]>
Commit | Line | Data |
---|---|---|
ef416fc2 | 1 | /* |
7e86f2f6 | 2 | * Process management routines for the CUPS scheduler. |
ef416fc2 | 3 | * |
8a984948 | 4 | * Copyright 2007-2017 by Apple Inc. |
7e86f2f6 | 5 | * Copyright 1997-2007 by Easy Software Products, all rights reserved. |
ef416fc2 | 6 | * |
e3101897 | 7 | * Licensed under Apache License v2.0. See the file "LICENSE" for more information. |
ef416fc2 | 8 | */ |
9 | ||
10 | /* | |
11 | * Include necessary headers... | |
12 | */ | |
13 | ||
14 | #include "cupsd.h" | |
15 | #include <grp.h> | |
a4924f6c | 16 | #ifdef __APPLE__ |
4400e98d | 17 | # include <libgen.h> |
6d2f911b | 18 | #endif /* __APPLE__ */ |
c82f05ea MS |
19 | #ifdef HAVE_POSIX_SPAWN |
20 | # include <spawn.h> | |
21 | extern char **environ; | |
9e44dfbe MS |
22 | /* Don't use posix_spawn on systems with bugs in their implementations... */ |
23 | # if defined(OpenBSD) && OpenBSD < 201505 | |
a7616fe8 | 24 | # define USE_POSIX_SPAWN 0 |
9e44dfbe MS |
25 | # elif defined(__UCLIBC__) && __UCLIBC_MAJOR__ == 1 && __UCLIBC_MINOR__ == 0 && __UCLIBC_SUBLEVEL__ < 27 |
26 | # define USE_POSIX_SPAWN 0 | |
27 | # elif defined(__UCLIBC__) && __UCLIBC_MAJOR__ < 1 | |
28 | # define USE_POSIX_SPAWN 0 | |
29 | # else /* All other platforms */ | |
30 | # define USE_POSIX_SPAWN 1 | |
31 | # endif /* ... */ | |
a7616fe8 MS |
32 | #else |
33 | # define USE_POSIX_SPAWN 0 | |
34 | #endif /* HAVE_POSIX_SPAWN */ | |
ef416fc2 | 35 | |
36 | ||
e00b005a | 37 | /* |
38 | * Process structure... | |
39 | */ | |
40 | ||
41 | typedef struct | |
42 | { | |
b9faaae1 MS |
43 | int pid, /* Process ID */ |
44 | job_id; /* Job associated with process */ | |
e00b005a | 45 | char name[1]; /* Name of process */ |
46 | } cupsd_proc_t; | |
47 | ||
48 | ||
49 | /* | |
50 | * Local globals... | |
51 | */ | |
52 | ||
53 | static cups_array_t *process_array = NULL; | |
54 | ||
55 | ||
56 | /* | |
57 | * Local functions... | |
58 | */ | |
59 | ||
60 | static int compare_procs(cupsd_proc_t *a, cupsd_proc_t *b); | |
a4924f6c MS |
61 | #ifdef HAVE_SANDBOX_H |
62 | static char *cupsd_requote(char *dst, const char *src, size_t dstsize); | |
63 | #endif /* HAVE_SANDBOX_H */ | |
64 | ||
65 | ||
66 | /* | |
67 | * 'cupsdCreateProfile()' - Create an execution profile for a subprocess. | |
68 | */ | |
69 | ||
70 | void * /* O - Profile or NULL on error */ | |
8fe0183a MS |
71 | cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */ |
72 | int allow_networking)/* I - Allow networking off machine? */ | |
a4924f6c MS |
73 | { |
74 | #ifdef HAVE_SANDBOX_H | |
8fe0183a MS |
75 | cups_file_t *fp; /* File pointer */ |
76 | char profile[1024], /* File containing the profile */ | |
77 | bin[1024], /* Quoted ServerBin */ | |
78 | cache[1024], /* Quoted CacheDir */ | |
79 | domain[1024], /* Domain socket, if any */ | |
80 | request[1024], /* Quoted RequestRoot */ | |
81 | root[1024], /* Quoted ServerRoot */ | |
6c2b2b19 | 82 | state[1024], /* Quoted StateDir */ |
8fe0183a MS |
83 | temp[1024]; /* Quoted TempDir */ |
84 | const char *nodebug; /* " (with no-log)" for no debug */ | |
85 | cupsd_listener_t *lis; /* Current listening socket */ | |
86 | ||
87 | ||
88 | if (!UseSandboxing || Sandboxing == CUPSD_SANDBOXING_OFF) | |
b9faaae1 MS |
89 | { |
90 | /* | |
91 | * Only use sandbox profiles as root... | |
92 | */ | |
93 | ||
8fe0183a | 94 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking); |
b9faaae1 MS |
95 | |
96 | return (NULL); | |
97 | } | |
98 | ||
a4924f6c MS |
99 | if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL) |
100 | { | |
d47f6aec MS |
101 | /* |
102 | * This should never happen, and is fatal when sandboxing is enabled. | |
103 | */ | |
104 | ||
8fe0183a | 105 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking); |
d47f6aec MS |
106 | cupsdLogMessage(CUPSD_LOG_EMERG, "Unable to create security profile: %s", strerror(errno)); |
107 | kill(getpid(), SIGTERM); | |
a4924f6c MS |
108 | return (NULL); |
109 | } | |
110 | ||
0268488e MS |
111 | fchown(cupsFileNumber(fp), RunUser, Group); |
112 | fchmod(cupsFileNumber(fp), 0640); | |
113 | ||
8fe0183a | 114 | cupsd_requote(bin, ServerBin, sizeof(bin)); |
a4924f6c MS |
115 | cupsd_requote(cache, CacheDir, sizeof(cache)); |
116 | cupsd_requote(request, RequestRoot, sizeof(request)); | |
117 | cupsd_requote(root, ServerRoot, sizeof(root)); | |
6c2b2b19 | 118 | cupsd_requote(state, StateDir, sizeof(state)); |
a4924f6c MS |
119 | cupsd_requote(temp, TempDir, sizeof(temp)); |
120 | ||
88f9aafc MS |
121 | nodebug = LogLevel < CUPSD_LOG_DEBUG ? " (with no-log)" : ""; |
122 | ||
a4924f6c | 123 | cupsFilePuts(fp, "(version 1)\n"); |
8fe0183a MS |
124 | if (Sandboxing == CUPSD_SANDBOXING_STRICT) |
125 | cupsFilePuts(fp, "(deny default)\n"); | |
126 | else | |
127 | cupsFilePuts(fp, "(allow default)\n"); | |
128 | if (LogLevel >= CUPSD_LOG_DEBUG) | |
129 | cupsFilePuts(fp, "(debug deny)\n"); | |
130 | cupsFilePuts(fp, "(import \"system.sb\")\n"); | |
96a5df62 | 131 | cupsFilePuts(fp, "(import \"com.apple.corefoundation.sb\")\n"); |
8fe0183a MS |
132 | cupsFilePuts(fp, "(system-network)\n"); |
133 | cupsFilePuts(fp, "(allow mach-per-user-lookup)\n"); | |
134 | cupsFilePuts(fp, "(allow ipc-posix-sem)\n"); | |
135 | cupsFilePuts(fp, "(allow ipc-posix-shm)\n"); | |
136 | cupsFilePuts(fp, "(allow ipc-sysv-shm)\n"); | |
137 | cupsFilePuts(fp, "(allow mach-lookup)\n"); | |
0268488e | 138 | if (!RunUser) |
88f9aafc MS |
139 | cupsFilePrintf(fp, |
140 | "(deny file-write* file-read-data file-read-metadata\n" | |
141 | " (regex" | |
142 | " #\"^/Users$\"" | |
143 | " #\"^/Users/\"" | |
144 | ")%s)\n", nodebug); | |
a4924f6c MS |
145 | cupsFilePrintf(fp, |
146 | "(deny file-write*\n" | |
5a6b583a MS |
147 | " (regex" |
148 | " #\"^%s$\"" /* ServerRoot */ | |
149 | " #\"^%s/\"" /* ServerRoot/... */ | |
150 | " #\"^/private/etc$\"" | |
151 | " #\"^/private/etc/\"" | |
152 | " #\"^/usr/local/etc$\"" | |
153 | " #\"^/usr/local/etc/\"" | |
154 | " #\"^/Library$\"" | |
155 | " #\"^/Library/\"" | |
156 | " #\"^/System$\"" | |
157 | " #\"^/System/\"" | |
88f9aafc MS |
158 | ")%s)\n", |
159 | root, root, nodebug); | |
8fe0183a | 160 | /* Specifically allow applications to stat RequestRoot and some other system folders */ |
7cf5915e MS |
161 | cupsFilePrintf(fp, |
162 | "(allow file-read-metadata\n" | |
163 | " (regex" | |
8fe0183a MS |
164 | " #\"^/$\"" /* / */ |
165 | " #\"^/usr$\"" /* /usr */ | |
166 | " #\"^/Library$\"" /* /Library */ | |
167 | " #\"^/Library/Printers$\"" /* /Library/Printers */ | |
7cf5915e MS |
168 | " #\"^%s$\"" /* RequestRoot */ |
169 | "))\n", | |
170 | request); | |
8fe0183a | 171 | /* Read and write TempDir, CacheDir, and other common folders */ |
84465c7c MS |
172 | cupsFilePuts(fp, |
173 | "(allow file-write* file-read-data file-read-metadata\n" | |
174 | " (regex" | |
175 | " #\"^/private/var/db/\"" | |
176 | " #\"^/private/var/folders/\"" | |
177 | " #\"^/private/var/lib/\"" | |
178 | " #\"^/private/var/log/\"" | |
179 | " #\"^/private/var/mysql/\"" | |
180 | " #\"^/private/var/run/\"" | |
181 | " #\"^/private/var/spool/\"" | |
182 | " #\"^/Library/Application Support/\"" | |
183 | " #\"^/Library/Caches/\"" | |
184 | " #\"^/Library/Logs/\"" | |
185 | " #\"^/Library/Preferences/\"" | |
186 | " #\"^/Library/WebServer/\"" | |
187 | " #\"^/Users/Shared/\"" | |
188 | "))\n"); | |
189 | cupsFilePrintf(fp, | |
190 | "(deny file-write*\n" | |
191 | " (regex #\"^%s$\")%s)\n", | |
192 | request, nodebug); | |
193 | cupsFilePrintf(fp, | |
194 | "(deny file-write* file-read-data file-read-metadata\n" | |
195 | " (regex #\"^%s/\")%s)\n", | |
196 | request, nodebug); | |
a4924f6c MS |
197 | cupsFilePrintf(fp, |
198 | "(allow file-write* file-read-data file-read-metadata\n" | |
5a6b583a MS |
199 | " (regex" |
200 | " #\"^%s$\"" /* TempDir */ | |
201 | " #\"^%s/\"" /* TempDir/... */ | |
202 | " #\"^%s$\"" /* CacheDir */ | |
203 | " #\"^%s/\"" /* CacheDir/... */ | |
ed6e7faf | 204 | "))\n", |
d47f6aec | 205 | temp, temp, cache, cache); |
8fe0183a | 206 | /* Read common folders */ |
88f9aafc | 207 | cupsFilePrintf(fp, |
8fe0183a | 208 | "(allow file-read-data file-read-metadata\n" |
8fe0183a | 209 | " (regex" |
bcc4b655 MS |
210 | " #\"^/AppleInternal$\"" |
211 | " #\"^/AppleInternal/\"" | |
8fe0183a MS |
212 | " #\"^/bin$\"" /* /bin */ |
213 | " #\"^/bin/\"" /* /bin/... */ | |
777e09f8 | 214 | " #\"^/private$\"" |
d9183105 MS |
215 | " #\"^/private/etc$\"" |
216 | " #\"^/private/etc/\"" | |
1d8db48d MS |
217 | " #\"^/private/tmp$\"" |
218 | " #\"^/private/tmp/\"" | |
777e09f8 MS |
219 | " #\"^/private/var$\"" |
220 | " #\"^/private/var/db$\"" | |
d9183105 | 221 | " #\"^/private/var/folders$\"" |
99328a65 MS |
222 | " #\"^/private/var/lib$\"" |
223 | " #\"^/private/var/log$\"" | |
224 | " #\"^/private/var/mysql$\"" | |
1d8db48d | 225 | " #\"^/private/var/run$\"" |
777e09f8 | 226 | " #\"^/private/var/spool$\"" |
59aa4944 MS |
227 | " #\"^/private/var/tmp$\"" |
228 | " #\"^/private/var/tmp/\"" | |
8fe0183a MS |
229 | " #\"^/usr/bin$\"" /* /usr/bin */ |
230 | " #\"^/usr/bin/\"" /* /usr/bin/... */ | |
231 | " #\"^/usr/libexec/cups$\"" /* /usr/libexec/cups */ | |
232 | " #\"^/usr/libexec/cups/\"" /* /usr/libexec/cups/... */ | |
3f4342fa MS |
233 | " #\"^/usr/libexec/fax$\"" /* /usr/libexec/fax */ |
234 | " #\"^/usr/libexec/fax/\"" /* /usr/libexec/fax/... */ | |
8fe0183a MS |
235 | " #\"^/usr/sbin$\"" /* /usr/sbin */ |
236 | " #\"^/usr/sbin/\"" /* /usr/sbin/... */ | |
59aa4944 MS |
237 | " #\"^/Library$\"" /* /Library */ |
238 | " #\"^/Library/\"" /* /Library/... */ | |
239 | " #\"^/System$\"" /* /System */ | |
240 | " #\"^/System/\"" /* /System/... */ | |
8fe0183a MS |
241 | " #\"^%s/Library$\"" /* RequestRoot/Library */ |
242 | " #\"^%s/Library/\"" /* RequestRoot/Library/... */ | |
243 | " #\"^%s$\"" /* ServerBin */ | |
244 | " #\"^%s/\"" /* ServerBin/... */ | |
245 | " #\"^%s$\"" /* ServerRoot */ | |
246 | " #\"^%s/\"" /* ServerRoot/... */ | |
d47f6aec MS |
247 | " #\"^%s$\"" /* StateDir */ |
248 | " #\"^%s/\"" /* StateDir/... */ | |
8fe0183a | 249 | "))\n", |
d47f6aec | 250 | request, request, bin, bin, root, root, state, state); |
8fe0183a MS |
251 | if (Sandboxing == CUPSD_SANDBOXING_RELAXED) |
252 | { | |
253 | /* Limited write access to /Library/Printers/... */ | |
254 | cupsFilePuts(fp, | |
255 | "(allow file-write*\n" | |
88f9aafc | 256 | " (regex" |
8fe0183a MS |
257 | " #\"^/Library/Printers/.*/\"" |
258 | "))\n"); | |
259 | cupsFilePrintf(fp, | |
260 | "(deny file-write*\n" | |
261 | " (regex" | |
262 | " #\"^/Library/Printers/PPDs$\"" | |
263 | " #\"^/Library/Printers/PPDs/\"" | |
264 | " #\"^/Library/Printers/PPD Plugins$\"" | |
265 | " #\"^/Library/Printers/PPD Plugins/\"" | |
266 | ")%s)\n", nodebug); | |
267 | } | |
a94fe6cf MS |
268 | /* Allow execution of child processes as long as the programs are not in a user directory */ |
269 | cupsFilePuts(fp, "(allow process*)\n"); | |
270 | cupsFilePuts(fp, "(deny process-exec (regex #\"^/Users/\"))\n"); | |
8fe0183a | 271 | if (RunUser && getenv("CUPS_TESTROOT")) |
e60ec91f | 272 | { |
8fe0183a MS |
273 | /* Allow source directory access in "make test" environment */ |
274 | char testroot[1024]; /* Root directory of test files */ | |
e60ec91f | 275 | |
8fe0183a MS |
276 | cupsd_requote(testroot, getenv("CUPS_TESTROOT"), sizeof(testroot)); |
277 | ||
278 | cupsFilePrintf(fp, | |
279 | "(allow file-write* file-read-data file-read-metadata\n" | |
280 | " (regex" | |
281 | " #\"^%s$\"" /* CUPS_TESTROOT */ | |
282 | " #\"^%s/\"" /* CUPS_TESTROOT/... */ | |
283 | "))\n", | |
284 | testroot, testroot); | |
285 | cupsFilePrintf(fp, | |
286 | "(allow process-exec\n" | |
287 | " (regex" | |
288 | " #\"^%s/\"" /* CUPS_TESTROOT/... */ | |
289 | "))\n", | |
290 | testroot); | |
59aa4944 | 291 | cupsFilePrintf(fp, "(allow sysctl*)\n"); |
8fe0183a MS |
292 | } |
293 | if (job_id) | |
294 | { | |
295 | /* Allow job filters to read the current job files... */ | |
a4924f6c MS |
296 | cupsFilePrintf(fp, |
297 | "(allow file-read-data file-read-metadata\n" | |
5a757074 | 298 | " (regex #\"^%s/([ac]%05d|d%05d-[0-9][0-9][0-9])$\"))\n", |
5bd77a73 | 299 | request, job_id, job_id); |
e60ec91f MS |
300 | } |
301 | else | |
302 | { | |
8fe0183a | 303 | /* Allow email notifications from notifiers... */ |
e60ec91f MS |
304 | cupsFilePuts(fp, |
305 | "(allow process-exec\n" | |
306 | " (literal \"/usr/sbin/sendmail\")\n" | |
8fe0183a MS |
307 | " (with no-sandbox))\n"); |
308 | } | |
a94fe6cf MS |
309 | /* Allow access to Bluetooth, USB, and notify_post. */ |
310 | cupsFilePuts(fp, "(allow iokit*)\n"); | |
311 | cupsFilePuts(fp, "(allow distributed-notification-post)\n"); | |
777e09f8 | 312 | /* Allow outbound networking to local services */ |
8fe0183a | 313 | cupsFilePuts(fp, "(allow network-outbound" |
59aa4944 | 314 | "\n (regex #\"^/private/var/run/\" #\"^/private/tmp/\" #\"^/private/var/tmp/\")"); |
8fe0183a MS |
315 | for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners); |
316 | lis; | |
317 | lis = (cupsd_listener_t *)cupsArrayNext(Listeners)) | |
318 | { | |
319 | if (httpAddrFamily(&(lis->address)) == AF_LOCAL) | |
320 | { | |
321 | httpAddrString(&(lis->address), domain, sizeof(domain)); | |
322 | cupsFilePrintf(fp, "\n (literal \"%s\")", domain); | |
323 | } | |
324 | } | |
325 | if (allow_networking) | |
326 | { | |
327 | /* Allow TCP and UDP networking off the machine... */ | |
328 | cupsFilePuts(fp, "\n (remote tcp))\n"); | |
4c6277cc | 329 | cupsFilePuts(fp, "(allow network-bind)\n"); /* for LPD resvport */ |
8fe0183a MS |
330 | cupsFilePuts(fp, "(allow network*\n" |
331 | " (local udp \"*:*\")\n" | |
332 | " (remote udp \"*:*\"))\n"); | |
bcc4b655 | 333 | |
fb3777cc | 334 | /* Also allow access to device files... */ |
e2685126 | 335 | cupsFilePuts(fp, "(allow file-write* file-read-data file-read-metadata file-ioctl\n" |
4c6277cc | 336 | " (regex #\"^/dev/\"))\n"); |
6e6611ef MS |
337 | |
338 | /* And allow kernel extensions to be loaded, e.g., SMB */ | |
339 | cupsFilePuts(fp, "(allow system-kext-load)\n"); | |
8fe0183a MS |
340 | } |
341 | else | |
342 | { | |
fb3777cc | 343 | /* Only allow SNMP (UDP) and LPD (TCP) off the machine... */ |
8fe0183a MS |
344 | cupsFilePuts(fp, ")\n"); |
345 | cupsFilePuts(fp, "(allow network-outbound\n" | |
2dd94018 | 346 | " (remote udp \"*:161\")\n" |
fb3777cc | 347 | " (remote tcp \"*:515\"))\n"); |
8fe0183a MS |
348 | cupsFilePuts(fp, "(allow network-inbound\n" |
349 | " (local udp \"localhost:*\"))\n"); | |
e60ec91f | 350 | } |
a4924f6c MS |
351 | cupsFileClose(fp); |
352 | ||
8fe0183a | 353 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d,allow_networking=%d) = \"%s\"", job_id, allow_networking, profile); |
a4924f6c | 354 | return ((void *)strdup(profile)); |
b9faaae1 | 355 | |
a4924f6c | 356 | #else |
8fe0183a | 357 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking); |
a4924f6c MS |
358 | |
359 | return (NULL); | |
360 | #endif /* HAVE_SANDBOX_H */ | |
361 | } | |
362 | ||
363 | ||
364 | /* | |
365 | * 'cupsdDestroyProfile()' - Delete an execution profile. | |
366 | */ | |
367 | ||
368 | void | |
369 | cupsdDestroyProfile(void *profile) /* I - Profile */ | |
370 | { | |
b9faaae1 MS |
371 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDeleteProfile(profile=\"%s\")", |
372 | profile ? (char *)profile : "(null)"); | |
373 | ||
a4924f6c MS |
374 | #ifdef HAVE_SANDBOX_H |
375 | if (profile) | |
376 | { | |
377 | unlink((char *)profile); | |
378 | free(profile); | |
379 | } | |
380 | #endif /* HAVE_SANDBOX_H */ | |
381 | } | |
e00b005a | 382 | |
383 | ||
ef416fc2 | 384 | /* |
385 | * 'cupsdEndProcess()' - End a process. | |
386 | */ | |
387 | ||
388 | int /* O - 0 on success, -1 on failure */ | |
389 | cupsdEndProcess(int pid, /* I - Process ID */ | |
390 | int force) /* I - Force child to die */ | |
391 | { | |
b9faaae1 MS |
392 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdEndProcess(pid=%d, force=%d)", pid, |
393 | force); | |
394 | ||
ef55b745 MS |
395 | if (!pid) |
396 | return (0); | |
88f9aafc MS |
397 | |
398 | if (!RunUser) | |
399 | { | |
400 | /* | |
401 | * When running as root, cupsd puts child processes in their own process | |
402 | * group. Using "-pid" sends a signal to all processes in the group. | |
403 | */ | |
404 | ||
405 | pid = -pid; | |
406 | } | |
407 | ||
408 | if (force) | |
ef416fc2 | 409 | return (kill(pid, SIGKILL)); |
410 | else | |
411 | return (kill(pid, SIGTERM)); | |
412 | } | |
413 | ||
414 | ||
e00b005a | 415 | /* |
416 | * 'cupsdFinishProcess()' - Finish a process and get its name. | |
417 | */ | |
418 | ||
419 | const char * /* O - Process name */ | |
07623986 MS |
420 | cupsdFinishProcess(int pid, /* I - Process ID */ |
421 | char *name, /* I - Name buffer */ | |
422 | size_t namelen, /* I - Size of name buffer */ | |
423 | int *job_id) /* O - Job ID pointer or NULL */ | |
e00b005a | 424 | { |
425 | cupsd_proc_t key, /* Search key */ | |
426 | *proc; /* Matching process */ | |
427 | ||
428 | ||
429 | key.pid = pid; | |
430 | ||
431 | if ((proc = (cupsd_proc_t *)cupsArrayFind(process_array, &key)) != NULL) | |
432 | { | |
b9faaae1 MS |
433 | if (job_id) |
434 | *job_id = proc->job_id; | |
435 | ||
e00b005a | 436 | strlcpy(name, proc->name, namelen); |
437 | cupsArrayRemove(process_array, proc); | |
438 | free(proc); | |
e00b005a | 439 | } |
440 | else | |
b9faaae1 MS |
441 | { |
442 | if (job_id) | |
443 | *job_id = 0; | |
444 | ||
445 | strlcpy(name, "unknown", namelen); | |
446 | } | |
447 | ||
07623986 | 448 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFinishProcess(pid=%d, name=%p, namelen=" CUPS_LLFMT ", job_id=%p(%d)) = \"%s\"", pid, name, CUPS_LLCAST namelen, job_id, job_id ? *job_id : 0, name); |
b9faaae1 MS |
449 | |
450 | return (name); | |
e00b005a | 451 | } |
452 | ||
453 | ||
ef416fc2 | 454 | /* |
455 | * 'cupsdStartProcess()' - Start a process. | |
456 | */ | |
457 | ||
458 | int /* O - Process ID or 0 */ | |
459 | cupsdStartProcess( | |
b9faaae1 MS |
460 | const char *command, /* I - Full path to command */ |
461 | char *argv[], /* I - Command-line arguments */ | |
462 | char *envp[], /* I - Environment */ | |
463 | int infd, /* I - Standard input file descriptor */ | |
464 | int outfd, /* I - Standard output file descriptor */ | |
465 | int errfd, /* I - Standard error file descriptor */ | |
466 | int backfd, /* I - Backchannel file descriptor */ | |
467 | int sidefd, /* I - Sidechannel file descriptor */ | |
468 | int root, /* I - Run as root? */ | |
469 | void *profile, /* I - Security profile to use */ | |
38e73f87 | 470 | cupsd_job_t *job, /* I - Job associated with process */ |
b9faaae1 | 471 | int *pid) /* O - Process ID */ |
ef416fc2 | 472 | { |
0268488e | 473 | int i; /* Looping var */ |
e60ec91f | 474 | const char *exec_path = command; /* Command to be exec'd */ |
28c194b0 | 475 | char *real_argv[110], /* Real command-line arguments */ |
1b3b9aa9 MS |
476 | cups_exec[1024], /* Path to "cups-exec" program */ |
477 | user_str[16], /* User string */ | |
478 | group_str[16], /* Group string */ | |
479 | nice_str[16]; /* FilterNice string */ | |
7e86f2f6 | 480 | uid_t user; /* Command UID */ |
e00b005a | 481 | cupsd_proc_t *proc; /* New process record */ |
a7616fe8 | 482 | #if USE_POSIX_SPAWN |
c82f05ea MS |
483 | posix_spawn_file_actions_t actions; /* Spawn file actions */ |
484 | posix_spawnattr_t attrs; /* Spawn attributes */ | |
73174bb3 | 485 | sigset_t defsignals; /* Default signals */ |
07623986 | 486 | #elif defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET) |
e00b005a | 487 | struct sigaction action; /* POSIX signal handler */ |
a7616fe8 | 488 | #endif /* USE_POSIX_SPAWN */ |
e53920b9 | 489 | #if defined(__APPLE__) |
e00b005a | 490 | char processPath[1024], /* CFProcessPath environment variable */ |
491 | linkpath[1024]; /* Link path for symlinks... */ | |
492 | int linkbytes; /* Bytes for link path */ | |
e53920b9 | 493 | #endif /* __APPLE__ */ |
ef416fc2 | 494 | |
495 | ||
22c9029b MS |
496 | *pid = 0; |
497 | ||
0268488e MS |
498 | /* |
499 | * Figure out the UID for the child process... | |
500 | */ | |
501 | ||
bf3816c7 MS |
502 | if (RunUser) |
503 | user = RunUser; | |
504 | else if (root) | |
505 | user = 0; | |
506 | else | |
507 | user = User; | |
508 | ||
0268488e MS |
509 | /* |
510 | * Check the permissions of the command we are running... | |
511 | */ | |
512 | ||
22c9029b MS |
513 | if (_cupsFileCheck(command, _CUPS_FILE_CHECK_PROGRAM, !RunUser, |
514 | cupsdLogFCMessage, job ? job->printer : NULL)) | |
bf3816c7 | 515 | return (0); |
76cd9e37 | 516 | |
e53920b9 | 517 | #if defined(__APPLE__) |
518 | if (envp) | |
e00b005a | 519 | { |
520 | /* | |
8072030b | 521 | * Add special voodoo magic for macOS - this allows macOS programs to access |
f3c17241 | 522 | * their bundle resources properly... |
e00b005a | 523 | */ |
524 | ||
e53920b9 | 525 | if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0) |
526 | { | |
527 | /* | |
528 | * Yes, this is a symlink to the actual program, nul-terminate and | |
529 | * use it... | |
530 | */ | |
531 | ||
532 | linkpath[linkbytes] = '\0'; | |
e00b005a | 533 | |
e53920b9 | 534 | if (linkpath[0] == '/') |
535 | snprintf(processPath, sizeof(processPath), "CFProcessPath=%s", | |
536 | linkpath); | |
537 | else | |
538 | snprintf(processPath, sizeof(processPath), "CFProcessPath=%s/%s", | |
f7deaa1a | 539 | dirname((char *)command), linkpath); |
e53920b9 | 540 | } |
e00b005a | 541 | else |
e53920b9 | 542 | snprintf(processPath, sizeof(processPath), "CFProcessPath=%s", command); |
bd7854cb | 543 | |
e53920b9 | 544 | envp[0] = processPath; /* Replace <CFProcessPath> string */ |
545 | } | |
546 | #endif /* __APPLE__ */ | |
e00b005a | 547 | |
0268488e MS |
548 | /* |
549 | * Use helper program when we have a sandbox profile... | |
550 | */ | |
551 | ||
a7616fe8 | 552 | #if !USE_POSIX_SPAWN |
0268488e | 553 | if (profile) |
a7616fe8 | 554 | #endif /* !USE_POSIX_SPAWN */ |
0268488e MS |
555 | { |
556 | snprintf(cups_exec, sizeof(cups_exec), "%s/daemon/cups-exec", ServerBin); | |
8fe0183a | 557 | snprintf(user_str, sizeof(user_str), "%d", user); |
c82f05ea MS |
558 | snprintf(group_str, sizeof(group_str), "%d", Group); |
559 | snprintf(nice_str, sizeof(nice_str), "%d", FilterNice); | |
0268488e MS |
560 | |
561 | real_argv[0] = cups_exec; | |
28c194b0 MS |
562 | real_argv[1] = (char *)"-g"; |
563 | real_argv[2] = group_str; | |
564 | real_argv[3] = (char *)"-n"; | |
c82f05ea | 565 | real_argv[4] = nice_str; |
28c194b0 MS |
566 | real_argv[5] = (char *)"-u"; |
567 | real_argv[6] = user_str; | |
343276df | 568 | real_argv[7] = profile ? profile : "none"; |
28c194b0 | 569 | real_argv[8] = (char *)command; |
0268488e MS |
570 | |
571 | for (i = 0; | |
28c194b0 | 572 | i < (int)(sizeof(real_argv) / sizeof(real_argv[0]) - 10) && argv[i]; |
0268488e | 573 | i ++) |
28c194b0 | 574 | real_argv[i + 9] = argv[i]; |
0268488e | 575 | |
28c194b0 | 576 | real_argv[i + 9] = NULL; |
0268488e | 577 | |
e60ec91f MS |
578 | argv = real_argv; |
579 | exec_path = cups_exec; | |
0268488e MS |
580 | } |
581 | ||
c82f05ea MS |
582 | if (LogLevel == CUPSD_LOG_DEBUG2) |
583 | { | |
584 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Preparing to start \"%s\", arguments:", command); | |
585 | ||
586 | for (i = 0; argv[i]; i ++) | |
587 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: argv[%d] = \"%s\"", i, argv[i]); | |
588 | } | |
589 | ||
a7616fe8 | 590 | #if USE_POSIX_SPAWN |
c82f05ea MS |
591 | /* |
592 | * Setup attributes and file actions for the spawn... | |
593 | */ | |
594 | ||
595 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Setting spawn attributes."); | |
73174bb3 MS |
596 | sigemptyset(&defsignals); |
597 | sigaddset(&defsignals, SIGTERM); | |
598 | sigaddset(&defsignals, SIGCHLD); | |
599 | sigaddset(&defsignals, SIGPIPE); | |
600 | ||
c82f05ea MS |
601 | posix_spawnattr_init(&attrs); |
602 | posix_spawnattr_setflags(&attrs, POSIX_SPAWN_SETPGROUP | POSIX_SPAWN_SETSIGDEF); | |
73174bb3 MS |
603 | posix_spawnattr_setpgroup(&attrs, 0); |
604 | posix_spawnattr_setsigdefault(&attrs, &defsignals); | |
c82f05ea MS |
605 | |
606 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Setting file actions."); | |
607 | posix_spawn_file_actions_init(&actions); | |
608 | if (infd != 0) | |
609 | { | |
610 | if (infd < 0) | |
0907c437 | 611 | posix_spawn_file_actions_addopen(&actions, 0, "/dev/null", O_RDONLY, 0); |
c82f05ea MS |
612 | else |
613 | posix_spawn_file_actions_adddup2(&actions, infd, 0); | |
614 | } | |
615 | ||
616 | if (outfd != 1) | |
617 | { | |
618 | if (outfd < 0) | |
619 | posix_spawn_file_actions_addopen(&actions, 1, "/dev/null", O_WRONLY, 0); | |
620 | else | |
621 | posix_spawn_file_actions_adddup2(&actions, outfd, 1); | |
622 | } | |
623 | ||
624 | if (errfd != 2) | |
625 | { | |
626 | if (errfd < 0) | |
627 | posix_spawn_file_actions_addopen(&actions, 2, "/dev/null", O_WRONLY, 0); | |
628 | else | |
629 | posix_spawn_file_actions_adddup2(&actions, errfd, 2); | |
630 | } | |
631 | ||
632 | if (backfd != 3 && backfd >= 0) | |
633 | posix_spawn_file_actions_adddup2(&actions, backfd, 3); | |
634 | ||
635 | if (sidefd != 4 && sidefd >= 0) | |
636 | posix_spawn_file_actions_adddup2(&actions, sidefd, 4); | |
637 | ||
638 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Calling posix_spawn."); | |
639 | ||
640 | if (posix_spawn(pid, exec_path, &actions, &attrs, argv, envp ? envp : environ)) | |
641 | { | |
642 | cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command, strerror(errno)); | |
643 | ||
644 | *pid = 0; | |
645 | } | |
646 | else | |
647 | cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: pid=%d", (int)*pid); | |
648 | ||
649 | posix_spawn_file_actions_destroy(&actions); | |
650 | posix_spawnattr_destroy(&attrs); | |
651 | ||
652 | #else | |
ef416fc2 | 653 | /* |
654 | * Block signals before forking... | |
655 | */ | |
656 | ||
657 | cupsdHoldSignals(); | |
658 | ||
659 | if ((*pid = fork()) == 0) | |
660 | { | |
661 | /* | |
88f9aafc MS |
662 | * Child process goes here; update stderr as needed... |
663 | */ | |
664 | ||
665 | if (errfd != 2) | |
666 | { | |
667 | if (errfd < 0) | |
668 | errfd = open("/dev/null", O_WRONLY); | |
669 | ||
670 | if (errfd != 2) | |
671 | { | |
672 | dup2(errfd, 2); | |
673 | close(errfd); | |
674 | } | |
675 | } | |
676 | ||
677 | /* | |
678 | * Put this process in its own process group so that we can kill any child | |
679 | * processes it creates. | |
680 | */ | |
681 | ||
c82f05ea | 682 | # ifdef HAVE_SETPGID |
88f9aafc MS |
683 | if (!RunUser && setpgid(0, 0)) |
684 | exit(errno + 100); | |
c82f05ea | 685 | # else |
88f9aafc MS |
686 | if (!RunUser && setpgrp()) |
687 | exit(errno + 100); | |
c82f05ea | 688 | # endif /* HAVE_SETPGID */ |
88f9aafc MS |
689 | |
690 | /* | |
691 | * Update the remaining file descriptors as needed... | |
ef416fc2 | 692 | */ |
693 | ||
694 | if (infd != 0) | |
695 | { | |
68b10830 MS |
696 | if (infd < 0) |
697 | infd = open("/dev/null", O_RDONLY); | |
698 | ||
699 | if (infd != 0) | |
700 | { | |
701 | dup2(infd, 0); | |
702 | close(infd); | |
703 | } | |
ef416fc2 | 704 | } |
68b10830 | 705 | |
ef416fc2 | 706 | if (outfd != 1) |
707 | { | |
68b10830 MS |
708 | if (outfd < 0) |
709 | outfd = open("/dev/null", O_WRONLY); | |
710 | ||
711 | if (outfd != 1) | |
712 | { | |
713 | dup2(outfd, 1); | |
714 | close(outfd); | |
715 | } | |
ef416fc2 | 716 | } |
68b10830 | 717 | |
68b10830 | 718 | if (backfd != 3 && backfd >= 0) |
ef416fc2 | 719 | { |
68b10830 MS |
720 | dup2(backfd, 3); |
721 | close(backfd); | |
ef416fc2 | 722 | fcntl(3, F_SETFL, O_NDELAY); |
723 | } | |
68b10830 MS |
724 | |
725 | if (sidefd != 4 && sidefd >= 0) | |
f7deaa1a | 726 | { |
68b10830 MS |
727 | dup2(sidefd, 4); |
728 | close(sidefd); | |
f7deaa1a | 729 | fcntl(4, F_SETFL, O_NDELAY); |
730 | } | |
ef416fc2 | 731 | |
732 | /* | |
733 | * Change the priority of the process based on the FilterNice setting. | |
5bd77a73 | 734 | * (this is not done for root processes...) |
ef416fc2 | 735 | */ |
736 | ||
737 | if (!root) | |
738 | nice(FilterNice); | |
739 | ||
740 | /* | |
88f9aafc | 741 | * Reset group membership to just the main one we belong to. |
ef416fc2 | 742 | */ |
743 | ||
88f9aafc MS |
744 | if (!RunUser && setgid(Group)) |
745 | exit(errno + 100); | |
ef416fc2 | 746 | |
88f9aafc MS |
747 | if (!RunUser && setgroups(1, &Group)) |
748 | exit(errno + 100); | |
ef416fc2 | 749 | |
88f9aafc MS |
750 | /* |
751 | * Change user to something "safe"... | |
752 | */ | |
41681883 | 753 | |
88f9aafc MS |
754 | if (!RunUser && user && setuid(user)) |
755 | exit(errno + 100); | |
ef416fc2 | 756 | |
757 | /* | |
758 | * Change umask to restrict permissions on created files... | |
759 | */ | |
760 | ||
761 | umask(077); | |
762 | ||
763 | /* | |
764 | * Unblock signals before doing the exec... | |
765 | */ | |
766 | ||
c82f05ea | 767 | # ifdef HAVE_SIGSET |
ef416fc2 | 768 | sigset(SIGTERM, SIG_DFL); |
769 | sigset(SIGCHLD, SIG_DFL); | |
ef55b745 | 770 | sigset(SIGPIPE, SIG_DFL); |
c82f05ea | 771 | # elif defined(HAVE_SIGACTION) |
ef416fc2 | 772 | memset(&action, 0, sizeof(action)); |
773 | ||
774 | sigemptyset(&action.sa_mask); | |
775 | action.sa_handler = SIG_DFL; | |
776 | ||
777 | sigaction(SIGTERM, &action, NULL); | |
778 | sigaction(SIGCHLD, &action, NULL); | |
ef55b745 | 779 | sigaction(SIGPIPE, &action, NULL); |
c82f05ea | 780 | # else |
ef416fc2 | 781 | signal(SIGTERM, SIG_DFL); |
782 | signal(SIGCHLD, SIG_DFL); | |
ef55b745 | 783 | signal(SIGPIPE, SIG_DFL); |
c82f05ea | 784 | # endif /* HAVE_SIGSET */ |
ef416fc2 | 785 | |
786 | cupsdReleaseSignals(); | |
787 | ||
788 | /* | |
0268488e MS |
789 | * Execute the command; if for some reason this doesn't work, log an error |
790 | * exit with a non-zero value... | |
ef416fc2 | 791 | */ |
792 | ||
793 | if (envp) | |
e60ec91f | 794 | execve(exec_path, argv, envp); |
ef416fc2 | 795 | else |
e60ec91f | 796 | execv(exec_path, argv); |
ef416fc2 | 797 | |
88f9aafc | 798 | exit(errno + 100); |
ef416fc2 | 799 | } |
800 | else if (*pid < 0) | |
801 | { | |
802 | /* | |
803 | * Error - couldn't fork a new process! | |
804 | */ | |
805 | ||
806 | cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command, | |
807 | strerror(errno)); | |
808 | ||
809 | *pid = 0; | |
810 | } | |
c82f05ea MS |
811 | |
812 | cupsdReleaseSignals(); | |
a7616fe8 | 813 | #endif /* USE_POSIX_SPAWN */ |
c82f05ea MS |
814 | |
815 | if (*pid) | |
e00b005a | 816 | { |
817 | if (!process_array) | |
818 | process_array = cupsArrayNew((cups_array_func_t)compare_procs, NULL); | |
f3c17241 | 819 | |
e00b005a | 820 | if (process_array) |
821 | { | |
822 | if ((proc = calloc(1, sizeof(cupsd_proc_t) + strlen(command))) != NULL) | |
823 | { | |
b9faaae1 | 824 | proc->pid = *pid; |
38e73f87 | 825 | proc->job_id = job ? job->id : 0; |
e60ec91f | 826 | _cups_strcpy(proc->name, command); |
e00b005a | 827 | |
828 | cupsArrayAdd(process_array, proc); | |
829 | } | |
830 | } | |
831 | } | |
ef416fc2 | 832 | |
b9faaae1 MS |
833 | cupsdLogMessage(CUPSD_LOG_DEBUG2, |
834 | "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, " | |
835 | "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, " | |
38e73f87 | 836 | "profile=%p, job=%p(%d), pid=%p) = %d", |
b9faaae1 | 837 | command, argv, envp, infd, outfd, errfd, backfd, sidefd, |
38e73f87 | 838 | root, profile, job, job ? job->id : 0, pid, *pid); |
b9faaae1 | 839 | |
ef416fc2 | 840 | return (*pid); |
841 | } | |
842 | ||
843 | ||
844 | /* | |
e00b005a | 845 | * 'compare_procs()' - Compare two processes. |
846 | */ | |
847 | ||
848 | static int /* O - Result of comparison */ | |
849 | compare_procs(cupsd_proc_t *a, /* I - First process */ | |
850 | cupsd_proc_t *b) /* I - Second process */ | |
851 | { | |
852 | return (a->pid - b->pid); | |
853 | } | |
854 | ||
855 | ||
a4924f6c MS |
856 | #ifdef HAVE_SANDBOX_H |
857 | /* | |
858 | * 'cupsd_requote()' - Make a regular-expression version of a string. | |
859 | */ | |
860 | ||
861 | static char * /* O - Quoted string */ | |
862 | cupsd_requote(char *dst, /* I - Destination buffer */ | |
863 | const char *src, /* I - Source string */ | |
864 | size_t dstsize) /* I - Size of destination buffer */ | |
865 | { | |
866 | int ch; /* Current character */ | |
867 | char *dstptr, /* Current position in buffer */ | |
868 | *dstend; /* End of destination buffer */ | |
869 | ||
870 | ||
871 | dstptr = dst; | |
872 | dstend = dst + dstsize - 2; | |
873 | ||
874 | while (*src && dstptr < dstend) | |
875 | { | |
876 | ch = *src++; | |
877 | ||
cb7f98ee MS |
878 | if (ch == '/' && !*src) |
879 | break; /* Don't add trailing slash */ | |
880 | ||
8a984948 | 881 | if (strchr(".?*()[]^$\\\"", ch)) |
a4924f6c MS |
882 | *dstptr++ = '\\'; |
883 | ||
7e86f2f6 | 884 | *dstptr++ = (char)ch; |
a4924f6c MS |
885 | } |
886 | ||
887 | *dstptr = '\0'; | |
888 | ||
889 | return (dst); | |
890 | } | |
891 | #endif /* HAVE_SANDBOX_H */ |