xref: /titanic_50/usr/src/cmd/cron/cron.c (revision ee169c7e77bc5d28a401dde8533cbd38afd24ae1)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  *
25  * Copyright 2013 Joshua M. Clulow <josh@sysmgr.org>
26  *
27  * Copyright (c) 2014 Gary Mills
28  */
29 
30 /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
31 /*	  All Rights Reserved  	*/
32 
33 /*	Copyright (c) 1987, 1988 Microsoft Corporation	*/
34 /*	  All Rights Reserved	*/
35 
36 #ifdef lint
37 /* make lint happy */
38 #define	__EXTENSIONS__
39 #endif
40 
41 #include <sys/contract/process.h>
42 #include <sys/ctfs.h>
43 #include <sys/param.h>
44 #include <sys/resource.h>
45 #include <sys/stat.h>
46 #include <sys/task.h>
47 #include <sys/time.h>
48 #include <sys/types.h>
49 #include <sys/utsname.h>
50 #include <sys/wait.h>
51 
52 #include <security/pam_appl.h>
53 
54 #include <alloca.h>
55 #include <ctype.h>
56 #include <deflt.h>
57 #include <dirent.h>
58 #include <errno.h>
59 #include <fcntl.h>
60 #include <grp.h>
61 #include <libcontract.h>
62 #include <libcontract_priv.h>
63 #include <limits.h>
64 #include <locale.h>
65 #include <poll.h>
66 #include <project.h>
67 #include <pwd.h>
68 #include <signal.h>
69 #include <stdarg.h>
70 #include <stdio.h>
71 #include <stdlib.h>
72 #include <string.h>
73 #include <stropts.h>
74 #include <time.h>
75 #include <unistd.h>
76 #include <libzoneinfo.h>
77 
78 #include "cron.h"
79 
80 /*
81  * #define	DEBUG
82  */
83 
84 #define	MAIL		"/usr/bin/mail"	/* mail program to use */
85 #define	CONSOLE		"/dev/console"	/* where messages go when cron dies */
86 
87 #define	TMPINFILE	"/tmp/crinXXXXXX"  /* file to put stdin in for cmd  */
88 #define	TMPDIR		"/tmp"
89 #define	PFX		"crout"
90 #define	TMPOUTFILE	"/tmp/croutXXXXXX" /* file to place stdout, stderr */
91 
92 #define	INMODE		00400		/* mode for stdin file	*/
93 #define	OUTMODE		00600		/* mode for stdout file */
94 #define	ISUID		S_ISUID		/* mode for verifing at jobs */
95 
96 #define	INFINITY	2147483647L	/* upper bound on time	*/
97 #define	CUSHION		180L
98 #define	ZOMB		100		/* proc slot used for mailing output */
99 
100 #define	JOBF		'j'
101 #define	NICEF		'n'
102 #define	USERF		'u'
103 #define	WAITF		'w'
104 
105 #define	BCHAR		'>'
106 #define	ECHAR		'<'
107 
108 #define	DEFAULT		0
109 #define	LOAD		1
110 #define	QBUFSIZ		80
111 
112 /* Defined actions for crabort() routine */
113 #define	NO_ACTION	000
114 #define	REMOVE_FIFO	001
115 #define	CONSOLE_MSG	002
116 
117 #define	BADCD		"can't change directory to the crontab directory."
118 #define	NOREADDIR	"can't read the crontab directory."
119 
120 #define	BADJOBOPEN	"unable to read your at job."
121 #define	BADSHELL	"because your login shell \
122 isn't /usr/bin/sh, you can't use cron."
123 
124 #define	BADSTAT		"can't access your crontab or at-job file. Resubmit it."
125 #define	BADPROJID	"can't set project id for your job."
126 #define	CANTCDHOME	"can't change directory to %s.\
127 \nYour commands will not be executed."
128 #define	CANTEXECSH	"unable to exec the shell, %s, for one of your \
129 commands."
130 #define	CANT_STR_LEN (sizeof (CANTEXECSH) > sizeof (CANTCDHOME) ? \
131 	sizeof (CANTEXECSH) : sizeof (CANTCDHOME))
132 #define	NOREAD		"can't read your crontab file.  Resubmit it."
133 #define	BADTYPE		"crontab or at-job file is not a regular file.\n"
134 #define	NOSTDIN		"unable to create a standard input file for \
135 one of your crontab commands. \
136 \nThat command was not executed."
137 
138 #define	NOTALLOWED	"you are not authorized to use cron.  Sorry."
139 #define	STDERRMSG	"\n\n********************************************\
140 *****\nCron: The previous message is the \
141 standard output and standard error \
142 \nof one of your cron commands.\n"
143 
144 #define	STDOUTERR	"one of your commands generated output or errors, \
145 but cron was unable to mail you this output.\
146 \nRemember to redirect standard output and standard \
147 error for each of your commands."
148 
149 #define	CLOCK_DRIFT	"clock time drifted backwards after event!\n"
150 #define	PIDERR		"unexpected pid returned %d (ignored)"
151 #define	CRONTABERR	"Subject: Your crontab file has an error in it\n\n"
152 #define	MALLOCERR	"out of space, cannot create new string\n"
153 
154 #define	DIDFORK didfork
155 #define	NOFORK !didfork
156 
157 #define	MAILBUFLEN	(8*1024)
158 #define	LINELIMIT	80
159 #define	MAILBINITFREE	(MAILBUFLEN - (sizeof (cte_intro) - 1) \
160 	    - (sizeof (cte_trail1) - 1) - (sizeof (cte_trail2) - 1) - 1)
161 
162 #define	ERR_CRONTABENT	0	/* error in crontab file entry */
163 #define	ERR_UNIXERR	1	/* error in some system call */
164 #define	ERR_CANTEXECCRON 2	/* error setting up "cron" job environment */
165 #define	ERR_CANTEXECAT	3	/* error setting up "at" job environment */
166 #define	ERR_NOTREG	4	/* error not a regular file */
167 
168 #define	PROJECT		"project="
169 
170 #define	MAX_LOST_CONTRACTS	2048	/* reset if this many failed abandons */
171 
172 #define	FORMAT	"%a %b %e %H:%M:%S %Y"
173 static char	timebuf[80];
174 
175 static struct message msgbuf;
176 
177 struct shared {
178 	int count;			/* usage count */
179 	void (*free)(void *obj);	/* routine that will free obj */
180 	void *obj;			/* object */
181 };
182 
183 struct event {
184 	time_t time;	/* time of the event	*/
185 	short etype;	/* what type of event; 0=cron, 1=at	*/
186 	char *cmd;	/* command for cron, job name for at	*/
187 	struct usr *u;	/* ptr to the owner (usr) of this event	*/
188 	struct event *link;	/* ptr to another event for this user */
189 	union {
190 		struct { /* for crontab events */
191 			char *minute;	/*  (these	*/
192 			char *hour;	/*   fields	*/
193 			char *daymon;	/*   are	*/
194 			char *month;	/*   from	*/
195 			char *dayweek;	/*   crontab)	*/
196 			char *input;	/* ptr to stdin	*/
197 			struct shared *tz;	/* timezone of this event */
198 			struct shared *home;	/* directory for this event */
199 			struct shared *shell;	/* shell for this event */
200 		} ct;
201 		struct { /* for at events */
202 			short exists;	/* for revising at events	*/
203 			int eventid;	/* for el_remove-ing at events	*/
204 		} at;
205 	} of;
206 };
207 
208 struct usr {
209 	char *name;	/* name of user (e.g. "root")	*/
210 	char *home;	/* home directory for user	*/
211 	uid_t uid;	/* user id	*/
212 	gid_t gid;	/* group id	*/
213 	int aruncnt;	/* counter for running jobs per uid */
214 	int cruncnt;	/* counter for running cron jobs per uid */
215 	int ctid;	/* for el_remove-ing crontab events */
216 	short ctexists;	/* for revising crontab events	*/
217 	struct event *ctevents;	/* list of this usr's crontab events */
218 	struct event *atevents;	/* list of this usr's at events */
219 	struct usr *nextusr;
220 };	/* ptr to next user	*/
221 
222 static struct	queue
223 {
224 	int njob;	/* limit */
225 	int nice;	/* nice for execution */
226 	int nwait;	/* wait time to next execution attempt */
227 	int nrun;	/* number running */
228 }
229 	qd = {100, 2, 60},		/* default values for queue defs */
230 	qt[NQUEUE];
231 static struct	queue	qq;
232 
233 static struct runinfo
234 {
235 	pid_t	pid;
236 	short	que;
237 	struct  usr *rusr;	/* pointer to usr struct */
238 	char	*outfile;	/* file where stdout & stderr are trapped */
239 	short	jobtype;	/* what type of event: 0=cron, 1=at */
240 	char	*jobname;	/* command for "cron", jobname for "at" */
241 	int	mailwhendone;	/* 1 = send mail even if no ouptut */
242 	struct runinfo *next;
243 }	*rthead;
244 
245 static struct miscpid {
246 	pid_t		pid;
247 	struct miscpid	*next;
248 }	*miscpid_head;
249 
250 static pid_t cron_pid;	/* own pid */
251 static char didfork = 0; /* flag to see if I'm process group leader */
252 static int msgfd;	/* file descriptor for fifo queue */
253 static int ecid = 1;	/* event class id for el_remove(); MUST be set to 1 */
254 static int delayed;	/* is job being rescheduled or did it run first time */
255 static int cwd;		/* current working directory */
256 static struct event *next_event;	/* the next event to execute	*/
257 static struct usr *uhead;		/* ptr to the list of users	*/
258 
259 /* Variables for error handling at reading crontabs. */
260 static char cte_intro[] = "Line(s) with errors:\n\n";
261 static char cte_trail1[] = "\nMax number of errors encountered.";
262 static char cte_trail2[] = " Evaluation of crontab aborted.\n";
263 static int cte_free = MAILBINITFREE;	/* Free buffer space */
264 static char *cte_text = NULL;		/* Text buffer pointer */
265 static char *cte_lp;			/* Next free line in cte_text */
266 static int cte_nvalid;			/* Valid lines found */
267 
268 /* user's default environment for the shell */
269 #define	ROOTPATH	"PATH=/usr/sbin:/usr/bin"
270 #define	NONROOTPATH	"PATH=/usr/bin:"
271 
272 static char *Def_supath	= NULL;
273 static char *Def_path		= NULL;
274 static char path[LINE_MAX]	= "PATH=";
275 static char supath[LINE_MAX]	= "PATH=";
276 static char homedir[LINE_MAX]	= ENV_HOME;
277 static char logname[LINE_MAX]	= "LOGNAME=";
278 static char tzone[LINE_MAX]	= ENV_TZ;
279 static char *envinit[] = {
280 	homedir,
281 	logname,
282 	ROOTPATH,
283 	"SHELL=/usr/bin/sh",
284 	tzone,
285 	NULL
286 };
287 
288 extern char **environ;
289 
290 #define	DEFTZ		"GMT"
291 static	int	log = 0;
292 static	char	hzname[10];
293 
294 static void cronend(int);
295 static void thaw_handler(int);
296 static void child_handler(int);
297 static void child_sigreset(void);
298 
299 static void mod_ctab(char *, time_t);
300 static void mod_atjob(char *, time_t);
301 static void add_atevent(struct usr *, char *, time_t, int);
302 static void rm_ctevents(struct usr *);
303 static void cleanup(struct runinfo *rn, int r);
304 static void crabort(char *, int);
305 static void msg(char *fmt, ...);
306 static void ignore_msg(char *, char *, struct event *);
307 static void logit(int, struct runinfo *, int);
308 static void parsqdef(char *);
309 static void defaults();
310 static void initialize(int);
311 static void quedefs(int);
312 static int idle(long);
313 static struct usr *find_usr(char *);
314 static int ex(struct event *e);
315 static void read_dirs(int);
316 static void mail(char *, char *, int);
317 static char *next_field(int, int);
318 static void readcron(struct usr *, time_t);
319 static int next_ge(int, char *);
320 static void free_if_unused(struct usr *);
321 static void del_atjob(char *, char *);
322 static void del_ctab(char *);
323 static void resched(int);
324 static int msg_wait(long);
325 static struct runinfo *rinfo_get(pid_t);
326 static void rinfo_free(struct runinfo *rp);
327 static void mail_result(struct usr *p, struct runinfo *pr, size_t filesize);
328 static time_t next_time(struct event *, time_t);
329 static time_t get_switching_time(int, time_t);
330 static time_t xmktime(struct tm *);
331 static void process_msg(struct message *, time_t);
332 static void reap_child(void);
333 static void miscpid_insert(pid_t);
334 static int miscpid_delete(pid_t);
335 static void contract_set_template(void);
336 static void contract_clear_template(void);
337 static void contract_abandon_latest(pid_t);
338 
339 static void cte_init(void);
340 static void cte_add(int, char *);
341 static void cte_valid(void);
342 static int cte_istoomany(void);
343 static void cte_sendmail(char *);
344 
345 static int set_user_cred(const struct usr *, struct project *);
346 
347 static struct shared *create_shared_str(char *str);
348 static struct shared *dup_shared(struct shared *obj);
349 static void rel_shared(struct shared *obj);
350 static void *get_obj(struct shared *obj);
351 /*
352  * last_time is set immediately prior to exection of an event (via ex())
353  * to indicate the last time an event was executed.  This was (surely)
354  * it's original intended use.
355  */
356 static time_t last_time, init_time, t_old;
357 static int reset_needed; /* set to 1 when cron(1M) needs to re-initialize */
358 
359 static int		refresh;
360 static sigset_t		defmask, sigmask;
361 
362 /*
363  * BSM hooks
364  */
365 extern int	audit_cron_session(char *, char *, uid_t, gid_t, char *);
366 extern void	audit_cron_new_job(char *, int, void *);
367 extern void	audit_cron_bad_user(char *);
368 extern void	audit_cron_user_acct_expired(char *);
369 extern int	audit_cron_create_anc_file(char *, char *, char *, uid_t);
370 extern int	audit_cron_delete_anc_file(char *, char *);
371 extern int	audit_cron_is_anc_name(char *);
372 extern int	audit_cron_mode();
373 
374 static int cron_conv(int, struct pam_message **,
375 		struct pam_response **, void *);
376 
377 static struct pam_conv pam_conv = {cron_conv, NULL};
378 static pam_handle_t *pamh;	/* Authentication handle */
379 
380 /*
381  * Function to help check a user's credentials.
382  */
383 
384 static int verify_user_cred(struct usr *u);
385 
386 /*
387  * Values returned by verify_user_cred and set_user_cred:
388  */
389 
390 #define	VUC_OK		0
391 #define	VUC_BADUSER	1
392 #define	VUC_NOTINGROUP	2
393 #define	VUC_EXPIRED	3
394 #define	VUC_NEW_AUTH	4
395 
396 /*
397  * Modes of process_anc_files function
398  */
399 #define	CRON_ANC_DELETE	1
400 #define	CRON_ANC_CREATE	0
401 
402 /*
403  * Functions to remove a user or job completely from the running database.
404  */
405 static void clean_out_atjobs(struct usr *u);
406 static void clean_out_ctab(struct usr *u);
407 static void clean_out_user(struct usr *u);
408 static void cron_unlink(char *name);
409 static void process_anc_files(int);
410 
411 /*
412  * functions in elm.c
413  */
414 extern void el_init(int, time_t, time_t, int);
415 extern int el_add(void *, time_t, int);
416 extern void el_remove(int, int);
417 extern int el_empty(void);
418 extern void *el_first(void);
419 extern void el_delete(void);
420 
421 static int valid_entry(char *, int);
422 static struct usr *create_ulist(char *, int);
423 static void init_cronevent(char *, int);
424 static void init_atevent(char *, time_t, int, int);
425 static void update_atevent(struct usr *, char *, time_t, int);
426 
427 int
main(int argc,char * argv[])428 main(int argc, char *argv[])
429 {
430 	time_t t;
431 	time_t ne_time;		/* amt of time until next event execution */
432 	time_t newtime, lastmtime = 0L;
433 	struct usr *u;
434 	struct event *e, *e2, *eprev;
435 	struct stat buf;
436 	pid_t rfork;
437 	struct sigaction act;
438 
439 	/*
440 	 * reset_needed is set to 1 whenever el_add() finds out that a cron
441 	 * job is scheduled to be run before the time when cron(1M) daemon
442 	 * initialized.
443 	 * Other cases where a reset is needed is when ex() finds that the
444 	 * event to be executed is being run at the wrong time, or when idle()
445 	 * determines that time was reset.
446 	 * We immediately return to the top of the while (TRUE) loop in
447 	 * main() where the event list is cleared and rebuilt, and reset_needed
448 	 * is set back to 0.
449 	 */
450 	reset_needed = 0;
451 
452 	/*
453 	 * Only the privileged user can run this command.
454 	 */
455 	if (getuid() != 0)
456 		crabort(NOTALLOWED, 0);
457 
458 begin:
459 	(void) setlocale(LC_ALL, "");
460 	/* fork unless 'nofork' is specified */
461 	if ((argc <= 1) || (strcmp(argv[1], "nofork"))) {
462 		if (rfork = fork()) {
463 			if (rfork == (pid_t)-1) {
464 				(void) sleep(30);
465 				goto begin;
466 			}
467 			return (0);
468 		}
469 		didfork++;
470 		(void) setpgrp();	/* detach cron from console */
471 	}
472 
473 	(void) umask(022);
474 	(void) signal(SIGHUP, SIG_IGN);
475 	(void) signal(SIGINT, SIG_IGN);
476 	(void) signal(SIGQUIT, SIG_IGN);
477 	(void) signal(SIGTERM, cronend);
478 
479 	defaults();
480 	initialize(1);
481 	quedefs(DEFAULT);	/* load default queue definitions */
482 	cron_pid = getpid();
483 	msg("*** cron started ***   pid = %d", cron_pid);
484 
485 	/* setup THAW handler */
486 	act.sa_handler = thaw_handler;
487 	act.sa_flags = 0;
488 	(void) sigemptyset(&act.sa_mask);
489 	(void) sigaction(SIGTHAW, &act, NULL);
490 
491 	/* setup CHLD handler */
492 	act.sa_handler = child_handler;
493 	act.sa_flags = 0;
494 	(void) sigemptyset(&act.sa_mask);
495 	(void) sigaddset(&act.sa_mask, SIGCLD);
496 	(void) sigaction(SIGCLD, &act, NULL);
497 
498 	(void) sigemptyset(&defmask);
499 	(void) sigemptyset(&sigmask);
500 	(void) sigaddset(&sigmask, SIGCLD);
501 	(void) sigaddset(&sigmask, SIGTHAW);
502 	(void) sigprocmask(SIG_BLOCK, &sigmask, NULL);
503 
504 	t_old = init_time;
505 	last_time = t_old;
506 	for (;;) {		/* MAIN LOOP */
507 		t = time(NULL);
508 		if ((t_old > t) || (t-last_time > CUSHION) || reset_needed) {
509 			reset_needed = 0;
510 			/*
511 			 * the time was set backwards or forward or
512 			 * refresh is requested.
513 			 */
514 			if (refresh)
515 				msg("re-scheduling jobs");
516 			else
517 				msg("time was reset, re-initializing");
518 			el_delete();
519 			u = uhead;
520 			while (u != NULL) {
521 				rm_ctevents(u);
522 				e = u->atevents;
523 				while (e != NULL) {
524 					free(e->cmd);
525 					e2 = e->link;
526 					free(e);
527 					e = e2;
528 				}
529 				u->atevents = NULL;
530 				u = u->nextusr;
531 			}
532 			(void) close(msgfd);
533 			initialize(0);
534 			t = time(NULL);
535 			last_time = t;
536 			/*
537 			 * reset_needed might have been set in the functions
538 			 * call path from initialize()
539 			 */
540 			if (reset_needed) {
541 				continue;
542 			}
543 		}
544 		t_old = t;
545 
546 		if (next_event == NULL && !el_empty()) {
547 			next_event = (struct event *)el_first();
548 		}
549 		if (next_event == NULL) {
550 			ne_time = INFINITY;
551 		} else {
552 			ne_time = next_event->time - t;
553 #ifdef DEBUG
554 			cftime(timebuf, "%+", &next_event->time);
555 			(void) fprintf(stderr, "next_time=%ld %s\n",
556 			    next_event->time, timebuf);
557 #endif
558 		}
559 		if (ne_time > 0) {
560 			/*
561 			 * reset_needed may be set in the functions call path
562 			 * from idle()
563 			 */
564 			if (idle(ne_time) || reset_needed) {
565 				reset_needed = 1;
566 				continue;
567 			}
568 		}
569 
570 		if (stat(QUEDEFS, &buf)) {
571 			msg("cannot stat QUEDEFS file");
572 		} else if (lastmtime != buf.st_mtime) {
573 			quedefs(LOAD);
574 			lastmtime = buf.st_mtime;
575 		}
576 
577 		last_time = next_event->time; /* save execution time */
578 
579 		/*
580 		 * reset_needed may be set in the functions call path
581 		 * from ex()
582 		 */
583 		if (ex(next_event) || reset_needed) {
584 			reset_needed = 1;
585 			continue;
586 		}
587 
588 		switch (next_event->etype) {
589 		case CRONEVENT:
590 			/* add cronevent back into the main event list */
591 			if (delayed) {
592 				delayed = 0;
593 				break;
594 			}
595 
596 			/*
597 			 * check if time(0)< last_time. if so, then the
598 			 * system clock has gone backwards. to prevent this
599 			 * job from being started twice, we reschedule this
600 			 * job for the >>next time after last_time<<, and
601 			 * then set next_event->time to this. note that
602 			 * crontab's resolution is 1 minute.
603 			 */
604 
605 			if (last_time > time(NULL)) {
606 				msg(CLOCK_DRIFT);
607 				/*
608 				 * bump up to next 30 second
609 				 * increment
610 				 * 1 <= newtime <= 30
611 				 */
612 				newtime = 30 - (last_time % 30);
613 				newtime += last_time;
614 
615 				/*
616 				 * get the next scheduled event,
617 				 * not the one that we just
618 				 * kicked off!
619 				 */
620 				next_event->time =
621 				    next_time(next_event, newtime);
622 				t_old = time(NULL);
623 			} else {
624 				next_event->time =
625 				    next_time(next_event, (time_t)0);
626 			}
627 #ifdef DEBUG
628 			cftime(timebuf, "%+", &next_event->time);
629 			(void) fprintf(stderr,
630 			    "pushing back cron event %s at %ld (%s)\n",
631 			    next_event->cmd, next_event->time, timebuf);
632 #endif
633 
634 			switch (el_add(next_event, next_event->time,
635 			    (next_event->u)->ctid)) {
636 			case -1:
637 				ignore_msg("main", "cron", next_event);
638 				break;
639 			case -2: /* event time lower than init time */
640 				reset_needed = 1;
641 				break;
642 			}
643 			break;
644 		default:
645 			/* remove at or batch job from system */
646 			if (delayed) {
647 				delayed = 0;
648 				break;
649 			}
650 			eprev = NULL;
651 			e = (next_event->u)->atevents;
652 			while (e != NULL) {
653 				if (e == next_event) {
654 					if (eprev == NULL)
655 						(e->u)->atevents = e->link;
656 					else
657 						eprev->link = e->link;
658 					free(e->cmd);
659 					free(e);
660 					break;
661 				} else {
662 					eprev = e;
663 					e = e->link;
664 				}
665 			}
666 			break;
667 		}
668 		next_event = NULL;
669 	}
670 
671 	/*NOTREACHED*/
672 }
673 
674 static void
initialize(int firstpass)675 initialize(int firstpass)
676 {
677 #ifdef DEBUG
678 	(void) fprintf(stderr, "in initialize\n");
679 #endif
680 	if (firstpass) {
681 		/* for mail(1), make sure messages come from root */
682 		if (putenv("LOGNAME=root") != 0) {
683 			crabort("cannot expand env variable",
684 			    REMOVE_FIFO|CONSOLE_MSG);
685 		}
686 		if (access(FIFO, R_OK) == -1) {
687 			if (errno == ENOENT) {
688 				if (mknod(FIFO, S_IFIFO|0600, 0) != 0)
689 					crabort("cannot create fifo queue",
690 					    REMOVE_FIFO|CONSOLE_MSG);
691 			} else {
692 				if (NOFORK) {
693 					/* didn't fork... init(1M) is waiting */
694 					(void) sleep(60);
695 				}
696 				perror("FIFO");
697 				crabort("cannot access fifo queue",
698 				    REMOVE_FIFO|CONSOLE_MSG);
699 			}
700 		} else {
701 			if (NOFORK) {
702 				/* didn't fork... init(1M) is waiting */
703 				(void) sleep(60);
704 				/*
705 				 * the wait is painful, but we don't want
706 				 * init respawning this quickly
707 				 */
708 			}
709 			crabort("cannot start cron; FIFO exists", CONSOLE_MSG);
710 		}
711 	}
712 
713 	if ((msgfd = open(FIFO, O_RDWR)) < 0) {
714 		perror("! open");
715 		crabort("cannot open fifo queue", REMOVE_FIFO|CONSOLE_MSG);
716 	}
717 
718 	init_time = time(NULL);
719 	el_init(8, init_time, (time_t)(60*60*24), 10);
720 
721 	init_time = time(NULL);
722 	el_init(8, init_time, (time_t)(60*60*24), 10);
723 
724 	/*
725 	 * read directories, create users list, and add events to the
726 	 * main event list. Only zero user list on firstpass.
727 	 */
728 	if (firstpass)
729 		uhead = NULL;
730 	read_dirs(firstpass);
731 	next_event = NULL;
732 
733 	if (!firstpass)
734 		return;
735 
736 	/* stdout is log file */
737 	if (freopen(ACCTFILE, "a", stdout) == NULL)
738 		(void) fprintf(stderr, "cannot open %s\n", ACCTFILE);
739 
740 	/* log should be root-only */
741 	(void) fchmod(1, S_IRUSR|S_IWUSR);
742 
743 	/* stderr also goes to ACCTFILE */
744 	(void) close(fileno(stderr));
745 	(void) dup(1);
746 	/* null for stdin */
747 	(void) freopen("/dev/null", "r", stdin);
748 
749 	contract_set_template();
750 }
751 
752 static void
read_dirs(int first)753 read_dirs(int first)
754 {
755 	DIR		*dir;
756 	struct dirent	*dp;
757 	char		*ptr;
758 	int		jobtype;
759 	time_t		tim;
760 
761 
762 	if (chdir(CRONDIR) == -1)
763 		crabort(BADCD, REMOVE_FIFO|CONSOLE_MSG);
764 	cwd = CRON;
765 	if ((dir = opendir(".")) == NULL)
766 		crabort(NOREADDIR, REMOVE_FIFO|CONSOLE_MSG);
767 	while ((dp = readdir(dir)) != NULL) {
768 		if (!valid_entry(dp->d_name, CRONEVENT))
769 			continue;
770 		init_cronevent(dp->d_name, first);
771 	}
772 	(void) closedir(dir);
773 
774 	if (chdir(ATDIR) == -1) {
775 		msg("cannot chdir to at directory");
776 		return;
777 	}
778 	if ((dir = opendir(".")) == NULL) {
779 		msg("cannot read at at directory");
780 		return;
781 	}
782 	cwd = AT;
783 	while ((dp = readdir(dir)) != NULL) {
784 		if (!valid_entry(dp->d_name, ATEVENT))
785 			continue;
786 		ptr = dp->d_name;
787 		if (((tim = num(&ptr)) == 0) || (*ptr != '.'))
788 			continue;
789 		ptr++;
790 		if (!isalpha(*ptr))
791 			continue;
792 		jobtype = *ptr - 'a';
793 		if (jobtype >= NQUEUE) {
794 			cron_unlink(dp->d_name);
795 			continue;
796 		}
797 		init_atevent(dp->d_name, tim, jobtype, first);
798 	}
799 	(void) closedir(dir);
800 }
801 
802 static int
valid_entry(char * name,int type)803 valid_entry(char *name, int type)
804 {
805 	struct stat	buf;
806 
807 	if (strcmp(name, ".") == 0 ||
808 	    strcmp(name, "..") == 0)
809 		return (0);
810 
811 	/* skip over ancillary file names */
812 	if (audit_cron_is_anc_name(name))
813 		return (0);
814 
815 	if (stat(name, &buf)) {
816 		mail(name, BADSTAT, ERR_UNIXERR);
817 		cron_unlink(name);
818 		return (0);
819 	}
820 	if (!S_ISREG(buf.st_mode)) {
821 		mail(name, BADTYPE, ERR_NOTREG);
822 		cron_unlink(name);
823 		return (0);
824 	}
825 	if (type == ATEVENT) {
826 		if (!(buf.st_mode & ISUID)) {
827 			cron_unlink(name);
828 			return (0);
829 		}
830 	}
831 	return (1);
832 }
833 
834 struct usr *
create_ulist(char * name,int type)835 create_ulist(char *name, int type)
836 {
837 	struct usr	*u;
838 
839 	u = xcalloc(1, sizeof (struct usr));
840 	u->name = xstrdup(name);
841 	if (type == CRONEVENT) {
842 		u->ctexists = TRUE;
843 		u->ctid = ecid++;
844 	} else {
845 		u->ctexists = FALSE;
846 		u->ctid = 0;
847 	}
848 	u->uid = (uid_t)-1;
849 	u->gid = (uid_t)-1;
850 	u->nextusr = uhead;
851 	uhead = u;
852 	return (u);
853 }
854 
855 void
init_cronevent(char * name,int first)856 init_cronevent(char *name, int first)
857 {
858 	struct usr	*u;
859 
860 	if (first) {
861 		u = create_ulist(name, CRONEVENT);
862 		readcron(u, 0);
863 	} else {
864 		if ((u = find_usr(name)) == NULL) {
865 			u = create_ulist(name, CRONEVENT);
866 			readcron(u, 0);
867 		} else {
868 			u->ctexists = TRUE;
869 			rm_ctevents(u);
870 			el_remove(u->ctid, 0);
871 			readcron(u, 0);
872 		}
873 	}
874 }
875 
876 void
init_atevent(char * name,time_t tim,int jobtype,int first)877 init_atevent(char *name, time_t tim, int jobtype, int first)
878 {
879 	struct usr	*u;
880 
881 	if (first) {
882 		u = create_ulist(name, ATEVENT);
883 		add_atevent(u, name, tim, jobtype);
884 	} else {
885 		if ((u = find_usr(name)) == NULL) {
886 			u = create_ulist(name, ATEVENT);
887 			add_atevent(u, name, tim, jobtype);
888 		} else {
889 			update_atevent(u, name, tim, jobtype);
890 		}
891 	}
892 }
893 
894 static void
mod_ctab(char * name,time_t reftime)895 mod_ctab(char *name, time_t reftime)
896 {
897 	struct	passwd	*pw;
898 	struct	stat	buf;
899 	struct	usr	*u;
900 	char	namebuf[LINE_MAX];
901 	char	*pname;
902 
903 	/* skip over ancillary file names */
904 	if (audit_cron_is_anc_name(name))
905 		return;
906 
907 	if ((pw = getpwnam(name)) == NULL) {
908 		msg("No such user as %s - cron entries not created", name);
909 		return;
910 	}
911 	if (cwd != CRON) {
912 		if (snprintf(namebuf, sizeof (namebuf), "%s/%s",
913 		    CRONDIR, name) >= sizeof (namebuf)) {
914 			msg("Too long path name %s - cron entries not created",
915 			    namebuf);
916 			return;
917 		}
918 		pname = namebuf;
919 	} else {
920 		pname = name;
921 	}
922 	/*
923 	 * a warning message is given by the crontab command so there is
924 	 * no need to give one here......  use this code if you only want
925 	 * users with a login shell of /usr/bin/sh to use cron
926 	 */
927 #ifdef BOURNESHELLONLY
928 	if ((strcmp(pw->pw_shell, "") != 0) &&
929 	    (strcmp(pw->pw_shell, SHELL) != 0)) {
930 		mail(name, BADSHELL, ERR_CANTEXECCRON);
931 		cron_unlink(pname);
932 		return;
933 	}
934 #endif
935 	if (stat(pname, &buf)) {
936 		mail(name, BADSTAT, ERR_UNIXERR);
937 		cron_unlink(pname);
938 		return;
939 	}
940 	if (!S_ISREG(buf.st_mode)) {
941 		mail(name, BADTYPE, ERR_CRONTABENT);
942 		return;
943 	}
944 	if ((u = find_usr(name)) == NULL) {
945 #ifdef DEBUG
946 		(void) fprintf(stderr, "new user (%s) with a crontab\n", name);
947 #endif
948 		u = create_ulist(name, CRONEVENT);
949 		u->home = xmalloc(strlen(pw->pw_dir) + 1);
950 		(void) strcpy(u->home, pw->pw_dir);
951 		u->uid = pw->pw_uid;
952 		u->gid = pw->pw_gid;
953 		readcron(u, reftime);
954 	} else {
955 		u->uid = pw->pw_uid;
956 		u->gid = pw->pw_gid;
957 		if (u->home != NULL) {
958 			if (strcmp(u->home, pw->pw_dir) != 0) {
959 				free(u->home);
960 				u->home = xmalloc(strlen(pw->pw_dir) + 1);
961 				(void) strcpy(u->home, pw->pw_dir);
962 			}
963 		} else {
964 			u->home = xmalloc(strlen(pw->pw_dir) + 1);
965 			(void) strcpy(u->home, pw->pw_dir);
966 		}
967 		u->ctexists = TRUE;
968 		if (u->ctid == 0) {
969 #ifdef DEBUG
970 			(void) fprintf(stderr, "%s now has a crontab\n",
971 			    u->name);
972 #endif
973 			/* user didnt have a crontab last time */
974 			u->ctid = ecid++;
975 			u->ctevents = NULL;
976 			readcron(u, reftime);
977 			return;
978 		}
979 #ifdef DEBUG
980 		(void) fprintf(stderr, "%s has revised his crontab\n", u->name);
981 #endif
982 		rm_ctevents(u);
983 		el_remove(u->ctid, 0);
984 		readcron(u, reftime);
985 	}
986 }
987 
988 /* ARGSUSED */
989 static void
mod_atjob(char * name,time_t reftime)990 mod_atjob(char *name, time_t reftime)
991 {
992 	char	*ptr;
993 	time_t	tim;
994 	struct	passwd	*pw;
995 	struct	stat	buf;
996 	struct	usr	*u;
997 	char	namebuf[PATH_MAX];
998 	char	*pname;
999 	int	jobtype;
1000 
1001 	ptr = name;
1002 	if (((tim = num(&ptr)) == 0) || (*ptr != '.'))
1003 		return;
1004 	ptr++;
1005 	if (!isalpha(*ptr))
1006 		return;
1007 	jobtype = *ptr - 'a';
1008 
1009 	/* check for audit ancillary file */
1010 	if (audit_cron_is_anc_name(name))
1011 		return;
1012 
1013 	if (cwd != AT) {
1014 		if (snprintf(namebuf, sizeof (namebuf), "%s/%s", ATDIR, name)
1015 		    >= sizeof (namebuf)) {
1016 			return;
1017 		}
1018 		pname = namebuf;
1019 	} else {
1020 		pname = name;
1021 	}
1022 	if (stat(pname, &buf) || jobtype >= NQUEUE) {
1023 		cron_unlink(pname);
1024 		return;
1025 	}
1026 	if (!(buf.st_mode & ISUID) || !S_ISREG(buf.st_mode)) {
1027 		cron_unlink(pname);
1028 		return;
1029 	}
1030 	if ((pw = getpwuid(buf.st_uid)) == NULL) {
1031 		cron_unlink(pname);
1032 		return;
1033 	}
1034 	/*
1035 	 * a warning message is given by the at command so there is no
1036 	 * need to give one here......use this code if you only want
1037 	 * users with a login shell of /usr/bin/sh to use cron
1038 	 */
1039 #ifdef BOURNESHELLONLY
1040 	if ((strcmp(pw->pw_shell, "") != 0) &&
1041 	    (strcmp(pw->pw_shell, SHELL) != 0)) {
1042 		mail(pw->pw_name, BADSHELL, ERR_CANTEXECAT);
1043 		cron_unlink(pname);
1044 		return;
1045 	}
1046 #endif
1047 	if ((u = find_usr(pw->pw_name)) == NULL) {
1048 #ifdef DEBUG
1049 		(void) fprintf(stderr, "new user (%s) with an at job = %s\n",
1050 		    pw->pw_name, name);
1051 #endif
1052 		u = create_ulist(pw->pw_name, ATEVENT);
1053 		u->home = xstrdup(pw->pw_dir);
1054 		u->uid = pw->pw_uid;
1055 		u->gid = pw->pw_gid;
1056 		add_atevent(u, name, tim, jobtype);
1057 	} else {
1058 		u->uid = pw->pw_uid;
1059 		u->gid = pw->pw_gid;
1060 		free(u->home);
1061 		u->home = xstrdup(pw->pw_dir);
1062 		update_atevent(u, name, tim, jobtype);
1063 	}
1064 }
1065 
1066 static void
add_atevent(struct usr * u,char * job,time_t tim,int jobtype)1067 add_atevent(struct usr *u, char *job, time_t tim, int jobtype)
1068 {
1069 	struct event *e;
1070 
1071 	e = xmalloc(sizeof (struct event));
1072 	e->etype = jobtype;
1073 	e->cmd = xmalloc(strlen(job) + 1);
1074 	(void) strcpy(e->cmd, job);
1075 	e->u = u;
1076 	e->link = u->atevents;
1077 	u->atevents = e;
1078 	e->of.at.exists = TRUE;
1079 	e->of.at.eventid = ecid++;
1080 	if (tim < init_time)	/* old job */
1081 		e->time = init_time;
1082 	else
1083 		e->time = tim;
1084 #ifdef DEBUG
1085 	(void) fprintf(stderr, "add_atevent: user=%s, job=%s, time=%ld\n",
1086 	    u->name, e->cmd, e->time);
1087 #endif
1088 	if (el_add(e, e->time, e->of.at.eventid) < 0) {
1089 		ignore_msg("add_atevent", "at", e);
1090 	}
1091 }
1092 
1093 void
update_atevent(struct usr * u,char * name,time_t tim,int jobtype)1094 update_atevent(struct usr *u, char *name, time_t tim, int jobtype)
1095 {
1096 	struct event *e;
1097 
1098 	e = u->atevents;
1099 	while (e != NULL) {
1100 		if (strcmp(e->cmd, name) == 0) {
1101 			e->of.at.exists = TRUE;
1102 			break;
1103 		} else {
1104 			e = e->link;
1105 		}
1106 	}
1107 	if (e == NULL) {
1108 #ifdef DEBUG
1109 		(void) fprintf(stderr, "%s has a new at job = %s\n",
1110 		    u->name, name);
1111 #endif
1112 			add_atevent(u, name, tim, jobtype);
1113 	}
1114 }
1115 
1116 static char line[CTLINESIZE];	/* holds a line from a crontab file */
1117 static int cursor;		/* cursor for the above line */
1118 
1119 static void
readcron(struct usr * u,time_t reftime)1120 readcron(struct usr *u, time_t reftime)
1121 {
1122 	/*
1123 	 * readcron reads in a crontab file for a user (u). The list of
1124 	 * events for user u is built, and u->events is made to point to
1125 	 * this list. Each event is also entered into the main event
1126 	 * list.
1127 	 */
1128 	FILE *cf;	/* cf will be a user's crontab file */
1129 	struct event *e;
1130 	int start;
1131 	unsigned int i;
1132 	char namebuf[PATH_MAX];
1133 	char *pname;
1134 	struct shared *tz = NULL;
1135 	struct shared *home = NULL;
1136 	struct shared *shell = NULL;
1137 	int lineno = 0;
1138 
1139 	/* read the crontab file */
1140 	cte_init();		/* Init error handling */
1141 	if (cwd != CRON) {
1142 		if (snprintf(namebuf, sizeof (namebuf), "%s/%s",
1143 		    CRONDIR, u->name) >= sizeof (namebuf)) {
1144 			return;
1145 		}
1146 		pname = namebuf;
1147 	} else {
1148 		pname = u->name;
1149 	}
1150 	if ((cf = fopen(pname, "r")) == NULL) {
1151 		mail(u->name, NOREAD, ERR_UNIXERR);
1152 		return;
1153 	}
1154 	while (fgets(line, CTLINESIZE, cf) != NULL) {
1155 		char *tmp;
1156 		/* process a line of a crontab file */
1157 		lineno++;
1158 		if (cte_istoomany())
1159 			break;
1160 		cursor = 0;
1161 		while (line[cursor] == ' ' || line[cursor] == '\t')
1162 			cursor++;
1163 		if (line[cursor] == '#' || line[cursor] == '\n')
1164 			continue;
1165 
1166 		if (strncmp(&line[cursor], ENV_TZ,
1167 		    strlen(ENV_TZ)) == 0) {
1168 			if ((tmp = strchr(&line[cursor], '\n')) != NULL) {
1169 				*tmp = NULL;
1170 			}
1171 
1172 			if (!isvalid_tz(&line[cursor + strlen(ENV_TZ)], NULL,
1173 			    _VTZ_ALL)) {
1174 				cte_add(lineno, line);
1175 				break;
1176 			}
1177 			if (tz == NULL || strcmp(&line[cursor], get_obj(tz))) {
1178 				rel_shared(tz);
1179 				tz = create_shared_str(&line[cursor]);
1180 			}
1181 			continue;
1182 		}
1183 
1184 		if (strncmp(&line[cursor], ENV_HOME,
1185 		    strlen(ENV_HOME)) == 0) {
1186 			if ((tmp = strchr(&line[cursor], '\n')) != NULL) {
1187 				*tmp = NULL;
1188 			}
1189 			if (home == NULL ||
1190 			    strcmp(&line[cursor], get_obj(home))) {
1191 				rel_shared(home);
1192 				home = create_shared_str(
1193 				    &line[cursor + strlen(ENV_HOME)]);
1194 			}
1195 			continue;
1196 		}
1197 
1198 		if (strncmp(&line[cursor], ENV_SHELL,
1199 		    strlen(ENV_SHELL)) == 0) {
1200 			if ((tmp = strchr(&line[cursor], '\n')) != NULL) {
1201 				*tmp = NULL;
1202 			}
1203 			if (shell == NULL ||
1204 			    strcmp(&line[cursor], get_obj(shell))) {
1205 				rel_shared(shell);
1206 				shell = create_shared_str(&line[cursor]);
1207 			}
1208 			continue;
1209 		}
1210 
1211 		e = xmalloc(sizeof (struct event));
1212 		e->etype = CRONEVENT;
1213 		if (!(((e->of.ct.minute = next_field(0, 59)) != NULL) &&
1214 		    ((e->of.ct.hour = next_field(0, 23)) != NULL) &&
1215 		    ((e->of.ct.daymon = next_field(1, 31)) != NULL) &&
1216 		    ((e->of.ct.month = next_field(1, 12)) != NULL) &&
1217 		    ((e->of.ct.dayweek = next_field(0, 6)) != NULL))) {
1218 			free(e);
1219 			cte_add(lineno, line);
1220 			continue;
1221 		}
1222 		while (line[cursor] == ' ' || line[cursor] == '\t')
1223 			cursor++;
1224 		if (line[cursor] == '\n' || line[cursor] == '\0')
1225 			continue;
1226 		/* get the command to execute	*/
1227 		start = cursor;
1228 again:
1229 		while ((line[cursor] != '%') &&
1230 		    (line[cursor] != '\n') &&
1231 		    (line[cursor] != '\0') &&
1232 		    (line[cursor] != '\\'))
1233 			cursor++;
1234 		if (line[cursor] == '\\') {
1235 			cursor += 2;
1236 			goto again;
1237 		}
1238 		e->cmd = xmalloc(cursor-start + 1);
1239 		(void) strncpy(e->cmd, line + start, cursor-start);
1240 		e->cmd[cursor-start] = '\0';
1241 		/* see if there is any standard input	*/
1242 		if (line[cursor] == '%') {
1243 			e->of.ct.input = xmalloc(strlen(line)-cursor + 1);
1244 			(void) strcpy(e->of.ct.input, line + cursor + 1);
1245 			for (i = 0; i < strlen(e->of.ct.input); i++) {
1246 				if (e->of.ct.input[i] == '%')
1247 					e->of.ct.input[i] = '\n';
1248 			}
1249 		} else {
1250 			e->of.ct.input = NULL;
1251 		}
1252 		/* set the timezone of this entry */
1253 		e->of.ct.tz = dup_shared(tz);
1254 		/* set the shell of this entry */
1255 		e->of.ct.shell = dup_shared(shell);
1256 		/* set the home of this entry */
1257 		e->of.ct.home = dup_shared(home);
1258 		/* have the event point to it's owner	*/
1259 		e->u = u;
1260 		/* insert this event at the front of this user's event list */
1261 		e->link = u->ctevents;
1262 		u->ctevents = e;
1263 		/* set the time for the first occurance of this event	*/
1264 		e->time = next_time(e, reftime);
1265 		/* finally, add this event to the main event list	*/
1266 		switch (el_add(e, e->time, u->ctid)) {
1267 		case -1:
1268 			ignore_msg("readcron", "cron", e);
1269 			break;
1270 		case -2: /* event time lower than init time */
1271 			reset_needed = 1;
1272 			break;
1273 		}
1274 		cte_valid();
1275 #ifdef DEBUG
1276 		cftime(timebuf, "%+", &e->time);
1277 		(void) fprintf(stderr, "inserting cron event %s at %ld (%s)\n",
1278 		    e->cmd, e->time, timebuf);
1279 #endif
1280 	}
1281 	cte_sendmail(u->name);	/* mail errors if any to user */
1282 	(void) fclose(cf);
1283 	rel_shared(tz);
1284 	rel_shared(shell);
1285 	rel_shared(home);
1286 }
1287 
1288 /*
1289  * Below are the functions for handling of errors in crontabs. Concept is to
1290  * collect faulty lines and send one email at the end of the crontab
1291  * evaluation. If there are erroneous lines only ((cte_nvalid == 0), evaluation
1292  * of crontab is aborted. Otherwise reading of crontab is continued to the end
1293  * of the file but no further error logging appears.
1294  */
1295 static void
cte_init()1296 cte_init()
1297 {
1298 	if (cte_text == NULL)
1299 		cte_text = xmalloc(MAILBUFLEN);
1300 	(void) strlcpy(cte_text, cte_intro, MAILBUFLEN);
1301 	cte_lp = cte_text + sizeof (cte_intro) - 1;
1302 	cte_free = MAILBINITFREE;
1303 	cte_nvalid = 0;
1304 }
1305 
1306 static void
cte_add(int lineno,char * ctline)1307 cte_add(int lineno, char *ctline)
1308 {
1309 	int len;
1310 	char *p;
1311 
1312 	if (cte_free >= LINELIMIT) {
1313 		(void) sprintf(cte_lp, "%4d: ", lineno);
1314 		(void) strlcat(cte_lp, ctline, LINELIMIT - 1);
1315 		len = strlen(cte_lp);
1316 		if (cte_lp[len - 1] != '\n') {
1317 			cte_lp[len++] = '\n';
1318 			cte_lp[len] = '\0';
1319 		}
1320 		for (p = cte_lp; *p; p++) {
1321 			if (isprint(*p) || *p == '\n' || *p == '\t')
1322 				continue;
1323 			*p = '.';
1324 		}
1325 		cte_lp += len;
1326 		cte_free -= len;
1327 		if (cte_free < LINELIMIT) {
1328 			size_t buflen = MAILBUFLEN - (cte_lp - cte_text);
1329 			(void) strlcpy(cte_lp, cte_trail1, buflen);
1330 			if (cte_nvalid == 0)
1331 				(void) strlcat(cte_lp, cte_trail2, buflen);
1332 		}
1333 	}
1334 }
1335 
1336 static void
cte_valid()1337 cte_valid()
1338 {
1339 	cte_nvalid++;
1340 }
1341 
1342 static int
cte_istoomany()1343 cte_istoomany()
1344 {
1345 	/*
1346 	 * Return TRUE only if all lines are faulty. So evaluation of
1347 	 * a crontab is not aborted if at least one valid line was found.
1348 	 */
1349 	return (cte_nvalid == 0 && cte_free < LINELIMIT);
1350 }
1351 
1352 static void
cte_sendmail(char * username)1353 cte_sendmail(char *username)
1354 {
1355 	if (cte_free < MAILBINITFREE)
1356 		mail(username, cte_text, ERR_CRONTABENT);
1357 }
1358 
1359 /*
1360  * Send mail with error message to a user
1361  */
1362 static void
mail(char * usrname,char * mesg,int format)1363 mail(char *usrname, char *mesg, int format)
1364 {
1365 	/* mail mails a user a message.	*/
1366 	FILE *pipe;
1367 	char *temp;
1368 	struct passwd	*ruser_ids;
1369 	pid_t fork_val;
1370 	int saveerrno = errno;
1371 	struct utsname	name;
1372 
1373 #ifdef TESTING
1374 	return;
1375 #endif
1376 	(void) uname(&name);
1377 	if ((fork_val = fork()) == (pid_t)-1) {
1378 		msg("cron cannot fork\n");
1379 		return;
1380 	}
1381 	if (fork_val == 0) {
1382 		child_sigreset();
1383 		contract_clear_template();
1384 		if ((ruser_ids = getpwnam(usrname)) == NULL)
1385 			exit(0);
1386 		(void) setuid(ruser_ids->pw_uid);
1387 		temp = xmalloc(strlen(MAIL) + strlen(usrname) + 2);
1388 		(void) sprintf(temp, "%s %s", MAIL, usrname);
1389 		pipe = popen(temp, "w");
1390 		if (pipe != NULL) {
1391 			(void) fprintf(pipe, "To: %s\n", usrname);
1392 			switch (format) {
1393 			case ERR_CRONTABENT:
1394 				(void) fprintf(pipe, CRONTABERR);
1395 				(void) fprintf(pipe, "Your \"crontab\" on %s\n",
1396 				    name.nodename);
1397 				(void) fprintf(pipe, mesg);
1398 				(void) fprintf(pipe,
1399 				    "\nEntries or crontab have been ignored\n");
1400 				break;
1401 			case ERR_UNIXERR:
1402 				(void) fprintf(pipe, "Subject: %s\n\n", mesg);
1403 				(void) fprintf(pipe,
1404 				    "The error on %s was \"%s\"\n",
1405 				    name.nodename, errmsg(saveerrno));
1406 				break;
1407 
1408 			case ERR_CANTEXECCRON:
1409 				(void) fprintf(pipe,
1410 				"Subject: Couldn't run your \"cron\" job\n\n");
1411 				(void) fprintf(pipe,
1412 				    "Your \"cron\" job on %s ", name.nodename);
1413 				(void) fprintf(pipe, "couldn't be run\n");
1414 				(void) fprintf(pipe, "%s\n", mesg);
1415 				(void) fprintf(pipe,
1416 				"The error was \"%s\"\n", errmsg(saveerrno));
1417 				break;
1418 
1419 			case ERR_CANTEXECAT:
1420 				(void) fprintf(pipe,
1421 				"Subject: Couldn't run your \"at\" job\n\n");
1422 				(void) fprintf(pipe, "Your \"at\" job on %s ",
1423 				    name.nodename);
1424 				(void) fprintf(pipe, "couldn't be run\n");
1425 				(void) fprintf(pipe, "%s\n", mesg);
1426 				(void) fprintf(pipe,
1427 				"The error was \"%s\"\n", errmsg(saveerrno));
1428 				break;
1429 
1430 			default:
1431 				break;
1432 			}
1433 			(void) pclose(pipe);
1434 		}
1435 		free(temp);
1436 		exit(0);
1437 	}
1438 
1439 	contract_abandon_latest(fork_val);
1440 
1441 	if (cron_pid == getpid()) {
1442 		miscpid_insert(fork_val);
1443 	}
1444 }
1445 
1446 static char *
next_field(int lower,int upper)1447 next_field(int lower, int upper)
1448 {
1449 	/*
1450 	 * next_field returns a pointer to a string which holds the next
1451 	 * field of a line of a crontab file.
1452 	 *   if (numbers in this field are out of range (lower..upper),
1453 	 *	or there is a syntax error) then
1454 	 *	NULL is returned, and a mail message is sent to the
1455 	 *	user telling him which line the error was in.
1456 	 */
1457 
1458 	char *s;
1459 	int num, num2, start;
1460 
1461 	while ((line[cursor] == ' ') || (line[cursor] == '\t'))
1462 		cursor++;
1463 	start = cursor;
1464 	if (line[cursor] == '\0') {
1465 		return (NULL);
1466 	}
1467 	if (line[cursor] == '*') {
1468 		cursor++;
1469 		if ((line[cursor] != ' ') && (line[cursor] != '\t'))
1470 			return (NULL);
1471 		s = xmalloc(2);
1472 		(void) strcpy(s, "*");
1473 		return (s);
1474 	}
1475 	for (;;) {
1476 		if (!isdigit(line[cursor]))
1477 			return (NULL);
1478 		num = 0;
1479 		do {
1480 			num = num*10 + (line[cursor]-'0');
1481 		} while (isdigit(line[++cursor]));
1482 		if ((num < lower) || (num > upper))
1483 			return (NULL);
1484 		if (line[cursor] == '-') {
1485 			if (!isdigit(line[++cursor]))
1486 				return (NULL);
1487 			num2 = 0;
1488 			do {
1489 				num2 = num2*10 + (line[cursor]-'0');
1490 			} while (isdigit(line[++cursor]));
1491 			if ((num2 < lower) || (num2 > upper))
1492 				return (NULL);
1493 		}
1494 		if ((line[cursor] == ' ') || (line[cursor] == '\t'))
1495 			break;
1496 		if (line[cursor] == '\0')
1497 			return (NULL);
1498 		if (line[cursor++] != ',')
1499 			return (NULL);
1500 	}
1501 	s = xmalloc(cursor-start + 1);
1502 	(void) strncpy(s, line + start, cursor-start);
1503 	s[cursor-start] = '\0';
1504 	return (s);
1505 }
1506 
1507 #define	tm_cmp(t1, t2) (\
1508 	(t1)->tm_year == (t2)->tm_year && \
1509 	(t1)->tm_mon == (t2)->tm_mon && \
1510 	(t1)->tm_mday == (t2)->tm_mday && \
1511 	(t1)->tm_hour == (t2)->tm_hour && \
1512 	(t1)->tm_min == (t2)->tm_min)
1513 
1514 #define	tm_setup(tp, yr, mon, dy, hr, min, dst) \
1515 	(tp)->tm_year = yr; \
1516 	(tp)->tm_mon = mon; \
1517 	(tp)->tm_mday = dy; \
1518 	(tp)->tm_hour = hr; \
1519 	(tp)->tm_min = min; \
1520 	(tp)->tm_isdst = dst; \
1521 	(tp)->tm_sec = 0; \
1522 	(tp)->tm_wday = 0; \
1523 	(tp)->tm_yday = 0;
1524 
1525 /*
1526  * modification for bugid 1104537. the second argument to next_time is
1527  * now the value of time(2) to be used. if this is 0, then use the
1528  * current time. otherwise, the second argument is the time from which to
1529  * calculate things. this is useful to correct situations where you've
1530  * gone backwards in time (I.e. the system's internal clock is correcting
1531  * itself backwards).
1532  */
1533 
1534 
1535 
1536 static time_t
tz_next_time(struct event * e,time_t tflag)1537 tz_next_time(struct event *e, time_t tflag)
1538 {
1539 	/*
1540 	 * returns the integer time for the next occurance of event e.
1541 	 * the following fields have ranges as indicated:
1542 	 * PRGM  | min	hour	day of month	mon	day of week
1543 	 * ------|-------------------------------------------------------
1544 	 * cron  | 0-59	0-23	    1-31	1-12	0-6 (0=sunday)
1545 	 * time  | 0-59	0-23	    1-31	0-11	0-6 (0=sunday)
1546 	 * NOTE: this routine is hard to understand.
1547 	 */
1548 
1549 	struct tm *tm, ref_tm, tmp, tmp1, tmp2;
1550 	int tm_mon, tm_mday, tm_wday, wday, m, min, h, hr, carry, day, days;
1551 	int d1, day1, carry1, d2, day2, carry2, daysahead, mon, yr, db, wd;
1552 	int today;
1553 	time_t t, ref_t, t1, t2, zone_start;
1554 	int fallback;
1555 	extern int days_btwn(int, int, int, int, int, int);
1556 
1557 	if (tflag == 0) {
1558 		t = time(NULL);	/* original way of doing things	*/
1559 	} else {
1560 		t =  tflag;
1561 	}
1562 
1563 	tm = &ref_tm;	/* use a local variable and call localtime_r() */
1564 	ref_t = t;	/* keep a copy of the reference time */
1565 
1566 recalc:
1567 	fallback = 0;
1568 
1569 	(void) localtime_r(&t, tm);
1570 
1571 	if (daylight) {
1572 		tmp = *tm;
1573 		tmp.tm_isdst = (tm->tm_isdst > 0 ? 0 : 1);
1574 		t1 = xmktime(&tmp);
1575 		/*
1576 		 * see if we will have timezone switch over, and clock will
1577 		 * fall back. zone_start will hold the time when it happens
1578 		 * (ie time of PST -> PDT switch over).
1579 		 */
1580 		if (tm->tm_isdst != tmp.tm_isdst &&
1581 		    (t1 - t) == (timezone - altzone) &&
1582 		    tm_cmp(tm, &tmp)) {
1583 			zone_start = get_switching_time(tmp.tm_isdst, t);
1584 			fallback = 1;
1585 		}
1586 	}
1587 
1588 	tm_mon = next_ge(tm->tm_mon + 1, e->of.ct.month) - 1;	/* 0-11 */
1589 	tm_mday = next_ge(tm->tm_mday, e->of.ct.daymon);	/* 1-31 */
1590 	tm_wday = next_ge(tm->tm_wday, e->of.ct.dayweek);	/* 0-6	*/
1591 	today = TRUE;
1592 	if ((strcmp(e->of.ct.daymon, "*") == 0 && tm->tm_wday != tm_wday) ||
1593 	    (strcmp(e->of.ct.dayweek, "*") == 0 && tm->tm_mday != tm_mday) ||
1594 	    (tm->tm_mday != tm_mday && tm->tm_wday != tm_wday) ||
1595 	    (tm->tm_mon != tm_mon)) {
1596 		today = FALSE;
1597 	}
1598 	m = tm->tm_min + (t == ref_t ? 1 : 0);
1599 	if ((tm->tm_hour + 1) <= next_ge(tm->tm_hour, e->of.ct.hour)) {
1600 		m = 0;
1601 	}
1602 	min = next_ge(m%60, e->of.ct.minute);
1603 	carry = (min < m) ? 1 : 0;
1604 	h = tm->tm_hour + carry;
1605 	hr = next_ge(h%24, e->of.ct.hour);
1606 	carry = (hr < h) ? 1 : 0;
1607 
1608 	if (carry == 0 && today) {
1609 		/* this event must occur today */
1610 		tm_setup(&tmp, tm->tm_year, tm->tm_mon, tm->tm_mday,
1611 		    hr, min, tm->tm_isdst);
1612 		tmp1 = tmp;
1613 		if ((t1 = xmktime(&tmp1)) == (time_t)-1) {
1614 			return (0);
1615 		}
1616 		if (daylight && tmp.tm_isdst != tmp1.tm_isdst) {
1617 			/* In case we are falling back */
1618 			if (fallback) {
1619 				/* we may need to run the job once more. */
1620 				t = zone_start;
1621 				goto recalc;
1622 			}
1623 
1624 			/*
1625 			 * In case we are not in falling back period,
1626 			 * calculate the time assuming the DST. If the
1627 			 * date/time is not altered by mktime, it is the
1628 			 * time to execute the job.
1629 			 */
1630 			tmp2 = tmp;
1631 			tmp2.tm_isdst = tmp1.tm_isdst;
1632 			if ((t1 = xmktime(&tmp2)) == (time_t)-1) {
1633 				return (0);
1634 			}
1635 			if (tmp1.tm_isdst == tmp2.tm_isdst &&
1636 			    tm_cmp(&tmp, &tmp2)) {
1637 				/*
1638 				 * We got a valid time.
1639 				 */
1640 				return (t1);
1641 			} else {
1642 				/*
1643 				 * If the date does not match even if
1644 				 * we assume the alternate timezone, then
1645 				 * it must be the invalid time. eg
1646 				 * 2am while switching 1:59am to 3am.
1647 				 * t1 should point the time before the
1648 				 * switching over as we've calculate the
1649 				 * time with assuming alternate zone.
1650 				 */
1651 				if (tmp1.tm_isdst != tmp2.tm_isdst) {
1652 					t = get_switching_time(tmp1.tm_isdst,
1653 					    t1);
1654 				} else {
1655 					/* does this really happen? */
1656 					t = get_switching_time(tmp1.tm_isdst,
1657 					    t1 - abs(timezone - altzone));
1658 				}
1659 				if (t == (time_t)-1) {
1660 					return (0);
1661 				}
1662 			}
1663 			goto recalc;
1664 		}
1665 		if (tm_cmp(&tmp, &tmp1)) {
1666 			/* got valid time */
1667 			return (t1);
1668 		} else {
1669 			/*
1670 			 * This should never happen, but just in
1671 			 * case, we fall back to the old code.
1672 			 */
1673 			if (tm->tm_min > min) {
1674 				t += (time_t)(hr-tm->tm_hour-1) * HOUR +
1675 				    (time_t)(60-tm->tm_min + min) * MINUTE;
1676 			} else {
1677 				t += (time_t)(hr-tm->tm_hour) * HOUR +
1678 				    (time_t)(min-tm->tm_min) * MINUTE;
1679 			}
1680 			t1 = t;
1681 			t -= (time_t)tm->tm_sec;
1682 			(void) localtime_r(&t, &tmp);
1683 			if ((tm->tm_isdst == 0) && (tmp.tm_isdst > 0))
1684 				t -= (timezone - altzone);
1685 			return ((t <= ref_t) ? t1 : t);
1686 		}
1687 	}
1688 
1689 	/*
1690 	 * Job won't run today, however if we have a switch over within
1691 	 * one hour and we will have one hour time drifting back in this
1692 	 * period, we may need to run the job one more time if the job was
1693 	 * set to run on this hour of clock.
1694 	 */
1695 	if (fallback) {
1696 		t = zone_start;
1697 		goto recalc;
1698 	}
1699 
1700 	min = next_ge(0, e->of.ct.minute);
1701 	hr = next_ge(0, e->of.ct.hour);
1702 
1703 	/*
1704 	 * calculate the date of the next occurance of this event, which
1705 	 * will be on a different day than the current
1706 	 */
1707 
1708 	/* check monthly day specification	*/
1709 	d1 = tm->tm_mday + 1;
1710 	day1 = next_ge((d1-1)%days_in_mon(tm->tm_mon, tm->tm_year) + 1,
1711 	    e->of.ct.daymon);
1712 	carry1 = (day1 < d1) ? 1 : 0;
1713 
1714 	/* check weekly day specification	*/
1715 	d2 = tm->tm_wday + 1;
1716 	wday = next_ge(d2%7, e->of.ct.dayweek);
1717 	if (wday < d2)
1718 		daysahead = 7 - d2 + wday;
1719 	else
1720 		daysahead = wday - d2;
1721 	day2 = (d1 + daysahead-1)%days_in_mon(tm->tm_mon, tm->tm_year) + 1;
1722 	carry2 = (day2 < d1) ? 1 : 0;
1723 
1724 	/*
1725 	 *	based on their respective specifications, day1, and day2 give
1726 	 *	the day of the month for the next occurance of this event.
1727 	 */
1728 	if ((strcmp(e->of.ct.daymon, "*") == 0) &&
1729 	    (strcmp(e->of.ct.dayweek, "*") != 0)) {
1730 		day1 = day2;
1731 		carry1 = carry2;
1732 	}
1733 	if ((strcmp(e->of.ct.daymon, "*") != 0) &&
1734 	    (strcmp(e->of.ct.dayweek, "*") == 0)) {
1735 		day2 = day1;
1736 		carry2 = carry1;
1737 	}
1738 
1739 	yr = tm->tm_year;
1740 	if ((carry1 && carry2) || (tm->tm_mon != tm_mon)) {
1741 		/* event does not occur in this month	*/
1742 		m = tm->tm_mon + 1;
1743 		mon = next_ge(m%12 + 1, e->of.ct.month) - 1;	/* 0..11 */
1744 		carry = (mon < m) ? 1 : 0;
1745 		yr += carry;
1746 		/* recompute day1 and day2	*/
1747 		day1 = next_ge(1, e->of.ct.daymon);
1748 		db = days_btwn(tm->tm_mon, tm->tm_mday, tm->tm_year, mon,
1749 		    1, yr) + 1;
1750 		wd = (tm->tm_wday + db)%7;
1751 		/* wd is the day of the week of the first of month mon	*/
1752 		wday = next_ge(wd, e->of.ct.dayweek);
1753 		if (wday < wd)
1754 			day2 = 1 + 7 - wd + wday;
1755 		else
1756 			day2 = 1 + wday - wd;
1757 		if ((strcmp(e->of.ct.daymon, "*") != 0) &&
1758 		    (strcmp(e->of.ct.dayweek, "*") == 0))
1759 			day2 = day1;
1760 		if ((strcmp(e->of.ct.daymon, "*") == 0) &&
1761 		    (strcmp(e->of.ct.dayweek, "*") != 0))
1762 			day1 = day2;
1763 		day = (day1 < day2) ? day1 : day2;
1764 	} else {			/* event occurs in this month	*/
1765 		mon = tm->tm_mon;
1766 		if (!carry1 && !carry2)
1767 			day = (day1 < day2) ? day1 : day2;
1768 		else if (!carry1)
1769 			day = day1;
1770 		else
1771 			day = day2;
1772 	}
1773 
1774 	/*
1775 	 * now that we have the min, hr, day, mon, yr of the next event,
1776 	 * figure out what time that turns out to be.
1777 	 */
1778 	tm_setup(&tmp, yr, mon, day, hr, min, -1);
1779 	tmp2 = tmp;
1780 	if ((t1 = xmktime(&tmp2)) == (time_t)-1) {
1781 		return (0);
1782 	}
1783 	if (tm_cmp(&tmp, &tmp2)) {
1784 		/*
1785 		 * mktime returns clock for the current time zone. If the
1786 		 * target date was in fallback period, it needs to be adjusted
1787 		 * to the time comes first.
1788 		 * Suppose, we are at Jan and scheduling job at 1:30am10/26/03.
1789 		 * mktime returns the time in PST, but 1:30am in PDT comes
1790 		 * first. So reverse the tm_isdst, and see if we have such
1791 		 * time/date.
1792 		 */
1793 		if (daylight) {
1794 			int dst = tmp2.tm_isdst;
1795 
1796 			tmp2 = tmp;
1797 			tmp2.tm_isdst = (dst > 0 ? 0 : 1);
1798 			if ((t2 = xmktime(&tmp2)) == (time_t)-1) {
1799 				return (0);
1800 			}
1801 			if (tm_cmp(&tmp, &tmp2)) {
1802 				/*
1803 				 * same time/date found in the opposite zone.
1804 				 * check the clock to see which comes early.
1805 				 */
1806 				if (t2 > ref_t && t2 < t1) {
1807 					t1 = t2;
1808 				}
1809 			}
1810 		}
1811 		return (t1);
1812 	} else {
1813 		/*
1814 		 * mktime has set different time/date for the given date.
1815 		 * This means that the next job is scheduled to be run on the
1816 		 * invalid time. There are three possible invalid date/time.
1817 		 * 1. Non existing day of the month. such as April 31th.
1818 		 * 2. Feb 29th in the non-leap year.
1819 		 * 3. Time gap during the DST switch over.
1820 		 */
1821 		d1 = days_in_mon(mon, yr);
1822 		if ((mon != 1 && day > d1) || (mon == 1 && day > 29)) {
1823 			/*
1824 			 * see if we have got a specific date which
1825 			 * is invalid.
1826 			 */
1827 			if (strcmp(e->of.ct.dayweek, "*") == 0 &&
1828 			    mon == (next_ge((mon + 1)%12 + 1,
1829 			    e->of.ct.month) - 1) &&
1830 			    day <= next_ge(1, e->of.ct.daymon)) {
1831 				/* job never run */
1832 				return (0);
1833 			}
1834 			/*
1835 			 * Since the day has gone invalid, we need to go to
1836 			 * next month, and recalcuate the first occurrence.
1837 			 * eg the cron tab such as:
1838 			 * 0 0 1,15,31 1,2,3,4,5 * /usr/bin....
1839 			 * 2/31 is invalid, so the next job is 3/1.
1840 			 */
1841 			tmp2 = tmp;
1842 			tmp2.tm_min = 0;
1843 			tmp2.tm_hour = 0;
1844 			tmp2.tm_mday = 1; /* 1st day of the month */
1845 			if (mon == 11) {
1846 				tmp2.tm_mon = 0;
1847 				tmp2.tm_year = yr + 1;
1848 			} else {
1849 				tmp2.tm_mon = mon + 1;
1850 			}
1851 			if ((t = xmktime(&tmp2)) == (time_t)-1) {
1852 				return (0);
1853 			}
1854 		} else if (mon == 1 && day > d1) {
1855 			/*
1856 			 * ie 29th in the non-leap year. Forwarding the
1857 			 * clock to Feb 29th 00:00 (March 1st), and recalculate
1858 			 * the next time.
1859 			 */
1860 			tmp2 = tmp;
1861 			tmp2.tm_min = 0;
1862 			tmp2.tm_hour = 0;
1863 			if ((t = xmktime(&tmp2)) == (time_t)-1) {
1864 				return (0);
1865 			}
1866 		} else if (daylight) {
1867 			/*
1868 			 * Non existing time, eg 2am PST during summer time
1869 			 * switch.
1870 			 * We need to get the correct isdst which we are
1871 			 * swithing to, by adding time difference to make sure
1872 			 * that t2 is in the zone being switched.
1873 			 */
1874 			t2 = t1;
1875 			t2 += abs(timezone - altzone);
1876 			(void) localtime_r(&t2, &tmp2);
1877 			zone_start = get_switching_time(tmp2.tm_isdst,
1878 			    t1 - abs(timezone - altzone));
1879 			if (zone_start == (time_t)-1) {
1880 				return (0);
1881 			}
1882 			t = zone_start;
1883 		} else {
1884 			/*
1885 			 * This should never happen, but fall back to the
1886 			 * old code.
1887 			 */
1888 			days = days_btwn(tm->tm_mon,
1889 			    tm->tm_mday, tm->tm_year, mon, day, yr);
1890 			t += (time_t)(23-tm->tm_hour)*HOUR
1891 			    + (time_t)(60-tm->tm_min)*MINUTE
1892 			    + (time_t)hr*HOUR + (time_t)min*MINUTE
1893 			    + (time_t)days*DAY;
1894 			t1 = t;
1895 			t -= (time_t)tm->tm_sec;
1896 			(void) localtime_r(&t, &tmp);
1897 			if ((tm->tm_isdst == 0) && (tmp.tm_isdst > 0))
1898 				t -= (timezone - altzone);
1899 			return (t <= ref_t ? t1 : t);
1900 		}
1901 		goto recalc;
1902 	}
1903 	/*NOTREACHED*/
1904 }
1905 
1906 static time_t
next_time(struct event * e,time_t tflag)1907 next_time(struct event *e, time_t tflag)
1908 {
1909 	if (e->of.ct.tz != NULL) {
1910 		time_t ret;
1911 
1912 		(void) putenv((char *)get_obj(e->of.ct.tz));
1913 		tzset();
1914 		ret = tz_next_time(e, tflag);
1915 		(void) putenv(tzone);
1916 		tzset();
1917 		return (ret);
1918 	} else {
1919 		return (tz_next_time(e, tflag));
1920 	}
1921 }
1922 
1923 /*
1924  * This returns TOD in time_t that zone switch will happen, and this
1925  * will be called when clock fallback is about to happen.
1926  * (ie 30minutes before the time of PST -> PDT switch. 2:00 AM PST
1927  * will fall back to 1:00 PDT. So this function will be called only
1928  * for the time between 1:00 AM PST and 2:00 PST(1:00 PST)).
1929  * First goes through the common time differences to see if zone
1930  * switch happens at those minutes later. If not, check every minutes
1931  * until 6 hours ahead see if it happens(We might have 45minutes
1932  * fallback).
1933  */
1934 static time_t
get_switching_time(int to_dst,time_t t_ref)1935 get_switching_time(int to_dst, time_t t_ref)
1936 {
1937 	time_t t, t1;
1938 	struct tm tmp, tmp1;
1939 	int hints[] = { 60, 120, 30, 90, 0}; /* minutes */
1940 	int i;
1941 
1942 	(void) localtime_r(&t_ref, &tmp);
1943 	tmp1 = tmp;
1944 	tmp1.tm_sec = 0;
1945 	tmp1.tm_min = 0;
1946 	if ((t = xmktime(&tmp1)) == (time_t)-1)
1947 		return ((time_t)-1);
1948 
1949 	/* fast path */
1950 	for (i = 0; hints[i] != 0; i++) {
1951 		t1 = t + hints[i] * 60;
1952 		(void) localtime_r(&t1, &tmp1);
1953 		if (tmp1.tm_isdst == to_dst) {
1954 			t1--;
1955 			(void) localtime_r(&t1, &tmp1);
1956 			if (tmp1.tm_isdst != to_dst) {
1957 				return (t1 + 1);
1958 			}
1959 		}
1960 	}
1961 
1962 	/* ugly, but don't know other than this. */
1963 	tmp1 = tmp;
1964 	tmp1.tm_sec = 0;
1965 	if ((t = xmktime(&tmp1)) == (time_t)-1)
1966 		return ((time_t)-1);
1967 	while (t < (t_ref + 6*60*60)) { /* 6 hours should be enough */
1968 		t += 60; /* at least one minute, I assume */
1969 		(void) localtime_r(&t, &tmp);
1970 		if (tmp.tm_isdst == to_dst)
1971 			return (t);
1972 	}
1973 	return ((time_t)-1);
1974 }
1975 
1976 static time_t
xmktime(struct tm * tmp)1977 xmktime(struct tm *tmp)
1978 {
1979 	time_t ret;
1980 
1981 	if ((ret = mktime(tmp)) == (time_t)-1) {
1982 		if (errno == EOVERFLOW) {
1983 			return ((time_t)-1);
1984 		}
1985 		crabort("internal error: mktime failed",
1986 		    REMOVE_FIFO|CONSOLE_MSG);
1987 	}
1988 	return (ret);
1989 }
1990 
1991 #define	DUMMY	100
1992 
1993 static int
next_ge(int current,char * list)1994 next_ge(int current, char *list)
1995 {
1996 	/*
1997 	 * list is a character field as in a crontab file;
1998 	 * for example: "40, 20, 50-10"
1999 	 * next_ge returns the next number in the list that is
2000 	 * greater than  or equal to current. if no numbers of list
2001 	 * are >= current, the smallest element of list is returned.
2002 	 * NOTE: current must be in the appropriate range.
2003 	 */
2004 
2005 	char *ptr;
2006 	int n, n2, min, min_gt;
2007 
2008 	if (strcmp(list, "*") == 0)
2009 		return (current);
2010 	ptr = list;
2011 	min = DUMMY;
2012 	min_gt = DUMMY;
2013 	for (;;) {
2014 		if ((n = (int)num(&ptr)) == current)
2015 			return (current);
2016 		if (n < min)
2017 			min = n;
2018 		if ((n > current) && (n < min_gt))
2019 			min_gt = n;
2020 		if (*ptr == '-') {
2021 			ptr++;
2022 			if ((n2 = (int)num(&ptr)) > n) {
2023 				if ((current > n) && (current <= n2))
2024 					return (current);
2025 			} else {	/* range that wraps around */
2026 				if (current > n)
2027 					return (current);
2028 				if (current <= n2)
2029 					return (current);
2030 			}
2031 		}
2032 		if (*ptr == '\0')
2033 			break;
2034 		ptr += 1;
2035 	}
2036 	if (min_gt != DUMMY)
2037 		return (min_gt);
2038 	else
2039 		return (min);
2040 }
2041 
2042 static void
free_if_unused(struct usr * u)2043 free_if_unused(struct usr *u)
2044 {
2045 	struct usr *cur, *prev;
2046 	/*
2047 	 *	To make sure a usr structure is idle we must check that
2048 	 *	there are no at jobs queued for the user; the user does
2049 	 *	not have a crontab, and also that there are no running at
2050 	 *	or cron jobs (since the runinfo structure also has a
2051 	 *	pointer to the usr structure).
2052 	 */
2053 	if (!u->ctexists && u->atevents == NULL &&
2054 	    u->cruncnt == 0 && u->aruncnt == 0) {
2055 #ifdef DEBUG
2056 		(void) fprintf(stderr, "%s removed from usr list\n", u->name);
2057 #endif
2058 		for (cur = uhead, prev = NULL;
2059 		    cur != u;
2060 		    prev = cur, cur = cur->nextusr) {
2061 			if (cur == NULL) {
2062 				return;
2063 			}
2064 		}
2065 
2066 		if (prev == NULL)
2067 			uhead = u->nextusr;
2068 		else
2069 			prev->nextusr = u->nextusr;
2070 		free(u->name);
2071 		free(u->home);
2072 		free(u);
2073 	}
2074 }
2075 
2076 static void
del_atjob(char * name,char * usrname)2077 del_atjob(char *name, char *usrname)
2078 {
2079 
2080 	struct	event	*e, *eprev;
2081 	struct	usr	*u;
2082 
2083 	if ((u = find_usr(usrname)) == NULL)
2084 		return;
2085 	e = u->atevents;
2086 	eprev = NULL;
2087 	while (e != NULL) {
2088 		if (strcmp(name, e->cmd) == 0) {
2089 			if (next_event == e)
2090 				next_event = NULL;
2091 			if (eprev == NULL)
2092 				u->atevents = e->link;
2093 			else
2094 				eprev->link = e->link;
2095 			el_remove(e->of.at.eventid, 1);
2096 			free(e->cmd);
2097 			free(e);
2098 			break;
2099 		} else {
2100 			eprev = e;
2101 			e = e->link;
2102 		}
2103 	}
2104 
2105 	free_if_unused(u);
2106 }
2107 
2108 static void
del_ctab(char * name)2109 del_ctab(char *name)
2110 {
2111 
2112 	struct	usr *u;
2113 
2114 	if ((u = find_usr(name)) == NULL)
2115 		return;
2116 	rm_ctevents(u);
2117 	el_remove(u->ctid, 0);
2118 	u->ctid = 0;
2119 	u->ctexists = 0;
2120 
2121 	free_if_unused(u);
2122 }
2123 
2124 static void
rm_ctevents(struct usr * u)2125 rm_ctevents(struct usr *u)
2126 {
2127 	struct event *e2, *e3;
2128 
2129 	/*
2130 	 * see if the next event (to be run by cron) is a cronevent
2131 	 * owned by this user.
2132 	 */
2133 
2134 	if ((next_event != NULL) &&
2135 	    (next_event->etype == CRONEVENT) &&
2136 	    (next_event->u == u)) {
2137 		next_event = NULL;
2138 	}
2139 	e2 = u->ctevents;
2140 	while (e2 != NULL) {
2141 		free(e2->cmd);
2142 		rel_shared(e2->of.ct.tz);
2143 		rel_shared(e2->of.ct.shell);
2144 		rel_shared(e2->of.ct.home);
2145 		free(e2->of.ct.minute);
2146 		free(e2->of.ct.hour);
2147 		free(e2->of.ct.daymon);
2148 		free(e2->of.ct.month);
2149 		free(e2->of.ct.dayweek);
2150 		if (e2->of.ct.input != NULL)
2151 			free(e2->of.ct.input);
2152 		e3 = e2->link;
2153 		free(e2);
2154 		e2 = e3;
2155 	}
2156 	u->ctevents = NULL;
2157 }
2158 
2159 
2160 static struct usr *
find_usr(char * uname)2161 find_usr(char *uname)
2162 {
2163 	struct usr *u;
2164 
2165 	u = uhead;
2166 	while (u != NULL) {
2167 		if (strcmp(u->name, uname) == 0)
2168 			return (u);
2169 		u = u->nextusr;
2170 	}
2171 	return (NULL);
2172 }
2173 
2174 /*
2175  * Execute cron command or at/batch job.
2176  * If ever a premature return is added to this function pay attention to
2177  * free at_cmdfile and outfile plus jobname buffers of the runinfo structure.
2178  */
2179 static int
ex(struct event * e)2180 ex(struct event *e)
2181 {
2182 	int r;
2183 	int fd;
2184 	pid_t rfork;
2185 	FILE *atcmdfp;
2186 	char mailvar[4];
2187 	char *at_cmdfile = NULL;
2188 	struct stat buf;
2189 	struct queue *qp;
2190 	struct runinfo *rp;
2191 	struct project proj, *pproj = NULL;
2192 	union {
2193 		struct {
2194 			char buf[PROJECT_BUFSZ];
2195 			char buf2[PROJECT_BUFSZ];
2196 		} p;
2197 		char error[CANT_STR_LEN + PATH_MAX];
2198 	} bufs;
2199 	char *tmpfile;
2200 	FILE *fptr;
2201 	time_t dhltime;
2202 	projid_t projid;
2203 	int projflag = 0;
2204 	char *home;
2205 	char *sh;
2206 
2207 	qp = &qt[e->etype];	/* set pointer to queue defs */
2208 	if (qp->nrun >= qp->njob) {
2209 		msg("%c queue max run limit reached", e->etype + 'a');
2210 		resched(qp->nwait);
2211 		return (0);
2212 	}
2213 
2214 	rp = rinfo_get(0); /* allocating a new runinfo struct */
2215 
2216 	/*
2217 	 * the tempnam() function uses malloc(3C) to allocate space for the
2218 	 * constructed file name, and returns a pointer to this area, which
2219 	 * is assigned to rp->outfile. Here rp->outfile is not overwritten.
2220 	 */
2221 
2222 	rp->outfile = tempnam(TMPDIR, PFX);
2223 	rp->jobtype = e->etype;
2224 	if (e->etype == CRONEVENT) {
2225 		rp->jobname = xmalloc(strlen(e->cmd) + 1);
2226 		(void) strcpy(rp->jobname, e->cmd);
2227 		/* "cron" jobs only produce mail if there's output */
2228 		rp->mailwhendone = 0;
2229 	} else {
2230 		at_cmdfile = xmalloc(strlen(ATDIR) + strlen(e->cmd) + 2);
2231 		(void) sprintf(at_cmdfile, "%s/%s", ATDIR, e->cmd);
2232 		if ((atcmdfp = fopen(at_cmdfile, "r")) == NULL) {
2233 			if (errno == ENAMETOOLONG) {
2234 				if (chdir(ATDIR) == 0)
2235 					cron_unlink(e->cmd);
2236 			} else {
2237 				cron_unlink(at_cmdfile);
2238 			}
2239 			mail((e->u)->name, BADJOBOPEN, ERR_CANTEXECAT);
2240 			free(at_cmdfile);
2241 			rinfo_free(rp);
2242 			return (0);
2243 		}
2244 		rp->jobname = xmalloc(strlen(at_cmdfile) + 1);
2245 		(void) strcpy(rp->jobname, at_cmdfile);
2246 
2247 		/*
2248 		 * Skip over the first two lines.
2249 		 */
2250 		(void) fscanf(atcmdfp, "%*[^\n]\n");
2251 		(void) fscanf(atcmdfp, "%*[^\n]\n");
2252 		if (fscanf(atcmdfp, ": notify by mail: %3s%*[^\n]\n",
2253 		    mailvar) == 1) {
2254 			/*
2255 			 * Check to see if we should always send mail
2256 			 * to the owner.
2257 			 */
2258 			rp->mailwhendone = (strcmp(mailvar, "yes") == 0);
2259 		} else {
2260 			rp->mailwhendone = 0;
2261 		}
2262 
2263 		if (fscanf(atcmdfp, "\n: project: %d\n", &projid) == 1) {
2264 			projflag = 1;
2265 		}
2266 		(void) fclose(atcmdfp);
2267 	}
2268 
2269 	/*
2270 	 * we make sure that the system time
2271 	 * hasn't drifted backwards. if it has, el_add() is now
2272 	 * called, to make sure that the event queue is back in order,
2273 	 * and we set the delayed flag. cron will pick up the request
2274 	 * later on at the proper time.
2275 	 */
2276 	dhltime = time(NULL);
2277 	if ((dhltime - e->time) < 0) {
2278 		msg("clock time drifted backwards!\n");
2279 		if (next_event->etype == CRONEVENT) {
2280 			msg("correcting cron event\n");
2281 			next_event->time = next_time(next_event, dhltime);
2282 			switch (el_add(next_event, next_event->time,
2283 			    (next_event->u)->ctid)) {
2284 			case -1:
2285 				ignore_msg("ex", "cron", next_event);
2286 				break;
2287 			case -2: /* event time lower than init time */
2288 				reset_needed = 1;
2289 				break;
2290 			}
2291 		} else { /* etype == ATEVENT */
2292 			msg("correcting batch event\n");
2293 			if (el_add(next_event, next_event->time,
2294 			    next_event->of.at.eventid) < 0) {
2295 				ignore_msg("ex", "at", next_event);
2296 			}
2297 		}
2298 		delayed++;
2299 		t_old = time(NULL);
2300 		free(at_cmdfile);
2301 		rinfo_free(rp);
2302 		return (0);
2303 	}
2304 
2305 	if ((rfork = fork()) == (pid_t)-1) {
2306 		reap_child();
2307 		if ((rfork = fork()) == (pid_t)-1) {
2308 			msg("cannot fork");
2309 			free(at_cmdfile);
2310 			rinfo_free(rp);
2311 			resched(60);
2312 			(void) sleep(30);
2313 			return (0);
2314 		}
2315 	}
2316 	if (rfork) {		/* parent process */
2317 		contract_abandon_latest(rfork);
2318 
2319 		++qp->nrun;
2320 		rp->pid = rfork;
2321 		rp->que = e->etype;
2322 		if (e->etype != CRONEVENT)
2323 			(e->u)->aruncnt++;
2324 		else
2325 			(e->u)->cruncnt++;
2326 		rp->rusr = (e->u);
2327 		logit(BCHAR, rp, 0);
2328 		free(at_cmdfile);
2329 
2330 		return (0);
2331 	}
2332 
2333 	child_sigreset();
2334 	contract_clear_template();
2335 
2336 	if (e->etype != CRONEVENT) {
2337 		/* open jobfile as stdin to shell */
2338 		if (stat(at_cmdfile, &buf)) {
2339 			if (errno == ENAMETOOLONG) {
2340 				if (chdir(ATDIR) == 0)
2341 					cron_unlink(e->cmd);
2342 			} else
2343 				cron_unlink(at_cmdfile);
2344 			mail((e->u)->name, BADJOBOPEN, ERR_CANTEXECCRON);
2345 			exit(1);
2346 		}
2347 		if (!(buf.st_mode&ISUID)) {
2348 			/*
2349 			 * if setuid bit off, original owner has
2350 			 * given this file to someone else
2351 			 */
2352 			cron_unlink(at_cmdfile);
2353 			exit(1);
2354 		}
2355 		if ((fd = open(at_cmdfile, O_RDONLY)) == -1) {
2356 			mail((e->u)->name, BADJOBOPEN, ERR_CANTEXECCRON);
2357 			cron_unlink(at_cmdfile);
2358 			exit(1);
2359 		}
2360 		if (fd != 0) {
2361 			(void) dup2(fd, 0);
2362 			(void) close(fd);
2363 		}
2364 		/*
2365 		 * retrieve the project id of the at job and convert it
2366 		 * to a project name.  fail if it's not a valid project
2367 		 * or if the user isn't a member of the project.
2368 		 */
2369 		if (projflag == 1) {
2370 			if ((pproj = getprojbyid(projid, &proj,
2371 			    (void *)&bufs.p.buf,
2372 			    sizeof (bufs.p.buf))) == NULL ||
2373 			    !inproj(e->u->name, pproj->pj_name,
2374 			    bufs.p.buf2, sizeof (bufs.p.buf2))) {
2375 				cron_unlink(at_cmdfile);
2376 				mail((e->u)->name, BADPROJID, ERR_CANTEXECAT);
2377 				exit(1);
2378 			}
2379 		}
2380 	}
2381 
2382 	/*
2383 	 * Put process in a new session, and create a new task.
2384 	 */
2385 	if (setsid() < 0) {
2386 		msg("setsid failed with errno = %d. job failed (%s)"
2387 		    " for user %s", errno, e->cmd, e->u->name);
2388 		if (e->etype != CRONEVENT)
2389 			cron_unlink(at_cmdfile);
2390 		exit(1);
2391 	}
2392 
2393 	/*
2394 	 * set correct user identification and check his account
2395 	 */
2396 	r = set_user_cred(e->u, pproj);
2397 	if (r == VUC_EXPIRED) {
2398 		msg("user (%s) account is expired", e->u->name);
2399 		audit_cron_user_acct_expired(e->u->name);
2400 		clean_out_user(e->u);
2401 		exit(1);
2402 	}
2403 	if (r == VUC_NEW_AUTH) {
2404 		msg("user (%s) password has expired", e->u->name);
2405 		audit_cron_user_acct_expired(e->u->name);
2406 		clean_out_user(e->u);
2407 		exit(1);
2408 	}
2409 	if (r != VUC_OK) {
2410 		msg("bad user (%s)", e->u->name);
2411 		audit_cron_bad_user(e->u->name);
2412 		clean_out_user(e->u);
2413 		exit(1);
2414 	}
2415 	/*
2416 	 * check user and initialize the supplementary group access list.
2417 	 * bugid 1230784: deleted from parent to avoid cron hang. Now
2418 	 * only child handles the call.
2419 	 */
2420 
2421 	if (verify_user_cred(e->u) != VUC_OK ||
2422 	    setgid(e->u->gid) == -1 ||
2423 	    initgroups(e->u->name, e->u->gid) == -1) {
2424 		msg("bad user (%s) or setgid failed (%s)",
2425 		    e->u->name, e->u->name);
2426 		audit_cron_bad_user(e->u->name);
2427 		clean_out_user(e->u);
2428 		exit(1);
2429 	}
2430 
2431 	if ((e->u)->uid == 0) { /* set default path */
2432 		/* path settable in defaults file */
2433 		envinit[2] = supath;
2434 	} else {
2435 		envinit[2] = path;
2436 	}
2437 
2438 	if (e->etype != CRONEVENT) {
2439 		r = audit_cron_session(e->u->name, NULL,
2440 		    e->u->uid, e->u->gid, at_cmdfile);
2441 		cron_unlink(at_cmdfile);
2442 	} else {
2443 		r = audit_cron_session(e->u->name, CRONDIR,
2444 		    e->u->uid, e->u->gid, NULL);
2445 	}
2446 	if (r != 0) {
2447 		msg("cron audit problem. job failed (%s) for user %s",
2448 		    e->cmd, e->u->name);
2449 		exit(1);
2450 	}
2451 
2452 	audit_cron_new_job(e->cmd, e->etype, (void *)e);
2453 
2454 	if (setuid(e->u->uid) == -1)  {
2455 		msg("setuid failed (%s)", e->u->name);
2456 		clean_out_user(e->u);
2457 		exit(1);
2458 	}
2459 
2460 	if (e->etype == CRONEVENT) {
2461 		/* check for standard input to command	*/
2462 		if (e->of.ct.input != NULL) {
2463 			if ((tmpfile = strdup(TMPINFILE)) == NULL) {
2464 				mail((e->u)->name, MALLOCERR,
2465 				    ERR_CANTEXECCRON);
2466 				exit(1);
2467 			}
2468 			if ((fd = mkstemp(tmpfile)) == -1 ||
2469 			    (fptr = fdopen(fd, "w")) == NULL) {
2470 				mail((e->u)->name, NOSTDIN,
2471 				    ERR_CANTEXECCRON);
2472 				cron_unlink(tmpfile);
2473 				free(tmpfile);
2474 				exit(1);
2475 			}
2476 			if ((fwrite(e->of.ct.input, sizeof (char),
2477 			    strlen(e->of.ct.input), fptr)) !=
2478 			    strlen(e->of.ct.input)) {
2479 				mail((e->u)->name, NOSTDIN, ERR_CANTEXECCRON);
2480 				cron_unlink(tmpfile);
2481 				free(tmpfile);
2482 				(void) close(fd);
2483 				(void) fclose(fptr);
2484 				exit(1);
2485 			}
2486 			if (fseek(fptr, (off_t)0, SEEK_SET) != -1) {
2487 				if (fd != 0) {
2488 					(void) dup2(fd, 0);
2489 					(void) close(fd);
2490 				}
2491 			}
2492 			cron_unlink(tmpfile);
2493 			free(tmpfile);
2494 			(void) fclose(fptr);
2495 		} else if ((fd = open("/dev/null", O_RDONLY)) > 0) {
2496 			(void) dup2(fd, 0);
2497 			(void) close(fd);
2498 		}
2499 	}
2500 
2501 	/* redirect stdout and stderr for the shell	*/
2502 	if ((fd = open(rp->outfile, O_WRONLY|O_CREAT|O_EXCL, OUTMODE)) == 1)
2503 		fd = open("/dev/null", O_WRONLY);
2504 
2505 	if (fd >= 0 && fd != 1)
2506 		(void) dup2(fd, 1);
2507 
2508 	if (fd >= 0 && fd != 2) {
2509 		(void) dup2(fd, 2);
2510 		if (fd != 1)
2511 			(void) close(fd);
2512 	}
2513 
2514 	if (e->etype == CRONEVENT && e->of.ct.home != NULL) {
2515 		home = (char *)get_obj(e->of.ct.home);
2516 	} else {
2517 		home = (e->u)->home;
2518 	}
2519 	(void) strlcat(homedir, home, sizeof (homedir));
2520 	(void) strlcat(logname, (e->u)->name, sizeof (logname));
2521 	environ = envinit;
2522 	if (chdir(home) == -1) {
2523 		snprintf(bufs.error, sizeof (bufs.error), CANTCDHOME, home);
2524 		mail((e->u)->name, bufs.error,
2525 		    e->etype == CRONEVENT ? ERR_CANTEXECCRON :
2526 		    ERR_CANTEXECAT);
2527 		exit(1);
2528 	}
2529 #ifdef TESTING
2530 	exit(1);
2531 #endif
2532 	/*
2533 	 * make sure that all file descriptors EXCEPT 0, 1 and 2
2534 	 * will be closed.
2535 	 */
2536 	closefrom(3);
2537 
2538 	if ((e->u)->uid != 0)
2539 		(void) nice(qp->nice);
2540 	if (e->etype == CRONEVENT) {
2541 		if (e->of.ct.tz) {
2542 			(void) putenv((char *)get_obj(e->of.ct.tz));
2543 		}
2544 		if (e->of.ct.shell) {
2545 			char *name;
2546 
2547 			sh = (char *)get_obj(e->of.ct.shell);
2548 			name = strrchr(sh, '/');
2549 			if (name == NULL)
2550 				name = sh;
2551 			else
2552 				name++;
2553 
2554 			(void) putenv(sh);
2555 			sh += strlen(ENV_SHELL);
2556 			(void) execl(sh, name, "-c", e->cmd, 0);
2557 		} else {
2558 			(void) execl(SHELL, "sh", "-c", e->cmd, 0);
2559 			sh = SHELL;
2560 		}
2561 	} else {		/* type == ATEVENT */
2562 		(void) execl(SHELL, "sh", 0);
2563 		sh = SHELL;
2564 	}
2565 	snprintf(bufs.error, sizeof (bufs.error), CANTEXECSH, sh);
2566 	mail((e->u)->name, bufs.error,
2567 	    e->etype == CRONEVENT ? ERR_CANTEXECCRON : ERR_CANTEXECAT);
2568 	exit(1);
2569 	/*NOTREACHED*/
2570 }
2571 
2572 /*
2573  * Main idle loop.
2574  * When timed out to run the job, return 0.
2575  * If for some reasons we need to reschedule jobs, return 1.
2576  */
2577 static int
idle(long t)2578 idle(long t)
2579 {
2580 	time_t	now;
2581 
2582 	refresh = 0;
2583 
2584 	while (t > 0L) {
2585 		if (msg_wait(t) != 0) {
2586 			/* we need to run next job immediately */
2587 			return (0);
2588 		}
2589 
2590 		reap_child();
2591 
2592 		if (refresh) {
2593 			/* We got THAW or REFRESH message  */
2594 			return (1);
2595 		}
2596 
2597 		now = time(NULL);
2598 		if (last_time > now) {
2599 			/* clock has been reset to backward */
2600 			return (1);
2601 		}
2602 
2603 		if (next_event == NULL && !el_empty()) {
2604 			next_event = (struct event *)el_first();
2605 		}
2606 
2607 		if (next_event == NULL)
2608 			t = INFINITY;
2609 		else
2610 			t = (long)next_event->time - now;
2611 	}
2612 	return (0);
2613 }
2614 
2615 /*
2616  * This used to be in the idle(), but moved to the separate function.
2617  * This called from various place when cron needs to reap the
2618  * child. It includes the situation that cron hit maxrun, and needs
2619  * to reschedule the job.
2620  */
2621 static void
reap_child()2622 reap_child()
2623 {
2624 	pid_t	pid;
2625 	int	prc;
2626 	struct	runinfo	*rp;
2627 
2628 	for (;;) {
2629 		pid = waitpid((pid_t)-1, &prc, WNOHANG);
2630 		if (pid <= 0)
2631 			break;
2632 #ifdef DEBUG
2633 		fprintf(stderr,
2634 		    "wait returned %x for process %d\n", prc, pid);
2635 #endif
2636 		if ((rp = rinfo_get(pid)) == NULL) {
2637 			if (miscpid_delete(pid) == 0) {
2638 				/* not found in anywhere */
2639 				msg(PIDERR, pid);
2640 			}
2641 		} else if (rp->que == ZOMB) {
2642 			(void) unlink(rp->outfile);
2643 			rinfo_free(rp);
2644 		} else {
2645 			cleanup(rp, prc);
2646 		}
2647 	}
2648 }
2649 
2650 static void
cleanup(struct runinfo * pr,int rc)2651 cleanup(struct runinfo *pr, int rc)
2652 {
2653 	int	nextfork = 1;
2654 	struct	usr	*p;
2655 	struct	stat	buf;
2656 
2657 	logit(ECHAR, pr, rc);
2658 	--qt[pr->que].nrun;
2659 	p = pr->rusr;
2660 	if (pr->que != CRONEVENT)
2661 		--p->aruncnt;
2662 	else
2663 		--p->cruncnt;
2664 
2665 	if (lstat(pr->outfile, &buf) == 0) {
2666 		if (!S_ISLNK(buf.st_mode) &&
2667 		    (buf.st_size > 0 || pr->mailwhendone)) {
2668 			/* mail user stdout and stderr */
2669 			for (;;) {
2670 				if ((pr->pid = fork()) < 0) {
2671 					/*
2672 					 * if fork fails try forever in doubling
2673 					 * retry times, up to 16 seconds
2674 					 */
2675 					(void) sleep(nextfork);
2676 					if (nextfork < 16)
2677 						nextfork += nextfork;
2678 					continue;
2679 				} else if (pr->pid == 0) {
2680 					child_sigreset();
2681 					contract_clear_template();
2682 
2683 					mail_result(p, pr, buf.st_size);
2684 					/* NOTREACHED */
2685 				} else {
2686 					contract_abandon_latest(pr->pid);
2687 					pr->que = ZOMB;
2688 					break;
2689 				}
2690 			}
2691 		} else {
2692 			(void) unlink(pr->outfile);
2693 			rinfo_free(pr);
2694 		}
2695 	} else {
2696 		rinfo_free(pr);
2697 	}
2698 
2699 	free_if_unused(p);
2700 }
2701 
2702 /*
2703  * Mail stdout and stderr of a job to user. Get uid for real user and become
2704  * that person. We do this so that mail won't come from root since this
2705  * could be a security hole. If failure, quit - don't send mail as root.
2706  */
2707 static void
mail_result(struct usr * p,struct runinfo * pr,size_t filesize)2708 mail_result(struct usr *p, struct runinfo *pr, size_t filesize)
2709 {
2710 	struct	passwd	*ruser_ids;
2711 	FILE	*mailpipe;
2712 	FILE	*st;
2713 	struct utsname	name;
2714 	int	nbytes;
2715 	char	iobuf[BUFSIZ];
2716 	char	*cmd;
2717 	char	*lowname = (pr->jobtype == CRONEVENT ? "cron" : "at");
2718 
2719 	(void) uname(&name);
2720 	if ((ruser_ids = getpwnam(p->name)) == NULL)
2721 		exit(0);
2722 	(void) setuid(ruser_ids->pw_uid);
2723 
2724 	cmd = xmalloc(strlen(MAIL) + strlen(p->name)+2);
2725 	(void) sprintf(cmd, "%s %s", MAIL, p->name);
2726 	mailpipe = popen(cmd, "w");
2727 	free(cmd);
2728 	if (mailpipe == NULL)
2729 		exit(127);
2730 	(void) fprintf(mailpipe, "To: %s\n", p->name);
2731 	(void) fprintf(mailpipe, "Subject: %s <%s@%s> %s\n",
2732 	    (pr->jobtype == CRONEVENT ? "Cron" : "At"),
2733 	    p->name, name.nodename, pr->jobname);
2734 
2735 	/*
2736 	 * RFC3834 (Section 5) defines the Auto-Submitted header to prevent
2737 	 * vacation replies, et al, from being sent in response to
2738 	 * machine-generated mail.
2739 	 */
2740 	(void) fprintf(mailpipe, "Auto-Submitted: auto-generated\n");
2741 
2742 	/*
2743 	 * Additional headers for mail filtering and diagnostics:
2744 	 */
2745 	(void) fprintf(mailpipe, "X-Mailer: cron (%s %s)\n", name.sysname,
2746 	    name.release);
2747 	(void) fprintf(mailpipe, "X-Cron-User: %s\n", p->name);
2748 	(void) fprintf(mailpipe, "X-Cron-Host: %s\n", name.nodename);
2749 	(void) fprintf(mailpipe, "X-Cron-Job-Name: %s\n", pr->jobname);
2750 	(void) fprintf(mailpipe, "X-Cron-Job-Type: %s\n", lowname);
2751 
2752 	/*
2753 	 * Message Body:
2754 	 *
2755 	 * (Temporary file is fopen'ed with "r", secure open.)
2756 	 */
2757 	(void) fprintf(mailpipe, "\n");
2758 	if (filesize > 0 &&
2759 	    (st = fopen(pr->outfile, "r")) != NULL) {
2760 		while ((nbytes = fread(iobuf, sizeof (char), BUFSIZ, st)) != 0)
2761 			(void) fwrite(iobuf, sizeof (char), nbytes, mailpipe);
2762 		(void) fclose(st);
2763 	} else {
2764 		(void) fprintf(mailpipe, "Job completed with no output.\n");
2765 	}
2766 	(void) pclose(mailpipe);
2767 	exit(0);
2768 }
2769 
2770 static int
msg_wait(long tim)2771 msg_wait(long tim)
2772 {
2773 	struct	message	msg;
2774 	int	cnt;
2775 	time_t	reftime;
2776 	fd_set	fds;
2777 	struct timespec tout, *toutp;
2778 	static int	pending_msg;
2779 	static time_t	pending_reftime;
2780 
2781 	if (pending_msg) {
2782 		process_msg(&msgbuf, pending_reftime);
2783 		pending_msg = 0;
2784 		return (0);
2785 	}
2786 
2787 	FD_ZERO(&fds);
2788 	FD_SET(msgfd, &fds);
2789 
2790 	toutp = NULL;
2791 	if (tim != INFINITY) {
2792 #ifdef CRON_MAXSLEEP
2793 		/*
2794 		 * CRON_MAXSLEEP can be defined to have cron periodically wake
2795 		 * up, so that cron can detect a change of TOD and adjust the
2796 		 * sleep time more frequently.
2797 		 */
2798 		tim = (tim > CRON_MAXSLEEP) ? CRON_MAXSLEEP : tim;
2799 #endif
2800 		tout.tv_nsec = 0;
2801 		tout.tv_sec = tim;
2802 		toutp = &tout;
2803 	}
2804 
2805 	cnt = pselect(msgfd + 1, &fds, NULL, NULL, toutp, &defmask);
2806 	if (cnt == -1 && errno != EINTR)
2807 		perror("! pselect");
2808 
2809 	/* pselect timeout or interrupted */
2810 	if (cnt <= 0)
2811 		return (0);
2812 
2813 	errno = 0;
2814 	if ((cnt = read(msgfd, &msg, sizeof (msg))) != sizeof (msg)) {
2815 		if (cnt != -1 || errno != EAGAIN)
2816 			perror("! read");
2817 		return (0);
2818 	}
2819 	reftime = time(NULL);
2820 	if (next_event != NULL && reftime >= next_event->time) {
2821 		/*
2822 		 * we need to run the job before reloading crontab.
2823 		 */
2824 		(void) memcpy(&msgbuf, &msg, sizeof (msg));
2825 		pending_msg = 1;
2826 		pending_reftime = reftime;
2827 		return (1);
2828 	}
2829 	process_msg(&msg, reftime);
2830 	return (0);
2831 }
2832 
2833 /*
2834  * process the message supplied via pipe. This will be called either
2835  * immediately after cron read the message from pipe, or idle time
2836  * if the message was pending due to the job execution.
2837  */
2838 static void
process_msg(struct message * pmsg,time_t reftime)2839 process_msg(struct message *pmsg, time_t reftime)
2840 {
2841 	if (pmsg->etype == NULL)
2842 		return;
2843 
2844 	switch (pmsg->etype) {
2845 	case AT:
2846 		if (pmsg->action == DELETE)
2847 			del_atjob(pmsg->fname, pmsg->logname);
2848 		else
2849 			mod_atjob(pmsg->fname, (time_t)0);
2850 		break;
2851 	case CRON:
2852 		if (pmsg->action == DELETE)
2853 			del_ctab(pmsg->fname);
2854 		else
2855 			mod_ctab(pmsg->fname, reftime);
2856 		break;
2857 	case REFRESH:
2858 		refresh = 1;
2859 		pmsg->etype = 0;
2860 		return;
2861 	default:
2862 		msg("message received - bad format");
2863 		break;
2864 	}
2865 	if (next_event != NULL) {
2866 		if (next_event->etype == CRONEVENT) {
2867 			switch (el_add(next_event, next_event->time,
2868 			    (next_event->u)->ctid)) {
2869 			case -1:
2870 				ignore_msg("process_msg", "cron", next_event);
2871 				break;
2872 			case -2: /* event time lower than init time */
2873 				reset_needed = 1;
2874 				break;
2875 			}
2876 		} else { /* etype == ATEVENT */
2877 			if (el_add(next_event, next_event->time,
2878 			    next_event->of.at.eventid) < 0) {
2879 				ignore_msg("process_msg", "at", next_event);
2880 			}
2881 		}
2882 		next_event = NULL;
2883 	}
2884 	(void) fflush(stdout);
2885 	pmsg->etype = 0;
2886 }
2887 
2888 /*
2889  * Allocate a new or find an existing runinfo structure
2890  */
2891 static struct runinfo *
rinfo_get(pid_t pid)2892 rinfo_get(pid_t pid)
2893 {
2894 	struct runinfo *rp;
2895 
2896 	if (pid == 0) {		/* allocate a new entry */
2897 		rp = xcalloc(1, sizeof (struct runinfo));
2898 		rp->next = rthead;	/* link the entry into the list */
2899 		rthead = rp;
2900 		return (rp);
2901 	}
2902 	/* search the list for an existing entry */
2903 	for (rp = rthead; rp != NULL; rp = rp->next) {
2904 		if (rp->pid == pid)
2905 			break;
2906 	}
2907 	return (rp);
2908 }
2909 
2910 /*
2911  * Free a runinfo structure and its associated memory
2912  */
2913 static void
rinfo_free(struct runinfo * entry)2914 rinfo_free(struct runinfo *entry)
2915 {
2916 	struct runinfo **rpp;
2917 	struct runinfo *rp;
2918 
2919 #ifdef DEBUG
2920 	(void) fprintf(stderr, "freeing job %s\n", entry->jobname);
2921 #endif
2922 	for (rpp = &rthead; (rp = *rpp) != NULL; rpp = &rp->next) {
2923 		if (rp == entry) {
2924 			*rpp = rp->next;	/* unlink the entry */
2925 			free(rp->outfile);
2926 			free(rp->jobname);
2927 			free(rp);
2928 			break;
2929 		}
2930 	}
2931 }
2932 
2933 /* ARGSUSED */
2934 static void
thaw_handler(int sig)2935 thaw_handler(int sig)
2936 {
2937 	refresh = 1;
2938 }
2939 
2940 
2941 /* ARGSUSED */
2942 static void
cronend(int sig)2943 cronend(int sig)
2944 {
2945 	crabort("SIGTERM", REMOVE_FIFO);
2946 }
2947 
2948 /*ARGSUSED*/
2949 static void
child_handler(int sig)2950 child_handler(int sig)
2951 {
2952 	;
2953 }
2954 
2955 static void
child_sigreset(void)2956 child_sigreset(void)
2957 {
2958 	(void) signal(SIGCLD, SIG_DFL);
2959 	(void) sigprocmask(SIG_SETMASK, &defmask, NULL);
2960 }
2961 
2962 /*
2963  * crabort() - handle exits out of cron
2964  */
2965 static void
crabort(char * mssg,int action)2966 crabort(char *mssg, int action)
2967 {
2968 	int	c;
2969 
2970 	if (action & REMOVE_FIFO) {
2971 		/* FIFO vanishes when cron finishes */
2972 		if (unlink(FIFO) < 0)
2973 			perror("cron could not unlink FIFO");
2974 	}
2975 
2976 	if (action & CONSOLE_MSG) {
2977 		/* write error msg to console */
2978 		if ((c = open(CONSOLE, O_WRONLY)) >= 0) {
2979 			(void) write(c, "cron aborted: ", 14);
2980 			(void) write(c, mssg, strlen(mssg));
2981 			(void) write(c, "\n", 1);
2982 			(void) close(c);
2983 		}
2984 	}
2985 
2986 	/* always log the message */
2987 	msg(mssg);
2988 	msg("******* CRON ABORTED ********");
2989 	exit(1);
2990 }
2991 
2992 /*
2993  * msg() - time-stamped error reporting function
2994  */
2995 /*PRINTFLIKE1*/
2996 static void
msg(char * fmt,...)2997 msg(char *fmt, ...)
2998 {
2999 	va_list args;
3000 	time_t	t;
3001 
3002 	t = time(NULL);
3003 
3004 	(void) fflush(stdout);
3005 
3006 	(void) fprintf(stderr, "! ");
3007 
3008 	va_start(args, fmt);
3009 	(void) vfprintf(stderr, fmt, args);
3010 	va_end(args);
3011 
3012 	(void) strftime(timebuf, sizeof (timebuf), FORMAT, localtime(&t));
3013 	(void) fprintf(stderr, " %s\n", timebuf);
3014 
3015 	(void) fflush(stderr);
3016 }
3017 
3018 static void
ignore_msg(char * func_name,char * job_type,struct event * event)3019 ignore_msg(char *func_name, char *job_type, struct event *event)
3020 {
3021 	msg("%s: ignoring %s job (user: %s, cmd: %s, time: %ld)",
3022 	    func_name, job_type,
3023 	    event->u->name ? event->u->name : "unknown",
3024 	    event->cmd ? event->cmd : "unknown",
3025 	    event->time);
3026 }
3027 
3028 static void
logit(int cc,struct runinfo * rp,int rc)3029 logit(int cc, struct runinfo *rp, int rc)
3030 {
3031 	time_t t;
3032 	int    ret;
3033 
3034 	if (!log)
3035 		return;
3036 
3037 	t = time(NULL);
3038 	if (cc == BCHAR)
3039 		(void) printf("%c  CMD: %s\n", cc, next_event->cmd);
3040 	(void) strftime(timebuf, sizeof (timebuf), FORMAT, localtime(&t));
3041 	(void) printf("%c  %s %u %c %s",
3042 	    cc, (rp->rusr)->name, rp->pid, QUE(rp->que), timebuf);
3043 	if ((ret = TSTAT(rc)) != 0)
3044 		(void) printf(" ts=%d", ret);
3045 	if ((ret = RCODE(rc)) != 0)
3046 		(void) printf(" rc=%d", ret);
3047 	(void) putchar('\n');
3048 	(void) fflush(stdout);
3049 }
3050 
3051 static void
resched(int delay)3052 resched(int delay)
3053 {
3054 	time_t	nt;
3055 
3056 	/* run job at a later time */
3057 	nt = next_event->time + delay;
3058 	if (next_event->etype == CRONEVENT) {
3059 		next_event->time = next_time(next_event, (time_t)0);
3060 		if (nt < next_event->time)
3061 			next_event->time = nt;
3062 		switch (el_add(next_event, next_event->time,
3063 		    (next_event->u)->ctid)) {
3064 		case -1:
3065 			ignore_msg("resched", "cron", next_event);
3066 			break;
3067 		case -2: /* event time lower than init time */
3068 			reset_needed = 1;
3069 			break;
3070 		}
3071 		delayed = 1;
3072 		msg("rescheduling a cron job");
3073 		return;
3074 	}
3075 	add_atevent(next_event->u, next_event->cmd, nt, next_event->etype);
3076 	msg("rescheduling at job");
3077 }
3078 
3079 static void
quedefs(int action)3080 quedefs(int action)
3081 {
3082 	int	i;
3083 	int	j;
3084 	char	qbuf[QBUFSIZ];
3085 	FILE	*fd;
3086 
3087 	/* set up default queue definitions */
3088 	for (i = 0; i < NQUEUE; i++) {
3089 		qt[i].njob = qd.njob;
3090 		qt[i].nice = qd.nice;
3091 		qt[i].nwait = qd.nwait;
3092 	}
3093 	if (action == DEFAULT)
3094 		return;
3095 	if ((fd = fopen(QUEDEFS, "r")) == NULL) {
3096 		msg("cannot open quedefs file");
3097 		msg("using default queue definitions");
3098 		return;
3099 	}
3100 	while (fgets(qbuf, QBUFSIZ, fd) != NULL) {
3101 		if ((j = qbuf[0]-'a') < 0 || j >= NQUEUE || qbuf[1] != '.')
3102 			continue;
3103 		parsqdef(&qbuf[2]);
3104 		qt[j].njob = qq.njob;
3105 		qt[j].nice = qq.nice;
3106 		qt[j].nwait = qq.nwait;
3107 	}
3108 	(void) fclose(fd);
3109 }
3110 
3111 static void
parsqdef(char * name)3112 parsqdef(char *name)
3113 {
3114 	int i;
3115 
3116 	qq = qd;
3117 	while (*name) {
3118 		i = 0;
3119 		while (isdigit(*name)) {
3120 			i *= 10;
3121 			i += *name++ - '0';
3122 		}
3123 		switch (*name++) {
3124 		case JOBF:
3125 			qq.njob = i;
3126 			break;
3127 		case NICEF:
3128 			qq.nice = i;
3129 			break;
3130 		case WAITF:
3131 			qq.nwait = i;
3132 			break;
3133 		}
3134 	}
3135 }
3136 
3137 /*
3138  * defaults - read defaults from /etc/default/cron
3139  */
3140 static void
defaults()3141 defaults()
3142 {
3143 	int  flags;
3144 	char *deflog;
3145 	char *hz, *tz;
3146 
3147 	/*
3148 	 * get HZ value for environment
3149 	 */
3150 	if ((hz = getenv("HZ")) == (char *)NULL)
3151 		(void) sprintf(hzname, "HZ=%d", HZ);
3152 	else
3153 		(void) snprintf(hzname, sizeof (hzname), "HZ=%s", hz);
3154 	/*
3155 	 * get TZ value for environment
3156 	 */
3157 	(void) snprintf(tzone, sizeof (tzone), "TZ=%s",
3158 	    ((tz = getenv("TZ")) != NULL) ? tz : DEFTZ);
3159 
3160 	if (defopen(DEFFILE) == 0) {
3161 		/* ignore case */
3162 		flags = defcntl(DC_GETFLAGS, 0);
3163 		TURNOFF(flags, DC_CASE);
3164 		(void) defcntl(DC_SETFLAGS, flags);
3165 
3166 		if (((deflog = defread("CRONLOG=")) == NULL) ||
3167 		    (*deflog == 'N') || (*deflog == 'n'))
3168 			log = 0;
3169 		else
3170 			log = 1;
3171 		/* fix for 1087611 - allow paths to be set in defaults file */
3172 		if ((Def_path = defread("PATH=")) != NULL) {
3173 			(void) strlcat(path, Def_path, LINE_MAX);
3174 		} else {
3175 			(void) strlcpy(path, NONROOTPATH, LINE_MAX);
3176 		}
3177 		if ((Def_supath = defread("SUPATH=")) != NULL) {
3178 			(void) strlcat(supath, Def_supath, LINE_MAX);
3179 		} else {
3180 			(void) strlcpy(supath, ROOTPATH, LINE_MAX);
3181 		}
3182 		(void) defopen(NULL);
3183 	}
3184 }
3185 
3186 /*
3187  * Determine if a user entry for a job is still ok.  The method used here
3188  * is a lot (about 75x) faster than using setgrent() / getgrent()
3189  * endgrent().  It should be safe because we use the sysconf to determine
3190  * the max, and it tolerates the max being 0.
3191  */
3192 
3193 static int
verify_user_cred(struct usr * u)3194 verify_user_cred(struct usr *u)
3195 {
3196 	struct passwd *pw;
3197 	size_t numUsrGrps = 0;
3198 	size_t numOrigGrps = 0;
3199 	size_t i;
3200 	int retval;
3201 
3202 	/*
3203 	 * Maximum number of groups a user may be in concurrently.  This
3204 	 * is a value which we obtain at runtime through a sysconf()
3205 	 * call.
3206 	 */
3207 
3208 	static size_t nGroupsMax = (size_t)-1;
3209 
3210 	/*
3211 	 * Arrays for cron user's group list, constructed at startup to
3212 	 * be nGroupsMax elements long, used for verifying user
3213 	 * credentials prior to execution.
3214 	 */
3215 
3216 	static gid_t *UsrGrps;
3217 	static gid_t *OrigGrps;
3218 
3219 	if ((pw = getpwnam(u->name)) == NULL)
3220 		return (VUC_BADUSER);
3221 	if (u->home != NULL) {
3222 		if (strcmp(u->home, pw->pw_dir) != 0) {
3223 			free(u->home);
3224 			u->home = xmalloc(strlen(pw->pw_dir) + 1);
3225 			(void) strcpy(u->home, pw->pw_dir);
3226 		}
3227 	} else {
3228 		u->home = xmalloc(strlen(pw->pw_dir) + 1);
3229 		(void) strcpy(u->home, pw->pw_dir);
3230 	}
3231 	if (u->uid != pw->pw_uid)
3232 		u->uid = pw->pw_uid;
3233 	if (u->gid != pw->pw_gid)
3234 		u->gid  = pw->pw_gid;
3235 
3236 	/*
3237 	 * Create the group id lists needed for job credential
3238 	 * verification.
3239 	 */
3240 
3241 	if (nGroupsMax == (size_t)-1) {
3242 		if ((nGroupsMax = sysconf(_SC_NGROUPS_MAX)) > 0) {
3243 			UsrGrps = xcalloc(nGroupsMax, sizeof (gid_t));
3244 			OrigGrps = xcalloc(nGroupsMax, sizeof (gid_t));
3245 		}
3246 
3247 #ifdef DEBUG
3248 		(void) fprintf(stderr, "nGroupsMax = %ld\n", nGroupsMax);
3249 #endif
3250 	}
3251 
3252 #ifdef DEBUG
3253 	(void) fprintf(stderr, "verify_user_cred (%s-%d)\n", pw->pw_name,
3254 	    pw->pw_uid);
3255 	(void) fprintf(stderr, "verify_user_cred: pw->pw_gid = %d, "
3256 	    "u->gid = %d\n", pw->pw_gid, u->gid);
3257 #endif
3258 
3259 	retval = (u->gid == pw->pw_gid) ? VUC_OK : VUC_NOTINGROUP;
3260 
3261 	if (nGroupsMax > 0) {
3262 		numOrigGrps = getgroups(nGroupsMax, OrigGrps);
3263 
3264 		(void) initgroups(pw->pw_name, pw->pw_gid);
3265 		numUsrGrps = getgroups(nGroupsMax, UsrGrps);
3266 
3267 		for (i = 0; i < numUsrGrps; i++) {
3268 			if (UsrGrps[i] == u->gid) {
3269 				retval = VUC_OK;
3270 				break;
3271 			}
3272 		}
3273 
3274 		if (OrigGrps) {
3275 			(void) setgroups(numOrigGrps, OrigGrps);
3276 		}
3277 	}
3278 
3279 #ifdef DEBUG
3280 	(void) fprintf(stderr, "verify_user_cred: VUC = %d\n", retval);
3281 #endif
3282 
3283 	return (retval);
3284 }
3285 
3286 static int
set_user_cred(const struct usr * u,struct project * pproj)3287 set_user_cred(const struct usr *u, struct project *pproj)
3288 {
3289 	static char *progname = "cron";
3290 	int r = 0, rval = 0;
3291 
3292 	if ((r = pam_start(progname, u->name, &pam_conv, &pamh))
3293 	    != PAM_SUCCESS) {
3294 #ifdef DEBUG
3295 		msg("pam_start returns %d\n", r);
3296 #endif
3297 		rval = VUC_BADUSER;
3298 		goto set_eser_cred_exit;
3299 	}
3300 
3301 	r = pam_acct_mgmt(pamh, 0);
3302 #ifdef DEBUG
3303 	msg("pam_acc_mgmt returns %d\n", r);
3304 #endif
3305 	if (r == PAM_ACCT_EXPIRED) {
3306 		rval = VUC_EXPIRED;
3307 		goto set_eser_cred_exit;
3308 	}
3309 	if (r == PAM_NEW_AUTHTOK_REQD) {
3310 		rval = VUC_NEW_AUTH;
3311 		goto set_eser_cred_exit;
3312 	}
3313 	if (r != PAM_SUCCESS) {
3314 		rval = VUC_BADUSER;
3315 		goto set_eser_cred_exit;
3316 	}
3317 
3318 	if (pproj != NULL) {
3319 		size_t sz = sizeof (PROJECT) + strlen(pproj->pj_name);
3320 		char *buf = alloca(sz);
3321 
3322 		(void) snprintf(buf, sz, PROJECT "%s", pproj->pj_name);
3323 		(void) pam_set_item(pamh, PAM_RESOURCE, buf);
3324 	}
3325 
3326 	r = pam_setcred(pamh, PAM_ESTABLISH_CRED);
3327 	if (r != PAM_SUCCESS)
3328 		rval = VUC_BADUSER;
3329 
3330 set_eser_cred_exit:
3331 	(void) pam_end(pamh, r);
3332 	return (rval);
3333 }
3334 
3335 static void
clean_out_user(struct usr * u)3336 clean_out_user(struct usr *u)
3337 {
3338 	if (next_event->u == u) {
3339 		next_event = NULL;
3340 	}
3341 
3342 	clean_out_ctab(u);
3343 	clean_out_atjobs(u);
3344 	free_if_unused(u);
3345 }
3346 
3347 static void
clean_out_atjobs(struct usr * u)3348 clean_out_atjobs(struct usr *u)
3349 {
3350 	struct event *ev, *pv;
3351 
3352 	for (pv = NULL, ev = u->atevents;
3353 	    ev != NULL;
3354 	    pv = ev, ev = ev->link, free(pv)) {
3355 		el_remove(ev->of.at.eventid, 1);
3356 		if (cwd == AT)
3357 			cron_unlink(ev->cmd);
3358 		else {
3359 			char buf[PATH_MAX];
3360 			if (strlen(ATDIR) + strlen(ev->cmd) + 2
3361 			    < PATH_MAX) {
3362 				(void) sprintf(buf, "%s/%s", ATDIR, ev->cmd);
3363 				cron_unlink(buf);
3364 			}
3365 		}
3366 		free(ev->cmd);
3367 	}
3368 
3369 	u->atevents = NULL;
3370 }
3371 
3372 static void
clean_out_ctab(struct usr * u)3373 clean_out_ctab(struct usr *u)
3374 {
3375 	rm_ctevents(u);
3376 	el_remove(u->ctid, 0);
3377 	u->ctid = 0;
3378 	u->ctexists = 0;
3379 }
3380 
3381 static void
cron_unlink(char * name)3382 cron_unlink(char *name)
3383 {
3384 	int r;
3385 
3386 	r = unlink(name);
3387 	if (r == 0 || (r == -1 && errno == ENOENT)) {
3388 		(void) audit_cron_delete_anc_file(name, NULL);
3389 	}
3390 }
3391 
3392 static void
create_anc_ctab(struct event * e)3393 create_anc_ctab(struct event *e)
3394 {
3395 	if (audit_cron_create_anc_file(e->u->name,
3396 	    (cwd == CRON) ? NULL:CRONDIR,
3397 	    e->u->name, e->u->uid) == -1) {
3398 		process_anc_files(CRON_ANC_DELETE);
3399 		crabort("cannot create ancillary files for crontabs",
3400 		    REMOVE_FIFO|CONSOLE_MSG);
3401 	}
3402 }
3403 
3404 static void
delete_anc_ctab(struct event * e)3405 delete_anc_ctab(struct event *e)
3406 {
3407 	(void) audit_cron_delete_anc_file(e->u->name,
3408 	    (cwd == CRON) ? NULL:CRONDIR);
3409 }
3410 
3411 static void
create_anc_atjob(struct event * e)3412 create_anc_atjob(struct event *e)
3413 {
3414 	if (!e->of.at.exists)
3415 		return;
3416 
3417 	if (audit_cron_create_anc_file(e->cmd,
3418 	    (cwd == AT) ? NULL:ATDIR,
3419 	    e->u->name, e->u->uid) == -1) {
3420 		process_anc_files(CRON_ANC_DELETE);
3421 		crabort("cannot create ancillary files for atjobs",
3422 		    REMOVE_FIFO|CONSOLE_MSG);
3423 	}
3424 }
3425 
3426 static void
delete_anc_atjob(struct event * e)3427 delete_anc_atjob(struct event *e)
3428 {
3429 	if (!e->of.at.exists)
3430 		return;
3431 
3432 	(void) audit_cron_delete_anc_file(e->cmd,
3433 	    (cwd == AT) ? NULL:ATDIR);
3434 }
3435 
3436 
3437 static void
process_anc_files(int del)3438 process_anc_files(int del)
3439 {
3440 	struct usr	*u = uhead;
3441 	struct event	*e;
3442 
3443 	if (!audit_cron_mode())
3444 		return;
3445 
3446 	for (;;) {
3447 		if (u->ctexists && u->ctevents != NULL) {
3448 			e = u->ctevents;
3449 			for (;;) {
3450 				if (del)
3451 					delete_anc_ctab(e);
3452 				else
3453 					create_anc_ctab(e);
3454 				if ((e = e->link) == NULL)
3455 					break;
3456 			}
3457 		}
3458 
3459 		if (u->atevents != NULL) {
3460 			e = u->atevents;
3461 			for (;;) {
3462 				if (del)
3463 					delete_anc_atjob(e);
3464 				else
3465 					create_anc_atjob(e);
3466 				if ((e = e->link) == NULL)
3467 					break;
3468 			}
3469 		}
3470 
3471 		if ((u = u->nextusr)  == NULL)
3472 			break;
3473 	}
3474 }
3475 
3476 /*ARGSUSED*/
3477 static int
cron_conv(int num_msg,struct pam_message ** msgs,struct pam_response ** response,void * appdata_ptr)3478 cron_conv(int num_msg, struct pam_message **msgs,
3479     struct pam_response **response, void *appdata_ptr)
3480 {
3481 	struct pam_message	**m = msgs;
3482 	int i;
3483 
3484 	for (i = 0; i < num_msg; i++) {
3485 		switch (m[i]->msg_style) {
3486 		case PAM_ERROR_MSG:
3487 		case PAM_TEXT_INFO:
3488 			if (m[i]->msg != NULL) {
3489 				(void) msg("%s\n", m[i]->msg);
3490 			}
3491 			break;
3492 
3493 		default:
3494 			break;
3495 		}
3496 	}
3497 	return (0);
3498 }
3499 
3500 /*
3501  * Cron creates process for other than job. Mail process is the
3502  * one which rinfo does not cover. Therefore, miscpid will keep
3503  * track of the pids executed from cron. Otherwise, we will see
3504  * "unexpected pid returned.." messages appear in the log file.
3505  */
3506 static void
miscpid_insert(pid_t pid)3507 miscpid_insert(pid_t pid)
3508 {
3509 	struct miscpid *mp;
3510 
3511 	mp = xmalloc(sizeof (*mp));
3512 	mp->pid = pid;
3513 	mp->next = miscpid_head;
3514 	miscpid_head = mp;
3515 }
3516 
3517 static int
miscpid_delete(pid_t pid)3518 miscpid_delete(pid_t pid)
3519 {
3520 	struct miscpid *mp, *omp;
3521 	int found = 0;
3522 
3523 	omp = NULL;
3524 	for (mp = miscpid_head; mp != NULL; mp = mp->next) {
3525 		if (mp->pid == pid) {
3526 			found = 1;
3527 			break;
3528 		}
3529 		omp = mp;
3530 	}
3531 	if (found) {
3532 		if (omp != NULL)
3533 			omp->next = mp->next;
3534 		else
3535 			miscpid_head = NULL;
3536 		free(mp);
3537 	}
3538 	return (found);
3539 }
3540 
3541 /*
3542  * Establish contract terms such that all children are in abandoned
3543  * process contracts.
3544  */
3545 static void
contract_set_template(void)3546 contract_set_template(void)
3547 {
3548 	int fd;
3549 
3550 	if ((fd = open64(CTFS_ROOT "/process/template", O_RDWR)) < 0)
3551 		crabort("cannot open process contract template",
3552 		    REMOVE_FIFO | CONSOLE_MSG);
3553 
3554 	if (ct_pr_tmpl_set_param(fd, 0) ||
3555 	    ct_tmpl_set_informative(fd, 0) ||
3556 	    ct_pr_tmpl_set_fatal(fd, CT_PR_EV_HWERR))
3557 		crabort("cannot establish contract template terms",
3558 		    REMOVE_FIFO | CONSOLE_MSG);
3559 
3560 	if (ct_tmpl_activate(fd))
3561 		crabort("cannot activate contract template",
3562 		    REMOVE_FIFO | CONSOLE_MSG);
3563 
3564 	(void) close(fd);
3565 }
3566 
3567 /*
3568  * Clear active process contract template.
3569  */
3570 static void
contract_clear_template(void)3571 contract_clear_template(void)
3572 {
3573 	int fd;
3574 
3575 	if ((fd = open64(CTFS_ROOT "/process/template", O_RDWR)) < 0)
3576 		crabort("cannot open process contract template",
3577 		    REMOVE_FIFO | CONSOLE_MSG);
3578 
3579 	if (ct_tmpl_clear(fd))
3580 		crabort("cannot clear contract template",
3581 		    REMOVE_FIFO | CONSOLE_MSG);
3582 
3583 	(void) close(fd);
3584 }
3585 
3586 /*
3587  * Abandon latest process contract unconditionally.  If we have leaked [some
3588  * critical amount], exit such that the kernel reaps our contracts.
3589  */
3590 static void
contract_abandon_latest(pid_t pid)3591 contract_abandon_latest(pid_t pid)
3592 {
3593 	int r;
3594 	ctid_t id;
3595 	static uint_t cts_lost;
3596 
3597 	if (cts_lost > MAX_LOST_CONTRACTS)
3598 		crabort("repeated failure to abandon contracts",
3599 		    REMOVE_FIFO | CONSOLE_MSG);
3600 
3601 	if (r = contract_latest(&id)) {
3602 		msg("could not obtain latest contract for "
3603 		    "PID %ld: %s", pid, strerror(r));
3604 		cts_lost++;
3605 		return;
3606 	}
3607 
3608 	if (r = contract_abandon_id(id)) {
3609 		msg("could not abandon latest contract %ld: %s", id,
3610 		    strerror(r));
3611 		cts_lost++;
3612 		return;
3613 	}
3614 }
3615 
3616 static struct shared *
create_shared(void * obj,void * (* obj_alloc)(void * obj),void (* obj_free)(void *))3617 create_shared(void *obj, void * (*obj_alloc)(void *obj),
3618 	void (*obj_free)(void *))
3619 {
3620 	struct shared *out;
3621 
3622 	if ((out = xmalloc(sizeof (struct shared))) == NULL) {
3623 		return (NULL);
3624 	}
3625 	if ((out->obj = obj_alloc(obj)) == NULL) {
3626 		free(out);
3627 		return (NULL);
3628 	}
3629 	out->count = 1;
3630 	out->free = obj_free;
3631 
3632 	return (out);
3633 }
3634 
3635 static struct shared *
create_shared_str(char * str)3636 create_shared_str(char *str)
3637 {
3638 	return (create_shared(str, (void *(*)(void *))strdup, free));
3639 }
3640 
3641 static struct shared *
dup_shared(struct shared * obj)3642 dup_shared(struct shared *obj)
3643 {
3644 	if (obj != NULL) {
3645 		obj->count++;
3646 	}
3647 	return (obj);
3648 }
3649 
3650 static void
rel_shared(struct shared * obj)3651 rel_shared(struct shared *obj)
3652 {
3653 	if (obj && (--obj->count) == 0) {
3654 		obj->free(obj->obj);
3655 		free(obj);
3656 	}
3657 }
3658 
3659 static void *
get_obj(struct shared * obj)3660 get_obj(struct shared *obj)
3661 {
3662 	return (obj->obj);
3663 }
3664