Annotation of src/usr.bin/at/at.c, Revision 1.79
1.79 ! deraadt 1: /* $OpenBSD: at.c,v 1.78 2016/10/31 17:22:07 schwarze Exp $ */
1.1 deraadt 2:
3: /*
1.7 millert 4: * at.c : Put file into atrun queue
5: * Copyright (C) 1993, 1994 Thomas Koenig
1.1 deraadt 6: *
1.7 millert 7: * Atrun & Atq modifications
8: * Copyright (C) 1993 David Parsons
1.1 deraadt 9: *
1.29 millert 10: * Traditional BSD behavior and other significant modifications
1.35 millert 11: * Copyright (C) 2002-2003 Todd C. Miller
1.29 millert 12: *
1.1 deraadt 13: * Redistribution and use in source and binary forms, with or without
14: * modification, are permitted provided that the following conditions
15: * are met:
16: * 1. Redistributions of source code must retain the above copyright
17: * notice, this list of conditions and the following disclaimer.
18: * 2. The name of the author(s) may not be used to endorse or promote
19: * products derived from this software without specific prior written
20: * permission.
21: *
22: * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
23: * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24: * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
1.7 millert 25: * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
1.1 deraadt 26: * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27: * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28: * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
1.57 krw 29: * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
1.1 deraadt 30: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31: * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32: */
33:
1.68 millert 34: #include <sys/types.h>
35: #include <sys/stat.h>
36:
37: #include <bitstring.h> /* for structs.h */
38: #include <ctype.h>
39: #include <dirent.h>
1.72 millert 40: #include <err.h>
1.68 millert 41: #include <errno.h>
42: #include <fcntl.h>
43: #include <limits.h>
44: #include <pwd.h>
45: #include <signal.h>
1.72 millert 46: #include <stdarg.h>
1.68 millert 47: #include <stdio.h>
48: #include <stdlib.h>
49: #include <string.h>
1.76 millert 50: #include <syslog.h>
1.68 millert 51: #include <time.h>
52: #include <unistd.h>
53:
54: #include "pathnames.h"
55: #include "macros.h"
56: #include "structs.h"
57: #include "funcs.h"
58: #include "globals.h"
59:
1.1 deraadt 60: #include "at.h"
61:
62: #define ALARMC 10 /* Number of seconds to wait for timeout */
1.29 millert 63: #define TIMESIZE 50 /* Size of buffer passed to strftime() */
1.1 deraadt 64:
1.29 millert 65: /* Variables to remove from the job's environment. */
1.1 deraadt 66: char *no_export[] =
67: {
1.28 millert 68: "TERM", "TERMCAP", "DISPLAY", "_", "SHELLOPTS", "BASH_VERSINFO",
69: "EUID", "GROUPS", "PPID", "UID", "SSH_AUTH_SOCK", "SSH_AGENT_PID",
1.1 deraadt 70: };
1.7 millert 71:
1.75 millert 72: static int program = AT; /* default program mode */
73: static char atfile[PATH_MAX]; /* path to the at spool file */
1.76 millert 74: static char user_name[MAX_UNAME];/* invoking user name */
1.75 millert 75: static int fcreated; /* whether or not we created the file yet */
76: static char atqueue = 0; /* which queue to examine for jobs (atq) */
77: static char vflag = 0; /* show completed but unremoved jobs (atq) */
78: static char force = 0; /* suppress errors (atrm) */
79: static char interactive = 0; /* interactive mode (atrm) */
1.29 millert 80: static int send_mail = 0; /* whether we are sending mail */
1.75 millert 81: static uid_t user_uid; /* user's real uid */
82: static gid_t user_gid; /* user's real gid */
83: static gid_t spool_gid; /* gid for writing to at spool */
1.7 millert 84:
1.21 millert 85: static void sigc(int);
1.35 millert 86: static void writefile(const char *, time_t, char);
1.29 millert 87: static void list_jobs(int, char **, int, int);
1.48 millert 88: static time_t ttime(char *);
1.72 millert 89: static __dead void fatal(const char *, ...)
90: __attribute__((__format__ (printf, 1, 2)));
91: static __dead void fatalx(const char *, ...)
92: __attribute__((__format__ (printf, 1, 2)));
1.41 millert 93: static __dead void usage(void);
1.61 deraadt 94: static int rmok(long long);
1.35 millert 95: time_t parsetime(int, char **);
96:
97: /*
98: * Something fatal has happened, print error message and exit.
99: */
100: static __dead void
1.72 millert 101: fatal(const char *fmt, ...)
1.35 millert 102: {
1.72 millert 103: va_list ap;
104:
105: va_start(ap, fmt);
106: vwarn(fmt, ap);
107: va_end(ap);
108:
1.67 millert 109: if (fcreated)
1.35 millert 110: unlink(atfile);
111:
1.59 millert 112: exit(EXIT_FAILURE);
1.35 millert 113: }
114:
115: /*
1.72 millert 116: * Something fatal has happened, print error message and exit.
1.35 millert 117: */
1.42 millert 118: static __dead void
1.72 millert 119: fatalx(const char *fmt, ...)
1.35 millert 120: {
1.72 millert 121: va_list ap;
1.35 millert 122:
1.72 millert 123: va_start(ap, fmt);
124: vwarnx(fmt, ap);
125: va_end(ap);
1.35 millert 126:
1.67 millert 127: if (fcreated)
1.35 millert 128: unlink(atfile);
129:
1.59 millert 130: exit(EXIT_FAILURE);
1.35 millert 131: }
132:
1.46 cloder 133: /* ARGSUSED */
1.42 millert 134: static void
1.26 millert 135: sigc(int signo)
1.1 deraadt 136: {
1.7 millert 137: /* If the user presses ^C, remove the spool file and exit. */
1.67 millert 138: if (fcreated)
1.7 millert 139: (void)unlink(atfile);
1.1 deraadt 140:
1.59 millert 141: _exit(EXIT_FAILURE);
1.1 deraadt 142: }
143:
1.29 millert 144: static int
1.74 millert 145: strtot(const char *nptr, char **endptr, time_t *tp)
146: {
147: long long ll;
148:
149: errno = 0;
150: ll = strtoll(nptr, endptr, 10);
151: if (*endptr == nptr)
152: return (-1);
153: if (ll < 0 || (errno == ERANGE && ll == LLONG_MAX) || (time_t)ll != ll)
154: return (-1);
155: *tp = (time_t)ll;
156: return (0);
157: }
158:
159: static int
1.29 millert 160: newjob(time_t runtimer, int queue)
161: {
162: int fd, i;
1.1 deraadt 163:
1.7 millert 164: /*
1.29 millert 165: * If we have a collision, try shifting the time by up to
166: * two minutes. Perhaps it would be better to try different
167: * queues instead...
1.7 millert 168: */
1.29 millert 169: for (i = 0; i < 120; i++) {
1.74 millert 170: snprintf(atfile, sizeof(atfile), "%s/%lld.%c", _PATH_AT_SPOOL,
1.61 deraadt 171: (long long)runtimer, queue);
1.29 millert 172: fd = open(atfile, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR);
173: if (fd >= 0)
174: return (fd);
1.31 millert 175: runtimer++;
1.29 millert 176: }
177: return (-1);
1.1 deraadt 178: }
179:
1.29 millert 180: /*
181: * This does most of the work if at or batch are invoked for
182: * writing a job.
183: */
1.1 deraadt 184: static void
1.35 millert 185: writefile(const char *cwd, time_t runtimer, char queue)
1.1 deraadt 186: {
1.35 millert 187: const char *ap;
188: char *mailname, *shell;
1.28 millert 189: char timestr[TIMESIZE];
1.1 deraadt 190: struct passwd *pass_entry;
1.28 millert 191: struct tm runtime;
1.73 millert 192: int fd;
1.55 deraadt 193: FILE *fp;
1.1 deraadt 194: struct sigaction act;
195: char **atenv;
196: int ch;
197: mode_t cmask;
1.29 millert 198: extern char **environ;
1.1 deraadt 199:
200: /*
201: * Install the signal handler for SIGINT; terminate after removing the
202: * spool file if necessary
203: */
1.35 millert 204: bzero(&act, sizeof act);
1.1 deraadt 205: act.sa_handler = sigc;
1.29 millert 206: sigemptyset(&act.sa_mask);
1.1 deraadt 207: act.sa_flags = 0;
208: sigaction(SIGINT, &act, NULL);
209:
210: /*
211: * Create the file. The x bit is only going to be set after it has
212: * been completely written out, to make sure it is not executed in
213: * the meantime. To make sure they do not get deleted, turn off
214: * their r bit. Yes, this is a kluge.
215: */
216: cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
1.73 millert 217: if ((fd = newjob(runtimer, queue)) == -1)
1.72 millert 218: fatal("unable to create atjob file");
1.1 deraadt 219:
1.73 millert 220: if (fchown(fd, -1, user_gid) != 0)
1.72 millert 221: fatal("fchown");
1.1 deraadt 222:
223: /*
224: * We've successfully created the file; let's set the flag so it
225: * gets removed in case of an interrupt or error.
226: */
227: fcreated = 1;
228:
1.73 millert 229: if ((fp = fdopen(fd, "w")) == NULL)
1.72 millert 230: fatal("unable to reopen atjob file");
1.1 deraadt 231:
232: /*
1.18 millert 233: * Get the userid to mail to, first by trying getlogin(), which asks
234: * the kernel, then from $LOGNAME or $USER, finally from getpwuid().
1.1 deraadt 235: */
236: mailname = getlogin();
1.5 millert 237: if (mailname == NULL && (mailname = getenv("LOGNAME")) == NULL)
238: mailname = getenv("USER");
1.1 deraadt 239:
1.7 millert 240: if ((mailname == NULL) || (mailname[0] == '\0') ||
1.35 millert 241: (strlen(mailname) > MAX_UNAME) || (getpwnam(mailname) == NULL)) {
1.76 millert 242: mailname = user_name;
1.1 deraadt 243: }
244:
1.28 millert 245: /*
246: * Get the shell to run the job under. First check $SHELL, falling
247: * back to the user's shell in the password database or, failing
248: * that, /bin/sh.
249: */
250: if ((shell = getenv("SHELL")) == NULL || *shell == '\0') {
1.67 millert 251: pass_entry = getpwuid(user_uid);
1.28 millert 252: if (pass_entry != NULL && *pass_entry->pw_shell != '\0')
253: shell = pass_entry->pw_shell;
254: else
255: shell = _PATH_BSHELL;
256: }
257:
1.42 millert 258: (void)fprintf(fp, "#!/bin/sh\n# atrun uid=%lu gid=%lu\n# mail %*s %d\n",
1.67 millert 259: (unsigned long)user_uid, (unsigned long)user_gid,
1.42 millert 260: MAX_UNAME, mailname, send_mail);
1.1 deraadt 261:
262: /* Write out the umask at the time of invocation */
1.7 millert 263: (void)fprintf(fp, "umask %o\n", cmask);
1.1 deraadt 264:
265: /*
266: * Write out the environment. Anything that may look like a special
267: * character to the shell is quoted, except for \n, which is done
1.44 jmc 268: * with a pair of "'s. Don't export the no_export list (such as
1.1 deraadt 269: * TERM or DISPLAY) because we don't want these.
270: */
271: for (atenv = environ; *atenv != NULL; atenv++) {
272: int export = 1;
273: char *eqp;
274:
275: eqp = strchr(*atenv, '=');
1.19 millert 276: if (eqp == NULL)
1.1 deraadt 277: eqp = *atenv;
278: else {
279: int i;
280:
281: for (i = 0;i < sizeof(no_export) /
282: sizeof(no_export[0]); i++) {
283: export = export
284: && (strncmp(*atenv, no_export[i],
285: (size_t) (eqp - *atenv)) != 0);
286: }
287: eqp++;
288: }
289:
290: if (export) {
1.63 millert 291: (void)fputs("export ", fp);
1.7 millert 292: (void)fwrite(*atenv, sizeof(char), eqp - *atenv, fp);
1.1 deraadt 293: for (ap = eqp; *ap != '\0'; ap++) {
294: if (*ap == '\n')
1.7 millert 295: (void)fprintf(fp, "\"\n\"");
1.1 deraadt 296: else {
1.62 deraadt 297: if (!isalnum((unsigned char)*ap)) {
1.7 millert 298: switch (*ap) {
299: case '%': case '/': case '{':
300: case '[': case ']': case '=':
301: case '}': case '@': case '+':
302: case '#': case ',': case '.':
303: case ':': case '-': case '_':
304: break;
305: default:
306: (void)fputc('\\', fp);
307: break;
308: }
309: }
310: (void)fputc(*ap, fp);
1.1 deraadt 311: }
312: }
1.7 millert 313: (void)fputc('\n', fp);
314: }
315: }
316: /*
317: * Cd to the directory at the time and write out all the
318: * commands the user supplies from stdin.
319: */
320: (void)fputs("cd ", fp);
1.35 millert 321: for (ap = cwd; *ap != '\0'; ap++) {
1.7 millert 322: if (*ap == '\n')
323: fprintf(fp, "\"\n\"");
324: else {
1.62 deraadt 325: if (*ap != '/' && !isalnum((unsigned char)*ap))
1.7 millert 326: (void)fputc('\\', fp);
1.1 deraadt 327:
1.7 millert 328: (void)fputc(*ap, fp);
1.1 deraadt 329: }
330: }
331: /*
1.7 millert 332: * Test cd's exit status: die if the original directory has been
333: * removed, become unreadable or whatever.
1.1 deraadt 334: */
1.29 millert 335: (void)fprintf(fp, " || {\n\t echo 'Execution directory inaccessible'"
336: " >&2\n\t exit 1\n}\n");
1.1 deraadt 337:
1.3 millert 338: if ((ch = getchar()) == EOF)
1.72 millert 339: fatalx("unexpected EOF");
1.3 millert 340:
1.28 millert 341: /* We want the job to run under the user's shell. */
342: fprintf(fp, "%s << '_END_OF_AT_JOB'\n", shell);
343:
1.3 millert 344: do {
1.7 millert 345: (void)fputc(ch, fp);
1.3 millert 346: } while ((ch = getchar()) != EOF);
1.1 deraadt 347:
1.28 millert 348: (void)fprintf(fp, "\n_END_OF_AT_JOB\n");
1.72 millert 349: (void)fflush(fp);
1.1 deraadt 350: if (ferror(fp))
1.72 millert 351: fatalx("write error");
1.1 deraadt 352:
353: if (ferror(stdin))
1.72 millert 354: fatalx("read error");
1.1 deraadt 355:
356: /*
357: * Set the x bit so that we're ready to start executing
358: */
1.73 millert 359: if (fchmod(fileno(fp), S_IRUSR | S_IWUSR | S_IXUSR) < 0)
1.72 millert 360: fatal("fchmod");
1.1 deraadt 361:
1.73 millert 362: (void)fclose(fp);
1.28 millert 363:
1.30 millert 364: /* Poke cron so it knows to reload the at spool. */
1.74 millert 365: poke_daemon(RELOAD_AT);
1.30 millert 366:
1.28 millert 367: runtime = *localtime(&runtimer);
368: strftime(timestr, TIMESIZE, "%a %b %e %T %Y", &runtime);
369: (void)fprintf(stderr, "commands will be executed using %s\n", shell);
1.74 millert 370: (void)fprintf(stderr, "job %s at %s\n", &atfile[sizeof(_PATH_AT_SPOOL)],
1.29 millert 371: timestr);
1.76 millert 372:
373: syslog(LOG_INFO, "(%s) CREATE (%s)", user_name,
374: &atfile[sizeof(_PATH_AT_SPOOL)]);
1.29 millert 375: }
376:
377: /* Sort by creation time. */
378: static int
379: byctime(const void *v1, const void *v2)
380: {
1.46 cloder 381: const struct atjob *j1 = *(const struct atjob **)v1;
382: const struct atjob *j2 = *(const struct atjob **)v2;
1.29 millert 383:
384: return (j1->ctime - j2->ctime);
385: }
386:
387: /* Sort by job number (and thus execution time). */
388: static int
389: byjobno(const void *v1, const void *v2)
390: {
391: const struct atjob *j1 = *(struct atjob **)v1;
392: const struct atjob *j2 = *(struct atjob **)v2;
393:
394: if (j1->runtimer == j2->runtimer)
395: return (j1->queue - j2->queue);
396: return (j1->runtimer - j2->runtimer);
397: }
398:
399: static void
1.37 millert 400: print_job(struct atjob *job, int n, int shortformat)
1.29 millert 401: {
402: struct passwd *pw;
403: struct tm runtime;
404: char timestr[TIMESIZE];
405: static char *ranks[] = {
406: "th", "st", "nd", "rd", "th", "th", "th", "th", "th", "th"
407: };
408:
409: runtime = *localtime(&job->runtimer);
410: if (shortformat) {
411: strftime(timestr, TIMESIZE, "%a %b %e %T %Y", &runtime);
1.61 deraadt 412: (void)printf("%lld.%c\t%s\n", (long long)job->runtimer,
1.29 millert 413: job->queue, timestr);
414: } else {
1.37 millert 415: pw = getpwuid(job->uid);
1.29 millert 416: /* Rank hack shamelessly stolen from lpq */
417: if (n / 10 == 1)
418: printf("%3d%-5s", n,"th");
419: else
420: printf("%3d%-5s", n, ranks[n % 10]);
421: strftime(timestr, TIMESIZE, "%b %e, %Y %R", &runtime);
1.61 deraadt 422: (void)printf("%-21.18s%-11.8s%10lld.%c %c%s\n",
1.29 millert 423: timestr, pw ? pw->pw_name : "???",
1.61 deraadt 424: (long long)job->runtimer, job->queue, job->queue,
1.37 millert 425: (S_IXUSR & job->mode) ? "" : " (done)");
1.29 millert 426: }
1.1 deraadt 427: }
428:
1.29 millert 429: /*
430: * List all of a user's jobs in the queue, by looping through
1.74 millert 431: * _PATH_AT_SPOOL, or all jobs if we are root. If argc is > 0, argv
1.29 millert 432: * contains the list of users whose jobs shall be displayed. By
433: * default, the list is sorted by execution date and queue. If
434: * csort is non-zero jobs will be sorted by creation/submission date.
435: */
1.1 deraadt 436: static void
1.29 millert 437: list_jobs(int argc, char **argv, int count_only, int csort)
1.1 deraadt 438: {
439: struct passwd *pw;
440: struct dirent *dirent;
1.40 tedu 441: struct atjob **atjobs, **newatjobs, *job;
1.29 millert 442: struct stat stbuf;
1.1 deraadt 443: time_t runtimer;
1.77 millert 444: char **jobs;
1.29 millert 445: uid_t *uids;
446: char queue, *ep;
447: DIR *spool;
1.77 millert 448: int job_matches, jobs_len, uids_len;
1.71 millert 449: int dfd, i, shortformat;
1.54 moritz 450: size_t numjobs, maxjobs;
1.29 millert 451:
1.76 millert 452: syslog(LOG_INFO, "(%s) LIST (%s)", user_name,
453: user_uid ? user_name : "ALL");
454:
1.77 millert 455: /* Convert argv into a list of jobs and uids. */
456: jobs = NULL;
457: uids = NULL;
458: jobs_len = uids_len = 0;
459:
1.29 millert 460: if (argc) {
1.77 millert 461: if ((jobs = reallocarray(NULL, argc, sizeof(char *))) == NULL ||
462: (uids = reallocarray(NULL, argc, sizeof(uid_t))) == NULL)
1.72 millert 463: fatal(NULL);
1.29 millert 464:
465: for (i = 0; i < argc; i++) {
1.77 millert 466: if (strtot(argv[i], &ep, &runtimer) == 0 &&
467: *ep == '.' && isalpha((unsigned char)*(ep + 1)) &&
468: *(ep + 2) == '\0')
469: jobs[jobs_len++] = argv[i];
470: else if ((pw = getpwnam(argv[i])) != NULL) {
471: if (pw->pw_uid != user_uid && user_uid != 0)
472: fatalx("only the superuser may "
473: "display other users' jobs");
474: uids[uids_len++] = pw->pw_uid;
475: } else
1.72 millert 476: fatalx("unknown user %s", argv[i]);
1.29 millert 477: }
1.77 millert 478: }
1.29 millert 479:
1.69 millert 480: shortformat = strcmp(__progname, "at") == 0;
1.1 deraadt 481:
1.74 millert 482: if ((dfd = open(_PATH_AT_SPOOL, O_RDONLY|O_DIRECTORY)) == -1 ||
1.71 millert 483: (spool = fdopendir(dfd)) == NULL)
1.74 millert 484: fatal(_PATH_AT_SPOOL);
1.1 deraadt 485:
1.71 millert 486: if (fstat(dfd, &stbuf) != 0)
1.74 millert 487: fatal(_PATH_AT_SPOOL);
1.29 millert 488:
489: /*
490: * The directory's link count should give us a good idea
491: * of how many files are in it. Fudge things a little just
492: * in case someone adds a job or two.
493: */
494: numjobs = 0;
495: maxjobs = stbuf.st_nlink + 4;
1.77 millert 496: atjobs = reallocarray(NULL, maxjobs, sizeof(struct atjob *));
1.29 millert 497: if (atjobs == NULL)
1.72 millert 498: fatal(NULL);
1.29 millert 499:
500: /* Loop over every file in the directory. */
1.1 deraadt 501: while ((dirent = readdir(spool)) != NULL) {
1.71 millert 502: if (fstatat(dfd, dirent->d_name, &stbuf, AT_SYMLINK_NOFOLLOW) != 0)
1.72 millert 503: fatal("%s", dirent->d_name);
1.1 deraadt 504:
505: /*
506: * See it's a regular file and has its x bit turned on and
507: * is the user's
508: */
1.29 millert 509: if (!S_ISREG(stbuf.st_mode)
1.67 millert 510: || ((stbuf.st_uid != user_uid) && !(user_uid == 0))
1.29 millert 511: || !(S_IXUSR & stbuf.st_mode || vflag))
1.1 deraadt 512: continue;
513:
1.61 deraadt 514: if (strtot(dirent->d_name, &ep, &runtimer) == -1)
515: continue;
1.62 deraadt 516: if (*ep != '.' || !isalpha((unsigned char)*(ep + 1)) ||
517: *(ep + 2) != '\0')
1.1 deraadt 518: continue;
1.29 millert 519: queue = *(ep + 1);
1.1 deraadt 520:
521: if (atqueue && (queue != atqueue))
522: continue;
523:
1.77 millert 524: /* Check against specified jobs and/or user(s). */
525: job_matches = (argc == 0) ? 1 : 0;
526: if (!job_matches) {
527: for (i = 0; i < jobs_len; i++) {
528: if (strcmp(dirent->d_name, jobs[i]) == 0) {
529: job_matches = 1;
530: break;
531: }
532: }
533: }
534: if (!job_matches) {
535: for (i = 0; i < uids_len; i++) {
536: if (uids[i] == stbuf.st_uid) {
537: job_matches = 1;
1.29 millert 538: break;
1.77 millert 539: }
1.29 millert 540: }
541: }
1.77 millert 542: if (!job_matches)
543: continue;
1.29 millert 544:
545: if (count_only) {
546: numjobs++;
547: continue;
548: }
549:
1.65 deraadt 550: job = malloc(sizeof(struct atjob));
1.29 millert 551: if (job == NULL)
1.72 millert 552: fatal(NULL);
1.29 millert 553: job->runtimer = runtimer;
554: job->ctime = stbuf.st_ctime;
1.37 millert 555: job->uid = stbuf.st_uid;
556: job->mode = stbuf.st_mode;
1.29 millert 557: job->queue = queue;
558: if (numjobs == maxjobs) {
1.54 moritz 559: size_t newjobs = maxjobs * 2;
1.79 ! deraadt 560: newatjobs = recallocarray(atjobs, maxjobs,
! 561: newjobs, sizeof(job));
1.40 tedu 562: if (newatjobs == NULL)
1.72 millert 563: fatal(NULL);
1.40 tedu 564: atjobs = newatjobs;
565: maxjobs = newjobs;
1.29 millert 566: }
567: atjobs[numjobs++] = job;
568: }
569: free(uids);
1.45 robert 570: closedir(spool);
1.29 millert 571:
572: if (count_only || numjobs == 0) {
573: if (numjobs == 0 && !shortformat)
1.72 millert 574: warnx("no files in queue");
1.29 millert 575: else if (count_only)
1.54 moritz 576: printf("%zu\n", numjobs);
1.29 millert 577: free(atjobs);
578: return;
579: }
580:
581: /* Sort by job run time or by job creation time. */
582: qsort(atjobs, numjobs, sizeof(struct atjob *),
583: csort ? byctime : byjobno);
584:
585: if (!shortformat)
586: (void)puts(" Rank Execution Date Owner "
587: "Job Queue");
588:
589: for (i = 0; i < numjobs; i++) {
1.37 millert 590: print_job(atjobs[i], i + 1, shortformat);
1.29 millert 591: free(atjobs[i]);
1.1 deraadt 592: }
1.29 millert 593: free(atjobs);
594: }
595:
596: static int
1.61 deraadt 597: rmok(long long job)
1.29 millert 598: {
599: int ch, junk;
600:
1.61 deraadt 601: printf("%lld: remove it? ", job);
1.29 millert 602: ch = getchar();
603: while ((junk = getchar()) != EOF && junk != '\n')
604: ;
605: return (ch == 'y' || ch == 'Y');
1.1 deraadt 606: }
607:
1.29 millert 608: /*
1.74 millert 609: * Loop through all jobs in _PATH_AT_SPOOL and display or delete ones
1.29 millert 610: * that match argv (may be job or username), or all if argc == 0.
611: * Only the superuser may display/delete other people's jobs.
612: */
1.28 millert 613: static int
1.26 millert 614: process_jobs(int argc, char **argv, int what)
1.1 deraadt 615: {
1.29 millert 616: struct stat stbuf;
617: struct dirent *dirent;
618: struct passwd *pw;
619: time_t runtimer;
620: uid_t *uids;
1.46 cloder 621: char **jobs, *ep;
1.29 millert 622: FILE *fp;
1.7 millert 623: DIR *spool;
1.29 millert 624: int job_matches, jobs_len, uids_len;
1.71 millert 625: int error, i, ch, changed, dfd;
1.1 deraadt 626:
1.74 millert 627: if ((dfd = open(_PATH_AT_SPOOL, O_RDONLY|O_DIRECTORY)) == -1 ||
1.71 millert 628: (spool = fdopendir(dfd)) == NULL)
1.74 millert 629: fatal(_PATH_AT_SPOOL);
1.7 millert 630:
1.29 millert 631: /* Convert argv into a list of jobs and uids. */
632: jobs = NULL;
633: uids = NULL;
634: jobs_len = uids_len = 0;
635: if (argc > 0) {
1.77 millert 636: if ((jobs = reallocarray(NULL, argc, sizeof(char *))) == NULL ||
637: (uids = reallocarray(NULL, argc, sizeof(uid_t))) == NULL)
1.72 millert 638: fatal(NULL);
1.29 millert 639:
640: for (i = 0; i < argc; i++) {
1.77 millert 641: if (strtot(argv[i], &ep, &runtimer) == 0 &&
642: *ep == '.' && isalpha((unsigned char)*(ep + 1)) &&
643: *(ep + 2) == '\0')
1.29 millert 644: jobs[jobs_len++] = argv[i];
645: else if ((pw = getpwnam(argv[i])) != NULL) {
1.67 millert 646: if (user_uid != pw->pw_uid && user_uid != 0) {
1.72 millert 647: fatalx("only the superuser may %s "
648: "other users' jobs",
649: what == ATRM ? "remove" : "view");
1.35 millert 650: }
1.29 millert 651: uids[uids_len++] = pw->pw_uid;
652: } else
1.72 millert 653: fatalx("unknown user %s", argv[i]);
1.29 millert 654: }
655: }
656:
1.7 millert 657: /* Loop over every file in the directory */
1.30 millert 658: changed = 0;
1.28 millert 659: while ((dirent = readdir(spool)) != NULL) {
1.71 millert 660: if (fstatat(dfd, dirent->d_name, &stbuf, AT_SYMLINK_NOFOLLOW) != 0)
1.72 millert 661: fatal("%s", dirent->d_name);
1.7 millert 662:
1.67 millert 663: if (stbuf.st_uid != user_uid && user_uid != 0)
1.7 millert 664: continue;
665:
1.61 deraadt 666: if (strtot(dirent->d_name, &ep, &runtimer) == -1)
667: continue;
1.62 deraadt 668: if (*ep != '.' || !isalpha((unsigned char)*(ep + 1)) ||
669: *(ep + 2) != '\0')
1.29 millert 670: continue;
1.7 millert 671:
1.29 millert 672: /* Check runtimer against argv; argc==0 means do all. */
673: job_matches = (argc == 0) ? 1 : 0;
674: if (!job_matches) {
675: for (i = 0; i < jobs_len; i++) {
1.36 millert 676: if (jobs[i] != NULL &&
677: strcmp(dirent->d_name, jobs[i]) == 0) {
1.29 millert 678: jobs[i] = NULL;
679: job_matches = 1;
680: break;
681: }
682: }
683: }
684: if (!job_matches) {
685: for (i = 0; i < uids_len; i++) {
686: if (uids[i] == stbuf.st_uid) {
687: job_matches = 1;
688: break;
689: }
690: }
691: }
692:
693: if (job_matches) {
694: switch (what) {
695: case ATRM:
696: if (!interactive ||
697: (interactive && rmok(runtimer))) {
1.76 millert 698: if (unlinkat(dfd, dirent->d_name, 0) == 0) {
699: syslog(LOG_INFO,
700: "(%s) DELETE (%s)",
701: user_name, dirent->d_name);
1.30 millert 702: changed = 1;
1.76 millert 703: } else if (!force)
1.72 millert 704: fatal("%s", dirent->d_name);
1.29 millert 705: if (!force && !interactive)
1.72 millert 706: warnx("%s removed",
1.29 millert 707: dirent->d_name);
708: }
709: break;
1.7 millert 710:
1.29 millert 711: case CAT:
1.71 millert 712: i = openat(dfd, dirent->d_name,
713: O_RDONLY|O_NOFOLLOW);
714: if (i == -1 || (fp = fdopen(i, "r")) == NULL)
1.72 millert 715: fatal("%s", dirent->d_name);
1.76 millert 716: syslog(LOG_INFO, "(%s) CAT (%s)",
717: user_name, dirent->d_name);
1.7 millert 718:
1.29 millert 719: while ((ch = getc(fp)) != EOF)
720: putchar(ch);
1.7 millert 721:
1.45 robert 722: fclose(fp);
1.29 millert 723: break;
1.7 millert 724:
1.29 millert 725: default:
1.72 millert 726: fatalx("internal error");
1.29 millert 727: break;
1.7 millert 728: }
1.1 deraadt 729: }
730: }
1.45 robert 731: closedir(spool);
732:
1.29 millert 733: for (error = 0, i = 0; i < jobs_len; i++) {
734: if (jobs[i] != NULL) {
735: if (!force)
1.72 millert 736: warnx("%s: no such job", jobs[i]);
1.28 millert 737: error++;
738: }
739: }
1.29 millert 740: free(jobs);
741: free(uids);
742:
1.30 millert 743: /* If we modied the spool, poke cron so it knows to reload. */
1.71 millert 744: if (changed)
1.74 millert 745: poke_daemon(RELOAD_AT);
1.30 millert 746:
1.29 millert 747: return (error);
1.28 millert 748: }
1.1 deraadt 749:
1.25 millert 750: #define ATOI2(s) ((s) += 2, ((s)[-2] - '0') * 10 + ((s)[-1] - '0'))
751:
1.29 millert 752: /*
1.48 millert 753: * Adapted from date(1)
1.29 millert 754: */
1.25 millert 755: static time_t
1.48 millert 756: ttime(char *arg)
1.25 millert 757: {
1.48 millert 758: time_t now, then;
759: struct tm *lt;
1.25 millert 760: int yearset;
1.48 millert 761: char *dot, *p;
1.42 millert 762:
1.48 millert 763: if (time(&now) == (time_t)-1 || (lt = localtime(&now)) == NULL)
1.72 millert 764: fatal("unable to get current time");
1.42 millert 765:
1.48 millert 766: /* Valid date format is [[CC]YY]MMDDhhmm[.SS] */
767: for (p = arg, dot = NULL; *p != '\0'; p++) {
1.52 millert 768: if (*p == '.' && dot == NULL)
1.48 millert 769: dot = p;
770: else if (!isdigit((unsigned char)*p))
771: goto terr;
772: }
1.49 millert 773: if (dot == NULL)
774: lt->tm_sec = 0;
775: else {
1.48 millert 776: *dot++ = '\0';
777: if (strlen(dot) != 2)
778: goto terr;
1.50 millert 779: lt->tm_sec = ATOI2(dot);
1.48 millert 780: if (lt->tm_sec > 61) /* could be leap second */
1.25 millert 781: goto terr;
782: }
1.42 millert 783:
1.25 millert 784: yearset = 0;
785: switch(strlen(arg)) {
786: case 12: /* CCYYMMDDhhmm */
1.51 millert 787: lt->tm_year = ATOI2(arg) * 100;
788: lt->tm_year -= 1900; /* Convert to Unix time */
1.25 millert 789: yearset = 1;
790: /* FALLTHROUGH */
791: case 10: /* YYMMDDhhmm */
792: if (yearset) {
793: yearset = ATOI2(arg);
1.48 millert 794: lt->tm_year += yearset;
1.25 millert 795: } else {
796: yearset = ATOI2(arg);
1.60 guenther 797: /* POSIX logic: [00,68]=>20xx, [69,99]=>19xx */
798: lt->tm_year = yearset;
799: if (yearset < 69)
800: lt->tm_year += 100;
1.25 millert 801: }
802: /* FALLTHROUGH */
803: case 8: /* MMDDhhmm */
1.48 millert 804: lt->tm_mon = ATOI2(arg);
805: if (lt->tm_mon > 12 || lt->tm_mon == 0)
806: goto terr;
807: --lt->tm_mon; /* Convert from 01-12 to 00-11 */
808: lt->tm_mday = ATOI2(arg);
809: if (lt->tm_mday > 31 || lt->tm_mday == 0)
810: goto terr;
811: lt->tm_hour = ATOI2(arg);
812: if (lt->tm_hour > 23)
813: goto terr;
814: lt->tm_min = ATOI2(arg);
815: if (lt->tm_min > 59)
816: goto terr;
1.25 millert 817: break;
818: default:
819: goto terr;
820: }
1.42 millert 821:
1.48 millert 822: lt->tm_isdst = -1; /* mktime will deduce DST. */
823: then = mktime(lt);
824: if (then == (time_t)-1) {
1.25 millert 825: terr:
1.72 millert 826: fatalx("illegal time specification: [[CC]YY]MMDDhhmm[.SS]");
1.48 millert 827: }
828: if (then < now)
1.72 millert 829: fatalx("cannot schedule jobs in the past");
1.48 millert 830: return (then);
1.30 millert 831: }
832:
1.41 millert 833: static __dead void
1.35 millert 834: usage(void)
835: {
836: /* Print usage and exit. */
837: switch (program) {
838: case AT:
839: case CAT:
840: (void)fprintf(stderr,
1.77 millert 841: "usage: at [-bm] [-f file] [-l [job ...]] [-q queue] "
1.47 jmc 842: "-t time_arg | timespec\n"
843: " at -c | -r job ...\n");
1.35 millert 844: break;
845: case ATQ:
846: (void)fprintf(stderr,
1.43 jmc 847: "usage: atq [-cnv] [-q queue] [name ...]\n");
1.35 millert 848: break;
849: case ATRM:
850: (void)fprintf(stderr,
851: "usage: atrm [-afi] [[job] [name] ...]\n");
852: break;
853: case BATCH:
854: (void)fprintf(stderr,
855: "usage: batch [-m] [-f file] [-q queue] [timespec]\n");
856: break;
857: }
1.59 millert 858: exit(EXIT_FAILURE);
1.25 millert 859: }
860:
1.1 deraadt 861: int
1.26 millert 862: main(int argc, char **argv)
1.1 deraadt 863: {
1.29 millert 864: time_t timer = -1;
1.55 deraadt 865: char *atinput = NULL; /* where to get input from */
1.7 millert 866: char queue = DEFAULT_AT_QUEUE;
867: char queue_set = 0;
1.25 millert 868: char *options = "q:f:t:bcdlmrv"; /* default options for at */
1.38 avsm 869: char cwd[PATH_MAX];
1.76 millert 870: struct passwd *pw;
1.29 millert 871: int ch;
872: int aflag = 0;
873: int cflag = 0;
874: int nflag = 0;
1.66 deraadt 875:
1.73 millert 876: if (pledge("stdio rpath wpath cpath fattr getpw unix id", NULL) == -1)
1.72 millert 877: fatal("pledge");
1.41 millert 878:
1.76 millert 879: openlog(__progname, LOG_PID, LOG_CRON);
880:
1.41 millert 881: if (argc < 1)
882: usage();
1.1 deraadt 883:
1.67 millert 884: user_uid = getuid();
885: user_gid = getgid();
886: spool_gid = getegid();
1.1 deraadt 887:
888: /* find out what this program is supposed to do */
1.69 millert 889: if (strcmp(__progname, "atq") == 0) {
1.1 deraadt 890: program = ATQ;
1.29 millert 891: options = "cnvq:";
1.69 millert 892: } else if (strcmp(__progname, "atrm") == 0) {
1.1 deraadt 893: program = ATRM;
1.29 millert 894: options = "afi";
1.69 millert 895: } else if (strcmp(__progname, "batch") == 0) {
1.1 deraadt 896: program = BATCH;
1.24 millert 897: options = "f:q:mv";
1.1 deraadt 898: }
899:
900: /* process whatever options we can process */
1.29 millert 901: while ((ch = getopt(argc, argv, options)) != -1) {
902: switch (ch) {
903: case 'a':
904: aflag = 1;
905: break;
906:
907: case 'i':
908: interactive = 1;
909: force = 0;
910: break;
911:
912: case 'v': /* show completed but unremoved jobs */
913: /*
914: * This option is only useful when we are invoked
915: * as atq but we accept (and ignore) this flag in
916: * the other programs for backwards compatibility.
917: */
918: vflag = 1;
1.1 deraadt 919: break;
920:
921: case 'm': /* send mail when job is complete */
922: send_mail = 1;
923: break;
924:
925: case 'f':
1.29 millert 926: if (program == ATRM) {
927: force = 1;
928: interactive = 0;
929: } else
930: atinput = optarg;
1.1 deraadt 931: break;
932:
933: case 'q': /* specify queue */
934: if (strlen(optarg) > 1)
935: usage();
936:
937: atqueue = queue = *optarg;
1.62 deraadt 938: if (!(islower((unsigned char)queue) ||
939: isupper((unsigned char)queue)))
1.1 deraadt 940: usage();
1.7 millert 941:
942: queue_set = 1;
943: break;
944:
1.25 millert 945: case 'd': /* for backwards compatibility */
946: case 'r':
1.7 millert 947: program = ATRM;
1.24 millert 948: options = "";
1.7 millert 949: break;
950:
1.25 millert 951: case 't':
952: timer = ttime(optarg);
953: break;
954:
1.7 millert 955: case 'l':
956: program = ATQ;
1.29 millert 957: options = "cnvq:";
1.7 millert 958: break;
959:
960: case 'b':
961: program = BATCH;
1.24 millert 962: options = "f:q:mv";
1.7 millert 963: break;
964:
965: case 'c':
1.29 millert 966: if (program == ATQ) {
967: cflag = 1;
968: } else {
969: program = CAT;
970: options = "";
971: }
972: break;
973:
974: case 'n':
975: nflag = 1;
1.1 deraadt 976: break;
977:
978: default:
979: usage();
980: break;
981: }
1.29 millert 982: }
983: argc -= optind;
984: argv += optind;
1.55 deraadt 985:
986: switch (program) {
987: case AT:
988: case BATCH:
989: if (atinput != NULL) {
1.67 millert 990: if (setegid(user_gid) != 0)
1.72 millert 991: fatal("setegid(user_gid)");
1.55 deraadt 992: if (freopen(atinput, "r", stdin) == NULL)
1.72 millert 993: fatal("%s", atinput);
1.67 millert 994: if (setegid(spool_gid) != 0)
1.72 millert 995: fatal("setegid(spool_gid)");
1.55 deraadt 996: }
997: break;
998: default:
999: ;
1000: }
1.7 millert 1001:
1.76 millert 1002: if ((pw = getpwuid(user_uid)) == NULL)
1003: fatalx("unknown uid %u", user_uid);
1004: if (strlcpy(user_name, pw->pw_name, sizeof(user_name)) >= sizeof(user_name))
1005: fatalx("username too long");
1006:
1.35 millert 1007: if (getcwd(cwd, sizeof(cwd)) == NULL)
1.72 millert 1008: fatal("unable to get current working directory");
1.35 millert 1009:
1.76 millert 1010: if (!allowed(pw->pw_name, _PATH_AT_ALLOW, _PATH_AT_DENY)) {
1011: syslog(LOG_WARNING, "(%s) AUTH (at command not allowed)",
1012: pw->pw_name);
1.72 millert 1013: fatalx("you do not have permission to use at.");
1.76 millert 1014: }
1.7 millert 1015:
1.1 deraadt 1016: /* select our program */
1017: switch (program) {
1018: case ATQ:
1.29 millert 1019: list_jobs(argc, argv, nflag, cflag);
1.1 deraadt 1020: break;
1021:
1022: case ATRM:
1.7 millert 1023: case CAT:
1.29 millert 1024: if ((aflag && argc) || (!aflag && !argc))
1.10 millert 1025: usage();
1.78 schwarze 1026: return process_jobs(argc, argv, program);
1.1 deraadt 1027: break;
1028:
1029: case AT:
1.25 millert 1030: /* Time may have been specified via the -t flag. */
1.35 millert 1031: if (timer == -1) {
1032: if (argc == 0)
1033: usage();
1034: else if ((timer = parsetime(argc, argv)) == -1)
1.78 schwarze 1035: return EXIT_FAILURE;
1.35 millert 1036: }
1037: writefile(cwd, timer, queue);
1.1 deraadt 1038: break;
1039:
1040: case BATCH:
1.7 millert 1041: if (queue_set)
1.62 deraadt 1042: queue = toupper((unsigned char)queue);
1.7 millert 1043: else
1044: queue = DEFAULT_BATCH_QUEUE;
1045:
1.35 millert 1046: if (argc == 0)
1.7 millert 1047: timer = time(NULL);
1.35 millert 1048: else if ((timer = parsetime(argc, argv)) == -1)
1.78 schwarze 1049: return EXIT_FAILURE;
1.7 millert 1050:
1.35 millert 1051: writefile(cwd, timer, queue);
1.1 deraadt 1052: break;
1053:
1054: default:
1.72 millert 1055: fatalx("internal error");
1.1 deraadt 1056: break;
1057: }
1.78 schwarze 1058: return EXIT_SUCCESS;
1.1 deraadt 1059: }