/*
* A simple routine to determine the job number for a print job based on
* the name of its control file. The algorithm used here may look odd, but
* the main issue is that all parts of `lpd', `lpc', `lpq' & `lprm' must be
* using the same algorithm, whatever that algorithm may be. If the caller
* provides a non-null value for ''hostpp', then this returns a pointer to
* the start of the hostname (or IP address?) as found in the filename.
*
* Algorithm: The standard `cf' file has the job number start in position 4,
* but some implementations have that as an extra file-sequence letter, and
* start the job number in position 5. The job number is usually three bytes,
* but may be as many as five. Confusing matters still more, some Windows
* print servers will append an IP address to the job number, instead of
* the expected hostname. So, if the job number ends with a '.', then
* assume the correct jobnum value is the first three digits.
*/
int
calc_jobnum(const char *cfname, const char **hostpp)
{
int jnum;
const char *cp, *numstr, *hoststr;
numstr = cfname + 3;
if (!isdigitch(*numstr))
numstr++;
jnum = 0;
for (cp = numstr; (cp < numstr + 5) && isdigitch(*cp); cp++)
jnum = jnum * 10 + (*cp - '0');
hoststr = cp;
/*
* If the filename was built with an IP number instead of a hostname,
* then recalculate using only the first three digits found.
*/
while(isdigitch(*cp))
cp++;
if (*cp == '.') {
jnum = 0;
for (cp = numstr; (cp < numstr + 3) && isdigitch(*cp); cp++)
jnum = jnum * 10 + (*cp - '0');
hoststr = cp;
}
if (hostpp != NULL)
*hostpp = hoststr;
return (jnum);
}
/*
* This routine renames the temporary control file as received from some
* other (remote) host. That file will almost always with `tfA*', because
* recvjob.c creates the file by changing `c' to `t' in the original name
* for the control file. Now if you read the RFC, you would think that all
* control filenames start with `cfA*'. However, it seems there are some
* implementations which send control filenames which start with `cf'
* followed by *any* letter, so this routine can not assume what the third
* letter will (or will not) be. Sigh.
*
* So this will rewrite the temporary file to `rf*' (correcting any lines
* which need correcting), rename that `rf*' file to `cf*', and then remove
* the original `tf*' temporary file.
*
* The *main* purpose of this routine is to be paranoid about the contents
* of that control file. It is partially meant to protect against people
* TRYING to cause trouble (perhaps after breaking into root of some host
* that this host will accept print jobs from). The fact that we're willing
* to print jobs from some remote host does not mean that we should blindly
* do anything that host tells us to do.
*
* This is also meant to protect us from errors in other implementations of
* lpr, particularly since we may want to use some values from the control
* file as environment variables when it comes time to print, or as parameters
* to commands which will be exec'ed, or values in statistics records.
*
* This may also do some "conversions" between how different versions of
* lpr or lprNG define the contents of various lines in a control file.
*
* If there is an error, it returns a pointer to a descriptive error message.
* Error messages which are RETURNED (as opposed to syslog-ed) do not include
* the printer-queue name. Let the caller add that if it is wanted.
*/
char *
ctl_renametf(const char *ptrname, const char *tfname)
{
int chk3rd, has_uc, newfd, nogood, res;
FILE *newcf;
struct cjobinfo *cjinf;
char *lbuff, *slash, *cp;
char tfname2[NAME_MAX+1], cfname2[NAME_MAX+1];
char errm[CTI_LINEMAX];
#ifdef TRIGGERTEST_FNAME
struct stat tstat;
res = stat(TRIGGERTEST_FNAME, &tstat);
if (res == -1) {
/*
* if the trigger file does NOT exist in this spool directory,
* then do the exact same steps that the pre-ctlinfo code had
* been doing. Ie, very little.
*/
strlcpy(cfname2, tfname, sizeof(cfname2));
cfname2[0] = 'c';
res = link(tfname, cfname2);
if (res < 0) {
snprintf(errm, sizeof(errm),
"ctl_renametf error link(%s,%s): %s", tfname,
cfname2, strerror(errno));
return strdup(errm);
}
unlink(tfname);
return NULL;
}
#endif
cjinf = NULL; /* in case of early jump to error_ret */
newcf = NULL; /* in case of early jump to error_ret */
*errm = '\0'; /* in case of early jump to error_ret */
chk3rd = tfname[2];
if ((tfname[0] != 't') || (tfname[1] != 'f') || (!isalpha(chk3rd))) {
snprintf(errm, sizeof(errm),
"ctl_renametf invalid filename: %s", tfname);
goto error_ret;
}
cjinf = ctl_readcf(ptrname, tfname);
if (cjinf == NULL) {
snprintf(errm, sizeof(errm),
"ctl_renametf error cti_readcf(%s)", tfname);
goto error_ret;
}
/*
* This uses open+fdopen instead of fopen because that combination
* gives us greater control over file-creation issues.
*/
strlcpy(tfname2, tfname, sizeof(tfname2));
tfname2[0] = 'r'; /* rf<letter><job><hostname> */
newfd = open(tfname2, O_WRONLY|O_CREAT|O_TRUNC, 0660);
if (newfd == -1) {
snprintf(errm, sizeof(errm),
"ctl_renametf error open(%s): %s", tfname2,
strerror(errno));
goto error_ret;
}
newcf = fdopen(newfd, "w");
if (newcf == NULL) {
close(newfd);
snprintf(errm, sizeof(errm),
"ctl_renametf error fopen(%s): %s", tfname2,
strerror(errno));
goto error_ret;
}
/*
* Do extra sanity checks on some key job-attribute fields, and
* write them out first (thus making sure they are written in the
* order we generally expect them to be in).
*/
/*
* Some lpr implementations on PC's set a null-string for their
* hostname. A MacOS 10 system which has not correctly setup
* /etc/hostconfig will claim a hostname of 'localhost'. Anything
* with blanks in it would be an invalid value for hostname. For
* any of these invalid hostname values, replace the given value
* with the name of the host that this job is coming from.
*/
nogood = 0;
if (cjinf->cji_accthost == NULL)
nogood = 1;
else if (strcmp(cjinf->cji_accthost, ".na.") == 0)
nogood = 1;
else if (strcmp(cjinf->cji_accthost, "localhost") == 0)
nogood = 1;
else {
for (cp = cjinf->cji_accthost; *cp != '\0'; cp++) {
if (*cp <= ' ') {
nogood = 1;
break;
}
}
}
if (nogood)
fprintf(newcf, "H%s\n", from_host);
else
fprintf(newcf, "H%s\n", cjinf->cji_accthost);
/*
* Now do some sanity checks on the 'P' (original userid) value. Note
* that the 'P'erson line is the second line which is ALWAYS supposed
* to be present in a control file.
*
* There is no particularly good value to use for replacements, but
* at least make sure the value is something reasonable to use in
* environment variables and statistics records. Again, some PC
* implementations send a null-string for a value. Various Mac
* implementations will set whatever string the user has set for
* their 'Owner Name', which usually includes blanks, etc.
*/
nogood = 0;
if (cjinf->cji_acctuser == NULL)
nogood = 1;
else if (strcmp(cjinf->cji_acctuser, ".na.") == 0)
; /* No further checks needed... */
else {
has_uc = 0;
cp = cjinf->cji_acctuser;
if (*cp == '-')
*cp++ = '_';
for (; *cp != '\0'; cp++) {
if (islowerch(*cp) || isdigitch(*cp))
continue; /* Standard valid characters */
if (strchr(OTHER_USERID_CHARS, *cp) != NULL)
continue; /* Some more valid characters */
if (isupperch(*cp)) {
has_uc = 1; /* These may be valid... */
continue;
}
*cp = '_';
}
/*
* Some Windows hosts send print jobs where the correct userid
* has been converted to uppercase, and that can cause trouble
* for sites that expect the correct value (for something like
* accounting). On the other hand, some sites do use uppercase
* in their userids, so we can't blindly convert to lowercase.
*/
if (has_uc && (getpwnam(cjinf->cji_acctuser) == NULL)) {
for (cp = cjinf->cji_acctuser; *cp != '\0'; cp++) {
if (isupperch(*cp))
*cp = tolowerch(*cp);
}
}
}
if (nogood)
fprintf(newcf, "P%s\n", ".na.");
else
fprintf(newcf, "P%s\n", cjinf->cji_acctuser);
/* No need for sanity checks on class, jobname, "literal" user. */
if (cjinf->cji_class != NULL)
fprintf(newcf, "C%s\n", cjinf->cji_class);
if (cjinf->cji_jobname != NULL)
fprintf(newcf, "J%s\n", cjinf->cji_jobname);
if (cjinf->cji_headruser != NULL)
fprintf(newcf, "L%s\n", cjinf->cji_headruser);
/*
* This should probably add more sanity checks on mailto value.
* Note that if the mailto value is "wrong", then there's no good
* way to know what the "correct" value would be, and we should not
* semd email to some random address. At least for now, just ignore
* any invalid values.
*/
nogood = 0;
if (cjinf->cji_mailto == NULL)
nogood = 1;
else {
for (cp = cjinf->cji_mailto; *cp != '\0'; cp++) {
if (*cp <= ' ') {
nogood = 1;
break;
}
}
}
if (!nogood)
fprintf(newcf, "M%s\n", cjinf->cji_mailto);
/*
* Now go thru the old control file, copying all information which
* hasn't already been written into the new file.
*/
ctl_rewindcf(cjinf);
lbuff = ctl_getline(cjinf);
while (lbuff != NULL) {
switch (lbuff[0]) {
case 'H':
case 'P':
case 'C':
case 'J':
case 'L':
case 'M':
/* already wrote values for these to the newcf */
break;
case 'N':
/* see comments under 'U'... */
if (cjinf->cji_dfcount == 0) {
/* in this case, 'N's will be done in 'U' */
break;
}
fprintf(newcf, "%s\n", lbuff);
break;
case 'U':
/*
* check for the very common case where the remote
* host had to process 'lpr -s -r', but it did not
* remove the Unlink line from the control file.
* Such Unlink lines will legitimately have a '/' in
* them, but it is the original lpr host which would
* have done the unlink of such files, and not any
* host receiving that job.
*/
slash = strchr(lbuff, '/');
if (slash != NULL) {
break; /* skip this line */
}
/*
* Okay, another kind of broken lpr implementation
* is one which send datafiles, and Unlink's those
* datafiles, but never includes any PRINT request
* for those files. Experimentation shows that one
* copy of those datafiles should be printed with a
* format of 'f'. If this is an example of such a
* screwed-up control file, fix it here.
*/
if (cjinf->cji_dfcount == 0) {
lbuff++;
if (strncmp(lbuff, "df", (size_t)2) == 0) {
fprintf(newcf, "f%s\n", lbuff);
fprintf(newcf, "U%s\n", lbuff);
fprintf(newcf, "N%s\n", lbuff);
}
break;
}
fprintf(newcf, "%s\n", lbuff);
break;
default:
fprintf(newcf, "%s\n", lbuff);
break;
}
lbuff = ctl_getline(cjinf);
}
ctl_freeinf(cjinf);
cjinf = NULL;
res = fclose(newcf);
newcf = NULL;
if (res != 0) {
snprintf(errm, sizeof(errm),
"ctl_renametf error fclose(%s): %s", tfname2,
strerror(errno));
goto error_ret;
}
strlcpy(cfname2, tfname, sizeof(cfname2));
cfname2[0] = 'c'; /* rename new file to 'cfA*' */
res = link(tfname2, cfname2);
if (res != 0) {
snprintf(errm, sizeof(errm),
"ctl_renametf error link(%s,%s): %s", tfname2, cfname2,
strerror(errno));
goto error_ret;
}
/* All the important work is done. Now just remove temp files */
#ifdef LEAVE_TMPCF_FILES
{
struct stat tfstat;
size_t size1;
tfstat.st_size = 1; /* certainly invalid value */
res = stat(tfname, &tfstat);
size1 = tfstat.st_size;
tfstat.st_size = 2; /* certainly invalid value */
res = stat(tfname2, &tfstat);
/*
* If the sizes do not match, or either stat call failed,
* then do not remove the temp files, but just move them
* out of the way. This is so I can see what this routine
* had changed (and the files won't interfere with some
* later job coming in from the same host). In this case,
* we don't care if we clobber some previous file.
*/
if (size1 != tfstat.st_size) {
strlcpy(cfname2, tfname, sizeof(cfname2));
strlcat(cfname2, "._T", sizeof(cfname2));
rename(tfname, cfname2);
strlcpy(cfname2, tfname2, sizeof(cfname2));
strlcat(cfname2, "._T", sizeof(cfname2));
rename(tfname2, cfname2);
return NULL;
}
}
#endif
unlink(tfname);
unlink(tfname2);
return NULL;
error_ret:
if (cjinf != NULL)
ctl_freeinf(cjinf);
if (newcf != NULL)
fclose(newcf);
if (*errm != '\0')
return strdup(errm);
return strdup("ctl_renametf internal (missed) error");
}
