setgroups fails preventing jobs from printing #213

Closed
michaelrsweet opened this Issue Aug 1, 2003 · 7 comments

Comments

Projects
None yet
1 participant
Collaborator

michaelrsweet commented Aug 1, 2003

Version: 1.1-current
CUPS.org User: jlovell

The recent changes in cvs using setgroups fails on MacOSX Jaguar and other BSDs (according to the xinetd readme). This will work in Panther but to maintain compatibility a change may be warranted. For reference, I applied the attached patch for the time being. It has the small benefit of validating a user ID specified in cupsd.conf.

Collaborator

michaelrsweet commented Aug 1, 2003

CUPS.org User: mike

Jim,

Is the issue that setgroups() removes all group membership on OSX, or that you need additional groups for that user?

Also, it looks like there is an additional fix in StartJob() WRT the whitespace stuff? I'm not sure the optptr++ is valid (strlcat could conceivably fail if we miscalculated the size of the buffer...)

Collaborator

michaelrsweet commented Aug 1, 2003

CUPS.org User: jlovell

The problem is setgroups returns EINVAL for ngroups less than 1 or greater than MAX_GROUPS. My patch had the benefit of allowing an administrator greater control via group membership for the cups_user (as I believe was mentioned in the STR that prompted the original change). An alternate patch might be something like "setgroups(1, &Group)".

The other patch is to log job options individually. This change went in earlier when long log entries were being truncated. It allows for more readable entries like:

D [ ] StartJob: option = "AP_D_InputSlot="
D [ ] StartJob: option = "nocollate"
D [ ] StartJob: option = "media=Letter"
D [ ] StartJob: option = "com.apple.print.PrinterInfo.PMColorDeviceID..n.=1678338968"
D [ ] StartJob: option = "com.apple.print.PrintSettings.PMPrimaryPaperFeed..a.0=PageSize"

instead having them all listed on one line. It's not strictly required anymore (you can ignore it) but I believe it's a little easier for people to read.

Thanks!

Collaborator

michaelrsweet commented Aug 1, 2003

CUPS.org User: mike

At the moment I'm leaning towards using setgroups(1,&Group) (or the equivalent, since the group list needs to use gid_t... :) since setgroups() is more portable and has no side-effects (initgroups could give group perms that you don't expect...)

As for the option logging patch, we'll stick with the magical expanding line buffer trick... :)

Collaborator

michaelrsweet commented Aug 1, 2003

CUPS.org User: mike

OK, I've commited the necessary changes to call setgroups with 1 group (see attached patch).

Collaborator

michaelrsweet commented Aug 1, 2003

CUPS.org User: jlovell

Looks good -- works on Jaguar. Thanks!

Collaborator

michaelrsweet commented Aug 1, 2003

"cups_setgroups.patch":

Index: scheduler/client.c

RCS file: /home/anoncvs/cups/scheduler/client.c,v
retrieving revision 1.168
diff -u -d -b -w -r1.168 client.c
--- scheduler/client.c 20 Jul 2003 15:15:07 -0000 1.168
+++ scheduler/client.c 25 Jul 2003 01:24:02 -0000
@@ -53,6 +53,9 @@
#include "cupsd.h"
#include <grp.h>

+#ifdef APPLE

  • #include <pwd.h>
    +#endif /* APPLE */

/*

  • Local functions...
    @@ -3171,7 +3174,11 @@
    if (setgid(Group))
    exit(errno);

+#ifdef APPLE

  •  if (initgroups(UserName, Group))
    

    +#else
    if (setgroups(0, NULL))
    +#endif /* APPLE */
    exit(errno);

    if (setuid(User))
    @@ -3183,7 +3190,11 @@

    • Reset group membership to just the main one we belong to.
      */

+#ifdef APPLE

  •  initgroups(UserName, Group);
    

    +#else
    setgroups(0, NULL);
    +#endif /* APPLE */
    }

    /*

    Index: scheduler/conf.c

    RCS file: /home/anoncvs/cups/scheduler/conf.c,v
    retrieving revision 1.136
    diff -u -d -b -w -r1.136 conf.c
    --- scheduler/conf.c 20 Jul 2003 12:42:33 -0000 1.136
    +++ scheduler/conf.c 25 Jul 2003 01:24:02 -0000
    @@ -353,9 +353,15 @@
    */

    if ((user = getpwnam(CUPS_DEFAULT_USER)) == NULL)

  • {

  • SetString(&UserName, "");
    User = 1; /* Force to a non-priviledged account */

  • }
    else

  • {

  • SetString(&UserName, user->pw_name);
    User = user->pw_uid;

  • }

endpwent();

@@ -1363,21 +1369,35 @@
* User ID to run as...
*/

  •  struct passwd _p;    /_ Password information */
    
    • if (isdigit(value[0]))
  •    User = atoi(value);
    
  •  else
    

    {

  •    struct passwd _p;  /_ Password information */
    
  • p = getpwuid(atoi(value));

  •    endpwent();
    
  • if (p != NULL)

  • {

  • SetString(&UserName, p->pw_name);
    
  • User = p->pw_uid;
    
  • }

  • else

  • LogMessage(L_WARN, "ReadConfiguration() Unknown user ID %d",
    
  •            value);
    
  •  }
    
  •  else
    
  •  {
    

    p = getpwnam(value);

    if (p != NULL)

  • {

  • SetString(&UserName, p->pw_name);
    

    User = p->pw_uid;

  • }
    else
    LogMessage(L_WARN, "ReadConfiguration() Unknown username "%s"",
    value);
    }

  •  endpwent();
    

    }
    else if (strcasecmp(name, "Group") == 0)
    {
    Index: scheduler/conf.h

    RCS file: /home/anoncvs/cups/scheduler/conf.h,v
    retrieving revision 1.56
    diff -u -d -b -w -r1.56 conf.h
    --- scheduler/conf.h 30 Mar 2003 19:50:34 -0000 1.56
    +++ scheduler/conf.h 25 Jul 2003 01:24:02 -0000
    @@ -96,8 +96,10 @@
    /* Font search path /
    *RemoteRoot VALUE(NULL),
    /
    Remote root user */

  •       *Classification     VALUE(NULL);
    
  •       _Classification     VALUE(NULL),
                /_ Classification of system */
    
  •       *UserName       VALUE(NULL);
    
  •               /\* User name for server _/
    

    VAR int ClassifyOverride VALUE(0),
    /_ Allow overrides? */
    ConfigFilePerm VALUE(0600),
    Index: scheduler/dirsvc.c

    RCS file: /home/anoncvs/cups/scheduler/dirsvc.c,v
    retrieving revision 1.117
    diff -u -d -b -w -r1.117 dirsvc.c
    --- scheduler/dirsvc.c 20 Jul 2003 12:42:34 -0000 1.117
    +++ scheduler/dirsvc.c 25 Jul 2003 01:24:02 -0000
    @@ -886,7 +886,11 @@
    if (setgid(Group))
    exit(errno);

+#ifdef APPLE

  • if (initgroups(UserName, Group))
    +#else
    if (setgroups(0, NULL))
    +#endif /* APPLE */
    exit(errno);

if (setuid(User))
@@ -898,7 +902,11 @@

  • Reset group membership to just the main one we belong to.
    */

+#ifdef APPLE

  • initgroups(UserName, Group);
    +#else
    setgroups(0, NULL);
    +#endif /* APPLE */
    }

    /*

Index: scheduler/job.c

RCS file: /home/anoncvs/cups/scheduler/job.c,v
retrieving revision 1.217
diff -u -d -b -w -r1.217 job.c
--- scheduler/job.c 20 Jul 2003 15:15:08 -0000 1.217
+++ scheduler/job.c 25 Jul 2003 01:24:02 -0000
@@ -1173,7 +1173,8 @@
int num_filters; /* Number of filters for job /
mime_filter_t *filters; /
Filters for job /
char method[255], /
Method for output */

  •   _optptr;        /_ Pointer to options */
    
  •   _optptr,        /_ Pointer to options */
    
  •   *optlog;        /* Pointer to option to be logged */
    

    ipp_attribute_t attr; / Current attribute /
    int pid; /
    Process ID of new filter process /
    int banner_page; /
    1 if banner page, 0 otherwise */
    @@ -1524,7 +1525,12 @@
    */

    if (optptr > options)

  •  {
    

    strlcat(optptr, " ", optlength - (optptr - options));

  • optptr++;

  •  }
    
  •  optlog = optptr;
    

    if (attr->value_tag != IPP_TAG_BOOLEAN)
    {
    @@ -1599,6 +1605,8 @@
    }
    }

  •  LogMessage(L_DEBUG, "StartJob: option = \"%s\"", optlog);
    
    • optptr += strlen(optptr);
      }
      }
      @@ -2618,7 +2626,11 @@
      if (setgid(Group))
      exit(errno);

+#ifdef APPLE

  •  if (initgroups(UserName, Group))
    

    +#else
    if (setgroups(0, NULL))
    +#endif /* APPLE */
    exit(errno);

    if (setuid(User))
    @@ -2630,7 +2642,11 @@

    • Reset group membership to just the main one we belong to.
      */

+#ifdef APPLE

  •  initgroups(UserName, Group);
    

    +#else
    setgroups(0, NULL);
    +#endif /* APPLE */
    }

    /*

    Index: scheduler/main.c

    RCS file: /home/anoncvs/cups/scheduler/main.c,v
    retrieving revision 1.105
    diff -u -d -b -w -r1.105 main.c
    --- scheduler/main.c 19 Jul 2003 21:13:57 -0000 1.105
    +++ scheduler/main.c 25 Jul 2003 01:24:02 -0000
    @@ -401,7 +401,13 @@
    if (RunAsUser)
    {
    setgid(Group);
    +
    +#ifdef APPLE

  • initgroups(UserName, Group);
    +#else
    setgroups(0, NULL);
    +#endif /* APPLE */

setuid(User);
}

Collaborator

michaelrsweet commented Aug 1, 2003

"str213.patch":

Index: client.c

RCS file: /development/cvs/cups/scheduler/client.c,v
retrieving revision 1.168
diff -u -r1.168 client.c
--- client.c 2003/07/20 15:15:07 1.168
+++ client.c 2003/08/01 19:58:50
@@ -3171,7 +3171,7 @@
if (setgid(Group))
exit(errno);

  •  if (setgroups(0, NULL))
    
  •  if (setgroups(1, &Group))
     exit(errno);
    

    if (setuid(User))
    @@ -3183,7 +3183,7 @@

    • Reset group membership to just the main one we belong to.
      */
  •  setgroups(0, NULL);
    
  •  setgroups(1, &Group);
    

    }

    /*

    Index: conf.h

    RCS file: /development/cvs/cups/scheduler/conf.h,v
    retrieving revision 1.56
    diff -u -r1.56 conf.h
    --- conf.h 2003/03/30 19:50:34 1.56
    +++ conf.h 2003/08/01 19:58:50
    @@ -98,16 +98,16 @@
    /* Remote root user /
    *Classification VALUE(NULL);
    /
    Classification of system */
    +VAR uid_t User VALUE(1);

  •               /\* User ID for server */
    

    +VAR gid_t Group VALUE(0);

  •               /\* Group ID for server _/
    

    VAR int ClassifyOverride VALUE(0),
    /_ Allow overrides? /
    ConfigFilePerm VALUE(0600),
    /
    Permissions for config files /
    LogFilePerm VALUE(0644),
    /
    Permissions for log files */

  •       User            VALUE(1),
    
  •               /\* User ID for server */
    
  •       Group           VALUE(0),
    
  •               /* Group ID for server */
        LogLevel        VALUE(L_ERROR),
                /* Log level */
        MaxClients      VALUE(0),
    

    Index: dirsvc.c

    RCS file: /development/cvs/cups/scheduler/dirsvc.c,v
    retrieving revision 1.117
    diff -u -r1.117 dirsvc.c
    --- dirsvc.c 2003/07/20 12:42:34 1.117
    +++ dirsvc.c 2003/08/01 19:58:50
    @@ -886,7 +886,7 @@
    if (setgid(Group))
    exit(errno);

  • if (setgroups(0, NULL))

  • if (setgroups(1, &Group))
    exit(errno);

if (setuid(User))
@@ -898,7 +898,7 @@

  • Reset group membership to just the main one we belong to.
    */

  • setgroups(0, NULL);

  • setgroups(1, &Group);
    }

    /*

Index: job.c

RCS file: /development/cvs/cups/scheduler/job.c,v
retrieving revision 1.217
diff -u -r1.217 job.c
--- job.c 2003/07/20 15:15:08 1.217
+++ job.c 2003/08/01 19:58:50
@@ -2618,7 +2618,7 @@
if (setgid(Group))
exit(errno);

  •  if (setgroups(0, NULL))
    
  •  if (setgroups(1, &Group))
     exit(errno);
    

    if (setuid(User))
    @@ -2630,7 +2630,7 @@

    • Reset group membership to just the main one we belong to.
      */
  •  setgroups(0, NULL);
    
  •  setgroups(1, &Group);
    

    }

    /*

    Index: main.c

    RCS file: /development/cvs/cups/scheduler/main.c,v
    retrieving revision 1.106
    diff -u -r1.106 main.c
    --- main.c 2003/08/01 15:20:27 1.106
    +++ main.c 2003/08/01 19:58:50
    @@ -402,7 +402,7 @@
    if (RunAsUser)
    {
    setgid(Group);

  • setgroups(0, NULL);

  • setgroups(1, &Group);
    setuid(User);
    }

michaelrsweet added this to the Stable milestone Mar 17, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment