Annotation of src/usr.bin/at/at.c, Revision 1.45
1.45 ! robert 1: /* $OpenBSD: at.c,v 1.44 2005/10/25 15:49:38 jmc Exp $ */
1.1 deraadt 2:
3: /*
1.7 millert 4: * at.c : Put file into atrun queue
5: * Copyright (C) 1993, 1994 Thomas Koenig
1.1 deraadt 6: *
1.7 millert 7: * Atrun & Atq modifications
8: * Copyright (C) 1993 David Parsons
1.1 deraadt 9: *
1.29 millert 10: * Traditional BSD behavior and other significant modifications
1.35 millert 11: * Copyright (C) 2002-2003 Todd C. Miller
1.29 millert 12: *
1.1 deraadt 13: * Redistribution and use in source and binary forms, with or without
14: * modification, are permitted provided that the following conditions
15: * are met:
16: * 1. Redistributions of source code must retain the above copyright
17: * notice, this list of conditions and the following disclaimer.
18: * 2. The name of the author(s) may not be used to endorse or promote
19: * products derived from this software without specific prior written
20: * permission.
21: *
22: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
23: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1.7 millert 25: * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
1.1 deraadt 26: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29: * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32: */
33:
1.35 millert 34: #define MAIN_PROGRAM
1.1 deraadt 35:
1.35 millert 36: #include "cron.h"
1.1 deraadt 37: #include "at.h"
38: #include "privs.h"
1.35 millert 39: #include <limits.h>
1.1 deraadt 40:
41: #define ALARMC 10 /* Number of seconds to wait for timeout */
1.29 millert 42: #define TIMESIZE 50 /* Size of buffer passed to strftime() */
1.1 deraadt 43:
44: #ifndef lint
1.45 ! robert 45: static const char rcsid[] = "$OpenBSD: at.c,v 1.44 2005/10/25 15:49:38 jmc Exp $";
1.1 deraadt 46: #endif
47:
1.29 millert 48: /* Variables to remove from the job's environment. */
1.1 deraadt 49: char *no_export[] =
50: {
1.28 millert 51: "TERM", "TERMCAP", "DISPLAY", "_", "SHELLOPTS", "BASH_VERSINFO",
52: "EUID", "GROUPS", "PPID", "UID", "SSH_AUTH_SOCK", "SSH_AGENT_PID",
1.1 deraadt 53: };
1.7 millert 54:
1.27 millert 55: int program = AT; /* default program mode */
1.35 millert 56: char atfile[MAX_FNAME]; /* path to the at spool file */
1.29 millert 57: int fcreated; /* whether or not we created the file yet */
58: char *atinput = NULL; /* where to get input from */
1.1 deraadt 59: char atqueue = 0; /* which queue to examine for jobs (atq) */
1.29 millert 60: char vflag = 0; /* show completed but unremoved jobs (atq) */
61: char force = 0; /* suppress errors (atrm) */
62: char interactive = 0; /* interactive mode (atrm) */
63: static int send_mail = 0; /* whether we are sending mail */
1.7 millert 64:
1.21 millert 65: static void sigc(int);
66: static void alarmc(int);
1.35 millert 67: static void writefile(const char *, time_t, char);
1.29 millert 68: static void list_jobs(int, char **, int, int);
1.25 millert 69: static time_t ttime(const char *);
1.35 millert 70: static int check_permission(void);
71: static void panic(const char *);
72: static void perr(const char *);
73: static void perr2(const char *, const char *);
1.41 millert 74: static __dead void usage(void);
1.35 millert 75: time_t parsetime(int, char **);
76:
77: /*
78: * Something fatal has happened, print error message and exit.
79: */
80: static __dead void
81: panic(const char *a)
82: {
83: (void)fprintf(stderr, "%s: %s\n", ProgramName, a);
84: if (fcreated) {
85: PRIV_START;
86: unlink(atfile);
87: PRIV_END;
88: }
89:
90: exit(ERROR_EXIT);
91: }
92:
93: /*
94: * Two-parameter version of panic().
95: */
1.42 millert 96: static __dead void
1.35 millert 97: panic2(const char *a, const char *b)
98: {
99: (void)fprintf(stderr, "%s: %s%s\n", ProgramName, a, b);
100: if (fcreated) {
101: PRIV_START;
102: unlink(atfile);
103: PRIV_END;
104: }
105:
106: exit(ERROR_EXIT);
107: }
108:
109: /*
110: * Some operating system error; print error message and exit.
111: */
112: static __dead void
113: perr(const char *a)
114: {
115: if (!force)
116: perror(a);
117: if (fcreated) {
118: PRIV_START;
119: unlink(atfile);
120: PRIV_END;
121: }
122:
123: exit(ERROR_EXIT);
124: }
125:
126: /*
127: * Two-parameter version of perr().
128: */
1.42 millert 129: static __dead void
1.35 millert 130: perr2(const char *a, const char *b)
131: {
132: if (!force)
133: (void)fputs(a, stderr);
134: perr(b);
135: }
1.1 deraadt 136:
1.42 millert 137: static void
1.26 millert 138: sigc(int signo)
1.1 deraadt 139: {
1.7 millert 140: /* If the user presses ^C, remove the spool file and exit. */
1.1 deraadt 141: if (fcreated) {
1.26 millert 142: PRIV_START;
1.7 millert 143: (void)unlink(atfile);
1.26 millert 144: PRIV_END;
1.1 deraadt 145: }
146:
1.35 millert 147: _exit(ERROR_EXIT);
1.1 deraadt 148: }
149:
1.42 millert 150: static void
1.26 millert 151: alarmc(int signo)
1.1 deraadt 152: {
1.35 millert 153: /* just return */
1.1 deraadt 154: }
155:
1.29 millert 156: static int
157: newjob(time_t runtimer, int queue)
158: {
159: int fd, i;
1.1 deraadt 160:
1.7 millert 161: /*
1.29 millert 162: * If we have a collision, try shifting the time by up to
163: * two minutes. Perhaps it would be better to try different
164: * queues instead...
1.7 millert 165: */
1.29 millert 166: for (i = 0; i < 120; i++) {
1.35 millert 167: snprintf(atfile, sizeof(atfile), "%s/%ld.%c", AT_DIR,
168: (long)runtimer, queue);
1.29 millert 169: fd = open(atfile, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR);
170: if (fd >= 0)
171: return (fd);
1.31 millert 172: runtimer++;
1.29 millert 173: }
174: return (-1);
1.1 deraadt 175: }
176:
1.29 millert 177: /*
178: * This does most of the work if at or batch are invoked for
179: * writing a job.
180: */
1.1 deraadt 181: static void
1.35 millert 182: writefile(const char *cwd, time_t runtimer, char queue)
1.1 deraadt 183: {
1.35 millert 184: const char *ap;
185: char *mailname, *shell;
1.28 millert 186: char timestr[TIMESIZE];
1.1 deraadt 187: struct passwd *pass_entry;
1.28 millert 188: struct tm runtime;
1.1 deraadt 189: int fdes, lockdes, fd2;
190: FILE *fp, *fpin;
191: struct sigaction act;
192: char **atenv;
193: int ch;
194: mode_t cmask;
1.29 millert 195: extern char **environ;
1.1 deraadt 196:
1.7 millert 197: (void)setlocale(LC_TIME, "");
198:
1.1 deraadt 199: /*
200: * Install the signal handler for SIGINT; terminate after removing the
201: * spool file if necessary
202: */
1.35 millert 203: bzero(&act, sizeof act);
1.1 deraadt 204: act.sa_handler = sigc;
1.29 millert 205: sigemptyset(&act.sa_mask);
1.1 deraadt 206: act.sa_flags = 0;
207: sigaction(SIGINT, &act, NULL);
208:
1.26 millert 209: PRIV_START;
1.1 deraadt 210:
1.35 millert 211: if ((lockdes = open(AT_DIR, O_RDONLY, 0)) < 0)
212: perr("Cannot open jobs dir");
213:
1.22 millert 214: /*
1.29 millert 215: * Lock the jobs dir so we don't have to worry about someone
216: * else grabbing a file name out from under us.
1.22 millert 217: * Set an alarm so we don't sleep forever waiting on the lock.
218: * If we don't succeed with ALARMC seconds, something is wrong...
219: */
1.35 millert 220: bzero(&act, sizeof act);
1.1 deraadt 221: act.sa_handler = alarmc;
1.29 millert 222: sigemptyset(&act.sa_mask);
1.35 millert 223: #ifdef SA_INTERRUPT
224: act.sa_flags = SA_INTERRUPT;
225: #endif
1.1 deraadt 226: sigaction(SIGALRM, &act, NULL);
227: alarm(ALARMC);
1.35 millert 228: ch = flock(lockdes, LOCK_EX);
1.1 deraadt 229: alarm(0);
1.35 millert 230: if (ch != 0)
231: panic("Unable to lock jobs dir");
1.22 millert 232:
1.1 deraadt 233: /*
234: * Create the file. The x bit is only going to be set after it has
235: * been completely written out, to make sure it is not executed in
236: * the meantime. To make sure they do not get deleted, turn off
237: * their r bit. Yes, this is a kluge.
238: */
239: cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
1.29 millert 240: if ((fdes = newjob(runtimer, queue)) == -1)
1.1 deraadt 241: perr("Cannot create atjob file");
242:
243: if ((fd2 = dup(fdes)) < 0)
244: perr("Error in dup() of job file");
245:
1.7 millert 246: if (fchown(fd2, real_uid, real_gid) != 0)
1.1 deraadt 247: perr("Cannot give away file");
248:
1.26 millert 249: PRIV_END;
1.1 deraadt 250:
251: /*
252: * We've successfully created the file; let's set the flag so it
253: * gets removed in case of an interrupt or error.
254: */
255: fcreated = 1;
256:
257: /* Now we can release the lock, so other people can access it */
1.7 millert 258: (void)close(lockdes);
1.1 deraadt 259:
260: if ((fp = fdopen(fdes, "w")) == NULL)
261: panic("Cannot reopen atjob file");
262:
263: /*
1.18 millert 264: * Get the userid to mail to, first by trying getlogin(), which asks
265: * the kernel, then from $LOGNAME or $USER, finally from getpwuid().
1.1 deraadt 266: */
267: mailname = getlogin();
1.5 millert 268: if (mailname == NULL && (mailname = getenv("LOGNAME")) == NULL)
269: mailname = getenv("USER");
1.1 deraadt 270:
1.7 millert 271: if ((mailname == NULL) || (mailname[0] == '\0') ||
1.35 millert 272: (strlen(mailname) > MAX_UNAME) || (getpwnam(mailname) == NULL)) {
1.7 millert 273: pass_entry = getpwuid(real_uid);
1.1 deraadt 274: if (pass_entry != NULL)
275: mailname = pass_entry->pw_name;
276: }
277:
1.28 millert 278: /*
279: * Get the shell to run the job under. First check $SHELL, falling
280: * back to the user's shell in the password database or, failing
281: * that, /bin/sh.
282: */
283: if ((shell = getenv("SHELL")) == NULL || *shell == '\0') {
284: pass_entry = getpwuid(real_uid);
285: if (pass_entry != NULL && *pass_entry->pw_shell != '\0')
286: shell = pass_entry->pw_shell;
287: else
288: shell = _PATH_BSHELL;
289: }
290:
1.13 kstailey 291: if (atinput != NULL) {
1.1 deraadt 292: fpin = freopen(atinput, "r", stdin);
293: if (fpin == NULL)
294: perr("Cannot open input file");
295: }
1.42 millert 296: (void)fprintf(fp, "#!/bin/sh\n# atrun uid=%lu gid=%lu\n# mail %*s %d\n",
297: (unsigned long)real_uid, (unsigned long)real_gid,
298: MAX_UNAME, mailname, send_mail);
1.1 deraadt 299:
300: /* Write out the umask at the time of invocation */
1.7 millert 301: (void)fprintf(fp, "umask %o\n", cmask);
1.1 deraadt 302:
303: /*
304: * Write out the environment. Anything that may look like a special
305: * character to the shell is quoted, except for \n, which is done
1.44 jmc 306: * with a pair of "'s. Don't export the no_export list (such as
1.1 deraadt 307: * TERM or DISPLAY) because we don't want these.
308: */
309: for (atenv = environ; *atenv != NULL; atenv++) {
310: int export = 1;
311: char *eqp;
312:
313: eqp = strchr(*atenv, '=');
1.19 millert 314: if (eqp == NULL)
1.1 deraadt 315: eqp = *atenv;
316: else {
317: int i;
318:
319: for (i = 0;i < sizeof(no_export) /
320: sizeof(no_export[0]); i++) {
321: export = export
322: && (strncmp(*atenv, no_export[i],
323: (size_t) (eqp - *atenv)) != 0);
324: }
325: eqp++;
326: }
327:
328: if (export) {
1.7 millert 329: (void)fwrite(*atenv, sizeof(char), eqp - *atenv, fp);
1.1 deraadt 330: for (ap = eqp; *ap != '\0'; ap++) {
331: if (*ap == '\n')
1.7 millert 332: (void)fprintf(fp, "\"\n\"");
1.1 deraadt 333: else {
1.7 millert 334: if (!isalnum(*ap)) {
335: switch (*ap) {
336: case '%': case '/': case '{':
337: case '[': case ']': case '=':
338: case '}': case '@': case '+':
339: case '#': case ',': case '.':
340: case ':': case '-': case '_':
341: break;
342: default:
343: (void)fputc('\\', fp);
344: break;
345: }
346: }
347: (void)fputc(*ap, fp);
1.1 deraadt 348: }
349: }
1.7 millert 350: (void)fputs("; export ", fp);
351: (void)fwrite(*atenv, sizeof(char), eqp - *atenv - 1, fp);
352: (void)fputc('\n', fp);
353: }
354: }
355: /*
356: * Cd to the directory at the time and write out all the
357: * commands the user supplies from stdin.
358: */
359: (void)fputs("cd ", fp);
1.35 millert 360: for (ap = cwd; *ap != '\0'; ap++) {
1.7 millert 361: if (*ap == '\n')
362: fprintf(fp, "\"\n\"");
363: else {
364: if (*ap != '/' && !isalnum(*ap))
365: (void)fputc('\\', fp);
1.1 deraadt 366:
1.7 millert 367: (void)fputc(*ap, fp);
1.1 deraadt 368: }
369: }
370: /*
1.7 millert 371: * Test cd's exit status: die if the original directory has been
372: * removed, become unreadable or whatever.
1.1 deraadt 373: */
1.29 millert 374: (void)fprintf(fp, " || {\n\t echo 'Execution directory inaccessible'"
375: " >&2\n\t exit 1\n}\n");
1.1 deraadt 376:
1.3 millert 377: if ((ch = getchar()) == EOF)
378: panic("Input error");
379:
1.28 millert 380: /* We want the job to run under the user's shell. */
381: fprintf(fp, "%s << '_END_OF_AT_JOB'\n", shell);
382:
1.3 millert 383: do {
1.7 millert 384: (void)fputc(ch, fp);
1.3 millert 385: } while ((ch = getchar()) != EOF);
1.1 deraadt 386:
1.28 millert 387: (void)fprintf(fp, "\n_END_OF_AT_JOB\n");
1.1 deraadt 388: if (ferror(fp))
389: panic("Output error");
390:
391: if (ferror(stdin))
392: panic("Input error");
393:
1.7 millert 394: (void)fclose(fp);
1.1 deraadt 395:
396: /*
397: * Set the x bit so that we're ready to start executing
398: */
399: if (fchmod(fd2, S_IRUSR | S_IWUSR | S_IXUSR) < 0)
400: perr("Cannot give away file");
401:
1.7 millert 402: (void)close(fd2);
1.28 millert 403:
1.30 millert 404: /* Poke cron so it knows to reload the at spool. */
1.35 millert 405: PRIV_START;
406: poke_daemon(AT_DIR, RELOAD_AT);
407: PRIV_END;
1.30 millert 408:
1.28 millert 409: runtime = *localtime(&runtimer);
410: strftime(timestr, TIMESIZE, "%a %b %e %T %Y", &runtime);
411: (void)fprintf(stderr, "commands will be executed using %s\n", shell);
1.35 millert 412: (void)fprintf(stderr, "job %s at %s\n", &atfile[sizeof(AT_DIR)],
1.29 millert 413: timestr);
414: }
415:
416: /* Sort by creation time. */
417: static int
418: byctime(const void *v1, const void *v2)
419: {
420: const struct atjob *j1 = *(struct atjob **)v1;
421: const struct atjob *j2 = *(struct atjob **)v2;
422:
423: return (j1->ctime - j2->ctime);
424: }
425:
426: /* Sort by job number (and thus execution time). */
427: static int
428: byjobno(const void *v1, const void *v2)
429: {
430: const struct atjob *j1 = *(struct atjob **)v1;
431: const struct atjob *j2 = *(struct atjob **)v2;
432:
433: if (j1->runtimer == j2->runtimer)
434: return (j1->queue - j2->queue);
435: return (j1->runtimer - j2->runtimer);
436: }
437:
438: static void
1.37 millert 439: print_job(struct atjob *job, int n, int shortformat)
1.29 millert 440: {
441: struct passwd *pw;
442: struct tm runtime;
443: char timestr[TIMESIZE];
444: static char *ranks[] = {
445: "th", "st", "nd", "rd", "th", "th", "th", "th", "th", "th"
446: };
447:
448: runtime = *localtime(&job->runtimer);
449: if (shortformat) {
450: strftime(timestr, TIMESIZE, "%a %b %e %T %Y", &runtime);
451: (void)printf("%ld.%c\t%s\n", (long)job->runtimer,
452: job->queue, timestr);
453: } else {
1.37 millert 454: pw = getpwuid(job->uid);
1.29 millert 455: /* Rank hack shamelessly stolen from lpq */
456: if (n / 10 == 1)
457: printf("%3d%-5s", n,"th");
458: else
459: printf("%3d%-5s", n, ranks[n % 10]);
460: strftime(timestr, TIMESIZE, "%b %e, %Y %R", &runtime);
461: (void)printf("%-21.18s%-11.8s%10ld.%c %c%s\n",
462: timestr, pw ? pw->pw_name : "???",
463: (long)job->runtimer, job->queue, job->queue,
1.37 millert 464: (S_IXUSR & job->mode) ? "" : " (done)");
1.29 millert 465: }
1.1 deraadt 466: }
467:
1.29 millert 468: /*
469: * List all of a user's jobs in the queue, by looping through
1.35 millert 470: * AT_DIR, or all jobs if we are root. If argc is > 0, argv
1.29 millert 471: * contains the list of users whose jobs shall be displayed. By
472: * default, the list is sorted by execution date and queue. If
473: * csort is non-zero jobs will be sorted by creation/submission date.
474: */
1.1 deraadt 475: static void
1.29 millert 476: list_jobs(int argc, char **argv, int count_only, int csort)
1.1 deraadt 477: {
478: struct passwd *pw;
479: struct dirent *dirent;
1.40 tedu 480: struct atjob **atjobs, **newatjobs, *job;
1.29 millert 481: struct stat stbuf;
1.1 deraadt 482: time_t runtimer;
1.29 millert 483: uid_t *uids;
484: long l;
485: char queue, *ep;
486: DIR *spool;
487: int i, shortformat, numjobs, maxjobs;
488:
489: if (argc) {
490: if ((uids = malloc(sizeof(uid_t) * argc)) == NULL)
1.35 millert 491: panic("Insufficient virtual memory");
1.29 millert 492:
493: for (i = 0; i < argc; i++) {
494: if ((pw = getpwnam(argv[i])) == NULL)
1.35 millert 495: panic2(argv[i], ": invalid user name");
1.29 millert 496: if (pw->pw_uid != real_uid && real_uid != 0)
1.35 millert 497: panic("Only the superuser may display other users' jobs");
1.29 millert 498: uids[i] = pw->pw_uid;
499: }
500: } else
501: uids = NULL;
502:
1.35 millert 503: shortformat = strcmp(ProgramName, "at") == 0;
1.1 deraadt 504:
1.26 millert 505: PRIV_START;
1.1 deraadt 506:
1.35 millert 507: if (chdir(AT_DIR) != 0)
508: perr2("Cannot change to ", AT_DIR);
1.1 deraadt 509:
510: if ((spool = opendir(".")) == NULL)
1.35 millert 511: perr2("Cannot open ", AT_DIR);
1.1 deraadt 512:
1.29 millert 513: PRIV_END;
514:
1.35 millert 515: if (fstat(spool->dd_fd, &stbuf) != 0)
516: perr2("Cannot stat ", AT_DIR);
1.29 millert 517:
518: /*
519: * The directory's link count should give us a good idea
520: * of how many files are in it. Fudge things a little just
521: * in case someone adds a job or two.
522: */
523: numjobs = 0;
524: maxjobs = stbuf.st_nlink + 4;
525: atjobs = (struct atjob **)malloc(maxjobs * sizeof(struct atjob *));
526: if (atjobs == NULL)
1.35 millert 527: panic("Insufficient virtual memory");
1.29 millert 528:
529: /* Loop over every file in the directory. */
1.1 deraadt 530: while ((dirent = readdir(spool)) != NULL) {
1.29 millert 531: PRIV_START;
532:
533: if (stat(dirent->d_name, &stbuf) != 0)
1.35 millert 534: perr2("Cannot stat in ", AT_DIR);
1.1 deraadt 535:
1.29 millert 536: PRIV_END;
537:
1.1 deraadt 538: /*
539: * See it's a regular file and has its x bit turned on and
540: * is the user's
541: */
1.29 millert 542: if (!S_ISREG(stbuf.st_mode)
543: || ((stbuf.st_uid != real_uid) && !(real_uid == 0))
544: || !(S_IXUSR & stbuf.st_mode || vflag))
1.1 deraadt 545: continue;
546:
1.29 millert 547: l = strtol(dirent->d_name, &ep, 10);
548: if (*ep != '.' || !isalpha(*(ep + 1)) || *(ep + 2) != '\0' ||
549: l < 0 || l >= INT_MAX)
1.1 deraadt 550: continue;
1.29 millert 551: runtimer = (time_t)l;
552: queue = *(ep + 1);
1.1 deraadt 553:
554: if (atqueue && (queue != atqueue))
555: continue;
556:
1.29 millert 557: /* Check against specified user(s). */
558: if (argc) {
559: for (i = 0; i < argc; i++) {
560: if (uids[0] == stbuf.st_uid)
561: break;
562: }
563: if (i == argc)
564: continue; /* user doesn't match */
565: }
566:
567: if (count_only) {
568: numjobs++;
569: continue;
570: }
571:
572: job = (struct atjob *)malloc(sizeof(struct atjob));
573: if (job == NULL)
1.35 millert 574: panic("Insufficient virtual memory");
1.29 millert 575: job->runtimer = runtimer;
576: job->ctime = stbuf.st_ctime;
1.37 millert 577: job->uid = stbuf.st_uid;
578: job->mode = stbuf.st_mode;
1.29 millert 579: job->queue = queue;
580: if (numjobs == maxjobs) {
1.40 tedu 581: int newjobs = maxjobs * 2;
582: newatjobs = realloc(atjobs, newjobs * sizeof(job));
583: if (newatjobs == NULL)
1.35 millert 584: panic("Insufficient virtual memory");
1.40 tedu 585: atjobs = newatjobs;
586: maxjobs = newjobs;
1.29 millert 587: }
588: atjobs[numjobs++] = job;
589: }
590: free(uids);
1.45 ! robert 591: closedir(spool);
1.29 millert 592:
593: if (count_only || numjobs == 0) {
594: if (numjobs == 0 && !shortformat)
595: fprintf(stderr, "no files in queue.\n");
596: else if (count_only)
597: printf("%d\n", numjobs);
598: free(atjobs);
599: return;
600: }
601:
602: /* Sort by job run time or by job creation time. */
603: qsort(atjobs, numjobs, sizeof(struct atjob *),
604: csort ? byctime : byjobno);
605:
606: if (!shortformat)
607: (void)puts(" Rank Execution Date Owner "
608: "Job Queue");
609:
610: for (i = 0; i < numjobs; i++) {
1.37 millert 611: print_job(atjobs[i], i + 1, shortformat);
1.29 millert 612: free(atjobs[i]);
1.1 deraadt 613: }
1.29 millert 614: free(atjobs);
615: }
616:
617: static int
618: rmok(int job)
619: {
620: int ch, junk;
621:
622: printf("%d: remove it? ", job);
623: ch = getchar();
624: while ((junk = getchar()) != EOF && junk != '\n')
625: ;
626: return (ch == 'y' || ch == 'Y');
1.1 deraadt 627: }
628:
1.29 millert 629: /*
1.35 millert 630: * Loop through all jobs in AT_DIR and display or delete ones
1.29 millert 631: * that match argv (may be job or username), or all if argc == 0.
632: * Only the superuser may display/delete other people's jobs.
633: */
1.28 millert 634: static int
1.26 millert 635: process_jobs(int argc, char **argv, int what)
1.1 deraadt 636: {
1.29 millert 637: struct stat stbuf;
638: struct dirent *dirent;
639: struct passwd *pw;
640: time_t runtimer;
641: uid_t *uids;
642: char **jobs, *ep, queue;
643: long l;
644: FILE *fp;
1.7 millert 645: DIR *spool;
1.29 millert 646: int job_matches, jobs_len, uids_len;
1.30 millert 647: int error, i, ch, changed;
1.9 millert 648:
1.26 millert 649: PRIV_START;
1.1 deraadt 650:
1.35 millert 651: if (chdir(AT_DIR) != 0)
652: perr2("Cannot change to ", AT_DIR);
1.1 deraadt 653:
1.7 millert 654: if ((spool = opendir(".")) == NULL)
1.35 millert 655: perr2("Cannot open ", AT_DIR);
1.7 millert 656:
1.26 millert 657: PRIV_END;
1.7 millert 658:
1.29 millert 659: /* Convert argv into a list of jobs and uids. */
660: jobs = NULL;
661: uids = NULL;
662: jobs_len = uids_len = 0;
663: if (argc > 0) {
664: if ((jobs = malloc(sizeof(char *) * argc)) == NULL ||
665: (uids = malloc(sizeof(uid_t) * argc)) == NULL)
1.35 millert 666: panic("Insufficient virtual memory");
1.29 millert 667:
668: for (i = 0; i < argc; i++) {
669: l = strtol(argv[i], &ep, 10);
670: if (*ep == '.' && isalpha(*(ep + 1)) &&
671: *(ep + 2) == '\0' && l > 0 && l < INT_MAX)
672: jobs[jobs_len++] = argv[i];
673: else if ((pw = getpwnam(argv[i])) != NULL) {
1.35 millert 674: if (real_uid != pw->pw_uid && real_uid != 0) {
675: fprintf(stderr, "%s: Only the superuser"
1.39 mpech 676: " may %s other users' jobs\n",
1.35 millert 677: ProgramName, what == ATRM
678: ? "remove" : "view");
679: exit(ERROR_EXIT);
680: }
1.29 millert 681: uids[uids_len++] = pw->pw_uid;
682: } else
1.35 millert 683: panic2(argv[i], ": invalid user name");
1.29 millert 684: }
685: }
686:
1.7 millert 687: /* Loop over every file in the directory */
1.30 millert 688: changed = 0;
1.28 millert 689: while ((dirent = readdir(spool)) != NULL) {
1.7 millert 690:
1.26 millert 691: PRIV_START;
1.29 millert 692: if (stat(dirent->d_name, &stbuf) != 0)
1.35 millert 693: perr2("Cannot stat in ", AT_DIR);
1.26 millert 694: PRIV_END;
1.7 millert 695:
1.29 millert 696: if (stbuf.st_uid != real_uid && real_uid != 0)
1.7 millert 697: continue;
698:
1.29 millert 699: l = strtol(dirent->d_name, &ep, 10);
700: if (*ep != '.' || !isalpha(*(ep + 1)) || *(ep + 2) != '\0' ||
701: l < 0 || l >= INT_MAX)
702: continue;
703: runtimer = (time_t)l;
704: queue = *(ep + 1);
1.7 millert 705:
1.29 millert 706: /* Check runtimer against argv; argc==0 means do all. */
707: job_matches = (argc == 0) ? 1 : 0;
708: if (!job_matches) {
709: for (i = 0; i < jobs_len; i++) {
1.36 millert 710: if (jobs[i] != NULL &&
711: strcmp(dirent->d_name, jobs[i]) == 0) {
1.29 millert 712: jobs[i] = NULL;
713: job_matches = 1;
714: break;
715: }
716: }
717: }
718: if (!job_matches) {
719: for (i = 0; i < uids_len; i++) {
720: if (uids[i] == stbuf.st_uid) {
721: job_matches = 1;
722: break;
723: }
724: }
725: }
726:
727: if (job_matches) {
728: switch (what) {
729: case ATRM:
730: PRIV_START;
731:
732: if (!interactive ||
733: (interactive && rmok(runtimer))) {
1.30 millert 734: if (unlink(dirent->d_name) == 0)
735: changed = 1;
736: else
1.7 millert 737: perr(dirent->d_name);
1.29 millert 738: if (!force && !interactive)
739: fprintf(stderr,
740: "%s removed\n",
741: dirent->d_name);
742: }
1.7 millert 743:
1.29 millert 744: PRIV_END;
1.7 millert 745:
1.29 millert 746: break;
1.7 millert 747:
1.29 millert 748: case CAT:
749: PRIV_START;
1.7 millert 750:
1.29 millert 751: fp = fopen(dirent->d_name, "r");
1.7 millert 752:
1.29 millert 753: PRIV_END;
1.7 millert 754:
1.29 millert 755: if (!fp)
756: perr("Cannot open file");
1.7 millert 757:
1.29 millert 758: while ((ch = getc(fp)) != EOF)
759: putchar(ch);
1.7 millert 760:
1.45 ! robert 761: fclose(fp);
1.29 millert 762: break;
1.7 millert 763:
1.29 millert 764: default:
1.35 millert 765: panic("Internal error");
1.29 millert 766: break;
1.7 millert 767: }
1.1 deraadt 768: }
769: }
1.45 ! robert 770: closedir(spool);
! 771:
1.29 millert 772: for (error = 0, i = 0; i < jobs_len; i++) {
773: if (jobs[i] != NULL) {
774: if (!force)
1.39 mpech 775: fprintf(stderr, "%s: %s: no such job\n",
1.35 millert 776: ProgramName, jobs[i]);
1.28 millert 777: error++;
778: }
779: }
1.29 millert 780: free(jobs);
781: free(uids);
782:
1.30 millert 783: /* If we modied the spool, poke cron so it knows to reload. */
1.35 millert 784: if (changed) {
785: PRIV_START;
786: if (chdir(CRONDIR) != 0)
787: perror(CRONDIR);
788: else
789: poke_daemon(AT_DIR, RELOAD_AT);
790: PRIV_END;
791: }
1.30 millert 792:
1.29 millert 793: return (error);
1.28 millert 794: }
1.1 deraadt 795:
1.25 millert 796: #define ATOI2(s) ((s) += 2, ((s)[-2] - '0') * 10 + ((s)[-1] - '0'))
797:
1.29 millert 798: /*
799: * This is pretty much a copy of stime_arg1() from touch.c.
800: */
1.25 millert 801: static time_t
802: ttime(const char *arg)
803: {
804: struct timeval tv[2];
805: time_t now;
806: struct tm *t;
807: int yearset;
808: char *p;
1.42 millert 809:
1.25 millert 810: if (gettimeofday(&tv[0], NULL))
811: panic("Cannot get current time");
1.42 millert 812:
1.25 millert 813: /* Start with the current time. */
814: now = tv[0].tv_sec;
815: if ((t = localtime(&now)) == NULL)
816: panic("localtime");
817: /* [[CC]YY]MMDDhhmm[.SS] */
818: if ((p = strchr(arg, '.')) == NULL)
819: t->tm_sec = 0; /* Seconds defaults to 0. */
820: else {
821: if (strlen(p + 1) != 2)
822: goto terr;
823: *p++ = '\0';
824: t->tm_sec = ATOI2(p);
825: }
1.42 millert 826:
1.25 millert 827: yearset = 0;
828: switch(strlen(arg)) {
829: case 12: /* CCYYMMDDhhmm */
830: t->tm_year = ATOI2(arg);
831: t->tm_year *= 100;
832: yearset = 1;
833: /* FALLTHROUGH */
834: case 10: /* YYMMDDhhmm */
835: if (yearset) {
836: yearset = ATOI2(arg);
837: t->tm_year += yearset;
838: } else {
839: yearset = ATOI2(arg);
840: t->tm_year = yearset + 2000;
841: }
842: t->tm_year -= 1900; /* Convert to UNIX time. */
843: /* FALLTHROUGH */
844: case 8: /* MMDDhhmm */
845: t->tm_mon = ATOI2(arg);
846: --t->tm_mon; /* Convert from 01-12 to 00-11 */
847: t->tm_mday = ATOI2(arg);
848: t->tm_hour = ATOI2(arg);
849: t->tm_min = ATOI2(arg);
850: break;
851: default:
852: goto terr;
853: }
1.42 millert 854:
1.25 millert 855: t->tm_isdst = -1; /* Figure out DST. */
856: tv[0].tv_sec = tv[1].tv_sec = mktime(t);
857: if (tv[0].tv_sec != -1)
858: return (tv[0].tv_sec);
859: else
860: terr:
861: panic("out of range or illegal time specification: "
862: "[[CC]YY]MMDDhhmm[.SS]");
1.30 millert 863: }
864:
1.35 millert 865: static int
866: check_permission(void)
867: {
868: int ok;
869: uid_t uid = geteuid();
870: struct passwd *pw;
1.30 millert 871:
1.35 millert 872: if ((pw = getpwuid(uid)) == NULL) {
873: perror("Cannot access password database");
874: exit(ERROR_EXIT);
875: }
1.30 millert 876:
877: PRIV_START;
878:
1.35 millert 879: ok = allowed(pw->pw_name, AT_ALLOW, AT_DENY);
880:
881: PRIV_END;
1.30 millert 882:
1.35 millert 883: return (ok);
884: }
1.30 millert 885:
1.41 millert 886: static __dead void
1.35 millert 887: usage(void)
888: {
889: /* Print usage and exit. */
890: switch (program) {
891: case AT:
892: case CAT:
893: (void)fprintf(stderr,
1.43 jmc 894: "usage: at [-blm] [-f file] [-q queue] -t time_arg\n"
895: " at [-blm] [-f file] [-q queue] timespec\n"
896: " at -c | -r job [job ...]\n");
1.35 millert 897: break;
898: case ATQ:
899: (void)fprintf(stderr,
1.43 jmc 900: "usage: atq [-cnv] [-q queue] [name ...]\n");
1.35 millert 901: break;
902: case ATRM:
903: (void)fprintf(stderr,
904: "usage: atrm [-afi] [[job] [name] ...]\n");
905: break;
906: case BATCH:
907: (void)fprintf(stderr,
908: "usage: batch [-m] [-f file] [-q queue] [timespec]\n");
909: break;
910: }
911: exit(ERROR_EXIT);
1.25 millert 912: }
913:
1.1 deraadt 914: int
1.26 millert 915: main(int argc, char **argv)
1.1 deraadt 916: {
1.29 millert 917: time_t timer = -1;
1.7 millert 918: char queue = DEFAULT_AT_QUEUE;
919: char queue_set = 0;
1.25 millert 920: char *options = "q:f:t:bcdlmrv"; /* default options for at */
1.38 avsm 921: char cwd[PATH_MAX];
1.29 millert 922: int ch;
923: int aflag = 0;
924: int cflag = 0;
925: int nflag = 0;
1.41 millert 926:
927: if (argc < 1)
928: usage();
1.1 deraadt 929:
1.35 millert 930: if ((ProgramName = strrchr(argv[0], '/')) != NULL)
931: ProgramName++;
932: else
933: ProgramName = argv[0];
934:
1.26 millert 935: RELINQUISH_PRIVS;
1.1 deraadt 936:
937: /* find out what this program is supposed to do */
1.35 millert 938: if (strcmp(ProgramName, "atq") == 0) {
1.1 deraadt 939: program = ATQ;
1.29 millert 940: options = "cnvq:";
1.35 millert 941: } else if (strcmp(ProgramName, "atrm") == 0) {
1.1 deraadt 942: program = ATRM;
1.29 millert 943: options = "afi";
1.35 millert 944: } else if (strcmp(ProgramName, "batch") == 0) {
1.1 deraadt 945: program = BATCH;
1.24 millert 946: options = "f:q:mv";
1.1 deraadt 947: }
948:
949: /* process whatever options we can process */
1.29 millert 950: while ((ch = getopt(argc, argv, options)) != -1) {
951: switch (ch) {
952: case 'a':
953: aflag = 1;
954: break;
955:
956: case 'i':
957: interactive = 1;
958: force = 0;
959: break;
960:
961: case 'v': /* show completed but unremoved jobs */
962: /*
963: * This option is only useful when we are invoked
964: * as atq but we accept (and ignore) this flag in
965: * the other programs for backwards compatibility.
966: */
967: vflag = 1;
1.1 deraadt 968: break;
969:
970: case 'm': /* send mail when job is complete */
971: send_mail = 1;
972: break;
973:
974: case 'f':
1.29 millert 975: if (program == ATRM) {
976: force = 1;
977: interactive = 0;
978: } else
979: atinput = optarg;
1.1 deraadt 980: break;
981:
982: case 'q': /* specify queue */
983: if (strlen(optarg) > 1)
984: usage();
985:
986: atqueue = queue = *optarg;
1.7 millert 987: if (!(islower(queue) || isupper(queue)))
1.1 deraadt 988: usage();
1.7 millert 989:
990: queue_set = 1;
991: break;
992:
1.25 millert 993: case 'd': /* for backwards compatibility */
994: case 'r':
1.7 millert 995: program = ATRM;
1.24 millert 996: options = "";
1.7 millert 997: break;
998:
1.25 millert 999: case 't':
1000: timer = ttime(optarg);
1001: break;
1002:
1.7 millert 1003: case 'l':
1004: program = ATQ;
1.29 millert 1005: options = "cnvq:";
1.7 millert 1006: break;
1007:
1008: case 'b':
1009: program = BATCH;
1.24 millert 1010: options = "f:q:mv";
1.7 millert 1011: break;
1012:
1013: case 'c':
1.29 millert 1014: if (program == ATQ) {
1015: cflag = 1;
1016: } else {
1017: program = CAT;
1018: options = "";
1019: }
1020: break;
1021:
1022: case 'n':
1023: nflag = 1;
1.1 deraadt 1024: break;
1025:
1026: default:
1027: usage();
1028: break;
1029: }
1.29 millert 1030: }
1031: argc -= optind;
1032: argv += optind;
1.7 millert 1033:
1.35 millert 1034: if (getcwd(cwd, sizeof(cwd)) == NULL)
1035: perr("Cannot get current working directory");
1036:
1037: set_cron_cwd();
1038:
1.16 mickey 1039: if (!check_permission())
1.35 millert 1040: panic("You do not have permission to use at.");
1.7 millert 1041:
1.1 deraadt 1042: /* select our program */
1043: switch (program) {
1044: case ATQ:
1.29 millert 1045: list_jobs(argc, argv, nflag, cflag);
1.1 deraadt 1046: break;
1047:
1048: case ATRM:
1.7 millert 1049: case CAT:
1.29 millert 1050: if ((aflag && argc) || (!aflag && !argc))
1.10 millert 1051: usage();
1.28 millert 1052: exit(process_jobs(argc, argv, program));
1.1 deraadt 1053: break;
1054:
1055: case AT:
1.25 millert 1056: /* Time may have been specified via the -t flag. */
1.35 millert 1057: if (timer == -1) {
1058: if (argc == 0)
1059: usage();
1060: else if ((timer = parsetime(argc, argv)) == -1)
1061: exit(ERROR_EXIT);
1062: }
1063: writefile(cwd, timer, queue);
1.1 deraadt 1064: break;
1065:
1066: case BATCH:
1.7 millert 1067: if (queue_set)
1068: queue = toupper(queue);
1069: else
1070: queue = DEFAULT_BATCH_QUEUE;
1071:
1.35 millert 1072: if (argc == 0)
1.7 millert 1073: timer = time(NULL);
1.35 millert 1074: else if ((timer = parsetime(argc, argv)) == -1)
1075: exit(ERROR_EXIT);
1.7 millert 1076:
1.35 millert 1077: writefile(cwd, timer, queue);
1.1 deraadt 1078: break;
1079:
1080: default:
1081: panic("Internal error");
1082: break;
1083: }
1.35 millert 1084: exit(OK_EXIT);
1.1 deraadt 1085: }