]> git.ipfire.org Git - thirdparty/cups.git/blame - scheduler/process.c
projects / thirdparty / cups.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
More tweaks for IPP Everywhere support in web interface.
[thirdparty/cups.git] / scheduler / process.c
CommitLineData
ef416fc2 1/*
7e86f2f6 2 * Process management routines for the CUPS scheduler.
ef416fc2 3 *
97cb5665 4 * Copyright 2007-2018 by Apple Inc.
7e86f2f6 5 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
ef416fc2 6 *
7e86f2f6
MS		 7 * These coded instructions, statements, and computer programs are the
8 * property of Apple Inc. and are protected by Federal copyright
9 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
10 * which should have been included with this file. If this file is
57b7b66b 11 * missing or damaged, see the license at "http://www.cups.org/".
ef416fc2 12 */
13
14/*
15 * Include necessary headers...
16 */
17
18#include "cupsd.h"
19#include <grp.h>
a4924f6c 20#ifdef __APPLE__
4400e98d 21# include <libgen.h>
6d2f911b 22#endif /* __APPLE__ */
c82f05ea
MS		 23#ifdef HAVE_POSIX_SPAWN
24# include <spawn.h>
25extern char **environ;
afe94dff
MS		 26/* Don't use posix_spawn on systems with bugs in their implementations... */
27# if defined(OpenBSD) && OpenBSD < 201505
a7616fe8 28# define USE_POSIX_SPAWN 0
afe94dff
MS		 29# elif defined(__UCLIBC__) && __UCLIBC_MAJOR__ == 1 && __UCLIBC_MINOR__ == 0 && __UCLIBC_SUBLEVEL__ < 27
30# define USE_POSIX_SPAWN 0
31# elif defined(__UCLIBC__) && __UCLIBC_MAJOR__ < 1
32# define USE_POSIX_SPAWN 0
33# else /* All other platforms */
34# define USE_POSIX_SPAWN 1
35# endif /* ... */
a7616fe8
MS		 36#else
37# define USE_POSIX_SPAWN 0
38#endif /* HAVE_POSIX_SPAWN */
ef416fc2 39
40
e00b005a 41/*
42 * Process structure...
43 */
44
45typedef struct
46{
b9faaae1
MS		 47 int pid, /* Process ID */
48 job_id; /* Job associated with process */
e00b005a 49 char name[1]; /* Name of process */
50} cupsd_proc_t;
51
52
53/*
54 * Local globals...
55 */
56
57static cups_array_t *process_array = NULL;
58
59
60/*
61 * Local functions...
62 */
63
64static int compare_procs(cupsd_proc_t *a, cupsd_proc_t *b);
a4924f6c
MS		 65#ifdef HAVE_SANDBOX_H
66static char *cupsd_requote(char *dst, const char *src, size_t dstsize);
67#endif /* HAVE_SANDBOX_H */
68
69
70/*
71 * 'cupsdCreateProfile()' - Create an execution profile for a subprocess.
72 */
73
74void * /* O - Profile or NULL on error */
8fe0183a
MS		 75cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */
76 int allow_networking)/* I - Allow networking off machine? */
a4924f6c
MS		 77{
78#ifdef HAVE_SANDBOX_H
8fe0183a
MS		 79 cups_file_t *fp; /* File pointer */
80 char profile[1024], /* File containing the profile */
81 bin[1024], /* Quoted ServerBin */
82 cache[1024], /* Quoted CacheDir */
83 domain[1024], /* Domain socket, if any */
84 request[1024], /* Quoted RequestRoot */
85 root[1024], /* Quoted ServerRoot */
6c2b2b19 86 state[1024], /* Quoted StateDir */
8fe0183a
MS		 87 temp[1024]; /* Quoted TempDir */
88 const char *nodebug; /* " (with no-log)" for no debug */
89 cupsd_listener_t *lis; /* Current listening socket */
90
91
92 if (!UseSandboxing || Sandboxing == CUPSD_SANDBOXING_OFF)
b9faaae1
MS		 93 {
94 /*
95 * Only use sandbox profiles as root...
96 */
97
8fe0183a 98 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking);
b9faaae1
MS		 99
100 return (NULL);
101 }
102
a4924f6c
MS		 103 if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL)
104 {
97cb5665
MS		 105 /*
106 * This should never happen, and is fatal when sandboxing is enabled.
107 */
108
8fe0183a 109 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking);
97cb5665
MS		 110 cupsdLogMessage(CUPSD_LOG_EMERG, "Unable to create security profile: %s", strerror(errno));
111 kill(getpid(), SIGTERM);
a4924f6c
MS		 112 return (NULL);
113 }
114
0268488e
MS		 115 fchown(cupsFileNumber(fp), RunUser, Group);
116 fchmod(cupsFileNumber(fp), 0640);
117
8fe0183a 118 cupsd_requote(bin, ServerBin, sizeof(bin));
a4924f6c
MS		 119 cupsd_requote(cache, CacheDir, sizeof(cache));
120 cupsd_requote(request, RequestRoot, sizeof(request));
121 cupsd_requote(root, ServerRoot, sizeof(root));
6c2b2b19 122 cupsd_requote(state, StateDir, sizeof(state));
a4924f6c
MS		 123 cupsd_requote(temp, TempDir, sizeof(temp));
124
88f9aafc
MS		 125 nodebug = LogLevel < CUPSD_LOG_DEBUG ? " (with no-log)" : "";
126
a4924f6c 127 cupsFilePuts(fp, "(version 1)\n");
8fe0183a
MS		 128 if (Sandboxing == CUPSD_SANDBOXING_STRICT)
129 cupsFilePuts(fp, "(deny default)\n");
130 else
131 cupsFilePuts(fp, "(allow default)\n");
132 if (LogLevel >= CUPSD_LOG_DEBUG)
133 cupsFilePuts(fp, "(debug deny)\n");
134 cupsFilePuts(fp, "(import \"system.sb\")\n");
96a5df62 135 cupsFilePuts(fp, "(import \"com.apple.corefoundation.sb\")\n");
8fe0183a
MS		 136 cupsFilePuts(fp, "(system-network)\n");
137 cupsFilePuts(fp, "(allow mach-per-user-lookup)\n");
138 cupsFilePuts(fp, "(allow ipc-posix-sem)\n");
139 cupsFilePuts(fp, "(allow ipc-posix-shm)\n");
140 cupsFilePuts(fp, "(allow ipc-sysv-shm)\n");
141 cupsFilePuts(fp, "(allow mach-lookup)\n");
0268488e 142 if (!RunUser)
88f9aafc
MS		 143 cupsFilePrintf(fp,
144 "(deny file-write* file-read-data file-read-metadata\n"
145 " (regex"
146 " #\"^/Users$\""
147 " #\"^/Users/\""
148 ")%s)\n", nodebug);
a4924f6c
MS		 149 cupsFilePrintf(fp,
150 "(deny file-write*\n"
5a6b583a
MS		 151 " (regex"
152 " #\"^%s$\"" /* ServerRoot */
153 " #\"^%s/\"" /* ServerRoot/... */
154 " #\"^/private/etc$\""
155 " #\"^/private/etc/\""
156 " #\"^/usr/local/etc$\""
157 " #\"^/usr/local/etc/\""
158 " #\"^/Library$\""
159 " #\"^/Library/\""
160 " #\"^/System$\""
161 " #\"^/System/\""
88f9aafc
MS		 162 ")%s)\n",
163 root, root, nodebug);
8fe0183a 164 /* Specifically allow applications to stat RequestRoot and some other system folders */
7cf5915e
MS		 165 cupsFilePrintf(fp,
166 "(allow file-read-metadata\n"
167 " (regex"
8fe0183a
MS		 168 " #\"^/$\"" /* / */
169 " #\"^/usr$\"" /* /usr */
170 " #\"^/Library$\"" /* /Library */
171 " #\"^/Library/Printers$\"" /* /Library/Printers */
7cf5915e
MS		 172 " #\"^%s$\"" /* RequestRoot */
173 "))\n",
174 request);
8fe0183a 175 /* Read and write TempDir, CacheDir, and other common folders */
84465c7c
MS		 176 cupsFilePuts(fp,
177 "(allow file-write* file-read-data file-read-metadata\n"
178 " (regex"
179 " #\"^/private/var/db/\""
180 " #\"^/private/var/folders/\""
181 " #\"^/private/var/lib/\""
182 " #\"^/private/var/log/\""
183 " #\"^/private/var/mysql/\""
184 " #\"^/private/var/run/\""
185 " #\"^/private/var/spool/\""
186 " #\"^/Library/Application Support/\""
187 " #\"^/Library/Caches/\""
188 " #\"^/Library/Logs/\""
189 " #\"^/Library/Preferences/\""
190 " #\"^/Library/WebServer/\""
191 " #\"^/Users/Shared/\""
192 "))\n");
193 cupsFilePrintf(fp,
194 "(deny file-write*\n"
195 " (regex #\"^%s$\")%s)\n",
196 request, nodebug);
197 cupsFilePrintf(fp,
198 "(deny file-write* file-read-data file-read-metadata\n"
199 " (regex #\"^%s/\")%s)\n",
200 request, nodebug);
a4924f6c
MS		 201 cupsFilePrintf(fp,
202 "(allow file-write* file-read-data file-read-metadata\n"
5a6b583a
MS		 203 " (regex"
204 " #\"^%s$\"" /* TempDir */
205 " #\"^%s/\"" /* TempDir/... */
206 " #\"^%s$\"" /* CacheDir */
207 " #\"^%s/\"" /* CacheDir/... */
ed6e7faf 208 "))\n",
97cb5665 209 temp, temp, cache, cache);
8fe0183a 210 /* Read common folders */
88f9aafc 211 cupsFilePrintf(fp,
8fe0183a 212 "(allow file-read-data file-read-metadata\n"
8fe0183a 213 " (regex"
bcc4b655
MS		 214 " #\"^/AppleInternal$\""
215 " #\"^/AppleInternal/\""
8fe0183a
MS		 216 " #\"^/bin$\"" /* /bin */
217 " #\"^/bin/\"" /* /bin/... */
777e09f8 218 " #\"^/private$\""
d9183105
MS		 219 " #\"^/private/etc$\""
220 " #\"^/private/etc/\""
1d8db48d
MS		 221 " #\"^/private/tmp$\""
222 " #\"^/private/tmp/\""
777e09f8
MS		 223 " #\"^/private/var$\""
224 " #\"^/private/var/db$\""
d9183105 225 " #\"^/private/var/folders$\""
99328a65
MS		 226 " #\"^/private/var/lib$\""
227 " #\"^/private/var/log$\""
228 " #\"^/private/var/mysql$\""
1d8db48d 229 " #\"^/private/var/run$\""
777e09f8 230 " #\"^/private/var/spool$\""
59aa4944
MS		 231 " #\"^/private/var/tmp$\""
232 " #\"^/private/var/tmp/\""
8fe0183a
MS		 233 " #\"^/usr/bin$\"" /* /usr/bin */
234 " #\"^/usr/bin/\"" /* /usr/bin/... */
235 " #\"^/usr/libexec/cups$\"" /* /usr/libexec/cups */
236 " #\"^/usr/libexec/cups/\"" /* /usr/libexec/cups/... */
3f4342fa
MS		 237 " #\"^/usr/libexec/fax$\"" /* /usr/libexec/fax */
238 " #\"^/usr/libexec/fax/\"" /* /usr/libexec/fax/... */
8fe0183a
MS		 239 " #\"^/usr/sbin$\"" /* /usr/sbin */
240 " #\"^/usr/sbin/\"" /* /usr/sbin/... */
59aa4944
MS		 241 " #\"^/Library$\"" /* /Library */
242 " #\"^/Library/\"" /* /Library/... */
243 " #\"^/System$\"" /* /System */
244 " #\"^/System/\"" /* /System/... */
8fe0183a
MS		 245 " #\"^%s/Library$\"" /* RequestRoot/Library */
246 " #\"^%s/Library/\"" /* RequestRoot/Library/... */
247 " #\"^%s$\"" /* ServerBin */
248 " #\"^%s/\"" /* ServerBin/... */
249 " #\"^%s$\"" /* ServerRoot */
250 " #\"^%s/\"" /* ServerRoot/... */
97cb5665
MS		 251 " #\"^%s$\"" /* StateDir */
252 " #\"^%s/\"" /* StateDir/... */
8fe0183a 253 "))\n",
97cb5665 254 request, request, bin, bin, root, root, state, state);
8fe0183a
MS		 255 if (Sandboxing == CUPSD_SANDBOXING_RELAXED)
256 {
257 /* Limited write access to /Library/Printers/... */
258 cupsFilePuts(fp,
259 "(allow file-write*\n"
88f9aafc 260 " (regex"
8fe0183a
MS		 261 " #\"^/Library/Printers/.*/\""
262 "))\n");
263 cupsFilePrintf(fp,
264 "(deny file-write*\n"
265 " (regex"
266 " #\"^/Library/Printers/PPDs$\""
267 " #\"^/Library/Printers/PPDs/\""
268 " #\"^/Library/Printers/PPD Plugins$\""
269 " #\"^/Library/Printers/PPD Plugins/\""
270 ")%s)\n", nodebug);
271 }
a94fe6cf
MS		 272 /* Allow execution of child processes as long as the programs are not in a user directory */
273 cupsFilePuts(fp, "(allow process*)\n");
274 cupsFilePuts(fp, "(deny process-exec (regex #\"^/Users/\"))\n");
8fe0183a 275 if (RunUser && getenv("CUPS_TESTROOT"))
e60ec91f 276 {
8fe0183a
MS		 277 /* Allow source directory access in "make test" environment */
278 char testroot[1024]; /* Root directory of test files */
e60ec91f 279
8fe0183a
MS		 280 cupsd_requote(testroot, getenv("CUPS_TESTROOT"), sizeof(testroot));
281
282 cupsFilePrintf(fp,
283 "(allow file-write* file-read-data file-read-metadata\n"
284 " (regex"
285 " #\"^%s$\"" /* CUPS_TESTROOT */
286 " #\"^%s/\"" /* CUPS_TESTROOT/... */
287 "))\n",
288 testroot, testroot);
289 cupsFilePrintf(fp,
290 "(allow process-exec\n"
291 " (regex"
292 " #\"^%s/\"" /* CUPS_TESTROOT/... */
293 "))\n",
294 testroot);
59aa4944 295 cupsFilePrintf(fp, "(allow sysctl*)\n");
8fe0183a
MS		 296 }
297 if (job_id)
298 {
299 /* Allow job filters to read the current job files... */
a4924f6c
MS		 300 cupsFilePrintf(fp,
301 "(allow file-read-data file-read-metadata\n"
5a757074 302 " (regex #\"^%s/([ac]%05d|d%05d-[0-9][0-9][0-9])$\"))\n",
5bd77a73 303 request, job_id, job_id);
e60ec91f
MS		 304 }
305 else
306 {
8fe0183a 307 /* Allow email notifications from notifiers... */
e60ec91f
MS		 308 cupsFilePuts(fp,
309 "(allow process-exec\n"
310 " (literal \"/usr/sbin/sendmail\")\n"
8fe0183a
MS		 311 " (with no-sandbox))\n");
312 }
a94fe6cf
MS		 313 /* Allow access to Bluetooth, USB, and notify_post. */
314 cupsFilePuts(fp, "(allow iokit*)\n");
315 cupsFilePuts(fp, "(allow distributed-notification-post)\n");
777e09f8 316 /* Allow outbound networking to local services */
8fe0183a 317 cupsFilePuts(fp, "(allow network-outbound"
59aa4944 318 "\n (regex #\"^/private/var/run/\" #\"^/private/tmp/\" #\"^/private/var/tmp/\")");
8fe0183a
MS		 319 for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners);
320 lis;
321 lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
322 {
323 if (httpAddrFamily(&(lis->address)) == AF_LOCAL)
324 {
325 httpAddrString(&(lis->address), domain, sizeof(domain));
326 cupsFilePrintf(fp, "\n (literal \"%s\")", domain);
327 }
328 }
329 if (allow_networking)
330 {
331 /* Allow TCP and UDP networking off the machine... */
332 cupsFilePuts(fp, "\n (remote tcp))\n");
4c6277cc 333 cupsFilePuts(fp, "(allow network-bind)\n"); /* for LPD resvport */
8fe0183a
MS		 334 cupsFilePuts(fp, "(allow network*\n"
335 " (local udp \"*:*\")\n"
336 " (remote udp \"*:*\"))\n");
bcc4b655 337
fb3777cc 338 /* Also allow access to device files... */
e2685126 339 cupsFilePuts(fp, "(allow file-write* file-read-data file-read-metadata file-ioctl\n"
4c6277cc 340 " (regex #\"^/dev/\"))\n");
6e6611ef
MS		 341
342 /* And allow kernel extensions to be loaded, e.g., SMB */
343 cupsFilePuts(fp, "(allow system-kext-load)\n");
8fe0183a
MS		 344 }
345 else
346 {
fb3777cc 347 /* Only allow SNMP (UDP) and LPD (TCP) off the machine... */
8fe0183a
MS		 348 cupsFilePuts(fp, ")\n");
349 cupsFilePuts(fp, "(allow network-outbound\n"
2dd94018 350 " (remote udp \"*:161\")\n"
fb3777cc 351 " (remote tcp \"*:515\"))\n");
8fe0183a
MS		 352 cupsFilePuts(fp, "(allow network-inbound\n"
353 " (local udp \"localhost:*\"))\n");
e60ec91f 354 }
a4924f6c
MS		 355 cupsFileClose(fp);
356
8fe0183a 357 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d,allow_networking=%d) = \"%s\"", job_id, allow_networking, profile);
a4924f6c 358 return ((void *)strdup(profile));
b9faaae1 359
a4924f6c 360#else
8fe0183a 361 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking);
a4924f6c
MS		 362
363 return (NULL);
364#endif /* HAVE_SANDBOX_H */
365}
366
367
368/*
369 * 'cupsdDestroyProfile()' - Delete an execution profile.
370 */
371
372void
373cupsdDestroyProfile(void *profile) /* I - Profile */
374{
b9faaae1
MS		 375 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDeleteProfile(profile=\"%s\")",
376 profile ? (char *)profile : "(null)");
377
a4924f6c
MS		 378#ifdef HAVE_SANDBOX_H
379 if (profile)
380 {
381 unlink((char *)profile);
382 free(profile);
383 }
384#endif /* HAVE_SANDBOX_H */
385}
e00b005a 386
387
ef416fc2 388/*
389 * 'cupsdEndProcess()' - End a process.
390 */
391
392int /* O - 0 on success, -1 on failure */
393cupsdEndProcess(int pid, /* I - Process ID */
394 int force) /* I - Force child to die */
395{
b9faaae1
MS		 396 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdEndProcess(pid=%d, force=%d)", pid,
397 force);
398
ef55b745
MS		 399 if (!pid)
400 return (0);
88f9aafc
MS		 401
402 if (!RunUser)
403 {
404 /*
405 * When running as root, cupsd puts child processes in their own process
406 * group. Using "-pid" sends a signal to all processes in the group.
407 */
408
409 pid = -pid;
410 }
411
412 if (force)
ef416fc2 413 return (kill(pid, SIGKILL));
414 else
415 return (kill(pid, SIGTERM));
416}
417
418
e00b005a 419/*
420 * 'cupsdFinishProcess()' - Finish a process and get its name.
421 */
422
423const char * /* O - Process name */
07623986
MS		 424cupsdFinishProcess(int pid, /* I - Process ID */
425 char *name, /* I - Name buffer */
426 size_t namelen, /* I - Size of name buffer */
427 int *job_id) /* O - Job ID pointer or NULL */
e00b005a 428{
429 cupsd_proc_t key, /* Search key */
430 *proc; /* Matching process */
431
432
433 key.pid = pid;
434
435 if ((proc = (cupsd_proc_t *)cupsArrayFind(process_array, &key)) != NULL)
436 {
b9faaae1
MS		 437 if (job_id)
438 *job_id = proc->job_id;
439
e00b005a 440 strlcpy(name, proc->name, namelen);
441 cupsArrayRemove(process_array, proc);
442 free(proc);
e00b005a 443 }
444 else
b9faaae1
MS		 445 {
446 if (job_id)
447 *job_id = 0;
448
449 strlcpy(name, "unknown", namelen);
450 }
451
07623986 452 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFinishProcess(pid=%d, name=%p, namelen=" CUPS_LLFMT ", job_id=%p(%d)) = \"%s\"", pid, name, CUPS_LLCAST namelen, job_id, job_id ? *job_id : 0, name);
b9faaae1
MS		 453
454 return (name);
e00b005a 455}
456
457
ef416fc2 458/*
459 * 'cupsdStartProcess()' - Start a process.
460 */
461
462int /* O - Process ID or 0 */
463cupsdStartProcess(
b9faaae1
MS		 464 const char *command, /* I - Full path to command */
465 char *argv[], /* I - Command-line arguments */
466 char *envp[], /* I - Environment */
467 int infd, /* I - Standard input file descriptor */
468 int outfd, /* I - Standard output file descriptor */
469 int errfd, /* I - Standard error file descriptor */
470 int backfd, /* I - Backchannel file descriptor */
471 int sidefd, /* I - Sidechannel file descriptor */
472 int root, /* I - Run as root? */
473 void *profile, /* I - Security profile to use */
38e73f87 474 cupsd_job_t *job, /* I - Job associated with process */
b9faaae1 475 int *pid) /* O - Process ID */
ef416fc2 476{
0268488e 477 int i; /* Looping var */
e60ec91f 478 const char *exec_path = command; /* Command to be exec'd */
28c194b0 479 char *real_argv[110], /* Real command-line arguments */
1b3b9aa9
MS		 480 cups_exec[1024], /* Path to "cups-exec" program */
481 user_str[16], /* User string */
482 group_str[16], /* Group string */
483 nice_str[16]; /* FilterNice string */
7e86f2f6 484 uid_t user; /* Command UID */
e00b005a 485 cupsd_proc_t *proc; /* New process record */
a7616fe8 486#if USE_POSIX_SPAWN
c82f05ea
MS		 487 posix_spawn_file_actions_t actions; /* Spawn file actions */
488 posix_spawnattr_t attrs; /* Spawn attributes */
73174bb3 489 sigset_t defsignals; /* Default signals */
07623986 490#elif defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
e00b005a 491 struct sigaction action; /* POSIX signal handler */
a7616fe8 492#endif /* USE_POSIX_SPAWN */
e53920b9 493#if defined(__APPLE__)
e00b005a 494 char processPath[1024], /* CFProcessPath environment variable */
495 linkpath[1024]; /* Link path for symlinks... */
496 int linkbytes; /* Bytes for link path */
e53920b9 497#endif /* __APPLE__ */
ef416fc2 498
499
22c9029b
MS		 500 *pid = 0;
501
0268488e
MS		 502 /*
503 * Figure out the UID for the child process...
504 */
505
bf3816c7
MS		 506 if (RunUser)
507 user = RunUser;
508 else if (root)
509 user = 0;
510 else
511 user = User;
512
0268488e
MS		 513 /*
514 * Check the permissions of the command we are running...
515 */
516
22c9029b
MS		 517 if (_cupsFileCheck(command, _CUPS_FILE_CHECK_PROGRAM, !RunUser,
518 cupsdLogFCMessage, job ? job->printer : NULL))
bf3816c7 519 return (0);
76cd9e37 520
e53920b9 521#if defined(__APPLE__)
522 if (envp)
e00b005a 523 {
524 /*
8072030b 525 * Add special voodoo magic for macOS - this allows macOS programs to access
f3c17241 526 * their bundle resources properly...
e00b005a 527 */
528
e53920b9 529 if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0)
530 {
531 /*
532 * Yes, this is a symlink to the actual program, nul-terminate and
533 * use it...
534 */
535
536 linkpath[linkbytes] = '\0';
e00b005a 537
e53920b9 538 if (linkpath[0] == '/')
539 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s",
540 linkpath);
541 else
542 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s/%s",
f7deaa1a 543 dirname((char *)command), linkpath);
e53920b9 544 }
e00b005a 545 else
e53920b9 546 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s", command);
bd7854cb 547
e53920b9 548 envp[0] = processPath; /* Replace <CFProcessPath> string */
549 }
550#endif /* __APPLE__ */
e00b005a 551
0268488e
MS		 552 /*
553 * Use helper program when we have a sandbox profile...
554 */
555
a7616fe8 556#if !USE_POSIX_SPAWN
0268488e 557 if (profile)
a7616fe8 558#endif /* !USE_POSIX_SPAWN */
0268488e
MS		 559 {
560 snprintf(cups_exec, sizeof(cups_exec), "%s/daemon/cups-exec", ServerBin);
8fe0183a 561 snprintf(user_str, sizeof(user_str), "%d", user);
c82f05ea
MS		 562 snprintf(group_str, sizeof(group_str), "%d", Group);
563 snprintf(nice_str, sizeof(nice_str), "%d", FilterNice);
0268488e
MS		 564
565 real_argv[0] = cups_exec;
28c194b0
MS		 566 real_argv[1] = (char *)"-g";
567 real_argv[2] = group_str;
568 real_argv[3] = (char *)"-n";
c82f05ea 569 real_argv[4] = nice_str;
28c194b0
MS		 570 real_argv[5] = (char *)"-u";
571 real_argv[6] = user_str;
343276df 572 real_argv[7] = profile ? profile : "none";
28c194b0 573 real_argv[8] = (char *)command;
0268488e
MS		 574
575 for (i = 0;
28c194b0 576 i < (int)(sizeof(real_argv) / sizeof(real_argv[0]) - 10) && argv[i];
0268488e 577 i ++)
28c194b0 578 real_argv[i + 9] = argv[i];
0268488e 579
28c194b0 580 real_argv[i + 9] = NULL;
0268488e 581
e60ec91f
MS		 582 argv = real_argv;
583 exec_path = cups_exec;
0268488e
MS		 584 }
585
c82f05ea
MS		 586 if (LogLevel == CUPSD_LOG_DEBUG2)
587 {
588 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Preparing to start \"%s\", arguments:", command);
589
590 for (i = 0; argv[i]; i ++)
591 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: argv[%d] = \"%s\"", i, argv[i]);
592 }
593
a7616fe8 594#if USE_POSIX_SPAWN
c82f05ea
MS		 595 /*
596 * Setup attributes and file actions for the spawn...
597 */
598
599 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Setting spawn attributes.");
73174bb3
MS		 600 sigemptyset(&defsignals);
601 sigaddset(&defsignals, SIGTERM);
602 sigaddset(&defsignals, SIGCHLD);
603 sigaddset(&defsignals, SIGPIPE);
604
c82f05ea
MS		 605 posix_spawnattr_init(&attrs);
606 posix_spawnattr_setflags(&attrs, POSIX_SPAWN_SETPGROUP | POSIX_SPAWN_SETSIGDEF);
73174bb3
MS		 607 posix_spawnattr_setpgroup(&attrs, 0);
608 posix_spawnattr_setsigdefault(&attrs, &defsignals);
c82f05ea
MS		 609
610 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Setting file actions.");
611 posix_spawn_file_actions_init(&actions);
612 if (infd != 0)
613 {
614 if (infd < 0)
0907c437 615 posix_spawn_file_actions_addopen(&actions, 0, "/dev/null", O_RDONLY, 0);
c82f05ea
MS		 616 else
617 posix_spawn_file_actions_adddup2(&actions, infd, 0);
618 }
619
620 if (outfd != 1)
621 {
622 if (outfd < 0)
623 posix_spawn_file_actions_addopen(&actions, 1, "/dev/null", O_WRONLY, 0);
624 else
625 posix_spawn_file_actions_adddup2(&actions, outfd, 1);
626 }
627
628 if (errfd != 2)
629 {
630 if (errfd < 0)
631 posix_spawn_file_actions_addopen(&actions, 2, "/dev/null", O_WRONLY, 0);
632 else
633 posix_spawn_file_actions_adddup2(&actions, errfd, 2);
634 }
635
636 if (backfd != 3 && backfd >= 0)
637 posix_spawn_file_actions_adddup2(&actions, backfd, 3);
638
639 if (sidefd != 4 && sidefd >= 0)
640 posix_spawn_file_actions_adddup2(&actions, sidefd, 4);
641
642 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Calling posix_spawn.");
643
644 if (posix_spawn(pid, exec_path, &actions, &attrs, argv, envp ? envp : environ))
645 {
646 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command, strerror(errno));
647
648 *pid = 0;
649 }
650 else
651 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: pid=%d", (int)*pid);
652
653 posix_spawn_file_actions_destroy(&actions);
654 posix_spawnattr_destroy(&attrs);
655
656#else
ef416fc2 657 /*
658 * Block signals before forking...
659 */
660
661 cupsdHoldSignals();
662
663 if ((*pid = fork()) == 0)
664 {
665 /*
88f9aafc
MS		 666 * Child process goes here; update stderr as needed...
667 */
668
669 if (errfd != 2)
670 {
671 if (errfd < 0)
672 errfd = open("/dev/null", O_WRONLY);
673
674 if (errfd != 2)
675 {
676 dup2(errfd, 2);
677 close(errfd);
678 }
679 }
680
681 /*
682 * Put this process in its own process group so that we can kill any child
683 * processes it creates.
684 */
685
c82f05ea 686# ifdef HAVE_SETPGID
88f9aafc
MS		 687 if (!RunUser && setpgid(0, 0))
688 exit(errno + 100);
c82f05ea 689# else
88f9aafc
MS		 690 if (!RunUser && setpgrp())
691 exit(errno + 100);
c82f05ea 692# endif /* HAVE_SETPGID */
88f9aafc
MS		 693
694 /*
695 * Update the remaining file descriptors as needed...
ef416fc2 696 */
697
698 if (infd != 0)
699 {
68b10830
MS		 700 if (infd < 0)
701 infd = open("/dev/null", O_RDONLY);
702
703 if (infd != 0)
704 {
705 dup2(infd, 0);
706 close(infd);
707 }
ef416fc2 708 }
68b10830 709
ef416fc2 710 if (outfd != 1)
711 {
68b10830
MS		 712 if (outfd < 0)
713 outfd = open("/dev/null", O_WRONLY);
714
715 if (outfd != 1)
716 {
717 dup2(outfd, 1);
718 close(outfd);
719 }
ef416fc2 720 }
68b10830 721
68b10830 722 if (backfd != 3 && backfd >= 0)
ef416fc2 723 {
68b10830
MS		 724 dup2(backfd, 3);
725 close(backfd);
ef416fc2 726 fcntl(3, F_SETFL, O_NDELAY);
727 }
68b10830
MS		 728
729 if (sidefd != 4 && sidefd >= 0)
f7deaa1a 730 {
68b10830
MS		 731 dup2(sidefd, 4);
732 close(sidefd);
f7deaa1a 733 fcntl(4, F_SETFL, O_NDELAY);
734 }
ef416fc2 735
736 /*
737 * Change the priority of the process based on the FilterNice setting.
5bd77a73 738 * (this is not done for root processes...)
ef416fc2 739 */
740
741 if (!root)
742 nice(FilterNice);
743
744 /*
88f9aafc 745 * Reset group membership to just the main one we belong to.
ef416fc2 746 */
747
88f9aafc
MS		 748 if (!RunUser && setgid(Group))
749 exit(errno + 100);
ef416fc2 750
88f9aafc
MS		 751 if (!RunUser && setgroups(1, &Group))
752 exit(errno + 100);
ef416fc2 753
88f9aafc
MS		 754 /*
755 * Change user to something "safe"...
756 */
41681883 757
88f9aafc
MS		 758 if (!RunUser && user && setuid(user))
759 exit(errno + 100);
ef416fc2 760
761 /*
762 * Change umask to restrict permissions on created files...
763 */
764
765 umask(077);
766
767 /*
768 * Unblock signals before doing the exec...
769 */
770
c82f05ea 771# ifdef HAVE_SIGSET
ef416fc2 772 sigset(SIGTERM, SIG_DFL);
773 sigset(SIGCHLD, SIG_DFL);
ef55b745 774 sigset(SIGPIPE, SIG_DFL);
c82f05ea 775# elif defined(HAVE_SIGACTION)
ef416fc2 776 memset(&action, 0, sizeof(action));
777
778 sigemptyset(&action.sa_mask);
779 action.sa_handler = SIG_DFL;
780
781 sigaction(SIGTERM, &action, NULL);
782 sigaction(SIGCHLD, &action, NULL);
ef55b745 783 sigaction(SIGPIPE, &action, NULL);
c82f05ea 784# else
ef416fc2 785 signal(SIGTERM, SIG_DFL);
786 signal(SIGCHLD, SIG_DFL);
ef55b745 787 signal(SIGPIPE, SIG_DFL);
c82f05ea 788# endif /* HAVE_SIGSET */
ef416fc2 789
790 cupsdReleaseSignals();
791
792 /*
0268488e
MS		 793 * Execute the command; if for some reason this doesn't work, log an error
794 * exit with a non-zero value...
ef416fc2 795 */
796
797 if (envp)
e60ec91f 798 execve(exec_path, argv, envp);
ef416fc2 799 else
e60ec91f 800 execv(exec_path, argv);
ef416fc2 801
88f9aafc 802 exit(errno + 100);
ef416fc2 803 }
804 else if (*pid < 0)
805 {
806 /*
807 * Error - couldn't fork a new process!
808 */
809
810 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command,
811 strerror(errno));
812
813 *pid = 0;
814 }
c82f05ea
MS		 815
816 cupsdReleaseSignals();
a7616fe8 817#endif /* USE_POSIX_SPAWN */
c82f05ea
MS		 818
819 if (*pid)
e00b005a 820 {
821 if (!process_array)
822 process_array = cupsArrayNew((cups_array_func_t)compare_procs, NULL);
f3c17241 823
e00b005a 824 if (process_array)
825 {
826 if ((proc = calloc(1, sizeof(cupsd_proc_t) + strlen(command))) != NULL)
827 {
b9faaae1 828 proc->pid = *pid;
38e73f87 829 proc->job_id = job ? job->id : 0;
e60ec91f 830 _cups_strcpy(proc->name, command);
e00b005a 831
832 cupsArrayAdd(process_array, proc);
833 }
834 }
835 }
ef416fc2 836
b9faaae1
MS		 837 cupsdLogMessage(CUPSD_LOG_DEBUG2,
838 "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
839 "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
38e73f87 840 "profile=%p, job=%p(%d), pid=%p) = %d",
b9faaae1 841 command, argv, envp, infd, outfd, errfd, backfd, sidefd,
38e73f87 842 root, profile, job, job ? job->id : 0, pid, *pid);
b9faaae1 843
ef416fc2 844 return (*pid);
845}
846
847
848/*
e00b005a 849 * 'compare_procs()' - Compare two processes.
850 */
851
852static int /* O - Result of comparison */
853compare_procs(cupsd_proc_t *a, /* I - First process */
854 cupsd_proc_t *b) /* I - Second process */
855{
856 return (a->pid - b->pid);
857}
858
859
a4924f6c
MS		 860#ifdef HAVE_SANDBOX_H
861/*
862 * 'cupsd_requote()' - Make a regular-expression version of a string.
863 */
864
865static char * /* O - Quoted string */
866cupsd_requote(char *dst, /* I - Destination buffer */
867 const char *src, /* I - Source string */
868 size_t dstsize) /* I - Size of destination buffer */
869{
870 int ch; /* Current character */
871 char *dstptr, /* Current position in buffer */
872 *dstend; /* End of destination buffer */
873
874
875 dstptr = dst;
876 dstend = dst + dstsize - 2;
877
878 while (*src && dstptr < dstend)
879 {
880 ch = *src++;
881
cb7f98ee
MS		 882 if (ch == '/' && !*src)
883 break; /* Don't add trailing slash */
884
8a984948 885 if (strchr(".?*()[]^$\\\"", ch))
a4924f6c
MS		 886 *dstptr++ = '\\';
887
7e86f2f6 888 *dstptr++ = (char)ch;
a4924f6c
MS		 889 }
890
891 *dstptr = '\0';
892
893 return (dst);
894}
895#endif /* HAVE_SANDBOX_H */
Unnamed repository; edit this file 'description' to name the repository.