xref: /plan9/sys/src/cmd/auth/cron.c (revision 4377bcc77cf349d5aeb8afff427e607ef3654aab)

#include <u.h>
#include <libc.h>
#include <bio.h>
#include <libsec.h>
#include <auth.h>
#include "authcmdlib.h"

char CRONLOG[] = "cron";

enum {
	Minute = 60,
	Hour = 60 * Minute,
	Day = 24 * Hour,
};

typedef struct Job	Job;
typedef struct Time	Time;
typedef struct User	User;

struct Time{			/* bit masks for each valid time */
	uvlong	min;
	ulong	hour;
	ulong	mday;
	ulong	wday;
	ulong	mon;
};

struct Job{
	char	*host;		/* where ... */
	Time	time;			/* when ... */
	char	*cmd;			/* and what to execute */
	Job	*next;
};

struct User{
	Qid	lastqid;			/* of last read /cron/user/cron */
	char	*name;			/* who ... */
	Job	*jobs;			/* wants to execute these jobs */
};

User	*users;
int	nuser;
int	maxuser;
char	*savec;
char	*savetok;
int	tok;
int	debug;
ulong	lexval;

void	rexec(User*, Job*);
void	readalljobs(void);
Job	*readjobs(char*, User*);
int	getname(char**);
uvlong	gettime(int, int);
int	gettok(int, int);
void	initcap(void);
void	pushtok(void);
void	usage(void);
void	freejobs(Job*);
User	*newuser(char*);
void	*emalloc(ulong);
void	*erealloc(void*, ulong);
int	myauth(int, char*);
void	createuser(void);
int	mkcmd(char*, char*, int);
void	printjobs(void);
int	qidcmp(Qid, Qid);
int	becomeuser(char*);

ulong
minute(ulong tm)
{
	return tm - tm%Minute;		/* round down to the minute */
}

int
sleepuntil(ulong tm)
{
	ulong now = time(0);

	if (now < tm)
		return sleep((tm - now)*1000);
	else
		return 0;
}

#pragma varargck	argpos clog 1
#pragma varargck	argpos fatal 1

static void
clog(char *fmt, ...)
{
	char msg[256];
	va_list arg;

	va_start(arg, fmt);
	vseprint(msg, msg + sizeof msg, fmt, arg);
	va_end(arg);
	syslog(0, CRONLOG, msg);
}

static void
fatal(char *fmt, ...)
{
	char msg[256];
	va_list arg;

	va_start(arg, fmt);
	vseprint(msg, msg + sizeof msg, fmt, arg);
	va_end(arg);
	clog("%s", msg);
	error("%s", msg);
}

static int
openlock(char *file)
{
	return create(file, ORDWR, 0600);
}

static int
mklock(char *file)
{
	int fd, try;
	Dir *dir;

	fd = openlock(file);
	if (fd >= 0) {
		/* make it a lock file if it wasn't */
		dir = dirfstat(fd);
		if (dir == nil)
			error("%s vanished: %r", file);
		dir->mode |= DMEXCL;
		dir->qid.type |= QTEXCL;
		dirfwstat(fd, dir);
		free(dir);

		/* reopen in case it wasn't a lock file at last open */
		close(fd);
	}
	for (try = 0; try < 65 && (fd = openlock(file)) < 0; try++)
		sleep(10*1000);
	return fd;
}

void
main(int argc, char *argv[])
{
	Job *j;
	Tm tm;
	Time t;
	ulong now, last;		/* in seconds */
	int i, lock;

	debug = 0;
	ARGBEGIN{
	case 'c':
		createuser();
		exits(0);
	case 'd':
		debug = 1;
		break;
	default:
		usage();
	}ARGEND

	if(debug){
		readalljobs();
		printjobs();
		exits(0);
	}

	initcap();		/* do this early, before cpurc removes it */

	switch(fork()){
	case -1:
		fatal("can't fork: %r");
	case 0:
		break;
	default:
		exits(0);
	}

	/*
	 * it can take a few minutes before the file server notices that
	 * we've rebooted and gives up the lock.
	 */
	lock = mklock("/cron/lock");
	if (lock < 0)
		fatal("cron already running: %r");

	argv0 = "cron";
	srand(getpid()*time(0));
	last = time(0);
	for(;;){
		readalljobs();
		/*
		 * the system's notion of time may have jumped forward or
		 * backward an arbitrary amount since the last call to time().
		 */
		now = time(0);
		/*
		 * if time has jumped backward, just note it and adapt.
		 * if time has jumped forward more than a day,
		 * just execute one day's jobs.
		 */
		if (now < last) {
			clog("time went backward");
			last = now;
		} else if (now - last > Day) {
			clog("time advanced more than a day");
			last = now - Day;
		}
		now = minute(now);
		for(last = minute(last); last <= now; last += Minute){
			tm = *localtime(last);
			t.min = 1ULL << tm.min;
			t.hour = 1 << tm.hour;
			t.wday = 1 << tm.wday;
			t.mday = 1 << tm.mday;
			t.mon =  1 << (tm.mon + 1);
			for(i = 0; i < nuser; i++)
				for(j = users[i].jobs; j; j = j->next)
					if(j->time.min & t.min
					&& j->time.hour & t.hour
					&& j->time.wday & t.wday
					&& j->time.mday & t.mday
					&& j->time.mon & t.mon)
						rexec(&users[i], j);
		}
		seek(lock, 0, 0);
		write(lock, "x", 1);	/* keep the lock alive */
		/*
		 * if we're not at next minute yet, sleep until a second past
		 * (to allow for sleep intervals being approximate),
		 * which synchronises with minute roll-over as a side-effect.
		 */
		sleepuntil(now + Minute + 1);
	}
	/* not reached */
}

void
createuser(void)
{
	Dir d;
	char file[128], *user;
	int fd;

	user = getuser();
	snprint(file, sizeof file, "/cron/%s", user);
	fd = create(file, OREAD, 0755|DMDIR);
	if(fd < 0)
		fatal("couldn't create %s: %r", file);
	nulldir(&d);
	d.gid = user;
	dirfwstat(fd, &d);
	close(fd);
	snprint(file, sizeof file, "/cron/%s/cron", user);
	fd = create(file, OREAD, 0644);
	if(fd < 0)
		fatal("couldn't create %s: %r", file);
	nulldir(&d);
	d.gid = user;
	dirfwstat(fd, &d);
	close(fd);
}

void
readalljobs(void)
{
	User *u;
	Dir *d, *du;
	char file[128];
	int i, n, fd;

	fd = open("/cron", OREAD);
	if(fd < 0)
		fatal("can't open /cron: %r");
	while((n = dirread(fd, &d)) > 0){
		for(i = 0; i < n; i++){
			if(strcmp(d[i].name, "log") == 0 ||
			    !(d[i].qid.type & QTDIR))
				continue;
			if(strcmp(d[i].name, d[i].uid) != 0){
				syslog(1, CRONLOG, "cron for %s owned by %s",
					d[i].name, d[i].uid);
				continue;
			}
			u = newuser(d[i].name);
			snprint(file, sizeof file, "/cron/%s/cron", d[i].name);
			du = dirstat(file);
			if(du == nil || qidcmp(u->lastqid, du->qid) != 0){
				freejobs(u->jobs);
				u->jobs = readjobs(file, u);
			}
			free(du);
		}
		free(d);
	}
	close(fd);
}

/*
 * parse user's cron file
 * other lines: minute hour monthday month weekday host command
 */
Job *
readjobs(char *file, User *user)
{
	Biobuf *b;
	Job *j, *jobs;
	Dir *d;
	int line;

	d = dirstat(file);
	if(!d)
		return nil;
	b = Bopen(file, OREAD);
	if(!b){
		free(d);
		return nil;
	}
	jobs = nil;
	user->lastqid = d->qid;
	free(d);
	for(line = 1; savec = Brdline(b, '\n'); line++){
		savec[Blinelen(b) - 1] = '\0';
		while(*savec == ' ' || *savec == '\t')
			savec++;
		if(*savec == '#' || *savec == '\0')
			continue;
		if(strlen(savec) > 1024){
			clog("%s: line %d: line too long", user->name, line);
			continue;
		}
		j = emalloc(sizeof *j);
		j->time.min = gettime(0, 59);
		if(j->time.min && (j->time.hour = gettime(0, 23))
		&& (j->time.mday = gettime(1, 31))
		&& (j->time.mon = gettime(1, 12))
		&& (j->time.wday = gettime(0, 6))
		&& getname(&j->host)){
			j->cmd = emalloc(strlen(savec) + 1);
			strcpy(j->cmd, savec);
			j->next = jobs;
			jobs = j;
		}else{
			clog("%s: line %d: syntax error", user->name, line);
			free(j);
		}
	}
	Bterm(b);
	return jobs;
}

void
printjobs(void)
{
	char buf[8*1024];
	Job *j;
	int i;

	for(i = 0; i < nuser; i++){
		print("user %s\n", users[i].name);
		for(j = users[i].jobs; j; j = j->next)
			if(!mkcmd(j->cmd, buf, sizeof buf))
				print("\tbad job %s on host %s\n",
					j->cmd, j->host);
			else
				print("\tjob %s on host %s\n", buf, j->host);
	}
}

User *
newuser(char *name)
{
	int i;

	for(i = 0; i < nuser; i++)
		if(strcmp(users[i].name, name) == 0)
			return &users[i];
	if(nuser == maxuser){
		maxuser += 32;
		users = erealloc(users, maxuser * sizeof *users);
	}
	memset(&users[nuser], 0, sizeof(users[nuser]));
	users[nuser].name = strdup(name);
	users[nuser].jobs = 0;
	users[nuser].lastqid.type = QTFILE;
	users[nuser].lastqid.path = ~0LL;
	users[nuser].lastqid.vers = ~0L;
	return &users[nuser++];
}

void
freejobs(Job *j)
{
	Job *next;

	for(; j; j = next){
		next = j->next;
		free(j->cmd);
		free(j->host);
		free(j);
	}
}

int
getname(char **namep)
{
	int c;
	char buf[64], *p;

	if(!savec)
		return 0;
	while(*savec == ' ' || *savec == '\t')
		savec++;
	for(p = buf; (c = *savec) && c != ' ' && c != '\t'; p++){
		if(p >= buf+sizeof buf -1)
			return 0;
		*p = *savec++;
	}
	*p = '\0';
	*namep = strdup(buf);
	if(*namep == 0){
		clog("internal error: strdup failure");
		_exits(0);
	}
	while(*savec == ' ' || *savec == '\t')
		savec++;
	return p > buf;
}

/*
 * return the next time range (as a bit vector) in the file:
 * times: '*'
 * 	| range
 * range: number
 *	| number '-' number
 *	| range ',' range
 * a return of zero means a syntax error was discovered
 */
uvlong
gettime(int min, int max)
{
	uvlong n, m, e;

	if(gettok(min, max) == '*')
		return ~0ULL;
	n = 0;
	while(tok == '1'){
		m = 1ULL << lexval;
		n |= m;
		if(gettok(0, 0) == '-'){
			if(gettok(lexval, max) != '1')
				return 0;
			e = 1ULL << lexval;
			for( ; m <= e; m <<= 1)
				n |= m;
			gettok(min, max);
		}
		if(tok != ',')
			break;
		if(gettok(min, max) != '1')
			return 0;
	}
	pushtok();
	return n;
}

void
pushtok(void)
{
	savec = savetok;
}

int
gettok(int min, int max)
{
	char c;

	savetok = savec;
	if(!savec)
		return tok = 0;
	while((c = *savec) == ' ' || c == '\t')
		savec++;
	switch(c){
	case '0': case '1': case '2': case '3': case '4':
	case '5': case '6': case '7': case '8': case '9':
		lexval = strtoul(savec, &savec, 10);
		if(lexval < min || lexval > max)
			return tok = 0;
		return tok = '1';
	case '*': case '-': case ',':
		savec++;
		return tok = c;
	default:
		return tok = 0;
	}
}

int
call(char *host)
{
	char *na, *p;

	na = netmkaddr(host, 0, "rexexec");
	p = utfrune(na, L'!');
	if(!p)
		return -1;
	p = utfrune(p+1, L'!');
	if(!p)
		return -1;
	if(strcmp(p, "!rexexec") != 0)
		return -2;
	return dial(na, 0, 0, 0);
}

/*
 * convert command to run properly on the remote machine
 * need to escape the quotes so they don't get stripped
 */
int
mkcmd(char *cmd, char *buf, int len)
{
	char *p;
	int n, m;

	n = sizeof "exec rc -c '" -1;
	if(n >= len)
		return 0;
	strcpy(buf, "exec rc -c '");
	while(p = utfrune(cmd, L'\'')){
		p++;
		m = p - cmd;
		if(n + m + 1 >= len)
			return 0;
		strncpy(&buf[n], cmd, m);
		n += m;
		buf[n++] = '\'';
		cmd = p;
	}
	m = strlen(cmd);
	if(n + m + sizeof "'</dev/null>/dev/null>[2=1]" >= len)
		return 0;
	strcpy(&buf[n], cmd);
	strcpy(&buf[n+m], "'</dev/null>/dev/null>[2=1]");
	return 1;
}

void
rexec(User *user, Job *j)
{
	char buf[8*1024];
	int n, fd;
	AuthInfo *ai;

	switch(rfork(RFPROC|RFNOWAIT|RFNAMEG|RFENVG|RFFDG)){
	case 0:
		break;
	case -1:
		clog("can't fork a job for %s: %r\n", user->name);
	default:
		return;
	}

	if(!mkcmd(j->cmd, buf, sizeof buf)){
		clog("internal error: cmd buffer overflow");
		_exits(0);
	}

	/*
	 * local call, auth, cmd with no i/o
	 */
	if(strcmp(j->host, "local") == 0){
		if(becomeuser(user->name) < 0){
			clog("%s: can't change uid for %s on %s: %r",
				user->name, j->cmd, j->host);
			_exits(0);
		}
		putenv("service", "rx");
		clog("%s: ran '%s' on %s", user->name, j->cmd, j->host);
		execl("/bin/rc", "rc", "-lc", buf, nil);
		clog("%s: exec failed for %s on %s: %r",
			user->name, j->cmd, j->host);
		_exits(0);
	}

	/*
	 * remote call, auth, cmd with no i/o
	 * give it 2 min to complete
	 */
	alarm(2*Minute*1000);
	fd = call(j->host);
	if(fd < 0){
		if(fd == -2)
			clog("%s: dangerous host %s", user->name, j->host);
		clog("%s: can't call %s: %r", user->name, j->host);
		_exits(0);
	}
	clog("%s: called %s on %s", user->name, j->cmd, j->host);
	if(becomeuser(user->name) < 0){
		clog("%s: can't change uid for %s on %s: %r",
			user->name, j->cmd, j->host);
		_exits(0);
	}
	ai = auth_proxy(fd, nil, "proto=p9any role=client");
	if(ai == nil){
		clog("%s: can't authenticate for %s on %s: %r",
			user->name, j->cmd, j->host);
		_exits(0);
	}
	clog("%s: authenticated %s on %s", user->name, j->cmd, j->host);
	write(fd, buf, strlen(buf)+1);
	write(fd, buf, 0);
	while((n = read(fd, buf, sizeof(buf)-1)) > 0){
		buf[n] = 0;
		clog("%s: %s\n", j->cmd, buf);
	}
	_exits(0);
}

void *
emalloc(ulong n)
{
	void *p;

	if(p = mallocz(n, 1))
		return p;
	fatal("out of memory");
	return 0;
}

void *
erealloc(void *p, ulong n)
{
	if(p = realloc(p, n))
		return p;
	fatal("out of memory");
	return 0;
}

void
usage(void)
{
	fprint(2, "usage: cron [-c]\n");
	exits("usage");
}

int
qidcmp(Qid a, Qid b)
{
	/* might be useful to know if a > b, but not for cron */
	return(a.path != b.path || a.vers != b.vers);
}

void
memrandom(void *p, int n)
{
	uchar *cp;

	for(cp = (uchar*)p; n > 0; n--)
		*cp++ = fastrand();
}

/*
 *  keep caphash fd open since opens of it could be disabled
 */
static int caphashfd;

void
initcap(void)
{
	caphashfd = open("#¤/caphash", OCEXEC|OWRITE);
	if(caphashfd < 0)
		fprint(2, "%s: opening #¤/caphash: %r\n", argv0);
}

/*
 *  create a change uid capability
 */
char*
mkcap(char *from, char *to)
{
	uchar rand[20];
	char *cap;
	char *key;
	int nfrom, nto, ncap;
	uchar hash[SHA1dlen];

	if(caphashfd < 0)
		return nil;

	/* create the capability */
	nto = strlen(to);
	nfrom = strlen(from);
	ncap = nfrom + 1 + nto + 1 + sizeof(rand)*3 + 1;
	cap = emalloc(ncap);
	snprint(cap, ncap, "%s@%s", from, to);
	memrandom(rand, sizeof(rand));
	key = cap+nfrom+1+nto+1;
	enc64(key, sizeof(rand)*3, rand, sizeof(rand));

	/* hash the capability */
	hmac_sha1((uchar*)cap, strlen(cap), (uchar*)key, strlen(key), hash, nil);

	/* give the kernel the hash */
	key[-1] = '@';
	if(write(caphashfd, hash, SHA1dlen) < 0){
		free(cap);
		return nil;
	}

	return cap;
}

int
usecap(char *cap)
{
	int fd, rv;

	fd = open("#¤/capuse", OWRITE);
	if(fd < 0)
		return -1;
	rv = write(fd, cap, strlen(cap));
	close(fd);
	return rv;
}

int
becomeuser(char *new)
{
	char *cap;
	int rv;

	cap = mkcap(getuser(), new);
	if(cap == nil)
		return -1;
	rv = usecap(cap);
	free(cap);

	newns(new, nil);
	return rv;
}