8399d83
diff -up cups-1.4.4/config.h.in.lspp cups-1.4.4/config.h.in
8399d83
--- cups-1.4.4/config.h.in.lspp	2010-06-18 09:38:22.645104842 +0100
8399d83
+++ cups-1.4.4/config.h.in	2010-06-18 09:38:22.681104733 +0100
8399d83
@@ -646,6 +646,13 @@
cb06f24
 #undef HAVE_TCPD_H
8936a5c
 
8936a5c
 
8936a5c
+/*
8936a5c
+ * Are we trying to meet LSPP requirements?
8936a5c
+ */
8936a5c
+
8936a5c
+#undef WITH_LSPP
8936a5c
+
8936a5c
+
8936a5c
 #endif /* !_CUPS_CONFIG_H_ */
8936a5c
 
8936a5c
 /*
8399d83
diff -up cups-1.4.4/config-scripts/cups-lspp.m4.lspp cups-1.4.4/config-scripts/cups-lspp.m4
8399d83
--- cups-1.4.4/config-scripts/cups-lspp.m4.lspp	2010-06-18 09:38:22.681104733 +0100
8399d83
+++ cups-1.4.4/config-scripts/cups-lspp.m4	2010-06-18 09:38:22.681104733 +0100
8936a5c
@@ -0,0 +1,36 @@
8936a5c
+dnl
8936a5c
+dnl   LSPP code for the Common UNIX Printing System (CUPS).
8936a5c
+dnl
8936a5c
+dnl   Copyright 2005-2006 by Hewlett-Packard Development Company, L.P.
8936a5c
+dnl
8936a5c
+dnl   This program is free software; you can redistribute it and/or modify
8936a5c
+dnl   it under the terms of the GNU General Public License as published by
8936a5c
+dnl   the Free Software Foundation; version 2.
8936a5c
+dnl
8936a5c
+dnl   This program is distributed in the hope that it will be useful, but
8936a5c
+dnl   WITHOUT ANY WARRANTY; without even the implied warranty of
8936a5c
+dnl   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
8936a5c
+dnl   General Public License for more details.
8936a5c
+dnl
8936a5c
+dnl   You should have received a copy of the GNU General Public License
8936a5c
+dnl   along with this program; if not, write to the Free Software Foundation,
8936a5c
+dnl   Inc., 51 Franklin Street, Fifth Floor Boston, MA 02110-1301 USA
8936a5c
+dnl
8936a5c
+
8936a5c
+dnl Are we trying to meet LSPP requirements
8936a5c
+AC_ARG_ENABLE(lspp, [  --enable-lspp           turn on auditing and label support, default=no])
8936a5c
+
8936a5c
+if test x"$enable_lspp" != xno; then
8936a5c
+    case "$uname" in
8936a5c
+        Linux)
8936a5c
+            AC_CHECK_LIB(audit,audit_log_user_message, [LIBAUDIT="-laudit" AC_SUBST(LIBAUDIT)])
8936a5c
+            AC_CHECK_HEADER(libaudit.h)
8936a5c
+            AC_CHECK_LIB(selinux,getpeercon, [LIBSELINUX="-lselinux" AC_SUBST(LIBSELINUX)])
8936a5c
+            AC_CHECK_HEADER(selinux/selinux.h)
8936a5c
+            AC_DEFINE(WITH_LSPP)
8936a5c
+            ;;
8936a5c
+        *)
8936a5c
+            # All others
8936a5c
+            ;;
8936a5c
+    esac
8936a5c
+fi
8399d83
diff -up cups-1.4.4/configure.in.lspp cups-1.4.4/configure.in
8399d83
--- cups-1.4.4/configure.in.lspp	2010-06-16 01:39:16.000000000 +0100
8399d83
+++ cups-1.4.4/configure.in	2010-06-18 09:38:22.682104565 +0100
8936a5c
@@ -42,6 +42,8 @@ sinclude(config-scripts/cups-pap.m4)
8936a5c
 sinclude(config-scripts/cups-pdf.m4)
8936a5c
 sinclude(config-scripts/cups-scripting.m4)
8936a5c
 
8936a5c
+sinclude(config-scripts/cups-lspp.m4)
8936a5c
+
8936a5c
 INSTALL_LANGUAGES=""
8936a5c
 UNINSTALL_LANGUAGES=""
8936a5c
 LANGFILES=""
8399d83
diff -up cups-1.4.4/cups/cups.h.lspp cups-1.4.4/cups/cups.h
8399d83
--- cups-1.4.4/cups/cups.h.lspp	2010-04-23 19:56:34.000000000 +0100
8399d83
+++ cups-1.4.4/cups/cups.h	2010-06-18 09:38:22.682104565 +0100
cfc9fc5
@@ -15,6 +15,9 @@
cfc9fc5
  *   This file is subject to the Apple OS-Developed Software exception.
cfc9fc5
  */
cfc9fc5
 
cfc9fc5
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
cfc9fc5
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
cfc9fc5
+
cfc9fc5
 #ifndef _CUPS_CUPS_H_
cfc9fc5
 #  define _CUPS_CUPS_H_
cfc9fc5
 
8399d83
@@ -86,6 +89,12 @@ extern "C" {
cb06f24
 #  define CUPS_WHICHJOBS_COMPLETED 1
cfc9fc5
 
cfc9fc5
 
cfc9fc5
+# ifdef WITH_LSPP
cfc9fc5
+# define MLS_CONFIG "mls"
cfc9fc5
+# define TE_CONFIG "te"
cfc9fc5
+# define SELINUX_CONFIG "SELinux"
cfc9fc5
+# define UNKNOWN_SL "UNKNOWN SL"
cfc9fc5
+# endif /* WITH_LSPP */
cfc9fc5
 /*
cfc9fc5
  * Types and structures...
cfc9fc5
  */
8399d83
diff -up cups-1.4.4/data/Makefile.lspp cups-1.4.4/data/Makefile
8399d83
--- cups-1.4.4/data/Makefile.lspp	2008-11-12 19:30:57.000000000 +0000
8399d83
+++ cups-1.4.4/data/Makefile	2010-06-18 09:38:22.686104153 +0100
8936a5c
@@ -25,7 +25,10 @@ BANNERS	=	\
8936a5c
 		secret \
8936a5c
 		standard \
8936a5c
 		topsecret \
8936a5c
-		unclassified
8936a5c
+		unclassified \
8936a5c
+		selinux \
8936a5c
+		mls \
8936a5c
+		te
e7076f3
 
8936a5c
 CHARMAPS =	\
8936a5c
 		euc-cn.txt \
8399d83
diff -up cups-1.4.4/data/mls.lspp cups-1.4.4/data/mls
8399d83
--- cups-1.4.4/data/mls.lspp	2010-06-18 09:38:22.686104153 +0100
8399d83
+++ cups-1.4.4/data/mls	2010-06-18 09:38:22.687104566 +0100
8936a5c
@@ -0,0 +1,261 @@
8936a5c
+%!PS-Adobe-3.0
8936a5c
+%%BoundingBox: 0 0 612 792
8936a5c
+%%Pages: 1
8936a5c
+%%LanguageLevel: 1
8936a5c
+%%DocumentData: Clean7Bit
8936a5c
+%%DocumentSuppliedResources: procset bannerprint/1.0
8936a5c
+%%DocumentNeededResources: font Helvetica Helvetica-Bold Times-Roman
8936a5c
+%%Creator: Michael Sweet, Easy Software Products
8936a5c
+%%CreationDate: May 10, 2000
8936a5c
+%%Title: Test Page
8936a5c
+%%EndComments
8936a5c
+%%BeginProlog
8936a5c
+%%BeginResource procset bannerprint 1.1 0
8936a5c
+%
8936a5c
+%   PostScript banner page for the Common UNIX Printing System ("CUPS").
8936a5c
+%
8936a5c
+%   Copyright 1993-2005 by Easy Software Products
8936a5c
+%
8936a5c
+%   These coded instructions, statements, and computer programs are the
8936a5c
+%   property of Easy Software Products and are protected by Federal
8936a5c
+%   copyright law.  Distribution and use rights are outlined in the file
8936a5c
+%   "LICENSE.txt" which should have been included with this file.  If this
8936a5c
+%   file is missing or damaged please contact Easy Software Products
8936a5c
+%   at:
8936a5c
+%
8936a5c
+%       Attn: CUPS Licensing Information
8936a5c
+%       Easy Software Products
8936a5c
+%       44141 Airport View Drive, Suite 204
8936a5c
+%       Hollywood, Maryland 20636 USA
8936a5c
+%
8936a5c
+%       Voice: (301) 373-9600
8936a5c
+%       EMail: cups-info@cups.org
8936a5c
+%         WWW: http://www.cups.org
8936a5c
+%
8936a5c
+/CENTER {			% Draw centered text
8936a5c
+				% (name) CENTER -
8936a5c
+  dup stringwidth pop		% Get the width of the string
8936a5c
+  0.5 mul neg 0 rmoveto		% Shift left 1/2 of the distance
8936a5c
+  show				% Show the string
8936a5c
+} bind def
8936a5c
+/RIGHT {			% Draw right-justified text
8936a5c
+				% (name) RIGHT -
8936a5c
+  dup stringwidth pop		% Get the width of the string
8936a5c
+  neg 0 rmoveto			% Shift left the entire distance
8936a5c
+  show				% Show the string
8936a5c
+} bind def
8936a5c
+/NUMBER {			% Draw a number
8936a5c
+				% power n NUMBER -
8936a5c
+  1 index 1 eq {		% power == 1?
8936a5c
+    round cvi exch pop		% Convert "n" to integer
8936a5c
+  } {
8936a5c
+    1 index mul round exch div	% Truncate extra decimal places
8936a5c
+  } ifelse
8936a5c
+  100 string cvs show		% Convert to a string and show it...
8936a5c
+} bind def
8936a5c
+/CUPSLOGO {			% Draw the CUPS logo
8936a5c
+				% height CUPSLOGO
8936a5c
+  % Start with a big C...
8936a5c
+  /Helvetica findfont 1 index scalefont setfont
8936a5c
+  0 setgray
8936a5c
+  0 0 moveto
8936a5c
+  (C) show
75d0e82
+
8936a5c
+  % Then "UNIX Printing System" much smaller...
8936a5c
+  /Helvetica-Bold findfont 1 index 9 div scalefont setfont
8936a5c
+  0.25 mul
8936a5c
+  dup dup 2.0 mul moveto
8936a5c
+  (UNIX) show
8936a5c
+  dup dup 1.6 mul moveto
8936a5c
+  (Printing) show
8936a5c
+  dup 1.2 mul moveto
8936a5c
+  (System) show
8936a5c
+} bind def
8936a5c
+/ESPLOGO {			% Draw the ESP logo
8936a5c
+				% height ESPLOGO
8936a5c
+  % Compute the size of the logo...
8936a5c
+  0 0
8936a5c
+  2 index 1.5 mul 3 index
75d0e82
+
8936a5c
+  % Do the "metallic" fill from 10% black to 40% black...
8936a5c
+  1 -0.001 0 {
8936a5c
+    dup			% loopval
8936a5c
+    -0.15 mul		% loopval * -0.15
8936a5c
+    0.9 add		% 0.9 - loopval * 0.15
8936a5c
+    setgray		% set gray shade
75d0e82
+
8936a5c
+    0			% x
8936a5c
+    1 index neg		% loopval
8936a5c
+    1 add		% 1 - loopval
8936a5c
+    3 index		% height
8936a5c
+    mul			% height * (1 - loopval)
8936a5c
+    moveto		% starting point
75d0e82
+
8936a5c
+    dup			% loopval
8936a5c
+    3 index		% width
8936a5c
+    mul			% loopval * width
8936a5c
+    2 index		% height
8936a5c
+    lineto		% Next point
75d0e82
+
8936a5c
+    0			% x
8936a5c
+    2 index		% height
8936a5c
+    lineto		% Next point
75d0e82
+
8936a5c
+    closepath
8936a5c
+    fill
fada3a1
+
8936a5c
+    dup			% loopval
8936a5c
+    0.15 mul		% loopval * 0.15
8936a5c
+    0.6 add		% 0.6 + loopval * 0.15
8936a5c
+    setgray
75d0e82
+
8936a5c
+    dup			% loopval
8936a5c
+    neg 1 add		% 1 - loopval
8936a5c
+    3 index		% width
8936a5c
+    mul			% (1 - loopval) * width
8936a5c
+    0			% y
8936a5c
+    moveto		% Starting point
75d0e82
+
8936a5c
+    2 index		% width
8936a5c
+    exch		% loopval
8936a5c
+    2 index		% height
8936a5c
+    mul			% loopval * height
8936a5c
+    lineto		% Next point
75d0e82
+
8936a5c
+    1 index		% width
8936a5c
+    0			% y
8936a5c
+    lineto		% Next point
75d0e82
+
8936a5c
+    closepath
8936a5c
+    fill
8936a5c
+  } for
75d0e82
+
8936a5c
+  0 setgray rectstroke
75d0e82
+
8936a5c
+  /Helvetica-BoldOblique findfont 1 index 3 div scalefont setfont
8936a5c
+  dup 40 div
75d0e82
+
8936a5c
+  dup 4 mul 1 index 25 mul moveto (E) show
8936a5c
+  dup 10 mul 1 index 15 mul moveto (S) show
8936a5c
+  dup 16 mul 1 index 5 mul moveto (P) show
75d0e82
+
8936a5c
+  /Helvetica-BoldOblique findfont 2 index 5 div scalefont setfont
8936a5c
+  dup 14 mul 1 index 29 mul moveto (asy) show
8936a5c
+  dup 20 mul 1 index 19 mul moveto (oftware) show
8936a5c
+  dup 26 mul 1 index 9 mul moveto (roducts) show
75d0e82
+
8936a5c
+  pop
8936a5c
+} bind def
8936a5c
+%%EndResource
8936a5c
+%%EndProlog
8936a5c
+%%Page: 1 1
8936a5c
+gsave
75d0e82
+
8936a5c
+  % Determine the imageable area and device resolution...
8936a5c
+  initclip newpath clippath pathbbox	% Get bounding rectangle
8936a5c
+  72 div /pageTop exch def		% Get top margin in inches
8936a5c
+  72 div /pageRight exch def		% Get right margin in inches
8936a5c
+  72 div /pageBottom exch def		% Get bottom margin in inches
8936a5c
+  72 div /pageLeft exch def		% Get left margin in inches
75d0e82
+
8936a5c
+  /pageWidth pageRight pageLeft sub def	% pageWidth = pageRight - pageLeft
8936a5c
+  /pageHeight pageTop pageBottom sub def% pageHeight = pageTop - pageBottom
75d0e82
+
8936a5c
+  /boxWidth				% width of text box
8936a5c
+  pageWidth pageHeight lt
8936a5c
+  { pageWidth 54 mul }
8936a5c
+  { pageHeight 42 mul }
8936a5c
+  ifelse def
75d0e82
+
8936a5c
+  newpath				% Clear bounding path
75d0e82
+
8936a5c
+  % Create fonts...
8936a5c
+  /bigFont /Helvetica-Bold findfont	% bigFont = Helvetica-Bold
8936a5c
+  pageHeight 3 mul scalefont def	% size = pageHeight * 3 (nominally 33)
75d0e82
+
8936a5c
+  /mediumFont /Helvetica findfont	% mediumFont = Helvetica
8936a5c
+  pageHeight 1.5 mul scalefont def	% size = pageHeight * 1.5 (nominally 16.5)
8936a5c
+
8936a5c
+  % Offset page to account for lower-left margin...
8936a5c
+  pageLeft 72 mul
8936a5c
+  pageBottom 72 mul
8936a5c
+  translate
8936a5c
+
8936a5c
+  % Job information box...
8936a5c
+  pageWidth 36 mul 9 add		% x = pageWidth * 1/2 * 72 + 9
8936a5c
+  boxWidth 0.5 mul sub			% x-= 1/2 box width
8936a5c
+  pageHeight 30 mul 9 sub		% y = pageHeight * 1/2 * 72 - 9
8936a5c
+  boxWidth				% w = box width
8936a5c
+  pageHeight 14 mul			% h = pageHeight * 1/2 * 72
8936a5c
+  0.5 setgray rectfill			% Draw a shadow
75d0e82
+
8936a5c
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
8936a5c
+  boxWidth 0.5 mul sub			% x-= 1/2 box width
8936a5c
+  pageHeight 30 mul			% y = pageHeight * 1/4 * 72
8936a5c
+  boxWidth				% w = box width
8936a5c
+  pageHeight 14 mul			% h = pageHeight * 1/2 * 72
75d0e82
+
8936a5c
+  4 copy 1 setgray rectfill		% Clear the box to white
8936a5c
+  0 setgray rectstroke			% Draw a black box around it...
75d0e82
+
8936a5c
+  % Job information text...
8936a5c
+  mediumFont setfont			% Medium sized font
75d0e82
+
8936a5c
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
8936a5c
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
8936a5c
+  pageHeight 5 mul add			% y += 2 lines
8936a5c
+  2 copy				% Copy X & Y
8936a5c
+  moveto
8936a5c
+  (Job ID: ) RIGHT
8936a5c
+  moveto
8936a5c
+  ({printer-name}-{job-id}) show
75d0e82
+
8936a5c
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
8936a5c
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
8936a5c
+  pageHeight 2 mul add			% y += 1 line
8936a5c
+  2 copy				% Copy X & Y
8936a5c
+  moveto
8936a5c
+  (Title: ) RIGHT
8936a5c
+  moveto
8936a5c
+  ({job-name}) show
e7076f3
+
8936a5c
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
8936a5c
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
8936a5c
+  pageHeight -1 mul add			% y -= 1 line
8936a5c
+  2 copy				% Copy X & Y
8936a5c
+  moveto
8936a5c
+  (Requesting User: ) RIGHT
8936a5c
+  moveto
8936a5c
+  ({job-originating-user-name}) show
cfc9fc5
+
8936a5c
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
8936a5c
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
8936a5c
+  pageHeight -4 mul add			% y -= 2 lines
8936a5c
+  2 copy				% Copy X & Y
8936a5c
+  moveto
8936a5c
+  (Billing Info: ) RIGHT
8936a5c
+  moveto
8936a5c
+  ({?job-billing}) show
8936a5c
+
8936a5c
+  % Then the CUPS logo....
8936a5c
+  gsave
8936a5c
+    pageWidth 4 mul
8936a5c
+    pageWidth 6 mul
8936a5c
+    translate
8936a5c
+    pageWidth 9 mul CUPSLOGO
8936a5c
+  grestore
8936a5c
+
8936a5c
+  % And the ESP logo....
8936a5c
+  gsave
8936a5c
+    pageWidth 59 mul
8936a5c
+    pageWidth 6 mul
8936a5c
+    translate
8936a5c
+    pageWidth 6 mul ESPLOGO
8936a5c
+  grestore
8936a5c
+% Show the page...
8936a5c
+grestore
8936a5c
+showpage
8936a5c
+%
8936a5c
+% End of "$Id: mls_template,v 1.1 2005/06/27 18:44:46 colmo Exp $".
8936a5c
+%
8936a5c
+%%EOF
8399d83
diff -up cups-1.4.4/data/selinux.lspp cups-1.4.4/data/selinux
8399d83
--- cups-1.4.4/data/selinux.lspp	2010-06-18 09:38:22.687104566 +0100
8399d83
+++ cups-1.4.4/data/selinux	2010-06-18 09:38:22.687104566 +0100
8936a5c
@@ -0,0 +1,261 @@
8936a5c
+%!PS-Adobe-3.0
8936a5c
+%%BoundingBox: 0 0 612 792
8936a5c
+%%Pages: 1
8936a5c
+%%LanguageLevel: 1
8936a5c
+%%DocumentData: Clean7Bit
8936a5c
+%%DocumentSuppliedResources: procset bannerprint/1.0
8936a5c
+%%DocumentNeededResources: font Helvetica Helvetica-Bold Times-Roman
8936a5c
+%%Creator: Michael Sweet, Easy Software Products
8936a5c
+%%CreationDate: May 10, 2000
8936a5c
+%%Title: Test Page
8936a5c
+%%EndComments
8936a5c
+%%BeginProlog
8936a5c
+%%BeginResource procset bannerprint 1.1 0
8936a5c
+%
8936a5c
+%   PostScript banner page for the Common UNIX Printing System ("CUPS").
8936a5c
+%
8936a5c
+%   Copyright 1993-2005 by Easy Software Products
8936a5c
+%
8936a5c
+%   These coded instructions, statements, and computer programs are the
8936a5c
+%   property of Easy Software Products and are protected by Federal
8936a5c
+%   copyright law.  Distribution and use rights are outlined in the file
8936a5c
+%   "LICENSE.txt" which should have been included with this file.  If this
8936a5c
+%   file is missing or damaged please contact Easy Software Products
8936a5c
+%   at:
8936a5c
+%
8936a5c
+%       Attn: CUPS Licensing Information
8936a5c
+%       Easy Software Products
8936a5c
+%       44141 Airport View Drive, Suite 204
8936a5c
+%       Hollywood, Maryland 20636 USA
8936a5c
+%
8936a5c
+%       Voice: (301) 373-9600
8936a5c
+%       EMail: cups-info@cups.org
8936a5c
+%         WWW: http://www.cups.org
8936a5c
+%
8936a5c
+/CENTER {			% Draw centered text
8936a5c
+				% (name) CENTER -
8936a5c
+  dup stringwidth pop		% Get the width of the string
8936a5c
+  0.5 mul neg 0 rmoveto		% Shift left 1/2 of the distance
8936a5c
+  show				% Show the string
8936a5c
+} bind def
8936a5c
+/RIGHT {			% Draw right-justified text
8936a5c
+				% (name) RIGHT -
8936a5c
+  dup stringwidth pop		% Get the width of the string
8936a5c
+  neg 0 rmoveto			% Shift left the entire distance
8936a5c
+  show				% Show the string
8936a5c
+} bind def
8936a5c
+/NUMBER {			% Draw a number
8936a5c
+				% power n NUMBER -
8936a5c
+  1 index 1 eq {		% power == 1?
8936a5c
+    round cvi exch pop		% Convert "n" to integer
8936a5c
+  } {
8936a5c
+    1 index mul round exch div	% Truncate extra decimal places
8936a5c
+  } ifelse
8936a5c
+  100 string cvs show		% Convert to a string and show it...
8936a5c
+} bind def
8936a5c
+/CUPSLOGO {			% Draw the CUPS logo
8936a5c
+				% height CUPSLOGO
8936a5c
+  % Start with a big C...
8936a5c
+  /Helvetica findfont 1 index scalefont setfont
8936a5c
+  0 setgray
8936a5c
+  0 0 moveto
8936a5c
+  (C) show
8936a5c
+
8936a5c
+  % Then "UNIX Printing System" much smaller...
8936a5c
+  /Helvetica-Bold findfont 1 index 9 div scalefont setfont
8936a5c
+  0.25 mul
8936a5c
+  dup dup 2.0 mul moveto
8936a5c
+  (UNIX) show
8936a5c
+  dup dup 1.6 mul moveto
8936a5c
+  (Printing) show
8936a5c
+  dup 1.2 mul moveto
8936a5c
+  (System) show
8936a5c
+} bind def
8936a5c
+/ESPLOGO {			% Draw the ESP logo
8936a5c
+				% height ESPLOGO
8936a5c
+  % Compute the size of the logo...
8936a5c
+  0 0
8936a5c
+  2 index 1.5 mul 3 index
cfc9fc5
+
8936a5c
+  % Do the "metallic" fill from 10% black to 40% black...
8936a5c
+  1 -0.001 0 {
8936a5c
+    dup			% loopval
8936a5c
+    -0.15 mul		% loopval * -0.15
8936a5c
+    0.9 add		% 0.9 - loopval * 0.15
8936a5c
+    setgray		% set gray shade
cfc9fc5
+
8936a5c
+    0			% x
8936a5c
+    1 index neg		% loopval
8936a5c
+    1 add		% 1 - loopval
8936a5c
+    3 index		% height
8936a5c
+    mul			% height * (1 - loopval)
8936a5c
+    moveto		% starting point
cfc9fc5
+
8936a5c
+    dup			% loopval
8936a5c
+    3 index		% width
8936a5c
+    mul			% loopval * width
8936a5c
+    2 index		% height
8936a5c
+    lineto		% Next point
cfc9fc5
+
8936a5c
+    0			% x
8936a5c
+    2 index		% height
8936a5c
+    lineto		% Next point
e7076f3
+
8936a5c
+    closepath
8936a5c
+    fill
e7076f3
+
8936a5c
+    dup			% loopval
8936a5c
+    0.15 mul		% loopval * 0.15
8936a5c
+    0.6 add		% 0.6 + loopval * 0.15
8936a5c
+    setgray
e7076f3
+
8936a5c
+    dup			% loopval
8936a5c
+    neg 1 add		% 1 - loopval
8936a5c
+    3 index		% width
8936a5c
+    mul			% (1 - loopval) * width
8936a5c
+    0			% y
8936a5c
+    moveto		% Starting point
e7076f3
+
8936a5c
+    2 index		% width
8936a5c
+    exch		% loopval
8936a5c
+    2 index		% height
8936a5c
+    mul			% loopval * height
8936a5c
+    lineto		% Next point
e7076f3
+
8936a5c
+    1 index		% width
8936a5c
+    0			% y
8936a5c
+    lineto		% Next point
e7076f3
+
8936a5c
+    closepath
8936a5c
+    fill
8936a5c
+  } for
cfc9fc5
+
8936a5c
+  0 setgray rectstroke
cfc9fc5
+
8936a5c
+  /Helvetica-BoldOblique findfont 1 index 3 div scalefont setfont
8936a5c
+  dup 40 div
cfc9fc5
+
8936a5c
+  dup 4 mul 1 index 25 mul moveto (E) show
8936a5c
+  dup 10 mul 1 index 15 mul moveto (S) show
8936a5c
+  dup 16 mul 1 index 5 mul moveto (P) show
e7076f3
+
8936a5c
+  /Helvetica-BoldOblique findfont 2 index 5 div scalefont setfont
8936a5c
+  dup 14 mul 1 index 29 mul moveto (asy) show
8936a5c
+  dup 20 mul 1 index 19 mul moveto (oftware) show
8936a5c
+  dup 26 mul 1 index 9 mul moveto (roducts) show
f4b6623
+
8936a5c
+  pop
8936a5c
+} bind def
8936a5c
+%%EndResource
8936a5c
+%%EndProlog
8936a5c
+%%Page: 1 1
8936a5c
+gsave
f4b6623
+
8936a5c
+  % Determine the imageable area and device resolution...
8936a5c
+  initclip newpath clippath pathbbox	% Get bounding rectangle
8936a5c
+  72 div /pageTop exch def		% Get top margin in inches
8936a5c
+  72 div /pageRight exch def		% Get right margin in inches
8936a5c
+  72 div /pageBottom exch def		% Get bottom margin in inches
8936a5c
+  72 div /pageLeft exch def		% Get left margin in inches
e7076f3
+
8936a5c
+  /pageWidth pageRight pageLeft sub def	% pageWidth = pageRight - pageLeft
8936a5c
+  /pageHeight pageTop pageBottom sub def% pageHeight = pageTop - pageBottom
f4b6623
+
8936a5c
+  /boxWidth				% width of text box
8936a5c
+  pageWidth pageHeight lt
8936a5c
+  { pageWidth 54 mul }
8936a5c
+  { pageHeight 42 mul }
8936a5c
+  ifelse def
f4b6623
+
8936a5c
+  newpath				% Clear bounding path
e7076f3
+
8936a5c
+  % Create fonts...
8936a5c
+  /bigFont /Helvetica-Bold findfont	% bigFont = Helvetica-Bold
8936a5c
+  pageHeight 3 mul scalefont def	% size = pageHeight * 3 (nominally 33)
e7076f3
+
8936a5c
+  /mediumFont /Helvetica findfont	% mediumFont = Helvetica
8936a5c
+  pageHeight 1.5 mul scalefont def	% size = pageHeight * 1.5 (nominally 16.5)
e7076f3
+
8936a5c
+  % Offset page to account for lower-left margin...
8936a5c
+  pageLeft 72 mul
8936a5c
+  pageBottom 72 mul
8936a5c
+  translate
e7076f3
+
8936a5c
+  % Job information box...
8936a5c
+  pageWidth 36 mul 9 add		% x = pageWidth * 1/2 * 72 + 9
8936a5c
+  boxWidth 0.5 mul sub			% x-= 1/2 box width
8936a5c
+  pageHeight 30 mul 9 sub		% y = pageHeight * 1/2 * 72 - 9
8936a5c
+  boxWidth				% w = box width
8936a5c
+  pageHeight 14 mul			% h = pageHeight * 1/2 * 72
8936a5c
+  0.5 setgray rectfill			% Draw a shadow
f4b6623
+
8936a5c
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
8936a5c
+  boxWidth 0.5 mul sub			% x-= 1/2 box width
8936a5c
+  pageHeight 30 mul			% y = pageHeight * 1/4 * 72
8936a5c
+  boxWidth				% w = box width
8936a5c
+  pageHeight 14 mul			% h = pageHeight * 1/2 * 72
e7076f3
+
8936a5c
+  4 copy 1 setgray rectfill		% Clear the box to white
8936a5c
+  0 setgray rectstroke			% Draw a black box around it...
e7076f3
+
8936a5c
+  % Job information text...
8936a5c
+  mediumFont setfont			% Medium sized font
f4b6623
+
8936a5c
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
8936a5c
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
8936a5c
+  pageHeight 5 mul add			% y += 2 lines
8936a5c
+  2 copy				% Copy X & Y
8936a5c
+  moveto
8936a5c
+  (Job ID: ) RIGHT
8936a5c
+  moveto
8936a5c
+  ({printer-name}-{job-id}) show
e7076f3
+
8936a5c
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
8936a5c
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
8936a5c
+  pageHeight 2 mul add			% y += 1 line
8936a5c
+  2 copy				% Copy X & Y
8936a5c
+  moveto
8936a5c
+  (Title: ) RIGHT
8936a5c
+  moveto
8936a5c
+  ({job-name}) show
e7076f3
+
8936a5c
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
8936a5c
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
8936a5c
+  pageHeight -1 mul add			% y -= 1 line
8936a5c
+  2 copy				% Copy X & Y
8936a5c
+  moveto
8936a5c
+  (Requesting User: ) RIGHT
8936a5c
+  moveto
8936a5c
+  ({job-originating-user-name}) show
e7076f3
+
8936a5c
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
8936a5c
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
8936a5c
+  pageHeight -4 mul add			% y -= 2 lines
8936a5c
+  2 copy				% Copy X & Y
8936a5c
+  moveto
8936a5c
+  (Billing Info: ) RIGHT
8936a5c
+  moveto
8936a5c
+  ({?job-billing}) show
e7076f3
+
8936a5c
+  % Then the CUPS logo....
8936a5c
+  gsave
8936a5c
+    pageWidth 4 mul
8936a5c
+    pageWidth 6 mul
8936a5c
+    translate
8936a5c
+    pageWidth 9 mul CUPSLOGO
8936a5c
+  grestore
f4b6623
+
8936a5c
+  % And the ESP logo....
8936a5c
+  gsave
8936a5c
+    pageWidth 59 mul
8936a5c
+    pageWidth 6 mul
8936a5c
+    translate
8936a5c
+    pageWidth 6 mul ESPLOGO
8936a5c
+  grestore
8936a5c
+% Show the page...
8936a5c
+grestore
8936a5c
+showpage
8936a5c
+%
8936a5c
+% End of "$Id: mls_template,v 1.1 2005/06/27 18:44:46 colmo Exp $".
8936a5c
+%
8936a5c
+%%EOF
8399d83
diff -up cups-1.4.4/data/te.lspp cups-1.4.4/data/te
8399d83
--- cups-1.4.4/data/te.lspp	2010-06-18 09:38:22.688105441 +0100
8399d83
+++ cups-1.4.4/data/te	2010-06-18 09:38:22.688105441 +0100
e7076f3
@@ -0,0 +1,261 @@
e7076f3
+%!PS-Adobe-3.0
e7076f3
+%%BoundingBox: 0 0 612 792
e7076f3
+%%Pages: 1
e7076f3
+%%LanguageLevel: 1
e7076f3
+%%DocumentData: Clean7Bit
e7076f3
+%%DocumentSuppliedResources: procset bannerprint/1.0
e7076f3
+%%DocumentNeededResources: font Helvetica Helvetica-Bold Times-Roman
e7076f3
+%%Creator: Michael Sweet, Easy Software Products
e7076f3
+%%CreationDate: May 10, 2000
e7076f3
+%%Title: Test Page
e7076f3
+%%EndComments
e7076f3
+%%BeginProlog
e7076f3
+%%BeginResource procset bannerprint 1.1 0
e7076f3
+%
e7076f3
+%   PostScript banner page for the Common UNIX Printing System ("CUPS").
e7076f3
+%
e7076f3
+%   Copyright 1993-2005 by Easy Software Products
e7076f3
+%
e7076f3
+%   These coded instructions, statements, and computer programs are the
e7076f3
+%   property of Easy Software Products and are protected by Federal
e7076f3
+%   copyright law.  Distribution and use rights are outlined in the file
e7076f3
+%   "LICENSE.txt" which should have been included with this file.  If this
e7076f3
+%   file is missing or damaged please contact Easy Software Products
e7076f3
+%   at:
e7076f3
+%
e7076f3
+%       Attn: CUPS Licensing Information
e7076f3
+%       Easy Software Products
e7076f3
+%       44141 Airport View Drive, Suite 204
e7076f3
+%       Hollywood, Maryland 20636 USA
e7076f3
+%
e7076f3
+%       Voice: (301) 373-9600
e7076f3
+%       EMail: cups-info@cups.org
e7076f3
+%         WWW: http://www.cups.org
e7076f3
+%
e7076f3
+/CENTER {			% Draw centered text
e7076f3
+				% (name) CENTER -
e7076f3
+  dup stringwidth pop		% Get the width of the string
e7076f3
+  0.5 mul neg 0 rmoveto		% Shift left 1/2 of the distance
e7076f3
+  show				% Show the string
e7076f3
+} bind def
e7076f3
+/RIGHT {			% Draw right-justified text
e7076f3
+				% (name) RIGHT -
e7076f3
+  dup stringwidth pop		% Get the width of the string
e7076f3
+  neg 0 rmoveto			% Shift left the entire distance
e7076f3
+  show				% Show the string
e7076f3
+} bind def
e7076f3
+/NUMBER {			% Draw a number
e7076f3
+				% power n NUMBER -
e7076f3
+  1 index 1 eq {		% power == 1?
e7076f3
+    round cvi exch pop		% Convert "n" to integer
e7076f3
+  } {
e7076f3
+    1 index mul round exch div	% Truncate extra decimal places
e7076f3
+  } ifelse
e7076f3
+  100 string cvs show		% Convert to a string and show it...
e7076f3
+} bind def
e7076f3
+/CUPSLOGO {			% Draw the CUPS logo
e7076f3
+				% height CUPSLOGO
e7076f3
+  % Start with a big C...
e7076f3
+  /Helvetica findfont 1 index scalefont setfont
e7076f3
+  0 setgray
e7076f3
+  0 0 moveto
e7076f3
+  (C) show
75d0e82
+
e7076f3
+  % Then "UNIX Printing System" much smaller...
e7076f3
+  /Helvetica-Bold findfont 1 index 9 div scalefont setfont
e7076f3
+  0.25 mul
e7076f3
+  dup dup 2.0 mul moveto
e7076f3
+  (UNIX) show
e7076f3
+  dup dup 1.6 mul moveto
e7076f3
+  (Printing) show
e7076f3
+  dup 1.2 mul moveto
e7076f3
+  (System) show
e7076f3
+} bind def
e7076f3
+/ESPLOGO {			% Draw the ESP logo
e7076f3
+				% height ESPLOGO
e7076f3
+  % Compute the size of the logo...
e7076f3
+  0 0
e7076f3
+  2 index 1.5 mul 3 index
75d0e82
+
e7076f3
+  % Do the "metallic" fill from 10% black to 40% black...
e7076f3
+  1 -0.001 0 {
e7076f3
+    dup			% loopval
e7076f3
+    -0.15 mul		% loopval * -0.15
e7076f3
+    0.9 add		% 0.9 - loopval * 0.15
e7076f3
+    setgray		% set gray shade
75d0e82
+
e7076f3
+    0			% x
e7076f3
+    1 index neg		% loopval
e7076f3
+    1 add		% 1 - loopval
e7076f3
+    3 index		% height
e7076f3
+    mul			% height * (1 - loopval)
e7076f3
+    moveto		% starting point
75d0e82
+
e7076f3
+    dup			% loopval
e7076f3
+    3 index		% width
e7076f3
+    mul			% loopval * width
e7076f3
+    2 index		% height
e7076f3
+    lineto		% Next point
5dd9863
+
e7076f3
+    0			% x
e7076f3
+    2 index		% height
e7076f3
+    lineto		% Next point
5dd9863
+
e7076f3
+    closepath
e7076f3
+    fill
75d0e82
+
e7076f3
+    dup			% loopval
e7076f3
+    0.15 mul		% loopval * 0.15
e7076f3
+    0.6 add		% 0.6 + loopval * 0.15
e7076f3
+    setgray
f4b6623
+
e7076f3
+    dup			% loopval
e7076f3
+    neg 1 add		% 1 - loopval
e7076f3
+    3 index		% width
e7076f3
+    mul			% (1 - loopval) * width
e7076f3
+    0			% y
e7076f3
+    moveto		% Starting point
f4b6623
+
e7076f3
+    2 index		% width
e7076f3
+    exch		% loopval
e7076f3
+    2 index		% height
e7076f3
+    mul			% loopval * height
e7076f3
+    lineto		% Next point
f4b6623
+
e7076f3
+    1 index		% width
e7076f3
+    0			% y
e7076f3
+    lineto		% Next point
75d0e82
+
e7076f3
+    closepath
e7076f3
+    fill
e7076f3
+  } for
d042370
+
e7076f3
+  0 setgray rectstroke
d042370
+
e7076f3
+  /Helvetica-BoldOblique findfont 1 index 3 div scalefont setfont
e7076f3
+  dup 40 div
5dd9863
+
e7076f3
+  dup 4 mul 1 index 25 mul moveto (E) show
e7076f3
+  dup 10 mul 1 index 15 mul moveto (S) show
e7076f3
+  dup 16 mul 1 index 5 mul moveto (P) show
e7076f3
+
e7076f3
+  /Helvetica-BoldOblique findfont 2 index 5 div scalefont setfont
e7076f3
+  dup 14 mul 1 index 29 mul moveto (asy) show
e7076f3
+  dup 20 mul 1 index 19 mul moveto (oftware) show
e7076f3
+  dup 26 mul 1 index 9 mul moveto (roducts) show
e7076f3
+
e7076f3
+  pop
e7076f3
+} bind def
e7076f3
+%%EndResource
e7076f3
+%%EndProlog
e7076f3
+%%Page: 1 1
e7076f3
+gsave
e7076f3
+
8936a5c
+  % Determine the imageable area and device resolution...
8936a5c
+  initclip newpath clippath pathbbox	% Get bounding rectangle
8936a5c
+  72 div /pageTop exch def		% Get top margin in inches
8936a5c
+  72 div /pageRight exch def		% Get right margin in inches
8936a5c
+  72 div /pageBottom exch def		% Get bottom margin in inches
8936a5c
+  72 div /pageLeft exch def		% Get left margin in inches
8936a5c
+
8936a5c
+  /pageWidth pageRight pageLeft sub def	% pageWidth = pageRight - pageLeft
8936a5c
+  /pageHeight pageTop pageBottom sub def% pageHeight = pageTop - pageBottom
8936a5c
+
8936a5c
+  /boxWidth				% width of text box
8936a5c
+  pageWidth pageHeight lt
8936a5c
+  { pageWidth 54 mul }
8936a5c
+  { pageHeight 42 mul }
8936a5c
+  ifelse def
8936a5c
+
8936a5c
+  newpath				% Clear bounding path
8936a5c
+
8936a5c
+  % Create fonts...
8936a5c
+  /bigFont /Helvetica-Bold findfont	% bigFont = Helvetica-Bold
8936a5c
+  pageHeight 3 mul scalefont def	% size = pageHeight * 3 (nominally 33)
8936a5c
+
8936a5c
+  /mediumFont /Helvetica findfont	% mediumFont = Helvetica
8936a5c
+  pageHeight 1.5 mul scalefont def	% size = pageHeight * 1.5 (nominally 16.5)
8936a5c
+
8936a5c
+  % Offset page to account for lower-left margin...
8936a5c
+  pageLeft 72 mul
8936a5c
+  pageBottom 72 mul
8936a5c
+  translate
8936a5c
+
8936a5c
+  % Job information box...
8936a5c
+  pageWidth 36 mul 9 add		% x = pageWidth * 1/2 * 72 + 9
8936a5c
+  boxWidth 0.5 mul sub			% x-= 1/2 box width
8936a5c
+  pageHeight 30 mul 9 sub		% y = pageHeight * 1/2 * 72 - 9
8936a5c
+  boxWidth				% w = box width
8936a5c
+  pageHeight 14 mul			% h = pageHeight * 1/2 * 72
8936a5c
+  0.5 setgray rectfill			% Draw a shadow
8936a5c
+
8936a5c
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
8936a5c
+  boxWidth 0.5 mul sub			% x-= 1/2 box width
8936a5c
+  pageHeight 30 mul			% y = pageHeight * 1/4 * 72
8936a5c
+  boxWidth				% w = box width
8936a5c
+  pageHeight 14 mul			% h = pageHeight * 1/2 * 72
8936a5c
+
8936a5c
+  4 copy 1 setgray rectfill		% Clear the box to white
8936a5c
+  0 setgray rectstroke			% Draw a black box around it...
8936a5c
+
8936a5c
+  % Job information text...
8936a5c
+  mediumFont setfont			% Medium sized font
8936a5c
+
8936a5c
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
8936a5c
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
8936a5c
+  pageHeight 5 mul add			% y += 2 lines
8936a5c
+  2 copy				% Copy X & Y
8936a5c
+  moveto
8936a5c
+  (Job ID: ) RIGHT
8936a5c
+  moveto
8936a5c
+  ({printer-name}-{job-id}) show
8936a5c
+
8936a5c
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
8936a5c
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
8936a5c
+  pageHeight 2 mul add			% y += 1 line
8936a5c
+  2 copy				% Copy X & Y
8936a5c
+  moveto
8936a5c
+  (Title: ) RIGHT
8936a5c
+  moveto
8936a5c
+  ({job-name}) show
8936a5c
+
8936a5c
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
8936a5c
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
8936a5c
+  pageHeight -1 mul add			% y -= 1 line
8936a5c
+  2 copy				% Copy X & Y
8936a5c
+  moveto
8936a5c
+  (Requesting User: ) RIGHT
8936a5c
+  moveto
8936a5c
+  ({job-originating-user-name}) show
8936a5c
+
8936a5c
+  pageWidth 36 mul			% x = pageWidth * 1/2 * 72
8936a5c
+  pageHeight 36 mul			% y = pageHeight * 1/2 * 72
8936a5c
+  pageHeight -4 mul add			% y -= 2 lines
8936a5c
+  2 copy				% Copy X & Y
8936a5c
+  moveto
8936a5c
+  (Billing Info: ) RIGHT
8936a5c
+  moveto
8936a5c
+  ({?job-billing}) show
8936a5c
+
8936a5c
+  % Then the CUPS logo....
8936a5c
+  gsave
8936a5c
+    pageWidth 4 mul
8936a5c
+    pageWidth 6 mul
8936a5c
+    translate
8936a5c
+    pageWidth 9 mul CUPSLOGO
8936a5c
+  grestore
8936a5c
+
8936a5c
+  % And the ESP logo....
8936a5c
+  gsave
8936a5c
+    pageWidth 59 mul
8936a5c
+    pageWidth 6 mul
8936a5c
+    translate
8936a5c
+    pageWidth 6 mul ESPLOGO
8936a5c
+  grestore
8936a5c
+% Show the page...
8936a5c
+grestore
8936a5c
+showpage
8936a5c
+%
8936a5c
+% End of "$Id: mls_template,v 1.1 2005/06/27 18:44:46 colmo Exp $".
8936a5c
+%
8936a5c
+%%EOF
8399d83
diff -up cups-1.4.4/filter/common.c.lspp cups-1.4.4/filter/common.c
8399d83
--- cups-1.4.4/filter/common.c.lspp	2007-07-11 22:46:42.000000000 +0100
8399d83
+++ cups-1.4.4/filter/common.c	2010-06-18 09:38:22.689104687 +0100
8936a5c
@@ -30,6 +30,12 @@
8936a5c
  * Include necessary headers...
8936a5c
  */
8936a5c
 
8936a5c
+#include "config.h"
8936a5c
+#ifdef WITH_LSPP
8936a5c
+#define _GNU_SOURCE
8936a5c
+#include <string.h>
8936a5c
+#endif /* WITH_LSPP */
8936a5c
+
8936a5c
 #include "common.h"
8936a5c
 #include <locale.h>
8936a5c
 
8936a5c
@@ -312,6 +318,18 @@ WriteLabelProlog(const char *label,	/* I
8936a5c
 {
8936a5c
   const char	*classification;	/* CLASSIFICATION environment variable */
8936a5c
   const char	*ptr;			/* Temporary string pointer */
8936a5c
+#ifdef WITH_LSPP
8936a5c
+  int           i,                      /* counter */
8936a5c
+                n,                      /* counter */
8936a5c
+                lines,                  /* number of lines needed */
8936a5c
+                line_len,               /* index into tmp_label */
8936a5c
+                label_len,              /* length of the label in characters */
8936a5c
+                label_index,            /* index into the label */
8936a5c
+                longest,                /* length of the longest line */
8936a5c
+                longest_line,           /* index to the longest line */
8936a5c
+                max_width;              /* maximum width in characters */
8936a5c
+  char          **wrapped_label;        /* label with line breaks */
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 
8936a5c
 
8936a5c
  /*
8936a5c
@@ -334,6 +352,124 @@ WriteLabelProlog(const char *label,	/* I
8936a5c
     return;
8936a5c
   }
8936a5c
 
8936a5c
+#ifdef WITH_LSPP
8936a5c
+  if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL)
8936a5c
+  {
8936a5c
+   /*
8936a5c
+    * Based on the 12pt fixed width font below determine the max_width
8936a5c
+    */
8936a5c
+    max_width = width / 8;
8936a5c
+    longest_line = 0;
8936a5c
+    longest = 0;
8936a5c
+    classification += 5; // Skip the "LSPP:"
8936a5c
+    label_len = strlen(classification);
8936a5c
+
8936a5c
+    if (label_len > max_width)
8936a5c
+    {
8936a5c
+      lines = 1 + (int)(label_len / max_width);
8936a5c
+      line_len = (int)(label_len / lines);
8936a5c
+      wrapped_label = malloc(sizeof(wrapped_label) * lines);
8936a5c
+      label_index = i = n = 0;
8936a5c
+      while (classification[label_index])
8936a5c
+      {
8936a5c
+        if ((label_index + line_len) > label_len)
8936a5c
+          break;
8936a5c
+        switch (classification[label_index + line_len + i])
8936a5c
+        {
8936a5c
+          case ':':
8936a5c
+          case ',':
8936a5c
+          case '-':
8936a5c
+            i++;
8936a5c
+            wrapped_label[n++] = strndup(&classification[label_index], (line_len + i));
8936a5c
+            label_index += line_len + i;
8936a5c
+            i = 0;
8936a5c
+            break;
8936a5c
+          default:
8936a5c
+            i++;
8936a5c
+            break;
8936a5c
+        }
8936a5c
+        if ((i + line_len) == max_width)
8936a5c
+        {
8936a5c
+          wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i));
8936a5c
+          label_index = label_index + line_len + i;
8936a5c
+          i = 0;
8936a5c
+        }
8936a5c
+      }
8936a5c
+      wrapped_label[n] = strndup(&classification[label_index], label_len - label_index);
8936a5c
+    }
8936a5c
+    else
8936a5c
+    {
8936a5c
+      lines = 1;
8936a5c
+      wrapped_label = malloc(sizeof(wrapped_label));
8936a5c
+      wrapped_label[0] = (char*)classification;
8936a5c
+    }
8936a5c
+
8936a5c
+    for (n = 0; n < lines; n++ )
8936a5c
+    {
8936a5c
+      printf("userdict/ESPp%c(", ('a' + n));
8936a5c
+      for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)
8936a5c
+        if (*ptr < 32 || *ptr > 126)
8936a5c
+          printf("\\%03o", *ptr);
8936a5c
+        else
8936a5c
+        {
8936a5c
+          if (*ptr == '(' || *ptr == ')' || *ptr == '\\')
8936a5c
+            putchar('\\');
e7076f3
+
8936a5c
+          printf("%c", *ptr);
8936a5c
+        }
8936a5c
+      if (i > longest)
8936a5c
+      {
8936a5c
+        longest = i;
8936a5c
+        longest_line = n;
8936a5c
+      }
8936a5c
+      printf(")put\n");
8936a5c
+    }
e7076f3
+
8936a5c
+   /*
8936a5c
+    * For LSPP use a fixed width font so that line wrapping can be calculated
8936a5c
+    */
75d0e82
+
8936a5c
+    puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put");
75d0e82
+
8936a5c
+   /*
8936a5c
+    * Finally, the procedure to write the labels on the page...
8936a5c
+    */
75d0e82
+
8936a5c
+    printf("userdict/ESPwl{\n"
8936a5c
+           "  ESPlf setfont\n");
8936a5c
+    printf("  ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ",
8936a5c
+           'a' + longest_line, width * 0.5f);
8936a5c
+    for (n = 1; n < lines; n++)
8936a5c
+      printf(" dup");
8936a5c
+    printf("\n  1 setgray\n");
8936a5c
+    printf("  dup 6 sub %.0f %d index %.0f ESPrf\n",
8936a5c
+           (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
8936a5c
+    printf("  dup 6 sub %.0f %d index %.0f ESPrf\n",
8936a5c
+           (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
8936a5c
+    printf("  0 setgray\n");
8936a5c
+    printf("  dup 6 sub %.0f %d index %.0f ESPrs\n",
8936a5c
+           (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
8936a5c
+    printf("  dup 6 sub %.0f %d index %.0f ESPrs\n",
8936a5c
+           (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
8936a5c
+    for (n = 0; n < lines; n ++)
8936a5c
+    {
8936a5c
+      printf("  dup %.0f moveto ESPp%c show\n",
8936a5c
+             bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n);
8936a5c
+      printf("  %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n);
8936a5c
+    }
8936a5c
+    printf("  pop\n"
8936a5c
+           "}bind put\n");
22cc213
+
8936a5c
+   /*
8936a5c
+    * Do some clean up at the end of the LSPP special case
8936a5c
+    */
8936a5c
+    free(wrapped_label);
75d0e82
+
8936a5c
+  }
8936a5c
+  else
8936a5c
+  {
8936a5c
+#endif /* !WITH_LSPP */
8936a5c
+  
8936a5c
  /*
8936a5c
   * Set the classification + page label string...
8936a5c
   */
8936a5c
@@ -414,7 +550,10 @@ WriteLabelProlog(const char *label,	/* I
8936a5c
   printf("  %.0f moveto ESPpl show\n", top - 14.0);
8936a5c
   puts("pop");
8936a5c
   puts("}bind put");
8936a5c
+  }
8936a5c
+#ifdef WITH_LSPP
8936a5c
 }
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 
8936a5c
 
8936a5c
 /*
8399d83
diff -up cups-1.4.4/filter/pstops.c.lspp cups-1.4.4/filter/pstops.c
8399d83
--- cups-1.4.4/filter/pstops.c.lspp	2010-06-18 09:38:22.579980230 +0100
8399d83
+++ cups-1.4.4/filter/pstops.c	2010-06-18 09:38:22.693979174 +0100
8399d83
@@ -3314,6 +3314,18 @@ write_label_prolog(pstops_doc_t *doc,	/*
92b094f
 {
92b094f
   const char	*classification;	/* CLASSIFICATION environment variable */
92b094f
   const char	*ptr;			/* Temporary string pointer */
92b094f
+#ifdef WITH_LSPP
92b094f
+  int           i,                      /* counter */
92b094f
+                n,                      /* counter */
92b094f
+                lines,                  /* number of lines needed */
92b094f
+                line_len,               /* index into tmp_label */
92b094f
+                label_len,              /* length of the label in characters */
92b094f
+                label_index,            /* index into the label */
92b094f
+                longest,                /* length of the longest line */
92b094f
+                longest_line,           /* index to the longest line */
92b094f
+                max_width;              /* maximum width in characters */
92b094f
+  char          **wrapped_label;        /* label with line breaks */
92b094f
+#endif /* WITH_LSPP */
92b094f
 
92b094f
 
92b094f
  /*
8399d83
@@ -3336,6 +3348,124 @@ write_label_prolog(pstops_doc_t *doc,	/*
92b094f
     return;
92b094f
   }
92b094f
 
92b094f
+#ifdef WITH_LSPP
92b094f
+  if (strncmp(classification, "LSPP:", 5) == 0 && label == NULL)
92b094f
+  {
92b094f
+   /*
92b094f
+    * Based on the 12pt fixed width font below determine the max_width
92b094f
+    */
92b094f
+    max_width = width / 8;
92b094f
+    longest_line = 0;
92b094f
+    longest = 0;
92b094f
+    classification += 5; // Skip the "LSPP:"
92b094f
+    label_len = strlen(classification);
92b094f
+
92b094f
+    if (label_len > max_width)
92b094f
+    {
92b094f
+      lines = 1 + (int)(label_len / max_width);
92b094f
+      line_len = (int)(label_len / lines);
92b094f
+      wrapped_label = malloc(sizeof(wrapped_label) * lines);
92b094f
+      label_index = i = n = 0;
92b094f
+      while (classification[label_index])
92b094f
+      {
92b094f
+        if ((label_index + line_len) > label_len)
92b094f
+          break;
92b094f
+        switch (classification[label_index + line_len + i])
92b094f
+        {
92b094f
+          case ':':
92b094f
+          case ',':
92b094f
+          case '-':
92b094f
+            i++;
92b094f
+            wrapped_label[n++] = strndup(&classification[label_index], (line_len + i));
92b094f
+            label_index += line_len + i;
92b094f
+            i = 0;
92b094f
+            break;
92b094f
+          default:
92b094f
+            i++;
92b094f
+            break;
92b094f
+        }
92b094f
+        if ((i + line_len) == max_width)
92b094f
+        {
92b094f
+          wrapped_label[n++] = strndup(&(classification[label_index]), (line_len + i));
92b094f
+          label_index = label_index + line_len + i;
92b094f
+          i = 0;
92b094f
+        }
92b094f
+      }
92b094f
+      wrapped_label[n] = strndup(&classification[label_index], label_len - label_index);
92b094f
+    }
92b094f
+    else
92b094f
+    {
92b094f
+      lines = 1;
92b094f
+      wrapped_label = malloc(sizeof(wrapped_label));
92b094f
+      wrapped_label[0] = (char*)classification;
92b094f
+    }
92b094f
+
92b094f
+    for (n = 0; n < lines; n++ )
92b094f
+    {
92b094f
+      printf("userdict/ESPp%c(", ('a' + n));
92b094f
+      for (ptr = wrapped_label[n], i = 0; *ptr; ptr ++, i++)
92b094f
+        if (*ptr < 32 || *ptr > 126)
92b094f
+          printf("\\%03o", *ptr);
92b094f
+        else
92b094f
+        {
92b094f
+          if (*ptr == '(' || *ptr == ')' || *ptr == '\\')
92b094f
+            putchar('\\');
92b094f
+
92b094f
+          printf("%c", *ptr);
92b094f
+        }
92b094f
+      if (i > longest)
92b094f
+      {
92b094f
+        longest = i;
92b094f
+        longest_line = n;
92b094f
+      }
92b094f
+      printf(")put\n");
92b094f
+    }
92b094f
+
92b094f
+   /*
92b094f
+    * For LSPP use a fixed width font so that line wrapping can be calculated
92b094f
+    */
92b094f
+
92b094f
+    puts("userdict/ESPlf /Nimbus-Mono findfont 12 scalefont put");
92b094f
+
92b094f
+   /*
92b094f
+    * Finally, the procedure to write the labels on the page...
92b094f
+    */
92b094f
+
92b094f
+    printf("userdict/ESPwl{\n"
92b094f
+           "  ESPlf setfont\n");
92b094f
+    printf("  ESPp%c stringwidth pop dup 12 add exch -0.5 mul %.0f add\n ",
92b094f
+           'a' + longest_line, width * 0.5f);
92b094f
+    for (n = 1; n < lines; n++)
92b094f
+      printf(" dup");
92b094f
+    printf("\n  1 setgray\n");
92b094f
+    printf("  dup 6 sub %.0f %d index %.0f ESPrf\n",
92b094f
+           (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
92b094f
+    printf("  dup 6 sub %.0f %d index %.0f ESPrf\n",
92b094f
+           (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
92b094f
+    printf("  0 setgray\n");
92b094f
+    printf("  dup 6 sub %.0f %d index %.0f ESPrs\n",
92b094f
+           (bottom - 2.0), (2 + lines), 6.0 + (16.0 * lines));
92b094f
+    printf("  dup 6 sub %.0f %d index %.0f ESPrs\n",
92b094f
+           (top - 6.0 - (16.0 * lines)), (2 + lines), 4.0 + (16.0 * lines));
92b094f
+    for (n = 0; n < lines; n ++)
92b094f
+    {
92b094f
+      printf("  dup %.0f moveto ESPp%c show\n",
92b094f
+             bottom + 6.0 + ((lines - (n+1)) * 16.0), 'a' + n);
92b094f
+      printf("  %.0f moveto ESPp%c show\n", top + 2.0 - ((n + 1) * 16.0), 'a' + n);
92b094f
+    }
92b094f
+    printf("  pop\n"
92b094f
+           "}bind put\n");
92b094f
+
92b094f
+   /*
92b094f
+    * Do some clean up at the end of the LSPP special case
92b094f
+    */
92b094f
+    free(wrapped_label);
92b094f
+
92b094f
+  }
92b094f
+  else
92b094f
+  {
92b094f
+#endif /* !WITH_LSPP */
92b094f
+
92b094f
  /*
92b094f
   * Set the classification + page label string...
92b094f
   */
8399d83
@@ -3414,7 +3544,10 @@ write_label_prolog(pstops_doc_t *doc,	/*
92b094f
   doc_printf(doc, "  %.0f moveto ESPpl show\n", top - 14.0);
92b094f
   doc_puts(doc, "pop\n");
92b094f
   doc_puts(doc, "}bind put\n");
92b094f
+  }
92b094f
+#ifdef WITH_LSPP
92b094f
 }
92b094f
+#endif /* WITH_LSPP */
92b094f
 
92b094f
 
92b094f
 /*
8399d83
diff -up cups-1.4.4/Makedefs.in.lspp cups-1.4.4/Makedefs.in
8399d83
--- cups-1.4.4/Makedefs.in.lspp	2010-06-18 09:38:22.654104605 +0100
8399d83
+++ cups-1.4.4/Makedefs.in	2010-06-18 09:38:22.698980378 +0100
1e5683c
@@ -146,7 +146,7 @@ LIBCUPSORDER	=	@LIBCUPSORDER@
8936a5c
 LIBCUPSIMAGEORDER =	@LIBCUPSIMAGEORDER@
a1088d0
 LINKCUPS	=	@LINKCUPS@ $(SSLLIBS) $(DNSSDLIBS)
8936a5c
 LINKCUPSIMAGE	=	@LINKCUPSIMAGE@
8936a5c
-LIBS		=	$(LINKCUPS) $(COMMONLIBS)
8936a5c
+LIBS		=	$(LINKCUPS) $(COMMONLIBS) @LIBAUDIT@ @LIBSELINUX@
8936a5c
 OPTIM		=	@OPTIM@
8936a5c
 OPTIONS		=
8936a5c
 PAMLIBS		=	@PAMLIBS@
1e5683c
@@ -258,7 +258,7 @@ DBUSDIR		=	@DBUSDIR@
cb06f24
 # Rules...
cb06f24
 #
cb06f24
 
cb06f24
-.SILENT:
cb06f24
+
cb06f24
 .SUFFIXES:	.1 .1.gz .1m .1m.gz .3 .3.gz .5 .5.gz .7 .7.gz .8 .8.gz .a .c .cxx .h .man .o .32.o .64.o .gz
cb06f24
 
cb06f24
 .c.o:
8399d83
diff -up cups-1.4.4/scheduler/client.c.lspp cups-1.4.4/scheduler/client.c
8399d83
--- cups-1.4.4/scheduler/client.c.lspp	2010-04-23 19:56:34.000000000 +0100
8399d83
+++ cups-1.4.4/scheduler/client.c	2010-06-18 09:38:22.705980063 +0100
ca53cd4
@@ -44,6 +44,7 @@
ca53cd4
  *   valid_host()           - Is the Host: field valid?
ca53cd4
  *   write_file()           - Send a file via HTTP.
ca53cd4
  *   write_pipe()           - Flag that data is available on the CGI pipe.
ca53cd4
+ *   client_pid_to_auid()   - Get the audit login uid of the client.
8936a5c
  */
8936a5c
 
8936a5c
 /*
ca53cd4
@@ -52,6 +53,7 @@
8936a5c
 
8936a5c
 #include "cupsd.h"
8936a5c
 
cb06f24
+#define _GNU_SOURCE
cb06f24
 #ifdef HAVE_CDSASSL
cb06f24
 #  include <Security/Security.h>
cb06f24
 #  ifdef HAVE_SECIDENTITYSEARCHPRIV_H
ca53cd4
@@ -84,6 +86,12 @@ extern const char *cssmErrorString(int e
cb06f24
 #  include <tcpd.h>
cb06f24
 #endif /* HAVE_TCPD_H */
8936a5c
 
8936a5c
+#ifdef WITH_LSPP
8936a5c
+#include <selinux/selinux.h>
8936a5c
+#include <selinux/context.h>
8936a5c
+#include <fcntl.h>
8936a5c
+#endif /* WITH_LSPP */
e7076f3
+
8936a5c
 
8936a5c
 /*
8936a5c
  * Local functions...
ca53cd4
@@ -385,6 +393,57 @@ cupsdAcceptClient(cupsd_listener_t *lis)
8936a5c
   }
cb06f24
 #endif /* HAVE_TCPD_H */
8936a5c
 
8936a5c
+#ifdef WITH_LSPP
8936a5c
+  if (is_lspp_config())
8936a5c
+  {
8936a5c
+    struct ucred cr;
8936a5c
+    unsigned int cl=sizeof(cr);
e7076f3
+
8936a5c
+    if (getsockopt(con->http.fd, SOL_SOCKET, SO_PEERCRED, &cr, &cl) == 0)
8936a5c
+    {
8936a5c
+     /*
8936a5c
+      * client_pid_to_auid() can be racey
8936a5c
+      * In this case the pid is based on a socket connected to the client
8936a5c
+      */
8936a5c
+      if ((con->auid = client_pid_to_auid(cr.pid)) == -1)
8936a5c
+      {
8936a5c
+        close(con->http.fd);
8936a5c
+        cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: "
8936a5c
+                        "unable to determine client auid for client pid=%d", cr.pid);
8936a5c
+        free(con);
8936a5c
+        return;
8936a5c
+      }
8936a5c
+      cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: peer's pid=%d, uid=%d, gid=%d, auid=%d",
8936a5c
+                      cr.pid, cr.uid, cr.gid, con->auid);
8936a5c
+    }
8936a5c
+    else
8936a5c
+    {
8936a5c
+      close(con->http.fd);
8936a5c
+      cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getsockopt() failed");
8936a5c
+      free(con);
8936a5c
+      return; 
8936a5c
+    }
e7076f3
+
8936a5c
+   /*
8936a5c
+    * get the context of the peer connection
8936a5c
+    */
8936a5c
+    if (getpeercon(con->http.fd, &con->scon))
8936a5c
+    {
8936a5c
+      close(con->http.fd);
8936a5c
+      cupsdLogMessage(CUPSD_LOG_ERROR, "cupsdAcceptClient: getpeercon() failed");
8936a5c
+      free(con);
8936a5c
+      return; 
8936a5c
+    }
e7076f3
+
8936a5c
+    cupsdLogMessage(CUPSD_LOG_INFO, "cupsdAcceptClient: client context=%s", con->scon);
8936a5c
+  }
8936a5c
+  else
8936a5c
+  {
8936a5c
+    cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAcceptClient: skipping getpeercon()");
8936a5c
+    cupsdSetString(&con->scon, UNKNOWN_SL);
8936a5c
+  }
8936a5c
+#endif /* WITH_LSPP */
8936a5c
+
8936a5c
 #ifdef AF_INET6
8936a5c
   if (con->http.hostaddr->addr.sa_family == AF_INET6)
8936a5c
     cupsdLogMessage(CUPSD_LOG_DEBUG, "cupsdAcceptClient: %d from %s:%d (IPv6)",
ca53cd4
@@ -775,6 +834,13 @@ cupsdReadClient(cupsd_client_t *con)	/* 
8936a5c
   mime_type_t		*type;		/* MIME type of file */
8936a5c
   cupsd_printer_t	*p;		/* Printer */
8936a5c
   static unsigned	request_id = 0;	/* Request ID for temp files */
8936a5c
+#ifdef WITH_LSPP
8936a5c
+  security_context_t	spoolcon;	/* context of the job file */
8936a5c
+  context_t		clicon;		/* contex_t container for con->scon */
8936a5c
+  context_t		tmpcon;		/* temp context to swap the level */
8936a5c
+  char			*clirange;	/* SELinux sensitivity range */
8936a5c
+  char			*cliclearance;	/* SELinux low end clearance */
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 
8936a5c
 
8936a5c
   status = HTTP_CONTINUE;
ca53cd4
@@ -2100,6 +2166,67 @@ cupsdReadClient(cupsd_client_t *con)	/* 
8936a5c
 	    fchmod(con->file, 0640);
8936a5c
 	    fchown(con->file, RunUser, Group);
8936a5c
             fcntl(con->file, F_SETFD, fcntl(con->file, F_GETFD) | FD_CLOEXEC);
8936a5c
+#ifdef WITH_LSPP
8936a5c
+	    if (strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) != 0)
8936a5c
+	    {
8936a5c
+	      if (getfilecon(con->filename, &spoolcon) == -1)
8936a5c
+	      {
8936a5c
+		cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);
8936a5c
+		return (cupsdCloseClient(con));
8936a5c
+	      }
8936a5c
+	      clicon = context_new(con->scon);
8936a5c
+	      tmpcon = context_new(spoolcon);
8936a5c
+	      freecon(spoolcon);
8936a5c
+	      if (!clicon || !tmpcon)
8936a5c
+	      {
8936a5c
+		cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);
8936a5c
+		if (clicon)
8936a5c
+		  context_free(clicon);
8936a5c
+		if (tmpcon)
8936a5c
+		  context_free(tmpcon);
8936a5c
+		return (cupsdCloseClient(con));
8936a5c
+	      }
8936a5c
+	      clirange = context_range_get(clicon);
8936a5c
+	      if (clirange)
8936a5c
+	      {
8936a5c
+		clirange = strdup(clirange);
8936a5c
+		if ((cliclearance = strtok(clirange, "-")) != NULL)
8936a5c
+		{
8936a5c
+		  if (context_range_set(tmpcon, cliclearance) == -1)
8936a5c
+		  {
8936a5c
+		    cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);
8936a5c
+		    free(clirange);
8936a5c
+		    context_free(tmpcon);
8936a5c
+		    context_free(clicon);
8936a5c
+		    return (cupsdCloseClient(con));
8936a5c
+		  }
8936a5c
+		}
8936a5c
+		else
8936a5c
+		{
8936a5c
+		  if (context_range_set(tmpcon, (context_range_get(clicon))) == -1)
8936a5c
+		  {
8936a5c
+		    cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);
8936a5c
+		    free(clirange);
8936a5c
+		    context_free(tmpcon);
8936a5c
+		    context_free(clicon);
8936a5c
+		    return (cupsdCloseClient(con));
8936a5c
+		  }
8936a5c
+		}
8936a5c
+		free(clirange);
8936a5c
+	      }
8936a5c
+	      if (setfilecon(con->filename, context_str(tmpcon)) == -1)
8936a5c
+	      {
8936a5c
+		cupsdSendError(con, HTTP_SERVER_ERROR, CUPSD_AUTH_NONE);
8936a5c
+		context_free(tmpcon);
8936a5c
+		context_free(clicon);
8936a5c
+		return (cupsdCloseClient(con));
8936a5c
+	      }
8936a5c
+	      cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdReadClient: %s set to %s", 
8936a5c
+			      con->filename, context_str(tmpcon));
8936a5c
+	      context_free(tmpcon);
8936a5c
+	      context_free(clicon);
8936a5c
+	    }
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 	  }
8936a5c
 
8936a5c
 	  if (con->http.state != HTTP_POST_SEND)
8399d83
@@ -4481,6 +4608,50 @@ make_certificate(cupsd_client_t *con)	/*
8936a5c
 #endif /* HAVE_SSL */
8936a5c
 
8936a5c
 
8936a5c
+#ifdef WITH_LSPP
8936a5c
+/*
8936a5c
+ * 'client_pid_to_auid()' - Using the client's pid, read /proc and determine the loginuid.
8936a5c
+ */
e7076f3
+
8936a5c
+uid_t client_pid_to_auid(pid_t clipid)
8936a5c
+{
8936a5c
+  uid_t uid;
8936a5c
+  int len, in;
8936a5c
+  char buf[16] = {0};
8936a5c
+  char fname[32] = {0};
e7076f3
+
e7076f3
+
8936a5c
+ /*
8936a5c
+  * Hopefully this pid is still the one we are interested in.
8936a5c
+  */
8936a5c
+  snprintf(fname, 32, "/proc/%d/loginuid", clipid);
8936a5c
+  in = open(fname, O_NOFOLLOW|O_RDONLY);
e7076f3
+
8936a5c
+  if (in < 0)
8936a5c
+    return -1;
e7076f3
+
8936a5c
+  errno = 0;
75d0e82
+
8936a5c
+  do {
8936a5c
+    len = read(in, buf, sizeof(buf));
8936a5c
+  } while (len < 0 && errno == EINTR);
22cc213
+
8936a5c
+  close(in);
38627a4
+
8936a5c
+  if (len < 0 || len >= sizeof(buf))
8936a5c
+    return -1;
38627a4
+
8936a5c
+  errno = 0;
8936a5c
+  buf[len] = 0;
8936a5c
+  uid = strtol(buf, 0, 10);
75d0e82
+
8936a5c
+  if (errno != 0)
8936a5c
+    return -1;
8936a5c
+  else
8936a5c
+    return uid;
8936a5c
+}
8936a5c
+#endif /* WITH_LSPP */
9ad376b
+
8936a5c
 /*
8936a5c
  * 'pipe_command()' - Pipe the output of a command to the remote client.
8936a5c
  */
8399d83
diff -up cups-1.4.4/scheduler/client.h.lspp cups-1.4.4/scheduler/client.h
8399d83
--- cups-1.4.4/scheduler/client.h.lspp	2009-05-26 23:01:23.000000000 +0100
8399d83
+++ cups-1.4.4/scheduler/client.h	2010-06-18 09:38:22.711104323 +0100
cb06f24
@@ -18,6 +18,13 @@
8936a5c
 #endif /* HAVE_AUTHORIZATION_H */
8936a5c
 
cb06f24
 
8936a5c
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
8936a5c
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
9ad376b
+
8936a5c
+#ifdef WITH_LSPP
8936a5c
+#include <selinux/selinux.h>
8936a5c
+#endif /* WITH_LSPP */
d042370
+
8936a5c
 /*
8936a5c
  * HTTP client structure...
8936a5c
  */
ca53cd4
@@ -64,6 +71,10 @@ struct cupsd_client_s
8936a5c
 #ifdef HAVE_AUTHORIZATION_H
8936a5c
   AuthorizationRef	authref;	/* Authorization ref */
8936a5c
 #endif /* HAVE_AUTHORIZATION_H */
8936a5c
+#ifdef WITH_LSPP
8936a5c
+  security_context_t	scon;		/* Security context of connection */
8936a5c
+  uid_t			auid;		/* Audit loginuid of the client */
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 };
8936a5c
 
8936a5c
 #define HTTP(con) &((con)->http)
ca53cd4
@@ -133,6 +144,9 @@ extern void	cupsdStartListening(void);
8936a5c
 extern void	cupsdStopListening(void);
8936a5c
 extern void	cupsdUpdateCGI(void);
8936a5c
 extern void	cupsdWriteClient(cupsd_client_t *con);
8936a5c
+#ifdef WITH_LSPP
8936a5c
+extern uid_t	client_pid_to_auid(pid_t clipid);
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 
8936a5c
 
8936a5c
 /*
8399d83
diff -up cups-1.4.4/scheduler/conf.c.lspp cups-1.4.4/scheduler/conf.c
8399d83
--- cups-1.4.4/scheduler/conf.c.lspp	2010-06-18 09:38:22.526979999 +0100
8399d83
+++ cups-1.4.4/scheduler/conf.c	2010-06-18 09:38:22.713979624 +0100
046ffba
@@ -29,6 +29,7 @@
8936a5c
  *   read_configuration()     - Read a configuration file.
8936a5c
  *   read_location()          - Read a <Location path> definition.
8936a5c
  *   read_policy()            - Read a <Policy name> definition.
8936a5c
+ *   is_lspp_config()         - Is the system configured for LSPP
8936a5c
  */
8936a5c
 
8936a5c
 /*
ca53cd4
@@ -54,6 +55,9 @@
8936a5c
 #  define INADDR_NONE	0xffffffff
8936a5c
 #endif /* !INADDR_NONE */
8936a5c
 
8936a5c
+#ifdef WITH_LSPP
8936a5c
+#  include <libaudit.h>
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 
8936a5c
 /*
8936a5c
  * Configuration variable structure...
8399d83
@@ -172,6 +176,10 @@ static const cupsd_var_t	variables[] =
8936a5c
 #  if defined(HAVE_LIBSSL) || defined(HAVE_GNUTLS)
8936a5c
   { "ServerKey",		&ServerKey,		CUPSD_VARTYPE_PATHNAME },
8936a5c
 #  endif /* HAVE_LIBSSL || HAVE_GNUTLS */
8936a5c
+#ifdef WITH_LSPP
8936a5c
+  { "AuditLog",			&AuditLog,		CUPSD_VARTYPE_INTEGER },
8936a5c
+  { "PerPageLabels",		&PerPageLabels,		CUPSD_VARTYPE_BOOLEAN },
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 #endif /* HAVE_SSL */
8936a5c
   { "ServerName",		&ServerName,		CUPSD_VARTYPE_STRING },
8936a5c
   { "ServerRoot",		&ServerRoot,		CUPSD_VARTYPE_PATHNAME },
8399d83
@@ -430,6 +438,9 @@ cupsdReadConfiguration(void)
8936a5c
   const char	*tmpdir;		/* TMPDIR environment variable */
8936a5c
   struct stat	tmpinfo;		/* Temporary directory info */
cb06f24
   cupsd_policy_t *p;			/* Policy */
8936a5c
+#ifdef WITH_LSPP
8936a5c
+  char		*audit_message;		/* Audit message string */
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 
8936a5c
 
8936a5c
  /*
8399d83
@@ -713,6 +724,25 @@ cupsdReadConfiguration(void)
8936a5c
 
8936a5c
   RunUser = getuid();
8936a5c
 
8936a5c
+#ifdef WITH_LSPP
8936a5c
+  if (AuditLog != -1)
8936a5c
+  {
8936a5c
+   /*
8936a5c
+    * ClassifyOverride is set during read_configuration, if its ON, report it now
8936a5c
+    */
8936a5c
+    if (ClassifyOverride)
8936a5c
+      audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG,
8936a5c
+                "[Config] ClassifyOverride=enabled Users can override print banners",
8936a5c
+                ServerName, NULL, NULL, 1);
8936a5c
+   /*
8936a5c
+    * PerPageLabel is set during read_configuration, if its OFF, report it now
8936a5c
+    */
8936a5c
+    if (!PerPageLabels)
8936a5c
+      audit_log_user_message(AuditLog, AUDIT_USYS_CONFIG,
8936a5c
+                "[Config] PerPageLabels=disabled", ServerName, NULL, NULL, 1);
8936a5c
+  }
8936a5c
+#endif /* WITH_LSPP */
f4b6623
+
a1088d0
   cupsdLogMessage(CUPSD_LOG_INFO, "Remote access is %s.",
ca53cd4
                   RemotePort ? "enabled" : "disabled");
a1088d0
 
8399d83
@@ -1081,11 +1111,23 @@ cupsdReadConfiguration(void)
cb06f24
   * Update classification setting as needed...
cb06f24
   */
8936a5c
 
8936a5c
-  if (Classification && !strcasecmp(Classification, "none"))
8936a5c
+  if (Classification && strcasecmp(Classification, "none") == 0)
8936a5c
     cupsdClearString(&Classification);
8936a5c
 
8936a5c
   if (Classification)
8936a5c
+  {
8936a5c
     cupsdLogMessage(CUPSD_LOG_INFO, "Security set to \"%s\"", Classification);
8936a5c
+#ifdef WITH_LSPP
8936a5c
+    if (AuditLog != -1)
8936a5c
+    {
8936a5c
+      audit_message = NULL;
8936a5c
+      cupsdSetStringf(&audit_message, "[Config] Classification=%s", Classification);
8936a5c
+      audit_log_user_message(AuditLog, AUDIT_LABEL_LEVEL_CHANGE, audit_message,
8936a5c
+                             ServerName, NULL, NULL, 1);
8936a5c
+      cupsdClearString(&audit_message);
8936a5c
+    }
8936a5c
+#endif /* WITH_LSPP */
8936a5c
+  }
8936a5c
 
8936a5c
  /*
cb06f24
   * Check the MaxClients setting, and then allocate memory for it...
8399d83
@@ -3644,6 +3686,18 @@ read_location(cups_file_t *fp,		/* I - C
cb98b41
   return ((FatalErrors & CUPSD_FATAL_CONFIG) ? 0 : linenum);
8936a5c
 }
8936a5c
 
8936a5c
+#ifdef WITH_LSPP
8936a5c
+int is_lspp_config()
8936a5c
+{
8936a5c
+  if (Classification != NULL)
8936a5c
+    return ((strcasecmp(Classification, MLS_CONFIG) == 0) 
8936a5c
+            || (strcasecmp(Classification, TE_CONFIG) == 0)
8936a5c
+            || (strcasecmp(Classification, SELINUX_CONFIG) == 0));
8936a5c
+  else
8936a5c
+    return 0;
8936a5c
+}
8936a5c
+#endif /* WITH_LSPP */
e7076f3
+
8936a5c
 
8936a5c
 /*
cb98b41
  * 'read_policy()' - Read a <Policy name> definition.
8399d83
diff -up cups-1.4.4/scheduler/conf.h.lspp cups-1.4.4/scheduler/conf.h
8399d83
--- cups-1.4.4/scheduler/conf.h.lspp	2010-06-18 09:38:22.527979881 +0100
8399d83
+++ cups-1.4.4/scheduler/conf.h	2010-06-18 09:38:22.715979172 +0100
8399d83
@@ -250,6 +250,12 @@ VAR char		*ServerKey		VALUE(NULL);
cb06f24
 VAR int			SSLOptions		VALUE(CUPSD_SSL_NONE);
cb06f24
 					/* SSL/TLS options */
8936a5c
 #endif /* HAVE_SSL */
8936a5c
+#ifdef WITH_LSPP
8936a5c
+VAR int			AuditLog		VALUE(-1),
8936a5c
+					/* File descriptor for audit */
8936a5c
+			PerPageLabels		VALUE(TRUE);
8936a5c
+					/* Put the label on each page */
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 
8936a5c
 #ifdef HAVE_LAUNCHD
cb06f24
 VAR int			LaunchdTimeout		VALUE(DEFAULT_KEEPALIVE);
8399d83
@@ -266,6 +272,9 @@ VAR char		*SystemGroupAuthKey	VALUE(NULL
8936a5c
 					/* System group auth key */
8936a5c
 #endif /* HAVE_AUTHORIZATION_H */
8936a5c
 
8936a5c
+#ifdef WITH_LSPP
8936a5c
+extern int	is_lspp_config(void);
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 
8936a5c
 /*
8936a5c
  * Prototypes...
8399d83
diff -up cups-1.4.4/scheduler/ipp.c.lspp cups-1.4.4/scheduler/ipp.c
8399d83
--- cups-1.4.4/scheduler/ipp.c.lspp	2010-06-18 09:38:22.599103898 +0100
8399d83
+++ cups-1.4.4/scheduler/ipp.c	2010-06-18 09:39:08.308979874 +0100
cb06f24
@@ -41,6 +41,7 @@
8936a5c
  *   cancel_all_jobs()           - Cancel all print jobs.
8936a5c
  *   cancel_job()                - Cancel a print job.
8936a5c
  *   cancel_subscription()       - Cancel a subscription.
8936a5c
+ *   check_context()             - Check the SELinux context for a user and job
8936a5c
  *   check_quotas()              - Check quotas for a printer and user.
34fc0f7
  *   check_rss_recipient()       - Check that we do not have a duplicate RSS
34fc0f7
  *                                 feed URI.
a1088d0
@@ -102,6 +103,9 @@
8936a5c
  *   validate_user()             - Validate the user for the request.
8936a5c
  */
8936a5c
 
8936a5c
+/* Copyright (C) 2005 Trusted Computer Solutions, Inc. */
8936a5c
+/* (c) Copyright 2005-2006 Hewlett-Packard Development Company, L.P. */
e7076f3
+
8936a5c
 /*
8936a5c
  * Include necessary headers...
8936a5c
  */
ca53cd4
@@ -124,6 +128,14 @@ extern int mbr_check_membership_by_id(uu
8936a5c
 #  endif /* HAVE_MEMBERSHIPPRIV_H */
8936a5c
 #endif /* __APPLE__ */
8936a5c
 
8936a5c
+#ifdef WITH_LSPP
8936a5c
+#include <libaudit.h>
8936a5c
+#include <selinux/selinux.h>
8936a5c
+#include <selinux/context.h>
8936a5c
+#include <selinux/avc.h>
8936a5c
+#include <selinux/flask.h>
8936a5c
+#include <selinux/av_permissions.h>
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 
8936a5c
 /*
8936a5c
  * Local functions...
ca53cd4
@@ -157,6 +169,9 @@ static void	cancel_all_jobs(cupsd_client
8936a5c
 static void	cancel_job(cupsd_client_t *con, ipp_attribute_t *uri);
8936a5c
 static void	cancel_subscription(cupsd_client_t *con, int id);
34fc0f7
 static int	check_rss_recipient(const char *recipient);
8936a5c
+#ifdef WITH_LSPP
8936a5c
+static int	check_context(cupsd_client_t *con, cupsd_job_t *job);
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 static int	check_quotas(cupsd_client_t *con, cupsd_printer_t *p);
8936a5c
 static ipp_attribute_t	*copy_attribute(ipp_t *to, ipp_attribute_t *attr,
8936a5c
 		                        int quickcopy);
8399d83
@@ -1355,6 +1370,21 @@ add_job(cupsd_client_t  *con,		/* I - Cl
8399d83
   ipp_attribute_t *media_col,		/* media-col attribute */
8399d83
 		*media_margin;		/* media-*-margin attribute */
8399d83
   ipp_t		*unsup_col;		/* media-col in unsupported response */
8936a5c
+#ifdef WITH_LSPP
8936a5c
+  char		*audit_message;		/* Audit message string */
8936a5c
+  char		*printerfile;		/* device file pointed to by the printer */
8936a5c
+  char		*userheader = NULL;	/* User supplied job-sheets[0] */
8936a5c
+  char		*userfooter = NULL;	/* User supplied job-sheets[1] */
8936a5c
+  int		override = 0;		/* Was a banner overrode on a job */
8936a5c
+  security_id_t	clisid;			/* SELinux SID for the client */
8936a5c
+  security_id_t	psid;			/* SELinux SID for the printer */
8936a5c
+  context_t	printercon;		/* Printer's context string */
8936a5c
+  struct stat	printerstat;		/* Printer's stat buffer */
8936a5c
+  security_context_t	devcon;		/* Printer's SELinux context */
8936a5c
+  struct avc_entry_ref	avcref;		/* Pointer to the access vector cache */
8936a5c
+  security_class_t	tclass;		/* Object class for the SELinux check */
8936a5c
+  access_vector_t	avr;		/* Access method being requested */
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 
8936a5c
 
8936a5c
   cupsdLogMessage(CUPSD_LOG_DEBUG2, "add_job(%p[%d], %p(%s), %p(%s/%s))",
8399d83
@@ -1625,6 +1655,104 @@ add_job(cupsd_client_t  *con,		/* I - Cl
8936a5c
     ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "job-name", NULL,
d5844a1
                  "Untitled");
8936a5c
 
8936a5c
+#ifdef WITH_LSPP
8936a5c
+  if (is_lspp_config())
8936a5c
+  {
8936a5c
+    if (!con->scon || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
8936a5c
+    {
8936a5c
+      cupsdLogMessage(CUPSD_LOG_ERROR, "add_job: missing classification for connection \'%s\'!", printer->name);
8936a5c
+      send_ipp_status(con, IPP_INTERNAL_ERROR, _("Missing required security attributes."));
8936a5c
+      return (NULL);
8936a5c
+    }
e7076f3
+
8936a5c
+   /*
8936a5c
+    * Perform an access check so that if the user gets feedback at enqueue time
8936a5c
+    */
f4b6623
+
8936a5c
+    printerfile = strstr(printer->device_uri, "/dev/");
8936a5c
+    if (printerfile == NULL && (strncmp(printer->device_uri, "file:/", 6) == 0))
2b820c9
+      printerfile = printer->device_uri + strlen("file:");
f4b6623
+
8936a5c
+    if (printerfile != NULL)
8936a5c
+    {
8936a5c
+      cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: Attempting an access check on printer device %s",
8936a5c
+                      printerfile);
f4b6623
+
8936a5c
+      if (lstat(printerfile, &printerstat) < 0)
8936a5c
+      {
8936a5c
+	if (errno != ENOENT)
8936a5c
+	{
8936a5c
+	  send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to stat the printer"));
8936a5c
+	  return (NULL);
8936a5c
+	}
8936a5c
+	/*
8936a5c
+	 * The printer does not exist, so for now assume it's a FileDevice
8936a5c
+	 */
8936a5c
+	tclass = SECCLASS_FILE;
8936a5c
+	avr = FILE__WRITE;
8936a5c
+      }
8936a5c
+      else if (S_ISCHR(printerstat.st_mode))
8936a5c
+      {
8936a5c
+	tclass = SECCLASS_CHR_FILE;
8936a5c
+	avr = CHR_FILE__WRITE;
8936a5c
+      }
8936a5c
+      else if (S_ISREG(printerstat.st_mode))
8936a5c
+      {
8936a5c
+	tclass = SECCLASS_FILE;
8936a5c
+	avr = FILE__WRITE;
8936a5c
+      }
8936a5c
+      else
8936a5c
+      {
8936a5c
+	send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Printer is not a character device or regular file"));
8936a5c
+	return (NULL);
8936a5c
+      }
8936a5c
+      avc_init("cupsd_enqueue_", NULL, NULL, NULL, NULL);
8936a5c
+      avc_entry_ref_init(&avcref);
8936a5c
+      if (avc_context_to_sid(con->scon, &clisid) != 0)
8936a5c
+      {
8936a5c
+        send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the client"));
8936a5c
+        return (NULL);
8936a5c
+      }
8936a5c
+      if (getfilecon(printerfile, &devcon) == -1)
8936a5c
+      {
8936a5c
+        send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux context of the printer"));
8936a5c
+        return (NULL);
8936a5c
+      }
8936a5c
+      printercon = context_new(devcon);
8936a5c
+      cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: printer context %s client context %s",
8936a5c
+                      context_str(printercon), con->scon);
8936a5c
+      context_free(printercon);
f4b6623
+
8936a5c
+      if (avc_context_to_sid(devcon, &psid) != 0)
8936a5c
+      {
8936a5c
+        send_ipp_status(con, IPP_NOT_AUTHORIZED, _("Unable to get the SELinux sid of the printer"));
8936a5c
+        freecon(devcon);
8936a5c
+        return (NULL);
8936a5c
+      }
8936a5c
+      freecon(devcon);
8936a5c
+      if (avc_has_perm(clisid, psid, tclass, avr, &avcref, NULL) != 0)
8936a5c
+      {
8936a5c
+       /*
8936a5c
+        * The access check failed, so cancel the job and send an audit message
8936a5c
+        */
8936a5c
+        if (AuditLog != -1)
8936a5c
+        {
8936a5c
+          audit_message = NULL;
8936a5c
+          cupsdSetStringf(&audit_message, "job=? auid=%u acct=%s obj=%s refused"
8936a5c
+                          " unable to access printer=%s", con->auid,
8936a5c
+                          con->username, con->scon, printer->name);
8936a5c
+          audit_log_user_message(AuditLog, AUDIT_USER_LABELED_EXPORT, audit_message,
8936a5c
+                                 ServerName, NULL, NULL, 0);
8936a5c
+          cupsdClearString(&audit_message);
8936a5c
+        }
f4b6623
+
8936a5c
+        send_ipp_status(con, IPP_NOT_AUTHORIZED, _("SELinux prohibits access to the printer"));
8936a5c
+        return (NULL);
8936a5c
+      }
8936a5c
+    }
8936a5c
+  }
8936a5c
+#endif /* WITH_LSPP */
f4b6623
+
8936a5c
   if ((job = cupsdAddJob(priority, printer->name)) == NULL)
8936a5c
   {
8936a5c
     send_ipp_status(con, IPP_INTERNAL_ERROR,
8399d83
@@ -1633,6 +1761,32 @@ add_job(cupsd_client_t  *con,		/* I - Cl
8936a5c
     return (NULL);
8936a5c
   }
8936a5c
 
8936a5c
+#ifdef WITH_LSPP
8936a5c
+  if (is_lspp_config())
8936a5c
+  {
8936a5c
+   /*
8936a5c
+    * duplicate the security context and auid of the connection into the job structure
8936a5c
+    */
8936a5c
+    job->scon = strdup(con->scon);
8936a5c
+    job->auid = con->auid;
f4b6623
+
8936a5c
+   /* 
8936a5c
+    * add the security context to the request so that on a restart the security
8936a5c
+    * attributes will be able to be restored
8936a5c
+    */
8936a5c
+    ippAddString(con->request, IPP_TAG_JOB, IPP_TAG_NAME, "security-context", 
8936a5c
+		 NULL, job->scon);
8936a5c
+  }
8936a5c
+  else
8936a5c
+  {
8936a5c
+   /*
8936a5c
+    * Fill in the security context of the job as unlabeled
8936a5c
+    */
8936a5c
+    cupsdLogMessage(CUPSD_LOG_DEBUG, "add_job: setting context of job to %s", UNKNOWN_SL);
8936a5c
+    cupsdSetString(&job->scon, UNKNOWN_SL);
8936a5c
+  }
8936a5c
+#endif /* WITH_LSPP */
f4b6623
+
8936a5c
   job->dtype   = printer->type & (CUPS_PRINTER_CLASS | CUPS_PRINTER_IMPLICIT |
8936a5c
                                   CUPS_PRINTER_REMOTE);
8936a5c
   job->attrs   = con->request;
8399d83
@@ -1838,6 +1992,29 @@ add_job(cupsd_client_t  *con,		/* I - Cl
1e5683c
       attr->values[0].string.text = _cupsStrRetain(printer->job_sheets[0]);
1e5683c
       attr->values[1].string.text = _cupsStrRetain(printer->job_sheets[1]);
8936a5c
     }
8936a5c
+#ifdef WITH_LSPP
8936a5c
+    else
8936a5c
+    {
8936a5c
+     /*
8936a5c
+      * The option was present, so capture the user supplied strings
8936a5c
+      */
8936a5c
+      userheader = strdup(attr->values[0].string.text);
f4b6623
+
8936a5c
+      if (attr->num_values > 1)
8936a5c
+        userfooter = strdup(attr->values[1].string.text);
8936a5c
+  
8936a5c
+      if (Classification != NULL && (strcmp(userheader, Classification) == 0)
8936a5c
+          && userfooter &&(strcmp(userfooter, Classification) == 0))
8936a5c
+      {
8936a5c
+       /*
8936a5c
+        * Since both values are Classification, the user is not trying to Override
8936a5c
+        */
8936a5c
+        free(userheader);
8936a5c
+        if (userfooter) free(userfooter);
8936a5c
+        userheader = userfooter = NULL;
8936a5c
+      }
8936a5c
+    }
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 
8936a5c
     job->job_sheets = attr;
8936a5c
 
8399d83
@@ -1868,6 +2045,9 @@ add_job(cupsd_client_t  *con,		/* I - Cl
cb06f24
 	                		     "job-sheets=\"%s,none\", "
cb06f24
 					     "job-originating-user-name=\"%s\"",
cb06f24
 	              Classification, job->username);
8936a5c
+#ifdef WITH_LSPP
cb06f24
+	  override = 1;
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 	}
8936a5c
 	else if (attr->num_values == 2 &&
8936a5c
 	         strcmp(attr->values[0].string.text,
8399d83
@@ -1886,6 +2066,9 @@ add_job(cupsd_client_t  *con,		/* I - Cl
cb06f24
 					     "job-originating-user-name=\"%s\"",
cb06f24
 		      attr->values[0].string.text,
cb06f24
 		      attr->values[1].string.text, job->username);
8936a5c
+#ifdef WITH_LSPP
cb06f24
+	  override = 1;
8936a5c
+#endif /* WITH_LSPP */
8936a5c
 	}
8936a5c
 	else if (strcmp(attr->values[0].string.text, Classification) &&
8936a5c
 	         strcmp(attr->values[0].string.text, "none") &&
8399d83
@@ -1906,6 +2089,9 @@ add_job(cupsd_client_t  *con,		/* I - Cl
cb06f24
 			"job-originating-user-name=\"%s\"",
cb06f24
 			attr->values[0].string.text,
cb06f24
 			attr->values[1].string.text, job->username);
8936a5c
+#ifdef WITH_LSPP
cb06f24
+	  override = 1;
8936a5c
+#endif /* WITH_LSPP */
8936a5c
         }
8936a5c
       }
8936a5c
       else if (strcmp(attr->values[0].string.text, Classification) &&
8399d83
@@ -1946,8 +2132,52 @@ add_job(cupsd_client_t  *con,		/* I - Cl
cb06f24
 		      "job-sheets=\"%s\", "
cb06f24
 		      "job-originating-user-name=\"%s\"",
cb06f24
 		      Classification, job->username);
8936a5c
+#ifdef WITH_LSPP
cb06f24
+	override = 1;
8936a5c
+#endif /* WITH_LSPP */
8936a5c
+      }
8936a5c
+#ifdef WITH_LSPP
8936a5c
+      if (is_lspp_config() && AuditLog != -1)
8936a5c
+      {
8936a5c
+        audit_message = NULL;
f4b6623
+
8936a5c
+        if (userheader || userfooter)
8936a5c
+        {
8936a5c
+          if (!override)
8936a5c
+          {
8936a5c
+           /*
8936a5c
+            * The user overrode the banner, so audit it
8936a5c
+            */
8936a5c
+            cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s"
8936a5c
+                            " using banners=%s,%s", job->id, userheader,
8936a5c
+                            userfooter, attr->values[0].string.text,
8936a5c
+                            (attr->num_values > 1) ? attr->values[1].string.text : "(null)");
8936a5c
+            audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message,
8936a5c
+                                   ServerName, NULL, NULL, 1);
cb06f24
+	  }
8936a5c
+          else
8936a5c
+          {
8936a5c
+           /*
8936a5c
+            * The user tried to override the banner, audit the failure
8936a5c
+            */
8936a5c
+            cupsdSetStringf(&audit_message, "job=%d user supplied job-sheets=%s,%s"
8936a5c
+                            " ignored banners=%s,%s", job->id, userheader,
8936a5c
+                            userfooter, attr->values[0].string.text,
8936a5c
+                            (attr->num_values > 1) ? attr->values[1].string.text : "(null)");
8936a5c
+            audit_log_user_message(AuditLog, AUDIT_LABEL_OVERRIDE, audit_message,
8936a5c
+                                   ServerName, NULL, NULL, 0);
cb06f24
+	  }
8936a5c
+          cupsdClearString(&audit_message);
cb06f24
+	}
8936a5c
       }
cb06f24
+
8936a5c
+      if (userheader)
8936a5c
+        free(userheader);
8936a5c
+      if (userfooter)
8936a5c
+        free(userfooter);
8936a5c
+#endif /* WITH_LSPP */
cb06f24
     }
cb06f24
+    
cb06f24
 
8936a5c
    /*
8936a5c
     * See if we need to add the starting sheet...
8399d83
@@ -4300,6 +4530,103 @@ check_rss_recipient(
8936a5c
 }
8936a5c
 
8936a5c
 
8936a5c
+#ifdef WITH_LSPP
8936a5c
+/*
8936a5c
+ * 'check_context()' - Check SELinux security context of a user and job
8936a5c
+ */
f4b6623
+
8936a5c
+static int				/* O - 1 if OK, 0 if not, -1 on error */
8936a5c
+check_context(cupsd_client_t *con,	/* I - Client connection */
8936a5c
+             cupsd_job_t    *job)	/* I - Job */
8936a5c
+{
8936a5c
+  int			enforcing;	/* is SELinux in enforcing mode */
8936a5c
+  char			filename[1024]; /* Filename of the spool file */
8936a5c
+  security_id_t		clisid;		/* SELinux SID of the client */
8936a5c
+  security_id_t		jobsid;		/* SELinux SID of the job */
8936a5c
+  security_id_t		filesid;	/* SELinux SID of the spool file */
8936a5c
+  struct avc_entry_ref	avcref;		/* AVC entry cache pointer */
8936a5c
+  security_class_t	tclass;		/* SELinux security class */
8936a5c
+  access_vector_t	avr;		/* SELinux access being queried */
8936a5c
+  security_context_t	spoolfilecon;	/* SELinux context of the spool file */
f4b6623
+
75d0e82
+
8936a5c
+ /*
8936a5c
+  * Validate the input to be sure there are contexts to work with...
8936a5c
+  */
f4b6623
+
8936a5c
+  if (con->scon == NULL || job->scon == NULL
8936a5c
+      || strncmp(con->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0
8936a5c
+      || strncmp(job->scon, UNKNOWN_SL, strlen(UNKNOWN_SL)) == 0)
8936a5c
+    return -1;
75d0e82
+
8936a5c
+  if ((enforcing = security_getenforce()) == -1)
8936a5c
+  {
8936a5c
+    cupsdLogMessage(CUPSD_LOG_ERROR, "Error while determining SELinux enforcement");
8936a5c
+    return -1;
8936a5c
+  }
8936a5c
+  cupsdLogMessage(CUPSD_LOG_DEBUG, "check_context: client context %s job context %s", con->scon, job->scon);
75d0e82
+
75d0e82
+
8936a5c
+ /*
8936a5c
+  * Initialize the avc engine...
8936a5c
+  */
22cc213
+
8936a5c
+  if (avc_init("cupsd", NULL, NULL, NULL, NULL) < 0)
8936a5c
+  {
8936a5c
+    cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable avc_init");
8936a5c
+    return -1;
8936a5c
+  } 
8936a5c
+  if (avc_context_to_sid(con->scon, &clisid) != 0)
8936a5c
+  {
8936a5c
+    cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: unable to convert %s to SELinux sid", con->scon);
8936a5c
+    return -1;
8936a5c
+  }
8936a5c
+  avc_context_to_sid(job->scon, &jobsid);
8936a5c
+  avc_entry_ref_init(&avcref);
8936a5c
+  tclass = SECCLASS_FILE;
8936a5c
+  avr = FILE__READ;
f4b6623
+
8936a5c
+ /*
8936a5c
+  * Perform the check with the client as the subject, first with the job as the object
8936a5c
+  *   if that fails then with the spool file as the object...
8936a5c
+  */
f4b6623
+
8936a5c
+  if (avc_has_perm_noaudit(clisid, jobsid, tclass, avr, &avcref, NULL) != 0)
8936a5c
+  {
8936a5c
+    cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access based on the client context");
5dd9863
+
8936a5c
+    snprintf(filename, sizeof(filename), "%s/c%05d", RequestRoot, job->id);
8936a5c
+    if (getfilecon(filename, &spoolfilecon) == -1)
8936a5c
+    {
8936a5c
+      cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to get spoolfile context");
8936a5c
+      return -1;
8936a5c
+    }
8936a5c
+    if (avc_context_to_sid(spoolfilecon, &filesid) != 0)
8936a5c
+    {
8936a5c
+      cupsdLogMessage(CUPSD_LOG_ERROR, "check_context: Unable to determine the SELinux sid for the spool file");
8936a5c
+      freecon(spoolfilecon);
8936a5c
+      return -1;
8936a5c
+    }
8936a5c
+    freecon(spoolfilecon);
8936a5c
+    if (avc_has_perm_noaudit(clisid, filesid, tclass, avr, &avcref, NULL) != 0)
8936a5c
+    {
8936a5c
+      cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux denied access to the spool file");
8936a5c
+      return 0;
8936a5c
+    }
8936a5c
+    cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access to the spool file");
8936a5c
+    return 1;
8936a5c
+  }
8936a5c
+  else
8936a5c
+    if (enforcing == 0)
8936a5c
+        cupsdLogMessage(CUPSD_LOG_INFO, "check_context: allowing operation due to permissive mode");
8936a5c
+    else
8936a5c
+        cupsdLogMessage(CUPSD_LOG_INFO, "check_context: SELinux allowed access based on the client context");