]>
Commit | Line | Data |
---|---|---|
ef416fc2 | 1 | /* |
f2d18633 | 2 | * "$Id$" |
ef416fc2 | 3 | * |
7e86f2f6 | 4 | * Process management routines for the CUPS scheduler. |
ef416fc2 | 5 | * |
7e86f2f6 MS |
6 | * Copyright 2007-2014 by Apple Inc. |
7 | * Copyright 1997-2007 by Easy Software Products, all rights reserved. | |
ef416fc2 | 8 | * |
7e86f2f6 MS |
9 | * These coded instructions, statements, and computer programs are the |
10 | * property of Apple Inc. and are protected by Federal copyright | |
11 | * law. Distribution and use rights are outlined in the file "LICENSE.txt" | |
12 | * which should have been included with this file. If this file is | |
13 | * file is missing or damaged, see the license at "http://www.cups.org/". | |
ef416fc2 | 14 | */ |
15 | ||
16 | /* | |
17 | * Include necessary headers... | |
18 | */ | |
19 | ||
20 | #include "cupsd.h" | |
21 | #include <grp.h> | |
a4924f6c | 22 | #ifdef __APPLE__ |
4400e98d | 23 | # include <libgen.h> |
6d2f911b | 24 | #endif /* __APPLE__ */ |
c82f05ea MS |
25 | #ifdef HAVE_POSIX_SPAWN |
26 | # include <spawn.h> | |
27 | extern char **environ; | |
28 | #endif /* HAVE_POSIX_SPAWN */ | |
ef416fc2 | 29 | |
30 | ||
e00b005a | 31 | /* |
32 | * Process structure... | |
33 | */ | |
34 | ||
35 | typedef struct | |
36 | { | |
b9faaae1 MS |
37 | int pid, /* Process ID */ |
38 | job_id; /* Job associated with process */ | |
e00b005a | 39 | char name[1]; /* Name of process */ |
40 | } cupsd_proc_t; | |
41 | ||
42 | ||
43 | /* | |
44 | * Local globals... | |
45 | */ | |
46 | ||
47 | static cups_array_t *process_array = NULL; | |
48 | ||
49 | ||
50 | /* | |
51 | * Local functions... | |
52 | */ | |
53 | ||
54 | static int compare_procs(cupsd_proc_t *a, cupsd_proc_t *b); | |
a4924f6c MS |
55 | #ifdef HAVE_SANDBOX_H |
56 | static char *cupsd_requote(char *dst, const char *src, size_t dstsize); | |
57 | #endif /* HAVE_SANDBOX_H */ | |
58 | ||
59 | ||
60 | /* | |
61 | * 'cupsdCreateProfile()' - Create an execution profile for a subprocess. | |
62 | */ | |
63 | ||
64 | void * /* O - Profile or NULL on error */ | |
8fe0183a MS |
65 | cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */ |
66 | int allow_networking)/* I - Allow networking off machine? */ | |
a4924f6c MS |
67 | { |
68 | #ifdef HAVE_SANDBOX_H | |
8fe0183a MS |
69 | cups_file_t *fp; /* File pointer */ |
70 | char profile[1024], /* File containing the profile */ | |
71 | bin[1024], /* Quoted ServerBin */ | |
72 | cache[1024], /* Quoted CacheDir */ | |
73 | domain[1024], /* Domain socket, if any */ | |
74 | request[1024], /* Quoted RequestRoot */ | |
75 | root[1024], /* Quoted ServerRoot */ | |
76 | temp[1024]; /* Quoted TempDir */ | |
77 | const char *nodebug; /* " (with no-log)" for no debug */ | |
78 | cupsd_listener_t *lis; /* Current listening socket */ | |
79 | ||
80 | ||
81 | if (!UseSandboxing || Sandboxing == CUPSD_SANDBOXING_OFF) | |
b9faaae1 MS |
82 | { |
83 | /* | |
84 | * Only use sandbox profiles as root... | |
85 | */ | |
86 | ||
8fe0183a | 87 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking); |
b9faaae1 MS |
88 | |
89 | return (NULL); | |
90 | } | |
91 | ||
a4924f6c MS |
92 | if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL) |
93 | { | |
8fe0183a | 94 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking); |
a4924f6c MS |
95 | cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create security profile: %s", |
96 | strerror(errno)); | |
97 | return (NULL); | |
98 | } | |
99 | ||
0268488e MS |
100 | fchown(cupsFileNumber(fp), RunUser, Group); |
101 | fchmod(cupsFileNumber(fp), 0640); | |
102 | ||
8fe0183a | 103 | cupsd_requote(bin, ServerBin, sizeof(bin)); |
a4924f6c MS |
104 | cupsd_requote(cache, CacheDir, sizeof(cache)); |
105 | cupsd_requote(request, RequestRoot, sizeof(request)); | |
106 | cupsd_requote(root, ServerRoot, sizeof(root)); | |
107 | cupsd_requote(temp, TempDir, sizeof(temp)); | |
108 | ||
88f9aafc MS |
109 | nodebug = LogLevel < CUPSD_LOG_DEBUG ? " (with no-log)" : ""; |
110 | ||
a4924f6c | 111 | cupsFilePuts(fp, "(version 1)\n"); |
8fe0183a MS |
112 | if (Sandboxing == CUPSD_SANDBOXING_STRICT) |
113 | cupsFilePuts(fp, "(deny default)\n"); | |
114 | else | |
115 | cupsFilePuts(fp, "(allow default)\n"); | |
116 | if (LogLevel >= CUPSD_LOG_DEBUG) | |
117 | cupsFilePuts(fp, "(debug deny)\n"); | |
118 | cupsFilePuts(fp, "(import \"system.sb\")\n"); | |
119 | cupsFilePuts(fp, "(system-network)\n"); | |
120 | cupsFilePuts(fp, "(allow mach-per-user-lookup)\n"); | |
121 | cupsFilePuts(fp, "(allow ipc-posix-sem)\n"); | |
122 | cupsFilePuts(fp, "(allow ipc-posix-shm)\n"); | |
123 | cupsFilePuts(fp, "(allow ipc-sysv-shm)\n"); | |
124 | cupsFilePuts(fp, "(allow mach-lookup)\n"); | |
a4924f6c | 125 | cupsFilePrintf(fp, |
8fe0183a MS |
126 | "(deny file-write* file-read-data file-read-metadata\n" |
127 | " (regex" | |
5a6b583a MS |
128 | " #\"^%s$\"" /* RequestRoot */ |
129 | " #\"^%s/\"" /* RequestRoot/... */ | |
88f9aafc MS |
130 | ")%s)\n", |
131 | request, request, nodebug); | |
0268488e | 132 | if (!RunUser) |
88f9aafc MS |
133 | cupsFilePrintf(fp, |
134 | "(deny file-write* file-read-data file-read-metadata\n" | |
135 | " (regex" | |
136 | " #\"^/Users$\"" | |
137 | " #\"^/Users/\"" | |
138 | ")%s)\n", nodebug); | |
a4924f6c MS |
139 | cupsFilePrintf(fp, |
140 | "(deny file-write*\n" | |
5a6b583a MS |
141 | " (regex" |
142 | " #\"^%s$\"" /* ServerRoot */ | |
143 | " #\"^%s/\"" /* ServerRoot/... */ | |
144 | " #\"^/private/etc$\"" | |
145 | " #\"^/private/etc/\"" | |
146 | " #\"^/usr/local/etc$\"" | |
147 | " #\"^/usr/local/etc/\"" | |
148 | " #\"^/Library$\"" | |
149 | " #\"^/Library/\"" | |
150 | " #\"^/System$\"" | |
151 | " #\"^/System/\"" | |
88f9aafc MS |
152 | ")%s)\n", |
153 | root, root, nodebug); | |
8fe0183a | 154 | /* Specifically allow applications to stat RequestRoot and some other system folders */ |
7cf5915e MS |
155 | cupsFilePrintf(fp, |
156 | "(allow file-read-metadata\n" | |
157 | " (regex" | |
8fe0183a MS |
158 | " #\"^/$\"" /* / */ |
159 | " #\"^/usr$\"" /* /usr */ | |
160 | " #\"^/Library$\"" /* /Library */ | |
161 | " #\"^/Library/Printers$\"" /* /Library/Printers */ | |
7cf5915e MS |
162 | " #\"^%s$\"" /* RequestRoot */ |
163 | "))\n", | |
164 | request); | |
8fe0183a | 165 | /* Read and write TempDir, CacheDir, and other common folders */ |
a4924f6c MS |
166 | cupsFilePrintf(fp, |
167 | "(allow file-write* file-read-data file-read-metadata\n" | |
5a6b583a MS |
168 | " (regex" |
169 | " #\"^%s$\"" /* TempDir */ | |
170 | " #\"^%s/\"" /* TempDir/... */ | |
171 | " #\"^%s$\"" /* CacheDir */ | |
172 | " #\"^%s/\"" /* CacheDir/... */ | |
bcc4b655 | 173 | " #\"^/private/var/db/\"" |
8fe0183a | 174 | " #\"^/private/var/folders/\"" |
777e09f8 | 175 | " #\"^/private/var/run/\"" |
ed6e7faf MS |
176 | " #\"^/Library/Application Support/\"" |
177 | " #\"^/Library/Caches/\"" | |
178 | " #\"^/Library/Preferences/\"" | |
5a6b583a | 179 | " #\"^/Users/Shared/\"" |
ed6e7faf | 180 | "))\n", |
8fe0183a MS |
181 | temp, temp, cache, cache); |
182 | /* Read common folders */ | |
88f9aafc | 183 | cupsFilePrintf(fp, |
8fe0183a | 184 | "(allow file-read-data file-read-metadata\n" |
8fe0183a | 185 | " (regex" |
bcc4b655 MS |
186 | " #\"^/AppleInternal$\"" |
187 | " #\"^/AppleInternal/\"" | |
8fe0183a MS |
188 | " #\"^/bin$\"" /* /bin */ |
189 | " #\"^/bin/\"" /* /bin/... */ | |
777e09f8 MS |
190 | " #\"^/private$\"" |
191 | " #\"^/private/etc/services$\"" | |
192 | " #\"^/private/var$\"" | |
193 | " #\"^/private/var/db$\"" | |
194 | " #\"^/private/var/spool$\"" | |
8fe0183a MS |
195 | " #\"^/usr/bin$\"" /* /usr/bin */ |
196 | " #\"^/usr/bin/\"" /* /usr/bin/... */ | |
197 | " #\"^/usr/libexec/cups$\"" /* /usr/libexec/cups */ | |
198 | " #\"^/usr/libexec/cups/\"" /* /usr/libexec/cups/... */ | |
199 | " #\"^/usr/sbin$\"" /* /usr/sbin */ | |
200 | " #\"^/usr/sbin/\"" /* /usr/sbin/... */ | |
201 | " #\"^/Library/Caches$\"" | |
202 | " #\"^/Library/Fonts$\"" | |
203 | " #\"^/Library/Fonts/\"" | |
777e09f8 MS |
204 | " #\"^/Library/Keychains$\"" |
205 | " #\"^/Library/Keychains/\"" | |
8fe0183a | 206 | " #\"^/Library/Printers$\"" |
777e09f8 | 207 | " #\"^/Library/Printers/\"" |
8fe0183a MS |
208 | " #\"^%s/Library$\"" /* RequestRoot/Library */ |
209 | " #\"^%s/Library/\"" /* RequestRoot/Library/... */ | |
210 | " #\"^%s$\"" /* ServerBin */ | |
211 | " #\"^%s/\"" /* ServerBin/... */ | |
212 | " #\"^%s$\"" /* ServerRoot */ | |
213 | " #\"^%s/\"" /* ServerRoot/... */ | |
214 | "))\n", | |
215 | request, request, bin, bin, root, root); | |
216 | if (Sandboxing == CUPSD_SANDBOXING_RELAXED) | |
217 | { | |
218 | /* Limited write access to /Library/Printers/... */ | |
219 | cupsFilePuts(fp, | |
220 | "(allow file-write*\n" | |
88f9aafc | 221 | " (regex" |
8fe0183a MS |
222 | " #\"^/Library/Printers/.*/\"" |
223 | "))\n"); | |
224 | cupsFilePrintf(fp, | |
225 | "(deny file-write*\n" | |
226 | " (regex" | |
227 | " #\"^/Library/Printers/PPDs$\"" | |
228 | " #\"^/Library/Printers/PPDs/\"" | |
229 | " #\"^/Library/Printers/PPD Plugins$\"" | |
230 | " #\"^/Library/Printers/PPD Plugins/\"" | |
231 | ")%s)\n", nodebug); | |
232 | } | |
233 | /* Allow execution of child processes */ | |
234 | cupsFilePuts(fp, "(allow process-fork)\n"); | |
235 | cupsFilePrintf(fp, | |
236 | "(allow process-exec\n" | |
237 | " (regex" | |
238 | " #\"^/bin/\"" /* /bin/... */ | |
239 | " #\"^/usr/bin/\"" /* /usr/bin/... */ | |
240 | " #\"^/usr/libexec/cups/\"" /* /usr/libexec/cups/... */ | |
241 | " #\"^/usr/sbin/\"" /* /usr/sbin/... */ | |
242 | " #\"^%s/\"" /* ServerBin/... */ | |
243 | " #\"^/Library/Printers/.*/\"" | |
244 | "))\n", | |
245 | bin); | |
246 | if (RunUser && getenv("CUPS_TESTROOT")) | |
e60ec91f | 247 | { |
8fe0183a MS |
248 | /* Allow source directory access in "make test" environment */ |
249 | char testroot[1024]; /* Root directory of test files */ | |
e60ec91f | 250 | |
8fe0183a MS |
251 | cupsd_requote(testroot, getenv("CUPS_TESTROOT"), sizeof(testroot)); |
252 | ||
253 | cupsFilePrintf(fp, | |
254 | "(allow file-write* file-read-data file-read-metadata\n" | |
255 | " (regex" | |
256 | " #\"^%s$\"" /* CUPS_TESTROOT */ | |
257 | " #\"^%s/\"" /* CUPS_TESTROOT/... */ | |
258 | "))\n", | |
259 | testroot, testroot); | |
260 | cupsFilePrintf(fp, | |
261 | "(allow process-exec\n" | |
262 | " (regex" | |
263 | " #\"^%s/\"" /* CUPS_TESTROOT/... */ | |
264 | "))\n", | |
265 | testroot); | |
266 | } | |
267 | if (job_id) | |
268 | { | |
269 | /* Allow job filters to read the current job files... */ | |
a4924f6c MS |
270 | cupsFilePrintf(fp, |
271 | "(allow file-read-data file-read-metadata\n" | |
5a757074 | 272 | " (regex #\"^%s/([ac]%05d|d%05d-[0-9][0-9][0-9])$\"))\n", |
5bd77a73 | 273 | request, job_id, job_id); |
e60ec91f MS |
274 | } |
275 | else | |
276 | { | |
8fe0183a | 277 | /* Allow email notifications from notifiers... */ |
e60ec91f MS |
278 | cupsFilePuts(fp, |
279 | "(allow process-exec\n" | |
280 | " (literal \"/usr/sbin/sendmail\")\n" | |
8fe0183a MS |
281 | " (with no-sandbox))\n"); |
282 | } | |
777e09f8 | 283 | /* Allow outbound networking to local services */ |
8fe0183a | 284 | cupsFilePuts(fp, "(allow network-outbound" |
777e09f8 | 285 | "\n (regex #\"^/private/var/run/\")"); |
8fe0183a MS |
286 | for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners); |
287 | lis; | |
288 | lis = (cupsd_listener_t *)cupsArrayNext(Listeners)) | |
289 | { | |
290 | if (httpAddrFamily(&(lis->address)) == AF_LOCAL) | |
291 | { | |
292 | httpAddrString(&(lis->address), domain, sizeof(domain)); | |
293 | cupsFilePrintf(fp, "\n (literal \"%s\")", domain); | |
294 | } | |
295 | } | |
296 | if (allow_networking) | |
297 | { | |
298 | /* Allow TCP and UDP networking off the machine... */ | |
299 | cupsFilePuts(fp, "\n (remote tcp))\n"); | |
4c6277cc | 300 | cupsFilePuts(fp, "(allow network-bind)\n"); /* for LPD resvport */ |
8fe0183a MS |
301 | cupsFilePuts(fp, "(allow network*\n" |
302 | " (local udp \"*:*\")\n" | |
303 | " (remote udp \"*:*\"))\n"); | |
bcc4b655 | 304 | |
4c6277cc | 305 | /* Also allow access to Bluetooth, USB, and device files */ |
bcc4b655 | 306 | cupsFilePuts(fp, "(allow iokit-open)\n"); |
e2685126 | 307 | cupsFilePuts(fp, "(allow file-write* file-read-data file-read-metadata file-ioctl\n" |
4c6277cc | 308 | " (regex #\"^/dev/\"))\n"); |
8fe0183a MS |
309 | } |
310 | else | |
311 | { | |
312 | /* Only allow SNMP (UDP) off the machine... */ | |
313 | cupsFilePuts(fp, ")\n"); | |
314 | cupsFilePuts(fp, "(allow network-outbound\n" | |
315 | " (remote udp \"*:161\"))\n"); | |
316 | cupsFilePuts(fp, "(allow network-inbound\n" | |
317 | " (local udp \"localhost:*\"))\n"); | |
e60ec91f | 318 | } |
a4924f6c MS |
319 | cupsFileClose(fp); |
320 | ||
8fe0183a | 321 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d,allow_networking=%d) = \"%s\"", job_id, allow_networking, profile); |
a4924f6c | 322 | return ((void *)strdup(profile)); |
b9faaae1 | 323 | |
a4924f6c | 324 | #else |
8fe0183a | 325 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking); |
a4924f6c MS |
326 | |
327 | return (NULL); | |
328 | #endif /* HAVE_SANDBOX_H */ | |
329 | } | |
330 | ||
331 | ||
332 | /* | |
333 | * 'cupsdDestroyProfile()' - Delete an execution profile. | |
334 | */ | |
335 | ||
336 | void | |
337 | cupsdDestroyProfile(void *profile) /* I - Profile */ | |
338 | { | |
b9faaae1 MS |
339 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDeleteProfile(profile=\"%s\")", |
340 | profile ? (char *)profile : "(null)"); | |
341 | ||
a4924f6c MS |
342 | #ifdef HAVE_SANDBOX_H |
343 | if (profile) | |
344 | { | |
345 | unlink((char *)profile); | |
346 | free(profile); | |
347 | } | |
348 | #endif /* HAVE_SANDBOX_H */ | |
349 | } | |
e00b005a | 350 | |
351 | ||
ef416fc2 | 352 | /* |
353 | * 'cupsdEndProcess()' - End a process. | |
354 | */ | |
355 | ||
356 | int /* O - 0 on success, -1 on failure */ | |
357 | cupsdEndProcess(int pid, /* I - Process ID */ | |
358 | int force) /* I - Force child to die */ | |
359 | { | |
b9faaae1 MS |
360 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdEndProcess(pid=%d, force=%d)", pid, |
361 | force); | |
362 | ||
ef55b745 MS |
363 | if (!pid) |
364 | return (0); | |
88f9aafc MS |
365 | |
366 | if (!RunUser) | |
367 | { | |
368 | /* | |
369 | * When running as root, cupsd puts child processes in their own process | |
370 | * group. Using "-pid" sends a signal to all processes in the group. | |
371 | */ | |
372 | ||
373 | pid = -pid; | |
374 | } | |
375 | ||
376 | if (force) | |
ef416fc2 | 377 | return (kill(pid, SIGKILL)); |
378 | else | |
379 | return (kill(pid, SIGTERM)); | |
380 | } | |
381 | ||
382 | ||
e00b005a | 383 | /* |
384 | * 'cupsdFinishProcess()' - Finish a process and get its name. | |
385 | */ | |
386 | ||
387 | const char * /* O - Process name */ | |
07623986 MS |
388 | cupsdFinishProcess(int pid, /* I - Process ID */ |
389 | char *name, /* I - Name buffer */ | |
390 | size_t namelen, /* I - Size of name buffer */ | |
391 | int *job_id) /* O - Job ID pointer or NULL */ | |
e00b005a | 392 | { |
393 | cupsd_proc_t key, /* Search key */ | |
394 | *proc; /* Matching process */ | |
395 | ||
396 | ||
397 | key.pid = pid; | |
398 | ||
399 | if ((proc = (cupsd_proc_t *)cupsArrayFind(process_array, &key)) != NULL) | |
400 | { | |
b9faaae1 MS |
401 | if (job_id) |
402 | *job_id = proc->job_id; | |
403 | ||
e00b005a | 404 | strlcpy(name, proc->name, namelen); |
405 | cupsArrayRemove(process_array, proc); | |
406 | free(proc); | |
e00b005a | 407 | } |
408 | else | |
b9faaae1 MS |
409 | { |
410 | if (job_id) | |
411 | *job_id = 0; | |
412 | ||
413 | strlcpy(name, "unknown", namelen); | |
414 | } | |
415 | ||
07623986 | 416 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFinishProcess(pid=%d, name=%p, namelen=" CUPS_LLFMT ", job_id=%p(%d)) = \"%s\"", pid, name, CUPS_LLCAST namelen, job_id, job_id ? *job_id : 0, name); |
b9faaae1 MS |
417 | |
418 | return (name); | |
e00b005a | 419 | } |
420 | ||
421 | ||
ef416fc2 | 422 | /* |
423 | * 'cupsdStartProcess()' - Start a process. | |
424 | */ | |
425 | ||
426 | int /* O - Process ID or 0 */ | |
427 | cupsdStartProcess( | |
b9faaae1 MS |
428 | const char *command, /* I - Full path to command */ |
429 | char *argv[], /* I - Command-line arguments */ | |
430 | char *envp[], /* I - Environment */ | |
431 | int infd, /* I - Standard input file descriptor */ | |
432 | int outfd, /* I - Standard output file descriptor */ | |
433 | int errfd, /* I - Standard error file descriptor */ | |
434 | int backfd, /* I - Backchannel file descriptor */ | |
435 | int sidefd, /* I - Sidechannel file descriptor */ | |
436 | int root, /* I - Run as root? */ | |
437 | void *profile, /* I - Security profile to use */ | |
38e73f87 | 438 | cupsd_job_t *job, /* I - Job associated with process */ |
b9faaae1 | 439 | int *pid) /* O - Process ID */ |
ef416fc2 | 440 | { |
0268488e | 441 | int i; /* Looping var */ |
e60ec91f | 442 | const char *exec_path = command; /* Command to be exec'd */ |
28c194b0 | 443 | char *real_argv[110], /* Real command-line arguments */ |
0268488e | 444 | cups_exec[1024]; /* Path to "cups-exec" program */ |
7e86f2f6 | 445 | uid_t user; /* Command UID */ |
e00b005a | 446 | cupsd_proc_t *proc; /* New process record */ |
c82f05ea MS |
447 | #ifdef HAVE_POSIX_SPAWN |
448 | posix_spawn_file_actions_t actions; /* Spawn file actions */ | |
449 | posix_spawnattr_t attrs; /* Spawn attributes */ | |
450 | char user_str[16], /* User string */ | |
451 | group_str[16], /* Group string */ | |
452 | nice_str[16]; /* FilterNice string */ | |
07623986 | 453 | #elif defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET) |
e00b005a | 454 | struct sigaction action; /* POSIX signal handler */ |
07623986 | 455 | #endif /* HAVE_POSIX_SPAWN */ |
e53920b9 | 456 | #if defined(__APPLE__) |
e00b005a | 457 | char processPath[1024], /* CFProcessPath environment variable */ |
458 | linkpath[1024]; /* Link path for symlinks... */ | |
459 | int linkbytes; /* Bytes for link path */ | |
e53920b9 | 460 | #endif /* __APPLE__ */ |
ef416fc2 | 461 | |
462 | ||
22c9029b MS |
463 | *pid = 0; |
464 | ||
0268488e MS |
465 | /* |
466 | * Figure out the UID for the child process... | |
467 | */ | |
468 | ||
bf3816c7 MS |
469 | if (RunUser) |
470 | user = RunUser; | |
471 | else if (root) | |
472 | user = 0; | |
473 | else | |
474 | user = User; | |
475 | ||
0268488e MS |
476 | /* |
477 | * Check the permissions of the command we are running... | |
478 | */ | |
479 | ||
22c9029b MS |
480 | if (_cupsFileCheck(command, _CUPS_FILE_CHECK_PROGRAM, !RunUser, |
481 | cupsdLogFCMessage, job ? job->printer : NULL)) | |
bf3816c7 | 482 | return (0); |
76cd9e37 | 483 | |
e53920b9 | 484 | #if defined(__APPLE__) |
485 | if (envp) | |
e00b005a | 486 | { |
487 | /* | |
f3c17241 MS |
488 | * Add special voodoo magic for OS X - this allows OS X programs to access |
489 | * their bundle resources properly... | |
e00b005a | 490 | */ |
491 | ||
e53920b9 | 492 | if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0) |
493 | { | |
494 | /* | |
495 | * Yes, this is a symlink to the actual program, nul-terminate and | |
496 | * use it... | |
497 | */ | |
498 | ||
499 | linkpath[linkbytes] = '\0'; | |
e00b005a | 500 | |
e53920b9 | 501 | if (linkpath[0] == '/') |
502 | snprintf(processPath, sizeof(processPath), "CFProcessPath=%s", | |
503 | linkpath); | |
504 | else | |
505 | snprintf(processPath, sizeof(processPath), "CFProcessPath=%s/%s", | |
f7deaa1a | 506 | dirname((char *)command), linkpath); |
e53920b9 | 507 | } |
e00b005a | 508 | else |
e53920b9 | 509 | snprintf(processPath, sizeof(processPath), "CFProcessPath=%s", command); |
bd7854cb | 510 | |
e53920b9 | 511 | envp[0] = processPath; /* Replace <CFProcessPath> string */ |
512 | } | |
513 | #endif /* __APPLE__ */ | |
e00b005a | 514 | |
0268488e MS |
515 | /* |
516 | * Use helper program when we have a sandbox profile... | |
517 | */ | |
518 | ||
c82f05ea | 519 | #ifndef HAVE_POSIX_SPAWN |
0268488e | 520 | if (profile) |
c82f05ea | 521 | #endif /* !HAVE_POSIX_SPAWN */ |
0268488e MS |
522 | { |
523 | snprintf(cups_exec, sizeof(cups_exec), "%s/daemon/cups-exec", ServerBin); | |
8fe0183a | 524 | snprintf(user_str, sizeof(user_str), "%d", user); |
c82f05ea MS |
525 | snprintf(group_str, sizeof(group_str), "%d", Group); |
526 | snprintf(nice_str, sizeof(nice_str), "%d", FilterNice); | |
0268488e MS |
527 | |
528 | real_argv[0] = cups_exec; | |
28c194b0 MS |
529 | real_argv[1] = (char *)"-g"; |
530 | real_argv[2] = group_str; | |
531 | real_argv[3] = (char *)"-n"; | |
c82f05ea | 532 | real_argv[4] = nice_str; |
28c194b0 MS |
533 | real_argv[5] = (char *)"-u"; |
534 | real_argv[6] = user_str; | |
535 | real_argv[7] = profile; | |
536 | real_argv[8] = (char *)command; | |
0268488e MS |
537 | |
538 | for (i = 0; | |
28c194b0 | 539 | i < (int)(sizeof(real_argv) / sizeof(real_argv[0]) - 10) && argv[i]; |
0268488e | 540 | i ++) |
28c194b0 | 541 | real_argv[i + 9] = argv[i]; |
0268488e | 542 | |
28c194b0 | 543 | real_argv[i + 9] = NULL; |
0268488e | 544 | |
e60ec91f MS |
545 | argv = real_argv; |
546 | exec_path = cups_exec; | |
0268488e MS |
547 | } |
548 | ||
c82f05ea MS |
549 | if (LogLevel == CUPSD_LOG_DEBUG2) |
550 | { | |
551 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Preparing to start \"%s\", arguments:", command); | |
552 | ||
553 | for (i = 0; argv[i]; i ++) | |
554 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: argv[%d] = \"%s\"", i, argv[i]); | |
555 | } | |
556 | ||
557 | #ifdef HAVE_POSIX_SPAWN | |
558 | /* | |
559 | * Setup attributes and file actions for the spawn... | |
560 | */ | |
561 | ||
562 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Setting spawn attributes."); | |
563 | posix_spawnattr_init(&attrs); | |
564 | posix_spawnattr_setflags(&attrs, POSIX_SPAWN_SETPGROUP | POSIX_SPAWN_SETSIGDEF); | |
565 | ||
566 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Setting file actions."); | |
567 | posix_spawn_file_actions_init(&actions); | |
568 | if (infd != 0) | |
569 | { | |
570 | if (infd < 0) | |
571 | posix_spawn_file_actions_addopen(&actions, 0, "/dev/null", O_WRONLY, 0); | |
572 | else | |
573 | posix_spawn_file_actions_adddup2(&actions, infd, 0); | |
574 | } | |
575 | ||
576 | if (outfd != 1) | |
577 | { | |
578 | if (outfd < 0) | |
579 | posix_spawn_file_actions_addopen(&actions, 1, "/dev/null", O_WRONLY, 0); | |
580 | else | |
581 | posix_spawn_file_actions_adddup2(&actions, outfd, 1); | |
582 | } | |
583 | ||
584 | if (errfd != 2) | |
585 | { | |
586 | if (errfd < 0) | |
587 | posix_spawn_file_actions_addopen(&actions, 2, "/dev/null", O_WRONLY, 0); | |
588 | else | |
589 | posix_spawn_file_actions_adddup2(&actions, errfd, 2); | |
590 | } | |
591 | ||
592 | if (backfd != 3 && backfd >= 0) | |
593 | posix_spawn_file_actions_adddup2(&actions, backfd, 3); | |
594 | ||
595 | if (sidefd != 4 && sidefd >= 0) | |
596 | posix_spawn_file_actions_adddup2(&actions, sidefd, 4); | |
597 | ||
598 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Calling posix_spawn."); | |
599 | ||
600 | if (posix_spawn(pid, exec_path, &actions, &attrs, argv, envp ? envp : environ)) | |
601 | { | |
602 | cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command, strerror(errno)); | |
603 | ||
604 | *pid = 0; | |
605 | } | |
606 | else | |
607 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: pid=%d", (int)*pid); | |
608 | ||
609 | posix_spawn_file_actions_destroy(&actions); | |
610 | posix_spawnattr_destroy(&attrs); | |
611 | ||
612 | #else | |
ef416fc2 | 613 | /* |
614 | * Block signals before forking... | |
615 | */ | |
616 | ||
617 | cupsdHoldSignals(); | |
618 | ||
619 | if ((*pid = fork()) == 0) | |
620 | { | |
621 | /* | |
88f9aafc MS |
622 | * Child process goes here; update stderr as needed... |
623 | */ | |
624 | ||
625 | if (errfd != 2) | |
626 | { | |
627 | if (errfd < 0) | |
628 | errfd = open("/dev/null", O_WRONLY); | |
629 | ||
630 | if (errfd != 2) | |
631 | { | |
632 | dup2(errfd, 2); | |
633 | close(errfd); | |
634 | } | |
635 | } | |
636 | ||
637 | /* | |
638 | * Put this process in its own process group so that we can kill any child | |
639 | * processes it creates. | |
640 | */ | |
641 | ||
c82f05ea | 642 | # ifdef HAVE_SETPGID |
88f9aafc MS |
643 | if (!RunUser && setpgid(0, 0)) |
644 | exit(errno + 100); | |
c82f05ea | 645 | # else |
88f9aafc MS |
646 | if (!RunUser && setpgrp()) |
647 | exit(errno + 100); | |
c82f05ea | 648 | # endif /* HAVE_SETPGID */ |
88f9aafc MS |
649 | |
650 | /* | |
651 | * Update the remaining file descriptors as needed... | |
ef416fc2 | 652 | */ |
653 | ||
654 | if (infd != 0) | |
655 | { | |
68b10830 MS |
656 | if (infd < 0) |
657 | infd = open("/dev/null", O_RDONLY); | |
658 | ||
659 | if (infd != 0) | |
660 | { | |
661 | dup2(infd, 0); | |
662 | close(infd); | |
663 | } | |
ef416fc2 | 664 | } |
68b10830 | 665 | |
ef416fc2 | 666 | if (outfd != 1) |
667 | { | |
68b10830 MS |
668 | if (outfd < 0) |
669 | outfd = open("/dev/null", O_WRONLY); | |
670 | ||
671 | if (outfd != 1) | |
672 | { | |
673 | dup2(outfd, 1); | |
674 | close(outfd); | |
675 | } | |
ef416fc2 | 676 | } |
68b10830 | 677 | |
68b10830 | 678 | if (backfd != 3 && backfd >= 0) |
ef416fc2 | 679 | { |
68b10830 MS |
680 | dup2(backfd, 3); |
681 | close(backfd); | |
ef416fc2 | 682 | fcntl(3, F_SETFL, O_NDELAY); |
683 | } | |
68b10830 MS |
684 | |
685 | if (sidefd != 4 && sidefd >= 0) | |
f7deaa1a | 686 | { |
68b10830 MS |
687 | dup2(sidefd, 4); |
688 | close(sidefd); | |
f7deaa1a | 689 | fcntl(4, F_SETFL, O_NDELAY); |
690 | } | |
ef416fc2 | 691 | |
692 | /* | |
693 | * Change the priority of the process based on the FilterNice setting. | |
5bd77a73 | 694 | * (this is not done for root processes...) |
ef416fc2 | 695 | */ |
696 | ||
697 | if (!root) | |
698 | nice(FilterNice); | |
699 | ||
700 | /* | |
88f9aafc | 701 | * Reset group membership to just the main one we belong to. |
ef416fc2 | 702 | */ |
703 | ||
88f9aafc MS |
704 | if (!RunUser && setgid(Group)) |
705 | exit(errno + 100); | |
ef416fc2 | 706 | |
88f9aafc MS |
707 | if (!RunUser && setgroups(1, &Group)) |
708 | exit(errno + 100); | |
ef416fc2 | 709 | |
88f9aafc MS |
710 | /* |
711 | * Change user to something "safe"... | |
712 | */ | |
41681883 | 713 | |
88f9aafc MS |
714 | if (!RunUser && user && setuid(user)) |
715 | exit(errno + 100); | |
ef416fc2 | 716 | |
717 | /* | |
718 | * Change umask to restrict permissions on created files... | |
719 | */ | |
720 | ||
721 | umask(077); | |
722 | ||
723 | /* | |
724 | * Unblock signals before doing the exec... | |
725 | */ | |
726 | ||
c82f05ea | 727 | # ifdef HAVE_SIGSET |
ef416fc2 | 728 | sigset(SIGTERM, SIG_DFL); |
729 | sigset(SIGCHLD, SIG_DFL); | |
ef55b745 | 730 | sigset(SIGPIPE, SIG_DFL); |
c82f05ea | 731 | # elif defined(HAVE_SIGACTION) |
ef416fc2 | 732 | memset(&action, 0, sizeof(action)); |
733 | ||
734 | sigemptyset(&action.sa_mask); | |
735 | action.sa_handler = SIG_DFL; | |
736 | ||
737 | sigaction(SIGTERM, &action, NULL); | |
738 | sigaction(SIGCHLD, &action, NULL); | |
ef55b745 | 739 | sigaction(SIGPIPE, &action, NULL); |
c82f05ea | 740 | # else |
ef416fc2 | 741 | signal(SIGTERM, SIG_DFL); |
742 | signal(SIGCHLD, SIG_DFL); | |
ef55b745 | 743 | signal(SIGPIPE, SIG_DFL); |
c82f05ea | 744 | # endif /* HAVE_SIGSET */ |
ef416fc2 | 745 | |
746 | cupsdReleaseSignals(); | |
747 | ||
748 | /* | |
0268488e MS |
749 | * Execute the command; if for some reason this doesn't work, log an error |
750 | * exit with a non-zero value... | |
ef416fc2 | 751 | */ |
752 | ||
753 | if (envp) | |
e60ec91f | 754 | execve(exec_path, argv, envp); |
ef416fc2 | 755 | else |
e60ec91f | 756 | execv(exec_path, argv); |
ef416fc2 | 757 | |
88f9aafc | 758 | exit(errno + 100); |
ef416fc2 | 759 | } |
760 | else if (*pid < 0) | |
761 | { | |
762 | /* | |
763 | * Error - couldn't fork a new process! | |
764 | */ | |
765 | ||
766 | cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command, | |
767 | strerror(errno)); | |
768 | ||
769 | *pid = 0; | |
770 | } | |
c82f05ea MS |
771 | |
772 | cupsdReleaseSignals(); | |
773 | #endif /* HAVE_POSIX_SPAWN */ | |
774 | ||
775 | if (*pid) | |
e00b005a | 776 | { |
777 | if (!process_array) | |
778 | process_array = cupsArrayNew((cups_array_func_t)compare_procs, NULL); | |
f3c17241 | 779 | |
e00b005a | 780 | if (process_array) |
781 | { | |
782 | if ((proc = calloc(1, sizeof(cupsd_proc_t) + strlen(command))) != NULL) | |
783 | { | |
b9faaae1 | 784 | proc->pid = *pid; |
38e73f87 | 785 | proc->job_id = job ? job->id : 0; |
e60ec91f | 786 | _cups_strcpy(proc->name, command); |
e00b005a | 787 | |
788 | cupsArrayAdd(process_array, proc); | |
789 | } | |
790 | } | |
791 | } | |
ef416fc2 | 792 | |
b9faaae1 MS |
793 | cupsdLogMessage(CUPSD_LOG_DEBUG2, |
794 | "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, " | |
795 | "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, " | |
38e73f87 | 796 | "profile=%p, job=%p(%d), pid=%p) = %d", |
b9faaae1 | 797 | command, argv, envp, infd, outfd, errfd, backfd, sidefd, |
38e73f87 | 798 | root, profile, job, job ? job->id : 0, pid, *pid); |
b9faaae1 | 799 | |
ef416fc2 | 800 | return (*pid); |
801 | } | |
802 | ||
803 | ||
804 | /* | |
e00b005a | 805 | * 'compare_procs()' - Compare two processes. |
806 | */ | |
807 | ||
808 | static int /* O - Result of comparison */ | |
809 | compare_procs(cupsd_proc_t *a, /* I - First process */ | |
810 | cupsd_proc_t *b) /* I - Second process */ | |
811 | { | |
812 | return (a->pid - b->pid); | |
813 | } | |
814 | ||
815 | ||
a4924f6c MS |
816 | #ifdef HAVE_SANDBOX_H |
817 | /* | |
818 | * 'cupsd_requote()' - Make a regular-expression version of a string. | |
819 | */ | |
820 | ||
821 | static char * /* O - Quoted string */ | |
822 | cupsd_requote(char *dst, /* I - Destination buffer */ | |
823 | const char *src, /* I - Source string */ | |
824 | size_t dstsize) /* I - Size of destination buffer */ | |
825 | { | |
826 | int ch; /* Current character */ | |
827 | char *dstptr, /* Current position in buffer */ | |
828 | *dstend; /* End of destination buffer */ | |
829 | ||
830 | ||
831 | dstptr = dst; | |
832 | dstend = dst + dstsize - 2; | |
833 | ||
834 | while (*src && dstptr < dstend) | |
835 | { | |
836 | ch = *src++; | |
837 | ||
cb7f98ee MS |
838 | if (ch == '/' && !*src) |
839 | break; /* Don't add trailing slash */ | |
840 | ||
a4924f6c MS |
841 | if (strchr(".?*()[]^$\\", ch)) |
842 | *dstptr++ = '\\'; | |
843 | ||
7e86f2f6 | 844 | *dstptr++ = (char)ch; |
a4924f6c MS |
845 | } |
846 | ||
847 | *dstptr = '\0'; | |
848 | ||
849 | return (dst); | |
850 | } | |
851 | #endif /* HAVE_SANDBOX_H */ | |
852 | ||
853 | ||
e00b005a | 854 | /* |
f2d18633 | 855 | * End of "$Id$". |
ef416fc2 | 856 | */ |