search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
dmake: do not set MAKEFLAGS=k
[unleashed/tickless.git] / usr / src / cmd / cron / crontab.c
blob29779ef68976e324739790219571b78c41d511a4
1 /*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21 /*
22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 * Use is subject to license terms.
24 */
25 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
26 /* All Rights Reserved */
27
28
29 #include <sys/types.h>
30 #include <sys/stat.h>
31 #include <sys/types.h>
32 #include <sys/wait.h>
33 #include <errno.h>
34 #include <signal.h>
35 #include <stdio.h>
36 #include <stdlib.h>
37 #include <string.h>
38 #include <fcntl.h>
39 #include <ctype.h>
40 #include <pwd.h>
41 #include <unistd.h>
42 #include <locale.h>
43 #include <nl_types.h>
44 #include <langinfo.h>
45 #include <libintl.h>
46 #include <security/pam_appl.h>
47 #include <limits.h>
48 #include "cron.h"
49 #include "getresponse.h"
50
51 #define VIPATH "vi"
52
53 #define TMPFILE "_cron" /* prefix for tmp file */
54 #define CRMODE 0600 /* mode for creating crontabs */
55
56 #define BADCREATE \
57 "can't create your crontab file in the crontab directory."
58 #define BADOPEN "can't open your crontab file."
59 #define BADSHELL \
60 "because your login shell isn't /usr/bin/sh, you can't use cron."
61 #define WARNSHELL "warning: commands will be executed using /usr/bin/sh\n"
62 #define BADUSAGE \
63 "usage:\n" \
64 "\tcrontab [file]\n" \
65 "\tcrontab -e [username]\n" \
66 "\tcrontab -l [username]\n" \
67 "\tcrontab -r [username]"
68 #define INVALIDUSER "you are not a valid user (no entry in /etc/passwd)."
69 #define NOTALLOWED "you are not authorized to use cron. Sorry."
70 #define NOTROOT \
71 "you must be super-user to access another user's crontab file"
72 #define AUDITREJECT "The audit context for your shell has not been set."
73 #define EOLN "unexpected end of line."
74 #define UNEXPECT "unexpected character found in line."
75 #define OUTOFBOUND "number out of bounds."
76 #define ERRSFND "errors detected in input, no crontab file generated."
77 #define ED_ERROR \
78 " The editor indicates that an error occurred while you were\n"\
79 " editing the crontab data - usually a minor typing error.\n\n"
80 #define BADREAD "error reading your crontab file"
81 #define ED_PROMPT \
82 " Edit again, to ensure crontab information is intact? "
83 #define NAMETOOLONG "login name too long"
84 #define BAD_SHELL "Invalid shell specified: %s"
85 #define BAD_HOME "Unable to access directory: %s\t%s\n"
86
87 extern int per_errno;
88
89 extern int audit_crontab_modify(char *, char *, int);
90 extern int audit_crontab_delete(char *, int);
91 extern int audit_crontab_not_allowed(uid_t, char *);
92
93 int err;
94 int cursor;
95 char *cf;
96 char *tnam;
97 char edtemp[5+13+1];
98 char line[CTLINESIZE];
99 static char login[UNAMESIZE];
100
101 static int next_field(int, int);
102 static void catch(int);
103 static void crabort(char *);
104 static void cerror(char *);
105 static void copycron(FILE *);
106
107 int
108 main(int argc, char **argv)
109 {
110 int c, r;
111 int rflag = 0;
112 int lflag = 0;
113 int eflag = 0;
114 int errflg = 0;
115 char *pp;
116 FILE *fp, *tmpfp;
117 struct stat stbuf;
118 struct passwd *pwp;
119 time_t omodtime;
120 char *editor;
121 uid_t ruid;
122 pid_t pid;
123 int stat_loc;
124 int ret;
125 char real_login[UNAMESIZE];
126 int tmpfd = -1;
127 pam_handle_t *pamh;
128 int pam_error;
129 char *buf;
130 size_t buflen;
131
132 (void) setlocale(LC_ALL, "");
133 #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */
134 #define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */
135 #endif
136 (void) textdomain(TEXT_DOMAIN);
137
138 if (init_yes() < 0) {
139 (void) fprintf(stderr, gettext(ERR_MSG_INIT_YES),
140 strerror(errno));
141 exit(1);
142 }
143
144 while ((c = getopt(argc, argv, "elr")) != EOF)
145 switch (c) {
146 case 'e':
147 eflag++;
148 break;
149 case 'l':
150 lflag++;
151 break;
152 case 'r':
153 rflag++;
154 break;
155 case '?':
156 errflg++;
157 break;
158 }
159
160 if (eflag + lflag + rflag > 1)
161 errflg++;
162
163 argc -= optind;
164 argv += optind;
165 if (errflg || argc > 1)
166 crabort(BADUSAGE);
167
168 ruid = getuid();
169 if ((pwp = getpwuid(ruid)) == NULL)
170 crabort(INVALIDUSER);
171
172 if (strlcpy(real_login, pwp->pw_name, sizeof (real_login))
173 >= sizeof (real_login))
174 crabort(NAMETOOLONG);
175
176 if ((eflag || lflag || rflag) && argc == 1) {
177 if ((pwp = getpwnam(*argv)) == NULL)
178 crabort(INVALIDUSER);
179
180 if (!cron_admin(real_login)) {
181 if (pwp->pw_uid != ruid)
182 crabort(NOTROOT);
183 else
184 pp = getuser(ruid);
185 } else
186 pp = *argv++;
187 } else {
188 pp = getuser(ruid);
189 }
190
191 if (pp == NULL) {
192 if (per_errno == 2)
193 crabort(BADSHELL);
194 else
195 crabort(INVALIDUSER);
196 }
197 if (strlcpy(login, pp, sizeof (login)) >= sizeof (login))
198 crabort(NAMETOOLONG);
199 if (!allowed(login, CRONALLOW, CRONDENY))
200 crabort(NOTALLOWED);
201
202 /* Do account validation check */
203 pam_error = pam_start("cron", pp, NULL, &pamh);
204 if (pam_error != PAM_SUCCESS) {
205 crabort((char *)pam_strerror(pamh, pam_error));
206 }
207 pam_error = pam_acct_mgmt(pamh, PAM_SILENT);
208 if (pam_error != PAM_SUCCESS) {
209 (void) fprintf(stderr, gettext("Warning - Invalid account: "
210 "'%s' not allowed to execute cronjobs\n"), pp);
211 }
212 (void) pam_end(pamh, PAM_SUCCESS);
213
214
215 /* check for unaudited shell */
216 if (audit_crontab_not_allowed(ruid, pp))
217 crabort(AUDITREJECT);
218
219 cf = xmalloc(strlen(CRONDIR)+strlen(login)+2);
220 strcat(strcat(strcpy(cf, CRONDIR), "/"), login);
221
222 if (rflag) {
223 r = unlink(cf);
224 cron_sendmsg(DELETE, login, login, CRON);
225 audit_crontab_delete(cf, r);
226 exit(0);
227 }
228 if (lflag) {
229 if ((fp = fopen(cf, "r")) == NULL)
230 crabort(BADOPEN);
231 while (fgets(line, CTLINESIZE, fp) != NULL)
232 fputs(line, stdout);
233 fclose(fp);
234 exit(0);
235 }
236 if (eflag) {
237 if ((fp = fopen(cf, "r")) == NULL) {
238 if (errno != ENOENT)
239 crabort(BADOPEN);
240 }
241 (void) strcpy(edtemp, "/tmp/crontabXXXXXX");
242 tmpfd = mkstemp(edtemp);
243 if (fchown(tmpfd, ruid, -1) == -1) {
244 (void) close(tmpfd);
245 crabort("fchown of temporary file failed");
246 }
247 (void) close(tmpfd);
248 /*
249 * Fork off a child with user's permissions,
250 * to edit the crontab file
251 */
252 if ((pid = fork()) == (pid_t)-1)
253 crabort("fork failed");
254 if (pid == 0) { /* child process */
255 /* give up super-user privileges. */
256 setuid(ruid);
257 if ((tmpfp = fopen(edtemp, "w")) == NULL)
258 crabort("can't create temporary file");
259 if (fp != NULL) {
260 /*
261 * Copy user's crontab file to temporary file.
262 */
263 while (fgets(line, CTLINESIZE, fp) != NULL) {
264 fputs(line, tmpfp);
265 if (ferror(tmpfp)) {
266 fclose(fp);
267 fclose(tmpfp);
268 crabort("write error on"
269 "temporary file");
270 }
271 }
272 if (ferror(fp)) {
273 fclose(fp);
274 fclose(tmpfp);
275 crabort(BADREAD);
276 }
277 fclose(fp);
278 }
279 if (fclose(tmpfp) == EOF)
280 crabort("write error on temporary file");
281 if (stat(edtemp, &stbuf) < 0)
282 crabort("can't stat temporary file");
283 omodtime = stbuf.st_mtime;
284 editor = getenv("EDITOR");
285 if (editor == NULL)
286 editor = VIPATH;
287 buflen = strlen(editor) + strlen(edtemp) + 2;
288 buf = xmalloc(buflen);
289 (void) snprintf(buf, buflen, "%s %s", editor, edtemp);
290
291 sleep(1);
292
293 while (1) {
294 ret = system(buf);
295
296 /* sanity checks */
297 if ((tmpfp = fopen(edtemp, "r")) == NULL)
298 crabort("can't open temporary file");
299 if (fstat(fileno(tmpfp), &stbuf) < 0)
300 crabort("can't stat temporary file");
301 if (stbuf.st_size == 0)
302 crabort("temporary file empty");
303 if (omodtime == stbuf.st_mtime) {
304 (void) unlink(edtemp);
305 fprintf(stderr, gettext(
306 "The crontab file was not"
307 " changed.\n"));
308 exit(1);
309 }
310 if ((ret) && (errno != EINTR)) {
311 /*
312 * Some editors (like 'vi') can return
313 * a non-zero exit status even though
314 * everything is okay. Need to check.
315 */
316 fprintf(stderr, gettext(ED_ERROR));
317 fflush(stderr);
318 if (isatty(fileno(stdin))) {
319 /* Interactive */
320 fprintf(stdout,
321 gettext(ED_PROMPT));
322 fflush(stdout);
323
324 if (yes()) {
325 /* Edit again */
326 continue;
327 } else {
328 /* Dump changes */
329 (void) unlink(edtemp);
330 exit(1);
331 }
332 } else {
333 /*
334 * Non-interactive, dump changes
335 */
336 (void) unlink(edtemp);
337 exit(1);
338 }
339 }
340 exit(0);
341 } /* while (1) */
342 }
343
344 /* fix for 1125555 - ignore common signals while waiting */
345 (void) signal(SIGINT, SIG_IGN);
346 (void) signal(SIGHUP, SIG_IGN);
347 (void) signal(SIGQUIT, SIG_IGN);
348 (void) signal(SIGTERM, SIG_IGN);
349 wait(&stat_loc);
350 if ((stat_loc & 0xFF00) != 0)
351 exit(1);
352
353 /*
354 * unlink edtemp as 'ruid'. The file contents will be held
355 * since we open the file descriptor 'tmpfp' before calling
356 * unlink.
357 */
358 if (((ret = seteuid(ruid)) < 0) ||
359 ((tmpfp = fopen(edtemp, "r")) == NULL) ||
360 (unlink(edtemp) == -1)) {
361 fprintf(stderr, "crontab: %s: %s\n",
362 edtemp, errmsg(errno));
363 if ((ret < 0) || (tmpfp == NULL))
364 (void) unlink(edtemp);
365 exit(1);
366 } else
367 seteuid(0);
368
369 copycron(tmpfp);
370 } else {
371 if (argc == 0)
372 copycron(stdin);
373 else if (seteuid(getuid()) != 0 || (fp = fopen(argv[0], "r"))
374 == NULL)
375 crabort(BADOPEN);
376 else {
377 seteuid(0);
378 copycron(fp);
379 }
380 }
381 cron_sendmsg(ADD, login, login, CRON);
382 /*
383 * if (per_errno == 2)
384 * fprintf(stderr, gettext(WARNSHELL));
385 */
386 return (0);
387 }
388
389 static void
390 copycron(fp)
391 FILE *fp;
392 {
393 FILE *tfp;
394 char pid[6], *tnam_end;
395 int t;
396 char buf[LINE_MAX];
397
398 sprintf(pid, "%-5d", getpid());
399 tnam = xmalloc(strlen(CRONDIR)+strlen(TMPFILE)+7);
400 strcat(strcat(strcat(strcpy(tnam, CRONDIR), "/"), TMPFILE), pid);
401 /* cut trailing blanks */
402 tnam_end = strchr(tnam, ' ');
403 if (tnam_end != NULL)
404 *tnam_end = 0;
405 /* catch SIGINT, SIGHUP, SIGQUIT signals */
406 if (signal(SIGINT, catch) == SIG_IGN)
407 signal(SIGINT, SIG_IGN);
408 if (signal(SIGHUP, catch) == SIG_IGN) signal(SIGHUP, SIG_IGN);
409 if (signal(SIGQUIT, catch) == SIG_IGN) signal(SIGQUIT, SIG_IGN);
410 if (signal(SIGTERM, catch) == SIG_IGN) signal(SIGTERM, SIG_IGN);
411 if ((t = creat(tnam, CRMODE)) == -1) crabort(BADCREATE);
412 if ((tfp = fdopen(t, "w")) == NULL) {
413 unlink(tnam);
414 crabort(BADCREATE);
415 }
416 err = 0; /* if errors found, err set to 1 */
417 while (fgets(line, CTLINESIZE, fp) != NULL) {
418 cursor = 0;
419 while (line[cursor] == ' ' || line[cursor] == '\t')
420 cursor++;
421 /* fix for 1039689 - treat blank line like a comment */
422 if (line[cursor] == '#' || line[cursor] == '\n')
423 goto cont;
424
425 if (strncmp(&line[cursor], ENV_TZ, strlen(ENV_TZ)) == 0) {
426 char *x;
427
428 strncpy(buf, &line[cursor + strlen(ENV_TZ)],
429 sizeof (buf));
430 if ((x = strchr(buf, '\n')) != NULL)
431 *x = '\0';
432
433 goto cont;
434 } else if (strncmp(&line[cursor], ENV_SHELL,
435 strlen(ENV_SHELL)) == 0) {
436 char *x;
437
438 strncpy(buf, &line[cursor + strlen(ENV_SHELL)],
439 sizeof (buf));
440 if ((x = strchr(buf, '\n')) != NULL)
441 *x = '\0';
442
443 if (isvalid_shell(buf)) {
444 goto cont;
445 } else {
446 err = 1;
447 fprintf(stderr, BAD_SHELL, &line[cursor]);
448 continue;
449 }
450 } else if (strncmp(&line[cursor], ENV_HOME,
451 strlen(ENV_HOME)) == 0) {
452 char *x;
453
454 strncpy(buf, &line[cursor + strlen(ENV_HOME)],
455 sizeof (buf));
456 if ((x = strchr(buf, '\n')) != NULL)
457 *x = '\0';
458 if (chdir(buf) == 0) {
459 goto cont;
460 } else {
461 err = 1;
462 fprintf(stderr, BAD_HOME, &line[cursor],
463 strerror(errno));
464 continue;
465 }
466 }
467
468 if (next_field(0, 59)) continue;
469 if (next_field(0, 23)) continue;
470 if (next_field(1, 31)) continue;
471 if (next_field(1, 12)) continue;
472 if (next_field(0, 06)) continue;
473 if (line[++cursor] == '\0') {
474 cerror(EOLN);
475 continue;
476 }
477 cont:
478 if (fputs(line, tfp) == EOF) {
479 unlink(tnam);
480 crabort(BADCREATE);
481 }
482 }
483 fclose(fp);
484 fclose(tfp);
485
486 /* audit differences between old and new crontabs */
487 audit_crontab_modify(cf, tnam, err);
488
489 if (!err) {
490 /* make file tfp the new crontab */
491 unlink(cf);
492 if (link(tnam, cf) == -1) {
493 unlink(tnam);
494 crabort(BADCREATE);
495 }
496 } else {
497 crabort(ERRSFND);
498 }
499 unlink(tnam);
500 }
501
502 static int
503 next_field(lower, upper)
504 int lower, upper;
505 {
506 int num, num2;
507
508 while ((line[cursor] == ' ') || (line[cursor] == '\t')) cursor++;
509 if (line[cursor] == '\0') {
510 cerror(EOLN);
511 return (1);
512 }
513 if (line[cursor] == '*') {
514 cursor++;
515 if ((line[cursor] != ' ') && (line[cursor] != '\t')) {
516 cerror(UNEXPECT);
517 return (1);
518 }
519 return (0);
520 }
521 while (TRUE) {
522 if (!isdigit(line[cursor])) {
523 cerror(UNEXPECT);
524 return (1);
525 }
526 num = 0;
527 do {
528 num = num*10 + (line[cursor]-'0');
529 } while (isdigit(line[++cursor]));
530 if ((num < lower) || (num > upper)) {
531 cerror(OUTOFBOUND);
532 return (1);
533 }
534 if (line[cursor] == '-') {
535 if (!isdigit(line[++cursor])) {
536 cerror(UNEXPECT);
537 return (1);
538 }
539 num2 = 0;
540 do {
541 num2 = num2*10 + (line[cursor]-'0');
542 } while (isdigit(line[++cursor]));
543 if ((num2 < lower) || (num2 > upper)) {
544 cerror(OUTOFBOUND);
545 return (1);
546 }
547 }
548 if ((line[cursor] == ' ') || (line[cursor] == '\t')) break;
549 if (line[cursor] == '\0') {
550 cerror(EOLN);
551 return (1);
552 }
553 if (line[cursor++] != ',') {
554 cerror(UNEXPECT);
555 return (1);
556 }
557 }
558 return (0);
559 }
560
561 static void
562 cerror(msg)
563 char *msg;
564 {
565 fprintf(stderr, gettext("%scrontab: error on previous line; %s\n"),
566 line, msg);
567 err = 1;
568 }
569
570
571 static void
572 catch(int x)
573 {
574 unlink(tnam);
575 exit(1);
576 }
577
578 static void
579 crabort(msg)
580 char *msg;
581 {
582 int sverrno;
583
584 if (strcmp(edtemp, "") != 0) {
585 sverrno = errno;
586 (void) unlink(edtemp);
587 errno = sverrno;
588 }
589 if (tnam != NULL) {
590 sverrno = errno;
591 (void) unlink(tnam);
592 errno = sverrno;
593 }
594 fprintf(stderr, "crontab: %s\n", gettext(msg));
595 exit(1);
596 }
unleashed repo fork