1/* 2 * ------+---------+---------+---------+---------+---------+---------+---------* 3 * Copyright (c) 2001,2011 - Garance Alistair Drosehn <gad@FreeBSD.org>. 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25 * SUCH DAMAGE. 26 * 27 * The views and conclusions contained in the software and documentation 28 * are those of the authors and should not be interpreted as representing 29 * official policies, either expressed or implied, of the FreeBSD Project. 30 * 31 * ------+---------+---------+---------+---------+---------+---------+---------* 32 */ 33 34#include "lp.cdefs.h" /* A cross-platform version of <sys/cdefs.h> */ 35__FBSDID("$FreeBSD$"); 36 37/* 38 * ctlinfo - This collection of routines will know everything there is to 39 * know about the information inside a control file ('cf*') which is used 40 * to describe a print job in lpr & friends. The eventual goal is that it 41 * will be the ONLY source file to know what's inside these control-files. 42 */ 43 44/* 45 * Some define's useful for debuging. 46 * TRIGGERTEST_FNAME and DEBUGREADCF_FNAME, allow us to do testing on 47 * a per-spool-directory basis. 48 */ 49/* #define TRIGGERTEST_FNAME "LpdTestRenameTF" */ 50/* #define DEBUGREADCF_FNAME "LpdDebugReadCF" */ 51/* #define LEAVE_TMPCF_FILES 1 */ 52 53#include <sys/types.h> 54#include <sys/stat.h> 55#include <ctype.h> 56#include <errno.h> 57#include <fcntl.h> 58#include <limits.h> 59#include <netdb.h> 60#include <pwd.h> 61#include <stdio.h> 62#include <stdlib.h> 63#include <string.h> 64#include <syslog.h> 65#include <unistd.h> 66#include "ctlinfo.h" 67 68struct cjprivate { 69 struct cjobinfo pub; 70 char *cji_buff; /* buffer for getline */ 71 char *cji_eobuff; /* last byte IN the buffer */ 72 FILE *cji_fstream; 73 int cji_buffsize; /* # bytes in the buffer */ 74 int cji_dumpit; 75}; 76 77/* 78 * All the following take a parameter of 'int', but expect values in the 79 * range of unsigned char. Define wrappers which take values of type 'char', 80 * whether signed or unsigned, and ensure they end up in the right range. 81 */ 82#define isdigitch(Anychar) isdigit((u_char)(Anychar)) 83#define islowerch(Anychar) islower((u_char)(Anychar)) 84#define isupperch(Anychar) isupper((u_char)(Anychar)) 85#define tolowerch(Anychar) tolower((u_char)(Anychar)) 86 87#define OTHER_USERID_CHARS "-_" /* special chars valid in a userid */ 88 89#define roundup(x, y) ((((x)+((y)-1))/(y))*(y)) 90 91/* 92 * This has to be large enough to fit the maximum length of a single line 93 * in a control-file, including the leading 'command id', a trailing '\n' 94 * and ending '\0'. The max size of an 'U'nlink line, for instance, is 95 * 1 ('U') + PATH_MAX (filename) + 2 ('\n\0'). The maximum 'H'ost line is 96 * 1 ('H') + NI_MAXHOST (remote hostname) + 2 ('\n\0'). Other lines can be 97 * even longer than those. So, pick some nice, large, arbitrary value. 98 */ 99#define CTI_LINEMAX PATH_MAX+NI_MAXHOST+5 100 101extern const char *from_host; /* client's machine name */ 102extern const char *from_ip; /* client machine's IP address */ 103 104__BEGIN_DECLS 105void ctl_dumpcji(FILE *_dbg_stream, const char *_heading, 106 struct cjobinfo *_cjinf); 107static char *ctl_getline(struct cjobinfo *_cjinf); 108static void ctl_rewindcf(struct cjobinfo *_cjinf); 109char *ctl_rmjob(const char *_ptrname, const char *_cfname); 110__END_DECLS 111 112/* 113 * Here are some things which might be needed when compiling this under 114 * platforms other than FreeBSD. 115 */ 116#ifndef __FreeBSD__ 117# ifndef NAME_MAX 118# define NAME_MAX 255 119# endif 120# ifndef NI_MAXHOST 121# define NI_MAXHOST 1025 122# endif 123# ifndef PATH_MAX 124# define PATH_MAX 1024 125# endif 126__BEGIN_DECLS 127char *strdup(const char *_src); 128size_t strlcpy(char *_dst, const char *_src, size_t _siz); 129__END_DECLS 130#endif 131 132/* 133 * Control-files (cf*) have the following format. 134 * 135 * Each control-file describes a single job. It will list one or more 136 * "datafiles" (df*) which should be copied to some printer. Usually 137 * there is only one datafile per job. For the curious, RFC 1179 is an 138 * informal and out-of-date description of lpr/lpd circa 1990. 139 * 140 * Each line in the file gives an attribute of the job as a whole, or one 141 * of the datafiles in the job, or a "command" indicating something to do 142 * with one of the datafiles. Each line starts with an 'id' that indicates 143 * what that line is there for. The 'id' is historically a single byte, 144 * but may be multiple bytes (obviously it would be best if multi-byte ids 145 * started with some letter not already used as a single-byte id!). 146 * After the 'id', the remainder of the line will be the value of the 147 * indicated attribute, or a name of the datafile to be operated on. 148 * 149 * In the following lists of ids, the ids with a '!' in front of them are 150 * NOT explicitly supported by this version of lpd, or at least "not yet 151 * supported". They are only listed for reference purposes, so people 152 * won't be tempted to reuse the same id for a different purpose. 153 * 154 * The following are attributes of the job which should not appear more 155 * than once in a control file. Only the 'H' and 'P' lines are required 156 * by the RFC, but some implementations of lpr won't even get that right. 157 * 158 * ! A - [used by lprNG] 159 * B - As far as I know, this is never used as a single-byte id. 160 * Therefore, I intend to use it for multi-byte id codes. 161 * C - "class name" to display on banner page (this is sometimes 162 * used to hold options for print filters) 163 * ! D - [in lprNG, "timestamp" of when the job was submitted] 164 * ! E - "environment variables" to set [some versions of linux] 165 * H - "host name" of machine where the original 'lpr' was done 166 * I - "indent", the amount to indent output 167 * J - "job name" to display on banner page 168 * L - "literal" user's name as it should be displayed on the 169 * banner page (it is the existence of an 'L' line which 170 * indicates that a job should have a banner page). 171 * M - "mail", userid to mail to when done printing (with email 172 * going to 'M'@'H', so to speak). 173 * P - "person", the user's login name (e.g. for accounting) 174 * ! Q - [used by lprNG for queue-name] 175 * R - "resolution" in dpi, for some laser printer queues 176 * T - "title" for files sent thru 'pr' 177 * W - "width" to use for printing plain-text files 178 * Z - In BSD, "locale" to use for datafiles sent thru 'pr'. 179 * (this BSD usage should move to a different id...) 180 * [in lprNG - this line holds the "Z options"] 181 * 1 - "R font file" for files sent thru troff 182 * 2 - "I font file" for files sent thru troff 183 * 3 - "B font file" for files sent thru troff 184 * 4 - "S font file" for files sent thru troff 185 * 186 * The following are attributes attached to a datafile, and thus may 187 * appear multiple times in a control file (once per datafile): 188 * 189 * N - "name" of file (for display purposes, used by 'lpq') 190 * S - "stat() info" used for symbolic link ('lpr -s') 191 * security checks. 192 * 193 * The following indicate actions to take on a given datafile. The same 194 * datafile may appear on more than one "print this file" command in the 195 * control file. Note that ALL ids with lowercase letters are expected 196 * to be actions to "print this file": 197 * 198 * c - "file name", cifplot file to print. This action appears 199 * when the user has requested 'lpr -c'. 200 * d - "file name", dvi file to print, user requested 'lpr -d' 201 * f - "file name", a plain-text file to print = "standard" 202 * g - "file name", plot(1G) file to print, ie 'lpr -g' 203 * l - "file name", text file with control chars which should 204 * be printed literally, ie 'lpr -l' (note: some printers 205 * take this id as a request to print a postscript file, 206 * and because of *that* some OS's use 'l' to indicate 207 * that a datafile is a postscript file) 208 * n - "file name", ditroff(1) file to print, ie 'lpr -n' 209 * o - "file name", a postscript file to print. This id is 210 * described in the original RFC, but not much has been 211 * done with it. This 'lpr' does not generate control 212 * lines with 'o'-actions, but lpd's printjob processing 213 * will treat it the same as 'l'. 214 * p - "file name", text file to print with pr(1), ie 'lpr -p' 215 * t - "file name", troff(1) file to print, ie 'lpr -t' 216 * v - "file name", plain raster file to print 217 * 218 * U - "file name" of datafile to unlink (ie, remove file 219 * from spool directory. To be done in a 'Pass 2', 220 * AFTER having processed all datafiles in the job). 221 * 222 */ 223 224void 225ctl_freeinf(struct cjobinfo *cjinf) 226{ 227#define FREESTR(xStr) \ 228 if (xStr != NULL) { \ 229 free(xStr); \ 230 xStr = NULL;\ 231 } 232 233 struct cjprivate *cpriv; 234 235 if (cjinf == NULL) 236 return; 237 cpriv = cjinf->cji_priv; 238 if ((cpriv == NULL) || (cpriv != cpriv->pub.cji_priv)) { 239 syslog(LOG_ERR, "in ctl_freeinf(%p): invalid cjinf (cpriv %p)", 240 (void *)cjinf, (void *)cpriv); 241 return; 242 } 243 244 FREESTR(cpriv->pub.cji_accthost); 245 FREESTR(cpriv->pub.cji_acctuser); 246 FREESTR(cpriv->pub.cji_class); 247 FREESTR(cpriv->pub.cji_curqueue); 248 /* [cpriv->pub.cji_fname is part of cpriv-malloced area] */ 249 FREESTR(cpriv->pub.cji_jobname); 250 FREESTR(cpriv->pub.cji_mailto); 251 FREESTR(cpriv->pub.cji_headruser); 252 253 if (cpriv->cji_fstream != NULL) { 254 fclose(cpriv->cji_fstream); 255 cpriv->cji_fstream = NULL; 256 } 257 258 cjinf->cji_priv = NULL; 259 free(cpriv); 260#undef FREESTR 261} 262 263#ifdef DEBUGREADCF_FNAME 264static FILE *ctl_dbgfile = NULL; 265static struct stat ctl_dbgstat; 266#endif 267static int ctl_dbgline = 0; 268 269struct cjobinfo * 270ctl_readcf(const char *ptrname, const char *cfname) 271{ 272 int id; 273 char *lbuff; 274 void *cstart; 275 FILE *cfile; 276 struct cjprivate *cpriv; 277 struct cjobinfo *cjinf; 278 size_t msize, sroom, sroom2; 279 280 cfile = fopen(cfname, "r"); 281 if (cfile == NULL) { 282 syslog(LOG_ERR, "%s: ctl_readcf error fopen(%s): %s", 283 ptrname, cfname, strerror(errno)); 284 return NULL; 285 } 286 287 sroom = roundup(sizeof(struct cjprivate), 8); 288 sroom2 = sroom + strlen(cfname) + 1; 289 sroom2 = roundup(sroom2, 8); 290 msize = sroom2 + CTI_LINEMAX; 291 msize = roundup(msize, 8); 292 cstart = malloc(msize); 293 if (cstart == NULL) 294 return NULL; 295 memset(cstart, 0, msize); 296 cpriv = (struct cjprivate *)cstart; 297 cpriv->pub.cji_priv = cpriv; 298 299 cpriv->pub.cji_fname = (char *)cstart + sroom; 300 strcpy(cpriv->pub.cji_fname, cfname); 301 cpriv->cji_buff = (char *)cstart + sroom2; 302 cpriv->cji_buffsize = (int)(msize - sroom2); 303 cpriv->cji_eobuff = (char *)cstart + msize - 1; 304 305 cpriv->cji_fstream = cfile; 306 cpriv->pub.cji_curqueue = strdup(ptrname); 307 308 ctl_dbgline = 0; 309#ifdef DEBUGREADCF_FNAME 310 ctl_dbgfile = NULL; 311 id = stat(DEBUGREADCF_FNAME, &ctl_dbgstat); 312 if (id != -1) { 313 /* the file exists in this spool directory, write some simple 314 * debugging info to it */ 315 ctl_dbgfile = fopen(DEBUGREADCF_FNAME, "a"); 316 if (ctl_dbgfile != NULL) { 317 fprintf(ctl_dbgfile, "%s: s=%p r=%ld e=%p %p->%s\n", 318 ptrname, (void *)cpriv, (long)sroom, 319 cpriv->cji_eobuff, cpriv->pub.cji_fname, 320 cpriv->pub.cji_fname); 321 } 322 } 323#endif 324 /* 325 * Copy job-attribute values from control file to the struct of 326 * "public" information. In some cases, it is invalid for the 327 * value to be a null-string, so that is ignored. 328 */ 329 cjinf = &(cpriv->pub); 330 lbuff = ctl_getline(cjinf); 331 while (lbuff != NULL) { 332 id = *lbuff++; 333 switch (id) { 334 case 'C': 335 cpriv->pub.cji_class = strdup(lbuff); 336 break; 337 case 'H': 338 if (*lbuff == '\0') 339 break; 340 cpriv->pub.cji_accthost = strdup(lbuff); 341 break; 342 case 'J': 343 cpriv->pub.cji_jobname = strdup(lbuff); 344 break; 345 case 'L': 346 cpriv->pub.cji_headruser = strdup(lbuff); 347 break; 348 case 'M': 349 /* 350 * No valid mail-to address would start with a minus. 351 * If this one does, it is probably some trickster who 352 * is trying to trigger options on sendmail. Ignore. 353 */ 354 if (*lbuff == '-') 355 break; 356 if (*lbuff == '\0') 357 break; 358 cpriv->pub.cji_mailto = strdup(lbuff); 359 break; 360 case 'P': 361 if (*lbuff == '\0') 362 break; 363 /* The userid must not start with a minus sign */ 364 if (*lbuff == '-') 365 *lbuff = '_'; 366 cpriv->pub.cji_acctuser = strdup(lbuff); 367 break; 368 default: 369 if (islower(id)) { 370 cpriv->pub.cji_dfcount++; 371 } 372 break; 373 } 374 lbuff = ctl_getline(cjinf); 375 } 376 377 /* the 'H'ost and 'P'erson fields are *always* supposed to be there */ 378 if (cpriv->pub.cji_accthost == NULL) 379 cpriv->pub.cji_accthost = strdup(".na."); 380 if (cpriv->pub.cji_acctuser == NULL) 381 cpriv->pub.cji_acctuser = strdup(".na."); 382 383#ifdef DEBUGREADCF_FNAME 384 if (ctl_dbgfile != NULL) { 385 if (cpriv->cji_dumpit) 386 ctl_dumpcji(ctl_dbgfile, "end readcf", &(cpriv->pub)); 387 fclose(ctl_dbgfile); 388 ctl_dbgfile = NULL; 389 } 390#endif 391 return &(cpriv->pub); 392} 393 394/* 395 * This routine renames the temporary control file as received from some 396 * other (remote) host. That file will almost always with `tfA*', because 397 * recvjob.c creates the file by changing `c' to `t' in the original name 398 * for the control file. Now if you read the RFC, you would think that all 399 * control filenames start with `cfA*'. However, it seems there are some 400 * implementations which send control filenames which start with `cf' 401 * followed by *any* letter, so this routine can not assume what the third 402 * letter will (or will not) be. Sigh. 403 * 404 * So this will rewrite the temporary file to `rf*' (correcting any lines 405 * which need correcting), rename that `rf*' file to `cf*', and then remove 406 * the original `tf*' temporary file. 407 * 408 * The *main* purpose of this routine is to be paranoid about the contents 409 * of that control file. It is partially meant to protect against people 410 * TRYING to cause trouble (perhaps after breaking into root of some host 411 * that this host will accept print jobs from). The fact that we're willing 412 * to print jobs from some remote host does not mean that we should blindly 413 * do anything that host tells us to do. 414 * 415 * This is also meant to protect us from errors in other implementations of 416 * lpr, particularly since we may want to use some values from the control 417 * file as environment variables when it comes time to print, or as parameters 418 * to commands which will be exec'ed, or values in statistics records. 419 * 420 * This may also do some "conversions" between how different versions of 421 * lpr or lprNG define the contents of various lines in a control file. 422 * 423 * If there is an error, it returns a pointer to a descriptive error message. 424 * Error messages which are RETURNED (as opposed to syslog-ed) do not include 425 * the printer-queue name. Let the caller add that if it is wanted. 426 */ 427char * 428ctl_renametf(const char *ptrname, const char *tfname) 429{ 430 int chk3rd, has_uc, newfd, nogood, res; 431 FILE *newcf; 432 struct cjobinfo *cjinf; 433 char *lbuff, *slash, *cp; 434 char tfname2[NAME_MAX+1], cfname2[NAME_MAX+1]; 435 char errm[CTI_LINEMAX]; 436 437#ifdef TRIGGERTEST_FNAME 438 struct stat tstat; 439 res = stat(TRIGGERTEST_FNAME, &tstat); 440 if (res == -1) { 441 /* 442 * if the trigger file does NOT exist in this spool directory, 443 * then do the exact same steps that the pre-ctlinfo code had 444 * been doing. Ie, very little. 445 */ 446 strlcpy(cfname2, tfname, sizeof(cfname2)); 447 cfname2[0] = 'c'; 448 res = link(tfname, cfname2); 449 if (res < 0) { 450 snprintf(errm, sizeof(errm), 451 "ctl_renametf error link(%s,%s): %s", tfname, 452 cfname2, strerror(errno)); 453 return strdup(errm); 454 } 455 unlink(tfname); 456 return NULL; 457 } 458#endif 459 cjinf = NULL; /* in case of early jump to error_ret */ 460 newcf = NULL; /* in case of early jump to error_ret */ 461 *errm = '\0'; /* in case of early jump to error_ret */ 462 463 chk3rd = tfname[2]; 464 if ((tfname[0] != 't') || (tfname[1] != 'f') || (!isalpha(chk3rd))) { 465 snprintf(errm, sizeof(errm), 466 "ctl_renametf invalid filename: %s", tfname); 467 goto error_ret; 468 } 469 470 cjinf = ctl_readcf(ptrname, tfname); 471 if (cjinf == NULL) { 472 snprintf(errm, sizeof(errm), 473 "ctl_renametf error cti_readcf(%s)", tfname); 474 goto error_ret; 475 } 476 477 /* 478 * This uses open+fdopen instead of fopen because that combination 479 * gives us greater control over file-creation issues. 480 */ 481 strlcpy(tfname2, tfname, sizeof(tfname2)); 482 tfname2[0] = 'r'; /* rf<letter><job><hostname> */ 483 newfd = open(tfname2, O_WRONLY|O_CREAT|O_TRUNC, 0660); 484 if (newfd == -1) { 485 snprintf(errm, sizeof(errm), 486 "ctl_renametf error open(%s): %s", tfname2, 487 strerror(errno)); 488 goto error_ret; 489 } 490 newcf = fdopen(newfd, "w"); 491 if (newcf == NULL) { 492 close(newfd); 493 snprintf(errm, sizeof(errm), 494 "ctl_renametf error fopen(%s): %s", tfname2, 495 strerror(errno)); 496 goto error_ret; 497 } 498 499 /* 500 * Do extra sanity checks on some key job-attribute fields, and 501 * write them out first (thus making sure they are written in the 502 * order we generally expect them to be in). 503 */ 504 /* 505 * Some lpr implementations on PC's set a null-string for their 506 * hostname. A MacOS 10 system which has not correctly setup 507 * /etc/hostconfig will claim a hostname of 'localhost'. Anything 508 * with blanks in it would be an invalid value for hostname. For 509 * any of these invalid hostname values, replace the given value 510 * with the name of the host that this job is coming from. 511 */ 512 nogood = 0; 513 if (cjinf->cji_accthost == NULL) 514 nogood = 1; 515 else if (strcmp(cjinf->cji_accthost, ".na.") == 0) 516 nogood = 1; 517 else if (strcmp(cjinf->cji_accthost, "localhost") == 0) 518 nogood = 1; 519 else { 520 for (cp = cjinf->cji_accthost; *cp != '\0'; cp++) { 521 if (*cp <= ' ') { 522 nogood = 1; 523 break; 524 } 525 } 526 } 527 if (nogood) 528 fprintf(newcf, "H%s\n", from_host); 529 else 530 fprintf(newcf, "H%s\n", cjinf->cji_accthost); 531 532 /* 533 * Now do some sanity checks on the 'P' (original userid) value. Note 534 * that the 'P'erson line is the second line which is ALWAYS supposed 535 * to be present in a control file. 536 * 537 * There is no particularly good value to use for replacements, but 538 * at least make sure the value is something reasonable to use in 539 * environment variables and statistics records. Again, some PC 540 * implementations send a null-string for a value. Various Mac 541 * implementations will set whatever string the user has set for 542 * their 'Owner Name', which usually includes blanks, etc. 543 */ 544 nogood = 0; 545 if (cjinf->cji_acctuser == NULL) 546 nogood = 1; 547 else if (strcmp(cjinf->cji_acctuser, ".na.") == 0) 548 ; /* No further checks needed... */ 549 else { 550 has_uc = 0; 551 cp = cjinf->cji_acctuser; 552 if (*cp == '-') 553 *cp++ = '_'; 554 for (; *cp != '\0'; cp++) { 555 if (islowerch(*cp) || isdigitch(*cp)) 556 continue; /* Standard valid characters */ 557 if (strchr(OTHER_USERID_CHARS, *cp) != NULL) 558 continue; /* Some more valid characters */ 559 if (isupperch(*cp)) { 560 has_uc = 1; /* These may be valid... */ 561 continue; 562 } 563 *cp = '_'; 564 } 565 /* 566 * Some Windows hosts send print jobs where the correct userid 567 * has been converted to uppercase, and that can cause trouble 568 * for sites that expect the correct value (for something like 569 * accounting). On the other hand, some sites do use uppercase 570 * in their userids, so we can't blindly convert to lowercase. 571 */ 572 if (has_uc && (getpwnam(cjinf->cji_acctuser) == NULL)) { 573 for (cp = cjinf->cji_acctuser; *cp != '\0'; cp++) { 574 if (isupperch(*cp)) 575 *cp = tolowerch(*cp); 576 } 577 } 578 } 579 if (nogood) 580 fprintf(newcf, "P%s\n", ".na."); 581 else 582 fprintf(newcf, "P%s\n", cjinf->cji_acctuser); 583 584 /* No need for sanity checks on class, jobname, "literal" user. */ 585 if (cjinf->cji_class != NULL) 586 fprintf(newcf, "C%s\n", cjinf->cji_class); 587 if (cjinf->cji_jobname != NULL) 588 fprintf(newcf, "J%s\n", cjinf->cji_jobname); 589 if (cjinf->cji_headruser != NULL) 590 fprintf(newcf, "L%s\n", cjinf->cji_headruser); 591 592 /* 593 * This should probably add more sanity checks on mailto value. 594 * Note that if the mailto value is "wrong", then there's no good 595 * way to know what the "correct" value would be, and we should not 596 * semd email to some random address. At least for now, just ignore 597 * any invalid values. 598 */ 599 nogood = 0; 600 if (cjinf->cji_mailto == NULL) 601 nogood = 1; 602 else { 603 for (cp = cjinf->cji_mailto; *cp != '\0'; cp++) { 604 if (*cp <= ' ') { 605 nogood = 1; 606 break; 607 } 608 } 609 } 610 if (!nogood) 611 fprintf(newcf, "M%s\n", cjinf->cji_mailto); 612 613 /* 614 * Now go thru the old control file, copying all information which 615 * hasn't already been written into the new file. 616 */ 617 ctl_rewindcf(cjinf); 618 lbuff = ctl_getline(cjinf); 619 while (lbuff != NULL) { 620 switch (lbuff[0]) { 621 case 'H': 622 case 'P': 623 case 'C': 624 case 'J': 625 case 'L': 626 case 'M': 627 /* already wrote values for these to the newcf */ 628 break; 629 case 'N': 630 /* see comments under 'U'... */ 631 if (cjinf->cji_dfcount == 0) { 632 /* in this case, 'N's will be done in 'U' */ 633 break; 634 } 635 fprintf(newcf, "%s\n", lbuff); 636 break; 637 case 'U': 638 /* 639 * check for the very common case where the remote 640 * host had to process 'lpr -s -r', but it did not 641 * remove the Unlink line from the control file. 642 * Such Unlink lines will legitimately have a '/' in 643 * them, but it is the original lpr host which would 644 * have done the unlink of such files, and not any 645 * host receiving that job. 646 */ 647 slash = strchr(lbuff, '/'); 648 if (slash != NULL) { 649 break; /* skip this line */ 650 } 651 /* 652 * Okay, another kind of broken lpr implementation 653 * is one which send datafiles, and Unlink's those 654 * datafiles, but never includes any PRINT request 655 * for those files. Experimentation shows that one 656 * copy of those datafiles should be printed with a 657 * format of 'f'. If this is an example of such a 658 * screwed-up control file, fix it here. 659 */ 660 if (cjinf->cji_dfcount == 0) { 661 lbuff++; 662 if (strncmp(lbuff, "df", (size_t)2) == 0) { 663 fprintf(newcf, "f%s\n", lbuff); 664 fprintf(newcf, "U%s\n", lbuff); 665 fprintf(newcf, "N%s\n", lbuff); 666 } 667 break; 668 } 669 fprintf(newcf, "%s\n", lbuff); 670 break; 671 default: 672 fprintf(newcf, "%s\n", lbuff); 673 break; 674 } 675 lbuff = ctl_getline(cjinf); 676 } 677 678 ctl_freeinf(cjinf); 679 cjinf = NULL; 680 681 res = fclose(newcf); 682 newcf = NULL; 683 if (res != 0) { 684 snprintf(errm, sizeof(errm), 685 "ctl_renametf error fclose(%s): %s", tfname2, 686 strerror(errno)); 687 goto error_ret; 688 } 689 690 strlcpy(cfname2, tfname, sizeof(cfname2)); 691 cfname2[0] = 'c'; /* rename new file to 'cfA*' */ 692 res = link(tfname2, cfname2); 693 if (res != 0) { 694 snprintf(errm, sizeof(errm), 695 "ctl_renametf error link(%s,%s): %s", tfname2, cfname2, 696 strerror(errno)); 697 goto error_ret; 698 } 699 700 /* All the important work is done. Now just remove temp files */ 701#ifdef LEAVE_TMPCF_FILES 702 { 703 struct stat tfstat; 704 size_t size1; 705 tfstat.st_size = 1; /* certainly invalid value */ 706 res = stat(tfname, &tfstat); 707 size1 = tfstat.st_size; 708 tfstat.st_size = 2; /* certainly invalid value */ 709 res = stat(tfname2, &tfstat); 710 /* 711 * If the sizes do not match, or either stat call failed, 712 * then do not remove the temp files, but just move them 713 * out of the way. This is so I can see what this routine 714 * had changed (and the files won't interfere with some 715 * later job coming in from the same host). In this case, 716 * we don't care if we clobber some previous file. 717 */ 718 if (size1 != tfstat.st_size) { 719 strlcpy(cfname2, tfname, sizeof(cfname2)); 720 strlcat(cfname2, "._T", sizeof(cfname2)); 721 rename(tfname, cfname2); 722 strlcpy(cfname2, tfname2, sizeof(cfname2)); 723 strlcat(cfname2, "._T", sizeof(cfname2)); 724 rename(tfname2, cfname2); 725 return NULL; 726 } 727 } 728#endif 729 unlink(tfname); 730 unlink(tfname2); 731 732 return NULL; 733 734error_ret: 735 if (cjinf != NULL) 736 ctl_freeinf(cjinf); 737 if (newcf != NULL) 738 fclose(newcf); 739 740 if (*errm != '\0') 741 return strdup(errm); 742 return strdup("ctl_renametf internal (missed) error"); 743} 744 745void 746ctl_rewindcf(struct cjobinfo *cjinf) 747{ 748 struct cjprivate *cpriv; 749 750 if (cjinf == NULL) 751 return; 752 cpriv = cjinf->cji_priv; 753 if ((cpriv == NULL) || (cpriv != cpriv->pub.cji_priv)) { 754 syslog(LOG_ERR, "in ctl_rewindcf(%p): invalid cjinf (cpriv %p)", 755 (void *)cjinf, (void *)cpriv); 756 return; 757 } 758 759 rewind(cpriv->cji_fstream); /* assume no errors... :-) */ 760} 761 762char * 763ctl_rmjob(const char *ptrname, const char *cfname) 764{ 765 struct cjobinfo *cjinf; 766 char *lbuff; 767 char errm[CTI_LINEMAX]; 768 769 cjinf = ctl_readcf(ptrname, cfname); 770 if (cjinf == NULL) { 771 snprintf(errm, sizeof(errm), 772 "ctl_renametf error cti_readcf(%s)", cfname); 773 return strdup(errm); 774 } 775 776 ctl_rewindcf(cjinf); 777 lbuff = ctl_getline(cjinf); 778 while (lbuff != NULL) { 779 /* obviously we need to fill in the following... */ 780 switch (lbuff[0]) { 781 case 'S': 782 break; 783 case 'U': 784 break; 785 default: 786 break; 787 } 788 lbuff = ctl_getline(cjinf); 789 } 790 791 ctl_freeinf(cjinf); 792 cjinf = NULL; 793 794 return NULL; 795} 796 797/* 798 * The following routine was originally written to pin down a bug. It is 799 * no longer needed for that problem, but may be useful to keep around for 800 * other debugging. 801 */ 802void 803ctl_dumpcji(FILE *dbg_stream, const char *heading, struct cjobinfo *cjinf) 804{ 805#define PRINTSTR(xHdr,xStr) \ 806 astr = xStr; \ 807 ctl_dbgline++; \ 808 fprintf(dbg_stream, "%4d] %12s = ", ctl_dbgline, xHdr); \ 809 if (astr == NULL) \ 810 fprintf(dbg_stream, "NULL\n"); \ 811 else \ 812 fprintf(dbg_stream, "%p -> %s\n", astr, astr) 813 814 struct cjprivate *cpriv; 815 char *astr; 816 817 if (cjinf == NULL) { 818 fprintf(dbg_stream, 819 "ctl_dumpcji: ptr to cjobinfo for '%s' is NULL\n", 820 heading); 821 return; 822 } 823 cpriv = cjinf->cji_priv; 824 825 fprintf(dbg_stream, "ctl_dumpcji: Dump '%s' of cjobinfo at %p->%p\n", 826 heading, (void *)cjinf, cpriv->cji_buff); 827 828 PRINTSTR("accthost.H", cpriv->pub.cji_accthost); 829 PRINTSTR("acctuser.P", cpriv->pub.cji_acctuser); 830 PRINTSTR("class.C", cpriv->pub.cji_class); 831 PRINTSTR("cf-qname", cpriv->pub.cji_curqueue); 832 PRINTSTR("cf-fname", cpriv->pub.cji_fname); 833 PRINTSTR("jobname.J", cpriv->pub.cji_jobname); 834 PRINTSTR("mailto.M", cpriv->pub.cji_mailto); 835 PRINTSTR("headruser.L", cpriv->pub.cji_headruser); 836 837 ctl_dbgline++; 838 fprintf(dbg_stream, "%4d] %12s = ", ctl_dbgline, "*cjprivate"); 839 if (cpriv->pub.cji_priv == NULL) 840 fprintf(dbg_stream, "NULL !!\n"); 841 else 842 fprintf(dbg_stream, "%p\n", (void *)cpriv->pub.cji_priv); 843 844 fprintf(dbg_stream, "|- - - - --> Dump '%s' complete\n", heading); 845 846 /* flush output for the benefit of anyone doing a 'tail -f' */ 847 fflush(dbg_stream); 848 849#undef PRINTSTR 850} 851 852/* 853 * This routine reads in the next line from the control-file, and removes 854 * the trailing newline character. 855 * 856 * Historical note: Earlier versions of this routine did tab-expansion for 857 * ALL lines read in, which did not make any sense for most of the lines 858 * in a control file. For the lines where tab-expansion is useful, it will 859 * now have to be done by the calling routine. 860 */ 861static char * 862ctl_getline(struct cjobinfo *cjinf) 863{ 864 char *strp, *nl; 865 struct cjprivate *cpriv; 866 867 if (cjinf == NULL) 868 return NULL; 869 cpriv = cjinf->cji_priv; 870 if ((cpriv == NULL) || (cpriv != cpriv->pub.cji_priv)) { 871 syslog(LOG_ERR, "in ctl_getline(%p): invalid cjinf (cpriv %p)", 872 (void *)cjinf, (void *)cpriv); 873 return NULL; 874 } 875 876 errno = 0; 877 strp = fgets(cpriv->cji_buff, cpriv->cji_buffsize, cpriv->cji_fstream); 878 if (strp == NULL) { 879 if (errno != 0) 880 syslog(LOG_ERR, "%s: ctl_getline error fgets(%s): %s", 881 cpriv->pub.cji_curqueue, cpriv->pub.cji_fname, 882 strerror(errno)); 883 return NULL; 884 } 885 nl = strchr(strp, '\n'); 886 if (nl != NULL) 887 *nl = '\0'; 888 889#ifdef DEBUGREADCF_FNAME 890 /* I'd like to find out if the previous work to expand tabs was ever 891 * really used, and if so, on what lines and for what reason. 892 * Yes, all this work probably means I'm obsessed about this 'tab' 893 * issue, but isn't programming a matter of obsession? 894 */ 895 { 896 int tabcnt; 897 char *ch; 898 899 tabcnt = 0; 900 ch = strp; 901 for (ch = strp; *ch != '\0'; ch++) { 902 if (*ch == '\t') 903 tabcnt++; 904 } 905 906 if (tabcnt && (ctl_dbgfile != NULL)) { 907 cpriv->cji_dumpit++; 908 fprintf(ctl_dbgfile, "%s: tabs=%d '%s'\n", 909 cpriv->pub.cji_fname, tabcnt, cpriv->cji_buff); 910 } 911 } 912#endif 913 return strp; 914} 915