4 * Process management routines for the CUPS scheduler.
6 * Copyright 2007-2014 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
17 * Include necessary headers...
24 #endif /* __APPLE__ */
25 #ifdef HAVE_POSIX_SPAWN
27 extern char **environ
;
28 #endif /* HAVE_POSIX_SPAWN */
32 * Process structure...
37 int pid
, /* Process ID */
38 job_id
; /* Job associated with process */
39 char name
[1]; /* Name of process */
47 static cups_array_t
*process_array
= NULL
;
54 static int compare_procs(cupsd_proc_t
*a
, cupsd_proc_t
*b
);
56 static char *cupsd_requote(char *dst
, const char *src
, size_t dstsize
);
57 #endif /* HAVE_SANDBOX_H */
61 * 'cupsdCreateProfile()' - Create an execution profile for a subprocess.
64 void * /* O - Profile or NULL on error */
65 cupsdCreateProfile(int job_id
) /* I - Job ID or 0 for none */
68 cups_file_t
*fp
; /* File pointer */
69 char profile
[1024], /* File containing the profile */
70 cache
[1024], /* Quoted CacheDir */
71 request
[1024], /* Quoted RequestRoot */
72 root
[1024], /* Quoted ServerRoot */
73 temp
[1024]; /* Quoted TempDir */
74 const char *nodebug
; /* " (with no-log)" for no debug */
80 * Only use sandbox profiles as root...
83 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdCreateProfile(job_id=%d) = NULL",
89 if ((fp
= cupsTempFile2(profile
, sizeof(profile
))) == NULL
)
91 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdCreateProfile(job_id=%d) = NULL",
93 cupsdLogMessage(CUPSD_LOG_ERROR
, "Unable to create security profile: %s",
98 fchown(cupsFileNumber(fp
), RunUser
, Group
);
99 fchmod(cupsFileNumber(fp
), 0640);
101 cupsd_requote(cache
, CacheDir
, sizeof(cache
));
102 cupsd_requote(request
, RequestRoot
, sizeof(request
));
103 cupsd_requote(root
, ServerRoot
, sizeof(root
));
104 cupsd_requote(temp
, TempDir
, sizeof(temp
));
106 nodebug
= LogLevel
< CUPSD_LOG_DEBUG
? " (with no-log)" : "";
108 cupsFilePuts(fp
, "(version 1)\n");
109 cupsFilePuts(fp
, "(allow default)\n");
111 "(deny file-write* file-read-data file-read-metadata\n"
113 " #\"^%s$\"" /* RequestRoot */
114 " #\"^%s/\"" /* RequestRoot/... */
116 request
, request
, nodebug
);
119 "(deny file-write* file-read-data file-read-metadata\n"
125 "(deny file-write*\n"
127 " #\"^%s$\"" /* ServerRoot */
128 " #\"^%s/\"" /* ServerRoot/... */
129 " #\"^/private/etc$\""
130 " #\"^/private/etc/\""
131 " #\"^/usr/local/etc$\""
132 " #\"^/usr/local/etc/\""
138 root
, root
, nodebug
);
139 /* Specifically allow applications to stat RequestRoot */
141 "(allow file-read-metadata\n"
143 " #\"^%s$\"" /* RequestRoot */
147 "(allow file-write* file-read-data file-read-metadata\n"
149 " #\"^%s$\"" /* TempDir */
150 " #\"^%s/\"" /* TempDir/... */
151 " #\"^%s$\"" /* CacheDir */
152 " #\"^%s/\"" /* CacheDir/... */
153 " #\"^%s/Library$\"" /* RequestRoot/Library */
154 " #\"^%s/Library/\"" /* RequestRoot/Library/... */
155 " #\"^/Library/Application Support/\""
156 " #\"^/Library/Caches/\""
157 " #\"^/Library/Preferences/\""
158 " #\"^/Library/Printers/.*/\""
159 " #\"^/Users/Shared/\""
161 temp
, temp
, cache
, cache
, request
, request
);
163 "(deny file-write*\n"
165 " #\"^/Library/Printers/PPDs$\""
166 " #\"^/Library/Printers/PPDs/\""
167 " #\"^/Library/Printers/PPD Plugins$\""
168 " #\"^/Library/Printers/PPD Plugins/\""
173 * Allow job filters to read the spool file(s)...
177 "(allow file-read-data file-read-metadata\n"
178 " (regex #\"^%s/([ac]%05d|d%05d-[0-9][0-9][0-9])$\"))\n",
179 request
, job_id
, job_id
);
184 * Allow email notifications from notifiers...
188 "(allow process-exec\n"
189 " (literal \"/usr/sbin/sendmail\")\n"
190 " (with no-sandbox)\n"
196 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdCreateProfile(job_id=%d) = \"%s\"",
198 return ((void *)strdup(profile
));
201 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdCreateProfile(job_id=%d) = NULL",
205 #endif /* HAVE_SANDBOX_H */
210 * 'cupsdDestroyProfile()' - Delete an execution profile.
214 cupsdDestroyProfile(void *profile
) /* I - Profile */
216 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdDeleteProfile(profile=\"%s\")",
217 profile
? (char *)profile
: "(null)");
219 #ifdef HAVE_SANDBOX_H
222 unlink((char *)profile
);
225 #endif /* HAVE_SANDBOX_H */
230 * 'cupsdEndProcess()' - End a process.
233 int /* O - 0 on success, -1 on failure */
234 cupsdEndProcess(int pid
, /* I - Process ID */
235 int force
) /* I - Force child to die */
237 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdEndProcess(pid=%d, force=%d)", pid
,
246 * When running as root, cupsd puts child processes in their own process
247 * group. Using "-pid" sends a signal to all processes in the group.
254 return (kill(pid
, SIGKILL
));
256 return (kill(pid
, SIGTERM
));
261 * 'cupsdFinishProcess()' - Finish a process and get its name.
264 const char * /* O - Process name */
265 cupsdFinishProcess(int pid
, /* I - Process ID */
266 char *name
, /* I - Name buffer */
267 int namelen
, /* I - Size of name buffer */
268 int *job_id
) /* O - Job ID pointer or NULL */
270 cupsd_proc_t key
, /* Search key */
271 *proc
; /* Matching process */
276 if ((proc
= (cupsd_proc_t
*)cupsArrayFind(process_array
, &key
)) != NULL
)
279 *job_id
= proc
->job_id
;
281 strlcpy(name
, proc
->name
, namelen
);
282 cupsArrayRemove(process_array
, proc
);
290 strlcpy(name
, "unknown", namelen
);
293 cupsdLogMessage(CUPSD_LOG_DEBUG2
,
294 "cupsdFinishProcess(pid=%d, name=%p, namelen=%d, "
295 "job_id=%p(%d)) = \"%s\"", pid
, name
, namelen
, job_id
,
296 job_id
? *job_id
: 0, name
);
303 * 'cupsdStartProcess()' - Start a process.
306 int /* O - Process ID or 0 */
308 const char *command
, /* I - Full path to command */
309 char *argv
[], /* I - Command-line arguments */
310 char *envp
[], /* I - Environment */
311 int infd
, /* I - Standard input file descriptor */
312 int outfd
, /* I - Standard output file descriptor */
313 int errfd
, /* I - Standard error file descriptor */
314 int backfd
, /* I - Backchannel file descriptor */
315 int sidefd
, /* I - Sidechannel file descriptor */
316 int root
, /* I - Run as root? */
317 void *profile
, /* I - Security profile to use */
318 cupsd_job_t
*job
, /* I - Job associated with process */
319 int *pid
) /* O - Process ID */
321 int i
; /* Looping var */
322 const char *exec_path
= command
; /* Command to be exec'd */
323 char *real_argv
[107], /* Real command-line arguments */
324 cups_exec
[1024]; /* Path to "cups-exec" program */
325 uid_t user
; /* Command UID */
326 cupsd_proc_t
*proc
; /* New process record */
327 #ifdef HAVE_POSIX_SPAWN
328 posix_spawn_file_actions_t actions
; /* Spawn file actions */
329 posix_spawnattr_t attrs
; /* Spawn attributes */
330 char user_str
[16], /* User string */
331 group_str
[16], /* Group string */
332 nice_str
[16]; /* FilterNice string */
333 #endif /* HAVE_POSIX_SPAWN */
334 #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
335 struct sigaction action
; /* POSIX signal handler */
336 #endif /* HAVE_SIGACTION && !HAVE_SIGSET */
337 #if defined(__APPLE__)
338 char processPath
[1024], /* CFProcessPath environment variable */
339 linkpath
[1024]; /* Link path for symlinks... */
340 int linkbytes
; /* Bytes for link path */
341 #endif /* __APPLE__ */
347 * Figure out the UID for the child process...
358 * Check the permissions of the command we are running...
361 if (_cupsFileCheck(command
, _CUPS_FILE_CHECK_PROGRAM
, !RunUser
,
362 cupsdLogFCMessage
, job
? job
->printer
: NULL
))
365 #if defined(__APPLE__)
369 * Add special voodoo magic for OS X - this allows OS X programs to access
370 * their bundle resources properly...
373 if ((linkbytes
= readlink(command
, linkpath
, sizeof(linkpath
) - 1)) > 0)
376 * Yes, this is a symlink to the actual program, nul-terminate and
380 linkpath
[linkbytes
] = '\0';
382 if (linkpath
[0] == '/')
383 snprintf(processPath
, sizeof(processPath
), "CFProcessPath=%s",
386 snprintf(processPath
, sizeof(processPath
), "CFProcessPath=%s/%s",
387 dirname((char *)command
), linkpath
);
390 snprintf(processPath
, sizeof(processPath
), "CFProcessPath=%s", command
);
392 envp
[0] = processPath
; /* Replace <CFProcessPath> string */
394 #endif /* __APPLE__ */
397 * Use helper program when we have a sandbox profile...
400 #ifndef HAVE_POSIX_SPAWN
402 #endif /* !HAVE_POSIX_SPAWN */
404 snprintf(cups_exec
, sizeof(cups_exec
), "%s/daemon/cups-exec", ServerBin
);
405 snprintf(user_str
, sizeof(user_str
), "%d", User
);
406 snprintf(group_str
, sizeof(group_str
), "%d", Group
);
407 snprintf(nice_str
, sizeof(nice_str
), "%d", FilterNice
);
409 real_argv
[0] = cups_exec
;
410 real_argv
[1] = profile
;
411 real_argv
[2] = user_str
;
412 real_argv
[3] = group_str
;
413 real_argv
[4] = nice_str
;
414 real_argv
[5] = (char *)command
;
417 i
< (int)(sizeof(real_argv
) / sizeof(real_argv
[0]) - 7) && argv
[i
];
419 real_argv
[i
+ 6] = argv
[i
];
421 real_argv
[i
+ 6] = NULL
;
424 exec_path
= cups_exec
;
427 if (LogLevel
== CUPSD_LOG_DEBUG2
)
429 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdStartProcess: Preparing to start \"%s\", arguments:", command
);
431 for (i
= 0; argv
[i
]; i
++)
432 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdStartProcess: argv[%d] = \"%s\"", i
, argv
[i
]);
435 #ifdef HAVE_POSIX_SPAWN
437 * Setup attributes and file actions for the spawn...
440 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdStartProcess: Setting spawn attributes.");
441 posix_spawnattr_init(&attrs
);
442 posix_spawnattr_setflags(&attrs
, POSIX_SPAWN_SETPGROUP
| POSIX_SPAWN_SETSIGDEF
);
444 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdStartProcess: Setting file actions.");
445 posix_spawn_file_actions_init(&actions
);
449 posix_spawn_file_actions_addopen(&actions
, 0, "/dev/null", O_WRONLY
, 0);
451 posix_spawn_file_actions_adddup2(&actions
, infd
, 0);
457 posix_spawn_file_actions_addopen(&actions
, 1, "/dev/null", O_WRONLY
, 0);
459 posix_spawn_file_actions_adddup2(&actions
, outfd
, 1);
465 posix_spawn_file_actions_addopen(&actions
, 2, "/dev/null", O_WRONLY
, 0);
467 posix_spawn_file_actions_adddup2(&actions
, errfd
, 2);
470 if (backfd
!= 3 && backfd
>= 0)
471 posix_spawn_file_actions_adddup2(&actions
, backfd
, 3);
473 if (sidefd
!= 4 && sidefd
>= 0)
474 posix_spawn_file_actions_adddup2(&actions
, sidefd
, 4);
476 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdStartProcess: Calling posix_spawn.");
478 if (posix_spawn(pid
, exec_path
, &actions
, &attrs
, argv
, envp
? envp
: environ
))
480 cupsdLogMessage(CUPSD_LOG_ERROR
, "Unable to fork %s - %s.", command
, strerror(errno
));
485 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdStartProcess: pid=%d", (int)*pid
);
487 posix_spawn_file_actions_destroy(&actions
);
488 posix_spawnattr_destroy(&attrs
);
492 * Block signals before forking...
497 if ((*pid
= fork()) == 0)
500 * Child process goes here; update stderr as needed...
506 errfd
= open("/dev/null", O_WRONLY
);
516 * Put this process in its own process group so that we can kill any child
517 * processes it creates.
521 if (!RunUser
&& setpgid(0, 0))
524 if (!RunUser
&& setpgrp())
526 # endif /* HAVE_SETPGID */
529 * Update the remaining file descriptors as needed...
535 infd
= open("/dev/null", O_RDONLY
);
547 outfd
= open("/dev/null", O_WRONLY
);
556 if (backfd
!= 3 && backfd
>= 0)
560 fcntl(3, F_SETFL
, O_NDELAY
);
563 if (sidefd
!= 4 && sidefd
>= 0)
567 fcntl(4, F_SETFL
, O_NDELAY
);
571 * Change the priority of the process based on the FilterNice setting.
572 * (this is not done for root processes...)
579 * Reset group membership to just the main one we belong to.
582 if (!RunUser
&& setgid(Group
))
585 if (!RunUser
&& setgroups(1, &Group
))
589 * Change user to something "safe"...
592 if (!RunUser
&& user
&& setuid(user
))
596 * Change umask to restrict permissions on created files...
602 * Unblock signals before doing the exec...
606 sigset(SIGTERM
, SIG_DFL
);
607 sigset(SIGCHLD
, SIG_DFL
);
608 sigset(SIGPIPE
, SIG_DFL
);
609 # elif defined(HAVE_SIGACTION)
610 memset(&action
, 0, sizeof(action
));
612 sigemptyset(&action
.sa_mask
);
613 action
.sa_handler
= SIG_DFL
;
615 sigaction(SIGTERM
, &action
, NULL
);
616 sigaction(SIGCHLD
, &action
, NULL
);
617 sigaction(SIGPIPE
, &action
, NULL
);
619 signal(SIGTERM
, SIG_DFL
);
620 signal(SIGCHLD
, SIG_DFL
);
621 signal(SIGPIPE
, SIG_DFL
);
622 # endif /* HAVE_SIGSET */
624 cupsdReleaseSignals();
627 * Execute the command; if for some reason this doesn't work, log an error
628 * exit with a non-zero value...
632 execve(exec_path
, argv
, envp
);
634 execv(exec_path
, argv
);
641 * Error - couldn't fork a new process!
644 cupsdLogMessage(CUPSD_LOG_ERROR
, "Unable to fork %s - %s.", command
,
650 cupsdReleaseSignals();
651 #endif /* HAVE_POSIX_SPAWN */
656 process_array
= cupsArrayNew((cups_array_func_t
)compare_procs
, NULL
);
660 if ((proc
= calloc(1, sizeof(cupsd_proc_t
) + strlen(command
))) != NULL
)
663 proc
->job_id
= job
? job
->id
: 0;
664 _cups_strcpy(proc
->name
, command
);
666 cupsArrayAdd(process_array
, proc
);
671 cupsdLogMessage(CUPSD_LOG_DEBUG2
,
672 "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
673 "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
674 "profile=%p, job=%p(%d), pid=%p) = %d",
675 command
, argv
, envp
, infd
, outfd
, errfd
, backfd
, sidefd
,
676 root
, profile
, job
, job
? job
->id
: 0, pid
, *pid
);
683 * 'compare_procs()' - Compare two processes.
686 static int /* O - Result of comparison */
687 compare_procs(cupsd_proc_t
*a
, /* I - First process */
688 cupsd_proc_t
*b
) /* I - Second process */
690 return (a
->pid
- b
->pid
);
694 #ifdef HAVE_SANDBOX_H
696 * 'cupsd_requote()' - Make a regular-expression version of a string.
699 static char * /* O - Quoted string */
700 cupsd_requote(char *dst
, /* I - Destination buffer */
701 const char *src
, /* I - Source string */
702 size_t dstsize
) /* I - Size of destination buffer */
704 int ch
; /* Current character */
705 char *dstptr
, /* Current position in buffer */
706 *dstend
; /* End of destination buffer */
710 dstend
= dst
+ dstsize
- 2;
712 while (*src
&& dstptr
< dstend
)
716 if (ch
== '/' && !*src
)
717 break; /* Don't add trailing slash */
719 if (strchr(".?*()[]^$\\", ch
))
722 *dstptr
++ = (char)ch
;
729 #endif /* HAVE_SANDBOX_H */