-.\" $OpenBSD: atrun.8,v 1.2 1996/10/08 01:20:19 michaels Exp $
-.\"
-.\" Copyright (c) 1993 Christopher G. Demetriou
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by Christopher G. Demetriou.
-.\" 3. The name of the author may not be used to endorse or promote products
-.\" derived from this software without specific prior written permission
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.\" $Id: atrun.8,v 1.2 1996/10/08 01:20:19 michaels Exp $
-.\"
-.Dd December 5, 1993
+.\" $OpenBSD: atrun.8,v 1.3 1997/03/01 23:39:43 millert Exp $
+.\" $FreeBSD: atrun.man,v 1.3 1997/02/22 14:20:55 peter Exp $
+.Dd April 12, 1995
.Dt ATRUN 8
.Os
.Sh NAME
.Nm atrun
.Nd run jobs queued for later execution
-.\"
-.Sh SYOPSIS
+.Sh SYNOPSIS
.Nm atrun
+.Op Fl l Ar load_avg
+.Op Fl d
.Sh DESCRIPTION
-The
-.Nm atrun
-utility runs commands queued by
+.Nm Atrun
+runs jobs queued by
.Xr at 1 .
-It is usually invoked by
+Root's
+.Xr crontab 5
+must contain the line:
+.nf
+
+*/10 * * * * root /usr/libexec/atrun
+
+.fi
+so that
+.Xr atrun 8
+gets called every ten minutes.
+.Pp
+At every invocation, every job in lowercase queues whose starting time
+has passed is started.
+A maximum of one batch jobs (denoted by uppercase queues) are started
+each time
+.Nm atrun
+is invoked.
+.Sh OPTIONS
+.Bl -tag -width indent
+.It Fl l Ar load_avg
+Specifies a limiting load factor, over which batch jobs should
+not be run, instead of the compiled \- in value of 1.5.
+.It Fl d
+Debug; print error messages to standard error instead of using
+.Xr syslog 3 .
+.El
+.Sh WARNINGS
+For
+.Nm atrun
+to work, you have to start up a
.Xr cron 8
-every ten minutes.
+daemon.
.Sh FILES
-.Bl -tag -width /var/at/lockfile -compact
-.It Pa /var/at/jobs
-Directory containing job files
+.Bl -tag -width /var/at/spool -compact
.It Pa /var/at/spool
Directory containing output spool files
-.It Pa /var/at/lockfile
-Job-creation lock file.
+.It Pa /var/at/jobs
+Directory containing job files
.El
.Sh SEE ALSO
.Xr cron 8 ,
-.Xr at 1
-.Sh AUTHOR
-.Bl -tag
-Thomas Koenig, ig25@rz.uni-karlsruhe.de
-.El
+.Xr crontab 1 ,
+.Xr crontab 5 ,
+.Xr at 1 ,
+.Xr syslog 3 .
.Sh BUGS
-The functionality of
+The functionality of
.Nm atrun
-should arguaby be merged into
+should be merged into
.Xr cron 8 .
-.Sh CAVEATS
-Since the default configuration causes
-.Nm atrun
-to be invoked every ten minutes,
-commands queued by
-.Xr at 1
-may end up being executed up to nine minutes
-later than would be otherwise expected.
+.Sh AUTHOR
+Thomas Koenig <ig25@rz.uni-karlsruhe.de>.
+/* $OpenBSD: atrun.c,v 1.3 1997/03/01 23:39:43 millert Exp $ */
+
/*
- * atrun.c - run jobs queued by at; run with root privileges.
- * Copyright (c) 1993 by Thomas Koenig
- * All rights reserved.
+ * atrun.c - run jobs queued by at; run with root privileges.
+ * Copyright (C) 1993, 1994 Thomas Koenig
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
+#include <ctype.h>
#include <dirent.h>
#include <errno.h>
#include <pwd.h>
+#include <grp.h>
#include <signal.h>
#include <stddef.h>
#include <stdio.h>
/* File scope variables */
static char *namep;
-static char rcsid[] = "$Id: atrun.c,v 1.2 1996/12/22 03:41:10 tholo Exp $";
+static char rcsid[] = "$OpenBSD: atrun.c,v 1.3 1997/03/01 23:39:43 millert Exp $";
+static int debug = 0;
/* Local functions */
+
static void
perr(a)
const char *a;
{
- syslog(LOG_ERR, "%s: %m", a);
+ if (debug)
+ perror(a);
+ else
+ syslog(LOG_ERR, "%s: %m", a);
+
+ exit(EXIT_FAILURE);
+}
+
+static void
+perr2(a, b)
+ char *a, *b;
+{
+ if (debug) {
+ (void)fputs(a, stderr);
+ perror(b);
+ } else
+ syslog(LOG_ERR, "%s%s: %m", a, b);
+
exit(EXIT_FAILURE);
}
int fd;
const char *a;
{
- return write(fd, a, strlen(a));
+ return(write(fd, a, strlen(a)));
}
static void
-run_file(filename, uid)
+run_file(filename, uid, gid)
const char *filename;
uid_t uid;
+ gid_t gid;
{
/*
* Run a file by by spawning off a process which redirects I/O,
char *mailname = NULL;
FILE *stream;
int send_mail = 0;
- struct stat buf;
+ struct stat buf, lbuf;
off_t size;
struct passwd *pentry;
int fflags;
+ uid_t nuid;
+ gid_t ngid;
+
+ PRIV_START
+
+ if (chmod(filename, S_IRUSR) != 0)
+ perr("Cannot change file permissions");
+
+ PRIV_END
pid = fork();
if (pid == -1)
perr("Cannot fork");
- else if (pid > 0)
+ else if (pid != 0)
return;
/*
* root.
*/
+ pentry = getpwuid(uid);
+ if (pentry == NULL) {
+ syslog(LOG_ERR,"Userid %u not found - aborting job %s",
+ uid, filename);
+ exit(EXIT_FAILURE);
+ }
PRIV_START
- stream = fopen(filename, "r");
+ stream = fopen(filename, "r");
PRIV_END
- pentry = getpwuid(uid);
- if (pentry == NULL)
- perr("UID not in password file!");
+ if (pentry->pw_expire && time(NULL) >= pentry->pw_expire) {
+ syslog(LOG_ERR, "Userid %u has expired - aborting job %s",
+ uid, filename);
+ exit(EXIT_FAILURE);
+ }
if (stream == NULL)
perr("Cannot open input file");
if ((fd_in = dup(fileno(stream))) < 0)
perr("Error duplicating input file descriptor");
+ if (fstat(fd_in, &buf) == -1)
+ perr("Error in fstat of input file descriptor");
+
+ PRIV_START
+
+ if (lstat(filename, &lbuf) == -1)
+ perr("Error in lstat of input file");
+
+ PRIV_END
+
+ if (S_ISLNK(lbuf.st_mode)) {
+ syslog(LOG_ERR, "Symbolic link encountered in job %s - aborting",
+ filename);
+ exit(EXIT_FAILURE);
+ }
+ if ((lbuf.st_dev != buf.st_dev) || (lbuf.st_ino != buf.st_ino) ||
+ (lbuf.st_uid != buf.st_uid) || (lbuf.st_gid != buf.st_gid) ||
+ (lbuf.st_size!=buf.st_size)) {
+ syslog(LOG_ERR, "Somebody changed files from under us for job %s - aborting", filename);
+ exit(EXIT_FAILURE);
+ }
+ if (buf.st_nlink > 1) {
+ syslog(LOG_ERR, "Somebody is trying to run a linked script for job %s",
+ filename);
+ exit(EXIT_FAILURE);
+ }
if ((fflags = fcntl(fd_in, F_GETFD)) < 0)
perr("Error in fcntl");
- fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC);
+ (void)fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC);
- if (fscanf(stream, "#! /bin/sh\n# mail %8s %d", mailbuf, &send_mail) == 2) {
- mailname = mailbuf;
- } else {
- mailname = pentry->pw_name;
+ if (fscanf(stream, "#!/bin/sh\n# atrun uid=%u gid=%u\n# mail %8s %d",
+ &nuid, &ngid, mailbuf, &send_mail) != 4) {
+ syslog(LOG_ERR, "File %s is in wrong format - aborting",
+ filename);
+ exit(EXIT_FAILURE);
}
- fclose(stream);
+ if (mailbuf[0] == '-') {
+ syslog(LOG_ERR, "illegal mail name %s in %s", mailbuf, filename);
+ exit(EXIT_FAILURE);
+ }
+ mailname = mailbuf;
+ if (nuid != uid) {
+ syslog(LOG_ERR, "Job %s - userid %u does not match file uid %u",
+ filename, nuid, uid);
+ exit(EXIT_FAILURE);
+ }
+ if (ngid != gid) {
+ syslog(LOG_ERR, "Job %s - groupid %u does not match file gid %u",
+ filename, ngid, gid);
+ exit(EXIT_FAILURE);
+ }
+ (void)fclose(stream);
+
+ PRIV_START
+
if (chdir(_PATH_ATSPOOL) < 0)
- perr("Cannot chdir to " _PATH_ATSPOOL);
+ perr2("Cannot chdir to ", _PATH_ATSPOOL);
/*
* Create a file to hold the output of the job we are about to
* run. Write the mail header.
*/
+
if ((fd_out = open(filename,
O_WRONLY | O_CREAT | O_EXCL, S_IWUSR | S_IRUSR)) < 0)
perr("Cannot create output file");
+ PRIV_END
+
write_string(fd_out, "Subject: Output from your job ");
write_string(fd_out, filename);
write_string(fd_out, "\n\n");
- fstat(fd_out, &buf);
+ if (fstat(fd_out, &buf) == -1)
+ perr("Error in fstat of output file descriptor");
size = buf.st_size;
- close(STDIN_FILENO);
- close(STDOUT_FILENO);
- close(STDERR_FILENO);
+ (void)close(STDIN_FILENO);
+ (void)close(STDOUT_FILENO);
+ (void)close(STDERR_FILENO);
pid = fork();
if (pid < 0)
* the input file, and standard output and error sent to
* our output file.
*/
-
if (lseek(fd_in, (off_t) 0, SEEK_SET) < 0)
perr("Error in lseek");
if (dup(fd_out) != STDERR_FILENO)
perr("Error in I/O redirection");
- close(fd_in);
- close(fd_out);
+ (void)close(fd_in);
+ (void)close(fd_out);
+
+ PRIV_START
+
if (chdir(_PATH_ATJOBS) < 0)
- perr("Cannot chdir to " _PATH_ATJOBS);
+ perr2("Cannot chdir to ", _PATH_ATJOBS);
queue = *filename;
- PRIV_START
+ if (queue > 'b')
+ nice(queue - 'b');
- if (queue > 'b')
- nice(queue - 'b');
+ if (chdir(pentry->pw_dir) < 0)
+ chdir("/");
if (initgroups(pentry->pw_name, pentry->pw_gid) < 0)
perr("Cannot init group list");
- if (setegid(pentry->pw_gid) < 0)
- perr("Cannot change primary group");
- if (setgid(pentry->pw_gid) < 0)
+ if (setegid(pentry->pw_gid) < 0 || setgid(pentry->pw_gid) < 0)
perr("Cannot change primary group");
- if (seteuid(uid) < 0)
- perr("Cannot set user id");
- if (setuid(uid) < 0)
+ if (seteuid(uid) < 0 || setuid(uid) < 0)
perr("Cannot set user id");
- chdir("/");
-
- if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
- perr("Exec failed");
+ if (execle("/bin/sh", "sh", (char *)NULL, nenvp) != 0)
+ perr("Exec failed for /bin/sh");
PRIV_END
}
/* We're the parent. Let's wait. */
- close(fd_in);
- close(fd_out);
- waitpid(pid, (int *) NULL, 0);
+ (void)close(fd_in);
+ (void)close(fd_out);
+ waitpid(pid, (int *)NULL, 0);
+
+ /*
+ * Send mail. Unlink the output file first, so it is deleted
+ * after the run.
+ */
+ PRIV_START
+
+ if (stat(filename, &buf) == -1)
+ perr("Error in stat of output file");
+ if (open(filename, O_RDONLY) != STDIN_FILENO)
+ perr("Open of jobfile failed");
+
+ (void)unlink(filename);
+
+ PRIV_END
- stat(filename, &buf);
if ((buf.st_size != size) || send_mail) {
/* Fork off a child for sending mail */
- pid = fork();
- if (pid < 0)
- perr("Fork failed");
- else if (pid == 0) {
- if (open(filename, O_RDONLY) != STDIN_FILENO)
- perr("Cannot reopen output file");
-
- execl(_PATH_SENDMAIL, _PATH_SENDMAIL, mailname,
- (char *) NULL);
- perr("Exec failed");
- }
- waitpid(pid, (int *) NULL, 0);
+
+ PRIV_START
+
+ if (chdir(pentry->pw_dir))
+ chdir("/");
+
+ if (initgroups(pentry->pw_name, pentry->pw_gid))
+ perr("Cannot init group list");
+
+ if (setegid(gid) < 0 || setgid(gid) < 0)
+ perr("Cannot change primary group");
+
+ if (seteuid(uid) < 0 || setuid(uid) < 0)
+ perr("Cannot set user id");
+
+ execl(_PATH_SENDMAIL, "sendmail", "-F", "Atrun Service",
+ "-odi", "-oem", mailname, (char *) NULL);
+ perr("Exec failed for mail command");
+
+ PRIV_END
}
- unlink(filename);
exit(EXIT_SUCCESS);
}
DIR *spool;
struct dirent *dirent;
struct stat buf;
- int older;
unsigned long ctm;
+ int jobno;
char queue;
+ time_t now, run_time;
+ char batch_name[] = "Z2345678901234";
+ uid_t batch_uid;
+ gid_t batch_gid;
+ int c;
+ int run_batch;
+ double la, load_avg = ATRUN_MAXLOAD;
/*
* We don't need root privileges all the time; running under uid
- * and gid daemon is fine.
+ * and gid nobody is fine except for priviledged operations.
*/
+ RELINQUISH_PRIVS_ROOT(NOBODY_UID, NOBODY_GID)
- RELINQUISH_PRIVS_ROOT(0) /* it's setuid root */
openlog("atrun", LOG_PID, LOG_CRON);
+ opterr = 0;
+ errno = 0;
+ while ((c = getopt(argc, argv, "dl:")) != -1) {
+ switch (c) {
+ case 'l':
+ if (sscanf(optarg, "%lf", &load_avg) != 1)
+ perr("garbled option -l");
+ if (load_avg <= 0.)
+ load_avg = ATRUN_MAXLOAD;
+ break;
+
+ case 'd':
+ debug++;
+ break;
+
+ case '?':
+ perr("unknown option");
+ break;
+
+ default:
+ perr("idiotic option - aborted");
+ break;
+ }
+ }
+
namep = argv[0];
+
+ PRIV_START
+
if (chdir(_PATH_ATJOBS) != 0)
- perr("Cannot change to " _PATH_ATJOBS);
+ perr2("Cannot change to ", _PATH_ATJOBS);
+
/*
* Main loop. Open spool directory for reading and look over all
* which executes the shell script. Unlink older files if they
* should no longer be run. For deletion, their r bit has to be
* turned on.
+ *
+ * Also, pick the oldest batch job to run, at most one per
+ * invocation of atrun.
*/
if ((spool = opendir(".")) == NULL)
- perr("Cannot read " _PATH_ATJOBS);
+ perr2("Cannot read ", _PATH_ATJOBS);
+
+ PRIV_END
+
+ now = time(NULL);
+ run_batch = 0;
+ batch_uid = (uid_t) -1;
+ batch_gid = (gid_t) -1;
while ((dirent = readdir(spool)) != NULL) {
- double la;
+ PRIV_START
if (stat(dirent->d_name, &buf) != 0)
- perr("Cannot stat in " _PATH_ATJOBS);
+ perr2("Cannot stat in ", _PATH_ATJOBS);
+
+ PRIV_END
/* We don't want directories */
if (!S_ISREG(buf.st_mode))
continue;
- if (sscanf(dirent->d_name, "%c%8lx", &queue, &ctm) != 2)
- continue;
-
- if ((queue == 'b') && ((getloadavg(&la, 1) != 1) ||
- (la > ATRUN_MAXLOAD)))
+ if (sscanf(dirent->d_name, "%c%5x%8lx", &queue, &jobno, &ctm) != 3)
continue;
- older = (time_t) ctm *60 <= time(NULL);
-
- /* The file is executable and old enough */
- if (older && (S_IXUSR & buf.st_mode)) {
- /*
- * Now we know we want to run the file, we can turn
- * off the execute bit
- */
+ run_time = (time_t) ctm * 60;
+
+ if ((S_IXUSR & buf.st_mode) && (run_time <= now)) {
+ if (isupper(queue) &&
+ (strcmp(batch_name, dirent->d_name) > 0)) {
+ run_batch = 1;
+ (void)strncpy(batch_name, dirent->d_name,
+ sizeof(batch_name));
+ batch_uid = buf.st_uid;
+ batch_gid = buf.st_gid;
+ }
+
+ /* The file is executable and old enough */
+ if (islower(queue))
+ run_file(dirent->d_name, buf.st_uid, buf.st_gid);
+ }
+ /* Delete older files */
+ if ((run_time < now) && !(S_IXUSR & buf.st_mode) &&
+ (S_IRUSR & buf.st_mode)) {
PRIV_START
- if (chmod(dirent->d_name, S_IRUSR) != 0)
- perr("Cannot change file permissions");
+ (void)unlink(dirent->d_name);
PRIV_END
-
- run_file(dirent->d_name, buf.st_uid);
}
- /* Delete older files */
- if (older && !(S_IXUSR & buf.st_mode) &&
- (S_IRUSR & buf.st_mode))
- unlink(dirent->d_name);
}
+
+ /* Run the single batch file, if any */
+ if (run_batch && ((getloadavg(&la, 1) == 1) && la < load_avg))
+ run_file(batch_name, batch_uid, batch_gid);
+
closelog();
exit(EXIT_SUCCESS);
}
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $Id: atrun.h,v 1.1.1.1 1995/10/18 08:43:15 deraadt Exp $
+ * $Id: atrun.h,v 1.2 1997/03/01 23:39:44 millert Exp $
*/
#define ATRUN_MAXLOAD 1.5
+#define NOBODY_UID 32767
+#define NOBODY_GID 32767
-# $OpenBSD: Makefile,v 1.2 1996/06/26 05:31:26 deraadt Exp $
+# $OpenBSD: Makefile,v 1.3 1997/03/01 23:40:08 millert Exp $
# $NetBSD: Makefile,v 1.2 1995/03/25 18:13:27 glass Exp $
PROG= at
-SRCS= at.c panic.c parsetime.c
+SRCS= at.c panic.c parsetime.c perm.c
LINKS= ${BINDIR}/at ${BINDIR}/atq \
${BINDIR}/at ${BINDIR}/atrm \
${BINDIR}/at ${BINDIR}/batch
-.\" $OpenBSD: at.1,v 1.3 1996/10/08 01:20:52 michaels Exp $
-.\" $NetBSD: at.1,v 1.6 1995/03/25 18:13:29 glass Exp $
-.\"
-.\"
-.\" Copyright (c) 1993 Christopher G. Demetriou
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by Christopher G. Demetriou.
-.\" 3. The name of the author may not be used to endorse or promote products
-.\" derived from this software without specific prior written permission
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.\"
-.Dd December 5, 1993
+.\" $OpenBSD: at.1,v 1.4 1997/03/01 23:40:08 millert Exp $
+.\" $FreeBSD: at.man,v 1.6 1997/02/22 19:54:05 peter Exp $
+.Dd April 12, 1995
.Dt "AT" 1
.Os
.Sh NAME
.Nm at, batch, atq, atrm
-.Nd queue, examine, or delete jobs for later execution
-.\"
+.Nd queue, examine or delete jobs for later execution
.Sh SYNOPSIS
.Nm at
+.Op Fl V
.Op Fl q Ar queue
.Op Fl f Ar file
-.Op Fl m
+.Op Fl mldbv
.Ar time
.Pp
+.Nm at
+.Op Fl V
+.Fl c Ar job Op Ar job ...
+.Pp
.Nm atq
+.Op Fl V
.Op Fl q Ar queue
.Op Fl v
.Pp
.Nm atrm
+.Op Fl V
.Ar job
.Op Ar job ...
.Pp
.Nm batch
+.Op Fl V
+.Op Fl q Ar queue
.Op Fl f Ar file
-.Op Fl m
+.Op Fl mv
+.Op Ar time
.Sh DESCRIPTION
-The
-.Nm at
+.Nm At
and
.Nm batch
-utilities read commands from the standard input or a specified file
-which are to be executed at a later time, using
+read commands from standard input or a specified file which
+are to be executed at a later time, using
.Xr sh 1 .
-.Pp
-The functions of the commands are as follows:
.Bl -tag -width indent
.It Nm at
Executes commands at a specified time.
.It Nm atq
-Lists the user's pending jobs, unless the user is
-the superuser. In that case, everybody's jobs are
-listed.
+Lists the user's pending jobs, unless the user is the superuser.
+In that case, everybody's jobs are listed.
.It Nm atrm
Deletes jobs.
.It Nm batch
-executes commands when system load levels permit.
-In other words, it executes the commands when the load
-average drops below a specified level.
+Executes commands when system load levels permit. In other words, when
+the load average drops below 1.5, or the value specified in the invocation of
+.Nm atrun .
.El
.Pp
-For both
-.Nm at
-and
-.Nm batch ,
-the working directory, environment (except for the variables
-.Nm TERM ,
-.Nm TERMCAP ,
-.Nm DISPLAY ,
-and
-.Nm _ )
-and the umask are retained from the time of invocation. The user
-will be mailed the standard output and standard error from
-his commands if any output is generated. If
-.Nm at
-is executed from a
-.Xr su 1
-shell, the owner of the login shell will receive the mail.
-.Sh OPTIONS
-.Bl -tag -width indent
-The available options are as follows:
-.It Fl q Ar queue
-Use the specified queue. A queue designation consists
-of a single letter; valid queue designation range from
-.Ar a
-to
-.Ar l .
-The
-.Ar a
-queue is the default, and
-.Ar b
-is the batch queue. Queues with higher letters run with
-increased niceness. If
-.Nm atq
-is given a specific queue, it will only show jobs pending
-in that queue.
-.It Fl m
-Send mail to the user when the job has completed, even if
-there was no output.
-.It Fl f Ar file
-Reads the job from
-.Ar file
-rather than the standard input.
-.It Fl v
-Shows completed but not yet deleted jobs in the queue.
-.Sh TIME SPECIFICATION
.Nm At
-allows some moderately complex time specifications.
-It accepts times of the form
+allows some moderately complex
+.Ar time
+specifications. It accepts times of the form
.Ar HHMM
or
.Ar HH:MM
-to run a job at a specific time of day. If
-that time is already passed, the next day is assumed.
+to run a job at a specific time of day.
+(If that time is already past, the next day is assumed.)
You may also specify
.Nm midnight ,
.Nm noon ,
or
.Nm teatime
-(4PM) and you can give a time of day suffixed with
+(4pm)
+and you can have a time-of-day suffixed with
.Nm AM
or
.Nm PM
-for running in the morning or the evening. You can
-also specify the date on which the job will be run
+for running in the morning or the evening.
+You can also say what day the job will be run,
by giving a date in the form
-.Ar month-name day
+.Ar \%month-name day
with an optional
.Ar year ,
or giving a date of the form
-.Ar MMDDYY ,
+.Ar MMDDYY
+or
.Ar MM/DD/YY
or
.Ar DD.MM.YY .
+The specification of a date must follow the specification of
+the time of day.
You can also give times like
-.Nm now +
-.Ar count time-units ,
-where the time units can be
-.Nm minutes, hours, days,
+.Op Nm now
+.Nm + Ar count \%time-units ,
+where the time-units can be
+.Nm minutes ,
+.Nm hours ,
+.Nm days ,
or
.Nm weeks
-You can suffix the time with
+and you can tell
+.Nm at
+to run the job today by suffixing the time with
.Nm today
-to run the job today, or
-.Nm tomorrow
-to run the job tomorrow.
+and to run the job tomorrow by suffixing the time with
+.Nm tomorrow.
+.Pp
+For example, to run a job at 4pm three days from now, you would do
+.Nm at 4pm + 3 days ,
+to run a job at 10:00am on July 31, you would do
+.Nm at 10am Jul 31
+and to run a job at 1am tomorrow, you would do
+.Nm at 1am tomorrow.
+.Pp
+For both
+.Nm at
+and
+.Nm batch ,
+commands are read from standard input or the file specified
+with the
+.Fl f
+option and executed.
+The working directory, the environment (except for the variables
+.Nm TERM ,
+.Nm TERMCAP ,
+.Nm DISPLAY
+and
+.Nm _ )
+and the
+.Ar umask
+are retained from the time of invocation.
+An
+.Nm at
+or
+.Nm batch
+command invoked from a
+.Xr su 1
+shell will retain the current userid.
+The user will be mailed standard error and standard output from his
+commands, if any. Mail will be sent using the command
+.Xr sendmail 8 .
+If
+.Nm at
+is executed from a
+.Xr su 1
+shell, the owner of the login shell will receive the mail.
+.Pp
+The superuser may use these commands in any case.
+For other users, permission to use at is determined by the files
+.Pa /var/at/at.allow
+and
+.Pa /var/at/at.deny .
+.Pp
+If the file
+.Pa /var/at/at.allow
+exists, only usernames mentioned in it are allowed to use
+.Nm at .
+.Pp
+If
+.Pa /var/at/at.allow
+does not exist,
+.Pa /var/at/at.deny
+is checked, every username not mentioned in it is then allowed
+to use
+.Nm at .
+.Pp
+If neither exists, only the superuser is allowed use of
+.Nm at .
+This is the default configuration.
.Pp
-For example, to run a job at 4PM three days from now, you
-would specify a time of
-.Nm 4PM + 3 days .
-To run a job at 10:00AM on on July 31, you would specify
-a time of
-.Nm 10AM Jul 31 .
-Finally, to run a job at 1AM tomorrow, you would specify
-a time of
-.Nm 1AM tomorrow .
+An empty
+.Pa /var/at/at.deny
+means that every user is allowed use these commands.
+.Sh OPTIONS
+.Bl -tag -width indent
+.It Fl V
+Prints the version number to standard error.
+.It Fl q Ar queue
+Uses the specified queue.
+A queue designation consists of a single letter. Valid queue designations
+range from
+.Nm a
+to
+.Nm z
+and
+.Nm A
+to
+.Nm Z .
+The
+.Nm c
+queue is the default for
+.Nm at
+and the
+.Nm E
+queue for
+.Nm batch .
+Queues with higher letters run with increased niceness.
+If a job is submitted to a queue designated with an uppercase letter, it
+is treated as if it had been submitted to batch at that time.
+If
+.Nm atq
+is given a specific queue, it will only show jobs pending in that queue.
+.It Fl m
+Send mail to the user when the job has completed even if there was no
+output.
+.It Fl f Ar file
+Reads the job from
+.Ar file
+rather than standard input.
+.It Fl l
+Is an alias for
+.Nm atq.
+.It Fl d
+Is an alias for
+.Nm atrm.
+.It Fl b
+Is an alias for
+.Nm batch.
+.It Fl v
+For
+.Nm atq ,
+shows completed but not yet deleted jobs in the queue. Otherwise
+shows the time the job will be executed.
+.It Fl c
+Cats the jobs listed on the command line to standart output.
.Sh FILES
-.Bl -tag -width /var/at/lockfile -compact
+.Bl -tag -width /var/at/.lockfile -compact
.It Pa /var/at/jobs
Directory containing job files
.It Pa /var/at/spool
Directory containing output spool files
-.It Pa /var/at/lockfile
-Job-creation lock file.
.It Pa /var/run/utmp
-.El
+Login records
+.It Pa /var/at/at.allow
+Allow permission control
+.It Pa /var/at/at.deny
+Deny permission control
+.It Pa /var/at/.lockfile
+Job-creation lock file.
.Sh SEE ALSO
.Xr cron 8 ,
.Xr nice 1 ,
+.Xr umask 2 ,
.Xr sh 1 ,
-.Xr atrun 8
-.Sh AUTHOR
-.Bl -tag
-Thomas Koenig, ig25@rz.uni-karlsruhe.de
+.Xr sendmail 8 ,
+.Xr atrun 8 .
.El
.Sh BUGS
-Traditional access control to
-.Nm at
-and
-.Nm batch
-via the files
-.Pa /var/at/at.allow
-and
-.Pa /var/at/at.deny
-is not implemented.
.Pp
If the file
.Pa /var/run/utmp
-is not available or corrupted, or if the user is not
-logged in at the time
+is not available or corrupted, or if the user is not logged on at the
+time
.Nm at
-is invoked, the mail is sent to the userid found in the
-environment variable
+is invoked, the mail is sent to the userid found
+in the environment variable
.Nm LOGNAME .
If that is undefined or empty, the current userid is assumed.
+.Pp
+.Nm At
+and
+.Nm batch
+as presently implemented are not suitable when users are competing for
+resources.
+If this is the case for your site, you might want to consider another
+batch system, such as
+.Nm nqs .
+.Sh AUTHORS
+At was mostly written by Thomas Koenig <ig25@rz.uni-karlsruhe.de>.
+The time parsing routines are by David Parsons <orc@pell.chi.il.us>.
-/* $OpenBSD: at.c,v 1.6 1997/01/15 23:42:12 millert Exp $ */
+/* $OpenBSD: at.c,v 1.7 1997/03/01 23:40:09 millert Exp $ */
/* $NetBSD: at.c,v 1.4 1995/03/25 18:13:31 glass Exp $ */
/*
- * at.c : Put file into atrun queue
- * Copyright (C) 1993 Thomas Koenig
+ * at.c : Put file into atrun queue
+ * Copyright (C) 1993, 1994 Thomas Koenig
*
- * Atrun & Atq modifications
- * Copyright (C) 1993 David Parsons
- * All rights reserved.
+ * Atrun & Atq modifications
+ * Copyright (C) 1993 David Parsons
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-#define _USE_BSD 1
-
/* System Headers */
#include <sys/types.h>
+#include <sys/param.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <ctype.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
+#include <utmp.h>
+#include <locale.h>
+
+#if (MAXLOGNAME-1) > UT_NAMESIZE
+#define LOGNAMESIZE UT_NAMESIZE
+#else
+#define LOGNAMESIZE (MAXLOGNAME-1)
+#endif
/* Local headers */
#include "at.h"
#include "panic.h"
#include "parsetime.h"
+#include "perm.h"
#include "pathnames.h"
#define MAIN
#include "privs.h"
/* Macros */
#define ALARMC 10 /* Number of seconds to wait for timeout */
-#define SIZE 255
#define TIMESIZE 50
+enum { ATQ, ATRM, AT, BATCH, CAT }; /* what program we want to run */
+
/* File scope variables */
#ifndef lint
-static char rcsid[] = "$OpenBSD: at.c,v 1.6 1997/01/15 23:42:12 millert Exp $";
+static char rcsid[] = "$OpenBSD: at.c,v 1.7 1997/03/01 23:40:09 millert Exp $";
#endif
char *no_export[] =
static send_mail = 0;
/* External variables */
+
extern char **environ;
int fcreated;
char *namep;
char atfile[FILENAME_MAX];
-char *atinput = (char *) 0; /* where to get input from */
+char *atinput = (char *)0; /* where to get input from */
char atqueue = 0; /* which queue to examine for jobs (atq) */
char atverify = 0; /* verify time instead of queuing job */
/* Function declarations */
-static void sigc __P((int signo));
-static void alarmc __P((int signo));
+
+static void sigc __P((int));
+static void alarmc __P((int));
static char *cwdname __P((void));
-static void writefile __P((time_t runtimer, char queue));
+static void writefile __P((time_t, char));
static void list_jobs __P((void));
/* Signal catching functions */
sigc(signo)
int signo;
{
-/* If the user presses ^C, remove the spool file and exit
- */
+ /* If the user presses ^C, remove the spool file and exit. */
if (fcreated) {
PRIV_START
- unlink(atfile);
+ (void)unlink(atfile);
PRIV_END
}
alarmc(signo)
int signo;
{
-/* Time out after some seconds
- */
+ /* Time out after some seconds. */
panic("File locking timed out");
}
static char *
cwdname()
{
-/* Read in the current directory; the name will be overwritten on
- * subsequent calls.
- */
- static char *ptr = NULL;
- static size_t size = SIZE;
-
- if (ptr == NULL)
- ptr = (char *) malloc(size);
-
- while (1) {
- if (ptr == NULL)
- panic("Out of memory");
-
- if (getcwd(ptr, size - 1) != NULL)
- return ptr;
+ /*
+ * Read in the current directory; the name will be overwritten on
+ * subsequent calls.
+ */
+ static char path[MAXPATHLEN];
- if (errno != ERANGE)
- perr("Cannot get directory");
+ return (getcwd(path, sizeof(path)));
+}
- free(ptr);
- size += SIZE;
- ptr = (char *) malloc(size);
+/* XXX - this code sucks! */
+static int
+nextjob()
+{
+ int jobno;
+ FILE *fid;
+
+ if ((fid = fopen(_PATH_SEQFILE, "r+")) != (FILE*)0) {
+ if (fscanf(fid, "%5x", &jobno) == 1) {
+ (void)rewind(fid);
+ jobno = (1+jobno) % 0xfffff; /* 2^20 jobs enough? */
+ (void)fprintf(fid, "%05x\n", jobno);
+ } else
+ jobno = EOF;
+ (void)fclose(fid);
+ return (jobno);
+ } else if ((fid = fopen(_PATH_SEQFILE, "w")) != (FILE*)0) {
+ (void)fprintf(fid, "%05x\n", jobno = 1);
+ (void)fclose(fid);
+ return (1);
}
+ return (EOF);
}
static void
* This does most of the work if at or batch are invoked for
* writing a job.
*/
- int i;
+ int jobno;
char *ap, *ppos, *mailname;
struct passwd *pass_entry;
struct stat statbuf;
mode_t cmask;
struct flock lock;
+ (void)setlocale(LC_TIME, "");
+
/*
* Install the signal handler for SIGINT; terminate after removing the
* spool file if necessary
sigaction(SIGINT, &act, NULL);
- strcpy(atfile, _PATH_ATJOBS);
- ppos = atfile + strlen(_PATH_ATJOBS);
+ (void)strcpy(atfile, _PATH_ATJOBS);
+ ppos = atfile + strlen(atfile);
/*
* Loop over all possible file names for running something at this
- * particular time, see if a file is there; the first empty slot at
- * any particular time is used. Lock the file _PATH_LOCKFILE first
- * to make sure we're alone when doing this.
+ * particular time, see if a file is there; the first empty slot at
+ * any particular time is used. Lock the file _PATH_LOCKFILE first
+ * to make sure we're alone when doing this.
*/
PRIV_START
- if ((lockdes = open(_PATH_LOCKFILE, O_WRONLY | O_CREAT, 0600)) < 0)
+ if ((lockdes = open(_PATH_LOCKFILE, O_WRONLY | O_CREAT, S_IWUSR | S_IRUSR)) < 0)
perr2("Cannot open lockfile ", _PATH_LOCKFILE);
lock.l_type = F_WRLCK;
fcntl(lockdes, F_SETLKW, &lock);
alarm(0);
- for (i = 0; i < AT_MAXJOBS; i++) {
- sprintf(ppos, "%c%08lx.%03x", queue,
- (unsigned long) (runtimer / 60), i);
+ if ((jobno = nextjob()) == EOF)
+ perr("Cannot generate job number");
- if (stat(atfile, &statbuf) != 0) {
- if (errno == ENOENT)
- break;
- else
- perr2("Cannot access ", _PATH_ATJOBS);
- }
- } /* for */
+ /* XXX - use snprintf */
+ (void)sprintf(ppos, "%c%5x%8x", queue, jobno, (unsigned) (runtimer/60));
+
+ for (ap = ppos; *ap != '\0'; ap++)
+ if (*ap == ' ')
+ *ap = '0';
- if (i >= AT_MAXJOBS)
- panic("Too many jobs already");
+ if (stat(atfile, &statbuf) != 0)
+ if (errno != ENOENT)
+ perr2("Cannot access ", _PATH_ATJOBS);
/*
* Create the file. The x bit is only going to be set after it has
* their r bit. Yes, this is a kluge.
*/
cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
+ /* XXX - use open(2) not creat() */
if ((fdes = creat(atfile, O_WRONLY)) == -1)
perr("Cannot create atjob file");
if ((fd2 = dup(fdes)) < 0)
perr("Error in dup() of job file");
- if (fchown(fd2, real_uid, -1) != 0)
+ if (fchown(fd2, real_uid, real_gid) != 0)
perr("Cannot give away file");
PRIV_END
lock.l_whence = SEEK_SET;
lock.l_start = 0;
lock.l_len = 0;
- fcntl(lockdes, F_SETLKW, &lock);
- close(lockdes);
+ (void)fcntl(lockdes, F_SETLKW, &lock);
+ (void)close(lockdes);
if ((fp = fdopen(fdes, "w")) == NULL)
panic("Cannot reopen atjob file");
if (mailname == NULL && (mailname = getenv("LOGNAME")) == NULL)
mailname = getenv("USER");
- if ((mailname == NULL) || (mailname[0] == '\0')
- || (strlen(mailname) > 8)) {
- pass_entry = getpwuid(getuid());
+ if ((mailname == NULL) || (mailname[0] == '\0') ||
+ (strlen(mailname) > LOGNAMESIZE) || (getpwnam(mailname) == NULL)) {
+ pass_entry = getpwuid(real_uid);
if (pass_entry != NULL)
mailname = pass_entry->pw_name;
}
if (fpin == NULL)
perr("Cannot open input file");
}
- fprintf(fp, "#! /bin/sh\n# mail %8s %d\n", mailname, send_mail);
+ (void)fprintf(fp, "#!/bin/sh\n# atrun uid=%u gid=%u\n# mail %*s %d\n",
+ real_uid, real_gid, LOGNAMESIZE, mailname, send_mail);
/* Write out the umask at the time of invocation */
- fprintf(fp, "umask %lo\n", (unsigned long) cmask);
+ (void)fprintf(fp, "umask %o\n", cmask);
/*
* Write out the environment. Anything that may look like a special
}
if (export) {
- fwrite(*atenv, sizeof(char), eqp - *atenv, fp);
+ (void)fwrite(*atenv, sizeof(char), eqp - *atenv, fp);
for (ap = eqp; *ap != '\0'; ap++) {
if (*ap == '\n')
- fprintf(fp, "\"\n\"");
+ (void)fprintf(fp, "\"\n\"");
else {
- if (!isalnum(*ap))
- fputc('\\', fp);
-
- fputc(*ap, fp);
+ if (!isalnum(*ap)) {
+ switch (*ap) {
+ case '%': case '/': case '{':
+ case '[': case ']': case '=':
+ case '}': case '@': case '+':
+ case '#': case ',': case '.':
+ case ':': case '-': case '_':
+ break;
+ default:
+ (void)fputc('\\', fp);
+ break;
+ }
+ }
+ (void)fputc(*ap, fp);
}
}
- fputs("; export ", fp);
- fwrite(*atenv, sizeof(char), eqp - *atenv - 1, fp);
- fputc('\n', fp);
+ (void)fputs("; export ", fp);
+ (void)fwrite(*atenv, sizeof(char), eqp - *atenv - 1, fp);
+ (void)fputc('\n', fp);
+ }
+ }
+ /*
+ * Cd to the directory at the time and write out all the
+ * commands the user supplies from stdin.
+ */
+ (void)fputs("cd ", fp);
+ for (ap = cwdname(); *ap != '\0'; ap++) {
+ if (*ap == '\n')
+ fprintf(fp, "\"\n\"");
+ else {
+ if (*ap != '/' && !isalnum(*ap))
+ (void)fputc('\\', fp);
+ (void)fputc(*ap, fp);
}
}
/*
- * Cd to the directory at the time and write out all the commands
- * the user supplies from stdin.
+ * Test cd's exit status: die if the original directory has been
+ * removed, become unreadable or whatever.
*/
- fprintf(fp, "cd %s\n", cwdname());
+ (void)fprintf(fp, " || {\n\t echo 'Execution directory inaccessible' >&2\n\t exit 1\n}\n");
if ((ch = getchar()) == EOF)
panic("Input error");
do {
- fputc(ch, fp);
+ (void)fputc(ch, fp);
} while ((ch = getchar()) != EOF);
- fprintf(fp, "\n");
+ (void)fprintf(fp, "\n");
if (ferror(fp))
panic("Output error");
if (ferror(stdin))
panic("Input error");
- fclose(fp);
+ (void)fclose(fp);
/*
* Set the x bit so that we're ready to start executing
if (fchmod(fd2, S_IRUSR | S_IWUSR | S_IXUSR) < 0)
perr("Cannot give away file");
- close(fd2);
- fprintf(stderr, "Job %s will be executed using /bin/sh\n", ppos);
+ (void)close(fd2);
+ (void)fprintf(stderr, "Job %d will be executed using /bin/sh\n", jobno);
}
static void
struct tm runtime;
unsigned long ctm;
char queue;
+ int jobno;
time_t runtimer;
char timestr[TIMESIZE];
int first = 1;
PRIV_START
- if (chdir(_PATH_ATJOBS) != 0)
+ if (chdir(_PATH_ATJOBS) != 0)
perr2("Cannot change to ", _PATH_ATJOBS);
if ((spool = opendir(".")) == NULL)
|| !(S_IXUSR & buf.st_mode || atverify))
continue;
- if (sscanf(dirent->d_name, "%c%8lx", &queue, &ctm) != 2)
+ if (sscanf(dirent->d_name, "%c%5x%8lx", &queue, &jobno, &ctm) != 3)
continue;
if (atqueue && (queue != atqueue))
runtime = *localtime(&runtimer);
strftime(timestr, TIMESIZE, "%X %x", &runtime);
if (first) {
- printf("Date\t\t\tOwner\tQueue\tJob#\n");
+ (void)printf("Date\t\t\tOwner\tQueue\tJob#\n");
first = 0;
}
pw = getpwuid(buf.st_uid);
- printf("%s\t%s\t%c%s\t%s\n",
+ (void)printf("%s\t%s\t%c%s\t%d\n",
timestr,
pw ? pw->pw_name : "???",
queue,
(S_IXUSR & buf.st_mode) ? "" : "(done)",
- dirent->d_name);
+ jobno);
}
PRIV_END
}
static void
-delete_jobs(argc, argv)
+process_jobs(argc, argv, what)
int argc;
char **argv;
+ int what;
{
/* Delete every argument (job - ID) given */
int i;
struct stat buf;
+ DIR *spool;
+ struct dirent *dirent;
+ unsigned long ctm;
+ char queue;
+ int jobno;
PRIV_START
- if (chdir(_PATH_ATJOBS) != 0)
+ if (chdir(_PATH_ATJOBS) != 0)
perr2("Cannot change to ", _PATH_ATJOBS);
- for (i = optind; i < argc; i++) {
- if (stat(argv[i], &buf) != 0)
- perr(argv[i]);
- if ((buf.st_uid != real_uid) && !(real_uid == 0)) {
- fprintf(stderr, "%s: Not owner\n", argv[i]);
- exit(EXIT_FAILURE);
+ if ((spool = opendir(".")) == NULL)
+ perr2("Cannot open ", _PATH_ATJOBS);
+
+ PRIV_END
+
+ /* Loop over every file in the directory */
+ while((dirent = readdir(spool)) != NULL) {
+
+ PRIV_START
+ if (stat(dirent->d_name, &buf) != 0)
+ perr2("Cannot stat in ", _PATH_ATJOBS);
+ PRIV_END
+
+ if (sscanf(dirent->d_name, "%c%5x%8lx", &queue, &jobno, &ctm) !=3)
+ continue;
+
+ for (i = optind; i < argc; i++) {
+ if (atoi(argv[i]) == jobno) {
+ if ((buf.st_uid != real_uid) && !(real_uid == 0)) {
+ (void)fprintf(stderr,
+ "%s: Not owner\n", argv[i]);
+ exit(EXIT_FAILURE);
+ }
+ switch (what) {
+ case ATRM:
+ PRIV_START
+
+ if (unlink(dirent->d_name) != 0)
+ perr(dirent->d_name);
+
+ PRIV_END
+
+ break;
+
+ case CAT:
+ {
+ FILE *fp;
+ int ch;
+
+ PRIV_START
+
+ fp = fopen(dirent->d_name, "r");
+
+ PRIV_END
+
+ if (!fp)
+ perr("Cannot open file");
+
+ while((ch = getc(fp)) != EOF)
+ putchar(ch);
+ }
+ break;
+
+ default:
+ (void)fprintf(stderr,
+ "Internal error, process_jobs = %d\n",
+ what);
+ exit(EXIT_FAILURE);
+ break;
+ }
+ }
}
- if (unlink(argv[i]) != 0)
- perr(argv[i]);
}
- PRIV_END
} /* delete_jobs */
/* Global functions */
char **argv;
{
int c;
- char queue = 'a';
+ char queue = DEFAULT_AT_QUEUE;
+ char queue_set = 0;
char *pgm;
enum {
- ATQ, ATRM, AT, BATCH
- }; /* what program we want to run */
- int program = AT; /* our default program */
- char *options = "q:f:mv"; /* default options for at */
+ ATQ, ATRM, AT, BATCH, CAT
+ }; /* what program we want to run */
+ int program = AT; /* our default program */
+ char *options = "q:f:mvldbVc"; /* default options for at */
+ int disp_version = 0;
time_t timer;
RELINQUISH_PRIVS
/* find out what this program is supposed to do */
if (strcmp(pgm, "atq") == 0) {
program = ATQ;
- options = "q:v";
+ options = "q:vV";
} else if (strcmp(pgm, "atrm") == 0) {
program = ATRM;
- options = "";
+ options = "V";
} else if (strcmp(pgm, "batch") == 0) {
program = BATCH;
- options = "f:mv";
+ options = "f:q:mvV";
}
/* process whatever options we can process */
usage();
atqueue = queue = *optarg;
- if ((!islower(queue)) || (queue > 'l'))
+ if (!(islower(queue) || isupper(queue)))
+ usage();
+
+ queue_set = 1;
+ break;
+
+ case 'd':
+ if (program != AT)
+ usage();
+
+ program = ATRM;
+ options = "V";
+ break;
+
+ case 'l':
+ if (program != AT)
usage();
+
+ program = ATQ;
+ options = "q:vV";
+ break;
+
+ case 'b':
+ if (program != AT)
+ usage();
+
+ program = BATCH;
+ options = "f:q:mvV";
+ break;
+
+ case 'V':
+ disp_version = 1;
+ break;
+
+ case 'c':
+ program = CAT;
+ options = "";
break;
default:
}
/* end of options eating */
+ if (disp_version)
+ (void)fprintf(stderr, "%s version %.1f\n", namep, AT_VERSION);
+
+ if (!check_permission()) {
+ (void)fprintf(stderr, "You do not have permission to use %s.\n",
+ namep);
+ }
+
/* select our program */
switch (program) {
case ATQ:
break;
case ATRM:
- delete_jobs(argc, argv);
+ process_jobs(argc, argv, ATRM);
+ break;
+
+ case CAT:
+ process_jobs(argc, argv, CAT);
break;
case AT:
timer = parsetime(argc, argv);
if (atverify) {
struct tm *tm = localtime(&timer);
-
- fprintf(stderr, "%s\n", asctime(tm));
+ (void)fprintf(stderr, "%s\n", asctime(tm));
}
writefile(timer, queue);
break;
case BATCH:
- writefile(time(NULL), 'b');
+ if (queue_set)
+ queue = toupper(queue);
+ else
+ queue = DEFAULT_BATCH_QUEUE;
+
+ if (argc > optind)
+ timer = parsetime(argc, argv);
+ else
+ timer = time(NULL);
+
+ if (atverify) {
+ struct tm *tm = localtime(&timer);
+ (void)fprintf(stderr, "%s\n", asctime(tm));
+ }
+
+ writefile(timer, queue);
break;
default:
-/* $OpenBSD: at.h,v 1.2 1996/06/26 05:31:28 deraadt Exp $ */
+/* $OpenBSD: at.h,v 1.3 1997/03/01 23:40:09 millert Exp $ */
/* $NetBSD: at.h,v 1.2 1995/03/25 18:13:32 glass Exp $ */
/*
- * at.h - header for at(1)
- * Copyright (c) 1993 by Thomas Koenig
- * All rights reserved.
+ * at.h - header for at(1)
+ * Copyright (C) 1993 Thomas Koenig
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * $NetBSD: at.h,v 1.2 1995/03/25 18:13:32 glass Exp $
*/
extern int fcreated;
extern char atverify;
#define AT_MAXJOBS 255 /* max jobs outstanding per user */
+#define AT_VERSION 2.9 /* our version number */
+
+#define DEFAULT_BATCH_QUEUE 'E'
+#define DEFAULT_AT_QUEUE 'c'
-/* $OpenBSD: panic.c,v 1.3 1996/08/03 20:16:57 millert Exp $ */
+/* $OpenBSD: panic.c,v 1.4 1997/03/01 23:40:09 millert Exp $ */
/* $NetBSD: panic.c,v 1.2 1995/03/25 18:13:33 glass Exp $ */
/*
* panic.c - terminate fast in case of error
* Copyright (c) 1993 by Thomas Koenig
- * All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
/* File scope variables */
#ifndef lint
-static char rcsid[] = "$OpenBSD: panic.c,v 1.3 1996/08/03 20:16:57 millert Exp $";
+static char rcsid[] = "$OpenBSD: panic.c,v 1.4 1997/03/01 23:40:09 millert Exp $";
#endif
/* External variables */
panic(a)
char *a;
{
-/* Something fatal has happened, print error message and exit.
- */
- fprintf(stderr, "%s: %s\n", namep, a);
+ /*
+ * Something fatal has happened, print error message and exit.
+ */
+ (void)fprintf(stderr, "%s: %s\n", namep, a);
if (fcreated) {
PRIV_START
unlink(atfile);
perr(a)
char *a;
{
-/* Some operating system error; print error message and exit.
- */
+ /*
+ * Some operating system error; print error message and exit.
+ */
perror(a);
if (fcreated) {
PRIV_START
perr2(a, b)
char *a, *b;
{
- fprintf(stderr, "%s", a);
+ (void)fputs(a, stderr);
perr(b);
}
void
usage(void)
{
-/* Print usage and exit.
-*/
- fprintf(stderr, "Usage: at [-q x] [-f file] [-m] time\n"
- " atq [-q x] [-v]\n"
- " atrm [-q x] job ...\n"
- " batch [-f file] [-m]\n");
+ /* Print usage and exit. */
+ (void)fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-m] time\n"
+ " at [-V] -c job [job ...]\n"
+ " atq [-V] [-q x] [-v]\n"
+ " atrm [-V] job [job ...]\n"
+ " batch [-V] [-f file] [-m]\n");
exit(EXIT_FAILURE);
}
-/* $OpenBSD: panic.h,v 1.2 1996/06/26 05:31:29 deraadt Exp $ */
+/* $OpenBSD: panic.h,v 1.3 1997/03/01 23:40:10 millert Exp $ */
/* $NetBSD: panic.h,v 1.2 1995/03/25 18:13:35 glass Exp $ */
/*
- * panic.h - header for at(1)
- * Copyright (c) 1993 Thomas Koenig
- * All rights reserved.
+ * panic.h - header for at(1)
+ * Copyright (c) 1993 Thomas Koenig
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
*/
-void panic __P((char *a));
-void perr __P((char *a));
-void perr2 __P((char *a, char *b));
+void panic __P((char *));
+void perr __P((char *));
+void perr2 __P((char *, char *));
void usage __P((void));
-/* $OpenBSD: parsetime.c,v 1.3 1996/06/26 05:31:29 deraadt Exp $ */
+/* $OpenBSD: parsetime.c,v 1.4 1997/03/01 23:40:10 millert Exp $ */
/* $NetBSD: parsetime.c,v 1.3 1995/03/25 18:13:36 glass Exp $ */
/*
* parsetime.c - parse time for at(1)
- * Copyright (C) 1993 Thomas Koenig
+ * Copyright (C) 1993, 1994 Thomas Koenig
*
* modifications for english-language times
* Copyright (C) 1993 David Parsons
- * All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* at [NOW] PLUS NUMBER MINUTES|HOURS|DAYS|WEEKS
* /NUMBER [DOT NUMBER] [AM|PM]\ /[MONTH NUMBER [NUMBER]] \
* |NOON | |[TOMORROW] |
- * |MIDNIGHT | |NUMBER [SLASH NUMBER [SLASH NUMBER]]|
- * \TEATIME / \PLUS NUMBER MINUTES|HOURS|DAYS|WEEKS/
+ * |MIDNIGHT | |[DAY OF WEEK] |
+ * \TEATIME / |NUMBER [SLASH NUMBER [SLASH NUMBER]]|
+ * \PLUS NUMBER MINUTES|HOURS|DAYS|WEEKS/
*/
/* System Headers */
/* Structures and unions */
enum { /* symbols */
- MIDNIGHT, NOON, TEATIME,
- PM, AM, TOMORROW, TODAY, NOW,
- MINUTES, HOURS, DAYS, WEEKS,
- NUMBER, PLUS, DOT, SLASH, ID, JUNK,
- JAN, FEB, MAR, APR, MAY, JUN,
- JUL, AUG, SEP, OCT, NOV, DEC
+ MIDNIGHT, NOON, TEATIME,
+ PM, AM, TOMORROW, TODAY, NOW,
+ MINUTES, HOURS, DAYS, WEEKS,
+ NUMBER, PLUS, DOT, SLASH, ID, JUNK,
+ JAN, FEB, MAR, APR, MAY, JUN,
+ JUL, AUG, SEP, OCT, NOV, DEC,
+ SUN, MON, TUE, WED, THU, FRI, SAT
};
/*
* parse translation table - table driven parsers can be your FRIEND!
*/
struct {
- char *name; /* token name */
- int value; /* token id */
+ char *name; /* token name */
+ int value; /* token id */
+ int plural; /* is this plural? */
} Specials[] = {
- { "midnight", MIDNIGHT }, /* 00:00:00 of today or tomorrow */
- { "noon", NOON }, /* 12:00:00 of today or tomorrow */
- { "teatime", TEATIME }, /* 16:00:00 of today or tomorrow */
- { "am", AM }, /* morning times for 0-12 clock */
- { "pm", PM }, /* evening times for 0-12 clock */
- { "tomorrow", TOMORROW }, /* execute 24 hours from time */
- { "today", TODAY }, /* execute today - don't advance time */
- { "now", NOW }, /* opt prefix for PLUS */
-
- { "minute", MINUTES }, /* minutes multiplier */
- { "min", MINUTES },
- { "m", MINUTES },
- { "minutes", MINUTES }, /* (pluralized) */
- { "hour", HOURS }, /* hours ... */
- { "hr", HOURS }, /* abbreviated */
- { "h", HOURS },
- { "hours", HOURS }, /* (pluralized) */
- { "day", DAYS }, /* days ... */
- { "d", DAYS },
- { "days", DAYS }, /* (pluralized) */
- { "week", WEEKS }, /* week ... */
- { "w", WEEKS },
- { "weeks", WEEKS }, /* (pluralized) */
- { "jan", JAN },
- { "feb", FEB },
- { "mar", MAR },
- { "apr", APR },
- { "may", MAY },
- { "jun", JUN },
- { "jul", JUL },
- { "aug", AUG },
- { "sep", SEP },
- { "oct", OCT },
- { "nov", NOV },
- { "dec", DEC }
-} ;
+ { "midnight", MIDNIGHT, 0 }, /* 00:00:00 of today or tomorrow */
+ { "noon", NOON, 0 }, /* 12:00:00 of today or tomorrow */
+ { "teatime", TEATIME, 0 }, /* 16:00:00 of today or tomorrow */
+ { "am", AM, 0 }, /* morning times for 0-12 clock */
+ { "pm", PM, 0 }, /* evening times for 0-12 clock */
+ { "tomorrow", TOMORROW, 0 }, /* execute 24 hours from time */
+ { "today", TODAY, 0 }, /* execute today - don't advance time */
+ { "now", NOW, 0 }, /* opt prefix for PLUS */
+
+ { "minute", MINUTES, 0 }, /* minutes multiplier */
+ { "min", MINUTES, 0 },
+ { "m", MINUTES, 0 },
+ { "minutes", MINUTES, 1 }, /* (pluralized) */
+ { "hour", HOURS, 0 }, /* hours ... */
+ { "hr", HOURS, 0 }, /* abbreviated */
+ { "h", HOURS, 0 },
+ { "hours", HOURS, 1 }, /* (pluralized) */
+ { "day", DAYS, 0 }, /* days ... */
+ { "d", DAYS, 0 },
+ { "days", DAYS, 1 }, /* (pluralized) */
+ { "week", WEEKS, 0 }, /* week ... */
+ { "w", WEEKS, 0 },
+ { "weeks", WEEKS, 1 }, /* (pluralized) */
+ { "jan", JAN, 0 },
+ { "feb", FEB, 0 },
+ { "mar", MAR, 0 },
+ { "apr", APR, 0 },
+ { "may", MAY, 0 },
+ { "jun", JUN, 0 },
+ { "jul", JUL, 0 },
+ { "aug", AUG, 0 },
+ { "sep", SEP, 0 },
+ { "oct", OCT, 0 },
+ { "nov", NOV, 0 },
+ { "dec", DEC, 0 },
+ { "sunday", SUN, 0 },
+ { "sun", SUN, 0 },
+ { "monday", MON, 0 },
+ { "mon", MON, 0 },
+ { "tuesday", TUE, 0 },
+ { "tue", TUE, 0 },
+ { "wednesday", WED, 0 },
+ { "wed", WED, 0 },
+ { "thursday", THU, 0 },
+ { "thu", THU, 0 },
+ { "friday", FRI, 0 },
+ { "fri", FRI, 0 },
+ { "saturday", SAT, 0 },
+ { "sat", SAT, 0 },
+};
/* File scope variables */
static char *sc_token; /* scanner - token buffer */
static size_t sc_len; /* scanner - lenght of token buffer */
static int sc_tokid; /* scanner - token id */
+static int sc_tokplur; /* scanner - is token plural? */
#ifndef lint
-static char rcsid[] = "$OpenBSD: parsetime.c,v 1.3 1996/06/26 05:31:29 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: parsetime.c,v 1.4 1997/03/01 23:40:10 millert Exp $";
#endif
/* Local functions */
parse_token(arg)
char *arg;
{
- int i;
+ int i;
- for (i=0; i<(sizeof Specials/sizeof Specials[0]); i++)
- if (strcasecmp(Specials[i].name, arg) == 0) {
- return sc_tokid = Specials[i].value;
+ for (i=0; i < sizeof(Specials) / sizeof(Specials[0]); i++) {
+ if (strcasecmp(Specials[i].name, arg) == 0) {
+ sc_tokplur = Specials[i].plural;
+ return (sc_tokid = Specials[i].value);
+ }
}
- /* not special - must be some random id */
- return ID;
+ /* not special - must be some random id */
+ return (ID);
} /* parse_token */
int argc;
char **argv;
{
- scp = argv;
- scc = argc;
- need = 1;
- sc_len = 1;
- while (--argc > 0)
- sc_len += strlen(*++argv);
-
- sc_token = (char *) malloc(sc_len);
- if (sc_token == NULL)
- panic("Insufficient virtual memory");
+ scp = argv;
+ scc = argc;
+ need = 1;
+ sc_len = 1;
+ while (argc-- > 0)
+ sc_len += strlen(*argv++);
+
+ if ((sc_token = (char *) malloc(sc_len)) == NULL)
+ panic("Insufficient virtual memory");
} /* init_scanner */
/*
static int
token()
{
- int idx;
+ int idx;
- while (1) {
- memset(sc_token, 0, sc_len);
- sc_tokid = EOF;
- idx = 0;
+ while (1) {
+ (void)memset(sc_token, 0, sc_len);
+ sc_tokid = EOF;
+ sc_tokplur = 0;
+ idx = 0;
- /*
- * if we need to read another argument, walk along the argument list;
- * when we fall off the arglist, we'll just return EOF forever
- */
- if (need) {
- if (scc < 1)
- return sc_tokid;
- sct = *scp;
- scp++;
- scc--;
- need = 0;
- }
- /*
- * eat whitespace now - if we walk off the end of the argument,
- * we'll continue, which puts us up at the top of the while loop
- * to fetch the next argument in
- */
- while (isspace(*sct))
- ++sct;
- if (!*sct) {
- need = 1;
- continue;
- }
+ /*
+ * if we need to read another argument, walk along the
+ * argument list; when we fall off the arglist, we'll
+ * just return EOF forever
+ */
+ if (need) {
+ if (scc < 1)
+ return (sc_tokid);
+ sct = *scp;
+ scp++;
+ scc--;
+ need = 0;
+ }
+ /*
+ * eat whitespace now - if we walk off the end of the argument,
+ * we'll continue, which puts us up at the top of the while loop
+ * to fetch the next argument in
+ */
+ while (isspace(*sct))
+ ++sct;
+ if (!*sct) {
+ need = 1;
+ continue;
+ }
- /*
- * preserve the first character of the new token
- */
- sc_token[0] = *sct++;
+ /*
+ * preserve the first character of the new token
+ */
+ sc_token[0] = *sct++;
- /*
- * then see what it is
- */
- if (isdigit(sc_token[0])) {
- while (isdigit(*sct))
- sc_token[++idx] = *sct++;
- sc_token[++idx] = 0;
- return sc_tokid = NUMBER;
- } else if (isalpha(sc_token[0])) {
- while (isalpha(*sct))
- sc_token[++idx] = *sct++;
- sc_token[++idx] = 0;
- return parse_token(sc_token);
- }
- else if (sc_token[0] == ':' || sc_token[0] == '.')
- return sc_tokid = DOT;
- else if (sc_token[0] == '+')
- return sc_tokid = PLUS;
- else if (sc_token[0] == '/')
- return sc_tokid = SLASH;
- else
- return sc_tokid = JUNK;
- } /* while (1) */
+ /*
+ * then see what it is
+ */
+ if (isdigit(sc_token[0])) {
+ while (isdigit(*sct))
+ sc_token[++idx] = *sct++;
+ sc_token[++idx] = 0;
+ return ((sc_tokid = NUMBER));
+ } else if (isalpha(sc_token[0])) {
+ while (isalpha(*sct))
+ sc_token[++idx] = *sct++;
+ sc_token[++idx] = 0;
+ return (parse_token(sc_token));
+ }
+ else if (sc_token[0] == ':' || sc_token[0] == '.')
+ return ((sc_tokid = DOT));
+ else if (sc_token[0] == '+')
+ return ((sc_tokid = PLUS));
+ else if (sc_token[0] == '/')
+ return ((sc_tokid = SLASH));
+ else
+ return ((sc_tokid = JUNK));
+ } /* while (1) */
} /* token */
plonk(tok)
int tok;
{
- panic((tok == EOF) ? "incomplete time"
- : "garbled time");
+ panic((tok == EOF) ? "incomplete time" : "garbled time");
} /* plonk */
expect(desired)
int desired;
{
- if (token() != desired)
- plonk(sc_tokid); /* and we die here... */
+ if (token() != desired)
+ plonk(sc_tokid); /* and we die here... */
} /* expect */
int minutes;
struct tm *tm;
{
- /* increment days */
-
- while (minutes > 24*60) {
- minutes -= 24*60;
- tm->tm_mday++;
- }
-
- /* increment hours */
- while (minutes > 60) {
- minutes -= 60;
- tm->tm_hour++;
- if (tm->tm_hour > 23) {
- tm->tm_mday++;
- tm->tm_hour = 0;
+ /* increment days */
+
+ while (minutes > 24*60) {
+ minutes -= 24*60;
+ tm->tm_mday++;
+ }
+
+ /* increment hours */
+ while (minutes > 60) {
+ minutes -= 60;
+ tm->tm_hour++;
+ if (tm->tm_hour > 23) {
+ tm->tm_mday++;
+ tm->tm_hour = 0;
+ }
}
- }
- /* increment minutes */
- tm->tm_min += minutes;
+ /* increment minutes */
+ tm->tm_min += minutes;
- if (tm->tm_min > 59) {
- tm->tm_hour++;
- tm->tm_min -= 60;
+ if (tm->tm_min > 59) {
+ tm->tm_hour++;
+ tm->tm_min -= 60;
- if (tm->tm_hour > 23) {
- tm->tm_mday++;
- tm->tm_hour = 0;
+ if (tm->tm_hour > 23) {
+ tm->tm_mday++;
+ tm->tm_hour = 0;
+ }
}
- }
} /* dateadd */
plus(tm)
struct tm *tm;
{
- int delay;
-
- expect(NUMBER);
-
- delay = atoi(sc_token);
-
- switch (token()) {
- case WEEKS:
- delay *= 7;
- case DAYS:
- delay *= 24;
- case HOURS:
- delay *= 60;
- case MINUTES:
- dateadd(delay, tm);
- return;
- }
- plonk(sc_tokid);
+ int delay;
+ int expectplur;
+
+ expect(NUMBER);
+
+ delay = atoi(sc_token);
+ expectplur = (delay != 1) ? 1 : 0;
+
+ switch (token()) {
+ case WEEKS:
+ delay *= 7;
+ case DAYS:
+ delay *= 24;
+ case HOURS:
+ delay *= 60;
+ case MINUTES:
+ if (expectplur != sc_tokplur)
+ (void)fprintf(stderr, "at: pluralization is wrong\n");
+ dateadd(delay, tm);
+ return;
+ }
+
+ plonk(sc_tokid);
} /* plus */
tod(tm)
struct tm *tm;
{
- int hour, minute = 0;
- int tlen;
+ int hour, minute = 0;
+ size_t tlen;
- hour = atoi(sc_token);
- tlen = strlen(sc_token);
+ hour = atoi(sc_token);
+ tlen = strlen(sc_token);
- /*
- * first pick out the time of day - if it's 4 digits, we assume
- * a HHMM time, otherwise it's HH DOT MM time
- */
- if (token() == DOT) {
- expect(NUMBER);
- minute = atoi(sc_token);
- token();
- } else if (tlen == 4) {
- minute = hour%100;
- hour = hour/100;
- }
-
- if (minute > 59)
- panic("garbled time");
-
- /*
- * check if an AM or PM specifier was given
- */
- if (sc_tokid == AM || sc_tokid == PM) {
- if (hour > 12)
- panic("garbled time");
- else if (hour == 12)
- hour = 0;
-
- if (sc_tokid == PM)
- hour += 12;
- token();
- } else if (hour > 23)
- panic("garbled time");
-
- /*
- * if we specify an absolute time, we don't want to bump the day even
- * if we've gone past that time - but if we're specifying a time plus
- * a relative offset, it's okay to bump things
- */
- if ((sc_tokid == EOF || sc_tokid == PLUS) && tm->tm_hour > hour)
- tm->tm_mday++;
-
- tm->tm_hour = hour;
- tm->tm_min = minute;
+ /*
+ * first pick out the time of day - if it's 4 digits, we assume
+ * a HHMM time, otherwise it's HH DOT MM time
+ */
+ if (token() == DOT) {
+ expect(NUMBER);
+ minute = atoi(sc_token);
+ if (minute > 59)
+ panic("garbled time");
+ token();
+ } else if (tlen == 4) {
+ minute = hour % 100;
+ if (minute > 59)
+ panic("garbled time");
+ hour = hour / 100;
+ }
+
+ /*
+ * check if an AM or PM specifier was given
+ */
+ if (sc_tokid == AM || sc_tokid == PM) {
+ if (hour > 12)
+ panic("garbled time");
+
+ if (sc_tokid == PM) {
+ if (hour != 12) /* 12:xx PM is 12:xx, not 24:xx */
+ hour += 12;
+ } else {
+ if (hour == 12) /* 12:xx AM is 00:xx, not 12:xx */
+ hour = 0;
+ }
+ token();
+ } else if (hour > 23)
+ panic("garbled time");
+
+ /*
+ * if we specify an absolute time, we don't want to bump the day even
+ * if we've gone past that time - but if we're specifying a time plus
+ * a relative offset, it's okay to bump things
+ */
+ if ((sc_tokid == EOF || sc_tokid == PLUS) && tm->tm_hour > hour) {
+ tm->tm_mday++;
+ tm->tm_wday++;
+ }
+
+ tm->tm_hour = hour;
+ tm->tm_min = minute;
+ if (tm->tm_hour == 24) {
+ tm->tm_hour = 0;
+ tm->tm_mday++;
+ }
} /* tod */
static void
assign_date(tm, mday, mon, year)
struct tm *tm;
- long mday, mon, year;
+ int mday, mon, year;
{
- if (year > 99) {
- if (year > 1899)
- year -= 1900;
- else
- panic("garbled time");
- }
-
- if (year < 0 &&
- (tm->tm_mon > mon ||(tm->tm_mon == mon && tm->tm_mday > mday)))
- year = tm->tm_year + 1;
-
- tm->tm_mday = mday;
- tm->tm_mon = mon;
-
- if (year >= 0)
- tm->tm_year = year;
+ if (year > 99) {
+ if (year > 1899)
+ year -= 1900;
+ else
+ panic("garbled time");
+ }
+
+ if (year < 0 &&
+ (tm->tm_mon > mon ||(tm->tm_mon == mon && tm->tm_mday > mday)))
+ year = tm->tm_year + 1;
+
+ tm->tm_mday = mday;
+ tm->tm_mon = mon;
+
+ if (year >= 0)
+ tm->tm_year = year;
} /* assign_date */
*
* /[<month> NUMBER [NUMBER]] \
* |[TOMORROW] |
+ * |[DAY OF WEEK] |
* |NUMBER [SLASH NUMBER [SLASH NUMBER]]|
* \PLUS NUMBER MINUTES|HOURS|DAYS|WEEKS/
*/
month(tm)
struct tm *tm;
{
- long year= (-1);
- long mday, mon;
- int tlen;
-
- switch (sc_tokid) {
- case PLUS:
- plus(tm);
- break;
-
- case TOMORROW:
- /* do something tomorrow */
- tm->tm_mday ++;
- case TODAY: /* force ourselves to stay in today - no further processing */
- token();
- break;
-
- case JAN: case FEB: case MAR: case APR: case MAY: case JUN:
- case JUL: case AUG: case SEP: case OCT: case NOV: case DEC:
- /*
- * do month mday [year]
- */
- mon = (sc_tokid-JAN);
- expect(NUMBER);
- mday = atol(sc_token);
- if (token() == NUMBER) {
- year = atol(sc_token);
+ int year = (-1);
+ int mday, wday, mon;
+ size_t tlen;
+
+ switch (sc_tokid) {
+ case PLUS:
+ plus(tm);
+ break;
+
+ case TOMORROW:
+ /* do something tomorrow */
+ tm->tm_mday++;
+ tm->tm_wday++;
+ case TODAY:
+ /* force ourselves to stay in today - no further processing */
token();
- }
- assign_date(tm, mday, mon, year);
- break;
-
- case NUMBER:
- /*
- * get numeric MMDDYY, mm/dd/yy, or dd.mm.yy
- */
- tlen = strlen(sc_token);
- mon = atol(sc_token);
- token();
-
- if (sc_tokid == SLASH || sc_tokid == DOT) {
- int sep;
-
- sep = sc_tokid;
- expect(NUMBER);
- mday = atol(sc_token);
- if (token() == sep) {
- expect(NUMBER);
- year = atol(sc_token);
- token();
- }
+ break;
+ case JAN: case FEB: case MAR: case APR: case MAY: case JUN:
+ case JUL: case AUG: case SEP: case OCT: case NOV: case DEC:
/*
- * flip months and days for european timing
+ * do month mday [year]
*/
- if (sep == DOT) {
- int x = mday;
- mday = mon;
- mon = x;
- }
- } else if (tlen == 6 || tlen == 8) {
- if (tlen == 8) {
- year = (mon % 10000) - 1900;
- mon /= 10000;
- } else {
- year = mon % 100;
- mon /= 100;
+ mon = sc_tokid - JAN;
+ expect(NUMBER);
+ mday = atoi(sc_token);
+ if (token() == NUMBER) {
+ year = atoi(sc_token);
+ token();
}
- mday = mon % 100;
- mon /= 100;
- } else
- panic("garbled time");
+ assign_date(tm, mday, mon, year);
+ break;
- mon--;
- if (mon < 0 || mon > 11 || mday < 1 || mday > 31)
- panic("garbled time");
+ case SUN: case MON: case TUE:
+ case WED: case THU: case FRI:
+ case SAT:
+ /* do a particular day of the week */
+ wday = sc_tokid - SUN;
+
+ mday = tm->tm_mday;
+
+ /* if this day is < today, then roll to next week */
+ if (wday < tm->tm_wday)
+ mday += 7 - (tm->tm_wday - wday);
+ else
+ mday += (wday - tm->tm_wday);
+
+ tm->tm_wday = wday;
+
+ assign_date(tm, mday, tm->tm_mon, tm->tm_year);
+ break;
+
+ case NUMBER:
+ /*
+ * get numeric MMDDYY, mm/dd/yy, or dd.mm.yy
+ */
+ tlen = strlen(sc_token);
+ mon = atoi(sc_token);
+ token();
- assign_date(tm, mday, mon, year);
- break;
- } /* case */
+ if (sc_tokid == SLASH || sc_tokid == DOT) {
+ int sep;
+
+ sep = sc_tokid;
+ expect(NUMBER);
+ mday = atoi(sc_token);
+ if (token() == sep) {
+ expect(NUMBER);
+ year = atoi(sc_token);
+ token();
+ }
+
+ /*
+ * flip months and days for european timing
+ */
+ if (sep == DOT) {
+ int x = mday;
+ mday = mon;
+ mon = x;
+ }
+ } else if (tlen == 6 || tlen == 8) {
+ if (tlen == 8) {
+ year = (mon % 10000) - 1900;
+ mon /= 10000;
+ } else {
+ year = mon % 100;
+ mon /= 100;
+ }
+ mday = mon % 100;
+ mon /= 100;
+ } else
+ panic("garbled time");
+
+ mon--;
+ if (mon < 0 || mon > 11 || mday < 1 || mday > 31)
+ panic("garbled time");
+
+ assign_date(tm, mday, mon, year);
+ break;
+ } /* case */
} /* month */
int argc;
char **argv;
{
-/*
- * Do the argument parsing, die if necessary, and return the time the job
- * should be run.
- */
- time_t nowtimer, runtimer;
- struct tm nowtime, runtime;
- int hr = 0;
- /* this MUST be initialized to zero for midnight/noon/teatime */
-
- nowtimer = time(NULL);
- nowtime = *localtime(&nowtimer);
-
- runtime = nowtime;
- runtime.tm_sec = 0;
- runtime.tm_isdst = 0;
-
- if (argc <= optind)
- usage();
-
- init_scanner(argc-optind, argv+optind);
-
- switch (token()) {
- case NOW: /* now is optional prefix for PLUS tree */
- expect(PLUS);
- case PLUS:
- plus(&runtime);
- break;
-
- case NUMBER:
- tod(&runtime);
- month(&runtime);
- break;
-
- /*
- * evil coding for TEATIME|NOON|MIDNIGHT - we've initialised
- * hr to zero up above, then fall into this case in such a
- * way so we add +12 +4 hours to it for teatime, +12 hours
- * to it for noon, and nothing at all for midnight, then
- * set our runtime to that hour before leaping into the
- * month scanner
- */
- case TEATIME:
- hr += 4;
- case NOON:
- hr += 12;
- case MIDNIGHT:
- if (runtime.tm_hour >= hr)
- runtime.tm_mday++;
- runtime.tm_hour = hr;
- runtime.tm_min = 0;
- token();
- /* fall through to month setting */
- default:
- month(&runtime);
- break;
- } /* ugly case statement */
- expect(EOF);
-
- /*
- * adjust for daylight savings time
- */
- runtime.tm_isdst = -1;
- runtimer = mktime(&runtime);
- if (runtime.tm_isdst > 0) {
- runtimer -= 3600;
+ /*
+ * Do the argument parsing, die if necessary, and return the
+ * time the job should be run.
+ */
+ time_t nowtimer, runtimer;
+ struct tm nowtime, runtime;
+ int hr = 0;
+ /* this MUST be initialized to zero for midnight/noon/teatime */
+
+ nowtimer = time(NULL);
+ nowtime = *localtime(&nowtimer);
+
+ runtime = nowtime;
+ runtime.tm_sec = 0;
+ runtime.tm_isdst = 0;
+
+ if (argc <= optind)
+ usage();
+
+ init_scanner(argc - optind, argv + optind);
+
+ switch (token()) {
+ case NOW: /* now is optional prefix for PLUS tree */
+ expect(PLUS);
+ case PLUS:
+ plus(&runtime);
+ break;
+
+ case NUMBER:
+ tod(&runtime);
+ month(&runtime);
+ break;
+
+ /*
+ * evil coding for TEATIME|NOON|MIDNIGHT - we've initialised
+ * hr to zero up above, then fall into this case in such a
+ * way so we add +12 +4 hours to it for teatime, +12 hours
+ * to it for noon, and nothing at all for midnight, then
+ * set our runtime to that hour before leaping into the
+ * month scanner
+ */
+ case TEATIME:
+ hr += 4;
+ case NOON:
+ hr += 12;
+ case MIDNIGHT:
+ if (runtime.tm_hour >= hr) {
+ runtime.tm_mday++;
+ runtime.tm_wday++;
+ }
+ runtime.tm_hour = hr;
+ runtime.tm_min = 0;
+ token();
+ /* fall through to month setting */
+ default:
+ month(&runtime);
+ break;
+ } /* ugly case statement */
+ expect(EOF);
+
+ /*
+ * adjust for daylight savings time
+ */
+ runtime.tm_isdst = -1;
runtimer = mktime(&runtime);
- }
+ if (runtime.tm_isdst > 0) {
+ runtimer -= 3600;
+ runtimer = mktime(&runtime);
+ }
- if (runtimer < 0)
- panic("garbled time");
+ if (runtimer < 0)
+ panic("garbled time");
- if (nowtimer > runtimer)
- panic("Trying to travel back in time");
+ if (nowtimer > runtimer)
+ panic("Trying to travel back in time");
- return runtimer;
+ return (runtimer);
} /* parsetime */
-/* $OpenBSD: parsetime.h,v 1.2 1996/06/26 05:31:30 deraadt Exp $ */
+/* $OpenBSD: parsetime.h,v 1.3 1997/03/01 23:40:11 millert Exp $ */
/* $NetBSD: parsetime.h,v 1.2 1995/03/25 18:13:37 glass Exp $ */
/*
- * at.h - header for at(1)
- * Copyright (c) 1993 by Thomas Koenig
- * All rights reserved.
+ * parsetime.h - header for at(1)
+ * Copyright (c) 1993 Thomas Koenig
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
*
*/
-time_t parsetime __P((int argc, char **argv));
+time_t parsetime __P((int, char **));
-/* $OpenBSD: pathnames.h,v 1.2 1996/06/26 05:31:31 deraadt Exp $ */
+/* $OpenBSD: pathnames.h,v 1.3 1997/03/01 23:40:11 millert Exp $ */
/* $NetBSD: pathnames.h,v 1.3 1995/03/25 18:13:38 glass Exp $ */
/*
#define _PATH_ATJOBS "/var/at/jobs/"
#define _PATH_ATSPOOL "/var/at/spool/"
-#define _PATH_LOCKFILE "/var/at/lockfile"
+#define _PATH_LOCKFILE "/var/at/.lockfile"
+#define _PATH_SEQFILE "/var/at/.SEQ"
+#define _PATH_AT_ALLOW "/var/at/at.allow"
+#define _PATH_AT_DENY "/var/at/at.deny"
#endif /* !_PATHNAMES_H_ */
--- /dev/null
+/* $OpenBSD: perm.c,v 1.1 1997/03/01 23:40:12 millert Exp $ */
+
+/*
+ * perm.c - check user permission for at(1)
+ * Copyright (C) 1994 Thomas Koenig
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. The name of the author(s) may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/* System Headers */
+
+#include <sys/types.h>
+#include <errno.h>
+#include <pwd.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+/* Local headers */
+
+#include "at.h"
+#include "panic.h"
+#include "pathnames.h"
+#include "privs.h"
+
+/* File scope variables */
+
+#ifndef lint
+static char rcsid[] = "$OpenBSD: perm.c,v 1.1 1997/03/01 23:40:12 millert Exp $";
+#endif
+
+/* Function declarations */
+
+static int check_for_user __P((FILE *, const char *));
+
+/* Local functions */
+
+static int
+check_for_user(fp, name)
+ FILE *fp;
+ const char *name;
+{
+ char *buffer;
+ size_t len;
+ int found = 0;
+
+ len = strlen(name);
+ if ((buffer = malloc(len + 2)) == NULL)
+ panic("Insufficient virtual memory");
+
+ while (fgets(buffer, len + 2, fp) != NULL) {
+ if (strncmp(name, buffer, len) == 0 && buffer[len] == '\n') {
+ found = 1;
+ break;
+ }
+ }
+ (void)fclose(fp);
+ free(buffer);
+ return (found);
+}
+
+
+/* Global functions */
+
+int
+check_permission()
+{
+ FILE *fp;
+ uid_t uid = geteuid();
+ struct passwd *pentry;
+
+ if (uid==0)
+ return 1;
+
+ if ((pentry = getpwuid(uid)) == NULL) {
+ perror("Cannot access user database");
+ exit(EXIT_FAILURE);
+ }
+
+ PRIV_START
+
+ fp = fopen(_PATH_AT_ALLOW, "r");
+
+ PRIV_END
+
+ if (fp != NULL) {
+ return (check_for_user(fp, pentry->pw_name));
+ } else {
+ PRIV_START
+
+ fp = fopen(_PATH_AT_DENY, "r");
+
+ PRIV_END
+
+ if (fp != NULL)
+ return (!check_for_user(fp, pentry->pw_name));
+ else
+ perror(_PATH_AT_DENY);
+ }
+ return (0);
+}
--- /dev/null
+/*
+ * perm.h - header for at(1)
+ * Copyright (C) 1994 Thomas Koenig
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. The name of the author(s) may not be used to endorse or promote
+ * products derived from this software without specific prior written
+ * permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+int check_permission __P((void));
-/* $OpenBSD: privs.h,v 1.3 1996/12/22 03:39:24 tholo Exp $ */
+/* $OpenBSD: privs.h,v 1.4 1997/03/01 23:40:12 millert Exp $ */
/* $NetBSD: privs.h,v 1.3 1995/03/25 18:13:41 glass Exp $ */
-/*
- * privs.h - header for privileged operations
- * Copyright (c) 1993 by Thomas Koenig
- * All rights reserved.
+/*
+ * privs.h - header for privileged operations
+ * Copyright (C) 1993 Thomas Koenig
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
*/
#ifndef _PRIVS_H
#include <unistd.h>
-/* Relinquish privileges temporarily for a setuid program
- * with the option of getting them back later. This is done by swapping
- * the real and effective userid BSD style. Call RELINQUISH_PRIVS once
+/* Relinquish privileges temporarily for a setuid or setgid program
+ * with the option of getting them back later. This is done by
+ * utilizing POSIX saved user and groups ids. Call RELINQUISH_PRIVS once
* at the beginning of the main program. This will cause all operatons
* to be executed with the real userid. When you need the privileges
- * of the setuid invocation, call PRIV_START; when you no longer
+ * of the setuid/setgid invocation, call PRIV_START; when you no longer
* need it, call PRIV_END. Note that it is an error to call PRIV_START
* and not PRIV_END within the same function.
*
- * Use RELINQUISH_PRIVS_ROOT(a) if your program started out running
+ * Use RELINQUISH_PRIVS_ROOT(a,b) if your program started out running
* as root, and you want to drop back the effective userid to a
* and the effective group id to b, with the option to get them back
* later.
*
- * If you no longer need root privileges, but those of some other
- * userid, you can call REDUCE_PRIV(a) when your effective
- * is the user's.
- *
* Problems: Do not use return between PRIV_START and PRIV_END; this
* will cause the program to continue running in an unprivileged
* state.
#endif
uid_t real_uid, effective_uid;
+#ifndef MAIN
+extern
+#endif
+gid_t real_gid, effective_gid;
+
#define RELINQUISH_PRIVS { \
- real_uid = getuid(); \
- effective_uid = geteuid(); \
- seteuid(real_uid); \
+ real_uid = getuid(); \
+ effective_uid = geteuid(); \
+ real_gid = getgid(); \
+ effective_gid = getegid(); \
+ setegid(real_gid); \
+ seteuid(real_uid); \
}
-#define RELINQUISH_PRIVS_ROOT(a) { \
+#define RELINQUISH_PRIVS_ROOT(a, b) { \
real_uid = (a); \
effective_uid = geteuid(); \
+ real_gid = (b); \
+ effective_gid = getegid(); \
+ setegid(real_gid); \
seteuid(real_uid); \
}
#define PRIV_START { \
- seteuid(effective_uid);
+ seteuid(effective_uid); \
+ setegid(effective_gid); \
+}
-#define PRIV_END \
+#define PRIV_END { \
+ setegid(real_gid); \
seteuid(real_uid); \
}
-#define REDUCE_PRIV(a) { \
- real_uid = effective_uid = (a); \
- seteuid(effective_uid); \
- setuid(real_uid); \
-}
#endif
projects / openbsd / commitdiff