[thirdparty/cups.git] / scheduler / cups-exec.c

/*
 * "$Id$"
 *
 *   Sandbox helper for CUPS.
 *
 *   Copyright 2007-2012 by Apple Inc.
 *
 *   These coded instructions, statements, and computer programs are the
 *   property of Apple Inc. and are protected by Federal copyright
 *   law.  Distribution and use rights are outlined in the file "LICENSE.txt"
 *   which should have been included with this file.  If this file is
 *   file is missing or damaged, see the license at "http://www.cups.org/".
 *
 * Usage:
 *
 *     cups-exec /path/to/profile /path/to/program argv0 argv1 ... argvN
 *
 * Contents:
 *
 *   main() - Apply sandbox profile and execute program.
 */

/*
 * Include necessary headers...
 */

#include <cups/string-private.h>
#include <unistd.h>
#ifdef HAVE_SANDBOX_H
#  include <sandbox.h>
#  ifndef SANDBOX_NAMED_EXTERNAL
#    define SANDBOX_NAMED_EXTERNAL  0x0003
#  endif /* !SANDBOX_NAMED_EXTERNAL */
#  pragma GCC diagnostic ignored "-Wdeprecated-declarations"
#endif /* HAVE_SANDBOX_H */


/*
 * 'main()' - Apply sandbox profile and execute program.
 */

int					/* O - Exit status */
main(int  argc,				/* I - Number of command-line args */
     char *argv[])			/* I - Command-line arguments */
{
  int	i;				/* Looping var */
#ifdef HAVE_SANDBOX_H
  char	*sandbox_error = NULL;		/* Sandbox error, if any */
#endif /* HAVE_SANDBOX_H */


 /*
  * Check that we have enough arguments...
  */

  if (argc < 4)
  {
    puts("Usage: cups-exec /path/to/profile /path/to/program argv0 argv1 ... "
         "argvN");
    return (1);
  }

#ifdef HAVE_SANDBOX_H
 /*
  * Run in a separate security profile...
  */

  if (strcmp(argv[1], "none") &&
      sandbox_init(argv[1], SANDBOX_NAMED_EXTERNAL, &sandbox_error))
  {
    fprintf(stderr, "DEBUG: sandbox_init failed: %s (%s)\n", sandbox_error,
	    strerror(errno));
    sandbox_free_error(sandbox_error);
    return (1);
  }
#endif /* HAVE_SANDBOX_H */

 /*
  * Close file descriptors we don't need (insurance):
  *
  * 0   = stdin
  * 1   = stdout
  * 2   = stderr
  * 3   = back-channel
  * 4   = side-channel
  * 5-N = unused
  */

  for (i = 5; i < 1024; i ++)
    close(i);

 /*
  * Execute the program...
  */

  execv(argv[2], argv + 3);

 /*
  * If we get here, execv() failed...
  */

  fprintf(stderr, "DEBUG: execv failed: %s\n", strerror(errno));
  return (1);
}


/*
 * End of "$Id$".
 */
Commit	Line	Data
3badb668	1	/*
	2	* "$Id$"
	3	*
	4	* Sandbox helper for CUPS.
	5	*
c45401bb	6	* Copyright 2007-2012 by Apple Inc.
3badb668	7	*
	8	* These coded instructions, statements, and computer programs are the
	9	* property of Apple Inc. and are protected by Federal copyright
	10	* law. Distribution and use rights are outlined in the file "LICENSE.txt"
	11	* which should have been included with this file. If this file is
	12	* file is missing or damaged, see the license at "http://www.cups.org/".
	13	*
	14	* Usage:
	15	*
	16	* cups-exec /path/to/profile /path/to/program argv0 argv1 ... argvN
	17	*
	18	* Contents:
	19	*
	20	* main() - Apply sandbox profile and execute program.
	21	*/
	22
	23	/*
	24	* Include necessary headers...
	25	*/
	26
	27	#include <cups/string-private.h>
	28	#include <unistd.h>
	29	#ifdef HAVE_SANDBOX_H
3badb668	30	# include <sandbox.h>
eb6029b7	31	# ifndef SANDBOX_NAMED_EXTERNAL
	32	# define SANDBOX_NAMED_EXTERNAL 0x0003
	33	# endif /* !SANDBOX_NAMED_EXTERNAL */
3e334381	34	# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
3badb668	35	#endif /* HAVE_SANDBOX_H */
	36
	37
	38	/*
	39	* 'main()' - Apply sandbox profile and execute program.
	40	*/
	41
	42	int /* O - Exit status */
	43	main(int argc, /* I - Number of command-line args */
	44	char argv[]) / I - Command-line arguments */
	45	{
0f54c9f9	46	int i; /* Looping var */
3badb668	47	#ifdef HAVE_SANDBOX_H
	48	char sandbox_error = NULL; / Sandbox error, if any */
	49	#endif /* HAVE_SANDBOX_H */
	50
	51
	52	/*
	53	* Check that we have enough arguments...
	54	*/
	55
	56	if (argc < 4)
	57	{
	58	puts("Usage: cups-exec /path/to/profile /path/to/program argv0 argv1 ... "
	59	"argvN");
	60	return (1);
	61	}
	62
	63	#ifdef HAVE_SANDBOX_H
	64	/*
	65	* Run in a separate security profile...
	66	*/
	67
0f54c9f9	68	if (strcmp(argv[1], "none") &&
0f54c9f9	69	sandbox_init(argv[1], SANDBOX_NAMED_EXTERNAL, &sandbox_error))
3badb668	70	{
	71	fprintf(stderr, "DEBUG: sandbox_init failed: %s (%s)\n", sandbox_error,
	72	strerror(errno));
	73	sandbox_free_error(sandbox_error);
	74	return (1);
	75	}
	76	#endif /* HAVE_SANDBOX_H */
	77
0f54c9f9	78	/*
	79	* Close file descriptors we don't need (insurance):
	80	*
	81	* 0 = stdin
	82	* 1 = stdout
	83	* 2 = stderr
	84	* 3 = back-channel
	85	* 4 = side-channel
	86	* 5-N = unused
	87	*/
	88
	89	for (i = 5; i < 1024; i ++)
	90	close(i);
	91
3badb668	92	/*
	93	* Execute the program...
	94	*/
	95
	96	execv(argv[2], argv + 3);
	97
	98	/*
	99	* If we get here, execv() failed...
	100	*/
	101
	102	fprintf(stderr, "DEBUG: execv failed: %s\n", strerror(errno));
	103	return (1);
	104	}
	105
	106
	107	/*
	108	* End of "$Id$".
	109	*/