]>
Commit | Line | Data |
---|---|---|
ef416fc2 | 1 | /* |
2e4ff8af | 2 | * "$Id: process.c 6987 2007-09-25 15:43:44Z mike $" |
ef416fc2 | 3 | * |
4 | * Process management routines for the Common UNIX Printing System (CUPS). | |
5 | * | |
bc44d920 | 6 | * Copyright 2007 by Apple Inc. |
f7deaa1a | 7 | * Copyright 1997-2007 by Easy Software Products, all rights reserved. |
ef416fc2 | 8 | * |
9 | * These coded instructions, statements, and computer programs are the | |
bc44d920 | 10 | * property of Apple Inc. and are protected by Federal copyright |
11 | * law. Distribution and use rights are outlined in the file "LICENSE.txt" | |
12 | * which should have been included with this file. If this file is | |
13 | * file is missing or damaged, see the license at "http://www.cups.org/". | |
ef416fc2 | 14 | * |
15 | * Contents: | |
16 | * | |
a4924f6c MS |
17 | * cupsdCreateProfile() - Create an execution profile for a subprocess. |
18 | * cupsdDestroyProfile() - Delete an execution profile. | |
19 | * cupsdEndProcess() - End a process. | |
20 | * cupsdFinishProcess() - Finish a process and get its name. | |
21 | * cupsdStartProcess() - Start a process. | |
22 | * compare_procs() - Compare two processes. | |
23 | * cupsd_requote() - Make a regular-expression version of a string. | |
ef416fc2 | 24 | */ |
25 | ||
26 | /* | |
27 | * Include necessary headers... | |
28 | */ | |
29 | ||
30 | #include "cupsd.h" | |
31 | #include <grp.h> | |
a4924f6c | 32 | #ifdef __APPLE__ |
4400e98d | 33 | # include <libgen.h> |
e53920b9 | 34 | #endif /* __APPLE__ */ |
a4924f6c MS |
35 | #ifdef HAVE_SANDBOX_H |
36 | # define __APPLE_API_PRIVATE | |
37 | # include <sandbox.h> | |
38 | #endif /* HAVE_SANDBOX_H */ | |
ef416fc2 | 39 | |
40 | ||
e00b005a | 41 | /* |
42 | * Process structure... | |
43 | */ | |
44 | ||
45 | typedef struct | |
46 | { | |
47 | int pid; /* Process ID */ | |
48 | char name[1]; /* Name of process */ | |
49 | } cupsd_proc_t; | |
50 | ||
51 | ||
52 | /* | |
53 | * Local globals... | |
54 | */ | |
55 | ||
56 | static cups_array_t *process_array = NULL; | |
57 | ||
58 | ||
59 | /* | |
60 | * Local functions... | |
61 | */ | |
62 | ||
63 | static int compare_procs(cupsd_proc_t *a, cupsd_proc_t *b); | |
a4924f6c MS |
64 | #ifdef HAVE_SANDBOX_H |
65 | static char *cupsd_requote(char *dst, const char *src, size_t dstsize); | |
66 | #endif /* HAVE_SANDBOX_H */ | |
67 | ||
68 | ||
69 | /* | |
70 | * 'cupsdCreateProfile()' - Create an execution profile for a subprocess. | |
71 | */ | |
72 | ||
73 | void * /* O - Profile or NULL on error */ | |
74 | cupsdCreateProfile(int job_id) /* I - Job ID or 0 for none */ | |
75 | { | |
76 | #ifdef HAVE_SANDBOX_H | |
77 | cups_file_t *fp; /* File pointer */ | |
78 | char profile[1024], /* File containing the profile */ | |
79 | cache[1024], /* Quoted CacheDir */ | |
80 | request[1024], /* Quoted RequestRoot */ | |
81 | root[1024], /* Quoted ServerRoot */ | |
82 | temp[1024]; /* Quoted TempDir */ | |
83 | ||
84 | ||
85 | if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL) | |
86 | { | |
87 | cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create security profile: %s", | |
88 | strerror(errno)); | |
89 | return (NULL); | |
90 | } | |
91 | ||
92 | cupsd_requote(cache, CacheDir, sizeof(cache)); | |
93 | cupsd_requote(request, RequestRoot, sizeof(request)); | |
94 | cupsd_requote(root, ServerRoot, sizeof(root)); | |
95 | cupsd_requote(temp, TempDir, sizeof(temp)); | |
96 | ||
97 | cupsFilePuts(fp, "(version 1)\n"); | |
98 | cupsFilePuts(fp, "(debug deny)\n"); | |
99 | cupsFilePuts(fp, "(allow default)\n"); | |
100 | cupsFilePrintf(fp, | |
101 | "(deny file-write* file-read-data file-read-metadata\n" | |
102 | " (regex #\"^%s\"))\n", request); | |
103 | cupsFilePrintf(fp, | |
104 | "(deny file-write*\n" | |
105 | " (regex #\"^%s\" #\"^/private/etc\" #\"^/usr/local/etc\" " | |
106 | "#\"^/Library\" #\"^/System\"))\n", root); | |
107 | cupsFilePrintf(fp, | |
108 | "(allow file-write* file-read-data file-read-metadata\n" | |
109 | " (regex #\"^%s$\" #\"^%s/\" #\"^%s$\" #\"^%s/\"))\n", | |
110 | temp, temp, cache, cache); | |
111 | if (job_id) | |
112 | cupsFilePrintf(fp, | |
113 | "(allow file-read-data file-read-metadata\n" | |
114 | " (regex #\"^%s/([ac]%05d|d%05d-[0-9][0-9][0-9])$\"))\n", | |
115 | request); | |
116 | ||
117 | cupsFileClose(fp); | |
118 | ||
119 | return ((void *)strdup(profile)); | |
120 | #else | |
121 | ||
122 | return (NULL); | |
123 | #endif /* HAVE_SANDBOX_H */ | |
124 | } | |
125 | ||
126 | ||
127 | /* | |
128 | * 'cupsdDestroyProfile()' - Delete an execution profile. | |
129 | */ | |
130 | ||
131 | void | |
132 | cupsdDestroyProfile(void *profile) /* I - Profile */ | |
133 | { | |
134 | #ifdef HAVE_SANDBOX_H | |
135 | if (profile) | |
136 | { | |
137 | unlink((char *)profile); | |
138 | free(profile); | |
139 | } | |
140 | #endif /* HAVE_SANDBOX_H */ | |
141 | } | |
e00b005a | 142 | |
143 | ||
ef416fc2 | 144 | /* |
145 | * 'cupsdEndProcess()' - End a process. | |
146 | */ | |
147 | ||
148 | int /* O - 0 on success, -1 on failure */ | |
149 | cupsdEndProcess(int pid, /* I - Process ID */ | |
150 | int force) /* I - Force child to die */ | |
151 | { | |
152 | if (force) | |
153 | return (kill(pid, SIGKILL)); | |
154 | else | |
155 | return (kill(pid, SIGTERM)); | |
156 | } | |
157 | ||
158 | ||
e00b005a | 159 | /* |
160 | * 'cupsdFinishProcess()' - Finish a process and get its name. | |
161 | */ | |
162 | ||
163 | const char * /* O - Process name */ | |
164 | cupsdFinishProcess(int pid, /* I - Process ID */ | |
165 | char *name, /* I - Name buffer */ | |
166 | int namelen) /* I - Size of name buffer */ | |
167 | { | |
168 | cupsd_proc_t key, /* Search key */ | |
169 | *proc; /* Matching process */ | |
170 | ||
171 | ||
172 | key.pid = pid; | |
173 | ||
174 | if ((proc = (cupsd_proc_t *)cupsArrayFind(process_array, &key)) != NULL) | |
175 | { | |
176 | strlcpy(name, proc->name, namelen); | |
177 | cupsArrayRemove(process_array, proc); | |
178 | free(proc); | |
179 | ||
180 | return (name); | |
181 | } | |
182 | else | |
183 | return ("unknown"); | |
184 | } | |
185 | ||
186 | ||
ef416fc2 | 187 | /* |
188 | * 'cupsdStartProcess()' - Start a process. | |
189 | */ | |
190 | ||
191 | int /* O - Process ID or 0 */ | |
192 | cupsdStartProcess( | |
193 | const char *command, /* I - Full path to command */ | |
194 | char *argv[], /* I - Command-line arguments */ | |
195 | char *envp[], /* I - Environment */ | |
196 | int infd, /* I - Standard input file descriptor */ | |
197 | int outfd, /* I - Standard output file descriptor */ | |
198 | int errfd, /* I - Standard error file descriptor */ | |
199 | int backfd, /* I - Backchannel file descriptor */ | |
f7deaa1a | 200 | int sidefd, /* I - Sidechannel file descriptor */ |
ef416fc2 | 201 | int root, /* I - Run as root? */ |
a4924f6c | 202 | void *profile, /* I - Security profile to use */ |
ef416fc2 | 203 | int *pid) /* O - Process ID */ |
204 | { | |
e00b005a | 205 | cupsd_proc_t *proc; /* New process record */ |
ef416fc2 | 206 | #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET) |
e00b005a | 207 | struct sigaction action; /* POSIX signal handler */ |
ef416fc2 | 208 | #endif /* HAVE_SIGACTION && !HAVE_SIGSET */ |
e53920b9 | 209 | #if defined(__APPLE__) |
e00b005a | 210 | char processPath[1024], /* CFProcessPath environment variable */ |
211 | linkpath[1024]; /* Link path for symlinks... */ | |
212 | int linkbytes; /* Bytes for link path */ | |
e53920b9 | 213 | #endif /* __APPLE__ */ |
ef416fc2 | 214 | |
215 | ||
216 | cupsdLogMessage(CUPSD_LOG_DEBUG2, | |
217 | "cupsdStartProcess(\"%s\", %p, %p, %d, %d, %d)", | |
218 | command, argv, envp, infd, outfd, errfd); | |
219 | ||
76cd9e37 MS |
220 | if (access(command, X_OK)) |
221 | { | |
222 | cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to execute %s: %s", command, | |
223 | strerror(errno)); | |
7dfedb92 | 224 | *pid = 0; |
76cd9e37 MS |
225 | return (0); |
226 | } | |
227 | ||
e53920b9 | 228 | #if defined(__APPLE__) |
229 | if (envp) | |
e00b005a | 230 | { |
231 | /* | |
e53920b9 | 232 | * Add special voodoo magic for MacOS X - this allows MacOS X |
233 | * programs to access their bundle resources properly... | |
e00b005a | 234 | */ |
235 | ||
e53920b9 | 236 | if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0) |
237 | { | |
238 | /* | |
239 | * Yes, this is a symlink to the actual program, nul-terminate and | |
240 | * use it... | |
241 | */ | |
242 | ||
243 | linkpath[linkbytes] = '\0'; | |
e00b005a | 244 | |
e53920b9 | 245 | if (linkpath[0] == '/') |
246 | snprintf(processPath, sizeof(processPath), "CFProcessPath=%s", | |
247 | linkpath); | |
248 | else | |
249 | snprintf(processPath, sizeof(processPath), "CFProcessPath=%s/%s", | |
f7deaa1a | 250 | dirname((char *)command), linkpath); |
e53920b9 | 251 | } |
e00b005a | 252 | else |
e53920b9 | 253 | snprintf(processPath, sizeof(processPath), "CFProcessPath=%s", command); |
bd7854cb | 254 | |
e53920b9 | 255 | envp[0] = processPath; /* Replace <CFProcessPath> string */ |
256 | } | |
257 | #endif /* __APPLE__ */ | |
e00b005a | 258 | |
ef416fc2 | 259 | /* |
260 | * Block signals before forking... | |
261 | */ | |
262 | ||
263 | cupsdHoldSignals(); | |
264 | ||
265 | if ((*pid = fork()) == 0) | |
266 | { | |
267 | /* | |
268 | * Child process goes here... | |
269 | * | |
270 | * Update stdin/stdout/stderr as needed... | |
271 | */ | |
272 | ||
273 | if (infd != 0) | |
274 | { | |
275 | close(0); | |
276 | if (infd > 0) | |
277 | dup(infd); | |
278 | else | |
279 | open("/dev/null", O_RDONLY); | |
280 | } | |
281 | if (outfd != 1) | |
282 | { | |
283 | close(1); | |
284 | if (outfd > 0) | |
285 | dup(outfd); | |
286 | else | |
287 | open("/dev/null", O_WRONLY); | |
288 | } | |
289 | if (errfd != 2) | |
290 | { | |
291 | close(2); | |
292 | if (errfd > 0) | |
293 | dup(errfd); | |
294 | else | |
295 | open("/dev/null", O_WRONLY); | |
296 | } | |
297 | if (backfd != 3) | |
298 | { | |
299 | close(3); | |
300 | if (backfd > 0) | |
301 | dup(backfd); | |
302 | else | |
303 | open("/dev/null", O_RDWR); | |
304 | fcntl(3, F_SETFL, O_NDELAY); | |
305 | } | |
f7deaa1a | 306 | if (sidefd != 4 && sidefd > 0) |
307 | { | |
308 | close(4); | |
309 | dup(sidefd); | |
310 | fcntl(4, F_SETFL, O_NDELAY); | |
311 | } | |
ef416fc2 | 312 | |
313 | /* | |
314 | * Change the priority of the process based on the FilterNice setting. | |
315 | * (this is not done for backends...) | |
316 | */ | |
317 | ||
318 | if (!root) | |
319 | nice(FilterNice); | |
320 | ||
321 | /* | |
322 | * Change user to something "safe"... | |
323 | */ | |
324 | ||
325 | if (!root && !RunUser) | |
326 | { | |
327 | /* | |
328 | * Running as root, so change to non-priviledged user... | |
329 | */ | |
330 | ||
331 | if (setgid(Group)) | |
e00b005a | 332 | exit(errno); |
ef416fc2 | 333 | |
334 | if (setgroups(1, &Group)) | |
e00b005a | 335 | exit(errno); |
ef416fc2 | 336 | |
337 | if (setuid(User)) | |
338 | exit(errno); | |
339 | } | |
340 | else | |
341 | { | |
342 | /* | |
343 | * Reset group membership to just the main one we belong to. | |
344 | */ | |
345 | ||
e00b005a | 346 | setgid(Group); |
ef416fc2 | 347 | setgroups(1, &Group); |
348 | } | |
349 | ||
350 | /* | |
351 | * Change umask to restrict permissions on created files... | |
352 | */ | |
353 | ||
354 | umask(077); | |
355 | ||
356 | /* | |
357 | * Unblock signals before doing the exec... | |
358 | */ | |
359 | ||
360 | #ifdef HAVE_SIGSET | |
361 | sigset(SIGTERM, SIG_DFL); | |
362 | sigset(SIGCHLD, SIG_DFL); | |
363 | #elif defined(HAVE_SIGACTION) | |
364 | memset(&action, 0, sizeof(action)); | |
365 | ||
366 | sigemptyset(&action.sa_mask); | |
367 | action.sa_handler = SIG_DFL; | |
368 | ||
369 | sigaction(SIGTERM, &action, NULL); | |
370 | sigaction(SIGCHLD, &action, NULL); | |
371 | #else | |
372 | signal(SIGTERM, SIG_DFL); | |
373 | signal(SIGCHLD, SIG_DFL); | |
374 | #endif /* HAVE_SIGSET */ | |
375 | ||
376 | cupsdReleaseSignals(); | |
377 | ||
a4924f6c MS |
378 | #ifdef HAVE_SANDBOX_H |
379 | /* | |
380 | * Run in a separate security profile... | |
381 | */ | |
382 | ||
383 | if (profile) | |
384 | { | |
385 | char *error; /* Sandbox error, if any */ | |
386 | ||
387 | if (sandbox_init((char *)profile, SANDBOX_NAMED_EXTERNAL, &error)) | |
388 | { | |
389 | fprintf(stderr, "ERROR: sandbox_init failed: %s (%s)\n", error, | |
390 | strerror(errno)); | |
391 | sandbox_free_error(error); | |
392 | } | |
393 | } | |
394 | #endif /* HAVE_SANDBOX_H */ | |
395 | ||
ef416fc2 | 396 | /* |
397 | * Execute the command; if for some reason this doesn't work, | |
398 | * return the error code... | |
399 | */ | |
400 | ||
401 | if (envp) | |
402 | execve(command, argv, envp); | |
403 | else | |
404 | execv(command, argv); | |
405 | ||
406 | perror(command); | |
407 | ||
408 | exit(errno); | |
409 | } | |
410 | else if (*pid < 0) | |
411 | { | |
412 | /* | |
413 | * Error - couldn't fork a new process! | |
414 | */ | |
415 | ||
416 | cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command, | |
417 | strerror(errno)); | |
418 | ||
419 | *pid = 0; | |
420 | } | |
e00b005a | 421 | else |
422 | { | |
423 | if (!process_array) | |
424 | process_array = cupsArrayNew((cups_array_func_t)compare_procs, NULL); | |
425 | ||
426 | if (process_array) | |
427 | { | |
428 | if ((proc = calloc(1, sizeof(cupsd_proc_t) + strlen(command))) != NULL) | |
429 | { | |
430 | proc->pid = *pid; | |
431 | strcpy(proc->name, command); | |
432 | ||
433 | cupsArrayAdd(process_array, proc); | |
434 | } | |
435 | } | |
436 | } | |
ef416fc2 | 437 | |
438 | cupsdReleaseSignals(); | |
439 | ||
440 | return (*pid); | |
441 | } | |
442 | ||
443 | ||
444 | /* | |
e00b005a | 445 | * 'compare_procs()' - Compare two processes. |
446 | */ | |
447 | ||
448 | static int /* O - Result of comparison */ | |
449 | compare_procs(cupsd_proc_t *a, /* I - First process */ | |
450 | cupsd_proc_t *b) /* I - Second process */ | |
451 | { | |
452 | return (a->pid - b->pid); | |
453 | } | |
454 | ||
455 | ||
a4924f6c MS |
456 | #ifdef HAVE_SANDBOX_H |
457 | /* | |
458 | * 'cupsd_requote()' - Make a regular-expression version of a string. | |
459 | */ | |
460 | ||
461 | static char * /* O - Quoted string */ | |
462 | cupsd_requote(char *dst, /* I - Destination buffer */ | |
463 | const char *src, /* I - Source string */ | |
464 | size_t dstsize) /* I - Size of destination buffer */ | |
465 | { | |
466 | int ch; /* Current character */ | |
467 | char *dstptr, /* Current position in buffer */ | |
468 | *dstend; /* End of destination buffer */ | |
469 | ||
470 | ||
471 | dstptr = dst; | |
472 | dstend = dst + dstsize - 2; | |
473 | ||
474 | while (*src && dstptr < dstend) | |
475 | { | |
476 | ch = *src++; | |
477 | ||
478 | if (strchr(".?*()[]^$\\", ch)) | |
479 | *dstptr++ = '\\'; | |
480 | ||
481 | *dstptr++ = ch; | |
482 | } | |
483 | ||
484 | *dstptr = '\0'; | |
485 | ||
486 | return (dst); | |
487 | } | |
488 | #endif /* HAVE_SANDBOX_H */ | |
489 | ||
490 | ||
e00b005a | 491 | /* |
2e4ff8af | 492 | * End of "$Id: process.c 6987 2007-09-25 15:43:44Z mike $". |
ef416fc2 | 493 | */ |