1 <!-- 2 Filter and backend programming introduction for CUPS. 3 4 Copyright 2007-2016 by Apple Inc. 5 Copyright 1997-2006 by Easy Software Products, all rights reserved. 6 7 These coded instructions, statements, and computer programs are the 8 property of Apple Inc. and are protected by Federal copyright 9 law. Distribution and use rights are outlined in the file "LICENSE.txt" 10 which should have been included with this file. If this file is 11 file is missing or damaged, see the license at "http://www.cups.org/". 12 --> 13 14 <h2 class='title'><a name="OVERVIEW">Overview</a></h2> 15 16 <p>Filters (which include printer drivers and port monitors) and backends 17 are used to convert job files to a printable format and send that data to the 18 printer itself. All of these programs use a common interface for processing 19 print jobs and communicating status information to the scheduler. Each is run 20 with a standard set of command-line arguments:<p> 21 22 <dl class="code"> 23 24 <dt>argv[1]</dt> 25 <dd>The job ID</dd> 26 27 <dt>argv[2]</dt> 28 <dd>The user printing the job</dd> 29 30 <dt>argv[3]</dt> 31 <dd>The job name/title</dd> 32 33 <dt>argv[4]</dt> 34 <dd>The number of copies to print</dd> 35 36 <dt>argv[5]</dt> 37 <dd>The options that were provided when the job was submitted</dd> 38 39 <dt>argv[6]</dt> 40 <dd>The file to print (first program only)</dd> 41 </dl> 42 43 <p>The scheduler runs one or more of these programs to print any given job. The 44 first filter reads from the print file and writes to the standard output, while 45 the remaining filters read from the standard input and write to the standard 46 output. The backend is the last filter in the chain and writes to the 47 device.</p> 48 49 <p>Filters are always run as a non-privileged user, typically "lp", with no 50 connection to the user's desktop. Backends are run either as a non-privileged 51 user or as root if the file permissions do not allow user or group execution. 52 The <a href="#PERMISSIONS">file permissions</a> section talks about this in 53 more detail.</p> 54 55 <h3><a name="SECURITY">Security Considerations</a></h3> 56 57 <p>It is always important to use security programming practices. Filters and 58 most backends are run as a non-privileged user, so the major security 59 consideration is resource utilization - filters should not depend on unlimited 60 amounts of CPU, memory, or disk space, and should protect against conditions 61 that could lead to excess usage of any resource like infinite loops and 62 unbounded recursion. In addition, filters must <em>never</em> allow the user to 63 specify an arbitrary file path to a separator page, template, or other file 64 used by the filter since that can lead to an unauthorized disclosure of 65 information. <em>Always</em> treat input as suspect and validate it!</p> 66 67 <p>If you are developing a backend that runs as root, make sure to check for 68 potential buffer overflows, integer under/overflow conditions, and file 69 accesses since these can lead to privilege escalations. When writing files, 70 always validate the file path and <em>never</em> allow a user to determine 71 where to store a file.</p> 72 73 <blockquote><b>Note:</b> 74 75 <p><em>Never</em> write files to a user's home directory. Aside from the 76 security implications, CUPS is a network print service and as such the network 77 user may not be the same as the local user and/or there may not be a local home 78 directory to write to.</p> 79 80 <p>In addition, some operating systems provide additional security mechanisms 81 that further limit file system access, even for backends running as root. On 82 macOS, for example, no backend may write to a user's home directory. See the <a href="#SANDBOXING">Sandboxing on macOS</a> section for more information.</p> 83 </blockquote> 84 85 <h3><a name="SIGNALS">Canceled Jobs and Signal Handling</a></h3> 86 87 <p>The scheduler sends <code>SIGTERM</code> when a printing job is canceled or 88 held. Filters, backends, and port monitors <em>must</em> catch 89 <code>SIGTERM</code> and perform any cleanup necessary to produce a valid output 90 file or return the printer to a known good state. The recommended behavior is to 91 end the output on the current page, preferably on the current line or object 92 being printed.</p> 93 94 <p>Filters and backends may also receive <code>SIGPIPE</code> when an upstream or downstream filter/backend exits with a non-zero status. Developers should generally ignore <code>SIGPIPE</code> at the beginning of <code>main()</code> with the following function call:</p> 95 96 <pre class="example"> 97 #include <signal.h> 98 99 ... 100 101 int 102 main(int argc, char *argv[]) 103 { 104 signal(SIGPIPE, SIG_IGN); 105 106 ... 107 } 108 </pre> 109 110 <h3><a name="PERMISSIONS">File Permissions</a></h3> 111 112 <p>For security reasons, CUPS will only run filters and backends that are owned 113 by root and do not have world or group write permissions. The recommended 114 permissions for filters and backends are 0555 - read and execute but no write. 115 Backends that must run as root should use permissions of 0500 - read and execute 116 by root, no access for other users. Write permissions can be enabled for the 117 root user only.</p> 118 119 <p>To avoid a warning message, the directory containing your filter(s) must also 120 be owned by root and have world and group write disabled - permissions of 0755 121 or 0555 are strongly encouraged.</p> 122 123 <h3><a name="TEMPFILES">Temporary Files</a></h3> 124 125 <p>Temporary files should be created in the directory specified by the 126 "TMPDIR" environment variable. The 127 <a href="#cupsTempFile2"><code>cupsTempFile2</code></a> function can be 128 used to safely create temporary files in this directory.</p> 129 130 <h3><a name="COPIES">Copy Generation</a></h3> 131 132 <p>The <code>argv[4]</code> argument specifies the number of copies to produce 133 of the input file. In general, you should only generate copies if the 134 <em>filename</em> argument is supplied. The only exception to this are 135 filters that produce device-independent PostScript output, since the PostScript 136 filter <var>pstops</var> is responsible for generating copies of PostScript 137 files.</p> 138 139 <h3><a name="EXITCODES">Exit Codes</a></h3> 140 141 <p>Filters must exit with status 0 when they successfully generate print data 142 or 1 when they encounter an error. Backends can return any of the 143 <a href="#cups_backend_t"><code>cups_backend_t</code></a> constants.</p> 144 145 <h3><a name="ENVIRONMENT">Environment Variables</a></h3> 146 147 <p>The following environment variables are defined by the printing system 148 when running print filters and backends:</p> 149 150 <dl class="code"> 151 152 <dt>APPLE_LANGUAGE</dt> 153 <dd>The Apple language identifier associated with the job 154 (macOS only).</dd> 155 156 <dt>CHARSET</dt> 157 <dd>The job character set, typically "utf-8".</dd> 158 159 <dt>CLASS</dt> 160 <dd>When a job is submitted to a printer class, contains the name of 161 the destination printer class. Otherwise this environment 162 variable will not be set.</dd> 163 164 <dt>CONTENT_TYPE</dt> 165 <dd>The MIME type associated with the file (e.g. 166 application/postscript).</dd> 167 168 <dt>CUPS_CACHEDIR</dt> 169 <dd>The directory where cache files can be stored. Cache files can be 170 used to retain information between jobs or files in a job.</dd> 171 172 <dt>CUPS_DATADIR</dt> 173 <dd>The directory where (read-only) CUPS data files can be found.</dd> 174 175 <dt>CUPS_FILETYPE</dt> 176 <dd>The type of file being printed: "job-sheet" for a banner page and 177 "document" for a regular print file.</dd> 178 179 <dt>CUPS_SERVERROOT</dt> 180 <dd>The root directory of the server.</dd> 181 182 <dt>DEVICE_URI</dt> 183 <dd>The device-uri associated with the printer.</dd> 184 185 <dt>FINAL_CONTENT_TYPE</dt> 186 <dd>The MIME type associated with the printer (e.g. 187 application/vnd.cups-postscript).</dd> 188 189 <dt>LANG</dt> 190 <dd>The language locale associated with the job.</dd> 191 192 <dt>PPD</dt> 193 <dd>The full pathname of the PostScript Printer Description (PPD) 194 file for this printer.</dd> 195 196 <dt>PRINTER</dt> 197 <dd>The queue name of the class or printer.</dd> 198 199 <dt>RIP_CACHE</dt> 200 <dd>The recommended amount of memory to use for Raster Image 201 Processors (RIPs).</dd> 202 203 <dt>TMPDIR</dt> 204 <dd>The directory where temporary files should be created.</dd> 205 206 </dl> 207 208 <h3><a name="MESSAGES">Communicating with the Scheduler</a></h3> 209 210 <p>Filters and backends communicate with the scheduler by writing messages 211 to the standard error file. The scheduler reads messages from all filters in 212 a job and processes the message based on its prefix. For example, the following 213 code sets the current printer state message to "Printing page 5":</p> 214 215 <pre class="example"> 216 int page = 5; 217 218 fprintf(stderr, "INFO: Printing page %d\n", page); 219 </pre> 220 221 <p>Each message is a single line of text starting with one of the following 222 prefix strings:</p> 223 224 <dl class="code"> 225 226 <dt>ALERT: message</dt> 227 <dd>Sets the printer-state-message attribute and adds the specified 228 message to the current error log file using the "alert" log level.</dd> 229 230 <dt>ATTR: attribute=value [attribute=value]</dt> 231 <dd>Sets the named printer or job attribute(s). Typically this is used 232 to set the <code>marker-colors</code>, <code>marker-high-levels</code>, 233 <code>marker-levels</code>, <code>marker-low-levels</code>, 234 <code>marker-message</code>, <code>marker-names</code>, 235 <code>marker-types</code>, <code>printer-alert</code>, and 236 <code>printer-alert-description</code> printer attributes. Standard 237 <code>marker-types</code> values are listed in <a href='#TABLE1'>Table 238 1</a>. String values need special handling - see <a href="#ATTR_STRINGS">Reporting Attribute String Values</a> below.</dd> 239 240 <dt>CRIT: message</dt> 241 <dd>Sets the printer-state-message attribute and adds the specified 242 message to the current error log file using the "critical" log 243 level.</dd> 244 245 <dt>DEBUG: message</dt> 246 <dd>Sets the printer-state-message attribute and adds the specified 247 message to the current error log file using the "debug" log level.</dd> 248 249 <dt>DEBUG2: message</dt> 250 <dd>Sets the printer-state-message attribute and adds the specified 251 message to the current error log file using the "debug2" log level.</dd> 252 253 <dt>EMERG: message</dt> 254 <dd>Sets the printer-state-message attribute and adds the specified 255 message to the current error log file using the "emergency" log 256 level.</dd> 257 258 <dt>ERROR: message</dt> 259 <dd>Sets the printer-state-message attribute and adds the specified 260 message to the current error log file using the "error" log level. 261 Use "ERROR:" messages for non-persistent processing errors.</dd> 262 263 <dt>INFO: message</dt> 264 <dd>Sets the printer-state-message attribute. If the current log level 265 is set to "debug2", also adds the specified message to the current error 266 log file using the "info" log level.</dd> 267 268 <dt>NOTICE: message</dt> 269 <dd>Sets the printer-state-message attribute and adds the specified 270 message to the current error log file using the "notice" log level.</dd> 271 272 <dt>PAGE: page-number #-copies</dt> 273 <dt>PAGE: total #-pages</dt> 274 <dd>Adds an entry to the current page log file. The first form adds 275 #-copies to the job-media-sheets-completed attribute. The second 276 form sets the job-media-sheets-completed attribute to #-pages.</dd> 277 278 <dt>PPD: keyword=value [keyword=value ...]</dt> 279 <dd>Changes or adds keywords to the printer's PPD file. Typically 280 this is used to update installable options or default media settings 281 based on the printer configuration.</dd> 282 283 <dt>STATE: + printer-state-reason [printer-state-reason ...]</dt> 284 <dt>STATE: - printer-state-reason [printer-state-reason ...]</dt> 285 <dd>Sets or clears printer-state-reason keywords for the current queue. 286 Typically this is used to indicate persistent media, ink, toner, and 287 configuration conditions or errors on a printer. 288 <a href='#TABLE2'>Table 2</a> lists some of the standard "printer-state-reasons" keywords from the <a href="http://www.iana.org/assignments/ipp-registrations/ipp-registrations.xhtml#ipp-registrations-4">IANA IPP Registry</a> - 289 use vendor-prefixed ("com.example.foo") keywords for custom states. See 290 <a href="#MANAGING_STATE">Managing Printer State in a Filter</a> for more 291 information. 292 293 <dt>WARNING: message</dt> 294 <dd>Sets the printer-state-message attribute and adds the specified 295 message to the current error log file using the "warning" log 296 level.</dd> 297 298 </dl> 299 300 <p>Messages without one of these prefixes are treated as if they began with 301 the "DEBUG:" prefix string.</p> 302 303 <div class='table'><table width='80%' summary='Table 1: Standard marker-types Values'> 304 <caption>Table 1: <a name='TABLE1'>Standard marker-types Values</a></caption> 305 <thead> 306 <tr> 307 <th>marker-type</th> 308 <th>Description</th> 309 </tr> 310 </thead> 311 <tbody> 312 <tr> 313 <td>developer</td> 314 <td>Developer unit</td> 315 </tr> 316 <tr> 317 <td>fuser</td> 318 <td>Fuser unit</td> 319 </tr> 320 <tr> 321 <td>fuser-cleaning-pad</td> 322 <td>Fuser cleaning pad</td> 323 </tr> 324 <tr> 325 <td>fuser-oil</td> 326 <td>Fuser oil</td> 327 </tr> 328 <tr> 329 <td>ink</td> 330 <td>Ink supply</td> 331 </tr> 332 <tr> 333 <td>opc</td> 334 <td>Photo conductor</td> 335 </tr> 336 <tr> 337 <td>solid-wax</td> 338 <td>Wax supply</td> 339 </tr> 340 <tr> 341 <td>staples</td> 342 <td>Staple supply</td> 343 </tr> 344 <tr> 345 <td>toner</td> 346 <td>Toner supply</td> 347 </tr> 348 <tr> 349 <td>transfer-unit</td> 350 <td>Transfer unit</td> 351 </tr> 352 <tr> 353 <td>waste-ink</td> 354 <td>Waste ink tank</td> 355 </tr> 356 <tr> 357 <td>waste-toner</td> 358 <td>Waste toner tank</td> 359 </tr> 360 <tr> 361 <td>waste-wax</td> 362 <td>Waste wax tank</td> 363 </tr> 364 </tbody> 365 </table></div> 366 367 <br> 368 369 <div class='table'><table width='80%' summary='Table 2: Standard State Keywords'> 370 <caption>Table 2: <a name='TABLE2'>Standard State Keywords</a></caption> 371 <thead> 372 <tr> 373 <th>Keyword</th> 374 <th>Description</th> 375 </tr> 376 </thead> 377 <tbody> 378 <tr> 379 <td>connecting-to-device</td> 380 <td>Connecting to printer but not printing yet.</td> 381 </tr> 382 <tr> 383 <td>cover-open</td> 384 <td>The printer's cover is open.</td> 385 </tr> 386 <tr> 387 <td>input-tray-missing</td> 388 <td>The paper tray is missing.</td> 389 </tr> 390 <tr> 391 <td>marker-supply-empty</td> 392 <td>The printer is out of ink.</td> 393 </tr> 394 <tr> 395 <td>marker-supply-low</td> 396 <td>The printer is almost out of ink.</td> 397 </tr> 398 <tr> 399 <td>marker-waste-almost-full</td> 400 <td>The printer's waste bin is almost full.</td> 401 </tr> 402 <tr> 403 <td>marker-waste-full</td> 404 <td>The printer's waste bin is full.</td> 405 </tr> 406 <tr> 407 <td>media-empty</td> 408 <td>The paper tray (any paper tray) is empty.</td> 409 </tr> 410 <tr> 411 <td>media-jam</td> 412 <td>There is a paper jam.</td> 413 </tr> 414 <tr> 415 <td>media-low</td> 416 <td>The paper tray (any paper tray) is almost empty.</td> 417 </tr> 418 <tr> 419 <td>media-needed</td> 420 <td>The paper tray needs to be filled (for a job that is printing).</td> 421 </tr> 422 <tr> 423 <td>paused</td> 424 <td>Stop the printer.</td> 425 </tr> 426 <tr> 427 <td>timed-out</td> 428 <td>Unable to connect to printer.</td> 429 </tr> 430 <tr> 431 <td>toner-empty</td> 432 <td>The printer is out of toner.</td> 433 </tr> 434 <tr> 435 <td>toner-low</td> 436 <td>The printer is low on toner.</td> 437 </tr> 438 </tbody> 439 </table></div> 440 441 442 <h4><a name="ATTR_STRINGS">Reporting Attribute String Values</a></h4> 443 444 <p>When reporting string values using "ATTR:" messages, a filter or backend must take special care to appropriately quote those values. The scheduler uses the CUPS option parsing code for attributes, so the general syntax is:</p> 445 446 <pre class="example"> 447 name=simple 448 name=simple,simple,... 449 name='complex value' 450 name="complex value" 451 name='"complex value"','"complex value"',... 452 </pre> 453 454 <p>Simple values are strings that do not contain spaces, quotes, backslashes, or the comma and can be placed verbatim in the "ATTR:" message, for example:</p> 455 456 <pre class="example"> 457 int levels[4] = { 40, 50, 60, 70 }; /* CMYK */ 458 459 fputs("ATTR: marker-colors=#00FFFF,#FF00FF,#FFFF00,#000000\n", stderr); 460 fputs("ATTR: marker-high-levels=100,100,100,100\n", stderr); 461 fprintf(stderr, "ATTR: marker-levels=%d,%d,%d,%d\n", levels[0], levels[1], 462 levels[2], levels[3], levels[4]); 463 fputs("ATTR: marker-low-levels=5,5,5,5\n", stderr); 464 fputs("ATTR: marker-types=toner,toner,toner,toner\n", stderr); 465 </pre> 466 467 <p>Complex values that contains spaces, quotes, backslashes, or the comma must be quoted. For a single value a single set of quotes is sufficient:</p> 468 469 <pre class="example"> 470 fputs("ATTR: marker-message='Levels shown are approximate.'\n", stderr); 471 </pre> 472 473 <p>When multiple values are reported, each value must be enclosed by a set of single and double quotes:</p> 474 475 <pre class="example"> 476 fputs("ATTR: marker-names='\"Cyan Toner\"','\"Magenta Toner\"'," 477 "'\"Yellow Toner\"','\"Black Toner\"'\n", stderr); 478 </pre> 479 480 <p>The IPP backend includes a <var>quote_string</var> function that may be used to properly quote a complex value in an "ATTR:" message:</p> 481 482 <pre class="example"> 483 static const char * /* O - Quoted string */ 484 quote_string(const char *s, /* I - String */ 485 char *q, /* I - Quoted string buffer */ 486 size_t qsize) /* I - Size of quoted string buffer */ 487 { 488 char *qptr, /* Pointer into string buffer */ 489 *qend; /* End of string buffer */ 490 491 492 qptr = q; 493 qend = q + qsize - 5; 494 495 if (qend < q) 496 { 497 *q = '\0'; 498 return (q); 499 } 500 501 *qptr++ = '\''; 502 *qptr++ = '\"'; 503 504 while (*s && qptr < qend) 505 { 506 if (*s == '\\' || *s == '\"' || *s == '\'') 507 { 508 if (qptr < (qend - 4)) 509 { 510 *qptr++ = '\\'; 511 *qptr++ = '\\'; 512 *qptr++ = '\\'; 513 } 514 else 515 break; 516 } 517 518 *qptr++ = *s++; 519 } 520 521 *qptr++ = '\"'; 522 *qptr++ = '\''; 523 *qptr = '\0'; 524 525 return (q); 526 } 527 </pre> 528 529 530 <h4><a name="MANAGING_STATE">Managing Printer State in a Filter</a></h4> 531 532 <p>Filters are responsible for managing the state keywords they set using 533 "STATE:" messages. Typically you will update <em>all</em> of the keywords that 534 are used by the filter at startup, for example:</p> 535 536 <pre class="example"> 537 if (foo_condition != 0) 538 fputs("STATE: +com.example.foo\n", stderr); 539 else 540 fputs("STATE: -com.example.foo\n", stderr); 541 542 if (bar_condition != 0) 543 fputs("STATE: +com.example.bar\n", stderr); 544 else 545 fputs("STATE: -com.example.bar\n", stderr); 546 </pre> 547 548 <p>Then as conditions change, your filter sends "STATE: +keyword" or "STATE: 549 -keyword" messages as necessary to set or clear the corresponding keyword, 550 respectively.</p> 551 552 <p>State keywords are often used to notify the user of issues that span across 553 jobs, for example "media-empty-warning" that indicates one or more paper trays 554 are empty. These keywords should not be cleared unless the corresponding issue 555 no longer exists.</p> 556 557 <p>Filters should clear job-related keywords on startup and exit so that they 558 do not remain set between jobs. For example, "connecting-to-device" is a job 559 sub-state and not an issue that applies when a job is not printing.</p> 560 561 <blockquote><b>Note:</b> 562 563 <p>"STATE:" messages often provide visible alerts to the user. For example, 564 on macOS setting a printer-state-reason value with an "-error" or 565 "-warning" suffix will cause the printer's dock item to bounce if the 566 corresponding reason is localized with a cupsIPPReason keyword in the 567 printer's PPD file.</p> 568 569 <p>When providing a vendor-prefixed keyword, <em>always</em> provide the 570 corresponding standard keyword (if any) to allow clients to respond to the 571 condition correctly. For example, if you provide a vendor-prefixed keyword 572 for a low cyan ink condition ("com.example.cyan-ink-low") you must also set the 573 "marker-supply-low-warning" keyword. In such cases you should also refrain 574 from localizing the vendor-prefixed keyword in the PPD file - otherwise both 575 the generic and vendor-specific keyword will be shown in the user 576 interface.</p> 577 578 </blockquote> 579 580 <h4><a name="REPORTING_SUPPLIES">Reporting Supply Levels</a></h4> 581 582 <p>CUPS tracks several "marker-*" attributes for ink/toner supply level 583 reporting. These attributes allow applications to display the current supply 584 levels for a printer without printer-specific software. <a href="#TABLE3">Table 3</a> lists the marker attributes and what they represent.</p> 585 586 <p>Filters set marker attributes by sending "ATTR:" messages to stderr. For 587 example, a filter supporting an inkjet printer with black and tri-color ink 588 cartridges would use the following to initialize the supply attributes:</p> 589 590 <pre class="example"> 591 fputs("ATTR: marker-colors=#000000,#00FFFF#FF00FF#FFFF00\n", stderr); 592 fputs("ATTR: marker-low-levels=5,10\n", stderr); 593 fputs("ATTR: marker-names=Black,Tri-Color\n", stderr); 594 fputs("ATTR: marker-types=ink,ink\n", stderr); 595 </pre> 596 597 <p>Then periodically the filter queries the printer for its current supply 598 levels and updates them with a separate "ATTR:" message:</p> 599 600 <pre class="example"> 601 int black_level, tri_level; 602 ... 603 fprintf(stderr, "ATTR: marker-levels=%d,%d\n", black_level, tri_level); 604 </pre> 605 606 <div class='table'><table width='80%' summary='Table 3: Supply Level Attributes'> 607 <caption>Table 3: <a name='TABLE3'>Supply Level Attributes</a></caption> 608 <thead> 609 <tr> 610 <th>Attribute</th> 611 <th>Description</th> 612 </tr> 613 </thead> 614 <tbody> 615 <tr> 616 <td>marker-colors</td> 617 <td>A list of comma-separated colors; each color is either "none" or one or 618 more hex-encoded sRGB colors of the form "#RRGGBB".</td> 619 </tr> 620 <tr> 621 <td>marker-high-levels</td> 622 <td>A list of comma-separated "almost full" level values from 0 to 100; a 623 value of 100 should be used for supplies that are consumed/emptied like ink 624 cartridges.</td> 625 </tr> 626 <tr> 627 <td>marker-levels</td> 628 <td>A list of comma-separated level values for each supply. A value of -1 629 indicates the level is unavailable, -2 indicates unknown, and -3 indicates 630 the level is unknown but has not yet reached capacity. Values from 0 to 100 631 indicate the corresponding percentage.</td> 632 </tr> 633 <tr> 634 <td>marker-low-levels</td> 635 <td>A list of comma-separated "almost empty" level values from 0 to 100; a 636 value of 0 should be used for supplies that are filled like waste ink 637 tanks.</td> 638 </tr> 639 <tr> 640 <td>marker-message</td> 641 <td>A human-readable supply status message for the user like "12 pages of 642 ink remaining."</td> 643 </tr> 644 <tr> 645 <td>marker-names</td> 646 <td>A list of comma-separated supply names like "Cyan Ink", "Fuser", 647 etc.</td> 648 </tr> 649 <tr> 650 <td>marker-types</td> 651 <td>A list of comma-separated supply types; the types are listed in 652 <a href="#TABLE1">Table 1</a>.</td> 653 </tr> 654 </tbody> 655 </table></div> 656 657 <h3><a name="COMMUNICATING_BACKEND">Communicating with the Backend</a></h3> 658 659 <p>Filters can communicate with the backend via the 660 <a href="#cupsBackChannelRead"><code>cupsBackChannelRead</code></a> and 661 <a href="#cupsSideChannelDoRequest"><code>cupsSideChannelDoRequest</code></a> 662 functions. The 663 <a href="#cupsBackChannelRead"><code>cupsBackChannelRead</code></a> function 664 reads data that has been sent back from the device and is typically used to 665 obtain status and configuration information. For example, the following code 666 polls the backend for back-channel data:</p> 667 668 <pre class="example"> 669 #include <cups/cups.h> 670 671 char buffer[8192]; 672 ssize_t bytes; 673 674 /* Use a timeout of 0.0 seconds to poll for back-channel data */ 675 bytes = cupsBackChannelRead(buffer, sizeof(buffer), 0.0); 676 </pre> 677 678 <p>Filters can also use <code>select()</code> or <code>poll()</code> on the 679 back-channel file descriptor (3 or <code>CUPS_BC_FD</code>) to read data only 680 when it is available.</p> 681 682 <p>The 683 <a href="#cupsSideChannelDoRequest"><code>cupsSideChannelDoRequest</code></a> 684 function allows you to get out-of-band status information and do synchronization 685 with the device. For example, the following code gets the current IEEE-1284 686 device ID string from the backend:</p> 687 688 <pre class="example"> 689 #include <cups/sidechannel.h> 690 691 char data[2049]; 692 int datalen; 693 <a href="#cups_sc_status_t">cups_sc_status_t</a> status; 694 695 /* Tell cupsSideChannelDoRequest() how big our buffer is, less 1 byte for 696 nul-termination... */ 697 datalen = sizeof(data) - 1; 698 699 /* Get the IEEE-1284 device ID, waiting for up to 1 second */ 700 status = <a href="#cupsSideChannelDoRequest">cupsSideChannelDoRequest</a>(CUPS_SC_CMD_GET_DEVICE_ID, data, &datalen, 1.0); 701 702 /* Use the returned value if OK was returned and the length is non-zero */ 703 if (status == CUPS_SC_STATUS_OK && datalen > 0) 704 data[datalen] = '\0'; 705 else 706 data[0] = '\0'; 707 </pre> 708 709 <h4><a name="DRAIN_OUTPUT">Forcing All Output to a Printer</a></h4> 710 711 <p>The 712 <a href="#cupsSideChannelDoRequest"><code>cupsSideChannelDoRequest</code></a> 713 function allows you to tell the backend to send all pending data to the printer. 714 This is most often needed when sending query commands to the printer. For example:</p> 715 716 <pre class="example"> 717 #include <cups/cups.h> 718 #include <cups/sidechannel.h> 719 720 char data[1024]; 721 int datalen = sizeof(data); 722 <a href="#cups_sc_status_t">cups_sc_status_t</a> status; 723 724 /* Flush pending output to stdout */ 725 fflush(stdout); 726 727 /* Drain output to backend, waiting for up to 30 seconds */ 728 status = <a href="#cupsSideChannelDoRequest">cupsSideChannelDoRequest</a>(CUPS_SC_CMD_DRAIN_OUTPUT, data, &datalen, 30.0); 729 730 /* Read the response if the output was sent */ 731 if (status == CUPS_SC_STATUS_OK) 732 { 733 ssize_t bytes; 734 735 /* Wait up to 10.0 seconds for back-channel data */ 736 bytes = cupsBackChannelRead(data, sizeof(data), 10.0); 737 /* do something with the data from the printer */ 738 } 739 </pre> 740 741 <h3><a name="COMMUNICATING_FILTER">Communicating with Filters</a></h3> 742 743 <p>Backends communicate with filters using the reciprocal functions 744 <a href="#cupsBackChannelWrite"><code>cupsBackChannelWrite</code></a>, 745 <a href="#cupsSideChannelRead"><code>cupsSideChannelRead</code></a>, and 746 <a href="#cupsSideChannelWrite"><code>cupsSideChannelWrite</code></a>. We 747 recommend writing back-channel data using a timeout of 1.0 seconds:</p> 748 749 <pre class="example"> 750 #include <cups/cups.h> 751 752 char buffer[8192]; 753 ssize_t bytes; 754 755 /* Obtain data from printer/device */ 756 ... 757 758 /* Use a timeout of 1.0 seconds to give filters a chance to read */ 759 cupsBackChannelWrite(buffer, bytes, 1.0); 760 </pre> 761 762 <p>The <a href="#cupsSideChannelRead"><code>cupsSideChannelRead</code></a> 763 function reads a side-channel command from a filter, driver, or port monitor. 764 Backends can either poll for commands using a <code>timeout</code> of 0.0, wait 765 indefinitely for commands using a <code>timeout</code> of -1.0 (probably in a 766 separate thread for that purpose), or use <code>select</code> or 767 <code>poll</code> on the <code>CUPS_SC_FD</code> file descriptor (4) to handle 768 input and output on several file descriptors at the same time.</p> 769 770 <p>Once a command is processed, the backend uses the 771 <a href="#cupsSideChannelWrite"><code>cupsSideChannelWrite</code></a> function 772 to send its response. For example, the following code shows how to poll for a 773 side-channel command and respond to it:</p> 774 775 <pre class="example"> 776 #include <cups/sidechannel.h> 777 778 <a href="#cups_sc_command_t">cups_sc_command_t</a> command; 779 <a href="#cups_sc_status_t">cups_sc_status_t</a> status; 780 char data[2048]; 781 int datalen = sizeof(data); 782 783 /* Poll for a command... */ 784 if (!<a href="#cupsSideChannelRead">cupsSideChannelRead</a>(&command, &status, data, &datalen, 0.0)) 785 { 786 switch (command) 787 { 788 /* handle supported commands, fill data/datalen/status with values as needed */ 789 790 default : 791 status = CUPS_SC_STATUS_NOT_IMPLEMENTED; 792 datalen = 0; 793 break; 794 } 795 796 /* Send a response... */ 797 <a href="#cupsSideChannelWrite">cupsSideChannelWrite</a>(command, status, data, datalen, 1.0); 798 } 799 </pre> 800 801 <h3><a name="SNMP">Doing SNMP Queries with Network Printers</a></h3> 802 803 <p>The Simple Network Management Protocol (SNMP) allows you to get the current 804 status, page counter, and supply levels from most network printers. Every 805 piece of information is associated with an Object Identifier (OID), and 806 every printer has a <em>community</em> name associated with it. OIDs can be 807 queried directly or by "walking" over a range of OIDs with a common prefix.</p> 808 809 <p>The two CUPS SNMP functions provide a simple API for querying network 810 printers through the side-channel interface. Each accepts a string containing 811 an OID like ".1.3.6.1.2.1.43.10.2.1.4.1.1" (the standard page counter OID) 812 along with a timeout for the query.</p> 813 814 <p>The <a href="#cupsSideChannelSNMPGet"><code>cupsSideChannelSNMPGet</code></a> 815 function queries a single OID and returns the value as a string in a buffer 816 you supply:</p> 817 818 <pre class="example"> 819 #include <cups/sidechannel.h> 820 821 char data[512]; 822 int datalen = sizeof(data); 823 824 if (<a href="#cupsSideChannelSNMPGet">cupsSideChannelSNMPGet</a>(".1.3.6.1.2.1.43.10.2.1.4.1.1", data, &datalen, 5.0) 825 == CUPS_SC_STATUS_OK) 826 { 827 /* Do something with the value */ 828 printf("Page counter is: %s\n", data); 829 } 830 </pre> 831 832 <p>The 833 <a href="#cupsSideChannelSNMPWalk"><code>cupsSideChannelSNMPWalk</code></a> 834 function allows you to query a whole group of OIDs, calling a function of your 835 choice for each OID that is found:</p> 836 837 <pre class="example"> 838 #include <cups/sidechannel.h> 839 840 void 841 my_callback(const char *oid, const char *data, int datalen, void *context) 842 { 843 /* Do something with the value */ 844 printf("%s=%s\n", oid, data); 845 } 846 847 ... 848 849 void *my_data; 850 851 <a href="#cupsSideChannelSNMPWalk">cupsSNMPSideChannelWalk</a>(".1.3.6.1.2.1.43", 5.0, my_callback, my_data); 852 </pre> 853 854 <h2><a name="SANDBOXING">Sandboxing on macOS</a></h2> 855 856 <p>Starting with macOS 10.6, filters and backends are run inside a security "sandbox" which further limits (beyond the normal UNIX user/group permissions) what a filter or backend can do. This helps to both secure the printing system from malicious software and enforce the functional separation of components in the CUPS filter chain. What follows is a list of actions that are explicitly allowed for all filters and backends:</p> 857 858 <ol> 859 860 <li>Reading of files: pursuant to normal UNIX file permissions, filters and backends can read files for the current job from the <var>/private/var/spool/cups</var> directory and other files on mounted filesystems <em>except</em> for user home directories under <var>/Users</var>.</li> 861 862 <li>Writing of files: pursuant to normal UNIX file permissions, filters and backends can read/write files to the cache directory specified by the <code>CUPS_CACHEDIR</code> environment variable, to the state directory specified by the <code>CUPS_STATEDIR</code> environment variable, to the temporary directory specified by the <code>TMPDIR</code> environment variable, and under the <var>/private/var/db</var>, <var>/private/var/folders</var>, <var>/private/var/lib</var>, <var>/private/var/mysql</var>, <var>/private/var/run</var>, <var>/private/var/spool</var> (except <var>/private/var/spool/cups</var>), <var>/Library/Application Support</var>, <var>/Library/Caches</var>, <var>/Library/Logs</var>, <var>/Library/Preferences</var>, <var>/Library/WebServer</var>, and <var>/Users/Shared</var> directories.</li> 863 864 <li>Execution of programs: pursuant to normal UNIX file permissions, filters and backends can execute any program not located under the <var>/Users</var> directory. Child processes inherit the sandbox and are subject to the same restrictions as the parent.</li> 865 866 <li>Bluetooth and USB: backends can access Bluetooth and USB printers through IOKit. <em>Filters cannot access Bluetooth and USB printers directly.</em></li> 867 868 <li>Network: filters and backends can access UNIX domain sockets under the <var>/private/tmp</var>, <var>/private/var/run</var>, and <var>/private/var/tmp</var> directories. Backends can also create IPv4 and IPv6 TCP (outgoing) and UDP (incoming and outgoing) socket, and bind to local source ports. <em>Filters cannot directly create IPv4 and IPv6 TCP or UDP sockets.</em></li> 869 870 <li>Notifications: filters and backends can send notifications via the Darwin <code>notify_post()</code> API.</li> 871 872 </ol> 873 874 <blockquote><b>Note:</b> The sandbox profile used in CUPS 2.0 still allows some actions that are not listed above - these privileges will be removed over time until the profile matches the list above.</blockquote> 875
