45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * CDDL HEADER START
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk *
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * The contents of this file are subject to the terms of the
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Common Development and Distribution License (the "License").
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * You may not use this file except in compliance with the License.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk *
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * or http://www.opensolaris.org/os/licensing.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * See the License for the specific language governing permissions
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * and limitations under the License.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk *
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * When distributing Covered Code, include this CDDL HEADER in each
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * If applicable, add the following below this CDDL HEADER, with the
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * fields enclosed by brackets "[]" replaced with your own identifying
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * information: Portions Copyright [yyyy] [name of copyright owner]
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk *
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * CDDL HEADER END
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig * Copyright (c) 2006, 2010, Oracle and/or its affiliates. All rights reserved.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#include <sys/types.h>
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#include <sys/zone.h>
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#include <syslog.h>
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#include <strings.h>
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#include <ucred.h>
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#include "tsol/label.h"
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/* lpsched include files */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#if defined PS_FAULTED
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#undef PS_FAULTED
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#endif /* PS_FAULTED */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk#include "lp.h"
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig#include <sys/tsol/label_macro.h>
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk/*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * get_labeled_zonename - gets the the zonename with the same label.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk *
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Input:
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * slabel - USER_CLEAR label to match
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk *
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * Output:
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * -1 - zonename with that label could not be found
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * or no memory for zonename
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * 0 - label was GLOBAL_ZONENAME
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * addr - zonename of zone matching USER_CLEAR label
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * must be retuened by calling Free(addr)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk *
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkchar *
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkget_labeled_zonename(char *slabel)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk{
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk m_label_t *bsl = NULL;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk int err = 0;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk ssize_t zonename_size = -1;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk zoneid_t zid = -1;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk char *zname = NULL;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk syslog(LOG_DEBUG, "lpsched: get_labeled_zonename %s", slabel);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /*
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk * convert the label to binary.
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (str_to_label(slabel, &bsl, USER_CLEAR,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk L_NO_CORRECTION, &err) == -1) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* label could not be converted, error */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk syslog(LOG_WARNING,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk "lpsched: %s: label not recognized (error==%d)",
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk slabel, err);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk return ((char *)-1);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk }
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if ((zid = getzoneidbylabel(bsl)) < 0) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* no zone with that label, cannot send mail */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk syslog(LOG_WARNING,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk "lpsched: cannot send mail, no zone with %s label",
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk slabel);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk m_label_free(bsl);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk return ((char *)-1);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk }
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk zname = Malloc(ZONENAME_MAX + 1);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if ((zonename_size = getzonenamebyid(zid, zname, ZONENAME_MAX + 1))
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk == -1) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk /* cannot get zone name, cannot send mail */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk syslog(LOG_WARNING,
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk "lpsched: cannot send mail, no zone name for %s",
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk slabel);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk m_label_free(bsl);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk Free(zname);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk return ((char *)-1);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk } else {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk m_label_free(bsl);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (strcmp(zname, GLOBAL_ZONENAME) == 0) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk Free(zname);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk zname = NULL;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk }
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk }
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk return (zname);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk}
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkint
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpkget_peer_label(int fd, char **slabel)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk{
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (is_system_labeled()) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk ucred_t *uc = NULL;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk m_label_t *sl;
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig m_label_t admin_low;
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig m_label_t admin_high;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk char *pslabel = NULL; /* peer's slabel */
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if ((fd < 0) || (slabel == NULL)) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk errno = EINVAL;
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk return (-1);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk }
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig bsllow(&admin_low);
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig bslhigh(&admin_high);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (getpeerucred(fd, &uc) == -1)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk return (-1);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk sl = ucred_getlabel(uc);
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig /*
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig * Remote print requests from the global zone
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig * arrive at admin_low, make them admin_high to
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig * avoid downgrade.
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig */
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig if (blequal(sl, &admin_low)) {
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig sl = &admin_high;
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig syslog(LOG_DEBUG, "get_peer_label(): upgrade"
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig " admin_low label to admin_high");
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig }
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (label_to_str(sl, &pslabel, M_INTERNAL, DEF_NAMES) != 0)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk syslog(LOG_WARNING, "label_to_str(): %m");
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk ucred_free(uc);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (pslabel != NULL) {
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk syslog(LOG_DEBUG, "get_peer_label(%d, %s): becomes %s",
3eb7f67186d33bd2e65b4d12d5c6134da44658dfThuy Fettig fd, (*slabel ? *slabel : "NULL"), pslabel);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk if (*slabel != NULL)
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk free(*slabel);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk *slabel = strdup(pslabel);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk }
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk }
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk return (0);
45916cd2fec6e79bca5dee0421bd39e3c2910d1ejpk}