lpd.c revision 1.18
1 /* $NetBSD: lpd.c,v 1.18 1999/12/07 14:54:46 mrg Exp $ */ 2 3 /* 4 * Copyright (c) 1983, 1993, 1994 5 * The Regents of the University of California. All rights reserved. 6 * 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 3. All advertising materials mentioning features or use of this software 17 * must display the following acknowledgement: 18 * This product includes software developed by the University of 19 * California, Berkeley and its contributors. 20 * 4. Neither the name of the University nor the names of its contributors 21 * may be used to endorse or promote products derived from this software 22 * without specific prior written permission. 23 * 24 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 25 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 28 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * SUCH DAMAGE. 35 */ 36 37 #include <sys/cdefs.h> 38 39 #ifndef lint 40 __COPYRIGHT("@(#) Copyright (c) 1983, 1993, 1994\n\ 41 The Regents of the University of California. All rights reserved.\n"); 42 #endif /* not lint */ 43 44 #ifndef lint 45 #if 0 46 static char sccsid[] = "@(#)lpd.c 8.7 (Berkeley) 5/10/95"; 47 #else 48 __RCSID("$NetBSD: lpd.c,v 1.18 1999/12/07 14:54:46 mrg Exp $"); 49 #endif 50 #endif /* not lint */ 51 52 /* 53 * lpd -- line printer daemon. 54 * 55 * Listen for a connection and perform the requested operation. 56 * Operations are: 57 * \1printer\n 58 * check the queue for jobs and print any found. 59 * \2printer\n 60 * receive a job from another machine and queue it. 61 * \3printer [users ...] [jobs ...]\n 62 * return the current state of the queue (short form). 63 * \4printer [users ...] [jobs ...]\n 64 * return the current state of the queue (long form). 65 * \5printer person [users ...] [jobs ...]\n 66 * remove jobs from the queue. 67 * 68 * Strategy to maintain protected spooling area: 69 * 1. Spooling area is writable only by daemon and spooling group 70 * 2. lpr runs setuid root and setgrp spooling group; it uses 71 * root to access any file it wants (verifying things before 72 * with an access call) and group id to know how it should 73 * set up ownership of files in the spooling area. 74 * 3. Files in spooling area are owned by root, group spooling 75 * group, with mode 660. 76 * 4. lpd, lpq and lprm run setuid daemon and setgrp spooling group to 77 * access files and printer. Users can't get to anything 78 * w/o help of lpq and lprm programs. 79 */ 80 81 #include <sys/param.h> 82 #include <sys/wait.h> 83 #include <sys/types.h> 84 #include <sys/socket.h> 85 #include <sys/un.h> 86 #include <sys/stat.h> 87 #include <sys/file.h> 88 #include <netinet/in.h> 89 90 #include <err.h> 91 #include <netdb.h> 92 #include <unistd.h> 93 #include <syslog.h> 94 #include <signal.h> 95 #include <errno.h> 96 #include <fcntl.h> 97 #include <dirent.h> 98 #include <stdio.h> 99 #include <stdlib.h> 100 #include <string.h> 101 #include <ctype.h> 102 #include <arpa/inet.h> 103 104 #include "lp.h" 105 #include "lp.local.h" 106 #include "pathnames.h" 107 #include "extern.h" 108 109 int lflag; /* log requests flag */ 110 int rflag; /* allow of for remote printers */ 111 int sflag; /* secure (no inet) flag */ 112 int from_remote; /* from remote socket */ 113 114 int main __P((int, char **)); 115 static void reapchild __P((int)); 116 static void mcleanup __P((int)); 117 static void doit __P((void)); 118 static void startup __P((void)); 119 static void chkhost __P((struct sockaddr_in *)); 120 static int ckqueue __P((char *)); 121 static void usage __P((void)); 122 123 uid_t uid, euid; 124 int child_count; 125 126 int 127 main(argc, argv) 128 int argc; 129 char **argv; 130 { 131 int f, funix, finet, options, fromlen; 132 fd_set defreadfds; 133 struct sockaddr_un un, fromunix; 134 struct sockaddr_in sin, frominet; 135 int omask, lfd, errs, i; 136 int child_max = 32; /* more then enough to hose the system */ 137 138 euid = geteuid(); /* these shouldn't be different */ 139 uid = getuid(); 140 options = 0; 141 gethostname(host, sizeof(host)); 142 host[sizeof(host) - 1] = '\0'; 143 name = argv[0]; 144 145 errs = 0; 146 while ((i = getopt(argc, argv, "dln:srw:")) != -1) 147 switch (i) { 148 case 'd': 149 options |= SO_DEBUG; 150 break; 151 case 'l': 152 lflag++; 153 break; 154 case 'n': 155 child_max = atoi(optarg); 156 if (child_max < 0 || child_max > 1024) 157 errx(1, "invalid number of children: %s", 158 optarg); 159 break; 160 case 'r': 161 rflag++; 162 break; 163 case 's': 164 sflag++; 165 break; 166 case 'w': 167 wait_time = atoi(optarg); 168 if (wait_time < 0) 169 errx(1, "wait time must be postive: %s", 170 optarg); 171 if (wait_time < 30) 172 warnx("warning: wait time less than 30 seconds"); 173 break; 174 default: 175 errs++; 176 } 177 argc -= optind; 178 argv += optind; 179 if (errs || argc != 0) 180 usage(); 181 182 #ifndef DEBUG 183 /* 184 * Set up standard environment by detaching from the parent. 185 */ 186 daemon(0, 0); 187 #endif 188 189 openlog("lpd", LOG_PID, LOG_LPR); 190 syslog(LOG_INFO, "restarted"); 191 (void)umask(0); 192 lfd = open(_PATH_MASTERLOCK, O_WRONLY|O_CREAT, 0644); 193 if (lfd < 0) { 194 syslog(LOG_ERR, "%s: %m", _PATH_MASTERLOCK); 195 exit(1); 196 } 197 if (flock(lfd, LOCK_EX|LOCK_NB) < 0) { 198 if (errno == EWOULDBLOCK) /* active deamon present */ 199 exit(0); 200 syslog(LOG_ERR, "%s: %m", _PATH_MASTERLOCK); 201 exit(1); 202 } 203 ftruncate(lfd, 0); 204 /* 205 * write process id for others to know 206 */ 207 (void)snprintf(line, sizeof(line), "%u\n", getpid()); 208 f = strlen(line); 209 if (write(lfd, line, f) != f) { 210 syslog(LOG_ERR, "%s: %m", _PATH_MASTERLOCK); 211 exit(1); 212 } 213 signal(SIGCHLD, reapchild); 214 /* 215 * Restart all the printers. 216 */ 217 startup(); 218 (void)unlink(_PATH_SOCKETNAME); 219 funix = socket(AF_LOCAL, SOCK_STREAM, 0); 220 if (funix < 0) { 221 syslog(LOG_ERR, "socket: %m"); 222 exit(1); 223 } 224 #define mask(s) (1 << ((s) - 1)) 225 omask = sigblock(mask(SIGHUP)|mask(SIGINT)|mask(SIGQUIT)|mask(SIGTERM)); 226 signal(SIGHUP, mcleanup); 227 signal(SIGINT, mcleanup); 228 signal(SIGQUIT, mcleanup); 229 signal(SIGTERM, mcleanup); 230 memset(&un, 0, sizeof(un)); 231 un.sun_family = AF_LOCAL; 232 strncpy(un.sun_path, _PATH_SOCKETNAME, sizeof(un.sun_path) - 1); 233 #ifndef SUN_LEN 234 #define SUN_LEN(unp) (strlen((unp)->sun_path) + 2) 235 #endif 236 if (bind(funix, (struct sockaddr *)&un, SUN_LEN(&un)) < 0) { 237 syslog(LOG_ERR, "ubind: %m"); 238 exit(1); 239 } 240 sigsetmask(omask); 241 FD_ZERO(&defreadfds); 242 FD_SET(funix, &defreadfds); 243 listen(funix, 5); 244 if (!sflag) 245 finet = socket(AF_INET, SOCK_STREAM, 0); 246 else 247 finet = -1; /* pretend we couldn't open TCP socket. */ 248 if (finet >= 0) { 249 struct servent *sp; 250 251 if (options & SO_DEBUG) 252 if (setsockopt(finet, SOL_SOCKET, SO_DEBUG, 0, 0) < 0) { 253 syslog(LOG_ERR, "setsockopt (SO_DEBUG): %m"); 254 mcleanup(0); 255 } 256 sp = getservbyname("printer", "tcp"); 257 if (sp == NULL) { 258 syslog(LOG_ERR, "printer/tcp: unknown service"); 259 mcleanup(0); 260 } 261 memset(&sin, 0, sizeof(sin)); 262 sin.sin_family = AF_INET; 263 sin.sin_port = sp->s_port; 264 if (bind(finet, (struct sockaddr *)&sin, sizeof(sin)) < 0) { 265 syslog(LOG_ERR, "bind: %m"); 266 mcleanup(0); 267 } 268 FD_SET(finet, &defreadfds); 269 listen(finet, 5); 270 } 271 /* 272 * Main loop: accept, do a request, continue. 273 */ 274 memset(&frominet, 0, sizeof(frominet)); 275 memset(&fromunix, 0, sizeof(fromunix)); 276 for (;;) { 277 int domain, nfds, s; 278 fd_set readfds; 279 /* "short" so it overflows in about 2 hours */ 280 short sleeptime = 10; 281 282 while (child_max < child_count) { 283 syslog(LOG_WARNING, 284 "too many children, sleeping for %d seconds", 285 sleeptime); 286 sleep(sleeptime); 287 sleeptime <<= 1; 288 if (sleeptime < 0) { 289 syslog(LOG_CRIT, "sleeptime overflowed! help!"); 290 sleeptime = 10; 291 } 292 } 293 294 FD_COPY(&defreadfds, &readfds); 295 nfds = select(20, &readfds, 0, 0, 0); 296 if (nfds <= 0) { 297 if (nfds < 0 && errno != EINTR) 298 syslog(LOG_WARNING, "select: %m"); 299 continue; 300 } 301 if (FD_ISSET(funix, &readfds)) { 302 domain = AF_LOCAL, fromlen = sizeof(fromunix); 303 s = accept(funix, 304 (struct sockaddr *)&fromunix, &fromlen); 305 } else /* if (FD_ISSET(finet, &readfds)) */ { 306 domain = AF_INET, fromlen = sizeof(frominet); 307 s = accept(finet, 308 (struct sockaddr *)&frominet, &fromlen); 309 } 310 if (s < 0) { 311 if (errno != EINTR) 312 syslog(LOG_WARNING, "accept: %m"); 313 continue; 314 } 315 316 switch (fork()) { 317 case 0: 318 signal(SIGCHLD, SIG_IGN); 319 signal(SIGHUP, SIG_IGN); 320 signal(SIGINT, SIG_IGN); 321 signal(SIGQUIT, SIG_IGN); 322 signal(SIGTERM, SIG_IGN); 323 (void)close(funix); 324 if (!sflag) 325 (void)close(finet); 326 dup2(s, 1); 327 (void)close(s); 328 if (domain == AF_INET) { 329 from_remote = 1; 330 chkhost(&frominet); 331 } else 332 from_remote = 0; 333 doit(); 334 exit(0); 335 case -1: 336 syslog(LOG_WARNING, "fork: %m, sleeping for 10 seconds..."); 337 sleep(10); 338 continue; 339 default: 340 child_count++; 341 } 342 (void)close(s); 343 } 344 } 345 346 static void 347 reapchild(signo) 348 int signo; 349 { 350 union wait status; 351 352 while (wait3((int *)&status, WNOHANG, 0) > 0) 353 child_count--; 354 } 355 356 static void 357 mcleanup(signo) 358 int signo; 359 { 360 if (lflag) 361 syslog(LOG_INFO, "exiting"); 362 unlink(_PATH_SOCKETNAME); 363 exit(0); 364 } 365 366 /* 367 * Stuff for handling job specifications 368 */ 369 char *user[MAXUSERS]; /* users to process */ 370 int users; /* # of users in user array */ 371 int requ[MAXREQUESTS]; /* job number of spool entries */ 372 int requests; /* # of spool requests */ 373 char *person; /* name of person doing lprm */ 374 375 char fromb[MAXHOSTNAMELEN]; /* buffer for client's machine name */ 376 char cbuf[BUFSIZ]; /* command line buffer */ 377 char *cmdnames[] = { 378 "null", 379 "printjob", 380 "recvjob", 381 "displayq short", 382 "displayq long", 383 "rmjob" 384 }; 385 386 static void 387 doit() 388 { 389 char *cp; 390 int n; 391 392 for (;;) { 393 cp = cbuf; 394 do { 395 if (cp >= &cbuf[sizeof(cbuf) - 1]) 396 fatal("Command line too long"); 397 if ((n = read(1, cp, 1)) != 1) { 398 if (n < 0) 399 fatal("Lost connection"); 400 return; 401 } 402 } while (*cp++ != '\n'); 403 *--cp = '\0'; 404 cp = cbuf; 405 if (lflag) { 406 if (*cp >= '\1' && *cp <= '\5') { 407 syslog(LOG_INFO, "%s requests %s %s", 408 from, cmdnames[(int)*cp], cp+1); 409 setproctitle("serving %s: %s %s", from, 410 cmdnames[(int)*cp], cp+1); 411 } 412 else 413 syslog(LOG_INFO, "bad request (%d) from %s", 414 *cp, from); 415 } 416 switch (*cp++) { 417 case '\1': /* check the queue and print any jobs there */ 418 printer = cp; 419 printjob(); 420 break; 421 case '\2': /* receive files to be queued */ 422 if (!from_remote) { 423 syslog(LOG_INFO, "illegal request (%d)", *cp); 424 exit(1); 425 } 426 printer = cp; 427 recvjob(); 428 break; 429 case '\3': /* display the queue (short form) */ 430 case '\4': /* display the queue (long form) */ 431 printer = cp; 432 while (*cp) { 433 if (*cp != ' ') { 434 cp++; 435 continue; 436 } 437 *cp++ = '\0'; 438 while (isspace(*cp)) 439 cp++; 440 if (*cp == '\0') 441 break; 442 if (isdigit(*cp)) { 443 if (requests >= MAXREQUESTS) 444 fatal("Too many requests"); 445 requ[requests++] = atoi(cp); 446 } else { 447 if (users >= MAXUSERS) 448 fatal("Too many users"); 449 user[users++] = cp; 450 } 451 } 452 displayq(cbuf[0] - '\3'); 453 exit(0); 454 case '\5': /* remove a job from the queue */ 455 if (!from_remote) { 456 syslog(LOG_INFO, "illegal request (%d)", *cp); 457 exit(1); 458 } 459 printer = cp; 460 while (*cp && *cp != ' ') 461 cp++; 462 if (!*cp) 463 break; 464 *cp++ = '\0'; 465 person = cp; 466 while (*cp) { 467 if (*cp != ' ') { 468 cp++; 469 continue; 470 } 471 *cp++ = '\0'; 472 while (isspace(*cp)) 473 cp++; 474 if (*cp == '\0') 475 break; 476 if (isdigit(*cp)) { 477 if (requests >= MAXREQUESTS) 478 fatal("Too many requests"); 479 requ[requests++] = atoi(cp); 480 } else { 481 if (users >= MAXUSERS) 482 fatal("Too many users"); 483 user[users++] = cp; 484 } 485 } 486 rmjob(); 487 break; 488 } 489 fatal("Illegal service request"); 490 } 491 } 492 493 /* 494 * Make a pass through the printcap database and start printing any 495 * files left from the last time the machine went down. 496 */ 497 static void 498 startup() 499 { 500 char *buf; 501 char *cp; 502 503 /* 504 * Restart the daemons. 505 */ 506 while (cgetnext(&buf, printcapdb) > 0) { 507 if (ckqueue(buf) <= 0) { 508 free(buf); 509 continue; /* no work to do for this printer */ 510 } 511 for (cp = buf; *cp; cp++) 512 if (*cp == '|' || *cp == ':') { 513 *cp = '\0'; 514 break; 515 } 516 if (lflag) 517 syslog(LOG_INFO, "work for %s", buf); 518 switch (fork()) { 519 case -1: 520 syslog(LOG_WARNING, "startup: cannot fork"); 521 mcleanup(0); 522 case 0: 523 printer = buf; 524 setproctitle("working on printer %s", printer); 525 cgetclose(); 526 printjob(); 527 /* NOTREACHED */ 528 default: 529 child_count++; 530 free(buf); 531 } 532 } 533 } 534 535 /* 536 * Make sure there's some work to do before forking off a child 537 */ 538 static int 539 ckqueue(cap) 540 char *cap; 541 { 542 struct dirent *d; 543 DIR *dirp; 544 char *spooldir; 545 546 if (cgetstr(cap, "sd", &spooldir) == -1) 547 spooldir = _PATH_DEFSPOOL; 548 if ((dirp = opendir(spooldir)) == NULL) 549 return (-1); 550 while ((d = readdir(dirp)) != NULL) { 551 if (d->d_name[0] != 'c' || d->d_name[1] != 'f') 552 continue; /* daemon control files only */ 553 closedir(dirp); 554 return (1); /* found something */ 555 } 556 closedir(dirp); 557 return (0); 558 } 559 560 #define DUMMY ":nobody::" 561 562 /* 563 * Check to see if the from host has access to the line printer. 564 */ 565 static void 566 chkhost(f) 567 struct sockaddr_in *f; 568 { 569 struct hostent *hp; 570 FILE *hostf; 571 int first = 1, good = 0; 572 573 f->sin_port = ntohs(f->sin_port); 574 if (f->sin_family != AF_INET || f->sin_port >= IPPORT_RESERVED) 575 fatal("Malformed from address"); 576 577 /* Need real hostname for temporary filenames */ 578 hp = gethostbyaddr((char *)&f->sin_addr, 579 sizeof(struct in_addr), f->sin_family); 580 if (hp == NULL) 581 fatal("Host name for your address (%s) unknown", 582 inet_ntoa(f->sin_addr)); 583 584 (void)strncpy(fromb, hp->h_name, sizeof(fromb) - 1); 585 from[sizeof(fromb) - 1] = '\0'; 586 from = fromb; 587 588 /* Check for spoof, ala rlogind */ 589 hp = gethostbyname(fromb); 590 if (!hp) 591 fatal("hostname for your address (%s) unknown", 592 inet_ntoa(f->sin_addr)); 593 for (; good == 0 && hp->h_addr_list[0] != NULL; hp->h_addr_list++) { 594 if (!memcmp(hp->h_addr_list[0], (caddr_t)&f->sin_addr, 595 sizeof(f->sin_addr))) 596 good = 1; 597 } 598 if (good == 0) 599 fatal("address for your hostname (%s) not matched", 600 inet_ntoa(f->sin_addr)); 601 setproctitle("serving %s", from); 602 hostf = fopen(_PATH_HOSTSEQUIV, "r"); 603 again: 604 if (hostf) { 605 if (__ivaliduser(hostf, f->sin_addr.s_addr, 606 DUMMY, DUMMY) == 0) { 607 (void)fclose(hostf); 608 return; 609 } 610 (void)fclose(hostf); 611 } 612 if (first == 1) { 613 first = 0; 614 hostf = fopen(_PATH_HOSTSLPD, "r"); 615 goto again; 616 } 617 fatal("Your host does not have line printer access"); 618 /*NOTREACHED*/ 619 } 620 621 static void 622 usage() 623 { 624 extern char *__progname; /* XXX */ 625 626 fprintf(stderr, "usage: %s [-d] [-l]\n", __progname); 627 exit(1); 628 } 629
Indexes created Mon Sep 29 18:09:42 GMT 2025