1 /* $OpenBSD: crontab.c,v 1.26 2001/12/20 23:27:47 millert Exp $ */ 2 /* Copyright 1988,1990,1993,1994 by Paul Vixie 3 * All rights reserved 4 */ 5 6 /* 7 * Copyright (c) 1997,2000 by Internet Software Consortium, Inc. 8 * 9 * Permission to use, copy, modify, and distribute this software for any 10 * purpose with or without fee is hereby granted, provided that the above 11 * copyright notice and this permission notice appear in all copies. 12 * 13 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS 14 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES 15 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE 16 * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 17 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 18 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS 19 * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS 20 * SOFTWARE. 21 */ 22 23 #if !defined(lint) && !defined(LINT) 24 static char rcsid[] = "$OpenBSD: crontab.c,v 1.26 2001/12/20 23:27:47 millert Exp $"; 25 #endif 26 27 /* crontab - install and manage per-user crontab files 28 * vix 02may87 [RCS has the rest of the log] 29 * vix 26jan87 [original] 30 */ 31 32 #define MAIN_PROGRAM 33 34 #include "cron.h" 35 36 #define NHEADER_LINES 3 37 38 enum opt_t { opt_unknown, opt_list, opt_delete, opt_edit, opt_replace }; 39 40 #if DEBUGGING 41 static char *Options[] = { "???", "list", "delete", "edit", "replace" }; 42 static char *getoptargs = "u:lerx:"; 43 #else 44 static char *getoptargs = "u:ler"; 45 #endif 46 47 static PID_T Pid; 48 static char User[MAX_UNAME], RealUser[MAX_UNAME]; 49 static char Filename[MAX_FNAME], TempFilename[MAX_FNAME]; 50 static FILE *NewCrontab; 51 static int CheckErrorCount; 52 static enum opt_t Option; 53 static struct passwd *pw; 54 static void list_cmd(void), 55 delete_cmd(void), 56 edit_cmd(void), 57 poke_daemon(void), 58 check_error(const char *), 59 parse_args(int c, char *v[]); 60 static int replace_cmd(void); 61 static void clean_turds __P((int)); 62 63 static void 64 usage(const char *msg) { 65 fprintf(stderr, "%s: usage error: %s\n", ProgramName, msg); 66 fprintf(stderr, "usage:\t%s [-u user] file\n", ProgramName); 67 fprintf(stderr, "\t%s [-u user] [ -e | -l | -r ]\n", ProgramName); 68 fprintf(stderr, "\t\t(default operation is replace, per 1003.2)\n"); 69 fprintf(stderr, "\t-e\t(edit user's crontab)\n"); 70 fprintf(stderr, "\t-l\t(list user's crontab)\n"); 71 fprintf(stderr, "\t-r\t(delete user's crontab)\n"); 72 exit(ERROR_EXIT); 73 } 74 75 int 76 main(int argc, char *argv[]) { 77 int exitstatus; 78 79 Pid = getpid(); 80 ProgramName = argv[0]; 81 82 setlocale(LC_ALL, ""); 83 84 #if defined(BSD) 85 setlinebuf(stderr); 86 #endif 87 parse_args(argc, argv); /* sets many globals, opens a file */ 88 set_cron_uid(); 89 set_cron_cwd(); 90 if (!allowed(User)) { 91 fprintf(stderr, 92 "You (%s) are not allowed to use this program (%s)\n", 93 User, ProgramName); 94 fprintf(stderr, "See crontab(1) for more information\n"); 95 log_it(RealUser, Pid, "AUTH", "crontab command not allowed"); 96 exit(ERROR_EXIT); 97 } 98 exitstatus = OK_EXIT; 99 switch (Option) { 100 case opt_list: 101 list_cmd(); 102 break; 103 case opt_delete: 104 delete_cmd(); 105 break; 106 case opt_edit: 107 edit_cmd(); 108 break; 109 case opt_replace: 110 if (replace_cmd() < 0) 111 exitstatus = ERROR_EXIT; 112 break; 113 default: 114 exit(1); 115 } 116 exit(0); 117 /*NOTREACHED*/ 118 } 119 120 static void 121 parse_args(int argc, char *argv[]) { 122 int argch; 123 124 if (!(pw = getpwuid(getuid()))) { 125 fprintf(stderr, "%s: your UID isn't in the passwd file.\n", 126 ProgramName); 127 fprintf(stderr, "bailing out.\n"); 128 exit(ERROR_EXIT); 129 } 130 if (strlen(pw->pw_name) >= sizeof User) { 131 fprintf(stderr, "username too long\n"); 132 exit(ERROR_EXIT); 133 } 134 strcpy(User, pw->pw_name); 135 strcpy(RealUser, User); 136 Filename[0] = '\0'; 137 Option = opt_unknown; 138 while (-1 != (argch = getopt(argc, argv, getoptargs))) { 139 switch (argch) { 140 case 'x': 141 if (!set_debug_flags(optarg)) 142 usage("bad debug option"); 143 break; 144 case 'u': 145 if (MY_UID(pw) != ROOT_UID) { 146 fprintf(stderr, 147 "must be privileged to use -u\n"); 148 exit(ERROR_EXIT); 149 } 150 if (!(pw = getpwnam(optarg))) { 151 fprintf(stderr, "%s: user `%s' unknown\n", 152 ProgramName, optarg); 153 exit(ERROR_EXIT); 154 } 155 if (strlen(optarg) >= sizeof User) 156 usage("username too long"); 157 (void) strcpy(User, optarg); 158 break; 159 case 'l': 160 if (Option != opt_unknown) 161 usage("only one operation permitted"); 162 Option = opt_list; 163 break; 164 case 'r': 165 if (Option != opt_unknown) 166 usage("only one operation permitted"); 167 Option = opt_delete; 168 break; 169 case 'e': 170 if (Option != opt_unknown) 171 usage("only one operation permitted"); 172 Option = opt_edit; 173 break; 174 default: 175 usage("unrecognized option"); 176 } 177 } 178 179 endpwent(); 180 181 if (Option != opt_unknown) { 182 if (argv[optind] != NULL) 183 usage("no arguments permitted after this option"); 184 } else { 185 if (argv[optind] != NULL) { 186 Option = opt_replace; 187 if (strlen(argv[optind]) >= sizeof Filename) 188 usage("filename too long"); 189 (void) strcpy (Filename, argv[optind]); 190 } else 191 usage("file name must be specified for replace"); 192 } 193 194 if (Option == opt_replace) { 195 /* we have to open the file here because we're going to 196 * chdir(2) into /var/cron before we get around to 197 * reading the file. 198 */ 199 if (!strcmp(Filename, "-")) 200 NewCrontab = stdin; 201 else { 202 /* relinquish the setuid status of the binary during 203 * the open, lest nonroot users read files they should 204 * not be able to read. we can't use access() here 205 * since there's a race condition. thanks go out to 206 * Arnt Gulbrandsen <agulbra@pvv.unit.no> for spotting 207 * the race. 208 */ 209 210 if (swap_uids() < OK) { 211 perror("swapping uids"); 212 exit(ERROR_EXIT); 213 } 214 if (!(NewCrontab = fopen(Filename, "r"))) { 215 perror(Filename); 216 exit(ERROR_EXIT); 217 } 218 if (swap_uids_back() < OK) { 219 perror("swapping uids back"); 220 exit(ERROR_EXIT); 221 } 222 } 223 } 224 225 Debug(DMISC, ("user=%s, file=%s, option=%s\n", 226 User, Filename, Options[(int)Option])) 227 } 228 229 230 static void 231 list_cmd(void) { 232 char n[MAX_FNAME]; 233 FILE *f; 234 int ch; 235 236 log_it(RealUser, Pid, "LIST", User); 237 if (!glue_strings(n, sizeof n, SPOOL_DIR, User, '/')) { 238 fprintf(stderr, "path too long\n"); 239 exit(ERROR_EXIT); 240 } 241 if (!(f = fopen(n, "r"))) { 242 if (errno == ENOENT) 243 fprintf(stderr, "no crontab for %s\n", User); 244 else 245 perror(n); 246 exit(ERROR_EXIT); 247 } 248 249 /* file is open. copy to stdout, close. 250 */ 251 Set_LineNum(1) 252 while (EOF != (ch = get_char(f))) 253 putchar(ch); 254 fclose(f); 255 } 256 257 static void 258 delete_cmd(void) { 259 char n[MAX_FNAME]; 260 261 log_it(RealUser, Pid, "DELETE", User); 262 if (!glue_strings(n, sizeof n, SPOOL_DIR, User, '/')) { 263 fprintf(stderr, "path too long\n"); 264 exit(ERROR_EXIT); 265 } 266 if (unlink(n) != 0) { 267 if (errno == ENOENT) 268 fprintf(stderr, "no crontab for %s\n", User); 269 else 270 perror(n); 271 exit(ERROR_EXIT); 272 } 273 poke_daemon(); 274 } 275 276 static void 277 check_error(const char *msg) { 278 CheckErrorCount++; 279 fprintf(stderr, "\"%s\":%d: %s\n", Filename, LineNumber-1, msg); 280 } 281 282 static void 283 edit_cmd(void) { 284 char n[MAX_FNAME], q[MAX_TEMPSTR], *editor; 285 FILE *f; 286 int ch, t, x; 287 struct stat statbuf; 288 struct timespec mtimespec; 289 struct timeval tv[2]; 290 off_t size; 291 WAIT_T waiter; 292 PID_T pid, xpid; 293 294 log_it(RealUser, Pid, "BEGIN EDIT", User); 295 if (!glue_strings(n, sizeof n, SPOOL_DIR, User, '/')) { 296 fprintf(stderr, "path too long\n"); 297 exit(ERROR_EXIT); 298 } 299 if (!(f = fopen(n, "r"))) { 300 if (errno != ENOENT) { 301 perror(n); 302 exit(ERROR_EXIT); 303 } 304 fprintf(stderr, "no crontab for %s - using an empty one\n", 305 User); 306 if (!(f = fopen(_PATH_DEVNULL, "r"))) { 307 perror(_PATH_DEVNULL); 308 exit(ERROR_EXIT); 309 } 310 } 311 312 if (fstat(fileno(f), &statbuf) < 0) { 313 perror("fstat"); 314 goto fatal; 315 } 316 size = statbuf.st_size; 317 memcpy(&mtimespec, &statbuf.st_mtimespec, sizeof(mtimespec)); 318 TIMESPEC_TO_TIMEVAL(&tv[0], &statbuf.st_atimespec); 319 TIMESPEC_TO_TIMEVAL(&tv[1], &statbuf.st_mtimespec); 320 321 /* Turn off signals. */ 322 (void)signal(SIGHUP, SIG_IGN); 323 (void)signal(SIGINT, SIG_IGN); 324 (void)signal(SIGQUIT, SIG_IGN); 325 326 if (!glue_strings(Filename, sizeof Filename, _PATH_TMP, 327 "crontab.XXXXXXXXXX", '/')) { 328 fprintf(stderr, "path too long\n"); 329 goto fatal; 330 } 331 if (-1 == (t = mkstemp(Filename))) { 332 perror(Filename); 333 goto fatal; 334 } 335 #ifdef HAS_FCHOWN 336 if (fchown(t, MY_UID(pw), MY_GID(pw)) < 0) { 337 perror("fchown"); 338 goto fatal; 339 } 340 #else 341 if (chown(Filename, MY_UID(pw), MY_GID(pw)) < 0) { 342 perror("chown"); 343 goto fatal; 344 } 345 #endif 346 if (!(NewCrontab = fdopen(t, "r+"))) { 347 perror("fdopen"); 348 goto fatal; 349 } 350 351 Set_LineNum(1) 352 353 /* ignore the top few comments since we probably put them there. 354 */ 355 for (x = 0; x < NHEADER_LINES; x++) { 356 ch = get_char(f); 357 if (EOF == ch) 358 break; 359 if ('#' != ch) { 360 putc(ch, NewCrontab); 361 break; 362 } 363 while (EOF != (ch = get_char(f))) 364 if (ch == '\n') 365 break; 366 if (EOF == ch) 367 break; 368 } 369 370 /* copy the rest of the crontab (if any) to the temp file. 371 */ 372 if (EOF != ch) 373 while (EOF != (ch = get_char(f))) 374 putc(ch, NewCrontab); 375 fclose(f); 376 if (fflush(NewCrontab) < OK) { 377 perror(Filename); 378 exit(ERROR_EXIT); 379 } 380 (void)futimes(t, tv); 381 again: 382 rewind(NewCrontab); 383 if (ferror(NewCrontab)) { 384 fprintf(stderr, "%s: error while writing new crontab to %s\n", 385 ProgramName, Filename); 386 fatal: 387 unlink(Filename); 388 exit(ERROR_EXIT); 389 } 390 391 if (((editor = getenv("VISUAL")) == NULL || *editor == '\0') && 392 ((editor = getenv("EDITOR")) == NULL || *editor == '\0')) { 393 editor = EDITOR; 394 } 395 396 /* we still have the file open. editors will generally rewrite the 397 * original file rather than renaming/unlinking it and starting a 398 * new one; even backup files are supposed to be made by copying 399 * rather than by renaming. if some editor does not support this, 400 * then don't use it. the security problems are more severe if we 401 * close and reopen the file around the edit. 402 */ 403 404 switch (pid = fork()) { 405 case -1: 406 perror("fork"); 407 goto fatal; 408 case 0: 409 /* child */ 410 if (setgid(MY_GID(pw)) < 0) { 411 perror("setgid(getgid())"); 412 exit(ERROR_EXIT); 413 } 414 if (setuid(MY_UID(pw)) < 0) { 415 perror("setuid(getuid())"); 416 exit(ERROR_EXIT); 417 } 418 if (chdir(_PATH_TMP) < 0) { 419 perror(_PATH_TMP); 420 exit(ERROR_EXIT); 421 } 422 if (!glue_strings(q, sizeof q, editor, Filename, ' ')) { 423 fprintf(stderr, "%s: editor command line too long\n", 424 ProgramName); 425 exit(ERROR_EXIT); 426 } 427 execlp(_PATH_BSHELL, _PATH_BSHELL, "-c", q, (char *)NULL); 428 perror(editor); 429 exit(ERROR_EXIT); 430 /*NOTREACHED*/ 431 default: 432 /* parent */ 433 break; 434 } 435 436 /* parent */ 437 for (;;) { 438 xpid = waitpid(pid, &waiter, WUNTRACED); 439 if (xpid == -1) { 440 if (errno != EINTR) 441 fprintf(stderr, "%s: waitpid() failed waiting for PID %ld from \"%s\": %s\n", 442 ProgramName, (long)pid, editor, strerror(errno)); 443 } else if (xpid != pid) { 444 fprintf(stderr, "%s: wrong PID (%ld != %ld) from \"%s\"\n", 445 ProgramName, (long)xpid, (long)pid, editor); 446 goto fatal; 447 } else if (WIFSTOPPED(waiter)) { 448 raise(WSTOPSIG(waiter)); 449 } else if (WIFEXITED(waiter) && WEXITSTATUS(waiter)) { 450 fprintf(stderr, "%s: \"%s\" exited with status %d\n", 451 ProgramName, editor, WEXITSTATUS(waiter)); 452 goto fatal; 453 } else if (WIFSIGNALED(waiter)) { 454 fprintf(stderr, 455 "%s: \"%s\" killed; signal %d (%score dumped)\n", 456 ProgramName, editor, WTERMSIG(waiter), 457 WCOREDUMP(waiter) ?"" :"no "); 458 goto fatal; 459 } else 460 break; 461 } 462 (void)signal(SIGHUP, SIG_DFL); 463 (void)signal(SIGINT, SIG_DFL); 464 (void)signal(SIGQUIT, SIG_DFL); 465 if (fstat(t, &statbuf) < 0) { 466 perror("fstat"); 467 goto fatal; 468 } 469 if (timespeccmp(&mtimespec, &statbuf.st_mtimespec, -) == 0 && 470 size == statbuf.st_size) { 471 fprintf(stderr, "%s: no changes made to crontab\n", 472 ProgramName); 473 goto remove; 474 } 475 fprintf(stderr, "%s: installing new crontab\n", ProgramName); 476 switch (replace_cmd()) { 477 case 0: 478 break; 479 case -1: 480 for (;;) { 481 printf("Do you want to retry the same edit? "); 482 fflush(stdout); 483 q[0] = '\0'; 484 (void) fgets(q, sizeof q, stdin); 485 switch (islower(q[0]) ? q[0] : tolower(q[0])) { 486 case 'y': 487 goto again; 488 case 'n': 489 goto abandon; 490 default: 491 fprintf(stderr, "Enter Y or N\n"); 492 } 493 } 494 /*NOTREACHED*/ 495 case -2: 496 abandon: 497 fprintf(stderr, "%s: edits left in %s\n", 498 ProgramName, Filename); 499 goto done; 500 default: 501 fprintf(stderr, "%s: panic: bad switch() in replace_cmd()\n", 502 ProgramName); 503 goto fatal; 504 } 505 remove: 506 unlink(Filename); 507 done: 508 log_it(RealUser, Pid, "END EDIT", User); 509 } 510 511 512 /* returns 0 on success 513 * -1 on syntax error 514 * -2 on install error 515 */ 516 static int 517 replace_cmd(void) { 518 char n[MAX_FNAME], envstr[MAX_ENVSTR]; 519 FILE *tmp; 520 int ch, eof, fd; 521 int error = 0; 522 entry *e; 523 time_t now = time(NULL); 524 char **envp = env_init(); 525 struct stat sb; 526 527 if (envp == NULL) { 528 fprintf(stderr, "%s: Cannot allocate memory.\n", ProgramName); 529 return (-2); 530 } 531 if (!glue_strings(TempFilename, sizeof TempFilename, SPOOL_DIR, 532 "tmp.XXXXXXXXXX", '/')) { 533 TempFilename[0] = '\0'; 534 fprintf(stderr, "path too long\n"); 535 return (-2); 536 } 537 if ((fd = mkstemp(TempFilename)) == -1 || !(tmp = fdopen(fd, "w+"))) { 538 perror(TempFilename); 539 if (fd != -1) { 540 close(fd); 541 unlink(TempFilename); 542 } 543 TempFilename[0] = '\0'; 544 return (-2); 545 } 546 547 (void) signal(SIGHUP, clean_turds); 548 (void) signal(SIGINT, clean_turds); 549 (void) signal(SIGQUIT, clean_turds); 550 551 /* write a signature at the top of the file. 552 * 553 * VERY IMPORTANT: make sure NHEADER_LINES agrees with this code. 554 */ 555 fprintf(tmp, "# DO NOT EDIT THIS FILE - edit the master and reinstall.\n"); 556 fprintf(tmp, "# (%s installed on %-24.24s)\n", Filename, ctime(&now)); 557 fprintf(tmp, "# (Cron version -- %s)\n", rcsid); 558 559 /* copy the crontab to the tmp 560 */ 561 rewind(NewCrontab); 562 Set_LineNum(1) 563 while (EOF != (ch = get_char(NewCrontab))) 564 putc(ch, tmp); 565 ftruncate(fileno(tmp), ftell(tmp)); /* XXX redundant with "w+"? */ 566 fflush(tmp); rewind(tmp); 567 568 if (ferror(tmp)) { 569 fprintf(stderr, "%s: error while writing new crontab to %s\n", 570 ProgramName, TempFilename); 571 fclose(tmp); 572 error = -2; 573 goto done; 574 } 575 576 /* check the syntax of the file being installed. 577 */ 578 579 /* BUG: was reporting errors after the EOF if there were any errors 580 * in the file proper -- kludged it by stopping after first error. 581 * vix 31mar87 582 */ 583 Set_LineNum(1 - NHEADER_LINES) 584 CheckErrorCount = 0; eof = FALSE; 585 while (!CheckErrorCount && !eof) { 586 switch (load_env(envstr, tmp)) { 587 case ERR: 588 eof = TRUE; 589 break; 590 case FALSE: 591 e = load_entry(tmp, check_error, pw, envp); 592 if (e) 593 free(e); 594 break; 595 case TRUE: 596 break; 597 } 598 } 599 600 if (CheckErrorCount != 0) { 601 fprintf(stderr, "errors in crontab file, can't install.\n"); 602 fclose(tmp); 603 error = -1; 604 goto done; 605 } 606 607 if (fstat(fileno(tmp), &sb)) 608 sb.st_gid = -1; 609 610 #ifdef HAS_FCHOWN 611 if (fchown(fileno(tmp), ROOT_UID, sb.st_gid) < OK) { 612 perror("fchown"); 613 fclose(tmp); 614 error = -2; 615 goto done; 616 } 617 #else 618 if (chown(TempFilename, ROOT_UID, sb.st_gid) < OK) { 619 perror("chown"); 620 fclose(tmp); 621 error = -2; 622 goto done; 623 } 624 #endif 625 626 #ifdef HAS_FCHMOD 627 if (fchmod(fileno(tmp), 0600) < OK) { 628 perror("fchmod"); 629 fclose(tmp); 630 error = -2; 631 goto done; 632 } 633 #else 634 if (chmod(TempFilename, 0600) < OK) { 635 perror("chmod"); 636 fclose(tmp); 637 error = -2; 638 goto done; 639 } 640 #endif 641 642 if (fclose(tmp) == EOF) { 643 perror("fclose"); 644 error = -2; 645 goto done; 646 } 647 648 if (!glue_strings(n, sizeof n, SPOOL_DIR, User, '/')) { 649 fprintf(stderr, "path too long\n"); 650 error = -2; 651 goto done; 652 } 653 if (rename(TempFilename, n)) { 654 fprintf(stderr, "%s: error renaming %s to %s\n", 655 ProgramName, TempFilename, n); 656 perror("rename"); 657 error = -2; 658 goto done; 659 } 660 TempFilename[0] = '\0'; 661 log_it(RealUser, Pid, "REPLACE", User); 662 663 poke_daemon(); 664 665 done: 666 (void) signal(SIGHUP, SIG_DFL); 667 (void) signal(SIGINT, SIG_DFL); 668 (void) signal(SIGQUIT, SIG_DFL); 669 if (TempFilename[0]) { 670 (void) unlink(TempFilename); 671 TempFilename[0] = '\0'; 672 } 673 return (error); 674 } 675 676 static void 677 poke_daemon() { 678 char pidfile[MAX_FNAME]; 679 PID_T pid; 680 FILE *fp; 681 682 if (utime(SPOOL_DIR, NULL) < OK) { 683 fprintf(stderr, "crontab: can't update mtime on spooldir\n"); 684 perror(SPOOL_DIR); 685 return; 686 } 687 if (glue_strings(pidfile, sizeof pidfile, PIDDIR, PIDFILE, '/')) { 688 if ((fp = fopen(pidfile, "r")) && 689 fscanf(fp, "%d", &pid) == 1) 690 kill(pid, SIGUSR1); 691 } 692 } 693 694 static void 695 clean_turds(signo) 696 int signo; 697 { 698 int save_errno = errno; 699 700 if (TempFilename[0]) 701 (void) unlink(TempFilename); 702 if (signo) { 703 (void) signal(signo, SIG_DFL); 704 (void) raise(signo); 705 } 706 errno = save_errno; 707 } 708