16182423 Update error code for all the failed use of authorization records in CUPS
16182458 Print 3 files requesting nolabel and nobanner should produce 6 audit records
16201093 For remote print requests, the path token in AR from GZ needs modification
New file |
| | |
| | | --- scheduler/ipp.c Thu Jan 17 01:48:12 2013 |
| | | +++ scheduler/ipp.c Thu Jan 17 01:47:45 2013 |
| | | @@ -128,6 +128,7 @@ |
| | | #include <deflt.h> |
| | | #include <auth_attr.h> |
| | | #include <secdb.h> |
| | | +#include <bsm/adt_event.h> |
| | | #endif /* HAVE_TSOL */ |
| | | |
| | | /* |
| | | @@ -1523,7 +1524,7 @@ |
| | | * print request will fail since user |
| | | * does not have the required authorization. |
| | | */ |
| | | - cups_audit_print_request_denial(con, NULL, printer, -1, EACCES); |
| | | + cups_audit_print_request_denial(con, NULL, printer, -1, ADT_FAIL_VALUE_AUTH); |
| | | send_http_error(con, HTTP_UNAUTHORIZED, printer); |
| | | return (NULL); |
| | | } |
| | | @@ -1546,7 +1547,7 @@ |
| | | * print request will fail since user |
| | | * does not have the required authorization. |
| | | */ |
| | | - cups_audit_print_request_denial(con, NULL, printer, -1, EACCES); |
| | | + cups_audit_print_request_denial(con, NULL, printer, -1, ADT_FAIL_VALUE_AUTH); |
| | | send_http_error(con, HTTP_UNAUTHORIZED, printer); |
| | | return (NULL); |
| | | } |
New file |
| | |
| | | --- scheduler/audit.c Tue Feb 5 07:54:29 2013 |
| | | +++ scheduler/audit.c Tue Feb 5 07:53:56 2013 |
| | | @@ -171,7 +171,6 @@ |
| | | int job_id, boolean_t remote) |
| | | { |
| | | char tmpfile[IPP_MAX_NAME]; |
| | | - char tfile[IPP_MAX_NAME]; |
| | | char r_job_ID[IPP_MAX_NAME]; |
| | | char *file, *f_job_ID = NULL; |
| | | struct stat attributes; |
| | | @@ -239,14 +238,9 @@ |
| | | |
| | | /* |
| | | * In case of remote request, filelist contains client document-name. |
| | | - * Append the same to filename before writing to the audit record. |
| | | */ |
| | | if (remote && (filelist != NULL)) { |
| | | - strlcpy(tfile, "Local file: ", sizeof (tmpfile)); |
| | | - strcat(tfile, tmpfile); |
| | | - strcat(tfile, " | Remote file: "); |
| | | - strcat(tfile, filelist); |
| | | - file = tfile; |
| | | + file = filelist; |
| | | } |
| | | |
| | | /* extract label from slabel */ |
| | | @@ -424,6 +418,7 @@ |
| | | int status, return_val; |
| | | struct addrinfo *ai = NULL; |
| | | boolean_t remote = B_FALSE; |
| | | + boolean_t freedlist = B_FALSE; |
| | | |
| | | if ((event = adt_alloc_event(ah, event_ID)) == NULL) { |
| | | cupsdLogMessage(CUPSD_LOG_EMERG, |
| | | @@ -485,10 +480,24 @@ |
| | | if (document_list == NULL) { |
| | | dlist = job_name; |
| | | } else { |
| | | - dlist = document_list; |
| | | + dlist = strdup(document_list); |
| | | + freedlist = B_TRUE; |
| | | + } |
| | | + |
| | | + if (dlist != NULL) { |
| | | cupsdLogMessage(CUPSD_LOG_DEBUG2, |
| | | + "cups_audit_print_request_sub():" |
| | | + "document-names is %s ", dlist); |
| | | + } else { |
| | | + cupsdLogMessage(CUPSD_LOG_ERROR, |
| | | "cups_audit_print_request_sub():" |
| | | - "document-names is %s ", dlist); |
| | | + "document list is NULL"); |
| | | + |
| | | + if (ai != NULL) |
| | | + freeaddrinfo(ai); |
| | | + |
| | | + adt_free_event(event); |
| | | + return; |
| | | } |
| | | |
| | | /* |
| | | @@ -495,9 +504,7 @@ |
| | | * document-names=f1,f2,f3... |
| | | * extract the files from it. |
| | | */ |
| | | - if (dlist != NULL) { |
| | | - filelist = strtok(dlist, ","); |
| | | - } |
| | | + filelist = strtok(dlist, ","); |
| | | |
| | | if (remote) { |
| | | /* Remote Request */ |
| | | @@ -540,6 +547,9 @@ |
| | | freeaddrinfo(ai); |
| | | } |
| | | |
| | | + if (freedlist) |
| | | + free(dlist); |
| | | + |
| | | adt_free_event(event); |
| | | } |
| | | |