Date: Wed, 27 Jun 2001 20:49:52 -0400 From: Garance A Drosihn <drosih@rpi.edu> To: freebsd-print@bostonradio.org Cc: freebsd-audit@freebsd.org Subject: Initial ctlinfo, for checking incoming jobs to lpd Message-ID: <p0510100db760298f4bb4@[128.113.24.47]>
next in thread | raw e-mail | index | archive | help
The following patch would add a new source file to lpr/common_source,
called ctlinfo.c. While I have several plans for ctlinfo.c, this first
cut just replaces calls to link & unlink in lpd/recvjob.c with a call
to a new routine which does a whole bunch of work.
The basic goal here is to sanity and safety-check all the lines in
an incoming 'control file' ("cf*") for jobs coming into lpd from
remote hosts. Once we can clean up problems when receiving those
jobs, there are other things we can do with less fear of causing
security or processing problems. For instance, we can finally fix
'lpr -s -r' processing for real (pr bin/5031).
I know Garrett is out-of-town/vacationing for awhile, so I don't
intend to commit this right away. I also intend to do some more
extensive testing of this at RPI (where I can keep an eye on it)
before committing. I'm sure I'll be making some minor adjustments
to the code based on that testing, but I wanted to get this general
idea out there in case others had the time to look it over and
comment on it. Note that this attempts to make up and cover a
multitude of sins in OTHER implementations of lpr, which makes
some of the code a little tricky to test. I mean, you need a
BROKEN lpr to send the kind of control files that this is trying
to fix... :-)
Of particular note, this does NOT remove any of the temporary
control files (which exist while receiving a job), because I
want to be able to test what my fancy control-file-rewriting
routine is doing. So, you wouldn't want to put THIS in production,
unless you were going to run 'lpc clean all' once a week or so.
Either that, or un-comment the two 'unlink()' calls at the end
of the ctl_renametf routine.
This is the first time I've written a whole new source file, so
I've also tossed in a "copyright section" which seemed about right,
but I'm certainly interested in any comments on that too.
I expect to be making and committing other "less interesting"
patches before committing this, but after this is committed then I
can start bringing in some of the more interesting changes that
I had been babbling about back before I got my committer bit
for working on lpr/lpd.
Anyway, here's the patch:
- - - - - - - - - - - -
Index: common_source/Makefile
===================================================================
RCS file: /home/ncvs/src/usr.sbin/lpr/common_source/Makefile,v
retrieving revision 1.5
diff -u -r1.5 Makefile
--- common_source/Makefile 1999/08/28 01:16:47 1.5
+++ common_source/Makefile 2001/06/28 00:22:01
@@ -6,8 +6,8 @@
# but the library makes it much easier to modularize them.
#
LIB= lpr
-SRCS= common.c displayq.c net.c printcap.c request.c rmjob.c \
- startdaemon.c
+SRCS= common.c ctlinfo.c displayq.c net.c printcap.c request.c \
+ rmjob.c startdaemon.c
NOMAN= noman
NOPROFILE= noprofile
NOPIC= nopic
Index: common_source/ctlinfo.c
===================================================================
RCS file: ctlinfo.c
diff -N ctlinfo.c
--- /dev/null Wed Jun 27 16:16:50 2001
+++ ctlinfo.c Wed Jun 27 17:22:01 2001
@@ -0,0 +1,590 @@
+/*
+ *
------+---------+---------+---------+---------+---------+---------+---------*
+ * Copyright (c) 2001 - Garance Alistair Drosehn <gad@FreeBSD.org>.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The views and conclusions contained in the software and documentation
+ * are those of the authors and should not be interpreted as representing
+ * official policies, either expressed or implied, of the FreeBSD Project.
+ *
+ *
------+---------+---------+---------+---------+---------+---------+---------*
+ */
+
+#include <ctype.h>
+#include <errno.h>
+#include <netdb.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <syslog.h>
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/syslimits.h>
+#include <sys/cdefs.h>
+
+#define roundup(x, y) ((((x)+((y)-1))/(y))*(y))
+
+/*
+ * This has to be large enough to fit the maximum length of a single line
+ * in a control-file, including the leading 'command id', a trailing '\n'
+ * and ending '\0'. The max size of an 'U'nlink line, for instance, is
+ * 1 ('U') + PATH_MAX (filename) + 2 ('\n\0'). The maximum 'H'ost line is
+ * 1 ('H') + NI_MAXHOST (remote hostname) + 2 ('\n\0'). Other lines can be
+ * even longer than those. So, pick some nice, large, arbitrary value.
+ */
+#define CTI_LINEMAX PATH_MAX+NI_MAXHOST+5
+
+/*
+ * ctlinfo - This collection of routines will know everything there is to
+ * know about the information inside a control file ('cf*') which is used
+ * to describe a print job in lpr & friends. The eventual goal is that it
+ * will be the ONLY source file to know what's inside these control-files.
+ */
+
+struct cjobinfo {
+ int cji_dfcount; /* number of data files to print */
+ int cji_uncount; /* number of unlink-file requests */
+ char *cji_class; /* class-name */
+ char *cji_fname; /* filename of the control file */
+ char *cji_jobname; /* job-name (for banner) */
+ char *cji_mailto; /* userid to send email to (or null) */
+ char *cji_orighost; /* host-of-origin for this job */
+ char *cji_origuser; /* userid who sent the job (ie, person
+ * who would be charged for it) */
+ char *cji_username; /* "literal" user-name (for banner) or
+ * NULL if no banner-page is wanted */
+};
+struct cjprivate {
+ struct cjobinfo pub;
+ char *cji_buff; /* buffer for getline */
+ char *cji_eobuff; /* end of initial malloc'ed area */
+ off_t cji_firstdf; /* where the first datafile
is listed */
+ FILE *cji_fstream;
+};
+
+extern const char *from_host; /* client's machine name */
+extern const char *from_ip; /* client machine's IP address */
+
+__BEGIN_DECLS
+void ctl_freeinf(struct cjobinfo *_cjinf);
+static char *ctl_getline(struct cjobinfo *_cjinf);
+struct cjobinfo *ctl_readcf(const char *_ptrname, const char *_cfname);
+void ctl_renametf(const char *_ptrname, const char *_tfname);
+static void ctl_rewindcf(struct cjobinfo *_cjinf);
+void ctl_rmjob(const char *_cfname);
+__END_DECLS
+
+/*
+ * Control-files (cf*) have the following format.
+ *
+ * Each control-file describes a single job. It will list one or more
+ * "datafiles" (df*) which should be copied to some printer. Usually
+ * there is only one datafile per job. For the curious, RFC 1179 is an
+ * informal and out-of-date description of lpr/lpd circa 1990.
+ *
+ * Each line in the file gives an attribute of the job as a whole, or one
+ * of the datafiles in the job, or a "command" indicating something to do
+ * with one of the datafiles. Each line starts with an 'id'
that indicates
+ * what that line is there for. The 'id' is historically a single byte,
+ * but may be multiple bytes (obviously it would be best if multi-byte ids
+ * started with some letter not already used as a single-byte id!).
+ * After the 'id', the remainder of the line will be the value of the
+ * indicated attribute, or a name of the datafile to be operated on.
+ *
+ * In the following lists of ids, the ids with a '!' in front of them are
+ * NOT explicitly supported by this version of lpd, or at least "not yet
+ * supported". They are only listed for reference purposes, so people
+ * won't be tempted to reuse the same id for a different purpose.
+ *
+ * The following are attributes of the job which should not appear more
+ * than once in a control file. Only the 'H' and 'P' lines are required
+ * by the RFC, but some implementations of lpr won't even get that right.
+ *
+ * ! A - [used by lprNG]
+ * B - As far as I know, this is never used as a single-byte id.
+ * Therefore, I intend to use it for multi-byte id codes.
+ * C - "class name" to display on banner page (this is sometimes
+ * used to hold options for print filters)
+ * ! D - [in lprNG, "timestamp" of when the job was submitted]
+ * ! E - "environment variables" to set [some versions of linux]
+ * H - "host name" of machine where the original 'lpr' was done
+ * I - "indent", the amount to indent output
+ * J - "job name" to display on banner page
+ * L - "literal" user's name as it should be displayed on the
+ * banner page (it is the existence of an 'L' line which
+ * indicates that a job should have a banner page).
+ * M - "mail", userid to mail to when done printing (with email
+ * going to 'M'@'H', so to speak).
+ * P - "person", the user's login name (e.g. for accounting)
+ * ! Q - [used by lprNG for queue-name]
+ * R - "resolution" in dpi, for some laser printer queues
+ * T - "title" for files sent thru 'pr'
+ * W - "width" to use for printing plain-text files
+ * Z - In BSD, "locale" to use for datafiles sent thru 'pr'.
+ * (this BSD usage should move to a different id...)
+ * [in lprNG - this line holds the "Z options"]
+ * 1 - "R font file" for files sent thru troff
+ * 2 - "I font file" for files sent thru troff
+ * 3 - "B font file" for files sent thru troff
+ * 4 - "S font file" for files sent thru troff
+ *
+ * The following are attributes attached to a datafile, and thus may
+ * appear multiple times in a control file (once per datafile):
+ *
+ * N - "name" of file (for display purposes, used by 'lpq')
+ * S - "stat() info" used for symbolic link ('lpr -s')
+ * security checks.
+ *
+ * The following indicate actions to take on a given datafile. The same
+ * datafile may appear on more than one "print this file" command in the
+ * control file. Note that ALL ids with lowercase letters are commands
+ * to "print this file":
+ *
+ * f - "file name", a plain-text file to print
+ * l - "file name", text file with control chars to print (some
+ * printers recognize this id as a request to print a
+ * postscript file)
+ * p - "file name", text file to print with pr(1)
+ * t - "file name", troff(1) file to print
+ * n - "file name", ditroff(1) file to print
+ * d - "file name", dvi file to print
+ * g - "file name", plot(1G) file to print
+ * v - "file name", plain raster file to print
+ * c - "file name", cifplot file to print
+ *
+ * U - "file name" of datafile to unlink (ie, remove file
+ * from spool directory. To be done in a 'Pass 2',
+ * AFTER having processed all datafiles in the job).
+ *
+ */
+
+void
+ctl_freeinf(struct cjobinfo *cjinf)
+{
+#define FREESTR(xStr) \
+ if (xStr != NULL) { \
+ free(xStr); \
+ xStr = NULL;\
+ }
+
+ struct cjprivate *cpriv;
+
+ if (cjinf == NULL)
+ return;
+
+ cpriv = (struct cjprivate *)cjinf;
+
+ FREESTR(cpriv->pub.cji_class);
+ /* [cpriv->pub.cji_fname is part of cpriv-malloced area] */
+ FREESTR(cpriv->pub.cji_jobname);
+ FREESTR(cpriv->pub.cji_mailto);
+ FREESTR(cpriv->pub.cji_orighost);
+ FREESTR(cpriv->pub.cji_origuser);
+ FREESTR(cpriv->pub.cji_username);
+
+ if (cpriv->cji_fstream != NULL) {
+ fclose(cpriv->cji_fstream);
+ cpriv->cji_fstream = NULL;
+ }
+
+ free(cpriv);
+#undef FREESTR
+}
+
+struct cjobinfo *
+ctl_readcf(const char *ptrname, const char *cfname)
+{
+ int id;
+ char *lbuff;
+ FILE *cfile;
+ struct cjprivate *cpriv;
+ size_t msize, sroom, sroom2;
+
+ cfile = fopen(cfname, "r");
+ if (cfile == NULL) {
+ syslog(LOG_ERR, "%s: ctl_readcf error open(%s): %s",
+ ptrname, cfname, strerror(errno));
+ return NULL;
+ }
+
+ sroom = roundup(sizeof(struct cjprivate), 8);
+ sroom2 = sroom + strlen(cfname) + 1;
+ sroom2 = roundup(sroom2, 8);
+ msize = sroom2 + CTI_LINEMAX;
+ msize = roundup(msize, 8);
+ cpriv = (struct cjprivate *)malloc(msize);
+ if (cpriv == NULL)
+ return NULL;
+ memset(cpriv, 0, msize);
+
+ cpriv->pub.cji_fname = (char *)(cpriv + sroom);
+ strcpy(cpriv->pub.cji_fname, cfname);
+ cpriv->cji_buff = (char *)(cpriv + sroom2);
+ cpriv->cji_eobuff = (char *)(cpriv + msize - 1);
+
+ cpriv->cji_fstream = cfile;
+
+ /*
+ * Copy job-attribute values from control file to the struct of
+ * "public" information. In some cases, it is invalid for the
+ * value to be a null-string, so that is ignored.
+ */
+ while ((lbuff = ctl_getline(&(cpriv->pub)))) {
+ id = *lbuff++;
+ switch (id) {
+ case 'C':
+ cpriv->pub.cji_class = strdup(lbuff);
+ break;
+ case 'H':
+ if (*lbuff == '\0')
+ break;
+ cpriv->pub.cji_orighost = strdup(lbuff);
+ break;
+ case 'J':
+ cpriv->pub.cji_jobname = strdup(lbuff);
+ break;
+ case 'L':
+ cpriv->pub.cji_username = strdup(lbuff);
+ break;
+ case 'M':
+ /*
+ * No valid mail-to address would start with a minus.
+ * If this one does, it is probably some trickster who
+ * is trying to trigger options on sendmail. Ignore.
+ */
+ if (*lbuff == '-')
+ break;
+ if (*lbuff == '\0')
+ break;
+ cpriv->pub.cji_mailto = strdup(lbuff);
+ break;
+ case 'P':
+ /* don't allow userid's with a leading minus, either */
+ if (*lbuff == '-')
+ break;
+ if (*lbuff == '\0')
+ break;
+ cpriv->pub.cji_origuser = strdup(lbuff);
+ break;
+ default:
+ if (islower(id)) {
+ cpriv->pub.cji_dfcount++;
+ }
+ break;
+ }
+ }
+
+ /* the 'H'ost and 'P'erson fields are *always* supposed to be there */
+ if (cpriv->pub.cji_orighost == NULL)
+ cpriv->pub.cji_orighost = strdup(".na.");
+ if (cpriv->pub.cji_origuser == NULL)
+ cpriv->pub.cji_origuser = strdup(".na.");
+
+ return &(cpriv->pub);
+}
+
+/*
+ * This routine renames the temporary control file as received from some
+ * other (remote) host. That file will always start with 'tfA*', because
+ * that's the name it is created with in recvjob.c. This will rewrite
+ * the file to 'tfB*' (correcting any lines which need correcting), rename
+ * 'tfB*' to 'cfA*', and then remove the original 'tfA*' file.
+ *
+ * The purpose of this routine is to be a little paranoid about the contents
+ * of that control file. It is partially meant to protect against people
+ * TRYING to cause trouble (perhaps after breaking into root of some host
+ * that this host will accept print jobs from). The fact that we're willing
+ * to print jobs from some remote host does not mean that we should blindly
+ * do anything that host tells us to do.
+ *
+ * This is also meant to protect us from errors in other implementations of
+ * lpr, particularly since we may want to use some values from the control
+ * file as environment variables when it comes time to print, or as parameters
+ * to commands which will be exec'ed, or values in statistics records.
+ *
+ * This may also do some "conversions" between how different versions of
+ * lpr or lprNG define the contents of various lines in a control file.
+ */
+void
+ctl_renametf(const char *ptrname, const char *tfname)
+{
+ int res, nogood;
+ FILE *newcf;
+ struct cjobinfo *cjinf;
+ char *lbuff, *slash, *cp;
+ char tfname2[NAME_MAX+1], cfname2[NAME_MAX+1];
+
+ if (strncmp(tfname, "tfA", 3) != 0) {
+ syslog(LOG_ERR, "%s: ctl_renametf invalid filename: %s",
+ ptrname, tfname);
+ return;
+ }
+
+ cjinf = ctl_readcf(ptrname, tfname);
+ if (cjinf == NULL)
+ return; /* error msg already printed */
+
+ strlcpy(tfname2, tfname, sizeof(tfname2));
+ tfname2[2] = 'B'; /* tfB<job><hostname> */
+ newcf = fopen(tfname2, "w");
+ if (newcf == NULL) {
+ syslog(LOG_ERR, "%s: ctl_renametf error open(%s): %s",
+ ptrname, tfname2, strerror(errno));
+ goto error_ret;
+ }
+
+ /*
+ * Do extra sanity checks on some key job-attribute fields, and
+ * write them out first (thus making sure they are written in the
+ * order we generally expect them to be in).
+ */
+ /*
+ * Some lpr implementations on PC's set a null-string for their
+ * hostname. A MacOS 10 system which has not correctly setup
+ * /etc/hostconfig will claim a hostname of 'localhost'. Anything
+ * with blanks in it would be an invalid value for hostname. For
+ * any of these invalid hostname values, replace the given value
+ * with the name of the host that this job is coming from.
+ */
+ nogood = 0;
+ if (cjinf->cji_orighost == NULL)
+ nogood = 1;
+ else if (strcmp(cjinf->cji_orighost, ".na.") == NULL)
+ nogood = 1;
+ else if (strcmp(cjinf->cji_orighost, "localhost") == NULL)
+ nogood = 1;
+ else {
+ for (cp = cjinf->cji_orighost; *cp != '\0'; cp++) {
+ if (*cp <= ' ') {
+ nogood = 1;
+ break;
+ }
+ }
+ }
+ if (nogood)
+ fprintf(newcf, "H%s\n", from_host);
+ else
+ fprintf(newcf, "H%s\n", cjinf->cji_orighost);
+
+ /*
+ * Now do some sanity checks on the 'P' (original userid) value. Note
+ * that the 'P'erson line is the second one which is ALWAYS supposed
+ * to be present in a control file.
+ *
+ * There is no particularly good value to use for replacements, but
+ * at least make sure the value is something reasonable to use in
+ * environment variables and statistics records. Again, some PC
+ * implementations send a null-string for a value. Various Mac
+ * implementations will set whatever string the user has set for
+ * their 'Owner Name', which usually includes blanks, etc.
+ */
+ nogood = 0;
+ if (cjinf->cji_origuser == NULL)
+ nogood = 1;
+ else {
+ for (cp = cjinf->cji_origuser; *cp != '\0'; cp++) {
+ if (*cp <= ' ')
+ *cp = '_';
+ }
+ }
+ if (nogood)
+ fprintf(newcf, "P%s\n", ".na.");
+ else
+ fprintf(newcf, "P%s\n", cjinf->cji_origuser);
+
+ /* No need for sanity checks on class, jobname, "literal" user. */
+ if (cjinf->cji_class != NULL)
+ fprintf(newcf, "C%s\n", cjinf->cji_class);
+ if (cjinf->cji_jobname != NULL)
+ fprintf(newcf, "J%s\n", cjinf->cji_jobname);
+ if (cjinf->cji_username != NULL)
+ fprintf(newcf, "L%s\n", cjinf->cji_username);
+
+ /* should probably add more sanity checks on mailto value */
+ nogood = 0;
+ if (cjinf->cji_mailto == NULL)
+ nogood = 1;
+ else {
+ for (cp = cjinf->cji_origuser; *cp != '\0'; cp++) {
+ if (*cp <= ' ') {
+ nogood = 1;
+ break;
+ }
+ }
+ }
+ if (!nogood)
+ fprintf(newcf, "M%s\n", cjinf->cji_mailto);
+
+ /*
+ * Now go thru the old control file, copying all information which
+ * hasn't already been written into the new file.
+ */
+ ctl_rewindcf(cjinf);
+ while ((lbuff = ctl_getline(cjinf))) {
+ switch (lbuff[0]) {
+ case 'H':
+ case 'P':
+ case 'C':
+ case 'J':
+ case 'L':
+ case 'M':
+ /* already wrote values for these to the newcf */
+ break;
+ case 'N':
+ /* see comments under 'U'... */
+ if (cjinf->cji_dfcount == 0) {
+ /* in this case, 'N's will be done in 'U' */
+ break;
+ }
+ fprintf(newcf, "%s\n", lbuff);
+ break;
+ case 'U':
+ /*
+ * check for the very common case where the remote
+ * host had to process 'lpr -s -r', but it did not
+ * remove the Unlink line from the control file.
+ * Such Unlink lines will legitimately have a '/' in
+ * them, but it is the original lpr host which would
+ * have done the unlink of such files, and not any
+ * host receiving that job.
+ */
+ slash = strchr(lbuff, '/');
+ if (slash != NULL) {
+ break; /* skip this line */
+ }
+ /*
+ * Okay, another kind of broken lpr implementation
+ * is one which send datafiles, and Unlink's those
+ * datafiles, but never includes any PRINT request
+ * for those files. Experimentation shows that one
+ * copy of those datafiles should be printed with a
+ * format of 'f'. If this is an example of such a
+ * screwed-up control file, fix it here.
+ */
+ if (cjinf->cji_dfcount == 0) {
+ lbuff++;
+ if (strncmp(lbuff, "df", 2) == 0) {
+ fprintf(newcf, "f%s\n", lbuff);
+ fprintf(newcf, "U%s\n", lbuff);
+ fprintf(newcf, "N%s\n", lbuff);
+ }
+ break;
+ }
+ fprintf(newcf, "%s\n", lbuff);
+ break;
+ default:
+ fprintf(newcf, "%s\n", lbuff);
+ break;
+ }
+ }
+
+ ctl_freeinf(cjinf);
+ cjinf = NULL;
+ res = fclose(newcf);
+ if (newcf == NULL) {
+ syslog(LOG_ERR, "%s: ctl_renametf error fclose(%s): %s",
+ ptrname, tfname2, strerror(errno));
+ goto error_ret;
+ }
+
+ strlcpy(cfname2, tfname, sizeof(cfname2));
+ cfname2[0] = 'c'; /* rename new file to 'cfA*' */
+ res = link(tfname2, cfname2);
+ if (res != 0) {
+ syslog(LOG_ERR, "%s: ctl_renametf error link(%s,%s): %s",
+ ptrname, tfname2, cfname2, strerror(errno));
+ goto error_ret;
+ }
+ /* not yet
+ unlink(tfname);
+ unlink(tfname2);
+ */
+
+ return;
+
+error_ret:
+ if (cjinf != NULL)
+ ctl_freeinf(cjinf);
+ if (newcf != NULL)
+ fclose(newcf);
+}
+
+void
+ctl_rmjob(const char *cfname __unused)
+{
+
+}
+
+/*
+ * Editorial note:
+ * I have no idea why the original getline() routine was expanding tabs
+ * when reading in control file lines, but it has always been implemented
+ * that way. Perhaps for the benefit of class, jobname, and "literal-user"
+ * fields, but it seems pretty stupid to me (particularly for most of other
+ * fields, like datafile names!). This routine could be much simpler if
+ * it did not look to expand tabs, but I'll leave it this way for the sake
+ * of compatibility and because I don't know what depends on it.
+ */
+static char *
+ctl_getline(struct cjobinfo *cjinf)
+{
+ FILE *cfile;
+ int c, linel;
+ char *bp, *endp;
+ struct cjprivate *cpriv;
+
+ cpriv = (struct cjprivate *)cjinf;
+ cfile = cpriv->cji_fstream;
+ bp = cpriv->cji_buff;
+ endp = cpriv->cji_eobuff;
+ /* XXX - should add safety checks on values for cjinf & cji_buff */
+
+ linel = 0;
+ while ((c = getc(cfile)) != '\n' && bp < endp) {
+ if (c == EOF)
+ return NULL;
+ if (c == '\t') {
+ do {
+ *bp++ = ' ';
+ linel++;
+ } while ((linel & 07) != 0 && bp < endp);
+ continue;
+ }
+ *bp++ = c;
+ linel++;
+ }
+ *bp++ = '\0';
+ return cpriv->cji_buff;
+}
+
+void
+ctl_rewindcf(struct cjobinfo *cjinf)
+{
+ struct cjprivate *cpriv;
+
+ cpriv = (struct cjprivate *)cjinf;
+ /* XXX - should add safety check on value for cjinf */
+
+ rewind(cpriv->cji_fstream); /* assume no errors... :-) */
+}
Index: common_source/lp.h
===================================================================
RCS file: /home/ncvs/src/usr.sbin/lpr/common_source/lp.h,v
retrieving revision 1.17
diff -u -r1.17 lp.h
--- common_source/lp.h 2001/06/15 22:03:02 1.17
+++ common_source/lp.h 2001/06/28 00:22:01
@@ -267,6 +267,7 @@
char *pcaperr(int _error);
void prank(int _n);
void process(const struct printer *_pp, char *_file);
+void ctl_renametf(const char *_ptrname, const char *_tfname);
void rmjob(const char *_printer);
void rmremote(const struct printer *_pp);
void setprintcap(char *_newfile);
Index: lpd/recvjob.c
===================================================================
RCS file: /home/ncvs/src/usr.sbin/lpr/lpd/recvjob.c,v
retrieving revision 1.20
diff -u -r1.20 recvjob.c
--- lpd/recvjob.c 2001/06/15 22:03:04 1.20
+++ lpd/recvjob.c 2001/06/28 00:22:01
@@ -203,9 +203,8 @@
rcleanup(0);
continue;
}
- if (link(tfname, cp) < 0)
- frecverr("%s: %m", tfname);
- (void) unlink(tfname);
+ /* XXX - no error indication, thus no abort on error */
+ ctl_renametf(pp->printer, tfname);
tfname[0] = '\0';
cfcnt++;
continue;
--
Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu
Senior Systems Programmer or gad@freebsd.org
Rensselaer Polytechnic Institute or drosih@rpi.edu
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p0510100db760298f4bb4>