xref: /titanic_41/usr/src/cmd/cron/cron.c (revision 96d9f183facd90dbbc2268c9a51689be0b6a0b46)
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 /*
22  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
23  * Use is subject to license terms.
24  */
25 
26 /*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
27 /*	  All Rights Reserved  	*/
28 
29 /*	Copyright (c) 1987, 1988 Microsoft Corporation	*/
30 /*	  All Rights Reserved	*/
31 
32 #ifdef lint
33 /* make lint happy */
34 #define	__EXTENSIONS__
35 #endif
36 
37 #include <sys/contract/process.h>
38 #include <sys/ctfs.h>
39 #include <sys/param.h>
40 #include <sys/resource.h>
41 #include <sys/stat.h>
42 #include <sys/task.h>
43 #include <sys/time.h>
44 #include <sys/types.h>
45 #include <sys/utsname.h>
46 #include <sys/wait.h>
47 
48 #include <security/pam_appl.h>
49 
50 #include <alloca.h>
51 #include <ctype.h>
52 #include <deflt.h>
53 #include <dirent.h>
54 #include <errno.h>
55 #include <fcntl.h>
56 #include <grp.h>
57 #include <libcontract.h>
58 #include <libcontract_priv.h>
59 #include <limits.h>
60 #include <locale.h>
61 #include <poll.h>
62 #include <project.h>
63 #include <pwd.h>
64 #include <signal.h>
65 #include <stdarg.h>
66 #include <stdio.h>
67 #include <stdlib.h>
68 #include <string.h>
69 #include <stropts.h>
70 #include <time.h>
71 #include <unistd.h>
72 #include <libzoneinfo.h>
73 
74 #include "cron.h"
75 
76 /*
77  * #define	DEBUG
78  */
79 
80 #define	MAIL		"/usr/bin/mail"	/* mail program to use */
81 #define	CONSOLE		"/dev/console"	/* where messages go when cron dies */
82 
83 #define	TMPINFILE	"/tmp/crinXXXXXX"  /* file to put stdin in for cmd  */
84 #define	TMPDIR		"/tmp"
85 #define	PFX		"crout"
86 #define	TMPOUTFILE	"/tmp/croutXXXXXX" /* file to place stdout, stderr */
87 
88 #define	INMODE		00400		/* mode for stdin file	*/
89 #define	OUTMODE		00600		/* mode for stdout file */
90 #define	ISUID		S_ISUID		/* mode for verifing at jobs */
91 
92 #define	INFINITY	2147483647L	/* upper bound on time	*/
93 #define	CUSHION		180L
94 #define	ZOMB		100		/* proc slot used for mailing output */
95 
96 #define	JOBF		'j'
97 #define	NICEF		'n'
98 #define	USERF		'u'
99 #define	WAITF		'w'
100 
101 #define	BCHAR		'>'
102 #define	ECHAR		'<'
103 
104 #define	DEFAULT		0
105 #define	LOAD		1
106 #define	QBUFSIZ		80
107 
108 /* Defined actions for crabort() routine */
109 #define	NO_ACTION	000
110 #define	REMOVE_FIFO	001
111 #define	CONSOLE_MSG	002
112 
113 #define	BADCD		"can't change directory to the crontab directory."
114 #define	NOREADDIR	"can't read the crontab directory."
115 
116 #define	BADJOBOPEN	"unable to read your at job."
117 #define	BADSHELL	"because your login shell \
118 isn't /usr/bin/sh, you can't use cron."
119 
120 #define	BADSTAT		"can't access your crontab or at-job file. Resubmit it."
121 #define	BADPROJID	"can't set project id for your job."
122 #define	CANTCDHOME	"can't change directory to %s.\
123 \nYour commands will not be executed."
124 #define	CANTEXECSH	"unable to exec the shell, %s, for one of your \
125 commands."
126 #define	CANT_STR_LEN (sizeof (CANTEXECSH) > sizeof (CANTCDHOME) ? \
127 	sizeof (CANTEXECSH) : sizeof (CANTCDHOME))
128 #define	NOREAD		"can't read your crontab file.  Resubmit it."
129 #define	BADTYPE		"crontab or at-job file is not a regular file.\n"
130 #define	NOSTDIN		"unable to create a standard input file for \
131 one of your crontab commands. \
132 \nThat command was not executed."
133 
134 #define	NOTALLOWED	"you are not authorized to use cron.  Sorry."
135 #define	STDERRMSG	"\n\n********************************************\
136 *****\nCron: The previous message is the \
137 standard output and standard error \
138 \nof one of your cron commands.\n"
139 
140 #define	STDOUTERR	"one of your commands generated output or errors, \
141 but cron was unable to mail you this output.\
142 \nRemember to redirect standard output and standard \
143 error for each of your commands."
144 
145 #define	CLOCK_DRIFT	"clock time drifted backwards after event!\n"
146 #define	PIDERR		"unexpected pid returned %d (ignored)"
147 #define	CRONTABERR	"Subject: Your crontab file has an error in it\n\n"
148 #define	CRONOUT		"Subject: Output from \"cron\" command\n\n"
149 #define	MALLOCERR	"out of space, cannot create new string\n"
150 
151 #define	DIDFORK didfork
152 #define	NOFORK !didfork
153 
154 #define	MAILBUFLEN	(8*1024)
155 #define	LINELIMIT	80
156 #define	MAILBINITFREE	(MAILBUFLEN - (sizeof (cte_intro) - 1) \
157 	    - (sizeof (cte_trail1) - 1) - (sizeof (cte_trail2) - 1) - 1)
158 
159 #define	ERR_CRONTABENT	0	/* error in crontab file entry */
160 #define	ERR_UNIXERR	1	/* error in some system call */
161 #define	ERR_CANTEXECCRON 2	/* error setting up "cron" job environment */
162 #define	ERR_CANTEXECAT	3	/* error setting up "at" job environment */
163 #define	ERR_NOTREG	4	/* error not a regular file */
164 
165 #define	PROJECT		"project="
166 
167 #define	MAX_LOST_CONTRACTS	2048	/* reset if this many failed abandons */
168 
169 #define	FORMAT	"%a %b %e %H:%M:%S %Y"
170 static char	timebuf[80];
171 
172 static struct message msgbuf;
173 
174 struct shared {
175 	int count;			/* usage count */
176 	void (*free)(void *obj);	/* routine that will free obj */
177 	void *obj;			/* object */
178 };
179 
180 struct event {
181 	time_t time;	/* time of the event	*/
182 	short etype;	/* what type of event; 0=cron, 1=at	*/
183 	char *cmd;	/* command for cron, job name for at	*/
184 	struct usr *u;	/* ptr to the owner (usr) of this event	*/
185 	struct event *link;	/* ptr to another event for this user */
186 	union {
187 		struct { /* for crontab events */
188 			char *minute;	/*  (these	*/
189 			char *hour;	/*   fields	*/
190 			char *daymon;	/*   are	*/
191 			char *month;	/*   from	*/
192 			char *dayweek;	/*   crontab)	*/
193 			char *input;	/* ptr to stdin	*/
194 			struct shared *tz;	/* timezone of this event */
195 			struct shared *home;	/* directory for this event */
196 			struct shared *shell;	/* shell for this event */
197 		} ct;
198 		struct { /* for at events */
199 			short exists;	/* for revising at events	*/
200 			int eventid;	/* for el_remove-ing at events	*/
201 		} at;
202 	} of;
203 };
204 
205 struct usr {
206 	char *name;	/* name of user (e.g. "root")	*/
207 	char *home;	/* home directory for user	*/
208 	uid_t uid;	/* user id	*/
209 	gid_t gid;	/* group id	*/
210 	int aruncnt;	/* counter for running jobs per uid */
211 	int cruncnt;	/* counter for running cron jobs per uid */
212 	int ctid;	/* for el_remove-ing crontab events */
213 	short ctexists;	/* for revising crontab events	*/
214 	struct event *ctevents;	/* list of this usr's crontab events */
215 	struct event *atevents;	/* list of this usr's at events */
216 	struct usr *nextusr;
217 };	/* ptr to next user	*/
218 
219 static struct	queue
220 {
221 	int njob;	/* limit */
222 	int nice;	/* nice for execution */
223 	int nwait;	/* wait time to next execution attempt */
224 	int nrun;	/* number running */
225 }
226 	qd = {100, 2, 60},		/* default values for queue defs */
227 	qt[NQUEUE];
228 static struct	queue	qq;
229 
230 static struct runinfo
231 {
232 	pid_t	pid;
233 	short	que;
234 	struct  usr *rusr;	/* pointer to usr struct */
235 	char	*outfile;	/* file where stdout & stderr are trapped */
236 	short	jobtype;	/* what type of event: 0=cron, 1=at */
237 	char	*jobname;	/* command for "cron", jobname for "at" */
238 	int	mailwhendone;	/* 1 = send mail even if no ouptut */
239 	struct runinfo *next;
240 }	*rthead;
241 
242 static struct miscpid {
243 	pid_t		pid;
244 	struct miscpid	*next;
245 }	*miscpid_head;
246 
247 static pid_t cron_pid;	/* own pid */
248 static char didfork = 0; /* flag to see if I'm process group leader */
249 static int msgfd;	/* file descriptor for fifo queue */
250 static int ecid = 1;	/* event class id for el_remove(); MUST be set to 1 */
251 static int delayed;	/* is job being rescheduled or did it run first time */
252 static int cwd;		/* current working directory */
253 static struct event *next_event;	/* the next event to execute	*/
254 static struct usr *uhead;		/* ptr to the list of users	*/
255 
256 /* Variables for error handling at reading crontabs. */
257 static char cte_intro[] = "Line(s) with errors:\n\n";
258 static char cte_trail1[] = "\nMax number of errors encountered.";
259 static char cte_trail2[] = " Evaluation of crontab aborted.\n";
260 static int cte_free = MAILBINITFREE;	/* Free buffer space */
261 static char *cte_text = NULL;		/* Text buffer pointer */
262 static char *cte_lp;			/* Next free line in cte_text */
263 static int cte_nvalid;			/* Valid lines found */
264 
265 /* user's default environment for the shell */
266 #define	ROOTPATH	"PATH=/usr/sbin:/usr/bin"
267 #define	NONROOTPATH	"PATH=/usr/bin:"
268 
269 static char *Def_supath	= NULL;
270 static char *Def_path		= NULL;
271 static char path[LINE_MAX]	= "PATH=";
272 static char supath[LINE_MAX]	= "PATH=";
273 static char homedir[LINE_MAX]	= ENV_HOME;
274 static char logname[LINE_MAX]	= "LOGNAME=";
275 static char tzone[LINE_MAX]	= ENV_TZ;
276 static char *envinit[] = {
277 	homedir,
278 	logname,
279 	ROOTPATH,
280 	"SHELL=/usr/bin/sh",
281 	tzone,
282 	NULL
283 };
284 
285 extern char **environ;
286 
287 #define	DEFTZ		"GMT"
288 static	int	log = 0;
289 static	char	hzname[10];
290 
291 static void cronend(int);
292 static void thaw_handler(int);
293 static void child_handler(int);
294 static void child_sigreset(void);
295 
296 static void mod_ctab(char *, time_t);
297 static void mod_atjob(char *, time_t);
298 static void add_atevent(struct usr *, char *, time_t, int);
299 static void rm_ctevents(struct usr *);
300 static void cleanup(struct runinfo *rn, int r);
301 static void crabort(char *, int);
302 static void msg(char *fmt, ...);
303 static void ignore_msg(char *, char *, struct event *);
304 static void logit(int, struct runinfo *, int);
305 static void parsqdef(char *);
306 static void defaults();
307 static void initialize(int);
308 static void quedefs(int);
309 static int idle(long);
310 static struct usr *find_usr(char *);
311 static int ex(struct event *e);
312 static void read_dirs(int);
313 static void mail(char *, char *, int);
314 static char *next_field(int, int);
315 static void readcron(struct usr *, time_t);
316 static int next_ge(int, char *);
317 static void free_if_unused(struct usr *);
318 static void del_atjob(char *, char *);
319 static void del_ctab(char *);
320 static void resched(int);
321 static int msg_wait(long);
322 static struct runinfo *rinfo_get(pid_t);
323 static void rinfo_free(struct runinfo *rp);
324 static void mail_result(struct usr *p, struct runinfo *pr, size_t filesize);
325 static time_t next_time(struct event *, time_t);
326 static time_t get_switching_time(int, time_t);
327 static time_t xmktime(struct tm *);
328 static void process_msg(struct message *, time_t);
329 static void reap_child(void);
330 static void miscpid_insert(pid_t);
331 static int miscpid_delete(pid_t);
332 static void contract_set_template(void);
333 static void contract_clear_template(void);
334 static void contract_abandon_latest(pid_t);
335 
336 static void cte_init(void);
337 static void cte_add(int, char *);
338 static void cte_valid(void);
339 static int cte_istoomany(void);
340 static void cte_sendmail(char *);
341 
342 static int set_user_cred(const struct usr *, struct project *);
343 
344 static struct shared *create_shared_str(char *str);
345 static struct shared *dup_shared(struct shared *obj);
346 static void rel_shared(struct shared *obj);
347 static void *get_obj(struct shared *obj);
348 /*
349  * last_time is set immediately prior to exection of an event (via ex())
350  * to indicate the last time an event was executed.  This was (surely)
351  * it's original intended use.
352  */
353 static time_t last_time, init_time, t_old;
354 static int reset_needed; /* set to 1 when cron(1M) needs to re-initialize */
355 
356 static int		refresh;
357 static sigset_t		defmask, sigmask;
358 
359 /*
360  * BSM hooks
361  */
362 extern int	audit_cron_session(char *, char *, uid_t, gid_t, char *);
363 extern void	audit_cron_new_job(char *, int, void *);
364 extern void	audit_cron_bad_user(char *);
365 extern void	audit_cron_user_acct_expired(char *);
366 extern int	audit_cron_create_anc_file(char *, char *, char *, uid_t);
367 extern int	audit_cron_delete_anc_file(char *, char *);
368 extern int	audit_cron_is_anc_name(char *);
369 extern int	audit_cron_mode();
370 
371 static int cron_conv(int, struct pam_message **,
372 		struct pam_response **, void *);
373 
374 static struct pam_conv pam_conv = {cron_conv, NULL};
375 static pam_handle_t *pamh;	/* Authentication handle */
376 
377 /*
378  * Function to help check a user's credentials.
379  */
380 
381 static int verify_user_cred(struct usr *u);
382 
383 /*
384  * Values returned by verify_user_cred and set_user_cred:
385  */
386 
387 #define	VUC_OK		0
388 #define	VUC_BADUSER	1
389 #define	VUC_NOTINGROUP	2
390 #define	VUC_EXPIRED	3
391 #define	VUC_NEW_AUTH	4
392 
393 /*
394  * Modes of process_anc_files function
395  */
396 #define	CRON_ANC_DELETE	1
397 #define	CRON_ANC_CREATE	0
398 
399 /*
400  * Functions to remove a user or job completely from the running database.
401  */
402 static void clean_out_atjobs(struct usr *u);
403 static void clean_out_ctab(struct usr *u);
404 static void clean_out_user(struct usr *u);
405 static void cron_unlink(char *name);
406 static void process_anc_files(int);
407 
408 /*
409  * functions in elm.c
410  */
411 extern void el_init(int, time_t, time_t, int);
412 extern int el_add(void *, time_t, int);
413 extern void el_remove(int, int);
414 extern int el_empty(void);
415 extern void *el_first(void);
416 extern void el_delete(void);
417 
418 static int valid_entry(char *, int);
419 static struct usr *create_ulist(char *, int);
420 static void init_cronevent(char *, int);
421 static void init_atevent(char *, time_t, int, int);
422 static void update_atevent(struct usr *, char *, time_t, int);
423 
424 int
425 main(int argc, char *argv[])
426 {
427 	time_t t;
428 	time_t ne_time;		/* amt of time until next event execution */
429 	time_t newtime, lastmtime = 0L;
430 	struct usr *u;
431 	struct event *e, *e2, *eprev;
432 	struct stat buf;
433 	pid_t rfork;
434 	struct sigaction act;
435 
436 	/*
437 	 * reset_needed is set to 1 whenever el_add() finds out that a cron
438 	 * job is scheduled to be run before the time when cron(1M) daemon
439 	 * initialized.
440 	 * Other cases where a reset is needed is when ex() finds that the
441 	 * event to be executed is being run at the wrong time, or when idle()
442 	 * determines that time was reset.
443 	 * We immediately return to the top of the while (TRUE) loop in
444 	 * main() where the event list is cleared and rebuilt, and reset_needed
445 	 * is set back to 0.
446 	 */
447 	reset_needed = 0;
448 
449 	/*
450 	 * Only the privileged user can run this command.
451 	 */
452 	if (getuid() != 0)
453 		crabort(NOTALLOWED, 0);
454 
455 begin:
456 	(void) setlocale(LC_ALL, "");
457 	/* fork unless 'nofork' is specified */
458 	if ((argc <= 1) || (strcmp(argv[1], "nofork"))) {
459 		if (rfork = fork()) {
460 			if (rfork == (pid_t)-1) {
461 				(void) sleep(30);
462 				goto begin;
463 			}
464 			return (0);
465 		}
466 		didfork++;
467 		(void) setpgrp();	/* detach cron from console */
468 	}
469 
470 	(void) umask(022);
471 	(void) signal(SIGHUP, SIG_IGN);
472 	(void) signal(SIGINT, SIG_IGN);
473 	(void) signal(SIGQUIT, SIG_IGN);
474 	(void) signal(SIGTERM, cronend);
475 
476 	defaults();
477 	initialize(1);
478 	quedefs(DEFAULT);	/* load default queue definitions */
479 	cron_pid = getpid();
480 	msg("*** cron started ***   pid = %d", cron_pid);
481 
482 	/* setup THAW handler */
483 	act.sa_handler = thaw_handler;
484 	act.sa_flags = 0;
485 	(void) sigemptyset(&act.sa_mask);
486 	(void) sigaction(SIGTHAW, &act, NULL);
487 
488 	/* setup CHLD handler */
489 	act.sa_handler = child_handler;
490 	act.sa_flags = 0;
491 	(void) sigemptyset(&act.sa_mask);
492 	(void) sigaddset(&act.sa_mask, SIGCLD);
493 	(void) sigaction(SIGCLD, &act, NULL);
494 
495 	(void) sigemptyset(&defmask);
496 	(void) sigemptyset(&sigmask);
497 	(void) sigaddset(&sigmask, SIGCLD);
498 	(void) sigaddset(&sigmask, SIGTHAW);
499 	(void) sigprocmask(SIG_BLOCK, &sigmask, NULL);
500 
501 	t_old = init_time;
502 	last_time = t_old;
503 	for (;;) {		/* MAIN LOOP */
504 		t = time(NULL);
505 		if ((t_old > t) || (t-last_time > CUSHION) || reset_needed) {
506 			reset_needed = 0;
507 			/*
508 			 * the time was set backwards or forward or
509 			 * refresh is requested.
510 			 */
511 			if (refresh)
512 				msg("re-scheduling jobs");
513 			else
514 				msg("time was reset, re-initializing");
515 			el_delete();
516 			u = uhead;
517 			while (u != NULL) {
518 				rm_ctevents(u);
519 				e = u->atevents;
520 				while (e != NULL) {
521 					free(e->cmd);
522 					e2 = e->link;
523 					free(e);
524 					e = e2;
525 				}
526 				u->atevents = NULL;
527 				u = u->nextusr;
528 			}
529 			(void) close(msgfd);
530 			initialize(0);
531 			t = time(NULL);
532 			last_time = t;
533 			/*
534 			 * reset_needed might have been set in the functions
535 			 * call path from initialize()
536 			 */
537 			if (reset_needed) {
538 				continue;
539 			}
540 		}
541 		t_old = t;
542 
543 		if (next_event == NULL && !el_empty()) {
544 			next_event = (struct event *)el_first();
545 		}
546 		if (next_event == NULL) {
547 			ne_time = INFINITY;
548 		} else {
549 			ne_time = next_event->time - t;
550 #ifdef DEBUG
551 			cftime(timebuf, "%C", &next_event->time);
552 			(void) fprintf(stderr, "next_time=%ld %s\n",
553 			    next_event->time, timebuf);
554 #endif
555 		}
556 		if (ne_time > 0) {
557 			/*
558 			 * reset_needed may be set in the functions call path
559 			 * from idle()
560 			 */
561 			if (idle(ne_time) || reset_needed) {
562 				reset_needed = 1;
563 				continue;
564 			}
565 		}
566 
567 		if (stat(QUEDEFS, &buf)) {
568 			msg("cannot stat QUEDEFS file");
569 		} else if (lastmtime != buf.st_mtime) {
570 			quedefs(LOAD);
571 			lastmtime = buf.st_mtime;
572 		}
573 
574 		last_time = next_event->time; /* save execution time */
575 
576 		/*
577 		 * reset_needed may be set in the functions call path
578 		 * from ex()
579 		 */
580 		if (ex(next_event) || reset_needed) {
581 			reset_needed = 1;
582 			continue;
583 		}
584 
585 		switch (next_event->etype) {
586 		case CRONEVENT:
587 			/* add cronevent back into the main event list */
588 			if (delayed) {
589 				delayed = 0;
590 				break;
591 			}
592 
593 			/*
594 			 * check if time(0)< last_time. if so, then the
595 			 * system clock has gone backwards. to prevent this
596 			 * job from being started twice, we reschedule this
597 			 * job for the >>next time after last_time<<, and
598 			 * then set next_event->time to this. note that
599 			 * crontab's resolution is 1 minute.
600 			 */
601 
602 			if (last_time > time(NULL)) {
603 				msg(CLOCK_DRIFT);
604 				/*
605 				 * bump up to next 30 second
606 				 * increment
607 				 * 1 <= newtime <= 30
608 				 */
609 				newtime = 30 - (last_time % 30);
610 				newtime += last_time;
611 
612 				/*
613 				 * get the next scheduled event,
614 				 * not the one that we just
615 				 * kicked off!
616 				 */
617 				next_event->time =
618 				    next_time(next_event, newtime);
619 				t_old = time(NULL);
620 			} else {
621 				next_event->time =
622 				    next_time(next_event, (time_t)0);
623 			}
624 #ifdef DEBUG
625 			cftime(timebuf, "%C", &next_event->time);
626 			(void) fprintf(stderr,
627 			    "pushing back cron event %s at %ld (%s)\n",
628 			    next_event->cmd, next_event->time, timebuf);
629 #endif
630 
631 			switch (el_add(next_event, next_event->time,
632 			    (next_event->u)->ctid)) {
633 			case -1:
634 				ignore_msg("main", "cron", next_event);
635 				break;
636 			case -2: /* event time lower than init time */
637 				reset_needed = 1;
638 				break;
639 			}
640 			break;
641 		default:
642 			/* remove at or batch job from system */
643 			if (delayed) {
644 				delayed = 0;
645 				break;
646 			}
647 			eprev = NULL;
648 			e = (next_event->u)->atevents;
649 			while (e != NULL) {
650 				if (e == next_event) {
651 					if (eprev == NULL)
652 						(e->u)->atevents = e->link;
653 					else
654 						eprev->link = e->link;
655 					free(e->cmd);
656 					free(e);
657 					break;
658 				} else {
659 					eprev = e;
660 					e = e->link;
661 				}
662 			}
663 			break;
664 		}
665 		next_event = NULL;
666 	}
667 
668 	/*NOTREACHED*/
669 }
670 
671 static void
672 initialize(int firstpass)
673 {
674 #ifdef DEBUG
675 	(void) fprintf(stderr, "in initialize\n");
676 #endif
677 	if (firstpass) {
678 		/* for mail(1), make sure messages come from root */
679 		if (putenv("LOGNAME=root") != 0) {
680 			crabort("cannot expand env variable",
681 			    REMOVE_FIFO|CONSOLE_MSG);
682 		}
683 		if (access(FIFO, R_OK) == -1) {
684 			if (errno == ENOENT) {
685 				if (mknod(FIFO, S_IFIFO|0600, 0) != 0)
686 					crabort("cannot create fifo queue",
687 					    REMOVE_FIFO|CONSOLE_MSG);
688 			} else {
689 				if (NOFORK) {
690 					/* didn't fork... init(1M) is waiting */
691 					(void) sleep(60);
692 				}
693 				perror("FIFO");
694 				crabort("cannot access fifo queue",
695 				    REMOVE_FIFO|CONSOLE_MSG);
696 			}
697 		} else {
698 			if (NOFORK) {
699 				/* didn't fork... init(1M) is waiting */
700 				(void) sleep(60);
701 				/*
702 				 * the wait is painful, but we don't want
703 				 * init respawning this quickly
704 				 */
705 			}
706 			crabort("cannot start cron; FIFO exists", CONSOLE_MSG);
707 		}
708 	}
709 
710 	if ((msgfd = open(FIFO, O_RDWR)) < 0) {
711 		perror("! open");
712 		crabort("cannot open fifo queue", REMOVE_FIFO|CONSOLE_MSG);
713 	}
714 
715 	init_time = time(NULL);
716 	el_init(8, init_time, (time_t)(60*60*24), 10);
717 
718 	init_time = time(NULL);
719 	el_init(8, init_time, (time_t)(60*60*24), 10);
720 
721 	/*
722 	 * read directories, create users list, and add events to the
723 	 * main event list. Only zero user list on firstpass.
724 	 */
725 	if (firstpass)
726 		uhead = NULL;
727 	read_dirs(firstpass);
728 	next_event = NULL;
729 
730 	if (!firstpass)
731 		return;
732 
733 	/* stdout is log file */
734 	if (freopen(ACCTFILE, "a", stdout) == NULL)
735 		(void) fprintf(stderr, "cannot open %s\n", ACCTFILE);
736 
737 	/* log should be root-only */
738 	(void) fchmod(1, S_IRUSR|S_IWUSR);
739 
740 	/* stderr also goes to ACCTFILE */
741 	(void) close(fileno(stderr));
742 	(void) dup(1);
743 	/* null for stdin */
744 	(void) freopen("/dev/null", "r", stdin);
745 
746 	contract_set_template();
747 }
748 
749 static void
750 read_dirs(int first)
751 {
752 	DIR		*dir;
753 	struct dirent	*dp;
754 	char		*ptr;
755 	int		jobtype;
756 	time_t		tim;
757 
758 
759 	if (chdir(CRONDIR) == -1)
760 		crabort(BADCD, REMOVE_FIFO|CONSOLE_MSG);
761 	cwd = CRON;
762 	if ((dir = opendir(".")) == NULL)
763 		crabort(NOREADDIR, REMOVE_FIFO|CONSOLE_MSG);
764 	while ((dp = readdir(dir)) != NULL) {
765 		if (!valid_entry(dp->d_name, CRONEVENT))
766 			continue;
767 		init_cronevent(dp->d_name, first);
768 	}
769 	(void) closedir(dir);
770 
771 	if (chdir(ATDIR) == -1) {
772 		msg("cannot chdir to at directory");
773 		return;
774 	}
775 	if ((dir = opendir(".")) == NULL) {
776 		msg("cannot read at at directory");
777 		return;
778 	}
779 	cwd = AT;
780 	while ((dp = readdir(dir)) != NULL) {
781 		if (!valid_entry(dp->d_name, ATEVENT))
782 			continue;
783 		ptr = dp->d_name;
784 		if (((tim = num(&ptr)) == 0) || (*ptr != '.'))
785 			continue;
786 		ptr++;
787 		if (!isalpha(*ptr))
788 			continue;
789 		jobtype = *ptr - 'a';
790 		if (jobtype >= NQUEUE) {
791 			cron_unlink(dp->d_name);
792 			continue;
793 		}
794 		init_atevent(dp->d_name, tim, jobtype, first);
795 	}
796 	(void) closedir(dir);
797 }
798 
799 static int
800 valid_entry(char *name, int type)
801 {
802 	struct stat	buf;
803 
804 	if (strcmp(name, ".") == 0 ||
805 	    strcmp(name, "..") == 0)
806 		return (0);
807 
808 	/* skip over ancillary file names */
809 	if (audit_cron_is_anc_name(name))
810 		return (0);
811 
812 	if (stat(name, &buf)) {
813 		mail(name, BADSTAT, ERR_UNIXERR);
814 		cron_unlink(name);
815 		return (0);
816 	}
817 	if (!S_ISREG(buf.st_mode)) {
818 		mail(name, BADTYPE, ERR_NOTREG);
819 		cron_unlink(name);
820 		return (0);
821 	}
822 	if (type == ATEVENT) {
823 		if (!(buf.st_mode & ISUID)) {
824 			cron_unlink(name);
825 			return (0);
826 		}
827 	}
828 	return (1);
829 }
830 
831 struct usr *
832 create_ulist(char *name, int type)
833 {
834 	struct usr	*u;
835 
836 	u = xcalloc(1, sizeof (struct usr));
837 	u->name = xstrdup(name);
838 	if (type == CRONEVENT) {
839 		u->ctexists = TRUE;
840 		u->ctid = ecid++;
841 	} else {
842 		u->ctexists = FALSE;
843 		u->ctid = 0;
844 	}
845 	u->uid = (uid_t)-1;
846 	u->gid = (uid_t)-1;
847 	u->nextusr = uhead;
848 	uhead = u;
849 	return (u);
850 }
851 
852 void
853 init_cronevent(char *name, int first)
854 {
855 	struct usr	*u;
856 
857 	if (first) {
858 		u = create_ulist(name, CRONEVENT);
859 		readcron(u, 0);
860 	} else {
861 		if ((u = find_usr(name)) == NULL) {
862 			u = create_ulist(name, CRONEVENT);
863 			readcron(u, 0);
864 		} else {
865 			u->ctexists = TRUE;
866 			rm_ctevents(u);
867 			el_remove(u->ctid, 0);
868 			readcron(u, 0);
869 		}
870 	}
871 }
872 
873 void
874 init_atevent(char *name, time_t tim, int jobtype, int first)
875 {
876 	struct usr	*u;
877 
878 	if (first) {
879 		u = create_ulist(name, ATEVENT);
880 		add_atevent(u, name, tim, jobtype);
881 	} else {
882 		if ((u = find_usr(name)) == NULL) {
883 			u = create_ulist(name, ATEVENT);
884 			add_atevent(u, name, tim, jobtype);
885 		} else {
886 			update_atevent(u, name, tim, jobtype);
887 		}
888 	}
889 }
890 
891 static void
892 mod_ctab(char *name, time_t reftime)
893 {
894 	struct	passwd	*pw;
895 	struct	stat	buf;
896 	struct	usr	*u;
897 	char	namebuf[LINE_MAX];
898 	char	*pname;
899 
900 	/* skip over ancillary file names */
901 	if (audit_cron_is_anc_name(name))
902 		return;
903 
904 	if ((pw = getpwnam(name)) == NULL) {
905 		msg("No such user as %s - cron entries not created", name);
906 		return;
907 	}
908 	if (cwd != CRON) {
909 		if (snprintf(namebuf, sizeof (namebuf), "%s/%s",
910 		    CRONDIR, name) >= sizeof (namebuf)) {
911 			msg("Too long path name %s - cron entries not created",
912 			    namebuf);
913 			return;
914 		}
915 		pname = namebuf;
916 	} else {
917 		pname = name;
918 	}
919 	/*
920 	 * a warning message is given by the crontab command so there is
921 	 * no need to give one here......  use this code if you only want
922 	 * users with a login shell of /usr/bin/sh to use cron
923 	 */
924 #ifdef BOURNESHELLONLY
925 	if ((strcmp(pw->pw_shell, "") != 0) &&
926 	    (strcmp(pw->pw_shell, SHELL) != 0)) {
927 		mail(name, BADSHELL, ERR_CANTEXECCRON);
928 		cron_unlink(pname);
929 		return;
930 	}
931 #endif
932 	if (stat(pname, &buf)) {
933 		mail(name, BADSTAT, ERR_UNIXERR);
934 		cron_unlink(pname);
935 		return;
936 	}
937 	if (!S_ISREG(buf.st_mode)) {
938 		mail(name, BADTYPE, ERR_CRONTABENT);
939 		return;
940 	}
941 	if ((u = find_usr(name)) == NULL) {
942 #ifdef DEBUG
943 		(void) fprintf(stderr, "new user (%s) with a crontab\n", name);
944 #endif
945 		u = create_ulist(name, CRONEVENT);
946 		u->home = xmalloc(strlen(pw->pw_dir) + 1);
947 		(void) strcpy(u->home, pw->pw_dir);
948 		u->uid = pw->pw_uid;
949 		u->gid = pw->pw_gid;
950 		readcron(u, reftime);
951 	} else {
952 		u->uid = pw->pw_uid;
953 		u->gid = pw->pw_gid;
954 		if (u->home != NULL) {
955 			if (strcmp(u->home, pw->pw_dir) != 0) {
956 				free(u->home);
957 				u->home = xmalloc(strlen(pw->pw_dir) + 1);
958 				(void) strcpy(u->home, pw->pw_dir);
959 			}
960 		} else {
961 			u->home = xmalloc(strlen(pw->pw_dir) + 1);
962 			(void) strcpy(u->home, pw->pw_dir);
963 		}
964 		u->ctexists = TRUE;
965 		if (u->ctid == 0) {
966 #ifdef DEBUG
967 			(void) fprintf(stderr, "%s now has a crontab\n",
968 			    u->name);
969 #endif
970 			/* user didnt have a crontab last time */
971 			u->ctid = ecid++;
972 			u->ctevents = NULL;
973 			readcron(u, reftime);
974 			return;
975 		}
976 #ifdef DEBUG
977 		(void) fprintf(stderr, "%s has revised his crontab\n", u->name);
978 #endif
979 		rm_ctevents(u);
980 		el_remove(u->ctid, 0);
981 		readcron(u, reftime);
982 	}
983 }
984 
985 /* ARGSUSED */
986 static void
987 mod_atjob(char *name, time_t reftime)
988 {
989 	char	*ptr;
990 	time_t	tim;
991 	struct	passwd	*pw;
992 	struct	stat	buf;
993 	struct	usr	*u;
994 	char	namebuf[PATH_MAX];
995 	char	*pname;
996 	int	jobtype;
997 
998 	ptr = name;
999 	if (((tim = num(&ptr)) == 0) || (*ptr != '.'))
1000 		return;
1001 	ptr++;
1002 	if (!isalpha(*ptr))
1003 		return;
1004 	jobtype = *ptr - 'a';
1005 
1006 	/* check for audit ancillary file */
1007 	if (audit_cron_is_anc_name(name))
1008 		return;
1009 
1010 	if (cwd != AT) {
1011 		if (snprintf(namebuf, sizeof (namebuf), "%s/%s", ATDIR, name)
1012 		    >= sizeof (namebuf)) {
1013 			return;
1014 		}
1015 		pname = namebuf;
1016 	} else {
1017 		pname = name;
1018 	}
1019 	if (stat(pname, &buf) || jobtype >= NQUEUE) {
1020 		cron_unlink(pname);
1021 		return;
1022 	}
1023 	if (!(buf.st_mode & ISUID) || !S_ISREG(buf.st_mode)) {
1024 		cron_unlink(pname);
1025 		return;
1026 	}
1027 	if ((pw = getpwuid(buf.st_uid)) == NULL) {
1028 		cron_unlink(pname);
1029 		return;
1030 	}
1031 	/*
1032 	 * a warning message is given by the at command so there is no
1033 	 * need to give one here......use this code if you only want
1034 	 * users with a login shell of /usr/bin/sh to use cron
1035 	 */
1036 #ifdef BOURNESHELLONLY
1037 	if ((strcmp(pw->pw_shell, "") != 0) &&
1038 	    (strcmp(pw->pw_shell, SHELL) != 0)) {
1039 		mail(pw->pw_name, BADSHELL, ERR_CANTEXECAT);
1040 		cron_unlink(pname);
1041 		return;
1042 	}
1043 #endif
1044 	if ((u = find_usr(pw->pw_name)) == NULL) {
1045 #ifdef DEBUG
1046 		(void) fprintf(stderr, "new user (%s) with an at job = %s\n",
1047 		    pw->pw_name, name);
1048 #endif
1049 		u = create_ulist(pw->pw_name, ATEVENT);
1050 		u->home = xstrdup(pw->pw_dir);
1051 		u->uid = pw->pw_uid;
1052 		u->gid = pw->pw_gid;
1053 		add_atevent(u, name, tim, jobtype);
1054 	} else {
1055 		u->uid = pw->pw_uid;
1056 		u->gid = pw->pw_gid;
1057 		free(u->home);
1058 		u->home = xstrdup(pw->pw_dir);
1059 		update_atevent(u, name, tim, jobtype);
1060 	}
1061 }
1062 
1063 static void
1064 add_atevent(struct usr *u, char *job, time_t tim, int jobtype)
1065 {
1066 	struct event *e;
1067 
1068 	e = xmalloc(sizeof (struct event));
1069 	e->etype = jobtype;
1070 	e->cmd = xmalloc(strlen(job) + 1);
1071 	(void) strcpy(e->cmd, job);
1072 	e->u = u;
1073 	e->link = u->atevents;
1074 	u->atevents = e;
1075 	e->of.at.exists = TRUE;
1076 	e->of.at.eventid = ecid++;
1077 	if (tim < init_time)	/* old job */
1078 		e->time = init_time;
1079 	else
1080 		e->time = tim;
1081 #ifdef DEBUG
1082 	(void) fprintf(stderr, "add_atevent: user=%s, job=%s, time=%ld\n",
1083 	    u->name, e->cmd, e->time);
1084 #endif
1085 	if (el_add(e, e->time, e->of.at.eventid) < 0) {
1086 		ignore_msg("add_atevent", "at", e);
1087 	}
1088 }
1089 
1090 void
1091 update_atevent(struct usr *u, char *name, time_t tim, int jobtype)
1092 {
1093 	struct event *e;
1094 
1095 	e = u->atevents;
1096 	while (e != NULL) {
1097 		if (strcmp(e->cmd, name) == 0) {
1098 			e->of.at.exists = TRUE;
1099 			break;
1100 		} else {
1101 			e = e->link;
1102 		}
1103 	}
1104 	if (e == NULL) {
1105 #ifdef DEBUG
1106 		(void) fprintf(stderr, "%s has a new at job = %s\n",
1107 		    u->name, name);
1108 #endif
1109 			add_atevent(u, name, tim, jobtype);
1110 	}
1111 }
1112 
1113 static char line[CTLINESIZE];	/* holds a line from a crontab file */
1114 static int cursor;		/* cursor for the above line */
1115 
1116 static void
1117 readcron(struct usr *u, time_t reftime)
1118 {
1119 	/*
1120 	 * readcron reads in a crontab file for a user (u). The list of
1121 	 * events for user u is built, and u->events is made to point to
1122 	 * this list. Each event is also entered into the main event
1123 	 * list.
1124 	 */
1125 	FILE *cf;	/* cf will be a user's crontab file */
1126 	struct event *e;
1127 	int start;
1128 	unsigned int i;
1129 	char namebuf[PATH_MAX];
1130 	char *pname;
1131 	struct shared *tz = NULL;
1132 	struct shared *home = NULL;
1133 	struct shared *shell = NULL;
1134 	int lineno = 0;
1135 
1136 	/* read the crontab file */
1137 	cte_init();		/* Init error handling */
1138 	if (cwd != CRON) {
1139 		if (snprintf(namebuf, sizeof (namebuf), "%s/%s",
1140 		    CRONDIR, u->name) >= sizeof (namebuf)) {
1141 			return;
1142 		}
1143 		pname = namebuf;
1144 	} else {
1145 		pname = u->name;
1146 	}
1147 	if ((cf = fopen(pname, "r")) == NULL) {
1148 		mail(u->name, NOREAD, ERR_UNIXERR);
1149 		return;
1150 	}
1151 	while (fgets(line, CTLINESIZE, cf) != NULL) {
1152 		char *tmp;
1153 		/* process a line of a crontab file */
1154 		lineno++;
1155 		if (cte_istoomany())
1156 			break;
1157 		cursor = 0;
1158 		while (line[cursor] == ' ' || line[cursor] == '\t')
1159 			cursor++;
1160 		if (line[cursor] == '#' || line[cursor] == '\n')
1161 			continue;
1162 
1163 		if (strncmp(&line[cursor], ENV_TZ,
1164 		    strlen(ENV_TZ)) == 0) {
1165 			if ((tmp = strchr(&line[cursor], '\n')) != NULL) {
1166 				*tmp = NULL;
1167 			}
1168 
1169 			if (!isvalid_tz(&line[cursor + strlen(ENV_TZ)], NULL,
1170 			    _VTZ_ALL)) {
1171 				cte_add(lineno, line);
1172 				break;
1173 			}
1174 			if (tz == NULL || strcmp(&line[cursor], get_obj(tz))) {
1175 				rel_shared(tz);
1176 				tz = create_shared_str(&line[cursor]);
1177 			}
1178 			continue;
1179 		}
1180 
1181 		if (strncmp(&line[cursor], ENV_HOME,
1182 		    strlen(ENV_HOME)) == 0) {
1183 			if ((tmp = strchr(&line[cursor], '\n')) != NULL) {
1184 				*tmp = NULL;
1185 			}
1186 			if (home == NULL ||
1187 			    strcmp(&line[cursor], get_obj(home))) {
1188 				rel_shared(home);
1189 				home = create_shared_str(
1190 				    &line[cursor + strlen(ENV_HOME)]);
1191 			}
1192 			continue;
1193 		}
1194 
1195 		if (strncmp(&line[cursor], ENV_SHELL,
1196 		    strlen(ENV_SHELL)) == 0) {
1197 			if ((tmp = strchr(&line[cursor], '\n')) != NULL) {
1198 				*tmp = NULL;
1199 			}
1200 			if (shell == NULL ||
1201 			    strcmp(&line[cursor], get_obj(shell))) {
1202 				rel_shared(shell);
1203 				shell = create_shared_str(&line[cursor]);
1204 			}
1205 			continue;
1206 		}
1207 
1208 		e = xmalloc(sizeof (struct event));
1209 		e->etype = CRONEVENT;
1210 		if (!(((e->of.ct.minute = next_field(0, 59)) != NULL) &&
1211 		    ((e->of.ct.hour = next_field(0, 23)) != NULL) &&
1212 		    ((e->of.ct.daymon = next_field(1, 31)) != NULL) &&
1213 		    ((e->of.ct.month = next_field(1, 12)) != NULL) &&
1214 		    ((e->of.ct.dayweek = next_field(0, 6)) != NULL))) {
1215 			free(e);
1216 			cte_add(lineno, line);
1217 			continue;
1218 		}
1219 		while (line[cursor] == ' ' || line[cursor] == '\t')
1220 			cursor++;
1221 		if (line[cursor] == '\n' || line[cursor] == '\0')
1222 			continue;
1223 		/* get the command to execute	*/
1224 		start = cursor;
1225 again:
1226 		while ((line[cursor] != '%') &&
1227 		    (line[cursor] != '\n') &&
1228 		    (line[cursor] != '\0') &&
1229 		    (line[cursor] != '\\'))
1230 			cursor++;
1231 		if (line[cursor] == '\\') {
1232 			cursor += 2;
1233 			goto again;
1234 		}
1235 		e->cmd = xmalloc(cursor-start + 1);
1236 		(void) strncpy(e->cmd, line + start, cursor-start);
1237 		e->cmd[cursor-start] = '\0';
1238 		/* see if there is any standard input	*/
1239 		if (line[cursor] == '%') {
1240 			e->of.ct.input = xmalloc(strlen(line)-cursor + 1);
1241 			(void) strcpy(e->of.ct.input, line + cursor + 1);
1242 			for (i = 0; i < strlen(e->of.ct.input); i++) {
1243 				if (e->of.ct.input[i] == '%')
1244 					e->of.ct.input[i] = '\n';
1245 			}
1246 		} else {
1247 			e->of.ct.input = NULL;
1248 		}
1249 		/* set the timezone of this entry */
1250 		e->of.ct.tz = dup_shared(tz);
1251 		/* set the shell of this entry */
1252 		e->of.ct.shell = dup_shared(shell);
1253 		/* set the home of this entry */
1254 		e->of.ct.home = dup_shared(home);
1255 		/* have the event point to it's owner	*/
1256 		e->u = u;
1257 		/* insert this event at the front of this user's event list */
1258 		e->link = u->ctevents;
1259 		u->ctevents = e;
1260 		/* set the time for the first occurance of this event	*/
1261 		e->time = next_time(e, reftime);
1262 		/* finally, add this event to the main event list	*/
1263 		switch (el_add(e, e->time, u->ctid)) {
1264 		case -1:
1265 			ignore_msg("readcron", "cron", e);
1266 			break;
1267 		case -2: /* event time lower than init time */
1268 			reset_needed = 1;
1269 			break;
1270 		}
1271 		cte_valid();
1272 #ifdef DEBUG
1273 		cftime(timebuf, "%C", &e->time);
1274 		(void) fprintf(stderr, "inserting cron event %s at %ld (%s)\n",
1275 		    e->cmd, e->time, timebuf);
1276 #endif
1277 	}
1278 	cte_sendmail(u->name);	/* mail errors if any to user */
1279 	(void) fclose(cf);
1280 	rel_shared(tz);
1281 	rel_shared(shell);
1282 	rel_shared(home);
1283 }
1284 
1285 /*
1286  * Below are the functions for handling of errors in crontabs. Concept is to
1287  * collect faulty lines and send one email at the end of the crontab
1288  * evaluation. If there are erroneous lines only ((cte_nvalid == 0), evaluation
1289  * of crontab is aborted. Otherwise reading of crontab is continued to the end
1290  * of the file but no further error logging appears.
1291  */
1292 static void
1293 cte_init()
1294 {
1295 	if (cte_text == NULL)
1296 		cte_text = xmalloc(MAILBUFLEN);
1297 	(void) strlcpy(cte_text, cte_intro, MAILBUFLEN);
1298 	cte_lp = cte_text + sizeof (cte_intro) - 1;
1299 	cte_free = MAILBINITFREE;
1300 	cte_nvalid = 0;
1301 }
1302 
1303 static void
1304 cte_add(int lineno, char *ctline)
1305 {
1306 	int len;
1307 	char *p;
1308 
1309 	if (cte_free >= LINELIMIT) {
1310 		(void) sprintf(cte_lp, "%4d: ", lineno);
1311 		(void) strlcat(cte_lp, ctline, LINELIMIT - 1);
1312 		len = strlen(cte_lp);
1313 		if (cte_lp[len - 1] != '\n') {
1314 			cte_lp[len++] = '\n';
1315 			cte_lp[len] = '\0';
1316 		}
1317 		for (p = cte_lp; *p; p++) {
1318 			if (isprint(*p) || *p == '\n' || *p == '\t')
1319 				continue;
1320 			*p = '.';
1321 		}
1322 		cte_lp += len;
1323 		cte_free -= len;
1324 		if (cte_free < LINELIMIT) {
1325 			size_t buflen = MAILBUFLEN - (cte_lp - cte_text);
1326 			(void) strlcpy(cte_lp, cte_trail1, buflen);
1327 			if (cte_nvalid == 0)
1328 				(void) strlcat(cte_lp, cte_trail2, buflen);
1329 		}
1330 	}
1331 }
1332 
1333 static void
1334 cte_valid()
1335 {
1336 	cte_nvalid++;
1337 }
1338 
1339 static int
1340 cte_istoomany()
1341 {
1342 	/*
1343 	 * Return TRUE only if all lines are faulty. So evaluation of
1344 	 * a crontab is not aborted if at least one valid line was found.
1345 	 */
1346 	return (cte_nvalid == 0 && cte_free < LINELIMIT);
1347 }
1348 
1349 static void
1350 cte_sendmail(char *username)
1351 {
1352 	if (cte_free < MAILBINITFREE)
1353 		mail(username, cte_text, ERR_CRONTABENT);
1354 }
1355 
1356 /*
1357  * Send mail with error message to a user
1358  */
1359 static void
1360 mail(char *usrname, char *mesg, int format)
1361 {
1362 	/* mail mails a user a message.	*/
1363 	FILE *pipe;
1364 	char *temp;
1365 	struct passwd	*ruser_ids;
1366 	pid_t fork_val;
1367 	int saveerrno = errno;
1368 	struct utsname	name;
1369 
1370 #ifdef TESTING
1371 	return;
1372 #endif
1373 	(void) uname(&name);
1374 	if ((fork_val = fork()) == (pid_t)-1) {
1375 		msg("cron cannot fork\n");
1376 		return;
1377 	}
1378 	if (fork_val == 0) {
1379 		child_sigreset();
1380 		contract_clear_template();
1381 		if ((ruser_ids = getpwnam(usrname)) == NULL)
1382 			exit(0);
1383 		(void) setuid(ruser_ids->pw_uid);
1384 		temp = xmalloc(strlen(MAIL) + strlen(usrname) + 2);
1385 		(void) sprintf(temp, "%s %s", MAIL, usrname);
1386 		pipe = popen(temp, "w");
1387 		if (pipe != NULL) {
1388 			(void) fprintf(pipe, "To: %s\n", usrname);
1389 			switch (format) {
1390 			case ERR_CRONTABENT:
1391 				(void) fprintf(pipe, CRONTABERR);
1392 				(void) fprintf(pipe, "Your \"crontab\" on %s\n",
1393 				    name.nodename);
1394 				(void) fprintf(pipe, mesg);
1395 				(void) fprintf(pipe,
1396 				    "\nEntries or crontab have been ignored\n");
1397 				break;
1398 			case ERR_UNIXERR:
1399 				(void) fprintf(pipe, "Subject: %s\n\n", mesg);
1400 				(void) fprintf(pipe,
1401 				    "The error on %s was \"%s\"\n",
1402 				    name.nodename, errmsg(saveerrno));
1403 				break;
1404 
1405 			case ERR_CANTEXECCRON:
1406 				(void) fprintf(pipe,
1407 				"Subject: Couldn't run your \"cron\" job\n\n");
1408 				(void) fprintf(pipe,
1409 				    "Your \"cron\" job on %s ", name.nodename);
1410 				(void) fprintf(pipe, "couldn't be run\n");
1411 				(void) fprintf(pipe, "%s\n", mesg);
1412 				(void) fprintf(pipe,
1413 				"The error was \"%s\"\n", errmsg(saveerrno));
1414 				break;
1415 
1416 			case ERR_CANTEXECAT:
1417 				(void) fprintf(pipe,
1418 				"Subject: Couldn't run your \"at\" job\n\n");
1419 				(void) fprintf(pipe, "Your \"at\" job on %s ",
1420 				    name.nodename);
1421 				(void) fprintf(pipe, "couldn't be run\n");
1422 				(void) fprintf(pipe, "%s\n", mesg);
1423 				(void) fprintf(pipe,
1424 				"The error was \"%s\"\n", errmsg(saveerrno));
1425 				break;
1426 
1427 			default:
1428 				break;
1429 			}
1430 			(void) pclose(pipe);
1431 		}
1432 		free(temp);
1433 		exit(0);
1434 	}
1435 
1436 	contract_abandon_latest(fork_val);
1437 
1438 	if (cron_pid == getpid()) {
1439 		miscpid_insert(fork_val);
1440 	}
1441 }
1442 
1443 static char *
1444 next_field(int lower, int upper)
1445 {
1446 	/*
1447 	 * next_field returns a pointer to a string which holds the next
1448 	 * field of a line of a crontab file.
1449 	 *   if (numbers in this field are out of range (lower..upper),
1450 	 *	or there is a syntax error) then
1451 	 *	NULL is returned, and a mail message is sent to the
1452 	 *	user telling him which line the error was in.
1453 	 */
1454 
1455 	char *s;
1456 	int num, num2, start;
1457 
1458 	while ((line[cursor] == ' ') || (line[cursor] == '\t'))
1459 		cursor++;
1460 	start = cursor;
1461 	if (line[cursor] == '\0') {
1462 		return (NULL);
1463 	}
1464 	if (line[cursor] == '*') {
1465 		cursor++;
1466 		if ((line[cursor] != ' ') && (line[cursor] != '\t'))
1467 			return (NULL);
1468 		s = xmalloc(2);
1469 		(void) strcpy(s, "*");
1470 		return (s);
1471 	}
1472 	for (;;) {
1473 		if (!isdigit(line[cursor]))
1474 			return (NULL);
1475 		num = 0;
1476 		do {
1477 			num = num*10 + (line[cursor]-'0');
1478 		} while (isdigit(line[++cursor]));
1479 		if ((num < lower) || (num > upper))
1480 			return (NULL);
1481 		if (line[cursor] == '-') {
1482 			if (!isdigit(line[++cursor]))
1483 				return (NULL);
1484 			num2 = 0;
1485 			do {
1486 				num2 = num2*10 + (line[cursor]-'0');
1487 			} while (isdigit(line[++cursor]));
1488 			if ((num2 < lower) || (num2 > upper))
1489 				return (NULL);
1490 		}
1491 		if ((line[cursor] == ' ') || (line[cursor] == '\t'))
1492 			break;
1493 		if (line[cursor] == '\0')
1494 			return (NULL);
1495 		if (line[cursor++] != ',')
1496 			return (NULL);
1497 	}
1498 	s = xmalloc(cursor-start + 1);
1499 	(void) strncpy(s, line + start, cursor-start);
1500 	s[cursor-start] = '\0';
1501 	return (s);
1502 }
1503 
1504 #define	tm_cmp(t1, t2) (\
1505 	(t1)->tm_year == (t2)->tm_year && \
1506 	(t1)->tm_mon == (t2)->tm_mon && \
1507 	(t1)->tm_mday == (t2)->tm_mday && \
1508 	(t1)->tm_hour == (t2)->tm_hour && \
1509 	(t1)->tm_min == (t2)->tm_min)
1510 
1511 #define	tm_setup(tp, yr, mon, dy, hr, min, dst) \
1512 	(tp)->tm_year = yr; \
1513 	(tp)->tm_mon = mon; \
1514 	(tp)->tm_mday = dy; \
1515 	(tp)->tm_hour = hr; \
1516 	(tp)->tm_min = min; \
1517 	(tp)->tm_isdst = dst; \
1518 	(tp)->tm_sec = 0; \
1519 	(tp)->tm_wday = 0; \
1520 	(tp)->tm_yday = 0;
1521 
1522 /*
1523  * modification for bugid 1104537. the second argument to next_time is
1524  * now the value of time(2) to be used. if this is 0, then use the
1525  * current time. otherwise, the second argument is the time from which to
1526  * calculate things. this is useful to correct situations where you've
1527  * gone backwards in time (I.e. the system's internal clock is correcting
1528  * itself backwards).
1529  */
1530 
1531 
1532 
1533 static time_t
1534 tz_next_time(struct event *e, time_t tflag)
1535 {
1536 	/*
1537 	 * returns the integer time for the next occurance of event e.
1538 	 * the following fields have ranges as indicated:
1539 	 * PRGM  | min	hour	day of month	mon	day of week
1540 	 * ------|-------------------------------------------------------
1541 	 * cron  | 0-59	0-23	    1-31	1-12	0-6 (0=sunday)
1542 	 * time  | 0-59	0-23	    1-31	0-11	0-6 (0=sunday)
1543 	 * NOTE: this routine is hard to understand.
1544 	 */
1545 
1546 	struct tm *tm, ref_tm, tmp, tmp1, tmp2;
1547 	int tm_mon, tm_mday, tm_wday, wday, m, min, h, hr, carry, day, days;
1548 	int d1, day1, carry1, d2, day2, carry2, daysahead, mon, yr, db, wd;
1549 	int today;
1550 	time_t t, ref_t, t1, t2, zone_start;
1551 	int fallback;
1552 	extern int days_btwn(int, int, int, int, int, int);
1553 
1554 	if (tflag == 0) {
1555 		t = time(NULL);	/* original way of doing things	*/
1556 	} else {
1557 		t =  tflag;
1558 	}
1559 
1560 	tm = &ref_tm;	/* use a local variable and call localtime_r() */
1561 	ref_t = t;	/* keep a copy of the reference time */
1562 
1563 recalc:
1564 	fallback = 0;
1565 
1566 	(void) localtime_r(&t, tm);
1567 
1568 	if (daylight) {
1569 		tmp = *tm;
1570 		tmp.tm_isdst = (tm->tm_isdst > 0 ? 0 : 1);
1571 		t1 = xmktime(&tmp);
1572 		/*
1573 		 * see if we will have timezone switch over, and clock will
1574 		 * fall back. zone_start will hold the time when it happens
1575 		 * (ie time of PST -> PDT switch over).
1576 		 */
1577 		if (tm->tm_isdst != tmp.tm_isdst &&
1578 		    (t1 - t) == (timezone - altzone) &&
1579 		    tm_cmp(tm, &tmp)) {
1580 			zone_start = get_switching_time(tmp.tm_isdst, t);
1581 			fallback = 1;
1582 		}
1583 	}
1584 
1585 	tm_mon = next_ge(tm->tm_mon + 1, e->of.ct.month) - 1;	/* 0-11 */
1586 	tm_mday = next_ge(tm->tm_mday, e->of.ct.daymon);	/* 1-31 */
1587 	tm_wday = next_ge(tm->tm_wday, e->of.ct.dayweek);	/* 0-6	*/
1588 	today = TRUE;
1589 	if ((strcmp(e->of.ct.daymon, "*") == 0 && tm->tm_wday != tm_wday) ||
1590 	    (strcmp(e->of.ct.dayweek, "*") == 0 && tm->tm_mday != tm_mday) ||
1591 	    (tm->tm_mday != tm_mday && tm->tm_wday != tm_wday) ||
1592 	    (tm->tm_mon != tm_mon)) {
1593 		today = FALSE;
1594 	}
1595 	m = tm->tm_min + (t == ref_t ? 1 : 0);
1596 	if ((tm->tm_hour + 1) <= next_ge(tm->tm_hour, e->of.ct.hour)) {
1597 		m = 0;
1598 	}
1599 	min = next_ge(m%60, e->of.ct.minute);
1600 	carry = (min < m) ? 1 : 0;
1601 	h = tm->tm_hour + carry;
1602 	hr = next_ge(h%24, e->of.ct.hour);
1603 	carry = (hr < h) ? 1 : 0;
1604 
1605 	if (carry == 0 && today) {
1606 		/* this event must occur today */
1607 		tm_setup(&tmp, tm->tm_year, tm->tm_mon, tm->tm_mday,
1608 		    hr, min, tm->tm_isdst);
1609 		tmp1 = tmp;
1610 		if ((t1 = xmktime(&tmp1)) == (time_t)-1) {
1611 			return (0);
1612 		}
1613 		if (daylight && tmp.tm_isdst != tmp1.tm_isdst) {
1614 			/* In case we are falling back */
1615 			if (fallback) {
1616 				/* we may need to run the job once more. */
1617 				t = zone_start;
1618 				goto recalc;
1619 			}
1620 
1621 			/*
1622 			 * In case we are not in falling back period,
1623 			 * calculate the time assuming the DST. If the
1624 			 * date/time is not altered by mktime, it is the
1625 			 * time to execute the job.
1626 			 */
1627 			tmp2 = tmp;
1628 			tmp2.tm_isdst = tmp1.tm_isdst;
1629 			if ((t1 = xmktime(&tmp2)) == (time_t)-1) {
1630 				return (0);
1631 			}
1632 			if (tmp1.tm_isdst == tmp2.tm_isdst &&
1633 			    tm_cmp(&tmp, &tmp2)) {
1634 				/*
1635 				 * We got a valid time.
1636 				 */
1637 				return (t1);
1638 			} else {
1639 				/*
1640 				 * If the date does not match even if
1641 				 * we assume the alternate timezone, then
1642 				 * it must be the invalid time. eg
1643 				 * 2am while switching 1:59am to 3am.
1644 				 * t1 should point the time before the
1645 				 * switching over as we've calculate the
1646 				 * time with assuming alternate zone.
1647 				 */
1648 				if (tmp1.tm_isdst != tmp2.tm_isdst) {
1649 					t = get_switching_time(tmp1.tm_isdst,
1650 					    t1);
1651 				} else {
1652 					/* does this really happen? */
1653 					t = get_switching_time(tmp1.tm_isdst,
1654 					    t1 - abs(timezone - altzone));
1655 				}
1656 				if (t == (time_t)-1) {
1657 					return (0);
1658 				}
1659 			}
1660 			goto recalc;
1661 		}
1662 		if (tm_cmp(&tmp, &tmp1)) {
1663 			/* got valid time */
1664 			return (t1);
1665 		} else {
1666 			/*
1667 			 * This should never happen, but just in
1668 			 * case, we fall back to the old code.
1669 			 */
1670 			if (tm->tm_min > min) {
1671 				t += (time_t)(hr-tm->tm_hour-1) * HOUR +
1672 				    (time_t)(60-tm->tm_min + min) * MINUTE;
1673 			} else {
1674 				t += (time_t)(hr-tm->tm_hour) * HOUR +
1675 				    (time_t)(min-tm->tm_min) * MINUTE;
1676 			}
1677 			t1 = t;
1678 			t -= (time_t)tm->tm_sec;
1679 			(void) localtime_r(&t, &tmp);
1680 			if ((tm->tm_isdst == 0) && (tmp.tm_isdst > 0))
1681 				t -= (timezone - altzone);
1682 			return ((t <= ref_t) ? t1 : t);
1683 		}
1684 	}
1685 
1686 	/*
1687 	 * Job won't run today, however if we have a switch over within
1688 	 * one hour and we will have one hour time drifting back in this
1689 	 * period, we may need to run the job one more time if the job was
1690 	 * set to run on this hour of clock.
1691 	 */
1692 	if (fallback) {
1693 		t = zone_start;
1694 		goto recalc;
1695 	}
1696 
1697 	min = next_ge(0, e->of.ct.minute);
1698 	hr = next_ge(0, e->of.ct.hour);
1699 
1700 	/*
1701 	 * calculate the date of the next occurance of this event, which
1702 	 * will be on a different day than the current
1703 	 */
1704 
1705 	/* check monthly day specification	*/
1706 	d1 = tm->tm_mday + 1;
1707 	day1 = next_ge((d1-1)%days_in_mon(tm->tm_mon, tm->tm_year) + 1,
1708 	    e->of.ct.daymon);
1709 	carry1 = (day1 < d1) ? 1 : 0;
1710 
1711 	/* check weekly day specification	*/
1712 	d2 = tm->tm_wday + 1;
1713 	wday = next_ge(d2%7, e->of.ct.dayweek);
1714 	if (wday < d2)
1715 		daysahead = 7 - d2 + wday;
1716 	else
1717 		daysahead = wday - d2;
1718 	day2 = (d1 + daysahead-1)%days_in_mon(tm->tm_mon, tm->tm_year) + 1;
1719 	carry2 = (day2 < d1) ? 1 : 0;
1720 
1721 	/*
1722 	 *	based on their respective specifications, day1, and day2 give
1723 	 *	the day of the month for the next occurance of this event.
1724 	 */
1725 	if ((strcmp(e->of.ct.daymon, "*") == 0) &&
1726 	    (strcmp(e->of.ct.dayweek, "*") != 0)) {
1727 		day1 = day2;
1728 		carry1 = carry2;
1729 	}
1730 	if ((strcmp(e->of.ct.daymon, "*") != 0) &&
1731 	    (strcmp(e->of.ct.dayweek, "*") == 0)) {
1732 		day2 = day1;
1733 		carry2 = carry1;
1734 	}
1735 
1736 	yr = tm->tm_year;
1737 	if ((carry1 && carry2) || (tm->tm_mon != tm_mon)) {
1738 		/* event does not occur in this month	*/
1739 		m = tm->tm_mon + 1;
1740 		mon = next_ge(m%12 + 1, e->of.ct.month) - 1;	/* 0..11 */
1741 		carry = (mon < m) ? 1 : 0;
1742 		yr += carry;
1743 		/* recompute day1 and day2	*/
1744 		day1 = next_ge(1, e->of.ct.daymon);
1745 		db = days_btwn(tm->tm_mon, tm->tm_mday, tm->tm_year, mon,
1746 		    1, yr) + 1;
1747 		wd = (tm->tm_wday + db)%7;
1748 		/* wd is the day of the week of the first of month mon	*/
1749 		wday = next_ge(wd, e->of.ct.dayweek);
1750 		if (wday < wd)
1751 			day2 = 1 + 7 - wd + wday;
1752 		else
1753 			day2 = 1 + wday - wd;
1754 		if ((strcmp(e->of.ct.daymon, "*") != 0) &&
1755 		    (strcmp(e->of.ct.dayweek, "*") == 0))
1756 			day2 = day1;
1757 		if ((strcmp(e->of.ct.daymon, "*") == 0) &&
1758 		    (strcmp(e->of.ct.dayweek, "*") != 0))
1759 			day1 = day2;
1760 		day = (day1 < day2) ? day1 : day2;
1761 	} else {			/* event occurs in this month	*/
1762 		mon = tm->tm_mon;
1763 		if (!carry1 && !carry2)
1764 			day = (day1 < day2) ? day1 : day2;
1765 		else if (!carry1)
1766 			day = day1;
1767 		else
1768 			day = day2;
1769 	}
1770 
1771 	/*
1772 	 * now that we have the min, hr, day, mon, yr of the next event,
1773 	 * figure out what time that turns out to be.
1774 	 */
1775 	tm_setup(&tmp, yr, mon, day, hr, min, -1);
1776 	tmp2 = tmp;
1777 	if ((t1 = xmktime(&tmp2)) == (time_t)-1) {
1778 		return (0);
1779 	}
1780 	if (tm_cmp(&tmp, &tmp2)) {
1781 		/*
1782 		 * mktime returns clock for the current time zone. If the
1783 		 * target date was in fallback period, it needs to be adjusted
1784 		 * to the time comes first.
1785 		 * Suppose, we are at Jan and scheduling job at 1:30am10/26/03.
1786 		 * mktime returns the time in PST, but 1:30am in PDT comes
1787 		 * first. So reverse the tm_isdst, and see if we have such
1788 		 * time/date.
1789 		 */
1790 		if (daylight) {
1791 			int dst = tmp2.tm_isdst;
1792 
1793 			tmp2 = tmp;
1794 			tmp2.tm_isdst = (dst > 0 ? 0 : 1);
1795 			if ((t2 = xmktime(&tmp2)) == (time_t)-1) {
1796 				return (0);
1797 			}
1798 			if (tm_cmp(&tmp, &tmp2)) {
1799 				/*
1800 				 * same time/date found in the opposite zone.
1801 				 * check the clock to see which comes early.
1802 				 */
1803 				if (t2 > ref_t && t2 < t1) {
1804 					t1 = t2;
1805 				}
1806 			}
1807 		}
1808 		return (t1);
1809 	} else {
1810 		/*
1811 		 * mktime has set different time/date for the given date.
1812 		 * This means that the next job is scheduled to be run on the
1813 		 * invalid time. There are three possible invalid date/time.
1814 		 * 1. Non existing day of the month. such as April 31th.
1815 		 * 2. Feb 29th in the non-leap year.
1816 		 * 3. Time gap during the DST switch over.
1817 		 */
1818 		d1 = days_in_mon(mon, yr);
1819 		if ((mon != 1 && day > d1) || (mon == 1 && day > 29)) {
1820 			/*
1821 			 * see if we have got a specific date which
1822 			 * is invalid.
1823 			 */
1824 			if (strcmp(e->of.ct.dayweek, "*") == 0 &&
1825 			    mon == (next_ge((mon + 1)%12 + 1,
1826 			    e->of.ct.month) - 1) &&
1827 			    day <= next_ge(1, e->of.ct.daymon)) {
1828 				/* job never run */
1829 				return (0);
1830 			}
1831 			/*
1832 			 * Since the day has gone invalid, we need to go to
1833 			 * next month, and recalcuate the first occurrence.
1834 			 * eg the cron tab such as:
1835 			 * 0 0 1,15,31 1,2,3,4,5 * /usr/bin....
1836 			 * 2/31 is invalid, so the next job is 3/1.
1837 			 */
1838 			tmp2 = tmp;
1839 			tmp2.tm_min = 0;
1840 			tmp2.tm_hour = 0;
1841 			tmp2.tm_mday = 1; /* 1st day of the month */
1842 			if (mon == 11) {
1843 				tmp2.tm_mon = 0;
1844 				tmp2.tm_year = yr + 1;
1845 			} else {
1846 				tmp2.tm_mon = mon + 1;
1847 			}
1848 			if ((t = xmktime(&tmp2)) == (time_t)-1) {
1849 				return (0);
1850 			}
1851 		} else if (mon == 1 && day > d1) {
1852 			/*
1853 			 * ie 29th in the non-leap year. Forwarding the
1854 			 * clock to Feb 29th 00:00 (March 1st), and recalculate
1855 			 * the next time.
1856 			 */
1857 			tmp2 = tmp;
1858 			tmp2.tm_min = 0;
1859 			tmp2.tm_hour = 0;
1860 			if ((t = xmktime(&tmp2)) == (time_t)-1) {
1861 				return (0);
1862 			}
1863 		} else if (daylight) {
1864 			/*
1865 			 * Non existing time, eg 2am PST during summer time
1866 			 * switch.
1867 			 * We need to get the correct isdst which we are
1868 			 * swithing to, by adding time difference to make sure
1869 			 * that t2 is in the zone being switched.
1870 			 */
1871 			t2 = t1;
1872 			t2 += abs(timezone - altzone);
1873 			(void) localtime_r(&t2, &tmp2);
1874 			zone_start = get_switching_time(tmp2.tm_isdst,
1875 			    t1 - abs(timezone - altzone));
1876 			if (zone_start == (time_t)-1) {
1877 				return (0);
1878 			}
1879 			t = zone_start;
1880 		} else {
1881 			/*
1882 			 * This should never happen, but fall back to the
1883 			 * old code.
1884 			 */
1885 			days = days_btwn(tm->tm_mon,
1886 			    tm->tm_mday, tm->tm_year, mon, day, yr);
1887 			t += (time_t)(23-tm->tm_hour)*HOUR
1888 			    + (time_t)(60-tm->tm_min)*MINUTE
1889 			    + (time_t)hr*HOUR + (time_t)min*MINUTE
1890 			    + (time_t)days*DAY;
1891 			t1 = t;
1892 			t -= (time_t)tm->tm_sec;
1893 			(void) localtime_r(&t, &tmp);
1894 			if ((tm->tm_isdst == 0) && (tmp.tm_isdst > 0))
1895 				t -= (timezone - altzone);
1896 			return (t <= ref_t ? t1 : t);
1897 		}
1898 		goto recalc;
1899 	}
1900 	/*NOTREACHED*/
1901 }
1902 
1903 static time_t
1904 next_time(struct event *e, time_t tflag)
1905 {
1906 	if (e->of.ct.tz != NULL) {
1907 		time_t ret;
1908 
1909 		(void) putenv((char *)get_obj(e->of.ct.tz));
1910 		tzset();
1911 		ret = tz_next_time(e, tflag);
1912 		(void) putenv(tzone);
1913 		tzset();
1914 		return (ret);
1915 	} else {
1916 		return (tz_next_time(e, tflag));
1917 	}
1918 }
1919 
1920 /*
1921  * This returns TOD in time_t that zone switch will happen, and this
1922  * will be called when clock fallback is about to happen.
1923  * (ie 30minutes before the time of PST -> PDT switch. 2:00 AM PST
1924  * will fall back to 1:00 PDT. So this function will be called only
1925  * for the time between 1:00 AM PST and 2:00 PST(1:00 PST)).
1926  * First goes through the common time differences to see if zone
1927  * switch happens at those minutes later. If not, check every minutes
1928  * until 6 hours ahead see if it happens(We might have 45minutes
1929  * fallback).
1930  */
1931 static time_t
1932 get_switching_time(int to_dst, time_t t_ref)
1933 {
1934 	time_t t, t1;
1935 	struct tm tmp, tmp1;
1936 	int hints[] = { 60, 120, 30, 90, 0}; /* minutes */
1937 	int i;
1938 
1939 	(void) localtime_r(&t_ref, &tmp);
1940 	tmp1 = tmp;
1941 	tmp1.tm_sec = 0;
1942 	tmp1.tm_min = 0;
1943 	if ((t = xmktime(&tmp1)) == (time_t)-1)
1944 		return ((time_t)-1);
1945 
1946 	/* fast path */
1947 	for (i = 0; hints[i] != 0; i++) {
1948 		t1 = t + hints[i] * 60;
1949 		(void) localtime_r(&t1, &tmp1);
1950 		if (tmp1.tm_isdst == to_dst) {
1951 			t1--;
1952 			(void) localtime_r(&t1, &tmp1);
1953 			if (tmp1.tm_isdst != to_dst) {
1954 				return (t1 + 1);
1955 			}
1956 		}
1957 	}
1958 
1959 	/* ugly, but don't know other than this. */
1960 	tmp1 = tmp;
1961 	tmp1.tm_sec = 0;
1962 	if ((t = xmktime(&tmp1)) == (time_t)-1)
1963 		return ((time_t)-1);
1964 	while (t < (t_ref + 6*60*60)) { /* 6 hours should be enough */
1965 		t += 60; /* at least one minute, I assume */
1966 		(void) localtime_r(&t, &tmp);
1967 		if (tmp.tm_isdst == to_dst)
1968 			return (t);
1969 	}
1970 	return ((time_t)-1);
1971 }
1972 
1973 static time_t
1974 xmktime(struct tm *tmp)
1975 {
1976 	time_t ret;
1977 
1978 	if ((ret = mktime(tmp)) == (time_t)-1) {
1979 		if (errno == EOVERFLOW) {
1980 			return ((time_t)-1);
1981 		}
1982 		crabort("internal error: mktime failed",
1983 		    REMOVE_FIFO|CONSOLE_MSG);
1984 	}
1985 	return (ret);
1986 }
1987 
1988 #define	DUMMY	100
1989 
1990 static int
1991 next_ge(int current, char *list)
1992 {
1993 	/*
1994 	 * list is a character field as in a crontab file;
1995 	 * for example: "40, 20, 50-10"
1996 	 * next_ge returns the next number in the list that is
1997 	 * greater than  or equal to current. if no numbers of list
1998 	 * are >= current, the smallest element of list is returned.
1999 	 * NOTE: current must be in the appropriate range.
2000 	 */
2001 
2002 	char *ptr;
2003 	int n, n2, min, min_gt;
2004 
2005 	if (strcmp(list, "*") == 0)
2006 		return (current);
2007 	ptr = list;
2008 	min = DUMMY;
2009 	min_gt = DUMMY;
2010 	for (;;) {
2011 		if ((n = (int)num(&ptr)) == current)
2012 			return (current);
2013 		if (n < min)
2014 			min = n;
2015 		if ((n > current) && (n < min_gt))
2016 			min_gt = n;
2017 		if (*ptr == '-') {
2018 			ptr++;
2019 			if ((n2 = (int)num(&ptr)) > n) {
2020 				if ((current > n) && (current <= n2))
2021 					return (current);
2022 			} else {	/* range that wraps around */
2023 				if (current > n)
2024 					return (current);
2025 				if (current <= n2)
2026 					return (current);
2027 			}
2028 		}
2029 		if (*ptr == '\0')
2030 			break;
2031 		ptr += 1;
2032 	}
2033 	if (min_gt != DUMMY)
2034 		return (min_gt);
2035 	else
2036 		return (min);
2037 }
2038 
2039 static void
2040 free_if_unused(struct usr *u)
2041 {
2042 	struct usr *cur, *prev;
2043 	/*
2044 	 *	To make sure a usr structure is idle we must check that
2045 	 *	there are no at jobs queued for the user; the user does
2046 	 *	not have a crontab, and also that there are no running at
2047 	 *	or cron jobs (since the runinfo structure also has a
2048 	 *	pointer to the usr structure).
2049 	 */
2050 	if (!u->ctexists && u->atevents == NULL &&
2051 	    u->cruncnt == 0 && u->aruncnt == 0) {
2052 #ifdef DEBUG
2053 		(void) fprintf(stderr, "%s removed from usr list\n", u->name);
2054 #endif
2055 		for (cur = uhead, prev = NULL;
2056 		    cur != u;
2057 		    prev = cur, cur = cur->nextusr) {
2058 			if (cur == NULL) {
2059 				return;
2060 			}
2061 		}
2062 
2063 		if (prev == NULL)
2064 			uhead = u->nextusr;
2065 		else
2066 			prev->nextusr = u->nextusr;
2067 		free(u->name);
2068 		free(u->home);
2069 		free(u);
2070 	}
2071 }
2072 
2073 static void
2074 del_atjob(char *name, char *usrname)
2075 {
2076 
2077 	struct	event	*e, *eprev;
2078 	struct	usr	*u;
2079 
2080 	if ((u = find_usr(usrname)) == NULL)
2081 		return;
2082 	e = u->atevents;
2083 	eprev = NULL;
2084 	while (e != NULL) {
2085 		if (strcmp(name, e->cmd) == 0) {
2086 			if (next_event == e)
2087 				next_event = NULL;
2088 			if (eprev == NULL)
2089 				u->atevents = e->link;
2090 			else
2091 				eprev->link = e->link;
2092 			el_remove(e->of.at.eventid, 1);
2093 			free(e->cmd);
2094 			free(e);
2095 			break;
2096 		} else {
2097 			eprev = e;
2098 			e = e->link;
2099 		}
2100 	}
2101 
2102 	free_if_unused(u);
2103 }
2104 
2105 static void
2106 del_ctab(char *name)
2107 {
2108 
2109 	struct	usr *u;
2110 
2111 	if ((u = find_usr(name)) == NULL)
2112 		return;
2113 	rm_ctevents(u);
2114 	el_remove(u->ctid, 0);
2115 	u->ctid = 0;
2116 	u->ctexists = 0;
2117 
2118 	free_if_unused(u);
2119 }
2120 
2121 static void
2122 rm_ctevents(struct usr *u)
2123 {
2124 	struct event *e2, *e3;
2125 
2126 	/*
2127 	 * see if the next event (to be run by cron) is a cronevent
2128 	 * owned by this user.
2129 	 */
2130 
2131 	if ((next_event != NULL) &&
2132 	    (next_event->etype == CRONEVENT) &&
2133 	    (next_event->u == u)) {
2134 		next_event = NULL;
2135 	}
2136 	e2 = u->ctevents;
2137 	while (e2 != NULL) {
2138 		free(e2->cmd);
2139 		rel_shared(e2->of.ct.tz);
2140 		rel_shared(e2->of.ct.shell);
2141 		rel_shared(e2->of.ct.home);
2142 		free(e2->of.ct.minute);
2143 		free(e2->of.ct.hour);
2144 		free(e2->of.ct.daymon);
2145 		free(e2->of.ct.month);
2146 		free(e2->of.ct.dayweek);
2147 		if (e2->of.ct.input != NULL)
2148 			free(e2->of.ct.input);
2149 		e3 = e2->link;
2150 		free(e2);
2151 		e2 = e3;
2152 	}
2153 	u->ctevents = NULL;
2154 }
2155 
2156 
2157 static struct usr *
2158 find_usr(char *uname)
2159 {
2160 	struct usr *u;
2161 
2162 	u = uhead;
2163 	while (u != NULL) {
2164 		if (strcmp(u->name, uname) == 0)
2165 			return (u);
2166 		u = u->nextusr;
2167 	}
2168 	return (NULL);
2169 }
2170 
2171 /*
2172  * Execute cron command or at/batch job.
2173  * If ever a premature return is added to this function pay attention to
2174  * free at_cmdfile and outfile plus jobname buffers of the runinfo structure.
2175  */
2176 static int
2177 ex(struct event *e)
2178 {
2179 	int r;
2180 	int fd;
2181 	pid_t rfork;
2182 	FILE *atcmdfp;
2183 	char mailvar[4];
2184 	char *at_cmdfile = NULL;
2185 	struct stat buf;
2186 	struct queue *qp;
2187 	struct runinfo *rp;
2188 	struct project proj, *pproj = NULL;
2189 	union {
2190 		struct {
2191 			char buf[PROJECT_BUFSZ];
2192 			char buf2[PROJECT_BUFSZ];
2193 		} p;
2194 		char error[CANT_STR_LEN + PATH_MAX];
2195 	} bufs;
2196 	char *tmpfile;
2197 	FILE *fptr;
2198 	time_t dhltime;
2199 	projid_t projid;
2200 	int projflag = 0;
2201 	char *home;
2202 	char *sh;
2203 
2204 	qp = &qt[e->etype];	/* set pointer to queue defs */
2205 	if (qp->nrun >= qp->njob) {
2206 		msg("%c queue max run limit reached", e->etype + 'a');
2207 		resched(qp->nwait);
2208 		return (0);
2209 	}
2210 
2211 	rp = rinfo_get(0); /* allocating a new runinfo struct */
2212 
2213 	/*
2214 	 * the tempnam() function uses malloc(3C) to allocate space for the
2215 	 * constructed file name, and returns a pointer to this area, which
2216 	 * is assigned to rp->outfile. Here rp->outfile is not overwritten.
2217 	 */
2218 
2219 	rp->outfile = tempnam(TMPDIR, PFX);
2220 	rp->jobtype = e->etype;
2221 	if (e->etype == CRONEVENT) {
2222 		rp->jobname = xmalloc(strlen(e->cmd) + 1);
2223 		(void) strcpy(rp->jobname, e->cmd);
2224 		/* "cron" jobs only produce mail if there's output */
2225 		rp->mailwhendone = 0;
2226 	} else {
2227 		at_cmdfile = xmalloc(strlen(ATDIR) + strlen(e->cmd) + 2);
2228 		(void) sprintf(at_cmdfile, "%s/%s", ATDIR, e->cmd);
2229 		if ((atcmdfp = fopen(at_cmdfile, "r")) == NULL) {
2230 			if (errno == ENAMETOOLONG) {
2231 				if (chdir(ATDIR) == 0)
2232 					cron_unlink(e->cmd);
2233 			} else {
2234 				cron_unlink(at_cmdfile);
2235 			}
2236 			mail((e->u)->name, BADJOBOPEN, ERR_CANTEXECAT);
2237 			free(at_cmdfile);
2238 			rinfo_free(rp);
2239 			return (0);
2240 		}
2241 		rp->jobname = xmalloc(strlen(at_cmdfile) + 1);
2242 		(void) strcpy(rp->jobname, at_cmdfile);
2243 
2244 		/*
2245 		 * Skip over the first two lines.
2246 		 */
2247 		(void) fscanf(atcmdfp, "%*[^\n]\n");
2248 		(void) fscanf(atcmdfp, "%*[^\n]\n");
2249 		if (fscanf(atcmdfp, ": notify by mail: %3s%*[^\n]\n",
2250 		    mailvar) == 1) {
2251 			/*
2252 			 * Check to see if we should always send mail
2253 			 * to the owner.
2254 			 */
2255 			rp->mailwhendone = (strcmp(mailvar, "yes") == 0);
2256 		} else {
2257 			rp->mailwhendone = 0;
2258 		}
2259 
2260 		if (fscanf(atcmdfp, "\n: project: %d\n", &projid) == 1) {
2261 			projflag = 1;
2262 		}
2263 		(void) fclose(atcmdfp);
2264 	}
2265 
2266 	/*
2267 	 * we make sure that the system time
2268 	 * hasn't drifted backwards. if it has, el_add() is now
2269 	 * called, to make sure that the event queue is back in order,
2270 	 * and we set the delayed flag. cron will pick up the request
2271 	 * later on at the proper time.
2272 	 */
2273 	dhltime = time(NULL);
2274 	if ((dhltime - e->time) < 0) {
2275 		msg("clock time drifted backwards!\n");
2276 		if (next_event->etype == CRONEVENT) {
2277 			msg("correcting cron event\n");
2278 			next_event->time = next_time(next_event, dhltime);
2279 			switch (el_add(next_event, next_event->time,
2280 			    (next_event->u)->ctid)) {
2281 			case -1:
2282 				ignore_msg("ex", "cron", next_event);
2283 				break;
2284 			case -2: /* event time lower than init time */
2285 				reset_needed = 1;
2286 				break;
2287 			}
2288 		} else { /* etype == ATEVENT */
2289 			msg("correcting batch event\n");
2290 			if (el_add(next_event, next_event->time,
2291 			    next_event->of.at.eventid) < 0) {
2292 				ignore_msg("ex", "at", next_event);
2293 			}
2294 		}
2295 		delayed++;
2296 		t_old = time(NULL);
2297 		free(at_cmdfile);
2298 		rinfo_free(rp);
2299 		return (0);
2300 	}
2301 
2302 	if ((rfork = fork()) == (pid_t)-1) {
2303 		reap_child();
2304 		if ((rfork = fork()) == (pid_t)-1) {
2305 			msg("cannot fork");
2306 			free(at_cmdfile);
2307 			rinfo_free(rp);
2308 			resched(60);
2309 			(void) sleep(30);
2310 			return (0);
2311 		}
2312 	}
2313 	if (rfork) {		/* parent process */
2314 		contract_abandon_latest(rfork);
2315 
2316 		++qp->nrun;
2317 		rp->pid = rfork;
2318 		rp->que = e->etype;
2319 		if (e->etype != CRONEVENT)
2320 			(e->u)->aruncnt++;
2321 		else
2322 			(e->u)->cruncnt++;
2323 		rp->rusr = (e->u);
2324 		logit(BCHAR, rp, 0);
2325 		free(at_cmdfile);
2326 
2327 		return (0);
2328 	}
2329 
2330 	child_sigreset();
2331 	contract_clear_template();
2332 
2333 	if (e->etype != CRONEVENT) {
2334 		/* open jobfile as stdin to shell */
2335 		if (stat(at_cmdfile, &buf)) {
2336 			if (errno == ENAMETOOLONG) {
2337 				if (chdir(ATDIR) == 0)
2338 					cron_unlink(e->cmd);
2339 			} else
2340 				cron_unlink(at_cmdfile);
2341 			mail((e->u)->name, BADJOBOPEN, ERR_CANTEXECCRON);
2342 			exit(1);
2343 		}
2344 		if (!(buf.st_mode&ISUID)) {
2345 			/*
2346 			 * if setuid bit off, original owner has
2347 			 * given this file to someone else
2348 			 */
2349 			cron_unlink(at_cmdfile);
2350 			exit(1);
2351 		}
2352 		if ((fd = open(at_cmdfile, O_RDONLY)) == -1) {
2353 			mail((e->u)->name, BADJOBOPEN, ERR_CANTEXECCRON);
2354 			cron_unlink(at_cmdfile);
2355 			exit(1);
2356 		}
2357 		if (fd != 0) {
2358 			(void) dup2(fd, 0);
2359 			(void) close(fd);
2360 		}
2361 		/*
2362 		 * retrieve the project id of the at job and convert it
2363 		 * to a project name.  fail if it's not a valid project
2364 		 * or if the user isn't a member of the project.
2365 		 */
2366 		if (projflag == 1) {
2367 			if ((pproj = getprojbyid(projid, &proj,
2368 			    (void *)&bufs.p.buf,
2369 			    sizeof (bufs.p.buf))) == NULL ||
2370 			    !inproj(e->u->name, pproj->pj_name,
2371 			    bufs.p.buf2, sizeof (bufs.p.buf2))) {
2372 				cron_unlink(at_cmdfile);
2373 				mail((e->u)->name, BADPROJID, ERR_CANTEXECAT);
2374 				exit(1);
2375 			}
2376 		}
2377 	}
2378 
2379 	/*
2380 	 * Put process in a new session, and create a new task.
2381 	 */
2382 	if (setsid() < 0) {
2383 		msg("setsid failed with errno = %d. job failed (%s)"
2384 		    " for user %s", errno, e->cmd, e->u->name);
2385 		if (e->etype != CRONEVENT)
2386 			cron_unlink(at_cmdfile);
2387 		exit(1);
2388 	}
2389 
2390 	/*
2391 	 * set correct user identification and check his account
2392 	 */
2393 	r = set_user_cred(e->u, pproj);
2394 	if (r == VUC_EXPIRED) {
2395 		msg("user (%s) account is expired", e->u->name);
2396 		audit_cron_user_acct_expired(e->u->name);
2397 		clean_out_user(e->u);
2398 		exit(1);
2399 	}
2400 	if (r == VUC_NEW_AUTH) {
2401 		msg("user (%s) password has expired", e->u->name);
2402 		audit_cron_user_acct_expired(e->u->name);
2403 		clean_out_user(e->u);
2404 		exit(1);
2405 	}
2406 	if (r != VUC_OK) {
2407 		msg("bad user (%s)", e->u->name);
2408 		audit_cron_bad_user(e->u->name);
2409 		clean_out_user(e->u);
2410 		exit(1);
2411 	}
2412 	/*
2413 	 * check user and initialize the supplementary group access list.
2414 	 * bugid 1230784: deleted from parent to avoid cron hang. Now
2415 	 * only child handles the call.
2416 	 */
2417 
2418 	if (verify_user_cred(e->u) != VUC_OK ||
2419 	    setgid(e->u->gid) == -1 ||
2420 	    initgroups(e->u->name, e->u->gid) == -1) {
2421 		msg("bad user (%s) or setgid failed (%s)",
2422 		    e->u->name, e->u->name);
2423 		audit_cron_bad_user(e->u->name);
2424 		clean_out_user(e->u);
2425 		exit(1);
2426 	}
2427 
2428 	if ((e->u)->uid == 0) { /* set default path */
2429 		/* path settable in defaults file */
2430 		envinit[2] = supath;
2431 	} else {
2432 		envinit[2] = path;
2433 	}
2434 
2435 	if (e->etype != CRONEVENT) {
2436 		r = audit_cron_session(e->u->name, NULL,
2437 		    e->u->uid, e->u->gid, at_cmdfile);
2438 		cron_unlink(at_cmdfile);
2439 	} else {
2440 		r = audit_cron_session(e->u->name, CRONDIR,
2441 		    e->u->uid, e->u->gid, NULL);
2442 	}
2443 	if (r != 0) {
2444 		msg("cron audit problem. job failed (%s) for user %s",
2445 		    e->cmd, e->u->name);
2446 		exit(1);
2447 	}
2448 
2449 	audit_cron_new_job(e->cmd, e->etype, (void *)e);
2450 
2451 	if (setuid(e->u->uid) == -1)  {
2452 		msg("setuid failed (%s)", e->u->name);
2453 		clean_out_user(e->u);
2454 		exit(1);
2455 	}
2456 
2457 	if (e->etype == CRONEVENT) {
2458 		/* check for standard input to command	*/
2459 		if (e->of.ct.input != NULL) {
2460 			if ((tmpfile = strdup(TMPINFILE)) == NULL) {
2461 				mail((e->u)->name, MALLOCERR,
2462 				    ERR_CANTEXECCRON);
2463 				exit(1);
2464 			}
2465 			if ((fd = mkstemp(tmpfile)) == -1 ||
2466 			    (fptr = fdopen(fd, "w")) == NULL) {
2467 				mail((e->u)->name, NOSTDIN,
2468 				    ERR_CANTEXECCRON);
2469 				cron_unlink(tmpfile);
2470 				free(tmpfile);
2471 				exit(1);
2472 			}
2473 			if ((fwrite(e->of.ct.input, sizeof (char),
2474 			    strlen(e->of.ct.input), fptr)) !=
2475 			    strlen(e->of.ct.input)) {
2476 				mail((e->u)->name, NOSTDIN, ERR_CANTEXECCRON);
2477 				cron_unlink(tmpfile);
2478 				free(tmpfile);
2479 				(void) close(fd);
2480 				(void) fclose(fptr);
2481 				exit(1);
2482 			}
2483 			if (fseek(fptr, (off_t)0, SEEK_SET) != -1) {
2484 				if (fd != 0) {
2485 					(void) dup2(fd, 0);
2486 					(void) close(fd);
2487 				}
2488 			}
2489 			cron_unlink(tmpfile);
2490 			free(tmpfile);
2491 			(void) fclose(fptr);
2492 		} else if ((fd = open("/dev/null", O_RDONLY)) > 0) {
2493 			(void) dup2(fd, 0);
2494 			(void) close(fd);
2495 		}
2496 	}
2497 
2498 	/* redirect stdout and stderr for the shell	*/
2499 	if ((fd = open(rp->outfile, O_WRONLY|O_CREAT|O_EXCL, OUTMODE)) == 1)
2500 		fd = open("/dev/null", O_WRONLY);
2501 
2502 	if (fd >= 0 && fd != 1)
2503 		(void) dup2(fd, 1);
2504 
2505 	if (fd >= 0 && fd != 2) {
2506 		(void) dup2(fd, 2);
2507 		if (fd != 1)
2508 			(void) close(fd);
2509 	}
2510 
2511 	if (e->etype == CRONEVENT && e->of.ct.home != NULL) {
2512 		home = (char *)get_obj(e->of.ct.home);
2513 	} else {
2514 		home = (e->u)->home;
2515 	}
2516 	(void) strlcat(homedir, home, sizeof (homedir));
2517 	(void) strlcat(logname, (e->u)->name, sizeof (logname));
2518 	environ = envinit;
2519 	if (chdir(home) == -1) {
2520 		snprintf(bufs.error, sizeof (bufs.error), CANTCDHOME, home);
2521 		mail((e->u)->name, bufs.error,
2522 		    e->etype == CRONEVENT ? ERR_CANTEXECCRON :
2523 		    ERR_CANTEXECAT);
2524 		exit(1);
2525 	}
2526 #ifdef TESTING
2527 	exit(1);
2528 #endif
2529 	/*
2530 	 * make sure that all file descriptors EXCEPT 0, 1 and 2
2531 	 * will be closed.
2532 	 */
2533 	closefrom(3);
2534 
2535 	if ((e->u)->uid != 0)
2536 		(void) nice(qp->nice);
2537 	if (e->etype == CRONEVENT) {
2538 		if (e->of.ct.tz) {
2539 			(void) putenv((char *)get_obj(e->of.ct.tz));
2540 		}
2541 		if (e->of.ct.shell) {
2542 			char *name;
2543 
2544 			sh = (char *)get_obj(e->of.ct.shell);
2545 			name = strrchr(sh, '/');
2546 			if (name == NULL)
2547 				name = sh;
2548 			else
2549 				name++;
2550 
2551 			(void) putenv(sh);
2552 			sh += strlen(ENV_SHELL);
2553 			(void) execl(sh, name, "-c", e->cmd, 0);
2554 		} else {
2555 			(void) execl(SHELL, "sh", "-c", e->cmd, 0);
2556 			sh = SHELL;
2557 		}
2558 	} else {		/* type == ATEVENT */
2559 		(void) execl(SHELL, "sh", 0);
2560 		sh = SHELL;
2561 	}
2562 	snprintf(bufs.error, sizeof (bufs.error), CANTEXECSH, sh);
2563 	mail((e->u)->name, bufs.error,
2564 	    e->etype == CRONEVENT ? ERR_CANTEXECCRON : ERR_CANTEXECAT);
2565 	exit(1);
2566 	/*NOTREACHED*/
2567 }
2568 
2569 /*
2570  * Main idle loop.
2571  * When timed out to run the job, return 0.
2572  * If for some reasons we need to reschedule jobs, return 1.
2573  */
2574 static int
2575 idle(long t)
2576 {
2577 	time_t	now;
2578 
2579 	refresh = 0;
2580 
2581 	while (t > 0L) {
2582 		if (msg_wait(t) != 0) {
2583 			/* we need to run next job immediately */
2584 			return (0);
2585 		}
2586 
2587 		reap_child();
2588 
2589 		if (refresh) {
2590 			/* We got THAW or REFRESH message  */
2591 			return (1);
2592 		}
2593 
2594 		now = time(NULL);
2595 		if (last_time > now) {
2596 			/* clock has been reset to backward */
2597 			return (1);
2598 		}
2599 
2600 		if (next_event == NULL && !el_empty()) {
2601 			next_event = (struct event *)el_first();
2602 		}
2603 
2604 		if (next_event == NULL)
2605 			t = INFINITY;
2606 		else
2607 			t = (long)next_event->time - now;
2608 	}
2609 	return (0);
2610 }
2611 
2612 /*
2613  * This used to be in the idle(), but moved to the separate function.
2614  * This called from various place when cron needs to reap the
2615  * child. It includes the situation that cron hit maxrun, and needs
2616  * to reschedule the job.
2617  */
2618 static void
2619 reap_child()
2620 {
2621 	pid_t	pid;
2622 	int	prc;
2623 	struct	runinfo	*rp;
2624 
2625 	for (;;) {
2626 		pid = waitpid((pid_t)-1, &prc, WNOHANG);
2627 		if (pid <= 0)
2628 			break;
2629 #ifdef DEBUG
2630 		fprintf(stderr,
2631 		    "wait returned %x for process %d\n", prc, pid);
2632 #endif
2633 		if ((rp = rinfo_get(pid)) == NULL) {
2634 			if (miscpid_delete(pid) == 0) {
2635 				/* not found in anywhere */
2636 				msg(PIDERR, pid);
2637 			}
2638 		} else if (rp->que == ZOMB) {
2639 			(void) unlink(rp->outfile);
2640 			rinfo_free(rp);
2641 		} else {
2642 			cleanup(rp, prc);
2643 		}
2644 	}
2645 }
2646 
2647 static void
2648 cleanup(struct runinfo *pr, int rc)
2649 {
2650 	int	nextfork = 1;
2651 	struct	usr	*p;
2652 	struct	stat	buf;
2653 
2654 	logit(ECHAR, pr, rc);
2655 	--qt[pr->que].nrun;
2656 	p = pr->rusr;
2657 	if (pr->que != CRONEVENT)
2658 		--p->aruncnt;
2659 	else
2660 		--p->cruncnt;
2661 
2662 	if (lstat(pr->outfile, &buf) == 0) {
2663 		if (!S_ISLNK(buf.st_mode) &&
2664 		    (buf.st_size > 0 || pr->mailwhendone)) {
2665 			/* mail user stdout and stderr */
2666 			for (;;) {
2667 				if ((pr->pid = fork()) < 0) {
2668 					/*
2669 					 * if fork fails try forever in doubling
2670 					 * retry times, up to 16 seconds
2671 					 */
2672 					(void) sleep(nextfork);
2673 					if (nextfork < 16)
2674 						nextfork += nextfork;
2675 					continue;
2676 				} else if (pr->pid == 0) {
2677 					child_sigreset();
2678 					contract_clear_template();
2679 
2680 					mail_result(p, pr, buf.st_size);
2681 					/* NOTREACHED */
2682 				} else {
2683 					contract_abandon_latest(pr->pid);
2684 					pr->que = ZOMB;
2685 					break;
2686 				}
2687 			}
2688 		} else {
2689 			(void) unlink(pr->outfile);
2690 			rinfo_free(pr);
2691 		}
2692 	} else {
2693 		rinfo_free(pr);
2694 	}
2695 
2696 	free_if_unused(p);
2697 }
2698 
2699 /*
2700  * Mail stdout and stderr of a job to user. Get uid for real user and become
2701  * that person. We do this so that mail won't come from root since this
2702  * could be a security hole. If failure, quit - don't send mail as root.
2703  */
2704 static void
2705 mail_result(struct usr *p, struct runinfo *pr, size_t filesize)
2706 {
2707 	struct	passwd	*ruser_ids;
2708 	FILE	*mailpipe;
2709 	FILE	*st;
2710 	struct utsname	name;
2711 	int	nbytes;
2712 	char	iobuf[BUFSIZ];
2713 	char	*cmd;
2714 
2715 	(void) uname(&name);
2716 	if ((ruser_ids = getpwnam(p->name)) == NULL)
2717 		exit(0);
2718 	(void) setuid(ruser_ids->pw_uid);
2719 
2720 	cmd = xmalloc(strlen(MAIL) + strlen(p->name)+2);
2721 	(void) sprintf(cmd, "%s %s", MAIL, p->name);
2722 	mailpipe = popen(cmd, "w");
2723 	free(cmd);
2724 	if (mailpipe == NULL)
2725 		exit(127);
2726 	(void) fprintf(mailpipe, "To: %s\n", p->name);
2727 	if (pr->jobtype == CRONEVENT) {
2728 		(void) fprintf(mailpipe, CRONOUT);
2729 		(void) fprintf(mailpipe, "Your \"cron\" job on %s\n",
2730 		    name.nodename);
2731 		if (pr->jobname != NULL) {
2732 			(void) fprintf(mailpipe, "%s\n\n", pr->jobname);
2733 		}
2734 	} else {
2735 		(void) fprintf(mailpipe, "Subject: Output from \"at\" job\n\n");
2736 		(void) fprintf(mailpipe, "Your \"at\" job on %s\n",
2737 		    name.nodename);
2738 		if (pr->jobname != NULL) {
2739 			(void) fprintf(mailpipe, "\"%s\"\n\n", pr->jobname);
2740 		}
2741 	}
2742 	/* Tmp. file is fopen'ed w/ "r",  secure open */
2743 	if (filesize > 0 &&
2744 	    (st = fopen(pr->outfile, "r")) != NULL) {
2745 		(void) fprintf(mailpipe,
2746 		    "produced the following output:\n\n");
2747 		while ((nbytes = fread(iobuf, sizeof (char), BUFSIZ, st)) != 0)
2748 			(void) fwrite(iobuf, sizeof (char), nbytes, mailpipe);
2749 		(void) fclose(st);
2750 	} else {
2751 		(void) fprintf(mailpipe, "completed.\n");
2752 	}
2753 	(void) pclose(mailpipe);
2754 	exit(0);
2755 }
2756 
2757 static int
2758 msg_wait(long tim)
2759 {
2760 	struct	message	msg;
2761 	int	cnt;
2762 	time_t	reftime;
2763 	fd_set	fds;
2764 	struct timespec tout, *toutp;
2765 	static int	pending_msg;
2766 	static time_t	pending_reftime;
2767 
2768 	if (pending_msg) {
2769 		process_msg(&msgbuf, pending_reftime);
2770 		pending_msg = 0;
2771 		return (0);
2772 	}
2773 
2774 	FD_ZERO(&fds);
2775 	FD_SET(msgfd, &fds);
2776 
2777 	toutp = NULL;
2778 	if (tim != INFINITY) {
2779 #ifdef CRON_MAXSLEEP
2780 		/*
2781 		 * CRON_MAXSLEEP can be defined to have cron periodically wake
2782 		 * up, so that cron can detect a change of TOD and adjust the
2783 		 * sleep time more frequently.
2784 		 */
2785 		tim = (tim > CRON_MAXSLEEP) ? CRON_MAXSLEEP : tim;
2786 #endif
2787 		tout.tv_nsec = 0;
2788 		tout.tv_sec = tim;
2789 		toutp = &tout;
2790 	}
2791 
2792 	cnt = pselect(msgfd + 1, &fds, NULL, NULL, toutp, &defmask);
2793 	if (cnt == -1 && errno != EINTR)
2794 		perror("! pselect");
2795 
2796 	/* pselect timeout or interrupted */
2797 	if (cnt <= 0)
2798 		return (0);
2799 
2800 	errno = 0;
2801 	if ((cnt = read(msgfd, &msg, sizeof (msg))) != sizeof (msg)) {
2802 		if (cnt != -1 || errno != EAGAIN)
2803 			perror("! read");
2804 		return (0);
2805 	}
2806 	reftime = time(NULL);
2807 	if (next_event != NULL && reftime >= next_event->time) {
2808 		/*
2809 		 * we need to run the job before reloading crontab.
2810 		 */
2811 		(void) memcpy(&msgbuf, &msg, sizeof (msg));
2812 		pending_msg = 1;
2813 		pending_reftime = reftime;
2814 		return (1);
2815 	}
2816 	process_msg(&msg, reftime);
2817 	return (0);
2818 }
2819 
2820 /*
2821  * process the message supplied via pipe. This will be called either
2822  * immediately after cron read the message from pipe, or idle time
2823  * if the message was pending due to the job execution.
2824  */
2825 static void
2826 process_msg(struct message *pmsg, time_t reftime)
2827 {
2828 	if (pmsg->etype == NULL)
2829 		return;
2830 
2831 	switch (pmsg->etype) {
2832 	case AT:
2833 		if (pmsg->action == DELETE)
2834 			del_atjob(pmsg->fname, pmsg->logname);
2835 		else
2836 			mod_atjob(pmsg->fname, (time_t)0);
2837 		break;
2838 	case CRON:
2839 		if (pmsg->action == DELETE)
2840 			del_ctab(pmsg->fname);
2841 		else
2842 			mod_ctab(pmsg->fname, reftime);
2843 		break;
2844 	case REFRESH:
2845 		refresh = 1;
2846 		pmsg->etype = 0;
2847 		return;
2848 	default:
2849 		msg("message received - bad format");
2850 		break;
2851 	}
2852 	if (next_event != NULL) {
2853 		if (next_event->etype == CRONEVENT) {
2854 			switch (el_add(next_event, next_event->time,
2855 			    (next_event->u)->ctid)) {
2856 			case -1:
2857 				ignore_msg("process_msg", "cron", next_event);
2858 				break;
2859 			case -2: /* event time lower than init time */
2860 				reset_needed = 1;
2861 				break;
2862 			}
2863 		} else { /* etype == ATEVENT */
2864 			if (el_add(next_event, next_event->time,
2865 			    next_event->of.at.eventid) < 0) {
2866 				ignore_msg("process_msg", "at", next_event);
2867 			}
2868 		}
2869 		next_event = NULL;
2870 	}
2871 	(void) fflush(stdout);
2872 	pmsg->etype = 0;
2873 }
2874 
2875 /*
2876  * Allocate a new or find an existing runinfo structure
2877  */
2878 static struct runinfo *
2879 rinfo_get(pid_t pid)
2880 {
2881 	struct runinfo *rp;
2882 
2883 	if (pid == 0) {		/* allocate a new entry */
2884 		rp = xcalloc(1, sizeof (struct runinfo));
2885 		rp->next = rthead;	/* link the entry into the list */
2886 		rthead = rp;
2887 		return (rp);
2888 	}
2889 	/* search the list for an existing entry */
2890 	for (rp = rthead; rp != NULL; rp = rp->next) {
2891 		if (rp->pid == pid)
2892 			break;
2893 	}
2894 	return (rp);
2895 }
2896 
2897 /*
2898  * Free a runinfo structure and its associated memory
2899  */
2900 static void
2901 rinfo_free(struct runinfo *entry)
2902 {
2903 	struct runinfo **rpp;
2904 	struct runinfo *rp;
2905 
2906 #ifdef DEBUG
2907 	(void) fprintf(stderr, "freeing job %s\n", entry->jobname);
2908 #endif
2909 	for (rpp = &rthead; (rp = *rpp) != NULL; rpp = &rp->next) {
2910 		if (rp == entry) {
2911 			*rpp = rp->next;	/* unlink the entry */
2912 			free(rp->outfile);
2913 			free(rp->jobname);
2914 			free(rp);
2915 			break;
2916 		}
2917 	}
2918 }
2919 
2920 /* ARGSUSED */
2921 static void
2922 thaw_handler(int sig)
2923 {
2924 	refresh = 1;
2925 }
2926 
2927 
2928 /* ARGSUSED */
2929 static void
2930 cronend(int sig)
2931 {
2932 	crabort("SIGTERM", REMOVE_FIFO);
2933 }
2934 
2935 /*ARGSUSED*/
2936 static void
2937 child_handler(int sig)
2938 {
2939 	;
2940 }
2941 
2942 static void
2943 child_sigreset(void)
2944 {
2945 	(void) signal(SIGCLD, SIG_DFL);
2946 	(void) sigprocmask(SIG_SETMASK, &defmask, NULL);
2947 }
2948 
2949 /*
2950  * crabort() - handle exits out of cron
2951  */
2952 static void
2953 crabort(char *mssg, int action)
2954 {
2955 	int	c;
2956 
2957 	if (action & REMOVE_FIFO) {
2958 		/* FIFO vanishes when cron finishes */
2959 		if (unlink(FIFO) < 0)
2960 			perror("cron could not unlink FIFO");
2961 	}
2962 
2963 	if (action & CONSOLE_MSG) {
2964 		/* write error msg to console */
2965 		if ((c = open(CONSOLE, O_WRONLY)) >= 0) {
2966 			(void) write(c, "cron aborted: ", 14);
2967 			(void) write(c, mssg, strlen(mssg));
2968 			(void) write(c, "\n", 1);
2969 			(void) close(c);
2970 		}
2971 	}
2972 
2973 	/* always log the message */
2974 	msg(mssg);
2975 	msg("******* CRON ABORTED ********");
2976 	exit(1);
2977 }
2978 
2979 /*
2980  * msg() - time-stamped error reporting function
2981  */
2982 /*PRINTFLIKE1*/
2983 static void
2984 msg(char *fmt, ...)
2985 {
2986 	va_list args;
2987 	time_t	t;
2988 
2989 	t = time(NULL);
2990 
2991 	(void) fflush(stdout);
2992 
2993 	(void) fprintf(stderr, "! ");
2994 
2995 	va_start(args, fmt);
2996 	(void) vfprintf(stderr, fmt, args);
2997 	va_end(args);
2998 
2999 	(void) strftime(timebuf, sizeof (timebuf), FORMAT, localtime(&t));
3000 	(void) fprintf(stderr, " %s\n", timebuf);
3001 
3002 	(void) fflush(stderr);
3003 }
3004 
3005 static void
3006 ignore_msg(char *func_name, char *job_type, struct event *event)
3007 {
3008 	msg("%s: ignoring %s job (user: %s, cmd: %s, time: %ld)",
3009 	    func_name, job_type,
3010 	    event->u->name ? event->u->name : "unknown",
3011 	    event->cmd ? event->cmd : "unknown",
3012 	    event->time);
3013 }
3014 
3015 static void
3016 logit(int cc, struct runinfo *rp, int rc)
3017 {
3018 	time_t t;
3019 	int    ret;
3020 
3021 	if (!log)
3022 		return;
3023 
3024 	t = time(NULL);
3025 	if (cc == BCHAR)
3026 		(void) printf("%c  CMD: %s\n", cc, next_event->cmd);
3027 	(void) strftime(timebuf, sizeof (timebuf), FORMAT, localtime(&t));
3028 	(void) printf("%c  %.8s %u %c %s",
3029 	    cc, (rp->rusr)->name, rp->pid, QUE(rp->que), timebuf);
3030 	if ((ret = TSTAT(rc)) != 0)
3031 		(void) printf(" ts=%d", ret);
3032 	if ((ret = RCODE(rc)) != 0)
3033 		(void) printf(" rc=%d", ret);
3034 	(void) putchar('\n');
3035 	(void) fflush(stdout);
3036 }
3037 
3038 static void
3039 resched(int delay)
3040 {
3041 	time_t	nt;
3042 
3043 	/* run job at a later time */
3044 	nt = next_event->time + delay;
3045 	if (next_event->etype == CRONEVENT) {
3046 		next_event->time = next_time(next_event, (time_t)0);
3047 		if (nt < next_event->time)
3048 			next_event->time = nt;
3049 		switch (el_add(next_event, next_event->time,
3050 		    (next_event->u)->ctid)) {
3051 		case -1:
3052 			ignore_msg("resched", "cron", next_event);
3053 			break;
3054 		case -2: /* event time lower than init time */
3055 			reset_needed = 1;
3056 			break;
3057 		}
3058 		delayed = 1;
3059 		msg("rescheduling a cron job");
3060 		return;
3061 	}
3062 	add_atevent(next_event->u, next_event->cmd, nt, next_event->etype);
3063 	msg("rescheduling at job");
3064 }
3065 
3066 static void
3067 quedefs(int action)
3068 {
3069 	int	i;
3070 	int	j;
3071 	char	qbuf[QBUFSIZ];
3072 	FILE	*fd;
3073 
3074 	/* set up default queue definitions */
3075 	for (i = 0; i < NQUEUE; i++) {
3076 		qt[i].njob = qd.njob;
3077 		qt[i].nice = qd.nice;
3078 		qt[i].nwait = qd.nwait;
3079 	}
3080 	if (action == DEFAULT)
3081 		return;
3082 	if ((fd = fopen(QUEDEFS, "r")) == NULL) {
3083 		msg("cannot open quedefs file");
3084 		msg("using default queue definitions");
3085 		return;
3086 	}
3087 	while (fgets(qbuf, QBUFSIZ, fd) != NULL) {
3088 		if ((j = qbuf[0]-'a') < 0 || j >= NQUEUE || qbuf[1] != '.')
3089 			continue;
3090 		parsqdef(&qbuf[2]);
3091 		qt[j].njob = qq.njob;
3092 		qt[j].nice = qq.nice;
3093 		qt[j].nwait = qq.nwait;
3094 	}
3095 	(void) fclose(fd);
3096 }
3097 
3098 static void
3099 parsqdef(char *name)
3100 {
3101 	int i;
3102 
3103 	qq = qd;
3104 	while (*name) {
3105 		i = 0;
3106 		while (isdigit(*name)) {
3107 			i *= 10;
3108 			i += *name++ - '0';
3109 		}
3110 		switch (*name++) {
3111 		case JOBF:
3112 			qq.njob = i;
3113 			break;
3114 		case NICEF:
3115 			qq.nice = i;
3116 			break;
3117 		case WAITF:
3118 			qq.nwait = i;
3119 			break;
3120 		}
3121 	}
3122 }
3123 
3124 /*
3125  * defaults - read defaults from /etc/default/cron
3126  */
3127 static void
3128 defaults()
3129 {
3130 	int  flags;
3131 	char *deflog;
3132 	char *hz, *tz;
3133 
3134 	/*
3135 	 * get HZ value for environment
3136 	 */
3137 	if ((hz = getenv("HZ")) == (char *)NULL)
3138 		(void) sprintf(hzname, "HZ=%d", HZ);
3139 	else
3140 		(void) snprintf(hzname, sizeof (hzname), "HZ=%s", hz);
3141 	/*
3142 	 * get TZ value for environment
3143 	 */
3144 	(void) snprintf(tzone, sizeof (tzone), "TZ=%s",
3145 	    ((tz = getenv("TZ")) != NULL) ? tz : DEFTZ);
3146 
3147 	if (defopen(DEFFILE) == 0) {
3148 		/* ignore case */
3149 		flags = defcntl(DC_GETFLAGS, 0);
3150 		TURNOFF(flags, DC_CASE);
3151 		(void) defcntl(DC_SETFLAGS, flags);
3152 
3153 		if (((deflog = defread("CRONLOG=")) == NULL) ||
3154 		    (*deflog == 'N') || (*deflog == 'n'))
3155 			log = 0;
3156 		else
3157 			log = 1;
3158 		/* fix for 1087611 - allow paths to be set in defaults file */
3159 		if ((Def_path = defread("PATH=")) != NULL) {
3160 			(void) strlcat(path, Def_path, LINE_MAX);
3161 		} else {
3162 			(void) strlcpy(path, NONROOTPATH, LINE_MAX);
3163 		}
3164 		if ((Def_supath = defread("SUPATH=")) != NULL) {
3165 			(void) strlcat(supath, Def_supath, LINE_MAX);
3166 		} else {
3167 			(void) strlcpy(supath, ROOTPATH, LINE_MAX);
3168 		}
3169 		(void) defopen(NULL);
3170 	}
3171 }
3172 
3173 /*
3174  * Determine if a user entry for a job is still ok.  The method used here
3175  * is a lot (about 75x) faster than using setgrent() / getgrent()
3176  * endgrent().  It should be safe because we use the sysconf to determine
3177  * the max, and it tolerates the max being 0.
3178  */
3179 
3180 static int
3181 verify_user_cred(struct usr *u)
3182 {
3183 	struct passwd *pw;
3184 	size_t numUsrGrps = 0;
3185 	size_t numOrigGrps = 0;
3186 	size_t i;
3187 	int retval;
3188 
3189 	/*
3190 	 * Maximum number of groups a user may be in concurrently.  This
3191 	 * is a value which we obtain at runtime through a sysconf()
3192 	 * call.
3193 	 */
3194 
3195 	static size_t nGroupsMax = (size_t)-1;
3196 
3197 	/*
3198 	 * Arrays for cron user's group list, constructed at startup to
3199 	 * be nGroupsMax elements long, used for verifying user
3200 	 * credentials prior to execution.
3201 	 */
3202 
3203 	static gid_t *UsrGrps;
3204 	static gid_t *OrigGrps;
3205 
3206 	if ((pw = getpwnam(u->name)) == NULL)
3207 		return (VUC_BADUSER);
3208 	if (u->home != NULL) {
3209 		if (strcmp(u->home, pw->pw_dir) != 0) {
3210 			free(u->home);
3211 			u->home = xmalloc(strlen(pw->pw_dir) + 1);
3212 			(void) strcpy(u->home, pw->pw_dir);
3213 		}
3214 	} else {
3215 		u->home = xmalloc(strlen(pw->pw_dir) + 1);
3216 		(void) strcpy(u->home, pw->pw_dir);
3217 	}
3218 	if (u->uid != pw->pw_uid)
3219 		u->uid = pw->pw_uid;
3220 	if (u->gid != pw->pw_gid)
3221 		u->gid  = pw->pw_gid;
3222 
3223 	/*
3224 	 * Create the group id lists needed for job credential
3225 	 * verification.
3226 	 */
3227 
3228 	if (nGroupsMax == (size_t)-1) {
3229 		if ((nGroupsMax = sysconf(_SC_NGROUPS_MAX)) > 0) {
3230 			UsrGrps = xcalloc(nGroupsMax, sizeof (gid_t));
3231 			OrigGrps = xcalloc(nGroupsMax, sizeof (gid_t));
3232 		}
3233 
3234 #ifdef DEBUG
3235 		(void) fprintf(stderr, "nGroupsMax = %ld\n", nGroupsMax);
3236 #endif
3237 	}
3238 
3239 #ifdef DEBUG
3240 	(void) fprintf(stderr, "verify_user_cred (%s-%d)\n", pw->pw_name,
3241 	    pw->pw_uid);
3242 	(void) fprintf(stderr, "verify_user_cred: pw->pw_gid = %d, "
3243 	    "u->gid = %d\n", pw->pw_gid, u->gid);
3244 #endif
3245 
3246 	retval = (u->gid == pw->pw_gid) ? VUC_OK : VUC_NOTINGROUP;
3247 
3248 	if (nGroupsMax > 0) {
3249 		numOrigGrps = getgroups(nGroupsMax, OrigGrps);
3250 
3251 		(void) initgroups(pw->pw_name, pw->pw_gid);
3252 		numUsrGrps = getgroups(nGroupsMax, UsrGrps);
3253 
3254 		for (i = 0; i < numUsrGrps; i++) {
3255 			if (UsrGrps[i] == u->gid) {
3256 				retval = VUC_OK;
3257 				break;
3258 			}
3259 		}
3260 
3261 		if (OrigGrps) {
3262 			(void) setgroups(numOrigGrps, OrigGrps);
3263 		}
3264 	}
3265 
3266 #ifdef DEBUG
3267 	(void) fprintf(stderr, "verify_user_cred: VUC = %d\n", retval);
3268 #endif
3269 
3270 	return (retval);
3271 }
3272 
3273 static int
3274 set_user_cred(const struct usr *u, struct project *pproj)
3275 {
3276 	static char *progname = "cron";
3277 	int r = 0, rval = 0;
3278 
3279 	if ((r = pam_start(progname, u->name, &pam_conv, &pamh))
3280 	    != PAM_SUCCESS) {
3281 #ifdef DEBUG
3282 		msg("pam_start returns %d\n", r);
3283 #endif
3284 		rval = VUC_BADUSER;
3285 		goto set_eser_cred_exit;
3286 	}
3287 
3288 	r = pam_acct_mgmt(pamh, 0);
3289 #ifdef DEBUG
3290 	msg("pam_acc_mgmt returns %d\n", r);
3291 #endif
3292 	if (r == PAM_ACCT_EXPIRED) {
3293 		rval = VUC_EXPIRED;
3294 		goto set_eser_cred_exit;
3295 	}
3296 	if (r == PAM_NEW_AUTHTOK_REQD) {
3297 		rval = VUC_NEW_AUTH;
3298 		goto set_eser_cred_exit;
3299 	}
3300 	if (r != PAM_SUCCESS) {
3301 		rval = VUC_BADUSER;
3302 		goto set_eser_cred_exit;
3303 	}
3304 
3305 	if (pproj != NULL) {
3306 		size_t sz = sizeof (PROJECT) + strlen(pproj->pj_name);
3307 		char *buf = alloca(sz);
3308 
3309 		(void) snprintf(buf, sz, PROJECT "%s", pproj->pj_name);
3310 		(void) pam_set_item(pamh, PAM_RESOURCE, buf);
3311 	}
3312 
3313 	r = pam_setcred(pamh, PAM_ESTABLISH_CRED);
3314 	if (r != PAM_SUCCESS)
3315 		rval = VUC_BADUSER;
3316 
3317 set_eser_cred_exit:
3318 	(void) pam_end(pamh, r);
3319 	return (rval);
3320 }
3321 
3322 static void
3323 clean_out_user(struct usr *u)
3324 {
3325 	if (next_event->u == u) {
3326 		next_event = NULL;
3327 	}
3328 
3329 	clean_out_ctab(u);
3330 	clean_out_atjobs(u);
3331 	free_if_unused(u);
3332 }
3333 
3334 static void
3335 clean_out_atjobs(struct usr *u)
3336 {
3337 	struct event *ev, *pv;
3338 
3339 	for (pv = NULL, ev = u->atevents;
3340 	    ev != NULL;
3341 	    pv = ev, ev = ev->link, free(pv)) {
3342 		el_remove(ev->of.at.eventid, 1);
3343 		if (cwd == AT)
3344 			cron_unlink(ev->cmd);
3345 		else {
3346 			char buf[PATH_MAX];
3347 			if (strlen(ATDIR) + strlen(ev->cmd) + 2
3348 			    < PATH_MAX) {
3349 				(void) sprintf(buf, "%s/%s", ATDIR, ev->cmd);
3350 				cron_unlink(buf);
3351 			}
3352 		}
3353 		free(ev->cmd);
3354 	}
3355 
3356 	u->atevents = NULL;
3357 }
3358 
3359 static void
3360 clean_out_ctab(struct usr *u)
3361 {
3362 	rm_ctevents(u);
3363 	el_remove(u->ctid, 0);
3364 	u->ctid = 0;
3365 	u->ctexists = 0;
3366 }
3367 
3368 static void
3369 cron_unlink(char *name)
3370 {
3371 	int r;
3372 
3373 	r = unlink(name);
3374 	if (r == 0 || (r == -1 && errno == ENOENT)) {
3375 		(void) audit_cron_delete_anc_file(name, NULL);
3376 	}
3377 }
3378 
3379 static void
3380 create_anc_ctab(struct event *e)
3381 {
3382 	if (audit_cron_create_anc_file(e->u->name,
3383 	    (cwd == CRON) ? NULL:CRONDIR,
3384 	    e->u->name, e->u->uid) == -1) {
3385 		process_anc_files(CRON_ANC_DELETE);
3386 		crabort("cannot create ancillary files for crontabs",
3387 		    REMOVE_FIFO|CONSOLE_MSG);
3388 	}
3389 }
3390 
3391 static void
3392 delete_anc_ctab(struct event *e)
3393 {
3394 	(void) audit_cron_delete_anc_file(e->u->name,
3395 	    (cwd == CRON) ? NULL:CRONDIR);
3396 }
3397 
3398 static void
3399 create_anc_atjob(struct event *e)
3400 {
3401 	if (!e->of.at.exists)
3402 		return;
3403 
3404 	if (audit_cron_create_anc_file(e->cmd,
3405 	    (cwd == AT) ? NULL:ATDIR,
3406 	    e->u->name, e->u->uid) == -1) {
3407 		process_anc_files(CRON_ANC_DELETE);
3408 		crabort("cannot create ancillary files for atjobs",
3409 		    REMOVE_FIFO|CONSOLE_MSG);
3410 	}
3411 }
3412 
3413 static void
3414 delete_anc_atjob(struct event *e)
3415 {
3416 	if (!e->of.at.exists)
3417 		return;
3418 
3419 	(void) audit_cron_delete_anc_file(e->cmd,
3420 	    (cwd == AT) ? NULL:ATDIR);
3421 }
3422 
3423 
3424 static void
3425 process_anc_files(int del)
3426 {
3427 	struct usr	*u = uhead;
3428 	struct event	*e;
3429 
3430 	if (!audit_cron_mode())
3431 		return;
3432 
3433 	for (;;) {
3434 		if (u->ctexists && u->ctevents != NULL) {
3435 			e = u->ctevents;
3436 			for (;;) {
3437 				if (del)
3438 					delete_anc_ctab(e);
3439 				else
3440 					create_anc_ctab(e);
3441 				if ((e = e->link) == NULL)
3442 					break;
3443 			}
3444 		}
3445 
3446 		if (u->atevents != NULL) {
3447 			e = u->atevents;
3448 			for (;;) {
3449 				if (del)
3450 					delete_anc_atjob(e);
3451 				else
3452 					create_anc_atjob(e);
3453 				if ((e = e->link) == NULL)
3454 					break;
3455 			}
3456 		}
3457 
3458 		if ((u = u->nextusr)  == NULL)
3459 			break;
3460 	}
3461 }
3462 
3463 /*ARGSUSED*/
3464 static int
3465 cron_conv(int num_msg, struct pam_message **msgs,
3466     struct pam_response **response, void *appdata_ptr)
3467 {
3468 	struct pam_message	**m = msgs;
3469 	int i;
3470 
3471 	for (i = 0; i < num_msg; i++) {
3472 		switch (m[i]->msg_style) {
3473 		case PAM_ERROR_MSG:
3474 		case PAM_TEXT_INFO:
3475 			if (m[i]->msg != NULL) {
3476 				(void) msg("%s\n", m[i]->msg);
3477 			}
3478 			break;
3479 
3480 		default:
3481 			break;
3482 		}
3483 	}
3484 	return (0);
3485 }
3486 
3487 /*
3488  * Cron creates process for other than job. Mail process is the
3489  * one which rinfo does not cover. Therefore, miscpid will keep
3490  * track of the pids executed from cron. Otherwise, we will see
3491  * "unexpected pid returned.." messages appear in the log file.
3492  */
3493 static void
3494 miscpid_insert(pid_t pid)
3495 {
3496 	struct miscpid *mp;
3497 
3498 	mp = xmalloc(sizeof (*mp));
3499 	mp->pid = pid;
3500 	mp->next = miscpid_head;
3501 	miscpid_head = mp;
3502 }
3503 
3504 static int
3505 miscpid_delete(pid_t pid)
3506 {
3507 	struct miscpid *mp, *omp;
3508 	int found = 0;
3509 
3510 	omp = NULL;
3511 	for (mp = miscpid_head; mp != NULL; mp = mp->next) {
3512 		if (mp->pid == pid) {
3513 			found = 1;
3514 			break;
3515 		}
3516 		omp = mp;
3517 	}
3518 	if (found) {
3519 		if (omp != NULL)
3520 			omp->next = mp->next;
3521 		else
3522 			miscpid_head = NULL;
3523 		free(mp);
3524 	}
3525 	return (found);
3526 }
3527 
3528 /*
3529  * Establish contract terms such that all children are in abandoned
3530  * process contracts.
3531  */
3532 static void
3533 contract_set_template(void)
3534 {
3535 	int fd;
3536 
3537 	if ((fd = open64(CTFS_ROOT "/process/template", O_RDWR)) < 0)
3538 		crabort("cannot open process contract template",
3539 		    REMOVE_FIFO | CONSOLE_MSG);
3540 
3541 	if (ct_pr_tmpl_set_param(fd, 0) ||
3542 	    ct_tmpl_set_informative(fd, 0) ||
3543 	    ct_pr_tmpl_set_fatal(fd, CT_PR_EV_HWERR))
3544 		crabort("cannot establish contract template terms",
3545 		    REMOVE_FIFO | CONSOLE_MSG);
3546 
3547 	if (ct_tmpl_activate(fd))
3548 		crabort("cannot activate contract template",
3549 		    REMOVE_FIFO | CONSOLE_MSG);
3550 
3551 	(void) close(fd);
3552 }
3553 
3554 /*
3555  * Clear active process contract template.
3556  */
3557 static void
3558 contract_clear_template(void)
3559 {
3560 	int fd;
3561 
3562 	if ((fd = open64(CTFS_ROOT "/process/template", O_RDWR)) < 0)
3563 		crabort("cannot open process contract template",
3564 		    REMOVE_FIFO | CONSOLE_MSG);
3565 
3566 	if (ct_tmpl_clear(fd))
3567 		crabort("cannot clear contract template",
3568 		    REMOVE_FIFO | CONSOLE_MSG);
3569 
3570 	(void) close(fd);
3571 }
3572 
3573 /*
3574  * Abandon latest process contract unconditionally.  If we have leaked [some
3575  * critical amount], exit such that the kernel reaps our contracts.
3576  */
3577 static void
3578 contract_abandon_latest(pid_t pid)
3579 {
3580 	int r;
3581 	ctid_t id;
3582 	static uint_t cts_lost;
3583 
3584 	if (cts_lost > MAX_LOST_CONTRACTS)
3585 		crabort("repeated failure to abandon contracts",
3586 		    REMOVE_FIFO | CONSOLE_MSG);
3587 
3588 	if (r = contract_latest(&id)) {
3589 		msg("could not obtain latest contract for "
3590 		    "PID %ld: %s", pid, strerror(r));
3591 		cts_lost++;
3592 		return;
3593 	}
3594 
3595 	if (r = contract_abandon_id(id)) {
3596 		msg("could not abandon latest contract %ld: %s", id,
3597 		    strerror(r));
3598 		cts_lost++;
3599 		return;
3600 	}
3601 }
3602 
3603 static struct shared *
3604 create_shared(void *obj, void * (*obj_alloc)(void *obj),
3605 	void (*obj_free)(void *))
3606 {
3607 	struct shared *out;
3608 
3609 	if ((out = xmalloc(sizeof (struct shared))) == NULL) {
3610 		return (NULL);
3611 	}
3612 	if ((out->obj = obj_alloc(obj)) == NULL) {
3613 		free(out);
3614 		return (NULL);
3615 	}
3616 	out->count = 1;
3617 	out->free = obj_free;
3618 
3619 	return (out);
3620 }
3621 
3622 static struct shared *
3623 create_shared_str(char *str)
3624 {
3625 	return (create_shared(str, (void *(*)(void *))strdup, free));
3626 }
3627 
3628 static struct shared *
3629 dup_shared(struct shared *obj)
3630 {
3631 	if (obj != NULL) {
3632 		obj->count++;
3633 	}
3634 	return (obj);
3635 }
3636 
3637 static void
3638 rel_shared(struct shared *obj)
3639 {
3640 	if (obj && (--obj->count) == 0) {
3641 		obj->free(obj->obj);
3642 		free(obj);
3643 	}
3644 }
3645 
3646 static void *
3647 get_obj(struct shared *obj)
3648 {
3649 	return (obj->obj);
3650 }
3651