15698471 cups should audit printing information in TX environments
14850597 TX printing is reported to print jobs even when request authorization fail.
--- scheduler/ipp.c Fri Jan 4 02:15:27 2013
+++ scheduler/ipp.c Fri Jan 4 02:14:58 2013
@@ -1510,6 +1510,52 @@
}
#endif /* HAVE_SSL */
+#if defined(HAVE_TSOL)
+ if (is_system_labeled() != 0) {
+ ipp_attribute_t *uattr;
+ uattr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
+ if (uattr) {
+ /* check for 'nolabels' in request */
+ if (ippFindAttribute(con->request, "labels", IPP_TAG_ZERO) != NULL) {
+ /* check if user is authorized */
+ if (chkauthattr("solaris.print.unlabeled", uattr->values[0].string.text) == 0) {
+ /*
+ * print request will fail since user
+ * does not have the required authorization.
+ */
+ cups_audit_print_request_denial(con, NULL, printer, -1, EACCES);
+ send_http_error(con, HTTP_UNAUTHORIZED, printer);
+ return (NULL);
+ }
+ }
+
+ /*
+ * check for nobanner.
+ * '-o job-sheets=none,none' means
+ * user does not want to print banner and trailer page.
+ */
+ if ((attr = ippFindAttribute(con->request, "job-sheets",
+ IPP_TAG_ZERO)) != NULL) {
+ if (strcmp(attr->values[0].string.text, "none") == 0) {
+ /*
+ * User wants no banner.
+ * Check if user is authorized.
+ */
+ if (chkauthattr("solaris.print.nobanner", uattr->values[0].string.text) == 0) {
+ /*
+ * print request will fail since user
+ * does not have the required authorization.
+ */
+ cups_audit_print_request_denial(con, NULL, printer, -1, EACCES);
+ send_http_error(con, HTTP_UNAUTHORIZED, printer);
+ return (NULL);
+ }
+ }
+ }
+ }
+ }
+#endif /* HAVE_TSOL */
+
/*
* See if the printer is accepting jobs...
*/