[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Initial CUPS auditing patch



After seeing what Cory and TCS have done I started working on some of
the other LSPP requirements around printing.  Attached is a patch that
applies on top of Cups 1.2.23 with the TCS patch applied.

Right now the patch is a basic audting framework with only a few audited events such as the classification of the cups daemon, if users are allowed to override the banners on the command line, that sort of thing. The patch currently uses AUDIT_USER as the message type. This was suggested by Steve as a work around while the message types are being decided. So far I've only really made Job related messages and Config related messages, but I'm sure more will come.

Some sample messages are:
'CUPS Config: ClassifyOverride is enabled'
'CUPS Config: System wide Classification set to "classified"'
'CUPS Config: Setting printer "freecoffee" banners to "secret" "secret"'
'CUPS Config: Setting printer "localghost" banners to "topsecret" "none"'
'CUPS Job #1: being printed on "freecoffee" with labels "classified"
"classified"'

One thing I did try to do, but have since removed, is attempt to
determine if the user specified "-o job_sheets=foo" which is the cups
way to override the banners.  It seems that with a system wide
classification set this user option is overwritten.  Auditing the
client's end of printing could present some challenges due to the client
- server nature of cups.  One option may be to expand the way cups does
IPP to include more meta data in the client request, although this is
not without issues.

Cups does seem to have support for classifications and labels, and this
patch and the one from TCS improve on those features, but at this point I'm concerned that its basic infrastucture isn't right for what we need from a strict LSPP perspective. Things like a label translation table built-in seems like a feature that Trusted/Labeled printing users would like, but doesn't seem like something Cups would want to upstream.


I'm going to be away thru the end of this week, but I wanted to get this
out for comments. I'll be checking in on my mail, but don't be offened if I don't get back to you right away.


-matt

diff -bur --exclude .svn cups/Makedefs.in cups-audit/Makedefs.in
--- cups/Makedefs.in	2005-08-16 16:14:54.559365416 -0400
+++ cups-audit/Makedefs.in	2005-08-16 16:12:44.077201720 -0400
@@ -85,7 +85,7 @@
 
 ARFLAGS		=	@ARFLAGS@
 BACKLIBS	=	@BACKLIBS@
-CFLAGS		=	$(RC_CFLAGS) $(SSLFLAGS) -DWITH_SELINUX_MLS @CPPFLAGS@ @CFLAGS@ -I.. $(OPTIONS)
+CFLAGS		=	$(RC_CFLAGS) $(SSLFLAGS) -DWITH_SELINUX_MLS -DWITH_AUDIT @CPPFLAGS@ @CFLAGS@ -I.. $(OPTIONS)
 COMMONLIBS	=	@COMMONLIBS@
 CXXFLAGS	=	$(RC_CFLAGS) @CPPFLAGS@ @CXXFLAGS@ -I.. $(OPTIONS)
 CXXLIBS		=	@CXXLIBS@
diff -bur --exclude .svn cups/scheduler/conf.c cups-audit/scheduler/conf.c
--- cups/scheduler/conf.c	2005-08-16 13:09:38.133319048 -0400
+++ cups-audit/scheduler/conf.c	2005-08-16 15:04:16.017721688 -0400
@@ -50,6 +50,9 @@
 #  include <syslog.h>
 #endif /* HAVE_VSYSLOG */
 
+#ifdef WITH_AUDIT
+#  include <libaudit.h>
+#endif /* WITH_AUDIT */
 
 /*
  * Possibly missing network definitions...
@@ -142,6 +145,9 @@
   { "ServerName",		&ServerName,		VAR_STRING },
   { "ServerRoot",		&ServerRoot,		VAR_STRING },
   { "TempDir",			&TempDir,		VAR_STRING },
+#ifdef WITH_AUDIT
+  { "AuditLog",			&AuditLog,		VAR_INTEGER },
+#endif /* WITH_AUDIT */
   { "Timeout",			&Timeout,		VAR_INTEGER }
 };
 #define NUM_VARS	(sizeof(variables) / sizeof(variables[0]))
@@ -387,6 +393,14 @@
 
   cupsFileClose(fp);
 
+#ifdef WITH_AUDIT
+  /*  ClassifyOverride is set during read_cofiguration, if its on, report it now */
+  if (ClassifyOverride)
+    audit_log(AuditLog, AUDIT_USER, "CUPS Config: ClassifyOverride is enabled");
+  else
+    audit_log(AuditLog, AUDIT_USER, "CUPS Config: ClassifyOverride is disabled");
+#endif /* WITH_AUDIT */
+
   if (!status)
     return (0);
 
@@ -569,7 +583,13 @@
     ClearString(&Classification);
 
   if (Classification)
+  {
     LogMessage(L_INFO, "Security set to \"%s\"", Classification);
+#ifdef WITH_AUDIT
+    audit_log(AuditLog, AUDIT_USER, "CUPS Config: System wide Classification set to \"%s\"",
+              Classification);
+#endif /* WITH_AUDIT */
+  }
 
  /*
   * Update the MaxClientsPerHost value, as needed...
diff -bur --exclude .svn cups/scheduler/conf.h cups-audit/scheduler/conf.h
--- cups/scheduler/conf.h	2005-08-16 13:09:38.137318440 -0400
+++ cups-audit/scheduler/conf.h	2005-08-11 18:05:27.000000000 -0400
@@ -167,6 +167,10 @@
 					/* Number of MIME types */
 VAR const char		**MimeTypes		VALUE(NULL);
 					/* Array of MIME types */
+#ifdef WITH_AUDIT
+VAR int			AuditLog			VALUE(-1);
+					/* File descriptor for audit */
+#endif /* WITH_AUDIT */
 
 #ifdef HAVE_SSL
 VAR char		*ServerCertificate	VALUE(NULL);
diff -bur --exclude .svn cups/scheduler/job.c cups-audit/scheduler/job.c
--- cups/scheduler/job.c	2005-08-16 13:09:38.150316464 -0400
+++ cups-audit/scheduler/job.c	2005-08-16 15:37:43.372557368 -0400
@@ -69,6 +69,10 @@
 #include <selinux/selinux.h>
 #endif /* WITH_SELINUX_MLS */
 
+#ifdef WITH_AUDIT
+#include <libaudit.h>
+#endif /* WITH_AUDIT */
+
 /*
  * Local globals...
  */
@@ -874,6 +878,10 @@
 
       if ((attr = ippFindAttribute(current->attrs, "job-printer-uri", IPP_TAG_URI)) != NULL)
       {
+#ifdef WITH_AUDIT
+        audit_log(AuditLog, AUDIT_USER, "CUPS Job #%d: Changing destination from \"%s\" to \"%s\"",
+                  id, attr->values[0].string.text, p->uri);
+#endif /* WITH_AUDIT */
         free(attr->values[0].string.text);
 	attr->values[0].string.text = strdup(p->uri);
       }
@@ -1425,6 +1433,10 @@
     if ((current->job_sheets =
          ippFindAttribute(current->attrs, "job-sheets", IPP_TAG_ZERO)) != NULL)
       LogMessage(L_DEBUG, "... but someone added one without setting job_sheets!");
+#ifdef WITH_AUDIT
+    audit_log(AuditLog, AUDIT_USER, "CUPS Job #%d: printing on \"%s\" without any banners",
+              id, printer->name);
+#endif /* WITH_AUDIT */
   }
   else if (current->job_sheets->num_values == 1)
     LogMessage(L_DEBUG, "job-sheets=%s",
@@ -1812,6 +1824,10 @@
     snprintf(classification, sizeof(classification), "CLASSIFICATION=%s",
              mls_label);
     envp[envc ++] = classification;
+#ifdef WITH_AUDIT
+    audit_log(AuditLog, AUDIT_USER, "CUPS Job #%d: being printed on \"%s\" with label \"%s\"",
+              id, printer->name, mls_label);
+#endif /* WITH_AUDIT */
   }
 #else
   if (Classification && !banner_page)
@@ -1829,6 +1845,10 @@
                attr->values[0].string.text);
 
     envp[envc ++] = classification;
+#ifdef WITH_AUDIT
+    audit_log(AuditLog, AUDIT_USER, "CUPS Job #%d: being printed on \"%s\" with labels \"%s\" \"%s\"",
+              id, printer->name, attr->values[0].string.text, attr->values[1].string.text);
+#endif /* WITH_AUDIT */
   }
 #endif /* WITH_SELINUX_MLS */
 
diff -bur --exclude .svn cups/scheduler/main.c cups-audit/scheduler/main.c
--- cups/scheduler/main.c	2005-08-16 13:09:38.154315856 -0400
+++ cups-audit/scheduler/main.c	2005-08-11 17:47:31.000000000 -0400
@@ -55,6 +55,9 @@
 #  include <malloc.h>
 #endif /* HAVE_MALLOC_H && HAVE_MALLINFO */
 
+#ifdef WITH_AUDIT
+#include <libaudit.h>
+#endif /* WITH_AUDIT */
 
 /*
  * Local functions...
@@ -177,6 +180,10 @@
   if (!ConfigurationFile)
     SetString(&ConfigurationFile, CUPS_SERVERROOT "/cupsd.conf");
 
+#ifdef WITH_AUDIT
+  AuditLog = audit_open();
+#endif /* WITH_AUDIT */
+
  /*
   * If the user hasn't specified "-f", run in the background...
   */
@@ -786,6 +793,10 @@
   free(input);
   free(output);
 
+#ifdef WITH_AUDIT
+  audit_close(AuditLog);
+#endif /* WITH_AUDIT */
+
   return (!stop_scheduler);
 }
 
diff -bur --exclude .svn cups/scheduler/Makefile cups-audit/scheduler/Makefile
--- cups/scheduler/Makefile	2005-08-16 13:09:38.140317984 -0400
+++ cups-audit/scheduler/Makefile	2005-08-15 17:45:08.305147448 -0400
@@ -82,7 +82,7 @@
 	echo Linking $    
 	$(CC) $(LDFLAGS) -o cupsd $(CUPSDOBJS) libmime.a \
 		$(LIBZ) $(SSLLIBS) $(LIBSLP) $(PAMLIBS) $(LIBS) \
-		$(LIBPAPER) $(LIBMALLOC) -lselinux
+		$(LIBPAPER) $(LIBMALLOC) -lselinux -laudit
 
 
 #
diff -bur --exclude .svn cups/scheduler/printers.c cups-audit/scheduler/printers.c
--- cups/scheduler/printers.c	2005-08-16 13:09:38.144317376 -0400
+++ cups-audit/scheduler/printers.c	2005-08-16 15:10:19.226505560 -0400
@@ -56,6 +56,9 @@
 
 #include "cupsd.h"
 
+#ifdef WITH_AUDIT
+#include <libaudit.h>
+#endif
 
 /*
  * Local functions...
@@ -1275,6 +1278,11 @@
       attr->values[1].string.text = strdup(Classification ?
 	                                   Classification : p->job_sheets[1]);
     }
+
+#ifdef WITH_AUDIT
+    audit_log(AuditLog, AUDIT_USER, "CUPS Config: Setting printer \"%s\" banners to \"%s\" \"%s\"",
+              p->name, p->job_sheets[0], p->job_sheets[1]);
+#endif /* WITH_AUDIT */
   }
 
   printer_type = p->type;


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]