Annotation of src/usr.bin/at/at.c, Revision 1.77
1.77 ! millert 1: /* $OpenBSD: at.c,v 1.76 2015/11/13 21:35:34 millert Exp $ */
1.1 deraadt 2:
3: /*
1.7 millert 4: * at.c : Put file into atrun queue
5: * Copyright (C) 1993, 1994 Thomas Koenig
1.1 deraadt 6: *
1.7 millert 7: * Atrun & Atq modifications
8: * Copyright (C) 1993 David Parsons
1.1 deraadt 9: *
1.29 millert 10: * Traditional BSD behavior and other significant modifications
1.35 millert 11: * Copyright (C) 2002-2003 Todd C. Miller
1.29 millert 12: *
1.1 deraadt 13: * Redistribution and use in source and binary forms, with or without
14: * modification, are permitted provided that the following conditions
15: * are met:
16: * 1. Redistributions of source code must retain the above copyright
17: * notice, this list of conditions and the following disclaimer.
18: * 2. The name of the author(s) may not be used to endorse or promote
19: * products derived from this software without specific prior written
20: * permission.
21: *
22: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
23: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1.7 millert 25: * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
1.1 deraadt 26: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
1.57 krw 29: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
1.1 deraadt 30: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32: */
33:
1.68 millert 34: #include <sys/types.h>
35: #include <sys/stat.h>
36:
37: #include <bitstring.h> /* for structs.h */
38: #include <ctype.h>
39: #include <dirent.h>
1.72 millert 40: #include <err.h>
1.68 millert 41: #include <errno.h>
42: #include <fcntl.h>
43: #include <limits.h>
44: #include <locale.h>
45: #include <pwd.h>
46: #include <signal.h>
1.72 millert 47: #include <stdarg.h>
1.68 millert 48: #include <stdio.h>
49: #include <stdlib.h>
50: #include <string.h>
1.76 millert 51: #include <syslog.h>
1.68 millert 52: #include <time.h>
53: #include <unistd.h>
54:
55: #include "pathnames.h"
56: #include "macros.h"
57: #include "structs.h"
58: #include "funcs.h"
59: #include "globals.h"
60:
1.1 deraadt 61: #include "at.h"
62:
63: #define ALARMC 10 /* Number of seconds to wait for timeout */
1.29 millert 64: #define TIMESIZE 50 /* Size of buffer passed to strftime() */
1.1 deraadt 65:
1.29 millert 66: /* Variables to remove from the job's environment. */
1.1 deraadt 67: char *no_export[] =
68: {
1.28 millert 69: "TERM", "TERMCAP", "DISPLAY", "_", "SHELLOPTS", "BASH_VERSINFO",
70: "EUID", "GROUPS", "PPID", "UID", "SSH_AUTH_SOCK", "SSH_AGENT_PID",
1.1 deraadt 71: };
1.7 millert 72:
1.75 millert 73: static int program = AT; /* default program mode */
74: static char atfile[PATH_MAX]; /* path to the at spool file */
1.76 millert 75: static char user_name[MAX_UNAME];/* invoking user name */
1.75 millert 76: static int fcreated; /* whether or not we created the file yet */
77: static char atqueue = 0; /* which queue to examine for jobs (atq) */
78: static char vflag = 0; /* show completed but unremoved jobs (atq) */
79: static char force = 0; /* suppress errors (atrm) */
80: static char interactive = 0; /* interactive mode (atrm) */
1.29 millert 81: static int send_mail = 0; /* whether we are sending mail */
1.75 millert 82: static uid_t user_uid; /* user's real uid */
83: static gid_t user_gid; /* user's real gid */
84: static gid_t spool_gid; /* gid for writing to at spool */
1.7 millert 85:
1.21 millert 86: static void sigc(int);
1.35 millert 87: static void writefile(const char *, time_t, char);
1.29 millert 88: static void list_jobs(int, char **, int, int);
1.48 millert 89: static time_t ttime(char *);
1.72 millert 90: static __dead void fatal(const char *, ...)
91: __attribute__((__format__ (printf, 1, 2)));
92: static __dead void fatalx(const char *, ...)
93: __attribute__((__format__ (printf, 1, 2)));
1.41 millert 94: static __dead void usage(void);
1.61 deraadt 95: static int rmok(long long);
1.35 millert 96: time_t parsetime(int, char **);
97:
98: /*
99: * Something fatal has happened, print error message and exit.
100: */
101: static __dead void
1.72 millert 102: fatal(const char *fmt, ...)
1.35 millert 103: {
1.72 millert 104: va_list ap;
105:
106: va_start(ap, fmt);
107: vwarn(fmt, ap);
108: va_end(ap);
109:
1.67 millert 110: if (fcreated)
1.35 millert 111: unlink(atfile);
112:
1.59 millert 113: exit(EXIT_FAILURE);
1.35 millert 114: }
115:
116: /*
1.72 millert 117: * Something fatal has happened, print error message and exit.
1.35 millert 118: */
1.42 millert 119: static __dead void
1.72 millert 120: fatalx(const char *fmt, ...)
1.35 millert 121: {
1.72 millert 122: va_list ap;
1.35 millert 123:
1.72 millert 124: va_start(ap, fmt);
125: vwarnx(fmt, ap);
126: va_end(ap);
1.35 millert 127:
1.67 millert 128: if (fcreated)
1.35 millert 129: unlink(atfile);
130:
1.59 millert 131: exit(EXIT_FAILURE);
1.35 millert 132: }
133:
1.46 cloder 134: /* ARGSUSED */
1.42 millert 135: static void
1.26 millert 136: sigc(int signo)
1.1 deraadt 137: {
1.7 millert 138: /* If the user presses ^C, remove the spool file and exit. */
1.67 millert 139: if (fcreated)
1.7 millert 140: (void)unlink(atfile);
1.1 deraadt 141:
1.59 millert 142: _exit(EXIT_FAILURE);
1.1 deraadt 143: }
144:
1.29 millert 145: static int
1.74 millert 146: strtot(const char *nptr, char **endptr, time_t *tp)
147: {
148: long long ll;
149:
150: errno = 0;
151: ll = strtoll(nptr, endptr, 10);
152: if (*endptr == nptr)
153: return (-1);
154: if (ll < 0 || (errno == ERANGE && ll == LLONG_MAX) || (time_t)ll != ll)
155: return (-1);
156: *tp = (time_t)ll;
157: return (0);
158: }
159:
160: static int
1.29 millert 161: newjob(time_t runtimer, int queue)
162: {
163: int fd, i;
1.1 deraadt 164:
1.7 millert 165: /*
1.29 millert 166: * If we have a collision, try shifting the time by up to
167: * two minutes. Perhaps it would be better to try different
168: * queues instead...
1.7 millert 169: */
1.29 millert 170: for (i = 0; i < 120; i++) {
1.74 millert 171: snprintf(atfile, sizeof(atfile), "%s/%lld.%c", _PATH_AT_SPOOL,
1.61 deraadt 172: (long long)runtimer, queue);
1.29 millert 173: fd = open(atfile, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR);
174: if (fd >= 0)
175: return (fd);
1.31 millert 176: runtimer++;
1.29 millert 177: }
178: return (-1);
1.1 deraadt 179: }
180:
1.29 millert 181: /*
182: * This does most of the work if at or batch are invoked for
183: * writing a job.
184: */
1.1 deraadt 185: static void
1.35 millert 186: writefile(const char *cwd, time_t runtimer, char queue)
1.1 deraadt 187: {
1.35 millert 188: const char *ap;
189: char *mailname, *shell;
1.28 millert 190: char timestr[TIMESIZE];
1.1 deraadt 191: struct passwd *pass_entry;
1.28 millert 192: struct tm runtime;
1.73 millert 193: int fd;
1.55 deraadt 194: FILE *fp;
1.1 deraadt 195: struct sigaction act;
196: char **atenv;
197: int ch;
198: mode_t cmask;
1.29 millert 199: extern char **environ;
1.1 deraadt 200:
1.7 millert 201: (void)setlocale(LC_TIME, "");
202:
1.1 deraadt 203: /*
204: * Install the signal handler for SIGINT; terminate after removing the
205: * spool file if necessary
206: */
1.35 millert 207: bzero(&act, sizeof act);
1.1 deraadt 208: act.sa_handler = sigc;
1.29 millert 209: sigemptyset(&act.sa_mask);
1.1 deraadt 210: act.sa_flags = 0;
211: sigaction(SIGINT, &act, NULL);
212:
213: /*
214: * Create the file. The x bit is only going to be set after it has
215: * been completely written out, to make sure it is not executed in
216: * the meantime. To make sure they do not get deleted, turn off
217: * their r bit. Yes, this is a kluge.
218: */
219: cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
1.73 millert 220: if ((fd = newjob(runtimer, queue)) == -1)
1.72 millert 221: fatal("unable to create atjob file");
1.1 deraadt 222:
1.73 millert 223: if (fchown(fd, -1, user_gid) != 0)
1.72 millert 224: fatal("fchown");
1.1 deraadt 225:
226: /*
227: * We've successfully created the file; let's set the flag so it
228: * gets removed in case of an interrupt or error.
229: */
230: fcreated = 1;
231:
1.73 millert 232: if ((fp = fdopen(fd, "w")) == NULL)
1.72 millert 233: fatal("unable to reopen atjob file");
1.1 deraadt 234:
235: /*
1.18 millert 236: * Get the userid to mail to, first by trying getlogin(), which asks
237: * the kernel, then from $LOGNAME or $USER, finally from getpwuid().
1.1 deraadt 238: */
239: mailname = getlogin();
1.5 millert 240: if (mailname == NULL && (mailname = getenv("LOGNAME")) == NULL)
241: mailname = getenv("USER");
1.1 deraadt 242:
1.7 millert 243: if ((mailname == NULL) || (mailname[0] == '\0') ||
1.35 millert 244: (strlen(mailname) > MAX_UNAME) || (getpwnam(mailname) == NULL)) {
1.76 millert 245: mailname = user_name;
1.1 deraadt 246: }
247:
1.28 millert 248: /*
249: * Get the shell to run the job under. First check $SHELL, falling
250: * back to the user's shell in the password database or, failing
251: * that, /bin/sh.
252: */
253: if ((shell = getenv("SHELL")) == NULL || *shell == '\0') {
1.67 millert 254: pass_entry = getpwuid(user_uid);
1.28 millert 255: if (pass_entry != NULL && *pass_entry->pw_shell != '\0')
256: shell = pass_entry->pw_shell;
257: else
258: shell = _PATH_BSHELL;
259: }
260:
1.42 millert 261: (void)fprintf(fp, "#!/bin/sh\n# atrun uid=%lu gid=%lu\n# mail %*s %d\n",
1.67 millert 262: (unsigned long)user_uid, (unsigned long)user_gid,
1.42 millert 263: MAX_UNAME, mailname, send_mail);
1.1 deraadt 264:
265: /* Write out the umask at the time of invocation */
1.7 millert 266: (void)fprintf(fp, "umask %o\n", cmask);
1.1 deraadt 267:
268: /*
269: * Write out the environment. Anything that may look like a special
270: * character to the shell is quoted, except for \n, which is done
1.44 jmc 271: * with a pair of "'s. Don't export the no_export list (such as
1.1 deraadt 272: * TERM or DISPLAY) because we don't want these.
273: */
274: for (atenv = environ; *atenv != NULL; atenv++) {
275: int export = 1;
276: char *eqp;
277:
278: eqp = strchr(*atenv, '=');
1.19 millert 279: if (eqp == NULL)
1.1 deraadt 280: eqp = *atenv;
281: else {
282: int i;
283:
284: for (i = 0;i < sizeof(no_export) /
285: sizeof(no_export[0]); i++) {
286: export = export
287: && (strncmp(*atenv, no_export[i],
288: (size_t) (eqp - *atenv)) != 0);
289: }
290: eqp++;
291: }
292:
293: if (export) {
1.63 millert 294: (void)fputs("export ", fp);
1.7 millert 295: (void)fwrite(*atenv, sizeof(char), eqp - *atenv, fp);
1.1 deraadt 296: for (ap = eqp; *ap != '\0'; ap++) {
297: if (*ap == '\n')
1.7 millert 298: (void)fprintf(fp, "\"\n\"");
1.1 deraadt 299: else {
1.62 deraadt 300: if (!isalnum((unsigned char)*ap)) {
1.7 millert 301: switch (*ap) {
302: case '%': case '/': case '{':
303: case '[': case ']': case '=':
304: case '}': case '@': case '+':
305: case '#': case ',': case '.':
306: case ':': case '-': case '_':
307: break;
308: default:
309: (void)fputc('\\', fp);
310: break;
311: }
312: }
313: (void)fputc(*ap, fp);
1.1 deraadt 314: }
315: }
1.7 millert 316: (void)fputc('\n', fp);
317: }
318: }
319: /*
320: * Cd to the directory at the time and write out all the
321: * commands the user supplies from stdin.
322: */
323: (void)fputs("cd ", fp);
1.35 millert 324: for (ap = cwd; *ap != '\0'; ap++) {
1.7 millert 325: if (*ap == '\n')
326: fprintf(fp, "\"\n\"");
327: else {
1.62 deraadt 328: if (*ap != '/' && !isalnum((unsigned char)*ap))
1.7 millert 329: (void)fputc('\\', fp);
1.1 deraadt 330:
1.7 millert 331: (void)fputc(*ap, fp);
1.1 deraadt 332: }
333: }
334: /*
1.7 millert 335: * Test cd's exit status: die if the original directory has been
336: * removed, become unreadable or whatever.
1.1 deraadt 337: */
1.29 millert 338: (void)fprintf(fp, " || {\n\t echo 'Execution directory inaccessible'"
339: " >&2\n\t exit 1\n}\n");
1.1 deraadt 340:
1.3 millert 341: if ((ch = getchar()) == EOF)
1.72 millert 342: fatalx("unexpected EOF");
1.3 millert 343:
1.28 millert 344: /* We want the job to run under the user's shell. */
345: fprintf(fp, "%s << '_END_OF_AT_JOB'\n", shell);
346:
1.3 millert 347: do {
1.7 millert 348: (void)fputc(ch, fp);
1.3 millert 349: } while ((ch = getchar()) != EOF);
1.1 deraadt 350:
1.28 millert 351: (void)fprintf(fp, "\n_END_OF_AT_JOB\n");
1.72 millert 352: (void)fflush(fp);
1.1 deraadt 353: if (ferror(fp))
1.72 millert 354: fatalx("write error");
1.1 deraadt 355:
356: if (ferror(stdin))
1.72 millert 357: fatalx("read error");
1.1 deraadt 358:
359: /*
360: * Set the x bit so that we're ready to start executing
361: */
1.73 millert 362: if (fchmod(fileno(fp), S_IRUSR | S_IWUSR | S_IXUSR) < 0)
1.72 millert 363: fatal("fchmod");
1.1 deraadt 364:
1.73 millert 365: (void)fclose(fp);
1.28 millert 366:
1.30 millert 367: /* Poke cron so it knows to reload the at spool. */
1.74 millert 368: poke_daemon(RELOAD_AT);
1.30 millert 369:
1.28 millert 370: runtime = *localtime(&runtimer);
371: strftime(timestr, TIMESIZE, "%a %b %e %T %Y", &runtime);
372: (void)fprintf(stderr, "commands will be executed using %s\n", shell);
1.74 millert 373: (void)fprintf(stderr, "job %s at %s\n", &atfile[sizeof(_PATH_AT_SPOOL)],
1.29 millert 374: timestr);
1.76 millert 375:
376: syslog(LOG_INFO, "(%s) CREATE (%s)", user_name,
377: &atfile[sizeof(_PATH_AT_SPOOL)]);
1.29 millert 378: }
379:
380: /* Sort by creation time. */
381: static int
382: byctime(const void *v1, const void *v2)
383: {
1.46 cloder 384: const struct atjob *j1 = *(const struct atjob **)v1;
385: const struct atjob *j2 = *(const struct atjob **)v2;
1.29 millert 386:
387: return (j1->ctime - j2->ctime);
388: }
389:
390: /* Sort by job number (and thus execution time). */
391: static int
392: byjobno(const void *v1, const void *v2)
393: {
394: const struct atjob *j1 = *(struct atjob **)v1;
395: const struct atjob *j2 = *(struct atjob **)v2;
396:
397: if (j1->runtimer == j2->runtimer)
398: return (j1->queue - j2->queue);
399: return (j1->runtimer - j2->runtimer);
400: }
401:
402: static void
1.37 millert 403: print_job(struct atjob *job, int n, int shortformat)
1.29 millert 404: {
405: struct passwd *pw;
406: struct tm runtime;
407: char timestr[TIMESIZE];
408: static char *ranks[] = {
409: "th", "st", "nd", "rd", "th", "th", "th", "th", "th", "th"
410: };
411:
412: runtime = *localtime(&job->runtimer);
413: if (shortformat) {
414: strftime(timestr, TIMESIZE, "%a %b %e %T %Y", &runtime);
1.61 deraadt 415: (void)printf("%lld.%c\t%s\n", (long long)job->runtimer,
1.29 millert 416: job->queue, timestr);
417: } else {
1.37 millert 418: pw = getpwuid(job->uid);
1.29 millert 419: /* Rank hack shamelessly stolen from lpq */
420: if (n / 10 == 1)
421: printf("%3d%-5s", n,"th");
422: else
423: printf("%3d%-5s", n, ranks[n % 10]);
424: strftime(timestr, TIMESIZE, "%b %e, %Y %R", &runtime);
1.61 deraadt 425: (void)printf("%-21.18s%-11.8s%10lld.%c %c%s\n",
1.29 millert 426: timestr, pw ? pw->pw_name : "???",
1.61 deraadt 427: (long long)job->runtimer, job->queue, job->queue,
1.37 millert 428: (S_IXUSR & job->mode) ? "" : " (done)");
1.29 millert 429: }
1.1 deraadt 430: }
431:
1.29 millert 432: /*
433: * List all of a user's jobs in the queue, by looping through
1.74 millert 434: * _PATH_AT_SPOOL, or all jobs if we are root. If argc is > 0, argv
1.29 millert 435: * contains the list of users whose jobs shall be displayed. By
436: * default, the list is sorted by execution date and queue. If
437: * csort is non-zero jobs will be sorted by creation/submission date.
438: */
1.1 deraadt 439: static void
1.29 millert 440: list_jobs(int argc, char **argv, int count_only, int csort)
1.1 deraadt 441: {
442: struct passwd *pw;
443: struct dirent *dirent;
1.40 tedu 444: struct atjob **atjobs, **newatjobs, *job;
1.29 millert 445: struct stat stbuf;
1.1 deraadt 446: time_t runtimer;
1.77 ! millert 447: char **jobs;
1.29 millert 448: uid_t *uids;
449: char queue, *ep;
450: DIR *spool;
1.77 ! millert 451: int job_matches, jobs_len, uids_len;
1.71 millert 452: int dfd, i, shortformat;
1.54 moritz 453: size_t numjobs, maxjobs;
1.29 millert 454:
1.76 millert 455: syslog(LOG_INFO, "(%s) LIST (%s)", user_name,
456: user_uid ? user_name : "ALL");
457:
1.77 ! millert 458: /* Convert argv into a list of jobs and uids. */
! 459: jobs = NULL;
! 460: uids = NULL;
! 461: jobs_len = uids_len = 0;
! 462:
1.29 millert 463: if (argc) {
1.77 ! millert 464: if ((jobs = reallocarray(NULL, argc, sizeof(char *))) == NULL ||
! 465: (uids = reallocarray(NULL, argc, sizeof(uid_t))) == NULL)
1.72 millert 466: fatal(NULL);
1.29 millert 467:
468: for (i = 0; i < argc; i++) {
1.77 ! millert 469: if (strtot(argv[i], &ep, &runtimer) == 0 &&
! 470: *ep == '.' && isalpha((unsigned char)*(ep + 1)) &&
! 471: *(ep + 2) == '\0')
! 472: jobs[jobs_len++] = argv[i];
! 473: else if ((pw = getpwnam(argv[i])) != NULL) {
! 474: if (pw->pw_uid != user_uid && user_uid != 0)
! 475: fatalx("only the superuser may "
! 476: "display other users' jobs");
! 477: uids[uids_len++] = pw->pw_uid;
! 478: } else
1.72 millert 479: fatalx("unknown user %s", argv[i]);
1.29 millert 480: }
1.77 ! millert 481: }
1.29 millert 482:
1.69 millert 483: shortformat = strcmp(__progname, "at") == 0;
1.1 deraadt 484:
1.74 millert 485: if ((dfd = open(_PATH_AT_SPOOL, O_RDONLY|O_DIRECTORY)) == -1 ||
1.71 millert 486: (spool = fdopendir(dfd)) == NULL)
1.74 millert 487: fatal(_PATH_AT_SPOOL);
1.1 deraadt 488:
1.71 millert 489: if (fstat(dfd, &stbuf) != 0)
1.74 millert 490: fatal(_PATH_AT_SPOOL);
1.29 millert 491:
492: /*
493: * The directory's link count should give us a good idea
494: * of how many files are in it. Fudge things a little just
495: * in case someone adds a job or two.
496: */
497: numjobs = 0;
498: maxjobs = stbuf.st_nlink + 4;
1.77 ! millert 499: atjobs = reallocarray(NULL, maxjobs, sizeof(struct atjob *));
1.29 millert 500: if (atjobs == NULL)
1.72 millert 501: fatal(NULL);
1.29 millert 502:
503: /* Loop over every file in the directory. */
1.1 deraadt 504: while ((dirent = readdir(spool)) != NULL) {
1.71 millert 505: if (fstatat(dfd, dirent->d_name, &stbuf, AT_SYMLINK_NOFOLLOW) != 0)
1.72 millert 506: fatal("%s", dirent->d_name);
1.1 deraadt 507:
508: /*
509: * See it's a regular file and has its x bit turned on and
510: * is the user's
511: */
1.29 millert 512: if (!S_ISREG(stbuf.st_mode)
1.67 millert 513: || ((stbuf.st_uid != user_uid) && !(user_uid == 0))
1.29 millert 514: || !(S_IXUSR & stbuf.st_mode || vflag))
1.1 deraadt 515: continue;
516:
1.61 deraadt 517: if (strtot(dirent->d_name, &ep, &runtimer) == -1)
518: continue;
1.62 deraadt 519: if (*ep != '.' || !isalpha((unsigned char)*(ep + 1)) ||
520: *(ep + 2) != '\0')
1.1 deraadt 521: continue;
1.29 millert 522: queue = *(ep + 1);
1.1 deraadt 523:
524: if (atqueue && (queue != atqueue))
525: continue;
526:
1.77 ! millert 527: /* Check against specified jobs and/or user(s). */
! 528: job_matches = (argc == 0) ? 1 : 0;
! 529: if (!job_matches) {
! 530: for (i = 0; i < jobs_len; i++) {
! 531: if (strcmp(dirent->d_name, jobs[i]) == 0) {
! 532: job_matches = 1;
! 533: break;
! 534: }
! 535: }
! 536: }
! 537: if (!job_matches) {
! 538: for (i = 0; i < uids_len; i++) {
! 539: if (uids[i] == stbuf.st_uid) {
! 540: job_matches = 1;
1.29 millert 541: break;
1.77 ! millert 542: }
1.29 millert 543: }
544: }
1.77 ! millert 545: if (!job_matches)
! 546: continue;
1.29 millert 547:
548: if (count_only) {
549: numjobs++;
550: continue;
551: }
552:
1.65 deraadt 553: job = malloc(sizeof(struct atjob));
1.29 millert 554: if (job == NULL)
1.72 millert 555: fatal(NULL);
1.29 millert 556: job->runtimer = runtimer;
557: job->ctime = stbuf.st_ctime;
1.37 millert 558: job->uid = stbuf.st_uid;
559: job->mode = stbuf.st_mode;
1.29 millert 560: job->queue = queue;
561: if (numjobs == maxjobs) {
1.54 moritz 562: size_t newjobs = maxjobs * 2;
1.64 doug 563: newatjobs = reallocarray(atjobs, newjobs, sizeof(job));
1.40 tedu 564: if (newatjobs == NULL)
1.72 millert 565: fatal(NULL);
1.40 tedu 566: atjobs = newatjobs;
567: maxjobs = newjobs;
1.29 millert 568: }
569: atjobs[numjobs++] = job;
570: }
571: free(uids);
1.45 robert 572: closedir(spool);
1.29 millert 573:
574: if (count_only || numjobs == 0) {
575: if (numjobs == 0 && !shortformat)
1.72 millert 576: warnx("no files in queue");
1.29 millert 577: else if (count_only)
1.54 moritz 578: printf("%zu\n", numjobs);
1.29 millert 579: free(atjobs);
580: return;
581: }
582:
583: /* Sort by job run time or by job creation time. */
584: qsort(atjobs, numjobs, sizeof(struct atjob *),
585: csort ? byctime : byjobno);
586:
587: if (!shortformat)
588: (void)puts(" Rank Execution Date Owner "
589: "Job Queue");
590:
591: for (i = 0; i < numjobs; i++) {
1.37 millert 592: print_job(atjobs[i], i + 1, shortformat);
1.29 millert 593: free(atjobs[i]);
1.1 deraadt 594: }
1.29 millert 595: free(atjobs);
596: }
597:
598: static int
1.61 deraadt 599: rmok(long long job)
1.29 millert 600: {
601: int ch, junk;
602:
1.61 deraadt 603: printf("%lld: remove it? ", job);
1.29 millert 604: ch = getchar();
605: while ((junk = getchar()) != EOF && junk != '\n')
606: ;
607: return (ch == 'y' || ch == 'Y');
1.1 deraadt 608: }
609:
1.29 millert 610: /*
1.74 millert 611: * Loop through all jobs in _PATH_AT_SPOOL and display or delete ones
1.29 millert 612: * that match argv (may be job or username), or all if argc == 0.
613: * Only the superuser may display/delete other people's jobs.
614: */
1.28 millert 615: static int
1.26 millert 616: process_jobs(int argc, char **argv, int what)
1.1 deraadt 617: {
1.29 millert 618: struct stat stbuf;
619: struct dirent *dirent;
620: struct passwd *pw;
621: time_t runtimer;
622: uid_t *uids;
1.46 cloder 623: char **jobs, *ep;
1.29 millert 624: FILE *fp;
1.7 millert 625: DIR *spool;
1.29 millert 626: int job_matches, jobs_len, uids_len;
1.71 millert 627: int error, i, ch, changed, dfd;
1.1 deraadt 628:
1.74 millert 629: if ((dfd = open(_PATH_AT_SPOOL, O_RDONLY|O_DIRECTORY)) == -1 ||
1.71 millert 630: (spool = fdopendir(dfd)) == NULL)
1.74 millert 631: fatal(_PATH_AT_SPOOL);
1.7 millert 632:
1.29 millert 633: /* Convert argv into a list of jobs and uids. */
634: jobs = NULL;
635: uids = NULL;
636: jobs_len = uids_len = 0;
637: if (argc > 0) {
1.77 ! millert 638: if ((jobs = reallocarray(NULL, argc, sizeof(char *))) == NULL ||
! 639: (uids = reallocarray(NULL, argc, sizeof(uid_t))) == NULL)
1.72 millert 640: fatal(NULL);
1.29 millert 641:
642: for (i = 0; i < argc; i++) {
1.77 ! millert 643: if (strtot(argv[i], &ep, &runtimer) == 0 &&
! 644: *ep == '.' && isalpha((unsigned char)*(ep + 1)) &&
! 645: *(ep + 2) == '\0')
1.29 millert 646: jobs[jobs_len++] = argv[i];
647: else if ((pw = getpwnam(argv[i])) != NULL) {
1.67 millert 648: if (user_uid != pw->pw_uid && user_uid != 0) {
1.72 millert 649: fatalx("only the superuser may %s "
650: "other users' jobs",
651: what == ATRM ? "remove" : "view");
1.35 millert 652: }
1.29 millert 653: uids[uids_len++] = pw->pw_uid;
654: } else
1.72 millert 655: fatalx("unknown user %s", argv[i]);
1.29 millert 656: }
657: }
658:
1.7 millert 659: /* Loop over every file in the directory */
1.30 millert 660: changed = 0;
1.28 millert 661: while ((dirent = readdir(spool)) != NULL) {
1.71 millert 662: if (fstatat(dfd, dirent->d_name, &stbuf, AT_SYMLINK_NOFOLLOW) != 0)
1.72 millert 663: fatal("%s", dirent->d_name);
1.7 millert 664:
1.67 millert 665: if (stbuf.st_uid != user_uid && user_uid != 0)
1.7 millert 666: continue;
667:
1.61 deraadt 668: if (strtot(dirent->d_name, &ep, &runtimer) == -1)
669: continue;
1.62 deraadt 670: if (*ep != '.' || !isalpha((unsigned char)*(ep + 1)) ||
671: *(ep + 2) != '\0')
1.29 millert 672: continue;
1.7 millert 673:
1.29 millert 674: /* Check runtimer against argv; argc==0 means do all. */
675: job_matches = (argc == 0) ? 1 : 0;
676: if (!job_matches) {
677: for (i = 0; i < jobs_len; i++) {
1.36 millert 678: if (jobs[i] != NULL &&
679: strcmp(dirent->d_name, jobs[i]) == 0) {
1.29 millert 680: jobs[i] = NULL;
681: job_matches = 1;
682: break;
683: }
684: }
685: }
686: if (!job_matches) {
687: for (i = 0; i < uids_len; i++) {
688: if (uids[i] == stbuf.st_uid) {
689: job_matches = 1;
690: break;
691: }
692: }
693: }
694:
695: if (job_matches) {
696: switch (what) {
697: case ATRM:
698: if (!interactive ||
699: (interactive && rmok(runtimer))) {
1.76 millert 700: if (unlinkat(dfd, dirent->d_name, 0) == 0) {
701: syslog(LOG_INFO,
702: "(%s) DELETE (%s)",
703: user_name, dirent->d_name);
1.30 millert 704: changed = 1;
1.76 millert 705: } else if (!force)
1.72 millert 706: fatal("%s", dirent->d_name);
1.29 millert 707: if (!force && !interactive)
1.72 millert 708: warnx("%s removed",
1.29 millert 709: dirent->d_name);
710: }
711: break;
1.7 millert 712:
1.29 millert 713: case CAT:
1.71 millert 714: i = openat(dfd, dirent->d_name,
715: O_RDONLY|O_NOFOLLOW);
716: if (i == -1 || (fp = fdopen(i, "r")) == NULL)
1.72 millert 717: fatal("%s", dirent->d_name);
1.76 millert 718: syslog(LOG_INFO, "(%s) CAT (%s)",
719: user_name, dirent->d_name);
1.7 millert 720:
1.29 millert 721: while ((ch = getc(fp)) != EOF)
722: putchar(ch);
1.7 millert 723:
1.45 robert 724: fclose(fp);
1.29 millert 725: break;
1.7 millert 726:
1.29 millert 727: default:
1.72 millert 728: fatalx("internal error");
1.29 millert 729: break;
1.7 millert 730: }
1.1 deraadt 731: }
732: }
1.45 robert 733: closedir(spool);
734:
1.29 millert 735: for (error = 0, i = 0; i < jobs_len; i++) {
736: if (jobs[i] != NULL) {
737: if (!force)
1.72 millert 738: warnx("%s: no such job", jobs[i]);
1.28 millert 739: error++;
740: }
741: }
1.29 millert 742: free(jobs);
743: free(uids);
744:
1.30 millert 745: /* If we modied the spool, poke cron so it knows to reload. */
1.71 millert 746: if (changed)
1.74 millert 747: poke_daemon(RELOAD_AT);
1.30 millert 748:
1.29 millert 749: return (error);
1.28 millert 750: }
1.1 deraadt 751:
1.25 millert 752: #define ATOI2(s) ((s) += 2, ((s)[-2] - '0') * 10 + ((s)[-1] - '0'))
753:
1.29 millert 754: /*
1.48 millert 755: * Adapted from date(1)
1.29 millert 756: */
1.25 millert 757: static time_t
1.48 millert 758: ttime(char *arg)
1.25 millert 759: {
1.48 millert 760: time_t now, then;
761: struct tm *lt;
1.25 millert 762: int yearset;
1.48 millert 763: char *dot, *p;
1.42 millert 764:
1.48 millert 765: if (time(&now) == (time_t)-1 || (lt = localtime(&now)) == NULL)
1.72 millert 766: fatal("unable to get current time");
1.42 millert 767:
1.48 millert 768: /* Valid date format is [[CC]YY]MMDDhhmm[.SS] */
769: for (p = arg, dot = NULL; *p != '\0'; p++) {
1.52 millert 770: if (*p == '.' && dot == NULL)
1.48 millert 771: dot = p;
772: else if (!isdigit((unsigned char)*p))
773: goto terr;
774: }
1.49 millert 775: if (dot == NULL)
776: lt->tm_sec = 0;
777: else {
1.48 millert 778: *dot++ = '\0';
779: if (strlen(dot) != 2)
780: goto terr;
1.50 millert 781: lt->tm_sec = ATOI2(dot);
1.48 millert 782: if (lt->tm_sec > 61) /* could be leap second */
1.25 millert 783: goto terr;
784: }
1.42 millert 785:
1.25 millert 786: yearset = 0;
787: switch(strlen(arg)) {
788: case 12: /* CCYYMMDDhhmm */
1.51 millert 789: lt->tm_year = ATOI2(arg) * 100;
790: lt->tm_year -= 1900; /* Convert to Unix time */
1.25 millert 791: yearset = 1;
792: /* FALLTHROUGH */
793: case 10: /* YYMMDDhhmm */
794: if (yearset) {
795: yearset = ATOI2(arg);
1.48 millert 796: lt->tm_year += yearset;
1.25 millert 797: } else {
798: yearset = ATOI2(arg);
1.60 guenther 799: /* POSIX logic: [00,68]=>20xx, [69,99]=>19xx */
800: lt->tm_year = yearset;
801: if (yearset < 69)
802: lt->tm_year += 100;
1.25 millert 803: }
804: /* FALLTHROUGH */
805: case 8: /* MMDDhhmm */
1.48 millert 806: lt->tm_mon = ATOI2(arg);
807: if (lt->tm_mon > 12 || lt->tm_mon == 0)
808: goto terr;
809: --lt->tm_mon; /* Convert from 01-12 to 00-11 */
810: lt->tm_mday = ATOI2(arg);
811: if (lt->tm_mday > 31 || lt->tm_mday == 0)
812: goto terr;
813: lt->tm_hour = ATOI2(arg);
814: if (lt->tm_hour > 23)
815: goto terr;
816: lt->tm_min = ATOI2(arg);
817: if (lt->tm_min > 59)
818: goto terr;
1.25 millert 819: break;
820: default:
821: goto terr;
822: }
1.42 millert 823:
1.48 millert 824: lt->tm_isdst = -1; /* mktime will deduce DST. */
825: then = mktime(lt);
826: if (then == (time_t)-1) {
1.25 millert 827: terr:
1.72 millert 828: fatalx("illegal time specification: [[CC]YY]MMDDhhmm[.SS]");
1.48 millert 829: }
830: if (then < now)
1.72 millert 831: fatalx("cannot schedule jobs in the past");
1.48 millert 832: return (then);
1.30 millert 833: }
834:
1.41 millert 835: static __dead void
1.35 millert 836: usage(void)
837: {
838: /* Print usage and exit. */
839: switch (program) {
840: case AT:
841: case CAT:
842: (void)fprintf(stderr,
1.77 ! millert 843: "usage: at [-bm] [-f file] [-l [job ...]] [-q queue] "
1.47 jmc 844: "-t time_arg | timespec\n"
845: " at -c | -r job ...\n");
1.35 millert 846: break;
847: case ATQ:
848: (void)fprintf(stderr,
1.43 jmc 849: "usage: atq [-cnv] [-q queue] [name ...]\n");
1.35 millert 850: break;
851: case ATRM:
852: (void)fprintf(stderr,
853: "usage: atrm [-afi] [[job] [name] ...]\n");
854: break;
855: case BATCH:
856: (void)fprintf(stderr,
857: "usage: batch [-m] [-f file] [-q queue] [timespec]\n");
858: break;
859: }
1.59 millert 860: exit(EXIT_FAILURE);
1.25 millert 861: }
862:
1.1 deraadt 863: int
1.26 millert 864: main(int argc, char **argv)
1.1 deraadt 865: {
1.29 millert 866: time_t timer = -1;
1.55 deraadt 867: char *atinput = NULL; /* where to get input from */
1.7 millert 868: char queue = DEFAULT_AT_QUEUE;
869: char queue_set = 0;
1.25 millert 870: char *options = "q:f:t:bcdlmrv"; /* default options for at */
1.38 avsm 871: char cwd[PATH_MAX];
1.76 millert 872: struct passwd *pw;
1.29 millert 873: int ch;
874: int aflag = 0;
875: int cflag = 0;
876: int nflag = 0;
1.66 deraadt 877:
1.73 millert 878: if (pledge("stdio rpath wpath cpath fattr getpw unix id", NULL) == -1)
1.72 millert 879: fatal("pledge");
1.41 millert 880:
1.76 millert 881: openlog(__progname, LOG_PID, LOG_CRON);
882:
1.41 millert 883: if (argc < 1)
884: usage();
1.1 deraadt 885:
1.67 millert 886: user_uid = getuid();
887: user_gid = getgid();
888: spool_gid = getegid();
1.1 deraadt 889:
890: /* find out what this program is supposed to do */
1.69 millert 891: if (strcmp(__progname, "atq") == 0) {
1.1 deraadt 892: program = ATQ;
1.29 millert 893: options = "cnvq:";
1.69 millert 894: } else if (strcmp(__progname, "atrm") == 0) {
1.1 deraadt 895: program = ATRM;
1.29 millert 896: options = "afi";
1.69 millert 897: } else if (strcmp(__progname, "batch") == 0) {
1.1 deraadt 898: program = BATCH;
1.24 millert 899: options = "f:q:mv";
1.1 deraadt 900: }
901:
902: /* process whatever options we can process */
1.29 millert 903: while ((ch = getopt(argc, argv, options)) != -1) {
904: switch (ch) {
905: case 'a':
906: aflag = 1;
907: break;
908:
909: case 'i':
910: interactive = 1;
911: force = 0;
912: break;
913:
914: case 'v': /* show completed but unremoved jobs */
915: /*
916: * This option is only useful when we are invoked
917: * as atq but we accept (and ignore) this flag in
918: * the other programs for backwards compatibility.
919: */
920: vflag = 1;
1.1 deraadt 921: break;
922:
923: case 'm': /* send mail when job is complete */
924: send_mail = 1;
925: break;
926:
927: case 'f':
1.29 millert 928: if (program == ATRM) {
929: force = 1;
930: interactive = 0;
931: } else
932: atinput = optarg;
1.1 deraadt 933: break;
934:
935: case 'q': /* specify queue */
936: if (strlen(optarg) > 1)
937: usage();
938:
939: atqueue = queue = *optarg;
1.62 deraadt 940: if (!(islower((unsigned char)queue) ||
941: isupper((unsigned char)queue)))
1.1 deraadt 942: usage();
1.7 millert 943:
944: queue_set = 1;
945: break;
946:
1.25 millert 947: case 'd': /* for backwards compatibility */
948: case 'r':
1.7 millert 949: program = ATRM;
1.24 millert 950: options = "";
1.7 millert 951: break;
952:
1.25 millert 953: case 't':
954: timer = ttime(optarg);
955: break;
956:
1.7 millert 957: case 'l':
958: program = ATQ;
1.29 millert 959: options = "cnvq:";
1.7 millert 960: break;
961:
962: case 'b':
963: program = BATCH;
1.24 millert 964: options = "f:q:mv";
1.7 millert 965: break;
966:
967: case 'c':
1.29 millert 968: if (program == ATQ) {
969: cflag = 1;
970: } else {
971: program = CAT;
972: options = "";
973: }
974: break;
975:
976: case 'n':
977: nflag = 1;
1.1 deraadt 978: break;
979:
980: default:
981: usage();
982: break;
983: }
1.29 millert 984: }
985: argc -= optind;
986: argv += optind;
1.55 deraadt 987:
988: switch (program) {
989: case AT:
990: case BATCH:
991: if (atinput != NULL) {
1.67 millert 992: if (setegid(user_gid) != 0)
1.72 millert 993: fatal("setegid(user_gid)");
1.55 deraadt 994: if (freopen(atinput, "r", stdin) == NULL)
1.72 millert 995: fatal("%s", atinput);
1.67 millert 996: if (setegid(spool_gid) != 0)
1.72 millert 997: fatal("setegid(spool_gid)");
1.55 deraadt 998: }
999: break;
1000: default:
1001: ;
1002: }
1.7 millert 1003:
1.76 millert 1004: if ((pw = getpwuid(user_uid)) == NULL)
1005: fatalx("unknown uid %u", user_uid);
1006: if (strlcpy(user_name, pw->pw_name, sizeof(user_name)) >= sizeof(user_name))
1007: fatalx("username too long");
1008:
1.35 millert 1009: if (getcwd(cwd, sizeof(cwd)) == NULL)
1.72 millert 1010: fatal("unable to get current working directory");
1.35 millert 1011:
1.76 millert 1012: if (!allowed(pw->pw_name, _PATH_AT_ALLOW, _PATH_AT_DENY)) {
1013: syslog(LOG_WARNING, "(%s) AUTH (at command not allowed)",
1014: pw->pw_name);
1.72 millert 1015: fatalx("you do not have permission to use at.");
1.76 millert 1016: }
1.7 millert 1017:
1.1 deraadt 1018: /* select our program */
1019: switch (program) {
1020: case ATQ:
1.29 millert 1021: list_jobs(argc, argv, nflag, cflag);
1.1 deraadt 1022: break;
1023:
1024: case ATRM:
1.7 millert 1025: case CAT:
1.29 millert 1026: if ((aflag && argc) || (!aflag && !argc))
1.10 millert 1027: usage();
1.28 millert 1028: exit(process_jobs(argc, argv, program));
1.1 deraadt 1029: break;
1030:
1031: case AT:
1.25 millert 1032: /* Time may have been specified via the -t flag. */
1.35 millert 1033: if (timer == -1) {
1034: if (argc == 0)
1035: usage();
1036: else if ((timer = parsetime(argc, argv)) == -1)
1.59 millert 1037: exit(EXIT_FAILURE);
1.35 millert 1038: }
1039: writefile(cwd, timer, queue);
1.1 deraadt 1040: break;
1041:
1042: case BATCH:
1.7 millert 1043: if (queue_set)
1.62 deraadt 1044: queue = toupper((unsigned char)queue);
1.7 millert 1045: else
1046: queue = DEFAULT_BATCH_QUEUE;
1047:
1.35 millert 1048: if (argc == 0)
1.7 millert 1049: timer = time(NULL);
1.35 millert 1050: else if ((timer = parsetime(argc, argv)) == -1)
1.59 millert 1051: exit(EXIT_FAILURE);
1.7 millert 1052:
1.35 millert 1053: writefile(cwd, timer, queue);
1.1 deraadt 1054: break;
1055:
1056: default:
1.72 millert 1057: fatalx("internal error");
1.1 deraadt 1058: break;
1059: }
1.59 millert 1060: exit(EXIT_SUCCESS);
1.1 deraadt 1061: }