1 /* Copyright 1988,1990,1993,1994 by Paul Vixie 2 * All rights reserved 3 * 4 * Distribute freely, except: don't remove my name from the source or 5 * documentation (don't take credit for my work), mark your changes (don't 6 * get me blamed for your possible bugs), don't alter or remove this 7 * notice. May be sold if buildable source is provided to buyer. No 8 * warrantee of any kind, express or implied, is included with this 9 * software; use at your own risk, responsibility for damages (if any) to 10 * anyone resulting from the use of this software rests entirely with the 11 * user. 12 * 13 * Send bug reports, bug fixes, enhancements, requests, flames, etc., and 14 * I'll try to keep a version up to date. I can be reached as follows: 15 * Paul Vixie <paul@vix.com> uunet!decwrl!vixie!paul 16 * From Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp 17 */ 18 19 #if !defined(lint) && !defined(LINT) 20 static const char rcsid[] = 21 "$FreeBSD$"; 22 #endif 23 24 /* crontab - install and manage per-user crontab files 25 * vix 02may87 [RCS has the rest of the log] 26 * vix 26jan87 [original] 27 */ 28 29 #define MAIN_PROGRAM 30 31 #include "cron.h" 32 #include <errno.h> 33 #include <fcntl.h> 34 #include <md5.h> 35 #include <paths.h> 36 #include <sys/file.h> 37 #include <sys/stat.h> 38 #ifdef USE_UTIMES 39 # include <sys/time.h> 40 #else 41 # include <time.h> 42 # include <utime.h> 43 #endif 44 #if defined(POSIX) 45 # include <locale.h> 46 #endif 47 48 #define MD5_SIZE 33 49 #define NHEADER_LINES 3 50 51 52 enum opt_t { opt_unknown, opt_list, opt_delete, opt_edit, opt_replace }; 53 54 #if DEBUGGING 55 static char *Options[] = { "???", "list", "delete", "edit", "replace" }; 56 #endif 57 58 59 static PID_T Pid; 60 static char User[MAX_UNAME], RealUser[MAX_UNAME]; 61 static char Filename[MAX_FNAME]; 62 static FILE *NewCrontab; 63 static int CheckErrorCount; 64 static enum opt_t Option; 65 static struct passwd *pw; 66 static void list_cmd(void), 67 delete_cmd(void), 68 edit_cmd(void), 69 poke_daemon(void), 70 check_error(char *), 71 parse_args(int c, char *v[]); 72 static int replace_cmd(void); 73 74 75 static void 76 usage(char *msg) 77 { 78 fprintf(stderr, "crontab: usage error: %s\n", msg); 79 fprintf(stderr, "%s\n%s\n", 80 "usage: crontab [-u user] file", 81 " crontab [-u user] { -e | -l | -r }"); 82 exit(ERROR_EXIT); 83 } 84 85 86 int 87 main(int argc, char *argv[]) 88 { 89 int exitstatus; 90 91 Pid = getpid(); 92 ProgramName = argv[0]; 93 94 #if defined(POSIX) 95 setlocale(LC_ALL, ""); 96 #endif 97 98 #if defined(BSD) 99 setlinebuf(stderr); 100 #endif 101 parse_args(argc, argv); /* sets many globals, opens a file */ 102 set_cron_uid(); 103 set_cron_cwd(); 104 if (!allowed(User)) { 105 warnx("you (%s) are not allowed to use this program", User); 106 log_it(RealUser, Pid, "AUTH", "crontab command not allowed"); 107 exit(ERROR_EXIT); 108 } 109 exitstatus = OK_EXIT; 110 switch (Option) { 111 case opt_list: list_cmd(); 112 break; 113 case opt_delete: delete_cmd(); 114 break; 115 case opt_edit: edit_cmd(); 116 break; 117 case opt_replace: if (replace_cmd() < 0) 118 exitstatus = ERROR_EXIT; 119 break; 120 case opt_unknown: 121 break; 122 } 123 exit(exitstatus); 124 /*NOTREACHED*/ 125 } 126 127 128 static void 129 parse_args(argc, argv) 130 int argc; 131 char *argv[]; 132 { 133 int argch; 134 char resolved_path[PATH_MAX]; 135 136 if (!(pw = getpwuid(getuid()))) 137 errx(ERROR_EXIT, "your UID isn't in the passwd file, bailing out"); 138 bzero(pw->pw_passwd, strlen(pw->pw_passwd)); 139 (void) strncpy(User, pw->pw_name, (sizeof User)-1); 140 User[(sizeof User)-1] = '\0'; 141 strcpy(RealUser, User); 142 Filename[0] = '\0'; 143 Option = opt_unknown; 144 while ((argch = getopt(argc, argv, "u:lerx:")) != -1) { 145 switch (argch) { 146 case 'x': 147 if (!set_debug_flags(optarg)) 148 usage("bad debug option"); 149 break; 150 case 'u': 151 if (getuid() != ROOT_UID) 152 errx(ERROR_EXIT, "must be privileged to use -u"); 153 if (!(pw = getpwnam(optarg))) 154 errx(ERROR_EXIT, "user `%s' unknown", optarg); 155 bzero(pw->pw_passwd, strlen(pw->pw_passwd)); 156 (void) strncpy(User, pw->pw_name, (sizeof User)-1); 157 User[(sizeof User)-1] = '\0'; 158 break; 159 case 'l': 160 if (Option != opt_unknown) 161 usage("only one operation permitted"); 162 Option = opt_list; 163 break; 164 case 'r': 165 if (Option != opt_unknown) 166 usage("only one operation permitted"); 167 Option = opt_delete; 168 break; 169 case 'e': 170 if (Option != opt_unknown) 171 usage("only one operation permitted"); 172 Option = opt_edit; 173 break; 174 default: 175 usage("unrecognized option"); 176 } 177 } 178 179 endpwent(); 180 181 if (Option != opt_unknown) { 182 if (argv[optind] != NULL) { 183 usage("no arguments permitted after this option"); 184 } 185 } else { 186 if (argv[optind] != NULL) { 187 Option = opt_replace; 188 (void) strncpy (Filename, argv[optind], (sizeof Filename)-1); 189 Filename[(sizeof Filename)-1] = '\0'; 190 191 } else { 192 usage("file name must be specified for replace"); 193 } 194 } 195 196 if (Option == opt_replace) { 197 /* relinquish the setuid status of the binary during 198 * the open, lest nonroot users read files they should 199 * not be able to read. we can't use access() here 200 * since there's a race condition. thanks go out to 201 * Arnt Gulbrandsen <agulbra@pvv.unit.no> for spotting 202 * the race. 203 */ 204 205 if (swap_uids() < OK) 206 err(ERROR_EXIT, "swapping uids"); 207 208 /* we have to open the file here because we're going to 209 * chdir(2) into /var/cron before we get around to 210 * reading the file. 211 */ 212 if (!strcmp(Filename, "-")) { 213 NewCrontab = stdin; 214 } else if (realpath(Filename, resolved_path) != NULL && 215 !strcmp(resolved_path, SYSCRONTAB)) { 216 err(ERROR_EXIT, SYSCRONTAB " must be edited manually"); 217 } else { 218 if (!(NewCrontab = fopen(Filename, "r"))) 219 err(ERROR_EXIT, "%s", Filename); 220 } 221 if (swap_uids_back() < OK) 222 err(ERROR_EXIT, "swapping uids back"); 223 } 224 225 Debug(DMISC, ("user=%s, file=%s, option=%s\n", 226 User, Filename, Options[(int)Option])) 227 } 228 229 static void 230 copy_file(FILE *in, FILE *out) { 231 int x, ch; 232 233 Set_LineNum(1) 234 /* ignore the top few comments since we probably put them there. 235 */ 236 for (x = 0; x < NHEADER_LINES; x++) { 237 ch = get_char(in); 238 if (EOF == ch) 239 break; 240 if ('#' != ch) { 241 putc(ch, out); 242 break; 243 } 244 while (EOF != (ch = get_char(in))) 245 if (ch == '\n') 246 break; 247 if (EOF == ch) 248 break; 249 } 250 251 /* copy the rest of the crontab (if any) to the output file. 252 */ 253 if (EOF != ch) 254 while (EOF != (ch = get_char(in))) 255 putc(ch, out); 256 } 257 258 static void 259 list_cmd() { 260 char n[MAX_FNAME]; 261 FILE *f; 262 263 log_it(RealUser, Pid, "LIST", User); 264 (void) snprintf(n, sizeof(n), CRON_TAB(User)); 265 if (!(f = fopen(n, "r"))) { 266 if (errno == ENOENT) 267 errx(ERROR_EXIT, "no crontab for %s", User); 268 else 269 err(ERROR_EXIT, "%s", n); 270 } 271 272 /* file is open. copy to stdout, close. 273 */ 274 copy_file(f, stdout); 275 fclose(f); 276 } 277 278 279 static void 280 delete_cmd() { 281 char n[MAX_FNAME]; 282 int ch, first; 283 284 if (isatty(STDIN_FILENO)) { 285 (void)fprintf(stderr, "remove crontab for %s? ", User); 286 first = ch = getchar(); 287 while (ch != '\n' && ch != EOF) 288 ch = getchar(); 289 if (first != 'y' && first != 'Y') 290 return; 291 } 292 293 log_it(RealUser, Pid, "DELETE", User); 294 (void) snprintf(n, sizeof(n), CRON_TAB(User)); 295 if (unlink(n)) { 296 if (errno == ENOENT) 297 errx(ERROR_EXIT, "no crontab for %s", User); 298 else 299 err(ERROR_EXIT, "%s", n); 300 } 301 poke_daemon(); 302 } 303 304 305 static void 306 check_error(msg) 307 char *msg; 308 { 309 CheckErrorCount++; 310 fprintf(stderr, "\"%s\":%d: %s\n", Filename, LineNumber-1, msg); 311 } 312 313 314 static void 315 edit_cmd() { 316 char n[MAX_FNAME], q[MAX_TEMPSTR], *editor; 317 FILE *f; 318 int t; 319 struct stat statbuf, fsbuf; 320 WAIT_T waiter; 321 PID_T pid, xpid; 322 mode_t um; 323 int syntax_error = 0; 324 char orig_md5[MD5_SIZE]; 325 char new_md5[MD5_SIZE]; 326 327 log_it(RealUser, Pid, "BEGIN EDIT", User); 328 (void) snprintf(n, sizeof(n), CRON_TAB(User)); 329 if (!(f = fopen(n, "r"))) { 330 if (errno != ENOENT) 331 err(ERROR_EXIT, "%s", n); 332 warnx("no crontab for %s - using an empty one", User); 333 if (!(f = fopen(_PATH_DEVNULL, "r"))) 334 err(ERROR_EXIT, _PATH_DEVNULL); 335 } 336 337 um = umask(077); 338 (void) snprintf(Filename, sizeof(Filename), "/tmp/crontab.XXXXXXXXXX"); 339 if ((t = mkstemp(Filename)) == -1) { 340 warn("%s", Filename); 341 (void) umask(um); 342 goto fatal; 343 } 344 (void) umask(um); 345 #ifdef HAS_FCHOWN 346 if (fchown(t, getuid(), getgid()) < 0) { 347 #else 348 if (chown(Filename, getuid(), getgid()) < 0) { 349 #endif 350 warn("fchown"); 351 goto fatal; 352 } 353 if (!(NewCrontab = fdopen(t, "r+"))) { 354 warn("fdopen"); 355 goto fatal; 356 } 357 358 copy_file(f, NewCrontab); 359 fclose(f); 360 if (fflush(NewCrontab)) 361 err(ERROR_EXIT, "%s", Filename); 362 if (fstat(t, &fsbuf) < 0) { 363 warn("unable to fstat temp file"); 364 goto fatal; 365 } 366 again: 367 if (swap_uids() < OK) 368 err(ERROR_EXIT, "swapping uids"); 369 if (stat(Filename, &statbuf) < 0) { 370 warn("stat"); 371 fatal: unlink(Filename); 372 exit(ERROR_EXIT); 373 } 374 if (swap_uids_back() < OK) 375 err(ERROR_EXIT, "swapping uids back"); 376 if (statbuf.st_dev != fsbuf.st_dev || statbuf.st_ino != fsbuf.st_ino) 377 errx(ERROR_EXIT, "temp file must be edited in place"); 378 if (MD5File(Filename, orig_md5) == NULL) { 379 warn("MD5"); 380 goto fatal; 381 } 382 383 if ((!(editor = getenv("VISUAL"))) 384 && (!(editor = getenv("EDITOR"))) 385 ) { 386 editor = EDITOR; 387 } 388 389 /* we still have the file open. editors will generally rewrite the 390 * original file rather than renaming/unlinking it and starting a 391 * new one; even backup files are supposed to be made by copying 392 * rather than by renaming. if some editor does not support this, 393 * then don't use it. the security problems are more severe if we 394 * close and reopen the file around the edit. 395 */ 396 397 switch (pid = fork()) { 398 case -1: 399 warn("fork"); 400 goto fatal; 401 case 0: 402 /* child */ 403 if (setuid(getuid()) < 0) 404 err(ERROR_EXIT, "setuid(getuid())"); 405 if (chdir("/tmp") < 0) 406 err(ERROR_EXIT, "chdir(/tmp)"); 407 if (strlen(editor) + strlen(Filename) + 2 >= MAX_TEMPSTR) 408 errx(ERROR_EXIT, "editor or filename too long"); 409 execlp(editor, editor, Filename, (char *)NULL); 410 err(ERROR_EXIT, "%s", editor); 411 /*NOTREACHED*/ 412 default: 413 /* parent */ 414 break; 415 } 416 417 /* parent */ 418 { 419 void (*sig[3])(int signal); 420 sig[0] = signal(SIGHUP, SIG_IGN); 421 sig[1] = signal(SIGINT, SIG_IGN); 422 sig[2] = signal(SIGTERM, SIG_IGN); 423 xpid = wait(&waiter); 424 signal(SIGHUP, sig[0]); 425 signal(SIGINT, sig[1]); 426 signal(SIGTERM, sig[2]); 427 } 428 if (xpid != pid) { 429 warnx("wrong PID (%d != %d) from \"%s\"", xpid, pid, editor); 430 goto fatal; 431 } 432 if (WIFEXITED(waiter) && WEXITSTATUS(waiter)) { 433 warnx("\"%s\" exited with status %d", editor, WEXITSTATUS(waiter)); 434 goto fatal; 435 } 436 if (WIFSIGNALED(waiter)) { 437 warnx("\"%s\" killed; signal %d (%score dumped)", 438 editor, WTERMSIG(waiter), WCOREDUMP(waiter) ?"" :"no "); 439 goto fatal; 440 } 441 if (swap_uids() < OK) 442 err(ERROR_EXIT, "swapping uids"); 443 if (stat(Filename, &statbuf) < 0) { 444 warn("stat"); 445 goto fatal; 446 } 447 if (statbuf.st_dev != fsbuf.st_dev || statbuf.st_ino != fsbuf.st_ino) 448 errx(ERROR_EXIT, "temp file must be edited in place"); 449 if (MD5File(Filename, new_md5) == NULL) { 450 warn("MD5"); 451 goto fatal; 452 } 453 if (swap_uids_back() < OK) 454 err(ERROR_EXIT, "swapping uids back"); 455 if (strcmp(orig_md5, new_md5) == 0 && !syntax_error) { 456 warnx("no changes made to crontab"); 457 goto remove; 458 } 459 warnx("installing new crontab"); 460 switch (replace_cmd()) { 461 case 0: /* Success */ 462 break; 463 case -1: /* Syntax error */ 464 for (;;) { 465 printf("Do you want to retry the same edit? "); 466 fflush(stdout); 467 q[0] = '\0'; 468 (void) fgets(q, sizeof q, stdin); 469 switch (islower(q[0]) ? q[0] : tolower(q[0])) { 470 case 'y': 471 syntax_error = 1; 472 goto again; 473 case 'n': 474 goto abandon; 475 default: 476 fprintf(stderr, "Enter Y or N\n"); 477 } 478 } 479 /*NOTREACHED*/ 480 case -2: /* Install error */ 481 abandon: 482 warnx("edits left in %s", Filename); 483 goto done; 484 default: 485 warnx("panic: bad switch() in replace_cmd()"); 486 goto fatal; 487 } 488 remove: 489 unlink(Filename); 490 done: 491 log_it(RealUser, Pid, "END EDIT", User); 492 } 493 494 495 /* returns 0 on success 496 * -1 on syntax error 497 * -2 on install error 498 */ 499 static int 500 replace_cmd() { 501 char n[MAX_FNAME], envstr[MAX_ENVSTR], tn[MAX_FNAME]; 502 FILE *tmp; 503 int ch, eof; 504 entry *e; 505 time_t now = time(NULL); 506 char **envp = env_init(); 507 508 if (envp == NULL) { 509 warnx("cannot allocate memory"); 510 return (-2); 511 } 512 513 (void) snprintf(n, sizeof(n), "tmp.%d", Pid); 514 (void) snprintf(tn, sizeof(tn), CRON_TAB(n)); 515 516 if (!(tmp = fopen(tn, "w+"))) { 517 warn("%s", tn); 518 return (-2); 519 } 520 521 /* write a signature at the top of the file. 522 * 523 * VERY IMPORTANT: make sure NHEADER_LINES agrees with this code. 524 */ 525 fprintf(tmp, "# DO NOT EDIT THIS FILE - edit the master and reinstall.\n"); 526 fprintf(tmp, "# (%s installed on %-24.24s)\n", Filename, ctime(&now)); 527 fprintf(tmp, "# (Cron version -- %s)\n", rcsid); 528 529 /* copy the crontab to the tmp 530 */ 531 rewind(NewCrontab); 532 Set_LineNum(1) 533 while (EOF != (ch = get_char(NewCrontab))) 534 putc(ch, tmp); 535 ftruncate(fileno(tmp), ftell(tmp)); 536 fflush(tmp); rewind(tmp); 537 538 if (ferror(tmp)) { 539 warnx("error while writing new crontab to %s", tn); 540 fclose(tmp); unlink(tn); 541 return (-2); 542 } 543 544 /* check the syntax of the file being installed. 545 */ 546 547 /* BUG: was reporting errors after the EOF if there were any errors 548 * in the file proper -- kludged it by stopping after first error. 549 * vix 31mar87 550 */ 551 Set_LineNum(1 - NHEADER_LINES) 552 CheckErrorCount = 0; eof = FALSE; 553 while (!CheckErrorCount && !eof) { 554 switch (load_env(envstr, tmp)) { 555 case ERR: 556 eof = TRUE; 557 break; 558 case FALSE: 559 e = load_entry(tmp, check_error, pw, envp); 560 if (e) 561 free(e); 562 break; 563 case TRUE: 564 break; 565 } 566 } 567 568 if (CheckErrorCount != 0) { 569 warnx("errors in crontab file, can't install"); 570 fclose(tmp); unlink(tn); 571 return (-1); 572 } 573 574 #ifdef HAS_FCHOWN 575 if (fchown(fileno(tmp), ROOT_UID, -1) < OK) 576 #else 577 if (chown(tn, ROOT_UID, -1) < OK) 578 #endif 579 { 580 warn("chown"); 581 fclose(tmp); unlink(tn); 582 return (-2); 583 } 584 585 #ifdef HAS_FCHMOD 586 if (fchmod(fileno(tmp), 0600) < OK) 587 #else 588 if (chmod(tn, 0600) < OK) 589 #endif 590 { 591 warn("chown"); 592 fclose(tmp); unlink(tn); 593 return (-2); 594 } 595 596 if (fclose(tmp) == EOF) { 597 warn("fclose"); 598 unlink(tn); 599 return (-2); 600 } 601 602 (void) snprintf(n, sizeof(n), CRON_TAB(User)); 603 if (rename(tn, n)) { 604 warn("error renaming %s to %s", tn, n); 605 unlink(tn); 606 return (-2); 607 } 608 609 log_it(RealUser, Pid, "REPLACE", User); 610 611 /* 612 * Creating the 'tn' temp file has already updated the 613 * modification time of the spool directory. Sleep for a 614 * second to ensure that poke_daemon() sets a later 615 * modification time. Otherwise, this can race with the cron 616 * daemon scanning for updated crontabs. 617 */ 618 sleep(1); 619 620 poke_daemon(); 621 622 return (0); 623 } 624 625 626 static void 627 poke_daemon() { 628 #ifdef USE_UTIMES 629 struct timeval tvs[2]; 630 631 (void)gettimeofday(&tvs[0], NULL); 632 tvs[1] = tvs[0]; 633 if (utimes(SPOOL_DIR, tvs) < OK) { 634 warn("can't update mtime on spooldir %s", SPOOL_DIR); 635 return; 636 } 637 #else 638 if (utime(SPOOL_DIR, NULL) < OK) { 639 warn("can't update mtime on spooldir %s", SPOOL_DIR); 640 return; 641 } 642 #endif /*USE_UTIMES*/ 643 } 644