[thirdparty/cups.git] / scheduler / process.c

/*
 * "$Id: process.c 7256 2008-01-25 00:48:54Z mike $"
 *
 *   Process management routines for the CUPS scheduler.
 *
 *   Copyright 2007-2011 by Apple Inc.
 *   Copyright 1997-2007 by Easy Software Products, all rights reserved.
 *
 *   These coded instructions, statements, and computer programs are the
 *   property of Apple Inc. and are protected by Federal copyright
 *   law.  Distribution and use rights are outlined in the file "LICENSE.txt"
 *   which should have been included with this file.  If this file is
 *   file is missing or damaged, see the license at "http://www.cups.org/".
 *
 * Contents:
 *
 *   cupsdCreateProfile()  - Create an execution profile for a subprocess.
 *   cupsdDestroyProfile() - Delete an execution profile.
 *   cupsdEndProcess()     - End a process.
 *   cupsdFinishProcess()  - Finish a process and get its name.
 *   cupsdStartProcess()   - Start a process.
 *   compare_procs()       - Compare two processes.
 *   cupsd_requote()       - Make a regular-expression version of a string.
 */

/*
 * Include necessary headers...
 */

#include "cupsd.h"
#include <grp.h>
#ifdef __APPLE__
#  include <libgen.h>
#endif /* __APPLE__ */


/*
 * Process structure...
 */

typedef struct
{
  int	pid,				/* Process ID */
	job_id;				/* Job associated with process */
  char	name[1];			/* Name of process */
} cupsd_proc_t;


/*
 * Local globals...
 */

static cups_array_t	*process_array = NULL;


/*
 * Local functions...
 */

static int	compare_procs(cupsd_proc_t *a, cupsd_proc_t *b);
#ifdef HAVE_SANDBOX_H
static char	*cupsd_requote(char *dst, const char *src, size_t dstsize);
#endif /* HAVE_SANDBOX_H */


/*
 * 'cupsdCreateProfile()' - Create an execution profile for a subprocess.
 */

void *					/* O - Profile or NULL on error */
cupsdCreateProfile(int job_id)		/* I - Job ID or 0 for none */
{
#ifdef HAVE_SANDBOX_H
  cups_file_t	*fp;			/* File pointer */
  char		profile[1024],		/* File containing the profile */
		cache[1024],		/* Quoted CacheDir */
		request[1024],		/* Quoted RequestRoot */
		root[1024],		/* Quoted ServerRoot */
		temp[1024];		/* Quoted TempDir */


  if (!UseProfiles)
  {
   /*
    * Only use sandbox profiles as root...
    */

    cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL",
                    job_id);

    return (NULL);
  }

  if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL)
  {
    cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL",
                    job_id);
    cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create security profile: %s",
                    strerror(errno));
    return (NULL);
  }

  fchown(cupsFileNumber(fp), RunUser, Group);
  fchmod(cupsFileNumber(fp), 0640);

  cupsd_requote(cache, CacheDir, sizeof(cache));
  cupsd_requote(request, RequestRoot, sizeof(request));
  cupsd_requote(root, ServerRoot, sizeof(root));
  cupsd_requote(temp, TempDir, sizeof(temp));

  cupsFilePuts(fp, "(version 1)\n");
  if (LogLevel >= CUPSD_LOG_DEBUG)
    cupsFilePuts(fp, "(debug deny)\n");
  cupsFilePuts(fp, "(allow default)\n");
  cupsFilePrintf(fp,
                 "(deny file-write* file-read-data file-read-metadata\n"
                 "  (regex"
		 " #\"^%s$\""		/* RequestRoot */
		 " #\"^%s/\""		/* RequestRoot/... */
		 "))\n",
		 request, request);
  if (!RunUser)
    cupsFilePuts(fp,
		 "(deny file-write* file-read-data file-read-metadata\n"
		 "  (regex"
		 " #\"^/Users$\""
		 " #\"^/Users/\""
		 "))\n");
  cupsFilePrintf(fp,
                 "(deny file-write*\n"
                 "  (regex"
		 " #\"^%s$\""		/* ServerRoot */
		 " #\"^%s/\""		/* ServerRoot/... */
		 " #\"^/private/etc$\""
		 " #\"^/private/etc/\""
		 " #\"^/usr/local/etc$\""
		 " #\"^/usr/local/etc/\""
		 " #\"^/Library$\""
		 " #\"^/Library/\""
		 " #\"^/System$\""
		 " #\"^/System/\""
		 "))\n",
		 root, root);
  /* Specifically allow applications to stat RequestRoot */
  cupsFilePrintf(fp,
                 "(allow file-read-metadata\n"
                 "  (regex"
		 " #\"^%s$\""		/* RequestRoot */
		 "))\n",
		 request);
  cupsFilePrintf(fp,
                 "(allow file-write* file-read-data file-read-metadata\n"
                 "  (regex"
		 " #\"^%s$\""		/* TempDir */
		 " #\"^%s/\""		/* TempDir/... */
		 " #\"^%s$\""		/* CacheDir */
		 " #\"^%s/\""		/* CacheDir/... */
		 " #\"^%s/Library$\""	/* RequestRoot/Library */
		 " #\"^%s/Library/\""	/* RequestRoot/Library/... */
		 " #\"^/Library/Application Support/\""
		 " #\"^/Library/Caches/\""
		 " #\"^/Library/Preferences/\""
		 " #\"^/Library/Printers/.*/\""
		 " #\"^/Users/Shared/\""
		 "))\n",
		 temp, temp, cache, cache, request, request);
  cupsFilePuts(fp,
	       "(deny file-write*\n"
	       "  (regex"
	       " #\"^/Library/Printers/PPDs$\""
	       " #\"^/Library/Printers/PPDs/\""
	       " #\"^/Library/Printers/PPD Plugins$\""
	       " #\"^/Library/Printers/PPD Plugins/\""
	       "))\n");
  if (job_id)
  {
   /*
    * Allow job filters to read the spool file(s)...
    */

    cupsFilePrintf(fp,
                   "(allow file-read-data file-read-metadata\n"
                   "  (regex #\"^%s/([ac]%05d|d%05d-[0-9][0-9][0-9])$\"))\n",
		   request, job_id, job_id);
  }
  else
  {
   /*
    * Allow email notifications from notifiers...
    */

    cupsFilePuts(fp,
		 "(allow process-exec\n"
		 "  (literal \"/usr/sbin/sendmail\")\n"
		 "  (with no-sandbox)\n"
		 ")\n");
  }

  cupsFileClose(fp);

  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = \"%s\"",
                  job_id, profile);
  return ((void *)strdup(profile));

#else
  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL",
                  job_id);

  return (NULL);
#endif /* HAVE_SANDBOX_H */
}


/*
 * 'cupsdDestroyProfile()' - Delete an execution profile.
 */

void
cupsdDestroyProfile(void *profile)	/* I - Profile */
{
  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDeleteProfile(profile=\"%s\")",
		  profile ? (char *)profile : "(null)");

#ifdef HAVE_SANDBOX_H
  if (profile)
  {
    unlink((char *)profile);
    free(profile);
  }
#endif /* HAVE_SANDBOX_H */
}


/*
 * 'cupsdEndProcess()' - End a process.
 */

int					/* O - 0 on success, -1 on failure */
cupsdEndProcess(int pid,		/* I - Process ID */
                int force)		/* I - Force child to die */
{
  cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdEndProcess(pid=%d, force=%d)", pid,
                  force);

  if (!pid)
    return (0);
  else if (force)
    return (kill(pid, SIGKILL));
  else
    return (kill(pid, SIGTERM));
}


/*
 * 'cupsdFinishProcess()' - Finish a process and get its name.
 */

const char *				/* O - Process name */
cupsdFinishProcess(int  pid,		/* I - Process ID */
                   char *name,		/* I - Name buffer */
		   int  namelen,	/* I - Size of name buffer */
		   int  *job_id)	/* O - Job ID pointer or NULL */
{
  cupsd_proc_t	key,			/* Search key */
		*proc;			/* Matching process */


  key.pid = pid;

  if ((proc = (cupsd_proc_t *)cupsArrayFind(process_array, &key)) != NULL)
  {
    if (job_id)
      *job_id = proc->job_id;

    strlcpy(name, proc->name, namelen);
    cupsArrayRemove(process_array, proc);
    free(proc);
  }
  else
  {
    if (job_id)
      *job_id = 0;

    strlcpy(name, "unknown", namelen);
  }

  cupsdLogMessage(CUPSD_LOG_DEBUG2,
		  "cupsdFinishProcess(pid=%d, name=%p, namelen=%d, "
		  "job_id=%p(%d)) = \"%s\"", pid, name, namelen, job_id,
		  job_id ? *job_id : 0, name);

  return (name);
}


/*
 * 'cupsdStartProcess()' - Start a process.
 */

int					/* O - Process ID or 0 */
cupsdStartProcess(
    const char  *command,		/* I - Full path to command */
    char        *argv[],		/* I - Command-line arguments */
    char        *envp[],		/* I - Environment */
    int         infd,			/* I - Standard input file descriptor */
    int         outfd,			/* I - Standard output file descriptor */
    int         errfd,			/* I - Standard error file descriptor */
    int         backfd,			/* I - Backchannel file descriptor */
    int         sidefd,			/* I - Sidechannel file descriptor */
    int         root,			/* I - Run as root? */
    void        *profile,		/* I - Security profile to use */
    cupsd_job_t *job,			/* I - Job associated with process */
    int         *pid)			/* O - Process ID */
{
  int		i;			/* Looping var */
  const char	*exec_path = command;	/* Command to be exec'd */
  char		*real_argv[103],	/* Real command-line arguments */
		cups_exec[1024];	/* Path to "cups-exec" program */
  int		user;			/* Command UID */
  cupsd_proc_t	*proc;			/* New process record */
#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
  struct sigaction action;		/* POSIX signal handler */
#endif /* HAVE_SIGACTION && !HAVE_SIGSET */
#if defined(__APPLE__)
  char		processPath[1024],	/* CFProcessPath environment variable */
		linkpath[1024];		/* Link path for symlinks... */
  int		linkbytes;		/* Bytes for link path */
#endif /* __APPLE__ */


  *pid = 0;

 /*
  * Figure out the UID for the child process...
  */

  if (RunUser)
    user = RunUser;
  else if (root)
    user = 0;
  else
    user = User;

 /*
  * Check the permissions of the command we are running...
  */

  if (_cupsFileCheck(command, _CUPS_FILE_CHECK_PROGRAM, !RunUser,
                     cupsdLogFCMessage, job ? job->printer : NULL))
    return (0);

#if defined(__APPLE__)
  if (envp)
  {
   /*
    * Add special voodoo magic for Mac OS X - this allows Mac OS X
    * programs to access their bundle resources properly...
    */

    if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0)
    {
     /*
      * Yes, this is a symlink to the actual program, nul-terminate and
      * use it...
      */

      linkpath[linkbytes] = '\0';

      if (linkpath[0] == '/')
	snprintf(processPath, sizeof(processPath), "CFProcessPath=%s",
		 linkpath);
      else
	snprintf(processPath, sizeof(processPath), "CFProcessPath=%s/%s",
		 dirname((char *)command), linkpath);
    }
    else
      snprintf(processPath, sizeof(processPath), "CFProcessPath=%s", command);

    envp[0] = processPath;		/* Replace <CFProcessPath> string */
  }
#endif	/* __APPLE__ */

 /*
  * Use helper program when we have a sandbox profile...
  */

  if (profile)
  {
    snprintf(cups_exec, sizeof(cups_exec), "%s/daemon/cups-exec", ServerBin);

    real_argv[0] = cups_exec;
    real_argv[1] = profile;
    real_argv[2] = (char *)command;

    for (i = 0;
         i < (int)(sizeof(real_argv) / sizeof(real_argv[0]) - 4) && argv[i];
	 i ++)
      real_argv[i + 3] = argv[i];

    real_argv[i + 3] = NULL;

    argv      = real_argv;
    exec_path = cups_exec;
  }

 /*
  * Block signals before forking...
  */

  cupsdHoldSignals();

  if ((*pid = fork()) == 0)
  {
   /*
    * Child process goes here...
    *
    * Update stdin/stdout/stderr as needed...
    */

    if (infd != 0)
    {
      if (infd < 0)
        infd = open("/dev/null", O_RDONLY);

      if (infd != 0)
      {
        dup2(infd, 0);
	close(infd);
      }
    }

    if (outfd != 1)
    {
      if (outfd < 0)
        outfd = open("/dev/null", O_WRONLY);

      if (outfd != 1)
      {
        dup2(outfd, 1);
	close(outfd);
      }
    }

    if (errfd != 2)
    {
      if (errfd < 0)
        errfd = open("/dev/null", O_WRONLY);

      if (errfd != 2)
      {
        dup2(errfd, 2);
	close(errfd);
      }
    }

    if (backfd != 3 && backfd >= 0)
    {
      dup2(backfd, 3);
      close(backfd);
      fcntl(3, F_SETFL, O_NDELAY);
    }

    if (sidefd != 4 && sidefd >= 0)
    {
      dup2(sidefd, 4);
      close(sidefd);
      fcntl(4, F_SETFL, O_NDELAY);
    }

   /*
    * Change the priority of the process based on the FilterNice setting.
    * (this is not done for root processes...)
    */

    if (!root)
      nice(FilterNice);

   /*
    * Change user to something "safe"...
    */

    if (!root && !RunUser)
    {
     /*
      * Running as root, so change to non-priviledged user...
      */

      if (setgid(Group))
	exit(errno);

      if (setgroups(1, &Group))
	exit(errno);

      if (setuid(User))
        exit(errno);
    }
    else
    {
     /*
      * Reset group membership to just the main one we belong to.
      */

      if (setgid(Group) && !RunUser)
        exit(errno);

      if (setgroups(1, &Group) && !RunUser)
        exit(errno);
    }

   /*
    * Change umask to restrict permissions on created files...
    */

    umask(077);

   /*
    * Unblock signals before doing the exec...
    */

#ifdef HAVE_SIGSET
    sigset(SIGTERM, SIG_DFL);
    sigset(SIGCHLD, SIG_DFL);
    sigset(SIGPIPE, SIG_DFL);
#elif defined(HAVE_SIGACTION)
    memset(&action, 0, sizeof(action));

    sigemptyset(&action.sa_mask);
    action.sa_handler = SIG_DFL;

    sigaction(SIGTERM, &action, NULL);
    sigaction(SIGCHLD, &action, NULL);
    sigaction(SIGPIPE, &action, NULL);
#else
    signal(SIGTERM, SIG_DFL);
    signal(SIGCHLD, SIG_DFL);
    signal(SIGPIPE, SIG_DFL);
#endif /* HAVE_SIGSET */

    cupsdReleaseSignals();

   /*
    * Execute the command; if for some reason this doesn't work, log an error
    * exit with a non-zero value...
    */

    if (envp)
      execve(exec_path, argv, envp);
    else
      execv(exec_path, argv);

    perror(command);

    exit(1);
  }
  else if (*pid < 0)
  {
   /*
    * Error - couldn't fork a new process!
    */

    cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command,
                    strerror(errno));

    *pid = 0;
  }
  else
  {
    if (!process_array)
      process_array = cupsArrayNew((cups_array_func_t)compare_procs, NULL);
 
    if (process_array)
    {
      if ((proc = calloc(1, sizeof(cupsd_proc_t) + strlen(command))) != NULL)
      {
        proc->pid    = *pid;
	proc->job_id = job ? job->id : 0;
	_cups_strcpy(proc->name, command);

	cupsArrayAdd(process_array, proc);
      }
    }
  }

  cupsdReleaseSignals();

  cupsdLogMessage(CUPSD_LOG_DEBUG2,
		  "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
		  "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
		  "profile=%p, job=%p(%d), pid=%p) = %d",
		  command, argv, envp, infd, outfd, errfd, backfd, sidefd,
		  root, profile, job, job ? job->id : 0, pid, *pid);

  return (*pid);
}


/*
 * 'compare_procs()' - Compare two processes.
 */

static int				/* O - Result of comparison */
compare_procs(cupsd_proc_t *a,		/* I - First process */
              cupsd_proc_t *b)		/* I - Second process */
{
  return (a->pid - b->pid);
}


#ifdef HAVE_SANDBOX_H
/*
 * 'cupsd_requote()' - Make a regular-expression version of a string.
 */

static char *				/* O - Quoted string */
cupsd_requote(char       *dst,		/* I - Destination buffer */
              const char *src,		/* I - Source string */
	      size_t     dstsize)	/* I - Size of destination buffer */
{
  int	ch;				/* Current character */
  char	*dstptr,			/* Current position in buffer */
	*dstend;			/* End of destination buffer */


  dstptr = dst;
  dstend = dst + dstsize - 2;

  while (*src && dstptr < dstend)
  {
    ch = *src++;

    if (strchr(".?*()[]^$\\", ch))
      *dstptr++ = '\\';

    *dstptr++ = ch;
  }

  *dstptr = '\0';

  return (dst);
}
#endif /* HAVE_SANDBOX_H */


/*
 * End of "$Id: process.c 7256 2008-01-25 00:48:54Z mike $".
 */
Commit	Line	Data
ef416fc2	1	/*
75bd9771	2	* "$Id: process.c 7256 2008-01-25 00:48:54Z mike $"
ef416fc2	3	*
cc754834	4	* Process management routines for the CUPS scheduler.
ef416fc2	5	*
e60ec91f	6	* Copyright 2007-2011 by Apple Inc.
f7deaa1a	7	* Copyright 1997-2007 by Easy Software Products, all rights reserved.
ef416fc2	8	*
ef416fc2	9	* These coded instructions, statements, and computer programs are the
bc44d920	10	* property of Apple Inc. and are protected by Federal copyright
	11	* law. Distribution and use rights are outlined in the file "LICENSE.txt"
	12	* which should have been included with this file. If this file is
	13	* file is missing or damaged, see the license at "http://www.cups.org/".
ef416fc2	14	*
	15	* Contents:
	16	*
a4924f6c MS	17	* cupsdCreateProfile() - Create an execution profile for a subprocess.
	18	* cupsdDestroyProfile() - Delete an execution profile.
	19	* cupsdEndProcess() - End a process.
	20	* cupsdFinishProcess() - Finish a process and get its name.
	21	* cupsdStartProcess() - Start a process.
	22	* compare_procs() - Compare two processes.
	23	* cupsd_requote() - Make a regular-expression version of a string.
ef416fc2	24	*/
	25
	26	/*
	27	* Include necessary headers...
	28	*/
	29
	30	#include "cupsd.h"
	31	#include <grp.h>
a4924f6c	32	#ifdef __APPLE__
4400e98d	33	# include <libgen.h>
6d2f911b	34	#endif /* __APPLE__ */
ef416fc2	35
ef416fc2	36
e00b005a	37	/*
	38	* Process structure...
	39	*/
	40
	41	typedef struct
	42	{
b9faaae1 MS	43	int pid, /* Process ID */
b9faaae1 MS	44	job_id; /* Job associated with process */
e00b005a	45	char name[1]; /* Name of process */
	46	} cupsd_proc_t;
	47
	48
	49	/*
	50	* Local globals...
	51	*/
	52
	53	static cups_array_t *process_array = NULL;
	54
	55
	56	/*
	57	* Local functions...
	58	*/
	59
	60	static int compare_procs(cupsd_proc_t a, cupsd_proc_t b);
a4924f6c MS	61	#ifdef HAVE_SANDBOX_H
	62	static char cupsd_requote(char dst, const char *src, size_t dstsize);
	63	#endif /* HAVE_SANDBOX_H */
	64
	65
	66	/*
	67	* 'cupsdCreateProfile()' - Create an execution profile for a subprocess.
	68	*/
	69
	70	void * /* O - Profile or NULL on error */
	71	cupsdCreateProfile(int job_id) /* I - Job ID or 0 for none */
	72	{
	73	#ifdef HAVE_SANDBOX_H
	74	cups_file_t fp; / File pointer */
	75	char profile[1024], /* File containing the profile */
	76	cache[1024], /* Quoted CacheDir */
	77	request[1024], /* Quoted RequestRoot */
	78	root[1024], /* Quoted ServerRoot */
	79	temp[1024]; /* Quoted TempDir */
	80
	81
0268488e	82	if (!UseProfiles)
b9faaae1 MS	83	{
	84	/*
	85	* Only use sandbox profiles as root...
	86	*/
	87
	88	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL",
	89	job_id);
	90
	91	return (NULL);
	92	}
	93
a4924f6c MS	94	if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL)
a4924f6c MS	95	{
b9faaae1 MS	96	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL",
b9faaae1 MS	97	job_id);
a4924f6c MS	98	cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create security profile: %s",
	99	strerror(errno));
	100	return (NULL);
	101	}
	102
0268488e MS	103	fchown(cupsFileNumber(fp), RunUser, Group);
	104	fchmod(cupsFileNumber(fp), 0640);
	105
a4924f6c MS	106	cupsd_requote(cache, CacheDir, sizeof(cache));
	107	cupsd_requote(request, RequestRoot, sizeof(request));
	108	cupsd_requote(root, ServerRoot, sizeof(root));
	109	cupsd_requote(temp, TempDir, sizeof(temp));
	110
	111	cupsFilePuts(fp, "(version 1)\n");
cc754834 MS	112	if (LogLevel >= CUPSD_LOG_DEBUG)
cc754834 MS	113	cupsFilePuts(fp, "(debug deny)\n");
a4924f6c MS	114	cupsFilePuts(fp, "(allow default)\n");
	115	cupsFilePrintf(fp,
	116	"(deny file-write* file-read-data file-read-metadata\n"
5a6b583a MS	117	" (regex"
	118	" #\"^%s$\"" /* RequestRoot */
	119	" #\"^%s/\"" /* RequestRoot/... */
5a6b583a MS	120	"))\n",
5a6b583a MS	121	request, request);
0268488e MS	122	if (!RunUser)
	123	cupsFilePuts(fp,
	124	"(deny file-write* file-read-data file-read-metadata\n"
	125	" (regex"
	126	" #\"^/Users$\""
	127	" #\"^/Users/\""
	128	"))\n");
a4924f6c MS	129	cupsFilePrintf(fp,
a4924f6c MS	130	"(deny file-write*\n"
5a6b583a MS	131	" (regex"
	132	" #\"^%s$\"" /* ServerRoot */
	133	" #\"^%s/\"" /* ServerRoot/... */
	134	" #\"^/private/etc$\""
	135	" #\"^/private/etc/\""
	136	" #\"^/usr/local/etc$\""
	137	" #\"^/usr/local/etc/\""
	138	" #\"^/Library$\""
	139	" #\"^/Library/\""
	140	" #\"^/System$\""
	141	" #\"^/System/\""
	142	"))\n",
	143	root, root);
7cf5915e MS	144	/* Specifically allow applications to stat RequestRoot */
	145	cupsFilePrintf(fp,
	146	"(allow file-read-metadata\n"
	147	" (regex"
	148	" #\"^%s$\"" /* RequestRoot */
	149	"))\n",
	150	request);
a4924f6c MS	151	cupsFilePrintf(fp,
a4924f6c MS	152	"(allow file-write* file-read-data file-read-metadata\n"
5a6b583a MS	153	" (regex"
	154	" #\"^%s$\"" /* TempDir */
	155	" #\"^%s/\"" /* TempDir/... */
	156	" #\"^%s$\"" /* CacheDir */
	157	" #\"^%s/\"" /* CacheDir/... */
	158	" #\"^%s/Library$\"" /* RequestRoot/Library */
	159	" #\"^%s/Library/\"" /* RequestRoot/Library/... */
ed6e7faf MS	160	" #\"^/Library/Application Support/\""
	161	" #\"^/Library/Caches/\""
	162	" #\"^/Library/Preferences/\""
5a6b583a MS	163	" #\"^/Library/Printers/.*/\""
5a6b583a MS	164	" #\"^/Users/Shared/\""
ed6e7faf	165	"))\n",
5a6b583a	166	temp, temp, cache, cache, request, request);
ed6e7faf MS	167	cupsFilePuts(fp,
ed6e7faf MS	168	"(deny file-write*\n"
5a6b583a MS	169	" (regex"
	170	" #\"^/Library/Printers/PPDs$\""
	171	" #\"^/Library/Printers/PPDs/\""
	172	" #\"^/Library/Printers/PPD Plugins$\""
ed6e7faf MS	173	" #\"^/Library/Printers/PPD Plugins/\""
ed6e7faf MS	174	"))\n");
a4924f6c	175	if (job_id)
e60ec91f MS	176	{
	177	/*
	178	* Allow job filters to read the spool file(s)...
	179	*/
	180
a4924f6c MS	181	cupsFilePrintf(fp,
	182	"(allow file-read-data file-read-metadata\n"
	183	" (regex #\"^%s/([ac]%05d\|d%05d-[0-9][0-9][0-9])$\"))\n",
5bd77a73	184	request, job_id, job_id);
e60ec91f MS	185	}
	186	else
	187	{
	188	/*
	189	* Allow email notifications from notifiers...
	190	*/
	191
	192	cupsFilePuts(fp,
	193	"(allow process-exec\n"
	194	" (literal \"/usr/sbin/sendmail\")\n"
	195	" (with no-sandbox)\n"
	196	")\n");
	197	}
a4924f6c MS	198
	199	cupsFileClose(fp);
	200
5bd77a73 MS	201	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = \"%s\"",
5bd77a73 MS	202	job_id, profile);
a4924f6c	203	return ((void *)strdup(profile));
b9faaae1	204
a4924f6c	205	#else
b9faaae1 MS	206	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL",
b9faaae1 MS	207	job_id);
a4924f6c MS	208
	209	return (NULL);
	210	#endif /* HAVE_SANDBOX_H */
	211	}
	212
	213
	214	/*
	215	* 'cupsdDestroyProfile()' - Delete an execution profile.
	216	*/
	217
	218	void
	219	cupsdDestroyProfile(void profile) / I - Profile */
	220	{
b9faaae1 MS	221	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDeleteProfile(profile=\"%s\")",
	222	profile ? (char *)profile : "(null)");
	223
a4924f6c MS	224	#ifdef HAVE_SANDBOX_H
	225	if (profile)
	226	{
	227	unlink((char *)profile);
	228	free(profile);
	229	}
	230	#endif /* HAVE_SANDBOX_H */
	231	}
e00b005a	232
e00b005a	233
ef416fc2	234	/*
	235	* 'cupsdEndProcess()' - End a process.
	236	*/
	237
	238	int /* O - 0 on success, -1 on failure */
	239	cupsdEndProcess(int pid, /* I - Process ID */
	240	int force) /* I - Force child to die */
	241	{
b9faaae1 MS	242	cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdEndProcess(pid=%d, force=%d)", pid,
	243	force);
	244
ef55b745 MS	245	if (!pid)
	246	return (0);
	247	else if (force)
ef416fc2	248	return (kill(pid, SIGKILL));
	249	else
	250	return (kill(pid, SIGTERM));
	251	}
	252
	253
e00b005a	254	/*
	255	* 'cupsdFinishProcess()' - Finish a process and get its name.
	256	*/
	257
	258	const char * /* O - Process name */
	259	cupsdFinishProcess(int pid, /* I - Process ID */
	260	char name, / I - Name buffer */
b9faaae1 MS	261	int namelen, /* I - Size of name buffer */
b9faaae1 MS	262	int job_id) / O - Job ID pointer or NULL */
e00b005a	263	{
	264	cupsd_proc_t key, /* Search key */
	265	proc; / Matching process */
	266
	267
	268	key.pid = pid;
	269
	270	if ((proc = (cupsd_proc_t *)cupsArrayFind(process_array, &key)) != NULL)
	271	{
b9faaae1 MS	272	if (job_id)
	273	*job_id = proc->job_id;
	274
e00b005a	275	strlcpy(name, proc->name, namelen);
	276	cupsArrayRemove(process_array, proc);
	277	free(proc);
e00b005a	278	}
e00b005a	279	else
b9faaae1 MS	280	{
	281	if (job_id)
	282	*job_id = 0;
	283
	284	strlcpy(name, "unknown", namelen);
	285	}
	286
	287	cupsdLogMessage(CUPSD_LOG_DEBUG2,
	288	"cupsdFinishProcess(pid=%d, name=%p, namelen=%d, "
	289	"job_id=%p(%d)) = \"%s\"", pid, name, namelen, job_id,
	290	job_id ? *job_id : 0, name);
	291
	292	return (name);
e00b005a	293	}
	294
	295
ef416fc2	296	/*
	297	* 'cupsdStartProcess()' - Start a process.
	298	*/
	299
	300	int /* O - Process ID or 0 */
	301	cupsdStartProcess(
b9faaae1 MS	302	const char command, / I - Full path to command */
	303	char argv[], / I - Command-line arguments */
	304	char envp[], / I - Environment */
	305	int infd, /* I - Standard input file descriptor */
	306	int outfd, /* I - Standard output file descriptor */
	307	int errfd, /* I - Standard error file descriptor */
	308	int backfd, /* I - Backchannel file descriptor */
	309	int sidefd, /* I - Sidechannel file descriptor */
	310	int root, /* I - Run as root? */
	311	void profile, / I - Security profile to use */
38e73f87	312	cupsd_job_t job, / I - Job associated with process */
b9faaae1	313	int pid) / O - Process ID */
ef416fc2	314	{
0268488e	315	int i; /* Looping var */
e60ec91f	316	const char exec_path = command; / Command to be exec'd */
0268488e MS	317	char real_argv[103], / Real command-line arguments */
0268488e MS	318	cups_exec[1024]; /* Path to "cups-exec" program */
bf3816c7	319	int user; /* Command UID */
e00b005a	320	cupsd_proc_t proc; / New process record */
ef416fc2	321	#if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
e00b005a	322	struct sigaction action; /* POSIX signal handler */
ef416fc2	323	#endif /* HAVE_SIGACTION && !HAVE_SIGSET */
e53920b9	324	#if defined(__APPLE__)
e00b005a	325	char processPath[1024], /* CFProcessPath environment variable */
	326	linkpath[1024]; /* Link path for symlinks... */
	327	int linkbytes; /* Bytes for link path */
e53920b9	328	#endif /* __APPLE__ */
ef416fc2	329
ef416fc2	330
22c9029b MS	331	*pid = 0;
22c9029b MS	332
0268488e MS	333	/*
	334	* Figure out the UID for the child process...
	335	*/
	336
bf3816c7 MS	337	if (RunUser)
	338	user = RunUser;
	339	else if (root)
	340	user = 0;
	341	else
	342	user = User;
	343
0268488e MS	344	/*
	345	* Check the permissions of the command we are running...
	346	*/
	347
22c9029b MS	348	if (_cupsFileCheck(command, _CUPS_FILE_CHECK_PROGRAM, !RunUser,
22c9029b MS	349	cupsdLogFCMessage, job ? job->printer : NULL))
bf3816c7	350	return (0);
76cd9e37	351
e53920b9	352	#if defined(__APPLE__)
e53920b9	353	if (envp)
e00b005a	354	{
e00b005a	355	/*
6d2f911b	356	* Add special voodoo magic for Mac OS X - this allows Mac OS X
e53920b9	357	* programs to access their bundle resources properly...
e00b005a	358	*/
e00b005a	359
e53920b9	360	if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0)
	361	{
	362	/*
	363	* Yes, this is a symlink to the actual program, nul-terminate and
	364	* use it...
	365	*/
	366
	367	linkpath[linkbytes] = '\0';
e00b005a	368
e53920b9	369	if (linkpath[0] == '/')
	370	snprintf(processPath, sizeof(processPath), "CFProcessPath=%s",
	371	linkpath);
	372	else
	373	snprintf(processPath, sizeof(processPath), "CFProcessPath=%s/%s",
f7deaa1a	374	dirname((char *)command), linkpath);
e53920b9	375	}
e00b005a	376	else
e53920b9	377	snprintf(processPath, sizeof(processPath), "CFProcessPath=%s", command);
bd7854cb	378
e53920b9	379	envp[0] = processPath; /* Replace <CFProcessPath> string */
	380	}
	381	#endif /* __APPLE__ */
e00b005a	382
0268488e MS	383	/*
	384	* Use helper program when we have a sandbox profile...
	385	*/
	386
	387	if (profile)
	388	{
	389	snprintf(cups_exec, sizeof(cups_exec), "%s/daemon/cups-exec", ServerBin);
	390
	391	real_argv[0] = cups_exec;
	392	real_argv[1] = profile;
	393	real_argv[2] = (char *)command;
	394
	395	for (i = 0;
	396	i < (int)(sizeof(real_argv) / sizeof(real_argv[0]) - 4) && argv[i];
	397	i ++)
	398	real_argv[i + 3] = argv[i];
	399
	400	real_argv[i + 3] = NULL;
	401
e60ec91f MS	402	argv = real_argv;
e60ec91f MS	403	exec_path = cups_exec;
0268488e MS	404	}
0268488e MS	405
ef416fc2	406	/*
	407	* Block signals before forking...
	408	*/
	409
	410	cupsdHoldSignals();
	411
	412	if ((*pid = fork()) == 0)
	413	{
	414	/*
	415	* Child process goes here...
	416	*
	417	* Update stdin/stdout/stderr as needed...
	418	*/
	419
	420	if (infd != 0)
	421	{
68b10830 MS	422	if (infd < 0)
	423	infd = open("/dev/null", O_RDONLY);
	424
	425	if (infd != 0)
	426	{
	427	dup2(infd, 0);
	428	close(infd);
	429	}
ef416fc2	430	}
68b10830	431
ef416fc2	432	if (outfd != 1)
ef416fc2	433	{
68b10830 MS	434	if (outfd < 0)
	435	outfd = open("/dev/null", O_WRONLY);
	436
	437	if (outfd != 1)
	438	{
	439	dup2(outfd, 1);
	440	close(outfd);
	441	}
ef416fc2	442	}
68b10830	443
ef416fc2	444	if (errfd != 2)
ef416fc2	445	{
68b10830 MS	446	if (errfd < 0)
	447	errfd = open("/dev/null", O_WRONLY);
	448
	449	if (errfd != 2)
	450	{
	451	dup2(errfd, 2);
	452	close(errfd);
	453	}
ef416fc2	454	}
68b10830 MS	455
68b10830 MS	456	if (backfd != 3 && backfd >= 0)
ef416fc2	457	{
68b10830 MS	458	dup2(backfd, 3);
68b10830 MS	459	close(backfd);
ef416fc2	460	fcntl(3, F_SETFL, O_NDELAY);
ef416fc2	461	}
68b10830 MS	462
68b10830 MS	463	if (sidefd != 4 && sidefd >= 0)
f7deaa1a	464	{
68b10830 MS	465	dup2(sidefd, 4);
68b10830 MS	466	close(sidefd);
f7deaa1a	467	fcntl(4, F_SETFL, O_NDELAY);
f7deaa1a	468	}
ef416fc2	469
	470	/*
	471	* Change the priority of the process based on the FilterNice setting.
5bd77a73	472	* (this is not done for root processes...)
ef416fc2	473	*/
	474
	475	if (!root)
	476	nice(FilterNice);
	477
	478	/*
	479	* Change user to something "safe"...
	480	*/
	481
	482	if (!root && !RunUser)
	483	{
	484	/*
	485	* Running as root, so change to non-priviledged user...
	486	*/
	487
	488	if (setgid(Group))
e00b005a	489	exit(errno);
ef416fc2	490
ef416fc2	491	if (setgroups(1, &Group))
e00b005a	492	exit(errno);
ef416fc2	493
	494	if (setuid(User))
	495	exit(errno);
	496	}
	497	else
	498	{
	499	/*
	500	* Reset group membership to just the main one we belong to.
	501	*/
	502
41681883 MS	503	if (setgid(Group) && !RunUser)
	504	exit(errno);
	505
	506	if (setgroups(1, &Group) && !RunUser)
	507	exit(errno);
ef416fc2	508	}
	509
	510	/*
	511	* Change umask to restrict permissions on created files...
	512	*/
	513
	514	umask(077);
	515
	516	/*
	517	* Unblock signals before doing the exec...
	518	*/
	519
	520	#ifdef HAVE_SIGSET
	521	sigset(SIGTERM, SIG_DFL);
	522	sigset(SIGCHLD, SIG_DFL);
ef55b745	523	sigset(SIGPIPE, SIG_DFL);
ef416fc2	524	#elif defined(HAVE_SIGACTION)
	525	memset(&action, 0, sizeof(action));
	526
	527	sigemptyset(&action.sa_mask);
	528	action.sa_handler = SIG_DFL;
	529
	530	sigaction(SIGTERM, &action, NULL);
	531	sigaction(SIGCHLD, &action, NULL);
ef55b745	532	sigaction(SIGPIPE, &action, NULL);
ef416fc2	533	#else
	534	signal(SIGTERM, SIG_DFL);
	535	signal(SIGCHLD, SIG_DFL);
ef55b745	536	signal(SIGPIPE, SIG_DFL);
ef416fc2	537	#endif /* HAVE_SIGSET */
	538
	539	cupsdReleaseSignals();
	540
	541	/*
0268488e MS	542	* Execute the command; if for some reason this doesn't work, log an error
0268488e MS	543	* exit with a non-zero value...
ef416fc2	544	*/
	545
	546	if (envp)
e60ec91f	547	execve(exec_path, argv, envp);
ef416fc2	548	else
e60ec91f	549	execv(exec_path, argv);
ef416fc2	550
	551	perror(command);
	552
0268488e	553	exit(1);
ef416fc2	554	}
	555	else if (*pid < 0)
	556	{
	557	/*
	558	* Error - couldn't fork a new process!
	559	*/
	560
	561	cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command,
	562	strerror(errno));
	563
	564	*pid = 0;
	565	}
e00b005a	566	else
	567	{
	568	if (!process_array)
	569	process_array = cupsArrayNew((cups_array_func_t)compare_procs, NULL);
	570
	571	if (process_array)
	572	{
	573	if ((proc = calloc(1, sizeof(cupsd_proc_t) + strlen(command))) != NULL)
	574	{
b9faaae1	575	proc->pid = *pid;
38e73f87	576	proc->job_id = job ? job->id : 0;
e60ec91f	577	_cups_strcpy(proc->name, command);
e00b005a	578
	579	cupsArrayAdd(process_array, proc);
	580	}
	581	}
	582	}
ef416fc2	583
	584	cupsdReleaseSignals();
	585
b9faaae1 MS	586	cupsdLogMessage(CUPSD_LOG_DEBUG2,
	587	"cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
	588	"infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
38e73f87	589	"profile=%p, job=%p(%d), pid=%p) = %d",
b9faaae1	590	command, argv, envp, infd, outfd, errfd, backfd, sidefd,
38e73f87	591	root, profile, job, job ? job->id : 0, pid, *pid);
b9faaae1	592
ef416fc2	593	return (*pid);
	594	}
	595
	596
	597	/*
e00b005a	598	* 'compare_procs()' - Compare two processes.
	599	*/
	600
	601	static int /* O - Result of comparison */
	602	compare_procs(cupsd_proc_t a, / I - First process */
	603	cupsd_proc_t b) / I - Second process */
	604	{
	605	return (a->pid - b->pid);
	606	}
	607
	608
a4924f6c MS	609	#ifdef HAVE_SANDBOX_H
	610	/*
	611	* 'cupsd_requote()' - Make a regular-expression version of a string.
	612	*/
	613
	614	static char * /* O - Quoted string */
	615	cupsd_requote(char dst, / I - Destination buffer */
	616	const char src, / I - Source string */
	617	size_t dstsize) /* I - Size of destination buffer */
	618	{
	619	int ch; /* Current character */
	620	char dstptr, / Current position in buffer */
	621	dstend; / End of destination buffer */
	622
	623
	624	dstptr = dst;
	625	dstend = dst + dstsize - 2;
	626
	627	while (*src && dstptr < dstend)
	628	{
	629	ch = *src++;
	630
	631	if (strchr(".?*()[]^$\\", ch))
	632	*dstptr++ = '\\';
	633
	634	*dstptr++ = ch;
	635	}
	636
	637	*dstptr = '\0';
	638
	639	return (dst);
	640	}
	641	#endif /* HAVE_SANDBOX_H */
	642
	643
e00b005a	644	/*
75bd9771	645	* End of "$Id: process.c 7256 2008-01-25 00:48:54Z mike $".
ef416fc2	646	*/