1 /*
2  * Copyright (c) 1983, 1993
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 3. All advertising materials mentioning features or use of this software
14  *    must display the following acknowledgement:
15  *	This product includes software developed by the University of
16  *	California, Berkeley and its contributors.
17  * 4. Neither the name of the University nor the names of its contributors
18  *    may be used to endorse or promote products derived from this software
19  *    without specific prior written permission.
20  *
21  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31  * SUCH DAMAGE.
32  *
33  * @(#)rmjob.c	8.2 (Berkeley) 4/28/95
34  * $FreeBSD: src/usr.sbin/lpr/common_source/rmjob.c,v 1.12.2.5 2001/06/25 01:00:56 gad Exp $
35  * $DragonFly: src/usr.sbin/lpr/common_source/rmjob.c,v 1.4 2004/12/18 22:48:03 swildner Exp $
36  */
37 
38 #include <sys/param.h>
39 #include <sys/uio.h>
40 
41 #include <ctype.h>
42 #include <dirent.h>
43 #include <errno.h>
44 #include <signal.h>
45 #include <stdio.h>
46 #include <stdlib.h>
47 #include <string.h>
48 #define psignal foil_gcc_psignal
49 #define	sys_siglist foil_gcc_siglist
50 #include <unistd.h>
51 #undef psignal
52 #undef sys_siglist
53 
54 #include "lp.h"
55 #include "lp.local.h"
56 #include "pathnames.h"
57 
58 /*
59  * rmjob - remove the specified jobs from the queue.
60  */
61 
62 /*
63  * Stuff for handling lprm specifications
64  */
65 static char	root[] = "root";
66 static int	all = 0;		/* eliminate all files (root only) */
67 static int	cur_daemon;		/* daemon's pid */
68 static char	current[7+MAXHOSTNAMELEN];  /* active control file name */
69 
70 extern uid_t	uid, euid;		/* real and effective user id's */
71 
72 static	void	alarmhandler(int _signo);
73 static	void	do_unlink(char *_file);
74 
75 void
76 rmjob(const char *printer)
77 {
78 	int i, nitems;
79 	int assasinated = 0;
80 	struct dirent **files;
81 	char *cp;
82 	struct printer myprinter, *pp = &myprinter;
83 
84 	init_printer(pp);
85 	if ((i = getprintcap(printer, pp)) < 0)
86 		fatal(pp, "getprintcap: %s", pcaperr(i));
87 	if ((cp = checkremote(pp))) {
88 		printf("Warning: %s\n", cp);
89 		free(cp);
90 	}
91 
92 	/*
93 	 * If the format was `lprm -' and the user isn't the super-user,
94 	 *  then fake things to look like he said `lprm user'.
95 	 */
96 	if (users < 0) {
97 		if (getuid() == 0)
98 			all = 1;	/* all files in local queue */
99 		else {
100 			user[0] = person;
101 			users = 1;
102 		}
103 	}
104 	if (!strcmp(person, "-all")) {
105 		if (from_host == local_host)
106 			fatal(pp, "The login name \"-all\" is reserved");
107 		all = 1;	/* all those from 'from_host' */
108 		person = root;
109 	}
110 
111 	seteuid(euid);
112 	if (chdir(pp->spool_dir) < 0)
113 		fatal(pp, "cannot chdir to spool directory");
114 	if ((nitems = scandir(".", &files, iscf, NULL)) < 0)
115 		fatal(pp, "cannot access spool directory");
116 	seteuid(uid);
117 
118 	if (nitems) {
119 		/*
120 		 * Check for an active printer daemon (in which case we
121 		 *  kill it if it is reading our file) then remove stuff
122 		 *  (after which we have to restart the daemon).
123 		 */
124 		if (lockchk(pp, pp->lock_file) && chk(current)) {
125 			seteuid(euid);
126 			assasinated = kill(cur_daemon, SIGINT) == 0;
127 			seteuid(uid);
128 			if (!assasinated)
129 				fatal(pp, "cannot kill printer daemon");
130 		}
131 		/*
132 		 * process the files
133 		 */
134 		for (i = 0; i < nitems; i++)
135 			process(pp, files[i]->d_name);
136 	}
137 	rmremote(pp);
138 	/*
139 	 * Restart the printer daemon if it was killed
140 	 */
141 	if (assasinated && !startdaemon(pp))
142 		fatal(pp, "cannot restart printer daemon\n");
143 	exit(0);
144 }
145 
146 /*
147  * Process a lock file: collect the pid of the active
148  *  daemon and the file name of the active spool entry.
149  * Return boolean indicating existence of a lock file.
150  */
151 int
152 lockchk(struct printer *pp, char *slockf)
153 {
154 	FILE *fp;
155 	int i, n;
156 
157 	seteuid(euid);
158 	if ((fp = fopen(slockf, "r")) == NULL) {
159 		if (errno == EACCES)
160 			fatal(pp, "%s: %s", slockf, strerror(errno));
161 		else
162 			return(0);
163 	}
164 	seteuid(uid);
165 	if (!getline(fp)) {
166 		fclose(fp);
167 		return(0);		/* no daemon present */
168 	}
169 	cur_daemon = atoi(line);
170 	if (kill(cur_daemon, 0) < 0 && errno != EPERM) {
171 		fclose(fp);
172 		return(0);		/* no daemon present */
173 	}
174 	for (i = 1; (n = fread(current, sizeof(char), sizeof(current), fp)) <= 0; i++) {
175 		if (i > 5) {
176 			n = 1;
177 			break;
178 		}
179 		sleep(i);
180 	}
181 	current[n-1] = '\0';
182 	fclose(fp);
183 	return(1);
184 }
185 
186 /*
187  * Process a control file.
188  */
189 void
190 process(const struct printer *pp, char *file)
191 {
192 	FILE *cfp;
193 
194 	if (!chk(file))
195 		return;
196 	seteuid(euid);
197 	if ((cfp = fopen(file, "r")) == NULL)
198 		fatal(pp, "cannot open %s", file);
199 	seteuid(uid);
200 	while (getline(cfp)) {
201 		switch (line[0]) {
202 		case 'U':  /* unlink associated files */
203 			if (strchr(line+1, '/') || strncmp(line+1, "df", 2))
204 				break;
205 			do_unlink(line+1);
206 		}
207 	}
208 	fclose(cfp);
209 	do_unlink(file);
210 }
211 
212 static void
213 do_unlink(char *file)
214 {
215 	int	ret;
216 
217 	if (from_host != local_host)
218 		printf("%s: ", local_host);
219 	seteuid(euid);
220 	ret = unlink(file);
221 	seteuid(uid);
222 	printf(ret ? "cannot dequeue %s\n" : "%s dequeued\n", file);
223 }
224 
225 /*
226  * Do the dirty work in checking
227  */
228 int
229 chk(char *file)
230 {
231 	int *r, n;
232 	char **u, *cp;
233 	FILE *cfp;
234 
235 	/*
236 	 * Check for valid cf file name (mostly checking current).
237 	 */
238 	if (strlen(file) < 7 || file[0] != 'c' || file[1] != 'f')
239 		return(0);
240 
241 	if (all && (from_host == local_host || !strcmp(from_host, file+6)))
242 		return(1);
243 
244 	/*
245 	 * get the owner's name from the control file.
246 	 */
247 	seteuid(euid);
248 	if ((cfp = fopen(file, "r")) == NULL)
249 		return(0);
250 	seteuid(uid);
251 	while (getline(cfp)) {
252 		if (line[0] == 'P')
253 			break;
254 	}
255 	fclose(cfp);
256 	if (line[0] != 'P')
257 		return(0);
258 
259 	if (users == 0 && requests == 0)
260 		return(!strcmp(file, current) && isowner(line+1, file));
261 	/*
262 	 * Check the request list
263 	 */
264 	for (n = 0, cp = file+3; isdigit(*cp); )
265 		n = n * 10 + (*cp++ - '0');
266 	for (r = requ; r < &requ[requests]; r++)
267 		if (*r == n && isowner(line+1, file))
268 			return(1);
269 	/*
270 	 * Check to see if it's in the user list
271 	 */
272 	for (u = user; u < &user[users]; u++)
273 		if (!strcmp(*u, line+1) && isowner(line+1, file))
274 			return(1);
275 	return(0);
276 }
277 
278 /*
279  * If root is removing a file on the local machine, allow it.
280  * If root is removing a file from a remote machine, only allow
281  * files sent from the remote machine to be removed.
282  * Normal users can only remove the file from where it was sent.
283  */
284 int
285 isowner(char *owner, char *file)
286 {
287 	if (!strcmp(person, root) && (from_host == local_host ||
288 	    !strcmp(from_host, file+6)))
289 		return (1);
290 	if (!strcmp(person, owner) && !strcmp(from_host, file+6))
291 		return (1);
292 	if (from_host != local_host)
293 		printf("%s: ", local_host);
294 	printf("%s: Permission denied\n", file);
295 	return(0);
296 }
297 
298 /*
299  * Check to see if we are sending files to a remote machine. If we are,
300  * then try removing files on the remote machine.
301  */
302 void
303 rmremote(const struct printer *pp)
304 {
305 	int i, elem, firstreq, niov, rem, totlen;
306 	char buf[BUFSIZ];
307 	void (*savealrm)(int);
308 	struct iovec *iov;
309 
310 	if (!pp->remote)
311 		return;	/* not sending to a remote machine */
312 
313 	/*
314 	 * Flush stdout so the user can see what has been deleted
315 	 * while we wait (possibly) for the connection.
316 	 */
317 	fflush(stdout);
318 
319 	/*
320 	 * Counting:
321 	 *	4 == "\5" + remote_queue + " " + person
322 	 *	2 * users == " " + user[i] for each user
323 	 *	requests == asprintf results for each request
324 	 *	1 == "\n"
325 	 * Although laborious, doing it this way makes it possible for
326 	 * us to process requests of indeterminate length without
327 	 * applying an arbitrary limit.  Arbitrary Limits Are Bad (tm).
328 	 */
329 	if (users > 0)
330 		niov = 4 + 2 * users + requests + 1;
331 	else
332 		niov = 4 + requests + 1;
333 	iov = malloc(niov * sizeof *iov);
334 	if (iov == 0)
335 		fatal(pp, "out of memory in rmremote()");
336 	iov[0].iov_base = "\5";
337 	iov[1].iov_base = pp->remote_queue;
338 	iov[2].iov_base = " ";
339 	iov[3].iov_base = all ? "-all" : person;
340 	elem = 4;
341 	for (i = 0; i < users; i++) {
342 		iov[elem].iov_base = " ";
343 		iov[elem + 1].iov_base = user[i];
344 		elem += 2;
345 	}
346 	firstreq = elem;
347 	for (i = 0; i < requests; i++) {
348 		asprintf(&iov[elem].iov_base, " %d", requ[i]);
349 		if (iov[elem].iov_base == 0)
350 			fatal(pp, "out of memory in rmremote()");
351 		elem++;
352 	}
353 	iov[elem++].iov_base = "\n";
354 	for (totlen = i = 0; i < niov; i++)
355 		totlen += (iov[i].iov_len = strlen(iov[i].iov_base));
356 
357 	savealrm = signal(SIGALRM, alarmhandler);
358 	alarm(pp->conn_timeout);
359 	rem = getport(pp, pp->remote_host, 0);
360 	signal(SIGALRM, savealrm);
361 	if (rem < 0) {
362 		if (from_host != local_host)
363 			printf("%s: ", local_host);
364 		printf("connection to %s is down\n", pp->remote_host);
365 	} else {
366 		if (writev(rem, iov, niov) != totlen)
367 			fatal(pp, "Lost connection");
368 		while ((i = read(rem, buf, sizeof(buf))) > 0)
369 			fwrite(buf, 1, i, stdout);
370 		close(rem);
371 	}
372 	for (i = 0; i < requests; i++)
373 		free(iov[firstreq + i].iov_base);
374 	free(iov);
375 }
376 
377 /*
378  * Return 1 if the filename begins with 'cf'
379  */
380 int
381 iscf(struct dirent *d)
382 {
383 	return(d->d_name[0] == 'c' && d->d_name[1] == 'f');
384 }
385 
386 void
387 alarmhandler(int signo __unused)
388 {
389 	/* the signal is ignored */
390 	/* (the '__unused' is just to avoid a compile-time warning) */
391 }
392