]> git.ipfire.org Git - thirdparty/cups.git/blame - scheduler/process.c
projects / thirdparty / cups.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Don't generate certificates that expire on Feb 29th (Issue #5643)
[thirdparty/cups.git] / scheduler / process.c
CommitLineData
ef416fc2 1/*
7e86f2f6 2 * Process management routines for the CUPS scheduler.
ef416fc2 3 *
8a984948 4 * Copyright 2007-2017 by Apple Inc.
7e86f2f6 5 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
ef416fc2 6 *
e3101897 7 * Licensed under Apache License v2.0. See the file "LICENSE" for more information.
ef416fc2 8 */
9
10/*
11 * Include necessary headers...
12 */
13
14#include "cupsd.h"
15#include <grp.h>
a4924f6c 16#ifdef __APPLE__
4400e98d 17# include <libgen.h>
6d2f911b 18#endif /* __APPLE__ */
c82f05ea
MS		 19#ifdef HAVE_POSIX_SPAWN
20# include <spawn.h>
21extern char **environ;
9e44dfbe
MS		 22/* Don't use posix_spawn on systems with bugs in their implementations... */
23# if defined(OpenBSD) && OpenBSD < 201505
a7616fe8 24# define USE_POSIX_SPAWN 0
9e44dfbe
MS		 25# elif defined(__UCLIBC__) && __UCLIBC_MAJOR__ == 1 && __UCLIBC_MINOR__ == 0 && __UCLIBC_SUBLEVEL__ < 27
26# define USE_POSIX_SPAWN 0
27# elif defined(__UCLIBC__) && __UCLIBC_MAJOR__ < 1
28# define USE_POSIX_SPAWN 0
29# else /* All other platforms */
30# define USE_POSIX_SPAWN 1
31# endif /* ... */
a7616fe8
MS		 32#else
33# define USE_POSIX_SPAWN 0
34#endif /* HAVE_POSIX_SPAWN */
ef416fc2 35
36
e00b005a 37/*
38 * Process structure...
39 */
40
41typedef struct
42{
b9faaae1
MS		 43 int pid, /* Process ID */
44 job_id; /* Job associated with process */
e00b005a 45 char name[1]; /* Name of process */
46} cupsd_proc_t;
47
48
49/*
50 * Local globals...
51 */
52
53static cups_array_t *process_array = NULL;
54
55
56/*
57 * Local functions...
58 */
59
60static int compare_procs(cupsd_proc_t *a, cupsd_proc_t *b);
a4924f6c
MS		 61#ifdef HAVE_SANDBOX_H
62static char *cupsd_requote(char *dst, const char *src, size_t dstsize);
63#endif /* HAVE_SANDBOX_H */
64
65
66/*
67 * 'cupsdCreateProfile()' - Create an execution profile for a subprocess.
68 */
69
70void * /* O - Profile or NULL on error */
8fe0183a
MS		 71cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */
72 int allow_networking)/* I - Allow networking off machine? */
a4924f6c
MS		 73{
74#ifdef HAVE_SANDBOX_H
8fe0183a
MS		 75 cups_file_t *fp; /* File pointer */
76 char profile[1024], /* File containing the profile */
77 bin[1024], /* Quoted ServerBin */
78 cache[1024], /* Quoted CacheDir */
79 domain[1024], /* Domain socket, if any */
80 request[1024], /* Quoted RequestRoot */
81 root[1024], /* Quoted ServerRoot */
6c2b2b19 82 state[1024], /* Quoted StateDir */
8fe0183a
MS		 83 temp[1024]; /* Quoted TempDir */
84 const char *nodebug; /* " (with no-log)" for no debug */
85 cupsd_listener_t *lis; /* Current listening socket */
86
87
88 if (!UseSandboxing || Sandboxing == CUPSD_SANDBOXING_OFF)
b9faaae1
MS		 89 {
90 /*
91 * Only use sandbox profiles as root...
92 */
93
8fe0183a 94 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking);
b9faaae1
MS		 95
96 return (NULL);
97 }
98
a4924f6c
MS		 99 if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL)
100 {
d47f6aec
MS		 101 /*
102 * This should never happen, and is fatal when sandboxing is enabled.
103 */
104
8fe0183a 105 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking);
d47f6aec
MS		 106 cupsdLogMessage(CUPSD_LOG_EMERG, "Unable to create security profile: %s", strerror(errno));
107 kill(getpid(), SIGTERM);
a4924f6c
MS		 108 return (NULL);
109 }
110
0268488e
MS		 111 fchown(cupsFileNumber(fp), RunUser, Group);
112 fchmod(cupsFileNumber(fp), 0640);
113
8fe0183a 114 cupsd_requote(bin, ServerBin, sizeof(bin));
a4924f6c
MS		 115 cupsd_requote(cache, CacheDir, sizeof(cache));
116 cupsd_requote(request, RequestRoot, sizeof(request));
117 cupsd_requote(root, ServerRoot, sizeof(root));
6c2b2b19 118 cupsd_requote(state, StateDir, sizeof(state));
a4924f6c
MS		 119 cupsd_requote(temp, TempDir, sizeof(temp));
120
88f9aafc
MS		 121 nodebug = LogLevel < CUPSD_LOG_DEBUG ? " (with no-log)" : "";
122
a4924f6c 123 cupsFilePuts(fp, "(version 1)\n");
8fe0183a
MS		 124 if (Sandboxing == CUPSD_SANDBOXING_STRICT)
125 cupsFilePuts(fp, "(deny default)\n");
126 else
127 cupsFilePuts(fp, "(allow default)\n");
128 if (LogLevel >= CUPSD_LOG_DEBUG)
129 cupsFilePuts(fp, "(debug deny)\n");
130 cupsFilePuts(fp, "(import \"system.sb\")\n");
96a5df62 131 cupsFilePuts(fp, "(import \"com.apple.corefoundation.sb\")\n");
8fe0183a
MS		 132 cupsFilePuts(fp, "(system-network)\n");
133 cupsFilePuts(fp, "(allow mach-per-user-lookup)\n");
134 cupsFilePuts(fp, "(allow ipc-posix-sem)\n");
135 cupsFilePuts(fp, "(allow ipc-posix-shm)\n");
136 cupsFilePuts(fp, "(allow ipc-sysv-shm)\n");
137 cupsFilePuts(fp, "(allow mach-lookup)\n");
0268488e 138 if (!RunUser)
88f9aafc
MS		 139 cupsFilePrintf(fp,
140 "(deny file-write* file-read-data file-read-metadata\n"
141 " (regex"
142 " #\"^/Users$\""
143 " #\"^/Users/\""
144 ")%s)\n", nodebug);
a4924f6c
MS		 145 cupsFilePrintf(fp,
146 "(deny file-write*\n"
5a6b583a
MS		 147 " (regex"
148 " #\"^%s$\"" /* ServerRoot */
149 " #\"^%s/\"" /* ServerRoot/... */
150 " #\"^/private/etc$\""
151 " #\"^/private/etc/\""
152 " #\"^/usr/local/etc$\""
153 " #\"^/usr/local/etc/\""
154 " #\"^/Library$\""
155 " #\"^/Library/\""
156 " #\"^/System$\""
157 " #\"^/System/\""
88f9aafc
MS		 158 ")%s)\n",
159 root, root, nodebug);
8fe0183a 160 /* Specifically allow applications to stat RequestRoot and some other system folders */
7cf5915e
MS		 161 cupsFilePrintf(fp,
162 "(allow file-read-metadata\n"
163 " (regex"
8fe0183a
MS		 164 " #\"^/$\"" /* / */
165 " #\"^/usr$\"" /* /usr */
166 " #\"^/Library$\"" /* /Library */
167 " #\"^/Library/Printers$\"" /* /Library/Printers */
7cf5915e
MS		 168 " #\"^%s$\"" /* RequestRoot */
169 "))\n",
170 request);
8fe0183a 171 /* Read and write TempDir, CacheDir, and other common folders */
84465c7c
MS		 172 cupsFilePuts(fp,
173 "(allow file-write* file-read-data file-read-metadata\n"
174 " (regex"
175 " #\"^/private/var/db/\""
176 " #\"^/private/var/folders/\""
177 " #\"^/private/var/lib/\""
178 " #\"^/private/var/log/\""
179 " #\"^/private/var/mysql/\""
180 " #\"^/private/var/run/\""
181 " #\"^/private/var/spool/\""
182 " #\"^/Library/Application Support/\""
183 " #\"^/Library/Caches/\""
184 " #\"^/Library/Logs/\""
185 " #\"^/Library/Preferences/\""
186 " #\"^/Library/WebServer/\""
187 " #\"^/Users/Shared/\""
188 "))\n");
189 cupsFilePrintf(fp,
190 "(deny file-write*\n"
191 " (regex #\"^%s$\")%s)\n",
192 request, nodebug);
193 cupsFilePrintf(fp,
194 "(deny file-write* file-read-data file-read-metadata\n"
195 " (regex #\"^%s/\")%s)\n",
196 request, nodebug);
a4924f6c
MS		 197 cupsFilePrintf(fp,
198 "(allow file-write* file-read-data file-read-metadata\n"
5a6b583a
MS		 199 " (regex"
200 " #\"^%s$\"" /* TempDir */
201 " #\"^%s/\"" /* TempDir/... */
202 " #\"^%s$\"" /* CacheDir */
203 " #\"^%s/\"" /* CacheDir/... */
ed6e7faf 204 "))\n",
d47f6aec 205 temp, temp, cache, cache);
8fe0183a 206 /* Read common folders */
88f9aafc 207 cupsFilePrintf(fp,
8fe0183a 208 "(allow file-read-data file-read-metadata\n"
8fe0183a 209 " (regex"
bcc4b655
MS		 210 " #\"^/AppleInternal$\""
211 " #\"^/AppleInternal/\""
8fe0183a
MS		 212 " #\"^/bin$\"" /* /bin */
213 " #\"^/bin/\"" /* /bin/... */
777e09f8 214 " #\"^/private$\""
d9183105
MS		 215 " #\"^/private/etc$\""
216 " #\"^/private/etc/\""
1d8db48d
MS		 217 " #\"^/private/tmp$\""
218 " #\"^/private/tmp/\""
777e09f8
MS		 219 " #\"^/private/var$\""
220 " #\"^/private/var/db$\""
d9183105 221 " #\"^/private/var/folders$\""
99328a65
MS		 222 " #\"^/private/var/lib$\""
223 " #\"^/private/var/log$\""
224 " #\"^/private/var/mysql$\""
1d8db48d 225 " #\"^/private/var/run$\""
777e09f8 226 " #\"^/private/var/spool$\""
59aa4944
MS		 227 " #\"^/private/var/tmp$\""
228 " #\"^/private/var/tmp/\""
8fe0183a
MS		 229 " #\"^/usr/bin$\"" /* /usr/bin */
230 " #\"^/usr/bin/\"" /* /usr/bin/... */
231 " #\"^/usr/libexec/cups$\"" /* /usr/libexec/cups */
232 " #\"^/usr/libexec/cups/\"" /* /usr/libexec/cups/... */
3f4342fa
MS		 233 " #\"^/usr/libexec/fax$\"" /* /usr/libexec/fax */
234 " #\"^/usr/libexec/fax/\"" /* /usr/libexec/fax/... */
8fe0183a
MS		 235 " #\"^/usr/sbin$\"" /* /usr/sbin */
236 " #\"^/usr/sbin/\"" /* /usr/sbin/... */
59aa4944
MS		 237 " #\"^/Library$\"" /* /Library */
238 " #\"^/Library/\"" /* /Library/... */
239 " #\"^/System$\"" /* /System */
240 " #\"^/System/\"" /* /System/... */
8fe0183a
MS		 241 " #\"^%s/Library$\"" /* RequestRoot/Library */
242 " #\"^%s/Library/\"" /* RequestRoot/Library/... */
243 " #\"^%s$\"" /* ServerBin */
244 " #\"^%s/\"" /* ServerBin/... */
245 " #\"^%s$\"" /* ServerRoot */
246 " #\"^%s/\"" /* ServerRoot/... */
d47f6aec
MS		 247 " #\"^%s$\"" /* StateDir */
248 " #\"^%s/\"" /* StateDir/... */
8fe0183a 249 "))\n",
d47f6aec 250 request, request, bin, bin, root, root, state, state);
8fe0183a
MS		 251 if (Sandboxing == CUPSD_SANDBOXING_RELAXED)
252 {
253 /* Limited write access to /Library/Printers/... */
254 cupsFilePuts(fp,
255 "(allow file-write*\n"
88f9aafc 256 " (regex"
8fe0183a
MS		 257 " #\"^/Library/Printers/.*/\""
258 "))\n");
259 cupsFilePrintf(fp,
260 "(deny file-write*\n"
261 " (regex"
262 " #\"^/Library/Printers/PPDs$\""
263 " #\"^/Library/Printers/PPDs/\""
264 " #\"^/Library/Printers/PPD Plugins$\""
265 " #\"^/Library/Printers/PPD Plugins/\""
266 ")%s)\n", nodebug);
267 }
a94fe6cf
MS		 268 /* Allow execution of child processes as long as the programs are not in a user directory */
269 cupsFilePuts(fp, "(allow process*)\n");
270 cupsFilePuts(fp, "(deny process-exec (regex #\"^/Users/\"))\n");
8fe0183a 271 if (RunUser && getenv("CUPS_TESTROOT"))
e60ec91f 272 {
8fe0183a
MS		 273 /* Allow source directory access in "make test" environment */
274 char testroot[1024]; /* Root directory of test files */
e60ec91f 275
8fe0183a
MS		 276 cupsd_requote(testroot, getenv("CUPS_TESTROOT"), sizeof(testroot));
277
278 cupsFilePrintf(fp,
279 "(allow file-write* file-read-data file-read-metadata\n"
280 " (regex"
281 " #\"^%s$\"" /* CUPS_TESTROOT */
282 " #\"^%s/\"" /* CUPS_TESTROOT/... */
283 "))\n",
284 testroot, testroot);
285 cupsFilePrintf(fp,
286 "(allow process-exec\n"
287 " (regex"
288 " #\"^%s/\"" /* CUPS_TESTROOT/... */
289 "))\n",
290 testroot);
59aa4944 291 cupsFilePrintf(fp, "(allow sysctl*)\n");
8fe0183a
MS		 292 }
293 if (job_id)
294 {
295 /* Allow job filters to read the current job files... */
a4924f6c
MS		 296 cupsFilePrintf(fp,
297 "(allow file-read-data file-read-metadata\n"
5a757074 298 " (regex #\"^%s/([ac]%05d|d%05d-[0-9][0-9][0-9])$\"))\n",
5bd77a73 299 request, job_id, job_id);
e60ec91f
MS		 300 }
301 else
302 {
8fe0183a 303 /* Allow email notifications from notifiers... */
e60ec91f
MS		 304 cupsFilePuts(fp,
305 "(allow process-exec\n"
306 " (literal \"/usr/sbin/sendmail\")\n"
8fe0183a
MS		 307 " (with no-sandbox))\n");
308 }
a94fe6cf
MS		 309 /* Allow access to Bluetooth, USB, and notify_post. */
310 cupsFilePuts(fp, "(allow iokit*)\n");
311 cupsFilePuts(fp, "(allow distributed-notification-post)\n");
777e09f8 312 /* Allow outbound networking to local services */
8fe0183a 313 cupsFilePuts(fp, "(allow network-outbound"
59aa4944 314 "\n (regex #\"^/private/var/run/\" #\"^/private/tmp/\" #\"^/private/var/tmp/\")");
8fe0183a
MS		 315 for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners);
316 lis;
317 lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
318 {
319 if (httpAddrFamily(&(lis->address)) == AF_LOCAL)
320 {
321 httpAddrString(&(lis->address), domain, sizeof(domain));
322 cupsFilePrintf(fp, "\n (literal \"%s\")", domain);
323 }
324 }
325 if (allow_networking)
326 {
327 /* Allow TCP and UDP networking off the machine... */
328 cupsFilePuts(fp, "\n (remote tcp))\n");
4c6277cc 329 cupsFilePuts(fp, "(allow network-bind)\n"); /* for LPD resvport */
8fe0183a
MS		 330 cupsFilePuts(fp, "(allow network*\n"
331 " (local udp \"*:*\")\n"
332 " (remote udp \"*:*\"))\n");
bcc4b655 333
fb3777cc 334 /* Also allow access to device files... */
e2685126 335 cupsFilePuts(fp, "(allow file-write* file-read-data file-read-metadata file-ioctl\n"
4c6277cc 336 " (regex #\"^/dev/\"))\n");
6e6611ef
MS		 337
338 /* And allow kernel extensions to be loaded, e.g., SMB */
339 cupsFilePuts(fp, "(allow system-kext-load)\n");
8fe0183a
MS		 340 }
341 else
342 {
fb3777cc 343 /* Only allow SNMP (UDP) and LPD (TCP) off the machine... */
8fe0183a
MS		 344 cupsFilePuts(fp, ")\n");
345 cupsFilePuts(fp, "(allow network-outbound\n"
2dd94018 346 " (remote udp \"*:161\")\n"
fb3777cc 347 " (remote tcp \"*:515\"))\n");
8fe0183a
MS		 348 cupsFilePuts(fp, "(allow network-inbound\n"
349 " (local udp \"localhost:*\"))\n");
e60ec91f 350 }
a4924f6c
MS		 351 cupsFileClose(fp);
352
8fe0183a 353 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d,allow_networking=%d) = \"%s\"", job_id, allow_networking, profile);
a4924f6c 354 return ((void *)strdup(profile));
b9faaae1 355
a4924f6c 356#else
8fe0183a 357 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking);
a4924f6c
MS		 358
359 return (NULL);
360#endif /* HAVE_SANDBOX_H */
361}
362
363
364/*
365 * 'cupsdDestroyProfile()' - Delete an execution profile.
366 */
367
368void
369cupsdDestroyProfile(void *profile) /* I - Profile */
370{
b9faaae1
MS		 371 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDeleteProfile(profile=\"%s\")",
372 profile ? (char *)profile : "(null)");
373
a4924f6c
MS		 374#ifdef HAVE_SANDBOX_H
375 if (profile)
376 {
377 unlink((char *)profile);
378 free(profile);
379 }
380#endif /* HAVE_SANDBOX_H */
381}
e00b005a 382
383
ef416fc2 384/*
385 * 'cupsdEndProcess()' - End a process.
386 */
387
388int /* O - 0 on success, -1 on failure */
389cupsdEndProcess(int pid, /* I - Process ID */
390 int force) /* I - Force child to die */
391{
b9faaae1
MS		 392 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdEndProcess(pid=%d, force=%d)", pid,
393 force);
394
ef55b745
MS		 395 if (!pid)
396 return (0);
88f9aafc
MS		 397
398 if (!RunUser)
399 {
400 /*
401 * When running as root, cupsd puts child processes in their own process
402 * group. Using "-pid" sends a signal to all processes in the group.
403 */
404
405 pid = -pid;
406 }
407
408 if (force)
ef416fc2 409 return (kill(pid, SIGKILL));
410 else
411 return (kill(pid, SIGTERM));
412}
413
414
e00b005a 415/*
416 * 'cupsdFinishProcess()' - Finish a process and get its name.
417 */
418
419const char * /* O - Process name */
07623986
MS		 420cupsdFinishProcess(int pid, /* I - Process ID */
421 char *name, /* I - Name buffer */
422 size_t namelen, /* I - Size of name buffer */
423 int *job_id) /* O - Job ID pointer or NULL */
e00b005a 424{
425 cupsd_proc_t key, /* Search key */
426 *proc; /* Matching process */
427
428
429 key.pid = pid;
430
431 if ((proc = (cupsd_proc_t *)cupsArrayFind(process_array, &key)) != NULL)
432 {
b9faaae1
MS		 433 if (job_id)
434 *job_id = proc->job_id;
435
e00b005a 436 strlcpy(name, proc->name, namelen);
437 cupsArrayRemove(process_array, proc);
438 free(proc);
e00b005a 439 }
440 else
b9faaae1
MS		 441 {
442 if (job_id)
443 *job_id = 0;
444
445 strlcpy(name, "unknown", namelen);
446 }
447
07623986 448 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFinishProcess(pid=%d, name=%p, namelen=" CUPS_LLFMT ", job_id=%p(%d)) = \"%s\"", pid, name, CUPS_LLCAST namelen, job_id, job_id ? *job_id : 0, name);
b9faaae1
MS		 449
450 return (name);
e00b005a 451}
452
453
ef416fc2 454/*
455 * 'cupsdStartProcess()' - Start a process.
456 */
457
458int /* O - Process ID or 0 */
459cupsdStartProcess(
b9faaae1
MS		 460 const char *command, /* I - Full path to command */
461 char *argv[], /* I - Command-line arguments */
462 char *envp[], /* I - Environment */
463 int infd, /* I - Standard input file descriptor */
464 int outfd, /* I - Standard output file descriptor */
465 int errfd, /* I - Standard error file descriptor */
466 int backfd, /* I - Backchannel file descriptor */
467 int sidefd, /* I - Sidechannel file descriptor */
468 int root, /* I - Run as root? */
469 void *profile, /* I - Security profile to use */
38e73f87 470 cupsd_job_t *job, /* I - Job associated with process */
b9faaae1 471 int *pid) /* O - Process ID */
ef416fc2 472{
0268488e 473 int i; /* Looping var */
e60ec91f 474 const char *exec_path = command; /* Command to be exec'd */
28c194b0 475 char *real_argv[110], /* Real command-line arguments */
1b3b9aa9
MS		 476 cups_exec[1024], /* Path to "cups-exec" program */
477 user_str[16], /* User string */
478 group_str[16], /* Group string */
479 nice_str[16]; /* FilterNice string */
7e86f2f6 480 uid_t user; /* Command UID */
e00b005a 481 cupsd_proc_t *proc; /* New process record */
a7616fe8 482#if USE_POSIX_SPAWN
c82f05ea
MS		 483 posix_spawn_file_actions_t actions; /* Spawn file actions */
484 posix_spawnattr_t attrs; /* Spawn attributes */
73174bb3 485 sigset_t defsignals; /* Default signals */
07623986 486#elif defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
e00b005a 487 struct sigaction action; /* POSIX signal handler */
a7616fe8 488#endif /* USE_POSIX_SPAWN */
e53920b9 489#if defined(__APPLE__)
e00b005a 490 char processPath[1024], /* CFProcessPath environment variable */
491 linkpath[1024]; /* Link path for symlinks... */
492 int linkbytes; /* Bytes for link path */
e53920b9 493#endif /* __APPLE__ */
ef416fc2 494
495
22c9029b
MS		 496 *pid = 0;
497
0268488e
MS		 498 /*
499 * Figure out the UID for the child process...
500 */
501
bf3816c7
MS		 502 if (RunUser)
503 user = RunUser;
504 else if (root)
505 user = 0;
506 else
507 user = User;
508
0268488e
MS		 509 /*
510 * Check the permissions of the command we are running...
511 */
512
22c9029b
MS		 513 if (_cupsFileCheck(command, _CUPS_FILE_CHECK_PROGRAM, !RunUser,
514 cupsdLogFCMessage, job ? job->printer : NULL))
bf3816c7 515 return (0);
76cd9e37 516
e53920b9 517#if defined(__APPLE__)
518 if (envp)
e00b005a 519 {
520 /*
8072030b 521 * Add special voodoo magic for macOS - this allows macOS programs to access
f3c17241 522 * their bundle resources properly...
e00b005a 523 */
524
e53920b9 525 if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0)
526 {
527 /*
528 * Yes, this is a symlink to the actual program, nul-terminate and
529 * use it...
530 */
531
532 linkpath[linkbytes] = '\0';
e00b005a 533
e53920b9 534 if (linkpath[0] == '/')
535 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s",
536 linkpath);
537 else
538 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s/%s",
f7deaa1a 539 dirname((char *)command), linkpath);
e53920b9 540 }
e00b005a 541 else
e53920b9 542 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s", command);
bd7854cb 543
e53920b9 544 envp[0] = processPath; /* Replace <CFProcessPath> string */
545 }
546#endif /* __APPLE__ */
e00b005a 547
0268488e
MS		 548 /*
549 * Use helper program when we have a sandbox profile...
550 */
551
a7616fe8 552#if !USE_POSIX_SPAWN
0268488e 553 if (profile)
a7616fe8 554#endif /* !USE_POSIX_SPAWN */
0268488e
MS		 555 {
556 snprintf(cups_exec, sizeof(cups_exec), "%s/daemon/cups-exec", ServerBin);
8fe0183a 557 snprintf(user_str, sizeof(user_str), "%d", user);
c82f05ea
MS		 558 snprintf(group_str, sizeof(group_str), "%d", Group);
559 snprintf(nice_str, sizeof(nice_str), "%d", FilterNice);
0268488e
MS		 560
561 real_argv[0] = cups_exec;
28c194b0
MS		 562 real_argv[1] = (char *)"-g";
563 real_argv[2] = group_str;
564 real_argv[3] = (char *)"-n";
c82f05ea 565 real_argv[4] = nice_str;
28c194b0
MS		 566 real_argv[5] = (char *)"-u";
567 real_argv[6] = user_str;
343276df 568 real_argv[7] = profile ? profile : "none";
28c194b0 569 real_argv[8] = (char *)command;
0268488e
MS		 570
571 for (i = 0;
28c194b0 572 i < (int)(sizeof(real_argv) / sizeof(real_argv[0]) - 10) && argv[i];
0268488e 573 i ++)
28c194b0 574 real_argv[i + 9] = argv[i];
0268488e 575
28c194b0 576 real_argv[i + 9] = NULL;
0268488e 577
e60ec91f
MS		 578 argv = real_argv;
579 exec_path = cups_exec;
0268488e
MS		 580 }
581
c82f05ea
MS		 582 if (LogLevel == CUPSD_LOG_DEBUG2)
583 {
584 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Preparing to start \"%s\", arguments:", command);
585
586 for (i = 0; argv[i]; i ++)
587 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: argv[%d] = \"%s\"", i, argv[i]);
588 }
589
a7616fe8 590#if USE_POSIX_SPAWN
c82f05ea
MS		 591 /*
592 * Setup attributes and file actions for the spawn...
593 */
594
595 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Setting spawn attributes.");
73174bb3
MS		 596 sigemptyset(&defsignals);
597 sigaddset(&defsignals, SIGTERM);
598 sigaddset(&defsignals, SIGCHLD);
599 sigaddset(&defsignals, SIGPIPE);
600
c82f05ea
MS		 601 posix_spawnattr_init(&attrs);
602 posix_spawnattr_setflags(&attrs, POSIX_SPAWN_SETPGROUP | POSIX_SPAWN_SETSIGDEF);
73174bb3
MS		 603 posix_spawnattr_setpgroup(&attrs, 0);
604 posix_spawnattr_setsigdefault(&attrs, &defsignals);
c82f05ea
MS		 605
606 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Setting file actions.");
607 posix_spawn_file_actions_init(&actions);
608 if (infd != 0)
609 {
610 if (infd < 0)
0907c437 611 posix_spawn_file_actions_addopen(&actions, 0, "/dev/null", O_RDONLY, 0);
c82f05ea
MS		 612 else
613 posix_spawn_file_actions_adddup2(&actions, infd, 0);
614 }
615
616 if (outfd != 1)
617 {
618 if (outfd < 0)
619 posix_spawn_file_actions_addopen(&actions, 1, "/dev/null", O_WRONLY, 0);
620 else
621 posix_spawn_file_actions_adddup2(&actions, outfd, 1);
622 }
623
624 if (errfd != 2)
625 {
626 if (errfd < 0)
627 posix_spawn_file_actions_addopen(&actions, 2, "/dev/null", O_WRONLY, 0);
628 else
629 posix_spawn_file_actions_adddup2(&actions, errfd, 2);
630 }
631
632 if (backfd != 3 && backfd >= 0)
633 posix_spawn_file_actions_adddup2(&actions, backfd, 3);
634
635 if (sidefd != 4 && sidefd >= 0)
636 posix_spawn_file_actions_adddup2(&actions, sidefd, 4);
637
638 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Calling posix_spawn.");
639
640 if (posix_spawn(pid, exec_path, &actions, &attrs, argv, envp ? envp : environ))
641 {
642 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command, strerror(errno));
643
644 *pid = 0;
645 }
646 else
647 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: pid=%d", (int)*pid);
648
649 posix_spawn_file_actions_destroy(&actions);
650 posix_spawnattr_destroy(&attrs);
651
652#else
ef416fc2 653 /*
654 * Block signals before forking...
655 */
656
657 cupsdHoldSignals();
658
659 if ((*pid = fork()) == 0)
660 {
661 /*
88f9aafc
MS		 662 * Child process goes here; update stderr as needed...
663 */
664
665 if (errfd != 2)
666 {
667 if (errfd < 0)
668 errfd = open("/dev/null", O_WRONLY);
669
670 if (errfd != 2)
671 {
672 dup2(errfd, 2);
673 close(errfd);
674 }
675 }
676
677 /*
678 * Put this process in its own process group so that we can kill any child
679 * processes it creates.
680 */
681
c82f05ea 682# ifdef HAVE_SETPGID
88f9aafc
MS		 683 if (!RunUser && setpgid(0, 0))
684 exit(errno + 100);
c82f05ea 685# else
88f9aafc
MS		 686 if (!RunUser && setpgrp())
687 exit(errno + 100);
c82f05ea 688# endif /* HAVE_SETPGID */
88f9aafc
MS		 689
690 /*
691 * Update the remaining file descriptors as needed...
ef416fc2 692 */
693
694 if (infd != 0)
695 {
68b10830
MS		 696 if (infd < 0)
697 infd = open("/dev/null", O_RDONLY);
698
699 if (infd != 0)
700 {
701 dup2(infd, 0);
702 close(infd);
703 }
ef416fc2 704 }
68b10830 705
ef416fc2 706 if (outfd != 1)
707 {
68b10830
MS		 708 if (outfd < 0)
709 outfd = open("/dev/null", O_WRONLY);
710
711 if (outfd != 1)
712 {
713 dup2(outfd, 1);
714 close(outfd);
715 }
ef416fc2 716 }
68b10830 717
68b10830 718 if (backfd != 3 && backfd >= 0)
ef416fc2 719 {
68b10830
MS		 720 dup2(backfd, 3);
721 close(backfd);
ef416fc2 722 fcntl(3, F_SETFL, O_NDELAY);
723 }
68b10830
MS		 724
725 if (sidefd != 4 && sidefd >= 0)
f7deaa1a 726 {
68b10830
MS		 727 dup2(sidefd, 4);
728 close(sidefd);
f7deaa1a 729 fcntl(4, F_SETFL, O_NDELAY);
730 }
ef416fc2 731
732 /*
733 * Change the priority of the process based on the FilterNice setting.
5bd77a73 734 * (this is not done for root processes...)
ef416fc2 735 */
736
737 if (!root)
738 nice(FilterNice);
739
740 /*
88f9aafc 741 * Reset group membership to just the main one we belong to.
ef416fc2 742 */
743
88f9aafc
MS		 744 if (!RunUser && setgid(Group))
745 exit(errno + 100);
ef416fc2 746
88f9aafc
MS		 747 if (!RunUser && setgroups(1, &Group))
748 exit(errno + 100);
ef416fc2 749
88f9aafc
MS		 750 /*
751 * Change user to something "safe"...
752 */
41681883 753
88f9aafc
MS		 754 if (!RunUser && user && setuid(user))
755 exit(errno + 100);
ef416fc2 756
757 /*
758 * Change umask to restrict permissions on created files...
759 */
760
761 umask(077);
762
763 /*
764 * Unblock signals before doing the exec...
765 */
766
c82f05ea 767# ifdef HAVE_SIGSET
ef416fc2 768 sigset(SIGTERM, SIG_DFL);
769 sigset(SIGCHLD, SIG_DFL);
ef55b745 770 sigset(SIGPIPE, SIG_DFL);
c82f05ea 771# elif defined(HAVE_SIGACTION)
ef416fc2 772 memset(&action, 0, sizeof(action));
773
774 sigemptyset(&action.sa_mask);
775 action.sa_handler = SIG_DFL;
776
777 sigaction(SIGTERM, &action, NULL);
778 sigaction(SIGCHLD, &action, NULL);
ef55b745 779 sigaction(SIGPIPE, &action, NULL);
c82f05ea 780# else
ef416fc2 781 signal(SIGTERM, SIG_DFL);
782 signal(SIGCHLD, SIG_DFL);
ef55b745 783 signal(SIGPIPE, SIG_DFL);
c82f05ea 784# endif /* HAVE_SIGSET */
ef416fc2 785
786 cupsdReleaseSignals();
787
788 /*
0268488e
MS		 789 * Execute the command; if for some reason this doesn't work, log an error
790 * exit with a non-zero value...
ef416fc2 791 */
792
793 if (envp)
e60ec91f 794 execve(exec_path, argv, envp);
ef416fc2 795 else
e60ec91f 796 execv(exec_path, argv);
ef416fc2 797
88f9aafc 798 exit(errno + 100);
ef416fc2 799 }
800 else if (*pid < 0)
801 {
802 /*
803 * Error - couldn't fork a new process!
804 */
805
806 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command,
807 strerror(errno));
808
809 *pid = 0;
810 }
c82f05ea
MS		 811
812 cupsdReleaseSignals();
a7616fe8 813#endif /* USE_POSIX_SPAWN */
c82f05ea
MS		 814
815 if (*pid)
e00b005a 816 {
817 if (!process_array)
818 process_array = cupsArrayNew((cups_array_func_t)compare_procs, NULL);
f3c17241 819
e00b005a 820 if (process_array)
821 {
822 if ((proc = calloc(1, sizeof(cupsd_proc_t) + strlen(command))) != NULL)
823 {
b9faaae1 824 proc->pid = *pid;
38e73f87 825 proc->job_id = job ? job->id : 0;
e60ec91f 826 _cups_strcpy(proc->name, command);
e00b005a 827
828 cupsArrayAdd(process_array, proc);
829 }
830 }
831 }
ef416fc2 832
b9faaae1
MS		 833 cupsdLogMessage(CUPSD_LOG_DEBUG2,
834 "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
835 "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
38e73f87 836 "profile=%p, job=%p(%d), pid=%p) = %d",
b9faaae1 837 command, argv, envp, infd, outfd, errfd, backfd, sidefd,
38e73f87 838 root, profile, job, job ? job->id : 0, pid, *pid);
b9faaae1 839
ef416fc2 840 return (*pid);
841}
842
843
844/*
e00b005a 845 * 'compare_procs()' - Compare two processes.
846 */
847
848static int /* O - Result of comparison */
849compare_procs(cupsd_proc_t *a, /* I - First process */
850 cupsd_proc_t *b) /* I - Second process */
851{
852 return (a->pid - b->pid);
853}
854
855
a4924f6c
MS		 856#ifdef HAVE_SANDBOX_H
857/*
858 * 'cupsd_requote()' - Make a regular-expression version of a string.
859 */
860
861static char * /* O - Quoted string */
862cupsd_requote(char *dst, /* I - Destination buffer */
863 const char *src, /* I - Source string */
864 size_t dstsize) /* I - Size of destination buffer */
865{
866 int ch; /* Current character */
867 char *dstptr, /* Current position in buffer */
868 *dstend; /* End of destination buffer */
869
870
871 dstptr = dst;
872 dstend = dst + dstsize - 2;
873
874 while (*src && dstptr < dstend)
875 {
876 ch = *src++;
877
cb7f98ee
MS		 878 if (ch == '/' && !*src)
879 break; /* Don't add trailing slash */
880
8a984948 881 if (strchr(".?*()[]^$\\\"", ch))
a4924f6c
MS		 882 *dstptr++ = '\\';
883
7e86f2f6 884 *dstptr++ = (char)ch;
a4924f6c
MS		 885 }
886
887 *dstptr = '\0';
888
889 return (dst);
890}
891#endif /* HAVE_SANDBOX_H */
Unnamed repository; edit this file 'description' to name the repository.