diff options
author | felics | 2018-05-22 14:10:02 +0200 |
---|---|---|
committer | felics | 2018-05-22 14:10:02 +0200 |
commit | 37f24c78b856b45f6cafa2ac200e0422c2bbe13a (patch) | |
tree | 78e37eced965037b7511c8378967890a1795f86f | |
parent | 7a6efa27909c184ea797b0e0263738b4190294b9 (diff) | |
download | aur-37f24c78b856b45f6cafa2ac200e0422c2bbe13a.tar.gz |
Allowing only a whitelist of characters in $DEVICE_URI. Also, changed the API.
-rw-r--r-- | .SRCINFO | 4 | ||||
-rw-r--r-- | PKGBUILD | 5 | ||||
-rw-r--r-- | README.md | 60 | ||||
-rwxr-xr-x | cups-programme.sh | 102 |
4 files changed, 99 insertions, 72 deletions
@@ -28,9 +28,9 @@ pkgbase = cups-print-to-programme source = TODO.txt source = GPL3.txt source = cups-programme.install - sha256sums = 3a56c03ef229bf5107cba5e3d60b3f73785f51a90499d1b3b3f2424af3b8bb6a + sha256sums = a603b98e98334d59076ec97f9c49b6fc26825bdf938a009e315a4e9c80af74d0 sha256sums = f583ed8969deef9e890b20c475bc24fd4eed8ef3c3a51544f9183fcc69d38c5c - sha256sums = ab2189e6d8d6193a5cb05653270b5a8e1466fe528062e3b0cc52eb165e1b6329 + sha256sums = 3f62486a89f586f9e706107f573283c6b19e236ccd19991fb6a6b482b090fd73 sha256sums = 83b54a69c67d39d03b1b02a4da1c2bccb45c459f239809568221844c2e7500a7 sha256sums = 3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986 sha256sums = 0ee996783ae6848cf3c522de135646cb4b19670a48d6f1bf387b5b304f5506ad @@ -38,14 +38,15 @@ optdepends=( ) provides=("${_pkgname}-doc=${pkgver}") backup=('etc/cups/cups-programme.conf') -sha256sums=('3a56c03ef229bf5107cba5e3d60b3f73785f51a90499d1b3b3f2424af3b8bb6a' +sha256sums=('a603b98e98334d59076ec97f9c49b6fc26825bdf938a009e315a4e9c80af74d0' 'f583ed8969deef9e890b20c475bc24fd4eed8ef3c3a51544f9183fcc69d38c5c' - 'ab2189e6d8d6193a5cb05653270b5a8e1466fe528062e3b0cc52eb165e1b6329' + '3f62486a89f586f9e706107f573283c6b19e236ccd19991fb6a6b482b090fd73' '83b54a69c67d39d03b1b02a4da1c2bccb45c459f239809568221844c2e7500a7' '3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986' '0ee996783ae6848cf3c522de135646cb4b19670a48d6f1bf387b5b304f5506ad') + pkgver() { cd "${srcdir}" ./cups-programme.sh --version diff --git a/README.md b/README.md index d27745532a08..5ca1879b6900 100644 --- a/README.md +++ b/README.md @@ -96,6 +96,11 @@ In general, the syntax for the Device URI is: where: +* Only the charaters out of the set + [][)(}{äÄöÖüÜß.:,;_@^°§%&/=?+*~a-zA-Z0-9-] + are allowed. (Use `%`-replacements, if you need some of forbidden, + characters, see below. For example, the characters ` `, `"`, `'`, + `` ` ``, `$`, `!`, `#`, `<`, `>`, `|`, `\` are forbidden.) * `<path-to-executable>` needs to be an absolute path, starting with `/` (otherwise CUPS will complain that it is not a correct URI; it expects a `/` after the `:`), @@ -110,9 +115,6 @@ where: "Configuration File"), - `g=<group>` -- specifies that the executable should be run with primary group `<group>` (see section "Notes"), - - `D=<DISPLAY>` -- if set, the environment variable `DISPLAY` will be - set to `<DISPLAY>` and exported prior execution of - `<path-to-executable>`, - `t=<filetype>` -- if set, CUPS' PostScript output will be converted to `<filetype>`. Possible values for `<filetype>` are: + 'ps' (PostScript; retain CUPS' default), @@ -128,21 +130,32 @@ where: the executable. * On `<path-to-executable>` and all the options (except `t=<filetype>`), the following string substitutions are applied (see also "Notes"): - - `%s` -> The file where the CUPS print output is saved. Use `%s` to + - `%A` -> `&`, + - `%AT` -> `@`, + - `%B` -> `\`, + - `%C` -> `:`, + - `%D` -> `$` + - `%E` -> `=`, + - `%H` -> `#`, + - `%L` -> `<` + - `%LC` -> `{` + - `%LR` -> `(` + - `%LS` -> `[` + - `%P` -> `|`, + - `%Q` -> `?`, + - `%R` -> `>` + - `%RC` -> `}` + - `%RR` -> `)` + - `%RS` -> `]` + - `%TB` -> `` ` `` (backtick), + - `%TD` -> `"`, + - `%TS` -> `'`, + - `%X` -> `!` + - `%s` -> The file where the CUPS print output is saved. Use `%s` to pass the printed file to be opened to the executable. - - `%.` -> ` `, - - `%_` -> `-`, - - `%P` -> `|`, - - `%B` -> `\`, - - `%H` -> `#`, - - `%Q` -> `?`, - - `%A` -> `&`, - - `%C` -> `:`, - - `%T` -> `'`, - - `%G` -> `"`, - - `%E` -> `=`, - - `%M` -> `@`, - - `%%` -> `%`. + - `%.` -> ` `, + - `%_` -> `-`, + - `%%` -> `%`. These replacements are carried out after cups-programme has parsed the Device URI, so e.g. `%E` can be used to escape a `=` from cups-programme's parser, e.g. to pass `u=...` as argument to the @@ -159,6 +172,10 @@ beware what you do there. The following variables are to be set in the configuration file: `su_variant`, `askpass_cmd` and `image_converter`. +* The executable whill be run in `bash`, but the the command and all + arguments /should/ be properly quoted by cups-programme so that `bash` + will not perform substitutions. + * When a programme should be run as a specific user (`u=<user>` in the Device URI) or with a specific primary group (`g=<group>` in the Device URI), some programme like `su` or `sudo` needs to be invoked. @@ -187,10 +204,9 @@ supported values. Notes ----- -* The `%`-substitutions in the options in the Device URI might become - necessary if the characters are breaking the Device URI. Also, `-` in - the Device URI may make problems due to interpretation in scripts, so - it is advised to use `%_` instead. +* The `%`-substitutions in the options in the Device URI might also + become necessary if the characters are breaking the Device URI, even + if the characters are allowed by cups-programme itself. * Setting a primary group to run the command as is only possible when the CUPS filter is run as root, and only with some `su_variant` @@ -199,7 +215,7 @@ Notes * When adding a printer with this backend via CUPS, you might get an error like - Bad device-uri "cups-programme:/usr/bin/gimp?u=user&D=:0.0&%s". + Bad device-uri "cups-programme:/usr/bin/gimp?u=user&DISPLAY=:0.0&%s". When this happens, add the printer with a very basic Device URI like `cups-programme:/usr/bin/gimp`, and after adding the printer, edit diff --git a/cups-programme.sh b/cups-programme.sh index 61591d2e6056..a59e0f0e1250 100755 --- a/cups-programme.sh +++ b/cups-programme.sh @@ -29,7 +29,7 @@ # # The version. -VERSION=0.2.2 +VERSION=0.3 # Abort on error set -e @@ -212,33 +212,59 @@ log_local "" # # $DEVICE_URI format: # -# ${backend_name}:<command>?u=<user>&g=<group>&D=<display>&t=<filetype>&<variable>=<value>&<variable>=<value>&<argument>&<argument>... +# ${backend_name}:<command>?u=<user>&g=<group>&t=<filetype>&<variable>=<value>&<variable>=<value>&<argument>&<argument>... # -# All arguments, including the 'u=<user>', 'g=<group>', 'D=<display>' -# and 't=<filetype>, are optional. +# All arguments, including the 'u=<user>', 'g=<group>', and +# 't=<filetype>, are optional. # -# The following replacements will be carried out for '<command>' and all -# options except 't=<filetype>': -# - '%.' -> ' ' -# - '%_' -> '-' -# - '%P' -> '|' -# - '%B' -> '\' -# - '%H' -> '#' -# - '%Q' -> '?' -# - '%A' -> '&' -# - '%C' -> ':' -# - '%T' -> ''' -# - '%G' -> '"' -# - '%E' -> '=' -# - '%M' -> '@' -# - '%%' -> '%' -# - '%s' -> "${outfile}" (The, probably converted, output from CUPS to -# open) -# The replacements will be carried out after we have parsed the options, -# so '%E' can be used to escape a '=' from our parser. +# '%'-replacements will be carried out for '<command>' and all options +# except 't=<filetype>', see documentation ('README.md') and function +# 'replace_strings()'. # # The programme will be invoked with the specified arguments. +# Checking $DEVICE_URI for allowed characters: + +replace_strings() { + replace \ + '%A' '&' \ + '%AT' '@' \ + '%B' '\' \ + '%C' ':' \ + '%D' '$' \ + '%E' '=' \ + '%H' '#' \ + '%L' '<' \ + '%LC' '{' \ + '%LR' '(' \ + '%LS' '[' \ + '%P' '|' \ + '%Q' '?' \ + '%R' '>' \ + '%RC' '}' \ + '%RR' ')' \ + '%RS' ']' \ + '%TB' '`' \ + '%TD' '"' \ + '%TS' "'" \ + '%X' '!' \ + '%s' "${outfile}" \ + '%.' ' ' \ + '%_' '-' \ + '%%' '%' +} + +# Test if $DEVICE_URI contains only allowed characters. +# Put the ']' first in order for grep not interpreting it special. +# Put the '-' last in order for grep not interpreting it special. +# Put the '^' not first in order for grep not interpreting it special. +_allowd_chars='][)(}{äÄöÖüÜß.:,;_@^°§%&/=?+*~a-zA-Z0-9-' +if echo "${DEVICE_URI}" | grep -qE -e "[^${_allowd_chars}]"; then + _rejected_chars="$(echo "${DEVICE_URI}" | grep -oE -e "[^${_allowd_chars}]" | sort | uniq | tr -d '\n')" + error "$0: \$DEVICE_URI contains forbidden character(s) '${_rejected_chars}'. Allowed set: [${_allowd_chars}]. Aborting." + exit 5 +fi + # Getting the command from $DEVICE_URI: cmd="$(echo "${DEVICE_URI}" | sed "s|^${backend_name}":'||g' | sed 's|?.*$||')" @@ -252,7 +278,6 @@ IFS='&' read -r -a argv <<< "${argstr}" cmd_args=() unset user unset group -unset display unset filetype env_vars=() # Have this as function that we will call, so that we can make use of 'shift'. @@ -271,10 +296,6 @@ parse_argv() { group="${_arg#g=}" log_local " Parsed 'g='-option. Group: '${group}'." ;; - D=*) - display="${_arg#D=}" - log_local " Parsed 'D='-option. Display: '${display}'." - ;; t=*) filetype="${_arg#t=}" log_local " Parsed 't='-option. filetype: '${filetype}'." @@ -306,13 +327,9 @@ fi outfile="${outfile_prefix}.${filetype}" # Now, after $outfile is set, do the string replacements: -replace_strings() { - replace '%%' '%' '%.' ' ' '%_' '-' '%P' '|' '%B' '\' '%H' '#' '%Q' '?' '%A' '&' '%C' ':' '%G' '"' '%T' "'" '%E' '=' '%M' '@' '%s' "${outfile}" -} if [ -v cmd ]; then cmd="$(echo "${cmd}" | replace_strings)"; fi if [ -v user ]; then user="$(echo "${user}" | replace_strings)"; fi if [ -v group ]; then group="$(echo "${group}" | replace_strings)"; fi -if [ -v display ]; then display="$(echo "${display}" | replace_strings)"; fi cmd_args_replaced=() for _arg in "${cmd_args[@]}"; do cmd_args_replaced+=("$(echo "${_arg}" | replace_strings)") @@ -352,13 +369,12 @@ log_local " - command: ${cmd}" log_local " - command arguments: ${cmd_args_replaced[@]}" log_local " - # of command arguments: ${#cmd_args_replaced[@]}" log_local "" -log_local "Variables extracted from \$DEVICE_URI:" -if [ -v user ]; then log_local " - user: ${user}"; else log_local " - (Variable 'user' is not set.)"; fi -if [ -v group ]; then log_local " - group: ${group}"; else log_local " - (Variable 'group' is not set.)"; fi -if [ -v display ]; then log_local " - display: ${display}"; else log_local " - (Variable 'display' is not set.)"; fi -if [ -v filetype ]; then log_local " - filetype: ${filetype}"; else log_local " - (Variable 'filetype' is not set.)"; fi +log_local "Settings extracted from \$DEVICE_URI:" +if [ -v user ]; then log_local " - user: ${user}"; else log_local " - ('user' is not set.)"; fi +if [ -v group ]; then log_local " - group: ${group}"; else log_local " - ('group' is not set.)"; fi +if [ -v filetype ]; then log_local " - filetype: ${filetype}"; else log_local " - ('filetype' is not set.)"; fi log_local "" -log_local "Variables specified in the configuration file:" +log_local "Settings specified in the configuration file:" log_local " - su_variant: ${su_variant}" log_local " - askpass_cmd: ${askpass_cmd}" log_local " - image_converter: ${image_converter}" @@ -547,14 +563,8 @@ if [ -v user ] || [ -v group ]; then ;; esac else - su_cmd='sh' - su_opts="-c ${cmd@Q} ${cmd_args_replaced[@]@Q}" -fi - -if [ -v display ]; then - log_local "exporting DISPLAY=${display}" - log_local "" - export DISPLAY="${display}" + su_cmd="${cmd}" + su_opts="${cmd_args_replaced[@]@Q}" fi notice "$0: Running 'bash -c \"${su_cmd} ${su_opts} >> ${logfile@Q} 2>&1\"'..." |