /boxWidth				% width of text box
75d0e82 
+  pageWidth pageHeight lt
75d0e82 
+  { pageWidth 54 mul }
75d0e82 
+  { pageHeight 42 mul }
75d0e82 
+  ifelse def
75d0e82 
+
75d0e82 
+  newpath				% Clear bounding path
75d0e82 
+
75d0e82 
+  % Create fonts...
75d0e82 
+  /bigFont /Helvetica-Bold findfont	% bigFont = Helvetica-Bold
75d0e82 
+  pageHeight 3 mul scalefont def	% size = pageHeight * 3 (nominally 33)
75d0e82 
+
75d0e82 
+  /mediumFont /Helvetica findfont	% mediumFont = Helvetica
75d0e82 
+  pageHeight 1.5 mul scalefont def	% size = pageHeight * 1.5 (nominally 16.5)
75d0e82 
+
75d0e82 
+  % Offset page to account for lower-left margin...
75d0e82 
+  pageLeft 72 mul
75d0e82 
+  pageBottom 72 mul
75d0e82 
+  translate
75d0e82 
+
75d0e82 
+  % Job information box...
75d0e82 
+  pageWidth 36 mul 9 add		% x = pageWidth * 1/2 * 72 + 9
75d0e82 
+  boxWidth 0.5 mul sub			% x-= 1/2 box width
75d0e82 
+  pageHeight 30 mul 9 sub		% y = pageHeight * 1/2 * 72 - 9
75d0e82 
+  boxWidth				% w = box width
75d0e82 
+  pageHeight 14 mul			% h = pageHeight * 1/2 * 72
75d0e82 
+  0.5 setgray rectfill			% Draw a shadow
75d0e82 
+
75d0e82 
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
75d0e82 
+  boxWidth 0.5 mul sub			% x-= 1/2 box width
75d0e82 
+  pageHeight 30 mul			% y = pageHeight * 1/4 * 72
75d0e82 
+  boxWidth				% w = box width
75d0e82 
+  pageHeight 14 mul			% h = pageHeight * 1/2 * 72
75d0e82 
+
75d0e82 
+  4 copy 1 setgray rectfill		% Clear the box to white
75d0e82 
+  0 setgray rectstroke			% Draw a black box around it...
75d0e82 
+
75d0e82 
+  % Job information text...
75d0e82 
+  mediumFont setfont			% Medium sized font
75d0e82 
+
75d0e82 
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
75d0e82 
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
75d0e82 
+  pageHeight 5 mul add			% y += 2 lines
75d0e82 
+  2 copy				% Copy X & Y
75d0e82 
+  moveto
75d0e82 
+  (Job ID: ) RIGHT
75d0e82 
+  moveto
75d0e82 
+  ({printer-name}-{job-id}) show
75d0e82 
+
75d0e82 
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
75d0e82 
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
75d0e82 
+  pageHeight 2 mul add			% y += 1 line
75d0e82 
+  2 copy				% Copy X & Y
75d0e82 
+  moveto
75d0e82 
+  (Title: ) RIGHT
75d0e82 
+  moveto
75d0e82 
+  ({job-name}) show
75d0e82 
+
75d0e82 
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
75d0e82 
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
75d0e82 
+  pageHeight -1 mul add			% y -= 1 line
75d0e82 
+  2 copy				% Copy X & Y
75d0e82 
+  moveto
75d0e82 
+  (Requesting User: ) RIGHT
75d0e82 
+  moveto
75d0e82 
+  ({job-originating-user-name}) show
75d0e82 
+
75d0e82 
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
75d0e82 
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
75d0e82 
+  pageHeight -4 mul add			% y -= 2 lines
75d0e82 
+  2 copy				% Copy X & Y
75d0e82 
+  moveto
75d0e82 
+  (Billing Info: ) RIGHT
75d0e82 
+  moveto
75d0e82 
+  ({?job-billing}) show
75d0e82 
+
75d0e82 
+  % Then the CUPS logo....
75d0e82 
+  gsave
75d0e82 
+    pageWidth 4 mul
75d0e82 
+    pageWidth 6 mul
75d0e82 
+    translate
75d0e82 
+    pageWidth 9 mul CUPSLOGO
75d0e82 
+  grestore
75d0e82 
+
75d0e82 
+  % And the ESP logo....
75d0e82 
+  gsave
75d0e82 
+    pageWidth 59 mul
75d0e82 
+    pageWidth 6 mul
75d0e82 
+    translate
75d0e82 
+    pageWidth 6 mul ESPLOGO
75d0e82 
+  grestore
75d0e82 
+% Show the page...
75d0e82 
+grestore
75d0e82 
+showpage
75d0e82 
+%
75d0e82 
+% End of "$Id: mls_template,v 1.1 2005/06/27 18:44:46 colmo Exp $".
75d0e82 
+%
75d0e82 
+%%EOF
f4b6623 
--- cups-1.2.8/config.h.in.lspp	2007-02-06 16:04:25.000000000 +0000
f4b6623 
+++ cups-1.2.8/config.h.in	2007-03-02 14:06:43.000000000 +0000
f4b6623 
@@ -468,6 +468,13 @@
d042370 
 #undef HAVE_APPLETALK_AT_PROTO_H
d042370
d042370
d042370 
+/*
d042370 
+ * Are we trying to meet LSPP requirements?
d042370 
+ */
d042370 
+
d042370 
+#undef WITH_LSPP
d042370 
+
d042370 
+
d042370 
 #endif /* !_CUPS_CONFIG_H_ */
d042370
d042370 
 /*
f4b6623 
--- cups-1.2.8/configure.in.lspp	2006-12-06 20:10:16.000000000 +0000
f4b6623 
+++ cups-1.2.8/configure.in	2007-03-02 14:06:43.000000000 +0000
f4b6623 
@@ -48,6 +48,8 @@
f4b6623 
 sinclude(config-scripts/cups-pdf.m4)
f4b6623 
 sinclude(config-scripts/cups-scripting.m4)
f4b6623
f4b6623 
+sinclude(config-scripts/cups-lspp.m4)
f4b6623 
+
f4b6623 
 INSTALL_LANGUAGES=""
f4b6623 
 UNINSTALL_LANGUAGES=""
f4b6623 
 LANGFILES=""
f4b6623 
--- cups-1.2.8/cups/cups.h.lspp	2007-01-10 16:23:06.000000000 +0000
f4b6623 
+++ cups-1.2.8/cups/cups.h	2007-03-02 14:06:43.000000000 +0000
f4b6623 
@@ -24,6 +24,9 @@
f4b6623 
  *   This file is subject to the Apple OS-Developed Software exception.
75d0e82 
  */
75d0e82
f4b6623 
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
75d0e82 
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
75d0e82 
+
f4b6623 
 #ifndef _CUPS_CUPS_H_
f4b6623 
 #  define _CUPS_CUPS_H_
f4b6623
f4b6623 
@@ -75,6 +78,12 @@
f4b6623 
 #  define CUPS_DATE_ANY		-1
f4b6623
f4b6623
f4b6623 
+# ifdef WITH_LSPP
f4b6623 
+# define MLS_CONFIG "mls"
f4b6623 
+# define TE_CONFIG "te"
f4b6623 
+# define SELINUX_CONFIG "SELinux"
f4b6623 
+# define UNKNOWN_SL "UNKNOWN SL"
f4b6623 
+# endif /* WITH_LSPP */
75d0e82 
 /*
f4b6623 
  * Types and structures...
f4b6623 
  */
f4b6623 
--- cups-1.2.8/scheduler/client.h.lspp	2007-01-22 22:04:43.000000000 +0000
f4b6623 
+++ cups-1.2.8/scheduler/client.h	2007-03-02 14:06:43.000000000 +0000
f4b6623 
@@ -22,6 +22,13 @@
f4b6623 
  *         WWW: http://www.cups.org
75d0e82 
  */
75d0e82
f4b6623 
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
f4b6623 
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
f4b6623 
+
75d0e82 
+#ifdef WITH_LSPP
f4b6623 
+#include <selinux/selinux.h>
75d0e82 
+#endif /* WITH_LSPP */
f4b6623 
+
75d0e82 
 /*
f4b6623 
  * HTTP client structure...
f4b6623 
  */
f4b6623 
@@ -56,6 +63,10 @@
f4b6623 
   http_addr_t		clientaddr;	/* Client address */
f4b6623 
   char			servername[256];/* Server name for connection */
f4b6623 
   int			serverport;	/* Server port for connection */
d042370 
+#ifdef WITH_LSPP
f4b6623 
+  security_context_t	scon;		/* Security context of connection */
f4b6623 
+  uid_t			auid;		/* Audit loginuid of the client */
d042370 
+#endif /* WITH_LSPP */
f4b6623 
 };
d042370
f4b6623 
 #define HTTP(con) &((con)->http)
f4b6623 
@@ -120,6 +131,9 @@
f4b6623 
 extern void	cupsdStopListening(void);
f4b6623 
 extern void	cupsdUpdateCGI(void);
f4b6623 
 extern int	cupsdWriteClient(cupsd_client_t *con);
75d0e82 
+#ifdef WITH_LSPP
f4b6623 
+extern uid_t	client_pid_to_auid(pid_t clipid);
75d0e82 
+#endif /* WITH_LSPP */
d042370
d042370
d042370 
 /*
ee6b344 
--- cups-1.2.8/scheduler/conf.c	2007-03-02 14:06:43.000000000 +0000
ee6b344 
+++ cups-1.2.4-secheck/scheduler/conf.c	2007-03-07 11:22:58.000000000 -0500
f4b6623 
@@ -35,6 +35,7 @@
f4b6623 
  *   read_configuration()     - Read a configuration file.
f4b6623 
  *   read_location()          - Read a <Location path> definition.
f4b6623 
  *   read_policy()            - Read a <Policy name> definition.
f4b6623 
+ *   is_lspp_config()         - Is the system configured for LSPP
d042370 
  */
f4b6623
f4b6623 
 /*
f4b6623 
@@ -60,6 +61,9 @@
f4b6623 
 #  define INADDR_NONE	0xffffffff
f4b6623 
 #endif /* !INADDR_NONE */
d042370
22cc213 
+#ifdef WITH_LSPP
f4b6623 
+#  include <libaudit.h>
22cc213 
+#endif /* WITH_LSPP */
75d0e82
d042370 
 /*
f4b6623 
  * Configuration variable structure...
ee6b344 
@@ -161,6 +165,10 @@
f4b6623 
   { "ServerKey",		&ServerKey,		CUPSD_VARTYPE_STRING },
f4b6623 
 #  endif /* HAVE_LIBSSL || HAVE_GNUTLS */
f4b6623 
 #endif /* HAVE_SSL */
22cc213 
+#ifdef WITH_LSPP
f4b6623 
+  { "AuditLog",			&AuditLog,		CUPSD_VARTYPE_INTEGER },
ee6b344 
+  { "PerPageLabels",		&PerPageLabels,		CUPSD_VARTYPE_BOOLEAN },
d042370 
+#endif /* WITH_LSPP */
f4b6623 
 #ifdef HAVE_LAUNCHD
f4b6623 
   { "LaunchdTimeout",		&LaunchdTimeout,	CUPSD_VARTYPE_INTEGER },
f4b6623 
   { "LaunchdConf",		&LaunchdConf,		CUPSD_VARTYPE_STRING },
ee6b344 
@@ -223,6 +231,9 @@
f4b6623 
 		*old_requestroot;	/* Old RequestRoot */
f4b6623 
   const char	*tmpdir;		/* TMPDIR environment variable */
f4b6623 
   struct stat	tmpinfo;		/* Temporary directory info */
d042370 
+#ifdef WITH_LSPP
f4b6623 
+  char		*audit_message;		/* Audit message string */
22cc213 
+#endif /* WITH_LSPP */
22cc213
75d0e82
f4b6623 
  /*
ee6b344 
@@ -470,6 +481,25 @@
f4b6623
f4b6623 
   RunUser = getuid();
75d0e82
75d0e82 
+#ifdef WITH_LSPP
ee6b344 
+  if (AuditLog != -1)
ee6b344 
+  {
ee6b344 
+   /*
ee6b344 
+    * ClassifyOverride is set during read_configuration, if its ON, report it now
ee6b344 
+    */
ee6b344 
+    if (ClassifyOverride)
ee6b344 
+      audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG,
ee6b344 
+                "[Config] ClassifyOverride=enabled Users can override print banners",
ee6b344 
+                ServerName, NULL, NULL, 1);
ee6b344 
+   /*
ee6b344 
+    * PerPageLabel is set during read_configuration, if its OFF, report it now
ee6b344 
+    */
ee6b344 
+    if (!PerPageLabels)
ee6b344 
+      audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG,
ee6b344 
+                "[Config] PerPageLabels=disabled", ServerName, NULL, NULL, 1);
ee6b344 
+  }
f4b6623 
+#endif /* WITH_LSPP */
f4b6623 
+
f4b6623 
  /*
f4b6623 
   * See if the ServerName is an IP address...
f4b6623 
   */
ee6b344 
@@ -777,11 +807,23 @@
f4b6623 
   if (MaxActiveJobs > (MaxFDs / 3))
f4b6623 
     MaxActiveJobs = MaxFDs / 3;
f4b6623
f4b6623 
-  if (Classification && !strcasecmp(Classification, "none"))
f4b6623 
+  if (Classification && strcasecmp(Classification, "none") == 0)
f4b6623 
     cupsdClearString(&Classification);
f4b6623
f4b6623 
   if (Classification)
f4b6623 
+  {
f4b6623 
     cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
f4b6623 
+#ifdef WITH_LSPP
f4b6623 
+    if (AuditLog != -1)
d042370 
+    {
f4b6623 
+      audit_message = NULL;
f4b6623 
+      cupsdSetStringf(&audit_message, "[Config] Classification=%s", Classification);
f4b6623 
+      audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message,
f4b6623 
+                             ServerName, NULL, NULL, 1);
f4b6623 
+      free(audit_message);
d042370 
+    }
f4b6623 
+#endif /* WITH_LSPP */
f4b6623 
+  }
f4b6623
f4b6623 
  /*
f4b6623 
   * Update the MaxClientsPerHost value, as needed...
ee6b344 
@@ -3295,6 +3337,18 @@
f4b6623 
   return (0);
f4b6623 
 }
f4b6623
f4b6623 
+#ifdef WITH_LSPP
f4b6623 
+int is_lspp_config()
f4b6623 
+{
f4b6623 
+  if (Classification != NULL)
f4b6623 
+    return ((strcasecmp(Classification, MLS_CONFIG) == 0)
f4b6623 
+            || (strcasecmp(Classification, TE_CONFIG) == 0)
f4b6623 
+            || (strcasecmp(Classification, SELINUX_CONFIG) == 0));
f4b6623 
+  else
f4b6623 
+    return 0;
f4b6623 
+}
f4b6623 
+#endif /* WITH_LSPP */
f4b6623 
+
f4b6623
f4b6623 
 /*
f4b6623 
  * End of "$Id: conf.c 6205 2007-01-22 22:04:43Z mike $".
f4b6623 
--- cups-1.2.8/scheduler/client.c.lspp	2007-02-07 20:54:37.000000000 +0000
f4b6623 
+++ cups-1.2.8/scheduler/client.c	2007-03-02 14:06:43.000000000 +0000
f4b6623 
@@ -44,12 +44,17 @@
f4b6623 
  *   make_certificate()      - Make a self-signed SSL/TLS certificate.
f4b6623 
  *   pipe_command()          - Pipe the output of a command to the remote client.
f4b6623 
  *   write_file()            - Send a file via HTTP.
f4b6623 
+ *   client_pid_to_auid()    - Get the audit login uid of the client.
f4b6623 
  */
f4b6623
f4b6623 
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
f4b6623 
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
f4b6623 
+
f4b6623 
 /*
f4b6623 
  * Include necessary headers...
f4b6623 
  */
f4b6623
f4b6623 
+#define _GNU_SOURCE
f4b6623 
 #include <cups/http-private.h>
f4b6623 
 #include "cupsd.h"
f4b6623
f4b6623 
@@ -81,6 +86,12 @@
f4b6623 
 #  include <gnutls/x509.h>
f4b6623 
 #endif /* HAVE_GNUTLS */
f4b6623
f4b6623 
+#ifdef WITH_LSPP
f4b6623 
+#include <selinux/selinux.h>
f4b6623 
+#include <selinux/context.h>
f4b6623 
+#include <fcntl.h>
f4b6623 
+#endif /* WITH_LSPP */
f4b6623 
+
f4b6623
f4b6623 
 /*
f4b6623 
  * Local functions...
f4b6623 
@@ -339,6 +350,57 @@
f4b6623 
     }
f4b6623 
   }
f4b6623
f4b6623 
+#ifdef WITH_LSPP
f4b6623 
+  if (is_lspp_config())
f4b6623 
+  {
f4b6623 
+    struct ucred cr;
f4b6623 
+    unsigned int cl=sizeof(cr);
f4b6623 
+
f4b6623 
+    if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) == 0)
d042370 
+    {
f4b6623 
+     /*
f4b6623 
+      * client_pid_to_auid() can be racey
f4b6623 
+      * In this case the pid is based on a socket connected to the client
f4b6623 
+      */
f4b6623 
+      if ((con->auid = client_pid_to_auid(cr.pid)) == -1)
d042370 
+      {
f4b6623 
+        close(con->http.fd);
f4b6623 
+        cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: "
f4b6623 
+                        "unable to determine client auid for client pid=%d", cr.pid);
f4b6623 
+        free(con);
d042370 
+        return;
d042370 
+      }
f4b6623 
+      cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: peer's pid=%d, uid=%d, gid=%d, auid=%d",
f4b6623 
+                      cr.pid, cr.uid, cr.gid, con->auid);
d042370 
+    }
d042370 
+    else
d042370 
+    {
f4b6623 
+      close(con->http.fd);
f4b6623 
+      cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getsockopt() failed");
f4b6623 
+      free(con);
f4b6623 
+      return;
d042370 
+    }
f4b6623 
+
f4b6623 
+   /*
f4b6623 
+    * get the context of the peer connection
f4b6623 
+    */
f4b6623 
+    if (getpeercon(con->http.fd, &con->scon))
d042370 
+    {
f4b6623 
+      close(con->http.fd);
f4b6623 
+      cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getpeercon() failed");
f4b6623 
+      free(con);
f4b6623 
+      return;
d042370 
+    }
f4b6623 
+
f4b6623 
+    cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: client context=%s", con->scon);
f4b6623 
+  }
f4b6623 
+  else
f4b6623 
+  {
f4b6623 
+    cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAcceptClient: skipping getpeercon()");
f4b6623 
+    cupsdSetString(&con->scon, UNKNOWN_SL);
d042370 
+  }
d042370 
+#endif /* WITH_LSPP */
75d0e82 
+
f4b6623 
 #ifdef AF_INET6
f4b6623 
   if (con->http.hostaddr->addr.sa_family == AF_INET6)
f4b6623 
     cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAcceptClient: %d from %s:%d (IPv6)",
f4b6623 
@@ -729,6 +791,13 @@
f4b6623 
   mime_type_t		*type;		/* MIME type of file */
f4b6623 
   cupsd_printer_t	*p;		/* Printer */
f4b6623 
   static unsigned	request_id = 0;	/* Request ID for temp files */
d042370 
+#ifdef WITH_LSPP
f4b6623 
+  security_context_t	spoolcon;	/* context of the job file */
f4b6623 
+  context_t		clicon;		/* contex_t container for con->scon */
f4b6623 
+  context_t		tmpcon;		/* temp context to swap the level */
f4b6623 
+  char			*clirange;	/* SELinux sensitivity range */
f4b6623 
+  char			*cliclearance;	/* SELinux low end clearance */
d042370 
+#endif /* WITH_LSPP */
d042370
d042370
f4b6623 
   status = HTTP_CONTINUE;
f4b6623 
@@ -1832,6 +1901,63 @@
f4b6623 
 	  fchmod(con->file, 0640);
f4b6623 
 	  fchown(con->file, RunUser, Group);
f4b6623 
           fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
d042370 
+#ifdef WITH_LSPP
f4b6623 
+          if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
f4b6623 
+          {
f4b6623 
+            if (getfilecon(con->filename, &spoolcon) == -1)
f4b6623 
+            {
f4b6623 
+              cupsdSendError(con, HTTP_SERVER_ERROR);
f4b6623 
+              return (cupsdCloseClient(con));
f4b6623 
+            }
f4b6623 
+            clicon = context_new(con->scon);
f4b6623 
+            tmpcon = context_new(spoolcon);
f4b6623 
+            freecon(spoolcon);
f4b6623 
+            if (!clicon || !tmpcon)
f4b6623 
+            {
f4b6623 
+              cupsdSendError(con, HTTP_SERVER_ERROR);
f4b6623 
+              if (clicon)
f4b6623 
+                context_free(clicon);
f4b6623 
+              if (tmpcon)
f4b6623 
+                context_free(tmpcon);
f4b6623 
+              return (cupsdCloseClient(con));
f4b6623 
+            }
f4b6623 
+            clirange = strdup(context_range_get(clicon));
f4b6623 
+            if ((cliclearance = strtok(clirange, "-")) != NULL)
f4b6623 
+            {
f4b6623 
+              if (context_range_set(tmpcon, cliclearance) == -1)
f4b6623 
+              {
f4b6623 
+                cupsdSendError(con, HTTP_SERVER_ERROR);
f4b6623 
+                free(clirange);
f4b6623 
+                context_free(tmpcon);
f4b6623 
+                context_free(clicon);
f4b6623 
+                return (cupsdCloseClient(con));
f4b6623 
+              }
f4b6623 
+            }
f4b6623 
+            else
f4b6623 
+            {
f4b6623 
+              if (context_range_set(tmpcon, (context_range_get(clicon))) == -1)
f4b6623 
+              {
f4b6623 
+                cupsdSendError(con, HTTP_SERVER_ERROR);
f4b6623 
+                free(clirange);
f4b6623 
+                context_free(tmpcon);
f4b6623 
+                context_free(clicon);
f4b6623 
+                return (cupsdCloseClient(con));
f4b6623 
+              }
f4b6623 
+            }
f4b6623 
+            free(clirange);
f4b6623 
+            if (setfilecon(con->filename, context_str(tmpcon)) == -1)
f4b6623 
+            {
f4b6623 
+              cupsdSendError(con, HTTP_SERVER_ERROR);
f4b6623 
+              context_free(tmpcon);
f4b6623 
+              context_free(clicon);
f4b6623 
+              return (cupsdCloseClient(con));
f4b6623 
+            }
f4b6623 
+            cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadClient: %s set to %s",
f4b6623 
+                            con->filename, context_str(tmpcon));
f4b6623 
+            context_free(tmpcon);
f4b6623 
+            context_free(clicon);
f4b6623 
+          }
f4b6623 
+#endif /* WITH_LSPP */
f4b6623 
 	}
f4b6623
f4b6623 
 	if (con->http.state != HTTP_POST_SEND)
f4b6623 
@@ -3906,6 +4032,50 @@
f4b6623 
 #endif /* HAVE_SSL */
f4b6623
f4b6623
f4b6623 
+#ifdef WITH_LSPP
f4b6623 
+/*
f4b6623 
+ * 'client_pid_to_auid()' - Using the client's pid, read /proc and determine the loginuid.
f4b6623 
+ */
75d0e82 
+
f4b6623 
+uid_t client_pid_to_auid(pid_t clipid)
f4b6623 
+{
f4b6623 
+  uid_t uid;
f4b6623 
+  int len, in;
f4b6623 
+  char buf[16] = {0};
f4b6623 
+  char fname[32] = {0};
75d0e82 
+
75d0e82 
+
f4b6623 
+ /*
f4b6623 
+  * Hopefully this pid is still the one we are interested in.
f4b6623 
+  */
f4b6623 
+  snprintf(fname, 32, "/proc/%d/loginuid", clipid);
f4b6623 
+  in = open(fname, O_NOFOLLOW|O_RDONLY);
75d0e82 
+
f4b6623 
+  if (in < 0)
f4b6623 
+    return -1;
5dd9863 
+
f4b6623 
+  errno = 0;
5dd9863 
+
f4b6623 
+  do {
f4b6623 
+    len = read(in, buf, sizeof(buf));
f4b6623 
+  } while (len < 0 && errno == EINTR);
75d0e82 
+
f4b6623 
+  close(in);
f4b6623 
+
f4b6623 
+  if (len < 0 || len >= sizeof(buf))
f4b6623 
+    return -1;
f4b6623 
+
f4b6623 
+  errno = 0;
f4b6623 
+  buf[len] = 0;
f4b6623 
+  uid = strtol(buf, 0, 10);
f4b6623 
+
f4b6623 
+  if (errno != 0)
f4b6623 
+    return -1;
f4b6623 
+  else
f4b6623 
+    return uid;
f4b6623 
+}
75d0e82 
+#endif /* WITH_LSPP */
75d0e82 
+
75d0e82 
 /*
f4b6623 
  * 'pipe_command()' - Pipe the output of a command to the remote client.
75d0e82 
  */
f4b6623 
--- cups-1.2.8/scheduler/main.c.lspp	2007-03-02 14:06:43.000000000 +0000
f4b6623 
+++ cups-1.2.8/scheduler/main.c	2007-03-02 14:06:43.000000000 +0000
d042370 
@@ -49,6 +49,8 @@
d042370 
  *   usage()                   - Show scheduler usage.
75d0e82 
  */
75d0e82
d042370 
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
d042370 
+
75d0e82 
 /*
d042370 
  * Include necessary headers...
d042370 
  */
d042370 
@@ -71,6 +73,9 @@
d042370 
 #  include <notify.h>
d042370 
 #endif /* HAVE_NOTIFY_H */
75d0e82
75d0e82 
+#ifdef WITH_LSPP
75d0e82 
+#  include <libaudit.h>
75d0e82 
+#endif /* WITH_LSPP */
75d0e82
75d0e82 
 /*
d042370 
  * Local functions...
d042370 
@@ -156,6 +161,9 @@
d042370 
   int			launchd_idle_exit;
d042370 
 					/* Idle exit on select timeout? */
d042370 
 #endif	/* HAVE_LAUNCHD */
d042370 
+#if WITH_LSPP
d042370 
+  auditfail_t           failmode;       /* Action for audit_open failure */
5dd9863 
+#endif /* WITH_LSPP */
5dd9863
5dd9863
5dd9863 
  /*
d042370 
@@ -366,6 +374,25 @@
d042370 
 #endif /* DEBUG */
d042370 
   }
9ad376b
75d0e82 
+#ifdef WITH_LSPP
d042370 
+  if ((AuditLog = audit_open()) < 0 )
5dd9863 
+  {
d042370 
+    if (get_auditfail_action(&failmode) == 0)
9ad376b 
+    {
d042370 
+      if (failmode == FAIL_LOG)
d042370 
+      {
d042370 
+        cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to connect to audit subsystem.");
d042370 
+        AuditLog = -1;
d042370 
+      }
d042370 
+      else if (failmode == FAIL_TERMINATE)
d042370 
+      {
d042370 
+        fprintf(stderr, "cupsd: unable to start auditing, terminating");
d042370 
+        return -1;
d042370 
+      }
9ad376b 
+    }
5dd9863 
+  }
d042370 
+#endif /* WITH_LSPP */
d042370 
+
5dd9863 
  /*
d042370 
   * Set the timezone info...
d042370 
   */
d042370 
@@ -1154,6 +1181,11 @@
d042370 
   free(input);
d042370 
   free(output);
75d0e82
75d0e82 
+#ifdef WITH_LSPP
d042370 
+  if (AuditLog != -1)
d042370 
+    audit_close(AuditLog);
75d0e82 
+#endif /* WITH_LSPP */
5dd9863 
+
d042370 
   return (!stop_scheduler);
d042370 
 }
5dd9863
ee6b344 
--- cups-1.2.8/scheduler/conf.h	2007-03-02 14:06:43.000000000 +0000
ee6b344 
+++ cups-1.2.4-secheck/scheduler/conf.h	2007-03-07 11:22:58.000000000 -0500
ee6b344 
@@ -191,6 +191,12 @@
f4b6623 
 					/* Server key file */
f4b6623 
 #  endif /* HAVE_LIBSSL || HAVE_GNUTLS */
f4b6623 
 #endif /* HAVE_SSL */
5dd9863 
+#ifdef WITH_LSPP
ee6b344 
+VAR int			AuditLog		VALUE(-1),
f4b6623 
+					/* File descriptor for audit */
ee6b344 
+			PerPageLabels		VALUE(TRUE);
ee6b344 
+					/* Put the label on each page */
5dd9863 
+#endif /* WITH_LSPP */
75d0e82
f4b6623 
 #ifdef HAVE_LAUNCHD
f4b6623 
 VAR int			LaunchdTimeout		VALUE(DEFAULT_TIMEOUT);
ee6b344 
@@ -213,6 +219,9 @@
f4b6623 
 ;
f4b6623 
 extern int	cupsdLogPage(cupsd_job_t *job, const char *page);
f4b6623
f4b6623 
+#ifdef WITH_LSPP
f4b6623 
+extern int	is_lspp_config(void);
f4b6623 
+#endif /* WITH_LSPP */
d042370
f4b6623 
 /*
f4b6623 
  * End of "$Id: conf.h 5696 2006-06-26 18:34:20Z mike $".
f4b6623 
--- cups-1.2.8/scheduler/ipp.c.lspp	2007-03-02 14:06:43.000000000 +0000
f4b6623 
+++ cups-1.2.8/scheduler/ipp.c	2007-03-02 14:06:57.000000000 +0000
f4b6623 
@@ -41,6 +41,7 @@
f4b6623 
  *   cancel_all_jobs()           - Cancel all print jobs.
f4b6623 
  *   cancel_job()                - Cancel a print job.
f4b6623 
  *   cancel_subscription()       - Cancel a subscription.
f4b6623 
+ *   check_context()             - Check the SELinux context for a user and job
f4b6623 
  *   check_quotas()              - Check quotas for a printer and user.
f4b6623 
  *   copy_attribute()            - Copy a single attribute.
f4b6623 
  *   copy_attrs()                - Copy attributes from one request to another.
f4b6623 
@@ -95,6 +96,9 @@
75d0e82 
  *   validate_user()             - Validate the user for the request.
75d0e82 
  */
75d0e82
75d0e82 
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
75d0e82 
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
75d0e82 
+
75d0e82 
 /*
75d0e82 
  * Include necessary headers...
75d0e82 
  */
f4b6623 
@@ -105,6 +109,14 @@
75d0e82 
 #  include <paper.h>
75d0e82 
 #endif /* HAVE_LIBPAPER */
75d0e82
75d0e82 
+#ifdef WITH_LSPP
75d0e82 
+#include <libaudit.h>
75d0e82 
+#include <selinux/selinux.h>
75d0e82 
+#include <selinux/context.h>
75d0e82 
+#include <selinux/avc.h>
75d0e82 
+#include <selinux/flask.h>
75d0e82 
+#include <selinux/av_permissions.h>
75d0e82 
+#endif /* WITH_LSPP */
75d0e82
75d0e82 
 /*
d042370 
  * Local functions...
f4b6623 
@@ -130,6 +142,9 @@
f4b6623 
 static void	cancel_all_jobs(cupsd_client_t *con, ipp_attribute_t *uri);
f4b6623 
 static void	cancel_job(cupsd_client_t *con, ipp_attribute_t *uri);
f4b6623 
 static void	cancel_subscription(cupsd_client_t *con, int id);
f4b6623 
+#ifdef WITH_LSPP
f4b6623 
+static int	check_context(cupsd_client_t *con, cupsd_job_t *job);
f4b6623 
+#endif /* WITH_LSPP */
f4b6623 
 static int	check_quotas(cupsd_client_t *con, cupsd_printer_t *p);
f4b6623 
 static ipp_attribute_t	*copy_attribute(ipp_t *to, ipp_attribute_t *attr,
f4b6623 
 		                        int quickcopy);
f4b6623 
@@ -1159,6 +1174,21 @@
75d0e82 
   int		kbytes;			/* Size of print file */
75d0e82 
   int		i;			/* Looping var */
75d0e82 
   int		lowerpagerange;		/* Page range bound */
75d0e82 
+#ifdef WITH_LSPP
75d0e82 
+  char		*audit_message;		/* Audit message string */
75d0e82 
+  char		*printerfile;		/* device file pointed to by the printer */
9ad376b 
+  char		*userheader = NULL;	/* User supplied job-sheets[0] */
9ad376b 
+  char		*userfooter = NULL;	/* User supplied job-sheets[1] */
9ad376b 
+  int		override = 0;		/* Was a banner overrode on a job */
22cc213 
+  security_id_t	clisid;			/* SELinux SID for the client */
22cc213 
+  security_id_t	psid;			/* SELinux SID for the printer */
22cc213 
+  context_t	printercon;		/* Printer's context string */
d042370 
+  struct stat	printerstat;		/* Printer's stat buffer */
22cc213 
+  security_context_t	devcon;		/* Printer's SELinux context */
22cc213 
+  struct avc_entry_ref	avcref;		/* Pointer to the access vector cache */
22cc213 
+  security_class_t	tclass;		/* Object class for the SELinux check */
63d0991 
+  access_vector_t	avr;		/* Access method being requested */
75d0e82 
+#endif /* WITH_LSPP */
75d0e82
75d0e82
75d0e82 
   cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %s)", con,
f4b6623 
@@ -1335,6 +1365,127 @@
75d0e82 
     return (NULL);
75d0e82 
   }
75d0e82
75d0e82 
+#ifdef WITH_LSPP
75d0e82 
+  if (is_lspp_config())
75d0e82 
+  {
6bb98ac 
+    if (!con->scon || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
75d0e82 
+    {
75d0e82 
+      cupsdLogMessage(CUPSD_LOG_ERROR, "add_job: missing classification for connection \'%s\'!", dest);
75d0e82 
+      send_ipp_status(con, IPP_INTERNAL_ERROR, _("Missing required secuirty attributes."));
75d0e82 
+      return (NULL);
75d0e82 
+    }
75d0e82 
+    else
75d0e82 
+    {
75d0e82 
+     /*
75d0e82 
+      * duplicate the security context and auid of the connection into the job structure
75d0e82 
+      */
6bb98ac 
+      job->scon = strdup(con->scon);
6bb98ac 
+      job->auid = con->auid;
75d0e82 
+
75d0e82 
+     /*
75d0e82 
+      * add the security context to the request so that on a restart the security
75d0e82 
+      * attributes will be able to be restored
75d0e82 
+      */
75d0e82 
+      ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "security-context",
75d0e82 
+                   NULL, job->scon);
75d0e82 
+    }
75d0e82 
+
75d0e82 
+   /*
75d0e82 
+    * Perform an access check so that if the user gets feedback at enqueue time
75d0e82 
+    */
75d0e82 
+
9ad376b 
+    printerfile = strstr(printer->device_uri, "/dev/");
22cc213 
+    if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0))
22cc213 
+      printerfile = strdup(printer->device_uri + strlen("file:/"));
22cc213 
+
9ad376b 
+    if (printerfile != NULL)
75d0e82 
+    {
75d0e82 
+      cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: Attempting an access check on printer device %s",
75d0e82 
+                      printerfile);
75d0e82 
+
d042370 
+      if (lstat(printerfile, &printerstat) < 0)
d042370 
+      {
d042370 
+	if (errno != ENOENT)
d042370 
+	{
d042370 
+	  send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to stat the printer"));
d042370 
+	  return (NULL);
d042370 
+	}
d042370 
+	/*
d042370 
+	 * The printer does not exist, so for now assume it's a FileDevice
d042370 
+	 */
d042370 
+	tclass = SECCLASS_FILE;
d042370 
+	avr = FILE__WRITE;
d042370 
+      }
d042370 
+      else if (S_ISCHR(printerstat.st_mode))
d042370 
+      {
d042370 
+	tclass = SECCLASS_CHR_FILE;
d042370 
+	avr = CHR_FILE__WRITE;
d042370 
+      }
d042370 
+      else if (S_ISREG(printerstat.st_mode))
d042370 
+      {
d042370 
+	tclass = SECCLASS_FILE;
d042370 
+	avr = FILE__WRITE;
d042370 
+      }
63d0991 
+      else
d042370 
+      {
d042370 
+	send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Printer is not a character device or regular file"));
d042370 
+	return (NULL);
d042370 
+      }
22cc213 
+      avc_init("cupsd_enqueue_", NULL, NULL, NULL, NULL);
22cc213 
+      avc_entry_ref_init(&avcref);
22cc213 
+      if (avc_context_to_sid(con->scon, &clisid) != 0)
75d0e82 
+      {
22cc213 
+        send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the client"));
75d0e82 
+        return (NULL);
75d0e82 
+      }
22cc213 
+      if (getfilecon(printerfile, &devcon) == -1)
22cc213 
+      {
22cc213 
+        send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux context of the printer"));
22cc213 
+        return (NULL);
22cc213 
+      }
22cc213 
+      printercon = context_new(devcon);
22cc213 
+      cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: printer context %s client context %s",
22cc213 
+                      context_str(printercon), con->scon);
22cc213 
+      context_free(printercon);
75d0e82 
+
22cc213 
+      if (avc_context_to_sid(devcon, &psid) != 0)
75d0e82 
+      {
22cc213 
+        send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the printer"));
22cc213 
+        freecon(devcon);
22cc213 
+        return (NULL);
22cc213 
+      }
22cc213 
+      freecon(devcon);
ef70a03 
+      if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0)
22cc213 
+      {
22cc213 
+       /*
22cc213 
+        * The access check failed, so cancel the job and send an audit message
22cc213 
+        */
22cc213 
+        if (AuditLog != -1)
75d0e82 
+        {
22cc213 
+          audit_message = NULL;
22cc213 
+          cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s obj=%s refused"
22cc213 
+                          " unable to access printer=%s", job->id, con->auid,
22cc213 
+                          con->username, con->scon, printer->name);
22cc213 
+          audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,
22cc213 
+                                 ServerName, NULL, NULL, 0);
22cc213 
+          free(audit_message);
75d0e82 
+        }
22cc213 
+
22cc213 
+        send_ipp_status(con, IPP_NOT_AUTHORIZED, _("SELinux prohibits access to the printer"));
22cc213 
+        return (NULL);
75d0e82 
+      }
75d0e82 
+    }
75d0e82 
+  }
6bb98ac 
+  else
6bb98ac 
+  {
6bb98ac 
+   /*
6bb98ac 
+    * Fill in the security context of the job as unlabeled
6bb98ac 
+    */
a06301c 
+    cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: setting context of job to %s", UNKNOWN_SL);
6bb98ac 
+    cupsdSetString(&job->scon, UNKNOWN_SL);
6bb98ac 
+  }
75d0e82 
+#endif /* WITH_LSPP */
75d0e82 
+
75d0e82 
   job->dtype   = dtype;
75d0e82 
   job->attrs   = con->request;
d042370 
   con->request = ippNewRequest(job->attrs->request.op.operation_id);
f4b6623 
@@ -1530,6 +1681,29 @@
9ad376b 
       attr->values[0].string.text = _cupsStrAlloc(printer->job_sheets[0]);
9ad376b 
       attr->values[1].string.text = _cupsStrAlloc(printer->job_sheets[1]);
9ad376b 
     }
75d0e82 
+#ifdef WITH_LSPP
9ad376b 
+    else
9ad376b 
+    {
9ad376b 
+     /*
9ad376b 
+      * The option was present, so capture the user supplied strings
9ad376b 
+      */
9ad376b 
+      userheader = strdup(attr->values[0].string.text);
9ad376b 
+
9ad376b 
+      if (attr->num_values > 1)
9ad376b 
+        userfooter = strdup(attr->values[1].string.text);
9ad376b 
+
f6c7a0a 
+      if (Classification != NULL && (strcmp(userheader, Classification) == 0)
d90f391 
+          && userfooter &&(strcmp(userfooter, Classification) == 0))
9ad376b 
+      {
75d0e82 
+       /*
9ad376b 
+        * Since both values are Classification, the user is not trying to Override
75d0e82 
+        */
9ad376b 
+        free(userheader);
d90f391 
+        if (userfooter) free(userfooter);
9ad376b 
+        userheader = userfooter = NULL;
9ad376b 
+      }
9ad376b 
+    }
9ad376b 
+#endif /* WITH_LSPP */
9ad376b
9ad376b 
     job->job_sheets = attr;
9ad376b
f4b6623 
@@ -1560,6 +1734,9 @@
9ad376b 
 	                		    "job-sheets=\"%s,none\", "
9ad376b 
 					    "job-originating-user-name=\"%s\"",
9ad376b 
 	        	 job->id, Classification, job->username);
9ad376b 
+#ifdef WITH_LSPP
9ad376b 
+          override = 1;
9ad376b 
+#endif /* WITH_LSPP */
9ad376b 
 	}
9ad376b 
 	else if (attr->num_values == 2 &&
9ad376b 
 	         strcmp(attr->values[0].string.text,
f4b6623 
@@ -1578,6 +1755,9 @@
9ad376b 
 					    "job-originating-user-name=\"%s\"",
9ad376b 
 	        	 job->id, attr->values[0].string.text,
9ad376b 
 			 attr->values[1].string.text, job->username);
9ad376b 
+#ifdef WITH_LSPP
9ad376b 
+          override = 1;
9ad376b 
+#endif /* WITH_LSPP */
9ad376b 
 	}
9ad376b 
 	else if (strcmp(attr->values[0].string.text, Classification) &&
9ad376b 
 	         strcmp(attr->values[0].string.text, "none") &&
f4b6623 
@@ -1598,6 +1778,9 @@
9ad376b 
 			    "job-originating-user-name=\"%s\"",
9ad376b 
 	        	    job->id, attr->values[0].string.text,
9ad376b 
 			    attr->values[1].string.text, job->username);
9ad376b 
+#ifdef WITH_LSPP
9ad376b 
+          override = 1;
9ad376b 
+#endif /* WITH_LSPP */
9ad376b 
         }
9ad376b 
       }
9ad376b 
       else if (strcmp(attr->values[0].string.text, Classification) &&
f4b6623 
@@ -1638,9 +1821,52 @@
9ad376b 
 	                  "job-sheets=\"%s\", "
9ad376b 
 			  "job-originating-user-name=\"%s\"",
9ad376b 
 	        	 job->id, Classification, job->username);
9ad376b 
+#ifdef WITH_LSPP
9ad376b 
+        override = 1;
9ad376b 
+#endif /* WITH_LSPP */
ef70a03 
+      }
9ad376b 
+#ifdef WITH_LSPP
9ad376b 
+      if (is_lspp_config() && AuditLog != -1)
9ad376b 
+      {
75d0e82 
+        audit_message = NULL;
9ad376b 
+
9ad376b 
+        if (userheader || userfooter)
9ad376b 
+        {
9ad376b 
+          if (!override)
9ad376b 
+          {
9ad376b 
+           /*
9ad376b 
+            * The user overrode the banner, so audit it
9ad376b 
+            */
22cc213 
+            cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s"
22cc213 
+                            " using banners=%s,%s", job->id, userheader,
9ad376b 
+                            userfooter, attr->values[0].string.text,
9ad376b 
+                            (attr->num_values > 1) ? attr->values[1].string.text : "(null)");
9ad376b 
+            audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message,
9ad376b 
+                                   ServerName, NULL, NULL, 1);
f4b6623 
+      }
9ad376b 
+          else
9ad376b 
+          {
9ad376b 
+           /*
9ad376b 
+            * The user tried to override the banner, audit the failure
9ad376b 
+            */
22cc213 
+            cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s"
22cc213 
+                            " ignored banners=%s,%s", job->id, userheader,
9ad376b 
+                            userfooter, attr->values[0].string.text,
9ad376b 
+                            (attr->num_values > 1) ? attr->values[1].string.text : "(null)");
9ad376b 
+            audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message,
9ad376b 
+                                   ServerName, NULL, NULL, 0);
c5c7073 
+      }
d042370 
+          free(audit_message);
d042370 
       }
d042370 
     }
d042370
9ad376b 
+      if (userheader)
9ad376b 
+        free(userheader);
9ad376b 
+      if (userfooter)
9ad376b 
+        free(userfooter);
75d0e82 
+#endif /* WITH_LSPP */
d042370 
+    }
d042370 
+
9ad376b 
    /*
d042370 
     * See if we need to add the starting sheet...
d042370 
     */
f4b6623 
@@ -3142,6 +3368,103 @@
f4b6623 
 }
f4b6623
f4b6623
f4b6623 
+#ifdef WITH_LSPP
f4b6623 
+/*
f4b6623 
+ * 'check_context()' - Check SELinux security context of a user and job
f4b6623 
+ */
f4b6623 
+
f4b6623 
+static int				/* O - 1 if OK, 0 if not, -1 on error */
f4b6623 
+check_context(cupsd_client_t *con,	/* I - Client connection */
f4b6623 
+             cupsd_job_t    *job)	/* I - Job */
f4b6623 
+{
f4b6623 
+  int			enforcing;	/* is SELinux in enforcing mode */
f4b6623 
+  char			filename[1024]; /* Filename of the spool file */
f4b6623 
+  security_id_t		clisid;		/* SELinux SID of the client */
f4b6623 
+  security_id_t		jobsid;		/* SELinux SID of the job */
f4b6623 
+  security_id_t		filesid;	/* SELinux SID of the spool file */
f4b6623 
+  struct avc_entry_ref	avcref;		/* AVC entry cache pointer */
f4b6623 
+  security_class_t	tclass;		/* SELinux security class */
f4b6623 
+  access_vector_t	avr;		/* SELinux access being queried */
f4b6623 
+  security_context_t	spoolfilecon;	/* SELinux context of the spool file */
f4b6623 
+
f4b6623 
+
f4b6623 
+ /*
f4b6623 
+  * Validate the input to be sure there are contexts to work with...
f4b6623 
+  */
f4b6623 
+
f4b6623 
+  if (con->scon == NULL || job->scon == NULL
f4b6623 
+      || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0
f4b6623 
+      || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
f4b6623 
+    return -1;
f4b6623 
+
f4b6623 
+  if ((enforcing = security_getenforce()) == -1)
f4b6623 
+  {
f4b6623 
+    cupsdLogMessage(CUPSD_LOG_ERROR, "Error while determining SELinux enforcement");
f4b6623 
+    return -1;
f4b6623 
+  }
f4b6623 
+  cupsdLogMessage(CUPSD_LOG_DEBUG, "check_context: client context %s job context %s", con->scon, job->scon);
f4b6623 
+
f4b6623 
+
f4b6623 
+ /*
f4b6623 
+  * Initialize the avc engine...
f4b6623 
+  */
f4b6623 
+
f4b6623 
+  if (avc_init("cupsd", NULL, NULL, NULL, NULL) < 0)
f4b6623 
+  {
f4b6623 
+    cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable avc_init");
f4b6623 
+    return -1;
f4b6623 
+  }
f4b6623 
+  if (avc_context_to_sid(con->scon, &clisid) != 0)
f4b6623 
+  {
f4b6623 
+    cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable to convert %s to SELinux sid", con->scon);
f4b6623 
+    return -1;
f4b6623 
+  }
f4b6623 
+  avc_context_to_sid(job->scon, &jobsid);
f4b6623 
+  avc_entry_ref_init(&avcref);
f4b6623 
+  tclass = SECCLASS_FILE;
f4b6623 
+  avr = FILE__READ;
f4b6623 
+
f4b6623 
+ /*
f4b6623 
+  * Perform the check with the client as the subject, first with the job as the object
f4b6623 
+  *   if that fails then with the spool file as the object...
f4b6623 
+  */
f4b6623 
+
f4b6623 
+  if (avc_has_perm_noaudit(clisid, jobsid, tclass, avr, &avcref, NULL) != 0)
f4b6623 
+  {
f4b6623 
+    cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access based on the client context");
f4b6623 
+
f4b6623 
+    snprintf(filename, sizeof(filename), "%s/c%05d", RequestRoot, job->id);
f4b6623 
+    if (getfilecon(filename, &spoolfilecon) == -1)
f4b6623 
+    {
f4b6623 
+      cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to get spoolfile context");
f4b6623 
+      return -1;
f4b6623 
+    }
f4b6623 
+    if (avc_context_to_sid(spoolfilecon, &filesid) != 0)
f4b6623 
+    {
f4b6623 
+      cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to determine the SELinux sid for the spool file");
f4b6623 
+      freecon(spoolfilecon);
f4b6623 
+      return -1;
f4b6623 
+    }
f4b6623 
+    freecon(spoolfilecon);
f4b6623 
+    if (avc_has_perm_noaudit(clisid, filesid, tclass, avr, &avcref, NULL) != 0)
f4b6623 
+    {
f4b6623 
+      cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access to the spool file");
f4b6623 
+      return 0;
f4b6623 
+    }
f4b6623 
+    cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access to the spool file");
f4b6623 
+    return 1;
f4b6623 
+  }
f4b6623 
+  else
f4b6623 
+    if (enforcing == 0)
f4b6623 
+        cupsdLogMessage(CUPSD_LOG_INFO, "check_context: allowing operation due to permissive mode");
f4b6623 
+    else
f4b6623 
+        cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access based on the client context");
f4b6623 
+
f4b6623 
+  return 1;
f4b6623 
+}
f4b6623 
+#endif /* WITH_LSPP */
f4b6623 
+
f4b6623 
+
f4b6623 
 /*
f4b6623 
  * 'check_quotas()' - Check quotas for a printer and user.
f4b6623 
  */
f4b6623 
@@ -3490,6 +3813,15 @@
75d0e82 
   char		attrname[255],		/* Name of attribute */
75d0e82 
 		*s;			/* Pointer into name */
75d0e82 
   ipp_attribute_t *attr;		/* Attribute */
75d0e82 
+#ifdef WITH_LSPP
ef70a03 
+  const char	*mls_label;		/* SL of print job */
ef70a03 
+  char		*jobrange;		/* SELinux sensitivity range */
ef70a03 
+  char		*jobclearance;		/* SELinux low end clearance */
22cc213 
+  context_t	jobcon;			/* SELinux context of the job */
22cc213 
+  context_t	tmpcon;			/* Temp context to set the level */
22cc213 
+  security_context_t	spoolcon;	/* Context of the file in the spool */
75d0e82 
+#endif /* WITH_LSPP */
75d0e82 
+
75d0e82
75d0e82
75d0e82 
   cupsdLogMessage(CUPSD_LOG_DEBUG2, "copy_banner(%p[%d], %p[%d], %s)",
f4b6623 
@@ -3523,6 +3855,77 @@
22cc213
22cc213 
   fchmod(cupsFileNumber(out), 0640);
22cc213 
   fchown(cupsFileNumber(out), RunUser, Group);
22cc213 
+#ifdef WITH_LSPP
6bb98ac 
+  if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
22cc213 
+  {
6bb98ac 
+    if (getfilecon(filename, &spoolcon) == -1)
6bb98ac 
+    {
6bb98ac 
+      cupsdLogMessage(CUPSD_LOG_ERROR,
6bb98ac 
+                      "copy_banner: Unable to get the context of the banner file %s - %s",
6bb98ac 
+                      filename, strerror(errno));
6bb98ac 
+      job->num_files --;
6bb98ac 
+      return (0);
6bb98ac 
+    }
6bb98ac 
+    tmpcon = context_new(spoolcon);
6bb98ac 
+    jobcon = context_new(con->scon);
6bb98ac 
+    freecon(spoolcon);
c5c7073 
+    if (!tmpcon || !jobcon)
c5c7073 
+    {
c5c7073 
+      if (tmpcon)
c5c7073 
+        context_free(tmpcon);
c5c7073 
+      if (jobcon)
c5c7073 
+        context_free(jobcon);
c5c7073 
+      cupsdLogMessage(CUPSD_LOG_ERROR,
c5c7073 
+                      "copy_banner: Unable to get the SELinux contexts");
c5c7073 
+      job->num_files --;
c5c7073 
+      return (0);
c5c7073 
+    }
ef70a03 
+    jobrange = strdup(context_range_get(jobcon));
ef70a03 
+    if ((jobclearance = strtok(jobrange, "-")) != NULL)
6bb98ac 
+    {
ef70a03 
+      if (context_range_set(tmpcon, jobclearance) == -1)
ef70a03 
+      {
ef70a03 
+        cupsdLogMessage(CUPSD_LOG_ERROR,
ef70a03 
+                        "copy_banner: Unable to set the level of the context for file %s - %s",
ef70a03 
+                        filename, strerror(errno));
ef70a03 
+        free(jobrange);
ef70a03 
+        context_free(jobcon);
ef70a03 
+        context_free(tmpcon);
ef70a03 
+        job->num_files --;
ef70a03 
+        return (0);
ef70a03 
+      }
ef70a03 
+    }
ef70a03 
+    else
ef70a03 
+    {
ef70a03 
+      if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1)
ef70a03 
+      {
ef70a03 
+        cupsdLogMessage(CUPSD_LOG_ERROR,
ef70a03 
+                        "copy_banner: Unable to set the level of the context for file %s - %s",
ef70a03 
+                        filename, strerror(errno));
ef70a03 
+        free(jobrange);
ef70a03 
+        context_free(jobcon);
ef70a03 
+        context_free(tmpcon);
ef70a03 
+        job->num_files --;
ef70a03 
+        return (0);
ef70a03 
+      }
6bb98ac 
+    }
ef70a03 
+    free(jobrange);
6bb98ac 
+    if (setfilecon(filename, context_str(tmpcon)) == -1)
6bb98ac 
+    {
6bb98ac 
+      cupsdLogMessage(CUPSD_LOG_ERROR,
6bb98ac 
+                      "copy_banner: Unable to set the context of the banner file %s - %s",
6bb98ac 
+                      filename, strerror(errno));
6bb98ac 
+      context_free(jobcon);
6bb98ac 
+      context_free(tmpcon);
6bb98ac 
+      job->num_files --;
6bb98ac 
+      return (0);
6bb98ac 
+    }
6bb98ac 
+    cupsdLogMessage(CUPSD_LOG_DEBUG2, "copy_banner: %s set to %s",
6bb98ac 
+                    filename, context_str(tmpcon));
22cc213 
+    context_free(jobcon);
22cc213 
+    context_free(tmpcon);
22cc213 
+  }
22cc213 
+#endif /* WITH_LSPP */
22cc213
22cc213 
  /*
22cc213 
   * Try the localized banner file under the subdirectory...
f4b6623 
@@ -3617,6 +4020,24 @@
75d0e82 
       else
75d0e82 
         s = attrname;
75d0e82
75d0e82 
+#ifdef WITH_LSPP
75d0e82 
+      if (strcmp(s, "mls-label") == 0)
75d0e82 
+      {
6bb98ac 
+        if (con->scon != NULL && strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
75d0e82 
+        {
22cc213 
+          jobcon = context_new(con->scon);
75d0e82 
+          if (strcasecmp(name, MLS_CONFIG) == 0)
22cc213 
+            mls_label = context_range_get(jobcon);
75d0e82 
+          else if (strcasecmp(name, TE_CONFIG) == 0)
22cc213 
+            mls_label = context_type_get(jobcon);
75d0e82 
+          else // default to using the whole context string
22cc213 
+            mls_label = context_str(jobcon);
75d0e82 
+          cupsFilePuts(out, mls_label);
22cc213 
+          context_free(jobcon);
75d0e82 
+        }
75d0e82 
+        continue;
75d0e82 
+      }
75d0e82 
+#endif /* WITH_LSPP */
75d0e82 
       if (!strcmp(s, "printer-name"))
75d0e82 
       {
75d0e82 
         cupsFilePuts(out, job->dest);
f4b6623 
@@ -5295,6 +5716,22 @@
f4b6623 
     return;
f4b6623 
   }
75d0e82
f4b6623 
+
75d0e82 
+#ifdef WITH_LSPP
75d0e82 
+ /*
f4b6623 
+  * Check SELinux...
75d0e82 
+  */
f4b6623 
+  if (is_lspp_config() && check_context(con, job) != 1)
75d0e82 
+  {
f4b6623 
+   /*
f4b6623 
+    * Unfortunately we have to lie to the user...
f4b6623 
+    */
f4b6623 
+    send_ipp_status(con, IPP_NOT_FOUND, _("Job #%d does not exist!"), jobid);
f4b6623 
+    return;
75d0e82 
+  }
75d0e82 
+#endif /* WITH_LSPP */
75d0e82 
+
75d0e82 
+
75d0e82 
  /*
f4b6623 
   * Copy attributes...
75d0e82 
   */
f4b6623 
@@ -5492,6 +5929,11 @@
75d0e82 
     if (count > 0)
75d0e82 
       ippAddSeparator(con->response);
75d0e82
75d0e82 
+#ifdef WITH_LSPP
f4b6623 
+    if (is_lspp_config() && check_context(con, job) != 1)
f4b6623 
+      continue;
75d0e82 
+#endif /* WITH_LSPP */
75d0e82 
+
75d0e82 
     count ++;
75d0e82
75d0e82 
     cupsdLogMessage(CUPSD_LOG_DEBUG2, "get_jobs: count = %d", count);
f4b6623 
@@ -7880,12 +8322,22 @@
75d0e82 
     * See if we need to add the ending sheet...
75d0e82 
     */
75d0e82
75d0e82 
+#ifdef WITH_LSPP
75d0e82 
+    if (printer &&
75d0e82 
+        ( is_lspp_config() ||
75d0e82 
+        !(printer->type & (CUPS_PRINTER_REMOTE | CUPS_PRINTER_IMPLICIT)) ) &&
75d0e82 
+        (attr = ippFindAttribute(job->attrs, "job-sheets",
75d0e82 
+	                         IPP_TAG_ZERO)) != NULL &&
75d0e82 
+        attr->num_values > 1)
75d0e82 
+    {
75d0e82 
+#else /* !WITH_LSPP */
75d0e82 
     if (printer &&
75d0e82 
         !(printer->type & (CUPS_PRINTER_REMOTE | CUPS_PRINTER_IMPLICIT)) &&
75d0e82 
         (attr = ippFindAttribute(job->attrs, "job-sheets",
75d0e82 
 	                         IPP_TAG_ZERO)) != NULL &&
75d0e82 
         attr->num_values > 1)
75d0e82 
     {
75d0e82 
+#endif /* WITH_LSPP */
75d0e82 
      /*
75d0e82 
       * Yes...
75d0e82 
       */
f4b6623 
@@ -9158,6 +9610,11 @@
22cc213
22cc213 
   strlcpy(username, get_username(con), userlen);
22cc213
22cc213 
+#ifdef WITH_LSPP
f4b6623 
+  if (is_lspp_config() && check_context(con, job) != 1)
f4b6623 
+    return 0;
22cc213 
+#endif /* WITH_LSPP */
22cc213 
+
22cc213 
  /*
22cc213 
   * Check the username against the owner...
22cc213 
   */
ee6b344 
--- cups-1.2.8/scheduler/job.c	2007-03-02 14:06:43.000000000 +0000
ee6b344 
+++ cups-1.2.4-secheck/scheduler/job.c	2007-03-07 11:22:58.000000000 -0500
f4b6623 
@@ -68,6 +68,9 @@
f4b6623 
  *   unload_job()               - Unload a job from memory.
75d0e82 
  */
75d0e82
f4b6623 
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
f4b6623 
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
f4b6623 
+
75d0e82 
 /*
f4b6623 
  * Include necessary headers...
f4b6623 
  */
f4b6623 
@@ -77,6 +80,14 @@
f4b6623 
 #include <cups/backend.h>
f4b6623 
 #include <cups/dir.h>
75d0e82
75d0e82 
+#ifdef WITH_LSPP
f4b6623 
+#include <libaudit.h>
f4b6623 
+#include <selinux/selinux.h>
f4b6623 
+#include <selinux/context.h>
f4b6623 
+#include <selinux/avc.h>
f4b6623 
+#include <selinux/flask.h>
f4b6623 
+#include <selinux/av_permissions.h>
75d0e82 
+#endif /* WITH_LSPP */
75d0e82
75d0e82 
 /*
f4b6623 
  * Local globals...
f4b6623 
@@ -1030,6 +1041,23 @@
f4b6623 
     cupsdSetString(&job->dest, dest);
f4b6623 
   }
f4b6623
22cc213 
+#ifdef WITH_LSPP
f4b6623 
+  if ((attr = ippFindAttribute(job->attrs, "security-context", IPP_TAG_NAME)) != NULL)
f4b6623 
+    cupsdSetString(&job->scon, attr->values[0].string.text);
f4b6623 
+  else if (is_lspp_config())
f4b6623 
+  {
f4b6623 
+   /*
f4b6623 
+    * There was no security context so delete the job
f4b6623 
+    */
f4b6623 
+    cupsdLogMessage(CUPSD_LOG_ERROR, "LoadAllJobs: Missing or bad security-context attribute in control file \"%s\"!",
f4b6623 
+                    jobfile);
f4b6623 
+    ippDelete(job->attrs);
f4b6623 
+    job->attrs = NULL;
f4b6623 
+    unlink(jobfile);
f4b6623 
+    return;
f4b6623 
+  }
22cc213 
+#endif /* WITH_LSPP */
f4b6623 
+
f4b6623 
   job->sheets     = ippFindAttribute(job->attrs, "job-media-sheets-completed",
f4b6623 
                                      IPP_TAG_INTEGER);
f4b6623 
   job->job_sheets = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME);
f4b6623 
@@ -1339,6 +1367,13 @@
f4b6623 
 {
f4b6623 
   char		filename[1024];		/* Job control filename */
f4b6623 
   cups_file_t	*fp;			/* Job file */
75d0e82 
+#ifdef WITH_LSPP
f4b6623 
+  security_context_t	spoolcon;	/* context of the job control file */
f4b6623 
+  context_t		jobcon;		/* contex_t container for job->scon */
f4b6623 
+  context_t		tmpcon;		/* Temp context to swap the level */
f4b6623 
+  char		*jobclearance;		/* SELinux low end clearance */
f4b6623 
+  char		*jobrange;		/* SELinux sensitivity range */
75d0e82 
+#endif /* WITH_LSPP */
75d0e82
75d0e82
f4b6623 
   cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p(%d)): job->attrs=%p",
f4b6623 
@@ -1357,6 +1392,72 @@
f4b6623 
   fchmod(cupsFileNumber(fp), 0600);
f4b6623 
   fchown(cupsFileNumber(fp), RunUser, Group);
75d0e82
75d0e82 
+#ifdef WITH_LSPP
f4b6623 
+  if (job->scon && strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
d042370 
+  {
f4b6623 
+    if (getfilecon(filename, &spoolcon) == -1)
5dd9863 
+    {
f4b6623 
+      cupsdLogMessage(CUPSD_LOG_ERROR,
f4b6623 
+                      "Unable to get context of job control file \"%s\" - %s.",
f4b6623 
+                      filename, strerror(errno));
f4b6623 
+      return;
5dd9863 
+    }
f4b6623 
+    jobcon = context_new(job->scon);
f4b6623 
+    tmpcon = context_new(spoolcon);
f4b6623 
+    freecon(spoolcon);
f4b6623 
+    if (!jobcon || !tmpcon)
f4b6623 
+    {
f4b6623 
+      if (jobcon)
f4b6623 
+        context_free(jobcon);
f4b6623 
+      if (tmpcon)
f4b6623 
+        context_free(tmpcon);
f4b6623 
+      cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to get SELinux contexts");
f4b6623 
+      return;
f4b6623 
+    }
f4b6623 
+    jobrange = strdup(context_range_get(jobcon));
f4b6623 
+    if ((jobclearance = strtok(jobrange, "-")) != NULL)
f4b6623 
+    {
f4b6623 
+      if (context_range_set(tmpcon, jobclearance) == -1)
f4b6623 
+      {
f4b6623 
+        cupsdLogMessage(CUPSD_LOG_ERROR,
f4b6623 
+                        "Unable to set the range for job control file \"%s\" - %s.",
f4b6623 
+                        filename, strerror(errno));
f4b6623 
+        free(jobrange);
f4b6623 
+        context_free(tmpcon);
f4b6623 
+        context_free(jobcon);
f4b6623 
+        return;
f4b6623 
+      }
f4b6623 
+    }
f4b6623 
+    else
f4b6623 
+    {
f4b6623 
+      if (context_range_set(tmpcon, (context_range_get(jobcon))) == -1)
f4b6623 
+      {
f4b6623 
+        cupsdLogMessage(CUPSD_LOG_ERROR,
f4b6623 
+                        "Unable to set the range for job control file \"%s\" - %s.",
f4b6623 
+                        filename, strerror(errno));
f4b6623 
+        free(jobrange);
f4b6623 
+        context_free(tmpcon);
f4b6623 
+        context_free(jobcon);
f4b6623 
+        return;
f4b6623 
+      }
f4b6623 
+    }
f4b6623 
+    free(jobrange);
f4b6623 
+    if (setfilecon(filename, context_str(tmpcon)) == -1)
f4b6623 
+    {
f4b6623 
+      cupsdLogMessage(CUPSD_LOG_ERROR,
f4b6623 
+                      "Unable to set context of job control file \"%s\" - %s.",
f4b6623 
+                      filename, strerror(errno));
f4b6623 
+      context_free(tmpcon);
f4b6623 
+      context_free(jobcon);
f4b6623 
+      return;
f4b6623 
+    }
f4b6623 
+    cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdSaveJob(job=%p): new spool file context=%s",
f4b6623 
+                    job, context_str(tmpcon));
f4b6623 
+    context_free(tmpcon);
f4b6623 
+    context_free(jobcon);
d042370 
+  }
5dd9863 
+#endif /* WITH_LSPP */
5dd9863 
+
f4b6623 
   job->attrs->state = IPP_IDLE;
d042370
f4b6623 
   if (ippWriteIO(fp, (ipp_iocb_t)cupsFileWrite, 1, NULL,
f4b6623 
@@ -2486,6 +2587,21 @@
f4b6623 
 					/* RIP_MAX_CACHE env variable */
f4b6623 
   static char		*options = NULL;/* Full list of options */
f4b6623 
   static int		optlength = 0;	/* Length of option buffer */
d042370 
+#ifdef WITH_LSPP
f4b6623 
+  const char		*mls_label = NULL;	/* SL to put in classification env var */
f4b6623 
+  char			*label_template = NULL;	/* SL to put in classification env var */
f4b6623 
+  char			*audit_message = NULL;	/* Audit message string */
f4b6623 
+  char			*printerfile = NULL;	/* Device file pointed to by the printer */
f4b6623 
+  context_t		jobcon;		/* SELinux context of the job */
f4b6623 
+  security_id_t		clisid;		/* SELinux SID for the client */
f4b6623 
+  security_id_t		psid;		/* SELinux SID for the printer */
f4b6623 
+  context_t		printercon;	/* Printer's context string */
f4b6623 
+  struct stat		printerstat;	/* Printer's stat buffer */
f4b6623 
+  security_context_t	devcon;		/* Printer's SELinux context */
f4b6623 
+  struct avc_entry_ref	avcref;		/* Pointer to the access vector cache */
f4b6623 
+  security_class_t	tclass;		/* Object class for the SELinux check */
f4b6623 
+  access_vector_t	avr;		/* Access method being requested */
d042370 
+#endif /* WITH_LSPP */
d042370
d042370
f4b6623 
   cupsdLogMessage(CUPSD_LOG_DEBUG2, "start_job: id = %d, file = %d/%d",
f4b6623 
@@ -2745,6 +2861,106 @@
d042370
f4b6623 
   cupsdLogMessage(CUPSD_LOG_DEBUG, "banner_page = %d", banner_page);
5dd9863
5dd9863 
+#ifdef WITH_LSPP
f4b6623 
+  if (is_lspp_config())
f4b6623 
+  {
f4b6623 
+   /*
f4b6623 
+    * Perform an access check before printing, but only if the printer starts with /dev/
f4b6623 
+    */
f4b6623 
+    printerfile = strstr(printer->device_uri, "/dev/");
f4b6623 
+    if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0))
f4b6623 
+      printerfile = strdup(printer->device_uri + strlen("file:/"));
f4b6623 
+
f4b6623 
+    if (printerfile != NULL)
f4b6623 
+    {
f4b6623 
+      cupsdLogMessage(CUPSD_LOG_DEBUG,
f4b6623 
+                      "StartJob: Attempting to check access on printer device %s", printerfile);
f4b6623 
+      if (lstat(printerfile, &printerstat) < 0)
f4b6623 
+      {
f4b6623 
+	if (errno != ENOENT)
f4b6623 
+	{
f4b6623 
+	  cupsdLogMessage(CUPSD_LOG_ERROR, "StartJob: Unable to stat the printer");
f4b6623 
+	  cupsdCancelJob(job, 0, IPP_JOB_ABORTED);
f4b6623 
+	  return ;
f4b6623 
+	}
f4b6623 
+	/*
f4b6623 
+	 * The printer does not exist, so for now assume it's a FileDevice
f4b6623 
+	 */
f4b6623 
+	tclass = SECCLASS_FILE;
f4b6623 
+	avr = FILE__WRITE;
f4b6623 
+      }
f4b6623 
+      else if (S_ISCHR(printerstat.st_mode))
f4b6623 
+      {
f4b6623 
+	tclass = SECCLASS_CHR_FILE;
f4b6623 
+	avr = CHR_FILE__WRITE;
f4b6623 
+      }
f4b6623 
+      else if (S_ISREG(printerstat.st_mode))
f4b6623 
+      {
f4b6623 
+	tclass = SECCLASS_FILE;
f4b6623 
+	avr = FILE__WRITE;
f4b6623 
+      }
f4b6623 
+      else
f4b6623 
+      {
f4b6623 
+	cupsdLogMessage(CUPSD_LOG_ERROR,
f4b6623 
+			"StartJob: Printer is not a character device or regular file");
f4b6623 
+	cupsdCancelJob(job, 0, IPP_JOB_ABORTED);
f4b6623 
+	return ;
f4b6623 
+      }
f4b6623 
+      avc_init("cupsd_dequeue_", NULL, NULL, NULL, NULL);
f4b6623 
+      avc_entry_ref_init(&avcref);
f4b6623 
+      if (avc_context_to_sid(job->scon, &clisid) != 0)
f4b6623 
+      {
f4b6623 
+        cupsdLogMessage(CUPSD_LOG_ERROR,
f4b6623 
+                        "StartJob: Unable to determine the SELinux sid for the job");
f4b6623 
+        cupsdCancelJob(job, 0, IPP_JOB_ABORTED);
f4b6623 
+        return ;
f4b6623 
+      }
f4b6623 
+      if (getfilecon(printerfile, &devcon) == -1)
f4b6623 
+      {
f4b6623 
+        cupsdLogMessage(CUPSD_LOG_ERROR, "StartJob: Unable to get the SELinux context of %s",
f4b6623 
+                        printerfile);
f4b6623 
+        cupsdCancelJob(job, 0, IPP_JOB_ABORTED);
f4b6623 
+        return ;
f4b6623 
+      }
f4b6623 
+      printercon = context_new(devcon);
f4b6623 
+      cupsdLogMessage(CUPSD_LOG_DEBUG, "StartJob: printer context %s client context %s",
f4b6623 
+                      context_str(printercon), job->scon);
f4b6623 
+      context_free(printercon);
f4b6623 
+
f4b6623 
+      if (avc_context_to_sid(devcon, &psid) != 0)
f4b6623 
+      {
f4b6623 
+        cupsdLogMessage(CUPSD_LOG_ERROR,
f4b6623 
+                        "StartJob: Unable to determine the SELinux sid for the printer");
f4b6623 
+        freecon(devcon);
f4b6623 
+        cupsdCancelJob(job, 0, IPP_JOB_ABORTED);
f4b6623 
+        return ;
f4b6623 
+      }
f4b6623 
+      freecon(devcon);
f4b6623 
+
f4b6623 
+      if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0)
f4b6623 
+      {
f4b6623 
+       /*
f4b6623 
+        * The access check failed, so cancel the job and send an audit message
f4b6623 
+        */
f4b6623 
+        if (AuditLog != -1)
f4b6623 
+        {
f4b6623 
+          audit_message = NULL;
f4b6623 
+          cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s obj=%s canceled"
f4b6623 
+                                          " unable to access printer=%s", job->id,
f4b6623 
+                          job->auid, (job->username)?job->username:"?", job->scon, printer->name);
f4b6623 
+          audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,
f4b6623 
+                                 ServerName, NULL, NULL, 0);
f4b6623 
+          free(audit_message);
f4b6623 
+        }
f4b6623 
+
f4b6623 
+        cupsdCancelJob(job, 0, IPP_JOB_ABORTED);
f4b6623 
+
f4b6623 
+        return ;
f4b6623 
+      }
f4b6623 
+    }
f4b6623 
+  }
5dd9863 
+#endif /* WITH_LSPP */
d042370 
+
f4b6623 
  /*
f4b6623 
   * Building the options string is harder than it needs to be, but
f4b6623 
   * for the moment we need to pass strings for command-line args and
ee6b344 
@@ -2840,6 +3056,18 @@
ee6b344 
          banner_page)
ee6b344 
         continue;
5dd9863
5dd9863 
+#ifdef WITH_LSPP
ee6b344 
+     /*
ee6b344 
+      * In LSPP mode refuse to honor the page-label
ee6b344 
+      */
ee6b344 
+      if (is_lspp_config() &&
ee6b344 
+          !strcmp(attr->name, "page-label"))
ee6b344 
+      {
ee6b344 
+        cupsdLogMessage(CUPSD_LOG_DEBUG, "Ignoring page-label option due to LSPP mode");
ee6b344 
+        continue;
ee6b344 
+      }
ee6b344 
+#endif /* WITH_LSPP */
ee6b344 
+
ee6b344 
      /*
ee6b344 
       * Otherwise add them to the list...
ee6b344 
       */
ee6b344 
@@ -3055,6 +3283,67 @@
ee6b344 
     envp[envc ++] = final_content_type;
ee6b344 
   }
ee6b344
ee6b344 
+#ifdef WITH_LSPP
ee6b344 
+  if (is_lspp_config())
ee6b344 
+  {
ee6b344 
+    if (!job->scon || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
d042370 
+    {
ee6b344 
+      if (AuditLog != -1)
9ad376b 
+      {
ee6b344 
+        audit_message = NULL;
ee6b344 
+        cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s",
ee6b344 
+                        job->id, job->auid, job->username, printer->name, title);
ee6b344 
+        audit_log_user_message(AuditLog, AUDIT_USER_UNLABELED_EXPORT, audit_message,
ee6b344 
+                               ServerName, NULL, NULL, 1);
ee6b344 
+        free(audit_message);
f4b6623 
+      }
ee6b344 
+    }
ee6b344 
+    else
ee6b344 
+    {
ee6b344 
+      jobcon = context_new(job->scon);
ee6b344 
+
ee6b344 
+      if ((attr = ippFindAttribute(job->attrs, "job-sheets", IPP_TAG_NAME)) == NULL)
ee6b344 
+        label_template = strdup(Classification);
ee6b344 
+      else if (attr->num_values > 1 &&
ee6b344 
+               strcmp(attr->values[1].string.text, "none") != 0)
ee6b344 
+        label_template = strdup(attr->values[1].string.text);
ee6b344 
+      else
ee6b344 
+        label_template = strdup(attr->values[0].string.text);
ee6b344 
+
ee6b344 
+      if (strcasecmp(label_template, MLS_CONFIG) == 0)
ee6b344 
+        mls_label = context_range_get(jobcon);
ee6b344 
+      else if (strcasecmp(label_template, TE_CONFIG) == 0)
ee6b344 
+        mls_label = context_type_get(jobcon);
ee6b344 
+      else if (strcasecmp(label_template, SELINUX_CONFIG) == 0)
ee6b344 
+        mls_label = context_str(jobcon);
ee6b344 
+      else
ee6b344 
+        mls_label = label_template;
ee6b344 
+
ee6b344 
+      if (mls_label && (PerPageLabels || banner_page))
f4b6623 
+      {
ee6b344 
+        snprintf(classification, sizeof(classification), "CLASSIFICATION=LSPP:%s", mls_label);
ee6b344 
+        envp[envc ++] = classification;
ee6b344 
+      }
f4b6623 
+
ee6b344 
+      if ((AuditLog != -1) && !banner_page)
ee6b344 
+      {
ee6b344 
+        audit_message = NULL;
ee6b344 
+        cupsdSetStringf(&audit_message, "job=%d auid=%u acct=%s printer=%s title=%s"
ee6b344 
+                        " obj=%s label=%s", job->id, job->auid, job->username,
ee6b344 
+                        printer->name, title, job->scon, mls_label?mls_label:"none");
ee6b344 
+        audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,
ee6b344 
+                               ServerName, NULL, NULL, 1);
ee6b344 
+        free(audit_message);
9ad376b 
+      }
ee6b344 
+      context_free(jobcon);
ee6b344 
+      free(label_template);
5dd9863 
+    }
ee6b344 
+  }
ee6b344 
+  else
ee6b344 
+   /*
ee6b344 
+    * Fall through to the non-LSPP behavior
ee6b344 
+    */
5dd9863 
+#endif /* WITH_LSPP */
ee6b344 
   if (Classification && !banner_page)
ee6b344 
   {
ee6b344 
     if ((attr = ippFindAttribute(job->attrs, "job-sheets",
f4b6623 
--- cups-1.2.8/scheduler/printers.c.lspp	2007-03-02 14:06:43.000000000 +0000
f4b6623 
+++ cups-1.2.8/scheduler/printers.c	2007-03-02 14:06:43.000000000 +0000
f4b6623 
@@ -57,6 +57,8 @@
f4b6623 
  *                                 printing desktop tools.
f4b6623 
  */
f4b6623
f4b6623 
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
5dd9863 
+
f4b6623 
 /*
f4b6623 
  * Include necessary headers...
f4b6623 
  */
f4b6623 
@@ -79,6 +81,10 @@
f4b6623 
 static void	write_irix_state(cupsd_printer_t *p);
f4b6623 
 #endif /* __sgi */
f4b6623
5dd9863 
+#ifdef WITH_LSPP
f4b6623 
+#  include <libaudit.h>
f4b6623 
+#  include <selinux/context.h>
5dd9863 
+#endif /* WITH_LSPP */
75d0e82
f4b6623 
 /*
f4b6623 
  * 'cupsdAddPrinter()' - Add a printer to the system.
f4b6623 
@@ -1472,6 +1478,13 @@
f4b6623 
 		  "two-sided-long-edge",
f4b6623 
 		  "two-sided-short-edge"
f4b6623 
 		};
75d0e82 
+#ifdef WITH_LSPP
f4b6623 
+  char		*audit_message;		/* Audit message string */
f4b6623 
+  char		*printerfile;		/* Path to a local printer dev */
f4b6623 
+  char		*rangestr;		/* Printer's range if its available */
f4b6623 
+  security_context_t	devcon;		/* Printer SELinux context */
f4b6623 
+  context_t	printercon;		/* context_t for the printer */
75d0e82 
+#endif /* WITH_LSPP */
75d0e82
75d0e82
f4b6623 
   DEBUG_printf(("cupsdSetPrinterAttrs: entering name = %s, type = %x\n", p->name,
f4b6623 
@@ -1579,6 +1592,44 @@
f4b6623 
       attr->values[1].string.text = _cupsStrAlloc(Classification ?
f4b6623 
 	                                   Classification : p->job_sheets[1]);
f4b6623 
     }
75d0e82 
+#ifdef WITH_LSPP
f4b6623 
+    if (AuditLog != -1)
f4b6623 
+    {
f4b6623 
+      char uri[HTTP_MAX_URI];
f4b6623 
+      audit_message = NULL;
f4b6623 
+      rangestr = NULL;
f4b6623 
+      printercon = 0;
f4b6623 
+      printerfile = strstr(p->device_uri, "/dev/");
f4b6623 
+      if (printerfile == NULL && (strncmp(p->device_uri, "file:/", 6) == 0))
f4b6623 
+        printerfile = strdup(p->device_uri + strlen("file:/"));
d042370 
+
f4b6623 
+      if (printerfile != NULL)
f4b6623 
+      {
f4b6623 
+        if (getfilecon(printerfile, &devcon) == -1)
f4b6623 
+          cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdSetPrinterAttrs: Unable to get printer context");
f4b6623 
+        else
f4b6623 
+        {
f4b6623 
+          printercon = context_new(devcon);
f4b6623 
+          freecon(devcon);
f4b6623 
+        }
f4b6623 
+      }
d042370 
+
f4b6623 
+      if (printercon && context_range_get(printercon))
f4b6623 
+        rangestr = strdup(context_range_get(printercon));
f4b6623 
+      else
f4b6623 
+        rangestr = strdup("unknown");
d042370 
+
f4b6623 
+      cupsdSanitizeURI(p->device_uri, uri, sizeof(uri));
f4b6623 
+      cupsdSetStringf(&audit_message, "printer=%s uri=%s banners=%s,%s range=%s",
f4b6623 
+                      p->name, uri, p->job_sheets[0], p->job_sheets[1], rangestr);
f4b6623 
+      audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message,
f4b6623 
+                             ServerName, NULL, NULL, 1);
f4b6623 
+      if (printercon)
f4b6623 
+        context_free(printercon);
f4b6623 
+      free(rangestr);
f4b6623 
+      free(audit_message);
f4b6623 
+    }
9ad376b 
+#endif /* WITH_LSPP */
f4b6623 
   }
f4b6623
f4b6623 
   printer_type = p->type;
f4b6623 
--- cups-1.2.8/scheduler/job.h.lspp	2006-09-19 21:11:08.000000000 +0100
f4b6623 
+++ cups-1.2.8/scheduler/job.h	2007-03-02 14:06:43.000000000 +0000
f4b6623 
@@ -22,6 +22,13 @@
f4b6623 
  *         WWW: http://www.cups.org
d042370 
  */
9ad376b
d042370 
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
d042370 
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
d042370 
+
f4b6623 
+#ifdef WITH_LSPP
f4b6623 
+#include <selinux/selinux.h>
f4b6623 
+#endif /* WITH_LSPP */
f4b6623 
+
d042370 
 /*
f4b6623 
  * Job request structure...
d042370 
  */
f4b6623 
@@ -55,6 +62,10 @@
f4b6623 
   int			status;		/* Status code from filters */
f4b6623 
   cupsd_printer_t	*printer;	/* Printer this job is assigned to */
f4b6623 
   int			tries;		/* Number of tries for this job */
f4b6623 
+#ifdef WITH_LSPP
f4b6623 
+  security_context_t	scon;		/* Security context of job */
f4b6623 
+  uid_t			auid;		/* Audit loginuid for this job */
f4b6623 
+#endif /* WITH_LSPP */
f4b6623 
 } cupsd_job_t;
f4b6623
f4b6623
ee6b344 
--- cups-1.2.4-base/filter/common.c	2007-03-12 16:55:55.000000000 -0400
ee6b344 
+++ cups-1.2.4/filter/common.c	2007-03-12 16:53:14.000000000 -0400
ee6b344 
@@ -38,6 +38,12 @@
ee6b344 
  * Include necessary headers...
ee6b344 
  */
ee6b344
ee6b344 
+#include "config.h"
ee6b344 
+#ifdef WITH_LSPP
ee6b344 
+#define _GNU_SOURCE
ee6b344 
+#include <string.h>
ee6b344 
+#endif /* WITH_LSPP */
ee6b344 
+
ee6b344 
 #include "common.h"
ee6b344 
 #include <locale.h>
ee6b344
ee6b344 
@@ -319,6 +325,18 @@
ee6b344 
 {
ee6b344 
   const char	*classification;	/* CLASSIFICATION environment variable */
ee6b344 
   const char	*ptr;			/* Temporary string pointer */
ee6b344 
+#ifdef WITH_LSPP
ee6b344 
+  int           i,                      /* counter */
ee6b344 
+                n,                      /* counter */
ee6b344 
+                lines,                  /* number of lines needed */
ee6b344 
+                line_len,               /* index into tmp_label */
ee6b344 
+                label_len,              /* length of the label in characters */
ee6b344 
+                label_index,            /* index into the label */
ee6b344 
+                longest,                /* length of the longest line */
ee6b344 
+                longest_line,           /* index to the longest line */
ee6b344 
+                max_width;              /* maximum width in characters */
ee6b344 
+  char          **wrapped_label;        /* label with line breaks */
ee6b344 
+#endif /* WITH_LSPP */
ee6b344
ee6b344
ee6b344 
  /*
ee6b344 
@@ -341,6 +359,124 @@
ee6b344 
     return;
ee6b344 
   }
ee6b344
ee6b344 
+#ifdef WITH_LSPP
ee6b344 
+  if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL)
ee6b344 
+  {
ee6b344 
+   /*
ee6b344 
+    * Based on the 12pt fixed width font below determine the max_width
ee6b344 
+    */
ee6b344 
+    max_width = width / 8;
ee6b344 
+    longest_line = 0;
ee6b344 
+    longest = 0;
ee6b344 
+    classification += 5; // Skip the "LSPP:"
ee6b344 
+    label_len = strlen(classification);
ee6b344 
+
ee6b344 
+    if (label_len > max_width)
ee6b344 
+    {
ee6b344 
+      lines = 1 + (int)(label_len / max_width);
ee6b344 
+      line_len = (int)(label_len / lines);
ee6b344 
+      wrapped_label = malloc(sizeof(wrapped_label) * lines);
ee6b344 
+      label_index = i = n = 0;
ee6b344 
+      while (classification[label_index])
ee6b344 
+      {
ee6b344 
+        if ((label_index + line_len) > label_len)
ee6b344 
+          break;
ee6b344 
+        switch (classification[label_index + line_len + i])
ee6b344 
+        {
ee6b344 
+          case ':':
ee6b344 
+          case ',':
ee6b344 
+          case '-':
ee6b344 
+            i++;
ee6b344 
+            wrapped_label[n++] = strndup(&classification[label_index], (line_len + i));
ee6b344 
+            label_index += line_len + i;
ee6b344 
+            i = 0;
ee6b344 
+            break;
ee6b344 
+          default:
ee6b344 
+            i++;
ee6b344 
+            break;
ee6b344 
+        }
ee6b344 
+        if ((i + line_len) == max_width)
ee6b344 
+        {
ee6b344 
+          wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i));
ee6b344 
+          label_index = label_index + line_len + i;
ee6b344 
+          i = 0;
ee6b344 
+        }
ee6b344 
+      }
ee6b344 
+      wrapped_label[n] = strndup(&classification[label_index], label_len - label_index);
ee6b344 
+    }
ee6b344 
+    else
ee6b344 
+    {
ee6b344 
+      lines = 1;
ee6b344 
+      wrapped_label = malloc(sizeof(wrapped_label));
ee6b344 
+      wrapped_label[0] = (char*)classification;
ee6b344 
+    }
ee6b344 
+
ee6b344 
+    for (n = 0; n < lines; n++ )
ee6b344 
+    {
ee6b344 
+      printf("userdict/ESPp%c(", ('a' + n));
ee6b344 
+      for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)
ee6b344 
+        if (*ptr < 32 || *ptr > 126)
ee6b344 
+          printf("\\%03o", *ptr);
ee6b344 
+        else
ee6b344 
+        {
ee6b344 
+          if (*ptr == '(' || *ptr == ')' || *ptr == '\\')
ee6b344 
+            putchar('\\');
ee6b344 
+
ee6b344 
+          printf("%c", *ptr);
ee6b344 
+        }
ee6b344 
+      if (i > longest)
ee6b344 
+      {
ee6b344 
+        longest = i;
ee6b344 
+        longest_line = n;
ee6b344 
+      }
ee6b344 
+      printf(")put\n");
ee6b344 
+    }
ee6b344 
+
ee6b344 
+   /*
ee6b344 
+    * For LSPP use a fixed width font so that line wrapping can be calculated
ee6b344 
+    */
ee6b344 
+
ee6b344 
+    puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put");
ee6b344 
+
ee6b344 
+   /*
ee6b344 
+    * Finally, the procedure to write the labels on the page...
ee6b344 
+    */
ee6b344 
+
ee6b344 
+    printf("userdict/ESPwl{\n"
ee6b344 
+           "  ESPlf setfont\n");
ee6b344 
+    printf("  ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ",
ee6b344 
+           'a' + longest_line, width * 0.5f);
ee6b344 
+    for (n = 1; n < lines; n++)
ee6b344 
+      printf(" dup");
ee6b344 
+    printf("\n  1 setgray\n");
ee6b344 
+    printf("  dup 6 sub %.0f %d index %.0f ESPrf\n",
ee6b344 
+           (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
ee6b344 
+    printf("  dup 6 sub %.0f %d index %.0f ESPrf\n",
ee6b344 
+           (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
ee6b344 
+    printf("  0 setgray\n");
ee6b344 
+    printf("  dup 6 sub %.0f %d index %.0f ESPrs\n",
ee6b344 
+           (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
ee6b344 
+    printf("  dup 6 sub %.0f %d index %.0f ESPrs\n",
ee6b344 
+           (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
ee6b344 
+    for (n = 0; n < lines; n ++)
ee6b344 
+    {
ee6b344 
+      printf("  dup %.0f moveto ESPp%c show\n",
ee6b344 
+             bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n);
ee6b344 
+      printf("  %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n);
ee6b344 
+    }
ee6b344 
+    printf("  pop\n"
ee6b344 
+           "}bind put\n");
ee6b344 
+
ee6b344 
+   /*
ee6b344 
+    * Do some clean up at the end of the LSPP special case
ee6b344 
+    */
ee6b344 
+    free(wrapped_label);
ee6b344 
+
ee6b344 
+  }
ee6b344 
+  else
ee6b344 
+  {
ee6b344 
+#endif /* !WITH_LSPP */
ee6b344 
+
ee6b344 
  /*
ee6b344 
   * Set the classification + page label string...
ee6b344 
   */
ee6b344 
@@ -421,7 +557,10 @@
ee6b344 
   printf("  %.0f moveto ESPpl show\n", top - 14.0);
ee6b344 
   puts("pop");
ee6b344 
   puts("}bind put");
ee6b344 
+  }
ee6b344 
+#ifdef WITH_LSPP
ee6b344 
 }
ee6b344 
+#endif /* WITH_LSPP */
ee6b344
ee6b344
ee6b344 
 /*
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.