2 * "$Id: process.c 9790 2011-05-19 22:40:03Z mike $"
4 * Process management routines for the CUPS scheduler.
6 * Copyright 2007-2011 by Apple Inc.
7 * Copyright 1997-2007 by Easy Software Products, all rights reserved.
9 * These coded instructions, statements, and computer programs are the
10 * property of Apple Inc. and are protected by Federal copyright
11 * law. Distribution and use rights are outlined in the file "LICENSE.txt"
12 * which should have been included with this file. If this file is
13 * file is missing or damaged, see the license at "http://www.cups.org/".
17 * cupsdCreateProfile() - Create an execution profile for a subprocess.
18 * cupsdDestroyProfile() - Delete an execution profile.
19 * cupsdEndProcess() - End a process.
20 * cupsdFinishProcess() - Finish a process and get its name.
21 * cupsdStartProcess() - Start a process.
22 * compare_procs() - Compare two processes.
23 * cupsd_requote() - Make a regular-expression version of a string.
27 * Include necessary headers...
34 #endif /* __APPLE__ */
38 * Process structure...
43 int pid, /* Process ID */
44 job_id; /* Job associated with process */
45 char name[1]; /* Name of process */
53 static cups_array_t *process_array = NULL;
60 static int compare_procs(cupsd_proc_t *a, cupsd_proc_t *b);
62 static char *cupsd_requote(char *dst, const char *src, size_t dstsize);
63 #endif /* HAVE_SANDBOX_H */
67 * 'cupsdCreateProfile()' - Create an execution profile for a subprocess.
70 void * /* O - Profile or NULL on error */
71 cupsdCreateProfile(int job_id) /* I - Job ID or 0 for none */
74 cups_file_t *fp; /* File pointer */
75 char profile[1024], /* File containing the profile */
76 cache[1024], /* Quoted CacheDir */
77 request[1024], /* Quoted RequestRoot */
78 root[1024], /* Quoted ServerRoot */
79 temp[1024]; /* Quoted TempDir */
80 const char *nodebug; /* " (with no-log)" for no debug */
86 * Only use sandbox profiles as root...
89 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL",
95 if ((fp = cupsTempFile2(profile, sizeof(profile))) == NULL)
97 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL",
99 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to create security profile: %s",
104 fchown(cupsFileNumber(fp), RunUser, Group);
105 fchmod(cupsFileNumber(fp), 0640);
107 cupsd_requote(cache, CacheDir, sizeof(cache));
108 cupsd_requote(request, RequestRoot, sizeof(request));
109 cupsd_requote(root, ServerRoot, sizeof(root));
110 cupsd_requote(temp, TempDir, sizeof(temp));
112 nodebug = LogLevel < CUPSD_LOG_DEBUG ? " (with no-log)" : "";
114 cupsFilePuts(fp, "(version 1)\n");
115 cupsFilePuts(fp, "(allow default)\n");
117 "(deny file-write* file-read-data file-read-metadata\n"
119 " #\"^%s$\"" /* RequestRoot */
120 " #\"^%s/\"" /* RequestRoot/... */
122 request, request, nodebug);
125 "(deny file-write* file-read-data file-read-metadata\n"
131 "(deny file-write*\n"
133 " #\"^%s$\"" /* ServerRoot */
134 " #\"^%s/\"" /* ServerRoot/... */
135 " #\"^/private/etc$\""
136 " #\"^/private/etc/\""
137 " #\"^/usr/local/etc$\""
138 " #\"^/usr/local/etc/\""
144 root, root, nodebug);
145 /* Specifically allow applications to stat RequestRoot */
147 "(allow file-read-metadata\n"
149 " #\"^%s$\"" /* RequestRoot */
153 "(allow file-write* file-read-data file-read-metadata\n"
155 " #\"^%s$\"" /* TempDir */
156 " #\"^%s/\"" /* TempDir/... */
157 " #\"^%s$\"" /* CacheDir */
158 " #\"^%s/\"" /* CacheDir/... */
159 " #\"^%s/Library$\"" /* RequestRoot/Library */
160 " #\"^%s/Library/\"" /* RequestRoot/Library/... */
161 " #\"^/Library/Application Support/\""
162 " #\"^/Library/Caches/\""
163 " #\"^/Library/Preferences/\""
164 " #\"^/Library/Printers/.*/\""
165 " #\"^/Users/Shared/\""
167 temp, temp, cache, cache, request, request);
169 "(deny file-write*\n"
171 " #\"^/Library/Printers/PPDs$\""
172 " #\"^/Library/Printers/PPDs/\""
173 " #\"^/Library/Printers/PPD Plugins$\""
174 " #\"^/Library/Printers/PPD Plugins/\""
179 * Allow job filters to read the spool file(s)...
183 "(allow file-read-data file-read-metadata\n"
184 " (regex #\"^%s/([ac]%05d|d%05d-[0-9][0-9][0-9])$\"))\n",
185 request, job_id, job_id);
190 * Allow email notifications from notifiers...
194 "(allow process-exec\n"
195 " (literal \"/usr/sbin/sendmail\")\n"
196 " (with no-sandbox)\n"
202 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = \"%s\"",
204 return ((void *)strdup(profile));
207 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdCreateProfile(job_id=%d) = NULL",
211 #endif /* HAVE_SANDBOX_H */
216 * 'cupsdDestroyProfile()' - Delete an execution profile.
220 cupsdDestroyProfile(void *profile) /* I - Profile */
222 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdDeleteProfile(profile=\"%s\")",
223 profile ? (char *)profile : "(null)");
225 #ifdef HAVE_SANDBOX_H
228 unlink((char *)profile);
231 #endif /* HAVE_SANDBOX_H */
236 * 'cupsdEndProcess()' - End a process.
239 int /* O - 0 on success, -1 on failure */
240 cupsdEndProcess(int pid, /* I - Process ID */
241 int force) /* I - Force child to die */
243 cupsdLogMessage(CUPSD_LOG_DEBUG2, "cupsdEndProcess(pid=%d, force=%d)", pid,
252 * When running as root, cupsd puts child processes in their own process
253 * group. Using "-pid" sends a signal to all processes in the group.
260 return (kill(pid, SIGKILL));
262 return (kill(pid, SIGTERM));
267 * 'cupsdFinishProcess()' - Finish a process and get its name.
270 const char * /* O - Process name */
271 cupsdFinishProcess(int pid, /* I - Process ID */
272 char *name, /* I - Name buffer */
273 int namelen, /* I - Size of name buffer */
274 int *job_id) /* O - Job ID pointer or NULL */
276 cupsd_proc_t key, /* Search key */
277 *proc; /* Matching process */
282 if ((proc = (cupsd_proc_t *)cupsArrayFind(process_array, &key)) != NULL)
285 *job_id = proc->job_id;
287 strlcpy(name, proc->name, namelen);
288 cupsArrayRemove(process_array, proc);
296 strlcpy(name, "unknown", namelen);
299 cupsdLogMessage(CUPSD_LOG_DEBUG2,
300 "cupsdFinishProcess(pid=%d, name=%p, namelen=%d, "
301 "job_id=%p(%d)) = \"%s\"", pid, name, namelen, job_id,
302 job_id ? *job_id : 0, name);
309 * 'cupsdStartProcess()' - Start a process.
312 int /* O - Process ID or 0 */
314 const char *command, /* I - Full path to command */
315 char *argv[], /* I - Command-line arguments */
316 char *envp[], /* I - Environment */
317 int infd, /* I - Standard input file descriptor */
318 int outfd, /* I - Standard output file descriptor */
319 int errfd, /* I - Standard error file descriptor */
320 int backfd, /* I - Backchannel file descriptor */
321 int sidefd, /* I - Sidechannel file descriptor */
322 int root, /* I - Run as root? */
323 void *profile, /* I - Security profile to use */
324 cupsd_job_t *job, /* I - Job associated with process */
325 int *pid) /* O - Process ID */
327 int i; /* Looping var */
328 const char *exec_path = command; /* Command to be exec'd */
329 char *real_argv[103], /* Real command-line arguments */
330 cups_exec[1024]; /* Path to "cups-exec" program */
331 int user; /* Command UID */
332 cupsd_proc_t *proc; /* New process record */
333 #if defined(HAVE_SIGACTION) && !defined(HAVE_SIGSET)
334 struct sigaction action; /* POSIX signal handler */
335 #endif /* HAVE_SIGACTION && !HAVE_SIGSET */
336 #if defined(__APPLE__)
337 char processPath[1024], /* CFProcessPath environment variable */
338 linkpath[1024]; /* Link path for symlinks... */
339 int linkbytes; /* Bytes for link path */
340 #endif /* __APPLE__ */
346 * Figure out the UID for the child process...
357 * Check the permissions of the command we are running...
360 if (_cupsFileCheck(command, _CUPS_FILE_CHECK_PROGRAM, !RunUser,
361 cupsdLogFCMessage, job ? job->printer : NULL))
364 #if defined(__APPLE__)
368 * Add special voodoo magic for Mac OS X - this allows Mac OS X
369 * programs to access their bundle resources properly...
372 if ((linkbytes = readlink(command, linkpath, sizeof(linkpath) - 1)) > 0)
375 * Yes, this is a symlink to the actual program, nul-terminate and
379 linkpath[linkbytes] = '\0';
381 if (linkpath[0] == '/')
382 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s",
385 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s/%s",
386 dirname((char *)command), linkpath);
389 snprintf(processPath, sizeof(processPath), "CFProcessPath=%s", command);
391 envp[0] = processPath; /* Replace <CFProcessPath> string */
393 #endif /* __APPLE__ */
396 * Use helper program when we have a sandbox profile...
401 snprintf(cups_exec, sizeof(cups_exec), "%s/daemon/cups-exec", ServerBin);
403 real_argv[0] = cups_exec;
404 real_argv[1] = profile;
405 real_argv[2] = (char *)command;
408 i < (int)(sizeof(real_argv) / sizeof(real_argv[0]) - 4) && argv[i];
410 real_argv[i + 3] = argv[i];
412 real_argv[i + 3] = NULL;
415 exec_path = cups_exec;
419 * Block signals before forking...
424 if ((*pid = fork()) == 0)
427 * Child process goes here; update stderr as needed...
433 errfd = open("/dev/null", O_WRONLY);
443 * Put this process in its own process group so that we can kill any child
444 * processes it creates.
448 if (!RunUser && setpgid(0, 0))
451 if (!RunUser && setpgrp())
453 #endif /* HAVE_SETPGID */
456 * Update the remaining file descriptors as needed...
462 infd = open("/dev/null", O_RDONLY);
474 outfd = open("/dev/null", O_WRONLY);
483 if (backfd != 3 && backfd >= 0)
487 fcntl(3, F_SETFL, O_NDELAY);
490 if (sidefd != 4 && sidefd >= 0)
494 fcntl(4, F_SETFL, O_NDELAY);
498 * Change the priority of the process based on the FilterNice setting.
499 * (this is not done for root processes...)
506 * Reset group membership to just the main one we belong to.
509 if (!RunUser && setgid(Group))
512 if (!RunUser && setgroups(1, &Group))
516 * Change user to something "safe"...
519 if (!RunUser && user && setuid(user))
523 * Change umask to restrict permissions on created files...
529 * Unblock signals before doing the exec...
533 sigset(SIGTERM, SIG_DFL);
534 sigset(SIGCHLD, SIG_DFL);
535 sigset(SIGPIPE, SIG_DFL);
536 #elif defined(HAVE_SIGACTION)
537 memset(&action, 0, sizeof(action));
539 sigemptyset(&action.sa_mask);
540 action.sa_handler = SIG_DFL;
542 sigaction(SIGTERM, &action, NULL);
543 sigaction(SIGCHLD, &action, NULL);
544 sigaction(SIGPIPE, &action, NULL);
546 signal(SIGTERM, SIG_DFL);
547 signal(SIGCHLD, SIG_DFL);
548 signal(SIGPIPE, SIG_DFL);
549 #endif /* HAVE_SIGSET */
551 cupsdReleaseSignals();
554 * Execute the command; if for some reason this doesn't work, log an error
555 * exit with a non-zero value...
559 execve(exec_path, argv, envp);
561 execv(exec_path, argv);
568 * Error - couldn't fork a new process!
571 cupsdLogMessage(CUPSD_LOG_ERROR, "Unable to fork %s - %s.", command,
579 process_array = cupsArrayNew((cups_array_func_t)compare_procs, NULL);
583 if ((proc = calloc(1, sizeof(cupsd_proc_t) + strlen(command))) != NULL)
586 proc->job_id = job ? job->id : 0;
587 _cups_strcpy(proc->name, command);
589 cupsArrayAdd(process_array, proc);
594 cupsdReleaseSignals();
596 cupsdLogMessage(CUPSD_LOG_DEBUG2,
597 "cupsdStartProcess(command=\"%s\", argv=%p, envp=%p, "
598 "infd=%d, outfd=%d, errfd=%d, backfd=%d, sidefd=%d, root=%d, "
599 "profile=%p, job=%p(%d), pid=%p) = %d",
600 command, argv, envp, infd, outfd, errfd, backfd, sidefd,
601 root, profile, job, job ? job->id : 0, pid, *pid);
608 * 'compare_procs()' - Compare two processes.
611 static int /* O - Result of comparison */
612 compare_procs(cupsd_proc_t *a, /* I - First process */
613 cupsd_proc_t *b) /* I - Second process */
615 return (a->pid - b->pid);
619 #ifdef HAVE_SANDBOX_H
621 * 'cupsd_requote()' - Make a regular-expression version of a string.
624 static char * /* O - Quoted string */
625 cupsd_requote(char *dst, /* I - Destination buffer */
626 const char *src, /* I - Source string */
627 size_t dstsize) /* I - Size of destination buffer */
629 int ch; /* Current character */
630 char *dstptr, /* Current position in buffer */
631 *dstend; /* End of destination buffer */
635 dstend = dst + dstsize - 2;
637 while (*src && dstptr < dstend)
641 if (strchr(".?*()[]^$\\", ch))
651 #endif /* HAVE_SANDBOX_H */
655 * End of "$Id: process.c 9790 2011-05-19 22:40:03Z mike $".