15698471 cups should audit printing information in TX environments
14850597 TX printing is reported to print jobs even when request authorization fail.
16182423 Update error code for all the failed use of authorization records in CUPS
16182458 Print 3 files requesting nolabel and nobanner should produce 6 audit records
16201093 For remote print requests, the path token in AR from GZ needs modification
--- scheduler/ipp.c Fri Jan 4 02:15:27 2013
+++ scheduler/ipp.c Fri Jan 4 02:14:58 2013
@@ -1510,6 +1510,52 @@
}
#endif /* HAVE_SSL */
+#if defined(HAVE_TSOL)
+ if (is_system_labeled() != 0) {
+ ipp_attribute_t *uattr;
+ uattr = ippFindAttribute(con->request, "requesting-user-name", IPP_TAG_NAME);
+ if (uattr) {
+ /* check for 'nolabels' in request */
+ if (ippFindAttribute(con->request, "labels", IPP_TAG_ZERO) != NULL) {
+ /* check if user is authorized */
+ if (chkauthattr("solaris.print.unlabeled", uattr->values[0].string.text) == 0) {
+ /*
+ * print request will fail since user
+ * does not have the required authorization.
+ */
+ cups_audit_print_request_denial(con, NULL, printer, -1, EACCES);
+ send_http_error(con, HTTP_UNAUTHORIZED, printer);
+ return (NULL);
+ }
+ }
+
+ /*
+ * check for nobanner.
+ * '-o job-sheets=none,none' means
+ * user does not want to print banner and trailer page.
+ */
+ if ((attr = ippFindAttribute(con->request, "job-sheets",
+ IPP_TAG_ZERO)) != NULL) {
+ if (strcmp(attr->values[0].string.text, "none") == 0) {
+ /*
+ * User wants no banner.
+ * Check if user is authorized.
+ */
+ if (chkauthattr("solaris.print.nobanner", uattr->values[0].string.text) == 0) {
+ /*
+ * print request will fail since user
+ * does not have the required authorization.
+ */
+ cups_audit_print_request_denial(con, NULL, printer, -1, EACCES);
+ send_http_error(con, HTTP_UNAUTHORIZED, printer);
+ return (NULL);
+ }
+ }
+ }
+ }
+ }
+#endif /* HAVE_TSOL */
+
/*
* See if the printer is accepting jobs...
*/