Validating the Label Request Against the Printer's Label Range
In the printing application, the code for validating the label is contained
in the lp/cmd/lpsched/validate.c file.
Some types of applications need to compare two given labels. For example,
an application might need to determine if one label strictly dominates another
label. These applications use API functions that compare one label to another
label.
The printing application, however, is based on a range of labels. A
printer is configured to accept printing requests from a range of different
labels. Therefore, the printing application uses API functions that check a label
against a range. The application checks that the label from the
remote host falls within the range of labels that the printer allows.
In the validate.c file, the printing application uses the blinrange() function to
check the remote host's label against the label range of the printer.
This check is made within the tsol_check_printer_label_range() function, as shown here:
static int
tsol_check_printer_label_range(char *slabel, const char *printer)
{
int in_range = 0;
int err = 0;
blrange_t *range;
m_label_t *sl = NULL;
if (slabel == NULL)
return (0);
if ((err =
(str_to_label(slabel, &sl, USER_CLEAR, L_NO_CORRECTION, &in_range)))
== -1) {
/* str_to_label error on printer max label */
return (0);
}
if ((range = getdevicerange(printer)) == NULL) {
m_label_free(sl);
return (0);
}
/* blinrange returns true (1) if in range, false (0) if not */
in_range = blinrange(sl, range);
m_label_free(sl);
m_label_free(range->lower_bound);
m_label_free(range->upper_bound);
free(range);
return (in_range);
}
The tsol_check_printer_label_range() function takes as parameters the label returned by the get_peer_label()
function and the name of the printer.
Before comparing the labels, tsol_check_printer_label_range() converts the string into a label by
using the str_to_label() function.
The label type is set to USER_CLEAR, which produces the clearance label
of the associated object. The clearance label ensures that the appropriate level
of label is used in the range check that the blinrange() function
performs.
The sl label that is obtained from str_to_label() is checked to determine
whether the remote host's label, slabel, is within the range of the
requested device, that is, the printer. This label is tested against the
printer's label. The printer's range is obtained by calling the getdevicerange() function
for the selected printer. The range is returned as a blrange_t data
structure.
The printer's label range in the blrange_t data structure is passed into
the blinrange() function, along with the clearance label of the requester. See
the blinrange(3TSOL) man page.
The following code excerpt shows the _validate() function in the validate.c file.
This function is used to find a printer to handle a printing
request. This code compares the user ID and the label associated with
the request against the set of allowed users and the label range
that is associated with each printer.
/*
* If a single printer was named, check the request against it.
* Do the accept/reject check late so that we give the most
* useful information to the user.
*/
if (pps) {
(pc = &single)->pps = pps;
/* Does the printer allow access to the user? */
if (!CHKU(prs, pps)) {
ret = MDENYDEST;
goto Return;
}
/* Check printer label range */
if (is_system_labeled() && prs->secure->slabel != NULL) {
if (tsol_check_printer_label_range(prs->secure->slabel,
pps->printer->name) == 0) {
ret = MDENYDEST;
goto Return;
}
}