void Initialize(int argc, char *argv[], char *envp[], int debugchar )
{
char *s;
int fd;
/* the gettext facility has been shown to be able to be used to
* compromize setuid programs.
* remove the slightest possibility of NLSPATH being used in a root
* environment
*/
if( getuid() == ROOTUID || geteuid() == ROOTUID ){
#if defined(HAVE_UNSETENV)
unsetenv("NLSPATH");
#elif defined(HAVE_SETENV)
setenv("NLSPATH","",1);
#elif defined(HAVE_PUTENV)
putenv("NLSPATH=");
#else
# error require one of unsetenv(), setenv(), or putenv()
#endif
}
DEBUG1("Initialize: starting");
if( argc > 1 ){
s = argv[1];
if( s[0] == '-' && s[1] == debugchar ){
if( s[2] ){
Parse_debug(s+2,1);
} else {
Parse_debug(argv[2],1);
}
}
}
if(DEBUGL3){
struct stat statb;
int i;
LOGDEBUG("Initialize: starting with open fd's");
for( i = 0; i < 20; ++i ){
if( fstat(i,&statb) == 0 ){
LOGDEBUG(" fd %d (0%o)", i, statb.st_mode&S_IFMT);
}
}
}
/*
open /dev/null on fd 0, 1, 2, 3, 4, if neccessary
This must be done before using any other database access
functions, as they may open a socket and leave it open.
*/
if( (fd = open( "/dev/null", O_RDWR, 0600 )) < 0 ){
LOGERR_DIE(LOG_CRIT) "Initialize: cannot open '/dev/null'" );
}
/*************************************************************************
* Receive_secure() - receive a secure transfer
*************************************************************************/
int Receive_secure( int *sock, char *input )
{
char *printername;
char error[SMALLBUFFER]; /* error message */
char *authtype;
char *cf, *s;
char *jobsize = 0;
char *user = 0;
int tempfd = -1;
int ack, status, from_server;
struct line_list args, header_info, info;
struct stat statb;
char *tempfile = 0;
const struct security *security = 0;
Name = "RCVSEC";
memset( error, 0, sizeof(error));
ack = 0;
status = 0;
DEBUGF(DRECV1)("Receive_secure: input line '%s'", input );
Init_line_list( &args );
Init_line_list( &header_info );
Init_line_list( &info );
Split(&args,input+1,Whitespace,0,0,0,0,0,0);
DEBUGFC(DRECV1)Dump_line_list("Receive_secure - input", &args);
if( args.count != 5 && args.count != 4 ){
plp_snprintf( error+1, sizeof(error)-1,
_("bad command line '%s'"), input );
ack = ACK_FAIL; /* no retry, don't send again */
status = JFAIL;
goto error;
}
Check_max(&args,1);
args.list[args.count] = 0;
/*
* \REQ_SECUREprintername C/F user authtype jobsize\n - receive a job
* 0 1 2 3 4
*/
printername = args.list[0];
cf = args.list[1];
user = args.list[2]; /* user is escape encoded */
Unescape(user);
authtype = args.list[3];
Unescape(authtype);
jobsize = args.list[4];
setproctitle( "lpd %s '%s'", Name, printername );
Perm_check.authtype = authtype;
from_server = 0;
if( *cf == 'F' ){
from_server = 1;
}
/* set up the authentication support information */
if( Is_clean_name( printername ) ){
plp_snprintf( error+1, sizeof(error)-1,
_("bad printer name '%s'"), input );
ack = ACK_FAIL; /* no retry, don't send again */
status = JFAIL;
goto error;
}
Set_DYN(&Printer_DYN,printername);
if( Setup_printer( printername, error+1, sizeof(error)-1, 0 ) ){
if( jobsize ){
plp_snprintf( error+1, sizeof(error)-1,
_("bad printer '%s'"), printername );
ack = ACK_FAIL; /* no retry, don't send again */
status = JFAIL;
goto error;
}
} else {
int db, dbf;
db = Debug;
dbf = DbgFlag;
s = Find_str_value(&Spool_control,DEBUG);
if(!s) s = New_debug_DYN;
Parse_debug( s, 0 );
if( !(DRECVMASK & DbgFlag) ){
Debug = db;
DbgFlag = dbf;
} else {
int tdb, tdbf;
tdb = Debug;
tdbf = DbgFlag;
Debug = db;
DbgFlag = dbf;
if( Log_file_DYN ){
tempfd = Checkwrite( Log_file_DYN, &statb,0,0,0);
if( tempfd > 0 && tempfd != 2 ){
dup2(tempfd,2);
close(tempfd);
}
tempfd = -1;
}
Debug = tdb;
DbgFlag = tdbf;
LOGDEBUG("Receive_secure: socket fd %d", *sock);
Dump_line_list("Receive_secure - input", &args);
}
DEBUGF(DRECV1)("Receive_secure: debug '%s', Debug %d, DbgFlag 0x%x",
s, Debug, DbgFlag );
}
if( !(security = Fix_receive_auth(authtype, &info)) ){
plp_snprintf( error+1, sizeof(error)-1,
_("unsupported authentication '%s'"), authtype );
ack = ACK_FAIL; /* no retry, don't send again */
status = JFAIL;
goto error;
}
if( !security->server_receive ){
plp_snprintf( error+1, sizeof(error)-1,
_("no receive method supported for '%s'"), authtype );
ack = ACK_FAIL; /* no retry, don't send again */
status = JFAIL;
goto error;
}
if( jobsize ){
double read_len;
read_len = strtod(jobsize,0);
DEBUGF(DRECV2)("Receive_secure: spooling_disabled %d",
Sp_disabled(&Spool_control) );
if( Sp_disabled(&Spool_control) ){
plp_snprintf( error+1, sizeof(error)-1,
_("%s: spooling disabled"), Printer_DYN );
ack = ACK_RETRY; /* retry */
status = JFAIL;
goto error;
}
if( Max_job_size_DYN > 0 && (read_len+1023)/1024 > Max_job_size_DYN ){
plp_snprintf( error+1, sizeof(error)-1,
_("%s: job size %0.0f is larger than %d K"),
Printer_DYN, read_len, Max_job_size_DYN );
ack = ACK_RETRY;
status = JFAIL;
goto error;
} else if( !Check_space( read_len, Minfree_DYN, Spool_dir_DYN ) ){
plp_snprintf( error+1, sizeof(error)-1,
_("%s: insufficient file space"), Printer_DYN );
ack = ACK_RETRY;
status = JFAIL;
goto error;
}
}
tempfd = Make_temp_fd(&tempfile);
close(tempfd); tempfd = -1;
DEBUGF(DRECV1)("Receive_secure: sock %d, user '%s', jobsize '%s'",
*sock, user, jobsize );
status = security->server_receive( sock, Send_job_rw_timeout_DYN,
user, jobsize, from_server, authtype,
&info,
error+1, sizeof(error)-1,
&header_info,
security, tempfile, Do_secure_work);
error:
DEBUGF(DRECV1)("Receive_secure: status %d, ack %d, error '%s'",
status, ack, error+1 );
if( status ){
if( ack == 0 ) ack = ACK_FAIL;
error[0] = ack;
DEBUGF(DRECV1)("Receive_secure: sending '%s'", error );
(void)Link_send( ShortRemote_FQDN, sock,
Send_query_rw_timeout_DYN, error, safestrlen(error), 0 );
Errorcode = JFAIL;
}
Free_line_list( &args );
Free_line_list( &header_info );
Free_line_list( &info );
close( *sock ); *sock = -1;
Remove_tempfiles();
if( status == 0 && jobsize ){
/* start a new server */
DEBUGF(DRECV1)("Receive_secure: starting server");
if( Server_queue_name_DYN ){
Do_queue_jobs( Server_queue_name_DYN, 0 );
} else {
Do_queue_jobs( Printer_DYN, 0 );
}
}
cleanup(0);
}
