int Check_secure_perms( struct line_list *options, int from_server, char *error, int errlen ) { /* * line 1 - CLIENT=xxxx - client authentication * line 2 - SERVER=xxxx - server authentication * ... - FROM=xxxx - from * line 3 - INPUT=\00x - command line */ char *authfrom, *authuser; authfrom = Find_str_value(options,AUTHFROM); if( !authfrom ) authfrom = Find_str_value(options,FROM); authuser = Find_str_value(options,AUTHUSER); if( !from_server ){ if( !authuser && authfrom ) authuser = authfrom; } if( !authuser ) authuser = Find_str_value(options,CLIENT); Set_str_value(options, AUTHTYPE, Perm_check.authtype ); Set_str_value(options, AUTHFROM, authfrom ); Set_str_value(options, AUTHUSER, authuser ); Perm_check.authfrom = Find_str_value(options,AUTHFROM); Perm_check.authuser = authuser = Find_str_value(options,AUTHUSER); if( !authuser ){ plp_snprintf( error, errlen, "Printer %s@%s: missing authentication client id", Printer_DYN,Report_server_as_DYN?Report_server_as_DYN:ShortHost_FQDN ); return( JABORT ); } Perm_check.authca = Find_str_value(options,AUTHCA); DEBUGFC(DRECV1)Dump_line_list("Check_secure_perms - after",options); DEBUGFC(DRECV1)Dump_perm_check( "Check_secure_perms - checking", &Perm_check ); return(0); }
int Receive_secure( int *sock, char *input ) { char *printername; char error[SMALLBUFFER]; /* error message */ char *authtype; char *cf, *s; char *jobsize = 0; char *user = 0; int tempfd = -1; int ack, status, from_server; struct line_list args, header_info, info; struct stat statb; char *tempfile = 0; struct security *security = 0; Name = "RCVSEC"; memset( error, 0, sizeof(error)); ack = 0; status = 0; DEBUGF(DRECV1)("Receive_secure: input line '%s'", input ); Init_line_list( &args ); Init_line_list( &header_info ); Init_line_list( &info ); Split(&args,input+1,Whitespace,0,0,0,0,0,0); DEBUGFC(DRECV1)Dump_line_list("Receive_secure - input", &args); if( args.count != 5 && args.count != 4 ){ SNPRINTF( error+1, sizeof(error)-1) _("bad command line '%s'"), input ); ack = ACK_FAIL; /* no retry, don't send again */ status = JFAIL; goto error; }
int Job_control( int *sock, char *input ) { #ifdef REMOVE struct line_list tokens; char error[LINEBUFFER]; int tokencount; int i, action, permission; char *name, *user = 0, *s, *lpc_command; /* get the format */ Init_line_list(&tokens); error[0] = 0; Name = "Job_control"; ++input; if( (s = safestrchr(input, '\n' )) ) *s = 0; DEBUGF(DCTRL1)("Job_control: socket %d, doing '%s'", *sock, input ); /* check printername for characters, underscore, digits */ Split(&tokens,input,Whitespace,0,0,0,0,0,0); #ifdef ORIGINAL_DEBUG//JY@1020 DEBUGFC(DCTRL2)Dump_line_list("Job_control - input", &tokens); #endif tokencount = tokens.count; if( tokencount < 3 ){ SNPRINTF( error, sizeof(error)) _("bad control command '%s'"), input ); goto error; }
/************************************************************************* * Receive_secure() - receive a secure transfer *************************************************************************/ int Receive_secure( int *sock, char *input ) { char *printername; char error[SMALLBUFFER]; /* error message */ char *authtype; char *cf, *s; char *jobsize = 0; char *user = 0; int tempfd = -1; int ack, status, from_server; struct line_list args, header_info, info; struct stat statb; char *tempfile = 0; const struct security *security = 0; Name = "RCVSEC"; memset( error, 0, sizeof(error)); ack = 0; status = 0; DEBUGF(DRECV1)("Receive_secure: input line '%s'", input ); Init_line_list( &args ); Init_line_list( &header_info ); Init_line_list( &info ); Split(&args,input+1,Whitespace,0,0,0,0,0,0); DEBUGFC(DRECV1)Dump_line_list("Receive_secure - input", &args); if( args.count != 5 && args.count != 4 ){ plp_snprintf( error+1, sizeof(error)-1, _("bad command line '%s'"), input ); ack = ACK_FAIL; /* no retry, don't send again */ status = JFAIL; goto error; } Check_max(&args,1); args.list[args.count] = 0; /* * \REQ_SECUREprintername C/F user authtype jobsize\n - receive a job * 0 1 2 3 4 */ printername = args.list[0]; cf = args.list[1]; user = args.list[2]; /* user is escape encoded */ Unescape(user); authtype = args.list[3]; Unescape(authtype); jobsize = args.list[4]; setproctitle( "lpd %s '%s'", Name, printername ); Perm_check.authtype = authtype; from_server = 0; if( *cf == 'F' ){ from_server = 1; } /* set up the authentication support information */ if( Is_clean_name( printername ) ){ plp_snprintf( error+1, sizeof(error)-1, _("bad printer name '%s'"), input ); ack = ACK_FAIL; /* no retry, don't send again */ status = JFAIL; goto error; } Set_DYN(&Printer_DYN,printername); if( Setup_printer( printername, error+1, sizeof(error)-1, 0 ) ){ if( jobsize ){ plp_snprintf( error+1, sizeof(error)-1, _("bad printer '%s'"), printername ); ack = ACK_FAIL; /* no retry, don't send again */ status = JFAIL; goto error; } } else { int db, dbf; db = Debug; dbf = DbgFlag; s = Find_str_value(&Spool_control,DEBUG); if(!s) s = New_debug_DYN; Parse_debug( s, 0 ); if( !(DRECVMASK & DbgFlag) ){ Debug = db; DbgFlag = dbf; } else { int tdb, tdbf; tdb = Debug; tdbf = DbgFlag; Debug = db; DbgFlag = dbf; if( Log_file_DYN ){ tempfd = Checkwrite( Log_file_DYN, &statb,0,0,0); if( tempfd > 0 && tempfd != 2 ){ dup2(tempfd,2); close(tempfd); } tempfd = -1; } Debug = tdb; DbgFlag = tdbf; LOGDEBUG("Receive_secure: socket fd %d", *sock); Dump_line_list("Receive_secure - input", &args); } DEBUGF(DRECV1)("Receive_secure: debug '%s', Debug %d, DbgFlag 0x%x", s, Debug, DbgFlag ); } if( !(security = Fix_receive_auth(authtype, &info)) ){ plp_snprintf( error+1, sizeof(error)-1, _("unsupported authentication '%s'"), authtype ); ack = ACK_FAIL; /* no retry, don't send again */ status = JFAIL; goto error; } if( !security->server_receive ){ plp_snprintf( error+1, sizeof(error)-1, _("no receive method supported for '%s'"), authtype ); ack = ACK_FAIL; /* no retry, don't send again */ status = JFAIL; goto error; } if( jobsize ){ double read_len; read_len = strtod(jobsize,0); DEBUGF(DRECV2)("Receive_secure: spooling_disabled %d", Sp_disabled(&Spool_control) ); if( Sp_disabled(&Spool_control) ){ plp_snprintf( error+1, sizeof(error)-1, _("%s: spooling disabled"), Printer_DYN ); ack = ACK_RETRY; /* retry */ status = JFAIL; goto error; } if( Max_job_size_DYN > 0 && (read_len+1023)/1024 > Max_job_size_DYN ){ plp_snprintf( error+1, sizeof(error)-1, _("%s: job size %0.0f is larger than %d K"), Printer_DYN, read_len, Max_job_size_DYN ); ack = ACK_RETRY; status = JFAIL; goto error; } else if( !Check_space( read_len, Minfree_DYN, Spool_dir_DYN ) ){ plp_snprintf( error+1, sizeof(error)-1, _("%s: insufficient file space"), Printer_DYN ); ack = ACK_RETRY; status = JFAIL; goto error; } } tempfd = Make_temp_fd(&tempfile); close(tempfd); tempfd = -1; DEBUGF(DRECV1)("Receive_secure: sock %d, user '%s', jobsize '%s'", *sock, user, jobsize ); status = security->server_receive( sock, Send_job_rw_timeout_DYN, user, jobsize, from_server, authtype, &info, error+1, sizeof(error)-1, &header_info, security, tempfile, Do_secure_work); error: DEBUGF(DRECV1)("Receive_secure: status %d, ack %d, error '%s'", status, ack, error+1 ); if( status ){ if( ack == 0 ) ack = ACK_FAIL; error[0] = ack; DEBUGF(DRECV1)("Receive_secure: sending '%s'", error ); (void)Link_send( ShortRemote_FQDN, sock, Send_query_rw_timeout_DYN, error, safestrlen(error), 0 ); Errorcode = JFAIL; } Free_line_list( &args ); Free_line_list( &header_info ); Free_line_list( &info ); close( *sock ); *sock = -1; Remove_tempfiles(); if( status == 0 && jobsize ){ /* start a new server */ DEBUGF(DRECV1)("Receive_secure: starting server"); if( Server_queue_name_DYN ){ Do_queue_jobs( Server_queue_name_DYN, 0 ); } else { Do_queue_jobs( Printer_DYN, 0 ); } } cleanup(0); }
static int Do_secure_work( char *jobsize, int from_server, char *tempfile, struct line_list *header_info ) { int n, len, linecount = 0, done = 0, fd, status = 0; char *s, *t; char buffer[SMALLBUFFER]; char error[SMALLBUFFER]; struct stat statb; error[0] = 0; if( (fd = Checkread(tempfile,&statb)) < 0 ){ status = JFAIL; plp_snprintf( error, sizeof(error), "Do_secure_work: reopen of '%s' failed - %s", tempfile, Errormsg(errno)); goto error; } buffer[0] = 0; n = 0; done = 0; linecount = 0; while( !done && n < (int)sizeof(buffer)-1 && (len = Read_fd_len_timeout( Send_query_rw_timeout_DYN, fd, buffer+n, sizeof(buffer)-1-n )) > 0 ){ buffer[n+len] = 0; DEBUGF(DRECV1)("Do_secure_work: read %d - '%s'", len, buffer ); while( !done && (s = safestrchr(buffer,'\n')) ){ *s++ = 0; if( safestrlen(buffer) == 0 ){ done = 1; break; } DEBUGF(DRECV1)("Do_secure_work: line [%d] '%s'", linecount, buffer ); if( (t = strchr(buffer,'=')) ){ *t++ = 0; Unescape(t); Set_str_value(header_info, buffer, t ); } else { switch( linecount ){ case 0: if( jobsize ){ if( from_server ){ Set_str_value(header_info,CLIENT,buffer); } done = 1; } else { Set_str_value(header_info,INPUT,buffer); break; } break; case 1: Set_str_value(header_info,CLIENT,buffer); done = 1; break; } } ++linecount; memmove(buffer,s,safestrlen(s)+1); n = safestrlen(buffer); } } if( fd >= 0 ) close(fd); fd = -1; DEBUGFC(DRECV1)Dump_line_list("Do_secure_work - header", header_info ); if( (status = Check_secure_perms( header_info, from_server, error, sizeof(error))) ){ goto error; } DEBUGFC(DRECV1)Dump_line_list("Do_secure_work - header after check", header_info ); buffer[0] = 0; if( jobsize ){ if( (fd = Checkread(tempfile, &statb) ) < 0 ){ status = JFAIL; plp_snprintf( error, sizeof(error), "Do_secure_work: reopen of '%s' for read failed - %s", tempfile, Errormsg(errno)); goto error; } status = Scan_block_file( fd, error, sizeof(error), header_info ); if( (fd = Checkwrite(tempfile,&statb,O_WRONLY|O_TRUNC,1,0)) < 0 ){ status = JFAIL; plp_snprintf( error, sizeof(error), "Do_secure_work: reopen of '%s' for write failed - %s", tempfile, Errormsg(errno)); goto error; } } else { if( (fd = Checkwrite(tempfile,&statb,O_WRONLY|O_TRUNC,1,0)) < 0 ){ status = JFAIL; plp_snprintf( error, sizeof(error), "Do_secure_work: reopen of '%s' for write failed - %s", tempfile, Errormsg(errno)); goto error; } if( (s = Find_str_value(header_info,INPUT)) ){ Dispatch_input( &fd, s, "from secure link" ); } } error: if( fd >= 0 ) close(fd); fd = -1; DEBUGF(DRECV1)("Do_secure_work: status %d, tempfile '%s', error '%s'", status, tempfile, error ); if( error[0] ){ DEBUGF(DRECV1)("Do_secure_work: updating tempfile '%s', error '%s'", tempfile, error ); if( (fd = Checkwrite(tempfile,&statb,O_WRONLY|O_TRUNC,1,0)) < 0 ){ Errorcode = JFAIL; logerr_die(LOG_INFO, "Do_secure_work: reopen of '%s' for write failed", tempfile ); } Write_fd_str(fd,error); close(fd); } DEBUGF(DRECV1)("Do_secure_work: returning %d", status ); return( status ); }
int Receive_job( int *sock, char *input ) { char line[SMALLBUFFER]; /* line buffer for input */ char error[SMALLBUFFER]; /* line buffer for input */ char buffer[SMALLBUFFER]; /* line buffer for input */ int errlen = sizeof(error); char *tempfile; /* name of temp file */ double file_len; /* length of file */ double read_len; /* amount to read from sock */ double jobsize = 0; /* size of job */ int ack = 0; /* ack to send */ int status = 0; /* status of the last command */ double len; /* length of last read */ char *s, *filename; /* name of control or data file */ int temp_fd = -1; /* used for file opening and locking */ int filetype; /* type of file - control or data */ int fd; /* for log file */ int hold_fd = -1; /* hold file */ int db, dbf, rlen; int fifo_fd = -1; /* fifo lock file */ struct line_list files, info, l; struct job job; struct stat statb; #ifdef REMOVE #ifdef WINDOW_1//JYWeng //aaaaaa=fopen("/tmp/pp", "a"); //fprintf(aaaaaa, "lpd_rcvjobs.c\n"); //fclose(aaaaaa); #endif #ifdef JYDEBUG//JYWeng aaaaaa=fopen("/tmp/qqqqq", "a"); fprintf(aaaaaa, "Receive_job: check point 1\n"); fclose(aaaaaa); #endif #endif Init_line_list(&l); Init_line_list(&files); Init_line_list(&info); Init_job(&job); Name = "RECV"; if( input && *input ) ++input; Clean_meta(input); Split(&info,input,Whitespace,0,0,0,0,0,0); //printf("Receive_job!\n");//JY1107 /*JY1113: test QueueName*/ if(get_queue_name(input)) { //printf("QueueName is not LPRServer\n"); send_ack_packet(sock, ACK_FAIL);//JY1120 return(0); } //else printf("QueueName is LPRServer\n"); /**/ #ifdef ORIGINAL_DEBUG//JY@1020 DEBUGFC(DRECV1)Dump_line_list("Receive_job: input", &info ); #endif if( info.count != 1 ){ SNPRINTF( error, errlen) _("bad command line") ); goto error; }