search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Patrick Welche <prlw1@cam.ac.uk>
[netbsd-mini2440.git] / usr.sbin / cron / crontab.c
blobf73537dc55ac6dad2173e57568be657060969438
1 /* $NetBSD: crontab.c,v 1.32 2009/04/11 12:55:29 lukem Exp $ */
2
3 /* Copyright 1988,1990,1993,1994 by Paul Vixie
4 * All rights reserved
5 *
6 * Distribute freely, except: don't remove my name from the source or
7 * documentation (don't take credit for my work), mark your changes (don't
8 * get me blamed for your possible bugs), don't alter or remove this
9 * notice. May be sold if buildable source is provided to buyer. No
10 * warrantee of any kind, express or implied, is included with this
11 * software; use at your own risk, responsibility for damages (if any) to
12 * anyone resulting from the use of this software rests entirely with the
13 * user.
14 *
15 * Send bug reports, bug fixes, enhancements, requests, flames, etc., and
16 * I'll try to keep a version up to date. I can be reached as follows:
17 * Paul Vixie <paul@vix.com> uunet!decwrl!vixie!paul
18 */
19
20 #include <sys/cdefs.h>
21 #if !defined(lint) && !defined(LINT)
22 #if 0
23 static char rcsid[] = "Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp";
24 #else
25 __RCSID("$NetBSD: crontab.c,v 1.32 2009/04/11 12:55:29 lukem Exp $");
26 #endif
27 #endif
28
29 /* crontab - install and manage per-user crontab files
30 * vix 02may87 [RCS has the rest of the log]
31 * vix 26jan87 [original]
32 */
33
34
35 #define MAXCRONTABSIZE (1024*256) /* max crontab size == 256 KB */
36
37
38 #define MAIN_PROGRAM
39
40
41 #include "cron.h"
42 #include <errno.h>
43 #include <fcntl.h>
44 #include <err.h>
45 #include <sys/file.h>
46 #include <sys/stat.h>
47 #ifdef USE_UTIMES
48 # include <sys/time.h>
49 #else
50 # include <utime.h>
51 #endif
52 #if defined(POSIX)
53 # include <locale.h>
54 #endif
55 #include <time.h>
56 #include <signal.h>
57
58
59 #define NHEADER_LINES 3
60
61
62 enum opt_t { opt_unknown, opt_list, opt_delete, opt_edit, opt_replace };
63
64 #if DEBUGGING
65 static const char *Options[] = { "???", "list", "delete", "edit", "replace" };
66 #endif
67
68
69 static PID_T Pid;
70 static char User[MAX_UNAME], RealUser[MAX_UNAME];
71 static char Filename[MAX_FNAME];
72 static FILE *NewCrontab;
73 static int CheckErrorCount;
74 static enum opt_t Option;
75 static struct passwd *pw;
76 static void list_cmd(void),
77 delete_cmd(void),
78 edit_cmd(void),
79 poke_daemon(void),
80 check_error(const char *),
81 parse_args(int c, char *v[]),
82 skip_header(int *, FILE *),
83 usage(const char *);
84 static int replace_cmd(void);
85
86
87 static void
88 usage(const char *msg)
89 {
90 fprintf(stderr, "%s: usage error: %s\n", getprogname(), msg);
91 fprintf(stderr, "usage:\t%s [-u user] file\n", getprogname());
92 fprintf(stderr, "\t%s [-u user] [ -e | -l | -r ]\n", getprogname());
93 fprintf(stderr, "\t\t(default operation is replace, per 1003.2)\n");
94 fprintf(stderr, "\t-e\t(edit user's crontab)\n");
95 fprintf(stderr, "\t-l\t(list user's crontab)\n");
96 fprintf(stderr, "\t-r\t(delete user's crontab)\n");
97 exit(ERROR_EXIT);
98 }
99
100
101 int
102 main(int argc, char **argv)
103 {
104 int exitstatus;
105
106 setprogname(argv[0]);
107 Pid = getpid();
108
109 #if defined(POSIX)
110 setlocale(LC_ALL, "");
111 #endif
112
113 #if defined(BSD)
114 setlinebuf(stderr);
115 #endif
116 parse_args(argc, argv); /* sets many globals, opens a file */
117 set_cron_uid();
118 set_cron_cwd();
119 if (!allowed(User)) {
120 fprintf(stderr,
121 "You (%s) are not allowed to use this program (%s)\n",
122 User, getprogname());
123 fprintf(stderr, "See crontab(1) for more information\n");
124 log_it(RealUser, Pid, "AUTH", "crontab command not allowed");
125 exit(ERROR_EXIT);
126 }
127 exitstatus = OK_EXIT;
128 switch (Option) {
129 case opt_list: list_cmd();
130 break;
131 case opt_delete: delete_cmd();
132 break;
133 case opt_edit: edit_cmd();
134 break;
135 case opt_replace: if (replace_cmd() < 0)
136 exitstatus = ERROR_EXIT;
137 break;
138 case opt_unknown:
139 usage("unrecognized option");
140 break;
141 }
142 exit(0);
143 /*NOTREACHED*/
144 }
145
146
147 static void
148 parse_args(int argc, char **argv)
149 {
150 int argch;
151
152 if (!(pw = getpwuid(getuid()))) {
153 warnx("your UID isn't in the passwd file. bailing out.");
154 exit(ERROR_EXIT);
155 }
156 strlcpy(User, pw->pw_name, sizeof(User));
157 strlcpy(RealUser, User, sizeof(RealUser));
158 Filename[0] = '\0';
159 Option = opt_unknown;
160 while (-1 != (argch = getopt(argc, argv, "u:lerx:"))) {
161 switch (argch) {
162 case 'x':
163 if (!set_debug_flags(optarg))
164 usage("bad debug option");
165 break;
166 case 'u':
167 if (getuid() != ROOT_UID)
168 {
169 warnx("must be privileged to use -u");
170 exit(ERROR_EXIT);
171 }
172 if (!(pw = getpwnam(optarg)))
173 {
174 warnx("user `%s' unknown", optarg);
175 exit(ERROR_EXIT);
176 }
177 (void) strlcpy(User, optarg, sizeof(User));
178 break;
179 case 'l':
180 if (Option != opt_unknown)
181 usage("only one operation permitted");
182 Option = opt_list;
183 break;
184 case 'r':
185 if (Option != opt_unknown)
186 usage("only one operation permitted");
187 Option = opt_delete;
188 break;
189 case 'e':
190 if (Option != opt_unknown)
191 usage("only one operation permitted");
192 Option = opt_edit;
193 break;
194 default:
195 usage("unrecognized option");
196 }
197 }
198
199 endpwent();
200
201 if (Option != opt_unknown) {
202 if (argv[optind] != NULL) {
203 usage("no arguments permitted after this option");
204 }
205 } else {
206 if (argv[optind] != NULL) {
207 Option = opt_replace;
208 (void) strlcpy(Filename, argv[optind],
209 sizeof(Filename));
210 } else {
211 usage("file name must be specified for replace");
212 }
213 }
214
215 if (Option == opt_replace) {
216 /* we have to open the file here because we're going to
217 * chdir(2) into /var/cron before we get around to
218 * reading the file.
219 */
220 if (!strcmp(Filename, "-")) {
221 NewCrontab = stdin;
222 } else {
223 /* relinquish the setuid status of the binary during
224 * the open, lest nonroot users read files they should
225 * not be able to read. we can't use access() here
226 * since there's a race condition. thanks go out to
227 * Arnt Gulbrandsen <agulbra@pvv.unit.no> for spotting
228 * the race.
229 */
230
231 if (swap_uids() < OK) {
232 warn("cannot swap uids");
233 exit(ERROR_EXIT);
234 }
235 if (!(NewCrontab = fopen(Filename, "r"))) {
236 warn("cannot open %s", Filename);
237 exit(ERROR_EXIT);
238 }
239 if (swap_uids() < OK) {
240 warn("cannot swap uids back");
241 exit(ERROR_EXIT);
242 }
243 }
244 }
245
246 Debug(DMISC, ("user=%s, file=%s, option=%s\n",
247 User, Filename, Options[(int)Option]))
248 }
249
250 static void
251 skip_header(int *pch, FILE *f)
252 {
253 int ch;
254 int x;
255
256 /* ignore the top few comments since we probably put them there.
257 */
258 for (x = 0; x < NHEADER_LINES; x++) {
259 ch = get_char(f);
260 if (EOF == ch)
261 break;
262 if ('#' != ch)
263 break;
264 while (EOF != (ch = get_char(f)))
265 if (ch == '\n')
266 break;
267 if (EOF == ch)
268 break;
269 }
270 if (ch == '\n')
271 ch = get_char(f);
272
273 *pch = ch;
274 }
275
276
277 static void
278 list_cmd(void) {
279 char n[MAX_FNAME];
280 FILE *f;
281 int ch;
282
283 log_it(RealUser, Pid, "LIST", User);
284 (void) snprintf(n, sizeof(n), CRON_TAB(User));
285 if (!(f = fopen(n, "r"))) {
286 if (errno == ENOENT)
287 warnx("no crontab for %s", User);
288 else
289 warn("cannot open %s", n);
290 exit(ERROR_EXIT);
291 }
292
293 /* file is open. copy to stdout, close.
294 */
295 Set_LineNum(1)
296 skip_header(&ch, f);
297 for (; EOF != ch; ch = get_char(f))
298 putchar(ch);
299 fclose(f);
300 }
301
302
303 static void
304 delete_cmd(void) {
305 char n[MAX_FNAME];
306
307 log_it(RealUser, Pid, "DELETE", User);
308 (void) snprintf(n, sizeof(n), CRON_TAB(User));
309 if (unlink(n)) {
310 if (errno == ENOENT)
311 warnx("no crontab for %s", User);
312 else
313 warn("cannot unlink %s", n);
314 exit(ERROR_EXIT);
315 }
316 poke_daemon();
317 }
318
319
320 static void
321 check_error(const char *msg)
322 {
323 CheckErrorCount++;
324 fprintf(stderr, "\"%s\":%d: %s\n", Filename, LineNumber-1, msg);
325 }
326
327 static void
328 edit_cmd(void) {
329 char n[MAX_FNAME], q[MAX_TEMPSTR];
330 const char *editor;
331 FILE *f;
332 int ch, t;
333 struct stat statbuf;
334 time_t mtime;
335 long mtimensec;
336 WAIT_T waiter;
337 PID_T pid, xpid;
338 sig_t oint, oabrt;
339 char *edit;
340
341 log_it(RealUser, Pid, "BEGIN EDIT", User);
342 (void) snprintf(n, sizeof(n), CRON_TAB(User));
343 if (!(f = fopen(n, "r"))) {
344 if (errno != ENOENT) {
345 warn("cannot open %s", n);
346 exit(ERROR_EXIT);
347 }
348 warnx("no crontab for %s - using an empty one", User);
349 if (!(f = fopen("/dev/null", "r"))) {
350 warn("cannot open /dev/null");
351 exit(ERROR_EXIT);
352 }
353 }
354
355 (void) snprintf(Filename, sizeof(Filename), "/tmp/crontab.%d", Pid);
356 if (-1 == (t = open(Filename, O_CREAT|O_EXCL|O_RDWR, 0600))) {
357 warn("cannot open %s", Filename);
358 goto fatal;
359 }
360 #ifdef HAS_FCHOWN
361 if (fchown(t, getuid(), getgid()) < 0) {
362 #else
363 if (chown(Filename, getuid(), getgid()) < 0) {
364 #endif
365 warn("cannot chown %s", Filename);
366 goto fatal;
367 }
368 if (fcntl(t, F_SETFD, FD_CLOEXEC) == -1) {
369 warn("cannot set close on exec");
370 goto fatal;
371 }
372 if (!(NewCrontab = fdopen(t, "r+"))) {
373 warn("cannot open fd");
374 goto fatal;
375 }
376
377 Set_LineNum(1)
378 skip_header(&ch, f);
379
380 /* copy the rest of the crontab (if any) to the temp file.
381 */
382 for (; EOF != ch; ch = get_char(f))
383 putc(ch, NewCrontab);
384 fclose(f);
385 if (fflush(NewCrontab) < OK) {
386 warn("cannot flush output for %s", Filename);
387 exit(ERROR_EXIT);
388 }
389 again:
390 rewind(NewCrontab);
391 if (ferror(NewCrontab)) {
392 warn("error while writing new crontab to %s", Filename);
393 fatal: unlink(Filename);
394 exit(ERROR_EXIT);
395 }
396 if (fstat(t, &statbuf) < 0) {
397 warn("cannot stat %s", Filename);
398 goto fatal;
399 }
400 mtime = statbuf.st_mtime;
401 mtimensec = statbuf.st_mtimensec;
402
403 if ((!(editor = getenv("VISUAL")))
404 && (!(editor = getenv("EDITOR")))
405 ) {
406 editor = EDITOR;
407 }
408
409 /* we still have the file open. editors will generally rewrite the
410 * original file rather than renaming/unlinking it and starting a
411 * new one; even backup files are supposed to be made by copying
412 * rather than by renaming. if some editor does not support this,
413 * then don't use it. the security problems are more severe if we
414 * close and reopen the file around the edit.
415 */
416 oint = signal(SIGINT, SIG_IGN);
417 oabrt = signal(SIGABRT, SIG_IGN);
418
419 switch (pid = fork()) {
420 case -1:
421 warn("cannot fork");
422 goto fatal;
423 case 0:
424 /* child */
425 if (setuid(getuid()) < 0) {
426 warn("cannot setuid(getuid())");
427 exit(ERROR_EXIT);
428 }
429 if (chdir("/tmp") < 0) {
430 warn("cannot chdir(/tmp)");
431 exit(ERROR_EXIT);
432 }
433 asprintf(&edit, "%s %s", editor, Filename);
434 if (system(edit) == -1) {
435 warn("Cannot run editor %s", editor);
436 exit(ERROR_EXIT);
437 } else
438 exit(OK_EXIT);
439 /*NOTREACHED*/
440 default:
441 /* parent */
442 break;
443 }
444 /* parent */
445 xpid = wait(&waiter);
446 if (xpid != pid) {
447 warnx("wrong PID (%d != %d) from \"%s\"", xpid, pid, editor);
448 goto fatal;
449 }
450 (void)signal(SIGINT, oint);
451 (void)signal(SIGABRT, oabrt);
452
453 if (WIFEXITED(waiter) && WEXITSTATUS(waiter)) {
454 warnx("\"%s\" exited with status %d",
455 editor, WEXITSTATUS(waiter));
456 goto fatal;
457 }
458 if (WIFSIGNALED(waiter)) {
459 warnx("\"%s\" killed; signal %d (%score dumped)",
460 editor, WTERMSIG(waiter), WCOREDUMP(waiter) ?"" :"no ");
461 goto fatal;
462 }
463 if (fstat(t, &statbuf) < 0) {
464 warn("cannot stat %s", Filename);
465 goto fatal;
466 }
467 if (mtime == statbuf.st_mtime && mtimensec == statbuf.st_mtimensec) {
468 warnx("no changes made to crontab");
469 goto remove;
470 }
471 warnx("installing new crontab");
472 switch (replace_cmd()) {
473 case 0:
474 break;
475 case -1:
476 for (;;) {
477 fpurge(stdin);
478 printf("Do you want to retry the same edit? ");
479 fflush(stdout);
480 q[0] = '\0';
481 (void) fgets(q, sizeof q, stdin);
482 switch (tolower((unsigned char)q[0])) {
483 case 'y':
484 goto again;
485 case 'n':
486 goto abandon;
487 default:
488 fprintf(stderr, "Enter Y or N\n");
489 }
490 }
491 /*NOTREACHED*/
492 case -2:
493 abandon:
494 warnx("edits left in %s", Filename);
495 goto done;
496 default:
497 warnx("panic: bad switch() in replace_cmd()");
498 goto fatal;
499 }
500 remove:
501 unlink(Filename);
502 done:
503 log_it(RealUser, Pid, "END EDIT", User);
504 }
505
506
507 /* returns 0 on success
508 * -1 on syntax error
509 * -2 on install error
510 */
511 static int
512 replace_cmd(void) {
513 char n[MAX_FNAME], n2[MAX_FNAME], envstr[MAX_ENVSTR], tn[MAX_FNAME];
514 FILE *tmp, *fmaxtabsize;
515 int ch, eof, lastch;
516 entry *e;
517 time_t now = time(NULL);
518 char **envp = env_init(), *tnp = NULL;
519 size_t maxtabsize;
520 struct stat statbuf;
521 int val = -2;
522
523 (void) snprintf(n, sizeof(n), "tmp.%d", Pid);
524 (void) snprintf(tn, sizeof(tn), CRON_TAB(n));
525 if (!(tmp = fopen(tn, "w+"))) {
526 warn("Cannot open %s", tn);
527 goto out;
528 }
529 tnp = tn;
530
531 /* Make sure that the crontab is not an unreasonable size.
532 *
533 * XXX This is subject to a race condition--the user could
534 * add stuff to the file after we've checked the size but
535 * before we slurp it in and write it out. We can't just move
536 * the test to test the temp file we later create, because by
537 * that time we've already filled up the crontab disk. Probably
538 * the right thing to do is to do a bytecount in the copy loop
539 * rather than stating the file we're about to read.
540 */
541 (void) snprintf(n2, sizeof(n), "%s/%s", CRONDIR, MAXTABSIZE_FILE);
542 if ((fmaxtabsize = fopen(n2, "r"))) {
543 if (fgets(n2, sizeof(n2), fmaxtabsize) == NULL) {
544 maxtabsize = 0;
545 } else {
546 maxtabsize = atoi(n2);
547 }
548 fclose(fmaxtabsize);
549 } else {
550 maxtabsize = MAXTABSIZE_DEFAULT;
551 }
552
553 if (fstat(fileno(NewCrontab), &statbuf)) {
554 warn("error stat'ing crontab input");
555 goto out;
556 }
557 if ((uintmax_t)statbuf.st_size > (uintmax_t)maxtabsize) {
558 warnx("%ld bytes is larger than the maximum size of %ld bytes",
559 (long) statbuf.st_size, (long) maxtabsize);
560 val = -1;
561 goto out;
562 }
563
564 /* write a signature at the top of the file.
565 *
566 * VERY IMPORTANT: make sure NHEADER_LINES agrees with this code.
567 */
568 fprintf(tmp, "# DO NOT EDIT THIS FILE - edit the master and reinstall.\n");
569 fprintf(tmp, "# (%s installed on %-24.24s)\n", Filename, ctime(&now));
570 fprintf(tmp, "# (Cron version -- %s)\n",
571 "$NetBSD: crontab.c,v 1.32 2009/04/11 12:55:29 lukem Exp $");
572
573 /* copy the crontab to the tmp
574 */
575 rewind(NewCrontab);
576 Set_LineNum(1)
577 lastch = EOF;
578 while (EOF != (ch = get_char(NewCrontab))) {
579 putc(ch, tmp);
580 lastch = ch;
581 }
582 if (lastch != EOF && lastch != '\n') {
583 warnx("missing trailing newline in %s", Filename);
584 val = -1;
585 goto out;
586 }
587
588 if (ferror(NewCrontab)) {
589 warn("error while reading %s", Filename);
590 goto out;
591 }
592
593 ftruncate(fileno(tmp), ftell(tmp)); /* XXX this should be a NOOP - is */
594 fflush(tmp);
595
596 if (ferror(tmp)) {
597 warn("error while writing new crontab to %s", tn);
598 goto out;
599 }
600 rewind(tmp);
601
602 /* check the syntax of the file being installed.
603 */
604
605 /* BUG: was reporting errors after the EOF if there were any errors
606 * in the file proper -- kludged it by stopping after first error.
607 * vix 31mar87
608 */
609 Set_LineNum(1 - NHEADER_LINES)
610 CheckErrorCount = 0; eof = FALSE;
611 while (!CheckErrorCount && !eof) {
612 switch (load_env(envstr, tmp)) {
613 case ERR:
614 eof = TRUE;
615 break;
616 case FALSE:
617 e = load_entry(tmp, check_error, pw, envp);
618 if (e)
619 free(e);
620 break;
621 case TRUE:
622 break;
623 }
624 }
625
626 if (CheckErrorCount != 0) {
627 warnx("errors in crontab file, can't install");
628 val = -1;
629 goto out;
630 }
631
632 #ifdef HAS_FCHOWN
633 if (fchown(fileno(tmp), ROOT_UID, -1) < OK)
634 #else
635 if (chown(tn, ROOT_UID, -1) < OK)
636 #endif
637 {
638 warn("cannot chown %s", tn);
639 goto out;
640 }
641
642 #ifdef HAS_FCHMOD
643 if (fchmod(fileno(tmp), 0600) < OK)
644 #else
645 if (chmod(tn, 0600) < OK)
646 #endif
647 {
648 warn("cannot chmod %s", tn);
649 goto out;
650 }
651
652 if (fclose(tmp) == EOF) {
653 tmp = NULL;
654 warn("error closing file");
655 goto out;
656 }
657 tmp = NULL;
658
659 (void) snprintf(n, sizeof(n), CRON_TAB(User));
660 if (rename(tn, n)) {
661 warn("error renaming %s to %s", tn, n);
662 goto out;
663 }
664 log_it(RealUser, Pid, "REPLACE", User);
665
666 poke_daemon();
667 free(envp);
668 return (0);
669 out:
670 if (tmp)
671 fclose(tmp);
672 if (tnp)
673 unlink(tnp);
674 free(envp);
675 return val;
676 }
677
678
679 static void
680 poke_daemon(void) {
681 #ifdef USE_UTIMES
682 struct timeval tvs[2];
683 struct timezone tz;
684
685 (void) gettimeofday(&tvs[0], &tz);
686 tvs[1] = tvs[0];
687 if (utimes(SPOOL_DIR, tvs) < OK) {
688 warn("can't update mtime on spooldir %s", SPOOL_DIR);
689 return;
690 }
691 #else
692 if (utime(SPOOL_DIR, NULL) < OK) {
693 warn("can't update mtime on spooldir %s", SPOOL_DIR);
694 return;
695 }
696 #endif /*USE_UTIMES*/
697 }
NetBSD on the FriendlyARM MINI2440