From cc8fc277e84a2f3d13bd2f2847a418423a002dfb Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Fri, 7 Feb 2014 15:48:54 +0100 Subject: More output on failures, Delete tmpfile after exit, chown tmpfile to printing user --- src/pwgui/main.cpp | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/src/pwgui/main.cpp b/src/pwgui/main.cpp index 77ec7f0..88e0486 100644 --- a/src/pwgui/main.cpp +++ b/src/pwgui/main.cpp @@ -80,7 +80,7 @@ int main(int argc, char *argv[]) // Mimic cups behaviour wrt dropping privs (Only 0700 or 0500 == root) helper_loadlpuser(); struct stat st; - if (stat(backend, &st) != 0 || (st.st_mode & 0077) != 0) helper_dropprivs(); + if (stat(backend, &st) != 0 || (st.st_mode & 0011) != 0) helper_dropprivs(); execv(backend, argv); exit(127); } @@ -119,6 +119,7 @@ int main(int argc, char *argv[]) close(fh); // } + chown(tmpfile, ruid, rgid); // Try right away with what we got spoolres = run_backend(backend, device, argv[1], argv[2], argv[3], argv[4], argv[5], tmpfile, NULL); @@ -155,6 +156,7 @@ int main(int argc, char *argv[]) waitpid(pid, NULL, 0); // Don't check status, just look at pipe data if (bytes <= 0) { fputs("ERROR: Could not read anything from pipe after showing GUI.\n", stderr); + remove(tmpfile); return CUPS_BACKEND_CANCEL; } creds[bytes] = '\0'; @@ -163,6 +165,7 @@ int main(int argc, char *argv[]) // Run backend with pimped user/pass status = run_backend(backend, device, argv[1], creds, argv[3], argv[4], argv[5], tmpfile, pass); } while (status != CUPS_BACKEND_OK); + remove(tmpfile); return CUPS_BACKEND_OK; } @@ -184,7 +187,7 @@ static int run_backend(char *backend, char *uri, char *jobid, char *user, char * args[7] = NULL; // Priv dropping struct stat st; - if (stat(backend, &st) != 0 || (st.st_mode & 0077) != 0) helper_dropprivs(); + if (stat(backend, &st) != 0 || (st.st_mode & 0011) != 0) helper_dropprivs(); // Exec execv(backend, args); exit(127); @@ -206,14 +209,23 @@ static bool helper_getpiduid(char *user, char *title) // it has to be gui-, PID has to be an instance of printergui // and we have to be able to kill it, only then we assume we should bother the user // with an authentication dialog - if (strncmp(title, "gui-", 4) != 0) return false; // Wrong job title + if (strncmp(title, "gui-", 4) != 0) { + fprintf(stderr, "WARNING: Job Title doesnt start with 'gui-' (Is: %s)\n", title); + return false; // Wrong job title + } struct stat st; struct passwd *pw = getpwnam(user); - if (pw == NULL) return false; + if (pw == NULL) { + fprintf(stderr, "WARNING: Cannot getpwnam %s\n", user); + return false; + } int p = atoi(title + 4); char bin[PATH_MAX+1], tmp[100]; snprintf(tmp, 100, "/proc/%d/exe", p); - if (realpath(tmp, bin) == NULL) return false; + if (realpath(tmp, bin) == NULL) { + fprintf(stderr, "WARNING: Cannot get realpath of %s\n", tmp); + return false; + } char *last = strrchr(bin, '/'); if (last == NULL || strcmp(last, "/printergui") != 0) return false; // Wrong process // PID passed via job title seems to be the printergui -- cgit v1.2.3-55-g7522