1/*- 2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD 3 * 4 * ------+---------+---------+---------+---------+---------+---------+---------* 5 * Copyright (c) 2001,2011 - Garance Alistair Drosehn <gad@FreeBSD.org>. 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * The views and conclusions contained in the software and documentation 30 * are those of the authors and should not be interpreted as representing 31 * official policies, either expressed or implied, of the FreeBSD Project. 32 * 33 * ------+---------+---------+---------+---------+---------+---------+---------* 34 */ 35 36#include "lp.cdefs.h" /* A cross-platform version of <sys/cdefs.h> */ 37__FBSDID("$FreeBSD: stable/11/usr.sbin/lpr/common_source/ctlinfo.c 330449 2018-03-05 07:26:05Z eadler $"); 38 39/* 40 * ctlinfo - This collection of routines will know everything there is to 41 * know about the information inside a control file ('cf*') which is used 42 * to describe a print job in lpr & friends. The eventual goal is that it 43 * will be the ONLY source file to know what's inside these control-files. 44 */ 45 46/* 47 * Some define's useful for debuging. 48 * TRIGGERTEST_FNAME and DEBUGREADCF_FNAME, allow us to do testing on 49 * a per-spool-directory basis. 50 */ 51/* #define TRIGGERTEST_FNAME "LpdTestRenameTF" */ 52/* #define DEBUGREADCF_FNAME "LpdDebugReadCF" */ 53/* #define LEAVE_TMPCF_FILES 1 */ 54 55#include <sys/types.h> 56#include <sys/stat.h> 57#include <ctype.h> 58#include <errno.h> 59#include <fcntl.h> 60#include <limits.h> 61#include <netdb.h> 62#include <pwd.h> 63#include <stdio.h> 64#include <stdlib.h> 65#include <string.h> 66#include <syslog.h> 67#include <unistd.h> 68#include "ctlinfo.h" 69 70struct cjprivate { 71 struct cjobinfo pub; 72 char *cji_buff; /* buffer for getline */ 73 char *cji_eobuff; /* last byte IN the buffer */ 74 FILE *cji_fstream; 75 int cji_buffsize; /* # bytes in the buffer */ 76 int cji_dumpit; 77}; 78 79/* 80 * All the following take a parameter of 'int', but expect values in the 81 * range of unsigned char. Define wrappers which take values of type 'char', 82 * whether signed or unsigned, and ensure they end up in the right range. 83 */ 84#define isdigitch(Anychar) isdigit((u_char)(Anychar)) 85#define islowerch(Anychar) islower((u_char)(Anychar)) 86#define isupperch(Anychar) isupper((u_char)(Anychar)) 87#define tolowerch(Anychar) tolower((u_char)(Anychar)) 88 89#define OTHER_USERID_CHARS "-_" /* special chars valid in a userid */ 90 91#define roundup(x, y) ((((x)+((y)-1))/(y))*(y)) 92 93/* 94 * This has to be large enough to fit the maximum length of a single line 95 * in a control-file, including the leading 'command id', a trailing '\n' 96 * and ending '\0'. The max size of an 'U'nlink line, for instance, is 97 * 1 ('U') + PATH_MAX (filename) + 2 ('\n\0'). The maximum 'H'ost line is 98 * 1 ('H') + NI_MAXHOST (remote hostname) + 2 ('\n\0'). Other lines can be 99 * even longer than those. So, pick some nice, large, arbitrary value. 100 */ 101#define CTI_LINEMAX PATH_MAX+NI_MAXHOST+5 102 103extern const char *from_host; /* client's machine name */ 104extern const char *from_ip; /* client machine's IP address */ 105 106__BEGIN_DECLS 107void ctl_dumpcji(FILE *_dbg_stream, const char *_heading, 108 struct cjobinfo *_cjinf); 109static char *ctl_getline(struct cjobinfo *_cjinf); 110static void ctl_rewindcf(struct cjobinfo *_cjinf); 111char *ctl_rmjob(const char *_ptrname, const char *_cfname); 112__END_DECLS 113 114/* 115 * Here are some things which might be needed when compiling this under 116 * platforms other than FreeBSD. 117 */ 118#ifndef __FreeBSD__ 119# ifndef NAME_MAX 120# define NAME_MAX 255 121# endif 122# ifndef NI_MAXHOST 123# define NI_MAXHOST 1025 124# endif 125# ifndef PATH_MAX 126# define PATH_MAX 1024 127# endif 128__BEGIN_DECLS 129char *strdup(const char *_src); 130size_t strlcpy(char *_dst, const char *_src, size_t _siz); 131__END_DECLS 132#endif 133 134/* 135 * Control-files (cf*) have the following format. 136 * 137 * Each control-file describes a single job. It will list one or more 138 * "datafiles" (df*) which should be copied to some printer. Usually 139 * there is only one datafile per job. For the curious, RFC 1179 is an 140 * informal and out-of-date description of lpr/lpd circa 1990. 141 * 142 * Each line in the file gives an attribute of the job as a whole, or one 143 * of the datafiles in the job, or a "command" indicating something to do 144 * with one of the datafiles. Each line starts with an 'id' that indicates 145 * what that line is there for. The 'id' is historically a single byte, 146 * but may be multiple bytes (obviously it would be best if multi-byte ids 147 * started with some letter not already used as a single-byte id!). 148 * After the 'id', the remainder of the line will be the value of the 149 * indicated attribute, or a name of the datafile to be operated on. 150 * 151 * In the following lists of ids, the ids with a '!' in front of them are 152 * NOT explicitly supported by this version of lpd, or at least "not yet 153 * supported". They are only listed for reference purposes, so people 154 * won't be tempted to reuse the same id for a different purpose. 155 * 156 * The following are attributes of the job which should not appear more 157 * than once in a control file. Only the 'H' and 'P' lines are required 158 * by the RFC, but some implementations of lpr won't even get that right. 159 * 160 * ! A - [used by lprNG] 161 * B - As far as I know, this is never used as a single-byte id. 162 * Therefore, I intend to use it for multi-byte id codes. 163 * C - "class name" to display on banner page (this is sometimes 164 * used to hold options for print filters) 165 * ! D - [in lprNG, "timestamp" of when the job was submitted] 166 * ! E - "environment variables" to set [some versions of linux] 167 * H - "host name" of machine where the original 'lpr' was done 168 * I - "indent", the amount to indent output 169 * J - "job name" to display on banner page 170 * L - "literal" user's name as it should be displayed on the 171 * banner page (it is the existence of an 'L' line which 172 * indicates that a job should have a banner page). 173 * M - "mail", userid to mail to when done printing (with email 174 * going to 'M'@'H', so to speak). 175 * P - "person", the user's login name (e.g. for accounting) 176 * ! Q - [used by lprNG for queue-name] 177 * R - "resolution" in dpi, for some laser printer queues 178 * T - "title" for files sent thru 'pr' 179 * W - "width" to use for printing plain-text files 180 * Z - In BSD, "locale" to use for datafiles sent thru 'pr'. 181 * (this BSD usage should move to a different id...) 182 * [in lprNG - this line holds the "Z options"] 183 * 1 - "R font file" for files sent thru troff 184 * 2 - "I font file" for files sent thru troff 185 * 3 - "B font file" for files sent thru troff 186 * 4 - "S font file" for files sent thru troff 187 * 188 * The following are attributes attached to a datafile, and thus may 189 * appear multiple times in a control file (once per datafile): 190 * 191 * N - "name" of file (for display purposes, used by 'lpq') 192 * S - "stat() info" used for symbolic link ('lpr -s') 193 * security checks. 194 * 195 * The following indicate actions to take on a given datafile. The same 196 * datafile may appear on more than one "print this file" command in the 197 * control file. Note that ALL ids with lowercase letters are expected 198 * to be actions to "print this file": 199 * 200 * c - "file name", cifplot file to print. This action appears 201 * when the user has requested 'lpr -c'. 202 * d - "file name", dvi file to print, user requested 'lpr -d' 203 * f - "file name", a plain-text file to print = "standard" 204 * g - "file name", plot(1G) file to print, ie 'lpr -g' 205 * l - "file name", text file with control chars which should 206 * be printed literally, ie 'lpr -l' (note: some printers 207 * take this id as a request to print a postscript file, 208 * and because of *that* some OS's use 'l' to indicate 209 * that a datafile is a postscript file) 210 * n - "file name", ditroff(1) file to print, ie 'lpr -n' 211 * o - "file name", a postscript file to print. This id is 212 * described in the original RFC, but not much has been 213 * done with it. This 'lpr' does not generate control 214 * lines with 'o'-actions, but lpd's printjob processing 215 * will treat it the same as 'l'. 216 * p - "file name", text file to print with pr(1), ie 'lpr -p' 217 * t - "file name", troff(1) file to print, ie 'lpr -t' 218 * v - "file name", plain raster file to print 219 * 220 * U - "file name" of datafile to unlink (ie, remove file 221 * from spool directory. To be done in a 'Pass 2', 222 * AFTER having processed all datafiles in the job). 223 * 224 */ 225 226void 227ctl_freeinf(struct cjobinfo *cjinf) 228{ 229#define FREESTR(xStr) \ 230 if (xStr != NULL) { \ 231 free(xStr); \ 232 xStr = NULL;\ 233 } 234 235 struct cjprivate *cpriv; 236 237 if (cjinf == NULL) 238 return; 239 cpriv = cjinf->cji_priv; 240 if ((cpriv == NULL) || (cpriv != cpriv->pub.cji_priv)) { 241 syslog(LOG_ERR, "in ctl_freeinf(%p): invalid cjinf (cpriv %p)", 242 (void *)cjinf, (void *)cpriv); 243 return; 244 } 245 246 FREESTR(cpriv->pub.cji_accthost); 247 FREESTR(cpriv->pub.cji_acctuser); 248 FREESTR(cpriv->pub.cji_class); 249 FREESTR(cpriv->pub.cji_curqueue); 250 /* [cpriv->pub.cji_fname is part of cpriv-malloced area] */ 251 FREESTR(cpriv->pub.cji_jobname); 252 FREESTR(cpriv->pub.cji_mailto); 253 FREESTR(cpriv->pub.cji_headruser); 254 255 if (cpriv->cji_fstream != NULL) { 256 fclose(cpriv->cji_fstream); 257 cpriv->cji_fstream = NULL; 258 } 259 260 cjinf->cji_priv = NULL; 261 free(cpriv); 262#undef FREESTR 263} 264 265#ifdef DEBUGREADCF_FNAME 266static FILE *ctl_dbgfile = NULL; 267static struct stat ctl_dbgstat; 268#endif 269static int ctl_dbgline = 0; 270 271struct cjobinfo * 272ctl_readcf(const char *ptrname, const char *cfname) 273{ 274 int id; 275 char *lbuff; 276 void *cstart; 277 FILE *cfile; 278 struct cjprivate *cpriv; 279 struct cjobinfo *cjinf; 280 size_t msize, sroom, sroom2; 281 282 cfile = fopen(cfname, "r"); 283 if (cfile == NULL) { 284 syslog(LOG_ERR, "%s: ctl_readcf error fopen(%s): %s", 285 ptrname, cfname, strerror(errno)); 286 return NULL; 287 } 288 289 sroom = roundup(sizeof(struct cjprivate), 8); 290 sroom2 = sroom + strlen(cfname) + 1; 291 sroom2 = roundup(sroom2, 8); 292 msize = sroom2 + CTI_LINEMAX; 293 msize = roundup(msize, 8); 294 cstart = malloc(msize); 295 if (cstart == NULL) 296 return NULL; 297 memset(cstart, 0, msize); 298 cpriv = (struct cjprivate *)cstart; 299 cpriv->pub.cji_priv = cpriv; 300 301 cpriv->pub.cji_fname = (char *)cstart + sroom; 302 strcpy(cpriv->pub.cji_fname, cfname); 303 cpriv->cji_buff = (char *)cstart + sroom2; 304 cpriv->cji_buffsize = (int)(msize - sroom2); 305 cpriv->cji_eobuff = (char *)cstart + msize - 1; 306 307 cpriv->cji_fstream = cfile; 308 cpriv->pub.cji_curqueue = strdup(ptrname); 309 310 ctl_dbgline = 0; 311#ifdef DEBUGREADCF_FNAME 312 ctl_dbgfile = NULL; 313 id = stat(DEBUGREADCF_FNAME, &ctl_dbgstat); 314 if (id != -1) { 315 /* the file exists in this spool directory, write some simple 316 * debugging info to it */ 317 ctl_dbgfile = fopen(DEBUGREADCF_FNAME, "a"); 318 if (ctl_dbgfile != NULL) { 319 fprintf(ctl_dbgfile, "%s: s=%p r=%ld e=%p %p->%s\n", 320 ptrname, (void *)cpriv, (long)sroom, 321 cpriv->cji_eobuff, cpriv->pub.cji_fname, 322 cpriv->pub.cji_fname); 323 } 324 } 325#endif 326 /* 327 * Copy job-attribute values from control file to the struct of 328 * "public" information. In some cases, it is invalid for the 329 * value to be a null-string, so that is ignored. 330 */ 331 cjinf = &(cpriv->pub); 332 lbuff = ctl_getline(cjinf); 333 while (lbuff != NULL) { 334 id = *lbuff++; 335 switch (id) { 336 case 'C': 337 cpriv->pub.cji_class = strdup(lbuff); 338 break; 339 case 'H': 340 if (*lbuff == '\0') 341 break; 342 cpriv->pub.cji_accthost = strdup(lbuff); 343 break; 344 case 'J': 345 cpriv->pub.cji_jobname = strdup(lbuff); 346 break; 347 case 'L': 348 cpriv->pub.cji_headruser = strdup(lbuff); 349 break; 350 case 'M': 351 /* 352 * No valid mail-to address would start with a minus. 353 * If this one does, it is probably some trickster who 354 * is trying to trigger options on sendmail. Ignore. 355 */ 356 if (*lbuff == '-') 357 break; 358 if (*lbuff == '\0') 359 break; 360 cpriv->pub.cji_mailto = strdup(lbuff); 361 break; 362 case 'P': 363 if (*lbuff == '\0') 364 break; 365 /* The userid must not start with a minus sign */ 366 if (*lbuff == '-') 367 *lbuff = '_'; 368 cpriv->pub.cji_acctuser = strdup(lbuff); 369 break; 370 default: 371 if (islower(id)) { 372 cpriv->pub.cji_dfcount++; 373 } 374 break; 375 } 376 lbuff = ctl_getline(cjinf); 377 } 378 379 /* the 'H'ost and 'P'erson fields are *always* supposed to be there */ 380 if (cpriv->pub.cji_accthost == NULL) 381 cpriv->pub.cji_accthost = strdup(".na."); 382 if (cpriv->pub.cji_acctuser == NULL) 383 cpriv->pub.cji_acctuser = strdup(".na."); 384 385#ifdef DEBUGREADCF_FNAME 386 if (ctl_dbgfile != NULL) { 387 if (cpriv->cji_dumpit) 388 ctl_dumpcji(ctl_dbgfile, "end readcf", &(cpriv->pub)); 389 fclose(ctl_dbgfile); 390 ctl_dbgfile = NULL; 391 } 392#endif 393 return &(cpriv->pub); 394} 395 396/* 397 * This routine renames the temporary control file as received from some 398 * other (remote) host. That file will almost always with `tfA*', because 399 * recvjob.c creates the file by changing `c' to `t' in the original name 400 * for the control file. Now if you read the RFC, you would think that all 401 * control filenames start with `cfA*'. However, it seems there are some 402 * implementations which send control filenames which start with `cf' 403 * followed by *any* letter, so this routine can not assume what the third 404 * letter will (or will not) be. Sigh. 405 * 406 * So this will rewrite the temporary file to `rf*' (correcting any lines 407 * which need correcting), rename that `rf*' file to `cf*', and then remove 408 * the original `tf*' temporary file. 409 * 410 * The *main* purpose of this routine is to be paranoid about the contents 411 * of that control file. It is partially meant to protect against people 412 * TRYING to cause trouble (perhaps after breaking into root of some host 413 * that this host will accept print jobs from). The fact that we're willing 414 * to print jobs from some remote host does not mean that we should blindly 415 * do anything that host tells us to do. 416 * 417 * This is also meant to protect us from errors in other implementations of 418 * lpr, particularly since we may want to use some values from the control 419 * file as environment variables when it comes time to print, or as parameters 420 * to commands which will be exec'ed, or values in statistics records. 421 * 422 * This may also do some "conversions" between how different versions of 423 * lpr or lprNG define the contents of various lines in a control file. 424 * 425 * If there is an error, it returns a pointer to a descriptive error message. 426 * Error messages which are RETURNED (as opposed to syslog-ed) do not include 427 * the printer-queue name. Let the caller add that if it is wanted. 428 */ 429char * 430ctl_renametf(const char *ptrname, const char *tfname) 431{ 432 int chk3rd, has_uc, newfd, nogood, res; 433 FILE *newcf; 434 struct cjobinfo *cjinf; 435 char *lbuff, *slash, *cp; 436 char tfname2[NAME_MAX+1], cfname2[NAME_MAX+1]; 437 char errm[CTI_LINEMAX]; 438 439#ifdef TRIGGERTEST_FNAME 440 struct stat tstat; 441 res = stat(TRIGGERTEST_FNAME, &tstat); 442 if (res == -1) { 443 /* 444 * if the trigger file does NOT exist in this spool directory, 445 * then do the exact same steps that the pre-ctlinfo code had 446 * been doing. Ie, very little. 447 */ 448 strlcpy(cfname2, tfname, sizeof(cfname2)); 449 cfname2[0] = 'c'; 450 res = link(tfname, cfname2); 451 if (res < 0) { 452 snprintf(errm, sizeof(errm), 453 "ctl_renametf error link(%s,%s): %s", tfname, 454 cfname2, strerror(errno)); 455 return strdup(errm); 456 } 457 unlink(tfname); 458 return NULL; 459 } 460#endif 461 cjinf = NULL; /* in case of early jump to error_ret */ 462 newcf = NULL; /* in case of early jump to error_ret */ 463 *errm = '\0'; /* in case of early jump to error_ret */ 464 465 chk3rd = tfname[2]; 466 if ((tfname[0] != 't') || (tfname[1] != 'f') || (!isalpha(chk3rd))) { 467 snprintf(errm, sizeof(errm), 468 "ctl_renametf invalid filename: %s", tfname); 469 goto error_ret; 470 } 471 472 cjinf = ctl_readcf(ptrname, tfname); 473 if (cjinf == NULL) { 474 snprintf(errm, sizeof(errm), 475 "ctl_renametf error cti_readcf(%s)", tfname); 476 goto error_ret; 477 } 478 479 /* 480 * This uses open+fdopen instead of fopen because that combination 481 * gives us greater control over file-creation issues. 482 */ 483 strlcpy(tfname2, tfname, sizeof(tfname2)); 484 tfname2[0] = 'r'; /* rf<letter><job><hostname> */ 485 newfd = open(tfname2, O_WRONLY|O_CREAT|O_TRUNC, 0660); 486 if (newfd == -1) { 487 snprintf(errm, sizeof(errm), 488 "ctl_renametf error open(%s): %s", tfname2, 489 strerror(errno)); 490 goto error_ret; 491 } 492 newcf = fdopen(newfd, "w"); 493 if (newcf == NULL) { 494 close(newfd); 495 snprintf(errm, sizeof(errm), 496 "ctl_renametf error fopen(%s): %s", tfname2, 497 strerror(errno)); 498 goto error_ret; 499 } 500 501 /* 502 * Do extra sanity checks on some key job-attribute fields, and 503 * write them out first (thus making sure they are written in the 504 * order we generally expect them to be in). 505 */ 506 /* 507 * Some lpr implementations on PC's set a null-string for their 508 * hostname. A MacOS 10 system which has not correctly setup 509 * /etc/hostconfig will claim a hostname of 'localhost'. Anything 510 * with blanks in it would be an invalid value for hostname. For 511 * any of these invalid hostname values, replace the given value 512 * with the name of the host that this job is coming from. 513 */ 514 nogood = 0; 515 if (cjinf->cji_accthost == NULL) 516 nogood = 1; 517 else if (strcmp(cjinf->cji_accthost, ".na.") == 0) 518 nogood = 1; 519 else if (strcmp(cjinf->cji_accthost, "localhost") == 0) 520 nogood = 1; 521 else { 522 for (cp = cjinf->cji_accthost; *cp != '\0'; cp++) { 523 if (*cp <= ' ') { 524 nogood = 1; 525 break; 526 } 527 } 528 } 529 if (nogood) 530 fprintf(newcf, "H%s\n", from_host); 531 else 532 fprintf(newcf, "H%s\n", cjinf->cji_accthost); 533 534 /* 535 * Now do some sanity checks on the 'P' (original userid) value. Note 536 * that the 'P'erson line is the second line which is ALWAYS supposed 537 * to be present in a control file. 538 * 539 * There is no particularly good value to use for replacements, but 540 * at least make sure the value is something reasonable to use in 541 * environment variables and statistics records. Again, some PC 542 * implementations send a null-string for a value. Various Mac 543 * implementations will set whatever string the user has set for 544 * their 'Owner Name', which usually includes blanks, etc. 545 */ 546 nogood = 0; 547 if (cjinf->cji_acctuser == NULL) 548 nogood = 1; 549 else if (strcmp(cjinf->cji_acctuser, ".na.") == 0) 550 ; /* No further checks needed... */ 551 else { 552 has_uc = 0; 553 cp = cjinf->cji_acctuser; 554 if (*cp == '-') 555 *cp++ = '_'; 556 for (; *cp != '\0'; cp++) { 557 if (islowerch(*cp) || isdigitch(*cp)) 558 continue; /* Standard valid characters */ 559 if (strchr(OTHER_USERID_CHARS, *cp) != NULL) 560 continue; /* Some more valid characters */ 561 if (isupperch(*cp)) { 562 has_uc = 1; /* These may be valid... */ 563 continue; 564 } 565 *cp = '_'; 566 } 567 /* 568 * Some Windows hosts send print jobs where the correct userid 569 * has been converted to uppercase, and that can cause trouble 570 * for sites that expect the correct value (for something like 571 * accounting). On the other hand, some sites do use uppercase 572 * in their userids, so we can't blindly convert to lowercase. 573 */ 574 if (has_uc && (getpwnam(cjinf->cji_acctuser) == NULL)) { 575 for (cp = cjinf->cji_acctuser; *cp != '\0'; cp++) { 576 if (isupperch(*cp)) 577 *cp = tolowerch(*cp); 578 } 579 } 580 } 581 if (nogood) 582 fprintf(newcf, "P%s\n", ".na."); 583 else 584 fprintf(newcf, "P%s\n", cjinf->cji_acctuser); 585 586 /* No need for sanity checks on class, jobname, "literal" user. */ 587 if (cjinf->cji_class != NULL) 588 fprintf(newcf, "C%s\n", cjinf->cji_class); 589 if (cjinf->cji_jobname != NULL) 590 fprintf(newcf, "J%s\n", cjinf->cji_jobname); 591 if (cjinf->cji_headruser != NULL) 592 fprintf(newcf, "L%s\n", cjinf->cji_headruser); 593 594 /* 595 * This should probably add more sanity checks on mailto value. 596 * Note that if the mailto value is "wrong", then there's no good 597 * way to know what the "correct" value would be, and we should not 598 * semd email to some random address. At least for now, just ignore 599 * any invalid values. 600 */ 601 nogood = 0; 602 if (cjinf->cji_mailto == NULL) 603 nogood = 1; 604 else { 605 for (cp = cjinf->cji_mailto; *cp != '\0'; cp++) { 606 if (*cp <= ' ') { 607 nogood = 1; 608 break; 609 } 610 } 611 } 612 if (!nogood) 613 fprintf(newcf, "M%s\n", cjinf->cji_mailto); 614 615 /* 616 * Now go thru the old control file, copying all information which 617 * hasn't already been written into the new file. 618 */ 619 ctl_rewindcf(cjinf); 620 lbuff = ctl_getline(cjinf); 621 while (lbuff != NULL) { 622 switch (lbuff[0]) { 623 case 'H': 624 case 'P': 625 case 'C': 626 case 'J': 627 case 'L': 628 case 'M': 629 /* already wrote values for these to the newcf */ 630 break; 631 case 'N': 632 /* see comments under 'U'... */ 633 if (cjinf->cji_dfcount == 0) { 634 /* in this case, 'N's will be done in 'U' */ 635 break; 636 } 637 fprintf(newcf, "%s\n", lbuff); 638 break; 639 case 'U': 640 /* 641 * check for the very common case where the remote 642 * host had to process 'lpr -s -r', but it did not 643 * remove the Unlink line from the control file. 644 * Such Unlink lines will legitimately have a '/' in 645 * them, but it is the original lpr host which would 646 * have done the unlink of such files, and not any 647 * host receiving that job. 648 */ 649 slash = strchr(lbuff, '/'); 650 if (slash != NULL) { 651 break; /* skip this line */ 652 } 653 /* 654 * Okay, another kind of broken lpr implementation 655 * is one which send datafiles, and Unlink's those 656 * datafiles, but never includes any PRINT request 657 * for those files. Experimentation shows that one 658 * copy of those datafiles should be printed with a 659 * format of 'f'. If this is an example of such a 660 * screwed-up control file, fix it here. 661 */ 662 if (cjinf->cji_dfcount == 0) { 663 lbuff++; 664 if (strncmp(lbuff, "df", (size_t)2) == 0) { 665 fprintf(newcf, "f%s\n", lbuff); 666 fprintf(newcf, "U%s\n", lbuff); 667 fprintf(newcf, "N%s\n", lbuff); 668 } 669 break; 670 } 671 fprintf(newcf, "%s\n", lbuff); 672 break; 673 default: 674 fprintf(newcf, "%s\n", lbuff); 675 break; 676 } 677 lbuff = ctl_getline(cjinf); 678 } 679 680 ctl_freeinf(cjinf); 681 cjinf = NULL; 682 683 res = fclose(newcf); 684 newcf = NULL; 685 if (res != 0) { 686 snprintf(errm, sizeof(errm), 687 "ctl_renametf error fclose(%s): %s", tfname2, 688 strerror(errno)); 689 goto error_ret; 690 } 691 692 strlcpy(cfname2, tfname, sizeof(cfname2)); 693 cfname2[0] = 'c'; /* rename new file to 'cfA*' */ 694 res = link(tfname2, cfname2); 695 if (res != 0) { 696 snprintf(errm, sizeof(errm), 697 "ctl_renametf error link(%s,%s): %s", tfname2, cfname2, 698 strerror(errno)); 699 goto error_ret; 700 } 701 702 /* All the important work is done. Now just remove temp files */ 703#ifdef LEAVE_TMPCF_FILES 704 { 705 struct stat tfstat; 706 size_t size1; 707 tfstat.st_size = 1; /* certainly invalid value */ 708 res = stat(tfname, &tfstat); 709 size1 = tfstat.st_size; 710 tfstat.st_size = 2; /* certainly invalid value */ 711 res = stat(tfname2, &tfstat); 712 /* 713 * If the sizes do not match, or either stat call failed, 714 * then do not remove the temp files, but just move them 715 * out of the way. This is so I can see what this routine 716 * had changed (and the files won't interfere with some 717 * later job coming in from the same host). In this case, 718 * we don't care if we clobber some previous file. 719 */ 720 if (size1 != tfstat.st_size) { 721 strlcpy(cfname2, tfname, sizeof(cfname2)); 722 strlcat(cfname2, "._T", sizeof(cfname2)); 723 rename(tfname, cfname2); 724 strlcpy(cfname2, tfname2, sizeof(cfname2)); 725 strlcat(cfname2, "._T", sizeof(cfname2)); 726 rename(tfname2, cfname2); 727 return NULL; 728 } 729 } 730#endif 731 unlink(tfname); 732 unlink(tfname2); 733 734 return NULL; 735 736error_ret: 737 if (cjinf != NULL) 738 ctl_freeinf(cjinf); 739 if (newcf != NULL) 740 fclose(newcf); 741 742 if (*errm != '\0') 743 return strdup(errm); 744 return strdup("ctl_renametf internal (missed) error"); 745} 746 747void 748ctl_rewindcf(struct cjobinfo *cjinf) 749{ 750 struct cjprivate *cpriv; 751 752 if (cjinf == NULL) 753 return; 754 cpriv = cjinf->cji_priv; 755 if ((cpriv == NULL) || (cpriv != cpriv->pub.cji_priv)) { 756 syslog(LOG_ERR, "in ctl_rewindcf(%p): invalid cjinf (cpriv %p)", 757 (void *)cjinf, (void *)cpriv); 758 return; 759 } 760 761 rewind(cpriv->cji_fstream); /* assume no errors... :-) */ 762} 763 764char * 765ctl_rmjob(const char *ptrname, const char *cfname) 766{ 767 struct cjobinfo *cjinf; 768 char *lbuff; 769 char errm[CTI_LINEMAX]; 770 771 cjinf = ctl_readcf(ptrname, cfname); 772 if (cjinf == NULL) { 773 snprintf(errm, sizeof(errm), 774 "ctl_renametf error cti_readcf(%s)", cfname); 775 return strdup(errm); 776 } 777 778 ctl_rewindcf(cjinf); 779 lbuff = ctl_getline(cjinf); 780 while (lbuff != NULL) { 781 /* obviously we need to fill in the following... */ 782 switch (lbuff[0]) { 783 case 'S': 784 break; 785 case 'U': 786 break; 787 default: 788 break; 789 } 790 lbuff = ctl_getline(cjinf); 791 } 792 793 ctl_freeinf(cjinf); 794 cjinf = NULL; 795 796 return NULL; 797} 798 799/* 800 * The following routine was originally written to pin down a bug. It is 801 * no longer needed for that problem, but may be useful to keep around for 802 * other debugging. 803 */ 804void 805ctl_dumpcji(FILE *dbg_stream, const char *heading, struct cjobinfo *cjinf) 806{ 807#define PRINTSTR(xHdr,xStr) \ 808 astr = xStr; \ 809 ctl_dbgline++; \ 810 fprintf(dbg_stream, "%4d] %12s = ", ctl_dbgline, xHdr); \ 811 if (astr == NULL) \ 812 fprintf(dbg_stream, "NULL\n"); \ 813 else \ 814 fprintf(dbg_stream, "%p -> %s\n", astr, astr) 815 816 struct cjprivate *cpriv; 817 char *astr; 818 819 if (cjinf == NULL) { 820 fprintf(dbg_stream, 821 "ctl_dumpcji: ptr to cjobinfo for '%s' is NULL\n", 822 heading); 823 return; 824 } 825 cpriv = cjinf->cji_priv; 826 827 fprintf(dbg_stream, "ctl_dumpcji: Dump '%s' of cjobinfo at %p->%p\n", 828 heading, (void *)cjinf, cpriv->cji_buff); 829 830 PRINTSTR("accthost.H", cpriv->pub.cji_accthost); 831 PRINTSTR("acctuser.P", cpriv->pub.cji_acctuser); 832 PRINTSTR("class.C", cpriv->pub.cji_class); 833 PRINTSTR("cf-qname", cpriv->pub.cji_curqueue); 834 PRINTSTR("cf-fname", cpriv->pub.cji_fname); 835 PRINTSTR("jobname.J", cpriv->pub.cji_jobname); 836 PRINTSTR("mailto.M", cpriv->pub.cji_mailto); 837 PRINTSTR("headruser.L", cpriv->pub.cji_headruser); 838 839 ctl_dbgline++; 840 fprintf(dbg_stream, "%4d] %12s = ", ctl_dbgline, "*cjprivate"); 841 if (cpriv->pub.cji_priv == NULL) 842 fprintf(dbg_stream, "NULL !!\n"); 843 else 844 fprintf(dbg_stream, "%p\n", (void *)cpriv->pub.cji_priv); 845 846 fprintf(dbg_stream, "|- - - - --> Dump '%s' complete\n", heading); 847 848 /* flush output for the benefit of anyone doing a 'tail -f' */ 849 fflush(dbg_stream); 850 851#undef PRINTSTR 852} 853 854/* 855 * This routine reads in the next line from the control-file, and removes 856 * the trailing newline character. 857 * 858 * Historical note: Earlier versions of this routine did tab-expansion for 859 * ALL lines read in, which did not make any sense for most of the lines 860 * in a control file. For the lines where tab-expansion is useful, it will 861 * now have to be done by the calling routine. 862 */ 863static char * 864ctl_getline(struct cjobinfo *cjinf) 865{ 866 char *strp, *nl; 867 struct cjprivate *cpriv; 868 869 if (cjinf == NULL) 870 return NULL; 871 cpriv = cjinf->cji_priv; 872 if ((cpriv == NULL) || (cpriv != cpriv->pub.cji_priv)) { 873 syslog(LOG_ERR, "in ctl_getline(%p): invalid cjinf (cpriv %p)", 874 (void *)cjinf, (void *)cpriv); 875 return NULL; 876 } 877 878 errno = 0; 879 strp = fgets(cpriv->cji_buff, cpriv->cji_buffsize, cpriv->cji_fstream); 880 if (strp == NULL) { 881 if (errno != 0) 882 syslog(LOG_ERR, "%s: ctl_getline error fgets(%s): %s", 883 cpriv->pub.cji_curqueue, cpriv->pub.cji_fname, 884 strerror(errno)); 885 return NULL; 886 } 887 nl = strchr(strp, '\n'); 888 if (nl != NULL) 889 *nl = '\0'; 890 891#ifdef DEBUGREADCF_FNAME 892 /* I'd like to find out if the previous work to expand tabs was ever 893 * really used, and if so, on what lines and for what reason. 894 * Yes, all this work probably means I'm obsessed about this 'tab' 895 * issue, but isn't programming a matter of obsession? 896 */ 897 { 898 int tabcnt; 899 char *ch; 900 901 tabcnt = 0; 902 ch = strp; 903 for (ch = strp; *ch != '\0'; ch++) { 904 if (*ch == '\t') 905 tabcnt++; 906 } 907 908 if (tabcnt && (ctl_dbgfile != NULL)) { 909 cpriv->cji_dumpit++; 910 fprintf(ctl_dbgfile, "%s: tabs=%d '%s'\n", 911 cpriv->pub.cji_fname, tabcnt, cpriv->cji_buff); 912 } 913 } 914#endif 915 return strp; 916} 917