1 /* $OpenBSD: crontab.c,v 1.43 2003/07/30 20:20:01 millert Exp $ */ 2 3 /* Copyright 1988,1990,1993,1994 by Paul Vixie 4 * All rights reserved 5 */ 6 7 /* 8 * Copyright (c) 1997,2000 by Internet Software Consortium, Inc. 9 * 10 * Permission to use, copy, modify, and distribute this software for any 11 * purpose with or without fee is hereby granted, provided that the above 12 * copyright notice and this permission notice appear in all copies. 13 * 14 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS 15 * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE 17 * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL 18 * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR 19 * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS 20 * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS 21 * SOFTWARE. 22 */ 23 24 #if !defined(lint) && !defined(LINT) 25 static char const rcsid[] = "$OpenBSD: crontab.c,v 1.43 2003/07/30 20:20:01 millert Exp $"; 26 #endif 27 28 /* crontab - install and manage per-user crontab files 29 * vix 02may87 [RCS has the rest of the log] 30 * vix 26jan87 [original] 31 */ 32 33 #define MAIN_PROGRAM 34 35 #include "cron.h" 36 37 #define NHEADER_LINES 3 38 39 enum opt_t { opt_unknown, opt_list, opt_delete, opt_edit, opt_replace }; 40 41 #if DEBUGGING 42 static char *Options[] = { "???", "list", "delete", "edit", "replace" }; 43 static char *getoptargs = "u:lerx:"; 44 #else 45 static char *getoptargs = "u:ler"; 46 #endif 47 48 static PID_T Pid; 49 static char User[MAX_UNAME], RealUser[MAX_UNAME]; 50 static char Filename[MAX_FNAME], TempFilename[MAX_FNAME]; 51 static FILE *NewCrontab; 52 static int CheckErrorCount; 53 static enum opt_t Option; 54 static struct passwd *pw; 55 static void list_cmd(void), 56 delete_cmd(void), 57 edit_cmd(void), 58 check_error(const char *), 59 parse_args(int c, char *v[]), 60 die(int); 61 static int replace_cmd(void); 62 63 static void 64 usage(const char *msg) { 65 fprintf(stderr, "%s: usage error: %s\n", ProgramName, msg); 66 fprintf(stderr, "usage:\t%s [-u user] file\n", ProgramName); 67 fprintf(stderr, "\t%s [-u user] [ -e | -l | -r ]\n", ProgramName); 68 fprintf(stderr, "\t\t(default operation is replace, per 1003.2)\n"); 69 fprintf(stderr, "\t-e\t(edit user's crontab)\n"); 70 fprintf(stderr, "\t-l\t(list user's crontab)\n"); 71 fprintf(stderr, "\t-r\t(delete user's crontab)\n"); 72 exit(ERROR_EXIT); 73 } 74 75 int 76 main(int argc, char *argv[]) { 77 int exitstatus; 78 79 Pid = getpid(); 80 ProgramName = argv[0]; 81 82 setlocale(LC_ALL, ""); 83 84 #if defined(BSD) 85 setlinebuf(stderr); 86 #endif 87 parse_args(argc, argv); /* sets many globals, opens a file */ 88 set_cron_cwd(); 89 if (!allowed(RealUser, CRON_ALLOW, CRON_DENY)) { 90 fprintf(stderr, 91 "You (%s) are not allowed to use this program (%s)\n", 92 User, ProgramName); 93 fprintf(stderr, "See crontab(1) for more information\n"); 94 log_it(RealUser, Pid, "AUTH", "crontab command not allowed"); 95 exit(ERROR_EXIT); 96 } 97 exitstatus = OK_EXIT; 98 switch (Option) { 99 case opt_list: 100 list_cmd(); 101 break; 102 case opt_delete: 103 delete_cmd(); 104 break; 105 case opt_edit: 106 edit_cmd(); 107 break; 108 case opt_replace: 109 if (replace_cmd() < 0) 110 exitstatus = ERROR_EXIT; 111 break; 112 default: 113 exitstatus = ERROR_EXIT; 114 break; 115 } 116 exit(exitstatus); 117 /*NOTREACHED*/ 118 } 119 120 static void 121 parse_args(int argc, char *argv[]) { 122 int argch; 123 124 if (!(pw = getpwuid(getuid()))) { 125 fprintf(stderr, "%s: your UID isn't in the passwd file.\n", 126 ProgramName); 127 fprintf(stderr, "bailing out.\n"); 128 exit(ERROR_EXIT); 129 } 130 if (strlen(pw->pw_name) >= sizeof User) { 131 fprintf(stderr, "username too long\n"); 132 exit(ERROR_EXIT); 133 } 134 strlcpy(User, pw->pw_name, sizeof(User)); 135 strlcpy(RealUser, User, sizeof(RealUser)); 136 Filename[0] = '\0'; 137 Option = opt_unknown; 138 while (-1 != (argch = getopt(argc, argv, getoptargs))) { 139 switch (argch) { 140 #if DEBUGGING 141 case 'x': 142 if (!set_debug_flags(optarg)) 143 usage("bad debug option"); 144 break; 145 #endif 146 case 'u': 147 if (MY_UID(pw) != ROOT_UID) { 148 fprintf(stderr, 149 "must be privileged to use -u\n"); 150 exit(ERROR_EXIT); 151 } 152 if (!(pw = getpwnam(optarg))) { 153 fprintf(stderr, "%s: user `%s' unknown\n", 154 ProgramName, optarg); 155 exit(ERROR_EXIT); 156 } 157 if (strlcpy(User, optarg, sizeof User) >= sizeof User) 158 usage("username too long"); 159 break; 160 case 'l': 161 if (Option != opt_unknown) 162 usage("only one operation permitted"); 163 Option = opt_list; 164 break; 165 case 'r': 166 if (Option != opt_unknown) 167 usage("only one operation permitted"); 168 Option = opt_delete; 169 break; 170 case 'e': 171 if (Option != opt_unknown) 172 usage("only one operation permitted"); 173 Option = opt_edit; 174 break; 175 default: 176 usage("unrecognized option"); 177 } 178 } 179 180 endpwent(); 181 182 if (Option != opt_unknown) { 183 if (argv[optind] != NULL) 184 usage("no arguments permitted after this option"); 185 } else { 186 if (argv[optind] != NULL) { 187 Option = opt_replace; 188 if (strlcpy(Filename, argv[optind], sizeof Filename) 189 >= sizeof Filename) 190 usage("filename too long"); 191 } else 192 usage("file name must be specified for replace"); 193 } 194 195 if (Option == opt_replace) { 196 /* we have to open the file here because we're going to 197 * chdir(2) into /var/cron before we get around to 198 * reading the file. 199 */ 200 if (!strcmp(Filename, "-")) 201 NewCrontab = stdin; 202 else { 203 /* relinquish the setgid status of the binary during 204 * the open, lest nonroot users read files they should 205 * not be able to read. we can't use access() here 206 * since there's a race condition. thanks go out to 207 * Arnt Gulbrandsen <agulbra@pvv.unit.no> for spotting 208 * the race. 209 */ 210 211 if (swap_gids() < OK) { 212 perror("swapping gids"); 213 exit(ERROR_EXIT); 214 } 215 if (!(NewCrontab = fopen(Filename, "r"))) { 216 perror(Filename); 217 exit(ERROR_EXIT); 218 } 219 if (swap_gids_back() < OK) { 220 perror("swapping gids back"); 221 exit(ERROR_EXIT); 222 } 223 } 224 } 225 226 Debug(DMISC, ("user=%s, file=%s, option=%s\n", 227 User, Filename, Options[(int)Option])) 228 } 229 230 static void 231 list_cmd(void) { 232 char n[MAX_FNAME]; 233 FILE *f; 234 int ch; 235 236 log_it(RealUser, Pid, "LIST", User); 237 if (!glue_strings(n, sizeof n, SPOOL_DIR, User, '/')) { 238 fprintf(stderr, "path too long\n"); 239 exit(ERROR_EXIT); 240 } 241 if (!(f = fopen(n, "r"))) { 242 if (errno == ENOENT) 243 fprintf(stderr, "no crontab for %s\n", User); 244 else 245 perror(n); 246 exit(ERROR_EXIT); 247 } 248 249 /* file is open. copy to stdout, close. 250 */ 251 Set_LineNum(1) 252 while (EOF != (ch = get_char(f))) 253 putchar(ch); 254 fclose(f); 255 } 256 257 static void 258 delete_cmd(void) { 259 char n[MAX_FNAME]; 260 261 log_it(RealUser, Pid, "DELETE", User); 262 if (!glue_strings(n, sizeof n, SPOOL_DIR, User, '/')) { 263 fprintf(stderr, "path too long\n"); 264 exit(ERROR_EXIT); 265 } 266 if (unlink(n) != 0) { 267 if (errno == ENOENT) 268 fprintf(stderr, "no crontab for %s\n", User); 269 else 270 perror(n); 271 exit(ERROR_EXIT); 272 } 273 poke_daemon(SPOOL_DIR, RELOAD_CRON); 274 } 275 276 static void 277 check_error(const char *msg) { 278 CheckErrorCount++; 279 fprintf(stderr, "\"%s\":%d: %s\n", Filename, LineNumber-1, msg); 280 } 281 282 static void 283 edit_cmd(void) { 284 char n[MAX_FNAME], q[MAX_TEMPSTR], *editor; 285 FILE *f; 286 int ch, t, x; 287 struct stat statbuf; 288 struct timespec mtimespec; 289 struct timeval tv[2]; 290 WAIT_T waiter; 291 PID_T pid, xpid; 292 293 log_it(RealUser, Pid, "BEGIN EDIT", User); 294 if (!glue_strings(n, sizeof n, SPOOL_DIR, User, '/')) { 295 fprintf(stderr, "path too long\n"); 296 exit(ERROR_EXIT); 297 } 298 if (!(f = fopen(n, "r"))) { 299 if (errno != ENOENT) { 300 perror(n); 301 exit(ERROR_EXIT); 302 } 303 fprintf(stderr, "no crontab for %s - using an empty one\n", 304 User); 305 if (!(f = fopen(_PATH_DEVNULL, "r"))) { 306 perror(_PATH_DEVNULL); 307 exit(ERROR_EXIT); 308 } 309 } 310 311 if (fstat(fileno(f), &statbuf) < 0) { 312 perror("fstat"); 313 goto fatal; 314 } 315 memcpy(&mtimespec, &statbuf.st_mtimespec, sizeof(mtimespec)); 316 TIMESPEC_TO_TIMEVAL(&tv[0], &statbuf.st_atimespec); 317 TIMESPEC_TO_TIMEVAL(&tv[1], &statbuf.st_mtimespec); 318 319 /* Turn off signals. */ 320 (void)signal(SIGHUP, SIG_IGN); 321 (void)signal(SIGINT, SIG_IGN); 322 (void)signal(SIGQUIT, SIG_IGN); 323 324 if (!glue_strings(Filename, sizeof Filename, _PATH_TMP, 325 "crontab.XXXXXXXXXX", '/')) { 326 fprintf(stderr, "path too long\n"); 327 goto fatal; 328 } 329 if (-1 == (t = mkstemp(Filename))) { 330 perror(Filename); 331 goto fatal; 332 } 333 if (!(NewCrontab = fdopen(t, "r+"))) { 334 perror("fdopen"); 335 goto fatal; 336 } 337 338 Set_LineNum(1) 339 340 /* ignore the top few comments since we probably put them there. 341 */ 342 x = 0; 343 while (EOF != (ch = get_char(f))) { 344 if ('#' != ch) { 345 putc(ch, NewCrontab); 346 break; 347 } 348 while (EOF != (ch = get_char(f))) 349 if (ch == '\n') 350 break; 351 if (++x >= NHEADER_LINES) 352 break; 353 } 354 355 /* copy the rest of the crontab (if any) to the temp file. 356 */ 357 if (EOF != ch) 358 while (EOF != (ch = get_char(f))) 359 putc(ch, NewCrontab); 360 fclose(f); 361 if (fflush(NewCrontab) < OK) { 362 perror(Filename); 363 exit(ERROR_EXIT); 364 } 365 (void)futimes(t, tv); 366 again: 367 rewind(NewCrontab); 368 if (ferror(NewCrontab)) { 369 fprintf(stderr, "%s: error while writing new crontab to %s\n", 370 ProgramName, Filename); 371 fatal: 372 unlink(Filename); 373 exit(ERROR_EXIT); 374 } 375 376 if (((editor = getenv("VISUAL")) == NULL || *editor == '\0') && 377 ((editor = getenv("EDITOR")) == NULL || *editor == '\0')) { 378 editor = EDITOR; 379 } 380 381 /* we still have the file open. editors will generally rewrite the 382 * original file rather than renaming/unlinking it and starting a 383 * new one; even backup files are supposed to be made by copying 384 * rather than by renaming. if some editor does not support this, 385 * then don't use it. the security problems are more severe if we 386 * close and reopen the file around the edit. 387 */ 388 389 switch (pid = fork()) { 390 case -1: 391 perror("fork"); 392 goto fatal; 393 case 0: 394 /* child */ 395 if (setgid(MY_GID(pw)) < 0) { 396 perror("setgid(getgid())"); 397 exit(ERROR_EXIT); 398 } 399 if (chdir(_PATH_TMP) < 0) { 400 perror(_PATH_TMP); 401 exit(ERROR_EXIT); 402 } 403 if (!glue_strings(q, sizeof q, editor, Filename, ' ')) { 404 fprintf(stderr, "%s: editor command line too long\n", 405 ProgramName); 406 exit(ERROR_EXIT); 407 } 408 execlp(_PATH_BSHELL, _PATH_BSHELL, "-c", q, (char *)NULL); 409 perror(editor); 410 exit(ERROR_EXIT); 411 /*NOTREACHED*/ 412 default: 413 /* parent */ 414 break; 415 } 416 417 /* parent */ 418 for (;;) { 419 xpid = waitpid(pid, &waiter, WUNTRACED); 420 if (xpid == -1) { 421 if (errno != EINTR) 422 fprintf(stderr, "%s: waitpid() failed waiting for PID %ld from \"%s\": %s\n", 423 ProgramName, (long)pid, editor, strerror(errno)); 424 } else if (xpid != pid) { 425 fprintf(stderr, "%s: wrong PID (%ld != %ld) from \"%s\"\n", 426 ProgramName, (long)xpid, (long)pid, editor); 427 goto fatal; 428 } else if (WIFSTOPPED(waiter)) { 429 kill(getpid(), WSTOPSIG(waiter)); 430 } else if (WIFEXITED(waiter) && WEXITSTATUS(waiter)) { 431 fprintf(stderr, "%s: \"%s\" exited with status %d\n", 432 ProgramName, editor, WEXITSTATUS(waiter)); 433 goto fatal; 434 } else if (WIFSIGNALED(waiter)) { 435 fprintf(stderr, 436 "%s: \"%s\" killed; signal %d (%score dumped)\n", 437 ProgramName, editor, WTERMSIG(waiter), 438 WCOREDUMP(waiter) ?"" :"no "); 439 goto fatal; 440 } else 441 break; 442 } 443 (void)signal(SIGHUP, SIG_DFL); 444 (void)signal(SIGINT, SIG_DFL); 445 (void)signal(SIGQUIT, SIG_DFL); 446 if (fstat(t, &statbuf) < 0) { 447 perror("fstat"); 448 goto fatal; 449 } 450 if (timespeccmp(&mtimespec, &statbuf.st_mtimespec, -) == 0) { 451 fprintf(stderr, "%s: no changes made to crontab\n", 452 ProgramName); 453 goto remove; 454 } 455 fprintf(stderr, "%s: installing new crontab\n", ProgramName); 456 switch (replace_cmd()) { 457 case 0: 458 break; 459 case -1: 460 for (;;) { 461 printf("Do you want to retry the same edit? "); 462 fflush(stdout); 463 q[0] = '\0'; 464 (void) fgets(q, sizeof q, stdin); 465 switch (q[0]) { 466 case 'y': 467 case 'Y': 468 goto again; 469 case 'n': 470 case 'N': 471 goto abandon; 472 default: 473 fprintf(stderr, "Enter Y or N\n"); 474 } 475 } 476 /*NOTREACHED*/ 477 case -2: 478 abandon: 479 fprintf(stderr, "%s: edits left in %s\n", 480 ProgramName, Filename); 481 goto done; 482 default: 483 fprintf(stderr, "%s: panic: bad switch() in replace_cmd()\n", 484 ProgramName); 485 goto fatal; 486 } 487 remove: 488 unlink(Filename); 489 done: 490 log_it(RealUser, Pid, "END EDIT", User); 491 } 492 493 /* returns 0 on success 494 * -1 on syntax error 495 * -2 on install error 496 */ 497 static int 498 replace_cmd(void) { 499 char n[MAX_FNAME], envstr[MAX_ENVSTR]; 500 FILE *tmp; 501 int ch, eof, fd; 502 int error = 0; 503 entry *e; 504 time_t now = time(NULL); 505 char **envp = env_init(); 506 507 if (envp == NULL) { 508 fprintf(stderr, "%s: Cannot allocate memory.\n", ProgramName); 509 return (-2); 510 } 511 if (!glue_strings(TempFilename, sizeof TempFilename, SPOOL_DIR, 512 "tmp.XXXXXXXXXX", '/')) { 513 TempFilename[0] = '\0'; 514 fprintf(stderr, "path too long\n"); 515 return (-2); 516 } 517 if ((fd = mkstemp(TempFilename)) == -1 || !(tmp = fdopen(fd, "w+"))) { 518 perror(TempFilename); 519 if (fd != -1) { 520 close(fd); 521 unlink(TempFilename); 522 } 523 TempFilename[0] = '\0'; 524 return (-2); 525 } 526 527 (void) signal(SIGHUP, die); 528 (void) signal(SIGINT, die); 529 (void) signal(SIGQUIT, die); 530 531 /* write a signature at the top of the file. 532 * 533 * VERY IMPORTANT: make sure NHEADER_LINES agrees with this code. 534 */ 535 fprintf(tmp, "# DO NOT EDIT THIS FILE - edit the master and reinstall.\n"); 536 fprintf(tmp, "# (%s installed on %-24.24s)\n", Filename, ctime(&now)); 537 fprintf(tmp, "# (Cron version %s -- %s)\n", CRON_VERSION, rcsid); 538 539 /* copy the crontab to the tmp 540 */ 541 rewind(NewCrontab); 542 Set_LineNum(1) 543 while (EOF != (ch = get_char(NewCrontab))) 544 putc(ch, tmp); 545 ftruncate(fileno(tmp), ftell(tmp)); /* XXX redundant with "w+"? */ 546 fflush(tmp); rewind(tmp); 547 548 if (ferror(tmp)) { 549 fprintf(stderr, "%s: error while writing new crontab to %s\n", 550 ProgramName, TempFilename); 551 fclose(tmp); 552 error = -2; 553 goto done; 554 } 555 556 /* check the syntax of the file being installed. 557 */ 558 559 /* BUG: was reporting errors after the EOF if there were any errors 560 * in the file proper -- kludged it by stopping after first error. 561 * vix 31mar87 562 */ 563 Set_LineNum(1 - NHEADER_LINES) 564 CheckErrorCount = 0; eof = FALSE; 565 while (!CheckErrorCount && !eof) { 566 switch (load_env(envstr, tmp)) { 567 case ERR: 568 /* check for data before the EOF */ 569 if (envstr[0] != '\0') { 570 Set_LineNum(LineNumber + 1); 571 check_error("premature EOF"); 572 } 573 eof = TRUE; 574 break; 575 case FALSE: 576 e = load_entry(tmp, check_error, pw, envp); 577 if (e) 578 free(e); 579 break; 580 case TRUE: 581 break; 582 } 583 } 584 585 if (CheckErrorCount != 0) { 586 fprintf(stderr, "errors in crontab file, can't install.\n"); 587 fclose(tmp); 588 error = -1; 589 goto done; 590 } 591 592 #ifdef HAVE_FCHOWN 593 if (fchown(fileno(tmp), pw->pw_uid, -1) < OK) { 594 perror("fchown"); 595 fclose(tmp); 596 error = -2; 597 goto done; 598 } 599 #else 600 if (chown(TempFilename, pw->pw_uid, -1) < OK) { 601 perror("chown"); 602 fclose(tmp); 603 error = -2; 604 goto done; 605 } 606 #endif 607 608 if (fclose(tmp) == EOF) { 609 perror("fclose"); 610 error = -2; 611 goto done; 612 } 613 614 if (!glue_strings(n, sizeof n, SPOOL_DIR, User, '/')) { 615 fprintf(stderr, "path too long\n"); 616 error = -2; 617 goto done; 618 } 619 if (rename(TempFilename, n)) { 620 fprintf(stderr, "%s: error renaming %s to %s\n", 621 ProgramName, TempFilename, n); 622 perror("rename"); 623 error = -2; 624 goto done; 625 } 626 TempFilename[0] = '\0'; 627 log_it(RealUser, Pid, "REPLACE", User); 628 629 poke_daemon(SPOOL_DIR, RELOAD_CRON); 630 631 done: 632 (void) signal(SIGHUP, SIG_DFL); 633 (void) signal(SIGINT, SIG_DFL); 634 (void) signal(SIGQUIT, SIG_DFL); 635 if (TempFilename[0]) { 636 (void) unlink(TempFilename); 637 TempFilename[0] = '\0'; 638 } 639 return (error); 640 } 641 642 static void 643 die(int x) { 644 if (TempFilename[0]) 645 (void) unlink(TempFilename); 646 _exit(ERROR_EXIT); 647 } 648