]> git.ipfire.org Git - thirdparty/cups.git/blob - scheduler/process.c
projects / thirdparty / cups.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge changes from CUPS 1.5svn-r9631.
[thirdparty/cups.git] / scheduler / process.c
1 /*
2 * "$Id: process.c 7256 2008-01-25 00:48:54Z mike $"
3 *
4 * Process management routines for the CUPS scheduler.
5 *
6 * Copyright 2007-2011 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
8 *
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
14 *
15 * Contents:
16 *
17 * cupsdCreateProfile() - Create an execution profile for a subprocess.
18 * cupsdDestroyProfile() - Delete an execution profile.
19 * cupsdEndProcess() - End a process.
20 * cupsdFinishProcess() - Finish a process and get its name.
21 * cupsdStartProcess() - Start a process.
22 * compare_procs() - Compare two processes.
23 * cupsd_requote() - Make a regular-expression version of a string.
24 */
25
26 /*
27 * Include necessary headers...
28 */
29
30 #include "cupsd.h"
31 #include <grp.h>
32 #ifdef __APPLE__
33 # include <libgen.h>
34 #endif /* __APPLE__ */
35
36
37 /*
38 * Process structure...
39 */
40
41 typedef struct
42 {
43 int pid, /* Process ID */
44 job_id; /* Job associated with process */
45 char name[1]; /* Name of process */
46 } cupsd_proc_t;
47
48
49 /*
50 * Local globals...
51 */
52
53 static cups_array_t *process_array = NULL;
54
55
56 /*
57 * Local functions...
58 */
59
60 static int compare_procs(cupsd_proc_t *a, cupsd_proc_t *b);
61 #ifdef HAVE_SANDBOX_H
62 static char *cupsd_requote(char *dst, const char *src, size_t dstsize);
63 #endif /* HAVE_SANDBOX_H */
64
65
66 /*
67 * 'cupsdCreateProfile()' - Create an execution profile for a subprocess.
68 */
69
70 void * /* O - Profile or NULL on error */
71 cupsdCreateProfile(int job_id) /* I - Job ID or 0 for none */
72 {
73 #ifdef HAVE_SANDBOX_H
74 cups_file_t *fp; /* File pointer */
75 char profile[1024], /* File containing the profile */
76 cache[1024], /* Quoted CacheDir */
77 request[1024], /* Quoted RequestRoot */
78 root[1024], /* Quoted ServerRoot */
79 temp[1024]; /* Quoted TempDir */
80
81
82 if (!UseProfiles)
83 {
84 /*
85 * Only use sandbox profiles as root...
86 */
87
88 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL",
89 job_id);
90
91 return (NULL);
92 }
93
94 if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL)
95 {
96 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL",
97 job_id);
98 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create security profile: %s",
99 strerror(errno));
100 return (NULL);
101 }
102
103 fchown(cupsFileNumber(fp), RunUser, Group);
104 fchmod(cupsFileNumber(fp), 0640);
105
106 cupsd_requote(cache, CacheDir, sizeof(cache));
107 cupsd_requote(request, RequestRoot, sizeof(request));
108 cupsd_requote(root, ServerRoot, sizeof(root));
109 cupsd_requote(temp, TempDir, sizeof(temp));
110
111 cupsFilePuts(fp, "(version 1)\n");
112 if (LogLevel >= CUPSD_LOG_DEBUG)
113 cupsFilePuts(fp, "(debug deny)\n");
114 cupsFilePuts(fp, "(allow default)\n");
115 cupsFilePrintf(fp,
116 "(deny file-write* file-read-data file-read-metadata\n"
117 " (regex"
118 " #\"^%s$\"" /* RequestRoot */
119 " #\"^%s/\"" /* RequestRoot/... */
120 "))\n",
121 request, request);
122 if (!RunUser)
123 cupsFilePuts(fp,
124 "(deny file-write* file-read-data file-read-metadata\n"
125 " (regex"
126 " #\"^/Users$\""
127 " #\"^/Users/\""
128 "))\n");
129 cupsFilePrintf(fp,
130 "(deny file-write*\n"
131 " (regex"
132 " #\"^%s$\"" /* ServerRoot */
133 " #\"^%s/\"" /* ServerRoot/... */
134 " #\"^/private/etc$\""
135 " #\"^/private/etc/\""
136 " #\"^/usr/local/etc$\""
137 " #\"^/usr/local/etc/\""
138 " #\"^/Library$\""
139 " #\"^/Library/\""
140 " #\"^/System$\""
141 " #\"^/System/\""
142 "))\n",
143 root, root);
144 /* Specifically allow applications to stat RequestRoot */
145 cupsFilePrintf(fp,
146 "(allow file-read-metadata\n"
147 " (regex"
148 " #\"^%s$\"" /* RequestRoot */
149 "))\n",
150 request);
151 cupsFilePrintf(fp,
152 "(allow file-write* file-read-data file-read-metadata\n"
153 " (regex"
154 " #\"^%s$\"" /* TempDir */
155 " #\"^%s/\"" /* TempDir/... */
156 " #\"^%s$\"" /* CacheDir */
157 " #\"^%s/\"" /* CacheDir/... */
158 " #\"^%s/Library$\"" /* RequestRoot/Library */
159 " #\"^%s/Library/\"" /* RequestRoot/Library/... */
160 " #\"^/Library/Application Support/\""
161 " #\"^/Library/Caches/\""
162 " #\"^/Library/Preferences/\""
163 " #\"^/Library/Printers/.*/\""
164 " #\"^/Users/Shared/\""
165 "))\n",
166 temp, temp, cache, cache, request, request);
167 cupsFilePuts(fp,
168 "(deny file-write*\n"
169 " (regex"
170 " #\"^/Library/Printers/PPDs$\""
171 " #\"^/Library/Printers/PPDs/\""
172 " #\"^/Library/Printers/PPD Plugins$\""
173 " #\"^/Library/Printers/PPD Plugins/\""
174 "))\n");
175 if (job_id)
176 {
177 /*
178 * Allow job filters to read the spool file(s)...
179 */
180
181 cupsFilePrintf(fp,
182 "(allow file-read-data file-read-metadata\n"
183 " (regex #\"^%s/([ac]%05d|d%05d-[0-9][0-9][0-9])$\"))\n",
184 request, job_id, job_id);
185 }
186 else
187 {
188 /*
189 * Allow email notifications from notifiers...
190 */
191
192 cupsFilePuts(fp,
193 "(allow process-exec\n"
194 " (literal \"/usr/sbin/sendmail\")\n"
195 " (with no-sandbox)\n"
196 ")\n");
197 }
198
199 cupsFileClose(fp);
200
201 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = \"%s\"",
202 job_id, profile);
203 return ((void *)strdup(profile));
204
205 #else
206 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL",
207 job_id);
208
209 return (NULL);
210 #endif /* HAVE_SANDBOX_H */
211 }
212
213
214 /*
215 * 'cupsdDestroyProfile()' - Delete an execution profile.
216 */
217
218 void
219 cupsdDestroyProfile(void *profile) /* I - Profile */
220 {
221 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDeleteProfile(profile=\"%s\")",
222 profile ? (char *)profile : "(null)");
223
224 #ifdef HAVE_SANDBOX_H
225 if (profile)
226 {
227 unlink((char *)profile);
228 free(profile);
229 }
230 #endif /* HAVE_SANDBOX_H */
231 }
232
233
234 /*
235 * 'cupsdEndProcess()' - End a process.
236 */
237
238 int /* O - 0 on success, -1 on failure */
239 cupsdEndProcess(int pid, /* I - Process ID */
240 int force) /* I - Force child to die */
241 {
242 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdEndProcess(pid=%d, force=%d)", pid,
243 force);
244
245 if (!pid)
246 return (0);
247 else if (force)
248 return (kill(pid, SIGKILL));
249 else
250 return (kill(pid, SIGTERM));
251 }
252
253
254 /*
255 * 'cupsdFinishProcess()' - Finish a process and get its name.
256 */
257
258 const char * /* O - Process name */
259 cupsdFinishProcess(int pid, /* I - Process ID */
260 char *name, /* I - Name buffer */
261 int namelen, /* I - Size of name buffer */
262 int *job_id) /* O - Job ID pointer or NULL */
263 {
264 cupsd_proc_t key, /* Search key */
265 *proc; /* Matching process */
266
267
268 key.pid = pid;
269
270 if ((proc = (cupsd_proc_t *)cupsArrayFind(process_array, &key)) != NULL)
271 {
272 if (job_id)
273 *job_id = proc->job_id;
274
275 strlcpy(name, proc->name, namelen);
276 cupsArrayRemove(process_array, proc);
277 free(proc);
278 }
279 else
280 {
281 if (job_id)
282 *job_id = 0;
283
284 strlcpy(name, "unknown", namelen);
285 }
286
287 cupsdLogMessage(CUPSD_LOG_DEBUG2,
288 "cupsdFinishProcess(pid=%d, name=%p, namelen=%d, "
289 "job_id=%p(%d)) = \"%s\"", pid, name, namelen, job_id,
290 job_id ? *job_id : 0, name);
291
292 return (name);
293 }
294
295
296 /*
297 * 'cupsdStartProcess()' - Start a process.
298 */
299
300 int /* O - Process ID or 0 */
301 cupsdStartProcess(
302 const char *command, /* I - Full path to command */
303 char *argv[], /* I - Command-line arguments */
304 char *envp[], /* I - Environment */
305 int infd, /* I - Standard input file descriptor */
306 int outfd, /* I - Standard output file descriptor */
307 int errfd, /* I - Standard error file descriptor */
308 int backfd, /* I - Backchannel file descriptor */
309 int sidefd, /* I - Sidechannel file descriptor */
310 int root, /* I - Run as root? */
311 void *profile, /* I - Security profile to use */
312 cupsd_job_t *job, /* I - Job associated with process */
313 int *pid) /* O - Process ID */
314 {
315 int i; /* Looping var */
316 const char *exec_path = command; /* Command to be exec'd */
317 char *real_argv[103], /* Real command-line arguments */
318 cups_exec[1024]; /* Path to "cups-exec" program */
319 int user; /* Command UID */
320 struct stat commandinfo; /* Command file information */
321 cupsd_proc_t *proc; /* New process record */
322 #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
323 struct sigaction action; /* POSIX signal handler */
324 #endif /* HAVE_SIGACTION && !HAVE_SIGSET */
325 #if defined(__APPLE__)
326 char processPath[1024], /* CFProcessPath environment variable */
327 linkpath[1024]; /* Link path for symlinks... */
328 int linkbytes; /* Bytes for link path */
329 #endif /* __APPLE__ */
330
331
332 /*
333 * Figure out the UID for the child process...
334 */
335
336 if (RunUser)
337 user = RunUser;
338 else if (root)
339 user = 0;
340 else
341 user = User;
342
343 /*
344 * Check the permissions of the command we are running...
345 */
346
347 if (stat(command, &commandinfo))
348 {
349 *pid = 0;
350
351 cupsdLogMessage(CUPSD_LOG_DEBUG2,
352 "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
353 "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
354 "profile=%p, job=%p(%d), pid=%p) = %d",
355 command, argv, envp, infd, outfd, errfd, backfd, sidefd,
356 root, profile, job, job ? job->id : 0, pid, *pid);
357 cupsdLogMessage(CUPSD_LOG_ERROR,
358 "%s%s \"%s\" not available: %s",
359 job && job->printer ? job->printer->name : "",
360 job && job->printer ? ": Printer driver" : "Program",
361 command, strerror(errno));
362
363 if (job && job->printer)
364 {
365 if (cupsdSetPrinterReasons(job->printer, "+cups-missing-filter-warning"))
366 cupsdAddEvent(CUPSD_EVENT_PRINTER_STATE, job->printer, NULL,
367 "Printer driver \"%s\" not available.", command);
368 }
369
370 return (0);
371 }
372 else if (!RunUser &&
373 ((commandinfo.st_mode & (S_ISUID | S_IWOTH)) ||
374 commandinfo.st_uid))
375 {
376 *pid = 0;
377
378 cupsdLogMessage(CUPSD_LOG_DEBUG2,
379 "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
380 "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
381 "profile=%p, job=%p(%d), pid=%p) = %d",
382 command, argv, envp, infd, outfd, errfd, backfd, sidefd,
383 root, profile, job, job ? job->id : 0, pid, *pid);
384 cupsdLogMessage(CUPSD_LOG_ERROR,
385 "%s%s \"%s\" has insecure permissions "
386 "(0%o/uid=%d/gid=%d).",
387 job && job->printer ? job->printer->name : "",
388 job && job->printer ? ": Printer driver" : "Program",
389 command, commandinfo.st_mode,
390 (int)commandinfo.st_uid, (int)commandinfo.st_gid);
391
392 if (job && job->printer)
393 {
394 if (cupsdSetPrinterReasons(job->printer, "+cups-insecure-filter-warning"))
395 cupsdAddEvent(CUPSD_EVENT_PRINTER_STATE, job->printer, NULL,
396 "Printer driver \"%s\" has insecure permissions "
397 "(0%o/uid=%d/gid=%d).", command, commandinfo.st_mode,
398 (int)commandinfo.st_uid, (int)commandinfo.st_gid);
399 }
400
401 errno = EPERM;
402
403 return (0);
404 }
405 else if ((commandinfo.st_uid != user || !(commandinfo.st_mode & S_IXUSR)) &&
406 (commandinfo.st_gid != Group || !(commandinfo.st_mode & S_IXGRP)) &&
407 !(commandinfo.st_mode & S_IXOTH))
408 {
409 *pid = 0;
410
411 cupsdLogMessage(CUPSD_LOG_DEBUG2,
412 "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
413 "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
414 "profile=%p, job=%p(%d), pid=%p) = %d",
415 command, argv, envp, infd, outfd, errfd, backfd, sidefd,
416 root, profile, job, job ? job->id : 0, pid, *pid);
417 cupsdLogMessage(CUPSD_LOG_ERROR,
418 "%s%s \"%s\" does not have execute permissions "
419 "(0%o/uid=%d/gid=%d).",
420 job && job->printer ? job->printer->name : "",
421 job && job->printer ? ": Printer driver" : "Program",
422 command, commandinfo.st_mode, (int)commandinfo.st_uid,
423 (int)commandinfo.st_gid);
424
425 errno = EPERM;
426 return (0);
427 }
428 else if (!RunUser && commandinfo.st_gid && (commandinfo.st_mode & S_IWGRP))
429 {
430 cupsdLogMessage(CUPSD_LOG_WARN,
431 "%s%s \"%s\" has insecure permissions "
432 "(0%o/uid=%d/gid=%d).",
433 job && job->printer ? job->printer->name : "",
434 job && job->printer ? ": Printer driver" : "Program",
435 command, commandinfo.st_mode,
436 (int)commandinfo.st_uid, (int)commandinfo.st_gid);
437
438 if (job && job->printer)
439 {
440 if (cupsdSetPrinterReasons(job->printer, "+cups-insecure-filter-warning"))
441 cupsdAddEvent(CUPSD_EVENT_PRINTER_STATE, job->printer, NULL,
442 "Printer driver \"%s\" has insecure permissions "
443 "(0%o/uid=%d/gid=%d).", command, commandinfo.st_mode,
444 (int)commandinfo.st_uid, (int)commandinfo.st_gid);
445 }
446 }
447
448 #if defined(__APPLE__)
449 if (envp)
450 {
451 /*
452 * Add special voodoo magic for Mac OS X - this allows Mac OS X
453 * programs to access their bundle resources properly...
454 */
455
456 if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0)
457 {
458 /*
459 * Yes, this is a symlink to the actual program, nul-terminate and
460 * use it...
461 */
462
463 linkpath[linkbytes] = '\0';
464
465 if (linkpath[0] == '/')
466 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s",
467 linkpath);
468 else
469 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s/%s",
470 dirname((char *)command), linkpath);
471 }
472 else
473 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s", command);
474
475 envp[0] = processPath; /* Replace <CFProcessPath> string */
476 }
477 #endif /* __APPLE__ */
478
479 /*
480 * Use helper program when we have a sandbox profile...
481 */
482
483 if (profile)
484 {
485 snprintf(cups_exec, sizeof(cups_exec), "%s/daemon/cups-exec", ServerBin);
486
487 real_argv[0] = cups_exec;
488 real_argv[1] = profile;
489 real_argv[2] = (char *)command;
490
491 for (i = 0;
492 i < (int)(sizeof(real_argv) / sizeof(real_argv[0]) - 4) && argv[i];
493 i ++)
494 real_argv[i + 3] = argv[i];
495
496 real_argv[i + 3] = NULL;
497
498 argv = real_argv;
499 exec_path = cups_exec;
500 }
501
502 /*
503 * Block signals before forking...
504 */
505
506 cupsdHoldSignals();
507
508 if ((*pid = fork()) == 0)
509 {
510 /*
511 * Child process goes here...
512 *
513 * Update stdin/stdout/stderr as needed...
514 */
515
516 if (infd != 0)
517 {
518 if (infd < 0)
519 infd = open("/dev/null", O_RDONLY);
520
521 if (infd != 0)
522 {
523 dup2(infd, 0);
524 close(infd);
525 }
526 }
527
528 if (outfd != 1)
529 {
530 if (outfd < 0)
531 outfd = open("/dev/null", O_WRONLY);
532
533 if (outfd != 1)
534 {
535 dup2(outfd, 1);
536 close(outfd);
537 }
538 }
539
540 if (errfd != 2)
541 {
542 if (errfd < 0)
543 errfd = open("/dev/null", O_WRONLY);
544
545 if (errfd != 2)
546 {
547 dup2(errfd, 2);
548 close(errfd);
549 }
550 }
551
552 if (backfd != 3 && backfd >= 0)
553 {
554 dup2(backfd, 3);
555 close(backfd);
556 fcntl(3, F_SETFL, O_NDELAY);
557 }
558
559 if (sidefd != 4 && sidefd >= 0)
560 {
561 dup2(sidefd, 4);
562 close(sidefd);
563 fcntl(4, F_SETFL, O_NDELAY);
564 }
565
566 /*
567 * Change the priority of the process based on the FilterNice setting.
568 * (this is not done for root processes...)
569 */
570
571 if (!root)
572 nice(FilterNice);
573
574 /*
575 * Change user to something "safe"...
576 */
577
578 if (!root && !RunUser)
579 {
580 /*
581 * Running as root, so change to non-priviledged user...
582 */
583
584 if (setgid(Group))
585 exit(errno);
586
587 if (setgroups(1, &Group))
588 exit(errno);
589
590 if (setuid(User))
591 exit(errno);
592 }
593 else
594 {
595 /*
596 * Reset group membership to just the main one we belong to.
597 */
598
599 if (setgid(Group) && !RunUser)
600 exit(errno);
601
602 if (setgroups(1, &Group) && !RunUser)
603 exit(errno);
604 }
605
606 /*
607 * Change umask to restrict permissions on created files...
608 */
609
610 umask(077);
611
612 /*
613 * Unblock signals before doing the exec...
614 */
615
616 #ifdef HAVE_SIGSET
617 sigset(SIGTERM, SIG_DFL);
618 sigset(SIGCHLD, SIG_DFL);
619 sigset(SIGPIPE, SIG_DFL);
620 #elif defined(HAVE_SIGACTION)
621 memset(&action, 0, sizeof(action));
622
623 sigemptyset(&action.sa_mask);
624 action.sa_handler = SIG_DFL;
625
626 sigaction(SIGTERM, &action, NULL);
627 sigaction(SIGCHLD, &action, NULL);
628 sigaction(SIGPIPE, &action, NULL);
629 #else
630 signal(SIGTERM, SIG_DFL);
631 signal(SIGCHLD, SIG_DFL);
632 signal(SIGPIPE, SIG_DFL);
633 #endif /* HAVE_SIGSET */
634
635 cupsdReleaseSignals();
636
637 /*
638 * Execute the command; if for some reason this doesn't work, log an error
639 * exit with a non-zero value...
640 */
641
642 if (envp)
643 execve(exec_path, argv, envp);
644 else
645 execv(exec_path, argv);
646
647 perror(command);
648
649 exit(1);
650 }
651 else if (*pid < 0)
652 {
653 /*
654 * Error - couldn't fork a new process!
655 */
656
657 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command,
658 strerror(errno));
659
660 *pid = 0;
661 }
662 else
663 {
664 if (!process_array)
665 process_array = cupsArrayNew((cups_array_func_t)compare_procs, NULL);
666
667 if (process_array)
668 {
669 if ((proc = calloc(1, sizeof(cupsd_proc_t) + strlen(command))) != NULL)
670 {
671 proc->pid = *pid;
672 proc->job_id = job ? job->id : 0;
673 _cups_strcpy(proc->name, command);
674
675 cupsArrayAdd(process_array, proc);
676 }
677 }
678 }
679
680 cupsdReleaseSignals();
681
682 cupsdLogMessage(CUPSD_LOG_DEBUG2,
683 "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
684 "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
685 "profile=%p, job=%p(%d), pid=%p) = %d",
686 command, argv, envp, infd, outfd, errfd, backfd, sidefd,
687 root, profile, job, job ? job->id : 0, pid, *pid);
688
689 return (*pid);
690 }
691
692
693 /*
694 * 'compare_procs()' - Compare two processes.
695 */
696
697 static int /* O - Result of comparison */
698 compare_procs(cupsd_proc_t *a, /* I - First process */
699 cupsd_proc_t *b) /* I - Second process */
700 {
701 return (a->pid - b->pid);
702 }
703
704
705 #ifdef HAVE_SANDBOX_H
706 /*
707 * 'cupsd_requote()' - Make a regular-expression version of a string.
708 */
709
710 static char * /* O - Quoted string */
711 cupsd_requote(char *dst, /* I - Destination buffer */
712 const char *src, /* I - Source string */
713 size_t dstsize) /* I - Size of destination buffer */
714 {
715 int ch; /* Current character */
716 char *dstptr, /* Current position in buffer */
717 *dstend; /* End of destination buffer */
718
719
720 dstptr = dst;
721 dstend = dst + dstsize - 2;
722
723 while (*src && dstptr < dstend)
724 {
725 ch = *src++;
726
727 if (strchr(".?*()[]^$\\", ch))
728 *dstptr++ = '\\';
729
730 *dstptr++ = ch;
731 }
732
733 *dstptr = '\0';
734
735 return (dst);
736 }
737 #endif /* HAVE_SANDBOX_H */
738
739
740 /*
741 * End of "$Id: process.c 7256 2008-01-25 00:48:54Z mike $".
742 */
Unnamed repository; edit this file 'description' to name the repository.