[thirdparty/cups.git] / scheduler / process.c

/*
 * "$Id: process.c 6987 2007-09-25 15:43:44Z mike $"
 *
 *   Process management routines for the Common UNIX Printing System (CUPS).
 *
 *   Copyright 2007 by Apple Inc.
 *   Copyright 1997-2007 by Easy Software Products, all rights reserved.
 *
 *   These coded instructions, statements, and computer programs are the
 *   property of Apple Inc. and are protected by Federal copyright
 *   law.  Distribution and use rights are outlined in the file "LICENSE.txt"
 *   which should have been included with this file.  If this file is
 *   file is missing or damaged, see the license at "http://www.cups.org/".
 *
 * Contents:
 *
 *   cupsdCreateProfile()  - Create an execution profile for a subprocess.
 *   cupsdDestroyProfile() - Delete an execution profile.
 *   cupsdEndProcess()     - End a process.
 *   cupsdFinishProcess()  - Finish a process and get its name.
 *   cupsdStartProcess()   - Start a process.
 *   compare_procs()       - Compare two processes.
 *   cupsd_requote()       - Make a regular-expression version of a string.
 */

/*
 * Include necessary headers...
 */

#include "cupsd.h"
#include <grp.h>
#ifdef __APPLE__
#  include <libgen.h>
#endif /* __APPLE__ */ 
#ifdef HAVE_SANDBOX_H
#  define __APPLE_API_PRIVATE
#  include <sandbox.h>
#endif /* HAVE_SANDBOX_H */


/*
 * Process structure...
 */

typedef struct
{
  int	pid;				/* Process ID */
  char	name[1];			/* Name of process */
} cupsd_proc_t;


/*
 * Local globals...
 */

static cups_array_t	*process_array = NULL;


/*
 * Local functions...
 */

static int	compare_procs(cupsd_proc_t *a, cupsd_proc_t *b);
#ifdef HAVE_SANDBOX_H
static char	*cupsd_requote(char *dst, const char *src, size_t dstsize);
#endif /* HAVE_SANDBOX_H */


/*
 * 'cupsdCreateProfile()' - Create an execution profile for a subprocess.
 */

void *					/* O - Profile or NULL on error */
cupsdCreateProfile(int job_id)		/* I - Job ID or 0 for none */
{
#ifdef HAVE_SANDBOX_H
  cups_file_t	*fp;			/* File pointer */
  char		profile[1024],		/* File containing the profile */
		cache[1024],		/* Quoted CacheDir */
		request[1024],		/* Quoted RequestRoot */
		root[1024],		/* Quoted ServerRoot */
		temp[1024];		/* Quoted TempDir */


  if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL)
  {
    cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create security profile: %s",
                    strerror(errno));
    return (NULL);
  }

  cupsd_requote(cache, CacheDir, sizeof(cache));
  cupsd_requote(request, RequestRoot, sizeof(request));
  cupsd_requote(root, ServerRoot, sizeof(root));
  cupsd_requote(temp, TempDir, sizeof(temp));

  cupsFilePuts(fp, "(version 1)\n");
  cupsFilePuts(fp, "(debug deny)\n");
  cupsFilePuts(fp, "(allow default)\n");
  cupsFilePrintf(fp,
                 "(deny file-write* file-read-data file-read-metadata\n"
                 "  (regex #\"^%s\"))\n", request);
  cupsFilePrintf(fp,
                 "(deny file-write*\n"
                 "  (regex #\"^%s\" #\"^/private/etc\" #\"^/usr/local/etc\" "
		 "#\"^/Library\" #\"^/System\"))\n", root);
  cupsFilePrintf(fp,
                 "(allow file-write* file-read-data file-read-metadata\n"
                 "  (regex #\"^%s$\" #\"^%s/\" #\"^%s$\" #\"^%s/\"))\n",
		 temp, temp, cache, cache);
  if (job_id)
    cupsFilePrintf(fp,
                   "(allow file-read-data file-read-metadata\n"
                   "  (regex #\"^%s/([ac]%05d|d%05d-[0-9][0-9][0-9])$\"))\n",
		   request);

  cupsFileClose(fp);

  return ((void *)strdup(profile));
#else

  return (NULL);
#endif /* HAVE_SANDBOX_H */
}


/*
 * 'cupsdDestroyProfile()' - Delete an execution profile.
 */

void
cupsdDestroyProfile(void *profile)	/* I - Profile */
{
#ifdef HAVE_SANDBOX_H
  if (profile)
  {
    unlink((char *)profile);
    free(profile);
  }
#endif /* HAVE_SANDBOX_H */
}


/*
 * 'cupsdEndProcess()' - End a process.
 */

int					/* O - 0 on success, -1 on failure */
cupsdEndProcess(int pid,		/* I - Process ID */
                int force)		/* I - Force child to die */
{
  if (force)
    return (kill(pid, SIGKILL));
  else
    return (kill(pid, SIGTERM));
}


/*
 * 'cupsdFinishProcess()' - Finish a process and get its name.
 */

const char *				/* O - Process name */
cupsdFinishProcess(int  pid,		/* I - Process ID */
                   char *name,		/* I - Name buffer */
		   int  namelen)	/* I - Size of name buffer */
{
  cupsd_proc_t	key,			/* Search key */
		*proc;			/* Matching process */


  key.pid = pid;

  if ((proc = (cupsd_proc_t *)cupsArrayFind(process_array, &key)) != NULL)
  {
    strlcpy(name, proc->name, namelen);
    cupsArrayRemove(process_array, proc);
    free(proc);

    return (name);
  }
  else
    return ("unknown");
}


/*
 * 'cupsdStartProcess()' - Start a process.
 */

int					/* O - Process ID or 0 */
cupsdStartProcess(
    const char *command,		/* I - Full path to command */
    char       *argv[],			/* I - Command-line arguments */
    char       *envp[],			/* I - Environment */
    int        infd,			/* I - Standard input file descriptor */
    int        outfd,			/* I - Standard output file descriptor */
    int        errfd,			/* I - Standard error file descriptor */
    int        backfd,			/* I - Backchannel file descriptor */
    int        sidefd,			/* I - Sidechannel file descriptor */
    int        root,			/* I - Run as root? */
    void       *profile,		/* I - Security profile to use */
    int        *pid)			/* O - Process ID */
{
  cupsd_proc_t	*proc;			/* New process record */
#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
  struct sigaction action;		/* POSIX signal handler */
#endif /* HAVE_SIGACTION && !HAVE_SIGSET */
#if defined(__APPLE__)
  char		processPath[1024],	/* CFProcessPath environment variable */
		linkpath[1024];		/* Link path for symlinks... */
  int		linkbytes;		/* Bytes for link path */
#endif /* __APPLE__ */


  cupsdLogMessage(CUPSD_LOG_DEBUG2,
                  "cupsdStartProcess(\"%s\", %p, %p, %d, %d, %d)",
                  command, argv, envp, infd, outfd, errfd);

  if (access(command, X_OK))
  {
    cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to execute %s: %s", command,
                    strerror(errno));
    *pid = 0;
    return (0);
  }

#if defined(__APPLE__)
  if (envp)
  {
   /*
    * Add special voodoo magic for MacOS X - this allows MacOS X 
    * programs to access their bundle resources properly...
    */

    if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0)
    {
     /*
      * Yes, this is a symlink to the actual program, nul-terminate and
      * use it...
      */

      linkpath[linkbytes] = '\0';

      if (linkpath[0] == '/')
	snprintf(processPath, sizeof(processPath), "CFProcessPath=%s",
		 linkpath);
      else
	snprintf(processPath, sizeof(processPath), "CFProcessPath=%s/%s",
		 dirname((char *)command), linkpath);
    }
    else
      snprintf(processPath, sizeof(processPath), "CFProcessPath=%s", command);

    envp[0] = processPath;		/* Replace <CFProcessPath> string */
  }
#endif	/* __APPLE__ */

 /*
  * Block signals before forking...
  */

  cupsdHoldSignals();

  if ((*pid = fork()) == 0)
  {
   /*
    * Child process goes here...
    *
    * Update stdin/stdout/stderr as needed...
    */

    if (infd != 0)
    {
      close(0);
      if (infd > 0)
        dup(infd);
      else
        open("/dev/null", O_RDONLY);
    }
    if (outfd != 1)
    {
      close(1);
      if (outfd > 0)
	dup(outfd);
      else
        open("/dev/null", O_WRONLY);
    }
    if (errfd != 2)
    {
      close(2);
      if (errfd > 0)
        dup(errfd);
      else
        open("/dev/null", O_WRONLY);
    }
    if (backfd != 3)
    {
      close(3);
      if (backfd > 0)
	dup(backfd);
      else
        open("/dev/null", O_RDWR);
      fcntl(3, F_SETFL, O_NDELAY);
    }
    if (sidefd != 4 && sidefd > 0)
    {
      close(4);
      dup(sidefd);
      fcntl(4, F_SETFL, O_NDELAY);
    }

   /*
    * Change the priority of the process based on the FilterNice setting.
    * (this is not done for backends...)
    */

    if (!root)
      nice(FilterNice);

   /*
    * Change user to something "safe"...
    */

    if (!root && !RunUser)
    {
     /*
      * Running as root, so change to non-priviledged user...
      */

      if (setgid(Group))
	exit(errno);

      if (setgroups(1, &Group))
	exit(errno);

      if (setuid(User))
        exit(errno);
    }
    else
    {
     /*
      * Reset group membership to just the main one we belong to.
      */

      setgid(Group);
      setgroups(1, &Group);
    }

   /*
    * Change umask to restrict permissions on created files...
    */

    umask(077);

   /*
    * Unblock signals before doing the exec...
    */

#ifdef HAVE_SIGSET
    sigset(SIGTERM, SIG_DFL);
    sigset(SIGCHLD, SIG_DFL);
#elif defined(HAVE_SIGACTION)
    memset(&action, 0, sizeof(action));

    sigemptyset(&action.sa_mask);
    action.sa_handler = SIG_DFL;

    sigaction(SIGTERM, &action, NULL);
    sigaction(SIGCHLD, &action, NULL);
#else
    signal(SIGTERM, SIG_DFL);
    signal(SIGCHLD, SIG_DFL);
#endif /* HAVE_SIGSET */

    cupsdReleaseSignals();

#ifdef HAVE_SANDBOX_H
   /*
    * Run in a separate security profile...
    */

    if (profile)
    {
      char *error;			/* Sandbox error, if any */

      if (sandbox_init((char *)profile, SANDBOX_NAMED_EXTERNAL, &error))
      {
        fprintf(stderr, "ERROR: sandbox_init failed: %s (%s)\n", error,
	        strerror(errno));
	sandbox_free_error(error);
      }
    }
#endif /* HAVE_SANDBOX_H */

   /*
    * Execute the command; if for some reason this doesn't work,
    * return the error code...
    */

    if (envp)
      execve(command, argv, envp);
    else
      execv(command, argv);

    perror(command);

    exit(errno);
  }
  else if (*pid < 0)
  {
   /*
    * Error - couldn't fork a new process!
    */

    cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command,
                    strerror(errno));

    *pid = 0;
  }
  else
  {
    if (!process_array)
      process_array = cupsArrayNew((cups_array_func_t)compare_procs, NULL);
 
    if (process_array)
    {
      if ((proc = calloc(1, sizeof(cupsd_proc_t) + strlen(command))) != NULL)
      {
        proc->pid = *pid;
	strcpy(proc->name, command);

	cupsArrayAdd(process_array, proc);
      }
    }
  }

  cupsdReleaseSignals();

  return (*pid);
}


/*
 * 'compare_procs()' - Compare two processes.
 */

static int				/* O - Result of comparison */
compare_procs(cupsd_proc_t *a,		/* I - First process */
              cupsd_proc_t *b)		/* I - Second process */
{
  return (a->pid - b->pid);
}


#ifdef HAVE_SANDBOX_H
/*
 * 'cupsd_requote()' - Make a regular-expression version of a string.
 */

static char *				/* O - Quoted string */
cupsd_requote(char       *dst,		/* I - Destination buffer */
              const char *src,		/* I - Source string */
	      size_t     dstsize)	/* I - Size of destination buffer */
{
  int	ch;				/* Current character */
  char	*dstptr,			/* Current position in buffer */
	*dstend;			/* End of destination buffer */


  dstptr = dst;
  dstend = dst + dstsize - 2;

  while (*src && dstptr < dstend)
  {
    ch = *src++;

    if (strchr(".?*()[]^$\\", ch))
      *dstptr++ = '\\';

    *dstptr++ = ch;
  }

  *dstptr = '\0';

  return (dst);
}
#endif /* HAVE_SANDBOX_H */


/*
 * End of "$Id: process.c 6987 2007-09-25 15:43:44Z mike $".
 */
Commit	Line	Data
ef416fc2	1	/*
2e4ff8af	2	* "$Id: process.c 6987 2007-09-25 15:43:44Z mike $"
ef416fc2	3	*
	4	* Process management routines for the Common UNIX Printing System (CUPS).
	5	*
bc44d920	6	* Copyright 2007 by Apple Inc.
f7deaa1a	7	* Copyright 1997-2007 by Easy Software Products, all rights reserved.
ef416fc2	8	*
ef416fc2	9	* These coded instructions, statements, and computer programs are the
bc44d920	10	* property of Apple Inc. and are protected by Federal copyright
	11	* law. Distribution and use rights are outlined in the file "LICENSE.txt"
	12	* which should have been included with this file. If this file is
	13	* file is missing or damaged, see the license at "http://www.cups.org/".
ef416fc2	14	*
	15	* Contents:
	16	*
a4924f6c MS	17	* cupsdCreateProfile() - Create an execution profile for a subprocess.
	18	* cupsdDestroyProfile() - Delete an execution profile.
	19	* cupsdEndProcess() - End a process.
	20	* cupsdFinishProcess() - Finish a process and get its name.
	21	* cupsdStartProcess() - Start a process.
	22	* compare_procs() - Compare two processes.
	23	* cupsd_requote() - Make a regular-expression version of a string.
ef416fc2	24	*/
	25
	26	/*
	27	* Include necessary headers...
	28	*/
	29
	30	#include "cupsd.h"
	31	#include <grp.h>
a4924f6c	32	#ifdef __APPLE__
4400e98d	33	# include <libgen.h>
e53920b9	34	#endif /* __APPLE__ */
a4924f6c MS	35	#ifdef HAVE_SANDBOX_H
	36	# define __APPLE_API_PRIVATE
	37	# include <sandbox.h>
	38	#endif /* HAVE_SANDBOX_H */
ef416fc2	39
ef416fc2	40
e00b005a	41	/*
	42	* Process structure...
	43	*/
	44
	45	typedef struct
	46	{
	47	int pid; /* Process ID */
	48	char name[1]; /* Name of process */
	49	} cupsd_proc_t;
	50
	51
	52	/*
	53	* Local globals...
	54	*/
	55
	56	static cups_array_t *process_array = NULL;
	57
	58
	59	/*
	60	* Local functions...
	61	*/
	62
	63	static int compare_procs(cupsd_proc_t a, cupsd_proc_t b);
a4924f6c MS	64	#ifdef HAVE_SANDBOX_H
	65	static char cupsd_requote(char dst, const char *src, size_t dstsize);
	66	#endif /* HAVE_SANDBOX_H */
	67
	68
	69	/*
	70	* 'cupsdCreateProfile()' - Create an execution profile for a subprocess.
	71	*/
	72
	73	void * /* O - Profile or NULL on error */
	74	cupsdCreateProfile(int job_id) /* I - Job ID or 0 for none */
	75	{
	76	#ifdef HAVE_SANDBOX_H
	77	cups_file_t fp; / File pointer */
	78	char profile[1024], /* File containing the profile */
	79	cache[1024], /* Quoted CacheDir */
	80	request[1024], /* Quoted RequestRoot */
	81	root[1024], /* Quoted ServerRoot */
	82	temp[1024]; /* Quoted TempDir */
	83
	84
	85	if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL)
	86	{
	87	cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create security profile: %s",
	88	strerror(errno));
	89	return (NULL);
	90	}
	91
	92	cupsd_requote(cache, CacheDir, sizeof(cache));
	93	cupsd_requote(request, RequestRoot, sizeof(request));
	94	cupsd_requote(root, ServerRoot, sizeof(root));
	95	cupsd_requote(temp, TempDir, sizeof(temp));
	96
	97	cupsFilePuts(fp, "(version 1)\n");
	98	cupsFilePuts(fp, "(debug deny)\n");
	99	cupsFilePuts(fp, "(allow default)\n");
	100	cupsFilePrintf(fp,
	101	"(deny file-write* file-read-data file-read-metadata\n"
	102	" (regex #\"^%s\"))\n", request);
	103	cupsFilePrintf(fp,
	104	"(deny file-write*\n"
	105	" (regex #\"^%s\" #\"^/private/etc\" #\"^/usr/local/etc\" "
	106	"#\"^/Library\" #\"^/System\"))\n", root);
	107	cupsFilePrintf(fp,
	108	"(allow file-write* file-read-data file-read-metadata\n"
	109	" (regex #\"^%s$\" #\"^%s/\" #\"^%s$\" #\"^%s/\"))\n",
	110	temp, temp, cache, cache);
	111	if (job_id)
	112	cupsFilePrintf(fp,
	113	"(allow file-read-data file-read-metadata\n"
	114	" (regex #\"^%s/([ac]%05d\|d%05d-[0-9][0-9][0-9])$\"))\n",
	115	request);
	116
	117	cupsFileClose(fp);
	118
	119	return ((void *)strdup(profile));
	120	#else
	121
	122	return (NULL);
	123	#endif /* HAVE_SANDBOX_H */
	124	}
	125
	126
	127	/*
128	* 'cupsdDestroyProfile()' - Delete an execution profile.
129	*/
130
131	void
132	cupsdDestroyProfile(void profile) / I - Profile */
133	{
134	#ifdef HAVE_SANDBOX_H
135	if (profile)
136	{
137	unlink((char *)profile);
138	free(profile);
139	}
140	#endif /* HAVE_SANDBOX_H */
141	}
e00b005a	142
e00b005a	143
ef416fc2	144	/*
	145	* 'cupsdEndProcess()' - End a process.
	146	*/
	147
	148	int /* O - 0 on success, -1 on failure */
	149	cupsdEndProcess(int pid, /* I - Process ID */
	150	int force) /* I - Force child to die */
	151	{
	152	if (force)
	153	return (kill(pid, SIGKILL));
	154	else
	155	return (kill(pid, SIGTERM));
	156	}
	157
	158
e00b005a	159	/*
	160	* 'cupsdFinishProcess()' - Finish a process and get its name.
	161	*/
	162
	163	const char * /* O - Process name */
	164	cupsdFinishProcess(int pid, /* I - Process ID */
	165	char name, / I - Name buffer */
	166	int namelen) /* I - Size of name buffer */
	167	{
	168	cupsd_proc_t key, /* Search key */
	169	proc; / Matching process */
	170
	171
	172	key.pid = pid;
	173
	174	if ((proc = (cupsd_proc_t *)cupsArrayFind(process_array, &key)) != NULL)
	175	{
	176	strlcpy(name, proc->name, namelen);
	177	cupsArrayRemove(process_array, proc);
	178	free(proc);
	179
	180	return (name);
	181	}
	182	else
	183	return ("unknown");
	184	}
	185
	186
ef416fc2	187	/*
	188	* 'cupsdStartProcess()' - Start a process.
	189	*/
	190
	191	int /* O - Process ID or 0 */
	192	cupsdStartProcess(
	193	const char command, / I - Full path to command */
	194	char argv[], / I - Command-line arguments */
	195	char envp[], / I - Environment */
	196	int infd, /* I - Standard input file descriptor */
	197	int outfd, /* I - Standard output file descriptor */
	198	int errfd, /* I - Standard error file descriptor */
	199	int backfd, /* I - Backchannel file descriptor */
f7deaa1a	200	int sidefd, /* I - Sidechannel file descriptor */
ef416fc2	201	int root, /* I - Run as root? */
a4924f6c	202	void profile, / I - Security profile to use */
ef416fc2	203	int pid) / O - Process ID */
ef416fc2	204	{
e00b005a	205	cupsd_proc_t proc; / New process record */
ef416fc2	206	#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
e00b005a	207	struct sigaction action; /* POSIX signal handler */
ef416fc2	208	#endif /* HAVE_SIGACTION && !HAVE_SIGSET */
e53920b9	209	#if defined(__APPLE__)
e00b005a	210	char processPath[1024], /* CFProcessPath environment variable */
	211	linkpath[1024]; /* Link path for symlinks... */
	212	int linkbytes; /* Bytes for link path */
e53920b9	213	#endif /* __APPLE__ */
ef416fc2	214
	215
	216	cupsdLogMessage(CUPSD_LOG_DEBUG2,
	217	"cupsdStartProcess(\"%s\", %p, %p, %d, %d, %d)",
	218	command, argv, envp, infd, outfd, errfd);
	219
76cd9e37 MS	220	if (access(command, X_OK))
	221	{
	222	cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to execute %s: %s", command,
	223	strerror(errno));
7dfedb92	224	*pid = 0;
76cd9e37 MS	225	return (0);
	226	}
	227
e53920b9	228	#if defined(__APPLE__)
e53920b9	229	if (envp)
e00b005a	230	{
e00b005a	231	/*
e53920b9	232	* Add special voodoo magic for MacOS X - this allows MacOS X
e53920b9	233	* programs to access their bundle resources properly...
e00b005a	234	*/
e00b005a	235
e53920b9	236	if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0)
	237	{
	238	/*
	239	* Yes, this is a symlink to the actual program, nul-terminate and
	240	* use it...
	241	*/
	242
	243	linkpath[linkbytes] = '\0';
e00b005a	244
e53920b9	245	if (linkpath[0] == '/')
	246	snprintf(processPath, sizeof(processPath), "CFProcessPath=%s",
	247	linkpath);
	248	else
	249	snprintf(processPath, sizeof(processPath), "CFProcessPath=%s/%s",
f7deaa1a	250	dirname((char *)command), linkpath);
e53920b9	251	}
e00b005a	252	else
e53920b9	253	snprintf(processPath, sizeof(processPath), "CFProcessPath=%s", command);
bd7854cb	254
e53920b9	255	envp[0] = processPath; /* Replace <CFProcessPath> string */
	256	}
	257	#endif /* __APPLE__ */
e00b005a	258
ef416fc2	259	/*
	260	* Block signals before forking...
	261	*/
	262
	263	cupsdHoldSignals();
	264
	265	if ((*pid = fork()) == 0)
	266	{
	267	/*
	268	* Child process goes here...
	269	*
	270	* Update stdin/stdout/stderr as needed...
	271	*/
	272
	273	if (infd != 0)
	274	{
	275	close(0);
	276	if (infd > 0)
	277	dup(infd);
	278	else
	279	open("/dev/null", O_RDONLY);
	280	}
	281	if (outfd != 1)
	282	{
	283	close(1);
	284	if (outfd > 0)
	285	dup(outfd);
	286	else
	287	open("/dev/null", O_WRONLY);
	288	}
	289	if (errfd != 2)
	290	{
	291	close(2);
	292	if (errfd > 0)
	293	dup(errfd);
	294	else
	295	open("/dev/null", O_WRONLY);
	296	}
	297	if (backfd != 3)
	298	{
	299	close(3);
	300	if (backfd > 0)
	301	dup(backfd);
	302	else
	303	open("/dev/null", O_RDWR);
	304	fcntl(3, F_SETFL, O_NDELAY);
	305	}
f7deaa1a	306	if (sidefd != 4 && sidefd > 0)
	307	{
	308	close(4);
	309	dup(sidefd);
	310	fcntl(4, F_SETFL, O_NDELAY);
	311	}
ef416fc2	312
	313	/*
	314	* Change the priority of the process based on the FilterNice setting.
	315	* (this is not done for backends...)
	316	*/
	317
	318	if (!root)
	319	nice(FilterNice);
	320
	321	/*
	322	* Change user to something "safe"...
	323	*/
	324
	325	if (!root && !RunUser)
	326	{
	327	/*
	328	* Running as root, so change to non-priviledged user...
	329	*/
	330
	331	if (setgid(Group))
e00b005a	332	exit(errno);
ef416fc2	333
ef416fc2	334	if (setgroups(1, &Group))
e00b005a	335	exit(errno);
ef416fc2	336
	337	if (setuid(User))
	338	exit(errno);
	339	}
	340	else
	341	{
	342	/*
	343	* Reset group membership to just the main one we belong to.
	344	*/
	345
e00b005a	346	setgid(Group);
ef416fc2	347	setgroups(1, &Group);
	348	}
	349
	350	/*
	351	* Change umask to restrict permissions on created files...
	352	*/
	353
	354	umask(077);
	355
	356	/*
	357	* Unblock signals before doing the exec...
	358	*/
	359
	360	#ifdef HAVE_SIGSET
	361	sigset(SIGTERM, SIG_DFL);
	362	sigset(SIGCHLD, SIG_DFL);
	363	#elif defined(HAVE_SIGACTION)
	364	memset(&action, 0, sizeof(action));
	365
	366	sigemptyset(&action.sa_mask);
	367	action.sa_handler = SIG_DFL;
	368
	369	sigaction(SIGTERM, &action, NULL);
	370	sigaction(SIGCHLD, &action, NULL);
	371	#else
	372	signal(SIGTERM, SIG_DFL);
	373	signal(SIGCHLD, SIG_DFL);
	374	#endif /* HAVE_SIGSET */
	375
	376	cupsdReleaseSignals();
	377
a4924f6c MS	378	#ifdef HAVE_SANDBOX_H
	379	/*
	380	* Run in a separate security profile...
	381	*/
	382
	383	if (profile)
	384	{
	385	char error; / Sandbox error, if any */
	386
	387	if (sandbox_init((char *)profile, SANDBOX_NAMED_EXTERNAL, &error))
	388	{
	389	fprintf(stderr, "ERROR: sandbox_init failed: %s (%s)\n", error,
	390	strerror(errno));
	391	sandbox_free_error(error);
	392	}
	393	}
	394	#endif /* HAVE_SANDBOX_H */
	395
ef416fc2	396	/*
	397	* Execute the command; if for some reason this doesn't work,
	398	* return the error code...
	399	*/
	400
	401	if (envp)
	402	execve(command, argv, envp);
	403	else
	404	execv(command, argv);
	405
	406	perror(command);
	407
	408	exit(errno);
	409	}
	410	else if (*pid < 0)
	411	{
	412	/*
	413	* Error - couldn't fork a new process!
	414	*/
	415
	416	cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command,
	417	strerror(errno));
	418
	419	*pid = 0;
	420	}
e00b005a	421	else
	422	{
	423	if (!process_array)
	424	process_array = cupsArrayNew((cups_array_func_t)compare_procs, NULL);
	425
	426	if (process_array)
	427	{
	428	if ((proc = calloc(1, sizeof(cupsd_proc_t) + strlen(command))) != NULL)
	429	{
	430	proc->pid = *pid;
	431	strcpy(proc->name, command);
	432
	433	cupsArrayAdd(process_array, proc);
	434	}
	435	}
	436	}
ef416fc2	437
	438	cupsdReleaseSignals();
	439
	440	return (*pid);
	441	}
	442
	443
	444	/*
e00b005a	445	* 'compare_procs()' - Compare two processes.
	446	*/
	447
	448	static int /* O - Result of comparison */
	449	compare_procs(cupsd_proc_t a, / I - First process */
	450	cupsd_proc_t b) / I - Second process */
	451	{
	452	return (a->pid - b->pid);
	453	}
	454
	455
a4924f6c MS	456	#ifdef HAVE_SANDBOX_H
	457	/*
	458	* 'cupsd_requote()' - Make a regular-expression version of a string.
	459	*/
	460
	461	static char * /* O - Quoted string */
	462	cupsd_requote(char dst, / I - Destination buffer */
	463	const char src, / I - Source string */
	464	size_t dstsize) /* I - Size of destination buffer */
	465	{
	466	int ch; /* Current character */
	467	char dstptr, / Current position in buffer */
	468	dstend; / End of destination buffer */
	469
	470
	471	dstptr = dst;
	472	dstend = dst + dstsize - 2;
	473
	474	while (*src && dstptr < dstend)
	475	{
	476	ch = *src++;
	477
	478	if (strchr(".?*()[]^$\\", ch))
	479	*dstptr++ = '\\';
	480
	481	*dstptr++ = ch;
	482	}
	483
	484	*dstptr = '\0';
	485
	486	return (dst);
	487	}
	488	#endif /* HAVE_SANDBOX_H */
	489
	490
e00b005a	491	/*
2e4ff8af	492	* End of "$Id: process.c 6987 2007-09-25 15:43:44Z mike $".
ef416fc2	493	*/