]>
git.ipfire.org Git - thirdparty/cups.git/blob - scheduler/cups-exec.c
c774450568f31c1be9ef136c0e69d1c097fb0f87
4 * Sandbox helper for CUPS.
6 * Copyright 2007-2014 by Apple Inc.
8 * These coded instructions, statements, and computer programs are the
9 * property of Apple Inc. and are protected by Federal copyright
10 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
11 * which should have been included with this file. If this file is
12 * file is missing or damaged, see the license at "http://www.cups.org/".
16 * cups-exec /path/to/profile [-u UID] [-g GID] [-n NICE] /path/to/program argv0 argv1 ... argvN
20 * Include necessary headers...
23 #include <cups/string-private.h>
24 #include <cups/file.h>
31 # ifndef SANDBOX_NAMED_EXTERNAL
32 # define SANDBOX_NAMED_EXTERNAL 0x0003
33 # endif /* !SANDBOX_NAMED_EXTERNAL */
34 # pragma GCC diagnostic ignored "-Wdeprecated-declarations"
35 #endif /* HAVE_SANDBOX_H */
42 static void usage(void) __attribute__((noreturn
));
46 * 'main()' - Apply sandbox profile and execute program.
49 int /* O - Exit status */
50 main(int argc
, /* I - Number of command-line args */
51 char *argv
[]) /* I - Command-line arguments */
53 int i
; /* Looping var */
54 const char *opt
; /* Current option character */
55 uid_t uid
= getuid(); /* UID */
56 gid_t gid
= getgid(); /* GID */
57 int niceval
= 0; /* Nice value */
59 char *sandbox_error
= NULL
; /* Sandbox error, if any */
60 #endif /* HAVE_SANDBOX_H */
64 * Parse command-line...
67 for (i
= 1; i
< argc
; i
++)
69 if (argv
[i
][0] == '-')
71 for (opt
= argv
[i
] + 1; *opt
; opt
++)
75 case 'g' : /* -g gid */
80 gid
= (gid_t
)atoi(argv
[i
]);
83 case 'n' : /* -n nice-value */
88 niceval
= atoi(argv
[i
]);
91 case 'u' : /* -g gid */
96 uid
= (uid_t
)atoi(argv
[i
]);
100 fprintf(stderr
, "cups-exec: Unknown option '-%c'.\n", *opt
);
110 * Check that we have enough arguments...
115 fputs("cups-exec: Insufficient arguments.\n", stderr
);
120 * Make sure side and back channel FDs are non-blocking...
123 fcntl(3, F_SETFL
, O_NDELAY
);
124 fcntl(4, F_SETFL
, O_NDELAY
);
127 * Change UID, GID, and nice value...
138 if (setgroups(1, &gid
))
141 if (uid
&& setuid(uid
))
147 #ifdef HAVE_SANDBOX_H
149 * Run in a separate security profile...
152 if (strcmp(argv
[i
], "none") &&
153 sandbox_init(argv
[i
], SANDBOX_NAMED_EXTERNAL
, &sandbox_error
))
155 cups_file_t
*fp
; /* File */
156 char line
[1024]; /* Line from file */
157 int linenum
= 0; /* Line number in file */
159 fprintf(stderr
, "DEBUG: sandbox_init failed: %s (%s)\n", sandbox_error
,
161 sandbox_free_error(sandbox_error
);
163 if ((fp
= cupsFileOpen(argv
[i
], "r")) != NULL
)
165 while (cupsFileGets(fp
, line
, sizeof(line
)))
168 fprintf(stderr
, "DEBUG: %4d %s\n", linenum
, line
);
173 return (100 + EINVAL
);
175 #endif /* HAVE_SANDBOX_H */
178 * Execute the program...
181 execv(argv
[i
+ 1], argv
+ i
+ 2);
184 * If we get here, execv() failed...
187 fprintf(stderr
, "DEBUG: execv failed: %s\n", strerror(errno
));
188 return (errno
+ 100);
193 * 'usage()' - Show program usage.
199 fputs("Usage: cups-exec [-g gid] [-n nice-value] [-u uid] /path/to/profile /path/to/program argv0 argv1 ... argvN\n", stderr
);