1 /* 2 * Copyright (c) 1983, 1993 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#)rmjob.c 8.2 (Berkeley) 4/28/95 34 * $FreeBSD: src/usr.sbin/lpr/common_source/rmjob.c,v 1.12.2.5 2001/06/25 01:00:56 gad Exp $ 35 * $DragonFly: src/usr.sbin/lpr/common_source/rmjob.c,v 1.4 2004/12/18 22:48:03 swildner Exp $ 36 */ 37 38 #include <sys/param.h> 39 #include <sys/uio.h> 40 41 #include <ctype.h> 42 #include <dirent.h> 43 #include <errno.h> 44 #include <signal.h> 45 #include <stdio.h> 46 #include <stdlib.h> 47 #include <string.h> 48 #define psignal foil_gcc_psignal 49 #define sys_siglist foil_gcc_siglist 50 #include <unistd.h> 51 #undef psignal 52 #undef sys_siglist 53 54 #include "lp.h" 55 #include "lp.local.h" 56 #include "pathnames.h" 57 58 /* 59 * rmjob - remove the specified jobs from the queue. 60 */ 61 62 /* 63 * Stuff for handling lprm specifications 64 */ 65 static char root[] = "root"; 66 static int all = 0; /* eliminate all files (root only) */ 67 static int cur_daemon; /* daemon's pid */ 68 static char current[7+MAXHOSTNAMELEN]; /* active control file name */ 69 70 extern uid_t uid, euid; /* real and effective user id's */ 71 72 static void alarmhandler(int _signo); 73 static void do_unlink(char *_file); 74 75 void 76 rmjob(const char *printer) 77 { 78 int i, nitems; 79 int assasinated = 0; 80 struct dirent **files; 81 char *cp; 82 struct printer myprinter, *pp = &myprinter; 83 84 init_printer(pp); 85 if ((i = getprintcap(printer, pp)) < 0) 86 fatal(pp, "getprintcap: %s", pcaperr(i)); 87 if ((cp = checkremote(pp))) { 88 printf("Warning: %s\n", cp); 89 free(cp); 90 } 91 92 /* 93 * If the format was `lprm -' and the user isn't the super-user, 94 * then fake things to look like he said `lprm user'. 95 */ 96 if (users < 0) { 97 if (getuid() == 0) 98 all = 1; /* all files in local queue */ 99 else { 100 user[0] = person; 101 users = 1; 102 } 103 } 104 if (!strcmp(person, "-all")) { 105 if (from_host == local_host) 106 fatal(pp, "The login name \"-all\" is reserved"); 107 all = 1; /* all those from 'from_host' */ 108 person = root; 109 } 110 111 seteuid(euid); 112 if (chdir(pp->spool_dir) < 0) 113 fatal(pp, "cannot chdir to spool directory"); 114 if ((nitems = scandir(".", &files, iscf, NULL)) < 0) 115 fatal(pp, "cannot access spool directory"); 116 seteuid(uid); 117 118 if (nitems) { 119 /* 120 * Check for an active printer daemon (in which case we 121 * kill it if it is reading our file) then remove stuff 122 * (after which we have to restart the daemon). 123 */ 124 if (lockchk(pp, pp->lock_file) && chk(current)) { 125 seteuid(euid); 126 assasinated = kill(cur_daemon, SIGINT) == 0; 127 seteuid(uid); 128 if (!assasinated) 129 fatal(pp, "cannot kill printer daemon"); 130 } 131 /* 132 * process the files 133 */ 134 for (i = 0; i < nitems; i++) 135 process(pp, files[i]->d_name); 136 } 137 rmremote(pp); 138 /* 139 * Restart the printer daemon if it was killed 140 */ 141 if (assasinated && !startdaemon(pp)) 142 fatal(pp, "cannot restart printer daemon\n"); 143 exit(0); 144 } 145 146 /* 147 * Process a lock file: collect the pid of the active 148 * daemon and the file name of the active spool entry. 149 * Return boolean indicating existence of a lock file. 150 */ 151 int 152 lockchk(struct printer *pp, char *slockf) 153 { 154 FILE *fp; 155 int i, n; 156 157 seteuid(euid); 158 if ((fp = fopen(slockf, "r")) == NULL) { 159 if (errno == EACCES) 160 fatal(pp, "%s: %s", slockf, strerror(errno)); 161 else 162 return(0); 163 } 164 seteuid(uid); 165 if (!getline(fp)) { 166 fclose(fp); 167 return(0); /* no daemon present */ 168 } 169 cur_daemon = atoi(line); 170 if (kill(cur_daemon, 0) < 0 && errno != EPERM) { 171 fclose(fp); 172 return(0); /* no daemon present */ 173 } 174 for (i = 1; (n = fread(current, sizeof(char), sizeof(current), fp)) <= 0; i++) { 175 if (i > 5) { 176 n = 1; 177 break; 178 } 179 sleep(i); 180 } 181 current[n-1] = '\0'; 182 fclose(fp); 183 return(1); 184 } 185 186 /* 187 * Process a control file. 188 */ 189 void 190 process(const struct printer *pp, char *file) 191 { 192 FILE *cfp; 193 194 if (!chk(file)) 195 return; 196 seteuid(euid); 197 if ((cfp = fopen(file, "r")) == NULL) 198 fatal(pp, "cannot open %s", file); 199 seteuid(uid); 200 while (getline(cfp)) { 201 switch (line[0]) { 202 case 'U': /* unlink associated files */ 203 if (strchr(line+1, '/') || strncmp(line+1, "df", 2)) 204 break; 205 do_unlink(line+1); 206 } 207 } 208 fclose(cfp); 209 do_unlink(file); 210 } 211 212 static void 213 do_unlink(char *file) 214 { 215 int ret; 216 217 if (from_host != local_host) 218 printf("%s: ", local_host); 219 seteuid(euid); 220 ret = unlink(file); 221 seteuid(uid); 222 printf(ret ? "cannot dequeue %s\n" : "%s dequeued\n", file); 223 } 224 225 /* 226 * Do the dirty work in checking 227 */ 228 int 229 chk(char *file) 230 { 231 int *r, n; 232 char **u, *cp; 233 FILE *cfp; 234 235 /* 236 * Check for valid cf file name (mostly checking current). 237 */ 238 if (strlen(file) < 7 || file[0] != 'c' || file[1] != 'f') 239 return(0); 240 241 if (all && (from_host == local_host || !strcmp(from_host, file+6))) 242 return(1); 243 244 /* 245 * get the owner's name from the control file. 246 */ 247 seteuid(euid); 248 if ((cfp = fopen(file, "r")) == NULL) 249 return(0); 250 seteuid(uid); 251 while (getline(cfp)) { 252 if (line[0] == 'P') 253 break; 254 } 255 fclose(cfp); 256 if (line[0] != 'P') 257 return(0); 258 259 if (users == 0 && requests == 0) 260 return(!strcmp(file, current) && isowner(line+1, file)); 261 /* 262 * Check the request list 263 */ 264 for (n = 0, cp = file+3; isdigit(*cp); ) 265 n = n * 10 + (*cp++ - '0'); 266 for (r = requ; r < &requ[requests]; r++) 267 if (*r == n && isowner(line+1, file)) 268 return(1); 269 /* 270 * Check to see if it's in the user list 271 */ 272 for (u = user; u < &user[users]; u++) 273 if (!strcmp(*u, line+1) && isowner(line+1, file)) 274 return(1); 275 return(0); 276 } 277 278 /* 279 * If root is removing a file on the local machine, allow it. 280 * If root is removing a file from a remote machine, only allow 281 * files sent from the remote machine to be removed. 282 * Normal users can only remove the file from where it was sent. 283 */ 284 int 285 isowner(char *owner, char *file) 286 { 287 if (!strcmp(person, root) && (from_host == local_host || 288 !strcmp(from_host, file+6))) 289 return (1); 290 if (!strcmp(person, owner) && !strcmp(from_host, file+6)) 291 return (1); 292 if (from_host != local_host) 293 printf("%s: ", local_host); 294 printf("%s: Permission denied\n", file); 295 return(0); 296 } 297 298 /* 299 * Check to see if we are sending files to a remote machine. If we are, 300 * then try removing files on the remote machine. 301 */ 302 void 303 rmremote(const struct printer *pp) 304 { 305 int i, elem, firstreq, niov, rem, totlen; 306 char buf[BUFSIZ]; 307 void (*savealrm)(int); 308 struct iovec *iov; 309 310 if (!pp->remote) 311 return; /* not sending to a remote machine */ 312 313 /* 314 * Flush stdout so the user can see what has been deleted 315 * while we wait (possibly) for the connection. 316 */ 317 fflush(stdout); 318 319 /* 320 * Counting: 321 * 4 == "\5" + remote_queue + " " + person 322 * 2 * users == " " + user[i] for each user 323 * requests == asprintf results for each request 324 * 1 == "\n" 325 * Although laborious, doing it this way makes it possible for 326 * us to process requests of indeterminate length without 327 * applying an arbitrary limit. Arbitrary Limits Are Bad (tm). 328 */ 329 if (users > 0) 330 niov = 4 + 2 * users + requests + 1; 331 else 332 niov = 4 + requests + 1; 333 iov = malloc(niov * sizeof *iov); 334 if (iov == 0) 335 fatal(pp, "out of memory in rmremote()"); 336 iov[0].iov_base = "\5"; 337 iov[1].iov_base = pp->remote_queue; 338 iov[2].iov_base = " "; 339 iov[3].iov_base = all ? "-all" : person; 340 elem = 4; 341 for (i = 0; i < users; i++) { 342 iov[elem].iov_base = " "; 343 iov[elem + 1].iov_base = user[i]; 344 elem += 2; 345 } 346 firstreq = elem; 347 for (i = 0; i < requests; i++) { 348 asprintf(&iov[elem].iov_base, " %d", requ[i]); 349 if (iov[elem].iov_base == 0) 350 fatal(pp, "out of memory in rmremote()"); 351 elem++; 352 } 353 iov[elem++].iov_base = "\n"; 354 for (totlen = i = 0; i < niov; i++) 355 totlen += (iov[i].iov_len = strlen(iov[i].iov_base)); 356 357 savealrm = signal(SIGALRM, alarmhandler); 358 alarm(pp->conn_timeout); 359 rem = getport(pp, pp->remote_host, 0); 360 signal(SIGALRM, savealrm); 361 if (rem < 0) { 362 if (from_host != local_host) 363 printf("%s: ", local_host); 364 printf("connection to %s is down\n", pp->remote_host); 365 } else { 366 if (writev(rem, iov, niov) != totlen) 367 fatal(pp, "Lost connection"); 368 while ((i = read(rem, buf, sizeof(buf))) > 0) 369 fwrite(buf, 1, i, stdout); 370 close(rem); 371 } 372 for (i = 0; i < requests; i++) 373 free(iov[firstreq + i].iov_base); 374 free(iov); 375 } 376 377 /* 378 * Return 1 if the filename begins with 'cf' 379 */ 380 int 381 iscf(struct dirent *d) 382 { 383 return(d->d_name[0] == 'c' && d->d_name[1] == 'f'); 384 } 385 386 void 387 alarmhandler(int signo __unused) 388 { 389 /* the signal is ignored */ 390 /* (the '__unused' is just to avoid a compile-time warning) */ 391 } 392