From e2eb28cfcf10ef163253a65f631e0cc98fe34804 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Thu, 14 Nov 2019 15:30:00 -0500
Subject: Sandboxed applications were not able to get the default printer
 (Issue #5676)

- Add "home" global pointing to the user's home directory.
- Use it instead of getenv("HOME") everywhere we needed it.
---
 cups/cups-private.h |  1 +
 cups/dest.c         | 38 ++++++++++++--------------------------
 cups/globals.c      | 26 +++++++++++++++++++++++---
 cups/tls-darwin.c   |  7 ++++---
 cups/tls-gnutls.c   |  9 +++++----
 cups/usersys.c      | 11 ++---------
 6 files changed, 47 insertions(+), 45 deletions(-)

(limited to 'cups')

diff --git a/cups/cups-private.h b/cups/cups-private.h
index aeba7176b..97734a539 100644
--- a/cups/cups-private.h
+++ b/cups/cups-private.h
@@ -82,6 +82,7 @@ typedef struct _cups_globals_s		/**** CUPS global state data ****/
 			*cups_serverroot,
 					/* CUPS_SERVERROOT environment var */
 			*cups_statedir,	/* CUPS_STATEDIR environment var */
+			*home,		/* HOME environment var */
 			*localedir;	/* LOCALDIR environment var */
 
   /* adminutil.c */
diff --git a/cups/dest.c b/cups/dest.c
index 6ddfe9a36..fd57d9794 100644
--- a/cups/dest.c
+++ b/cups/dest.c
@@ -1748,7 +1748,6 @@ cupsGetNamedDest(http_t     *http,	/* I - Connection to server or @code CUPS_HTT
   cups_dest_t	*dest;			/* Destination */
   char		filename[1024],		/* Path to lpoptions */
 		defname[256];		/* Default printer name */
-  const char	*home = getenv("HOME");	/* Home directory */
   int		set_as_default = 0;	/* Set returned destination as default */
   ipp_op_t	op = IPP_OP_GET_PRINTER_ATTRIBUTES;
 					/* IPP operation to get server ops */
@@ -1780,13 +1779,13 @@ cupsGetNamedDest(http_t     *http,	/* I - Connection to server or @code CUPS_HTT
       else
         instance = NULL;
     }
-    else if (home)
+    else if (cg->home)
     {
      /*
       * No default in the environment, try the user's lpoptions files...
       */
 
-      snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", home);
+      snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", cg->home);
 
       dest_name = cups_get_default(filename, defname, sizeof(defname), &instance);
 
@@ -1892,9 +1891,9 @@ cupsGetNamedDest(http_t     *http,	/* I - Connection to server or @code CUPS_HTT
   snprintf(filename, sizeof(filename), "%s/lpoptions", cg->cups_serverroot);
   cups_get_dests(filename, dest_name, instance, 0, 1, 1, &dest);
 
-  if (home)
+  if (cg->home)
   {
-    snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", home);
+    snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", cg->home);
 
     cups_get_dests(filename, dest_name, instance, 0, 1, 1, &dest);
   }
@@ -2032,9 +2031,6 @@ cupsSetDests2(http_t      *http,	/* I - Connection to server or @code CUPS_HTTP_
   cups_option_t	*option;		/* Current option */
   _ipp_option_t	*match;			/* Matching attribute for option */
   FILE		*fp;			/* File pointer */
-#ifndef _WIN32
-  const char	*home;			/* HOME environment variable */
-#endif /* _WIN32 */
   char		filename[1024];		/* lpoptions file */
   int		num_temps;		/* Number of temporary destinations */
   cups_dest_t	*temps = NULL,		/* Temporary destinations */
@@ -2068,27 +2064,18 @@ cupsSetDests2(http_t      *http,	/* I - Connection to server or @code CUPS_HTTP_
 
   snprintf(filename, sizeof(filename), "%s/lpoptions", cg->cups_serverroot);
 
-#ifndef _WIN32
-  if (getuid())
+  if (cg->home)
   {
    /*
-    * Point to user defaults...
+    * Create ~/.cups subdirectory...
     */
 
-    if ((home = getenv("HOME")) != NULL)
-    {
-     /*
-      * Create ~/.cups subdirectory...
-      */
-
-      snprintf(filename, sizeof(filename), "%s/.cups", home);
-      if (access(filename, 0))
-        mkdir(filename, 0700);
+    snprintf(filename, sizeof(filename), "%s/.cups", cg->home);
+    if (access(filename, 0))
+      mkdir(filename, 0700);
 
-      snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", home);
-    }
+    snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", cg->home);
   }
-#endif /* !_WIN32 */
 
  /*
   * Try to open the file...
@@ -3426,7 +3413,6 @@ cups_enum_dests(
 #else
   _cups_getdata_t data;			/* Data for callback */
 #endif /* HAVE_DNSSD || HAVE_AVAHI */
-  const char	*home;			/* HOME environment variable */
   char		filename[1024];		/* Local lpoptions file */
   _cups_globals_t *cg = _cupsGlobals();	/* Pointer to library globals */
 
@@ -3475,9 +3461,9 @@ cups_enum_dests(
   snprintf(filename, sizeof(filename), "%s/lpoptions", cg->cups_serverroot);
   data.num_dests = cups_get_dests(filename, NULL, NULL, 1, user_default != NULL, data.num_dests, &data.dests);
 
-  if ((home = getenv("HOME")) != NULL)
+  if (cg->home)
   {
-    snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", home);
+    snprintf(filename, sizeof(filename), "%s/.cups/lpoptions", cg->home);
 
     data.num_dests = cups_get_dests(filename, NULL, NULL, 1, user_default != NULL, data.num_dests, &data.dests);
   }
diff --git a/cups/globals.c b/cups/globals.c
index b75434f2c..e5c87f14a 100644
--- a/cups/globals.c
+++ b/cups/globals.c
@@ -1,10 +1,11 @@
 /*
  * Global variable access routines for CUPS.
  *
- * Copyright 2007-2015 by Apple Inc.
- * Copyright 1997-2007 by Easy Software Products, all rights reserved.
+ * Copyright © 2007-2019 by Apple Inc.
+ * Copyright © 1997-2007 by Easy Software Products, all rights reserved.
  *
- * Licensed under Apache License v2.0.  See the file "LICENSE" for more information.
+ * Licensed under Apache License v2.0.  See the file "LICENSE" for more
+ * information.
  */
 
 /*
@@ -12,6 +13,9 @@
  */
 
 #include "cups-private.h"
+#ifndef _WIN32
+#  include <pwd.h>
+#endif /* !_WIN32 */
 
 
 /*
@@ -269,6 +273,8 @@ cups_globals_alloc(void)
   if ((cg->localedir = getenv("LOCALEDIR")) == NULL)
     cg->localedir = localedir;
 
+  cg->home = getenv("HOME");
+
 #else
 #  ifdef HAVE_GETEUID
   if ((geteuid() != getuid() && getuid()) || getegid() != getgid())
@@ -307,9 +313,23 @@ cups_globals_alloc(void)
 
     if ((cg->localedir = getenv("LOCALEDIR")) == NULL)
       cg->localedir = CUPS_LOCALEDIR;
+
+#  ifndef __APPLE__ /* Sandboxing now exposes the container as the home directory */
+    cg->home = getenv("HOME");
+#endif /* !__APPLE__ */
+  }
+
+  if (!cg->home)
+  {
+    struct passwd	*pw;		/* User info */
+
+    if ((pw = getpwuid(getuid())) != NULL)
+      cg->home = _cupsStrAlloc(pw->pw_dir);
   }
 #endif /* _WIN32 */
 
+  fprintf(stderr, "Using \"%s\" as home directory.\n", cg->home);
+
   return (cg);
 }
 
diff --git a/cups/tls-darwin.c b/cups/tls-darwin.c
index e8c4fb713..b3bd50bf8 100644
--- a/cups/tls-darwin.c
+++ b/cups/tls-darwin.c
@@ -2002,7 +2002,8 @@ static const char *			/* O - Keychain path */
 http_cdsa_default_path(char   *buffer,	/* I - Path buffer */
                        size_t bufsize)	/* I - Size of buffer */
 {
-  const char *home = getenv("HOME");	/* HOME environment variable */
+  _cups_globals_t	*cg = _cupsGlobals();
+					/* Pointer to library globals */
 
 
  /*
@@ -2011,8 +2012,8 @@ http_cdsa_default_path(char   *buffer,	/* I - Path buffer */
   * 10.11.4 (!), so we need to create our own keychain just for CUPS.
   */
 
-  if (getuid() && home)
-    snprintf(buffer, bufsize, "%s/.cups/ssl.keychain", home);
+  if (cg->home)
+    snprintf(buffer, bufsize, "%s/.cups/ssl.keychain", cg->home);
   else
     strlcpy(buffer, "/etc/cups/ssl.keychain", bufsize);
 
diff --git a/cups/tls-gnutls.c b/cups/tls-gnutls.c
index fc52f493c..329cc0eb4 100644
--- a/cups/tls-gnutls.c
+++ b/cups/tls-gnutls.c
@@ -935,12 +935,13 @@ static const char *			/* O - Path or NULL on error */
 http_gnutls_default_path(char   *buffer,/* I - Path buffer */
                          size_t bufsize)/* I - Size of path buffer */
 {
-  const char *home = getenv("HOME");	/* HOME environment variable */
+  _cups_globals_t	*cg = _cupsGlobals();
+					/* Pointer to library globals */
 
 
-  if (getuid() && home)
+  if (cg->home)
   {
-    snprintf(buffer, bufsize, "%s/.cups", home);
+    snprintf(buffer, bufsize, "%s/.cups", cg->home);
     if (access(buffer, 0))
     {
       DEBUG_printf(("1http_gnutls_default_path: Making directory \"%s\".", buffer));
@@ -951,7 +952,7 @@ http_gnutls_default_path(char   *buffer,/* I - Path buffer */
       }
     }
 
-    snprintf(buffer, bufsize, "%s/.cups/ssl", home);
+    snprintf(buffer, bufsize, "%s/.cups/ssl", cg->home);
     if (access(buffer, 0))
     {
       DEBUG_printf(("1http_gnutls_default_path: Making directory \"%s\".", buffer));
diff --git a/cups/usersys.c b/cups/usersys.c
index 3acfd2bd9..d74c951cf 100644
--- a/cups/usersys.c
+++ b/cups/usersys.c
@@ -971,7 +971,6 @@ void
 _cupsSetDefaults(void)
 {
   cups_file_t	*fp;			/* File */
-  const char	*home;			/* Home directory of user */
   char		filename[1024];		/* Filename */
   _cups_client_conf_t cc;		/* client.conf values */
   _cups_globals_t *cg = _cupsGlobals();	/* Pointer to library globals */
@@ -997,19 +996,13 @@ _cupsSetDefaults(void)
     cupsFileClose(fp);
   }
 
-#  ifdef HAVE_GETEUID
-  if ((geteuid() == getuid() || !getuid()) && getegid() == getgid() && (home = getenv("HOME")) != NULL)
-#  elif !defined(_WIN32)
-  if (getuid() && (home = getenv("HOME")) != NULL)
-#  else
-  if ((home = getenv("HOME")) != NULL)
-#  endif /* HAVE_GETEUID */
+  if (cg->home)
   {
    /*
     * Look for ~/.cups/client.conf...
     */
 
-    snprintf(filename, sizeof(filename), "%s/.cups/client.conf", home);
+    snprintf(filename, sizeof(filename), "%s/.cups/client.conf", cg->home);
     if ((fp = cupsFileOpen(filename, "r")) != NULL)
     {
       cups_read_client_conf(fp, &cc);
-- 
cgit v1.2.1