2 * "$Id: process.c 7256 2008-01-25 00:48:54Z mike $"
4 * Process management routines for the CUPS scheduler.
6 * Copyright 2007-2011 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
17 * cupsdCreateProfile() - Create an execution profile for a subprocess.
18 * cupsdDestroyProfile() - Delete an execution profile.
19 * cupsdEndProcess() - End a process.
20 * cupsdFinishProcess() - Finish a process and get its name.
21 * cupsdStartProcess() - Start a process.
22 * compare_procs() - Compare two processes.
23 * cupsd_requote() - Make a regular-expression version of a string.
27 * Include necessary headers...
34 #endif /* __APPLE__ */
38 * Process structure...
43 int pid
, /* Process ID */
44 job_id
; /* Job associated with process */
45 char name
[1]; /* Name of process */
53 static cups_array_t
*process_array
= NULL
;
60 static int compare_procs(cupsd_proc_t
*a
, cupsd_proc_t
*b
);
62 static char *cupsd_requote(char *dst
, const char *src
, size_t dstsize
);
63 #endif /* HAVE_SANDBOX_H */
67 * 'cupsdCreateProfile()' - Create an execution profile for a subprocess.
70 void * /* O - Profile or NULL on error */
71 cupsdCreateProfile(int job_id
) /* I - Job ID or 0 for none */
74 cups_file_t
*fp
; /* File pointer */
75 char profile
[1024], /* File containing the profile */
76 cache
[1024], /* Quoted CacheDir */
77 request
[1024], /* Quoted RequestRoot */
78 root
[1024], /* Quoted ServerRoot */
79 temp
[1024]; /* Quoted TempDir */
85 * Only use sandbox profiles as root...
88 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdCreateProfile(job_id=%d) = NULL",
94 if ((fp
= cupsTempFile2(profile
, sizeof(profile
))) == NULL
)
96 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdCreateProfile(job_id=%d) = NULL",
98 cupsdLogMessage(CUPSD_LOG_ERROR
, "Unable to create security profile: %s",
103 fchown(cupsFileNumber(fp
), RunUser
, Group
);
104 fchmod(cupsFileNumber(fp
), 0640);
106 cupsd_requote(cache
, CacheDir
, sizeof(cache
));
107 cupsd_requote(request
, RequestRoot
, sizeof(request
));
108 cupsd_requote(root
, ServerRoot
, sizeof(root
));
109 cupsd_requote(temp
, TempDir
, sizeof(temp
));
111 cupsFilePuts(fp
, "(version 1)\n");
112 if (LogLevel
>= CUPSD_LOG_DEBUG
)
113 cupsFilePuts(fp
, "(debug deny)\n");
114 cupsFilePuts(fp
, "(allow default)\n");
116 "(deny file-write* file-read-data file-read-metadata\n"
118 " #\"^%s$\"" /* RequestRoot */
119 " #\"^%s/\"" /* RequestRoot/... */
124 "(deny file-write* file-read-data file-read-metadata\n"
130 "(deny file-write*\n"
132 " #\"^%s$\"" /* ServerRoot */
133 " #\"^%s/\"" /* ServerRoot/... */
134 " #\"^/private/etc$\""
135 " #\"^/private/etc/\""
136 " #\"^/usr/local/etc$\""
137 " #\"^/usr/local/etc/\""
144 /* Specifically allow applications to stat RequestRoot */
146 "(allow file-read-metadata\n"
148 " #\"^%s$\"" /* RequestRoot */
152 "(allow file-write* file-read-data file-read-metadata\n"
154 " #\"^%s$\"" /* TempDir */
155 " #\"^%s/\"" /* TempDir/... */
156 " #\"^%s$\"" /* CacheDir */
157 " #\"^%s/\"" /* CacheDir/... */
158 " #\"^%s/Library$\"" /* RequestRoot/Library */
159 " #\"^%s/Library/\"" /* RequestRoot/Library/... */
160 " #\"^/Library/Application Support/\""
161 " #\"^/Library/Caches/\""
162 " #\"^/Library/Preferences/\""
163 " #\"^/Library/Printers/.*/\""
164 " #\"^/Users/Shared/\""
166 temp
, temp
, cache
, cache
, request
, request
);
168 "(deny file-write*\n"
170 " #\"^/Library/Printers/PPDs$\""
171 " #\"^/Library/Printers/PPDs/\""
172 " #\"^/Library/Printers/PPD Plugins$\""
173 " #\"^/Library/Printers/PPD Plugins/\""
178 * Allow job filters to read the spool file(s)...
182 "(allow file-read-data file-read-metadata\n"
183 " (regex #\"^%s/([ac]%05d|d%05d-[0-9][0-9][0-9])$\"))\n",
184 request
, job_id
, job_id
);
189 * Allow email notifications from notifiers...
193 "(allow process-exec\n"
194 " (literal \"/usr/sbin/sendmail\")\n"
195 " (with no-sandbox)\n"
201 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdCreateProfile(job_id=%d) = \"%s\"",
203 return ((void *)strdup(profile
));
206 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdCreateProfile(job_id=%d) = NULL",
210 #endif /* HAVE_SANDBOX_H */
215 * 'cupsdDestroyProfile()' - Delete an execution profile.
219 cupsdDestroyProfile(void *profile
) /* I - Profile */
221 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdDeleteProfile(profile=\"%s\")",
222 profile
? (char *)profile
: "(null)");
224 #ifdef HAVE_SANDBOX_H
227 unlink((char *)profile
);
230 #endif /* HAVE_SANDBOX_H */
235 * 'cupsdEndProcess()' - End a process.
238 int /* O - 0 on success, -1 on failure */
239 cupsdEndProcess(int pid
, /* I - Process ID */
240 int force
) /* I - Force child to die */
242 cupsdLogMessage(CUPSD_LOG_DEBUG2
, "cupsdEndProcess(pid=%d, force=%d)", pid
,
248 return (kill(pid
, SIGKILL
));
250 return (kill(pid
, SIGTERM
));
255 * 'cupsdFinishProcess()' - Finish a process and get its name.
258 const char * /* O - Process name */
259 cupsdFinishProcess(int pid
, /* I - Process ID */
260 char *name
, /* I - Name buffer */
261 int namelen
, /* I - Size of name buffer */
262 int *job_id
) /* O - Job ID pointer or NULL */
264 cupsd_proc_t key
, /* Search key */
265 *proc
; /* Matching process */
270 if ((proc
= (cupsd_proc_t
*)cupsArrayFind(process_array
, &key
)) != NULL
)
273 *job_id
= proc
->job_id
;
275 strlcpy(name
, proc
->name
, namelen
);
276 cupsArrayRemove(process_array
, proc
);
284 strlcpy(name
, "unknown", namelen
);
287 cupsdLogMessage(CUPSD_LOG_DEBUG2
,
288 "cupsdFinishProcess(pid=%d, name=%p, namelen=%d, "
289 "job_id=%p(%d)) = \"%s\"", pid
, name
, namelen
, job_id
,
290 job_id
? *job_id
: 0, name
);
297 * 'cupsdStartProcess()' - Start a process.
300 int /* O - Process ID or 0 */
302 const char *command
, /* I - Full path to command */
303 char *argv
[], /* I - Command-line arguments */
304 char *envp
[], /* I - Environment */
305 int infd
, /* I - Standard input file descriptor */
306 int outfd
, /* I - Standard output file descriptor */
307 int errfd
, /* I - Standard error file descriptor */
308 int backfd
, /* I - Backchannel file descriptor */
309 int sidefd
, /* I - Sidechannel file descriptor */
310 int root
, /* I - Run as root? */
311 void *profile
, /* I - Security profile to use */
312 cupsd_job_t
*job
, /* I - Job associated with process */
313 int *pid
) /* O - Process ID */
315 int i
; /* Looping var */
316 const char *exec_path
= command
; /* Command to be exec'd */
317 char *real_argv
[103], /* Real command-line arguments */
318 cups_exec
[1024]; /* Path to "cups-exec" program */
319 int user
; /* Command UID */
320 struct stat commandinfo
; /* Command file information */
321 cupsd_proc_t
*proc
; /* New process record */
322 #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
323 struct sigaction action
; /* POSIX signal handler */
324 #endif /* HAVE_SIGACTION && !HAVE_SIGSET */
325 #if defined(__APPLE__)
326 char processPath
[1024], /* CFProcessPath environment variable */
327 linkpath
[1024]; /* Link path for symlinks... */
328 int linkbytes
; /* Bytes for link path */
329 #endif /* __APPLE__ */
333 * Figure out the UID for the child process...
344 * Check the permissions of the command we are running...
347 if (stat(command
, &commandinfo
))
351 cupsdLogMessage(CUPSD_LOG_DEBUG2
,
352 "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
353 "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
354 "profile=%p, job=%p(%d), pid=%p) = %d",
355 command
, argv
, envp
, infd
, outfd
, errfd
, backfd
, sidefd
,
356 root
, profile
, job
, job
? job
->id
: 0, pid
, *pid
);
357 cupsdLogMessage(CUPSD_LOG_ERROR
,
358 "%s%s \"%s\" not available: %s",
359 job
&& job
->printer
? job
->printer
->name
: "",
360 job
&& job
->printer
? ": Printer driver" : "Program",
361 command
, strerror(errno
));
363 if (job
&& job
->printer
)
365 if (cupsdSetPrinterReasons(job
->printer
, "+cups-missing-filter-warning"))
366 cupsdAddEvent(CUPSD_EVENT_PRINTER_STATE
, job
->printer
, NULL
,
367 "Printer driver \"%s\" not available.", command
);
373 ((commandinfo
.st_mode
& (S_ISUID
| S_IWOTH
)) ||
378 cupsdLogMessage(CUPSD_LOG_DEBUG2
,
379 "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
380 "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
381 "profile=%p, job=%p(%d), pid=%p) = %d",
382 command
, argv
, envp
, infd
, outfd
, errfd
, backfd
, sidefd
,
383 root
, profile
, job
, job
? job
->id
: 0, pid
, *pid
);
384 cupsdLogMessage(CUPSD_LOG_ERROR
,
385 "%s%s \"%s\" has insecure permissions "
386 "(0%o/uid=%d/gid=%d).",
387 job
&& job
->printer
? job
->printer
->name
: "",
388 job
&& job
->printer
? ": Printer driver" : "Program",
389 command
, commandinfo
.st_mode
,
390 (int)commandinfo
.st_uid
, (int)commandinfo
.st_gid
);
392 if (job
&& job
->printer
)
394 if (cupsdSetPrinterReasons(job
->printer
, "+cups-insecure-filter-warning"))
395 cupsdAddEvent(CUPSD_EVENT_PRINTER_STATE
, job
->printer
, NULL
,
396 "Printer driver \"%s\" has insecure permissions "
397 "(0%o/uid=%d/gid=%d).", command
, commandinfo
.st_mode
,
398 (int)commandinfo
.st_uid
, (int)commandinfo
.st_gid
);
405 else if ((commandinfo
.st_uid
!= user
|| !(commandinfo
.st_mode
& S_IXUSR
)) &&
406 (commandinfo
.st_gid
!= Group
|| !(commandinfo
.st_mode
& S_IXGRP
)) &&
407 !(commandinfo
.st_mode
& S_IXOTH
))
411 cupsdLogMessage(CUPSD_LOG_DEBUG2
,
412 "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
413 "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
414 "profile=%p, job=%p(%d), pid=%p) = %d",
415 command
, argv
, envp
, infd
, outfd
, errfd
, backfd
, sidefd
,
416 root
, profile
, job
, job
? job
->id
: 0, pid
, *pid
);
417 cupsdLogMessage(CUPSD_LOG_ERROR
,
418 "%s%s \"%s\" does not have execute permissions "
419 "(0%o/uid=%d/gid=%d).",
420 job
&& job
->printer
? job
->printer
->name
: "",
421 job
&& job
->printer
? ": Printer driver" : "Program",
422 command
, commandinfo
.st_mode
, (int)commandinfo
.st_uid
,
423 (int)commandinfo
.st_gid
);
428 else if (!RunUser
&& commandinfo
.st_gid
&& (commandinfo
.st_mode
& S_IWGRP
))
430 cupsdLogMessage(CUPSD_LOG_WARN
,
431 "%s%s \"%s\" has insecure permissions "
432 "(0%o/uid=%d/gid=%d).",
433 job
&& job
->printer
? job
->printer
->name
: "",
434 job
&& job
->printer
? ": Printer driver" : "Program",
435 command
, commandinfo
.st_mode
,
436 (int)commandinfo
.st_uid
, (int)commandinfo
.st_gid
);
438 if (job
&& job
->printer
)
440 if (cupsdSetPrinterReasons(job
->printer
, "+cups-insecure-filter-warning"))
441 cupsdAddEvent(CUPSD_EVENT_PRINTER_STATE
, job
->printer
, NULL
,
442 "Printer driver \"%s\" has insecure permissions "
443 "(0%o/uid=%d/gid=%d).", command
, commandinfo
.st_mode
,
444 (int)commandinfo
.st_uid
, (int)commandinfo
.st_gid
);
448 #if defined(__APPLE__)
452 * Add special voodoo magic for Mac OS X - this allows Mac OS X
453 * programs to access their bundle resources properly...
456 if ((linkbytes
= readlink(command
, linkpath
, sizeof(linkpath
) - 1)) > 0)
459 * Yes, this is a symlink to the actual program, nul-terminate and
463 linkpath
[linkbytes
] = '\0';
465 if (linkpath
[0] == '/')
466 snprintf(processPath
, sizeof(processPath
), "CFProcessPath=%s",
469 snprintf(processPath
, sizeof(processPath
), "CFProcessPath=%s/%s",
470 dirname((char *)command
), linkpath
);
473 snprintf(processPath
, sizeof(processPath
), "CFProcessPath=%s", command
);
475 envp
[0] = processPath
; /* Replace <CFProcessPath> string */
477 #endif /* __APPLE__ */
480 * Use helper program when we have a sandbox profile...
485 snprintf(cups_exec
, sizeof(cups_exec
), "%s/daemon/cups-exec", ServerBin
);
487 real_argv
[0] = cups_exec
;
488 real_argv
[1] = profile
;
489 real_argv
[2] = (char *)command
;
492 i
< (int)(sizeof(real_argv
) / sizeof(real_argv
[0]) - 4) && argv
[i
];
494 real_argv
[i
+ 3] = argv
[i
];
496 real_argv
[i
+ 3] = NULL
;
499 exec_path
= cups_exec
;
503 * Block signals before forking...
508 if ((*pid
= fork()) == 0)
511 * Child process goes here...
513 * Update stdin/stdout/stderr as needed...
519 infd
= open("/dev/null", O_RDONLY
);
531 outfd
= open("/dev/null", O_WRONLY
);
543 errfd
= open("/dev/null", O_WRONLY
);
552 if (backfd
!= 3 && backfd
>= 0)
556 fcntl(3, F_SETFL
, O_NDELAY
);
559 if (sidefd
!= 4 && sidefd
>= 0)
563 fcntl(4, F_SETFL
, O_NDELAY
);
567 * Change the priority of the process based on the FilterNice setting.
568 * (this is not done for root processes...)
575 * Change user to something "safe"...
578 if (!root
&& !RunUser
)
581 * Running as root, so change to non-priviledged user...
587 if (setgroups(1, &Group
))
596 * Reset group membership to just the main one we belong to.
599 if (setgid(Group
) && !RunUser
)
602 if (setgroups(1, &Group
) && !RunUser
)
607 * Change umask to restrict permissions on created files...
613 * Unblock signals before doing the exec...
617 sigset(SIGTERM
, SIG_DFL
);
618 sigset(SIGCHLD
, SIG_DFL
);
619 sigset(SIGPIPE
, SIG_DFL
);
620 #elif defined(HAVE_SIGACTION)
621 memset(&action
, 0, sizeof(action
));
623 sigemptyset(&action
.sa_mask
);
624 action
.sa_handler
= SIG_DFL
;
626 sigaction(SIGTERM
, &action
, NULL
);
627 sigaction(SIGCHLD
, &action
, NULL
);
628 sigaction(SIGPIPE
, &action
, NULL
);
630 signal(SIGTERM
, SIG_DFL
);
631 signal(SIGCHLD
, SIG_DFL
);
632 signal(SIGPIPE
, SIG_DFL
);
633 #endif /* HAVE_SIGSET */
635 cupsdReleaseSignals();
638 * Execute the command; if for some reason this doesn't work, log an error
639 * exit with a non-zero value...
643 execve(exec_path
, argv
, envp
);
645 execv(exec_path
, argv
);
654 * Error - couldn't fork a new process!
657 cupsdLogMessage(CUPSD_LOG_ERROR
, "Unable to fork %s - %s.", command
,
665 process_array
= cupsArrayNew((cups_array_func_t
)compare_procs
, NULL
);
669 if ((proc
= calloc(1, sizeof(cupsd_proc_t
) + strlen(command
))) != NULL
)
672 proc
->job_id
= job
? job
->id
: 0;
673 _cups_strcpy(proc
->name
, command
);
675 cupsArrayAdd(process_array
, proc
);
680 cupsdReleaseSignals();
682 cupsdLogMessage(CUPSD_LOG_DEBUG2
,
683 "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
684 "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
685 "profile=%p, job=%p(%d), pid=%p) = %d",
686 command
, argv
, envp
, infd
, outfd
, errfd
, backfd
, sidefd
,
687 root
, profile
, job
, job
? job
->id
: 0, pid
, *pid
);
694 * 'compare_procs()' - Compare two processes.
697 static int /* O - Result of comparison */
698 compare_procs(cupsd_proc_t
*a
, /* I - First process */
699 cupsd_proc_t
*b
) /* I - Second process */
701 return (a
->pid
- b
->pid
);
705 #ifdef HAVE_SANDBOX_H
707 * 'cupsd_requote()' - Make a regular-expression version of a string.
710 static char * /* O - Quoted string */
711 cupsd_requote(char *dst
, /* I - Destination buffer */
712 const char *src
, /* I - Source string */
713 size_t dstsize
) /* I - Size of destination buffer */
715 int ch
; /* Current character */
716 char *dstptr
, /* Current position in buffer */
717 *dstend
; /* End of destination buffer */
721 dstend
= dst
+ dstsize
- 2;
723 while (*src
&& dstptr
< dstend
)
727 if (strchr(".?*()[]^$\\", ch
))
737 #endif /* HAVE_SANDBOX_H */
741 * End of "$Id: process.c 7256 2008-01-25 00:48:54Z mike $".