int sidefd, /* I - Sidechannel file descriptor */
int root, /* I - Run as root? */
void *profile, /* I - Security profile to use */
- int job_id, /* I - Job associated with process */
+ cupsd_job_t *job, /* I - Job associated with process */
int *pid) /* O - Process ID */
{
int user; /* Command UID */
cupsdLogMessage(CUPSD_LOG_DEBUG2,
"cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
"infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
- "profile=%p, job_id=%d, pid=%p) = %d",
+ "profile=%p, job=%p(%d), pid=%p) = %d",
command, argv, envp, infd, outfd, errfd, backfd, sidefd,
- root, profile, job_id, pid, *pid);
+ root, profile, job, job ? job->id : 0, pid, *pid);
cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to execute %s: %s", command,
strerror(errno));
+
+ if (job && job->printer)
+ {
+ if (cupsdSetPrinterReasons(job->printer, "+cups-missing-filter-warning"))
+ cupsdAddEvent(CUPSD_EVENT_PRINTER_STATE, job->printer, NULL,
+ "Printer driver %s is missing.", command);
+ }
+
return (0);
}
- else if (commandinfo.st_mode & S_IWOTH)
+ else if ((commandinfo.st_mode & (S_ISUID | S_IWGRP | S_IWOTH)) ||
+ (!RunUser && commandinfo.st_uid))
{
*pid = 0;
cupsdLogMessage(CUPSD_LOG_DEBUG2,
"cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
"infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
- "profile=%p, job_id=%d, pid=%p) = %d",
+ "profile=%p, job=%p(%d), pid=%p) = %d",
command, argv, envp, infd, outfd, errfd, backfd, sidefd,
- root, profile, job_id, pid, *pid);
+ root, profile, job, job ? job->id : 0, pid, *pid);
cupsdLogMessage(CUPSD_LOG_ERROR,
"Unable to execute %s: insecure file permissions (0%o)",
command, commandinfo.st_mode);
+ if (job && job->printer)
+ {
+ if (cupsdSetPrinterReasons(job->printer, "+cups-insecure-filter-warning"))
+ cupsdAddEvent(CUPSD_EVENT_PRINTER_STATE, job->printer, NULL,
+ "Printer driver %s has insecure file permissions (0%o).",
+ command, commandinfo.st_mode);
+ }
+
errno = EPERM;
+
return (0);
}
else if ((commandinfo.st_uid != user || !(commandinfo.st_mode & S_IXUSR)) &&
cupsdLogMessage(CUPSD_LOG_DEBUG2,
"cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
"infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
- "profile=%p, job_id=%d, pid=%p) = %d",
+ "profile=%p, job=%p(%d), pid=%p) = %d",
command, argv, envp, infd, outfd, errfd, backfd, sidefd,
- root, profile, job_id, pid, *pid);
+ root, profile, job, job ? job->id : 0, pid, *pid);
cupsdLogMessage(CUPSD_LOG_ERROR,
"Unable to execute %s: no execute permissions (0%o)",
command, commandinfo.st_mode);
if (infd != 0)
{
- close(0);
- if (infd > 0)
- dup(infd);
- else
- open("/dev/null", O_RDONLY);
+ if (infd < 0)
+ infd = open("/dev/null", O_RDONLY);
+
+ if (infd != 0)
+ {
+ dup2(infd, 0);
+ close(infd);
+ }
}
+
if (outfd != 1)
{
- close(1);
- if (outfd > 0)
- dup(outfd);
- else
- open("/dev/null", O_WRONLY);
+ if (outfd < 0)
+ outfd = open("/dev/null", O_WRONLY);
+
+ if (outfd != 1)
+ {
+ dup2(outfd, 1);
+ close(outfd);
+ }
}
+
if (errfd != 2)
{
- close(2);
- if (errfd > 0)
- dup(errfd);
- else
- open("/dev/null", O_WRONLY);
+ if (errfd < 0)
+ errfd = open("/dev/null", O_WRONLY);
+
+ if (errfd != 2)
+ {
+ dup2(errfd, 2);
+ close(errfd);
+ }
}
- if (backfd != 3)
+
+ if (backfd != 3 && backfd >= 0)
{
- close(3);
- if (backfd > 0)
- dup(backfd);
- else
- open("/dev/null", O_RDWR);
+ dup2(backfd, 3);
+ close(backfd);
fcntl(3, F_SETFL, O_NDELAY);
}
- if (sidefd != 4 && sidefd > 0)
+
+ if (sidefd != 4 && sidefd >= 0)
{
- close(4);
- dup(sidefd);
+ dup2(sidefd, 4);
+ close(sidefd);
fcntl(4, F_SETFL, O_NDELAY);
}
if ((proc = calloc(1, sizeof(cupsd_proc_t) + strlen(command))) != NULL)
{
proc->pid = *pid;
- proc->job_id = job_id;
+ proc->job_id = job ? job->id : 0;
strcpy(proc->name, command);
cupsArrayAdd(process_array, proc);
cupsdLogMessage(CUPSD_LOG_DEBUG2,
"cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
"infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
- "profile=%p, job_id=%d, pid=%p) = %d",
+ "profile=%p, job=%p(%d), pid=%p) = %d",
command, argv, envp, infd, outfd, errfd, backfd, sidefd,
- root, profile, job_id, pid, *pid);
+ root, profile, job, job ? job->id : 0, pid, *pid);
return (*pid);
}