xref: /freebsd/usr.sbin/cron/cron/popen.c (revision 8a7b6120)

/*
 * Copyright (c) 1988 The Regents of the University of California.
 * All rights reserved.
 *
 * This code is derived from software written by Ken Arnold and
 * published in UNIX Review, Vol. 6, No. 8.
 *
 * Redistribution and use in source and binary forms are permitted
 * provided that the above copyright notice and this paragraph are
 * duplicated in all such forms and that any documentation,
 * advertising materials, and other materials related to such
 * distribution and use acknowledge that the software was developed
 * by the University of California, Berkeley.  The name of the
 * University may not be used to endorse or promote products derived
 * from this software without specific prior written permission.
 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 *
 */

/* this came out of the ftpd sources; it's been modified to avoid the
 * globbing stuff since we don't need it.  also execvp instead of execv.
 */

#ifndef lint
static const char rcsid[] =
    "$Id: popen.c,v 1.3 1998/08/14 00:32:41 vixie Exp $";
#endif /* not lint */

#include "cron.h"
#if defined(LOGIN_CAP)
# include <login_cap.h>
#endif

#define MAX_ARGS 100
#define WANT_GLOBBING 0

/*
 * Special version of popen which avoids call to shell.  This insures no one
 * may create a pipe to a hidden program as a side effect of a list or dir
 * command.
 */
static PID_T *pids;
static int fds;

FILE *
cron_popen(char *program, char *type, entry *e, PID_T *pidptr)
{
	char *cp;
	FILE *iop;
	int argc, pdes[2];
	PID_T pid;
	char *usernm;
	char *argv[MAX_ARGS + 1];
# if defined(LOGIN_CAP)
	struct passwd	*pwd;
	login_cap_t *lc;
# endif
#if WANT_GLOBBING
	char **pop, *vv[2];
	int gargc;
	char *gargv[1000];
	extern char **glob(), **copyblk();
#endif

	if ((*type != 'r' && *type != 'w') || type[1] != '\0')
		return (NULL);

	if (!pids) {
		if ((fds = sysconf(_SC_OPEN_MAX)) <= 0)
			return (NULL);
		if (!(pids = calloc(fds, sizeof(PID_T))))
			return (NULL);
	}
	if (pipe(pdes) < 0)
		return (NULL);

	/* break up string into pieces */
	for (argc = 0, cp = program; argc < MAX_ARGS; cp = NULL)
		if (!(argv[argc++] = strtok(cp, " \t\n")))
			break;
	argv[MAX_ARGS] = NULL;

#if WANT_GLOBBING
	/* glob each piece */
	gargv[0] = argv[0];
	for (gargc = argc = 1; argv[argc]; argc++) {
		if (!(pop = glob(argv[argc]))) {	/* globbing failed */
			vv[0] = argv[argc];
			vv[1] = NULL;
			pop = copyblk(vv);
		}
		argv[argc] = (char *)pop;		/* save to free later */
		while (*pop && gargc < 1000)
			gargv[gargc++] = *pop++;
	}
	gargv[gargc] = NULL;
#endif

	iop = NULL;
	switch(pid = fork()) {
	case -1:			/* error */
		(void)close(pdes[0]);
		(void)close(pdes[1]);
		goto pfree;
		/* NOTREACHED */
	case 0:				/* child */
		if (e != NULL) {
#ifdef SYSLOG
			closelog();
#endif

			/* get new pgrp, void tty, etc.
			 */
			(void) setsid();
		}
		if (*type == 'r') {
			/* Do not share our parent's stdin */
			(void)close(0);
			(void)open(_PATH_DEVNULL, O_RDWR);
			if (pdes[1] != 1) {
				dup2(pdes[1], 1);
				dup2(pdes[1], 2);	/* stderr, too! */
				(void)close(pdes[1]);
			}
			(void)close(pdes[0]);
		} else {
			if (pdes[0] != 0) {
				dup2(pdes[0], 0);
				(void)close(pdes[0]);
			}
			/* Hack: stdout gets revoked */
			(void)close(1);
			(void)open(_PATH_DEVNULL, O_RDWR);
			(void)close(2);
			(void)open(_PATH_DEVNULL, O_RDWR);
			(void)close(pdes[1]);
		}
		if (e != NULL) {
			/* Set user's entire context, but skip the environment
			 * as cron provides a separate interface for this
			 */
			usernm = env_get("LOGNAME", e->envp);
# if defined(LOGIN_CAP)
			if ((pwd = getpwnam(usernm)) == NULL)
				pwd = getpwuid(e->uid);
			lc = NULL;
			if (pwd != NULL) {
				pwd->pw_gid = e->gid;
				if (e->class != NULL)
					lc = login_getclass(e->class);
			}
			if (pwd &&
			    setusercontext(lc, pwd, e->uid,
				    LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETENV)) == 0)
				(void) endpwent();
			else {
				/* fall back to the old method */
				(void) endpwent();
# endif
				/*
				 * Set our directory, uid and gid.  Set gid
				 * first since once we set uid, we've lost
				 * root privileges.
				 */
				if (setgid(e->gid) != 0)
					_exit(ERROR_EXIT);
# if defined(BSD)
				if (initgroups(usernm, e->gid) != 0)
					_exit(ERROR_EXIT);
# endif
				if (setlogin(usernm) != 0)
					_exit(ERROR_EXIT);
				if (setuid(e->uid) != 0)
					_exit(ERROR_EXIT);
				/* we aren't root after this..*/
#if defined(LOGIN_CAP)
			}
			if (lc != NULL)
				login_close(lc);
#endif
			chdir(env_get("HOME", e->envp));
		}
#if WANT_GLOBBING
		execvp(gargv[0], gargv);
#else
		execvp(argv[0], argv);
#endif
		_exit(1);
	}
	/* parent; assume fdopen can't fail...  */
	if (*type == 'r') {
		iop = fdopen(pdes[0], type);
		(void)close(pdes[1]);
	} else {
		iop = fdopen(pdes[1], type);
		(void)close(pdes[0]);
	}
	pids[fileno(iop)] = pid;

pfree:
#if WANT_GLOBBING
	for (argc = 1; argv[argc] != NULL; argc++) {
/*		blkfree((char **)argv[argc]);	*/
		free((char *)argv[argc]);
	}
#endif

	*pidptr = pid;

	return (iop);
}

int
cron_pclose(FILE *iop)
{
	int fdes;
	int omask;
	WAIT_T stat_loc;
	PID_T pid;

	/*
	 * pclose returns -1 if stream is not associated with a
	 * `popened' command, or, if already `pclosed'.
	 */
	if (pids == 0 || pids[fdes = fileno(iop)] == 0)
		return (-1);
	(void)fclose(iop);
	omask = sigblock(sigmask(SIGINT)|sigmask(SIGQUIT)|sigmask(SIGHUP));
	while ((pid = wait(&stat_loc)) != pids[fdes] && pid != -1)
		;
	(void)sigsetmask(omask);
	pids[fdes] = 0;
	return (pid == -1 ? -1 : WEXITSTATUS(stat_loc));
}