1 /* $NetBSD: database.c,v 1.9 2017/06/09 17:36:30 christos Exp $ */ 2 3 /* Copyright 1988,1990,1993,1994 by Paul Vixie 4 * All rights reserved 5 */ 6 7 /* 8 * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") 9 * Copyright (c) 1997,2000 by Internet Software Consortium, Inc. 10 * 11 * Permission to use, copy, modify, and distribute this software for any 12 * purpose with or without fee is hereby granted, provided that the above 13 * copyright notice and this permission notice appear in all copies. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES 16 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 17 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR 18 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 19 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT 21 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 */ 23 #include <sys/cdefs.h> 24 #if !defined(lint) && !defined(LINT) 25 #if 0 26 static char rcsid[] = "Id: database.c,v 1.7 2004/01/23 18:56:42 vixie Exp"; 27 #else 28 __RCSID("$NetBSD: database.c,v 1.9 2017/06/09 17:36:30 christos Exp $"); 29 #endif 30 #endif 31 32 /* vix 26jan87 [RCS has the log] 33 */ 34 35 #include "cron.h" 36 37 #define TMAX(a,b) ((a)>(b)?(a):(b)) 38 39 struct spooldir { 40 const char *path; 41 const char *uname; 42 const char *fname; 43 struct stat st; 44 }; 45 46 static struct spooldir spools[] = { 47 { .path = SPOOL_DIR, }, 48 { .path = CROND_DIR, .uname = "root", .fname = "*system*", }, 49 { .path = NULL, } 50 }; 51 52 static void process_crontab(const char *, const char *, 53 const char *, struct stat *, 54 cron_db *, cron_db *); 55 56 static void 57 process_dir(struct spooldir *sp, cron_db *new_db, cron_db *old_db) 58 { 59 DIR *dir; 60 DIR_T *dp; 61 const char *dname = sp->path; 62 struct stat *st = &sp->st; 63 64 if (st->st_mtime == 0) 65 return; 66 67 /* we used to keep this dir open all the time, for the sake of 68 * efficiency. however, we need to close it in every fork, and 69 * we fork a lot more often than the mtime of the dir changes. 70 */ 71 if (!(dir = opendir(dname))) { 72 log_it("CRON", getpid(), "OPENDIR FAILED", dname); 73 (void) exit(ERROR_EXIT); 74 } 75 76 while (NULL != (dp = readdir(dir))) { 77 char fname[MAXNAMLEN+1], tabname[MAXNAMLEN+1]; 78 size_t i, len; 79 /* 80 * Homage to... 81 */ 82 static const char *junk[] = { 83 "rpmsave", "rpmorig", "rpmnew", 84 }; 85 86 /* avoid file names beginning with ".". this is good 87 * because we would otherwise waste two guaranteed calls 88 * to getpwnam() for . and .., and there shouldn't be 89 * hidden files in here anyway (in the non system case). 90 */ 91 if (dp->d_name[0] == '.') 92 continue; 93 94 /* ignore files starting with # ... */ 95 if (dp->d_name[0] == '#') 96 continue; 97 98 len = strlen(dp->d_name); 99 100 /* ... or too big or to small ... */ 101 if (len == 0 || len >= sizeof(fname)) { 102 log_it(dp->d_name, getpid(), "ORPHAN", 103 "name too short or long"); 104 continue; 105 } 106 107 /* ... or ending with ~ ... */ 108 if (dp->d_name[len - 1] == '~') 109 continue; 110 111 (void)strlcpy(fname, dp->d_name, sizeof(fname)); 112 113 /* ... or look for blacklisted extensions */ 114 for (i = 0; i < __arraycount(junk); i++) { 115 char *p; 116 if ((p = strrchr(fname, '.')) != NULL && 117 strcmp(p + 1, junk[i]) == 0) 118 break; 119 } 120 if (i != __arraycount(junk)) 121 continue; 122 123 if (!glue_strings(tabname, sizeof tabname, dname, fname, '/')) { 124 log_it(fname, getpid(), "ORPHAN", 125 "could not glue strings"); 126 continue; 127 } 128 129 process_crontab(sp->uname ? sp->uname : fname, 130 sp->fname ? sp->fname : fname, 131 tabname, st, new_db, old_db); 132 } 133 (void)closedir(dir); 134 } 135 136 void 137 load_database(cron_db *old_db) { 138 struct stat syscron_stat; 139 cron_db new_db; 140 user *u, *nu; 141 time_t maxtime; 142 143 Debug(DLOAD, ("[%ld] load_database()\n", (long)getpid())); 144 145 /* track system crontab file 146 */ 147 if (stat(SYSCRONTAB, &syscron_stat) < OK) 148 syscron_stat.st_mtime = 0; 149 150 maxtime = syscron_stat.st_mtime; 151 for (struct spooldir *p = spools; p->path; p++) { 152 if (stat(p->path, &p->st) < OK) { 153 if (errno == ENOENT) { 154 p->st.st_mtime = 0; 155 continue; 156 } 157 log_it("CRON", getpid(), "STAT FAILED", p->path); 158 (void) exit(ERROR_EXIT); 159 } 160 if (p->st.st_mtime > maxtime) 161 maxtime = p->st.st_mtime; 162 } 163 164 /* if spooldir's mtime has not changed, we don't need to fiddle with 165 * the database. 166 * 167 * Note that old_db->mtime is initialized to 0 in main(), and 168 * so is guaranteed to be different than the stat() mtime the first 169 * time this function is called. 170 */ 171 if (old_db->mtime == maxtime) { 172 Debug(DLOAD, ("[%ld] spool dir mtime unch, no load needed.\n", 173 (long)getpid())); 174 return; 175 } 176 177 /* something's different. make a new database, moving unchanged 178 * elements from the old database, reloading elements that have 179 * actually changed. Whatever is left in the old database when 180 * we're done is chaff -- crontabs that disappeared. 181 */ 182 new_db.mtime = maxtime; 183 new_db.head = new_db.tail = NULL; 184 185 if (syscron_stat.st_mtime) 186 process_crontab("root", "*system*", SYSCRONTAB, 187 &syscron_stat, &new_db, old_db); 188 189 for (struct spooldir *p = spools; p->path; p++) 190 process_dir(p, &new_db, old_db); 191 192 /* if we don't do this, then when our children eventually call 193 * getpwnam() in do_command.c's child_process to verify MAILTO=, 194 * they will screw us up (and v-v). 195 */ 196 endpwent(); 197 198 /* whatever's left in the old database is now junk. 199 */ 200 Debug(DLOAD, ("unlinking old database:\n")); 201 for (u = old_db->head; u != NULL; u = nu) { 202 Debug(DLOAD, ("\t%s\n", u->name)); 203 nu = u->next; 204 unlink_user(old_db, u); 205 free_user(u); 206 } 207 208 /* overwrite the database control block with the new one. 209 */ 210 *old_db = new_db; 211 Debug(DLOAD, ("load_database is done\n")); 212 } 213 214 void 215 link_user(cron_db *db, user *u) { 216 if (db->head == NULL) 217 db->head = u; 218 if (db->tail) 219 db->tail->next = u; 220 u->prev = db->tail; 221 u->next = NULL; 222 db->tail = u; 223 } 224 225 void 226 unlink_user(cron_db *db, user *u) { 227 if (u->prev == NULL) 228 db->head = u->next; 229 else 230 u->prev->next = u->next; 231 232 if (u->next == NULL) 233 db->tail = u->prev; 234 else 235 u->next->prev = u->prev; 236 } 237 238 user * 239 find_user(cron_db *db, const char *name) { 240 user *u; 241 242 for (u = db->head; u != NULL; u = u->next) 243 if (strcmp(u->name, name) == 0) 244 break; 245 return (u); 246 } 247 248 static void 249 process_crontab(const char *uname, const char *fname, const char *tabname, 250 struct stat *statbuf, cron_db *new_db, cron_db *old_db) 251 { 252 struct passwd *pw = NULL; 253 int crontab_fd = OK - 1; 254 mode_t eqmode = 0400, badmode = 0; 255 user *u; 256 257 if (strcmp(fname, "*system*") == 0) { 258 /* 259 * SYSCRONTAB: 260 * Allow it to become readable by group and others, but 261 * not writable. 262 */ 263 eqmode = 0; 264 badmode = 022; 265 } else if ((pw = getpwnam(uname)) == NULL) { 266 /* file doesn't have a user in passwd file. 267 */ 268 log_it(fname, getpid(), "ORPHAN", "no passwd entry"); 269 goto next_crontab; 270 } 271 272 if ((crontab_fd = open(tabname, O_RDONLY|O_NONBLOCK|O_NOFOLLOW, 0)) < OK) { 273 /* crontab not accessible? 274 */ 275 log_it(fname, getpid(), "CAN'T OPEN", tabname); 276 goto next_crontab; 277 } 278 279 if (fstat(crontab_fd, statbuf) < OK) { 280 log_it(fname, getpid(), "FSTAT FAILED", tabname); 281 goto next_crontab; 282 } 283 if (!S_ISREG(statbuf->st_mode)) { 284 log_it(fname, getpid(), "NOT REGULAR", tabname); 285 goto next_crontab; 286 } 287 if ((eqmode && (statbuf->st_mode & 07577) != eqmode) || 288 (badmode && (statbuf->st_mode & badmode) != 0)) { 289 log_it(fname, getpid(), "BAD FILE MODE", tabname); 290 goto next_crontab; 291 } 292 if (statbuf->st_uid != ROOT_UID && (pw == NULL || 293 statbuf->st_uid != pw->pw_uid || strcmp(uname, pw->pw_name) != 0)) { 294 log_it(fname, getpid(), "WRONG FILE OWNER", tabname); 295 goto next_crontab; 296 } 297 if (statbuf->st_nlink != 1) { 298 log_it(fname, getpid(), "BAD LINK COUNT", tabname); 299 goto next_crontab; 300 } 301 302 Debug(DLOAD, ("\t%s:", fname)); 303 u = find_user(old_db, fname); 304 if (u != NULL) { 305 /* if crontab has not changed since we last read it 306 * in, then we can just use our existing entry. 307 */ 308 if (u->mtime == statbuf->st_mtime) { 309 Debug(DLOAD, (" [no change, using old data]")); 310 unlink_user(old_db, u); 311 link_user(new_db, u); 312 goto next_crontab; 313 } 314 315 /* before we fall through to the code that will reload 316 * the user, let's deallocate and unlink the user in 317 * the old database. This is more a point of memory 318 * efficiency than anything else, since all leftover 319 * users will be deleted from the old database when 320 * we finish with the crontab... 321 */ 322 Debug(DLOAD, (" [delete old data]")); 323 unlink_user(old_db, u); 324 free_user(u); 325 log_it(fname, getpid(), "RELOAD", tabname); 326 } 327 u = load_user(crontab_fd, pw, fname); 328 if (u != NULL) { 329 u->mtime = statbuf->st_mtime; 330 link_user(new_db, u); 331 } 332 333 next_crontab: 334 if (crontab_fd >= OK) { 335 Debug(DLOAD, (" [done]\n")); 336 (void)close(crontab_fd); 337 } 338 } 339