Sandboxed applications were not able to get the default printer (Issue …

…#5676) - Add "home" global pointing to the user's home directory. - Use it instead of getenv("HOME") everywhere we needed it.
apple · Nov 14, 2019 · e2eb28c · e2eb28c
1 parent 3ff5a8e
commit e2eb28c
Show file tree

Hide file tree

Showing 7 changed files with 48 additions and 45 deletions.
diff --git a/CHANGES.md b/CHANGES.md
@@ -16,6 +16,7 @@ Changes in CUPS v2.3.1
   permissions are wrong (Issue #5658)
 - Added paint can labels to Dymo driver (Issue #5662)
 - The `--with-dbusdir` option was ignored by the configure script (Issue #5671)
+- Sandboxed applications were not able to get the default printer (Issue #5676)
 - Log file access controls were not preserved by `cupsctl` (Issue #5677)
 - Default printers set with `lpoptions` did not work in all cases (Issue #5681)
 - The IPP backend did not detect all cases where a job should be retried using

diff --git a/cups/cups-private.h b/cups/cups-private.h
@@ -82,6 +82,7 @@ typedef struct _cups_globals_s		/**** CUPS global state data ****/
 			*cups_serverroot,
 					/* CUPS_SERVERROOT environment var */
 			*cups_statedir,	/* CUPS_STATEDIR environment var */
+			*home,		/* HOME environment var */
 			*localedir;	/* LOCALDIR environment var */
 
   /* adminutil.c */

diff --git a/cups/dest.c b/cups/dest.c
@@ -1748,7 +1748,6 @@ cupsGetNamedDest(http_t     *http,	/* I - Connection to server or @code CUPS_HTT
   cups_dest_t	*dest;			/* Destination */
   char		filename[1024],		/* Path to lpoptions */
 		defname[256];		/* Default printer name */
-  const char	*home = getenv("HOME");	/* Home directory */
   int		set_as_default = 0;	/* Set returned destination as default */
   ipp_op_t	op = IPP_OP_GET_PRINTER_ATTRIBUTES;
 					/* IPP operation to get server ops */
@@ -1780,13 +1779,13 @@ cupsGetNamedDest(http_t     *http,	/* I - Connection to server or @code CUPS_HTT
       else
         instance = NULL;
     }
-    else if (home)
+    else if (cg->home)
     {
      /*
       * No default in the environment, try the user's lpoptions files...
       */
 
-      snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", home);
+      snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", cg->home);
 
       dest_name = cups_get_default(filename, defname, sizeof(defname), &instance);
 
@@ -1892,9 +1891,9 @@ cupsGetNamedDest(http_t     *http,	/* I - Connection to server or @code CUPS_HTT
   snprintf(filename, sizeof(filename), "%s/lpoptions", cg->cups_serverroot);
   cups_get_dests(filename, dest_name, instance, 0, 1, 1, &dest);
 
-  if (home)
+  if (cg->home)
   {
-    snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", home);
+    snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", cg->home);
 
     cups_get_dests(filename, dest_name, instance, 0, 1, 1, &dest);
   }
@@ -2032,9 +2031,6 @@ cupsSetDests2(http_t      *http,	/* I - Connection to server or @code CUPS_HTTP_
   cups_option_t	*option;		/* Current option */
   _ipp_option_t	*match;			/* Matching attribute for option */
   FILE		*fp;			/* File pointer */
-#ifndef _WIN32
-  const char	*home;			/* HOME environment variable */
-#endif /* _WIN32 */
   char		filename[1024];		/* lpoptions file */
   int		num_temps;		/* Number of temporary destinations */
   cups_dest_t	*temps = NULL,		/* Temporary destinations */
@@ -2068,27 +2064,18 @@ cupsSetDests2(http_t      *http,	/* I - Connection to server or @code CUPS_HTTP_
 
   snprintf(filename, sizeof(filename), "%s/lpoptions", cg->cups_serverroot);
 
-#ifndef _WIN32
-  if (getuid())
+  if (cg->home)
   {
    /*
-    * Point to user defaults...
+    * Create ~/.cups subdirectory...
     */
 
-    if ((home = getenv("HOME")) != NULL)
-    {
-     /*
-      * Create ~/.cups subdirectory...
-      */
-
-      snprintf(filename, sizeof(filename), "%s/.cups", home);
-      if (access(filename, 0))
-        mkdir(filename, 0700);
+    snprintf(filename, sizeof(filename), "%s/.cups", cg->home);
+    if (access(filename, 0))
+      mkdir(filename, 0700);
 
-      snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", home);
-    }
+    snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", cg->home);
   }
-#endif /* !_WIN32 */
 
  /*
   * Try to open the file...
@@ -3426,7 +3413,6 @@ cups_enum_dests(
 #else
   _cups_getdata_t data;			/* Data for callback */
 #endif /* HAVE_DNSSD || HAVE_AVAHI */
-  const char	*home;			/* HOME environment variable */
   char		filename[1024];		/* Local lpoptions file */
   _cups_globals_t *cg = _cupsGlobals();	/* Pointer to library globals */
 
@@ -3475,9 +3461,9 @@ cups_enum_dests(
   snprintf(filename, sizeof(filename), "%s/lpoptions", cg->cups_serverroot);
   data.num_dests = cups_get_dests(filename, NULL, NULL, 1, user_default != NULL, data.num_dests, &data.dests);
 
-  if ((home = getenv("HOME")) != NULL)
+  if (cg->home)
   {
-    snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", home);
+    snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", cg->home);
 
     data.num_dests = cups_get_dests(filename, NULL, NULL, 1, user_default != NULL, data.num_dests, &data.dests);
   }

diff --git a/cups/globals.c b/cups/globals.c
@@ -1,17 +1,21 @@
 /*
  * Global variable access routines for CUPS.
  *
- * Copyright 2007-2015 by Apple Inc.
- * Copyright 1997-2007 by Easy Software Products, all rights reserved.
+ * Copyright © 2007-2019 by Apple Inc.
+ * Copyright © 1997-2007 by Easy Software Products, all rights reserved.
  *
- * Licensed under Apache License v2.0.  See the file "LICENSE" for more information.
+ * Licensed under Apache License v2.0.  See the file "LICENSE" for more
+ * information.
  */
 
 /*
  * Include necessary headers...
  */
 
 #include "cups-private.h"
+#ifndef _WIN32
+#  include <pwd.h>
+#endif /* !_WIN32 */
 
 
 /*
@@ -269,6 +273,8 @@ cups_globals_alloc(void)
   if ((cg->localedir = getenv("LOCALEDIR")) == NULL)
     cg->localedir = localedir;
 
+  cg->home = getenv("HOME");
+
 #else
 #  ifdef HAVE_GETEUID
   if ((geteuid() != getuid() && getuid()) || getegid() != getgid())
@@ -307,9 +313,23 @@ cups_globals_alloc(void)
 
     if ((cg->localedir = getenv("LOCALEDIR")) == NULL)
       cg->localedir = CUPS_LOCALEDIR;
+
+#  ifndef __APPLE__ /* Sandboxing now exposes the container as the home directory */
+    cg->home = getenv("HOME");
+#endif /* !__APPLE__ */
+  }
+
+  if (!cg->home)
+  {
+    struct passwd	*pw;		/* User info */
+
+    if ((pw = getpwuid(getuid())) != NULL)
+      cg->home = _cupsStrAlloc(pw->pw_dir);
   }
 #endif /* _WIN32 */
 
+  fprintf(stderr, "Using \"%s\" as home directory.\n", cg->home);
+
   return (cg);
 }
 

diff --git a/cups/tls-darwin.c b/cups/tls-darwin.c
@@ -2002,7 +2002,8 @@ static const char *			/* O - Keychain path */
 http_cdsa_default_path(char   *buffer,	/* I - Path buffer */
                        size_t bufsize)	/* I - Size of buffer */
 {
-  const char *home = getenv("HOME");	/* HOME environment variable */
+  _cups_globals_t	*cg = _cupsGlobals();
+					/* Pointer to library globals */
 
 
  /*
@@ -2011,8 +2012,8 @@ http_cdsa_default_path(char   *buffer,	/* I - Path buffer */
   * 10.11.4 (!), so we need to create our own keychain just for CUPS.
   */
 
-  if (getuid() && home)
-    snprintf(buffer, bufsize, "%s/.cups/ssl.keychain", home);
+  if (cg->home)
+    snprintf(buffer, bufsize, "%s/.cups/ssl.keychain", cg->home);
   else
     strlcpy(buffer, "/etc/cups/ssl.keychain", bufsize);
 

diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
@@ -935,12 +935,13 @@ static const char *			/* O - Path or NULL on error */
 http_gnutls_default_path(char   *buffer,/* I - Path buffer */
                          size_t bufsize)/* I - Size of path buffer */
 {
-  const char *home = getenv("HOME");	/* HOME environment variable */
+  _cups_globals_t	*cg = _cupsGlobals();
+					/* Pointer to library globals */
 
 
-  if (getuid() && home)
+  if (cg->home)
   {
-    snprintf(buffer, bufsize, "%s/.cups", home);
+    snprintf(buffer, bufsize, "%s/.cups", cg->home);
     if (access(buffer, 0))
     {
       DEBUG_printf(("1http_gnutls_default_path: Making directory \"%s\".", buffer));
@@ -951,7 +952,7 @@ http_gnutls_default_path(char   *buffer,/* I - Path buffer */
       }
     }
 
-    snprintf(buffer, bufsize, "%s/.cups/ssl", home);
+    snprintf(buffer, bufsize, "%s/.cups/ssl", cg->home);
     if (access(buffer, 0))
     {
       DEBUG_printf(("1http_gnutls_default_path: Making directory \"%s\".", buffer));

diff --git a/cups/usersys.c b/cups/usersys.c
@@ -971,7 +971,6 @@ void
 _cupsSetDefaults(void)
 {
   cups_file_t	*fp;			/* File */
-  const char	*home;			/* Home directory of user */
   char		filename[1024];		/* Filename */
   _cups_client_conf_t cc;		/* client.conf values */
   _cups_globals_t *cg = _cupsGlobals();	/* Pointer to library globals */
@@ -997,19 +996,13 @@ _cupsSetDefaults(void)
     cupsFileClose(fp);
   }
 
-#  ifdef HAVE_GETEUID
-  if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home = getenv("HOME")) != NULL)
-#  elif !defined(_WIN32)
-  if (getuid() && (home = getenv("HOME")) != NULL)
-#  else
-  if ((home = getenv("HOME")) != NULL)
-#  endif /* HAVE_GETEUID */
+  if (cg->home)
   {
    /*
     * Look for ~/.cups/client.conf...
     */
 
-    snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home);
+    snprintf(filename, sizeof(filename), "%s/.cups/client.conf", cg->home);
     if ((fp = cupsFileOpen(filename, "r")) != NULL)
     {
       cups_read_client_conf(fp, &cc);