1 /* $OpenBSD: at.c,v 1.85 2024/11/05 16:26:01 sobrado Exp $ */
2
3 /*
4 * at.c : Put file into atrun queue
5 * Copyright (C) 1993, 1994 Thomas Koenig
6 *
7 * Atrun & Atq modifications
8 * Copyright (C) 1993 David Parsons
9 *
10 * Traditional BSD behavior and other significant modifications
11 * Copyright (C) 2002-2003 Todd C. Miller
12 *
13 * Redistribution and use in source and binary forms, with or without
14 * modification, are permitted provided that the following conditions
15 * are met:
16 * 1. Redistributions of source code must retain the above copyright
17 * notice, this list of conditions and the following disclaimer.
18 * 2. The name of the author(s) may not be used to endorse or promote
19 * products derived from this software without specific prior written
20 * permission.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
23 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
24 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
25 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
26 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
27 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
28 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
29 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
30 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
31 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33
34 #include <sys/types.h>
35 #include <sys/stat.h>
36
37 #include <bitstring.h> /* for structs.h */
38 #include <ctype.h>
39 #include <dirent.h>
40 #include <err.h>
41 #include <errno.h>
42 #include <fcntl.h>
43 #include <limits.h>
44 #include <pwd.h>
45 #include <signal.h>
46 #include <stdarg.h>
47 #include <stdio.h>
48 #include <stdlib.h>
49 #include <string.h>
50 #include <syslog.h>
51 #include <time.h>
52 #include <unistd.h>
53
54 #include "pathnames.h"
55 #include "macros.h"
56 #include "structs.h"
57 #include "funcs.h"
58 #include "globals.h"
59
60 #include "at.h"
61
62 #define ALARMC 10 /* Number of seconds to wait for timeout */
63 #define TIMESIZE 50 /* Size of buffer passed to strftime() */
64
65 /* Variables to remove from the job's environment. */
66 char *no_export[] =
67 {
68 "TERM", "TERMCAP", "DISPLAY", "_", "SHELLOPTS", "BASH_VERSINFO",
69 "EUID", "GROUPS", "PPID", "UID", "SSH_AUTH_SOCK", "SSH_AGENT_PID",
70 };
71
72 static int program = AT; /* default program mode */
73 static char atfile[PATH_MAX]; /* path to the at spool file */
74 static char user_name[MAX_UNAME];/* invoking user name */
75 static int fcreated; /* whether or not we created the file yet */
76 static char atqueue = 0; /* which queue to examine for jobs (atq) */
77 static char vflag = 0; /* show completed but unremoved jobs (atq) */
78 static char force = 0; /* suppress errors (atrm) */
79 static char interactive = 0; /* interactive mode (atrm) */
80 static int send_mail = 0; /* whether we are sending mail */
81 static uid_t user_uid; /* user's real uid */
82 static gid_t user_gid; /* user's real gid */
83 static gid_t spool_gid; /* gid for writing to at spool */
84
85 static void sigc(int);
86 static void writefile(const char *, time_t, char);
87 static void list_jobs(int, char **, int, int);
88 static time_t ttime(char *);
89 static __dead void fatal(const char *, ...)
90 __attribute__((__format__ (printf, 1, 2)));
91 static __dead void fatalx(const char *, ...)
92 __attribute__((__format__ (printf, 1, 2)));
93 static __dead void usage(void);
94 static int rmok(long long);
95 time_t parsetime(int, char **);
96
97 /*
98 * Something fatal has happened, print error message and exit.
99 */
100 static __dead void
fatal(const char * fmt,...)101 fatal(const char *fmt, ...)
102 {
103 va_list ap;
104
105 va_start(ap, fmt);
106 vwarn(fmt, ap);
107 va_end(ap);
108
109 if (fcreated)
110 unlink(atfile);
111
112 exit(EXIT_FAILURE);
113 }
114
115 /*
116 * Something fatal has happened, print error message and exit.
117 */
118 static __dead void
fatalx(const char * fmt,...)119 fatalx(const char *fmt, ...)
120 {
121 va_list ap;
122
123 va_start(ap, fmt);
124 vwarnx(fmt, ap);
125 va_end(ap);
126
127 if (fcreated)
128 unlink(atfile);
129
130 exit(EXIT_FAILURE);
131 }
132
133 static void
sigc(int signo)134 sigc(int signo)
135 {
136 /* If the user presses ^C, remove the spool file and exit. */
137 if (fcreated)
138 (void)unlink(atfile);
139
140 _exit(EXIT_FAILURE);
141 }
142
143 static int
strtot(const char * nptr,char ** endptr,time_t * tp)144 strtot(const char *nptr, char **endptr, time_t *tp)
145 {
146 long long ll;
147
148 errno = 0;
149 ll = strtoll(nptr, endptr, 10);
150 if (*endptr == nptr)
151 return (-1);
152 if (ll < 0 || (errno == ERANGE && ll == LLONG_MAX) || (time_t)ll != ll)
153 return (-1);
154 *tp = (time_t)ll;
155 return (0);
156 }
157
158 static int
newjob(time_t runtimer,int queue)159 newjob(time_t runtimer, int queue)
160 {
161 int fd, i;
162
163 /*
164 * If we have a collision, try shifting the time by up to
165 * two minutes. Perhaps it would be better to try different
166 * queues instead...
167 */
168 for (i = 0; i < 120; i++) {
169 snprintf(atfile, sizeof(atfile), "%s/%lld.%c", _PATH_AT_SPOOL,
170 (long long)runtimer, queue);
171 fd = open(atfile, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR);
172 if (fd >= 0)
173 return (fd);
174 runtimer++;
175 }
176 return (-1);
177 }
178
179 /*
180 * This does most of the work if at or batch are invoked for
181 * writing a job.
182 */
183 static void
writefile(const char * cwd,time_t runtimer,char queue)184 writefile(const char *cwd, time_t runtimer, char queue)
185 {
186 const char *ap;
187 char *mailname, *shell;
188 char timestr[TIMESIZE];
189 struct passwd *pass_entry;
190 struct tm runtime;
191 int fd;
192 FILE *fp;
193 struct sigaction act;
194 char **atenv;
195 int ch;
196 mode_t cmask;
197 extern char **environ;
198
199 /*
200 * Install the signal handler for SIGINT; terminate after removing the
201 * spool file if necessary
202 */
203 bzero(&act, sizeof act);
204 act.sa_handler = sigc;
205 sigemptyset(&act.sa_mask);
206 act.sa_flags = 0;
207 sigaction(SIGINT, &act, NULL);
208
209 /*
210 * Create the file. The x bit is only going to be set after it has
211 * been completely written out, to make sure it is not executed in
212 * the meantime. To make sure they do not get deleted, turn off
213 * their r bit. Yes, this is a kluge.
214 */
215 cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
216 if ((fd = newjob(runtimer, queue)) == -1)
217 fatal("unable to create atjob file");
218
219 /*
220 * We've successfully created the file; let's set the flag so it
221 * gets removed in case of an interrupt or error.
222 */
223 fcreated = 1;
224
225 if ((fp = fdopen(fd, "w")) == NULL)
226 fatal("unable to reopen atjob file");
227
228 /*
229 * Get the userid to mail to, first by trying getlogin(), which asks
230 * the kernel, then from $LOGNAME or $USER, finally from getpwuid().
231 */
232 mailname = getlogin();
233 if (mailname == NULL && (mailname = getenv("LOGNAME")) == NULL)
234 mailname = getenv("USER");
235
236 if ((mailname == NULL) || (mailname[0] == '\0') ||
237 (strlen(mailname) > MAX_UNAME) || (getpwnam(mailname) == NULL)) {
238 mailname = user_name;
239 }
240
241 /*
242 * Get the shell to run the job under. First check $SHELL, falling
243 * back to the user's shell in the password database or, failing
244 * that, /bin/sh.
245 */
246 if ((shell = getenv("SHELL")) == NULL || *shell == '\0') {
247 pass_entry = getpwuid(user_uid);
248 if (pass_entry != NULL && *pass_entry->pw_shell != '\0')
249 shell = pass_entry->pw_shell;
250 else
251 shell = _PATH_BSHELL;
252 }
253
254 (void)fprintf(fp, "#!/bin/sh\n# atrun uid=%lu gid=%lu\n# mail %*s %d\n",
255 (unsigned long)user_uid, (unsigned long)spool_gid,
256 MAX_UNAME, mailname, send_mail);
257
258 /* Write out the umask at the time of invocation */
259 (void)fprintf(fp, "umask %o\n", cmask);
260
261 /*
262 * Write out the environment. Anything that may look like a special
263 * character to the shell is quoted, except for \n, which is done
264 * with a pair of "'s. Don't export the no_export list (such as
265 * TERM or DISPLAY) because we don't want these.
266 */
267 for (atenv = environ; *atenv != NULL; atenv++) {
268 int export = 1;
269 char *eqp;
270
271 eqp = strchr(*atenv, '=');
272 if (eqp == NULL)
273 eqp = *atenv;
274 else {
275 int i;
276
277 for (i = 0;i < sizeof(no_export) /
278 sizeof(no_export[0]); i++) {
279 export = export
280 && (strncmp(*atenv, no_export[i],
281 (size_t) (eqp - *atenv)) != 0);
282 }
283 eqp++;
284 }
285
286 if (export) {
287 (void)fputs("export ", fp);
288 (void)fwrite(*atenv, sizeof(char), eqp - *atenv, fp);
289 for (ap = eqp; *ap != '\0'; ap++) {
290 if (*ap == '\n')
291 (void)fprintf(fp, "\"\n\"");
292 else {
293 if (!isalnum((unsigned char)*ap)) {
294 switch (*ap) {
295 case '%': case '/': case '{':
296 case '[': case ']': case '=':
297 case '}': case '@': case '+':
298 case '#': case ',': case '.':
299 case ':': case '-': case '_':
300 break;
301 default:
302 (void)fputc('\\', fp);
303 break;
304 }
305 }
306 (void)fputc(*ap, fp);
307 }
308 }
309 (void)fputc('\n', fp);
310 }
311 }
312 /*
313 * Cd to the directory at the time and write out all the
314 * commands the user supplies from stdin.
315 */
316 (void)fputs("cd ", fp);
317 for (ap = cwd; *ap != '\0'; ap++) {
318 if (*ap == '\n')
319 fprintf(fp, "\"\n\"");
320 else {
321 if (*ap != '/' && !isalnum((unsigned char)*ap))
322 (void)fputc('\\', fp);
323
324 (void)fputc(*ap, fp);
325 }
326 }
327 /*
328 * Test cd's exit status: die if the original directory has been
329 * removed, become unreadable or whatever.
330 */
331 (void)fprintf(fp, " || {\n\t echo 'Execution directory inaccessible'"
332 " >&2\n\t exit 1\n}\n");
333
334 if ((ch = getchar()) == EOF)
335 fatalx("unexpected EOF");
336
337 /* We want the job to run under the user's shell. */
338 fprintf(fp, "%s << '_END_OF_AT_JOB'\n", shell);
339
340 do {
341 (void)fputc(ch, fp);
342 } while ((ch = getchar()) != EOF);
343
344 (void)fprintf(fp, "\n_END_OF_AT_JOB\n");
345 (void)fflush(fp);
346 if (ferror(fp))
347 fatalx("write error");
348
349 if (ferror(stdin))
350 fatalx("read error");
351
352 /*
353 * Set the x bit so that we're ready to start executing
354 */
355 if (fchmod(fileno(fp), S_IRUSR | S_IWUSR | S_IXUSR) == -1)
356 fatal("fchmod");
357
358 (void)fclose(fp);
359
360 /* Poke cron so it knows to reload the at spool. */
361 poke_daemon(RELOAD_AT);
362
363 runtime = *localtime(&runtimer);
364 strftime(timestr, TIMESIZE, "%a %b %e %T %Y", &runtime);
365 (void)fprintf(stderr, "commands will be executed using %s\n", shell);
366 (void)fprintf(stderr, "job %s at %s\n", &atfile[sizeof(_PATH_AT_SPOOL)],
367 timestr);
368
369 syslog(LOG_INFO, "(%s) CREATE (%s)", user_name,
370 &atfile[sizeof(_PATH_AT_SPOOL)]);
371 }
372
373 /* Sort by creation time. */
374 static int
byctime(const void * v1,const void * v2)375 byctime(const void *v1, const void *v2)
376 {
377 const struct atjob *j1 = *(const struct atjob **)v1;
378 const struct atjob *j2 = *(const struct atjob **)v2;
379
380 return (j1->ctime < j2->ctime) ? -1 : (j1->ctime > j2->ctime);
381 }
382
383 /* Sort by job number (and thus execution time). */
384 static int
byjobno(const void * v1,const void * v2)385 byjobno(const void *v1, const void *v2)
386 {
387 const struct atjob *j1 = *(struct atjob **)v1;
388 const struct atjob *j2 = *(struct atjob **)v2;
389
390 if (j1->runtimer == j2->runtimer)
391 return (j1->queue - j2->queue);
392 return (j1->runtimer - j2->runtimer);
393 }
394
395 static void
print_job(struct atjob * job,int n,int shortformat)396 print_job(struct atjob *job, int n, int shortformat)
397 {
398 struct passwd *pw;
399 struct tm runtime;
400 char timestr[TIMESIZE];
401 static char *ranks[] = {
402 "th", "st", "nd", "rd", "th", "th", "th", "th", "th", "th"
403 };
404
405 runtime = *localtime(&job->runtimer);
406 if (shortformat) {
407 strftime(timestr, TIMESIZE, "%a %b %e %T %Y", &runtime);
408 (void)printf("%lld.%c\t%s\n", (long long)job->runtimer,
409 job->queue, timestr);
410 } else {
411 pw = getpwuid(job->uid);
412 /* Rank hack shamelessly stolen from lpq */
413 if (n / 10 == 1)
414 printf("%3d%-5s", n,"th");
415 else
416 printf("%3d%-5s", n, ranks[n % 10]);
417 strftime(timestr, TIMESIZE, "%b %e, %Y %R", &runtime);
418 (void)printf("%-21.18s%-11.8s%10lld.%c %c%s\n",
419 timestr, pw ? pw->pw_name : "???",
420 (long long)job->runtimer, job->queue, job->queue,
421 (S_IXUSR & job->mode) ? "" : " (done)");
422 }
423 }
424
425 /*
426 * List all of a user's jobs in the queue, by looping through
427 * _PATH_AT_SPOOL, or all jobs if we are root. If argc is > 0, argv
428 * contains the list of users whose jobs shall be displayed. By
429 * default, the list is sorted by execution date and queue. If
430 * csort is non-zero jobs will be sorted by creation/submission date.
431 */
432 static void
list_jobs(int argc,char ** argv,int count_only,int csort)433 list_jobs(int argc, char **argv, int count_only, int csort)
434 {
435 struct passwd *pw;
436 struct dirent *dirent;
437 struct atjob **atjobs, **newatjobs, *job;
438 struct stat stbuf;
439 time_t runtimer;
440 char **jobs;
441 uid_t *uids;
442 char queue, *ep;
443 DIR *spool;
444 int job_matches, jobs_len, uids_len;
445 int dfd, i, shortformat;
446 size_t numjobs, maxjobs;
447
448 syslog(LOG_INFO, "(%s) LIST (%s)", user_name,
449 user_uid ? user_name : "ALL");
450
451 /* Convert argv into a list of jobs and uids. */
452 jobs = NULL;
453 uids = NULL;
454 jobs_len = uids_len = 0;
455
456 if (argc) {
457 if ((jobs = reallocarray(NULL, argc, sizeof(char *))) == NULL ||
458 (uids = reallocarray(NULL, argc, sizeof(uid_t))) == NULL)
459 fatal(NULL);
460
461 for (i = 0; i < argc; i++) {
462 if (strtot(argv[i], &ep, &runtimer) == 0 &&
463 *ep == '.' && isalpha((unsigned char)*(ep + 1)) &&
464 *(ep + 2) == '\0')
465 jobs[jobs_len++] = argv[i];
466 else if ((pw = getpwnam(argv[i])) != NULL) {
467 if (pw->pw_uid != user_uid && user_uid != 0)
468 fatalx("only the superuser may "
469 "display other users' jobs");
470 uids[uids_len++] = pw->pw_uid;
471 } else
472 fatalx("unknown user %s", argv[i]);
473 }
474 }
475
476 shortformat = strcmp(__progname, "at") == 0;
477
478 if ((dfd = open(_PATH_AT_SPOOL, O_RDONLY|O_DIRECTORY)) == -1 ||
479 (spool = fdopendir(dfd)) == NULL)
480 fatal(_PATH_AT_SPOOL);
481
482 if (fstat(dfd, &stbuf) != 0)
483 fatal(_PATH_AT_SPOOL);
484
485 /*
486 * The directory's link count should give us a good idea
487 * of how many files are in it. Fudge things a little just
488 * in case someone adds a job or two.
489 */
490 numjobs = 0;
491 maxjobs = stbuf.st_nlink + 4;
492 atjobs = reallocarray(NULL, maxjobs, sizeof(struct atjob *));
493 if (atjobs == NULL)
494 fatal(NULL);
495
496 /* Loop over every file in the directory. */
497 while ((dirent = readdir(spool)) != NULL) {
498 if (fstatat(dfd, dirent->d_name, &stbuf, AT_SYMLINK_NOFOLLOW) != 0)
499 fatal("%s", dirent->d_name);
500
501 /*
502 * See it's a regular file and has its x bit turned on and
503 * is the user's
504 */
505 if (!S_ISREG(stbuf.st_mode)
506 || ((stbuf.st_uid != user_uid) && !(user_uid == 0))
507 || !(S_IXUSR & stbuf.st_mode || vflag))
508 continue;
509
510 if (strtot(dirent->d_name, &ep, &runtimer) == -1)
511 continue;
512 if (*ep != '.' || !isalpha((unsigned char)*(ep + 1)) ||
513 *(ep + 2) != '\0')
514 continue;
515 queue = *(ep + 1);
516
517 if (atqueue && (queue != atqueue))
518 continue;
519
520 /* Check against specified jobs and/or user(s). */
521 job_matches = (argc == 0) ? 1 : 0;
522 if (!job_matches) {
523 for (i = 0; i < jobs_len; i++) {
524 if (strcmp(dirent->d_name, jobs[i]) == 0) {
525 job_matches = 1;
526 break;
527 }
528 }
529 }
530 if (!job_matches) {
531 for (i = 0; i < uids_len; i++) {
532 if (uids[i] == stbuf.st_uid) {
533 job_matches = 1;
534 break;
535 }
536 }
537 }
538 if (!job_matches)
539 continue;
540
541 if (count_only) {
542 numjobs++;
543 continue;
544 }
545
546 job = malloc(sizeof(struct atjob));
547 if (job == NULL)
548 fatal(NULL);
549 job->runtimer = runtimer;
550 job->ctime = stbuf.st_ctime;
551 job->uid = stbuf.st_uid;
552 job->mode = stbuf.st_mode;
553 job->queue = queue;
554 if (numjobs == maxjobs) {
555 size_t newjobs = maxjobs * 2;
556 newatjobs = recallocarray(atjobs, maxjobs,
557 newjobs, sizeof(job));
558 if (newatjobs == NULL)
559 fatal(NULL);
560 atjobs = newatjobs;
561 maxjobs = newjobs;
562 }
563 atjobs[numjobs++] = job;
564 }
565 free(uids);
566 closedir(spool);
567
568 if (count_only || numjobs == 0) {
569 if (numjobs == 0 && !shortformat)
570 warnx("no files in queue");
571 else if (count_only)
572 printf("%zu\n", numjobs);
573 free(atjobs);
574 return;
575 }
576
577 /* Sort by job run time or by job creation time. */
578 qsort(atjobs, numjobs, sizeof(struct atjob *),
579 csort ? byctime : byjobno);
580
581 if (!shortformat)
582 (void)puts(" Rank Execution Date Owner "
583 "Job Queue");
584
585 for (i = 0; i < numjobs; i++) {
586 print_job(atjobs[i], i + 1, shortformat);
587 free(atjobs[i]);
588 }
589 free(atjobs);
590 }
591
592 static int
rmok(long long job)593 rmok(long long job)
594 {
595 int ch, junk;
596
597 printf("%lld: remove it? ", job);
598 ch = getchar();
599 while ((junk = getchar()) != EOF && junk != '\n')
600 ;
601 return (ch == 'y' || ch == 'Y');
602 }
603
604 /*
605 * Loop through all jobs in _PATH_AT_SPOOL and display or delete ones
606 * that match argv (may be job or username), or all if argc == 0.
607 * Only the superuser may display/delete other people's jobs.
608 */
609 static int
process_jobs(int argc,char ** argv,int what)610 process_jobs(int argc, char **argv, int what)
611 {
612 struct stat stbuf;
613 struct dirent *dirent;
614 struct passwd *pw;
615 time_t runtimer;
616 uid_t *uids;
617 char **jobs, *ep;
618 FILE *fp;
619 DIR *spool;
620 int job_matches, jobs_len, uids_len;
621 int error, i, ch, changed, dfd;
622
623 if ((dfd = open(_PATH_AT_SPOOL, O_RDONLY|O_DIRECTORY)) == -1 ||
624 (spool = fdopendir(dfd)) == NULL)
625 fatal(_PATH_AT_SPOOL);
626
627 /* Convert argv into a list of jobs and uids. */
628 jobs = NULL;
629 uids = NULL;
630 jobs_len = uids_len = 0;
631 if (argc > 0) {
632 if ((jobs = reallocarray(NULL, argc, sizeof(char *))) == NULL ||
633 (uids = reallocarray(NULL, argc, sizeof(uid_t))) == NULL)
634 fatal(NULL);
635
636 for (i = 0; i < argc; i++) {
637 if (strtot(argv[i], &ep, &runtimer) == 0 &&
638 *ep == '.' && isalpha((unsigned char)*(ep + 1)) &&
639 *(ep + 2) == '\0')
640 jobs[jobs_len++] = argv[i];
641 else if ((pw = getpwnam(argv[i])) != NULL) {
642 if (user_uid != pw->pw_uid && user_uid != 0) {
643 fatalx("only the superuser may %s "
644 "other users' jobs",
645 what == ATRM ? "remove" : "view");
646 }
647 uids[uids_len++] = pw->pw_uid;
648 } else
649 fatalx("unknown user %s", argv[i]);
650 }
651 }
652
653 /* Loop over every file in the directory */
654 changed = 0;
655 while ((dirent = readdir(spool)) != NULL) {
656 if (fstatat(dfd, dirent->d_name, &stbuf, AT_SYMLINK_NOFOLLOW) != 0)
657 fatal("%s", dirent->d_name);
658
659 if (stbuf.st_uid != user_uid && user_uid != 0)
660 continue;
661
662 if (strtot(dirent->d_name, &ep, &runtimer) == -1)
663 continue;
664 if (*ep != '.' || !isalpha((unsigned char)*(ep + 1)) ||
665 *(ep + 2) != '\0')
666 continue;
667
668 /* Check runtimer against argv; argc==0 means do all. */
669 job_matches = (argc == 0) ? 1 : 0;
670 if (!job_matches) {
671 for (i = 0; i < jobs_len; i++) {
672 if (jobs[i] != NULL &&
673 strcmp(dirent->d_name, jobs[i]) == 0) {
674 jobs[i] = NULL;
675 job_matches = 1;
676 break;
677 }
678 }
679 }
680 if (!job_matches) {
681 for (i = 0; i < uids_len; i++) {
682 if (uids[i] == stbuf.st_uid) {
683 job_matches = 1;
684 break;
685 }
686 }
687 }
688
689 if (job_matches) {
690 switch (what) {
691 case ATRM:
692 if (!interactive ||
693 (interactive && rmok(runtimer))) {
694 if (unlinkat(dfd, dirent->d_name, 0) == 0) {
695 syslog(LOG_INFO,
696 "(%s) DELETE (%s)",
697 user_name, dirent->d_name);
698 changed = 1;
699 } else if (!force)
700 fatal("%s", dirent->d_name);
701 if (!force && !interactive)
702 warnx("%s removed",
703 dirent->d_name);
704 }
705 break;
706
707 case CAT:
708 i = openat(dfd, dirent->d_name,
709 O_RDONLY|O_NOFOLLOW);
710 if (i == -1 || (fp = fdopen(i, "r")) == NULL)
711 fatal("%s", dirent->d_name);
712 syslog(LOG_INFO, "(%s) CAT (%s)",
713 user_name, dirent->d_name);
714
715 while ((ch = getc(fp)) != EOF)
716 putchar(ch);
717
718 fclose(fp);
719 break;
720
721 default:
722 fatalx("internal error");
723 break;
724 }
725 }
726 }
727 closedir(spool);
728
729 for (error = 0, i = 0; i < jobs_len; i++) {
730 if (jobs[i] != NULL) {
731 if (!force)
732 warnx("%s: no such job", jobs[i]);
733 error++;
734 }
735 }
736 free(jobs);
737 free(uids);
738
739 /* If we modied the spool, poke cron so it knows to reload. */
740 if (changed)
741 poke_daemon(RELOAD_AT);
742
743 return (error);
744 }
745
746 #define ATOI2(s) ((s) += 2, ((s)[-2] - '0') * 10 + ((s)[-1] - '0'))
747
748 /*
749 * Adapted from date(1)
750 */
751 static time_t
ttime(char * arg)752 ttime(char *arg)
753 {
754 time_t now, then;
755 struct tm *lt;
756 int yearset;
757 char *dot, *p;
758
759 if (time(&now) == (time_t)-1 || (lt = localtime(&now)) == NULL)
760 fatal("unable to get current time");
761
762 /* Valid date format is [[CC]YY]MMDDhhmm[.SS] */
763 for (p = arg, dot = NULL; *p != '\0'; p++) {
764 if (*p == '.' && dot == NULL)
765 dot = p;
766 else if (!isdigit((unsigned char)*p))
767 goto terr;
768 }
769 if (dot == NULL)
770 lt->tm_sec = 0;
771 else {
772 *dot++ = '\0';
773 if (strlen(dot) != 2)
774 goto terr;
775 lt->tm_sec = ATOI2(dot);
776 if (lt->tm_sec > 61) /* could be leap second */
777 goto terr;
778 }
779
780 yearset = 0;
781 switch(strlen(arg)) {
782 case 12: /* CCYYMMDDhhmm */
783 lt->tm_year = ATOI2(arg) * 100;
784 lt->tm_year -= 1900; /* Convert to Unix time */
785 yearset = 1;
786 /* FALLTHROUGH */
787 case 10: /* YYMMDDhhmm */
788 if (yearset) {
789 yearset = ATOI2(arg);
790 lt->tm_year += yearset;
791 } else {
792 yearset = ATOI2(arg);
793 /* POSIX logic: [00,68]=>20xx, [69,99]=>19xx */
794 lt->tm_year = yearset;
795 if (yearset < 69)
796 lt->tm_year += 100;
797 }
798 /* FALLTHROUGH */
799 case 8: /* MMDDhhmm */
800 lt->tm_mon = ATOI2(arg);
801 if (lt->tm_mon > 12 || lt->tm_mon == 0)
802 goto terr;
803 --lt->tm_mon; /* Convert from 01-12 to 00-11 */
804 lt->tm_mday = ATOI2(arg);
805 if (lt->tm_mday > 31 || lt->tm_mday == 0)
806 goto terr;
807 lt->tm_hour = ATOI2(arg);
808 if (lt->tm_hour > 23)
809 goto terr;
810 lt->tm_min = ATOI2(arg);
811 if (lt->tm_min > 59)
812 goto terr;
813 break;
814 default:
815 goto terr;
816 }
817
818 lt->tm_isdst = -1; /* mktime will deduce DST. */
819 then = mktime(lt);
820 if (then == (time_t)-1) {
821 terr:
822 fatalx("illegal time specification: [[CC]YY]MMDDhhmm[.SS]");
823 }
824 if (then < now)
825 fatalx("cannot schedule jobs in the past");
826 return (then);
827 }
828
829 static __dead void
usage(void)830 usage(void)
831 {
832 /* Print usage and exit. */
833 switch (program) {
834 case AT:
835 case CAT:
836 (void)fprintf(stderr,
837 "usage: at [-bm] [-f file] [-l [job ...]] [-q queue] "
838 "-t time_arg | timespec\n"
839 " at -c | -r job ...\n");
840 break;
841 case ATQ:
842 (void)fprintf(stderr,
843 "usage: atq [-cnv] [-q queue] [name ...]\n");
844 break;
845 case ATRM:
846 (void)fprintf(stderr,
847 "usage: atrm [-afi] [[job] [name] ...]\n");
848 break;
849 case BATCH:
850 (void)fprintf(stderr,
851 "usage: batch [-m] [-f file] [-q queue] [timespec]\n");
852 break;
853 }
854 exit(EXIT_FAILURE);
855 }
856
857 int
main(int argc,char ** argv)858 main(int argc, char **argv)
859 {
860 time_t timer = -1;
861 char *atinput = NULL; /* where to get input from */
862 char queue = DEFAULT_AT_QUEUE;
863 char queue_set = 0;
864 char *options = "q:f:t:bcdlmrv"; /* default options for at */
865 char cwd[PATH_MAX];
866 struct passwd *pw;
867 int ch;
868 int aflag = 0;
869 int cflag = 0;
870 int nflag = 0;
871
872 if (pledge("stdio rpath wpath cpath fattr getpw unix id", NULL) == -1)
873 fatal("pledge");
874
875 openlog(__progname, LOG_PID, LOG_CRON);
876
877 if (argc < 1)
878 usage();
879
880 user_uid = getuid();
881 user_gid = getgid();
882 spool_gid = getegid();
883
884 /* find out what this program is supposed to do */
885 if (strcmp(__progname, "atq") == 0) {
886 program = ATQ;
887 options = "cnvq:";
888 } else if (strcmp(__progname, "atrm") == 0) {
889 program = ATRM;
890 options = "afi";
891 } else if (strcmp(__progname, "batch") == 0) {
892 program = BATCH;
893 options = "f:q:mv";
894 }
895
896 /* process whatever options we can process */
897 while ((ch = getopt(argc, argv, options)) != -1) {
898 switch (ch) {
899 case 'a':
900 aflag = 1;
901 break;
902
903 case 'i':
904 interactive = 1;
905 force = 0;
906 break;
907
908 case 'v': /* show completed but unremoved jobs */
909 /*
910 * This option is only useful when we are invoked
911 * as atq but we accept (and ignore) this flag in
912 * the other programs for backwards compatibility.
913 */
914 vflag = 1;
915 break;
916
917 case 'm': /* send mail when job is complete */
918 send_mail = 1;
919 break;
920
921 case 'f':
922 if (program == ATRM) {
923 force = 1;
924 interactive = 0;
925 } else
926 atinput = optarg;
927 break;
928
929 case 'q': /* specify queue */
930 if (strlen(optarg) > 1)
931 usage();
932
933 atqueue = queue = *optarg;
934 if (!(islower((unsigned char)queue) ||
935 isupper((unsigned char)queue)))
936 usage();
937
938 queue_set = 1;
939 break;
940
941 case 'd': /* for backwards compatibility */
942 case 'r':
943 program = ATRM;
944 options = "";
945 break;
946
947 case 't':
948 timer = ttime(optarg);
949 break;
950
951 case 'l':
952 program = ATQ;
953 options = "cnvq:";
954 break;
955
956 case 'b':
957 program = BATCH;
958 options = "f:q:mv";
959 break;
960
961 case 'c':
962 if (program == ATQ) {
963 cflag = 1;
964 } else {
965 program = CAT;
966 options = "";
967 }
968 break;
969
970 case 'n':
971 nflag = 1;
972 break;
973
974 default:
975 usage();
976 break;
977 }
978 }
979 argc -= optind;
980 argv += optind;
981
982 switch (program) {
983 case AT:
984 case BATCH:
985 if (atinput != NULL) {
986 if (setegid(user_gid) != 0)
987 fatal("setegid(user_gid)");
988 if (freopen(atinput, "r", stdin) == NULL)
989 fatal("%s", atinput);
990 if (setegid(spool_gid) != 0)
991 fatal("setegid(spool_gid)");
992 }
993
994 if (pledge("stdio rpath wpath cpath fattr getpw unix", NULL)
995 == -1)
996 fatal("pledge");
997 break;
998
999 case ATQ:
1000 case CAT:
1001 if (pledge("stdio rpath getpw", NULL) == -1)
1002 fatal("pledge");
1003 break;
1004
1005 case ATRM:
1006 if (pledge("stdio rpath cpath getpw unix", NULL) == -1)
1007 fatal("pledge");
1008 break;
1009
1010 default:
1011 fatalx("internal error");
1012 break;
1013 }
1014
1015 if ((pw = getpwuid(user_uid)) == NULL)
1016 fatalx("unknown uid %u", user_uid);
1017 if (strlcpy(user_name, pw->pw_name, sizeof(user_name)) >= sizeof(user_name))
1018 fatalx("username too long");
1019
1020 if (getcwd(cwd, sizeof(cwd)) == NULL)
1021 fatal("unable to get current working directory");
1022
1023 if (!allowed(pw->pw_name, _PATH_AT_ALLOW, _PATH_AT_DENY)) {
1024 syslog(LOG_WARNING, "(%s) AUTH (at command not allowed)",
1025 pw->pw_name);
1026 fatalx("you do not have permission to use at.");
1027 }
1028
1029 /* select our program */
1030 switch (program) {
1031 case ATQ:
1032 list_jobs(argc, argv, nflag, cflag);
1033 break;
1034
1035 case ATRM:
1036 case CAT:
1037 if ((aflag && argc) || (!aflag && !argc))
1038 usage();
1039 return process_jobs(argc, argv, program);
1040 break;
1041
1042 case AT:
1043 /* Time may have been specified via the -t flag. */
1044 if (timer == -1) {
1045 if (argc == 0)
1046 usage();
1047 else if ((timer = parsetime(argc, argv)) == -1)
1048 return EXIT_FAILURE;
1049 }
1050 writefile(cwd, timer, queue);
1051 break;
1052
1053 case BATCH:
1054 if (queue_set)
1055 queue = toupper((unsigned char)queue);
1056 else
1057 queue = DEFAULT_BATCH_QUEUE;
1058
1059 if (argc == 0)
1060 timer = time(NULL);
1061 else if ((timer = parsetime(argc, argv)) == -1)
1062 return EXIT_FAILURE;
1063
1064 writefile(cwd, timer, queue);
1065 break;
1066
1067 default:
1068 fatalx("internal error");
1069 break;
1070 }
1071 return EXIT_SUCCESS;
1072 }
1073