]> git.ipfire.org Git - thirdparty/cups.git/blob - scheduler/process.c
projects / thirdparty / cups.git / blob
? search:


1154043dfffccd1137c55467a1fd0ff4700fec9a
[thirdparty/cups.git] / scheduler / process.c
1 /*
2 * "$Id: process.c 12471 2015-02-01 05:07:10Z msweet $"
3 *
4 * Process management routines for the CUPS scheduler.
5 *
6 * Copyright 2007-2015 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
8 *
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
14 */
15
16 /*
17 * Include necessary headers...
18 */
19
20 #include "cupsd.h"
21 #include <grp.h>
22 #ifdef __APPLE__
23 # include <libgen.h>
24 #endif /* __APPLE__ */
25 #ifdef HAVE_POSIX_SPAWN
26 # include <spawn.h>
27 extern char **environ;
28 #endif /* HAVE_POSIX_SPAWN */
29 #ifdef HAVE_POSIX_SPAWN
30 # if !defined(__OpenBSD__) || OpenBSD >= 201505
31 # define USE_POSIX_SPAWN 1
32 # else
33 # define USE_POSIX_SPAWN 0
34 # endif /* !__OpenBSD__ || */
35 #else
36 # define USE_POSIX_SPAWN 0
37 #endif /* HAVE_POSIX_SPAWN */
38
39
40 /*
41 * Process structure...
42 */
43
44 typedef struct
45 {
46 int pid, /* Process ID */
47 job_id; /* Job associated with process */
48 char name[1]; /* Name of process */
49 } cupsd_proc_t;
50
51
52 /*
53 * Local globals...
54 */
55
56 static cups_array_t *process_array = NULL;
57
58
59 /*
60 * Local functions...
61 */
62
63 static int compare_procs(cupsd_proc_t *a, cupsd_proc_t *b);
64 #ifdef HAVE_SANDBOX_H
65 static char *cupsd_requote(char *dst, const char *src, size_t dstsize);
66 #endif /* HAVE_SANDBOX_H */
67
68
69 /*
70 * 'cupsdCreateProfile()' - Create an execution profile for a subprocess.
71 */
72
73 void * /* O - Profile or NULL on error */
74 cupsdCreateProfile(int job_id, /* I - Job ID or 0 for none */
75 int allow_networking)/* I - Allow networking off machine? */
76 {
77 #ifdef HAVE_SANDBOX_H
78 cups_file_t *fp; /* File pointer */
79 char profile[1024], /* File containing the profile */
80 bin[1024], /* Quoted ServerBin */
81 cache[1024], /* Quoted CacheDir */
82 domain[1024], /* Domain socket, if any */
83 request[1024], /* Quoted RequestRoot */
84 root[1024], /* Quoted ServerRoot */
85 state[1024], /* Quoted StateDir */
86 temp[1024]; /* Quoted TempDir */
87 const char *nodebug; /* " (with no-log)" for no debug */
88 cupsd_listener_t *lis; /* Current listening socket */
89
90
91 if (!UseSandboxing || Sandboxing == CUPSD_SANDBOXING_OFF)
92 {
93 /*
94 * Only use sandbox profiles as root...
95 */
96
97 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking);
98
99 return (NULL);
100 }
101
102 if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL)
103 {
104 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking);
105 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create security profile: %s",
106 strerror(errno));
107 return (NULL);
108 }
109
110 fchown(cupsFileNumber(fp), RunUser, Group);
111 fchmod(cupsFileNumber(fp), 0640);
112
113 cupsd_requote(bin, ServerBin, sizeof(bin));
114 cupsd_requote(cache, CacheDir, sizeof(cache));
115 cupsd_requote(request, RequestRoot, sizeof(request));
116 cupsd_requote(root, ServerRoot, sizeof(root));
117 cupsd_requote(state, StateDir, sizeof(state));
118 cupsd_requote(temp, TempDir, sizeof(temp));
119
120 nodebug = LogLevel < CUPSD_LOG_DEBUG ? " (with no-log)" : "";
121
122 cupsFilePuts(fp, "(version 1)\n");
123 if (Sandboxing == CUPSD_SANDBOXING_STRICT)
124 cupsFilePuts(fp, "(deny default)\n");
125 else
126 cupsFilePuts(fp, "(allow default)\n");
127 if (LogLevel >= CUPSD_LOG_DEBUG)
128 cupsFilePuts(fp, "(debug deny)\n");
129 cupsFilePuts(fp, "(import \"system.sb\")\n");
130 cupsFilePuts(fp, "(system-network)\n");
131 cupsFilePuts(fp, "(allow mach-per-user-lookup)\n");
132 cupsFilePuts(fp, "(allow ipc-posix-sem)\n");
133 cupsFilePuts(fp, "(allow ipc-posix-shm)\n");
134 cupsFilePuts(fp, "(allow ipc-sysv-shm)\n");
135 cupsFilePuts(fp, "(allow mach-lookup)\n");
136 if (!RunUser)
137 cupsFilePrintf(fp,
138 "(deny file-write* file-read-data file-read-metadata\n"
139 " (regex"
140 " #\"^/Users$\""
141 " #\"^/Users/\""
142 ")%s)\n", nodebug);
143 cupsFilePrintf(fp,
144 "(deny file-write*\n"
145 " (regex"
146 " #\"^%s$\"" /* ServerRoot */
147 " #\"^%s/\"" /* ServerRoot/... */
148 " #\"^/private/etc$\""
149 " #\"^/private/etc/\""
150 " #\"^/usr/local/etc$\""
151 " #\"^/usr/local/etc/\""
152 " #\"^/Library$\""
153 " #\"^/Library/\""
154 " #\"^/System$\""
155 " #\"^/System/\""
156 ")%s)\n",
157 root, root, nodebug);
158 /* Specifically allow applications to stat RequestRoot and some other system folders */
159 cupsFilePrintf(fp,
160 "(allow file-read-metadata\n"
161 " (regex"
162 " #\"^/$\"" /* / */
163 " #\"^/usr$\"" /* /usr */
164 " #\"^/Library$\"" /* /Library */
165 " #\"^/Library/Printers$\"" /* /Library/Printers */
166 " #\"^%s$\"" /* RequestRoot */
167 "))\n",
168 request);
169 /* Read and write TempDir, CacheDir, and other common folders */
170 cupsFilePuts(fp,
171 "(allow file-write* file-read-data file-read-metadata\n"
172 " (regex"
173 " #\"^/private/var/db/\""
174 " #\"^/private/var/folders/\""
175 " #\"^/private/var/lib/\""
176 " #\"^/private/var/log/\""
177 " #\"^/private/var/mysql/\""
178 " #\"^/private/var/run/\""
179 " #\"^/private/var/spool/\""
180 " #\"^/Library/Application Support/\""
181 " #\"^/Library/Caches/\""
182 " #\"^/Library/Logs/\""
183 " #\"^/Library/Preferences/\""
184 " #\"^/Library/WebServer/\""
185 " #\"^/Users/Shared/\""
186 "))\n");
187 cupsFilePrintf(fp,
188 "(deny file-write*\n"
189 " (regex #\"^%s$\")%s)\n",
190 request, nodebug);
191 cupsFilePrintf(fp,
192 "(deny file-write* file-read-data file-read-metadata\n"
193 " (regex #\"^%s/\")%s)\n",
194 request, nodebug);
195 cupsFilePrintf(fp,
196 "(allow file-write* file-read-data file-read-metadata\n"
197 " (regex"
198 " #\"^%s$\"" /* TempDir */
199 " #\"^%s/\"" /* TempDir/... */
200 " #\"^%s$\"" /* CacheDir */
201 " #\"^%s/\"" /* CacheDir/... */
202 " #\"^%s$\"" /* StateDir */
203 " #\"^%s/\"" /* StateDir/... */
204 "))\n",
205 temp, temp, cache, cache, state, state);
206 /* Read common folders */
207 cupsFilePrintf(fp,
208 "(allow file-read-data file-read-metadata\n"
209 " (regex"
210 " #\"^/AppleInternal$\""
211 " #\"^/AppleInternal/\""
212 " #\"^/bin$\"" /* /bin */
213 " #\"^/bin/\"" /* /bin/... */
214 " #\"^/private$\""
215 " #\"^/private/etc$\""
216 " #\"^/private/etc/\""
217 " #\"^/private/tmp$\""
218 " #\"^/private/tmp/\""
219 " #\"^/private/var$\""
220 " #\"^/private/var/db$\""
221 " #\"^/private/var/folders$\""
222 " #\"^/private/var/lib$\""
223 " #\"^/private/var/log$\""
224 " #\"^/private/var/mysql$\""
225 " #\"^/private/var/run$\""
226 " #\"^/private/var/spool$\""
227 " #\"^/private/var/tmp$\""
228 " #\"^/private/var/tmp/\""
229 " #\"^/usr/bin$\"" /* /usr/bin */
230 " #\"^/usr/bin/\"" /* /usr/bin/... */
231 " #\"^/usr/libexec/cups$\"" /* /usr/libexec/cups */
232 " #\"^/usr/libexec/cups/\"" /* /usr/libexec/cups/... */
233 " #\"^/usr/libexec/fax$\"" /* /usr/libexec/fax */
234 " #\"^/usr/libexec/fax/\"" /* /usr/libexec/fax/... */
235 " #\"^/usr/sbin$\"" /* /usr/sbin */
236 " #\"^/usr/sbin/\"" /* /usr/sbin/... */
237 " #\"^/Library$\"" /* /Library */
238 " #\"^/Library/\"" /* /Library/... */
239 " #\"^/System$\"" /* /System */
240 " #\"^/System/\"" /* /System/... */
241 " #\"^%s/Library$\"" /* RequestRoot/Library */
242 " #\"^%s/Library/\"" /* RequestRoot/Library/... */
243 " #\"^%s$\"" /* ServerBin */
244 " #\"^%s/\"" /* ServerBin/... */
245 " #\"^%s$\"" /* ServerRoot */
246 " #\"^%s/\"" /* ServerRoot/... */
247 "))\n",
248 request, request, bin, bin, root, root);
249 if (Sandboxing == CUPSD_SANDBOXING_RELAXED)
250 {
251 /* Limited write access to /Library/Printers/... */
252 cupsFilePuts(fp,
253 "(allow file-write*\n"
254 " (regex"
255 " #\"^/Library/Printers/.*/\""
256 "))\n");
257 cupsFilePrintf(fp,
258 "(deny file-write*\n"
259 " (regex"
260 " #\"^/Library/Printers/PPDs$\""
261 " #\"^/Library/Printers/PPDs/\""
262 " #\"^/Library/Printers/PPD Plugins$\""
263 " #\"^/Library/Printers/PPD Plugins/\""
264 ")%s)\n", nodebug);
265 }
266 /* Allow execution of child processes as long as the programs are not in a user directory */
267 cupsFilePuts(fp, "(allow process*)\n");
268 cupsFilePuts(fp, "(deny process-exec (regex #\"^/Users/\"))\n");
269 if (RunUser && getenv("CUPS_TESTROOT"))
270 {
271 /* Allow source directory access in "make test" environment */
272 char testroot[1024]; /* Root directory of test files */
273
274 cupsd_requote(testroot, getenv("CUPS_TESTROOT"), sizeof(testroot));
275
276 cupsFilePrintf(fp,
277 "(allow file-write* file-read-data file-read-metadata\n"
278 " (regex"
279 " #\"^%s$\"" /* CUPS_TESTROOT */
280 " #\"^%s/\"" /* CUPS_TESTROOT/... */
281 "))\n",
282 testroot, testroot);
283 cupsFilePrintf(fp,
284 "(allow process-exec\n"
285 " (regex"
286 " #\"^%s/\"" /* CUPS_TESTROOT/... */
287 "))\n",
288 testroot);
289 cupsFilePrintf(fp, "(allow sysctl*)\n");
290 }
291 if (job_id)
292 {
293 /* Allow job filters to read the current job files... */
294 cupsFilePrintf(fp,
295 "(allow file-read-data file-read-metadata\n"
296 " (regex #\"^%s/([ac]%05d|d%05d-[0-9][0-9][0-9])$\"))\n",
297 request, job_id, job_id);
298 }
299 else
300 {
301 /* Allow email notifications from notifiers... */
302 cupsFilePuts(fp,
303 "(allow process-exec\n"
304 " (literal \"/usr/sbin/sendmail\")\n"
305 " (with no-sandbox))\n");
306 }
307 /* Allow access to Bluetooth, USB, and notify_post. */
308 cupsFilePuts(fp, "(allow iokit*)\n");
309 cupsFilePuts(fp, "(allow distributed-notification-post)\n");
310 /* Allow outbound networking to local services */
311 cupsFilePuts(fp, "(allow network-outbound"
312 "\n (regex #\"^/private/var/run/\" #\"^/private/tmp/\" #\"^/private/var/tmp/\")");
313 for (lis = (cupsd_listener_t *)cupsArrayFirst(Listeners);
314 lis;
315 lis = (cupsd_listener_t *)cupsArrayNext(Listeners))
316 {
317 if (httpAddrFamily(&(lis->address)) == AF_LOCAL)
318 {
319 httpAddrString(&(lis->address), domain, sizeof(domain));
320 cupsFilePrintf(fp, "\n (literal \"%s\")", domain);
321 }
322 }
323 if (allow_networking)
324 {
325 /* Allow TCP and UDP networking off the machine... */
326 cupsFilePuts(fp, "\n (remote tcp))\n");
327 cupsFilePuts(fp, "(allow network-bind)\n"); /* for LPD resvport */
328 cupsFilePuts(fp, "(allow network*\n"
329 " (local udp \"*:*\")\n"
330 " (remote udp \"*:*\"))\n");
331
332 /* Also allow access to device files... */
333 cupsFilePuts(fp, "(allow file-write* file-read-data file-read-metadata file-ioctl\n"
334 " (regex #\"^/dev/\"))\n");
335
336 /* And allow kernel extensions to be loaded, e.g., SMB */
337 cupsFilePuts(fp, "(allow system-kext-load)\n");
338 }
339 else
340 {
341 /* Only allow SNMP (UDP) and LPD (TCP) off the machine... */
342 cupsFilePuts(fp, ")\n");
343 cupsFilePuts(fp, "(allow network-outbound\n"
344 " (remote udp \"*:161\")"
345 " (remote tcp \"*:515\"))\n");
346 cupsFilePuts(fp, "(allow network-inbound\n"
347 " (local udp \"localhost:*\"))\n");
348 }
349 cupsFileClose(fp);
350
351 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d,allow_networking=%d) = \"%s\"", job_id, allow_networking, profile);
352 return ((void *)strdup(profile));
353
354 #else
355 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id, allow_networking);
356
357 return (NULL);
358 #endif /* HAVE_SANDBOX_H */
359 }
360
361
362 /*
363 * 'cupsdDestroyProfile()' - Delete an execution profile.
364 */
365
366 void
367 cupsdDestroyProfile(void *profile) /* I - Profile */
368 {
369 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDeleteProfile(profile=\"%s\")",
370 profile ? (char *)profile : "(null)");
371
372 #ifdef HAVE_SANDBOX_H
373 if (profile)
374 {
375 unlink((char *)profile);
376 free(profile);
377 }
378 #endif /* HAVE_SANDBOX_H */
379 }
380
381
382 /*
383 * 'cupsdEndProcess()' - End a process.
384 */
385
386 int /* O - 0 on success, -1 on failure */
387 cupsdEndProcess(int pid, /* I - Process ID */
388 int force) /* I - Force child to die */
389 {
390 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdEndProcess(pid=%d, force=%d)", pid,
391 force);
392
393 if (!pid)
394 return (0);
395
396 if (!RunUser)
397 {
398 /*
399 * When running as root, cupsd puts child processes in their own process
400 * group. Using "-pid" sends a signal to all processes in the group.
401 */
402
403 pid = -pid;
404 }
405
406 if (force)
407 return (kill(pid, SIGKILL));
408 else
409 return (kill(pid, SIGTERM));
410 }
411
412
413 /*
414 * 'cupsdFinishProcess()' - Finish a process and get its name.
415 */
416
417 const char * /* O - Process name */
418 cupsdFinishProcess(int pid, /* I - Process ID */
419 char *name, /* I - Name buffer */
420 size_t namelen, /* I - Size of name buffer */
421 int *job_id) /* O - Job ID pointer or NULL */
422 {
423 cupsd_proc_t key, /* Search key */
424 *proc; /* Matching process */
425
426
427 key.pid = pid;
428
429 if ((proc = (cupsd_proc_t *)cupsArrayFind(process_array, &key)) != NULL)
430 {
431 if (job_id)
432 *job_id = proc->job_id;
433
434 strlcpy(name, proc->name, namelen);
435 cupsArrayRemove(process_array, proc);
436 free(proc);
437 }
438 else
439 {
440 if (job_id)
441 *job_id = 0;
442
443 strlcpy(name, "unknown", namelen);
444 }
445
446 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdFinishProcess(pid=%d, name=%p, namelen=" CUPS_LLFMT ", job_id=%p(%d)) = \"%s\"", pid, name, CUPS_LLCAST namelen, job_id, job_id ? *job_id : 0, name);
447
448 return (name);
449 }
450
451
452 /*
453 * 'cupsdStartProcess()' - Start a process.
454 */
455
456 int /* O - Process ID or 0 */
457 cupsdStartProcess(
458 const char *command, /* I - Full path to command */
459 char *argv[], /* I - Command-line arguments */
460 char *envp[], /* I - Environment */
461 int infd, /* I - Standard input file descriptor */
462 int outfd, /* I - Standard output file descriptor */
463 int errfd, /* I - Standard error file descriptor */
464 int backfd, /* I - Backchannel file descriptor */
465 int sidefd, /* I - Sidechannel file descriptor */
466 int root, /* I - Run as root? */
467 void *profile, /* I - Security profile to use */
468 cupsd_job_t *job, /* I - Job associated with process */
469 int *pid) /* O - Process ID */
470 {
471 int i; /* Looping var */
472 const char *exec_path = command; /* Command to be exec'd */
473 char *real_argv[110], /* Real command-line arguments */
474 cups_exec[1024], /* Path to "cups-exec" program */
475 user_str[16], /* User string */
476 group_str[16], /* Group string */
477 nice_str[16]; /* FilterNice string */
478 uid_t user; /* Command UID */
479 cupsd_proc_t *proc; /* New process record */
480 #if USE_POSIX_SPAWN
481 posix_spawn_file_actions_t actions; /* Spawn file actions */
482 posix_spawnattr_t attrs; /* Spawn attributes */
483 sigset_t defsignals; /* Default signals */
484 #elif defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
485 struct sigaction action; /* POSIX signal handler */
486 #endif /* USE_POSIX_SPAWN */
487 #if defined(__APPLE__)
488 char processPath[1024], /* CFProcessPath environment variable */
489 linkpath[1024]; /* Link path for symlinks... */
490 int linkbytes; /* Bytes for link path */
491 #endif /* __APPLE__ */
492
493
494 *pid = 0;
495
496 /*
497 * Figure out the UID for the child process...
498 */
499
500 if (RunUser)
501 user = RunUser;
502 else if (root)
503 user = 0;
504 else
505 user = User;
506
507 /*
508 * Check the permissions of the command we are running...
509 */
510
511 if (_cupsFileCheck(command, _CUPS_FILE_CHECK_PROGRAM, !RunUser,
512 cupsdLogFCMessage, job ? job->printer : NULL))
513 return (0);
514
515 #if defined(__APPLE__)
516 if (envp)
517 {
518 /*
519 * Add special voodoo magic for OS X - this allows OS X programs to access
520 * their bundle resources properly...
521 */
522
523 if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0)
524 {
525 /*
526 * Yes, this is a symlink to the actual program, nul-terminate and
527 * use it...
528 */
529
530 linkpath[linkbytes] = '\0';
531
532 if (linkpath[0] == '/')
533 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s",
534 linkpath);
535 else
536 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s/%s",
537 dirname((char *)command), linkpath);
538 }
539 else
540 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s", command);
541
542 envp[0] = processPath; /* Replace <CFProcessPath> string */
543 }
544 #endif /* __APPLE__ */
545
546 /*
547 * Use helper program when we have a sandbox profile...
548 */
549
550 #if !USE_POSIX_SPAWN
551 if (profile)
552 #endif /* !USE_POSIX_SPAWN */
553 {
554 snprintf(cups_exec, sizeof(cups_exec), "%s/daemon/cups-exec", ServerBin);
555 snprintf(user_str, sizeof(user_str), "%d", user);
556 snprintf(group_str, sizeof(group_str), "%d", Group);
557 snprintf(nice_str, sizeof(nice_str), "%d", FilterNice);
558
559 real_argv[0] = cups_exec;
560 real_argv[1] = (char *)"-g";
561 real_argv[2] = group_str;
562 real_argv[3] = (char *)"-n";
563 real_argv[4] = nice_str;
564 real_argv[5] = (char *)"-u";
565 real_argv[6] = user_str;
566 real_argv[7] = profile ? profile : "none";
567 real_argv[8] = (char *)command;
568
569 for (i = 0;
570 i < (int)(sizeof(real_argv) / sizeof(real_argv[0]) - 10) && argv[i];
571 i ++)
572 real_argv[i + 9] = argv[i];
573
574 real_argv[i + 9] = NULL;
575
576 argv = real_argv;
577 exec_path = cups_exec;
578 }
579
580 if (LogLevel == CUPSD_LOG_DEBUG2)
581 {
582 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Preparing to start \"%s\", arguments:", command);
583
584 for (i = 0; argv[i]; i ++)
585 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: argv[%d] = \"%s\"", i, argv[i]);
586 }
587
588 #if USE_POSIX_SPAWN
589 /*
590 * Setup attributes and file actions for the spawn...
591 */
592
593 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Setting spawn attributes.");
594 sigemptyset(&defsignals);
595 sigaddset(&defsignals, SIGTERM);
596 sigaddset(&defsignals, SIGCHLD);
597 sigaddset(&defsignals, SIGPIPE);
598
599 posix_spawnattr_init(&attrs);
600 posix_spawnattr_setflags(&attrs, POSIX_SPAWN_SETPGROUP | POSIX_SPAWN_SETSIGDEF);
601 posix_spawnattr_setpgroup(&attrs, 0);
602 posix_spawnattr_setsigdefault(&attrs, &defsignals);
603
604 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Setting file actions.");
605 posix_spawn_file_actions_init(&actions);
606 if (infd != 0)
607 {
608 if (infd < 0)
609 posix_spawn_file_actions_addopen(&actions, 0, "/dev/null", O_WRONLY, 0);
610 else
611 posix_spawn_file_actions_adddup2(&actions, infd, 0);
612 }
613
614 if (outfd != 1)
615 {
616 if (outfd < 0)
617 posix_spawn_file_actions_addopen(&actions, 1, "/dev/null", O_WRONLY, 0);
618 else
619 posix_spawn_file_actions_adddup2(&actions, outfd, 1);
620 }
621
622 if (errfd != 2)
623 {
624 if (errfd < 0)
625 posix_spawn_file_actions_addopen(&actions, 2, "/dev/null", O_WRONLY, 0);
626 else
627 posix_spawn_file_actions_adddup2(&actions, errfd, 2);
628 }
629
630 if (backfd != 3 && backfd >= 0)
631 posix_spawn_file_actions_adddup2(&actions, backfd, 3);
632
633 if (sidefd != 4 && sidefd >= 0)
634 posix_spawn_file_actions_adddup2(&actions, sidefd, 4);
635
636 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: Calling posix_spawn.");
637
638 if (posix_spawn(pid, exec_path, &actions, &attrs, argv, envp ? envp : environ))
639 {
640 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command, strerror(errno));
641
642 *pid = 0;
643 }
644 else
645 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdStartProcess: pid=%d", (int)*pid);
646
647 posix_spawn_file_actions_destroy(&actions);
648 posix_spawnattr_destroy(&attrs);
649
650 #else
651 /*
652 * Block signals before forking...
653 */
654
655 cupsdHoldSignals();
656
657 if ((*pid = fork()) == 0)
658 {
659 /*
660 * Child process goes here; update stderr as needed...
661 */
662
663 if (errfd != 2)
664 {
665 if (errfd < 0)
666 errfd = open("/dev/null", O_WRONLY);
667
668 if (errfd != 2)
669 {
670 dup2(errfd, 2);
671 close(errfd);
672 }
673 }
674
675 /*
676 * Put this process in its own process group so that we can kill any child
677 * processes it creates.
678 */
679
680 # ifdef HAVE_SETPGID
681 if (!RunUser && setpgid(0, 0))
682 exit(errno + 100);
683 # else
684 if (!RunUser && setpgrp())
685 exit(errno + 100);
686 # endif /* HAVE_SETPGID */
687
688 /*
689 * Update the remaining file descriptors as needed...
690 */
691
692 if (infd != 0)
693 {
694 if (infd < 0)
695 infd = open("/dev/null", O_RDONLY);
696
697 if (infd != 0)
698 {
699 dup2(infd, 0);
700 close(infd);
701 }
702 }
703
704 if (outfd != 1)
705 {
706 if (outfd < 0)
707 outfd = open("/dev/null", O_WRONLY);
708
709 if (outfd != 1)
710 {
711 dup2(outfd, 1);
712 close(outfd);
713 }
714 }
715
716 if (backfd != 3 && backfd >= 0)
717 {
718 dup2(backfd, 3);
719 close(backfd);
720 fcntl(3, F_SETFL, O_NDELAY);
721 }
722
723 if (sidefd != 4 && sidefd >= 0)
724 {
725 dup2(sidefd, 4);
726 close(sidefd);
727 fcntl(4, F_SETFL, O_NDELAY);
728 }
729
730 /*
731 * Change the priority of the process based on the FilterNice setting.
732 * (this is not done for root processes...)
733 */
734
735 if (!root)
736 nice(FilterNice);
737
738 /*
739 * Reset group membership to just the main one we belong to.
740 */
741
742 if (!RunUser && setgid(Group))
743 exit(errno + 100);
744
745 if (!RunUser && setgroups(1, &Group))
746 exit(errno + 100);
747
748 /*
749 * Change user to something "safe"...
750 */
751
752 if (!RunUser && user && setuid(user))
753 exit(errno + 100);
754
755 /*
756 * Change umask to restrict permissions on created files...
757 */
758
759 umask(077);
760
761 /*
762 * Unblock signals before doing the exec...
763 */
764
765 # ifdef HAVE_SIGSET
766 sigset(SIGTERM, SIG_DFL);
767 sigset(SIGCHLD, SIG_DFL);
768 sigset(SIGPIPE, SIG_DFL);
769 # elif defined(HAVE_SIGACTION)
770 memset(&action, 0, sizeof(action));
771
772 sigemptyset(&action.sa_mask);
773 action.sa_handler = SIG_DFL;
774
775 sigaction(SIGTERM, &action, NULL);
776 sigaction(SIGCHLD, &action, NULL);
777 sigaction(SIGPIPE, &action, NULL);
778 # else
779 signal(SIGTERM, SIG_DFL);
780 signal(SIGCHLD, SIG_DFL);
781 signal(SIGPIPE, SIG_DFL);
782 # endif /* HAVE_SIGSET */
783
784 cupsdReleaseSignals();
785
786 /*
787 * Execute the command; if for some reason this doesn't work, log an error
788 * exit with a non-zero value...
789 */
790
791 if (envp)
792 execve(exec_path, argv, envp);
793 else
794 execv(exec_path, argv);
795
796 exit(errno + 100);
797 }
798 else if (*pid < 0)
799 {
800 /*
801 * Error - couldn't fork a new process!
802 */
803
804 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command,
805 strerror(errno));
806
807 *pid = 0;
808 }
809
810 cupsdReleaseSignals();
811 #endif /* USE_POSIX_SPAWN */
812
813 if (*pid)
814 {
815 if (!process_array)
816 process_array = cupsArrayNew((cups_array_func_t)compare_procs, NULL);
817
818 if (process_array)
819 {
820 if ((proc = calloc(1, sizeof(cupsd_proc_t) + strlen(command))) != NULL)
821 {
822 proc->pid = *pid;
823 proc->job_id = job ? job->id : 0;
824 _cups_strcpy(proc->name, command);
825
826 cupsArrayAdd(process_array, proc);
827 }
828 }
829 }
830
831 cupsdLogMessage(CUPSD_LOG_DEBUG2,
832 "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
833 "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
834 "profile=%p, job=%p(%d), pid=%p) = %d",
835 command, argv, envp, infd, outfd, errfd, backfd, sidefd,
836 root, profile, job, job ? job->id : 0, pid, *pid);
837
838 return (*pid);
839 }
840
841
842 /*
843 * 'compare_procs()' - Compare two processes.
844 */
845
846 static int /* O - Result of comparison */
847 compare_procs(cupsd_proc_t *a, /* I - First process */
848 cupsd_proc_t *b) /* I - Second process */
849 {
850 return (a->pid - b->pid);
851 }
852
853
854 #ifdef HAVE_SANDBOX_H
855 /*
856 * 'cupsd_requote()' - Make a regular-expression version of a string.
857 */
858
859 static char * /* O - Quoted string */
860 cupsd_requote(char *dst, /* I - Destination buffer */
861 const char *src, /* I - Source string */
862 size_t dstsize) /* I - Size of destination buffer */
863 {
864 int ch; /* Current character */
865 char *dstptr, /* Current position in buffer */
866 *dstend; /* End of destination buffer */
867
868
869 dstptr = dst;
870 dstend = dst + dstsize - 2;
871
872 while (*src && dstptr < dstend)
873 {
874 ch = *src++;
875
876 if (ch == '/' && !*src)
877 break; /* Don't add trailing slash */
878
879 if (strchr(".?*()[]^$\\", ch))
880 *dstptr++ = '\\';
881
882 *dstptr++ = (char)ch;
883 }
884
885 *dstptr = '\0';
886
887 return (dst);
888 }
889 #endif /* HAVE_SANDBOX_H */
890
891
892 /*
893 * End of "$Id: process.c 12471 2015-02-01 05:07:10Z msweet $".
894 */
Unnamed repository; edit this file 'description' to name the repository.