1 /* $NetBSD: at.c,v 1.33 2021/04/03 04:33:08 simonb Exp $ */ 2 3 /* 4 * at.c : Put file into atrun queue 5 * Copyright (C) 1993, 1994 Thomas Koenig 6 * 7 * Atrun & Atq modifications 8 * Copyright (C) 1993 David Parsons 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. The name of the author(s) may not be used to endorse or promote 16 * products derived from this software without specific prior written 17 * permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 22 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, 23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 */ 30 31 /* System Headers */ 32 #include <sys/types.h> 33 #include <sys/param.h> 34 #include <sys/stat.h> 35 #include <sys/wait.h> 36 #include <ctype.h> 37 #include <dirent.h> 38 #include <err.h> 39 #include <errno.h> 40 #include <fcntl.h> 41 #include <locale.h> 42 #include <pwd.h> 43 #include <signal.h> 44 #include <stdbool.h> 45 #include <stddef.h> 46 #include <stdio.h> 47 #include <stdlib.h> 48 #include <string.h> 49 #include <time.h> 50 #include <unistd.h> 51 #include <util.h> 52 53 /* Local headers */ 54 #include "at.h" 55 #include "panic.h" 56 #include "parsetime.h" 57 #include "perm.h" 58 #include "pathnames.h" 59 #include "stime.h" 60 #include "privs.h" 61 62 /* Macros */ 63 #define ALARMC 10 /* Number of seconds to wait for timeout */ 64 65 #define TIMESIZE 50 66 67 enum { ATQ, ATRM, AT, BATCH, CAT }; /* what program we want to run */ 68 69 /* File scope variables */ 70 #ifndef lint 71 #if 0 72 static char rcsid[] = "$OpenBSD: at.c,v 1.15 1998/06/03 16:20:26 deraadt Exp $"; 73 #else 74 __RCSID("$NetBSD: at.c,v 1.33 2021/04/03 04:33:08 simonb Exp $"); 75 #endif 76 #endif 77 78 const char *no_export[] = {"TERM", "TERMCAP", "DISPLAY", "_"}; 79 static int send_mail = 0; 80 81 /* External variables */ 82 83 extern char **environ; 84 bool fcreated = false; 85 char atfile[FILENAME_MAX]; 86 87 char *atinput = NULL; /* where to get input from */ 88 unsigned char atqueue = 0; /* which queue to examine for jobs (atq) */ 89 char atverify = 0; /* verify time instead of queuing job */ 90 91 /* Function declarations */ 92 93 __dead static void sigc (int); 94 __dead static void alarmc (int); 95 static char *cwdname (void); 96 static int nextjob (void); 97 static void writefile (time_t, unsigned char); 98 static void list_jobs (void); 99 static void process_jobs (int, char **, int); 100 101 /* Signal catching functions */ 102 103 /*ARGSUSED*/ 104 static void 105 sigc(int signo) 106 { 107 108 /* If a signal interrupts us, remove the spool file and exit. */ 109 if (fcreated) { 110 privs_enter(); 111 (void)unlink(atfile); 112 privs_exit(); 113 } 114 (void)raise_default_signal(signo); 115 exit(EXIT_FAILURE); 116 } 117 118 /*ARGSUSED*/ 119 static void 120 alarmc(int signo) 121 { 122 123 /* Time out after some seconds. */ 124 warnx("File locking timed out"); 125 sigc(signo); 126 } 127 128 /* Local functions */ 129 130 static char * 131 cwdname(void) 132 { 133 134 /* 135 * Read in the current directory; the name will be overwritten on 136 * subsequent calls. 137 */ 138 static char path[MAXPATHLEN]; 139 140 return getcwd(path, sizeof(path)); 141 } 142 143 static int 144 nextjob(void) 145 { 146 int jobno; 147 FILE *fid; 148 149 if ((fid = fopen(_PATH_SEQFILE, "r+")) != NULL) { 150 if (fscanf(fid, "%5x", &jobno) == 1) { 151 (void)rewind(fid); 152 jobno = (1+jobno) % 0xfffff; /* 2^20 jobs enough? */ 153 (void)fprintf(fid, "%05x\n", jobno); 154 } else 155 jobno = EOF; 156 (void)fclose(fid); 157 return jobno; 158 } else if ((fid = fopen(_PATH_SEQFILE, "w")) != NULL) { 159 (void)fprintf(fid, "%05x\n", jobno = 1); 160 (void)fclose(fid); 161 return 1; 162 } 163 return EOF; 164 } 165 166 static void 167 writefile(time_t runtimer, unsigned char queue) 168 { 169 /* 170 * This does most of the work if at or batch are invoked for 171 * writing a job. 172 */ 173 int jobno; 174 char *ap, *ppos; 175 const char *mailname; 176 struct passwd *pass_entry; 177 struct stat statbuf; 178 int fdes, lockdes, fd2; 179 FILE *fp, *fpin; 180 struct sigaction act; 181 char **atenv; 182 int ch; 183 mode_t cmask; 184 struct flock lock; 185 186 (void)setlocale(LC_TIME, ""); 187 188 /* 189 * Install the signal handler for SIGINT; terminate after removing the 190 * spool file if necessary 191 */ 192 (void)memset(&act, 0, sizeof(act)); 193 act.sa_handler = sigc; 194 (void)sigemptyset(&act.sa_mask); 195 act.sa_flags = 0; 196 197 (void)sigaction(SIGINT, &act, NULL); 198 199 (void)strlcpy(atfile, _PATH_ATJOBS, sizeof(atfile)); 200 ppos = atfile + strlen(atfile); 201 202 /* 203 * Loop over all possible file names for running something at this 204 * particular time, see if a file is there; the first empty slot at 205 * any particular time is used. Lock the file _PATH_LOCKFILE first 206 * to make sure we're alone when doing this. 207 */ 208 209 privs_enter(); 210 211 if ((lockdes = open(_PATH_LOCKFILE, O_WRONLY | O_CREAT, S_IWUSR | S_IRUSR)) < 0) 212 perr("Cannot open lockfile " _PATH_LOCKFILE); 213 214 lock.l_type = F_WRLCK; 215 lock.l_whence = SEEK_SET; 216 lock.l_start = 0; 217 lock.l_len = 0; 218 219 act.sa_handler = alarmc; 220 (void)sigemptyset(&act.sa_mask); 221 act.sa_flags = 0; 222 223 /* 224 * Set an alarm so a timeout occurs after ALARMC seconds, in case 225 * something is seriously broken. 226 */ 227 (void)sigaction(SIGALRM, &act, NULL); 228 (void)alarm(ALARMC); 229 (void)fcntl(lockdes, F_SETLKW, &lock); 230 (void)alarm(0); 231 232 if ((jobno = nextjob()) == EOF) 233 perr("Cannot generate job number"); 234 235 (void)snprintf(ppos, sizeof(atfile) - (ppos - atfile), 236 "%c%5x%8lx", queue, jobno, (unsigned long) (runtimer/60)); 237 238 for (ap = ppos; *ap != '\0'; ap++) 239 if (*ap == ' ') 240 *ap = '0'; 241 242 if (stat(atfile, &statbuf) == -1) 243 if (errno != ENOENT) 244 perr("Cannot access " _PATH_ATJOBS); 245 246 /* 247 * Create the file. The x bit is only going to be set after it has 248 * been completely written out, to make sure it is not executed in 249 * the meantime. To make sure they do not get deleted, turn off 250 * their r bit. Yes, this is a kluge. 251 */ 252 cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); 253 if ((fdes = open(atfile, O_CREAT | O_TRUNC | O_WRONLY, S_IRUSR)) == -1) 254 perr("Cannot create atjob file"); 255 256 if ((fd2 = dup(fdes)) == -1) 257 perr("Error in dup() of job file"); 258 259 if (fchown(fd2, real_uid, real_gid) == -1) 260 perr("Cannot give away file"); 261 262 privs_exit(); 263 264 /* 265 * We've successfully created the file; let's set the flag so it 266 * gets removed in case of an interrupt or error. 267 */ 268 fcreated = true; 269 270 /* Now we can release the lock, so other people can access it */ 271 lock.l_type = F_UNLCK; 272 lock.l_whence = SEEK_SET; 273 lock.l_start = 0; 274 lock.l_len = 0; 275 (void)fcntl(lockdes, F_SETLKW, &lock); 276 (void)close(lockdes); 277 278 if ((fp = fdopen(fdes, "w")) == NULL) 279 panic("Cannot reopen atjob file"); 280 281 /* 282 * Get the userid to mail to, first by trying getlogin(), which reads 283 * /etc/utmp, then from $LOGNAME or $USER, finally from getpwuid(). 284 */ 285 mailname = getlogin(); 286 if (mailname == NULL && (mailname = getenv("LOGNAME")) == NULL) 287 mailname = getenv("USER"); 288 289 if (mailname == NULL || mailname[0] == '\0' || 290 strlen(mailname) > LOGIN_NAME_MAX || getpwnam(mailname) == NULL) { 291 pass_entry = getpwuid(real_uid); 292 if (pass_entry != NULL) 293 mailname = pass_entry->pw_name; 294 } 295 296 if (atinput != NULL) { 297 fpin = freopen(atinput, "r", stdin); 298 if (fpin == NULL) 299 perr("Cannot open input file"); 300 } 301 (void)fprintf(fp, 302 "#!/bin/sh\n" 303 "# atrun uid=%u gid=%u\n" 304 "# mail %s %d\n", 305 real_uid, real_gid, mailname, send_mail); 306 307 /* Write out the umask at the time of invocation */ 308 (void)fprintf(fp, "umask %o\n", cmask); 309 310 /* 311 * Write out the environment. Anything that may look like a special 312 * character to the shell is quoted, except for \n, which is done 313 * with a pair of "'s. Dont't export the no_export list (such as 314 * TERM or DISPLAY) because we don't want these. 315 */ 316 for (atenv = environ; *atenv != NULL; atenv++) { 317 int export = 1; 318 char *eqp; 319 320 eqp = strchr(*atenv, '='); 321 if (eqp == NULL) 322 eqp = *atenv; 323 else { 324 size_t i; 325 326 for (i = 0; i < __arraycount(no_export); i++) { 327 export = export && 328 strncmp(*atenv, no_export[i], 329 (size_t)(eqp - *atenv)) != 0; 330 } 331 eqp++; 332 } 333 334 if (export) { 335 (void)fwrite(*atenv, sizeof(char), 336 (size_t)(eqp - *atenv), fp); 337 for (ap = eqp; *ap != '\0'; ap++) { 338 if (*ap == '\n') 339 (void)fprintf(fp, "\"\n\""); 340 else { 341 if (!isalnum((unsigned char)*ap)) { 342 switch (*ap) { 343 case '%': case '/': case '{': 344 case '[': case ']': case '=': 345 case '}': case '@': case '+': 346 case '#': case ',': case '.': 347 case ':': case '-': case '_': 348 break; 349 default: 350 (void)fputc('\\', fp); 351 break; 352 } 353 } 354 (void)fputc(*ap, fp); 355 } 356 } 357 (void)fputs("; export ", fp); 358 (void)fwrite(*atenv, sizeof(char), 359 (size_t)(eqp - *atenv - 1), fp); 360 (void)fputc('\n', fp); 361 } 362 } 363 /* 364 * Cd to the directory at the time and write out all the 365 * commands the user supplies from stdin. 366 */ 367 (void)fputs("cd ", fp); 368 for (ap = cwdname(); *ap != '\0'; ap++) { 369 if (*ap == '\n') 370 (void)fprintf(fp, "\"\n\""); 371 else { 372 if (*ap != '/' && !isalnum((unsigned char)*ap)) 373 (void)fputc('\\', fp); 374 375 (void)fputc(*ap, fp); 376 } 377 } 378 /* 379 * Test cd's exit status: die if the original directory has been 380 * removed, become unreadable or whatever. 381 */ 382 (void)fprintf(fp, 383 " || {\n" 384 "\t echo 'Execution directory inaccessible' >&2\n" 385 "\t exit 1\n" 386 "}\n"); 387 388 if ((ch = getchar()) == EOF) 389 panic("Input error"); 390 391 do { 392 (void)fputc(ch, fp); 393 } while ((ch = getchar()) != EOF); 394 395 (void)fprintf(fp, "\n"); 396 if (ferror(fp)) 397 panic("Output error"); 398 399 if (ferror(stdin)) 400 panic("Input error"); 401 402 (void)fclose(fp); 403 404 privs_enter(); 405 406 /* 407 * Set the x bit so that we're ready to start executing 408 */ 409 if (fchmod(fd2, S_IRUSR | S_IWUSR | S_IXUSR) == -1) 410 perr("Cannot give away file"); 411 412 privs_exit(); 413 414 (void)close(fd2); 415 (void)fprintf(stderr, 416 "Job %d will be executed using /bin/sh\n", jobno); 417 } 418 419 static void 420 list_jobs(void) 421 { 422 /* 423 * List all a user's jobs in the queue, by looping through 424 * _PATH_ATJOBS, or everybody's if we are root 425 */ 426 struct passwd *pw; 427 DIR *spool; 428 struct dirent *dirent; 429 struct stat buf; 430 struct tm runtime; 431 unsigned long ctm; 432 unsigned char queue; 433 int jobno; 434 time_t runtimer; 435 char timestr[TIMESIZE]; 436 int first = 1; 437 438 privs_enter(); 439 440 if (chdir(_PATH_ATJOBS) == -1) 441 perr("Cannot change to " _PATH_ATJOBS); 442 443 if ((spool = opendir(".")) == NULL) 444 perr("Cannot open " _PATH_ATJOBS); 445 446 /* Loop over every file in the directory */ 447 while ((dirent = readdir(spool)) != NULL) { 448 if (stat(dirent->d_name, &buf) == -1) 449 perr("Cannot stat in " _PATH_ATJOBS); 450 451 /* 452 * See it's a regular file and has its x bit turned on and 453 * is the user's 454 */ 455 if (!S_ISREG(buf.st_mode) 456 || (buf.st_uid != real_uid && real_uid != 0) 457 || !(S_IXUSR & buf.st_mode || atverify)) 458 continue; 459 460 if (sscanf(dirent->d_name, "%c%5x%8lx", &queue, &jobno, &ctm) != 3) 461 continue; 462 463 if (atqueue && queue != atqueue) 464 continue; 465 466 runtimer = 60 * (time_t)ctm; 467 runtime = *localtime(&runtimer); 468 #if 1 469 /* 470 * Provide a consistent date/time format instead of a 471 * locale-specific one that might have 2 digit years 472 */ 473 (void)strftime(timestr, TIMESIZE, "%T %F", &runtime); 474 #else 475 (void)strftime(timestr, TIMESIZE, "%X %x", &runtime); 476 #endif 477 if (first) { 478 (void)printf("%-*s %-*s %-*s %s\n", 479 (int)strlen(timestr), "Date", 480 LOGIN_NAME_MAX, "Owner", 481 7, "Queue", 482 "Job"); 483 first = 0; 484 } 485 pw = getpwuid(buf.st_uid); 486 487 (void)printf("%s %-*s %c%-*s %d\n", 488 timestr, 489 LOGIN_NAME_MAX, pw ? pw->pw_name : "???", 490 queue, 491 6, (S_IXUSR & buf.st_mode) ? "" : "(done)", 492 jobno); 493 } 494 (void)closedir(spool); 495 privs_exit(); 496 } 497 498 static void 499 process_jobs(int argc, char **argv, int what) 500 { 501 /* Delete every argument (job - ID) given */ 502 int i; 503 struct stat buf; 504 DIR *spool; 505 struct dirent *dirent; 506 unsigned long ctm; 507 unsigned char queue; 508 int jobno; 509 510 privs_enter(); 511 512 if (chdir(_PATH_ATJOBS) == -1) 513 perr("Cannot change to " _PATH_ATJOBS); 514 515 if ((spool = opendir(".")) == NULL) 516 perr("Cannot open " _PATH_ATJOBS); 517 518 privs_exit(); 519 520 /* Loop over every file in the directory */ 521 while((dirent = readdir(spool)) != NULL) { 522 523 privs_enter(); 524 if (stat(dirent->d_name, &buf) == -1) 525 perr("Cannot stat in " _PATH_ATJOBS); 526 privs_exit(); 527 528 if (sscanf(dirent->d_name, "%c%5x%8lx", &queue, &jobno, &ctm) !=3) 529 continue; 530 531 for (i = optind; i < argc; i++) { 532 if (atoi(argv[i]) == jobno) { 533 if (buf.st_uid != real_uid && real_uid != 0) 534 errx(EXIT_FAILURE, 535 "%s: Not owner", argv[i]); 536 537 switch (what) { 538 case ATRM: 539 privs_enter(); 540 541 if (unlink(dirent->d_name) == -1) 542 perr(dirent->d_name); 543 544 privs_exit(); 545 break; 546 547 case CAT: { 548 FILE *fp; 549 int ch; 550 551 privs_enter(); 552 553 fp = fopen(dirent->d_name, "r"); 554 555 privs_exit(); 556 557 if (!fp) 558 perr("Cannot open file"); 559 else { 560 while((ch = getc(fp)) != EOF) 561 (void)putchar(ch); 562 (void)fclose(fp); 563 } 564 } 565 break; 566 567 default: 568 errx(EXIT_FAILURE, 569 "Internal error, process_jobs = %d", 570 what); 571 break; 572 } 573 } 574 } 575 } 576 (void)closedir(spool); 577 } 578 579 /* Global functions */ 580 581 int 582 main(int argc, char **argv) 583 { 584 int c; 585 unsigned char queue = DEFAULT_AT_QUEUE; 586 char queue_set = 0; 587 char time_set = 0; 588 char *pgm; 589 590 int program = AT; /* our default program */ 591 const char *options = "q:f:t:mvldbrVc"; /* default options for at */ 592 int disp_version = 0; 593 time_t timer; 594 595 privs_relinquish(); 596 597 /* Eat any leading paths */ 598 if ((pgm = strrchr(argv[0], '/')) == NULL) 599 pgm = argv[0]; 600 else 601 pgm++; 602 603 /* find out what this program is supposed to do */ 604 if (strcmp(pgm, "atq") == 0) { 605 program = ATQ; 606 options = "q:vV"; 607 } else if (strcmp(pgm, "atrm") == 0) { 608 program = ATRM; 609 options = "V"; 610 } else if (strcmp(pgm, "batch") == 0) { 611 program = BATCH; 612 options = "f:q:t:mvV"; 613 } 614 615 /* process whatever options we can process */ 616 opterr = 1; 617 while ((c = getopt(argc, argv, options)) != -1) { 618 switch (c) { 619 case 'v': /* verify time settings */ 620 atverify = 1; 621 break; 622 623 case 'm': /* send mail when job is complete */ 624 send_mail = 1; 625 break; 626 627 case 'f': 628 atinput = optarg; 629 break; 630 631 case 'q': /* specify queue */ 632 if (strlen(optarg) > 1) 633 usage(); 634 635 atqueue = queue = *optarg; 636 if (!(islower(queue) || isupper(queue))) 637 usage(); 638 639 queue_set = 1; 640 break; 641 case 't': /* touch(1) date format */ 642 timer = stime(optarg); 643 time_set = 1; 644 break; 645 646 case 'd': 647 case 'r': 648 if (program != AT) 649 usage(); 650 651 program = ATRM; 652 options = "V"; 653 break; 654 655 case 'l': 656 if (program != AT) 657 usage(); 658 659 program = ATQ; 660 options = "q:vV"; 661 break; 662 663 case 'b': 664 if (program != AT) 665 usage(); 666 667 program = BATCH; 668 options = "f:q:mvV"; 669 break; 670 671 case 'V': 672 disp_version = 1; 673 break; 674 675 case 'c': 676 program = CAT; 677 options = ""; 678 break; 679 680 default: 681 usage(); 682 break; 683 } 684 } /* end of options eating */ 685 686 if (disp_version) 687 (void)fprintf(stderr, "%s version %.1f\n", pgm, AT_VERSION); 688 689 if (!check_permission()) 690 errx(EXIT_FAILURE, 691 "You do not have permission to use %s.", pgm); 692 693 /* select our program */ 694 switch (program) { 695 case ATQ: 696 if (optind != argc) 697 usage(); 698 list_jobs(); 699 break; 700 701 case ATRM: 702 case CAT: 703 if (optind == argc) 704 usage(); 705 process_jobs(argc, argv, program); 706 break; 707 708 case AT: 709 if (argc > optind) { 710 /* -t and timespec argument are mutually exclusive */ 711 if (time_set) { 712 usage(); 713 exit(EXIT_FAILURE); 714 } else { 715 timer = parsetime(argc, argv); 716 time_set = 1; 717 } 718 } 719 720 if (atverify) { 721 struct tm *tm = localtime(&timer); 722 (void)fprintf(stderr, "%s\n", asctime(tm)); 723 } 724 writefile(timer, queue); 725 break; 726 727 case BATCH: 728 if (queue_set) 729 queue = toupper(queue); 730 else 731 queue = DEFAULT_BATCH_QUEUE; 732 733 if (argc > optind) { 734 /* -t and timespec argument are mutually exclusive */ 735 if (time_set) { 736 usage(); 737 exit(EXIT_FAILURE); 738 } else { 739 timer = parsetime(argc, argv); 740 time_set = 1; 741 } 742 } else if (!time_set) 743 timer = time(NULL); 744 745 if (atverify) { 746 struct tm *tm = localtime(&timer); 747 (void)fprintf(stderr, "%s\n", asctime(tm)); 748 } 749 750 writefile(timer, queue); 751 break; 752 753 default: 754 panic("Internal error"); 755 break; 756 } 757 return EXIT_SUCCESS; 758 } 759