Annotation of src/usr.bin/at/at.c, Revision 1.35
1.35 ! millert 1: /* $OpenBSD: at.c,v 1.34 2003/02/18 02:25:39 millert Exp $ */
1.1 deraadt 2:
3: /*
1.7 millert 4: * at.c : Put file into atrun queue
5: * Copyright (C) 1993, 1994 Thomas Koenig
1.1 deraadt 6: *
1.7 millert 7: * Atrun & Atq modifications
8: * Copyright (C) 1993 David Parsons
1.1 deraadt 9: *
1.29 millert 10: * Traditional BSD behavior and other significant modifications
1.35 ! millert 11: * Copyright (C) 2002-2003 Todd C. Miller
1.29 millert 12: *
1.1 deraadt 13: * Redistribution and use in source and binary forms, with or without
14: * modification, are permitted provided that the following conditions
15: * are met:
16: * 1. Redistributions of source code must retain the above copyright
17: * notice, this list of conditions and the following disclaimer.
18: * 2. The name of the author(s) may not be used to endorse or promote
19: * products derived from this software without specific prior written
20: * permission.
21: *
22: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
23: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1.7 millert 25: * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
1.1 deraadt 26: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29: * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32: */
33:
1.35 ! millert 34: #define MAIN_PROGRAM
1.1 deraadt 35:
1.35 ! millert 36: #include "cron.h"
1.1 deraadt 37: #include "at.h"
38: #include "privs.h"
1.35 ! millert 39: #include <limits.h>
1.1 deraadt 40:
41: #define ALARMC 10 /* Number of seconds to wait for timeout */
1.29 millert 42: #define TIMESIZE 50 /* Size of buffer passed to strftime() */
1.1 deraadt 43:
44: #ifndef lint
1.35 ! millert 45: static const char rcsid[] = "$OpenBSD: at.c,v 1.34 2003/02/18 02:25:39 millert Exp $";
1.1 deraadt 46: #endif
47:
1.29 millert 48: /* Variables to remove from the job's environment. */
1.1 deraadt 49: char *no_export[] =
50: {
1.28 millert 51: "TERM", "TERMCAP", "DISPLAY", "_", "SHELLOPTS", "BASH_VERSINFO",
52: "EUID", "GROUPS", "PPID", "UID", "SSH_AUTH_SOCK", "SSH_AGENT_PID",
1.1 deraadt 53: };
1.7 millert 54:
1.27 millert 55: int program = AT; /* default program mode */
1.35 ! millert 56: char atfile[MAX_FNAME]; /* path to the at spool file */
1.29 millert 57: int fcreated; /* whether or not we created the file yet */
58: char *atinput = NULL; /* where to get input from */
1.1 deraadt 59: char atqueue = 0; /* which queue to examine for jobs (atq) */
1.29 millert 60: char vflag = 0; /* show completed but unremoved jobs (atq) */
61: char force = 0; /* suppress errors (atrm) */
62: char interactive = 0; /* interactive mode (atrm) */
63: static int send_mail = 0; /* whether we are sending mail */
1.7 millert 64:
1.21 millert 65: static void sigc(int);
66: static void alarmc(int);
1.35 ! millert 67: static void writefile(const char *, time_t, char);
1.29 millert 68: static void list_jobs(int, char **, int, int);
1.25 millert 69: static time_t ttime(const char *);
1.35 ! millert 70: static int check_permission(void);
! 71: static void panic(const char *);
! 72: static void perr(const char *);
! 73: static void perr2(const char *, const char *);
! 74: static void usage(void);
! 75: time_t parsetime(int, char **);
! 76:
! 77: /*
! 78: * Something fatal has happened, print error message and exit.
! 79: */
! 80: static __dead void
! 81: panic(const char *a)
! 82: {
! 83: (void)fprintf(stderr, "%s: %s\n", ProgramName, a);
! 84: if (fcreated) {
! 85: PRIV_START;
! 86: unlink(atfile);
! 87: PRIV_END;
! 88: }
! 89:
! 90: exit(ERROR_EXIT);
! 91: }
! 92:
! 93: /*
! 94: * Two-parameter version of panic().
! 95: */
! 96: static __dead void
! 97: panic2(const char *a, const char *b)
! 98: {
! 99: (void)fprintf(stderr, "%s: %s%s\n", ProgramName, a, b);
! 100: if (fcreated) {
! 101: PRIV_START;
! 102: unlink(atfile);
! 103: PRIV_END;
! 104: }
! 105:
! 106: exit(ERROR_EXIT);
! 107: }
! 108:
! 109: /*
! 110: * Some operating system error; print error message and exit.
! 111: */
! 112: static __dead void
! 113: perr(const char *a)
! 114: {
! 115: if (!force)
! 116: perror(a);
! 117: if (fcreated) {
! 118: PRIV_START;
! 119: unlink(atfile);
! 120: PRIV_END;
! 121: }
! 122:
! 123: exit(ERROR_EXIT);
! 124: }
! 125:
! 126: /*
! 127: * Two-parameter version of perr().
! 128: */
! 129: static __dead void
! 130: perr2(const char *a, const char *b)
! 131: {
! 132: if (!force)
! 133: (void)fputs(a, stderr);
! 134: perr(b);
! 135: }
1.1 deraadt 136:
137: static void
1.26 millert 138: sigc(int signo)
1.1 deraadt 139: {
1.7 millert 140: /* If the user presses ^C, remove the spool file and exit. */
1.1 deraadt 141: if (fcreated) {
1.26 millert 142: PRIV_START;
1.7 millert 143: (void)unlink(atfile);
1.26 millert 144: PRIV_END;
1.1 deraadt 145: }
146:
1.35 ! millert 147: _exit(ERROR_EXIT);
1.1 deraadt 148: }
149:
150: static void
1.26 millert 151: alarmc(int signo)
1.1 deraadt 152: {
1.35 ! millert 153: /* just return */
1.1 deraadt 154: }
155:
1.29 millert 156: static int
157: newjob(time_t runtimer, int queue)
158: {
159: int fd, i;
1.1 deraadt 160:
1.7 millert 161: /*
1.29 millert 162: * If we have a collision, try shifting the time by up to
163: * two minutes. Perhaps it would be better to try different
164: * queues instead...
1.7 millert 165: */
1.29 millert 166: for (i = 0; i < 120; i++) {
1.35 ! millert 167: snprintf(atfile, sizeof(atfile), "%s/%ld.%c", AT_DIR,
! 168: (long)runtimer, queue);
1.29 millert 169: fd = open(atfile, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR);
170: if (fd >= 0)
171: return (fd);
1.31 millert 172: runtimer++;
1.29 millert 173: }
174: return (-1);
1.1 deraadt 175: }
176:
1.29 millert 177: /*
178: * This does most of the work if at or batch are invoked for
179: * writing a job.
180: */
1.1 deraadt 181: static void
1.35 ! millert 182: writefile(const char *cwd, time_t runtimer, char queue)
1.1 deraadt 183: {
1.35 ! millert 184: const char *ap;
! 185: char *mailname, *shell;
1.28 millert 186: char timestr[TIMESIZE];
1.1 deraadt 187: struct passwd *pass_entry;
1.28 millert 188: struct tm runtime;
1.1 deraadt 189: int fdes, lockdes, fd2;
190: FILE *fp, *fpin;
191: struct sigaction act;
192: char **atenv;
193: int ch;
194: mode_t cmask;
1.29 millert 195: extern char **environ;
1.1 deraadt 196:
1.7 millert 197: (void)setlocale(LC_TIME, "");
198:
1.1 deraadt 199: /*
200: * Install the signal handler for SIGINT; terminate after removing the
201: * spool file if necessary
202: */
1.35 ! millert 203: bzero(&act, sizeof act);
1.1 deraadt 204: act.sa_handler = sigc;
1.29 millert 205: sigemptyset(&act.sa_mask);
1.1 deraadt 206: act.sa_flags = 0;
207: sigaction(SIGINT, &act, NULL);
208:
1.26 millert 209: PRIV_START;
1.1 deraadt 210:
1.35 ! millert 211: if ((lockdes = open(AT_DIR, O_RDONLY, 0)) < 0)
! 212: perr("Cannot open jobs dir");
! 213:
1.22 millert 214: /*
1.29 millert 215: * Lock the jobs dir so we don't have to worry about someone
216: * else grabbing a file name out from under us.
1.22 millert 217: * Set an alarm so we don't sleep forever waiting on the lock.
218: * If we don't succeed with ALARMC seconds, something is wrong...
219: */
1.35 ! millert 220: bzero(&act, sizeof act);
1.1 deraadt 221: act.sa_handler = alarmc;
1.29 millert 222: sigemptyset(&act.sa_mask);
1.35 ! millert 223: #ifdef SA_INTERRUPT
! 224: act.sa_flags = SA_INTERRUPT;
! 225: #endif
1.1 deraadt 226: sigaction(SIGALRM, &act, NULL);
227: alarm(ALARMC);
1.35 ! millert 228: ch = flock(lockdes, LOCK_EX);
1.1 deraadt 229: alarm(0);
1.35 ! millert 230: if (ch != 0)
! 231: panic("Unable to lock jobs dir");
1.22 millert 232:
1.1 deraadt 233: /*
234: * Create the file. The x bit is only going to be set after it has
235: * been completely written out, to make sure it is not executed in
236: * the meantime. To make sure they do not get deleted, turn off
237: * their r bit. Yes, this is a kluge.
238: */
239: cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
1.29 millert 240: if ((fdes = newjob(runtimer, queue)) == -1)
1.1 deraadt 241: perr("Cannot create atjob file");
242:
243: if ((fd2 = dup(fdes)) < 0)
244: perr("Error in dup() of job file");
245:
1.7 millert 246: if (fchown(fd2, real_uid, real_gid) != 0)
1.1 deraadt 247: perr("Cannot give away file");
248:
1.26 millert 249: PRIV_END;
1.1 deraadt 250:
251: /*
252: * We've successfully created the file; let's set the flag so it
253: * gets removed in case of an interrupt or error.
254: */
255: fcreated = 1;
256:
257: /* Now we can release the lock, so other people can access it */
1.7 millert 258: (void)close(lockdes);
1.1 deraadt 259:
260: if ((fp = fdopen(fdes, "w")) == NULL)
261: panic("Cannot reopen atjob file");
262:
263: /*
1.18 millert 264: * Get the userid to mail to, first by trying getlogin(), which asks
265: * the kernel, then from $LOGNAME or $USER, finally from getpwuid().
1.1 deraadt 266: */
267: mailname = getlogin();
1.5 millert 268: if (mailname == NULL && (mailname = getenv("LOGNAME")) == NULL)
269: mailname = getenv("USER");
1.1 deraadt 270:
1.7 millert 271: if ((mailname == NULL) || (mailname[0] == '\0') ||
1.35 ! millert 272: (strlen(mailname) > MAX_UNAME) || (getpwnam(mailname) == NULL)) {
1.7 millert 273: pass_entry = getpwuid(real_uid);
1.1 deraadt 274: if (pass_entry != NULL)
275: mailname = pass_entry->pw_name;
276: }
277:
1.28 millert 278: /*
279: * Get the shell to run the job under. First check $SHELL, falling
280: * back to the user's shell in the password database or, failing
281: * that, /bin/sh.
282: */
283: if ((shell = getenv("SHELL")) == NULL || *shell == '\0') {
284: pass_entry = getpwuid(real_uid);
285: if (pass_entry != NULL && *pass_entry->pw_shell != '\0')
286: shell = pass_entry->pw_shell;
287: else
288: shell = _PATH_BSHELL;
289: }
290:
1.13 kstailey 291: if (atinput != NULL) {
1.1 deraadt 292: fpin = freopen(atinput, "r", stdin);
293: if (fpin == NULL)
294: perr("Cannot open input file");
295: }
1.30 millert 296: (void)fprintf(fp, "#!/bin/sh\n# atrun uid=%ld gid=%ld\n# mail %*s %d\n",
1.35 ! millert 297: (long)real_uid, (long)real_gid, MAX_UNAME, mailname, send_mail);
1.1 deraadt 298:
299: /* Write out the umask at the time of invocation */
1.7 millert 300: (void)fprintf(fp, "umask %o\n", cmask);
1.1 deraadt 301:
302: /*
303: * Write out the environment. Anything that may look like a special
304: * character to the shell is quoted, except for \n, which is done
305: * with a pair of "'s. Dont't export the no_export list (such as
306: * TERM or DISPLAY) because we don't want these.
307: */
308: for (atenv = environ; *atenv != NULL; atenv++) {
309: int export = 1;
310: char *eqp;
311:
312: eqp = strchr(*atenv, '=');
1.19 millert 313: if (eqp == NULL)
1.1 deraadt 314: eqp = *atenv;
315: else {
316: int i;
317:
318: for (i = 0;i < sizeof(no_export) /
319: sizeof(no_export[0]); i++) {
320: export = export
321: && (strncmp(*atenv, no_export[i],
322: (size_t) (eqp - *atenv)) != 0);
323: }
324: eqp++;
325: }
326:
327: if (export) {
1.7 millert 328: (void)fwrite(*atenv, sizeof(char), eqp - *atenv, fp);
1.1 deraadt 329: for (ap = eqp; *ap != '\0'; ap++) {
330: if (*ap == '\n')
1.7 millert 331: (void)fprintf(fp, "\"\n\"");
1.1 deraadt 332: else {
1.7 millert 333: if (!isalnum(*ap)) {
334: switch (*ap) {
335: case '%': case '/': case '{':
336: case '[': case ']': case '=':
337: case '}': case '@': case '+':
338: case '#': case ',': case '.':
339: case ':': case '-': case '_':
340: break;
341: default:
342: (void)fputc('\\', fp);
343: break;
344: }
345: }
346: (void)fputc(*ap, fp);
1.1 deraadt 347: }
348: }
1.7 millert 349: (void)fputs("; export ", fp);
350: (void)fwrite(*atenv, sizeof(char), eqp - *atenv - 1, fp);
351: (void)fputc('\n', fp);
352: }
353: }
354: /*
355: * Cd to the directory at the time and write out all the
356: * commands the user supplies from stdin.
357: */
358: (void)fputs("cd ", fp);
1.35 ! millert 359: for (ap = cwd; *ap != '\0'; ap++) {
1.7 millert 360: if (*ap == '\n')
361: fprintf(fp, "\"\n\"");
362: else {
363: if (*ap != '/' && !isalnum(*ap))
364: (void)fputc('\\', fp);
1.1 deraadt 365:
1.7 millert 366: (void)fputc(*ap, fp);
1.1 deraadt 367: }
368: }
369: /*
1.7 millert 370: * Test cd's exit status: die if the original directory has been
371: * removed, become unreadable or whatever.
1.1 deraadt 372: */
1.29 millert 373: (void)fprintf(fp, " || {\n\t echo 'Execution directory inaccessible'"
374: " >&2\n\t exit 1\n}\n");
1.1 deraadt 375:
1.3 millert 376: if ((ch = getchar()) == EOF)
377: panic("Input error");
378:
1.28 millert 379: /* We want the job to run under the user's shell. */
380: fprintf(fp, "%s << '_END_OF_AT_JOB'\n", shell);
381:
1.3 millert 382: do {
1.7 millert 383: (void)fputc(ch, fp);
1.3 millert 384: } while ((ch = getchar()) != EOF);
1.1 deraadt 385:
1.28 millert 386: (void)fprintf(fp, "\n_END_OF_AT_JOB\n");
1.1 deraadt 387: if (ferror(fp))
388: panic("Output error");
389:
390: if (ferror(stdin))
391: panic("Input error");
392:
1.7 millert 393: (void)fclose(fp);
1.1 deraadt 394:
395: /*
396: * Set the x bit so that we're ready to start executing
397: */
398: if (fchmod(fd2, S_IRUSR | S_IWUSR | S_IXUSR) < 0)
399: perr("Cannot give away file");
400:
1.7 millert 401: (void)close(fd2);
1.28 millert 402:
1.30 millert 403: /* Poke cron so it knows to reload the at spool. */
1.35 ! millert 404: PRIV_START;
! 405: poke_daemon(AT_DIR, RELOAD_AT);
! 406: PRIV_END;
1.30 millert 407:
1.28 millert 408: runtime = *localtime(&runtimer);
409: strftime(timestr, TIMESIZE, "%a %b %e %T %Y", &runtime);
410: (void)fprintf(stderr, "commands will be executed using %s\n", shell);
1.35 ! millert 411: (void)fprintf(stderr, "job %s at %s\n", &atfile[sizeof(AT_DIR)],
1.29 millert 412: timestr);
413: }
414:
415: /* Sort by creation time. */
416: static int
417: byctime(const void *v1, const void *v2)
418: {
419: const struct atjob *j1 = *(struct atjob **)v1;
420: const struct atjob *j2 = *(struct atjob **)v2;
421:
422: return (j1->ctime - j2->ctime);
423: }
424:
425: /* Sort by job number (and thus execution time). */
426: static int
427: byjobno(const void *v1, const void *v2)
428: {
429: const struct atjob *j1 = *(struct atjob **)v1;
430: const struct atjob *j2 = *(struct atjob **)v2;
431:
432: if (j1->runtimer == j2->runtimer)
433: return (j1->queue - j2->queue);
434: return (j1->runtimer - j2->runtimer);
435: }
436:
437: static void
438: print_job(struct atjob *job, int n, struct stat *st, int shortformat)
439: {
440: struct passwd *pw;
441: struct tm runtime;
442: char timestr[TIMESIZE];
443: static char *ranks[] = {
444: "th", "st", "nd", "rd", "th", "th", "th", "th", "th", "th"
445: };
446:
447: runtime = *localtime(&job->runtimer);
448: if (shortformat) {
449: strftime(timestr, TIMESIZE, "%a %b %e %T %Y", &runtime);
450: (void)printf("%ld.%c\t%s\n", (long)job->runtimer,
451: job->queue, timestr);
452: } else {
453: pw = getpwuid(st->st_uid);
454: /* Rank hack shamelessly stolen from lpq */
455: if (n / 10 == 1)
456: printf("%3d%-5s", n,"th");
457: else
458: printf("%3d%-5s", n, ranks[n % 10]);
459: strftime(timestr, TIMESIZE, "%b %e, %Y %R", &runtime);
460: (void)printf("%-21.18s%-11.8s%10ld.%c %c%s\n",
461: timestr, pw ? pw->pw_name : "???",
462: (long)job->runtimer, job->queue, job->queue,
463: (S_IXUSR & st->st_mode) ? "" : " (done)");
464: }
1.1 deraadt 465: }
466:
1.29 millert 467: /*
468: * List all of a user's jobs in the queue, by looping through
1.35 ! millert 469: * AT_DIR, or all jobs if we are root. If argc is > 0, argv
1.29 millert 470: * contains the list of users whose jobs shall be displayed. By
471: * default, the list is sorted by execution date and queue. If
472: * csort is non-zero jobs will be sorted by creation/submission date.
473: */
1.1 deraadt 474: static void
1.29 millert 475: list_jobs(int argc, char **argv, int count_only, int csort)
1.1 deraadt 476: {
477: struct passwd *pw;
478: struct dirent *dirent;
1.29 millert 479: struct atjob **atjobs, *job;
480: struct stat stbuf;
1.1 deraadt 481: time_t runtimer;
1.29 millert 482: uid_t *uids;
483: long l;
484: char queue, *ep;
485: DIR *spool;
486: int i, shortformat, numjobs, maxjobs;
487:
488: if (argc) {
489: if ((uids = malloc(sizeof(uid_t) * argc)) == NULL)
1.35 ! millert 490: panic("Insufficient virtual memory");
1.29 millert 491:
492: for (i = 0; i < argc; i++) {
493: if ((pw = getpwnam(argv[i])) == NULL)
1.35 ! millert 494: panic2(argv[i], ": invalid user name");
1.29 millert 495: if (pw->pw_uid != real_uid && real_uid != 0)
1.35 ! millert 496: panic("Only the superuser may display other users' jobs");
1.29 millert 497: uids[i] = pw->pw_uid;
498: }
499: } else
500: uids = NULL;
501:
1.35 ! millert 502: shortformat = strcmp(ProgramName, "at") == 0;
1.1 deraadt 503:
1.26 millert 504: PRIV_START;
1.1 deraadt 505:
1.35 ! millert 506: if (chdir(AT_DIR) != 0)
! 507: perr2("Cannot change to ", AT_DIR);
1.1 deraadt 508:
509: if ((spool = opendir(".")) == NULL)
1.35 ! millert 510: perr2("Cannot open ", AT_DIR);
1.1 deraadt 511:
1.29 millert 512: PRIV_END;
513:
1.35 ! millert 514: if (fstat(spool->dd_fd, &stbuf) != 0)
! 515: perr2("Cannot stat ", AT_DIR);
1.29 millert 516:
517: /*
518: * The directory's link count should give us a good idea
519: * of how many files are in it. Fudge things a little just
520: * in case someone adds a job or two.
521: */
522: numjobs = 0;
523: maxjobs = stbuf.st_nlink + 4;
524: atjobs = (struct atjob **)malloc(maxjobs * sizeof(struct atjob *));
525: if (atjobs == NULL)
1.35 ! millert 526: panic("Insufficient virtual memory");
1.29 millert 527:
528: /* Loop over every file in the directory. */
1.1 deraadt 529: while ((dirent = readdir(spool)) != NULL) {
1.29 millert 530: PRIV_START;
531:
532: if (stat(dirent->d_name, &stbuf) != 0)
1.35 ! millert 533: perr2("Cannot stat in ", AT_DIR);
1.1 deraadt 534:
1.29 millert 535: PRIV_END;
536:
1.1 deraadt 537: /*
538: * See it's a regular file and has its x bit turned on and
539: * is the user's
540: */
1.29 millert 541: if (!S_ISREG(stbuf.st_mode)
542: || ((stbuf.st_uid != real_uid) && !(real_uid == 0))
543: || !(S_IXUSR & stbuf.st_mode || vflag))
1.1 deraadt 544: continue;
545:
1.29 millert 546: l = strtol(dirent->d_name, &ep, 10);
547: if (*ep != '.' || !isalpha(*(ep + 1)) || *(ep + 2) != '\0' ||
548: l < 0 || l >= INT_MAX)
1.1 deraadt 549: continue;
1.29 millert 550: runtimer = (time_t)l;
551: queue = *(ep + 1);
1.1 deraadt 552:
553: if (atqueue && (queue != atqueue))
554: continue;
555:
1.29 millert 556: /* Check against specified user(s). */
557: if (argc) {
558: for (i = 0; i < argc; i++) {
559: if (uids[0] == stbuf.st_uid)
560: break;
561: }
562: if (i == argc)
563: continue; /* user doesn't match */
564: }
565:
566: if (count_only) {
567: numjobs++;
568: continue;
569: }
570:
571: job = (struct atjob *)malloc(sizeof(struct atjob));
572: if (job == NULL)
1.35 ! millert 573: panic("Insufficient virtual memory");
1.29 millert 574: job->runtimer = runtimer;
575: job->ctime = stbuf.st_ctime;
576: job->queue = queue;
577: if (numjobs == maxjobs) {
1.35 ! millert 578: maxjobs *= 2;
! 579: atjobs = realloc(atjobs, maxjobs * sizeof(job));
! 580: if (atjobs == NULL)
! 581: panic("Insufficient virtual memory");
1.29 millert 582: }
583: atjobs[numjobs++] = job;
584: }
585: free(uids);
586:
587: if (count_only || numjobs == 0) {
588: if (numjobs == 0 && !shortformat)
589: fprintf(stderr, "no files in queue.\n");
590: else if (count_only)
591: printf("%d\n", numjobs);
592: free(atjobs);
593: return;
594: }
595:
596: /* Sort by job run time or by job creation time. */
597: qsort(atjobs, numjobs, sizeof(struct atjob *),
598: csort ? byctime : byjobno);
599:
600: if (!shortformat)
601: (void)puts(" Rank Execution Date Owner "
602: "Job Queue");
603:
604: for (i = 0; i < numjobs; i++) {
605: print_job(atjobs[i], i + 1, &stbuf, shortformat);
606: free(atjobs[i]);
1.1 deraadt 607: }
1.29 millert 608: free(atjobs);
609: }
610:
611: static int
612: rmok(int job)
613: {
614: int ch, junk;
615:
616: printf("%d: remove it? ", job);
617: ch = getchar();
618: while ((junk = getchar()) != EOF && junk != '\n')
619: ;
620: return (ch == 'y' || ch == 'Y');
1.1 deraadt 621: }
622:
1.29 millert 623: /*
1.35 ! millert 624: * Loop through all jobs in AT_DIR and display or delete ones
1.29 millert 625: * that match argv (may be job or username), or all if argc == 0.
626: * Only the superuser may display/delete other people's jobs.
627: */
1.28 millert 628: static int
1.26 millert 629: process_jobs(int argc, char **argv, int what)
1.1 deraadt 630: {
1.29 millert 631: struct stat stbuf;
632: struct dirent *dirent;
633: struct passwd *pw;
634: time_t runtimer;
635: uid_t *uids;
636: char **jobs, *ep, queue;
637: long l;
638: FILE *fp;
1.7 millert 639: DIR *spool;
1.29 millert 640: int job_matches, jobs_len, uids_len;
1.30 millert 641: int error, i, ch, changed;
1.9 millert 642:
1.26 millert 643: PRIV_START;
1.1 deraadt 644:
1.35 ! millert 645: if (chdir(AT_DIR) != 0)
! 646: perr2("Cannot change to ", AT_DIR);
1.1 deraadt 647:
1.7 millert 648: if ((spool = opendir(".")) == NULL)
1.35 ! millert 649: perr2("Cannot open ", AT_DIR);
1.7 millert 650:
1.26 millert 651: PRIV_END;
1.7 millert 652:
1.29 millert 653: /* Convert argv into a list of jobs and uids. */
654: jobs = NULL;
655: uids = NULL;
656: jobs_len = uids_len = 0;
657: if (argc > 0) {
658: if ((jobs = malloc(sizeof(char *) * argc)) == NULL ||
659: (uids = malloc(sizeof(uid_t) * argc)) == NULL)
1.35 ! millert 660: panic("Insufficient virtual memory");
1.29 millert 661:
662: for (i = 0; i < argc; i++) {
663: l = strtol(argv[i], &ep, 10);
664: if (*ep == '.' && isalpha(*(ep + 1)) &&
665: *(ep + 2) == '\0' && l > 0 && l < INT_MAX)
666: jobs[jobs_len++] = argv[i];
667: else if ((pw = getpwnam(argv[i])) != NULL) {
1.35 ! millert 668: if (real_uid != pw->pw_uid && real_uid != 0) {
! 669: fprintf(stderr, "%s: Only the superuser"
! 670: " may %s other users' jobs",
! 671: ProgramName, what == ATRM
! 672: ? "remove" : "view");
! 673: exit(ERROR_EXIT);
! 674: }
1.29 millert 675: uids[uids_len++] = pw->pw_uid;
676: } else
1.35 ! millert 677: panic2(argv[i], ": invalid user name");
1.29 millert 678: }
679: }
680:
1.7 millert 681: /* Loop over every file in the directory */
1.30 millert 682: changed = 0;
1.28 millert 683: while ((dirent = readdir(spool)) != NULL) {
1.7 millert 684:
1.26 millert 685: PRIV_START;
1.29 millert 686: if (stat(dirent->d_name, &stbuf) != 0)
1.35 ! millert 687: perr2("Cannot stat in ", AT_DIR);
1.26 millert 688: PRIV_END;
1.7 millert 689:
1.29 millert 690: if (stbuf.st_uid != real_uid && real_uid != 0)
1.7 millert 691: continue;
692:
1.29 millert 693: l = strtol(dirent->d_name, &ep, 10);
694: if (*ep != '.' || !isalpha(*(ep + 1)) || *(ep + 2) != '\0' ||
695: l < 0 || l >= INT_MAX)
696: continue;
697: runtimer = (time_t)l;
698: queue = *(ep + 1);
1.7 millert 699:
1.29 millert 700: /* Check runtimer against argv; argc==0 means do all. */
701: job_matches = (argc == 0) ? 1 : 0;
702: if (!job_matches) {
703: for (i = 0; i < jobs_len; i++) {
1.35 ! millert 704: if (strcmp(dirent->d_name, jobs[i]) == 0) {
1.29 millert 705: jobs[i] = NULL;
706: job_matches = 1;
707: break;
708: }
709: }
710: }
711: if (!job_matches) {
712: for (i = 0; i < uids_len; i++) {
713: if (uids[i] == stbuf.st_uid) {
714: job_matches = 1;
715: break;
716: }
717: }
718: }
719:
720: if (job_matches) {
721: switch (what) {
722: case ATRM:
723: PRIV_START;
724:
725: if (!interactive ||
726: (interactive && rmok(runtimer))) {
1.30 millert 727: if (unlink(dirent->d_name) == 0)
728: changed = 1;
729: else
1.7 millert 730: perr(dirent->d_name);
1.29 millert 731: if (!force && !interactive)
732: fprintf(stderr,
733: "%s removed\n",
734: dirent->d_name);
735: }
1.7 millert 736:
1.29 millert 737: PRIV_END;
1.7 millert 738:
1.29 millert 739: break;
1.7 millert 740:
1.29 millert 741: case CAT:
742: PRIV_START;
1.7 millert 743:
1.29 millert 744: fp = fopen(dirent->d_name, "r");
1.7 millert 745:
1.29 millert 746: PRIV_END;
1.7 millert 747:
1.29 millert 748: if (!fp)
749: perr("Cannot open file");
1.7 millert 750:
1.29 millert 751: while ((ch = getc(fp)) != EOF)
752: putchar(ch);
1.7 millert 753:
1.29 millert 754: break;
1.7 millert 755:
1.29 millert 756: default:
1.35 ! millert 757: panic("Internal error");
1.29 millert 758: break;
1.7 millert 759: }
1.1 deraadt 760: }
761: }
1.29 millert 762: for (error = 0, i = 0; i < jobs_len; i++) {
763: if (jobs[i] != NULL) {
764: if (!force)
1.35 ! millert 765: fprintf(stderr, "%s: %s: no such job",
! 766: ProgramName, jobs[i]);
1.28 millert 767: error++;
768: }
769: }
1.29 millert 770: free(jobs);
771: free(uids);
772:
1.30 millert 773: /* If we modied the spool, poke cron so it knows to reload. */
1.35 ! millert 774: if (changed) {
! 775: PRIV_START;
! 776: if (chdir(CRONDIR) != 0)
! 777: perror(CRONDIR);
! 778: else
! 779: poke_daemon(AT_DIR, RELOAD_AT);
! 780: PRIV_END;
! 781: }
1.30 millert 782:
1.29 millert 783: return (error);
1.28 millert 784: }
1.1 deraadt 785:
1.25 millert 786: #define ATOI2(s) ((s) += 2, ((s)[-2] - '0') * 10 + ((s)[-1] - '0'))
787:
1.29 millert 788: /*
789: * This is pretty much a copy of stime_arg1() from touch.c.
790: */
1.25 millert 791: static time_t
792: ttime(const char *arg)
793: {
794: struct timeval tv[2];
795: time_t now;
796: struct tm *t;
797: int yearset;
798: char *p;
799:
800: if (gettimeofday(&tv[0], NULL))
801: panic("Cannot get current time");
802:
803: /* Start with the current time. */
804: now = tv[0].tv_sec;
805: if ((t = localtime(&now)) == NULL)
806: panic("localtime");
807: /* [[CC]YY]MMDDhhmm[.SS] */
808: if ((p = strchr(arg, '.')) == NULL)
809: t->tm_sec = 0; /* Seconds defaults to 0. */
810: else {
811: if (strlen(p + 1) != 2)
812: goto terr;
813: *p++ = '\0';
814: t->tm_sec = ATOI2(p);
815: }
816:
817: yearset = 0;
818: switch(strlen(arg)) {
819: case 12: /* CCYYMMDDhhmm */
820: t->tm_year = ATOI2(arg);
821: t->tm_year *= 100;
822: yearset = 1;
823: /* FALLTHROUGH */
824: case 10: /* YYMMDDhhmm */
825: if (yearset) {
826: yearset = ATOI2(arg);
827: t->tm_year += yearset;
828: } else {
829: yearset = ATOI2(arg);
830: t->tm_year = yearset + 2000;
831: }
832: t->tm_year -= 1900; /* Convert to UNIX time. */
833: /* FALLTHROUGH */
834: case 8: /* MMDDhhmm */
835: t->tm_mon = ATOI2(arg);
836: --t->tm_mon; /* Convert from 01-12 to 00-11 */
837: t->tm_mday = ATOI2(arg);
838: t->tm_hour = ATOI2(arg);
839: t->tm_min = ATOI2(arg);
840: break;
841: default:
842: goto terr;
843: }
844:
845: t->tm_isdst = -1; /* Figure out DST. */
846: tv[0].tv_sec = tv[1].tv_sec = mktime(t);
847: if (tv[0].tv_sec != -1)
848: return (tv[0].tv_sec);
849: else
850: terr:
851: panic("out of range or illegal time specification: "
852: "[[CC]YY]MMDDhhmm[.SS]");
1.30 millert 853: }
854:
1.35 ! millert 855: static int
! 856: check_permission(void)
! 857: {
! 858: int ok;
! 859: uid_t uid = geteuid();
! 860: struct passwd *pw;
1.30 millert 861:
1.35 ! millert 862: if ((pw = getpwuid(uid)) == NULL) {
! 863: perror("Cannot access password database");
! 864: exit(ERROR_EXIT);
! 865: }
1.30 millert 866:
867: PRIV_START;
868:
1.35 ! millert 869: ok = allowed(pw->pw_name, AT_ALLOW, AT_DENY);
! 870:
! 871: PRIV_END;
1.30 millert 872:
1.35 ! millert 873: return (ok);
! 874: }
1.30 millert 875:
1.35 ! millert 876: static void
! 877: usage(void)
! 878: {
! 879: /* Print usage and exit. */
! 880: switch (program) {
! 881: case AT:
! 882: case CAT:
! 883: (void)fprintf(stderr,
! 884: "usage: at [-bm] [-f file] [-q queue] -t time_arg\n"
! 885: " at [-bm] [-f file] [-q queue] timespec\n"
! 886: " at -c job [job ...]\n"
! 887: " at -l [-q queue] [job ...]\n"
! 888: " at -r job [job ...]\n");
! 889: break;
! 890: case ATQ:
! 891: (void)fprintf(stderr,
! 892: "usage: atq [-cnv] [-q queue] [name...]\n");
! 893: break;
! 894: case ATRM:
! 895: (void)fprintf(stderr,
! 896: "usage: atrm [-afi] [[job] [name] ...]\n");
! 897: break;
! 898: case BATCH:
! 899: (void)fprintf(stderr,
! 900: "usage: batch [-m] [-f file] [-q queue] [timespec]\n");
! 901: break;
! 902: }
! 903: exit(ERROR_EXIT);
1.25 millert 904: }
905:
1.1 deraadt 906: int
1.26 millert 907: main(int argc, char **argv)
1.1 deraadt 908: {
1.29 millert 909: time_t timer = -1;
1.7 millert 910: char queue = DEFAULT_AT_QUEUE;
911: char queue_set = 0;
1.25 millert 912: char *options = "q:f:t:bcdlmrv"; /* default options for at */
1.35 ! millert 913: char cwd[MAX_FNAME];
1.29 millert 914: int ch;
915: int aflag = 0;
916: int cflag = 0;
917: int nflag = 0;
1.1 deraadt 918:
1.35 ! millert 919: if ((ProgramName = strrchr(argv[0], '/')) != NULL)
! 920: ProgramName++;
! 921: else
! 922: ProgramName = argv[0];
! 923:
1.26 millert 924: RELINQUISH_PRIVS;
1.1 deraadt 925:
926: /* find out what this program is supposed to do */
1.35 ! millert 927: if (strcmp(ProgramName, "atq") == 0) {
1.1 deraadt 928: program = ATQ;
1.29 millert 929: options = "cnvq:";
1.35 ! millert 930: } else if (strcmp(ProgramName, "atrm") == 0) {
1.1 deraadt 931: program = ATRM;
1.29 millert 932: options = "afi";
1.35 ! millert 933: } else if (strcmp(ProgramName, "batch") == 0) {
1.1 deraadt 934: program = BATCH;
1.24 millert 935: options = "f:q:mv";
1.1 deraadt 936: }
937:
938: /* process whatever options we can process */
1.29 millert 939: while ((ch = getopt(argc, argv, options)) != -1) {
940: switch (ch) {
941: case 'a':
942: aflag = 1;
943: break;
944:
945: case 'i':
946: interactive = 1;
947: force = 0;
948: break;
949:
950: case 'v': /* show completed but unremoved jobs */
951: /*
952: * This option is only useful when we are invoked
953: * as atq but we accept (and ignore) this flag in
954: * the other programs for backwards compatibility.
955: */
956: vflag = 1;
1.1 deraadt 957: break;
958:
959: case 'm': /* send mail when job is complete */
960: send_mail = 1;
961: break;
962:
963: case 'f':
1.29 millert 964: if (program == ATRM) {
965: force = 1;
966: interactive = 0;
967: } else
968: atinput = optarg;
1.1 deraadt 969: break;
970:
971: case 'q': /* specify queue */
972: if (strlen(optarg) > 1)
973: usage();
974:
975: atqueue = queue = *optarg;
1.7 millert 976: if (!(islower(queue) || isupper(queue)))
1.1 deraadt 977: usage();
1.7 millert 978:
979: queue_set = 1;
980: break;
981:
1.25 millert 982: case 'd': /* for backwards compatibility */
983: case 'r':
1.7 millert 984: program = ATRM;
1.24 millert 985: options = "";
1.7 millert 986: break;
987:
1.25 millert 988: case 't':
989: timer = ttime(optarg);
990: break;
991:
1.7 millert 992: case 'l':
993: program = ATQ;
1.29 millert 994: options = "cnvq:";
1.7 millert 995: break;
996:
997: case 'b':
998: program = BATCH;
1.24 millert 999: options = "f:q:mv";
1.7 millert 1000: break;
1001:
1002: case 'c':
1.29 millert 1003: if (program == ATQ) {
1004: cflag = 1;
1005: } else {
1006: program = CAT;
1007: options = "";
1008: }
1009: break;
1010:
1011: case 'n':
1012: nflag = 1;
1.1 deraadt 1013: break;
1014:
1015: default:
1016: usage();
1017: break;
1018: }
1.29 millert 1019: }
1020: argc -= optind;
1021: argv += optind;
1.7 millert 1022:
1.35 ! millert 1023: if (getcwd(cwd, sizeof(cwd)) == NULL)
! 1024: perr("Cannot get current working directory");
! 1025:
! 1026: set_cron_cwd();
! 1027:
1.16 mickey 1028: if (!check_permission())
1.35 ! millert 1029: panic("You do not have permission to use at.");
1.7 millert 1030:
1.1 deraadt 1031: /* select our program */
1032: switch (program) {
1033: case ATQ:
1.29 millert 1034: list_jobs(argc, argv, nflag, cflag);
1.1 deraadt 1035: break;
1036:
1037: case ATRM:
1.7 millert 1038: case CAT:
1.29 millert 1039: if ((aflag && argc) || (!aflag && !argc))
1.10 millert 1040: usage();
1.28 millert 1041: exit(process_jobs(argc, argv, program));
1.1 deraadt 1042: break;
1043:
1044: case AT:
1.25 millert 1045: /* Time may have been specified via the -t flag. */
1.35 ! millert 1046: if (timer == -1) {
! 1047: if (argc == 0)
! 1048: usage();
! 1049: else if ((timer = parsetime(argc, argv)) == -1)
! 1050: exit(ERROR_EXIT);
! 1051: }
! 1052: writefile(cwd, timer, queue);
1.1 deraadt 1053: break;
1054:
1055: case BATCH:
1.7 millert 1056: if (queue_set)
1057: queue = toupper(queue);
1058: else
1059: queue = DEFAULT_BATCH_QUEUE;
1060:
1.35 ! millert 1061: if (argc == 0)
1.7 millert 1062: timer = time(NULL);
1.35 ! millert 1063: else if ((timer = parsetime(argc, argv)) == -1)
! 1064: exit(ERROR_EXIT);
1.7 millert 1065:
1.35 ! millert 1066: writefile(cwd, timer, queue);
1.1 deraadt 1067: break;
1068:
1069: default:
1070: panic("Internal error");
1071: break;
1072: }
1.35 ! millert 1073: exit(OK_EXIT);
1.1 deraadt 1074: }