1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22 /*
23 * Copyright 2010 Sun Microsystems, Inc. All rights reserved.
24 * Use is subject to license terms.
25 *
26 */
27
28 /* $Id: lpd-port.c 155 2006-04-26 02:34:54Z ktou $ */
29
30 #include <config-site.h>
31
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <unistd.h>
35 #include <sys/types.h>
36 #include <sys/stat.h>
37 #include <fcntl.h>
38 #include <stdarg.h>
39 #include <string.h>
40 #include <signal.h>
41 #include <sys/socket.h>
42 #include <netinet/in.h>
43 #include <arpa/inet.h>
44 #include <netdb.h>
45 #include <errno.h>
46 #include <syslog.h>
47 #include <values.h>
48 #include <stropts.h> /* for sendfd */
49 #include <sys/uio.h> /* for sendmsg stuff */
50 #include <pwd.h>
51 #include <sys/sendfile.h>
52 #include <ctype.h>
53 #ifdef HAVE_PRIV_H
54 #include <priv.h>
55 #endif
56
57 #ifndef JOB_ID_FILE
58 #define JOB_ID_FILE "/var/run/rfc-1179.seq"
59 #endif /* JOB_ID_FILE */
60
61 static int
sendfd(int sockfd,int fd)62 sendfd(int sockfd, int fd)
63 {
64 syslog(LOG_DEBUG, "sendfd(%d, %d)", sockfd, fd);
65
66 #if defined(sun) && defined(unix) && defined(I_SENDFD)
67 return (ioctl(sockfd, I_SENDFD, fd));
68 #else
69 struct iovec iov[1];
70 struct msghdr msg;
71 #ifdef CMSG_DATA
72 struct cmsghdr cmp[1];
73 char buf[2]; /* send/recv 2 byte protocol */
74
75 iov[0].iov_base = buf;
76 iov[0].iov_len = 2;
77
78 cmp[0].cmsg_level = SOL_SOCKET;
79 cmp[0].cmsg_type = SCM_RIGHTS;
80 cmp[0].cmsg_len = sizeof (struct cmsghdr) + sizeof (int);
81 * (int *)CMSG_DATA(cmp) = fd;
82
83 buf[1] = 0;
84 buf[0] = 0;
85 msg.msg_control = cmp;
86 msg.msg_controllen = sizeof (struct cmsghdr) + sizeof (int);
87 #else
88 iov[0].iov_base = NULL;
89 iov[0].iov_len = 0;
90 msg.msg_accrights = (caddr_t)&fd;
91 msg.msg_accrights = sizeof (fd);
92 #endif
93 msg.msg_iov = iov;
94 msg.msg_iovlen = 1;
95 msg.msg_name = NULL;
96 msg.msg_namelen = 0;
97
98 return (sendmsg(sockfd, &msg, 0));
99 #endif
100 }
101
102 static void
null(int i)103 null(int i)
104 {
105 }
106
107 static int
sock_connect(int sock,char * host,int timeout)108 sock_connect(int sock, char *host, int timeout)
109 {
110 struct hostent *hp;
111 struct servent *sp;
112 #if defined(HAVE_GETIPNODEBYNAME) && defined(HAVE_RRESVPORT_AF)
113 struct sockaddr_in6 sin;
114 #else
115 struct sockaddr_in sin;
116 #endif
117 static void (*old_handler)();
118 int err, error_num;
119 unsigned timo = 1;
120
121 /*
122 * Get the host address and port number to connect to.
123 */
124 if (host == NULL) {
125 return (-1);
126 }
127
128 /* linux style NULL usage */
129 (void) memset((char *)&sin, (int)NULL, sizeof (sin));
130
131 #if defined(HAVE_GETIPNODEBYNAME) && defined(HAVE_RRESVPORT_AF)
132 if ((hp = getipnodebyname(host, AF_INET6, AI_DEFAULT,
133 &error_num)) == NULL) {
134 errno = ENOENT;
135 return (-1);
136 }
137 (void) memcpy((caddr_t)&sin.sin6_addr, hp->h_addr, hp->h_length);
138 sin.sin6_family = hp->h_addrtype;
139 #else
140 if ((hp = gethostbyname(host)) == NULL) {
141 errno = ENOENT;
142 return (-1);
143 }
144
145 (void) memcpy((caddr_t)&sin.sin_addr, hp->h_addr, hp->h_length);
146 sin.sin_family = hp->h_addrtype;
147 #endif
148
149 if ((sp = getservbyname("printer", "tcp")) == NULL) {
150 errno = ENOENT;
151 return (-1);
152 }
153
154 #if defined(HAVE_GETIPNODEBYNAME) && defined(HAVE_RRESVPORT_AF)
155 sin.sin6_port = sp->s_port;
156 #else
157 sin.sin_port = sp->s_port;
158 #endif
159
160 retry:
161 old_handler = signal(SIGALRM, null);
162 (void) alarm(timeout);
163
164 if (connect(sock, (struct sockaddr *)&sin, sizeof (sin)) < 0) {
165 (void) alarm(0);
166 (void) signal(SIGALRM, old_handler);
167
168 if (errno == ECONNREFUSED && timo <= 16) {
169 (void) sleep(timo);
170 timo *= 2;
171 goto retry;
172 }
173
174 return (-1);
175 }
176
177 (void) alarm(0);
178 (void) signal(SIGALRM, old_handler);
179 return (sock);
180 }
181
182 static int
next_job_id()183 next_job_id()
184 {
185 int fd, result = getpid() % 1000;
186
187 /* gain back enough privilege to open the id file */
188 #ifdef PRIV_ALLSETS
189 if ((priv_set(PRIV_ON, PRIV_EFFECTIVE,
190 PRIV_FILE_DAC_READ, PRIV_FILE_DAC_WRITE, NULL)) < 0) {
191 syslog(LOG_ERR, "lpd_port:next_job_id:priv_set fails: : %m");
192 return (-1);
193 }
194 #else
195 seteuid(0);
196 #endif
197
198 /* open the sequence file */
199 if (((fd = open(JOB_ID_FILE, O_RDWR)) < 0) && (errno == ENOENT))
200 fd = open(JOB_ID_FILE, O_CREAT|O_EXCL|O_RDWR, 0644);
201
202 syslog(LOG_DEBUG, "sequence file fd: %d", fd);
203
204 /* drop our privilege again */
205 #ifdef PRIV_ALLSETS
206 /* drop file access privilege */
207 priv_set(PRIV_OFF, PRIV_PERMITTED,
208 PRIV_FILE_DAC_READ, PRIV_FILE_DAC_WRITE, NULL);
209 #else
210 seteuid(getuid());
211 #endif
212
213 if (fd >= 0) {
214 /* wait for a lock on the file */
215 if (lockf(fd, F_LOCK, 0) == 0) {
216 char buf[8];
217 int next;
218
219 /* get the current id */
220 (void) memset(buf, 0, sizeof (buf));
221 if (read(fd, buf, sizeof (buf)) > 0)
222 result = atoi(buf);
223
224 next = ((result < 999) ? (result + 1) : 0);
225
226 /* store the next id in the file */
227 snprintf(buf, sizeof (buf), "%.3d", next);
228 if ((lseek(fd, 0, SEEK_SET) == 0) &&
229 (ftruncate(fd, 0) == 0))
230 write(fd, buf, strlen(buf));
231 }
232 close(fd);
233 }
234 syslog(LOG_DEBUG, "next_job_id() is %d", result);
235
236 return (result);
237 }
238
239 static int
reserved_port()240 reserved_port()
241 {
242 int result = -1;
243 int port;
244
245 /* gain back enough privilege to open a reserved port */
246 #ifdef PRIV_ALLSETS
247 if ((priv_set(
248 PRIV_ON, PRIV_EFFECTIVE, PRIV_NET_PRIVADDR, NULL)) != 0) {
249 syslog(LOG_ERR, "priv_set fails for net_privaddr %m");
250 return (-1);
251 }
252 #else
253 seteuid(0);
254 #endif
255
256 #if defined(HAVE_GETIPNODEBYNAME) && defined(HAVE_RRESVPORT_AF)
257 port = 0; /* set to 0, rresvport_af() will find us one. */
258 result = rresvport_af(&port, AF_INET6);
259 #else
260 port = IPPORT_RESERVED - 1;
261 while (((result = rresvport(&port)) < 0) && (port >= 0))
262 port--;
263 #endif
264
265 /* drop our privilege again */
266 #ifdef PRIV_ALLSETS
267 priv_set(PRIV_OFF, PRIV_PERMITTED, PRIV_NET_PRIVADDR, NULL);
268 #else
269 seteuid(getuid());
270 #endif
271
272 return (result);
273 }
274
275 static char *
get_user_name()276 get_user_name()
277 {
278 static struct passwd *p = NULL;
279
280 if ((p = getpwuid(getuid())) != NULL)
281 return (p->pw_name);
282 else
283 return ("unknown");
284 }
285
286 static void
add_args(int ac,char ** av,char * buf,size_t len)287 add_args(int ac, char **av, char *buf, size_t len)
288 {
289 while (ac--) {
290 strlcat(buf, " ", len);
291 strlcat(buf, *(av++), len);
292 }
293 }
294
295 static int
massage_control_data(char * data,int id)296 massage_control_data(char *data, int id)
297 {
298 char *line, *iter = NULL;
299 char *ptr, *mod_ptr, *datacpy;
300 char host[BUFSIZ];
301 int host_present = 0;
302
303 if (gethostname(host, sizeof (host)) != 0)
304 return (-1);
305
306 if ((datacpy = strdup(data)) == NULL) {
307 return (-1);
308 }
309
310 for (ptr = strtok_r(datacpy, "\n", &iter); ptr != NULL;
311 ptr = strtok_r(NULL, "\n", &iter)) {
312
313 if (ptr[0] == 'H') {
314 if (strncmp(++ptr, host, strlen(host)) != 0) {
315 free(datacpy);
316 return (-1);
317 }
318 host_present = 1;
319 } else if ((ptr[0] == 'P') || (ptr[0] == 'L')) {
320 /* check the user name */
321 uid_t uid = getuid();
322 struct passwd *pw;
323 int len;
324
325 if (uid == 0) { /* let root do what they want */
326 continue;
327 }
328 if ((pw = getpwuid(uid)) == NULL) {
329 free(datacpy);
330 return (-1); /* failed */
331 }
332 len = strlen(pw->pw_name);
333 if ((strncmp(++ptr, pw->pw_name, len) != 0)) {
334 free(datacpy);
335 return (-1); /* failed */
336 }
337 } else if ((islower(ptr[0]) != 0) || (ptr[0] == 'U')) {
338 /* check/fix df?XXXhostname */
339 ptr++;
340
341 if (strlen(ptr) < 6) {
342 free(datacpy);
343 return (-1);
344 }
345
346 /*
347 * As ptr is a copy of the string (df?XXX...) the code
348 * needs to work on the original, hence the need for
349 * mod_ptr. No need to check for a NULL mod_ptr
350 * because the required string must already exist as
351 * ptr is a copy of the original data.
352 */
353
354 mod_ptr = strstr(data, ptr);
355
356 if ((mod_ptr[0] == 'd') && (mod_ptr[1] == 'f') &&
357 (mod_ptr[3] == 'X') && (mod_ptr[4] == 'X') &&
358 (mod_ptr[5] == 'X')) {
359 mod_ptr[3] = '0' + (id / 100) % 10;
360 mod_ptr[4] = '0' + (id / 10) % 10;
361 mod_ptr[5] = '0' + id % 10;
362
363 if (strncmp(&mod_ptr[6], host, strlen(host))
364 != 0) {
365 free(datacpy);
366 return (-1);
367 }
368 } else {
369 free(datacpy);
370 return (-1);
371 }
372 }
373
374 }
375 free(datacpy);
376
377 if (!host_present) {
378 return (-1);
379 }
380
381 return (1);
382 }
383
384 static int
send_lpd_message(int fd,char * fmt,...)385 send_lpd_message(int fd, char *fmt, ...)
386 {
387 char buf[BUFSIZ];
388 size_t size;
389 va_list ap;
390
391 va_start(ap, fmt);
392 size = vsnprintf(buf, sizeof (buf), fmt, ap);
393 va_end(ap);
394 if (size == 0)
395 size = 1;
396
397 syslog(LOG_DEBUG, "lpd_messsage(%d, %s)", fd, buf);
398
399 if (write(fd, buf, size) != size) {
400 errno = EIO;
401 return (-1);
402 }
403
404 if ((read(fd, buf, 1) != 1) || (buf[0] != 0))
405 return (-1);
406
407 return (0);
408 }
409
410 static int
send_data_file(int sock,char * dfname,char * name)411 send_data_file(int sock, char *dfname, char *name)
412 {
413 size_t len;
414 off_t off = 0;
415 struct stat st;
416 char buf[32];
417 int fd = -1;
418
419 if (strcmp(name, "standard input") != 0) {
420 if ((fd = open(name, O_RDONLY)) < 0)
421 return (-1);
422
423 if (fstat(fd, &st) < 0)
424 return (-1);
425 } else
426 st.st_size = MAXINT; /* should be 0 */
427
428 /* request data file transfer, read ack/nack */
429 errno = ENOSPC;
430 if (send_lpd_message(sock, "\003%d %s\n", st.st_size, dfname) < 0)
431 return (-1);
432
433 if (fd != -1) {
434 /* write the data */
435 if (sendfile(sock, fd, &off, st.st_size) != st.st_size)
436 return (-1);
437 close(fd);
438
439 /* request ack/nack after the data transfer */
440 errno = EIO;
441 if (send_lpd_message(sock, "") < 0)
442 return (-1);
443 }
444
445 return (0);
446 }
447
448 static int
send_control_file(int sock,char * data,int id)449 send_control_file(int sock, char *data, int id)
450 {
451 int len;
452 char buf[BUFSIZ];
453 char *ptr, *iter = NULL;
454 char *datacpy = NULL;
455 char *host = NULL;
456
457 len = strlen(data);
458
459 if ((datacpy = strdup(data)) == NULL)
460 return (-1);
461
462 syslog(LOG_DEBUG, "cfA: %s\n", datacpy);
463
464 for (ptr = strtok_r(datacpy, "\n", &iter); ptr != NULL;
465 ptr = strtok_r(NULL, "\n", &iter)) {
466
467 if (ptr[0] != 'H')
468 continue;
469
470 ptr++;
471 host = ptr;
472 syslog(LOG_DEBUG, "hostname: %s\n", host);
473 }
474
475 free(datacpy);
476
477 /* request data file transfer, read ack/nack */
478 errno = ENOSPC;
479 if (send_lpd_message(sock, "\002%d cfA%.3d%s\n", len, id, host) < 0)
480 return (-1);
481
482 /* write the data */
483 if (write(sock, data, len) != len)
484 return (-1);
485
486 /* request ack/nack after the data transfer */
487 errno = EIO;
488 if (send_lpd_message(sock, "") < 0)
489 return (-1);
490
491 return (0);
492 }
493
494
495 static int
submit_job(int sock,char * printer,int job_id,char * path)496 submit_job(int sock, char *printer, int job_id, char *path)
497 {
498 struct stat st;
499 int current = 0;
500 off_t off = 0;
501 char *metadata = NULL;
502 char *ptr, *iter = NULL;
503 int fd, err;
504 int sent_files = 0;
505 char buf[BUFSIZ];
506 size_t len;
507
508 /* open the control file */
509 if ((fd = open(path, O_RDONLY)) < 0) {
510 syslog(LOG_ERR, "submit_job(%d, %s, %d, %s): open(): %m",
511 sock, printer, job_id, path);
512 return (-1);
513 }
514
515 /* get the size of the control file */
516 if (fstat(fd, &st) < 0) {
517 syslog(LOG_ERR, "submit_job(%d, %s, %d, %s): fstat(): %m",
518 sock, printer, job_id, path);
519 close(fd);
520 return (-1);
521 }
522
523 /* allocate memory for the control file */
524 if ((metadata = calloc(1, st.st_size + 1)) == NULL) {
525 syslog(LOG_ERR, "submit_job(%d, %s, %d, %s): calloc(): %m",
526 sock, printer, job_id, path);
527 close(fd);
528 return (-1);
529 }
530
531 /* read in the control file */
532 if (read(fd, metadata, st.st_size) != st.st_size) {
533 syslog(LOG_ERR, "submit_job(%d, %s, %d, %s): read(): %m",
534 sock, printer, job_id, path);
535 free(metadata);
536 close(fd);
537 return (-1);
538 }
539
540 /* massage the control file */
541 if (massage_control_data(metadata, job_id) < 0) {
542 /* bad control data, dump the job */
543 syslog(LOG_ALERT,
544 "bad control file, possible subversion attempt");
545 free(metadata);
546 errno = EINVAL;
547 close(fd);
548 return (-1);
549 }
550
551 /* request to transfer the job */
552 if (send_lpd_message(sock, "\002%s\n", printer) < 0) {
553 /* no such (or disabled) queue, got to love rfc-1179 */
554 errno = ENOENT;
555 return (-1);
556 }
557
558 /* send the control data */
559 if (send_control_file(sock, metadata, job_id) < 0) {
560 err = errno;
561 write(sock, "\001\n", 2); /* abort */
562 errno = err;
563 return (-1);
564 }
565
566 /* walk the control file sending the data files */
567 for (ptr = strtok_r(metadata, "\n", &iter); ptr != NULL;
568 ptr = strtok_r(NULL, "\n", &iter)) {
569 char *name = NULL;
570
571 if (ptr[0] != 'U')
572 continue;
573
574 name = strtok_r(NULL, "\n", &iter);
575 if (name[0] != 'N')
576 continue;
577
578 ptr++;
579 name++;
580
581 if (send_data_file(sock, ptr, name) < 0) {
582 err = errno;
583 write(sock, "\001\n", 2); /* abort */
584 errno = err;
585 return (-1);
586 }
587 if (strcmp(name, "standard input") != 0)
588 sent_files++;
589 }
590
591 /* write back the job-id */
592 err = errno;
593 if ((fd = open(path, O_WRONLY)) >= 0) {
594 ftruncate(fd, 0);
595 write(fd, &job_id, sizeof (job_id));
596 close(fd);
597 }
598 errno = err;
599
600 if (sent_files != 0) {
601 err = errno;
602 close(sock);
603 errno = err;
604 }
605
606 return (0);
607 }
608 static int
query(int fd,char * printer,int ac,char ** av)609 query(int fd, char *printer, int ac, char **av)
610 {
611 char buf[BUFSIZ];
612 int rc, len;
613
614 /* build the request */
615 snprintf(buf, sizeof (buf), "\04%s", printer);
616 add_args(ac, av, buf, sizeof (buf));
617 strlcat(buf, "\n", sizeof (buf));
618 len = strlen(buf);
619
620 if (((rc = write(fd, buf, len)) >= 0) && (rc != len)) {
621 errno = EMSGSIZE;
622 rc = -1;
623 } else
624 rc = 0;
625
626 return (rc);
627 }
628
629 static int
cancel(int fd,char * printer,int ac,char ** av)630 cancel(int fd, char *printer, int ac, char **av)
631 {
632 char buf[BUFSIZ];
633 int rc, len;
634
635 /* build the request */
636 snprintf(buf, sizeof (buf), "\05%s %s", printer, get_user_name());
637 add_args(ac, av, buf, sizeof (buf));
638 strlcat(buf, "\n", sizeof (buf));
639 len = strlen(buf);
640
641 if (((rc = write(fd, buf, len)) >= 0) && (rc != len)) {
642 errno = EMSGSIZE;
643 rc = -1;
644 } else
645 rc = 0;
646
647 return (rc);
648 }
649
650 static void
usage(char * program)651 usage(char *program)
652 {
653 char *name;
654
655 setreuid(getuid(), getuid());
656
657 if ((name = strrchr(program, '/')) == NULL)
658 name = program;
659 else
660 name++;
661
662 fprintf(stderr, "usage:\t%s -H host [-t timeout] -s queue control ]\n",
663 name);
664 fprintf(stderr, "\t%s -H host [-t timeout] -c queue [user|job ...]\n",
665 name);
666 fprintf(stderr, "\t%s -H host [-t timeout] -q queue [user|job ...]\n",
667 name);
668 exit(EINVAL);
669 }
670
671 /*
672 * The main program temporarily loses privilege while searching the command
673 * line arguments. It then allocates any resources it need privilege for
674 * job-id, reserved port. Once it has the resources it needs, it perminently
675 * drops all elevated privilege. It ghen connects to the remote print service
676 * based on destination hostname. Doing it this way reduces the potenential
677 * opportunity for a breakout with elevated privilege, breakout with an
678 * unconnected reserved port, and exploitation of the remote print service
679 * by a calling program.
680 */
681 int
main(int ac,char * av[])682 main(int ac, char *av[])
683 {
684 enum { OP_NONE, OP_SUBMIT, OP_QUERY, OP_CANCEL } operation = OP_NONE;
685 int fd, c, timeout = 0, exit_code = 0;
686 char *host = NULL, *queue = NULL;
687 uid_t uid = getuid();
688 #ifdef PRIV_ALLSETS
689 priv_set_t *saveset;
690 #endif
691
692 openlog("lpd-port", LOG_PID, LOG_LPR);
693
694 #ifdef PRIV_ALLSETS
695
696 /* lose as much as we can perminently and temporarily drop the rest. */
697
698 if ((saveset = priv_allocset()) == NULL) {
699 syslog(LOG_ERR, "lpd_port: priv_allocset saveset failed: %m\n");
700 return (-1);
701 }
702
703 priv_basicset(saveset);
704 (void) priv_addset(saveset, PRIV_NET_PRIVADDR);
705 (void) priv_addset(saveset, PRIV_FILE_DAC_READ);
706 (void) priv_addset(saveset, PRIV_FILE_DAC_WRITE);
707
708 if ((setppriv(PRIV_SET, PRIV_PERMITTED, saveset)) < 0) {
709 syslog(LOG_ERR, "lpd_port:setppriv:priv_set failed: %m");
710 return (-1);
711 }
712
713 priv_freeset(saveset);
714
715 /*
716 * These privileges permanently dropped in next_job_id() and
717 * reserved_port()
718 */
719
720 if (priv_set(PRIV_OFF, PRIV_EFFECTIVE, PRIV_NET_PRIVADDR,
721 PRIV_FILE_DAC_READ, PRIV_FILE_DAC_WRITE, (char *)NULL) < 0) {
722 syslog(LOG_ERR, "lpd_port:priv_set:priv_off failed: %m");
723 return (-1);
724 }
725
726 syslog(LOG_DEBUG, "using privs");
727 #else
728
729 syslog(LOG_DEBUG, "no privs");
730 seteuid(uid);
731 #endif
732
733 while ((c = getopt(ac, av, "H:t:c:q:s:")) != EOF) {
734 switch (c) {
735 case 'H':
736 host = optarg;
737 break;
738 case 't':
739 timeout = atoi(optarg);
740 break;
741 case 'c':
742 if (operation != OP_NONE)
743 usage(av[0]);
744 operation = OP_CANCEL;
745 queue = optarg;
746 break;
747 case 'q':
748 if (operation != OP_NONE)
749 usage(av[0]);
750 operation = OP_QUERY;
751 queue = optarg;
752 break;
753 case 's':
754 if (operation != OP_NONE)
755 usage(av[0]);
756 operation = OP_SUBMIT;
757 queue = optarg;
758 break;
759 default:
760 usage(av[0]);
761 /* does not return */
762 }
763 }
764
765 if ((host == NULL) || (queue == NULL) || (timeout < 0) ||
766 (operation == OP_NONE))
767 usage(av[0]);
768
769 if (operation == OP_SUBMIT) /* get a job-id if we need it */
770 if ((c = next_job_id()) < 0) {
771 syslog(LOG_ERR, "lpd_port:main:next_job_id fails");
772 return (-1);
773 }
774
775 if ((fd = reserved_port()) < 0) {
776 syslog(LOG_ERR, "reserved_port() failed %m");
777 return (errno);
778 }
779
780 /*
781 * we no longer want or need any elevated privilege, lose it all
782 * permanently.
783 */
784
785 setreuid(uid, uid);
786
787 /* connect to the print service */
788 if ((fd = sock_connect(fd, host, timeout)) < 0)
789 return (errno);
790
791 /* perform the requested operation */
792 switch (operation) {
793 case OP_SUBMIT: /* transfer the job, close the fd */
794 if (submit_job(fd, queue, c, av[optind]) < 0)
795 exit_code = errno;
796 break;
797 case OP_QUERY: /* send the query string, return the fd */
798 if (query(fd, queue, ac - optind, &av[optind]) < 0)
799 exit_code = errno;
800 break;
801 case OP_CANCEL: /* send the cancel string, return the fd */
802 if (cancel(fd, queue, ac - optind, &av[optind]) < 0)
803 exit_code = errno;
804 break;
805 default: /* This should never happen */
806 exit_code = EINVAL;
807 }
808
809
810 /* if the operation succeeded, send the fd to our parent */
811 if ((exit_code == 0) && (sendfd(1, fd) < 0)) {
812 char buf[BUFSIZ];
813
814 exit_code = errno;
815
816 /* sendfd() failed, dump the socket data for the heck of it */
817 while ((c = read(fd, buf, sizeof (buf))) > 0)
818 write(1, buf, c);
819 }
820
821 syslog(LOG_DEBUG, "exit code: %d", exit_code);
822 return (exit_code);
823 }
824