freebsd-nq/usr.sbin/lpr/common_source/ctlinfo.c
Garance A Drosehn 02e8b7b2e7 Fix the resource leak of a 'FILE *' which could happen in routine
ctl_readcf() if a call to malloc failed.

PR:		204955
Reported by:	David Binderman
2018-03-12 01:41:16 +00:00

919 lines
28 KiB
C

/*-
* SPDX-License-Identifier: BSD-2-Clause-FreeBSD
*
* ------+---------+---------+---------+---------+---------+---------+---------*
* Copyright (c) 2001,2011 - Garance Alistair Drosehn <gad@FreeBSD.org>.
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The views and conclusions contained in the software and documentation
* are those of the authors and should not be interpreted as representing
* official policies, either expressed or implied, of the FreeBSD Project.
*
* ------+---------+---------+---------+---------+---------+---------+---------*
*/
#include "lp.cdefs.h" /* A cross-platform version of <sys/cdefs.h> */
__FBSDID("$FreeBSD$");
/*
* ctlinfo - This collection of routines will know everything there is to
* know about the information inside a control file ('cf*') which is used
* to describe a print job in lpr & friends. The eventual goal is that it
* will be the ONLY source file to know what's inside these control-files.
*/
/*
* Some define's useful for debuging.
* TRIGGERTEST_FNAME and DEBUGREADCF_FNAME, allow us to do testing on
* a per-spool-directory basis.
*/
/* #define TRIGGERTEST_FNAME "LpdTestRenameTF" */
/* #define DEBUGREADCF_FNAME "LpdDebugReadCF" */
/* #define LEAVE_TMPCF_FILES 1 */
#include <sys/types.h>
#include <sys/stat.h>
#include <ctype.h>
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
#include <netdb.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <syslog.h>
#include <unistd.h>
#include "ctlinfo.h"
struct cjprivate {
struct cjobinfo pub;
char *cji_buff; /* buffer for getline */
char *cji_eobuff; /* last byte IN the buffer */
FILE *cji_fstream;
int cji_buffsize; /* # bytes in the buffer */
int cji_dumpit;
};
/*
* All the following take a parameter of 'int', but expect values in the
* range of unsigned char. Define wrappers which take values of type 'char',
* whether signed or unsigned, and ensure they end up in the right range.
*/
#define isdigitch(Anychar) isdigit((u_char)(Anychar))
#define islowerch(Anychar) islower((u_char)(Anychar))
#define isupperch(Anychar) isupper((u_char)(Anychar))
#define tolowerch(Anychar) tolower((u_char)(Anychar))
#define OTHER_USERID_CHARS "-_" /* special chars valid in a userid */
#define roundup(x, y) ((((x)+((y)-1))/(y))*(y))
/*
* This has to be large enough to fit the maximum length of a single line
* in a control-file, including the leading 'command id', a trailing '\n'
* and ending '\0'. The max size of an 'U'nlink line, for instance, is
* 1 ('U') + PATH_MAX (filename) + 2 ('\n\0'). The maximum 'H'ost line is
* 1 ('H') + NI_MAXHOST (remote hostname) + 2 ('\n\0'). Other lines can be
* even longer than those. So, pick some nice, large, arbitrary value.
*/
#define CTI_LINEMAX PATH_MAX+NI_MAXHOST+5
extern const char *from_host; /* client's machine name */
extern const char *from_ip; /* client machine's IP address */
__BEGIN_DECLS
void ctl_dumpcji(FILE *_dbg_stream, const char *_heading,
struct cjobinfo *_cjinf);
static char *ctl_getline(struct cjobinfo *_cjinf);
static void ctl_rewindcf(struct cjobinfo *_cjinf);
char *ctl_rmjob(const char *_ptrname, const char *_cfname);
__END_DECLS
/*
* Here are some things which might be needed when compiling this under
* platforms other than FreeBSD.
*/
#ifndef __FreeBSD__
# ifndef NAME_MAX
# define NAME_MAX 255
# endif
# ifndef NI_MAXHOST
# define NI_MAXHOST 1025
# endif
# ifndef PATH_MAX
# define PATH_MAX 1024
# endif
__BEGIN_DECLS
char *strdup(const char *_src);
size_t strlcpy(char *_dst, const char *_src, size_t _siz);
__END_DECLS
#endif
/*
* Control-files (cf*) have the following format.
*
* Each control-file describes a single job. It will list one or more
* "datafiles" (df*) which should be copied to some printer. Usually
* there is only one datafile per job. For the curious, RFC 1179 is an
* informal and out-of-date description of lpr/lpd circa 1990.
*
* Each line in the file gives an attribute of the job as a whole, or one
* of the datafiles in the job, or a "command" indicating something to do
* with one of the datafiles. Each line starts with an 'id' that indicates
* what that line is there for. The 'id' is historically a single byte,
* but may be multiple bytes (obviously it would be best if multi-byte ids
* started with some letter not already used as a single-byte id!).
* After the 'id', the remainder of the line will be the value of the
* indicated attribute, or a name of the datafile to be operated on.
*
* In the following lists of ids, the ids with a '!' in front of them are
* NOT explicitly supported by this version of lpd, or at least "not yet
* supported". They are only listed for reference purposes, so people
* won't be tempted to reuse the same id for a different purpose.
*
* The following are attributes of the job which should not appear more
* than once in a control file. Only the 'H' and 'P' lines are required
* by the RFC, but some implementations of lpr won't even get that right.
*
* ! A - [used by lprNG]
* B - As far as I know, this is never used as a single-byte id.
* Therefore, I intend to use it for multi-byte id codes.
* C - "class name" to display on banner page (this is sometimes
* used to hold options for print filters)
* ! D - [in lprNG, "timestamp" of when the job was submitted]
* ! E - "environment variables" to set [some versions of linux]
* H - "host name" of machine where the original 'lpr' was done
* I - "indent", the amount to indent output
* J - "job name" to display on banner page
* L - "literal" user's name as it should be displayed on the
* banner page (it is the existence of an 'L' line which
* indicates that a job should have a banner page).
* M - "mail", userid to mail to when done printing (with email
* going to 'M'@'H', so to speak).
* P - "person", the user's login name (e.g. for accounting)
* ! Q - [used by lprNG for queue-name]
* R - "resolution" in dpi, for some laser printer queues
* T - "title" for files sent thru 'pr'
* W - "width" to use for printing plain-text files
* Z - In BSD, "locale" to use for datafiles sent thru 'pr'.
* (this BSD usage should move to a different id...)
* [in lprNG - this line holds the "Z options"]
* 1 - "R font file" for files sent thru troff
* 2 - "I font file" for files sent thru troff
* 3 - "B font file" for files sent thru troff
* 4 - "S font file" for files sent thru troff
*
* The following are attributes attached to a datafile, and thus may
* appear multiple times in a control file (once per datafile):
*
* N - "name" of file (for display purposes, used by 'lpq')
* S - "stat() info" used for symbolic link ('lpr -s')
* security checks.
*
* The following indicate actions to take on a given datafile. The same
* datafile may appear on more than one "print this file" command in the
* control file. Note that ALL ids with lowercase letters are expected
* to be actions to "print this file":
*
* c - "file name", cifplot file to print. This action appears
* when the user has requested 'lpr -c'.
* d - "file name", dvi file to print, user requested 'lpr -d'
* f - "file name", a plain-text file to print = "standard"
* g - "file name", plot(1G) file to print, ie 'lpr -g'
* l - "file name", text file with control chars which should
* be printed literally, ie 'lpr -l' (note: some printers
* take this id as a request to print a postscript file,
* and because of *that* some OS's use 'l' to indicate
* that a datafile is a postscript file)
* n - "file name", ditroff(1) file to print, ie 'lpr -n'
* o - "file name", a postscript file to print. This id is
* described in the original RFC, but not much has been
* done with it. This 'lpr' does not generate control
* lines with 'o'-actions, but lpd's printjob processing
* will treat it the same as 'l'.
* p - "file name", text file to print with pr(1), ie 'lpr -p'
* t - "file name", troff(1) file to print, ie 'lpr -t'
* v - "file name", plain raster file to print
*
* U - "file name" of datafile to unlink (ie, remove file
* from spool directory. To be done in a 'Pass 2',
* AFTER having processed all datafiles in the job).
*
*/
void
ctl_freeinf(struct cjobinfo *cjinf)
{
#define FREESTR(xStr) \
if (xStr != NULL) { \
free(xStr); \
xStr = NULL;\
}
struct cjprivate *cpriv;
if (cjinf == NULL)
return;
cpriv = cjinf->cji_priv;
if ((cpriv == NULL) || (cpriv != cpriv->pub.cji_priv)) {
syslog(LOG_ERR, "in ctl_freeinf(%p): invalid cjinf (cpriv %p)",
(void *)cjinf, (void *)cpriv);
return;
}
FREESTR(cpriv->pub.cji_accthost);
FREESTR(cpriv->pub.cji_acctuser);
FREESTR(cpriv->pub.cji_class);
FREESTR(cpriv->pub.cji_curqueue);
/* [cpriv->pub.cji_fname is part of cpriv-malloced area] */
FREESTR(cpriv->pub.cji_jobname);
FREESTR(cpriv->pub.cji_mailto);
FREESTR(cpriv->pub.cji_headruser);
if (cpriv->cji_fstream != NULL) {
fclose(cpriv->cji_fstream);
cpriv->cji_fstream = NULL;
}
cjinf->cji_priv = NULL;
free(cpriv);
#undef FREESTR
}
#ifdef DEBUGREADCF_FNAME
static FILE *ctl_dbgfile = NULL;
static struct stat ctl_dbgstat;
#endif
static int ctl_dbgline = 0;
struct cjobinfo *
ctl_readcf(const char *ptrname, const char *cfname)
{
int id;
char *lbuff;
void *cstart;
FILE *cfile;
struct cjprivate *cpriv;
struct cjobinfo *cjinf;
size_t msize, sroom, sroom2;
cfile = fopen(cfname, "r");
if (cfile == NULL) {
syslog(LOG_ERR, "%s: ctl_readcf error fopen(%s): %s",
ptrname, cfname, strerror(errno));
return NULL;
}
sroom = roundup(sizeof(struct cjprivate), 8);
sroom2 = sroom + strlen(cfname) + 1;
sroom2 = roundup(sroom2, 8);
msize = sroom2 + CTI_LINEMAX;
msize = roundup(msize, 8);
cstart = malloc(msize);
if (cstart == NULL) {
fclose(cfile);
return NULL;
}
memset(cstart, 0, msize);
cpriv = (struct cjprivate *)cstart;
cpriv->pub.cji_priv = cpriv;
cpriv->pub.cji_fname = (char *)cstart + sroom;
strcpy(cpriv->pub.cji_fname, cfname);
cpriv->cji_buff = (char *)cstart + sroom2;
cpriv->cji_buffsize = (int)(msize - sroom2);
cpriv->cji_eobuff = (char *)cstart + msize - 1;
cpriv->cji_fstream = cfile;
cpriv->pub.cji_curqueue = strdup(ptrname);
ctl_dbgline = 0;
#ifdef DEBUGREADCF_FNAME
ctl_dbgfile = NULL;
id = stat(DEBUGREADCF_FNAME, &ctl_dbgstat);
if (id != -1) {
/* the file exists in this spool directory, write some simple
* debugging info to it */
ctl_dbgfile = fopen(DEBUGREADCF_FNAME, "a");
if (ctl_dbgfile != NULL) {
fprintf(ctl_dbgfile, "%s: s=%p r=%ld e=%p %p->%s\n",
ptrname, (void *)cpriv, (long)sroom,
cpriv->cji_eobuff, cpriv->pub.cji_fname,
cpriv->pub.cji_fname);
}
}
#endif
/*
* Copy job-attribute values from control file to the struct of
* "public" information. In some cases, it is invalid for the
* value to be a null-string, so that is ignored.
*/
cjinf = &(cpriv->pub);
lbuff = ctl_getline(cjinf);
while (lbuff != NULL) {
id = *lbuff++;
switch (id) {
case 'C':
cpriv->pub.cji_class = strdup(lbuff);
break;
case 'H':
if (*lbuff == '\0')
break;
cpriv->pub.cji_accthost = strdup(lbuff);
break;
case 'J':
cpriv->pub.cji_jobname = strdup(lbuff);
break;
case 'L':
cpriv->pub.cji_headruser = strdup(lbuff);
break;
case 'M':
/*
* No valid mail-to address would start with a minus.
* If this one does, it is probably some trickster who
* is trying to trigger options on sendmail. Ignore.
*/
if (*lbuff == '-')
break;
if (*lbuff == '\0')
break;
cpriv->pub.cji_mailto = strdup(lbuff);
break;
case 'P':
if (*lbuff == '\0')
break;
/* The userid must not start with a minus sign */
if (*lbuff == '-')
*lbuff = '_';
cpriv->pub.cji_acctuser = strdup(lbuff);
break;
default:
if (islower(id)) {
cpriv->pub.cji_dfcount++;
}
break;
}
lbuff = ctl_getline(cjinf);
}
/* the 'H'ost and 'P'erson fields are *always* supposed to be there */
if (cpriv->pub.cji_accthost == NULL)
cpriv->pub.cji_accthost = strdup(".na.");
if (cpriv->pub.cji_acctuser == NULL)
cpriv->pub.cji_acctuser = strdup(".na.");
#ifdef DEBUGREADCF_FNAME
if (ctl_dbgfile != NULL) {
if (cpriv->cji_dumpit)
ctl_dumpcji(ctl_dbgfile, "end readcf", &(cpriv->pub));
fclose(ctl_dbgfile);
ctl_dbgfile = NULL;
}
#endif
return &(cpriv->pub);
}
/*
* This routine renames the temporary control file as received from some
* other (remote) host. That file will almost always with `tfA*', because
* recvjob.c creates the file by changing `c' to `t' in the original name
* for the control file. Now if you read the RFC, you would think that all
* control filenames start with `cfA*'. However, it seems there are some
* implementations which send control filenames which start with `cf'
* followed by *any* letter, so this routine can not assume what the third
* letter will (or will not) be. Sigh.
*
* So this will rewrite the temporary file to `rf*' (correcting any lines
* which need correcting), rename that `rf*' file to `cf*', and then remove
* the original `tf*' temporary file.
*
* The *main* purpose of this routine is to be paranoid about the contents
* of that control file. It is partially meant to protect against people
* TRYING to cause trouble (perhaps after breaking into root of some host
* that this host will accept print jobs from). The fact that we're willing
* to print jobs from some remote host does not mean that we should blindly
* do anything that host tells us to do.
*
* This is also meant to protect us from errors in other implementations of
* lpr, particularly since we may want to use some values from the control
* file as environment variables when it comes time to print, or as parameters
* to commands which will be exec'ed, or values in statistics records.
*
* This may also do some "conversions" between how different versions of
* lpr or lprNG define the contents of various lines in a control file.
*
* If there is an error, it returns a pointer to a descriptive error message.
* Error messages which are RETURNED (as opposed to syslog-ed) do not include
* the printer-queue name. Let the caller add that if it is wanted.
*/
char *
ctl_renametf(const char *ptrname, const char *tfname)
{
int chk3rd, has_uc, newfd, nogood, res;
FILE *newcf;
struct cjobinfo *cjinf;
char *lbuff, *slash, *cp;
char tfname2[NAME_MAX+1], cfname2[NAME_MAX+1];
char errm[CTI_LINEMAX];
#ifdef TRIGGERTEST_FNAME
struct stat tstat;
res = stat(TRIGGERTEST_FNAME, &tstat);
if (res == -1) {
/*
* if the trigger file does NOT exist in this spool directory,
* then do the exact same steps that the pre-ctlinfo code had
* been doing. Ie, very little.
*/
strlcpy(cfname2, tfname, sizeof(cfname2));
cfname2[0] = 'c';
res = link(tfname, cfname2);
if (res < 0) {
snprintf(errm, sizeof(errm),
"ctl_renametf error link(%s,%s): %s", tfname,
cfname2, strerror(errno));
return strdup(errm);
}
unlink(tfname);
return NULL;
}
#endif
cjinf = NULL; /* in case of early jump to error_ret */
newcf = NULL; /* in case of early jump to error_ret */
*errm = '\0'; /* in case of early jump to error_ret */
chk3rd = tfname[2];
if ((tfname[0] != 't') || (tfname[1] != 'f') || (!isalpha(chk3rd))) {
snprintf(errm, sizeof(errm),
"ctl_renametf invalid filename: %s", tfname);
goto error_ret;
}
cjinf = ctl_readcf(ptrname, tfname);
if (cjinf == NULL) {
snprintf(errm, sizeof(errm),
"ctl_renametf error cti_readcf(%s)", tfname);
goto error_ret;
}
/*
* This uses open+fdopen instead of fopen because that combination
* gives us greater control over file-creation issues.
*/
strlcpy(tfname2, tfname, sizeof(tfname2));
tfname2[0] = 'r'; /* rf<letter><job><hostname> */
newfd = open(tfname2, O_WRONLY|O_CREAT|O_TRUNC, 0660);
if (newfd == -1) {
snprintf(errm, sizeof(errm),
"ctl_renametf error open(%s): %s", tfname2,
strerror(errno));
goto error_ret;
}
newcf = fdopen(newfd, "w");
if (newcf == NULL) {
close(newfd);
snprintf(errm, sizeof(errm),
"ctl_renametf error fopen(%s): %s", tfname2,
strerror(errno));
goto error_ret;
}
/*
* Do extra sanity checks on some key job-attribute fields, and
* write them out first (thus making sure they are written in the
* order we generally expect them to be in).
*/
/*
* Some lpr implementations on PC's set a null-string for their
* hostname. A MacOS 10 system which has not correctly setup
* /etc/hostconfig will claim a hostname of 'localhost'. Anything
* with blanks in it would be an invalid value for hostname. For
* any of these invalid hostname values, replace the given value
* with the name of the host that this job is coming from.
*/
nogood = 0;
if (cjinf->cji_accthost == NULL)
nogood = 1;
else if (strcmp(cjinf->cji_accthost, ".na.") == 0)
nogood = 1;
else if (strcmp(cjinf->cji_accthost, "localhost") == 0)
nogood = 1;
else {
for (cp = cjinf->cji_accthost; *cp != '\0'; cp++) {
if (*cp <= ' ') {
nogood = 1;
break;
}
}
}
if (nogood)
fprintf(newcf, "H%s\n", from_host);
else
fprintf(newcf, "H%s\n", cjinf->cji_accthost);
/*
* Now do some sanity checks on the 'P' (original userid) value. Note
* that the 'P'erson line is the second line which is ALWAYS supposed
* to be present in a control file.
*
* There is no particularly good value to use for replacements, but
* at least make sure the value is something reasonable to use in
* environment variables and statistics records. Again, some PC
* implementations send a null-string for a value. Various Mac
* implementations will set whatever string the user has set for
* their 'Owner Name', which usually includes blanks, etc.
*/
nogood = 0;
if (cjinf->cji_acctuser == NULL)
nogood = 1;
else if (strcmp(cjinf->cji_acctuser, ".na.") == 0)
; /* No further checks needed... */
else {
has_uc = 0;
cp = cjinf->cji_acctuser;
if (*cp == '-')
*cp++ = '_';
for (; *cp != '\0'; cp++) {
if (islowerch(*cp) || isdigitch(*cp))
continue; /* Standard valid characters */
if (strchr(OTHER_USERID_CHARS, *cp) != NULL)
continue; /* Some more valid characters */
if (isupperch(*cp)) {
has_uc = 1; /* These may be valid... */
continue;
}
*cp = '_';
}
/*
* Some Windows hosts send print jobs where the correct userid
* has been converted to uppercase, and that can cause trouble
* for sites that expect the correct value (for something like
* accounting). On the other hand, some sites do use uppercase
* in their userids, so we can't blindly convert to lowercase.
*/
if (has_uc && (getpwnam(cjinf->cji_acctuser) == NULL)) {
for (cp = cjinf->cji_acctuser; *cp != '\0'; cp++) {
if (isupperch(*cp))
*cp = tolowerch(*cp);
}
}
}
if (nogood)
fprintf(newcf, "P%s\n", ".na.");
else
fprintf(newcf, "P%s\n", cjinf->cji_acctuser);
/* No need for sanity checks on class, jobname, "literal" user. */
if (cjinf->cji_class != NULL)
fprintf(newcf, "C%s\n", cjinf->cji_class);
if (cjinf->cji_jobname != NULL)
fprintf(newcf, "J%s\n", cjinf->cji_jobname);
if (cjinf->cji_headruser != NULL)
fprintf(newcf, "L%s\n", cjinf->cji_headruser);
/*
* This should probably add more sanity checks on mailto value.
* Note that if the mailto value is "wrong", then there's no good
* way to know what the "correct" value would be, and we should not
* semd email to some random address. At least for now, just ignore
* any invalid values.
*/
nogood = 0;
if (cjinf->cji_mailto == NULL)
nogood = 1;
else {
for (cp = cjinf->cji_mailto; *cp != '\0'; cp++) {
if (*cp <= ' ') {
nogood = 1;
break;
}
}
}
if (!nogood)
fprintf(newcf, "M%s\n", cjinf->cji_mailto);
/*
* Now go thru the old control file, copying all information which
* hasn't already been written into the new file.
*/
ctl_rewindcf(cjinf);
lbuff = ctl_getline(cjinf);
while (lbuff != NULL) {
switch (lbuff[0]) {
case 'H':
case 'P':
case 'C':
case 'J':
case 'L':
case 'M':
/* already wrote values for these to the newcf */
break;
case 'N':
/* see comments under 'U'... */
if (cjinf->cji_dfcount == 0) {
/* in this case, 'N's will be done in 'U' */
break;
}
fprintf(newcf, "%s\n", lbuff);
break;
case 'U':
/*
* check for the very common case where the remote
* host had to process 'lpr -s -r', but it did not
* remove the Unlink line from the control file.
* Such Unlink lines will legitimately have a '/' in
* them, but it is the original lpr host which would
* have done the unlink of such files, and not any
* host receiving that job.
*/
slash = strchr(lbuff, '/');
if (slash != NULL) {
break; /* skip this line */
}
/*
* Okay, another kind of broken lpr implementation
* is one which send datafiles, and Unlink's those
* datafiles, but never includes any PRINT request
* for those files. Experimentation shows that one
* copy of those datafiles should be printed with a
* format of 'f'. If this is an example of such a
* screwed-up control file, fix it here.
*/
if (cjinf->cji_dfcount == 0) {
lbuff++;
if (strncmp(lbuff, "df", (size_t)2) == 0) {
fprintf(newcf, "f%s\n", lbuff);
fprintf(newcf, "U%s\n", lbuff);
fprintf(newcf, "N%s\n", lbuff);
}
break;
}
fprintf(newcf, "%s\n", lbuff);
break;
default:
fprintf(newcf, "%s\n", lbuff);
break;
}
lbuff = ctl_getline(cjinf);
}
ctl_freeinf(cjinf);
cjinf = NULL;
res = fclose(newcf);
newcf = NULL;
if (res != 0) {
snprintf(errm, sizeof(errm),
"ctl_renametf error fclose(%s): %s", tfname2,
strerror(errno));
goto error_ret;
}
strlcpy(cfname2, tfname, sizeof(cfname2));
cfname2[0] = 'c'; /* rename new file to 'cfA*' */
res = link(tfname2, cfname2);
if (res != 0) {
snprintf(errm, sizeof(errm),
"ctl_renametf error link(%s,%s): %s", tfname2, cfname2,
strerror(errno));
goto error_ret;
}
/* All the important work is done. Now just remove temp files */
#ifdef LEAVE_TMPCF_FILES
{
struct stat tfstat;
size_t size1;
tfstat.st_size = 1; /* certainly invalid value */
res = stat(tfname, &tfstat);
size1 = tfstat.st_size;
tfstat.st_size = 2; /* certainly invalid value */
res = stat(tfname2, &tfstat);
/*
* If the sizes do not match, or either stat call failed,
* then do not remove the temp files, but just move them
* out of the way. This is so I can see what this routine
* had changed (and the files won't interfere with some
* later job coming in from the same host). In this case,
* we don't care if we clobber some previous file.
*/
if (size1 != tfstat.st_size) {
strlcpy(cfname2, tfname, sizeof(cfname2));
strlcat(cfname2, "._T", sizeof(cfname2));
rename(tfname, cfname2);
strlcpy(cfname2, tfname2, sizeof(cfname2));
strlcat(cfname2, "._T", sizeof(cfname2));
rename(tfname2, cfname2);
return NULL;
}
}
#endif
unlink(tfname);
unlink(tfname2);
return NULL;
error_ret:
if (cjinf != NULL)
ctl_freeinf(cjinf);
if (newcf != NULL)
fclose(newcf);
if (*errm != '\0')
return strdup(errm);
return strdup("ctl_renametf internal (missed) error");
}
void
ctl_rewindcf(struct cjobinfo *cjinf)
{
struct cjprivate *cpriv;
if (cjinf == NULL)
return;
cpriv = cjinf->cji_priv;
if ((cpriv == NULL) || (cpriv != cpriv->pub.cji_priv)) {
syslog(LOG_ERR, "in ctl_rewindcf(%p): invalid cjinf (cpriv %p)",
(void *)cjinf, (void *)cpriv);
return;
}
rewind(cpriv->cji_fstream); /* assume no errors... :-) */
}
char *
ctl_rmjob(const char *ptrname, const char *cfname)
{
struct cjobinfo *cjinf;
char *lbuff;
char errm[CTI_LINEMAX];
cjinf = ctl_readcf(ptrname, cfname);
if (cjinf == NULL) {
snprintf(errm, sizeof(errm),
"ctl_renametf error cti_readcf(%s)", cfname);
return strdup(errm);
}
ctl_rewindcf(cjinf);
lbuff = ctl_getline(cjinf);
while (lbuff != NULL) {
/* obviously we need to fill in the following... */
switch (lbuff[0]) {
case 'S':
break;
case 'U':
break;
default:
break;
}
lbuff = ctl_getline(cjinf);
}
ctl_freeinf(cjinf);
cjinf = NULL;
return NULL;
}
/*
* The following routine was originally written to pin down a bug. It is
* no longer needed for that problem, but may be useful to keep around for
* other debugging.
*/
void
ctl_dumpcji(FILE *dbg_stream, const char *heading, struct cjobinfo *cjinf)
{
#define PRINTSTR(xHdr,xStr) \
astr = xStr; \
ctl_dbgline++; \
fprintf(dbg_stream, "%4d] %12s = ", ctl_dbgline, xHdr); \
if (astr == NULL) \
fprintf(dbg_stream, "NULL\n"); \
else \
fprintf(dbg_stream, "%p -> %s\n", astr, astr)
struct cjprivate *cpriv;
char *astr;
if (cjinf == NULL) {
fprintf(dbg_stream,
"ctl_dumpcji: ptr to cjobinfo for '%s' is NULL\n",
heading);
return;
}
cpriv = cjinf->cji_priv;
fprintf(dbg_stream, "ctl_dumpcji: Dump '%s' of cjobinfo at %p->%p\n",
heading, (void *)cjinf, cpriv->cji_buff);
PRINTSTR("accthost.H", cpriv->pub.cji_accthost);
PRINTSTR("acctuser.P", cpriv->pub.cji_acctuser);
PRINTSTR("class.C", cpriv->pub.cji_class);
PRINTSTR("cf-qname", cpriv->pub.cji_curqueue);
PRINTSTR("cf-fname", cpriv->pub.cji_fname);
PRINTSTR("jobname.J", cpriv->pub.cji_jobname);
PRINTSTR("mailto.M", cpriv->pub.cji_mailto);
PRINTSTR("headruser.L", cpriv->pub.cji_headruser);
ctl_dbgline++;
fprintf(dbg_stream, "%4d] %12s = ", ctl_dbgline, "*cjprivate");
if (cpriv->pub.cji_priv == NULL)
fprintf(dbg_stream, "NULL !!\n");
else
fprintf(dbg_stream, "%p\n", (void *)cpriv->pub.cji_priv);
fprintf(dbg_stream, "|- - - - --> Dump '%s' complete\n", heading);
/* flush output for the benefit of anyone doing a 'tail -f' */
fflush(dbg_stream);
#undef PRINTSTR
}
/*
* This routine reads in the next line from the control-file, and removes
* the trailing newline character.
*
* Historical note: Earlier versions of this routine did tab-expansion for
* ALL lines read in, which did not make any sense for most of the lines
* in a control file. For the lines where tab-expansion is useful, it will
* now have to be done by the calling routine.
*/
static char *
ctl_getline(struct cjobinfo *cjinf)
{
char *strp, *nl;
struct cjprivate *cpriv;
if (cjinf == NULL)
return NULL;
cpriv = cjinf->cji_priv;
if ((cpriv == NULL) || (cpriv != cpriv->pub.cji_priv)) {
syslog(LOG_ERR, "in ctl_getline(%p): invalid cjinf (cpriv %p)",
(void *)cjinf, (void *)cpriv);
return NULL;
}
errno = 0;
strp = fgets(cpriv->cji_buff, cpriv->cji_buffsize, cpriv->cji_fstream);
if (strp == NULL) {
if (errno != 0)
syslog(LOG_ERR, "%s: ctl_getline error fgets(%s): %s",
cpriv->pub.cji_curqueue, cpriv->pub.cji_fname,
strerror(errno));
return NULL;
}
nl = strchr(strp, '\n');
if (nl != NULL)
*nl = '\0';
#ifdef DEBUGREADCF_FNAME
/* I'd like to find out if the previous work to expand tabs was ever
* really used, and if so, on what lines and for what reason.
* Yes, all this work probably means I'm obsessed about this 'tab'
* issue, but isn't programming a matter of obsession?
*/
{
int tabcnt;
char *ch;
tabcnt = 0;
ch = strp;
for (ch = strp; *ch != '\0'; ch++) {
if (*ch == '\t')
tabcnt++;
}
if (tabcnt && (ctl_dbgfile != NULL)) {
cpriv->cji_dumpit++;
fprintf(ctl_dbgfile, "%s: tabs=%d '%s'\n",
cpriv->pub.cji_fname, tabcnt, cpriv->cji_buff);
}
}
#endif
return strp;
}