2 "$Id: api-filter.shtml 7677 2008-06-19 23:22:19Z mike $"
4 Filter and backend programming introduction for CUPS.
6 Copyright 2007-2011 by Apple Inc.
7 Copyright 1997-2006 by Easy Software Products, all rights reserved.
9 These coded instructions, statements, and computer programs are the
10 property of Apple Inc. and are protected by Federal copyright
11 law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 which should have been included with this file. If this file is
13 file is missing or damaged, see the license at "http://www.cups.org/".
16 <h2 class='title'><a name="OVERVIEW">Overview</a></h2>
18 <p>Filters (which include printer drivers and port monitors) and backends
19 are used to convert job files to a printable format and send that data to the
20 printer itself. All of these programs use a common interface for processing
21 print jobs and communicating status information to the scheduler. Each is run
22 with a standard set of command-line arguments:<p>
30 <dd>The user printing the job</dd>
33 <dd>The job name/title</dd>
36 <dd>The number of copies to print</dd>
39 <dd>The options that were provided when the job was submitted</dd>
42 <dd>The file to print (first program only)</dd>
45 <p>The scheduler runs one or more of these programs to print any given job. The
46 first filter reads from the print file and writes to the standard output, while
47 the remaining filters read from the standard input and write to the standard
48 output. The backend is the last filter in the chain and writes to the
51 <p>Filters are always run as a non-privileged user, typically "lp", with no
52 connection to the user's desktop. Backends are run either as a non-privileged
53 user or as root if the file permissions do not allow user or group execution.
54 The <a href="#PERMISSIONS">file permissions</a> section talks about this in
57 <h3><a name="SECURITY">Security Considerations</a></h3>
59 <p>It is always important to use security programming practices. Filters and
60 most backends are run as a non-priviledged user, so the major security
61 consideration is resource utilization - filters should not depend on unlimited
62 amounts of CPU, memory, or disk space, and should protect against conditions
63 that could lead to excess usage of any resource like infinite loops and
64 unbounded recursion. In addition, filters must <em>never</em> allow the user to
65 specify an arbitrary file path to a separator page, template, or other file
66 used by the filter since that can lead to an unauthorized disclosure of
67 information. <em>Always</em> treat input as suspect and validate it!</p>
69 <p>If you are developing a backend that runs as root, make sure to check for
70 potential buffer overflows, integer under/overflow conditions, and file
71 accesses since these can lead to privilege escalations. When writing files,
72 always validate the file path and <em>never</em> allow a user to determine
73 where to store a file.</p>
75 <blockquote><b>Note:</b>
77 <p><em>Never</em> write files to a user's home directory. Aside from the
78 security implications, CUPS is a network print service and as such the network
79 user may not be the same as the local user and/or there may not be a local home
80 directory to write to.</p>
82 <p>In addition, some operating systems provide additional security mechanisms
83 that further limit file system access, even for backends running as root. On
84 Mac OS X, for example, no backend may write to a user's home directory.</p>
87 <h3><a name="SIGNALS">Signal Handling</a><h3>
89 <p>The scheduler sends <code>SIGTERM</code> when a printing job is canceled or
90 held. Filters, backends, and port monitors <em>must</em> catch
91 <code>SIGTERM</code> and perform any cleanup necessary to produce a valid output
92 file or return the printer to a known good state. The recommended behavior is to
93 end the output on the current page.</p>
95 <h3><a name="PERMISSIONS">File Permissions</a></h3>
97 <p>For security reasons, CUPS will only run filters and backends that are owned
98 by root and do not have world or group write permissions. The recommended
99 permissions for filters and backends are 0555 - read and execute but no write.
100 Backends that must run as root should use permissions of 0500 - read and execute
101 by root, no access for other users. Write permissions can be enabled for the
104 <p>To avoid a warning message, the directory containing your filter(s) must also
105 be owned by root and have world and group write disabled - permissions of 0755
106 or 0555 are strongly encouraged.</p>
108 <h3><a name="TEMPFILES">Temporary Files</a></h3>
110 <p>Temporary files should be created in the directory specified by the
111 "TMPDIR" environment variable. The
112 <a href="#cupsTempFile2"><code>cupsTempFile2</code></a> function can be
113 used to safely create temporary files in this directory.</p>
115 <h3><a name="COPIES">Copy Generation</a></h3>
117 <p>The <code>argv[4]</code> argument specifies the number of copies to produce
118 of the input file. In general, you should only generate copies if the
119 <em>filename</em> argument is supplied. The only exception to this are
120 filters that produce device-independent PostScript output, since the PostScript
121 filter <var>pstops</var> is responsible for generating copies of PostScript
124 <h3><a name="EXITCODES">Exit Codes</a></h3>
126 <p>Filters must exit with status 0 when they successfully generate print data
127 or 1 when they encounter an error. Backends can return any of the
128 <a href="#cups_backend_t"><code>cups_backend_t</code></a> constants.</p>
130 <h3><a name="ENVIRONMENT">Environment Variables</a></h3>
132 <p>The following environment variables are defined by the printing system
133 when running print filters and backends:</p>
137 <dt>APPLE_LANGUAGE</dt>
138 <dd>The Apple language identifier associated with the job
139 (Mac OS X only).</dd>
142 <dd>The job character set, typically "utf-8".</dd>
145 <dd>When a job is submitted to a printer class, contains the name of
146 the destination printer class. Otherwise this environment
147 variable will not be set.</dd>
149 <dt>CONTENT_TYPE</dt>
150 <dd>The MIME type associated with the file (e.g.
151 application/postscript).</dd>
153 <dt>CUPS_CACHEDIR</dt>
154 <dd>The directory where cache files can be stored. Cache files can be
155 used to retain information between jobs or files in a job.</dd>
157 <dt>CUPS_DATADIR</dt>
158 <dd>The directory where (read-only) CUPS data files can be found.</dd>
160 <dt>CUPS_FILETYPE</dt>
161 <dd>The type of file being printed: "job-sheet" for a banner page and
162 "document" for a regular print file.</dd>
164 <dt>CUPS_SERVERROOT</dt>
165 <dd>The root directory of the server.</dd>
168 <dd>The device-uri associated with the printer.</dd>
170 <dt>FINAL_CONTENT_TYPE</dt>
171 <dd>The MIME type associated with the printer (e.g.
172 application/vnd.cups-postscript).</dd>
175 <dd>The language locale associated with the job.</dd>
178 <dd>The full pathname of the PostScript Printer Description (PPD)
179 file for this printer.</dd>
182 <dd>The queue name of the class or printer.</dd>
185 <dd>The recommended amount of memory to use for Raster Image
186 Processors (RIPs).</dd>
189 <dd>The directory where temporary files should be created.</dd>
193 <h3><a name="MESSAGES">Communicating with the Scheduler</a></h3>
195 <p>Filters and backends communicate with the scheduler by writing messages
196 to the standard error file. The scheduler reads messages from all filters in
197 a job and processes the message based on its prefix. For example, the following
198 code sets the current printer state message to "Printing page 5":</p>
200 <pre class="example">
203 fprintf(stderr, "INFO: Printing page %d\n", page);
206 <p>Each message is a single line of text starting with one of the following
211 <dt>ALERT: message</dt>
212 <dd>Sets the printer-state-message attribute and adds the specified
213 message to the current error log file using the "alert" log level.</dd>
215 <dt>ATTR: attribute=value [attribute=value]</dt>
216 <dd>Sets the named printer or job attribute(s). Typically this is used
217 to set the <code>marker-colors</code>, <code>marker-levels</code>,
218 <code>marker-message</code>, <code>marker-names</code>,
219 <code>marker-types</code>, <code>printer-alert</code>, and
220 <code>printer-alert-description</code> printer attributes. Standard
221 <code>marker-types</code> values are listed in <a href='#TABLE1'>Table
224 <dt>CRIT: message</dt>
225 <dd>Sets the printer-state-message attribute and adds the specified
226 message to the current error log file using the "critical" log
229 <dt>DEBUG: message</dt>
230 <dd>Sets the printer-state-message attribute and adds the specified
231 message to the current error log file using the "debug" log level.</dd>
233 <dt>DEBUG2: message</dt>
234 <dd>Sets the printer-state-message attribute and adds the specified
235 message to the current error log file using the "debug2" log level.</dd>
237 <dt>EMERG: message</dt>
238 <dd>Sets the printer-state-message attribute and adds the specified
239 message to the current error log file using the "emergency" log
242 <dt>ERROR: message</dt>
243 <dd>Sets the printer-state-message attribute and adds the specified
244 message to the current error log file using the "error" log level.
245 Use "ERROR:" messages for non-persistent processing errors.</dd>
247 <dt>INFO: message</dt>
248 <dd>Sets the printer-state-message attribute. If the current log level
249 is set to "debug2", also adds the specified message to the current error
250 log file using the "info" log level.</dd>
252 <dt>NOTICE: message</dt>
253 <dd>Sets the printer-state-message attribute and adds the specified
254 message to the current error log file using the "notice" log level.</dd>
256 <dt>PAGE: page-number #-copies</dt>
257 <dt>PAGE: total #-pages</dt>
258 <dd>Adds an entry to the current page log file. The first form adds
259 #-copies to the job-media-sheets-completed attribute. The second
260 form sets the job-media-sheets-completed attribute to #-pages.</dd>
262 <dt>PPD: keyword=value [keyword=value ...]</dt>
263 <dd>Changes or adds keywords to the printer's PPD file. Typically
264 this is used to update installable options or default media settings
265 based on the printer configuration.</dd>
267 <dt>STATE: printer-state-reason [printer-state-reason ...]</dt>
268 <dt>STATE: + printer-state-reason [printer-state-reason ...]</dt>
269 <dt>STATE: - printer-state-reason [printer-state-reason ...]</dt>
270 <dd>Sets, adds, or removes printer-state-reason keywords to the
271 current queue. Typically this is used to indicate persistent media,
272 ink, toner, and configuration conditions or errors on a printer.
273 <a href='#TABLE2'>Table 2</a> lists the standard state keywords -
274 use vendor-prefixed ("com.acme.foo") keywords for custom states.
276 <blockquote><b>Note:</b>
278 <p>"STATE:" messages often provide visible alerts to the user. For example, on
279 Mac OS X setting a printer-state-reason value with an "-error" or "-warning"
280 suffix will cause the printer's dock item to bounce if the corresponding reason
281 is localized with a cupsIPPReason keyword in the printer's PPD file.</p>
285 <dt>WARNING: message</dt>
286 <dd>Sets the printer-state-message attribute and adds the specified
287 message to the current error log file using the "warning" log
292 <p>Messages without one of these prefixes are treated as if they began with
293 the "DEBUG:" prefix string.</p>
295 <div class='table'><table width='80%' summary='Table 1: Standard marker-types Values'>
296 <caption>Table 1: <a name='TABLE1'>Standard marker-types Values</a></caption>
306 <td>Developer unit</td>
313 <td>fuserCleaningPad</td>
314 <td>Fuser cleaning pad</td>
326 <td>Photo conductor</td>
334 <td>Staple supply</td>
338 <td>Toner supply</td>
341 <td>transferUnit</td>
342 <td>Transfer unit</td>
346 <td>Waste ink tank</td>
350 <td>Waste toner tank</td>
354 <td>Waste wax tank</td>
361 <div class='table'><table width='80%' summary='Table 2: Standard State Keywords'>
362 <caption>Table 2: <a name='TABLE2'>Standard State Keywords</a></caption>
371 <td>connecting-to-device</td>
372 <td>Connecting to printer but not printing yet</td>
376 <td>A cover is open on the printer</td>
379 <td>input-tray-missing</td>
380 <td>An input tray is missing from the printer</td>
383 <td>marker-supply-empty</td>
387 <td>marker-supply-low</td>
391 <td>marker-waste-almost-full</td>
392 <td>Waste tank almost full</td>
395 <td>marker-waste-full</td>
396 <td>Waste tank full</td>
400 <td>Out of media</td>
404 <td>Media is jammed in the printer</td>
408 <td>Low on media</td>
412 <td>Stop the printer</td>
416 <td>Unable to connect to printer</td>
420 <td>Out of toner</td>
424 <td>Low on toner</td>
429 <h3><a name="COMMUNICATING_BACKEND">Communicating with the Backend</a></h3>
431 <p>Filters can communicate with the backend via the
432 <a href="#cupsBackChannelRead"><code>cupsBackChannelRead</code></a> and
433 <a href="#cupsSideChannelDoRequest"><code>cupsSideChannelDoRequest</code></a>
435 <a href="#cupsBackChannelRead"><code>cupsBackChannelRead</code></a> function
436 reads data that has been sent back from the device and is typically used to
437 obtain status and configuration information. For example, the following code
438 polls the backend for back-channel data:</p>
440 <pre class="example">
441 #include <cups/cups.h>
446 /* Use a timeout of 0.0 seconds to poll for back-channel data */
447 bytes = cupsBackChannelRead(buffer, sizeof(buffer), 0.0);
450 <p>Filters can also use <code>select()</code> or <code>poll()</code> on the
451 back-channel file descriptor (3 or <code>CUPS_BC_FD</code>) to read data only
452 when it is available.</p>
455 <a href="#cupsSideChannelDoRequest"><code>cupsSideChannelDoRequest</code></a>
456 function allows you to get out-of-band status information and do synchronization
457 with the device. For example, the following code gets the current IEEE-1284
458 device ID string from the backend:</p>
460 <pre class="example">
461 #include <cups/sidechannel.h>
465 <a href="#cups_sc_status_t">cups_sc_status_t</a> status;
467 /* Tell cupsSideChannelDoRequest() how big our buffer is, less 1 byte for
468 nul-termination... */
469 datalen = sizeof(data) - 1;
471 /* Get the IEEE-1284 device ID, waiting for up to 1 second */
472 status = <a href="#cupsSideChannelDoRequest">cupsSideChannelDoRequest</a>(CUPS_SC_CMD_GET_DEVICE_ID, data, &datalen, 1.0);
474 /* Use the returned value if OK was returned and the length is non-zero */
475 if (status == CUPS_SC_STATUS_OK && datalen > 0)
476 data[datalen] = '\0';
481 <h3><a name="COMMUNICATING_FILTER">Communicating with Filters</a></h3>
483 <p>Backends communicate with filters using the reciprocal functions
484 <a href="#cupsBackChannelWrite"><code>cupsBackChannelWrite</code></a>,
485 <a href="#cupsSideChannelRead"><code>cupsSideChannelRead</code></a>, and
486 <a href="#cupsSideChannelWrite"><code>cupsSideChannelWrite</code></a>. We
487 recommend writing back-channel data using a timeout of 1.0 seconds:</p>
489 <pre class="example">
490 #include <cups/cups.h>
495 /* Obtain data from printer/device */
498 /* Use a timeout of 1.0 seconds to give filters a chance to read */
499 cupsBackChannelWrite(buffer, bytes, 1.0);
502 <p>The <a href="#cupsSideChannelRead"><code>cupsSideChannelRead</code></a>
503 function reads a side-channel command from a filter, driver, or port monitor.
504 Backends can either poll for commands using a <code>timeout</code> of 0.0, wait
505 indefinitely for commands using a <code>timeout</code> of -1.0 (probably in a
506 separate thread for that purpose), or use <code>select</code> or
507 <code>poll</code> on the <code>CUPS_SC_FD</code> file descriptor (4) to handle
508 input and output on several file descriptors at the same time.</p>
510 <p>Once a command is processed, the backend uses the
511 <a href="#cupsSideChannelWrite"><code>cupsSideChannelWrite</code></a> function
512 to send its response. For example, the following code shows how to poll for a
513 side-channel command and respond to it:</p>
515 <pre class="example">
516 #include <cups/sidechannel.h>
518 <a href="#cups_sc_command_t">cups_sc_command_t</a> command;
519 <a href="#cups_sc_status_t">cups_sc_status_t</a> status;
521 int datalen = sizeof(data);
523 /* Poll for a command... */
524 if (!<a href="#cupsSideChannelRead">cupsSideChannelRead</a>(&command, &status, data, &datalen, 0.0))
528 /* handle supported commands, fill data/datalen/status with values as needed */
531 status = CUPS_SC_STATUS_NOT_IMPLEMENTED;
536 /* Send a response... */
537 <a href="#cupsSideChannelWrite">cupsSideChannelWrite</a>(command, status, data, datalen, 1.0);
541 <h3><a name="SNMP">Doing SNMP Queries with Network Printers</a></h3>
543 <p>The Simple Network Management Protocol (SNMP) allows you to get the current
544 status, page counter, and supply levels from most network printers. Every
545 piece of information is associated with an Object Identifier (OID), and
546 every printer has a <em>community</em> name associated with it. OIDs can be
547 queried directly or by "walking" over a range of OIDs with a common prefix.</p>
549 <p>The two CUPS SNMP functions provide a simple API for querying network
550 printers through the side-channel interface. Each accepts a string containing
551 an OID like ".1.3.6.1.2.1.43.10.2.1.4.1.1" (the standard page counter OID)
552 along with a timeout for the query.</p>
554 <p>The <a href="#cupsSideChannelSNMPGet"><code>cupsSideChannelSNMPGet</code></a>
555 function queries a single OID and returns the value as a string in a buffer
558 <pre class="example">
559 #include <cups/sidechannel.h>
562 int datalen = sizeof(data);
564 if (<a href="#cupsSideChannelSNMPGet">cupsSideChannelSNMPGet</a>(".1.3.6.1.2.1.43.10.2.1.4.1.1", data, &datalen, 5.0)
565 == CUPS_SC_STATUS_OK)
567 /* Do something with the value */
568 printf("Page counter is: %s\n", data);
573 <a href="#cupsSideChannelSNMPWalk"><code>cupsSideChannelSNMPWalk</code></a>
574 function allows you to query a whole group of OIDs, calling a function of your
575 choice for each OID that is found:</p>
577 <pre class="example">
578 #include <cups/sidechannel.h>
581 my_callback(const char *oid, const char *data, int datalen, void *context)
583 /* Do something with the value */
584 printf("%s=%s\n", oid, data);
591 <a href="#cupsSideChannelSNMPWalk">cupsSNMPSideChannelWalk</a>(".1.3.6.1.2.1.43", 5.0, my_callback, my_data);