From: millert Date: Sat, 1 Mar 1997 23:39:43 +0000 (+0000) Subject: Merge in changes from at 2.9 X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=5ec155afad617e24bf242a0db9bb561c39171001;p=openbsd Merge in changes from at 2.9 --- diff --git a/libexec/atrun/atrun.8 b/libexec/atrun/atrun.8 index 33390e348dc..ef8eb1f0c4c 100644 --- a/libexec/atrun/atrun.8 +++ b/libexec/atrun/atrun.8 @@ -1,78 +1,69 @@ -.\" $OpenBSD: atrun.8,v 1.2 1996/10/08 01:20:19 michaels Exp $ -.\" -.\" Copyright (c) 1993 Christopher G. Demetriou -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by Christopher G. Demetriou. -.\" 3. The name of the author may not be used to endorse or promote products -.\" derived from this software without specific prior written permission -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $Id: atrun.8,v 1.2 1996/10/08 01:20:19 michaels Exp $ -.\" -.Dd December 5, 1993 +.\" $OpenBSD: atrun.8,v 1.3 1997/03/01 23:39:43 millert Exp $ +.\" $FreeBSD: atrun.man,v 1.3 1997/02/22 14:20:55 peter Exp $ +.Dd April 12, 1995 .Dt ATRUN 8 .Os .Sh NAME .Nm atrun .Nd run jobs queued for later execution -.\" -.Sh SYOPSIS +.Sh SYNOPSIS .Nm atrun +.Op Fl l Ar load_avg +.Op Fl d .Sh DESCRIPTION -The -.Nm atrun -utility runs commands queued by +.Nm Atrun +runs jobs queued by .Xr at 1 . -It is usually invoked by +Root's +.Xr crontab 5 +must contain the line: +.nf + +*/10 * * * * root /usr/libexec/atrun + +.fi +so that +.Xr atrun 8 +gets called every ten minutes. +.Pp +At every invocation, every job in lowercase queues whose starting time +has passed is started. +A maximum of one batch jobs (denoted by uppercase queues) are started +each time +.Nm atrun +is invoked. +.Sh OPTIONS +.Bl -tag -width indent +.It Fl l Ar load_avg +Specifies a limiting load factor, over which batch jobs should +not be run, instead of the compiled \- in value of 1.5. +.It Fl d +Debug; print error messages to standard error instead of using +.Xr syslog 3 . +.El +.Sh WARNINGS +For +.Nm atrun +to work, you have to start up a .Xr cron 8 -every ten minutes. +daemon. .Sh FILES -.Bl -tag -width /var/at/lockfile -compact -.It Pa /var/at/jobs -Directory containing job files +.Bl -tag -width /var/at/spool -compact .It Pa /var/at/spool Directory containing output spool files -.It Pa /var/at/lockfile -Job-creation lock file. +.It Pa /var/at/jobs +Directory containing job files .El .Sh SEE ALSO .Xr cron 8 , -.Xr at 1 -.Sh AUTHOR -.Bl -tag -Thomas Koenig, ig25@rz.uni-karlsruhe.de -.El +.Xr crontab 1 , +.Xr crontab 5 , +.Xr at 1 , +.Xr syslog 3 . .Sh BUGS -The functionality of +The functionality of .Nm atrun -should arguaby be merged into +should be merged into .Xr cron 8 . -.Sh CAVEATS -Since the default configuration causes -.Nm atrun -to be invoked every ten minutes, -commands queued by -.Xr at 1 -may end up being executed up to nine minutes -later than would be otherwise expected. +.Sh AUTHOR +Thomas Koenig . diff --git a/libexec/atrun/atrun.c b/libexec/atrun/atrun.c index 7d1b499067b..0d2e26647ba 100644 --- a/libexec/atrun/atrun.c +++ b/libexec/atrun/atrun.c @@ -1,7 +1,8 @@ +/* $OpenBSD: atrun.c,v 1.3 1997/03/01 23:39:43 millert Exp $ */ + /* - * atrun.c - run jobs queued by at; run with root privileges. - * Copyright (c) 1993 by Thomas Koenig - * All rights reserved. + * atrun.c - run jobs queued by at; run with root privileges. + * Copyright (C) 1993, 1994 Thomas Koenig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -15,7 +16,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY @@ -30,9 +31,11 @@ #include #include #include +#include #include #include #include +#include #include #include #include @@ -54,14 +57,33 @@ /* File scope variables */ static char *namep; -static char rcsid[] = "$Id: atrun.c,v 1.2 1996/12/22 03:41:10 tholo Exp $"; +static char rcsid[] = "$OpenBSD: atrun.c,v 1.3 1997/03/01 23:39:43 millert Exp $"; +static int debug = 0; /* Local functions */ + static void perr(a) const char *a; { - syslog(LOG_ERR, "%s: %m", a); + if (debug) + perror(a); + else + syslog(LOG_ERR, "%s: %m", a); + + exit(EXIT_FAILURE); +} + +static void +perr2(a, b) + char *a, *b; +{ + if (debug) { + (void)fputs(a, stderr); + perror(b); + } else + syslog(LOG_ERR, "%s%s: %m", a, b); + exit(EXIT_FAILURE); } @@ -70,13 +92,14 @@ write_string(fd, a) int fd; const char *a; { - return write(fd, a, strlen(a)); + return(write(fd, a, strlen(a))); } static void -run_file(filename, uid) +run_file(filename, uid, gid) const char *filename; uid_t uid; + gid_t gid; { /* * Run a file by by spawning off a process which redirects I/O, @@ -90,15 +113,24 @@ run_file(filename, uid) char *mailname = NULL; FILE *stream; int send_mail = 0; - struct stat buf; + struct stat buf, lbuf; off_t size; struct passwd *pentry; int fflags; + uid_t nuid; + gid_t ngid; + + PRIV_START + + if (chmod(filename, S_IRUSR) != 0) + perr("Cannot change file permissions"); + + PRIV_END pid = fork(); if (pid == -1) perr("Cannot fork"); - else if (pid > 0) + else if (pid != 0) return; /* @@ -107,15 +139,23 @@ run_file(filename, uid) * root. */ + pentry = getpwuid(uid); + if (pentry == NULL) { + syslog(LOG_ERR,"Userid %u not found - aborting job %s", + uid, filename); + exit(EXIT_FAILURE); + } PRIV_START - stream = fopen(filename, "r"); + stream = fopen(filename, "r"); PRIV_END - pentry = getpwuid(uid); - if (pentry == NULL) - perr("UID not in password file!"); + if (pentry->pw_expire && time(NULL) >= pentry->pw_expire) { + syslog(LOG_ERR, "Userid %u has expired - aborting job %s", + uid, filename); + exit(EXIT_FAILURE); + } if (stream == NULL) perr("Cannot open input file"); @@ -123,37 +163,86 @@ run_file(filename, uid) if ((fd_in = dup(fileno(stream))) < 0) perr("Error duplicating input file descriptor"); + if (fstat(fd_in, &buf) == -1) + perr("Error in fstat of input file descriptor"); + + PRIV_START + + if (lstat(filename, &lbuf) == -1) + perr("Error in lstat of input file"); + + PRIV_END + + if (S_ISLNK(lbuf.st_mode)) { + syslog(LOG_ERR, "Symbolic link encountered in job %s - aborting", + filename); + exit(EXIT_FAILURE); + } + if ((lbuf.st_dev != buf.st_dev) || (lbuf.st_ino != buf.st_ino) || + (lbuf.st_uid != buf.st_uid) || (lbuf.st_gid != buf.st_gid) || + (lbuf.st_size!=buf.st_size)) { + syslog(LOG_ERR, "Somebody changed files from under us for job %s - aborting", filename); + exit(EXIT_FAILURE); + } + if (buf.st_nlink > 1) { + syslog(LOG_ERR, "Somebody is trying to run a linked script for job %s", + filename); + exit(EXIT_FAILURE); + } if ((fflags = fcntl(fd_in, F_GETFD)) < 0) perr("Error in fcntl"); - fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC); + (void)fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC); - if (fscanf(stream, "#! /bin/sh\n# mail %8s %d", mailbuf, &send_mail) == 2) { - mailname = mailbuf; - } else { - mailname = pentry->pw_name; + if (fscanf(stream, "#!/bin/sh\n# atrun uid=%u gid=%u\n# mail %8s %d", + &nuid, &ngid, mailbuf, &send_mail) != 4) { + syslog(LOG_ERR, "File %s is in wrong format - aborting", + filename); + exit(EXIT_FAILURE); } - fclose(stream); + if (mailbuf[0] == '-') { + syslog(LOG_ERR, "illegal mail name %s in %s", mailbuf, filename); + exit(EXIT_FAILURE); + } + mailname = mailbuf; + if (nuid != uid) { + syslog(LOG_ERR, "Job %s - userid %u does not match file uid %u", + filename, nuid, uid); + exit(EXIT_FAILURE); + } + if (ngid != gid) { + syslog(LOG_ERR, "Job %s - groupid %u does not match file gid %u", + filename, ngid, gid); + exit(EXIT_FAILURE); + } + (void)fclose(stream); + + PRIV_START + if (chdir(_PATH_ATSPOOL) < 0) - perr("Cannot chdir to " _PATH_ATSPOOL); + perr2("Cannot chdir to ", _PATH_ATSPOOL); /* * Create a file to hold the output of the job we are about to * run. Write the mail header. */ + if ((fd_out = open(filename, O_WRONLY | O_CREAT | O_EXCL, S_IWUSR | S_IRUSR)) < 0) perr("Cannot create output file"); + PRIV_END + write_string(fd_out, "Subject: Output from your job "); write_string(fd_out, filename); write_string(fd_out, "\n\n"); - fstat(fd_out, &buf); + if (fstat(fd_out, &buf) == -1) + perr("Error in fstat of output file descriptor"); size = buf.st_size; - close(STDIN_FILENO); - close(STDOUT_FILENO); - close(STDERR_FILENO); + (void)close(STDIN_FILENO); + (void)close(STDOUT_FILENO); + (void)close(STDERR_FILENO); pid = fork(); if (pid < 0) @@ -167,7 +256,6 @@ run_file(filename, uid) * the input file, and standard output and error sent to * our output file. */ - if (lseek(fd_in, (off_t) 0, SEEK_SET) < 0) perr("Error in lseek"); @@ -180,60 +268,79 @@ run_file(filename, uid) if (dup(fd_out) != STDERR_FILENO) perr("Error in I/O redirection"); - close(fd_in); - close(fd_out); + (void)close(fd_in); + (void)close(fd_out); + + PRIV_START + if (chdir(_PATH_ATJOBS) < 0) - perr("Cannot chdir to " _PATH_ATJOBS); + perr2("Cannot chdir to ", _PATH_ATJOBS); queue = *filename; - PRIV_START + if (queue > 'b') + nice(queue - 'b'); - if (queue > 'b') - nice(queue - 'b'); + if (chdir(pentry->pw_dir) < 0) + chdir("/"); if (initgroups(pentry->pw_name, pentry->pw_gid) < 0) perr("Cannot init group list"); - if (setegid(pentry->pw_gid) < 0) - perr("Cannot change primary group"); - if (setgid(pentry->pw_gid) < 0) + if (setegid(pentry->pw_gid) < 0 || setgid(pentry->pw_gid) < 0) perr("Cannot change primary group"); - if (seteuid(uid) < 0) - perr("Cannot set user id"); - if (setuid(uid) < 0) + if (seteuid(uid) < 0 || setuid(uid) < 0) perr("Cannot set user id"); - chdir("/"); - - if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0) - perr("Exec failed"); + if (execle("/bin/sh", "sh", (char *)NULL, nenvp) != 0) + perr("Exec failed for /bin/sh"); PRIV_END } /* We're the parent. Let's wait. */ - close(fd_in); - close(fd_out); - waitpid(pid, (int *) NULL, 0); + (void)close(fd_in); + (void)close(fd_out); + waitpid(pid, (int *)NULL, 0); + + /* + * Send mail. Unlink the output file first, so it is deleted + * after the run. + */ + PRIV_START + + if (stat(filename, &buf) == -1) + perr("Error in stat of output file"); + if (open(filename, O_RDONLY) != STDIN_FILENO) + perr("Open of jobfile failed"); + + (void)unlink(filename); + + PRIV_END - stat(filename, &buf); if ((buf.st_size != size) || send_mail) { /* Fork off a child for sending mail */ - pid = fork(); - if (pid < 0) - perr("Fork failed"); - else if (pid == 0) { - if (open(filename, O_RDONLY) != STDIN_FILENO) - perr("Cannot reopen output file"); - - execl(_PATH_SENDMAIL, _PATH_SENDMAIL, mailname, - (char *) NULL); - perr("Exec failed"); - } - waitpid(pid, (int *) NULL, 0); + + PRIV_START + + if (chdir(pentry->pw_dir)) + chdir("/"); + + if (initgroups(pentry->pw_name, pentry->pw_gid)) + perr("Cannot init group list"); + + if (setegid(gid) < 0 || setgid(gid) < 0) + perr("Cannot change primary group"); + + if (seteuid(uid) < 0 || setuid(uid) < 0) + perr("Cannot set user id"); + + execl(_PATH_SENDMAIL, "sendmail", "-F", "Atrun Service", + "-odi", "-oem", mailname, (char *) NULL); + perr("Exec failed for mail command"); + + PRIV_END } - unlink(filename); exit(EXIT_SUCCESS); } @@ -260,21 +367,57 @@ main(argc, argv) DIR *spool; struct dirent *dirent; struct stat buf; - int older; unsigned long ctm; + int jobno; char queue; + time_t now, run_time; + char batch_name[] = "Z2345678901234"; + uid_t batch_uid; + gid_t batch_gid; + int c; + int run_batch; + double la, load_avg = ATRUN_MAXLOAD; /* * We don't need root privileges all the time; running under uid - * and gid daemon is fine. + * and gid nobody is fine except for priviledged operations. */ + RELINQUISH_PRIVS_ROOT(NOBODY_UID, NOBODY_GID) - RELINQUISH_PRIVS_ROOT(0) /* it's setuid root */ openlog("atrun", LOG_PID, LOG_CRON); + opterr = 0; + errno = 0; + while ((c = getopt(argc, argv, "dl:")) != -1) { + switch (c) { + case 'l': + if (sscanf(optarg, "%lf", &load_avg) != 1) + perr("garbled option -l"); + if (load_avg <= 0.) + load_avg = ATRUN_MAXLOAD; + break; + + case 'd': + debug++; + break; + + case '?': + perr("unknown option"); + break; + + default: + perr("idiotic option - aborted"); + break; + } + } + namep = argv[0]; + + PRIV_START + if (chdir(_PATH_ATJOBS) != 0) - perr("Cannot change to " _PATH_ATJOBS); + perr2("Cannot change to ", _PATH_ATJOBS); + /* * Main loop. Open spool directory for reading and look over all @@ -284,50 +427,67 @@ main(argc, argv) * which executes the shell script. Unlink older files if they * should no longer be run. For deletion, their r bit has to be * turned on. + * + * Also, pick the oldest batch job to run, at most one per + * invocation of atrun. */ if ((spool = opendir(".")) == NULL) - perr("Cannot read " _PATH_ATJOBS); + perr2("Cannot read ", _PATH_ATJOBS); + + PRIV_END + + now = time(NULL); + run_batch = 0; + batch_uid = (uid_t) -1; + batch_gid = (gid_t) -1; while ((dirent = readdir(spool)) != NULL) { - double la; + PRIV_START if (stat(dirent->d_name, &buf) != 0) - perr("Cannot stat in " _PATH_ATJOBS); + perr2("Cannot stat in ", _PATH_ATJOBS); + + PRIV_END /* We don't want directories */ if (!S_ISREG(buf.st_mode)) continue; - if (sscanf(dirent->d_name, "%c%8lx", &queue, &ctm) != 2) - continue; - - if ((queue == 'b') && ((getloadavg(&la, 1) != 1) || - (la > ATRUN_MAXLOAD))) + if (sscanf(dirent->d_name, "%c%5x%8lx", &queue, &jobno, &ctm) != 3) continue; - older = (time_t) ctm *60 <= time(NULL); - - /* The file is executable and old enough */ - if (older && (S_IXUSR & buf.st_mode)) { - /* - * Now we know we want to run the file, we can turn - * off the execute bit - */ + run_time = (time_t) ctm * 60; + + if ((S_IXUSR & buf.st_mode) && (run_time <= now)) { + if (isupper(queue) && + (strcmp(batch_name, dirent->d_name) > 0)) { + run_batch = 1; + (void)strncpy(batch_name, dirent->d_name, + sizeof(batch_name)); + batch_uid = buf.st_uid; + batch_gid = buf.st_gid; + } + + /* The file is executable and old enough */ + if (islower(queue)) + run_file(dirent->d_name, buf.st_uid, buf.st_gid); + } + /* Delete older files */ + if ((run_time < now) && !(S_IXUSR & buf.st_mode) && + (S_IRUSR & buf.st_mode)) { PRIV_START - if (chmod(dirent->d_name, S_IRUSR) != 0) - perr("Cannot change file permissions"); + (void)unlink(dirent->d_name); PRIV_END - - run_file(dirent->d_name, buf.st_uid); } - /* Delete older files */ - if (older && !(S_IXUSR & buf.st_mode) && - (S_IRUSR & buf.st_mode)) - unlink(dirent->d_name); } + + /* Run the single batch file, if any */ + if (run_batch && ((getloadavg(&la, 1) == 1) && la < load_avg)) + run_file(batch_name, batch_uid, batch_gid); + closelog(); exit(EXIT_SUCCESS); } diff --git a/libexec/atrun/atrun.h b/libexec/atrun/atrun.h index f324a2079fa..2b7b8446ec1 100644 --- a/libexec/atrun/atrun.h +++ b/libexec/atrun/atrun.h @@ -27,7 +27,9 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $Id: atrun.h,v 1.1.1.1 1995/10/18 08:43:15 deraadt Exp $ + * $Id: atrun.h,v 1.2 1997/03/01 23:39:44 millert Exp $ */ #define ATRUN_MAXLOAD 1.5 +#define NOBODY_UID 32767 +#define NOBODY_GID 32767 diff --git a/usr.bin/at/Makefile b/usr.bin/at/Makefile index 04608254878..355fad47448 100644 --- a/usr.bin/at/Makefile +++ b/usr.bin/at/Makefile @@ -1,8 +1,8 @@ -# $OpenBSD: Makefile,v 1.2 1996/06/26 05:31:26 deraadt Exp $ +# $OpenBSD: Makefile,v 1.3 1997/03/01 23:40:08 millert Exp $ # $NetBSD: Makefile,v 1.2 1995/03/25 18:13:27 glass Exp $ PROG= at -SRCS= at.c panic.c parsetime.c +SRCS= at.c panic.c parsetime.c perm.c LINKS= ${BINDIR}/at ${BINDIR}/atq \ ${BINDIR}/at ${BINDIR}/atrm \ ${BINDIR}/at ${BINDIR}/batch diff --git a/usr.bin/at/at.1 b/usr.bin/at/at.1 index c4ed67fc332..7c42759bbeb 100644 --- a/usr.bin/at/at.1 +++ b/usr.bin/at/at.1 @@ -1,217 +1,269 @@ -.\" $OpenBSD: at.1,v 1.3 1996/10/08 01:20:52 michaels Exp $ -.\" $NetBSD: at.1,v 1.6 1995/03/25 18:13:29 glass Exp $ -.\" -.\" -.\" Copyright (c) 1993 Christopher G. Demetriou -.\" All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. All advertising materials mentioning features or use of this software -.\" must display the following acknowledgement: -.\" This product includes software developed by Christopher G. Demetriou. -.\" 3. The name of the author may not be used to endorse or promote products -.\" derived from this software without specific prior written permission -.\" -.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR -.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES -.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. -.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" -.Dd December 5, 1993 +.\" $OpenBSD: at.1,v 1.4 1997/03/01 23:40:08 millert Exp $ +.\" $FreeBSD: at.man,v 1.6 1997/02/22 19:54:05 peter Exp $ +.Dd April 12, 1995 .Dt "AT" 1 .Os .Sh NAME .Nm at, batch, atq, atrm -.Nd queue, examine, or delete jobs for later execution -.\" +.Nd queue, examine or delete jobs for later execution .Sh SYNOPSIS .Nm at +.Op Fl V .Op Fl q Ar queue .Op Fl f Ar file -.Op Fl m +.Op Fl mldbv .Ar time .Pp +.Nm at +.Op Fl V +.Fl c Ar job Op Ar job ... +.Pp .Nm atq +.Op Fl V .Op Fl q Ar queue .Op Fl v .Pp .Nm atrm +.Op Fl V .Ar job .Op Ar job ... .Pp .Nm batch +.Op Fl V +.Op Fl q Ar queue .Op Fl f Ar file -.Op Fl m +.Op Fl mv +.Op Ar time .Sh DESCRIPTION -The -.Nm at +.Nm At and .Nm batch -utilities read commands from the standard input or a specified file -which are to be executed at a later time, using +read commands from standard input or a specified file which +are to be executed at a later time, using .Xr sh 1 . -.Pp -The functions of the commands are as follows: .Bl -tag -width indent .It Nm at Executes commands at a specified time. .It Nm atq -Lists the user's pending jobs, unless the user is -the superuser. In that case, everybody's jobs are -listed. +Lists the user's pending jobs, unless the user is the superuser. +In that case, everybody's jobs are listed. .It Nm atrm Deletes jobs. .It Nm batch -executes commands when system load levels permit. -In other words, it executes the commands when the load -average drops below a specified level. +Executes commands when system load levels permit. In other words, when +the load average drops below 1.5, or the value specified in the invocation of +.Nm atrun . .El .Pp -For both -.Nm at -and -.Nm batch , -the working directory, environment (except for the variables -.Nm TERM , -.Nm TERMCAP , -.Nm DISPLAY , -and -.Nm _ ) -and the umask are retained from the time of invocation. The user -will be mailed the standard output and standard error from -his commands if any output is generated. If -.Nm at -is executed from a -.Xr su 1 -shell, the owner of the login shell will receive the mail. -.Sh OPTIONS -.Bl -tag -width indent -The available options are as follows: -.It Fl q Ar queue -Use the specified queue. A queue designation consists -of a single letter; valid queue designation range from -.Ar a -to -.Ar l . -The -.Ar a -queue is the default, and -.Ar b -is the batch queue. Queues with higher letters run with -increased niceness. If -.Nm atq -is given a specific queue, it will only show jobs pending -in that queue. -.It Fl m -Send mail to the user when the job has completed, even if -there was no output. -.It Fl f Ar file -Reads the job from -.Ar file -rather than the standard input. -.It Fl v -Shows completed but not yet deleted jobs in the queue. -.Sh TIME SPECIFICATION .Nm At -allows some moderately complex time specifications. -It accepts times of the form +allows some moderately complex +.Ar time +specifications. It accepts times of the form .Ar HHMM or .Ar HH:MM -to run a job at a specific time of day. If -that time is already passed, the next day is assumed. +to run a job at a specific time of day. +(If that time is already past, the next day is assumed.) You may also specify .Nm midnight , .Nm noon , or .Nm teatime -(4PM) and you can give a time of day suffixed with +(4pm) +and you can have a time-of-day suffixed with .Nm AM or .Nm PM -for running in the morning or the evening. You can -also specify the date on which the job will be run +for running in the morning or the evening. +You can also say what day the job will be run, by giving a date in the form -.Ar month-name day +.Ar \%month-name day with an optional .Ar year , or giving a date of the form -.Ar MMDDYY , +.Ar MMDDYY +or .Ar MM/DD/YY or .Ar DD.MM.YY . +The specification of a date must follow the specification of +the time of day. You can also give times like -.Nm now + -.Ar count time-units , -where the time units can be -.Nm minutes, hours, days, +.Op Nm now +.Nm + Ar count \%time-units , +where the time-units can be +.Nm minutes , +.Nm hours , +.Nm days , or .Nm weeks -You can suffix the time with +and you can tell +.Nm at +to run the job today by suffixing the time with .Nm today -to run the job today, or -.Nm tomorrow -to run the job tomorrow. +and to run the job tomorrow by suffixing the time with +.Nm tomorrow. +.Pp +For example, to run a job at 4pm three days from now, you would do +.Nm at 4pm + 3 days , +to run a job at 10:00am on July 31, you would do +.Nm at 10am Jul 31 +and to run a job at 1am tomorrow, you would do +.Nm at 1am tomorrow. +.Pp +For both +.Nm at +and +.Nm batch , +commands are read from standard input or the file specified +with the +.Fl f +option and executed. +The working directory, the environment (except for the variables +.Nm TERM , +.Nm TERMCAP , +.Nm DISPLAY +and +.Nm _ ) +and the +.Ar umask +are retained from the time of invocation. +An +.Nm at +or +.Nm batch +command invoked from a +.Xr su 1 +shell will retain the current userid. +The user will be mailed standard error and standard output from his +commands, if any. Mail will be sent using the command +.Xr sendmail 8 . +If +.Nm at +is executed from a +.Xr su 1 +shell, the owner of the login shell will receive the mail. +.Pp +The superuser may use these commands in any case. +For other users, permission to use at is determined by the files +.Pa /var/at/at.allow +and +.Pa /var/at/at.deny . +.Pp +If the file +.Pa /var/at/at.allow +exists, only usernames mentioned in it are allowed to use +.Nm at . +.Pp +If +.Pa /var/at/at.allow +does not exist, +.Pa /var/at/at.deny +is checked, every username not mentioned in it is then allowed +to use +.Nm at . +.Pp +If neither exists, only the superuser is allowed use of +.Nm at . +This is the default configuration. .Pp -For example, to run a job at 4PM three days from now, you -would specify a time of -.Nm 4PM + 3 days . -To run a job at 10:00AM on on July 31, you would specify -a time of -.Nm 10AM Jul 31 . -Finally, to run a job at 1AM tomorrow, you would specify -a time of -.Nm 1AM tomorrow . +An empty +.Pa /var/at/at.deny +means that every user is allowed use these commands. +.Sh OPTIONS +.Bl -tag -width indent +.It Fl V +Prints the version number to standard error. +.It Fl q Ar queue +Uses the specified queue. +A queue designation consists of a single letter. Valid queue designations +range from +.Nm a +to +.Nm z +and +.Nm A +to +.Nm Z . +The +.Nm c +queue is the default for +.Nm at +and the +.Nm E +queue for +.Nm batch . +Queues with higher letters run with increased niceness. +If a job is submitted to a queue designated with an uppercase letter, it +is treated as if it had been submitted to batch at that time. +If +.Nm atq +is given a specific queue, it will only show jobs pending in that queue. +.It Fl m +Send mail to the user when the job has completed even if there was no +output. +.It Fl f Ar file +Reads the job from +.Ar file +rather than standard input. +.It Fl l +Is an alias for +.Nm atq. +.It Fl d +Is an alias for +.Nm atrm. +.It Fl b +Is an alias for +.Nm batch. +.It Fl v +For +.Nm atq , +shows completed but not yet deleted jobs in the queue. Otherwise +shows the time the job will be executed. +.It Fl c +Cats the jobs listed on the command line to standart output. .Sh FILES -.Bl -tag -width /var/at/lockfile -compact +.Bl -tag -width /var/at/.lockfile -compact .It Pa /var/at/jobs Directory containing job files .It Pa /var/at/spool Directory containing output spool files -.It Pa /var/at/lockfile -Job-creation lock file. .It Pa /var/run/utmp -.El +Login records +.It Pa /var/at/at.allow +Allow permission control +.It Pa /var/at/at.deny +Deny permission control +.It Pa /var/at/.lockfile +Job-creation lock file. .Sh SEE ALSO .Xr cron 8 , .Xr nice 1 , +.Xr umask 2 , .Xr sh 1 , -.Xr atrun 8 -.Sh AUTHOR -.Bl -tag -Thomas Koenig, ig25@rz.uni-karlsruhe.de +.Xr sendmail 8 , +.Xr atrun 8 . .El .Sh BUGS -Traditional access control to -.Nm at -and -.Nm batch -via the files -.Pa /var/at/at.allow -and -.Pa /var/at/at.deny -is not implemented. .Pp If the file .Pa /var/run/utmp -is not available or corrupted, or if the user is not -logged in at the time +is not available or corrupted, or if the user is not logged on at the +time .Nm at -is invoked, the mail is sent to the userid found in the -environment variable +is invoked, the mail is sent to the userid found +in the environment variable .Nm LOGNAME . If that is undefined or empty, the current userid is assumed. +.Pp +.Nm At +and +.Nm batch +as presently implemented are not suitable when users are competing for +resources. +If this is the case for your site, you might want to consider another +batch system, such as +.Nm nqs . +.Sh AUTHORS +At was mostly written by Thomas Koenig . +The time parsing routines are by David Parsons . diff --git a/usr.bin/at/at.c b/usr.bin/at/at.c index 75ad2116238..d6a9e5095bd 100644 --- a/usr.bin/at/at.c +++ b/usr.bin/at/at.c @@ -1,13 +1,12 @@ -/* $OpenBSD: at.c,v 1.6 1997/01/15 23:42:12 millert Exp $ */ +/* $OpenBSD: at.c,v 1.7 1997/03/01 23:40:09 millert Exp $ */ /* $NetBSD: at.c,v 1.4 1995/03/25 18:13:31 glass Exp $ */ /* - * at.c : Put file into atrun queue - * Copyright (C) 1993 Thomas Koenig + * at.c : Put file into atrun queue + * Copyright (C) 1993, 1994 Thomas Koenig * - * Atrun & Atq modifications - * Copyright (C) 1993 David Parsons - * All rights reserved. + * Atrun & Atq modifications + * Copyright (C) 1993 David Parsons * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -21,7 +20,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY @@ -30,10 +29,9 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#define _USE_BSD 1 - /* System Headers */ #include +#include #include #include #include @@ -48,11 +46,20 @@ #include #include #include +#include +#include + +#if (MAXLOGNAME-1) > UT_NAMESIZE +#define LOGNAMESIZE UT_NAMESIZE +#else +#define LOGNAMESIZE (MAXLOGNAME-1) +#endif /* Local headers */ #include "at.h" #include "panic.h" #include "parsetime.h" +#include "perm.h" #include "pathnames.h" #define MAIN #include "privs.h" @@ -60,12 +67,13 @@ /* Macros */ #define ALARMC 10 /* Number of seconds to wait for timeout */ -#define SIZE 255 #define TIMESIZE 50 +enum { ATQ, ATRM, AT, BATCH, CAT }; /* what program we want to run */ + /* File scope variables */ #ifndef lint -static char rcsid[] = "$OpenBSD: at.c,v 1.6 1997/01/15 23:42:12 millert Exp $"; +static char rcsid[] = "$OpenBSD: at.c,v 1.7 1997/03/01 23:40:09 millert Exp $"; #endif char *no_export[] = @@ -75,20 +83,22 @@ char *no_export[] = static send_mail = 0; /* External variables */ + extern char **environ; int fcreated; char *namep; char atfile[FILENAME_MAX]; -char *atinput = (char *) 0; /* where to get input from */ +char *atinput = (char *)0; /* where to get input from */ char atqueue = 0; /* which queue to examine for jobs (atq) */ char atverify = 0; /* verify time instead of queuing job */ /* Function declarations */ -static void sigc __P((int signo)); -static void alarmc __P((int signo)); + +static void sigc __P((int)); +static void alarmc __P((int)); static char *cwdname __P((void)); -static void writefile __P((time_t runtimer, char queue)); +static void writefile __P((time_t, char)); static void list_jobs __P((void)); /* Signal catching functions */ @@ -97,11 +107,10 @@ static void sigc(signo) int signo; { -/* If the user presses ^C, remove the spool file and exit - */ + /* If the user presses ^C, remove the spool file and exit. */ if (fcreated) { PRIV_START - unlink(atfile); + (void)unlink(atfile); PRIV_END } @@ -112,8 +121,7 @@ static void alarmc(signo) int signo; { -/* Time out after some seconds - */ + /* Time out after some seconds. */ panic("File locking timed out"); } @@ -122,29 +130,37 @@ alarmc(signo) static char * cwdname() { -/* Read in the current directory; the name will be overwritten on - * subsequent calls. - */ - static char *ptr = NULL; - static size_t size = SIZE; - - if (ptr == NULL) - ptr = (char *) malloc(size); - - while (1) { - if (ptr == NULL) - panic("Out of memory"); - - if (getcwd(ptr, size - 1) != NULL) - return ptr; + /* + * Read in the current directory; the name will be overwritten on + * subsequent calls. + */ + static char path[MAXPATHLEN]; - if (errno != ERANGE) - perr("Cannot get directory"); + return (getcwd(path, sizeof(path))); +} - free(ptr); - size += SIZE; - ptr = (char *) malloc(size); +/* XXX - this code sucks! */ +static int +nextjob() +{ + int jobno; + FILE *fid; + + if ((fid = fopen(_PATH_SEQFILE, "r+")) != (FILE*)0) { + if (fscanf(fid, "%5x", &jobno) == 1) { + (void)rewind(fid); + jobno = (1+jobno) % 0xfffff; /* 2^20 jobs enough? */ + (void)fprintf(fid, "%05x\n", jobno); + } else + jobno = EOF; + (void)fclose(fid); + return (jobno); + } else if ((fid = fopen(_PATH_SEQFILE, "w")) != (FILE*)0) { + (void)fprintf(fid, "%05x\n", jobno = 1); + (void)fclose(fid); + return (1); } + return (EOF); } static void @@ -156,7 +172,7 @@ writefile(runtimer, queue) * This does most of the work if at or batch are invoked for * writing a job. */ - int i; + int jobno; char *ap, *ppos, *mailname; struct passwd *pass_entry; struct stat statbuf; @@ -168,6 +184,8 @@ writefile(runtimer, queue) mode_t cmask; struct flock lock; + (void)setlocale(LC_TIME, ""); + /* * Install the signal handler for SIGINT; terminate after removing the * spool file if necessary @@ -178,19 +196,19 @@ writefile(runtimer, queue) sigaction(SIGINT, &act, NULL); - strcpy(atfile, _PATH_ATJOBS); - ppos = atfile + strlen(_PATH_ATJOBS); + (void)strcpy(atfile, _PATH_ATJOBS); + ppos = atfile + strlen(atfile); /* * Loop over all possible file names for running something at this - * particular time, see if a file is there; the first empty slot at - * any particular time is used. Lock the file _PATH_LOCKFILE first - * to make sure we're alone when doing this. + * particular time, see if a file is there; the first empty slot at + * any particular time is used. Lock the file _PATH_LOCKFILE first + * to make sure we're alone when doing this. */ PRIV_START - if ((lockdes = open(_PATH_LOCKFILE, O_WRONLY | O_CREAT, 0600)) < 0) + if ((lockdes = open(_PATH_LOCKFILE, O_WRONLY | O_CREAT, S_IWUSR | S_IRUSR)) < 0) perr2("Cannot open lockfile ", _PATH_LOCKFILE); lock.l_type = F_WRLCK; @@ -211,20 +229,19 @@ writefile(runtimer, queue) fcntl(lockdes, F_SETLKW, &lock); alarm(0); - for (i = 0; i < AT_MAXJOBS; i++) { - sprintf(ppos, "%c%08lx.%03x", queue, - (unsigned long) (runtimer / 60), i); + if ((jobno = nextjob()) == EOF) + perr("Cannot generate job number"); - if (stat(atfile, &statbuf) != 0) { - if (errno == ENOENT) - break; - else - perr2("Cannot access ", _PATH_ATJOBS); - } - } /* for */ + /* XXX - use snprintf */ + (void)sprintf(ppos, "%c%5x%8x", queue, jobno, (unsigned) (runtimer/60)); + + for (ap = ppos; *ap != '\0'; ap++) + if (*ap == ' ') + *ap = '0'; - if (i >= AT_MAXJOBS) - panic("Too many jobs already"); + if (stat(atfile, &statbuf) != 0) + if (errno != ENOENT) + perr2("Cannot access ", _PATH_ATJOBS); /* * Create the file. The x bit is only going to be set after it has @@ -233,13 +250,14 @@ writefile(runtimer, queue) * their r bit. Yes, this is a kluge. */ cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR); + /* XXX - use open(2) not creat() */ if ((fdes = creat(atfile, O_WRONLY)) == -1) perr("Cannot create atjob file"); if ((fd2 = dup(fdes)) < 0) perr("Error in dup() of job file"); - if (fchown(fd2, real_uid, -1) != 0) + if (fchown(fd2, real_uid, real_gid) != 0) perr("Cannot give away file"); PRIV_END @@ -255,8 +273,8 @@ writefile(runtimer, queue) lock.l_whence = SEEK_SET; lock.l_start = 0; lock.l_len = 0; - fcntl(lockdes, F_SETLKW, &lock); - close(lockdes); + (void)fcntl(lockdes, F_SETLKW, &lock); + (void)close(lockdes); if ((fp = fdopen(fdes, "w")) == NULL) panic("Cannot reopen atjob file"); @@ -269,9 +287,9 @@ writefile(runtimer, queue) if (mailname == NULL && (mailname = getenv("LOGNAME")) == NULL) mailname = getenv("USER"); - if ((mailname == NULL) || (mailname[0] == '\0') - || (strlen(mailname) > 8)) { - pass_entry = getpwuid(getuid()); + if ((mailname == NULL) || (mailname[0] == '\0') || + (strlen(mailname) > LOGNAMESIZE) || (getpwnam(mailname) == NULL)) { + pass_entry = getpwuid(real_uid); if (pass_entry != NULL) mailname = pass_entry->pw_name; } @@ -281,10 +299,11 @@ writefile(runtimer, queue) if (fpin == NULL) perr("Cannot open input file"); } - fprintf(fp, "#! /bin/sh\n# mail %8s %d\n", mailname, send_mail); + (void)fprintf(fp, "#!/bin/sh\n# atrun uid=%u gid=%u\n# mail %*s %d\n", + real_uid, real_gid, LOGNAMESIZE, mailname, send_mail); /* Write out the umask at the time of invocation */ - fprintf(fp, "umask %lo\n", (unsigned long) cmask); + (void)fprintf(fp, "umask %o\n", cmask); /* * Write out the environment. Anything that may look like a special @@ -312,44 +331,68 @@ writefile(runtimer, queue) } if (export) { - fwrite(*atenv, sizeof(char), eqp - *atenv, fp); + (void)fwrite(*atenv, sizeof(char), eqp - *atenv, fp); for (ap = eqp; *ap != '\0'; ap++) { if (*ap == '\n') - fprintf(fp, "\"\n\""); + (void)fprintf(fp, "\"\n\""); else { - if (!isalnum(*ap)) - fputc('\\', fp); - - fputc(*ap, fp); + if (!isalnum(*ap)) { + switch (*ap) { + case '%': case '/': case '{': + case '[': case ']': case '=': + case '}': case '@': case '+': + case '#': case ',': case '.': + case ':': case '-': case '_': + break; + default: + (void)fputc('\\', fp); + break; + } + } + (void)fputc(*ap, fp); } } - fputs("; export ", fp); - fwrite(*atenv, sizeof(char), eqp - *atenv - 1, fp); - fputc('\n', fp); + (void)fputs("; export ", fp); + (void)fwrite(*atenv, sizeof(char), eqp - *atenv - 1, fp); + (void)fputc('\n', fp); + } + } + /* + * Cd to the directory at the time and write out all the + * commands the user supplies from stdin. + */ + (void)fputs("cd ", fp); + for (ap = cwdname(); *ap != '\0'; ap++) { + if (*ap == '\n') + fprintf(fp, "\"\n\""); + else { + if (*ap != '/' && !isalnum(*ap)) + (void)fputc('\\', fp); + (void)fputc(*ap, fp); } } /* - * Cd to the directory at the time and write out all the commands - * the user supplies from stdin. + * Test cd's exit status: die if the original directory has been + * removed, become unreadable or whatever. */ - fprintf(fp, "cd %s\n", cwdname()); + (void)fprintf(fp, " || {\n\t echo 'Execution directory inaccessible' >&2\n\t exit 1\n}\n"); if ((ch = getchar()) == EOF) panic("Input error"); do { - fputc(ch, fp); + (void)fputc(ch, fp); } while ((ch = getchar()) != EOF); - fprintf(fp, "\n"); + (void)fprintf(fp, "\n"); if (ferror(fp)) panic("Output error"); if (ferror(stdin)) panic("Input error"); - fclose(fp); + (void)fclose(fp); /* * Set the x bit so that we're ready to start executing @@ -357,8 +400,8 @@ writefile(runtimer, queue) if (fchmod(fd2, S_IRUSR | S_IWUSR | S_IXUSR) < 0) perr("Cannot give away file"); - close(fd2); - fprintf(stderr, "Job %s will be executed using /bin/sh\n", ppos); + (void)close(fd2); + (void)fprintf(stderr, "Job %d will be executed using /bin/sh\n", jobno); } static void @@ -375,13 +418,14 @@ list_jobs() struct tm runtime; unsigned long ctm; char queue; + int jobno; time_t runtimer; char timestr[TIMESIZE]; int first = 1; PRIV_START - if (chdir(_PATH_ATJOBS) != 0) + if (chdir(_PATH_ATJOBS) != 0) perr2("Cannot change to ", _PATH_ATJOBS); if ((spool = opendir(".")) == NULL) @@ -401,7 +445,7 @@ list_jobs() || !(S_IXUSR & buf.st_mode || atverify)) continue; - if (sscanf(dirent->d_name, "%c%8lx", &queue, &ctm) != 2) + if (sscanf(dirent->d_name, "%c%5x%8lx", &queue, &jobno, &ctm) != 3) continue; if (atqueue && (queue != atqueue)) @@ -411,46 +455,104 @@ list_jobs() runtime = *localtime(&runtimer); strftime(timestr, TIMESIZE, "%X %x", &runtime); if (first) { - printf("Date\t\t\tOwner\tQueue\tJob#\n"); + (void)printf("Date\t\t\tOwner\tQueue\tJob#\n"); first = 0; } pw = getpwuid(buf.st_uid); - printf("%s\t%s\t%c%s\t%s\n", + (void)printf("%s\t%s\t%c%s\t%d\n", timestr, pw ? pw->pw_name : "???", queue, (S_IXUSR & buf.st_mode) ? "" : "(done)", - dirent->d_name); + jobno); } PRIV_END } static void -delete_jobs(argc, argv) +process_jobs(argc, argv, what) int argc; char **argv; + int what; { /* Delete every argument (job - ID) given */ int i; struct stat buf; + DIR *spool; + struct dirent *dirent; + unsigned long ctm; + char queue; + int jobno; PRIV_START - if (chdir(_PATH_ATJOBS) != 0) + if (chdir(_PATH_ATJOBS) != 0) perr2("Cannot change to ", _PATH_ATJOBS); - for (i = optind; i < argc; i++) { - if (stat(argv[i], &buf) != 0) - perr(argv[i]); - if ((buf.st_uid != real_uid) && !(real_uid == 0)) { - fprintf(stderr, "%s: Not owner\n", argv[i]); - exit(EXIT_FAILURE); + if ((spool = opendir(".")) == NULL) + perr2("Cannot open ", _PATH_ATJOBS); + + PRIV_END + + /* Loop over every file in the directory */ + while((dirent = readdir(spool)) != NULL) { + + PRIV_START + if (stat(dirent->d_name, &buf) != 0) + perr2("Cannot stat in ", _PATH_ATJOBS); + PRIV_END + + if (sscanf(dirent->d_name, "%c%5x%8lx", &queue, &jobno, &ctm) !=3) + continue; + + for (i = optind; i < argc; i++) { + if (atoi(argv[i]) == jobno) { + if ((buf.st_uid != real_uid) && !(real_uid == 0)) { + (void)fprintf(stderr, + "%s: Not owner\n", argv[i]); + exit(EXIT_FAILURE); + } + switch (what) { + case ATRM: + PRIV_START + + if (unlink(dirent->d_name) != 0) + perr(dirent->d_name); + + PRIV_END + + break; + + case CAT: + { + FILE *fp; + int ch; + + PRIV_START + + fp = fopen(dirent->d_name, "r"); + + PRIV_END + + if (!fp) + perr("Cannot open file"); + + while((ch = getc(fp)) != EOF) + putchar(ch); + } + break; + + default: + (void)fprintf(stderr, + "Internal error, process_jobs = %d\n", + what); + exit(EXIT_FAILURE); + break; + } + } } - if (unlink(argv[i]) != 0) - perr(argv[i]); } - PRIV_END } /* delete_jobs */ /* Global functions */ @@ -461,14 +563,16 @@ main(argc, argv) char **argv; { int c; - char queue = 'a'; + char queue = DEFAULT_AT_QUEUE; + char queue_set = 0; char *pgm; enum { - ATQ, ATRM, AT, BATCH - }; /* what program we want to run */ - int program = AT; /* our default program */ - char *options = "q:f:mv"; /* default options for at */ + ATQ, ATRM, AT, BATCH, CAT + }; /* what program we want to run */ + int program = AT; /* our default program */ + char *options = "q:f:mvldbVc"; /* default options for at */ + int disp_version = 0; time_t timer; RELINQUISH_PRIVS @@ -484,13 +588,13 @@ main(argc, argv) /* find out what this program is supposed to do */ if (strcmp(pgm, "atq") == 0) { program = ATQ; - options = "q:v"; + options = "q:vV"; } else if (strcmp(pgm, "atrm") == 0) { program = ATRM; - options = ""; + options = "V"; } else if (strcmp(pgm, "batch") == 0) { program = BATCH; - options = "f:mv"; + options = "f:q:mvV"; } /* process whatever options we can process */ @@ -514,8 +618,43 @@ main(argc, argv) usage(); atqueue = queue = *optarg; - if ((!islower(queue)) || (queue > 'l')) + if (!(islower(queue) || isupper(queue))) + usage(); + + queue_set = 1; + break; + + case 'd': + if (program != AT) + usage(); + + program = ATRM; + options = "V"; + break; + + case 'l': + if (program != AT) usage(); + + program = ATQ; + options = "q:vV"; + break; + + case 'b': + if (program != AT) + usage(); + + program = BATCH; + options = "f:q:mvV"; + break; + + case 'V': + disp_version = 1; + break; + + case 'c': + program = CAT; + options = ""; break; default: @@ -524,6 +663,14 @@ main(argc, argv) } /* end of options eating */ + if (disp_version) + (void)fprintf(stderr, "%s version %.1f\n", namep, AT_VERSION); + + if (!check_permission()) { + (void)fprintf(stderr, "You do not have permission to use %s.\n", + namep); + } + /* select our program */ switch (program) { case ATQ: @@ -531,21 +678,39 @@ main(argc, argv) break; case ATRM: - delete_jobs(argc, argv); + process_jobs(argc, argv, ATRM); + break; + + case CAT: + process_jobs(argc, argv, CAT); break; case AT: timer = parsetime(argc, argv); if (atverify) { struct tm *tm = localtime(&timer); - - fprintf(stderr, "%s\n", asctime(tm)); + (void)fprintf(stderr, "%s\n", asctime(tm)); } writefile(timer, queue); break; case BATCH: - writefile(time(NULL), 'b'); + if (queue_set) + queue = toupper(queue); + else + queue = DEFAULT_BATCH_QUEUE; + + if (argc > optind) + timer = parsetime(argc, argv); + else + timer = time(NULL); + + if (atverify) { + struct tm *tm = localtime(&timer); + (void)fprintf(stderr, "%s\n", asctime(tm)); + } + + writefile(timer, queue); break; default: diff --git a/usr.bin/at/at.h b/usr.bin/at/at.h index 46b07919f31..e752b642a57 100644 --- a/usr.bin/at/at.h +++ b/usr.bin/at/at.h @@ -1,10 +1,9 @@ -/* $OpenBSD: at.h,v 1.2 1996/06/26 05:31:28 deraadt Exp $ */ +/* $OpenBSD: at.h,v 1.3 1997/03/01 23:40:09 millert Exp $ */ /* $NetBSD: at.h,v 1.2 1995/03/25 18:13:32 glass Exp $ */ /* - * at.h - header for at(1) - * Copyright (c) 1993 by Thomas Koenig - * All rights reserved. + * at.h - header for at(1) + * Copyright (C) 1993 Thomas Koenig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -18,15 +17,13 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - * $NetBSD: at.h,v 1.2 1995/03/25 18:13:32 glass Exp $ */ extern int fcreated; @@ -35,3 +32,7 @@ extern char atfile[]; extern char atverify; #define AT_MAXJOBS 255 /* max jobs outstanding per user */ +#define AT_VERSION 2.9 /* our version number */ + +#define DEFAULT_BATCH_QUEUE 'E' +#define DEFAULT_AT_QUEUE 'c' diff --git a/usr.bin/at/panic.c b/usr.bin/at/panic.c index d6b03db8edd..6de03819ee0 100644 --- a/usr.bin/at/panic.c +++ b/usr.bin/at/panic.c @@ -1,10 +1,9 @@ -/* $OpenBSD: panic.c,v 1.3 1996/08/03 20:16:57 millert Exp $ */ +/* $OpenBSD: panic.c,v 1.4 1997/03/01 23:40:09 millert Exp $ */ /* $NetBSD: panic.c,v 1.2 1995/03/25 18:13:33 glass Exp $ */ /* * panic.c - terminate fast in case of error * Copyright (c) 1993 by Thomas Koenig - * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -18,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY @@ -43,7 +42,7 @@ /* File scope variables */ #ifndef lint -static char rcsid[] = "$OpenBSD: panic.c,v 1.3 1996/08/03 20:16:57 millert Exp $"; +static char rcsid[] = "$OpenBSD: panic.c,v 1.4 1997/03/01 23:40:09 millert Exp $"; #endif /* External variables */ @@ -54,9 +53,10 @@ void panic(a) char *a; { -/* Something fatal has happened, print error message and exit. - */ - fprintf(stderr, "%s: %s\n", namep, a); + /* + * Something fatal has happened, print error message and exit. + */ + (void)fprintf(stderr, "%s: %s\n", namep, a); if (fcreated) { PRIV_START unlink(atfile); @@ -70,8 +70,9 @@ void perr(a) char *a; { -/* Some operating system error; print error message and exit. - */ + /* + * Some operating system error; print error message and exit. + */ perror(a); if (fcreated) { PRIV_START @@ -86,18 +87,18 @@ void perr2(a, b) char *a, *b; { - fprintf(stderr, "%s", a); + (void)fputs(a, stderr); perr(b); } void usage(void) { -/* Print usage and exit. -*/ - fprintf(stderr, "Usage: at [-q x] [-f file] [-m] time\n" - " atq [-q x] [-v]\n" - " atrm [-q x] job ...\n" - " batch [-f file] [-m]\n"); + /* Print usage and exit. */ + (void)fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-m] time\n" + " at [-V] -c job [job ...]\n" + " atq [-V] [-q x] [-v]\n" + " atrm [-V] job [job ...]\n" + " batch [-V] [-f file] [-m]\n"); exit(EXIT_FAILURE); } diff --git a/usr.bin/at/panic.h b/usr.bin/at/panic.h index 6b7e468c5ea..991e1fa0502 100644 --- a/usr.bin/at/panic.h +++ b/usr.bin/at/panic.h @@ -1,10 +1,9 @@ -/* $OpenBSD: panic.h,v 1.2 1996/06/26 05:31:29 deraadt Exp $ */ +/* $OpenBSD: panic.h,v 1.3 1997/03/01 23:40:10 millert Exp $ */ /* $NetBSD: panic.h,v 1.2 1995/03/25 18:13:35 glass Exp $ */ /* - * panic.h - header for at(1) - * Copyright (c) 1993 Thomas Koenig - * All rights reserved. + * panic.h - header for at(1) + * Copyright (c) 1993 Thomas Koenig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -18,17 +17,16 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * */ -void panic __P((char *a)); -void perr __P((char *a)); -void perr2 __P((char *a, char *b)); +void panic __P((char *)); +void perr __P((char *)); +void perr2 __P((char *, char *)); void usage __P((void)); diff --git a/usr.bin/at/parsetime.c b/usr.bin/at/parsetime.c index 8f7ff34f7be..d7ee161bbf8 100644 --- a/usr.bin/at/parsetime.c +++ b/usr.bin/at/parsetime.c @@ -1,13 +1,12 @@ -/* $OpenBSD: parsetime.c,v 1.3 1996/06/26 05:31:29 deraadt Exp $ */ +/* $OpenBSD: parsetime.c,v 1.4 1997/03/01 23:40:10 millert Exp $ */ /* $NetBSD: parsetime.c,v 1.3 1995/03/25 18:13:36 glass Exp $ */ /* * parsetime.c - parse time for at(1) - * Copyright (C) 1993 Thomas Koenig + * Copyright (C) 1993, 1994 Thomas Koenig * * modifications for english-language times * Copyright (C) 1993 David Parsons - * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -21,7 +20,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY @@ -32,8 +31,9 @@ * at [NOW] PLUS NUMBER MINUTES|HOURS|DAYS|WEEKS * /NUMBER [DOT NUMBER] [AM|PM]\ /[MONTH NUMBER [NUMBER]] \ * |NOON | |[TOMORROW] | - * |MIDNIGHT | |NUMBER [SLASH NUMBER [SLASH NUMBER]]| - * \TEATIME / \PLUS NUMBER MINUTES|HOURS|DAYS|WEEKS/ + * |MIDNIGHT | |[DAY OF WEEK] | + * \TEATIME / |NUMBER [SLASH NUMBER [SLASH NUMBER]]| + * \PLUS NUMBER MINUTES|HOURS|DAYS|WEEKS/ */ /* System Headers */ @@ -56,57 +56,73 @@ /* Structures and unions */ enum { /* symbols */ - MIDNIGHT, NOON, TEATIME, - PM, AM, TOMORROW, TODAY, NOW, - MINUTES, HOURS, DAYS, WEEKS, - NUMBER, PLUS, DOT, SLASH, ID, JUNK, - JAN, FEB, MAR, APR, MAY, JUN, - JUL, AUG, SEP, OCT, NOV, DEC + MIDNIGHT, NOON, TEATIME, + PM, AM, TOMORROW, TODAY, NOW, + MINUTES, HOURS, DAYS, WEEKS, + NUMBER, PLUS, DOT, SLASH, ID, JUNK, + JAN, FEB, MAR, APR, MAY, JUN, + JUL, AUG, SEP, OCT, NOV, DEC, + SUN, MON, TUE, WED, THU, FRI, SAT }; /* * parse translation table - table driven parsers can be your FRIEND! */ struct { - char *name; /* token name */ - int value; /* token id */ + char *name; /* token name */ + int value; /* token id */ + int plural; /* is this plural? */ } Specials[] = { - { "midnight", MIDNIGHT }, /* 00:00:00 of today or tomorrow */ - { "noon", NOON }, /* 12:00:00 of today or tomorrow */ - { "teatime", TEATIME }, /* 16:00:00 of today or tomorrow */ - { "am", AM }, /* morning times for 0-12 clock */ - { "pm", PM }, /* evening times for 0-12 clock */ - { "tomorrow", TOMORROW }, /* execute 24 hours from time */ - { "today", TODAY }, /* execute today - don't advance time */ - { "now", NOW }, /* opt prefix for PLUS */ - - { "minute", MINUTES }, /* minutes multiplier */ - { "min", MINUTES }, - { "m", MINUTES }, - { "minutes", MINUTES }, /* (pluralized) */ - { "hour", HOURS }, /* hours ... */ - { "hr", HOURS }, /* abbreviated */ - { "h", HOURS }, - { "hours", HOURS }, /* (pluralized) */ - { "day", DAYS }, /* days ... */ - { "d", DAYS }, - { "days", DAYS }, /* (pluralized) */ - { "week", WEEKS }, /* week ... */ - { "w", WEEKS }, - { "weeks", WEEKS }, /* (pluralized) */ - { "jan", JAN }, - { "feb", FEB }, - { "mar", MAR }, - { "apr", APR }, - { "may", MAY }, - { "jun", JUN }, - { "jul", JUL }, - { "aug", AUG }, - { "sep", SEP }, - { "oct", OCT }, - { "nov", NOV }, - { "dec", DEC } -} ; + { "midnight", MIDNIGHT, 0 }, /* 00:00:00 of today or tomorrow */ + { "noon", NOON, 0 }, /* 12:00:00 of today or tomorrow */ + { "teatime", TEATIME, 0 }, /* 16:00:00 of today or tomorrow */ + { "am", AM, 0 }, /* morning times for 0-12 clock */ + { "pm", PM, 0 }, /* evening times for 0-12 clock */ + { "tomorrow", TOMORROW, 0 }, /* execute 24 hours from time */ + { "today", TODAY, 0 }, /* execute today - don't advance time */ + { "now", NOW, 0 }, /* opt prefix for PLUS */ + + { "minute", MINUTES, 0 }, /* minutes multiplier */ + { "min", MINUTES, 0 }, + { "m", MINUTES, 0 }, + { "minutes", MINUTES, 1 }, /* (pluralized) */ + { "hour", HOURS, 0 }, /* hours ... */ + { "hr", HOURS, 0 }, /* abbreviated */ + { "h", HOURS, 0 }, + { "hours", HOURS, 1 }, /* (pluralized) */ + { "day", DAYS, 0 }, /* days ... */ + { "d", DAYS, 0 }, + { "days", DAYS, 1 }, /* (pluralized) */ + { "week", WEEKS, 0 }, /* week ... */ + { "w", WEEKS, 0 }, + { "weeks", WEEKS, 1 }, /* (pluralized) */ + { "jan", JAN, 0 }, + { "feb", FEB, 0 }, + { "mar", MAR, 0 }, + { "apr", APR, 0 }, + { "may", MAY, 0 }, + { "jun", JUN, 0 }, + { "jul", JUL, 0 }, + { "aug", AUG, 0 }, + { "sep", SEP, 0 }, + { "oct", OCT, 0 }, + { "nov", NOV, 0 }, + { "dec", DEC, 0 }, + { "sunday", SUN, 0 }, + { "sun", SUN, 0 }, + { "monday", MON, 0 }, + { "mon", MON, 0 }, + { "tuesday", TUE, 0 }, + { "tue", TUE, 0 }, + { "wednesday", WED, 0 }, + { "wed", WED, 0 }, + { "thursday", THU, 0 }, + { "thu", THU, 0 }, + { "friday", FRI, 0 }, + { "fri", FRI, 0 }, + { "saturday", SAT, 0 }, + { "sat", SAT, 0 }, +}; /* File scope variables */ @@ -118,9 +134,10 @@ static int need; /* scanner - need to advance to next argument */ static char *sc_token; /* scanner - token buffer */ static size_t sc_len; /* scanner - lenght of token buffer */ static int sc_tokid; /* scanner - token id */ +static int sc_tokplur; /* scanner - is token plural? */ #ifndef lint -static char rcsid[] = "$OpenBSD: parsetime.c,v 1.3 1996/06/26 05:31:29 deraadt Exp $"; +static char rcsid[] = "$OpenBSD: parsetime.c,v 1.4 1997/03/01 23:40:10 millert Exp $"; #endif /* Local functions */ @@ -132,15 +149,17 @@ static int parse_token(arg) char *arg; { - int i; + int i; - for (i=0; i<(sizeof Specials/sizeof Specials[0]); i++) - if (strcasecmp(Specials[i].name, arg) == 0) { - return sc_tokid = Specials[i].value; + for (i=0; i < sizeof(Specials) / sizeof(Specials[0]); i++) { + if (strcasecmp(Specials[i].name, arg) == 0) { + sc_tokplur = Specials[i].plural; + return (sc_tokid = Specials[i].value); + } } - /* not special - must be some random id */ - return ID; + /* not special - must be some random id */ + return (ID); } /* parse_token */ @@ -152,16 +171,15 @@ init_scanner(argc, argv) int argc; char **argv; { - scp = argv; - scc = argc; - need = 1; - sc_len = 1; - while (--argc > 0) - sc_len += strlen(*++argv); - - sc_token = (char *) malloc(sc_len); - if (sc_token == NULL) - panic("Insufficient virtual memory"); + scp = argv; + scc = argc; + need = 1; + sc_len = 1; + while (argc-- > 0) + sc_len += strlen(*argv++); + + if ((sc_token = (char *) malloc(sc_len)) == NULL) + panic("Insufficient virtual memory"); } /* init_scanner */ /* @@ -170,65 +188,67 @@ init_scanner(argc, argv) static int token() { - int idx; + int idx; - while (1) { - memset(sc_token, 0, sc_len); - sc_tokid = EOF; - idx = 0; + while (1) { + (void)memset(sc_token, 0, sc_len); + sc_tokid = EOF; + sc_tokplur = 0; + idx = 0; - /* - * if we need to read another argument, walk along the argument list; - * when we fall off the arglist, we'll just return EOF forever - */ - if (need) { - if (scc < 1) - return sc_tokid; - sct = *scp; - scp++; - scc--; - need = 0; - } - /* - * eat whitespace now - if we walk off the end of the argument, - * we'll continue, which puts us up at the top of the while loop - * to fetch the next argument in - */ - while (isspace(*sct)) - ++sct; - if (!*sct) { - need = 1; - continue; - } + /* + * if we need to read another argument, walk along the + * argument list; when we fall off the arglist, we'll + * just return EOF forever + */ + if (need) { + if (scc < 1) + return (sc_tokid); + sct = *scp; + scp++; + scc--; + need = 0; + } + /* + * eat whitespace now - if we walk off the end of the argument, + * we'll continue, which puts us up at the top of the while loop + * to fetch the next argument in + */ + while (isspace(*sct)) + ++sct; + if (!*sct) { + need = 1; + continue; + } - /* - * preserve the first character of the new token - */ - sc_token[0] = *sct++; + /* + * preserve the first character of the new token + */ + sc_token[0] = *sct++; - /* - * then see what it is - */ - if (isdigit(sc_token[0])) { - while (isdigit(*sct)) - sc_token[++idx] = *sct++; - sc_token[++idx] = 0; - return sc_tokid = NUMBER; - } else if (isalpha(sc_token[0])) { - while (isalpha(*sct)) - sc_token[++idx] = *sct++; - sc_token[++idx] = 0; - return parse_token(sc_token); - } - else if (sc_token[0] == ':' || sc_token[0] == '.') - return sc_tokid = DOT; - else if (sc_token[0] == '+') - return sc_tokid = PLUS; - else if (sc_token[0] == '/') - return sc_tokid = SLASH; - else - return sc_tokid = JUNK; - } /* while (1) */ + /* + * then see what it is + */ + if (isdigit(sc_token[0])) { + while (isdigit(*sct)) + sc_token[++idx] = *sct++; + sc_token[++idx] = 0; + return ((sc_tokid = NUMBER)); + } else if (isalpha(sc_token[0])) { + while (isalpha(*sct)) + sc_token[++idx] = *sct++; + sc_token[++idx] = 0; + return (parse_token(sc_token)); + } + else if (sc_token[0] == ':' || sc_token[0] == '.') + return ((sc_tokid = DOT)); + else if (sc_token[0] == '+') + return ((sc_tokid = PLUS)); + else if (sc_token[0] == '/') + return ((sc_tokid = SLASH)); + else + return ((sc_tokid = JUNK)); + } /* while (1) */ } /* token */ @@ -239,8 +259,7 @@ static void plonk(tok) int tok; { - panic((tok == EOF) ? "incomplete time" - : "garbled time"); + panic((tok == EOF) ? "incomplete time" : "garbled time"); } /* plonk */ @@ -251,8 +270,8 @@ static void expect(desired) int desired; { - if (token() != desired) - plonk(sc_tokid); /* and we die here... */ + if (token() != desired) + plonk(sc_tokid); /* and we die here... */ } /* expect */ @@ -266,35 +285,35 @@ dateadd(minutes, tm) int minutes; struct tm *tm; { - /* increment days */ - - while (minutes > 24*60) { - minutes -= 24*60; - tm->tm_mday++; - } - - /* increment hours */ - while (minutes > 60) { - minutes -= 60; - tm->tm_hour++; - if (tm->tm_hour > 23) { - tm->tm_mday++; - tm->tm_hour = 0; + /* increment days */ + + while (minutes > 24*60) { + minutes -= 24*60; + tm->tm_mday++; + } + + /* increment hours */ + while (minutes > 60) { + minutes -= 60; + tm->tm_hour++; + if (tm->tm_hour > 23) { + tm->tm_mday++; + tm->tm_hour = 0; + } } - } - /* increment minutes */ - tm->tm_min += minutes; + /* increment minutes */ + tm->tm_min += minutes; - if (tm->tm_min > 59) { - tm->tm_hour++; - tm->tm_min -= 60; + if (tm->tm_min > 59) { + tm->tm_hour++; + tm->tm_min -= 60; - if (tm->tm_hour > 23) { - tm->tm_mday++; - tm->tm_hour = 0; + if (tm->tm_hour > 23) { + tm->tm_mday++; + tm->tm_hour = 0; + } } - } } /* dateadd */ @@ -308,24 +327,29 @@ static void plus(tm) struct tm *tm; { - int delay; - - expect(NUMBER); - - delay = atoi(sc_token); - - switch (token()) { - case WEEKS: - delay *= 7; - case DAYS: - delay *= 24; - case HOURS: - delay *= 60; - case MINUTES: - dateadd(delay, tm); - return; - } - plonk(sc_tokid); + int delay; + int expectplur; + + expect(NUMBER); + + delay = atoi(sc_token); + expectplur = (delay != 1) ? 1 : 0; + + switch (token()) { + case WEEKS: + delay *= 7; + case DAYS: + delay *= 24; + case HOURS: + delay *= 60; + case MINUTES: + if (expectplur != sc_tokplur) + (void)fprintf(stderr, "at: pluralization is wrong\n"); + dateadd(delay, tm); + return; + } + + plonk(sc_tokid); } /* plus */ @@ -337,53 +361,63 @@ static void tod(tm) struct tm *tm; { - int hour, minute = 0; - int tlen; + int hour, minute = 0; + size_t tlen; - hour = atoi(sc_token); - tlen = strlen(sc_token); + hour = atoi(sc_token); + tlen = strlen(sc_token); - /* - * first pick out the time of day - if it's 4 digits, we assume - * a HHMM time, otherwise it's HH DOT MM time - */ - if (token() == DOT) { - expect(NUMBER); - minute = atoi(sc_token); - token(); - } else if (tlen == 4) { - minute = hour%100; - hour = hour/100; - } - - if (minute > 59) - panic("garbled time"); - - /* - * check if an AM or PM specifier was given - */ - if (sc_tokid == AM || sc_tokid == PM) { - if (hour > 12) - panic("garbled time"); - else if (hour == 12) - hour = 0; - - if (sc_tokid == PM) - hour += 12; - token(); - } else if (hour > 23) - panic("garbled time"); - - /* - * if we specify an absolute time, we don't want to bump the day even - * if we've gone past that time - but if we're specifying a time plus - * a relative offset, it's okay to bump things - */ - if ((sc_tokid == EOF || sc_tokid == PLUS) && tm->tm_hour > hour) - tm->tm_mday++; - - tm->tm_hour = hour; - tm->tm_min = minute; + /* + * first pick out the time of day - if it's 4 digits, we assume + * a HHMM time, otherwise it's HH DOT MM time + */ + if (token() == DOT) { + expect(NUMBER); + minute = atoi(sc_token); + if (minute > 59) + panic("garbled time"); + token(); + } else if (tlen == 4) { + minute = hour % 100; + if (minute > 59) + panic("garbled time"); + hour = hour / 100; + } + + /* + * check if an AM or PM specifier was given + */ + if (sc_tokid == AM || sc_tokid == PM) { + if (hour > 12) + panic("garbled time"); + + if (sc_tokid == PM) { + if (hour != 12) /* 12:xx PM is 12:xx, not 24:xx */ + hour += 12; + } else { + if (hour == 12) /* 12:xx AM is 00:xx, not 12:xx */ + hour = 0; + } + token(); + } else if (hour > 23) + panic("garbled time"); + + /* + * if we specify an absolute time, we don't want to bump the day even + * if we've gone past that time - but if we're specifying a time plus + * a relative offset, it's okay to bump things + */ + if ((sc_tokid == EOF || sc_tokid == PLUS) && tm->tm_hour > hour) { + tm->tm_mday++; + tm->tm_wday++; + } + + tm->tm_hour = hour; + tm->tm_min = minute; + if (tm->tm_hour == 24) { + tm->tm_hour = 0; + tm->tm_mday++; + } } /* tod */ @@ -393,24 +427,24 @@ tod(tm) static void assign_date(tm, mday, mon, year) struct tm *tm; - long mday, mon, year; + int mday, mon, year; { - if (year > 99) { - if (year > 1899) - year -= 1900; - else - panic("garbled time"); - } - - if (year < 0 && - (tm->tm_mon > mon ||(tm->tm_mon == mon && tm->tm_mday > mday))) - year = tm->tm_year + 1; - - tm->tm_mday = mday; - tm->tm_mon = mon; - - if (year >= 0) - tm->tm_year = year; + if (year > 99) { + if (year > 1899) + year -= 1900; + else + panic("garbled time"); + } + + if (year < 0 && + (tm->tm_mon > mon ||(tm->tm_mon == mon && tm->tm_mday > mday))) + year = tm->tm_year + 1; + + tm->tm_mday = mday; + tm->tm_mon = mon; + + if (year >= 0) + tm->tm_year = year; } /* assign_date */ @@ -419,6 +453,7 @@ assign_date(tm, mday, mon, year) * * /[ NUMBER [NUMBER]] \ * |[TOMORROW] | + * |[DAY OF WEEK] | * |NUMBER [SLASH NUMBER [SLASH NUMBER]]| * \PLUS NUMBER MINUTES|HOURS|DAYS|WEEKS/ */ @@ -426,85 +461,106 @@ static void month(tm) struct tm *tm; { - long year= (-1); - long mday, mon; - int tlen; - - switch (sc_tokid) { - case PLUS: - plus(tm); - break; - - case TOMORROW: - /* do something tomorrow */ - tm->tm_mday ++; - case TODAY: /* force ourselves to stay in today - no further processing */ - token(); - break; - - case JAN: case FEB: case MAR: case APR: case MAY: case JUN: - case JUL: case AUG: case SEP: case OCT: case NOV: case DEC: - /* - * do month mday [year] - */ - mon = (sc_tokid-JAN); - expect(NUMBER); - mday = atol(sc_token); - if (token() == NUMBER) { - year = atol(sc_token); + int year = (-1); + int mday, wday, mon; + size_t tlen; + + switch (sc_tokid) { + case PLUS: + plus(tm); + break; + + case TOMORROW: + /* do something tomorrow */ + tm->tm_mday++; + tm->tm_wday++; + case TODAY: + /* force ourselves to stay in today - no further processing */ token(); - } - assign_date(tm, mday, mon, year); - break; - - case NUMBER: - /* - * get numeric MMDDYY, mm/dd/yy, or dd.mm.yy - */ - tlen = strlen(sc_token); - mon = atol(sc_token); - token(); - - if (sc_tokid == SLASH || sc_tokid == DOT) { - int sep; - - sep = sc_tokid; - expect(NUMBER); - mday = atol(sc_token); - if (token() == sep) { - expect(NUMBER); - year = atol(sc_token); - token(); - } + break; + case JAN: case FEB: case MAR: case APR: case MAY: case JUN: + case JUL: case AUG: case SEP: case OCT: case NOV: case DEC: /* - * flip months and days for european timing + * do month mday [year] */ - if (sep == DOT) { - int x = mday; - mday = mon; - mon = x; - } - } else if (tlen == 6 || tlen == 8) { - if (tlen == 8) { - year = (mon % 10000) - 1900; - mon /= 10000; - } else { - year = mon % 100; - mon /= 100; + mon = sc_tokid - JAN; + expect(NUMBER); + mday = atoi(sc_token); + if (token() == NUMBER) { + year = atoi(sc_token); + token(); } - mday = mon % 100; - mon /= 100; - } else - panic("garbled time"); + assign_date(tm, mday, mon, year); + break; - mon--; - if (mon < 0 || mon > 11 || mday < 1 || mday > 31) - panic("garbled time"); + case SUN: case MON: case TUE: + case WED: case THU: case FRI: + case SAT: + /* do a particular day of the week */ + wday = sc_tokid - SUN; + + mday = tm->tm_mday; + + /* if this day is < today, then roll to next week */ + if (wday < tm->tm_wday) + mday += 7 - (tm->tm_wday - wday); + else + mday += (wday - tm->tm_wday); + + tm->tm_wday = wday; + + assign_date(tm, mday, tm->tm_mon, tm->tm_year); + break; + + case NUMBER: + /* + * get numeric MMDDYY, mm/dd/yy, or dd.mm.yy + */ + tlen = strlen(sc_token); + mon = atoi(sc_token); + token(); - assign_date(tm, mday, mon, year); - break; - } /* case */ + if (sc_tokid == SLASH || sc_tokid == DOT) { + int sep; + + sep = sc_tokid; + expect(NUMBER); + mday = atoi(sc_token); + if (token() == sep) { + expect(NUMBER); + year = atoi(sc_token); + token(); + } + + /* + * flip months and days for european timing + */ + if (sep == DOT) { + int x = mday; + mday = mon; + mon = x; + } + } else if (tlen == 6 || tlen == 8) { + if (tlen == 8) { + year = (mon % 10000) - 1900; + mon /= 10000; + } else { + year = mon % 100; + mon /= 100; + } + mday = mon % 100; + mon /= 100; + } else + panic("garbled time"); + + mon--; + if (mon < 0 || mon > 11 || mday < 1 || mday > 31) + panic("garbled time"); + + assign_date(tm, mday, mon, year); + break; + } /* case */ } /* month */ @@ -515,79 +571,81 @@ parsetime(argc, argv) int argc; char **argv; { -/* - * Do the argument parsing, die if necessary, and return the time the job - * should be run. - */ - time_t nowtimer, runtimer; - struct tm nowtime, runtime; - int hr = 0; - /* this MUST be initialized to zero for midnight/noon/teatime */ - - nowtimer = time(NULL); - nowtime = *localtime(&nowtimer); - - runtime = nowtime; - runtime.tm_sec = 0; - runtime.tm_isdst = 0; - - if (argc <= optind) - usage(); - - init_scanner(argc-optind, argv+optind); - - switch (token()) { - case NOW: /* now is optional prefix for PLUS tree */ - expect(PLUS); - case PLUS: - plus(&runtime); - break; - - case NUMBER: - tod(&runtime); - month(&runtime); - break; - - /* - * evil coding for TEATIME|NOON|MIDNIGHT - we've initialised - * hr to zero up above, then fall into this case in such a - * way so we add +12 +4 hours to it for teatime, +12 hours - * to it for noon, and nothing at all for midnight, then - * set our runtime to that hour before leaping into the - * month scanner - */ - case TEATIME: - hr += 4; - case NOON: - hr += 12; - case MIDNIGHT: - if (runtime.tm_hour >= hr) - runtime.tm_mday++; - runtime.tm_hour = hr; - runtime.tm_min = 0; - token(); - /* fall through to month setting */ - default: - month(&runtime); - break; - } /* ugly case statement */ - expect(EOF); - - /* - * adjust for daylight savings time - */ - runtime.tm_isdst = -1; - runtimer = mktime(&runtime); - if (runtime.tm_isdst > 0) { - runtimer -= 3600; + /* + * Do the argument parsing, die if necessary, and return the + * time the job should be run. + */ + time_t nowtimer, runtimer; + struct tm nowtime, runtime; + int hr = 0; + /* this MUST be initialized to zero for midnight/noon/teatime */ + + nowtimer = time(NULL); + nowtime = *localtime(&nowtimer); + + runtime = nowtime; + runtime.tm_sec = 0; + runtime.tm_isdst = 0; + + if (argc <= optind) + usage(); + + init_scanner(argc - optind, argv + optind); + + switch (token()) { + case NOW: /* now is optional prefix for PLUS tree */ + expect(PLUS); + case PLUS: + plus(&runtime); + break; + + case NUMBER: + tod(&runtime); + month(&runtime); + break; + + /* + * evil coding for TEATIME|NOON|MIDNIGHT - we've initialised + * hr to zero up above, then fall into this case in such a + * way so we add +12 +4 hours to it for teatime, +12 hours + * to it for noon, and nothing at all for midnight, then + * set our runtime to that hour before leaping into the + * month scanner + */ + case TEATIME: + hr += 4; + case NOON: + hr += 12; + case MIDNIGHT: + if (runtime.tm_hour >= hr) { + runtime.tm_mday++; + runtime.tm_wday++; + } + runtime.tm_hour = hr; + runtime.tm_min = 0; + token(); + /* fall through to month setting */ + default: + month(&runtime); + break; + } /* ugly case statement */ + expect(EOF); + + /* + * adjust for daylight savings time + */ + runtime.tm_isdst = -1; runtimer = mktime(&runtime); - } + if (runtime.tm_isdst > 0) { + runtimer -= 3600; + runtimer = mktime(&runtime); + } - if (runtimer < 0) - panic("garbled time"); + if (runtimer < 0) + panic("garbled time"); - if (nowtimer > runtimer) - panic("Trying to travel back in time"); + if (nowtimer > runtimer) + panic("Trying to travel back in time"); - return runtimer; + return (runtimer); } /* parsetime */ diff --git a/usr.bin/at/parsetime.h b/usr.bin/at/parsetime.h index 827172e3283..1ae67f05fe5 100644 --- a/usr.bin/at/parsetime.h +++ b/usr.bin/at/parsetime.h @@ -1,10 +1,9 @@ -/* $OpenBSD: parsetime.h,v 1.2 1996/06/26 05:31:30 deraadt Exp $ */ +/* $OpenBSD: parsetime.h,v 1.3 1997/03/01 23:40:11 millert Exp $ */ /* $NetBSD: parsetime.h,v 1.2 1995/03/25 18:13:37 glass Exp $ */ /* - * at.h - header for at(1) - * Copyright (c) 1993 by Thomas Koenig - * All rights reserved. + * parsetime.h - header for at(1) + * Copyright (c) 1993 Thomas Koenig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -18,7 +17,7 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY @@ -28,4 +27,4 @@ * */ -time_t parsetime __P((int argc, char **argv)); +time_t parsetime __P((int, char **)); diff --git a/usr.bin/at/pathnames.h b/usr.bin/at/pathnames.h index c6062242b09..0a211b9cf6f 100644 --- a/usr.bin/at/pathnames.h +++ b/usr.bin/at/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.2 1996/06/26 05:31:31 deraadt Exp $ */ +/* $OpenBSD: pathnames.h,v 1.3 1997/03/01 23:40:11 millert Exp $ */ /* $NetBSD: pathnames.h,v 1.3 1995/03/25 18:13:38 glass Exp $ */ /* @@ -39,6 +39,9 @@ #define _PATH_ATJOBS "/var/at/jobs/" #define _PATH_ATSPOOL "/var/at/spool/" -#define _PATH_LOCKFILE "/var/at/lockfile" +#define _PATH_LOCKFILE "/var/at/.lockfile" +#define _PATH_SEQFILE "/var/at/.SEQ" +#define _PATH_AT_ALLOW "/var/at/at.allow" +#define _PATH_AT_DENY "/var/at/at.deny" #endif /* !_PATHNAMES_H_ */ diff --git a/usr.bin/at/perm.c b/usr.bin/at/perm.c new file mode 100644 index 00000000000..c8c0671200d --- /dev/null +++ b/usr.bin/at/perm.c @@ -0,0 +1,121 @@ +/* $OpenBSD: perm.c,v 1.1 1997/03/01 23:40:12 millert Exp $ */ + +/* + * perm.c - check user permission for at(1) + * Copyright (C) 1994 Thomas Koenig + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. The name of the author(s) may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* System Headers */ + +#include +#include +#include +#include +#include +#include +#include +#include + +/* Local headers */ + +#include "at.h" +#include "panic.h" +#include "pathnames.h" +#include "privs.h" + +/* File scope variables */ + +#ifndef lint +static char rcsid[] = "$OpenBSD: perm.c,v 1.1 1997/03/01 23:40:12 millert Exp $"; +#endif + +/* Function declarations */ + +static int check_for_user __P((FILE *, const char *)); + +/* Local functions */ + +static int +check_for_user(fp, name) + FILE *fp; + const char *name; +{ + char *buffer; + size_t len; + int found = 0; + + len = strlen(name); + if ((buffer = malloc(len + 2)) == NULL) + panic("Insufficient virtual memory"); + + while (fgets(buffer, len + 2, fp) != NULL) { + if (strncmp(name, buffer, len) == 0 && buffer[len] == '\n') { + found = 1; + break; + } + } + (void)fclose(fp); + free(buffer); + return (found); +} + + +/* Global functions */ + +int +check_permission() +{ + FILE *fp; + uid_t uid = geteuid(); + struct passwd *pentry; + + if (uid==0) + return 1; + + if ((pentry = getpwuid(uid)) == NULL) { + perror("Cannot access user database"); + exit(EXIT_FAILURE); + } + + PRIV_START + + fp = fopen(_PATH_AT_ALLOW, "r"); + + PRIV_END + + if (fp != NULL) { + return (check_for_user(fp, pentry->pw_name)); + } else { + PRIV_START + + fp = fopen(_PATH_AT_DENY, "r"); + + PRIV_END + + if (fp != NULL) + return (!check_for_user(fp, pentry->pw_name)); + else + perror(_PATH_AT_DENY); + } + return (0); +} diff --git a/usr.bin/at/perm.h b/usr.bin/at/perm.h new file mode 100644 index 00000000000..312129c0494 --- /dev/null +++ b/usr.bin/at/perm.h @@ -0,0 +1,26 @@ +/* + * perm.h - header for at(1) + * Copyright (C) 1994 Thomas Koenig + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. The name of the author(s) may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +int check_permission __P((void)); diff --git a/usr.bin/at/privs.h b/usr.bin/at/privs.h index 100b6395aa1..8f0542994a0 100644 --- a/usr.bin/at/privs.h +++ b/usr.bin/at/privs.h @@ -1,10 +1,9 @@ -/* $OpenBSD: privs.h,v 1.3 1996/12/22 03:39:24 tholo Exp $ */ +/* $OpenBSD: privs.h,v 1.4 1997/03/01 23:40:12 millert Exp $ */ /* $NetBSD: privs.h,v 1.3 1995/03/25 18:13:41 glass Exp $ */ -/* - * privs.h - header for privileged operations - * Copyright (c) 1993 by Thomas Koenig - * All rights reserved. +/* + * privs.h - header for privileged operations + * Copyright (C) 1993 Thomas Koenig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -18,14 +17,13 @@ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * */ #ifndef _PRIVS_H @@ -33,24 +31,20 @@ #include -/* Relinquish privileges temporarily for a setuid program - * with the option of getting them back later. This is done by swapping - * the real and effective userid BSD style. Call RELINQUISH_PRIVS once +/* Relinquish privileges temporarily for a setuid or setgid program + * with the option of getting them back later. This is done by + * utilizing POSIX saved user and groups ids. Call RELINQUISH_PRIVS once * at the beginning of the main program. This will cause all operatons * to be executed with the real userid. When you need the privileges - * of the setuid invocation, call PRIV_START; when you no longer + * of the setuid/setgid invocation, call PRIV_START; when you no longer * need it, call PRIV_END. Note that it is an error to call PRIV_START * and not PRIV_END within the same function. * - * Use RELINQUISH_PRIVS_ROOT(a) if your program started out running + * Use RELINQUISH_PRIVS_ROOT(a,b) if your program started out running * as root, and you want to drop back the effective userid to a * and the effective group id to b, with the option to get them back * later. * - * If you no longer need root privileges, but those of some other - * userid, you can call REDUCE_PRIV(a) when your effective - * is the user's. - * * Problems: Do not use return between PRIV_START and PRIV_END; this * will cause the program to continue running in an unprivileged * state. @@ -67,28 +61,37 @@ extern #endif uid_t real_uid, effective_uid; +#ifndef MAIN +extern +#endif +gid_t real_gid, effective_gid; + #define RELINQUISH_PRIVS { \ - real_uid = getuid(); \ - effective_uid = geteuid(); \ - seteuid(real_uid); \ + real_uid = getuid(); \ + effective_uid = geteuid(); \ + real_gid = getgid(); \ + effective_gid = getegid(); \ + setegid(real_gid); \ + seteuid(real_uid); \ } -#define RELINQUISH_PRIVS_ROOT(a) { \ +#define RELINQUISH_PRIVS_ROOT(a, b) { \ real_uid = (a); \ effective_uid = geteuid(); \ + real_gid = (b); \ + effective_gid = getegid(); \ + setegid(real_gid); \ seteuid(real_uid); \ } #define PRIV_START { \ - seteuid(effective_uid); + seteuid(effective_uid); \ + setegid(effective_gid); \ +} -#define PRIV_END \ +#define PRIV_END { \ + setegid(real_gid); \ seteuid(real_uid); \ } -#define REDUCE_PRIV(a) { \ - real_uid = effective_uid = (a); \ - seteuid(effective_uid); \ - setuid(real_uid); \ -} #endif