Letting any user remove jobs

Anders Blomdell anders.blomdell at control.lth.se
Fri Oct 22 02:59:28 PDT 2004 

Michael Sweet wrote:
> Anders Blomdell wrote:
> > ...
> > One more comment: Doesn't that allow everything for all users? I
> > don't want them to fiddle with configuration, only wih the queues.
>
> If you mean you want to allow all users to be able to cancel jobs,
> but not to start/stop/accept/reject/configure printers, then you'll
> want to look at the cancel_job() code in scheduler/ipp.c; just remove
> the check for a valid user...

Patch that allows finegrained control attached. Now I can specify that anybody can {start, stop, reject, accept} on printers and
{hold, release} on jobs by specifying:

<Location /jobs/?op=hold-job>
SkipJobOwnerValidation true
Allow From x.y.z.w/24
</Location>
<Location /jobs/?op=release-job>
SkipJobOwnerValidation true
Allow From x.y.z.w/24
</Location>
<Location /admin/?op=stop-printer>
Allow From x.y.z.w/24
</Location>
<Location /admin/?op=start-printer>
Allow From x.y.z.w/24
</Location>
<Location /admin/?op=accept-jobs>
Allow From x.y.z.w/24
</Location>
<Location /admin/?op=reject-jobs>
Allow From x.y.z.w/24
</Location>
<Location /admin/>
# !!! Necessary to avoid infinite loop on /admin/?op=* above
Allow From x.y.z.w/24
</Location>
<Location /admin/?op>
Deny From x.y.z.w/24
</Location>

Regards

Anders Blomdell

Patch below:

--- cups-1.1.22rc2.orig/scheduler/auth.h        2004-08-23 20:00:59.000000000 +0200
+++ cups-1.1.22rc2/scheduler/auth.h     2004-10-22 10:05:17.994136744 +0200
@@ -98,6 +98,7 @@
   int          num_deny;               /* Number of Deny lines */
   authmask_t   *deny;                  /* Deny lines */
   http_encryption_t encryption;                /* To encrypt or not to encrypt... */
+  int           skip_owner_validation;   /* Should job ownership be honored */
 } location_t;


diff -urb cups-1.1.22rc2.orig/scheduler/conf.c cups-1.1.22rc2/scheduler/conf.c
--- cups-1.1.22rc2.orig/scheduler/conf.c        2004-08-23 20:00:59.000000000 +0200
+++ cups-1.1.22rc2/scheduler/conf.c     2004-10-22 09:56:16.960386376 +0200
@@ -2040,6 +2040,25 @@
         LogMessage(L_WARN, "Unknown Satisfy value %s on line %d.", value,
                   linenum);
     }
+    else if (strcasecmp(name, "SkipJobOwnerValidation") == 0)
+    {
+      if (strcasecmp(value, "true") == 0 ||
+         strcasecmp(value, "on") == 0 ||
+         strcasecmp(value, "enabled") == 0 ||
+         strcasecmp(value, "yes") == 0 ||
+         atoi(value) != 0)
+       loc->skip_owner_validation = TRUE;
+      else if (strcasecmp(value, "false") == 0 ||
+              strcasecmp(value, "off") == 0 ||
+              strcasecmp(value, "disabled") == 0 ||
+              strcasecmp(value, "no") == 0 ||
+              strcasecmp(value, "0") == 0)
+       loc->skip_owner_validation = FALSE;
+      else
+       LogMessage(L_ERROR, "Unknown boolean value %s on line %d.",
+                  value, linenum);
+
+    }
     else
       LogMessage(L_ERROR, "Unknown Location directive %s on line %d.",
                 name, linenum);
diff -urb cups-1.1.22rc2.orig/scheduler/ipp.c cups-1.1.22rc2/scheduler/ipp.c
--- cups-1.1.22rc2.orig/scheduler/ipp.c 2004-10-04 22:23:54.000000000 +0200
+++ cups-1.1.22rc2/scheduler/ipp.c      2004-10-22 11:29:49.674124192 +0200
@@ -149,7 +149,7 @@
 static void    stop_printer(client_t *con, ipp_attribute_t *uri);
 static void    validate_job(client_t *con, ipp_attribute_t *uri);
 static int     validate_user(client_t *con, const char *owner, char *username,
-                             int userlen);
+                             int userlen, char *op);


 /*
@@ -1830,7 +1830,7 @@
   * See if the job is owned by the requesting user...
   */

-  if (!validate_user(con, job->username, username, sizeof(username)))
+  if (!validate_user(con, job->username, username, sizeof(username), "cancel-job"))
   {
     LogMessage(L_ERROR, "cancel_job: \"%s\" not authorized to delete job id %d owned by \"%s\"!",
                username, jobid, job->username);
@@ -4123,7 +4123,7 @@
   * See if the job is owned by the requesting user...
   */

-  if (!validate_user(con, job->username, username, sizeof(username)))
+  if (!validate_user(con, job->username, username, sizeof(username), "hold-job"))
   {
     LogMessage(L_ERROR, "hold_job: \"%s\" not authorized to hold job id %d owned by \"%s\"!",
                username, jobid, job->username);
@@ -4278,7 +4278,7 @@
   * See if the job is owned by the requesting user...
   */

-  if (!validate_user(con, job->username, username, sizeof(username)))
+  if (!validate_user(con, job->username, username, sizeof(username), "move-job"))
   {
     LogMessage(L_ERROR, "move_job: \"%s\" not authorized to move job id %d owned by \"%s\"!",
                username, jobid, job->username);
@@ -5509,7 +5509,7 @@
   * See if the job is owned by the requesting user...
   */

-  if (!validate_user(con, job->username, username, sizeof(username)))
+  if (!validate_user(con, job->username, username, sizeof(username), "release-job"))
   {
     LogMessage(L_ERROR, "release_job: \"%s\" not authorized to release job id %d owned by \"%s\"!",
                username, jobid, job->username);
@@ -5673,7 +5673,7 @@
   * See if the job is owned by the requesting user...
   */

-  if (!validate_user(con, job->username, username, sizeof(username)))
+  if (!validate_user(con, job->username, username, sizeof(username), "restart-job"))
   {
     LogMessage(L_ERROR, "restart_job: \"%s\" not authorized to restart job id %d owned by \"%s\"!",
                username, jobid, job->username);
@@ -5808,7 +5808,7 @@
   * See if the job is owned by the requesting user...
   */

-  if (!validate_user(con, job->username, username, sizeof(username)))
+  if (!validate_user(con, job->username, username, sizeof(username), "send-document"))
   {
     LogMessage(L_ERROR, "send_document: \"%s\" not authorized to send document for job id %d owned by \"%s\"!",
                username, jobid, job->username);
@@ -6262,7 +6262,7 @@
   * See if the job is owned by the requesting user...
   */

-  if (!validate_user(con, job->username, username, sizeof(username)))
+  if (!validate_user(con, job->username, username, sizeof(username), "set-job-attrs"))
   {
     LogMessage(L_ERROR, "set_job_attrs: \"%s\" not authorized to alter job id %d owned by \"%s\"!",
                username, jobid, job->username);
@@ -6785,7 +6785,8 @@
 validate_user(client_t   *con,         /* I - Client connection */
               const char *owner,       /* I - Owner of job/resource */
               char       *username,    /* O - Authenticated username */
-             int        userlen)       /* I - Length of username */
+             int        userlen,       /* I - Length of username */
+             char       *op)           /* I - Operation to validate */
 {
   int                  i, j;           /* Looping vars */
   ipp_attribute_t      *attr;          /* requesting-user-name attribute */
@@ -6816,6 +6817,32 @@
     strlcpy(username, "anonymous", userlen);

  /*
+  * Check if we should do user validation
+  */
+  if (op != NULL)
+  {
+    /* Create an uri '/jobs/?op=<op>' to match against, this happens to match the
+     * uri passed by the web admin interface
+     */
+    static char *prefix = "/jobs/?op=";
+    char *uri = malloc(strlen(prefix) + strlen(op) + 1);
+    if (uri)
+    {
+      location_t *best;                /* Best match for authentication */
+
+      strcpy(uri, prefix);
+      strcat(uri, op);
+      best = FindBest(uri, con->http.state); /* Perhaps we should force the http state? */
+      free(uri);                /* Done with uri, free it before returning */
+      if (best->skip_owner_validation)
+      {
+        LogMessage(L_DEBUG2, "Skipped owner validation for: '%s'\n", con->username);
+        return (1);
+      }
+    }
+  }
+
+ /*
   * Check the username against the owner...
   */

More information about the cups mailing list