aboutsummarylogtreecommitdiffstats
diff options
context:
space:
mode:
authorfelics2018-05-22 14:10:02 +0200
committerfelics2018-05-22 14:10:02 +0200
commit37f24c78b856b45f6cafa2ac200e0422c2bbe13a (patch)
tree78e37eced965037b7511c8378967890a1795f86f
parent7a6efa27909c184ea797b0e0263738b4190294b9 (diff)
downloadaur-37f24c78b856b45f6cafa2ac200e0422c2bbe13a.tar.gz
Allowing only a whitelist of characters in $DEVICE_URI. Also, changed the API.
Diffstat
-rw-r--r--.SRCINFO4
-rw-r--r--PKGBUILD5
-rw-r--r--README.md60
-rwxr-xr-xcups-programme.sh102
4 files changed, 99 insertions, 72 deletions
diff --git a/.SRCINFO b/.SRCINFO
index d4d5dbd91331..f062f82066bb 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -28,9 +28,9 @@ pkgbase = cups-print-to-programme
source = TODO.txt
source = GPL3.txt
source = cups-programme.install
- sha256sums = 3a56c03ef229bf5107cba5e3d60b3f73785f51a90499d1b3b3f2424af3b8bb6a
+ sha256sums = a603b98e98334d59076ec97f9c49b6fc26825bdf938a009e315a4e9c80af74d0
sha256sums = f583ed8969deef9e890b20c475bc24fd4eed8ef3c3a51544f9183fcc69d38c5c
- sha256sums = ab2189e6d8d6193a5cb05653270b5a8e1466fe528062e3b0cc52eb165e1b6329
+ sha256sums = 3f62486a89f586f9e706107f573283c6b19e236ccd19991fb6a6b482b090fd73
sha256sums = 83b54a69c67d39d03b1b02a4da1c2bccb45c459f239809568221844c2e7500a7
sha256sums = 3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986
sha256sums = 0ee996783ae6848cf3c522de135646cb4b19670a48d6f1bf387b5b304f5506ad
diff --git a/PKGBUILD b/PKGBUILD
index 6d9cd78a962b..9f67635ecdba 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -38,14 +38,15 @@ optdepends=(
)
provides=("${_pkgname}-doc=${pkgver}")
backup=('etc/cups/cups-programme.conf')
-sha256sums=('3a56c03ef229bf5107cba5e3d60b3f73785f51a90499d1b3b3f2424af3b8bb6a'
+sha256sums=('a603b98e98334d59076ec97f9c49b6fc26825bdf938a009e315a4e9c80af74d0'
'f583ed8969deef9e890b20c475bc24fd4eed8ef3c3a51544f9183fcc69d38c5c'
- 'ab2189e6d8d6193a5cb05653270b5a8e1466fe528062e3b0cc52eb165e1b6329'
+ '3f62486a89f586f9e706107f573283c6b19e236ccd19991fb6a6b482b090fd73'
'83b54a69c67d39d03b1b02a4da1c2bccb45c459f239809568221844c2e7500a7'
'3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986'
'0ee996783ae6848cf3c522de135646cb4b19670a48d6f1bf387b5b304f5506ad')
+
pkgver() {
cd "${srcdir}"
./cups-programme.sh --version
diff --git a/README.md b/README.md
index d27745532a08..5ca1879b6900 100644
--- a/README.md
+++ b/README.md
@@ -96,6 +96,11 @@ In general, the syntax for the Device URI is:
where:
+* Only the charaters out of the set
+ [][)(}{äÄöÖüÜß.:,;_@^°§%&/=?+*~a-zA-Z0-9-]
+ are allowed. (Use `%`-replacements, if you need some of forbidden,
+ characters, see below. For example, the characters ` `, `"`, `'`,
+ `` ` ``, `$`, `!`, `#`, `<`, `>`, `|`, `\` are forbidden.)
* `<path-to-executable>` needs to be an absolute path, starting with `/`
(otherwise CUPS will complain that it is not a correct URI; it expects
a `/` after the `:`),
@@ -110,9 +115,6 @@ where:
"Configuration File"),
- `g=<group>` -- specifies that the executable should be run with
primary group `<group>` (see section "Notes"),
- - `D=<DISPLAY>` -- if set, the environment variable `DISPLAY` will be
- set to `<DISPLAY>` and exported prior execution of
- `<path-to-executable>`,
- `t=<filetype>` -- if set, CUPS' PostScript output will be converted
to `<filetype>`. Possible values for `<filetype>` are:
+ 'ps' (PostScript; retain CUPS' default),
@@ -128,21 +130,32 @@ where:
the executable.
* On `<path-to-executable>` and all the options (except `t=<filetype>`),
the following string substitutions are applied (see also "Notes"):
- - `%s` -> The file where the CUPS print output is saved. Use `%s` to
+ - `%A` -> `&`,
+ - `%AT` -> `@`,
+ - `%B` -> `\`,
+ - `%C` -> `:`,
+ - `%D` -> `$`
+ - `%E` -> `=`,
+ - `%H` -> `#`,
+ - `%L` -> `<`
+ - `%LC` -> `{`
+ - `%LR` -> `(`
+ - `%LS` -> `[`
+ - `%P` -> `|`,
+ - `%Q` -> `?`,
+ - `%R` -> `>`
+ - `%RC` -> `}`
+ - `%RR` -> `)`
+ - `%RS` -> `]`
+ - `%TB` -> `` ` `` (backtick),
+ - `%TD` -> `"`,
+ - `%TS` -> `'`,
+ - `%X` -> `!`
+ - `%s` -> The file where the CUPS print output is saved. Use `%s` to
pass the printed file to be opened to the executable.
- - `%.` -> ` `,
- - `%_` -> `-`,
- - `%P` -> `|`,
- - `%B` -> `\`,
- - `%H` -> `#`,
- - `%Q` -> `?`,
- - `%A` -> `&`,
- - `%C` -> `:`,
- - `%T` -> `'`,
- - `%G` -> `"`,
- - `%E` -> `=`,
- - `%M` -> `@`,
- - `%%` -> `%`.
+ - `%.` -> ` `,
+ - `%_` -> `-`,
+ - `%%` -> `%`.
These replacements are carried out after cups-programme has parsed the
Device URI, so e.g. `%E` can be used to escape a `=` from
cups-programme's parser, e.g. to pass `u=...` as argument to the
@@ -159,6 +172,10 @@ beware what you do there.
The following variables are to be set in the configuration file:
`su_variant`, `askpass_cmd` and `image_converter`.
+* The executable whill be run in `bash`, but the the command and all
+ arguments /should/ be properly quoted by cups-programme so that `bash`
+ will not perform substitutions.
+
* When a programme should be run as a specific user (`u=<user>` in the
Device URI) or with a specific primary group (`g=<group>` in the
Device URI), some programme like `su` or `sudo` needs to be invoked.
@@ -187,10 +204,9 @@ supported values.
Notes
-----
-* The `%`-substitutions in the options in the Device URI might become
- necessary if the characters are breaking the Device URI. Also, `-` in
- the Device URI may make problems due to interpretation in scripts, so
- it is advised to use `%_` instead.
+* The `%`-substitutions in the options in the Device URI might also
+ become necessary if the characters are breaking the Device URI, even
+ if the characters are allowed by cups-programme itself.
* Setting a primary group to run the command as is only possible when
the CUPS filter is run as root, and only with some `su_variant`
@@ -199,7 +215,7 @@ Notes
* When adding a printer with this backend via CUPS, you might get an
error like
- Bad device-uri "cups-programme:/usr/bin/gimp?u=user&D=:0.0&%s".
+ Bad device-uri "cups-programme:/usr/bin/gimp?u=user&DISPLAY=:0.0&%s".
When this happens, add the printer with a very basic Device URI like
`cups-programme:/usr/bin/gimp`, and after adding the printer, edit
diff --git a/cups-programme.sh b/cups-programme.sh
index 61591d2e6056..a59e0f0e1250 100755
--- a/cups-programme.sh
+++ b/cups-programme.sh
@@ -29,7 +29,7 @@
#
# The version.
-VERSION=0.2.2
+VERSION=0.3
# Abort on error
set -e
@@ -212,33 +212,59 @@ log_local ""
#
# $DEVICE_URI format:
#
-# ${backend_name}:<command>?u=<user>&g=<group>&D=<display>&t=<filetype>&<variable>=<value>&<variable>=<value>&<argument>&<argument>...
+# ${backend_name}:<command>?u=<user>&g=<group>&t=<filetype>&<variable>=<value>&<variable>=<value>&<argument>&<argument>...
#
-# All arguments, including the 'u=<user>', 'g=<group>', 'D=<display>'
-# and 't=<filetype>, are optional.
+# All arguments, including the 'u=<user>', 'g=<group>', and
+# 't=<filetype>, are optional.
#
-# The following replacements will be carried out for '<command>' and all
-# options except 't=<filetype>':
-# - '%.' -> ' '
-# - '%_' -> '-'
-# - '%P' -> '|'
-# - '%B' -> '\'
-# - '%H' -> '#'
-# - '%Q' -> '?'
-# - '%A' -> '&'
-# - '%C' -> ':'
-# - '%T' -> '''
-# - '%G' -> '"'
-# - '%E' -> '='
-# - '%M' -> '@'
-# - '%%' -> '%'
-# - '%s' -> "${outfile}" (The, probably converted, output from CUPS to
-# open)
-# The replacements will be carried out after we have parsed the options,
-# so '%E' can be used to escape a '=' from our parser.
+# '%'-replacements will be carried out for '<command>' and all options
+# except 't=<filetype>', see documentation ('README.md') and function
+# 'replace_strings()'.
#
# The programme will be invoked with the specified arguments.
+# Checking $DEVICE_URI for allowed characters:
+
+replace_strings() {
+ replace \
+ '%A' '&' \
+ '%AT' '@' \
+ '%B' '\' \
+ '%C' ':' \
+ '%D' '$' \
+ '%E' '=' \
+ '%H' '#' \
+ '%L' '<' \
+ '%LC' '{' \
+ '%LR' '(' \
+ '%LS' '[' \
+ '%P' '|' \
+ '%Q' '?' \
+ '%R' '>' \
+ '%RC' '}' \
+ '%RR' ')' \
+ '%RS' ']' \
+ '%TB' '`' \
+ '%TD' '"' \
+ '%TS' "'" \
+ '%X' '!' \
+ '%s' "${outfile}" \
+ '%.' ' ' \
+ '%_' '-' \
+ '%%' '%'
+}
+
+# Test if $DEVICE_URI contains only allowed characters.
+# Put the ']' first in order for grep not interpreting it special.
+# Put the '-' last in order for grep not interpreting it special.
+# Put the '^' not first in order for grep not interpreting it special.
+_allowd_chars='][)(}{äÄöÖüÜß.:,;_@^°§%&/=?+*~a-zA-Z0-9-'
+if echo "${DEVICE_URI}" | grep -qE -e "[^${_allowd_chars}]"; then
+ _rejected_chars="$(echo "${DEVICE_URI}" | grep -oE -e "[^${_allowd_chars}]" | sort | uniq | tr -d '\n')"
+ error "$0: \$DEVICE_URI contains forbidden character(s) '${_rejected_chars}'. Allowed set: [${_allowd_chars}]. Aborting."
+ exit 5
+fi
+
# Getting the command from $DEVICE_URI:
cmd="$(echo "${DEVICE_URI}" | sed "s|^${backend_name}":'||g' | sed 's|?.*$||')"
@@ -252,7 +278,6 @@ IFS='&' read -r -a argv <<< "${argstr}"
cmd_args=()
unset user
unset group
-unset display
unset filetype
env_vars=()
# Have this as function that we will call, so that we can make use of 'shift'.
@@ -271,10 +296,6 @@ parse_argv() {
group="${_arg#g=}"
log_local " Parsed 'g='-option. Group: '${group}'."
;;
- D=*)
- display="${_arg#D=}"
- log_local " Parsed 'D='-option. Display: '${display}'."
- ;;
t=*)
filetype="${_arg#t=}"
log_local " Parsed 't='-option. filetype: '${filetype}'."
@@ -306,13 +327,9 @@ fi
outfile="${outfile_prefix}.${filetype}"
# Now, after $outfile is set, do the string replacements:
-replace_strings() {
- replace '%%' '%' '%.' ' ' '%_' '-' '%P' '|' '%B' '\' '%H' '#' '%Q' '?' '%A' '&' '%C' ':' '%G' '"' '%T' "'" '%E' '=' '%M' '@' '%s' "${outfile}"
-}
if [ -v cmd ]; then cmd="$(echo "${cmd}" | replace_strings)"; fi
if [ -v user ]; then user="$(echo "${user}" | replace_strings)"; fi
if [ -v group ]; then group="$(echo "${group}" | replace_strings)"; fi
-if [ -v display ]; then display="$(echo "${display}" | replace_strings)"; fi
cmd_args_replaced=()
for _arg in "${cmd_args[@]}"; do
cmd_args_replaced+=("$(echo "${_arg}" | replace_strings)")
@@ -352,13 +369,12 @@ log_local " - command: ${cmd}"
log_local " - command arguments: ${cmd_args_replaced[@]}"
log_local " - # of command arguments: ${#cmd_args_replaced[@]}"
log_local ""
-log_local "Variables extracted from \$DEVICE_URI:"
-if [ -v user ]; then log_local " - user: ${user}"; else log_local " - (Variable 'user' is not set.)"; fi
-if [ -v group ]; then log_local " - group: ${group}"; else log_local " - (Variable 'group' is not set.)"; fi
-if [ -v display ]; then log_local " - display: ${display}"; else log_local " - (Variable 'display' is not set.)"; fi
-if [ -v filetype ]; then log_local " - filetype: ${filetype}"; else log_local " - (Variable 'filetype' is not set.)"; fi
+log_local "Settings extracted from \$DEVICE_URI:"
+if [ -v user ]; then log_local " - user: ${user}"; else log_local " - ('user' is not set.)"; fi
+if [ -v group ]; then log_local " - group: ${group}"; else log_local " - ('group' is not set.)"; fi
+if [ -v filetype ]; then log_local " - filetype: ${filetype}"; else log_local " - ('filetype' is not set.)"; fi
log_local ""
-log_local "Variables specified in the configuration file:"
+log_local "Settings specified in the configuration file:"
log_local " - su_variant: ${su_variant}"
log_local " - askpass_cmd: ${askpass_cmd}"
log_local " - image_converter: ${image_converter}"
@@ -547,14 +563,8 @@ if [ -v user ] || [ -v group ]; then
;;
esac
else
- su_cmd='sh'
- su_opts="-c ${cmd@Q} ${cmd_args_replaced[@]@Q}"
-fi
-
-if [ -v display ]; then
- log_local "exporting DISPLAY=${display}"
- log_local ""
- export DISPLAY="${display}"
+ su_cmd="${cmd}"
+ su_opts="${cmd_args_replaced[@]@Q}"
fi
notice "$0: Running 'bash -c \"${su_cmd} ${su_opts} >> ${logfile@Q} 2>&1\"'..."