]> git.ipfire.org Git - thirdparty/cups.git/blob - scheduler/process.c
projects / thirdparty / cups.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Don't log sandbox deny's unless debug logging is enabled.
[thirdparty/cups.git] / scheduler / process.c
1 /*
2 * "$Id$"
3 *
4 * Process management routines for the CUPS scheduler.
5 *
6 * Copyright 2007-2011 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
8 *
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
14 *
15 * Contents:
16 *
17 * cupsdCreateProfile() - Create an execution profile for a subprocess.
18 * cupsdDestroyProfile() - Delete an execution profile.
19 * cupsdEndProcess() - End a process.
20 * cupsdFinishProcess() - Finish a process and get its name.
21 * cupsdStartProcess() - Start a process.
22 * compare_procs() - Compare two processes.
23 * cupsd_requote() - Make a regular-expression version of a string.
24 */
25
26 /*
27 * Include necessary headers...
28 */
29
30 #include "cupsd.h"
31 #include <grp.h>
32 #ifdef __APPLE__
33 # include <libgen.h>
34 #endif /* __APPLE__ */
35
36
37 /*
38 * Process structure...
39 */
40
41 typedef struct
42 {
43 int pid, /* Process ID */
44 job_id; /* Job associated with process */
45 char name[1]; /* Name of process */
46 } cupsd_proc_t;
47
48
49 /*
50 * Local globals...
51 */
52
53 static cups_array_t *process_array = NULL;
54
55
56 /*
57 * Local functions...
58 */
59
60 static int compare_procs(cupsd_proc_t *a, cupsd_proc_t *b);
61 #ifdef HAVE_SANDBOX_H
62 static char *cupsd_requote(char *dst, const char *src, size_t dstsize);
63 #endif /* HAVE_SANDBOX_H */
64
65
66 /*
67 * 'cupsdCreateProfile()' - Create an execution profile for a subprocess.
68 */
69
70 void * /* O - Profile or NULL on error */
71 cupsdCreateProfile(int job_id) /* I - Job ID or 0 for none */
72 {
73 #ifdef HAVE_SANDBOX_H
74 cups_file_t *fp; /* File pointer */
75 char profile[1024], /* File containing the profile */
76 cache[1024], /* Quoted CacheDir */
77 request[1024], /* Quoted RequestRoot */
78 root[1024], /* Quoted ServerRoot */
79 temp[1024]; /* Quoted TempDir */
80 const char *nodebug; /* " (with no-log)" for no debug */
81
82
83 if (!UseProfiles)
84 {
85 /*
86 * Only use sandbox profiles as root...
87 */
88
89 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL",
90 job_id);
91
92 return (NULL);
93 }
94
95 if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL)
96 {
97 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL",
98 job_id);
99 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create security profile: %s",
100 strerror(errno));
101 return (NULL);
102 }
103
104 fchown(cupsFileNumber(fp), RunUser, Group);
105 fchmod(cupsFileNumber(fp), 0640);
106
107 cupsd_requote(cache, CacheDir, sizeof(cache));
108 cupsd_requote(request, RequestRoot, sizeof(request));
109 cupsd_requote(root, ServerRoot, sizeof(root));
110 cupsd_requote(temp, TempDir, sizeof(temp));
111
112 nodebug = LogLevel < CUPSD_LOG_DEBUG ? " (with no-log)" : "";
113
114 cupsFilePuts(fp, "(version 1)\n");
115 cupsFilePuts(fp, "(allow default)\n");
116 cupsFilePrintf(fp,
117 "(deny file-write* file-read-data file-read-metadata\n"
118 " (regex"
119 " #\"^%s$\"" /* RequestRoot */
120 " #\"^%s/\"" /* RequestRoot/... */
121 ")%s)\n",
122 request, request, nodebug);
123 if (!RunUser)
124 cupsFilePrintf(fp,
125 "(deny file-write* file-read-data file-read-metadata\n"
126 " (regex"
127 " #\"^/Users$\""
128 " #\"^/Users/\""
129 ")%s)\n", nodebug);
130 cupsFilePrintf(fp,
131 "(deny file-write*\n"
132 " (regex"
133 " #\"^%s$\"" /* ServerRoot */
134 " #\"^%s/\"" /* ServerRoot/... */
135 " #\"^/private/etc$\""
136 " #\"^/private/etc/\""
137 " #\"^/usr/local/etc$\""
138 " #\"^/usr/local/etc/\""
139 " #\"^/Library$\""
140 " #\"^/Library/\""
141 " #\"^/System$\""
142 " #\"^/System/\""
143 ")%s)\n",
144 root, root, nodebug);
145 /* Specifically allow applications to stat RequestRoot */
146 cupsFilePrintf(fp,
147 "(allow file-read-metadata\n"
148 " (regex"
149 " #\"^%s$\"" /* RequestRoot */
150 "))\n",
151 request);
152 cupsFilePrintf(fp,
153 "(allow file-write* file-read-data file-read-metadata\n"
154 " (regex"
155 " #\"^%s$\"" /* TempDir */
156 " #\"^%s/\"" /* TempDir/... */
157 " #\"^%s$\"" /* CacheDir */
158 " #\"^%s/\"" /* CacheDir/... */
159 " #\"^%s/Library$\"" /* RequestRoot/Library */
160 " #\"^%s/Library/\"" /* RequestRoot/Library/... */
161 " #\"^/Library/Application Support/\""
162 " #\"^/Library/Caches/\""
163 " #\"^/Library/Preferences/\""
164 " #\"^/Library/Printers/.*/\""
165 " #\"^/Users/Shared/\""
166 "))\n",
167 temp, temp, cache, cache, request, request);
168 cupsFilePrintf(fp,
169 "(deny file-write*\n"
170 " (regex"
171 " #\"^/Library/Printers/PPDs$\""
172 " #\"^/Library/Printers/PPDs/\""
173 " #\"^/Library/Printers/PPD Plugins$\""
174 " #\"^/Library/Printers/PPD Plugins/\""
175 ")%s)\n", nodebug);
176 if (job_id)
177 {
178 /*
179 * Allow job filters to read the spool file(s)...
180 */
181
182 cupsFilePrintf(fp,
183 "(allow file-read-data file-read-metadata\n"
184 " (regex #\"^%s/([ac]%05d|d%05d-[0-9][0-9][0-9])$\"))\n",
185 request, job_id, job_id);
186 }
187 else
188 {
189 /*
190 * Allow email notifications from notifiers...
191 */
192
193 cupsFilePuts(fp,
194 "(allow process-exec\n"
195 " (literal \"/usr/sbin/sendmail\")\n"
196 " (with no-sandbox)\n"
197 ")\n");
198 }
199
200 cupsFileClose(fp);
201
202 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = \"%s\"",
203 job_id, profile);
204 return ((void *)strdup(profile));
205
206 #else
207 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL",
208 job_id);
209
210 return (NULL);
211 #endif /* HAVE_SANDBOX_H */
212 }
213
214
215 /*
216 * 'cupsdDestroyProfile()' - Delete an execution profile.
217 */
218
219 void
220 cupsdDestroyProfile(void *profile) /* I - Profile */
221 {
222 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDeleteProfile(profile=\"%s\")",
223 profile ? (char *)profile : "(null)");
224
225 #ifdef HAVE_SANDBOX_H
226 if (profile)
227 {
228 unlink((char *)profile);
229 free(profile);
230 }
231 #endif /* HAVE_SANDBOX_H */
232 }
233
234
235 /*
236 * 'cupsdEndProcess()' - End a process.
237 */
238
239 int /* O - 0 on success, -1 on failure */
240 cupsdEndProcess(int pid, /* I - Process ID */
241 int force) /* I - Force child to die */
242 {
243 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdEndProcess(pid=%d, force=%d)", pid,
244 force);
245
246 if (!pid)
247 return (0);
248 else if (force)
249 return (kill(pid, SIGKILL));
250 else
251 return (kill(pid, SIGTERM));
252 }
253
254
255 /*
256 * 'cupsdFinishProcess()' - Finish a process and get its name.
257 */
258
259 const char * /* O - Process name */
260 cupsdFinishProcess(int pid, /* I - Process ID */
261 char *name, /* I - Name buffer */
262 int namelen, /* I - Size of name buffer */
263 int *job_id) /* O - Job ID pointer or NULL */
264 {
265 cupsd_proc_t key, /* Search key */
266 *proc; /* Matching process */
267
268
269 key.pid = pid;
270
271 if ((proc = (cupsd_proc_t *)cupsArrayFind(process_array, &key)) != NULL)
272 {
273 if (job_id)
274 *job_id = proc->job_id;
275
276 strlcpy(name, proc->name, namelen);
277 cupsArrayRemove(process_array, proc);
278 free(proc);
279 }
280 else
281 {
282 if (job_id)
283 *job_id = 0;
284
285 strlcpy(name, "unknown", namelen);
286 }
287
288 cupsdLogMessage(CUPSD_LOG_DEBUG2,
289 "cupsdFinishProcess(pid=%d, name=%p, namelen=%d, "
290 "job_id=%p(%d)) = \"%s\"", pid, name, namelen, job_id,
291 job_id ? *job_id : 0, name);
292
293 return (name);
294 }
295
296
297 /*
298 * 'cupsdStartProcess()' - Start a process.
299 */
300
301 int /* O - Process ID or 0 */
302 cupsdStartProcess(
303 const char *command, /* I - Full path to command */
304 char *argv[], /* I - Command-line arguments */
305 char *envp[], /* I - Environment */
306 int infd, /* I - Standard input file descriptor */
307 int outfd, /* I - Standard output file descriptor */
308 int errfd, /* I - Standard error file descriptor */
309 int backfd, /* I - Backchannel file descriptor */
310 int sidefd, /* I - Sidechannel file descriptor */
311 int root, /* I - Run as root? */
312 void *profile, /* I - Security profile to use */
313 cupsd_job_t *job, /* I - Job associated with process */
314 int *pid) /* O - Process ID */
315 {
316 int i; /* Looping var */
317 const char *exec_path = command; /* Command to be exec'd */
318 char *real_argv[103], /* Real command-line arguments */
319 cups_exec[1024]; /* Path to "cups-exec" program */
320 int user; /* Command UID */
321 cupsd_proc_t *proc; /* New process record */
322 #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
323 struct sigaction action; /* POSIX signal handler */
324 #endif /* HAVE_SIGACTION && !HAVE_SIGSET */
325 #if defined(__APPLE__)
326 char processPath[1024], /* CFProcessPath environment variable */
327 linkpath[1024]; /* Link path for symlinks... */
328 int linkbytes; /* Bytes for link path */
329 #endif /* __APPLE__ */
330
331
332 *pid = 0;
333
334 /*
335 * Figure out the UID for the child process...
336 */
337
338 if (RunUser)
339 user = RunUser;
340 else if (root)
341 user = 0;
342 else
343 user = User;
344
345 /*
346 * Check the permissions of the command we are running...
347 */
348
349 if (_cupsFileCheck(command, _CUPS_FILE_CHECK_PROGRAM, !RunUser,
350 cupsdLogFCMessage, job ? job->printer : NULL))
351 return (0);
352
353 #if defined(__APPLE__)
354 if (envp)
355 {
356 /*
357 * Add special voodoo magic for Mac OS X - this allows Mac OS X
358 * programs to access their bundle resources properly...
359 */
360
361 if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0)
362 {
363 /*
364 * Yes, this is a symlink to the actual program, nul-terminate and
365 * use it...
366 */
367
368 linkpath[linkbytes] = '\0';
369
370 if (linkpath[0] == '/')
371 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s",
372 linkpath);
373 else
374 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s/%s",
375 dirname((char *)command), linkpath);
376 }
377 else
378 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s", command);
379
380 envp[0] = processPath; /* Replace <CFProcessPath> string */
381 }
382 #endif /* __APPLE__ */
383
384 /*
385 * Use helper program when we have a sandbox profile...
386 */
387
388 if (profile)
389 {
390 snprintf(cups_exec, sizeof(cups_exec), "%s/daemon/cups-exec", ServerBin);
391
392 real_argv[0] = cups_exec;
393 real_argv[1] = profile;
394 real_argv[2] = (char *)command;
395
396 for (i = 0;
397 i < (int)(sizeof(real_argv) / sizeof(real_argv[0]) - 4) && argv[i];
398 i ++)
399 real_argv[i + 3] = argv[i];
400
401 real_argv[i + 3] = NULL;
402
403 argv = real_argv;
404 exec_path = cups_exec;
405 }
406
407 /*
408 * Block signals before forking...
409 */
410
411 cupsdHoldSignals();
412
413 if ((*pid = fork()) == 0)
414 {
415 /*
416 * Child process goes here...
417 *
418 * Update stdin/stdout/stderr as needed...
419 */
420
421 if (infd != 0)
422 {
423 if (infd < 0)
424 infd = open("/dev/null", O_RDONLY);
425
426 if (infd != 0)
427 {
428 dup2(infd, 0);
429 close(infd);
430 }
431 }
432
433 if (outfd != 1)
434 {
435 if (outfd < 0)
436 outfd = open("/dev/null", O_WRONLY);
437
438 if (outfd != 1)
439 {
440 dup2(outfd, 1);
441 close(outfd);
442 }
443 }
444
445 if (errfd != 2)
446 {
447 if (errfd < 0)
448 errfd = open("/dev/null", O_WRONLY);
449
450 if (errfd != 2)
451 {
452 dup2(errfd, 2);
453 close(errfd);
454 }
455 }
456
457 if (backfd != 3 && backfd >= 0)
458 {
459 dup2(backfd, 3);
460 close(backfd);
461 fcntl(3, F_SETFL, O_NDELAY);
462 }
463
464 if (sidefd != 4 && sidefd >= 0)
465 {
466 dup2(sidefd, 4);
467 close(sidefd);
468 fcntl(4, F_SETFL, O_NDELAY);
469 }
470
471 /*
472 * Change the priority of the process based on the FilterNice setting.
473 * (this is not done for root processes...)
474 */
475
476 if (!root)
477 nice(FilterNice);
478
479 /*
480 * Change user to something "safe"...
481 */
482
483 if (!root && !RunUser)
484 {
485 /*
486 * Running as root, so change to non-priviledged user...
487 */
488
489 if (setgid(Group))
490 exit(errno);
491
492 if (setgroups(1, &Group))
493 exit(errno);
494
495 if (setuid(User))
496 exit(errno);
497 }
498 else
499 {
500 /*
501 * Reset group membership to just the main one we belong to.
502 */
503
504 if (setgid(Group) && !RunUser)
505 exit(errno);
506
507 if (setgroups(1, &Group) && !RunUser)
508 exit(errno);
509 }
510
511 /*
512 * Change umask to restrict permissions on created files...
513 */
514
515 umask(077);
516
517 /*
518 * Unblock signals before doing the exec...
519 */
520
521 #ifdef HAVE_SIGSET
522 sigset(SIGTERM, SIG_DFL);
523 sigset(SIGCHLD, SIG_DFL);
524 sigset(SIGPIPE, SIG_DFL);
525 #elif defined(HAVE_SIGACTION)
526 memset(&action, 0, sizeof(action));
527
528 sigemptyset(&action.sa_mask);
529 action.sa_handler = SIG_DFL;
530
531 sigaction(SIGTERM, &action, NULL);
532 sigaction(SIGCHLD, &action, NULL);
533 sigaction(SIGPIPE, &action, NULL);
534 #else
535 signal(SIGTERM, SIG_DFL);
536 signal(SIGCHLD, SIG_DFL);
537 signal(SIGPIPE, SIG_DFL);
538 #endif /* HAVE_SIGSET */
539
540 cupsdReleaseSignals();
541
542 /*
543 * Execute the command; if for some reason this doesn't work, log an error
544 * exit with a non-zero value...
545 */
546
547 if (envp)
548 execve(exec_path, argv, envp);
549 else
550 execv(exec_path, argv);
551
552 perror(command);
553
554 exit(1);
555 }
556 else if (*pid < 0)
557 {
558 /*
559 * Error - couldn't fork a new process!
560 */
561
562 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command,
563 strerror(errno));
564
565 *pid = 0;
566 }
567 else
568 {
569 if (!process_array)
570 process_array = cupsArrayNew((cups_array_func_t)compare_procs, NULL);
571
572 if (process_array)
573 {
574 if ((proc = calloc(1, sizeof(cupsd_proc_t) + strlen(command))) != NULL)
575 {
576 proc->pid = *pid;
577 proc->job_id = job ? job->id : 0;
578 _cups_strcpy(proc->name, command);
579
580 cupsArrayAdd(process_array, proc);
581 }
582 }
583 }
584
585 cupsdReleaseSignals();
586
587 cupsdLogMessage(CUPSD_LOG_DEBUG2,
588 "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
589 "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
590 "profile=%p, job=%p(%d), pid=%p) = %d",
591 command, argv, envp, infd, outfd, errfd, backfd, sidefd,
592 root, profile, job, job ? job->id : 0, pid, *pid);
593
594 return (*pid);
595 }
596
597
598 /*
599 * 'compare_procs()' - Compare two processes.
600 */
601
602 static int /* O - Result of comparison */
603 compare_procs(cupsd_proc_t *a, /* I - First process */
604 cupsd_proc_t *b) /* I - Second process */
605 {
606 return (a->pid - b->pid);
607 }
608
609
610 #ifdef HAVE_SANDBOX_H
611 /*
612 * 'cupsd_requote()' - Make a regular-expression version of a string.
613 */
614
615 static char * /* O - Quoted string */
616 cupsd_requote(char *dst, /* I - Destination buffer */
617 const char *src, /* I - Source string */
618 size_t dstsize) /* I - Size of destination buffer */
619 {
620 int ch; /* Current character */
621 char *dstptr, /* Current position in buffer */
622 *dstend; /* End of destination buffer */
623
624
625 dstptr = dst;
626 dstend = dst + dstsize - 2;
627
628 while (*src && dstptr < dstend)
629 {
630 ch = *src++;
631
632 if (strchr(".?*()[]^$\\", ch))
633 *dstptr++ = '\\';
634
635 *dstptr++ = ch;
636 }
637
638 *dstptr = '\0';
639
640 return (dst);
641 }
642 #endif /* HAVE_SANDBOX_H */
643
644
645 /*
646 * End of "$Id$".
647 */
Unnamed repository; edit this file 'description' to name the repository.