Commit | Line | Data |
---|---|---|
984263bc MD |
1 | /* |
2 | * Copyright (c) 1983, 1993 | |
3 | * The Regents of the University of California. All rights reserved. | |
4 | * | |
5 | * Redistribution and use in source and binary forms, with or without | |
6 | * modification, are permitted provided that the following conditions | |
7 | * are met: | |
8 | * 1. Redistributions of source code must retain the above copyright | |
9 | * notice, this list of conditions and the following disclaimer. | |
10 | * 2. Redistributions in binary form must reproduce the above copyright | |
11 | * notice, this list of conditions and the following disclaimer in the | |
12 | * documentation and/or other materials provided with the distribution. | |
13 | * 3. All advertising materials mentioning features or use of this software | |
14 | * must display the following acknowledgement: | |
15 | * This product includes software developed by the University of | |
16 | * California, Berkeley and its contributors. | |
17 | * 4. Neither the name of the University nor the names of its contributors | |
18 | * may be used to endorse or promote products derived from this software | |
19 | * without specific prior written permission. | |
20 | * | |
21 | * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND | |
22 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
23 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
24 | * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE | |
25 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
26 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
27 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
28 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
29 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
30 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
31 | * SUCH DAMAGE. | |
1de703da MD |
32 | * |
33 | * @(#)rmjob.c 8.2 (Berkeley) 4/28/95 | |
34 | * $FreeBSD: src/usr.sbin/lpr/common_source/rmjob.c,v 1.12.2.5 2001/06/25 01:00:56 gad Exp $ | |
984263bc MD |
35 | */ |
36 | ||
984263bc MD |
37 | #include <sys/param.h> |
38 | #include <sys/uio.h> | |
39 | ||
40 | #include <ctype.h> | |
41 | #include <dirent.h> | |
42 | #include <errno.h> | |
43 | #include <signal.h> | |
44 | #include <stdio.h> | |
45 | #include <stdlib.h> | |
46 | #include <string.h> | |
47 | #define psignal foil_gcc_psignal | |
48 | #define sys_siglist foil_gcc_siglist | |
49 | #include <unistd.h> | |
50 | #undef psignal | |
51 | #undef sys_siglist | |
52 | ||
53 | #include "lp.h" | |
54 | #include "lp.local.h" | |
55 | #include "pathnames.h" | |
56 | ||
57 | /* | |
58 | * rmjob - remove the specified jobs from the queue. | |
59 | */ | |
60 | ||
61 | /* | |
62 | * Stuff for handling lprm specifications | |
63 | */ | |
64 | static char root[] = "root"; | |
65 | static int all = 0; /* eliminate all files (root only) */ | |
66 | static int cur_daemon; /* daemon's pid */ | |
67 | static char current[7+MAXHOSTNAMELEN]; /* active control file name */ | |
68 | ||
69 | extern uid_t uid, euid; /* real and effective user id's */ | |
70 | ||
71 | static void alarmhandler(int _signo); | |
72 | static void do_unlink(char *_file); | |
73 | ||
74 | void | |
75 | rmjob(const char *printer) | |
76 | { | |
be6b9a2e | 77 | int i, nitems; |
44baab37 | 78 | int assassinated = 0; |
984263bc MD |
79 | struct dirent **files; |
80 | char *cp; | |
81 | struct printer myprinter, *pp = &myprinter; | |
82 | ||
83 | init_printer(pp); | |
84 | if ((i = getprintcap(printer, pp)) < 0) | |
85 | fatal(pp, "getprintcap: %s", pcaperr(i)); | |
86 | if ((cp = checkremote(pp))) { | |
87 | printf("Warning: %s\n", cp); | |
88 | free(cp); | |
89 | } | |
90 | ||
91 | /* | |
92 | * If the format was `lprm -' and the user isn't the super-user, | |
93 | * then fake things to look like he said `lprm user'. | |
94 | */ | |
95 | if (users < 0) { | |
96 | if (getuid() == 0) | |
97 | all = 1; /* all files in local queue */ | |
98 | else { | |
99 | user[0] = person; | |
100 | users = 1; | |
101 | } | |
102 | } | |
103 | if (!strcmp(person, "-all")) { | |
104 | if (from_host == local_host) | |
105 | fatal(pp, "The login name \"-all\" is reserved"); | |
106 | all = 1; /* all those from 'from_host' */ | |
107 | person = root; | |
108 | } | |
109 | ||
110 | seteuid(euid); | |
111 | if (chdir(pp->spool_dir) < 0) | |
112 | fatal(pp, "cannot chdir to spool directory"); | |
113 | if ((nitems = scandir(".", &files, iscf, NULL)) < 0) | |
114 | fatal(pp, "cannot access spool directory"); | |
115 | seteuid(uid); | |
116 | ||
117 | if (nitems) { | |
118 | /* | |
119 | * Check for an active printer daemon (in which case we | |
120 | * kill it if it is reading our file) then remove stuff | |
121 | * (after which we have to restart the daemon). | |
122 | */ | |
123 | if (lockchk(pp, pp->lock_file) && chk(current)) { | |
124 | seteuid(euid); | |
44baab37 | 125 | assassinated = kill(cur_daemon, SIGINT) == 0; |
984263bc | 126 | seteuid(uid); |
44baab37 | 127 | if (!assassinated) |
984263bc MD |
128 | fatal(pp, "cannot kill printer daemon"); |
129 | } | |
130 | /* | |
131 | * process the files | |
132 | */ | |
133 | for (i = 0; i < nitems; i++) | |
134 | process(pp, files[i]->d_name); | |
135 | } | |
136 | rmremote(pp); | |
137 | /* | |
138 | * Restart the printer daemon if it was killed | |
139 | */ | |
44baab37 | 140 | if (assassinated && !startdaemon(pp)) |
984263bc MD |
141 | fatal(pp, "cannot restart printer daemon\n"); |
142 | exit(0); | |
143 | } | |
144 | ||
145 | /* | |
146 | * Process a lock file: collect the pid of the active | |
147 | * daemon and the file name of the active spool entry. | |
148 | * Return boolean indicating existence of a lock file. | |
149 | */ | |
150 | int | |
151 | lockchk(struct printer *pp, char *slockf) | |
152 | { | |
be6b9a2e CP |
153 | FILE *fp; |
154 | int i, n; | |
984263bc MD |
155 | |
156 | seteuid(euid); | |
157 | if ((fp = fopen(slockf, "r")) == NULL) { | |
158 | if (errno == EACCES) | |
159 | fatal(pp, "%s: %s", slockf, strerror(errno)); | |
160 | else | |
161 | return(0); | |
162 | } | |
163 | seteuid(uid); | |
164 | if (!getline(fp)) { | |
71126e33 | 165 | fclose(fp); |
984263bc MD |
166 | return(0); /* no daemon present */ |
167 | } | |
168 | cur_daemon = atoi(line); | |
169 | if (kill(cur_daemon, 0) < 0 && errno != EPERM) { | |
71126e33 | 170 | fclose(fp); |
984263bc MD |
171 | return(0); /* no daemon present */ |
172 | } | |
173 | for (i = 1; (n = fread(current, sizeof(char), sizeof(current), fp)) <= 0; i++) { | |
174 | if (i > 5) { | |
175 | n = 1; | |
176 | break; | |
177 | } | |
178 | sleep(i); | |
179 | } | |
180 | current[n-1] = '\0'; | |
71126e33 | 181 | fclose(fp); |
984263bc MD |
182 | return(1); |
183 | } | |
184 | ||
185 | /* | |
186 | * Process a control file. | |
187 | */ | |
188 | void | |
189 | process(const struct printer *pp, char *file) | |
190 | { | |
191 | FILE *cfp; | |
192 | ||
193 | if (!chk(file)) | |
194 | return; | |
195 | seteuid(euid); | |
196 | if ((cfp = fopen(file, "r")) == NULL) | |
197 | fatal(pp, "cannot open %s", file); | |
198 | seteuid(uid); | |
199 | while (getline(cfp)) { | |
200 | switch (line[0]) { | |
201 | case 'U': /* unlink associated files */ | |
202 | if (strchr(line+1, '/') || strncmp(line+1, "df", 2)) | |
203 | break; | |
204 | do_unlink(line+1); | |
205 | } | |
206 | } | |
71126e33 | 207 | fclose(cfp); |
984263bc MD |
208 | do_unlink(file); |
209 | } | |
210 | ||
211 | static void | |
212 | do_unlink(char *file) | |
213 | { | |
214 | int ret; | |
215 | ||
216 | if (from_host != local_host) | |
217 | printf("%s: ", local_host); | |
218 | seteuid(euid); | |
219 | ret = unlink(file); | |
220 | seteuid(uid); | |
221 | printf(ret ? "cannot dequeue %s\n" : "%s dequeued\n", file); | |
222 | } | |
223 | ||
224 | /* | |
225 | * Do the dirty work in checking | |
226 | */ | |
227 | int | |
228 | chk(char *file) | |
229 | { | |
be6b9a2e CP |
230 | int *r, n; |
231 | char **u, *cp; | |
984263bc MD |
232 | FILE *cfp; |
233 | ||
234 | /* | |
235 | * Check for valid cf file name (mostly checking current). | |
236 | */ | |
237 | if (strlen(file) < 7 || file[0] != 'c' || file[1] != 'f') | |
238 | return(0); | |
239 | ||
240 | if (all && (from_host == local_host || !strcmp(from_host, file+6))) | |
241 | return(1); | |
242 | ||
243 | /* | |
244 | * get the owner's name from the control file. | |
245 | */ | |
246 | seteuid(euid); | |
247 | if ((cfp = fopen(file, "r")) == NULL) | |
248 | return(0); | |
249 | seteuid(uid); | |
250 | while (getline(cfp)) { | |
251 | if (line[0] == 'P') | |
252 | break; | |
253 | } | |
71126e33 | 254 | fclose(cfp); |
984263bc MD |
255 | if (line[0] != 'P') |
256 | return(0); | |
257 | ||
258 | if (users == 0 && requests == 0) | |
259 | return(!strcmp(file, current) && isowner(line+1, file)); | |
260 | /* | |
261 | * Check the request list | |
262 | */ | |
263 | for (n = 0, cp = file+3; isdigit(*cp); ) | |
264 | n = n * 10 + (*cp++ - '0'); | |
265 | for (r = requ; r < &requ[requests]; r++) | |
266 | if (*r == n && isowner(line+1, file)) | |
267 | return(1); | |
268 | /* | |
269 | * Check to see if it's in the user list | |
270 | */ | |
271 | for (u = user; u < &user[users]; u++) | |
272 | if (!strcmp(*u, line+1) && isowner(line+1, file)) | |
273 | return(1); | |
274 | return(0); | |
275 | } | |
276 | ||
277 | /* | |
278 | * If root is removing a file on the local machine, allow it. | |
279 | * If root is removing a file from a remote machine, only allow | |
280 | * files sent from the remote machine to be removed. | |
281 | * Normal users can only remove the file from where it was sent. | |
282 | */ | |
283 | int | |
284 | isowner(char *owner, char *file) | |
285 | { | |
286 | if (!strcmp(person, root) && (from_host == local_host || | |
287 | !strcmp(from_host, file+6))) | |
288 | return (1); | |
289 | if (!strcmp(person, owner) && !strcmp(from_host, file+6)) | |
290 | return (1); | |
291 | if (from_host != local_host) | |
292 | printf("%s: ", local_host); | |
293 | printf("%s: Permission denied\n", file); | |
294 | return(0); | |
295 | } | |
296 | ||
297 | /* | |
298 | * Check to see if we are sending files to a remote machine. If we are, | |
299 | * then try removing files on the remote machine. | |
300 | */ | |
301 | void | |
302 | rmremote(const struct printer *pp) | |
303 | { | |
304 | int i, elem, firstreq, niov, rem, totlen; | |
305 | char buf[BUFSIZ]; | |
306 | void (*savealrm)(int); | |
307 | struct iovec *iov; | |
308 | ||
309 | if (!pp->remote) | |
310 | return; /* not sending to a remote machine */ | |
311 | ||
312 | /* | |
313 | * Flush stdout so the user can see what has been deleted | |
314 | * while we wait (possibly) for the connection. | |
315 | */ | |
316 | fflush(stdout); | |
317 | ||
318 | /* | |
319 | * Counting: | |
320 | * 4 == "\5" + remote_queue + " " + person | |
321 | * 2 * users == " " + user[i] for each user | |
322 | * requests == asprintf results for each request | |
323 | * 1 == "\n" | |
324 | * Although laborious, doing it this way makes it possible for | |
325 | * us to process requests of indeterminate length without | |
326 | * applying an arbitrary limit. Arbitrary Limits Are Bad (tm). | |
327 | */ | |
328 | if (users > 0) | |
329 | niov = 4 + 2 * users + requests + 1; | |
330 | else | |
331 | niov = 4 + requests + 1; | |
332 | iov = malloc(niov * sizeof *iov); | |
678e8cc6 | 333 | if (iov == NULL) |
984263bc MD |
334 | fatal(pp, "out of memory in rmremote()"); |
335 | iov[0].iov_base = "\5"; | |
336 | iov[1].iov_base = pp->remote_queue; | |
337 | iov[2].iov_base = " "; | |
338 | iov[3].iov_base = all ? "-all" : person; | |
339 | elem = 4; | |
340 | for (i = 0; i < users; i++) { | |
341 | iov[elem].iov_base = " "; | |
342 | iov[elem + 1].iov_base = user[i]; | |
343 | elem += 2; | |
344 | } | |
345 | firstreq = elem; | |
346 | for (i = 0; i < requests; i++) { | |
c8b3626a | 347 | asprintf((char **)&iov[elem].iov_base, " %d", requ[i]); |
984263bc MD |
348 | if (iov[elem].iov_base == 0) |
349 | fatal(pp, "out of memory in rmremote()"); | |
350 | elem++; | |
351 | } | |
352 | iov[elem++].iov_base = "\n"; | |
353 | for (totlen = i = 0; i < niov; i++) | |
354 | totlen += (iov[i].iov_len = strlen(iov[i].iov_base)); | |
355 | ||
356 | savealrm = signal(SIGALRM, alarmhandler); | |
357 | alarm(pp->conn_timeout); | |
358 | rem = getport(pp, pp->remote_host, 0); | |
71126e33 | 359 | signal(SIGALRM, savealrm); |
984263bc MD |
360 | if (rem < 0) { |
361 | if (from_host != local_host) | |
362 | printf("%s: ", local_host); | |
363 | printf("connection to %s is down\n", pp->remote_host); | |
364 | } else { | |
365 | if (writev(rem, iov, niov) != totlen) | |
366 | fatal(pp, "Lost connection"); | |
367 | while ((i = read(rem, buf, sizeof(buf))) > 0) | |
71126e33 SW |
368 | fwrite(buf, 1, i, stdout); |
369 | close(rem); | |
984263bc MD |
370 | } |
371 | for (i = 0; i < requests; i++) | |
372 | free(iov[firstreq + i].iov_base); | |
373 | free(iov); | |
374 | } | |
375 | ||
376 | /* | |
377 | * Return 1 if the filename begins with 'cf' | |
378 | */ | |
379 | int | |
edacbda6 | 380 | iscf(const struct dirent *d) |
984263bc MD |
381 | { |
382 | return(d->d_name[0] == 'c' && d->d_name[1] == 'f'); | |
383 | } | |
384 | ||
385 | void | |
386 | alarmhandler(int signo __unused) | |
387 | { | |
388 | /* the signal is ignored */ | |
389 | /* (the '__unused' is just to avoid a compile-time warning) */ | |
390 | } |