4 * Process management routines for the CUPS scheduler.
6 * Copyright 2007-2014 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
17 * Include necessary headers...
24 #endif /* __APPLE__ */
25 #ifdef HAVE_POSIX_SPAWN
27 extern char **environ
;
28 #endif /* HAVE_POSIX_SPAWN */
32 * Process structure...
37 int pid
, /* Process ID */
38 job_id
; /* Job associated with process */
39 char name
[1]; /* Name of process */
47 static cups_array_t
*process_array
= NULL
;
54 static int compare_procs(cupsd_proc_t
*a
, cupsd_proc_t
*b
);
56 static char *cupsd_requote(char *dst
, const char *src
, size_t dstsize
);
57 #endif /* HAVE_SANDBOX_H */
61 * 'cupsdCreateProfile()' - Create an execution profile for a subprocess.
64 void * /* O - Profile or NULL on error */
65 cupsdCreateProfile(int job_id
, /* I - Job ID or 0 for none */
66 int allow_networking
)/* I - Allow networking off machine? */
69 cups_file_t
*fp
; /* File pointer */
70 char profile
[1024], /* File containing the profile */
71 bin
[1024], /* Quoted ServerBin */
72 cache
[1024], /* Quoted CacheDir */
73 domain
[1024], /* Domain socket, if any */
74 request
[1024], /* Quoted RequestRoot */
75 root
[1024], /* Quoted ServerRoot */
76 temp
[1024]; /* Quoted TempDir */
77 const char *nodebug
; /* " (with no-log)" for no debug */
78 cupsd_listener_t
*lis
; /* Current listening socket */
81 if (!UseSandboxing
|| Sandboxing
== CUPSD_SANDBOXING_OFF
)
84 * Only use sandbox profiles as root...
87 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id
, allow_networking
);
92 if ((fp
= cupsTempFile2(profile
, sizeof(profile
))) == NULL
)
94 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id
, allow_networking
);
95 cupsdLogMessage(CUPSD_LOG_ERROR
, "Unable to create security profile: %s",
100 fchown(cupsFileNumber(fp
), RunUser
, Group
);
101 fchmod(cupsFileNumber(fp
), 0640);
103 cupsd_requote(bin
, ServerBin
, sizeof(bin
));
104 cupsd_requote(cache
, CacheDir
, sizeof(cache
));
105 cupsd_requote(request
, RequestRoot
, sizeof(request
));
106 cupsd_requote(root
, ServerRoot
, sizeof(root
));
107 cupsd_requote(temp
, TempDir
, sizeof(temp
));
109 nodebug
= LogLevel
< CUPSD_LOG_DEBUG
? " (with no-log)" : "";
111 cupsFilePuts(fp
, "(version 1)\n");
112 if (Sandboxing
== CUPSD_SANDBOXING_STRICT
)
113 cupsFilePuts(fp
, "(deny default)\n");
115 cupsFilePuts(fp
, "(allow default)\n");
116 if (LogLevel
>= CUPSD_LOG_DEBUG
)
117 cupsFilePuts(fp
, "(debug deny)\n");
118 cupsFilePuts(fp
, "(import \"system.sb\")\n");
119 cupsFilePuts(fp
, "(system-network)\n");
120 cupsFilePuts(fp
, "(allow mach-per-user-lookup)\n");
121 cupsFilePuts(fp
, "(allow ipc-posix-sem)\n");
122 cupsFilePuts(fp
, "(allow ipc-posix-shm)\n");
123 cupsFilePuts(fp
, "(allow ipc-sysv-shm)\n");
124 cupsFilePuts(fp
, "(allow mach-lookup)\n");
126 "(deny file-write* file-read-data file-read-metadata\n"
128 " #\"^%s$\"" /* RequestRoot */
129 " #\"^%s/\"" /* RequestRoot/... */
131 request
, request
, nodebug
);
134 "(deny file-write* file-read-data file-read-metadata\n"
140 "(deny file-write*\n"
142 " #\"^%s$\"" /* ServerRoot */
143 " #\"^%s/\"" /* ServerRoot/... */
144 " #\"^/private/etc$\""
145 " #\"^/private/etc/\""
146 " #\"^/usr/local/etc$\""
147 " #\"^/usr/local/etc/\""
153 root
, root
, nodebug
);
154 /* Specifically allow applications to stat RequestRoot and some other system folders */
156 "(allow file-read-metadata\n"
159 " #\"^/usr$\"" /* /usr */
160 " #\"^/Library$\"" /* /Library */
161 " #\"^/Library/Printers$\"" /* /Library/Printers */
162 " #\"^%s$\"" /* RequestRoot */
165 /* Read and write TempDir, CacheDir, and other common folders */
167 "(allow file-write* file-read-data file-read-metadata\n"
169 " #\"^%s$\"" /* TempDir */
170 " #\"^%s/\"" /* TempDir/... */
171 " #\"^%s$\"" /* CacheDir */
172 " #\"^%s/\"" /* CacheDir/... */
173 " #\"^/private/var/db/\""
174 " #\"^/private/var/folders/\""
175 " #\"^/private/var/run/\""
176 " #\"^/Library/Application Support/\""
177 " #\"^/Library/Caches/\""
178 " #\"^/Library/Preferences/\""
179 " #\"^/Users/Shared/\""
181 temp
, temp
, cache
, cache
);
182 /* Read common folders */
184 "(allow file-read-data file-read-metadata\n"
186 " #\"^/AppleInternal$\""
187 " #\"^/AppleInternal/\""
188 " #\"^/bin$\"" /* /bin */
189 " #\"^/bin/\"" /* /bin/... */
191 " #\"^/private/etc$\""
192 " #\"^/private/etc/\""
193 " #\"^/private/tmp$\""
194 " #\"^/private/tmp/\""
195 " #\"^/private/var$\""
196 " #\"^/private/var/db$\""
197 " #\"^/private/var/folders$\""
198 " #\"^/private/var/run$\""
199 " #\"^/private/var/run/\""
200 " #\"^/private/var/spool$\""
201 " #\"^/usr/bin$\"" /* /usr/bin */
202 " #\"^/usr/bin/\"" /* /usr/bin/... */
203 " #\"^/usr/libexec/cups$\"" /* /usr/libexec/cups */
204 " #\"^/usr/libexec/cups/\"" /* /usr/libexec/cups/... */
205 " #\"^/usr/libexec/fax$\"" /* /usr/libexec/fax */
206 " #\"^/usr/libexec/fax/\"" /* /usr/libexec/fax/... */
207 " #\"^/usr/sbin$\"" /* /usr/sbin */
208 " #\"^/usr/sbin/\"" /* /usr/sbin/... */
209 " #\"^/Library/Application Support$\""
210 " #\"^/Library/Application Support/\""
211 " #\"^/Library/Caches$\""
212 " #\"^/Library/Fonts$\""
213 " #\"^/Library/Fonts/\""
214 " #\"^/Library/Frameworks$\""
215 " #\"^/Library/Frameworks/\""
216 " #\"^/Library/Keychains$\""
217 " #\"^/Library/Keychains/\""
218 " #\"^/Library/Printers$\""
219 " #\"^/Library/Printers/\""
220 " #\"^/Library/Security$\""
221 " #\"^/Library/Security/\""
222 " #\"^%s/Library$\"" /* RequestRoot/Library */
223 " #\"^%s/Library/\"" /* RequestRoot/Library/... */
224 " #\"^%s$\"" /* ServerBin */
225 " #\"^%s/\"" /* ServerBin/... */
226 " #\"^%s$\"" /* ServerRoot */
227 " #\"^%s/\"" /* ServerRoot/... */
229 request
, request
, bin
, bin
, root
, root
);
230 if (Sandboxing
== CUPSD_SANDBOXING_RELAXED
)
232 /* Limited write access to /Library/Printers/... */
234 "(allow file-write*\n"
236 " #\"^/Library/Printers/.*/\""
239 "(deny file-write*\n"
241 " #\"^/Library/Printers/PPDs$\""
242 " #\"^/Library/Printers/PPDs/\""
243 " #\"^/Library/Printers/PPD Plugins$\""
244 " #\"^/Library/Printers/PPD Plugins/\""
247 /* Allow execution of child processes */
248 cupsFilePuts(fp
, "(allow process-fork)\n");
250 "(allow process-exec\n"
252 " #\"^/bin/\"" /* /bin/... */
253 " #\"^/usr/bin/\"" /* /usr/bin/... */
254 " #\"^/usr/libexec/cups/\"" /* /usr/libexec/cups/... */
255 " #\"^/usr/libexec/fax/\"" /* /usr/libexec/fax/... */
256 " #\"^/usr/sbin/\"" /* /usr/sbin/... */
257 " #\"^%s/\"" /* ServerBin/... */
258 " #\"^/Library/Printers/.*/\""
259 " #\"^/System/Library/Frameworks/Python.framework/\""
262 if (RunUser
&& getenv("CUPS_TESTROOT"))
264 /* Allow source directory access in "make test" environment */
265 char testroot
[1024]; /* Root directory of test files */
267 cupsd_requote(testroot
, getenv("CUPS_TESTROOT"), sizeof(testroot
));
270 "(allow file-write* file-read-data file-read-metadata\n"
272 " #\"^%s$\"" /* CUPS_TESTROOT */
273 " #\"^%s/\"" /* CUPS_TESTROOT/... */
277 "(allow process-exec\n"
279 " #\"^%s/\"" /* CUPS_TESTROOT/... */
285 /* Allow job filters to read the current job files... */
287 "(allow file-read-data file-read-metadata\n"
288 " (regex #\"^%s/([ac]%05d|d%05d-[0-9][0-9][0-9])$\"))\n",
289 request
, job_id
, job_id
);
293 /* Allow email notifications from notifiers... */
295 "(allow process-exec\n"
296 " (literal \"/usr/sbin/sendmail\")\n"
297 " (with no-sandbox))\n");
299 /* Allow outbound networking to local services */
300 cupsFilePuts(fp
, "(allow network-outbound"
301 "\n (regex #\"^/private/var/run/\" #\"^/private/tmp/\")");
302 for (lis
= (cupsd_listener_t
*)cupsArrayFirst(Listeners
);
304 lis
= (cupsd_listener_t
*)cupsArrayNext(Listeners
))
306 if (httpAddrFamily(&(lis
->address
)) == AF_LOCAL
)
308 httpAddrString(&(lis
->address
), domain
, sizeof(domain
));
309 cupsFilePrintf(fp
, "\n (literal \"%s\")", domain
);
312 if (allow_networking
)
314 /* Allow TCP and UDP networking off the machine... */
315 cupsFilePuts(fp
, "\n (remote tcp))\n");
316 cupsFilePuts(fp
, "(allow network-bind)\n"); /* for LPD resvport */
317 cupsFilePuts(fp
, "(allow network*\n"
318 " (local udp \"*:*\")\n"
319 " (remote udp \"*:*\"))\n");
321 /* Also allow access to Bluetooth, USB, device files, etc. */
322 cupsFilePuts(fp
, "(allow iokit*)\n");
323 cupsFilePuts(fp
, "(allow file-write* file-read-data file-read-metadata file-ioctl\n"
324 " (regex #\"^/dev/\"))\n");
325 cupsFilePuts(fp
, "(allow distributed-notification-post)\n");
329 /* Only allow SNMP (UDP) off the machine... */
330 cupsFilePuts(fp
, ")\n");
331 cupsFilePuts(fp
, "(allow network-outbound\n"
332 " (remote udp \"*:161\"))\n");
333 cupsFilePuts(fp
, "(allow network-inbound\n"
334 " (local udp \"localhost:*\"))\n");
335 cupsFilePuts(fp
, "(deny iokit* (with no-report))\n");
339 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdCreateProfile(job_id=%d,allow_networking=%d) = \"%s\"", job_id
, allow_networking
, profile
);
340 return ((void *)strdup(profile
));
343 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdCreateProfile(job_id=%d, allow_networking=%d) = NULL", job_id
, allow_networking
);
346 #endif /* HAVE_SANDBOX_H */
351 * 'cupsdDestroyProfile()' - Delete an execution profile.
355 cupsdDestroyProfile(void *profile
) /* I - Profile */
357 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdDeleteProfile(profile=\"%s\")",
358 profile
? (char *)profile
: "(null)");
360 #ifdef HAVE_SANDBOX_H
363 unlink((char *)profile
);
366 #endif /* HAVE_SANDBOX_H */
371 * 'cupsdEndProcess()' - End a process.
374 int /* O - 0 on success, -1 on failure */
375 cupsdEndProcess(int pid
, /* I - Process ID */
376 int force
) /* I - Force child to die */
378 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdEndProcess(pid=%d, force=%d)", pid
,
387 * When running as root, cupsd puts child processes in their own process
388 * group. Using "-pid" sends a signal to all processes in the group.
395 return (kill(pid
, SIGKILL
));
397 return (kill(pid
, SIGTERM
));
402 * 'cupsdFinishProcess()' - Finish a process and get its name.
405 const char * /* O - Process name */
406 cupsdFinishProcess(int pid
, /* I - Process ID */
407 char *name
, /* I - Name buffer */
408 size_t namelen
, /* I - Size of name buffer */
409 int *job_id
) /* O - Job ID pointer or NULL */
411 cupsd_proc_t key
, /* Search key */
412 *proc
; /* Matching process */
417 if ((proc
= (cupsd_proc_t
*)cupsArrayFind(process_array
, &key
)) != NULL
)
420 *job_id
= proc
->job_id
;
422 strlcpy(name
, proc
->name
, namelen
);
423 cupsArrayRemove(process_array
, proc
);
431 strlcpy(name
, "unknown", namelen
);
434 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdFinishProcess(pid=%d, name=%p, namelen=" CUPS_LLFMT
", job_id=%p(%d)) = \"%s\"", pid
, name
, CUPS_LLCAST namelen
, job_id
, job_id
? *job_id
: 0, name
);
441 * 'cupsdStartProcess()' - Start a process.
444 int /* O - Process ID or 0 */
446 const char *command
, /* I - Full path to command */
447 char *argv
[], /* I - Command-line arguments */
448 char *envp
[], /* I - Environment */
449 int infd
, /* I - Standard input file descriptor */
450 int outfd
, /* I - Standard output file descriptor */
451 int errfd
, /* I - Standard error file descriptor */
452 int backfd
, /* I - Backchannel file descriptor */
453 int sidefd
, /* I - Sidechannel file descriptor */
454 int root
, /* I - Run as root? */
455 void *profile
, /* I - Security profile to use */
456 cupsd_job_t
*job
, /* I - Job associated with process */
457 int *pid
) /* O - Process ID */
459 int i
; /* Looping var */
460 const char *exec_path
= command
; /* Command to be exec'd */
461 char *real_argv
[110], /* Real command-line arguments */
462 cups_exec
[1024]; /* Path to "cups-exec" program */
463 uid_t user
; /* Command UID */
464 cupsd_proc_t
*proc
; /* New process record */
465 #ifdef HAVE_POSIX_SPAWN
466 posix_spawn_file_actions_t actions
; /* Spawn file actions */
467 posix_spawnattr_t attrs
; /* Spawn attributes */
468 char user_str
[16], /* User string */
469 group_str
[16], /* Group string */
470 nice_str
[16]; /* FilterNice string */
471 #elif defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
472 struct sigaction action
; /* POSIX signal handler */
473 #endif /* HAVE_POSIX_SPAWN */
474 #if defined(__APPLE__)
475 char processPath
[1024], /* CFProcessPath environment variable */
476 linkpath
[1024]; /* Link path for symlinks... */
477 int linkbytes
; /* Bytes for link path */
478 #endif /* __APPLE__ */
484 * Figure out the UID for the child process...
495 * Check the permissions of the command we are running...
498 if (_cupsFileCheck(command
, _CUPS_FILE_CHECK_PROGRAM
, !RunUser
,
499 cupsdLogFCMessage
, job
? job
->printer
: NULL
))
502 #if defined(__APPLE__)
506 * Add special voodoo magic for OS X - this allows OS X programs to access
507 * their bundle resources properly...
510 if ((linkbytes
= readlink(command
, linkpath
, sizeof(linkpath
) - 1)) > 0)
513 * Yes, this is a symlink to the actual program, nul-terminate and
517 linkpath
[linkbytes
] = '\0';
519 if (linkpath
[0] == '/')
520 snprintf(processPath
, sizeof(processPath
), "CFProcessPath=%s",
523 snprintf(processPath
, sizeof(processPath
), "CFProcessPath=%s/%s",
524 dirname((char *)command
), linkpath
);
527 snprintf(processPath
, sizeof(processPath
), "CFProcessPath=%s", command
);
529 envp
[0] = processPath
; /* Replace <CFProcessPath> string */
531 #endif /* __APPLE__ */
534 * Use helper program when we have a sandbox profile...
537 #ifndef HAVE_POSIX_SPAWN
539 #endif /* !HAVE_POSIX_SPAWN */
541 snprintf(cups_exec
, sizeof(cups_exec
), "%s/daemon/cups-exec", ServerBin
);
542 snprintf(user_str
, sizeof(user_str
), "%d", user
);
543 snprintf(group_str
, sizeof(group_str
), "%d", Group
);
544 snprintf(nice_str
, sizeof(nice_str
), "%d", FilterNice
);
546 real_argv
[0] = cups_exec
;
547 real_argv
[1] = (char *)"-g";
548 real_argv
[2] = group_str
;
549 real_argv
[3] = (char *)"-n";
550 real_argv
[4] = nice_str
;
551 real_argv
[5] = (char *)"-u";
552 real_argv
[6] = user_str
;
553 real_argv
[7] = profile
? profile
: "none";
554 real_argv
[8] = (char *)command
;
557 i
< (int)(sizeof(real_argv
) / sizeof(real_argv
[0]) - 10) && argv
[i
];
559 real_argv
[i
+ 9] = argv
[i
];
561 real_argv
[i
+ 9] = NULL
;
564 exec_path
= cups_exec
;
567 if (LogLevel
== CUPSD_LOG_DEBUG2
)
569 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdStartProcess: Preparing to start \"%s\", arguments:", command
);
571 for (i
= 0; argv
[i
]; i
++)
572 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdStartProcess: argv[%d] = \"%s\"", i
, argv
[i
]);
575 #ifdef HAVE_POSIX_SPAWN
577 * Setup attributes and file actions for the spawn...
580 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdStartProcess: Setting spawn attributes.");
581 posix_spawnattr_init(&attrs
);
582 posix_spawnattr_setflags(&attrs
, POSIX_SPAWN_SETPGROUP
| POSIX_SPAWN_SETSIGDEF
);
584 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdStartProcess: Setting file actions.");
585 posix_spawn_file_actions_init(&actions
);
589 posix_spawn_file_actions_addopen(&actions
, 0, "/dev/null", O_WRONLY
, 0);
591 posix_spawn_file_actions_adddup2(&actions
, infd
, 0);
597 posix_spawn_file_actions_addopen(&actions
, 1, "/dev/null", O_WRONLY
, 0);
599 posix_spawn_file_actions_adddup2(&actions
, outfd
, 1);
605 posix_spawn_file_actions_addopen(&actions
, 2, "/dev/null", O_WRONLY
, 0);
607 posix_spawn_file_actions_adddup2(&actions
, errfd
, 2);
610 if (backfd
!= 3 && backfd
>= 0)
611 posix_spawn_file_actions_adddup2(&actions
, backfd
, 3);
613 if (sidefd
!= 4 && sidefd
>= 0)
614 posix_spawn_file_actions_adddup2(&actions
, sidefd
, 4);
616 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdStartProcess: Calling posix_spawn.");
618 if (posix_spawn(pid
, exec_path
, &actions
, &attrs
, argv
, envp
? envp
: environ
))
620 cupsdLogMessage(CUPSD_LOG_ERROR
, "Unable to fork %s - %s.", command
, strerror(errno
));
625 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdStartProcess: pid=%d", (int)*pid
);
627 posix_spawn_file_actions_destroy(&actions
);
628 posix_spawnattr_destroy(&attrs
);
632 * Block signals before forking...
637 if ((*pid
= fork()) == 0)
640 * Child process goes here; update stderr as needed...
646 errfd
= open("/dev/null", O_WRONLY
);
656 * Put this process in its own process group so that we can kill any child
657 * processes it creates.
661 if (!RunUser
&& setpgid(0, 0))
664 if (!RunUser
&& setpgrp())
666 # endif /* HAVE_SETPGID */
669 * Update the remaining file descriptors as needed...
675 infd
= open("/dev/null", O_RDONLY
);
687 outfd
= open("/dev/null", O_WRONLY
);
696 if (backfd
!= 3 && backfd
>= 0)
700 fcntl(3, F_SETFL
, O_NDELAY
);
703 if (sidefd
!= 4 && sidefd
>= 0)
707 fcntl(4, F_SETFL
, O_NDELAY
);
711 * Change the priority of the process based on the FilterNice setting.
712 * (this is not done for root processes...)
719 * Reset group membership to just the main one we belong to.
722 if (!RunUser
&& setgid(Group
))
725 if (!RunUser
&& setgroups(1, &Group
))
729 * Change user to something "safe"...
732 if (!RunUser
&& user
&& setuid(user
))
736 * Change umask to restrict permissions on created files...
742 * Unblock signals before doing the exec...
746 sigset(SIGTERM
, SIG_DFL
);
747 sigset(SIGCHLD
, SIG_DFL
);
748 sigset(SIGPIPE
, SIG_DFL
);
749 # elif defined(HAVE_SIGACTION)
750 memset(&action
, 0, sizeof(action
));
752 sigemptyset(&action
.sa_mask
);
753 action
.sa_handler
= SIG_DFL
;
755 sigaction(SIGTERM
, &action
, NULL
);
756 sigaction(SIGCHLD
, &action
, NULL
);
757 sigaction(SIGPIPE
, &action
, NULL
);
759 signal(SIGTERM
, SIG_DFL
);
760 signal(SIGCHLD
, SIG_DFL
);
761 signal(SIGPIPE
, SIG_DFL
);
762 # endif /* HAVE_SIGSET */
764 cupsdReleaseSignals();
767 * Execute the command; if for some reason this doesn't work, log an error
768 * exit with a non-zero value...
772 execve(exec_path
, argv
, envp
);
774 execv(exec_path
, argv
);
781 * Error - couldn't fork a new process!
784 cupsdLogMessage(CUPSD_LOG_ERROR
, "Unable to fork %s - %s.", command
,
790 cupsdReleaseSignals();
791 #endif /* HAVE_POSIX_SPAWN */
796 process_array
= cupsArrayNew((cups_array_func_t
)compare_procs
, NULL
);
800 if ((proc
= calloc(1, sizeof(cupsd_proc_t
) + strlen(command
))) != NULL
)
803 proc
->job_id
= job
? job
->id
: 0;
804 _cups_strcpy(proc
->name
, command
);
806 cupsArrayAdd(process_array
, proc
);
811 cupsdLogMessage(CUPSD_LOG_DEBUG2
,
812 "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
813 "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
814 "profile=%p, job=%p(%d), pid=%p) = %d",
815 command
, argv
, envp
, infd
, outfd
, errfd
, backfd
, sidefd
,
816 root
, profile
, job
, job
? job
->id
: 0, pid
, *pid
);
823 * 'compare_procs()' - Compare two processes.
826 static int /* O - Result of comparison */
827 compare_procs(cupsd_proc_t
*a
, /* I - First process */
828 cupsd_proc_t
*b
) /* I - Second process */
830 return (a
->pid
- b
->pid
);
834 #ifdef HAVE_SANDBOX_H
836 * 'cupsd_requote()' - Make a regular-expression version of a string.
839 static char * /* O - Quoted string */
840 cupsd_requote(char *dst
, /* I - Destination buffer */
841 const char *src
, /* I - Source string */
842 size_t dstsize
) /* I - Size of destination buffer */
844 int ch
; /* Current character */
845 char *dstptr
, /* Current position in buffer */
846 *dstend
; /* End of destination buffer */
850 dstend
= dst
+ dstsize
- 2;
852 while (*src
&& dstptr
< dstend
)
856 if (ch
== '/' && !*src
)
857 break; /* Don't add trailing slash */
859 if (strchr(".?*()[]^$\\", ch
))
862 *dstptr
++ = (char)ch
;
869 #endif /* HAVE_SANDBOX_H */