1<!-- 2 Filter and backend programming introduction for CUPS. 3 4 Copyright © 2007-2016 by Apple Inc. 5 Copyright © 1997-2006 by Easy Software Products, all rights reserved. 6 7 Licensed under Apache License v2.0. See the file "LICENSE" for more 8 information. 9--> 10 11<h2 class='title'><a name="OVERVIEW">Overview</a></h2> 12 13<p>Filters (which include printer drivers and port monitors) and backends 14are used to convert job files to a printable format and send that data to the 15printer itself. All of these programs use a common interface for processing 16print jobs and communicating status information to the scheduler. Each is run 17with a standard set of command-line arguments:<p> 18 19<dl class="code"> 20 21 <dt>argv[1]</dt> 22 <dd>The job ID</dd> 23 24 <dt>argv[2]</dt> 25 <dd>The user printing the job</dd> 26 27 <dt>argv[3]</dt> 28 <dd>The job name/title</dd> 29 30 <dt>argv[4]</dt> 31 <dd>The number of copies to print</dd> 32 33 <dt>argv[5]</dt> 34 <dd>The options that were provided when the job was submitted</dd> 35 36 <dt>argv[6]</dt> 37 <dd>The file to print (first program only)</dd> 38</dl> 39 40<p>The scheduler runs one or more of these programs to print any given job. The 41first filter reads from the print file and writes to the standard output, while 42the remaining filters read from the standard input and write to the standard 43output. The backend is the last filter in the chain and writes to the 44device.</p> 45 46<p>Filters are always run as a non-privileged user, typically "lp", with no 47connection to the user's desktop. Backends are run either as a non-privileged 48user or as root if the file permissions do not allow user or group execution. 49The <a href="#PERMISSIONS">file permissions</a> section talks about this in 50more detail.</p> 51 52<h3><a name="SECURITY">Security Considerations</a></h3> 53 54<p>It is always important to use security programming practices. Filters and 55most backends are run as a non-privileged user, so the major security 56consideration is resource utilization - filters should not depend on unlimited 57amounts of CPU, memory, or disk space, and should protect against conditions 58that could lead to excess usage of any resource like infinite loops and 59unbounded recursion. In addition, filters must <em>never</em> allow the user to 60specify an arbitrary file path to a separator page, template, or other file 61used by the filter since that can lead to an unauthorized disclosure of 62information. <em>Always</em> treat input as suspect and validate it!</p> 63 64<p>If you are developing a backend that runs as root, make sure to check for 65potential buffer overflows, integer under/overflow conditions, and file 66accesses since these can lead to privilege escalations. When writing files, 67always validate the file path and <em>never</em> allow a user to determine 68where to store a file.</p> 69 70<blockquote><b>Note:</b> 71 72<p><em>Never</em> write files to a user's home directory. Aside from the 73security implications, CUPS is a network print service and as such the network 74user may not be the same as the local user and/or there may not be a local home 75directory to write to.</p> 76 77<p>In addition, some operating systems provide additional security mechanisms 78that further limit file system access, even for backends running as root. On 79macOS, for example, no backend may write to a user's home directory. See the <a href="#SANDBOXING">Sandboxing on macOS</a> section for more information.</p> 80</blockquote> 81 82<h3><a name="SIGNALS">Canceled Jobs and Signal Handling</a></h3> 83 84<p>The scheduler sends <code>SIGTERM</code> when a printing job is canceled or 85held. Filters, backends, and port monitors <em>must</em> catch 86<code>SIGTERM</code> and perform any cleanup necessary to produce a valid output 87file or return the printer to a known good state. The recommended behavior is to 88end the output on the current page, preferably on the current line or object 89being printed.</p> 90 91<p>Filters and backends may also receive <code>SIGPIPE</code> when an upstream or downstream filter/backend exits with a non-zero status. Developers should generally ignore <code>SIGPIPE</code> at the beginning of <code>main()</code> with the following function call:</p> 92 93<pre class="example"> 94#include <signal.h> 95 96... 97 98int 99main(int argc, char *argv[]) 100{ 101 signal(SIGPIPE, SIG_IGN); 102 103 ... 104} 105</pre> 106 107<h3><a name="PERMISSIONS">File Permissions</a></h3> 108 109<p>For security reasons, CUPS will only run filters and backends that are owned 110by root and do not have world or group write permissions. The recommended 111permissions for filters and backends are 0555 - read and execute but no write. 112Backends that must run as root should use permissions of 0500 - read and execute 113by root, no access for other users. Write permissions can be enabled for the 114root user only.</p> 115 116<p>To avoid a warning message, the directory containing your filter(s) must also 117be owned by root and have world and group write disabled - permissions of 0755 118or 0555 are strongly encouraged.</p> 119 120<h3><a name="TEMPFILES">Temporary Files</a></h3> 121 122<p>Temporary files should be created in the directory specified by the 123"TMPDIR" environment variable. The 124<a href="#cupsTempFile2"><code>cupsTempFile2</code></a> function can be 125used to safely create temporary files in this directory.</p> 126 127<h3><a name="COPIES">Copy Generation</a></h3> 128 129<p>The <code>argv[4]</code> argument specifies the number of copies to produce 130of the input file. In general, you should only generate copies if the 131<em>filename</em> argument is supplied. The only exception to this are 132filters that produce device-independent PostScript output, since the PostScript 133filter <var>pstops</var> is responsible for generating copies of PostScript 134files.</p> 135 136<h3><a name="EXITCODES">Exit Codes</a></h3> 137 138<p>Filters must exit with status 0 when they successfully generate print data 139or 1 when they encounter an error. Backends can return any of the 140<a href="#cups_backend_t"><code>cups_backend_t</code></a> constants.</p> 141 142<h3><a name="ENVIRONMENT">Environment Variables</a></h3> 143 144<p>The following environment variables are defined by the printing system 145when running print filters and backends:</p> 146 147<dl class="code"> 148 149 <dt>APPLE_LANGUAGE</dt> 150 <dd>The Apple language identifier associated with the job 151 (macOS only).</dd> 152 153 <dt>CHARSET</dt> 154 <dd>The job character set, typically "utf-8".</dd> 155 156 <dt>CLASS</dt> 157 <dd>When a job is submitted to a printer class, contains the name of 158 the destination printer class. Otherwise this environment 159 variable will not be set.</dd> 160 161 <dt>CONTENT_TYPE</dt> 162 <dd>The MIME type associated with the file (e.g. 163 application/postscript).</dd> 164 165 <dt>CUPS_CACHEDIR</dt> 166 <dd>The directory where cache files can be stored. Cache files can be 167 used to retain information between jobs or files in a job.</dd> 168 169 <dt>CUPS_DATADIR</dt> 170 <dd>The directory where (read-only) CUPS data files can be found.</dd> 171 172 <dt>CUPS_FILETYPE</dt> 173 <dd>The type of file being printed: "job-sheet" for a banner page and 174 "document" for a regular print file.</dd> 175 176 <dt>CUPS_SERVERROOT</dt> 177 <dd>The root directory of the server.</dd> 178 179 <dt>DEVICE_URI</dt> 180 <dd>The device-uri associated with the printer.</dd> 181 182 <dt>FINAL_CONTENT_TYPE</dt> 183 <dd>The MIME type associated with the printer (e.g. 184 application/vnd.cups-postscript).</dd> 185 186 <dt>LANG</dt> 187 <dd>The language locale associated with the job.</dd> 188 189 <dt>PPD</dt> 190 <dd>The full pathname of the PostScript Printer Description (PPD) 191 file for this printer.</dd> 192 193 <dt>PRINTER</dt> 194 <dd>The queue name of the class or printer.</dd> 195 196 <dt>RIP_CACHE</dt> 197 <dd>The recommended amount of memory to use for Raster Image 198 Processors (RIPs).</dd> 199 200 <dt>TMPDIR</dt> 201 <dd>The directory where temporary files should be created.</dd> 202 203</dl> 204 205<h3><a name="MESSAGES">Communicating with the Scheduler</a></h3> 206 207<p>Filters and backends communicate with the scheduler by writing messages 208to the standard error file. The scheduler reads messages from all filters in 209a job and processes the message based on its prefix. For example, the following 210code sets the current printer state message to "Printing page 5":</p> 211 212<pre class="example"> 213int page = 5; 214 215fprintf(stderr, "INFO: Printing page %d\n", page); 216</pre> 217 218<p>Each message is a single line of text starting with one of the following 219prefix strings:</p> 220 221<dl class="code"> 222 223 <dt>ALERT: message</dt> 224 <dd>Sets the printer-state-message attribute and adds the specified 225 message to the current error log file using the "alert" log level.</dd> 226 227 <dt>ATTR: attribute=value [attribute=value]</dt> 228 <dd>Sets the named printer or job attribute(s). Typically this is used 229 to set the <code>marker-colors</code>, <code>marker-high-levels</code>, 230 <code>marker-levels</code>, <code>marker-low-levels</code>, 231 <code>marker-message</code>, <code>marker-names</code>, 232 <code>marker-types</code>, <code>printer-alert</code>, and 233 <code>printer-alert-description</code> printer attributes. Standard 234 <code>marker-types</code> values are listed in <a href='#TABLE1'>Table 235 1</a>. String values need special handling - see <a href="#ATTR_STRINGS">Reporting Attribute String Values</a> below.</dd> 236 237 <dt>CRIT: message</dt> 238 <dd>Sets the printer-state-message attribute and adds the specified 239 message to the current error log file using the "critical" log 240 level.</dd> 241 242 <dt>DEBUG: message</dt> 243 <dd>Sets the printer-state-message attribute and adds the specified 244 message to the current error log file using the "debug" log level.</dd> 245 246 <dt>DEBUG2: message</dt> 247 <dd>Sets the printer-state-message attribute and adds the specified 248 message to the current error log file using the "debug2" log level.</dd> 249 250 <dt>EMERG: message</dt> 251 <dd>Sets the printer-state-message attribute and adds the specified 252 message to the current error log file using the "emergency" log 253 level.</dd> 254 255 <dt>ERROR: message</dt> 256 <dd>Sets the printer-state-message attribute and adds the specified 257 message to the current error log file using the "error" log level. 258 Use "ERROR:" messages for non-persistent processing errors.</dd> 259 260 <dt>INFO: message</dt> 261 <dd>Sets the printer-state-message attribute. If the current log level 262 is set to "debug2", also adds the specified message to the current error 263 log file using the "info" log level.</dd> 264 265 <dt>NOTICE: message</dt> 266 <dd>Sets the printer-state-message attribute and adds the specified 267 message to the current error log file using the "notice" log level.</dd> 268 269 <dt>PAGE: page-number #-copies</dt> 270 <dt>PAGE: total #-pages</dt> 271 <dd>Adds an entry to the current page log file. The first form adds 272 #-copies to the job-media-sheets-completed attribute. The second 273 form sets the job-media-sheets-completed attribute to #-pages.</dd> 274 275 <dt>PPD: keyword=value [keyword=value ...]</dt> 276 <dd>Changes or adds keywords to the printer's PPD file. Typically 277 this is used to update installable options or default media settings 278 based on the printer configuration.</dd> 279 280 <dt>STATE: + printer-state-reason [printer-state-reason ...]</dt> 281 <dt>STATE: - printer-state-reason [printer-state-reason ...]</dt> 282 <dd>Sets or clears printer-state-reason keywords for the current queue. 283 Typically this is used to indicate persistent media, ink, toner, and 284 configuration conditions or errors on a printer. 285 <a href='#TABLE2'>Table 2</a> lists some of the standard "printer-state-reasons" keywords from the <a href="http://www.iana.org/assignments/ipp-registrations/ipp-registrations.xhtml#ipp-registrations-4">IANA IPP Registry</a> - 286 use vendor-prefixed ("com.example.foo") keywords for custom states. See 287 <a href="#MANAGING_STATE">Managing Printer State in a Filter</a> for more 288 information. 289 290 <dt>WARNING: message</dt> 291 <dd>Sets the printer-state-message attribute and adds the specified 292 message to the current error log file using the "warning" log 293 level.</dd> 294 295</dl> 296 297<p>Messages without one of these prefixes are treated as if they began with 298the "DEBUG:" prefix string.</p> 299 300<div class='table'><table width='80%' summary='Table 1: Standard marker-types Values'> 301<caption>Table 1: <a name='TABLE1'>Standard marker-types Values</a></caption> 302<thead> 303<tr> 304 <th>marker-type</th> 305 <th>Description</th> 306</tr> 307</thead> 308<tbody> 309<tr> 310 <td>developer</td> 311 <td>Developer unit</td> 312</tr> 313<tr> 314 <td>fuser</td> 315 <td>Fuser unit</td> 316</tr> 317<tr> 318 <td>fuser-cleaning-pad</td> 319 <td>Fuser cleaning pad</td> 320</tr> 321<tr> 322 <td>fuser-oil</td> 323 <td>Fuser oil</td> 324</tr> 325<tr> 326 <td>ink</td> 327 <td>Ink supply</td> 328</tr> 329<tr> 330 <td>opc</td> 331 <td>Photo conductor</td> 332</tr> 333<tr> 334 <td>solid-wax</td> 335 <td>Wax supply</td> 336</tr> 337<tr> 338 <td>staples</td> 339 <td>Staple supply</td> 340</tr> 341<tr> 342 <td>toner</td> 343 <td>Toner supply</td> 344</tr> 345<tr> 346 <td>transfer-unit</td> 347 <td>Transfer unit</td> 348</tr> 349<tr> 350 <td>waste-ink</td> 351 <td>Waste ink tank</td> 352</tr> 353<tr> 354 <td>waste-toner</td> 355 <td>Waste toner tank</td> 356</tr> 357<tr> 358 <td>waste-wax</td> 359 <td>Waste wax tank</td> 360</tr> 361</tbody> 362</table></div> 363 364<br> 365 366<div class='table'><table width='80%' summary='Table 2: Standard State Keywords'> 367<caption>Table 2: <a name='TABLE2'>Standard State Keywords</a></caption> 368<thead> 369<tr> 370 <th>Keyword</th> 371 <th>Description</th> 372</tr> 373</thead> 374<tbody> 375<tr> 376 <td>connecting-to-device</td> 377 <td>Connecting to printer but not printing yet.</td> 378</tr> 379<tr> 380 <td>cover-open</td> 381 <td>The printer's cover is open.</td> 382</tr> 383<tr> 384 <td>input-tray-missing</td> 385 <td>The paper tray is missing.</td> 386</tr> 387<tr> 388 <td>marker-supply-empty</td> 389 <td>The printer is out of ink.</td> 390</tr> 391<tr> 392 <td>marker-supply-low</td> 393 <td>The printer is almost out of ink.</td> 394</tr> 395<tr> 396 <td>marker-waste-almost-full</td> 397 <td>The printer's waste bin is almost full.</td> 398</tr> 399<tr> 400 <td>marker-waste-full</td> 401 <td>The printer's waste bin is full.</td> 402</tr> 403<tr> 404 <td>media-empty</td> 405 <td>The paper tray (any paper tray) is empty.</td> 406</tr> 407<tr> 408 <td>media-jam</td> 409 <td>There is a paper jam.</td> 410</tr> 411<tr> 412 <td>media-low</td> 413 <td>The paper tray (any paper tray) is almost empty.</td> 414</tr> 415<tr> 416 <td>media-needed</td> 417 <td>The paper tray needs to be filled (for a job that is printing).</td> 418</tr> 419<tr> 420 <td>paused</td> 421 <td>Stop the printer.</td> 422</tr> 423<tr> 424 <td>timed-out</td> 425 <td>Unable to connect to printer.</td> 426</tr> 427<tr> 428 <td>toner-empty</td> 429 <td>The printer is out of toner.</td> 430</tr> 431<tr> 432 <td>toner-low</td> 433 <td>The printer is low on toner.</td> 434</tr> 435</tbody> 436</table></div> 437 438 439<h4><a name="ATTR_STRINGS">Reporting Attribute String Values</a></h4> 440 441<p>When reporting string values using "ATTR:" messages, a filter or backend must take special care to appropriately quote those values. The scheduler uses the CUPS option parsing code for attributes, so the general syntax is:</p> 442 443<pre class="example"> 444name=simple 445name=simple,simple,... 446name='complex value' 447name="complex value" 448name='"complex value"','"complex value"',... 449</pre> 450 451<p>Simple values are strings that do not contain spaces, quotes, backslashes, or the comma and can be placed verbatim in the "ATTR:" message, for example:</p> 452 453<pre class="example"> 454int levels[4] = { 40, 50, 60, 70 }; /* CMYK */ 455 456fputs("ATTR: marker-colors=#00FFFF,#FF00FF,#FFFF00,#000000\n", stderr); 457fputs("ATTR: marker-high-levels=100,100,100,100\n", stderr); 458fprintf(stderr, "ATTR: marker-levels=%d,%d,%d,%d\n", levels[0], levels[1], 459 levels[2], levels[3], levels[4]); 460fputs("ATTR: marker-low-levels=5,5,5,5\n", stderr); 461fputs("ATTR: marker-types=toner,toner,toner,toner\n", stderr); 462</pre> 463 464<p>Complex values that contains spaces, quotes, backslashes, or the comma must be quoted. For a single value a single set of quotes is sufficient:</p> 465 466<pre class="example"> 467fputs("ATTR: marker-message='Levels shown are approximate.'\n", stderr); 468</pre> 469 470<p>When multiple values are reported, each value must be enclosed by a set of single and double quotes:</p> 471 472<pre class="example"> 473fputs("ATTR: marker-names='\"Cyan Toner\"','\"Magenta Toner\"'," 474 "'\"Yellow Toner\"','\"Black Toner\"'\n", stderr); 475</pre> 476 477<p>The IPP backend includes a <var>quote_string</var> function that may be used to properly quote a complex value in an "ATTR:" message:</p> 478 479<pre class="example"> 480static const char * /* O - Quoted string */ 481quote_string(const char *s, /* I - String */ 482 char *q, /* I - Quoted string buffer */ 483 size_t qsize) /* I - Size of quoted string buffer */ 484{ 485 char *qptr, /* Pointer into string buffer */ 486 *qend; /* End of string buffer */ 487 488 489 qptr = q; 490 qend = q + qsize - 5; 491 492 if (qend < q) 493 { 494 *q = '\0'; 495 return (q); 496 } 497 498 *qptr++ = '\''; 499 *qptr++ = '\"'; 500 501 while (*s && qptr < qend) 502 { 503 if (*s == '\\' || *s == '\"' || *s == '\'') 504 { 505 if (qptr < (qend - 4)) 506 { 507 *qptr++ = '\\'; 508 *qptr++ = '\\'; 509 *qptr++ = '\\'; 510 } 511 else 512 break; 513 } 514 515 *qptr++ = *s++; 516 } 517 518 *qptr++ = '\"'; 519 *qptr++ = '\''; 520 *qptr = '\0'; 521 522 return (q); 523} 524</pre> 525 526 527<h4><a name="MANAGING_STATE">Managing Printer State in a Filter</a></h4> 528 529<p>Filters are responsible for managing the state keywords they set using 530"STATE:" messages. Typically you will update <em>all</em> of the keywords that 531are used by the filter at startup, for example:</p> 532 533<pre class="example"> 534if (foo_condition != 0) 535 fputs("STATE: +com.example.foo\n", stderr); 536else 537 fputs("STATE: -com.example.foo\n", stderr); 538 539if (bar_condition != 0) 540 fputs("STATE: +com.example.bar\n", stderr); 541else 542 fputs("STATE: -com.example.bar\n", stderr); 543</pre> 544 545<p>Then as conditions change, your filter sends "STATE: +keyword" or "STATE: 546-keyword" messages as necessary to set or clear the corresponding keyword, 547respectively.</p> 548 549<p>State keywords are often used to notify the user of issues that span across 550jobs, for example "media-empty-warning" that indicates one or more paper trays 551are empty. These keywords should not be cleared unless the corresponding issue 552no longer exists.</p> 553 554<p>Filters should clear job-related keywords on startup and exit so that they 555do not remain set between jobs. For example, "connecting-to-device" is a job 556sub-state and not an issue that applies when a job is not printing.</p> 557 558<blockquote><b>Note:</b> 559 560<p>"STATE:" messages often provide visible alerts to the user. For example, 561on macOS setting a printer-state-reason value with an "-error" or 562"-warning" suffix will cause the printer's dock item to bounce if the 563corresponding reason is localized with a cupsIPPReason keyword in the 564printer's PPD file.</p> 565 566<p>When providing a vendor-prefixed keyword, <em>always</em> provide the 567corresponding standard keyword (if any) to allow clients to respond to the 568condition correctly. For example, if you provide a vendor-prefixed keyword 569for a low cyan ink condition ("com.example.cyan-ink-low") you must also set the 570"marker-supply-low-warning" keyword. In such cases you should also refrain 571from localizing the vendor-prefixed keyword in the PPD file - otherwise both 572the generic and vendor-specific keyword will be shown in the user 573interface.</p> 574 575</blockquote> 576 577<h4><a name="REPORTING_SUPPLIES">Reporting Supply Levels</a></h4> 578 579<p>CUPS tracks several "marker-*" attributes for ink/toner supply level 580reporting. These attributes allow applications to display the current supply 581levels for a printer without printer-specific software. <a href="#TABLE3">Table 3</a> lists the marker attributes and what they represent.</p> 582 583<p>Filters set marker attributes by sending "ATTR:" messages to stderr. For 584example, a filter supporting an inkjet printer with black and tri-color ink 585cartridges would use the following to initialize the supply attributes:</p> 586 587<pre class="example"> 588fputs("ATTR: marker-colors=#000000,#00FFFF#FF00FF#FFFF00\n", stderr); 589fputs("ATTR: marker-low-levels=5,10\n", stderr); 590fputs("ATTR: marker-names=Black,Tri-Color\n", stderr); 591fputs("ATTR: marker-types=ink,ink\n", stderr); 592</pre> 593 594<p>Then periodically the filter queries the printer for its current supply 595levels and updates them with a separate "ATTR:" message:</p> 596 597<pre class="example"> 598int black_level, tri_level; 599... 600fprintf(stderr, "ATTR: marker-levels=%d,%d\n", black_level, tri_level); 601</pre> 602 603<div class='table'><table width='80%' summary='Table 3: Supply Level Attributes'> 604<caption>Table 3: <a name='TABLE3'>Supply Level Attributes</a></caption> 605<thead> 606<tr> 607 <th>Attribute</th> 608 <th>Description</th> 609</tr> 610</thead> 611<tbody> 612<tr> 613 <td>marker-colors</td> 614 <td>A list of comma-separated colors; each color is either "none" or one or 615 more hex-encoded sRGB colors of the form "#RRGGBB".</td> 616</tr> 617<tr> 618 <td>marker-high-levels</td> 619 <td>A list of comma-separated "almost full" level values from 0 to 100; a 620 value of 100 should be used for supplies that are consumed/emptied like ink 621 cartridges.</td> 622</tr> 623<tr> 624 <td>marker-levels</td> 625 <td>A list of comma-separated level values for each supply. A value of -1 626 indicates the level is unavailable, -2 indicates unknown, and -3 indicates 627 the level is unknown but has not yet reached capacity. Values from 0 to 100 628 indicate the corresponding percentage.</td> 629</tr> 630<tr> 631 <td>marker-low-levels</td> 632 <td>A list of comma-separated "almost empty" level values from 0 to 100; a 633 value of 0 should be used for supplies that are filled like waste ink 634 tanks.</td> 635</tr> 636<tr> 637 <td>marker-message</td> 638 <td>A human-readable supply status message for the user like "12 pages of 639 ink remaining."</td> 640</tr> 641<tr> 642 <td>marker-names</td> 643 <td>A list of comma-separated supply names like "Cyan Ink", "Fuser", 644 etc.</td> 645</tr> 646<tr> 647 <td>marker-types</td> 648 <td>A list of comma-separated supply types; the types are listed in 649 <a href="#TABLE1">Table 1</a>.</td> 650</tr> 651</tbody> 652</table></div> 653 654<h3><a name="COMMUNICATING_BACKEND">Communicating with the Backend</a></h3> 655 656<p>Filters can communicate with the backend via the 657<a href="#cupsBackChannelRead"><code>cupsBackChannelRead</code></a> and 658<a href="#cupsSideChannelDoRequest"><code>cupsSideChannelDoRequest</code></a> 659functions. The 660<a href="#cupsBackChannelRead"><code>cupsBackChannelRead</code></a> function 661reads data that has been sent back from the device and is typically used to 662obtain status and configuration information. For example, the following code 663polls the backend for back-channel data:</p> 664 665<pre class="example"> 666#include <cups/cups.h> 667 668char buffer[8192]; 669ssize_t bytes; 670 671/* Use a timeout of 0.0 seconds to poll for back-channel data */ 672bytes = cupsBackChannelRead(buffer, sizeof(buffer), 0.0); 673</pre> 674 675<p>Filters can also use <code>select()</code> or <code>poll()</code> on the 676back-channel file descriptor (3 or <code>CUPS_BC_FD</code>) to read data only 677when it is available.</p> 678 679<p>The 680<a href="#cupsSideChannelDoRequest"><code>cupsSideChannelDoRequest</code></a> 681function allows you to get out-of-band status information and do synchronization 682with the device. For example, the following code gets the current IEEE-1284 683device ID string from the backend:</p> 684 685<pre class="example"> 686#include <cups/sidechannel.h> 687 688char data[2049]; 689int datalen; 690<a href="#cups_sc_status_t">cups_sc_status_t</a> status; 691 692/* Tell cupsSideChannelDoRequest() how big our buffer is, less 1 byte for 693 nul-termination... */ 694datalen = sizeof(data) - 1; 695 696/* Get the IEEE-1284 device ID, waiting for up to 1 second */ 697status = <a href="#cupsSideChannelDoRequest">cupsSideChannelDoRequest</a>(CUPS_SC_CMD_GET_DEVICE_ID, data, &datalen, 1.0); 698 699/* Use the returned value if OK was returned and the length is non-zero */ 700if (status == CUPS_SC_STATUS_OK && datalen > 0) 701 data[datalen] = '\0'; 702else 703 data[0] = '\0'; 704</pre> 705 706<h4><a name="DRAIN_OUTPUT">Forcing All Output to a Printer</a></h4> 707 708<p>The 709<a href="#cupsSideChannelDoRequest"><code>cupsSideChannelDoRequest</code></a> 710function allows you to tell the backend to send all pending data to the printer. 711This is most often needed when sending query commands to the printer. For example:</p> 712 713<pre class="example"> 714#include <cups/cups.h> 715#include <cups/sidechannel.h> 716 717char data[1024]; 718int datalen = sizeof(data); 719<a href="#cups_sc_status_t">cups_sc_status_t</a> status; 720 721/* Flush pending output to stdout */ 722fflush(stdout); 723 724/* Drain output to backend, waiting for up to 30 seconds */ 725status = <a href="#cupsSideChannelDoRequest">cupsSideChannelDoRequest</a>(CUPS_SC_CMD_DRAIN_OUTPUT, data, &datalen, 30.0); 726 727/* Read the response if the output was sent */ 728if (status == CUPS_SC_STATUS_OK) 729{ 730 ssize_t bytes; 731 732 /* Wait up to 10.0 seconds for back-channel data */ 733 bytes = cupsBackChannelRead(data, sizeof(data), 10.0); 734 /* do something with the data from the printer */ 735} 736</pre> 737 738<h3><a name="COMMUNICATING_FILTER">Communicating with Filters</a></h3> 739 740<p>Backends communicate with filters using the reciprocal functions 741<a href="#cupsBackChannelWrite"><code>cupsBackChannelWrite</code></a>, 742<a href="#cupsSideChannelRead"><code>cupsSideChannelRead</code></a>, and 743<a href="#cupsSideChannelWrite"><code>cupsSideChannelWrite</code></a>. We 744recommend writing back-channel data using a timeout of 1.0 seconds:</p> 745 746<pre class="example"> 747#include <cups/cups.h> 748 749char buffer[8192]; 750ssize_t bytes; 751 752/* Obtain data from printer/device */ 753... 754 755/* Use a timeout of 1.0 seconds to give filters a chance to read */ 756cupsBackChannelWrite(buffer, bytes, 1.0); 757</pre> 758 759<p>The <a href="#cupsSideChannelRead"><code>cupsSideChannelRead</code></a> 760function reads a side-channel command from a filter, driver, or port monitor. 761Backends can either poll for commands using a <code>timeout</code> of 0.0, wait 762indefinitely for commands using a <code>timeout</code> of -1.0 (probably in a 763separate thread for that purpose), or use <code>select</code> or 764<code>poll</code> on the <code>CUPS_SC_FD</code> file descriptor (4) to handle 765input and output on several file descriptors at the same time.</p> 766 767<p>Once a command is processed, the backend uses the 768<a href="#cupsSideChannelWrite"><code>cupsSideChannelWrite</code></a> function 769to send its response. For example, the following code shows how to poll for a 770side-channel command and respond to it:</p> 771 772<pre class="example"> 773#include <cups/sidechannel.h> 774 775<a href="#cups_sc_command_t">cups_sc_command_t</a> command; 776<a href="#cups_sc_status_t">cups_sc_status_t</a> status; 777char data[2048]; 778int datalen = sizeof(data); 779 780/* Poll for a command... */ 781if (!<a href="#cupsSideChannelRead">cupsSideChannelRead</a>(&command, &status, data, &datalen, 0.0)) 782{ 783 switch (command) 784 { 785 /* handle supported commands, fill data/datalen/status with values as needed */ 786 787 default : 788 status = CUPS_SC_STATUS_NOT_IMPLEMENTED; 789 datalen = 0; 790 break; 791 } 792 793 /* Send a response... */ 794 <a href="#cupsSideChannelWrite">cupsSideChannelWrite</a>(command, status, data, datalen, 1.0); 795} 796</pre> 797 798<h3><a name="SNMP">Doing SNMP Queries with Network Printers</a></h3> 799 800<p>The Simple Network Management Protocol (SNMP) allows you to get the current 801status, page counter, and supply levels from most network printers. Every 802piece of information is associated with an Object Identifier (OID), and 803every printer has a <em>community</em> name associated with it. OIDs can be 804queried directly or by "walking" over a range of OIDs with a common prefix.</p> 805 806<p>The two CUPS SNMP functions provide a simple API for querying network 807printers through the side-channel interface. Each accepts a string containing 808an OID like ".1.3.6.1.2.1.43.10.2.1.4.1.1" (the standard page counter OID) 809along with a timeout for the query.</p> 810 811<p>The <a href="#cupsSideChannelSNMPGet"><code>cupsSideChannelSNMPGet</code></a> 812function queries a single OID and returns the value as a string in a buffer 813you supply:</p> 814 815<pre class="example"> 816#include <cups/sidechannel.h> 817 818char data[512]; 819int datalen = sizeof(data); 820 821if (<a href="#cupsSideChannelSNMPGet">cupsSideChannelSNMPGet</a>(".1.3.6.1.2.1.43.10.2.1.4.1.1", data, &datalen, 5.0) 822 == CUPS_SC_STATUS_OK) 823{ 824 /* Do something with the value */ 825 printf("Page counter is: %s\n", data); 826} 827</pre> 828 829<p>The 830<a href="#cupsSideChannelSNMPWalk"><code>cupsSideChannelSNMPWalk</code></a> 831function allows you to query a whole group of OIDs, calling a function of your 832choice for each OID that is found:</p> 833 834<pre class="example"> 835#include <cups/sidechannel.h> 836 837void 838my_callback(const char *oid, const char *data, int datalen, void *context) 839{ 840 /* Do something with the value */ 841 printf("%s=%s\n", oid, data); 842} 843 844... 845 846void *my_data; 847 848<a href="#cupsSideChannelSNMPWalk">cupsSNMPSideChannelWalk</a>(".1.3.6.1.2.1.43", 5.0, my_callback, my_data); 849</pre> 850 851<h2><a name="SANDBOXING">Sandboxing on macOS</a></h2> 852 853<p>Starting with macOS 10.6, filters and backends are run inside a security "sandbox" which further limits (beyond the normal UNIX user/group permissions) what a filter or backend can do. This helps to both secure the printing system from malicious software and enforce the functional separation of components in the CUPS filter chain. What follows is a list of actions that are explicitly allowed for all filters and backends:</p> 854 855<ol> 856 857 <li>Reading of files: pursuant to normal UNIX file permissions, filters and backends can read files for the current job from the <var>/private/var/spool/cups</var> directory and other files on mounted filesystems <em>except</em> for user home directories under <var>/Users</var>.</li> 858 859 <li>Writing of files: pursuant to normal UNIX file permissions, filters and backends can read/write files to the cache directory specified by the <code>CUPS_CACHEDIR</code> environment variable, to the state directory specified by the <code>CUPS_STATEDIR</code> environment variable, to the temporary directory specified by the <code>TMPDIR</code> environment variable, and under the <var>/private/var/db</var>, <var>/private/var/folders</var>, <var>/private/var/lib</var>, <var>/private/var/mysql</var>, <var>/private/var/run</var>, <var>/private/var/spool</var> (except <var>/private/var/spool/cups</var>), <var>/Library/Application Support</var>, <var>/Library/Caches</var>, <var>/Library/Logs</var>, <var>/Library/Preferences</var>, <var>/Library/WebServer</var>, and <var>/Users/Shared</var> directories.</li> 860 861 <li>Execution of programs: pursuant to normal UNIX file permissions, filters and backends can execute any program not located under the <var>/Users</var> directory. Child processes inherit the sandbox and are subject to the same restrictions as the parent.</li> 862 863 <li>Bluetooth and USB: backends can access Bluetooth and USB printers through IOKit. <em>Filters cannot access Bluetooth and USB printers directly.</em></li> 864 865 <li>Network: filters and backends can access UNIX domain sockets under the <var>/private/tmp</var>, <var>/private/var/run</var>, and <var>/private/var/tmp</var> directories. Backends can also create IPv4 and IPv6 TCP (outgoing) and UDP (incoming and outgoing) socket, and bind to local source ports. <em>Filters cannot directly create IPv4 and IPv6 TCP or UDP sockets.</em></li> 866 867 <li>Notifications: filters and backends can send notifications via the Darwin <code>notify_post()</code> API.</li> 868 869</ol> 870 871<blockquote><b>Note:</b> 872 873<p>The sandbox profile used in CUPS still allows some actions that are not listed above - these privileges will be removed over time until the profile matches the list above.</p> 874</blockquote> 875