xref: /freebsd/usr.sbin/cron/crontab/crontab.c (revision c35b5d8372e4c4ec50e8653c2b51e6179a81769e)
1 /* Copyright 1988,1990,1993,1994 by Paul Vixie
2  * All rights reserved
3  *
4  * Distribute freely, except: don't remove my name from the source or
5  * documentation (don't take credit for my work), mark your changes (don't
6  * get me blamed for your possible bugs), don't alter or remove this
7  * notice.  May be sold if buildable source is provided to buyer.  No
8  * warrantee of any kind, express or implied, is included with this
9  * software; use at your own risk, responsibility for damages (if any) to
10  * anyone resulting from the use of this software rests entirely with the
11  * user.
12  *
13  * Send bug reports, bug fixes, enhancements, requests, flames, etc., and
14  * I'll try to keep a version up to date.  I can be reached as follows:
15  * Paul Vixie          <paul@vix.com>          uunet!decwrl!vixie!paul
16  * From Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp
17  */
18 
19 #if !defined(lint) && !defined(LINT)
20 static const char rcsid[] =
21   "$FreeBSD$";
22 #endif
23 
24 /* crontab - install and manage per-user crontab files
25  * vix 02may87 [RCS has the rest of the log]
26  * vix 26jan87 [original]
27  */
28 
29 #define	MAIN_PROGRAM
30 
31 #include <sys/param.h>
32 #include "cron.h"
33 #include <errno.h>
34 #include <fcntl.h>
35 #include <md5.h>
36 #include <paths.h>
37 #include <sys/file.h>
38 #include <sys/stat.h>
39 #ifdef USE_UTIMES
40 # include <sys/time.h>
41 #else
42 # include <time.h>
43 # include <utime.h>
44 #endif
45 #if defined(POSIX)
46 # include <locale.h>
47 #endif
48 
49 #define MD5_SIZE 33
50 #define NHEADER_LINES 3
51 
52 
53 enum opt_t	{ opt_unknown, opt_list, opt_delete, opt_edit, opt_replace };
54 
55 #if DEBUGGING
56 static char	*Options[] = { "???", "list", "delete", "edit", "replace" };
57 #endif
58 
59 
60 static	PID_T		Pid;
61 static	char		User[MAXLOGNAME], RealUser[MAXLOGNAME];
62 static	char		Filename[MAX_FNAME];
63 static	FILE		*NewCrontab;
64 static	int		CheckErrorCount;
65 static	enum opt_t	Option;
66 static	struct passwd	*pw;
67 static	void		list_cmd(void),
68 			delete_cmd(void),
69 			edit_cmd(void),
70 			poke_daemon(void),
71 			check_error(char *),
72 			parse_args(int c, char *v[]);
73 static	int		replace_cmd(void);
74 
75 
76 static void
77 usage(char *msg)
78 {
79 	fprintf(stderr, "crontab: usage error: %s\n", msg);
80 	fprintf(stderr, "%s\n%s\n",
81 		"usage: crontab [-u user] file",
82 		"       crontab [-u user] { -e | -l | -r }");
83 	exit(ERROR_EXIT);
84 }
85 
86 
87 int
88 main(int argc, char *argv[])
89 {
90 	int	exitstatus;
91 
92 	Pid = getpid();
93 	ProgramName = argv[0];
94 
95 #if defined(POSIX)
96 	setlocale(LC_ALL, "");
97 #endif
98 
99 #if defined(BSD)
100 	setlinebuf(stderr);
101 #endif
102 	parse_args(argc, argv);		/* sets many globals, opens a file */
103 	set_cron_uid();
104 	set_cron_cwd();
105 	if (!allowed(User)) {
106 		warnx("you (%s) are not allowed to use this program", User);
107 		log_it(RealUser, Pid, "AUTH", "crontab command not allowed");
108 		exit(ERROR_EXIT);
109 	}
110 	exitstatus = OK_EXIT;
111 	switch (Option) {
112 	case opt_list:		list_cmd();
113 				break;
114 	case opt_delete:	delete_cmd();
115 				break;
116 	case opt_edit:		edit_cmd();
117 				break;
118 	case opt_replace:	if (replace_cmd() < 0)
119 					exitstatus = ERROR_EXIT;
120 				break;
121 	case opt_unknown:
122 				break;
123 	}
124 	exit(exitstatus);
125 	/*NOTREACHED*/
126 }
127 
128 
129 static void
130 parse_args(argc, argv)
131 	int	argc;
132 	char	*argv[];
133 {
134 	int		argch;
135 	char		resolved_path[PATH_MAX];
136 
137 	if (!(pw = getpwuid(getuid())))
138 		errx(ERROR_EXIT, "your UID isn't in the passwd file, bailing out");
139 	bzero(pw->pw_passwd, strlen(pw->pw_passwd));
140 	(void) strncpy(User, pw->pw_name, (sizeof User)-1);
141 	User[(sizeof User)-1] = '\0';
142 	strcpy(RealUser, User);
143 	Filename[0] = '\0';
144 	Option = opt_unknown;
145 	while ((argch = getopt(argc, argv, "u:lerx:")) != -1) {
146 		switch (argch) {
147 		case 'x':
148 			if (!set_debug_flags(optarg))
149 				usage("bad debug option");
150 			break;
151 		case 'u':
152 			if (getuid() != ROOT_UID)
153 				errx(ERROR_EXIT, "must be privileged to use -u");
154 			if (!(pw = getpwnam(optarg)))
155 				errx(ERROR_EXIT, "user `%s' unknown", optarg);
156 			bzero(pw->pw_passwd, strlen(pw->pw_passwd));
157 			(void) strncpy(User, pw->pw_name, (sizeof User)-1);
158 			User[(sizeof User)-1] = '\0';
159 			break;
160 		case 'l':
161 			if (Option != opt_unknown)
162 				usage("only one operation permitted");
163 			Option = opt_list;
164 			break;
165 		case 'r':
166 			if (Option != opt_unknown)
167 				usage("only one operation permitted");
168 			Option = opt_delete;
169 			break;
170 		case 'e':
171 			if (Option != opt_unknown)
172 				usage("only one operation permitted");
173 			Option = opt_edit;
174 			break;
175 		default:
176 			usage("unrecognized option");
177 		}
178 	}
179 
180 	endpwent();
181 
182 	if (Option != opt_unknown) {
183 		if (argv[optind] != NULL) {
184 			usage("no arguments permitted after this option");
185 		}
186 	} else {
187 		if (argv[optind] != NULL) {
188 			Option = opt_replace;
189 			(void) strncpy (Filename, argv[optind], (sizeof Filename)-1);
190 			Filename[(sizeof Filename)-1] = '\0';
191 
192 		} else {
193 			usage("file name must be specified for replace");
194 		}
195 	}
196 
197 	if (Option == opt_replace) {
198 		/* relinquish the setuid status of the binary during
199 		 * the open, lest nonroot users read files they should
200 		 * not be able to read.  we can't use access() here
201 		 * since there's a race condition.  thanks go out to
202 		 * Arnt Gulbrandsen <agulbra@pvv.unit.no> for spotting
203 		 * the race.
204 		 */
205 
206 		if (swap_uids() < OK)
207 			err(ERROR_EXIT, "swapping uids");
208 
209 		/* we have to open the file here because we're going to
210 		 * chdir(2) into /var/cron before we get around to
211 		 * reading the file.
212 		 */
213 		if (!strcmp(Filename, "-")) {
214 			NewCrontab = stdin;
215 		} else if (realpath(Filename, resolved_path) != NULL &&
216 		    !strcmp(resolved_path, SYSCRONTAB)) {
217 			err(ERROR_EXIT, SYSCRONTAB " must be edited manually");
218 		} else {
219 			if (!(NewCrontab = fopen(Filename, "r")))
220 				err(ERROR_EXIT, "%s", Filename);
221 		}
222 		if (swap_uids_back() < OK)
223 			err(ERROR_EXIT, "swapping uids back");
224 	}
225 
226 	Debug(DMISC, ("user=%s, file=%s, option=%s\n",
227 		      User, Filename, Options[(int)Option]))
228 }
229 
230 static void
231 copy_file(FILE *in, FILE *out) {
232 	int	x, ch;
233 
234 	Set_LineNum(1)
235 	/* ignore the top few comments since we probably put them there.
236 	 */
237 	for (x = 0;  x < NHEADER_LINES;  x++) {
238 		ch = get_char(in);
239 		if (EOF == ch)
240 			break;
241 		if ('#' != ch) {
242 			putc(ch, out);
243 			break;
244 		}
245 		while (EOF != (ch = get_char(in)))
246 			if (ch == '\n')
247 				break;
248 		if (EOF == ch)
249 			break;
250 	}
251 
252 	/* copy the rest of the crontab (if any) to the output file.
253 	 */
254 	if (EOF != ch)
255 		while (EOF != (ch = get_char(in)))
256 			putc(ch, out);
257 }
258 
259 static void
260 list_cmd() {
261 	char	n[MAX_FNAME];
262 	FILE	*f;
263 
264 	log_it(RealUser, Pid, "LIST", User);
265 	(void) snprintf(n, sizeof(n), CRON_TAB(User));
266 	if (!(f = fopen(n, "r"))) {
267 		if (errno == ENOENT)
268 			errx(ERROR_EXIT, "no crontab for %s", User);
269 		else
270 			err(ERROR_EXIT, "%s", n);
271 	}
272 
273 	/* file is open. copy to stdout, close.
274 	 */
275 	copy_file(f, stdout);
276 	fclose(f);
277 }
278 
279 
280 static void
281 delete_cmd() {
282 	char	n[MAX_FNAME];
283 	int ch, first;
284 
285 	if (isatty(STDIN_FILENO)) {
286 		(void)fprintf(stderr, "remove crontab for %s? ", User);
287 		first = ch = getchar();
288 		while (ch != '\n' && ch != EOF)
289 			ch = getchar();
290 		if (first != 'y' && first != 'Y')
291 			return;
292 	}
293 
294 	log_it(RealUser, Pid, "DELETE", User);
295 	(void) snprintf(n, sizeof(n), CRON_TAB(User));
296 	if (unlink(n)) {
297 		if (errno == ENOENT)
298 			errx(ERROR_EXIT, "no crontab for %s", User);
299 		else
300 			err(ERROR_EXIT, "%s", n);
301 	}
302 	poke_daemon();
303 }
304 
305 
306 static void
307 check_error(msg)
308 	char	*msg;
309 {
310 	CheckErrorCount++;
311 	fprintf(stderr, "\"%s\":%d: %s\n", Filename, LineNumber-1, msg);
312 }
313 
314 
315 static void
316 edit_cmd() {
317 	char		n[MAX_FNAME], q[MAX_TEMPSTR], *editor;
318 	FILE		*f;
319 	int		t;
320 	struct stat	statbuf, fsbuf;
321 	WAIT_T		waiter;
322 	PID_T		pid, xpid;
323 	mode_t		um;
324 	int		syntax_error = 0;
325 	char		orig_md5[MD5_SIZE];
326 	char		new_md5[MD5_SIZE];
327 
328 	log_it(RealUser, Pid, "BEGIN EDIT", User);
329 	(void) snprintf(n, sizeof(n), CRON_TAB(User));
330 	if (!(f = fopen(n, "r"))) {
331 		if (errno != ENOENT)
332 			err(ERROR_EXIT, "%s", n);
333 		warnx("no crontab for %s - using an empty one", User);
334 		if (!(f = fopen(_PATH_DEVNULL, "r")))
335 			err(ERROR_EXIT, _PATH_DEVNULL);
336 	}
337 
338 	um = umask(077);
339 	(void) snprintf(Filename, sizeof(Filename), "/tmp/crontab.XXXXXXXXXX");
340 	if ((t = mkstemp(Filename)) == -1) {
341 		warn("%s", Filename);
342 		(void) umask(um);
343 		goto fatal;
344 	}
345 	(void) umask(um);
346 #ifdef HAS_FCHOWN
347 	if (fchown(t, getuid(), getgid()) < 0) {
348 #else
349 	if (chown(Filename, getuid(), getgid()) < 0) {
350 #endif
351 		warn("fchown");
352 		goto fatal;
353 	}
354 	if (!(NewCrontab = fdopen(t, "r+"))) {
355 		warn("fdopen");
356 		goto fatal;
357 	}
358 
359 	copy_file(f, NewCrontab);
360 	fclose(f);
361 	if (fflush(NewCrontab))
362 		err(ERROR_EXIT, "%s", Filename);
363 	if (fstat(t, &fsbuf) < 0) {
364 		warn("unable to fstat temp file");
365 		goto fatal;
366 	}
367  again:
368 	if (swap_uids() < OK)
369 		err(ERROR_EXIT, "swapping uids");
370 	if (stat(Filename, &statbuf) < 0) {
371 		warn("stat");
372  fatal:		unlink(Filename);
373 		exit(ERROR_EXIT);
374 	}
375 	if (swap_uids_back() < OK)
376 		err(ERROR_EXIT, "swapping uids back");
377 	if (statbuf.st_dev != fsbuf.st_dev || statbuf.st_ino != fsbuf.st_ino)
378 		errx(ERROR_EXIT, "temp file must be edited in place");
379 	if (MD5File(Filename, orig_md5) == NULL) {
380 		warn("MD5");
381 		goto fatal;
382 	}
383 
384 	if ((!(editor = getenv("VISUAL")))
385 	 && (!(editor = getenv("EDITOR")))
386 	    ) {
387 		editor = EDITOR;
388 	}
389 
390 	/* we still have the file open.  editors will generally rewrite the
391 	 * original file rather than renaming/unlinking it and starting a
392 	 * new one; even backup files are supposed to be made by copying
393 	 * rather than by renaming.  if some editor does not support this,
394 	 * then don't use it.  the security problems are more severe if we
395 	 * close and reopen the file around the edit.
396 	 */
397 
398 	switch (pid = fork()) {
399 	case -1:
400 		warn("fork");
401 		goto fatal;
402 	case 0:
403 		/* child */
404 		if (setuid(getuid()) < 0)
405 			err(ERROR_EXIT, "setuid(getuid())");
406 		if (chdir("/tmp") < 0)
407 			err(ERROR_EXIT, "chdir(/tmp)");
408 		if (strlen(editor) + strlen(Filename) + 2 >= MAX_TEMPSTR)
409 			errx(ERROR_EXIT, "editor or filename too long");
410 		execlp(editor, editor, Filename, (char *)NULL);
411 		err(ERROR_EXIT, "%s", editor);
412 		/*NOTREACHED*/
413 	default:
414 		/* parent */
415 		break;
416 	}
417 
418 	/* parent */
419 	{
420 	void (*sig[3])(int signal);
421 	sig[0] = signal(SIGHUP, SIG_IGN);
422 	sig[1] = signal(SIGINT, SIG_IGN);
423 	sig[2] = signal(SIGTERM, SIG_IGN);
424 	xpid = wait(&waiter);
425 	signal(SIGHUP, sig[0]);
426 	signal(SIGINT, sig[1]);
427 	signal(SIGTERM, sig[2]);
428 	}
429 	if (xpid != pid) {
430 		warnx("wrong PID (%d != %d) from \"%s\"", xpid, pid, editor);
431 		goto fatal;
432 	}
433 	if (WIFEXITED(waiter) && WEXITSTATUS(waiter)) {
434 		warnx("\"%s\" exited with status %d", editor, WEXITSTATUS(waiter));
435 		goto fatal;
436 	}
437 	if (WIFSIGNALED(waiter)) {
438 		warnx("\"%s\" killed; signal %d (%score dumped)",
439 			editor, WTERMSIG(waiter), WCOREDUMP(waiter) ?"" :"no ");
440 		goto fatal;
441 	}
442 	if (swap_uids() < OK)
443 		err(ERROR_EXIT, "swapping uids");
444 	if (stat(Filename, &statbuf) < 0) {
445 		warn("stat");
446 		goto fatal;
447 	}
448 	if (statbuf.st_dev != fsbuf.st_dev || statbuf.st_ino != fsbuf.st_ino)
449 		errx(ERROR_EXIT, "temp file must be edited in place");
450 	if (MD5File(Filename, new_md5) == NULL) {
451 		warn("MD5");
452 		goto fatal;
453 	}
454 	if (swap_uids_back() < OK)
455 		err(ERROR_EXIT, "swapping uids back");
456 	if (strcmp(orig_md5, new_md5) == 0 && !syntax_error) {
457 		warnx("no changes made to crontab");
458 		goto remove;
459 	}
460 	warnx("installing new crontab");
461 	switch (replace_cmd()) {
462 	case 0:			/* Success */
463 		break;
464 	case -1:		/* Syntax error */
465 		for (;;) {
466 			printf("Do you want to retry the same edit? ");
467 			fflush(stdout);
468 			q[0] = '\0';
469 			(void) fgets(q, sizeof q, stdin);
470 			switch (islower(q[0]) ? q[0] : tolower(q[0])) {
471 			case 'y':
472 				syntax_error = 1;
473 				goto again;
474 			case 'n':
475 				goto abandon;
476 			default:
477 				fprintf(stderr, "Enter Y or N\n");
478 			}
479 		}
480 		/*NOTREACHED*/
481 	case -2:		/* Install error */
482 	abandon:
483 		warnx("edits left in %s", Filename);
484 		goto done;
485 	default:
486 		warnx("panic: bad switch() in replace_cmd()");
487 		goto fatal;
488 	}
489  remove:
490 	unlink(Filename);
491  done:
492 	log_it(RealUser, Pid, "END EDIT", User);
493 }
494 
495 
496 /* returns	0	on success
497  *		-1	on syntax error
498  *		-2	on install error
499  */
500 static int
501 replace_cmd() {
502 	char	n[MAX_FNAME], envstr[MAX_ENVSTR], tn[MAX_FNAME];
503 	FILE	*tmp;
504 	int	ch, eof;
505 	entry	*e;
506 	time_t	now = time(NULL);
507 	char	**envp = env_init();
508 
509 	if (envp == NULL) {
510 		warnx("cannot allocate memory");
511 		return (-2);
512 	}
513 
514 	(void) snprintf(n, sizeof(n), "tmp.%d", Pid);
515 	(void) snprintf(tn, sizeof(tn), CRON_TAB(n));
516 
517 	if (!(tmp = fopen(tn, "w+"))) {
518 		warn("%s", tn);
519 		return (-2);
520 	}
521 
522 	/* write a signature at the top of the file.
523 	 *
524 	 * VERY IMPORTANT: make sure NHEADER_LINES agrees with this code.
525 	 */
526 	fprintf(tmp, "# DO NOT EDIT THIS FILE - edit the master and reinstall.\n");
527 	fprintf(tmp, "# (%s installed on %-24.24s)\n", Filename, ctime(&now));
528 	fprintf(tmp, "# (Cron version -- %s)\n", rcsid);
529 
530 	/* copy the crontab to the tmp
531 	 */
532 	rewind(NewCrontab);
533 	Set_LineNum(1)
534 	while (EOF != (ch = get_char(NewCrontab)))
535 		putc(ch, tmp);
536 	ftruncate(fileno(tmp), ftello(tmp));
537 	fflush(tmp);  rewind(tmp);
538 
539 	if (ferror(tmp)) {
540 		warnx("error while writing new crontab to %s", tn);
541 		fclose(tmp);  unlink(tn);
542 		return (-2);
543 	}
544 
545 	/* check the syntax of the file being installed.
546 	 */
547 
548 	/* BUG: was reporting errors after the EOF if there were any errors
549 	 * in the file proper -- kludged it by stopping after first error.
550 	 *		vix 31mar87
551 	 */
552 	Set_LineNum(1 - NHEADER_LINES)
553 	CheckErrorCount = 0;  eof = FALSE;
554 	while (!CheckErrorCount && !eof) {
555 		switch (load_env(envstr, tmp)) {
556 		case ERR:
557 			eof = TRUE;
558 			break;
559 		case FALSE:
560 			e = load_entry(tmp, check_error, pw, envp);
561 			if (e)
562 				free_entry(e);
563 			break;
564 		case TRUE:
565 			break;
566 		}
567 	}
568 
569 	if (CheckErrorCount != 0) {
570 		warnx("errors in crontab file, can't install");
571 		fclose(tmp);  unlink(tn);
572 		return (-1);
573 	}
574 
575 #ifdef HAS_FCHOWN
576 	if (fchown(fileno(tmp), ROOT_UID, -1) < OK)
577 #else
578 	if (chown(tn, ROOT_UID, -1) < OK)
579 #endif
580 	{
581 		warn("chown");
582 		fclose(tmp);  unlink(tn);
583 		return (-2);
584 	}
585 
586 #ifdef HAS_FCHMOD
587 	if (fchmod(fileno(tmp), 0600) < OK)
588 #else
589 	if (chmod(tn, 0600) < OK)
590 #endif
591 	{
592 		warn("chown");
593 		fclose(tmp);  unlink(tn);
594 		return (-2);
595 	}
596 
597 	if (fclose(tmp) == EOF) {
598 		warn("fclose");
599 		unlink(tn);
600 		return (-2);
601 	}
602 
603 	(void) snprintf(n, sizeof(n), CRON_TAB(User));
604 	if (rename(tn, n)) {
605 		warn("error renaming %s to %s", tn, n);
606 		unlink(tn);
607 		return (-2);
608 	}
609 
610 	log_it(RealUser, Pid, "REPLACE", User);
611 
612 	/*
613 	 * Creating the 'tn' temp file has already updated the
614 	 * modification time of the spool directory.  Sleep for a
615 	 * second to ensure that poke_daemon() sets a later
616 	 * modification time.  Otherwise, this can race with the cron
617 	 * daemon scanning for updated crontabs.
618 	 */
619 	sleep(1);
620 
621 	poke_daemon();
622 
623 	return (0);
624 }
625 
626 
627 static void
628 poke_daemon() {
629 #ifdef USE_UTIMES
630 	struct timeval tvs[2];
631 
632 	(void)gettimeofday(&tvs[0], NULL);
633 	tvs[1] = tvs[0];
634 	if (utimes(SPOOL_DIR, tvs) < OK) {
635 		warn("can't update mtime on spooldir %s", SPOOL_DIR);
636 		return;
637 	}
638 #else
639 	if (utime(SPOOL_DIR, NULL) < OK) {
640 		warn("can't update mtime on spooldir %s", SPOOL_DIR);
641 		return;
642 	}
643 #endif /*USE_UTIMES*/
644 }
645