xref: /openbsd/usr.sbin/lpr/common_source/rmjob.c (revision 17df1aa7) 
1 /*	$OpenBSD: rmjob.c,v 1.18 2009/10/27 23:59:51 deraadt Exp $	*/
2 /*	$NetBSD: rmjob.c,v 1.16 2000/04/16 14:43:58 mrg Exp $	*/
3 
4 /*
5  * Copyright (c) 1983, 1993
6  *	The Regents of the University of California.  All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  * 3. Neither the name of the University nor the names of its contributors
17  *    may be used to endorse or promote products derived from this software
18  *    without specific prior written permission.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30  * SUCH DAMAGE.
31  */
32 
33 #include <sys/param.h>
34 
35 #include <signal.h>
36 #include <errno.h>
37 #include <fcntl.h>
38 #include <dirent.h>
39 #include <unistd.h>
40 #include <stdlib.h>
41 #include <stdio.h>
42 #include <string.h>
43 #include <ctype.h>
44 #include "lp.h"
45 #include "lp.local.h"
46 #include "pathnames.h"
47 
48 /*
49  * rmjob - remove the specified jobs from the queue.
50  */
51 
52 /*
53  * Stuff for handling lprm specifications
54  */
55 extern char	*user[];		/* users to process */
56 extern int	users;			/* # of users in user array */
57 extern int	requ[];			/* job number of spool entries */
58 extern int	requests;		/* # of spool requests */
59 extern char	*person;		/* name of person doing lprm */
60 
61 static char	root[] = "root";
62 static int	all = 0;		/* eliminate all files (root only) */
63 static int	cur_daemon;		/* daemon's pid */
64 static char	current[NAME_MAX];	/* active control file name */
65 
66 static	void	do_unlink(char *);
67 static	void	alarmer(int);
68 static	int	lockchk(char *);
69 
70 void
71 rmjob(void)
72 {
73 	int i, nitems;
74 	int assasinated = 0;
75 	struct dirent **files;
76 	char *cp;
77 
78 	if ((i = cgetent(&bp, printcapdb, printer)) == -2)
79 		fatal("can't open printer description file");
80 	else if (i == -1)
81 		fatal("unknown printer");
82 	else if (i == -3)
83 		fatal("potential reference loop detected in printcap file");
84 	if (cgetstr(bp, DEFLP, &LP) < 0)
85 		LP = _PATH_DEFDEVLP;
86 	if (cgetstr(bp, "rp", &RP) < 0)
87 		RP = DEFLP;
88 	if (cgetstr(bp, "sd", &SD) < 0)
89 		SD = _PATH_DEFSPOOL;
90 	if (cgetstr(bp,"lo", &LO) < 0)
91 		LO = DEFLOCK;
92 	cgetstr(bp, "rm", &RM);
93 	if ((cp = checkremote()) != NULL)
94 		printf("Warning: %s\n", cp);
95 
96 	/*
97 	 * If the format was `lprm -' and the user isn't the super-user,
98 	 *  then fake things to look like he said `lprm user'.
99 	 */
100 	if (users < 0) {
101 		if (getuid() == 0)
102 			all = 1;	/* all files in local queue */
103 		else {
104 			user[0] = person;
105 			users = 1;
106 		}
107 	}
108 	if (!strcmp(person, "-all")) {
109 		if (from == host)
110 			fatal("The login name \"-all\" is reserved");
111 		all = 1;	/* all those from 'from' */
112 		person = root;
113 	}
114 
115 	PRIV_START;
116 	if (chdir(SD) < 0)
117 		fatal("cannot chdir to spool directory");
118 	if ((nitems = scandir(".", &files, iscf, NULL)) < 0)
119 		fatal("cannot access spool directory");
120 	PRIV_END;
121 
122 	if (nitems) {
123 		/*
124 		 * Check for an active printer daemon.  If one is running
125 		 * and it is reading our file, kill it, then remove stuff.
126 		 * Lastly, restart the daemon if it is not (or no longer)
127 		 * running.
128 		 */
129 		if (lockchk(LO) && chk(current)) {
130 			PRIV_START;
131 			assasinated = kill(cur_daemon, SIGINT) == 0;
132 			PRIV_END;
133 			if (!assasinated)
134 				fatal("cannot kill printer daemon");
135 		}
136 		/*
137 		 * process the files
138 		 */
139 		for (i = 0; i < nitems; i++)
140 			process(files[i]->d_name);
141 	}
142 	rmremote();
143 	/*
144 	 * Restart the printer daemon if it was killed
145 	 */
146 	if (assasinated && !startdaemon(printer))
147 		fatal("cannot restart printer daemon");
148 	exit(0);
149 }
150 
151 /*
152  * Process a lock file: collect the pid of the active
153  * daemon and the file name of the active spool entry.
154  * Return boolean indicating existence of a lock file.
155  */
156 static int
157 lockchk(char *s)
158 {
159 	FILE *fp = NULL;
160 	int fd, i, n;
161 
162 	/* NOTE: lock file is owned by root, not the user. */
163 	PRIV_START;
164 	fd = safe_open(s, O_RDONLY|O_NOFOLLOW, 0);
165 	PRIV_END;
166 	if (fd < 0 || (fp = fdopen(fd, "r")) == NULL) {
167 		if (fd >= 0)
168 			close(fd);
169 		if (errno == EACCES)
170 			fatal("can't access lock file");
171 		else
172 			return(0);
173 	}
174 	if (!getline(fp)) {
175 		(void)fclose(fp);
176 		return(0);		/* no daemon present */
177 	}
178 	cur_daemon = atoi(line);
179 	if (kill(cur_daemon, 0) < 0 && errno != EPERM) {
180 		(void)fclose(fp);
181 		return(0);		/* no daemon present */
182 	}
183 	for (i = 1; (n = fread(current, sizeof(char), sizeof(current), fp)) <= 0; i++) {
184 		if (i > 5) {
185 			n = 1;
186 			break;
187 		}
188 		sleep(i);
189 	}
190 	current[n-1] = '\0';
191 	(void)fclose(fp);
192 	return(1);
193 }
194 
195 /*
196  * Process a control file.
197  */
198 void
199 process(char *file)
200 {
201 	FILE *cfp = NULL;
202 	int fd;
203 
204 	if (!chk(file))
205 		return;
206 	PRIV_START;
207 	fd = safe_open(file, O_RDONLY|O_NOFOLLOW, 0);
208 	PRIV_END;
209 	if (fd < 0 || (cfp = fdopen(fd, "r")) == NULL) {
210 		if (fd >= 0)
211 			close(fd);
212 		fatal("cannot open %s", file);
213 	}
214 	while (getline(cfp)) {
215 		switch (line[0]) {
216 		case 'U':  /* unlink associated files */
217 			if (strchr(line+1, '/') || strncmp(line+1, "df", 2))
218 				break;
219 			do_unlink(line+1);
220 		}
221 	}
222 	(void)fclose(cfp);
223 	do_unlink(file);
224 }
225 
226 static void
227 do_unlink(char *file)
228 {
229 	int	ret;
230 
231 	if (from != host)
232 		printf("%s: ", host);
233 	PRIV_START;
234 	ret = unlink(file);
235 	PRIV_END;
236 	printf(ret ? "cannot dequeue %s\n" : "%s dequeued\n", file);
237 }
238 
239 /*
240  * Do the dirty work in checking
241  */
242 int
243 chk(char *file)
244 {
245 	int *r, n, fd;
246 	char **u, *cp;
247 	FILE *cfp = NULL;
248 
249 	/*
250 	 * Check for valid cf file name (mostly checking current).
251 	 */
252 	if (strlen(file) < 7 || file[0] != 'c' || file[1] != 'f')
253 		return(0);
254 
255 	if (all && (from == host || !strcmp(from, file+6)))
256 		return(1);
257 
258 	/*
259 	 * get the owner's name from the control file.
260 	 */
261 	PRIV_START;
262 	fd = safe_open(file, O_RDONLY|O_NOFOLLOW, 0);
263 	PRIV_END;
264 	if (fd < 0 || (cfp = fdopen(fd, "r")) == NULL) {
265 		if (fd >= 0)
266 			close(fd);
267 		return(0);
268 	}
269 	while (getline(cfp)) {
270 		if (line[0] == 'P')
271 			break;
272 	}
273 	(void)fclose(cfp);
274 	if (line[0] != 'P')
275 		return(0);
276 
277 	if (users == 0 && requests == 0)
278 		return(!strcmp(file, current) && isowner(line+1, file));
279 	/*
280 	 * Check the request list
281 	 */
282 	for (n = 0, cp = file+3; isdigit(*cp); )
283 		n = n * 10 + (*cp++ - '0');
284 	for (r = requ; r < &requ[requests]; r++)
285 		if (*r == n && isowner(line+1, file))
286 			return(1);
287 	/*
288 	 * Check to see if it's in the user list
289 	 */
290 	for (u = user; u < &user[users]; u++)
291 		if (!strcmp(*u, line+1) && isowner(line+1, file))
292 			return(1);
293 	return(0);
294 }
295 
296 /*
297  * If root is removing a file on the local machine, allow it.
298  * If root is removing a file from a remote machine, only allow
299  * files sent from the remote machine to be removed.
300  * Normal users can only remove the file from where it was sent.
301  */
302 int
303 isowner(char *owner, char *file)
304 {
305 	if (!strcmp(person, root) && (from == host || !strcmp(from, file+6)))
306 		return(1);
307 	if (!strcmp(person, owner) && !strcmp(from, file+6))
308 		return(1);
309 	if (from != host)
310 		printf("%s: ", host);
311 	printf("%s: Permission denied\n", file);
312 	return(0);
313 }
314 
315 /*
316  * Check to see if we are sending files to a remote machine. If we are,
317  * then try removing files on the remote machine.
318  */
319 void
320 rmremote(void)
321 {
322 	char *cp;
323 	int i, rem;
324 	size_t n;
325 	char buf[BUFSIZ];
326 
327 	if (!remote)
328 		return;	/* not sending to a remote machine */
329 
330 	/*
331 	 * Flush stdout so the user can see what has been deleted
332 	 * while we wait (possibly) for the connection.
333 	 */
334 	fflush(stdout);
335 
336 	/* the trailing space will be replaced with a newline later */
337 	n = snprintf(buf, sizeof(buf), "\5%s %s ", RP, all ? "-all" : person);
338 	if (n == -1 || n >= sizeof(buf))
339 		goto bad;
340 	cp = buf + n;
341 	for (i = 0; i < users; i++) {
342 		n = strlcpy(cp, user[i], sizeof(buf) - (cp - buf + 1));
343 		if (n >= sizeof(buf) - (cp - buf + 1))
344 			goto bad;
345 		cp += n;
346 		*cp++ = ' ';
347 	}
348 	*cp = '\0';
349 	for (i = 0; i < requests; i++) {
350 		n = snprintf(cp, sizeof(buf) - (cp - buf), "%d ", requ[i]);
351 		if (n == -1 || n >= sizeof(buf) - (cp - buf))
352 			goto bad;
353 		cp += n;
354 	}
355 	cp[-1] = '\n';		/* replace space with newline, leave the NUL */
356 	rem = getport(RM, 0);
357 	if (rem < 0) {
358 		if (from != host)
359 			printf("%s: ", host);
360 		printf("connection to %s is down\n", RM);
361 	} else {
362 		struct sigaction osa, nsa;
363 
364 		memset(&nsa, 0, sizeof(nsa));
365 		nsa.sa_handler = alarmer;
366 		sigemptyset(&nsa.sa_mask);
367 		nsa.sa_flags = 0;
368 		(void)sigaction(SIGALRM, &nsa, &osa);
369 		alarm(wait_time);
370 
371 		i = strlen(buf);
372 		if (write(rem, buf, i) != i)
373 			fatal("Lost connection");
374 		while ((i = read(rem, buf, sizeof(buf))) > 0)
375 			(void)fwrite(buf, 1, i, stdout);
376 		alarm(0);
377 		(void)sigaction(SIGALRM, &osa, NULL);
378 		(void)close(rem);
379 	}
380 	return;
381 bad:
382 	printf("remote buffer too large\n");
383 	return;
384 }
385 
386 static void
387 alarmer(int s)
388 {
389 	/* nothing */
390 }
391 
392 /*
393  * Return 1 if the filename begins with 'cf'
394  */
395 int
396 iscf(struct dirent *d)
397 {
398 	return(d->d_name[0] == 'c' && d->d_name[1] == 'f');
399 }
400