[thirdparty/cups.git] / scheduler / cups-exec.c

/*
 * "$Id$"
 *
 * Sandbox helper for CUPS.
 *
 * Copyright 2007-2014 by Apple Inc.
 *
 * These coded instructions, statements, and computer programs are the
 * property of Apple Inc. and are protected by Federal copyright
 * law.  Distribution and use rights are outlined in the file "LICENSE.txt"
 * which should have been included with this file.  If this file is
 * file is missing or damaged, see the license at "http://www.cups.org/".
 *
 * Usage:
 *
 *     cups-exec /path/to/profile UID GID NICE /path/to/program argv0 argv1 ... argvN
 */

/*
 * Include necessary headers...
 */

#include <cups/string-private.h>
#include <unistd.h>
#include <fcntl.h>
#include <sys/stat.h>
#ifdef HAVE_SANDBOX_H
#  include <sandbox.h>
#  ifndef SANDBOX_NAMED_EXTERNAL
#    define SANDBOX_NAMED_EXTERNAL  0x0003
#  endif /* !SANDBOX_NAMED_EXTERNAL */
#  pragma GCC diagnostic ignored "-Wdeprecated-declarations"
#endif /* HAVE_SANDBOX_H */


/*
 * 'main()' - Apply sandbox profile and execute program.
 */

int					/* O - Exit status */
main(int  argc,				/* I - Number of command-line args */
     char *argv[])			/* I - Command-line arguments */
{
  uid_t	uid;				/* UID */
  gid_t	gid;				/* GID */
  int	niceval;			/* Nice value */
#ifdef HAVE_SANDBOX_H
  char	*sandbox_error = NULL;		/* Sandbox error, if any */
#endif /* HAVE_SANDBOX_H */


 /*
  * Check that we have enough arguments...
  */

  if (argc < 7)
  {
    puts("Usage: cups-exec /path/to/profile UID GID NICE /path/to/program argv0 argv1 ... argvN");
    return (1);
  }

 /*
  * Make sure side and back channel FDs are non-blocking...
  */

  fcntl(3, F_SETFL, O_NDELAY);
  fcntl(4, F_SETFL, O_NDELAY);

#ifdef HAVE_SANDBOX_H
 /*
  * Run in a separate security profile...
  */

  if (strcmp(argv[1], "none") &&
      sandbox_init(argv[1], SANDBOX_NAMED_EXTERNAL, &sandbox_error))
  {
    fprintf(stderr, "DEBUG: sandbox_init failed: %s (%s)\n", sandbox_error,
	    strerror(errno));
    sandbox_free_error(sandbox_error);
    return (1);
  }
#endif /* HAVE_SANDBOX_H */

 /*
  * Change UID, GID, and nice value...
  */

  uid     = (uid_t)atoi(argv[2]);
  gid     = (gid_t)atoi(argv[3]);
  niceval = atoi(argv[4]);

  if (uid)
    nice(niceval);

  if (!getuid())
  {
    if (setgid(gid))
      exit(errno + 100);

    if (setgroups(1, &gid))
      exit(errno + 100);

    if (uid && setuid(uid))
      exit(errno + 100);
  }

  umask(077);

 /*
  * Execute the program...
  */

  execv(argv[5], argv + 6);

 /*
  * If we get here, execv() failed...
  */

  fprintf(stderr, "DEBUG: execv failed: %s\n", strerror(errno));
  return (1);
}


/*
 * End of "$Id$".
 */
Commit	Line	Data
0268488e MS	1	/*
	2	* "$Id$"
	3	*
c82f05ea	4	* Sandbox helper for CUPS.
0268488e	5	*
c82f05ea	6	* Copyright 2007-2014 by Apple Inc.
0268488e	7	*
c82f05ea MS	8	* These coded instructions, statements, and computer programs are the
	9	* property of Apple Inc. and are protected by Federal copyright
	10	* law. Distribution and use rights are outlined in the file "LICENSE.txt"
	11	* which should have been included with this file. If this file is
	12	* file is missing or damaged, see the license at "http://www.cups.org/".
0268488e MS	13	*
	14	* Usage:
	15	*
c82f05ea	16	* cups-exec /path/to/profile UID GID NICE /path/to/program argv0 argv1 ... argvN
0268488e MS	17	*/
	18
	19	/*
	20	* Include necessary headers...
	21	*/
	22
	23	#include <cups/string-private.h>
	24	#include <unistd.h>
c82f05ea MS	25	#include <fcntl.h>
c82f05ea MS	26	#include <sys/stat.h>
0268488e	27	#ifdef HAVE_SANDBOX_H
0268488e	28	# include <sandbox.h>
a4845881 MS	29	# ifndef SANDBOX_NAMED_EXTERNAL
	30	# define SANDBOX_NAMED_EXTERNAL 0x0003
	31	# endif /* !SANDBOX_NAMED_EXTERNAL */
6961465f	32	# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
0268488e MS	33	#endif /* HAVE_SANDBOX_H */
	34
	35
	36	/*
	37	* 'main()' - Apply sandbox profile and execute program.
	38	*/
	39
	40	int /* O - Exit status */
	41	main(int argc, /* I - Number of command-line args */
	42	char argv[]) / I - Command-line arguments */
	43	{
c82f05ea MS	44	uid_t uid; /* UID */
	45	gid_t gid; /* GID */
	46	int niceval; /* Nice value */
0268488e MS	47	#ifdef HAVE_SANDBOX_H
	48	char sandbox_error = NULL; / Sandbox error, if any */
	49	#endif /* HAVE_SANDBOX_H */
	50
	51
	52	/*
	53	* Check that we have enough arguments...
	54	*/
	55
c82f05ea	56	if (argc < 7)
0268488e	57	{
c82f05ea	58	puts("Usage: cups-exec /path/to/profile UID GID NICE /path/to/program argv0 argv1 ... argvN");
0268488e MS	59	return (1);
	60	}
	61
c82f05ea MS	62	/*
	63	* Make sure side and back channel FDs are non-blocking...
	64	*/
	65
	66	fcntl(3, F_SETFL, O_NDELAY);
	67	fcntl(4, F_SETFL, O_NDELAY);
	68
0268488e MS	69	#ifdef HAVE_SANDBOX_H
	70	/*
	71	* Run in a separate security profile...
	72	*/
	73
22c9029b MS	74	if (strcmp(argv[1], "none") &&
22c9029b MS	75	sandbox_init(argv[1], SANDBOX_NAMED_EXTERNAL, &sandbox_error))
0268488e MS	76	{
	77	fprintf(stderr, "DEBUG: sandbox_init failed: %s (%s)\n", sandbox_error,
	78	strerror(errno));
	79	sandbox_free_error(sandbox_error);
	80	return (1);
	81	}
	82	#endif /* HAVE_SANDBOX_H */
	83
c82f05ea MS	84	/*
	85	* Change UID, GID, and nice value...
	86	*/
	87
	88	uid = (uid_t)atoi(argv[2]);
	89	gid = (gid_t)atoi(argv[3]);
	90	niceval = atoi(argv[4]);
	91
	92	if (uid)
	93	nice(niceval);
	94
	95	if (!getuid())
	96	{
	97	if (setgid(gid))
	98	exit(errno + 100);
	99
	100	if (setgroups(1, &gid))
	101	exit(errno + 100);
	102
	103	if (uid && setuid(uid))
	104	exit(errno + 100);
	105	}
	106
	107	umask(077);
	108
0268488e MS	109	/*
	110	* Execute the program...
	111	*/
	112
c82f05ea	113	execv(argv[5], argv + 6);
0268488e MS	114
	115	/*
	116	* If we get here, execv() failed...
	117	*/
	118
	119	fprintf(stderr, "DEBUG: execv failed: %s\n", strerror(errno));
	120	return (1);
	121	}
	122
	123
	124	/*
	125	* End of "$Id$".
	126	*/