1 /* 2 * at.c : Put file into atrun queue 3 * Copyright (C) 1993, 1994 Thomas Koenig 4 * 5 * Atrun & Atq modifications 6 * Copyright (C) 1993 David Parsons 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. The name of the author(s) may not be used to endorse or promote 14 * products derived from this software without specific prior written 15 * permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 19 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 20 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 21 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 22 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 23 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 24 * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT 25 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 26 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 27 */ 28 29 #define _USE_BSD 1 30 31 /* System Headers */ 32 33 #include <sys/types.h> 34 #include <sys/stat.h> 35 #include <sys/wait.h> 36 #include <ctype.h> 37 #include <dirent.h> 38 #include <errno.h> 39 #include <fcntl.h> 40 #include <pwd.h> 41 #include <signal.h> 42 #include <stddef.h> 43 #include <stdio.h> 44 #include <stdlib.h> 45 #include <string.h> 46 #include <time.h> 47 #include <unistd.h> 48 #ifndef __FreeBSD__ 49 #include <getopt.h> 50 #endif 51 52 /* Local headers */ 53 54 #include "at.h" 55 #include "panic.h" 56 #include "parsetime.h" 57 #include "perm.h" 58 59 #define MAIN 60 #include "privs.h" 61 62 /* Macros */ 63 64 #ifndef ATJOB_DIR 65 #define ATJOB_DIR "/usr/spool/atjobs/" 66 #endif 67 68 #ifndef LFILE 69 #define LFILE ATJOB_DIR ".lockfile" 70 #endif 71 72 #ifndef ATJOB_MX 73 #define ATJOB_MX 255 74 #endif 75 76 #define ALARMC 10 /* Number of seconds to wait for timeout */ 77 78 #define SIZE 255 79 #define TIMESIZE 50 80 81 /* File scope variables */ 82 83 static char rcsid[] = "$Id: at.c,v 1.3 1995/04/15 22:08:08 ache Exp $"; 84 char *no_export[] = 85 { 86 "TERM", "TERMCAP", "DISPLAY", "_" 87 } ; 88 static send_mail = 0; 89 90 /* External variables */ 91 92 extern char **environ; 93 int fcreated; 94 char *namep; 95 char atfile[] = ATJOB_DIR "12345678901234"; 96 97 char *atinput = (char*)0; /* where to get input from */ 98 char atqueue = 0; /* which queue to examine for jobs (atq) */ 99 char atverify = 0; /* verify time instead of queuing job */ 100 101 /* Function declarations */ 102 103 static void sigc(int signo); 104 static void alarmc(int signo); 105 static char *cwdname(void); 106 static void writefile(time_t runtimer, char queue); 107 static void list_jobs(void); 108 109 /* Signal catching functions */ 110 111 static void sigc(int signo) 112 { 113 /* If the user presses ^C, remove the spool file and exit 114 */ 115 if (fcreated) 116 { 117 PRIV_START 118 unlink(atfile); 119 PRIV_END 120 } 121 122 exit(EXIT_FAILURE); 123 } 124 125 static void alarmc(int signo) 126 { 127 /* Time out after some seconds 128 */ 129 panic("File locking timed out"); 130 } 131 132 /* Local functions */ 133 134 static char *cwdname(void) 135 { 136 /* Read in the current directory; the name will be overwritten on 137 * subsequent calls. 138 */ 139 static char *ptr = NULL; 140 static size_t size = SIZE; 141 142 if (ptr == NULL) 143 ptr = (char *) mymalloc(size); 144 145 while (1) 146 { 147 if (ptr == NULL) 148 panic("Out of memory"); 149 150 if (getcwd(ptr, size-1) != NULL) 151 return ptr; 152 153 if (errno != ERANGE) 154 perr("Cannot get directory"); 155 156 free (ptr); 157 size += SIZE; 158 ptr = (char *) mymalloc(size); 159 } 160 } 161 162 static void 163 writefile(time_t runtimer, char queue) 164 { 165 /* This does most of the work if at or batch are invoked for writing a job. 166 */ 167 int i; 168 char *ap, *ppos, *mailname; 169 struct passwd *pass_entry; 170 struct stat statbuf; 171 int fdes, lockdes, fd2; 172 FILE *fp, *fpin; 173 struct sigaction act; 174 char **atenv; 175 int ch; 176 mode_t cmask; 177 struct flock lock; 178 179 /* Install the signal handler for SIGINT; terminate after removing the 180 * spool file if necessary 181 */ 182 act.sa_handler = sigc; 183 sigemptyset(&(act.sa_mask)); 184 act.sa_flags = 0; 185 186 sigaction(SIGINT, &act, NULL); 187 188 ppos = atfile + strlen(ATJOB_DIR); 189 190 /* Loop over all possible file names for running something at this 191 * particular time, see if a file is there; the first empty slot at any 192 * particular time is used. Lock the file LFILE first to make sure 193 * we're alone when doing this. 194 */ 195 196 PRIV_START 197 198 if ((lockdes = open(LFILE, O_WRONLY | O_CREAT, S_IWUSR | S_IRUSR)) < 0) 199 perr("Cannot open lockfile " LFILE); 200 201 lock.l_type = F_WRLCK; lock.l_whence = SEEK_SET; lock.l_start = 0; 202 lock.l_len = 0; 203 204 act.sa_handler = alarmc; 205 sigemptyset(&(act.sa_mask)); 206 act.sa_flags = 0; 207 208 /* Set an alarm so a timeout occurs after ALARMC seconds, in case 209 * something is seriously broken. 210 */ 211 sigaction(SIGALRM, &act, NULL); 212 alarm(ALARMC); 213 fcntl(lockdes, F_SETLKW, &lock); 214 alarm(0); 215 216 for(i=0; i<ATJOB_MX; i++) 217 { 218 sprintf(ppos, "%c%8lx.%2x", queue, 219 (unsigned long) (runtimer/60), i); 220 for(ap=ppos; *ap != '\0'; ap ++) 221 if (*ap == ' ') 222 *ap = '0'; 223 224 if (stat(atfile, &statbuf) != 0) 225 { 226 if (errno == ENOENT) 227 break; 228 else 229 perr("Cannot access " ATJOB_DIR); 230 } 231 } /* for */ 232 233 if (i >= ATJOB_MX) 234 panic("Too many jobs already"); 235 236 /* Create the file. The x bit is only going to be set after it has 237 * been completely written out, to make sure it is not executed in the 238 * meantime. To make sure they do not get deleted, turn off their r 239 * bit. Yes, this is a kluge. 240 */ 241 cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); 242 if ((fdes = creat(atfile, O_WRONLY)) == -1) 243 perr("Cannot create atjob file"); 244 245 if ((fd2 = dup(fdes)) <0) 246 perr("Error in dup() of job file"); 247 248 if(fchown(fd2, real_uid, real_gid) != 0) 249 perr("Cannot give away file"); 250 251 PRIV_END 252 253 /* We no longer need suid root; now we just need to be able to write 254 * to the directory, if necessary. 255 */ 256 257 REDUCE_PRIV(DAEMON_UID, DAEMON_GID) 258 259 /* We've successfully created the file; let's set the flag so it 260 * gets removed in case of an interrupt or error. 261 */ 262 fcreated = 1; 263 264 /* Now we can release the lock, so other people can access it 265 */ 266 lock.l_type = F_UNLCK; lock.l_whence = SEEK_SET; lock.l_start = 0; 267 lock.l_len = 0; 268 fcntl(lockdes, F_SETLKW, &lock); 269 close(lockdes); 270 271 if((fp = fdopen(fdes, "w")) == NULL) 272 panic("Cannot reopen atjob file"); 273 274 /* Get the userid to mail to, first by trying getlogin(), which reads 275 * /etc/utmp, then from LOGNAME, finally from getpwuid(). 276 */ 277 mailname = getlogin(); 278 if (mailname == NULL) 279 mailname = getenv("LOGNAME"); 280 281 if ((mailname == NULL) || (mailname[0] == '\0') 282 || (strlen(mailname) > 8) || (getpwnam(mailname)==NULL)) 283 { 284 pass_entry = getpwuid(getuid()); 285 if (pass_entry != NULL) 286 mailname = pass_entry->pw_name; 287 } 288 289 if (atinput != (char *) NULL) 290 { 291 fpin = freopen(atinput, "r", stdin); 292 if (fpin == NULL) 293 perr("Cannot open input file"); 294 } 295 fprintf(fp, "#! /bin/sh\n# mail %8s %d\n", mailname, send_mail); 296 297 /* Write out the umask at the time of invocation 298 */ 299 fprintf(fp, "umask %lo\n", (unsigned long) cmask); 300 301 /* Write out the environment. Anything that may look like a 302 * special character to the shell is quoted, except for \n, which is 303 * done with a pair of "'s. Dont't export the no_export list (such 304 * as TERM or DISPLAY) because we don't want these. 305 */ 306 for (atenv= environ; *atenv != NULL; atenv++) 307 { 308 int export = 1; 309 char *eqp; 310 311 eqp = strchr(*atenv, '='); 312 if (ap == NULL) 313 eqp = *atenv; 314 else 315 { 316 int i; 317 for (i=0; i<sizeof(no_export)/sizeof(no_export[0]); i++) 318 { 319 export = export 320 && (strncmp(*atenv, no_export[i], 321 (size_t) (eqp-*atenv)) != 0); 322 } 323 eqp++; 324 } 325 326 if (export) 327 { 328 fwrite(*atenv, sizeof(char), eqp-*atenv, fp); 329 for(ap = eqp;*ap != '\0'; ap++) 330 { 331 if (*ap == '\n') 332 fprintf(fp, "\"\n\""); 333 else 334 { 335 if (*ap != '/' && !isalnum(*ap)) 336 fputc('\\', fp); 337 338 fputc(*ap, fp); 339 } 340 } 341 fputs("; export ", fp); 342 fwrite(*atenv, sizeof(char), eqp-*atenv -1, fp); 343 fputc('\n', fp); 344 345 } 346 } 347 /* Cd to the directory at the time and write out all the 348 * commands the user supplies from stdin. 349 */ 350 fprintf(fp, "cd "); 351 for (ap = cwdname(); *ap != '\0'; ap++) 352 { 353 if (*ap == '\n') 354 fprintf(fp, "\"\n\""); 355 else 356 { 357 if (*ap != '/' && !isalnum(*ap)) 358 fputc('\\', fp); 359 360 fputc(*ap, fp); 361 } 362 } 363 /* Test cd's exit status: die if the original directory has been 364 * removed, become unreadable or whatever 365 */ 366 fprintf(fp, " || {\n\t echo 'Execution directory " 367 "inaccessible' >&2\n\t exit 1\n}\n"); 368 369 while((ch = getchar()) != EOF) 370 fputc(ch, fp); 371 372 fprintf(fp, "\n"); 373 if (ferror(fp)) 374 panic("Output error"); 375 376 if (ferror(stdin)) 377 panic("Input error"); 378 379 fclose(fp); 380 381 /* Set the x bit so that we're ready to start executing 382 */ 383 384 if (fchmod(fd2, S_IRUSR | S_IWUSR | S_IXUSR) < 0) 385 perr("Cannot give away file"); 386 387 close(fd2); 388 fprintf(stderr, "Job %s will be executed using /bin/sh\n", ppos); 389 } 390 391 static void 392 list_jobs() 393 { 394 /* List all a user's jobs in the queue, by looping through ATJOB_DIR, 395 * or everybody's if we are root 396 */ 397 struct passwd *pw; 398 DIR *spool; 399 struct dirent *dirent; 400 struct stat buf; 401 struct tm runtime; 402 unsigned long ctm; 403 char queue; 404 time_t runtimer; 405 char timestr[TIMESIZE]; 406 int first=1; 407 408 PRIV_START 409 410 if (chdir(ATJOB_DIR) != 0) 411 perr("Cannot change to " ATJOB_DIR); 412 413 if ((spool = opendir(".")) == NULL) 414 perr("Cannot open " ATJOB_DIR); 415 416 /* Loop over every file in the directory 417 */ 418 while((dirent = readdir(spool)) != NULL) { 419 if (stat(dirent->d_name, &buf) != 0) 420 perr("Cannot stat in " ATJOB_DIR); 421 422 /* See it's a regular file and has its x bit turned on and 423 * is the user's 424 */ 425 if (!S_ISREG(buf.st_mode) 426 || ((buf.st_uid != real_uid) && ! (real_uid == 0)) 427 || !(S_IXUSR & buf.st_mode || atverify)) 428 continue; 429 430 if(sscanf(dirent->d_name, "%c%8lx", &queue, &ctm)!=2) 431 continue; 432 433 if (atqueue && (queue != atqueue)) 434 continue; 435 436 runtimer = 60*(time_t) ctm; 437 runtime = *localtime(&runtimer); 438 strftime(timestr, TIMESIZE, "%X %x", &runtime); 439 if (first) { 440 printf("Date\t\t\tOwner\tQueue\tJob#\n"); 441 first=0; 442 } 443 pw = getpwuid(buf.st_uid); 444 445 printf("%s\t%s\t%c%s\t%s\n", 446 timestr, 447 pw ? pw->pw_name : "???", 448 queue, 449 (S_IXUSR & buf.st_mode) ? "":"(done)", 450 dirent->d_name); 451 } 452 PRIV_END 453 } 454 455 static void 456 delete_jobs(int argc, char **argv) 457 { 458 /* Delete every argument (job - ID) given 459 */ 460 int i; 461 struct stat buf; 462 463 PRIV_START 464 465 if (chdir(ATJOB_DIR) != 0) 466 perr("Cannot change to " ATJOB_DIR); 467 468 for (i=optind; i < argc; i++) { 469 if (stat(argv[i], &buf) != 0) { 470 perr(argv[i]); 471 continue; 472 } 473 if ((buf.st_uid != real_uid) && !(real_uid == 0)) { 474 fprintf(stderr, "%s: Not owner\n", argv[i]); 475 continue; 476 } 477 if (unlink(argv[i]) != 0) 478 perr(argv[i]); 479 } 480 PRIV_END 481 } /* delete_jobs */ 482 483 /* Global functions */ 484 485 void * 486 mymalloc(size_t n) 487 { 488 void *p; 489 if ((p=malloc(n))==(void *)0) 490 { 491 fprintf(stderr,"Virtual memory exhausted\n"); 492 exit(EXIT_FAILURE); 493 } 494 return p; 495 } 496 497 int 498 main(int argc, char **argv) 499 { 500 int c; 501 char queue = DEFAULT_AT_QUEUE; 502 char queue_set = 0; 503 char *pgm; 504 505 enum { ATQ, ATRM, AT, BATCH }; /* what program we want to run */ 506 int program = AT; /* our default program */ 507 char *options = "q:f:mvldbV"; /* default options for at */ 508 int disp_version = 0; 509 time_t timer; 510 511 RELINQUISH_PRIVS 512 513 /* Eat any leading paths 514 */ 515 if ((pgm = strrchr(argv[0], '/')) == NULL) 516 pgm = argv[0]; 517 else 518 pgm++; 519 520 namep = pgm; 521 522 /* find out what this program is supposed to do 523 */ 524 if (strcmp(pgm, "atq") == 0) { 525 program = ATQ; 526 options = "q:vV"; 527 } 528 else if (strcmp(pgm, "atrm") == 0) { 529 program = ATRM; 530 options = "V"; 531 } 532 else if (strcmp(pgm, "batch") == 0) { 533 program = BATCH; 534 options = "f:q:mvV"; 535 } 536 537 /* process whatever options we can process 538 */ 539 opterr=1; 540 while ((c=getopt(argc, argv, options)) != EOF) 541 switch (c) { 542 case 'v': /* verify time settings */ 543 atverify = 1; 544 break; 545 546 case 'm': /* send mail when job is complete */ 547 send_mail = 1; 548 break; 549 550 case 'f': 551 atinput = optarg; 552 break; 553 554 case 'q': /* specify queue */ 555 if (strlen(optarg) > 1) 556 usage(); 557 558 atqueue = queue = *optarg; 559 if (!(islower(queue)||isupper(queue))) 560 usage(); 561 562 queue_set = 1; 563 break; 564 565 case 'd': 566 if (program != AT) 567 usage(); 568 569 program = ATRM; 570 options = "V"; 571 break; 572 573 case 'l': 574 if (program != AT) 575 usage(); 576 577 program = ATQ; 578 options = "q:vV"; 579 break; 580 581 case 'b': 582 if (program != AT) 583 usage(); 584 585 program = BATCH; 586 options = "f:q:mvV"; 587 break; 588 589 case 'V': 590 disp_version = 1; 591 break; 592 593 default: 594 usage(); 595 break; 596 } 597 /* end of options eating 598 */ 599 600 if (disp_version) 601 fprintf(stderr, "at version " VERSION "\n" 602 "Bug reports to: ig25@rz.uni-karlsruhe.de (Thomas Koenig)\n"); 603 604 /* select our program 605 */ 606 if(!check_permission()) 607 { 608 fprintf(stderr, "You do not have permission to use %s.\n",namep); 609 exit(EXIT_FAILURE); 610 } 611 switch (program) { 612 case ATQ: 613 614 REDUCE_PRIV(DAEMON_UID, DAEMON_GID) 615 616 list_jobs(); 617 break; 618 619 case ATRM: 620 621 REDUCE_PRIV(DAEMON_UID, DAEMON_GID) 622 623 delete_jobs(argc, argv); 624 break; 625 626 case AT: 627 timer = parsetime(argc, argv); 628 if (atverify) 629 { 630 struct tm *tm = localtime(&timer); 631 fprintf(stderr, "%s\n", asctime(tm)); 632 } 633 writefile(timer, queue); 634 break; 635 636 case BATCH: 637 if (queue_set) 638 queue = toupper(queue); 639 else 640 queue = DEFAULT_BATCH_QUEUE; 641 642 if (argc > optind) 643 timer = parsetime(argc, argv); 644 else 645 timer = time(NULL); 646 647 if (atverify) 648 { 649 struct tm *tm = localtime(&timer); 650 fprintf(stderr, "%s\n", asctime(tm)); 651 } 652 653 writefile(timer, queue); 654 break; 655 656 default: 657 panic("Internal error"); 658 break; 659 } 660 exit(EXIT_SUCCESS); 661 } 662