Annotation of src/usr.bin/at/at.c, Revision 1.61
1.61 ! deraadt 1: /* $OpenBSD: at.c,v 1.60 2011/08/30 19:56:08 guenther Exp $ */
1.1 deraadt 2:
3: /*
1.7 millert 4: * at.c : Put file into atrun queue
5: * Copyright (C) 1993, 1994 Thomas Koenig
1.1 deraadt 6: *
1.7 millert 7: * Atrun & Atq modifications
8: * Copyright (C) 1993 David Parsons
1.1 deraadt 9: *
1.29 millert 10: * Traditional BSD behavior and other significant modifications
1.35 millert 11: * Copyright (C) 2002-2003 Todd C. Miller
1.29 millert 12: *
1.1 deraadt 13: * Redistribution and use in source and binary forms, with or without
14: * modification, are permitted provided that the following conditions
15: * are met:
16: * 1. Redistributions of source code must retain the above copyright
17: * notice, this list of conditions and the following disclaimer.
18: * 2. The name of the author(s) may not be used to endorse or promote
19: * products derived from this software without specific prior written
20: * permission.
21: *
22: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
23: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1.7 millert 25: * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
1.1 deraadt 26: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
1.57 krw 29: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
1.1 deraadt 30: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32: */
33:
1.35 millert 34: #define MAIN_PROGRAM
1.1 deraadt 35:
1.35 millert 36: #include "cron.h"
1.1 deraadt 37: #include "at.h"
38: #include "privs.h"
1.35 millert 39: #include <limits.h>
1.1 deraadt 40:
41: #define ALARMC 10 /* Number of seconds to wait for timeout */
1.29 millert 42: #define TIMESIZE 50 /* Size of buffer passed to strftime() */
1.1 deraadt 43:
1.29 millert 44: /* Variables to remove from the job's environment. */
1.1 deraadt 45: char *no_export[] =
46: {
1.28 millert 47: "TERM", "TERMCAP", "DISPLAY", "_", "SHELLOPTS", "BASH_VERSINFO",
48: "EUID", "GROUPS", "PPID", "UID", "SSH_AUTH_SOCK", "SSH_AGENT_PID",
1.1 deraadt 49: };
1.7 millert 50:
1.27 millert 51: int program = AT; /* default program mode */
1.35 millert 52: char atfile[MAX_FNAME]; /* path to the at spool file */
1.29 millert 53: int fcreated; /* whether or not we created the file yet */
1.1 deraadt 54: char atqueue = 0; /* which queue to examine for jobs (atq) */
1.29 millert 55: char vflag = 0; /* show completed but unremoved jobs (atq) */
56: char force = 0; /* suppress errors (atrm) */
57: char interactive = 0; /* interactive mode (atrm) */
58: static int send_mail = 0; /* whether we are sending mail */
1.7 millert 59:
1.21 millert 60: static void sigc(int);
61: static void alarmc(int);
1.35 millert 62: static void writefile(const char *, time_t, char);
1.29 millert 63: static void list_jobs(int, char **, int, int);
1.48 millert 64: static time_t ttime(char *);
1.35 millert 65: static int check_permission(void);
1.46 cloder 66: static __dead void panic(const char *);
1.35 millert 67: static void perr(const char *);
68: static void perr2(const char *, const char *);
1.41 millert 69: static __dead void usage(void);
1.61 ! deraadt 70: static int rmok(long long);
1.35 millert 71: time_t parsetime(int, char **);
72:
73: /*
74: * Something fatal has happened, print error message and exit.
75: */
76: static __dead void
77: panic(const char *a)
78: {
79: (void)fprintf(stderr, "%s: %s\n", ProgramName, a);
80: if (fcreated) {
81: PRIV_START;
82: unlink(atfile);
83: PRIV_END;
84: }
85:
1.59 millert 86: exit(EXIT_FAILURE);
1.35 millert 87: }
88:
89: /*
90: * Two-parameter version of panic().
91: */
1.42 millert 92: static __dead void
1.35 millert 93: panic2(const char *a, const char *b)
94: {
95: (void)fprintf(stderr, "%s: %s%s\n", ProgramName, a, b);
96: if (fcreated) {
97: PRIV_START;
98: unlink(atfile);
99: PRIV_END;
100: }
101:
1.59 millert 102: exit(EXIT_FAILURE);
1.35 millert 103: }
104:
105: /*
106: * Some operating system error; print error message and exit.
107: */
108: static __dead void
109: perr(const char *a)
110: {
111: if (!force)
112: perror(a);
113: if (fcreated) {
114: PRIV_START;
115: unlink(atfile);
116: PRIV_END;
117: }
118:
1.59 millert 119: exit(EXIT_FAILURE);
1.35 millert 120: }
121:
122: /*
123: * Two-parameter version of perr().
124: */
1.42 millert 125: static __dead void
1.35 millert 126: perr2(const char *a, const char *b)
127: {
128: if (!force)
129: (void)fputs(a, stderr);
130: perr(b);
131: }
1.1 deraadt 132:
1.46 cloder 133: /* ARGSUSED */
1.42 millert 134: static void
1.26 millert 135: sigc(int signo)
1.1 deraadt 136: {
1.7 millert 137: /* If the user presses ^C, remove the spool file and exit. */
1.1 deraadt 138: if (fcreated) {
1.26 millert 139: PRIV_START;
1.7 millert 140: (void)unlink(atfile);
1.26 millert 141: PRIV_END;
1.1 deraadt 142: }
143:
1.59 millert 144: _exit(EXIT_FAILURE);
1.1 deraadt 145: }
146:
1.46 cloder 147: /* ARGSUSED */
1.42 millert 148: static void
1.26 millert 149: alarmc(int signo)
1.1 deraadt 150: {
1.35 millert 151: /* just return */
1.1 deraadt 152: }
153:
1.29 millert 154: static int
155: newjob(time_t runtimer, int queue)
156: {
157: int fd, i;
1.1 deraadt 158:
1.7 millert 159: /*
1.29 millert 160: * If we have a collision, try shifting the time by up to
161: * two minutes. Perhaps it would be better to try different
162: * queues instead...
1.7 millert 163: */
1.29 millert 164: for (i = 0; i < 120; i++) {
1.61 ! deraadt 165: snprintf(atfile, sizeof(atfile), "%s/%lld.%c", AT_DIR,
! 166: (long long)runtimer, queue);
1.29 millert 167: fd = open(atfile, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR);
168: if (fd >= 0)
169: return (fd);
1.31 millert 170: runtimer++;
1.29 millert 171: }
172: return (-1);
1.1 deraadt 173: }
174:
1.29 millert 175: /*
176: * This does most of the work if at or batch are invoked for
177: * writing a job.
178: */
1.1 deraadt 179: static void
1.35 millert 180: writefile(const char *cwd, time_t runtimer, char queue)
1.1 deraadt 181: {
1.35 millert 182: const char *ap;
183: char *mailname, *shell;
1.28 millert 184: char timestr[TIMESIZE];
1.1 deraadt 185: struct passwd *pass_entry;
1.28 millert 186: struct tm runtime;
1.1 deraadt 187: int fdes, lockdes, fd2;
1.55 deraadt 188: FILE *fp;
1.1 deraadt 189: struct sigaction act;
190: char **atenv;
191: int ch;
192: mode_t cmask;
1.29 millert 193: extern char **environ;
1.1 deraadt 194:
1.7 millert 195: (void)setlocale(LC_TIME, "");
196:
1.1 deraadt 197: /*
198: * Install the signal handler for SIGINT; terminate after removing the
199: * spool file if necessary
200: */
1.35 millert 201: bzero(&act, sizeof act);
1.1 deraadt 202: act.sa_handler = sigc;
1.29 millert 203: sigemptyset(&act.sa_mask);
1.1 deraadt 204: act.sa_flags = 0;
205: sigaction(SIGINT, &act, NULL);
206:
1.26 millert 207: PRIV_START;
1.1 deraadt 208:
1.35 millert 209: if ((lockdes = open(AT_DIR, O_RDONLY, 0)) < 0)
210: perr("Cannot open jobs dir");
211:
1.22 millert 212: /*
1.29 millert 213: * Lock the jobs dir so we don't have to worry about someone
214: * else grabbing a file name out from under us.
1.22 millert 215: * Set an alarm so we don't sleep forever waiting on the lock.
216: * If we don't succeed with ALARMC seconds, something is wrong...
217: */
1.35 millert 218: bzero(&act, sizeof act);
1.1 deraadt 219: act.sa_handler = alarmc;
1.29 millert 220: sigemptyset(&act.sa_mask);
1.35 millert 221: #ifdef SA_INTERRUPT
222: act.sa_flags = SA_INTERRUPT;
223: #endif
1.1 deraadt 224: sigaction(SIGALRM, &act, NULL);
225: alarm(ALARMC);
1.35 millert 226: ch = flock(lockdes, LOCK_EX);
1.1 deraadt 227: alarm(0);
1.35 millert 228: if (ch != 0)
229: panic("Unable to lock jobs dir");
1.22 millert 230:
1.1 deraadt 231: /*
232: * Create the file. The x bit is only going to be set after it has
233: * been completely written out, to make sure it is not executed in
234: * the meantime. To make sure they do not get deleted, turn off
235: * their r bit. Yes, this is a kluge.
236: */
237: cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
1.29 millert 238: if ((fdes = newjob(runtimer, queue)) == -1)
1.1 deraadt 239: perr("Cannot create atjob file");
240:
241: if ((fd2 = dup(fdes)) < 0)
242: perr("Error in dup() of job file");
243:
1.7 millert 244: if (fchown(fd2, real_uid, real_gid) != 0)
1.1 deraadt 245: perr("Cannot give away file");
246:
1.26 millert 247: PRIV_END;
1.1 deraadt 248:
249: /*
250: * We've successfully created the file; let's set the flag so it
251: * gets removed in case of an interrupt or error.
252: */
253: fcreated = 1;
254:
255: /* Now we can release the lock, so other people can access it */
1.7 millert 256: (void)close(lockdes);
1.1 deraadt 257:
258: if ((fp = fdopen(fdes, "w")) == NULL)
259: panic("Cannot reopen atjob file");
260:
261: /*
1.18 millert 262: * Get the userid to mail to, first by trying getlogin(), which asks
263: * the kernel, then from $LOGNAME or $USER, finally from getpwuid().
1.1 deraadt 264: */
265: mailname = getlogin();
1.5 millert 266: if (mailname == NULL && (mailname = getenv("LOGNAME")) == NULL)
267: mailname = getenv("USER");
1.1 deraadt 268:
1.7 millert 269: if ((mailname == NULL) || (mailname[0] == '\0') ||
1.35 millert 270: (strlen(mailname) > MAX_UNAME) || (getpwnam(mailname) == NULL)) {
1.7 millert 271: pass_entry = getpwuid(real_uid);
1.1 deraadt 272: if (pass_entry != NULL)
273: mailname = pass_entry->pw_name;
274: }
275:
1.28 millert 276: /*
277: * Get the shell to run the job under. First check $SHELL, falling
278: * back to the user's shell in the password database or, failing
279: * that, /bin/sh.
280: */
281: if ((shell = getenv("SHELL")) == NULL || *shell == '\0') {
282: pass_entry = getpwuid(real_uid);
283: if (pass_entry != NULL && *pass_entry->pw_shell != '\0')
284: shell = pass_entry->pw_shell;
285: else
286: shell = _PATH_BSHELL;
287: }
288:
1.42 millert 289: (void)fprintf(fp, "#!/bin/sh\n# atrun uid=%lu gid=%lu\n# mail %*s %d\n",
290: (unsigned long)real_uid, (unsigned long)real_gid,
291: MAX_UNAME, mailname, send_mail);
1.1 deraadt 292:
293: /* Write out the umask at the time of invocation */
1.7 millert 294: (void)fprintf(fp, "umask %o\n", cmask);
1.1 deraadt 295:
296: /*
297: * Write out the environment. Anything that may look like a special
298: * character to the shell is quoted, except for \n, which is done
1.44 jmc 299: * with a pair of "'s. Don't export the no_export list (such as
1.1 deraadt 300: * TERM or DISPLAY) because we don't want these.
301: */
302: for (atenv = environ; *atenv != NULL; atenv++) {
303: int export = 1;
304: char *eqp;
305:
306: eqp = strchr(*atenv, '=');
1.19 millert 307: if (eqp == NULL)
1.1 deraadt 308: eqp = *atenv;
309: else {
310: int i;
311:
312: for (i = 0;i < sizeof(no_export) /
313: sizeof(no_export[0]); i++) {
314: export = export
315: && (strncmp(*atenv, no_export[i],
316: (size_t) (eqp - *atenv)) != 0);
317: }
318: eqp++;
319: }
320:
321: if (export) {
1.7 millert 322: (void)fwrite(*atenv, sizeof(char), eqp - *atenv, fp);
1.1 deraadt 323: for (ap = eqp; *ap != '\0'; ap++) {
324: if (*ap == '\n')
1.7 millert 325: (void)fprintf(fp, "\"\n\"");
1.1 deraadt 326: else {
1.7 millert 327: if (!isalnum(*ap)) {
328: switch (*ap) {
329: case '%': case '/': case '{':
330: case '[': case ']': case '=':
331: case '}': case '@': case '+':
332: case '#': case ',': case '.':
333: case ':': case '-': case '_':
334: break;
335: default:
336: (void)fputc('\\', fp);
337: break;
338: }
339: }
340: (void)fputc(*ap, fp);
1.1 deraadt 341: }
342: }
1.7 millert 343: (void)fputs("; export ", fp);
344: (void)fwrite(*atenv, sizeof(char), eqp - *atenv - 1, fp);
345: (void)fputc('\n', fp);
346: }
347: }
348: /*
349: * Cd to the directory at the time and write out all the
350: * commands the user supplies from stdin.
351: */
352: (void)fputs("cd ", fp);
1.35 millert 353: for (ap = cwd; *ap != '\0'; ap++) {
1.7 millert 354: if (*ap == '\n')
355: fprintf(fp, "\"\n\"");
356: else {
357: if (*ap != '/' && !isalnum(*ap))
358: (void)fputc('\\', fp);
1.1 deraadt 359:
1.7 millert 360: (void)fputc(*ap, fp);
1.1 deraadt 361: }
362: }
363: /*
1.7 millert 364: * Test cd's exit status: die if the original directory has been
365: * removed, become unreadable or whatever.
1.1 deraadt 366: */
1.29 millert 367: (void)fprintf(fp, " || {\n\t echo 'Execution directory inaccessible'"
368: " >&2\n\t exit 1\n}\n");
1.1 deraadt 369:
1.3 millert 370: if ((ch = getchar()) == EOF)
371: panic("Input error");
372:
1.28 millert 373: /* We want the job to run under the user's shell. */
374: fprintf(fp, "%s << '_END_OF_AT_JOB'\n", shell);
375:
1.3 millert 376: do {
1.7 millert 377: (void)fputc(ch, fp);
1.3 millert 378: } while ((ch = getchar()) != EOF);
1.1 deraadt 379:
1.28 millert 380: (void)fprintf(fp, "\n_END_OF_AT_JOB\n");
1.1 deraadt 381: if (ferror(fp))
382: panic("Output error");
383:
384: if (ferror(stdin))
385: panic("Input error");
386:
1.7 millert 387: (void)fclose(fp);
1.1 deraadt 388:
389: /*
390: * Set the x bit so that we're ready to start executing
391: */
392: if (fchmod(fd2, S_IRUSR | S_IWUSR | S_IXUSR) < 0)
393: perr("Cannot give away file");
394:
1.7 millert 395: (void)close(fd2);
1.28 millert 396:
1.30 millert 397: /* Poke cron so it knows to reload the at spool. */
1.35 millert 398: PRIV_START;
399: poke_daemon(AT_DIR, RELOAD_AT);
400: PRIV_END;
1.30 millert 401:
1.28 millert 402: runtime = *localtime(&runtimer);
403: strftime(timestr, TIMESIZE, "%a %b %e %T %Y", &runtime);
404: (void)fprintf(stderr, "commands will be executed using %s\n", shell);
1.35 millert 405: (void)fprintf(stderr, "job %s at %s\n", &atfile[sizeof(AT_DIR)],
1.29 millert 406: timestr);
407: }
408:
409: /* Sort by creation time. */
410: static int
411: byctime(const void *v1, const void *v2)
412: {
1.46 cloder 413: const struct atjob *j1 = *(const struct atjob **)v1;
414: const struct atjob *j2 = *(const struct atjob **)v2;
1.29 millert 415:
416: return (j1->ctime - j2->ctime);
417: }
418:
419: /* Sort by job number (and thus execution time). */
420: static int
421: byjobno(const void *v1, const void *v2)
422: {
423: const struct atjob *j1 = *(struct atjob **)v1;
424: const struct atjob *j2 = *(struct atjob **)v2;
425:
426: if (j1->runtimer == j2->runtimer)
427: return (j1->queue - j2->queue);
428: return (j1->runtimer - j2->runtimer);
429: }
430:
431: static void
1.37 millert 432: print_job(struct atjob *job, int n, int shortformat)
1.29 millert 433: {
434: struct passwd *pw;
435: struct tm runtime;
436: char timestr[TIMESIZE];
437: static char *ranks[] = {
438: "th", "st", "nd", "rd", "th", "th", "th", "th", "th", "th"
439: };
440:
441: runtime = *localtime(&job->runtimer);
442: if (shortformat) {
443: strftime(timestr, TIMESIZE, "%a %b %e %T %Y", &runtime);
1.61 ! deraadt 444: (void)printf("%lld.%c\t%s\n", (long long)job->runtimer,
1.29 millert 445: job->queue, timestr);
446: } else {
1.37 millert 447: pw = getpwuid(job->uid);
1.29 millert 448: /* Rank hack shamelessly stolen from lpq */
449: if (n / 10 == 1)
450: printf("%3d%-5s", n,"th");
451: else
452: printf("%3d%-5s", n, ranks[n % 10]);
453: strftime(timestr, TIMESIZE, "%b %e, %Y %R", &runtime);
1.61 ! deraadt 454: (void)printf("%-21.18s%-11.8s%10lld.%c %c%s\n",
1.29 millert 455: timestr, pw ? pw->pw_name : "???",
1.61 ! deraadt 456: (long long)job->runtimer, job->queue, job->queue,
1.37 millert 457: (S_IXUSR & job->mode) ? "" : " (done)");
1.29 millert 458: }
1.1 deraadt 459: }
460:
1.29 millert 461: /*
462: * List all of a user's jobs in the queue, by looping through
1.35 millert 463: * AT_DIR, or all jobs if we are root. If argc is > 0, argv
1.29 millert 464: * contains the list of users whose jobs shall be displayed. By
465: * default, the list is sorted by execution date and queue. If
466: * csort is non-zero jobs will be sorted by creation/submission date.
467: */
1.1 deraadt 468: static void
1.29 millert 469: list_jobs(int argc, char **argv, int count_only, int csort)
1.1 deraadt 470: {
471: struct passwd *pw;
472: struct dirent *dirent;
1.40 tedu 473: struct atjob **atjobs, **newatjobs, *job;
1.29 millert 474: struct stat stbuf;
1.1 deraadt 475: time_t runtimer;
1.29 millert 476: uid_t *uids;
477: char queue, *ep;
478: DIR *spool;
1.54 moritz 479: int i, shortformat;
480: size_t numjobs, maxjobs;
1.29 millert 481:
482: if (argc) {
1.53 deraadt 483: if ((uids = calloc(sizeof(uid_t), argc)) == NULL)
1.35 millert 484: panic("Insufficient virtual memory");
1.29 millert 485:
486: for (i = 0; i < argc; i++) {
487: if ((pw = getpwnam(argv[i])) == NULL)
1.35 millert 488: panic2(argv[i], ": invalid user name");
1.29 millert 489: if (pw->pw_uid != real_uid && real_uid != 0)
1.35 millert 490: panic("Only the superuser may display other users' jobs");
1.29 millert 491: uids[i] = pw->pw_uid;
492: }
493: } else
494: uids = NULL;
495:
1.35 millert 496: shortformat = strcmp(ProgramName, "at") == 0;
1.1 deraadt 497:
1.26 millert 498: PRIV_START;
1.1 deraadt 499:
1.35 millert 500: if (chdir(AT_DIR) != 0)
501: perr2("Cannot change to ", AT_DIR);
1.1 deraadt 502:
503: if ((spool = opendir(".")) == NULL)
1.35 millert 504: perr2("Cannot open ", AT_DIR);
1.1 deraadt 505:
1.29 millert 506: PRIV_END;
507:
1.58 millert 508: if (fstat(dirfd(spool), &stbuf) != 0)
1.35 millert 509: perr2("Cannot stat ", AT_DIR);
1.29 millert 510:
511: /*
512: * The directory's link count should give us a good idea
513: * of how many files are in it. Fudge things a little just
514: * in case someone adds a job or two.
515: */
516: numjobs = 0;
517: maxjobs = stbuf.st_nlink + 4;
1.53 deraadt 518: atjobs = (struct atjob **)calloc(maxjobs, sizeof(struct atjob *));
1.29 millert 519: if (atjobs == NULL)
1.35 millert 520: panic("Insufficient virtual memory");
1.29 millert 521:
522: /* Loop over every file in the directory. */
1.1 deraadt 523: while ((dirent = readdir(spool)) != NULL) {
1.29 millert 524: PRIV_START;
525:
526: if (stat(dirent->d_name, &stbuf) != 0)
1.35 millert 527: perr2("Cannot stat in ", AT_DIR);
1.1 deraadt 528:
1.29 millert 529: PRIV_END;
530:
1.1 deraadt 531: /*
532: * See it's a regular file and has its x bit turned on and
533: * is the user's
534: */
1.29 millert 535: if (!S_ISREG(stbuf.st_mode)
536: || ((stbuf.st_uid != real_uid) && !(real_uid == 0))
537: || !(S_IXUSR & stbuf.st_mode || vflag))
1.1 deraadt 538: continue;
539:
1.61 ! deraadt 540: if (strtot(dirent->d_name, &ep, &runtimer) == -1)
! 541: continue;
! 542: if (*ep != '.' || !isalpha(*(ep + 1)) || *(ep + 2) != '\0')
1.1 deraadt 543: continue;
1.29 millert 544: queue = *(ep + 1);
1.1 deraadt 545:
546: if (atqueue && (queue != atqueue))
547: continue;
548:
1.29 millert 549: /* Check against specified user(s). */
550: if (argc) {
551: for (i = 0; i < argc; i++) {
552: if (uids[0] == stbuf.st_uid)
553: break;
554: }
555: if (i == argc)
556: continue; /* user doesn't match */
557: }
558:
559: if (count_only) {
560: numjobs++;
561: continue;
562: }
563:
564: job = (struct atjob *)malloc(sizeof(struct atjob));
565: if (job == NULL)
1.35 millert 566: panic("Insufficient virtual memory");
1.29 millert 567: job->runtimer = runtimer;
568: job->ctime = stbuf.st_ctime;
1.37 millert 569: job->uid = stbuf.st_uid;
570: job->mode = stbuf.st_mode;
1.29 millert 571: job->queue = queue;
572: if (numjobs == maxjobs) {
1.54 moritz 573: size_t newjobs = maxjobs * 2;
1.40 tedu 574: newatjobs = realloc(atjobs, newjobs * sizeof(job));
575: if (newatjobs == NULL)
1.35 millert 576: panic("Insufficient virtual memory");
1.40 tedu 577: atjobs = newatjobs;
578: maxjobs = newjobs;
1.29 millert 579: }
580: atjobs[numjobs++] = job;
581: }
582: free(uids);
1.45 robert 583: closedir(spool);
1.29 millert 584:
585: if (count_only || numjobs == 0) {
586: if (numjobs == 0 && !shortformat)
587: fprintf(stderr, "no files in queue.\n");
588: else if (count_only)
1.54 moritz 589: printf("%zu\n", numjobs);
1.29 millert 590: free(atjobs);
591: return;
592: }
593:
594: /* Sort by job run time or by job creation time. */
595: qsort(atjobs, numjobs, sizeof(struct atjob *),
596: csort ? byctime : byjobno);
597:
598: if (!shortformat)
599: (void)puts(" Rank Execution Date Owner "
600: "Job Queue");
601:
602: for (i = 0; i < numjobs; i++) {
1.37 millert 603: print_job(atjobs[i], i + 1, shortformat);
1.29 millert 604: free(atjobs[i]);
1.1 deraadt 605: }
1.29 millert 606: free(atjobs);
607: }
608:
609: static int
1.61 ! deraadt 610: rmok(long long job)
1.29 millert 611: {
612: int ch, junk;
613:
1.61 ! deraadt 614: printf("%lld: remove it? ", job);
1.29 millert 615: ch = getchar();
616: while ((junk = getchar()) != EOF && junk != '\n')
617: ;
618: return (ch == 'y' || ch == 'Y');
1.1 deraadt 619: }
620:
1.29 millert 621: /*
1.35 millert 622: * Loop through all jobs in AT_DIR and display or delete ones
1.29 millert 623: * that match argv (may be job or username), or all if argc == 0.
624: * Only the superuser may display/delete other people's jobs.
625: */
1.28 millert 626: static int
1.26 millert 627: process_jobs(int argc, char **argv, int what)
1.1 deraadt 628: {
1.29 millert 629: struct stat stbuf;
630: struct dirent *dirent;
631: struct passwd *pw;
632: time_t runtimer;
633: uid_t *uids;
1.46 cloder 634: char **jobs, *ep;
1.29 millert 635: long l;
636: FILE *fp;
1.7 millert 637: DIR *spool;
1.29 millert 638: int job_matches, jobs_len, uids_len;
1.30 millert 639: int error, i, ch, changed;
1.9 millert 640:
1.26 millert 641: PRIV_START;
1.1 deraadt 642:
1.35 millert 643: if (chdir(AT_DIR) != 0)
644: perr2("Cannot change to ", AT_DIR);
1.1 deraadt 645:
1.7 millert 646: if ((spool = opendir(".")) == NULL)
1.35 millert 647: perr2("Cannot open ", AT_DIR);
1.7 millert 648:
1.26 millert 649: PRIV_END;
1.7 millert 650:
1.29 millert 651: /* Convert argv into a list of jobs and uids. */
652: jobs = NULL;
653: uids = NULL;
654: jobs_len = uids_len = 0;
655: if (argc > 0) {
1.53 deraadt 656: if ((jobs = calloc(sizeof(char *), argc)) == NULL ||
657: (uids = calloc(sizeof(uid_t), argc)) == NULL)
1.35 millert 658: panic("Insufficient virtual memory");
1.29 millert 659:
660: for (i = 0; i < argc; i++) {
661: l = strtol(argv[i], &ep, 10);
662: if (*ep == '.' && isalpha(*(ep + 1)) &&
663: *(ep + 2) == '\0' && l > 0 && l < INT_MAX)
664: jobs[jobs_len++] = argv[i];
665: else if ((pw = getpwnam(argv[i])) != NULL) {
1.35 millert 666: if (real_uid != pw->pw_uid && real_uid != 0) {
667: fprintf(stderr, "%s: Only the superuser"
1.39 mpech 668: " may %s other users' jobs\n",
1.35 millert 669: ProgramName, what == ATRM
670: ? "remove" : "view");
1.59 millert 671: exit(EXIT_FAILURE);
1.35 millert 672: }
1.29 millert 673: uids[uids_len++] = pw->pw_uid;
674: } else
1.35 millert 675: panic2(argv[i], ": invalid user name");
1.29 millert 676: }
677: }
678:
1.7 millert 679: /* Loop over every file in the directory */
1.30 millert 680: changed = 0;
1.28 millert 681: while ((dirent = readdir(spool)) != NULL) {
1.7 millert 682:
1.26 millert 683: PRIV_START;
1.29 millert 684: if (stat(dirent->d_name, &stbuf) != 0)
1.35 millert 685: perr2("Cannot stat in ", AT_DIR);
1.26 millert 686: PRIV_END;
1.7 millert 687:
1.29 millert 688: if (stbuf.st_uid != real_uid && real_uid != 0)
1.7 millert 689: continue;
690:
1.61 ! deraadt 691: if (strtot(dirent->d_name, &ep, &runtimer) == -1)
! 692: continue;
! 693: if (*ep != '.' || !isalpha(*(ep + 1)) || *(ep + 2) != '\0')
1.29 millert 694: continue;
1.7 millert 695:
1.29 millert 696: /* Check runtimer against argv; argc==0 means do all. */
697: job_matches = (argc == 0) ? 1 : 0;
698: if (!job_matches) {
699: for (i = 0; i < jobs_len; i++) {
1.36 millert 700: if (jobs[i] != NULL &&
701: strcmp(dirent->d_name, jobs[i]) == 0) {
1.29 millert 702: jobs[i] = NULL;
703: job_matches = 1;
704: break;
705: }
706: }
707: }
708: if (!job_matches) {
709: for (i = 0; i < uids_len; i++) {
710: if (uids[i] == stbuf.st_uid) {
711: job_matches = 1;
712: break;
713: }
714: }
715: }
716:
717: if (job_matches) {
718: switch (what) {
719: case ATRM:
720: PRIV_START;
721:
722: if (!interactive ||
723: (interactive && rmok(runtimer))) {
1.30 millert 724: if (unlink(dirent->d_name) == 0)
725: changed = 1;
726: else
1.7 millert 727: perr(dirent->d_name);
1.29 millert 728: if (!force && !interactive)
729: fprintf(stderr,
730: "%s removed\n",
731: dirent->d_name);
732: }
1.7 millert 733:
1.29 millert 734: PRIV_END;
1.7 millert 735:
1.29 millert 736: break;
1.7 millert 737:
1.29 millert 738: case CAT:
739: PRIV_START;
1.7 millert 740:
1.29 millert 741: fp = fopen(dirent->d_name, "r");
1.7 millert 742:
1.29 millert 743: PRIV_END;
1.7 millert 744:
1.29 millert 745: if (!fp)
746: perr("Cannot open file");
1.7 millert 747:
1.29 millert 748: while ((ch = getc(fp)) != EOF)
749: putchar(ch);
1.7 millert 750:
1.45 robert 751: fclose(fp);
1.29 millert 752: break;
1.7 millert 753:
1.29 millert 754: default:
1.35 millert 755: panic("Internal error");
1.29 millert 756: break;
1.7 millert 757: }
1.1 deraadt 758: }
759: }
1.45 robert 760: closedir(spool);
761:
1.29 millert 762: for (error = 0, i = 0; i < jobs_len; i++) {
763: if (jobs[i] != NULL) {
764: if (!force)
1.39 mpech 765: fprintf(stderr, "%s: %s: no such job\n",
1.35 millert 766: ProgramName, jobs[i]);
1.28 millert 767: error++;
768: }
769: }
1.29 millert 770: free(jobs);
771: free(uids);
772:
1.30 millert 773: /* If we modied the spool, poke cron so it knows to reload. */
1.35 millert 774: if (changed) {
775: PRIV_START;
776: if (chdir(CRONDIR) != 0)
777: perror(CRONDIR);
778: else
779: poke_daemon(AT_DIR, RELOAD_AT);
780: PRIV_END;
781: }
1.30 millert 782:
1.29 millert 783: return (error);
1.28 millert 784: }
1.1 deraadt 785:
1.25 millert 786: #define ATOI2(s) ((s) += 2, ((s)[-2] - '0') * 10 + ((s)[-1] - '0'))
787:
1.29 millert 788: /*
1.48 millert 789: * Adapted from date(1)
1.29 millert 790: */
1.25 millert 791: static time_t
1.48 millert 792: ttime(char *arg)
1.25 millert 793: {
1.48 millert 794: time_t now, then;
795: struct tm *lt;
1.25 millert 796: int yearset;
1.48 millert 797: char *dot, *p;
1.42 millert 798:
1.48 millert 799: if (time(&now) == (time_t)-1 || (lt = localtime(&now)) == NULL)
1.25 millert 800: panic("Cannot get current time");
1.42 millert 801:
1.48 millert 802: /* Valid date format is [[CC]YY]MMDDhhmm[.SS] */
803: for (p = arg, dot = NULL; *p != '\0'; p++) {
1.52 millert 804: if (*p == '.' && dot == NULL)
1.48 millert 805: dot = p;
806: else if (!isdigit((unsigned char)*p))
807: goto terr;
808: }
1.49 millert 809: if (dot == NULL)
810: lt->tm_sec = 0;
811: else {
1.48 millert 812: *dot++ = '\0';
813: if (strlen(dot) != 2)
814: goto terr;
1.50 millert 815: lt->tm_sec = ATOI2(dot);
1.48 millert 816: if (lt->tm_sec > 61) /* could be leap second */
1.25 millert 817: goto terr;
818: }
1.42 millert 819:
1.25 millert 820: yearset = 0;
821: switch(strlen(arg)) {
822: case 12: /* CCYYMMDDhhmm */
1.51 millert 823: lt->tm_year = ATOI2(arg) * 100;
824: lt->tm_year -= 1900; /* Convert to Unix time */
1.25 millert 825: yearset = 1;
826: /* FALLTHROUGH */
827: case 10: /* YYMMDDhhmm */
828: if (yearset) {
829: yearset = ATOI2(arg);
1.48 millert 830: lt->tm_year += yearset;
1.25 millert 831: } else {
832: yearset = ATOI2(arg);
1.60 guenther 833: /* POSIX logic: [00,68]=>20xx, [69,99]=>19xx */
834: lt->tm_year = yearset;
835: if (yearset < 69)
836: lt->tm_year += 100;
1.25 millert 837: }
838: /* FALLTHROUGH */
839: case 8: /* MMDDhhmm */
1.48 millert 840: lt->tm_mon = ATOI2(arg);
841: if (lt->tm_mon > 12 || lt->tm_mon == 0)
842: goto terr;
843: --lt->tm_mon; /* Convert from 01-12 to 00-11 */
844: lt->tm_mday = ATOI2(arg);
845: if (lt->tm_mday > 31 || lt->tm_mday == 0)
846: goto terr;
847: lt->tm_hour = ATOI2(arg);
848: if (lt->tm_hour > 23)
849: goto terr;
850: lt->tm_min = ATOI2(arg);
851: if (lt->tm_min > 59)
852: goto terr;
1.25 millert 853: break;
854: default:
855: goto terr;
856: }
1.42 millert 857:
1.48 millert 858: lt->tm_isdst = -1; /* mktime will deduce DST. */
859: then = mktime(lt);
860: if (then == (time_t)-1) {
1.25 millert 861: terr:
1.48 millert 862: panic("illegal time specification: [[CC]YY]MMDDhhmm[.SS]");
863: }
864: if (then < now)
865: panic("cannot schedule jobs in the past");
866: return (then);
1.30 millert 867: }
868:
1.35 millert 869: static int
870: check_permission(void)
871: {
872: int ok;
873: uid_t uid = geteuid();
874: struct passwd *pw;
1.30 millert 875:
1.35 millert 876: if ((pw = getpwuid(uid)) == NULL) {
877: perror("Cannot access password database");
1.59 millert 878: exit(EXIT_FAILURE);
1.35 millert 879: }
1.30 millert 880:
881: PRIV_START;
882:
1.35 millert 883: ok = allowed(pw->pw_name, AT_ALLOW, AT_DENY);
884:
885: PRIV_END;
1.30 millert 886:
1.35 millert 887: return (ok);
888: }
1.30 millert 889:
1.41 millert 890: static __dead void
1.35 millert 891: usage(void)
892: {
893: /* Print usage and exit. */
894: switch (program) {
895: case AT:
896: case CAT:
897: (void)fprintf(stderr,
1.47 jmc 898: "usage: at [-bm] [-f file] [-l [user ...]] [-q queue] "
899: "-t time_arg | timespec\n"
900: " at -c | -r job ...\n");
1.35 millert 901: break;
902: case ATQ:
903: (void)fprintf(stderr,
1.43 jmc 904: "usage: atq [-cnv] [-q queue] [name ...]\n");
1.35 millert 905: break;
906: case ATRM:
907: (void)fprintf(stderr,
908: "usage: atrm [-afi] [[job] [name] ...]\n");
909: break;
910: case BATCH:
911: (void)fprintf(stderr,
912: "usage: batch [-m] [-f file] [-q queue] [timespec]\n");
913: break;
914: }
1.59 millert 915: exit(EXIT_FAILURE);
1.25 millert 916: }
917:
1.1 deraadt 918: int
1.26 millert 919: main(int argc, char **argv)
1.1 deraadt 920: {
1.29 millert 921: time_t timer = -1;
1.55 deraadt 922: char *atinput = NULL; /* where to get input from */
1.7 millert 923: char queue = DEFAULT_AT_QUEUE;
924: char queue_set = 0;
1.25 millert 925: char *options = "q:f:t:bcdlmrv"; /* default options for at */
1.38 avsm 926: char cwd[PATH_MAX];
1.29 millert 927: int ch;
928: int aflag = 0;
929: int cflag = 0;
930: int nflag = 0;
1.41 millert 931:
932: if (argc < 1)
933: usage();
1.1 deraadt 934:
1.35 millert 935: if ((ProgramName = strrchr(argv[0], '/')) != NULL)
936: ProgramName++;
937: else
938: ProgramName = argv[0];
939:
1.26 millert 940: RELINQUISH_PRIVS;
1.1 deraadt 941:
942: /* find out what this program is supposed to do */
1.35 millert 943: if (strcmp(ProgramName, "atq") == 0) {
1.1 deraadt 944: program = ATQ;
1.29 millert 945: options = "cnvq:";
1.35 millert 946: } else if (strcmp(ProgramName, "atrm") == 0) {
1.1 deraadt 947: program = ATRM;
1.29 millert 948: options = "afi";
1.35 millert 949: } else if (strcmp(ProgramName, "batch") == 0) {
1.1 deraadt 950: program = BATCH;
1.24 millert 951: options = "f:q:mv";
1.1 deraadt 952: }
953:
954: /* process whatever options we can process */
1.29 millert 955: while ((ch = getopt(argc, argv, options)) != -1) {
956: switch (ch) {
957: case 'a':
958: aflag = 1;
959: break;
960:
961: case 'i':
962: interactive = 1;
963: force = 0;
964: break;
965:
966: case 'v': /* show completed but unremoved jobs */
967: /*
968: * This option is only useful when we are invoked
969: * as atq but we accept (and ignore) this flag in
970: * the other programs for backwards compatibility.
971: */
972: vflag = 1;
1.1 deraadt 973: break;
974:
975: case 'm': /* send mail when job is complete */
976: send_mail = 1;
977: break;
978:
979: case 'f':
1.29 millert 980: if (program == ATRM) {
981: force = 1;
982: interactive = 0;
983: } else
984: atinput = optarg;
1.1 deraadt 985: break;
986:
987: case 'q': /* specify queue */
988: if (strlen(optarg) > 1)
989: usage();
990:
991: atqueue = queue = *optarg;
1.7 millert 992: if (!(islower(queue) || isupper(queue)))
1.1 deraadt 993: usage();
1.7 millert 994:
995: queue_set = 1;
996: break;
997:
1.25 millert 998: case 'd': /* for backwards compatibility */
999: case 'r':
1.7 millert 1000: program = ATRM;
1.24 millert 1001: options = "";
1.7 millert 1002: break;
1003:
1.25 millert 1004: case 't':
1005: timer = ttime(optarg);
1006: break;
1007:
1.7 millert 1008: case 'l':
1009: program = ATQ;
1.29 millert 1010: options = "cnvq:";
1.7 millert 1011: break;
1012:
1013: case 'b':
1014: program = BATCH;
1.24 millert 1015: options = "f:q:mv";
1.7 millert 1016: break;
1017:
1018: case 'c':
1.29 millert 1019: if (program == ATQ) {
1020: cflag = 1;
1021: } else {
1022: program = CAT;
1023: options = "";
1024: }
1025: break;
1026:
1027: case 'n':
1028: nflag = 1;
1.1 deraadt 1029: break;
1030:
1031: default:
1032: usage();
1033: break;
1034: }
1.29 millert 1035: }
1036: argc -= optind;
1037: argv += optind;
1.55 deraadt 1038:
1039: switch (program) {
1040: case AT:
1041: case BATCH:
1042: if (atinput != NULL) {
1043: if (freopen(atinput, "r", stdin) == NULL)
1044: perr("Cannot open input file");
1045: }
1046: break;
1047: default:
1048: ;
1049: }
1.7 millert 1050:
1.35 millert 1051: if (getcwd(cwd, sizeof(cwd)) == NULL)
1052: perr("Cannot get current working directory");
1053:
1054: set_cron_cwd();
1055:
1.16 mickey 1056: if (!check_permission())
1.35 millert 1057: panic("You do not have permission to use at.");
1.7 millert 1058:
1.1 deraadt 1059: /* select our program */
1060: switch (program) {
1061: case ATQ:
1.29 millert 1062: list_jobs(argc, argv, nflag, cflag);
1.1 deraadt 1063: break;
1064:
1065: case ATRM:
1.7 millert 1066: case CAT:
1.29 millert 1067: if ((aflag && argc) || (!aflag && !argc))
1.10 millert 1068: usage();
1.28 millert 1069: exit(process_jobs(argc, argv, program));
1.1 deraadt 1070: break;
1071:
1072: case AT:
1.25 millert 1073: /* Time may have been specified via the -t flag. */
1.35 millert 1074: if (timer == -1) {
1075: if (argc == 0)
1076: usage();
1077: else if ((timer = parsetime(argc, argv)) == -1)
1.59 millert 1078: exit(EXIT_FAILURE);
1.35 millert 1079: }
1080: writefile(cwd, timer, queue);
1.1 deraadt 1081: break;
1082:
1083: case BATCH:
1.7 millert 1084: if (queue_set)
1085: queue = toupper(queue);
1086: else
1087: queue = DEFAULT_BATCH_QUEUE;
1088:
1.35 millert 1089: if (argc == 0)
1.7 millert 1090: timer = time(NULL);
1.35 millert 1091: else if ((timer = parsetime(argc, argv)) == -1)
1.59 millert 1092: exit(EXIT_FAILURE);
1.7 millert 1093:
1.35 millert 1094: writefile(cwd, timer, queue);
1.1 deraadt 1095: break;
1096:
1097: default:
1098: panic("Internal error");
1099: break;
1100: }
1.59 millert 1101: exit(EXIT_SUCCESS);
1.1 deraadt 1102: }