1 /*
2  * Copyright (c) 1983, 1993
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. All advertising materials mentioning features or use of this software
14  *    must display the following acknowledgement:
15  *	This product includes software developed by the University of
16  *	California, Berkeley and its contributors.
17  * 4. Neither the name of the University nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  *
33  * @(#)rmjob.c	8.2 (Berkeley) 4/28/95
34  * $FreeBSD: src/usr.sbin/lpr/common_source/rmjob.c,v 1.12.2.5 2001/06/25 01:00:56 gad Exp $
35  */
36 
37 #include <sys/param.h>
38 #include <sys/uio.h>
39 
40 #include <ctype.h>
41 #include <dirent.h>
42 #include <errno.h>
43 #include <signal.h>
44 #include <stdio.h>
45 #include <stdlib.h>
46 #include <string.h>
47 #define psignal foil_gcc_psignal
48 #define	sys_siglist foil_gcc_siglist
49 #include <unistd.h>
50 #undef psignal
51 #undef sys_siglist
52 
53 #include "lp.h"
54 #include "lp.local.h"
55 #include "pathnames.h"
56 
57 /*
58  * rmjob - remove the specified jobs from the queue.
59  */
60 
61 /*
62  * Stuff for handling lprm specifications
63  */
64 static char	root[] = "root";
65 static int	all = 0;		/* eliminate all files (root only) */
66 static int	cur_daemon;		/* daemon's pid */
67 static char	current[7+MAXHOSTNAMELEN];  /* active control file name */
68 
69 extern uid_t	uid, euid;		/* real and effective user id's */
70 
71 static	void	alarmhandler(int _signo);
72 static	void	do_unlink(char *_file);
73 
74 void
75 rmjob(const char *printer)
76 {
77 	int i, nitems;
78 	int assasinated = 0;
79 	struct dirent **files;
80 	char *cp;
81 	struct printer myprinter, *pp = &myprinter;
82 
83 	init_printer(pp);
84 	if ((i = getprintcap(printer, pp)) < 0)
85 		fatal(pp, "getprintcap: %s", pcaperr(i));
86 	if ((cp = checkremote(pp))) {
87 		printf("Warning: %s\n", cp);
88 		free(cp);
89 	}
90 
91 	/*
92 	 * If the format was `lprm -' and the user isn't the super-user,
93 	 *  then fake things to look like he said `lprm user'.
94 	 */
95 	if (users < 0) {
96 		if (getuid() == 0)
97 			all = 1;	/* all files in local queue */
98 		else {
99 			user[0] = person;
100 			users = 1;
101 		}
102 	}
103 	if (!strcmp(person, "-all")) {
104 		if (from_host == local_host)
105 			fatal(pp, "The login name \"-all\" is reserved");
106 		all = 1;	/* all those from 'from_host' */
107 		person = root;
108 	}
109 
110 	seteuid(euid);
111 	if (chdir(pp->spool_dir) < 0)
112 		fatal(pp, "cannot chdir to spool directory");
113 	if ((nitems = scandir(".", &files, iscf, NULL)) < 0)
114 		fatal(pp, "cannot access spool directory");
115 	seteuid(uid);
116 
117 	if (nitems) {
118 		/*
119 		 * Check for an active printer daemon (in which case we
120 		 *  kill it if it is reading our file) then remove stuff
121 		 *  (after which we have to restart the daemon).
122 		 */
123 		if (lockchk(pp, pp->lock_file) && chk(current)) {
124 			seteuid(euid);
125 			assasinated = kill(cur_daemon, SIGINT) == 0;
126 			seteuid(uid);
127 			if (!assasinated)
128 				fatal(pp, "cannot kill printer daemon");
129 		}
130 		/*
131 		 * process the files
132 		 */
133 		for (i = 0; i < nitems; i++)
134 			process(pp, files[i]->d_name);
135 	}
136 	rmremote(pp);
137 	/*
138 	 * Restart the printer daemon if it was killed
139 	 */
140 	if (assasinated && !startdaemon(pp))
141 		fatal(pp, "cannot restart printer daemon\n");
142 	exit(0);
143 }
144 
145 /*
146  * Process a lock file: collect the pid of the active
147  *  daemon and the file name of the active spool entry.
148  * Return boolean indicating existence of a lock file.
149  */
150 int
151 lockchk(struct printer *pp, char *slockf)
152 {
153 	FILE *fp;
154 	int i, n;
155 
156 	seteuid(euid);
157 	if ((fp = fopen(slockf, "r")) == NULL) {
158 		if (errno == EACCES)
159 			fatal(pp, "%s: %s", slockf, strerror(errno));
160 		else
161 			return(0);
162 	}
163 	seteuid(uid);
164 	if (!getline(fp)) {
165 		fclose(fp);
166 		return(0);		/* no daemon present */
167 	}
168 	cur_daemon = atoi(line);
169 	if (kill(cur_daemon, 0) < 0 && errno != EPERM) {
170 		fclose(fp);
171 		return(0);		/* no daemon present */
172 	}
173 	for (i = 1; (n = fread(current, sizeof(char), sizeof(current), fp)) <= 0; i++) {
174 		if (i > 5) {
175 			n = 1;
176 			break;
177 		}
178 		sleep(i);
179 	}
180 	current[n-1] = '\0';
181 	fclose(fp);
182 	return(1);
183 }
184 
185 /*
186  * Process a control file.
187  */
188 void
189 process(const struct printer *pp, char *file)
190 {
191 	FILE *cfp;
192 
193 	if (!chk(file))
194 		return;
195 	seteuid(euid);
196 	if ((cfp = fopen(file, "r")) == NULL)
197 		fatal(pp, "cannot open %s", file);
198 	seteuid(uid);
199 	while (getline(cfp)) {
200 		switch (line[0]) {
201 		case 'U':  /* unlink associated files */
202 			if (strchr(line+1, '/') || strncmp(line+1, "df", 2))
203 				break;
204 			do_unlink(line+1);
205 		}
206 	}
207 	fclose(cfp);
208 	do_unlink(file);
209 }
210 
211 static void
212 do_unlink(char *file)
213 {
214 	int	ret;
215 
216 	if (from_host != local_host)
217 		printf("%s: ", local_host);
218 	seteuid(euid);
219 	ret = unlink(file);
220 	seteuid(uid);
221 	printf(ret ? "cannot dequeue %s\n" : "%s dequeued\n", file);
222 }
223 
224 /*
225  * Do the dirty work in checking
226  */
227 int
228 chk(char *file)
229 {
230 	int *r, n;
231 	char **u, *cp;
232 	FILE *cfp;
233 
234 	/*
235 	 * Check for valid cf file name (mostly checking current).
236 	 */
237 	if (strlen(file) < 7 || file[0] != 'c' || file[1] != 'f')
238 		return(0);
239 
240 	if (all && (from_host == local_host || !strcmp(from_host, file+6)))
241 		return(1);
242 
243 	/*
244 	 * get the owner's name from the control file.
245 	 */
246 	seteuid(euid);
247 	if ((cfp = fopen(file, "r")) == NULL)
248 		return(0);
249 	seteuid(uid);
250 	while (getline(cfp)) {
251 		if (line[0] == 'P')
252 			break;
253 	}
254 	fclose(cfp);
255 	if (line[0] != 'P')
256 		return(0);
257 
258 	if (users == 0 && requests == 0)
259 		return(!strcmp(file, current) && isowner(line+1, file));
260 	/*
261 	 * Check the request list
262 	 */
263 	for (n = 0, cp = file+3; isdigit(*cp); )
264 		n = n * 10 + (*cp++ - '0');
265 	for (r = requ; r < &requ[requests]; r++)
266 		if (*r == n && isowner(line+1, file))
267 			return(1);
268 	/*
269 	 * Check to see if it's in the user list
270 	 */
271 	for (u = user; u < &user[users]; u++)
272 		if (!strcmp(*u, line+1) && isowner(line+1, file))
273 			return(1);
274 	return(0);
275 }
276 
277 /*
278  * If root is removing a file on the local machine, allow it.
279  * If root is removing a file from a remote machine, only allow
280  * files sent from the remote machine to be removed.
281  * Normal users can only remove the file from where it was sent.
282  */
283 int
284 isowner(char *owner, char *file)
285 {
286 	if (!strcmp(person, root) && (from_host == local_host ||
287 	    !strcmp(from_host, file+6)))
288 		return (1);
289 	if (!strcmp(person, owner) && !strcmp(from_host, file+6))
290 		return (1);
291 	if (from_host != local_host)
292 		printf("%s: ", local_host);
293 	printf("%s: Permission denied\n", file);
294 	return(0);
295 }
296 
297 /*
298  * Check to see if we are sending files to a remote machine. If we are,
299  * then try removing files on the remote machine.
300  */
301 void
302 rmremote(const struct printer *pp)
303 {
304 	int i, elem, firstreq, niov, rem, totlen;
305 	char buf[BUFSIZ];
306 	void (*savealrm)(int);
307 	struct iovec *iov;
308 
309 	if (!pp->remote)
310 		return;	/* not sending to a remote machine */
311 
312 	/*
313 	 * Flush stdout so the user can see what has been deleted
314 	 * while we wait (possibly) for the connection.
315 	 */
316 	fflush(stdout);
317 
318 	/*
319 	 * Counting:
320 	 *	4 == "\5" + remote_queue + " " + person
321 	 *	2 * users == " " + user[i] for each user
322 	 *	requests == asprintf results for each request
323 	 *	1 == "\n"
324 	 * Although laborious, doing it this way makes it possible for
325 	 * us to process requests of indeterminate length without
326 	 * applying an arbitrary limit.  Arbitrary Limits Are Bad (tm).
327 	 */
328 	if (users > 0)
329 		niov = 4 + 2 * users + requests + 1;
330 	else
331 		niov = 4 + requests + 1;
332 	iov = malloc(niov * sizeof *iov);
333 	if (iov == NULL)
334 		fatal(pp, "out of memory in rmremote()");
335 	iov[0].iov_base = "\5";
336 	iov[1].iov_base = pp->remote_queue;
337 	iov[2].iov_base = " ";
338 	iov[3].iov_base = all ? "-all" : person;
339 	elem = 4;
340 	for (i = 0; i < users; i++) {
341 		iov[elem].iov_base = " ";
342 		iov[elem + 1].iov_base = user[i];
343 		elem += 2;
344 	}
345 	firstreq = elem;
346 	for (i = 0; i < requests; i++) {
347 		asprintf((char **)&iov[elem].iov_base, " %d", requ[i]);
348 		if (iov[elem].iov_base == 0)
349 			fatal(pp, "out of memory in rmremote()");
350 		elem++;
351 	}
352 	iov[elem++].iov_base = "\n";
353 	for (totlen = i = 0; i < niov; i++)
354 		totlen += (iov[i].iov_len = strlen(iov[i].iov_base));
355 
356 	savealrm = signal(SIGALRM, alarmhandler);
357 	alarm(pp->conn_timeout);
358 	rem = getport(pp, pp->remote_host, 0);
359 	signal(SIGALRM, savealrm);
360 	if (rem < 0) {
361 		if (from_host != local_host)
362 			printf("%s: ", local_host);
363 		printf("connection to %s is down\n", pp->remote_host);
364 	} else {
365 		if (writev(rem, iov, niov) != totlen)
366 			fatal(pp, "Lost connection");
367 		while ((i = read(rem, buf, sizeof(buf))) > 0)
368 			fwrite(buf, 1, i, stdout);
369 		close(rem);
370 	}
371 	for (i = 0; i < requests; i++)
372 		free(iov[firstreq + i].iov_base);
373 	free(iov);
374 }
375 
376 /*
377  * Return 1 if the filename begins with 'cf'
378  */
379 int
380 iscf(const struct dirent *d)
381 {
382 	return(d->d_name[0] == 'c' && d->d_name[1] == 'f');
383 }
384 
385 void
386 alarmhandler(int signo __unused)
387 {
388 	/* the signal is ignored */
389 	/* (the '__unused' is just to avoid a compile-time warning) */
390 }
391