1 /* $OpenBSD: database.c,v 1.17 2007/03/28 16:49:25 millert Exp $ */ 2 3 /* Copyright 1988,1990,1993,1994 by Paul Vixie 4 * All rights reserved 5 */ 6 7 /* 8 * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC") 9 * Copyright (c) 1997,2000 by Internet Software Consortium, Inc. 10 * 11 * Permission to use, copy, modify, and distribute this software for any 12 * purpose with or without fee is hereby granted, provided that the above 13 * copyright notice and this permission notice appear in all copies. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES 16 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 17 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR 18 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 19 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 20 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT 21 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 22 */ 23 24 #if !defined(lint) && !defined(LINT) 25 static char const rcsid[] = "$OpenBSD: database.c,v 1.17 2007/03/28 16:49:25 millert Exp $"; 26 #endif 27 28 /* vix 26jan87 [RCS has the log] 29 */ 30 31 #include "cron.h" 32 33 #define HASH(a,b) ((a)+(b)) 34 35 static void process_crontab(const char *, const char *, 36 const char *, struct stat *, 37 cron_db *, cron_db *); 38 39 void 40 load_database(cron_db *old_db) { 41 struct stat statbuf, syscron_stat; 42 cron_db new_db; 43 DIR_T *dp; 44 DIR *dir; 45 user *u, *nu; 46 47 Debug(DLOAD, ("[%ld] load_database()\n", (long)getpid())) 48 49 /* before we start loading any data, do a stat on SPOOL_DIR 50 * so that if anything changes as of this moment (i.e., before we've 51 * cached any of the database), we'll see the changes next time. 52 */ 53 if (stat(SPOOL_DIR, &statbuf) < OK) { 54 log_it("CRON", getpid(), "STAT FAILED", SPOOL_DIR); 55 (void) exit(ERROR_EXIT); 56 } 57 58 /* track system crontab file 59 */ 60 if (stat(SYSCRONTAB, &syscron_stat) < OK) 61 syscron_stat.st_mtime = 0; 62 63 /* if spooldir's mtime has not changed, we don't need to fiddle with 64 * the database. 65 * 66 * Note that old_db->mtime is initialized to 0 in main(), and 67 * so is guaranteed to be different than the stat() mtime the first 68 * time this function is called. 69 */ 70 if (old_db->mtime == HASH(statbuf.st_mtime, syscron_stat.st_mtime)) { 71 Debug(DLOAD, ("[%ld] spool dir mtime unch, no load needed.\n", 72 (long)getpid())) 73 return; 74 } 75 76 /* something's different. make a new database, moving unchanged 77 * elements from the old database, reloading elements that have 78 * actually changed. Whatever is left in the old database when 79 * we're done is chaff -- crontabs that disappeared. 80 */ 81 new_db.mtime = HASH(statbuf.st_mtime, syscron_stat.st_mtime); 82 new_db.head = new_db.tail = NULL; 83 84 if (syscron_stat.st_mtime) { 85 process_crontab(ROOT_USER, NULL, SYSCRONTAB, &syscron_stat, 86 &new_db, old_db); 87 } 88 89 /* we used to keep this dir open all the time, for the sake of 90 * efficiency. however, we need to close it in every fork, and 91 * we fork a lot more often than the mtime of the dir changes. 92 */ 93 if (!(dir = opendir(SPOOL_DIR))) { 94 log_it("CRON", getpid(), "OPENDIR FAILED", SPOOL_DIR); 95 (void) exit(ERROR_EXIT); 96 } 97 98 while (NULL != (dp = readdir(dir))) { 99 char fname[MAXNAMLEN+1], tabname[MAXNAMLEN]; 100 101 /* avoid file names beginning with ".". this is good 102 * because we would otherwise waste two guaranteed calls 103 * to getpwnam() for . and .., and also because user names 104 * starting with a period are just too nasty to consider. 105 */ 106 if (dp->d_name[0] == '.') 107 continue; 108 109 if (strlcpy(fname, dp->d_name, sizeof fname) >= sizeof fname) 110 continue; /* XXX log? */ 111 112 if (snprintf(tabname, sizeof tabname, "%s/%s", SPOOL_DIR, fname) >= 113 sizeof(tabname)) 114 continue; /* XXX log? */ 115 116 process_crontab(fname, fname, tabname, 117 &statbuf, &new_db, old_db); 118 } 119 closedir(dir); 120 121 /* if we don't do this, then when our children eventually call 122 * getpwnam() in do_command.c's child_process to verify MAILTO=, 123 * they will screw us up (and v-v). 124 */ 125 endpwent(); 126 127 /* whatever's left in the old database is now junk. 128 */ 129 Debug(DLOAD, ("unlinking old database:\n")) 130 for (u = old_db->head; u != NULL; u = nu) { 131 Debug(DLOAD, ("\t%s\n", u->name)) 132 nu = u->next; 133 unlink_user(old_db, u); 134 free_user(u); 135 } 136 137 /* overwrite the database control block with the new one. 138 */ 139 *old_db = new_db; 140 Debug(DLOAD, ("load_database is done\n")) 141 } 142 143 void 144 link_user(cron_db *db, user *u) { 145 if (db->head == NULL) 146 db->head = u; 147 if (db->tail) 148 db->tail->next = u; 149 u->prev = db->tail; 150 u->next = NULL; 151 db->tail = u; 152 } 153 154 void 155 unlink_user(cron_db *db, user *u) { 156 if (u->prev == NULL) 157 db->head = u->next; 158 else 159 u->prev->next = u->next; 160 161 if (u->next == NULL) 162 db->tail = u->prev; 163 else 164 u->next->prev = u->prev; 165 } 166 167 user * 168 find_user(cron_db *db, const char *name) { 169 user *u; 170 171 for (u = db->head; u != NULL; u = u->next) 172 if (strcmp(u->name, name) == 0) 173 break; 174 return (u); 175 } 176 177 static void 178 process_crontab(const char *uname, const char *fname, const char *tabname, 179 struct stat *statbuf, cron_db *new_db, cron_db *old_db) 180 { 181 struct passwd *pw = NULL; 182 int crontab_fd = OK - 1; 183 user *u; 184 185 if (fname == NULL) { 186 /* must be set to something for logging purposes. 187 */ 188 fname = "*system*"; 189 } else if ((pw = getpwnam(uname)) == NULL) { 190 /* file doesn't have a user in passwd file. 191 */ 192 log_it(fname, getpid(), "ORPHAN", "no passwd entry"); 193 goto next_crontab; 194 } 195 196 if ((crontab_fd = open(tabname, O_RDONLY|O_NONBLOCK|O_NOFOLLOW, 0)) < OK) { 197 /* crontab not accessible? 198 */ 199 log_it(fname, getpid(), "CAN'T OPEN", tabname); 200 goto next_crontab; 201 } 202 203 if (fstat(crontab_fd, statbuf) < OK) { 204 log_it(fname, getpid(), "FSTAT FAILED", tabname); 205 goto next_crontab; 206 } 207 if (!S_ISREG(statbuf->st_mode)) { 208 log_it(fname, getpid(), "NOT REGULAR", tabname); 209 goto next_crontab; 210 } 211 if ((statbuf->st_mode & 07577) != 0400) { 212 /* Looser permissions on system crontab. */ 213 if (pw != NULL || (statbuf->st_mode & 022) != 0) { 214 log_it(fname, getpid(), "BAD FILE MODE", tabname); 215 goto next_crontab; 216 } 217 } 218 if (statbuf->st_uid != ROOT_UID && (pw == NULL || 219 statbuf->st_uid != pw->pw_uid || strcmp(uname, pw->pw_name) != 0)) { 220 log_it(fname, getpid(), "WRONG FILE OWNER", tabname); 221 goto next_crontab; 222 } 223 if (pw != NULL && statbuf->st_nlink != 1) { 224 log_it(fname, getpid(), "BAD LINK COUNT", tabname); 225 goto next_crontab; 226 } 227 228 Debug(DLOAD, ("\t%s:", fname)) 229 u = find_user(old_db, fname); 230 if (u != NULL) { 231 /* if crontab has not changed since we last read it 232 * in, then we can just use our existing entry. 233 */ 234 if (u->mtime == statbuf->st_mtime) { 235 Debug(DLOAD, (" [no change, using old data]")) 236 unlink_user(old_db, u); 237 link_user(new_db, u); 238 goto next_crontab; 239 } 240 241 /* before we fall through to the code that will reload 242 * the user, let's deallocate and unlink the user in 243 * the old database. This is more a point of memory 244 * efficiency than anything else, since all leftover 245 * users will be deleted from the old database when 246 * we finish with the crontab... 247 */ 248 Debug(DLOAD, (" [delete old data]")) 249 unlink_user(old_db, u); 250 free_user(u); 251 log_it(fname, getpid(), "RELOAD", tabname); 252 } 253 u = load_user(crontab_fd, pw, fname); 254 if (u != NULL) { 255 u->mtime = statbuf->st_mtime; 256 link_user(new_db, u); 257 } 258 259 next_crontab: 260 if (crontab_fd >= OK) { 261 Debug(DLOAD, (" [done]\n")) 262 close(crontab_fd); 263 } 264 } 265