Print this page
13066 Want crontab -u
Change-ID: I3dc2251dbbcc721aeff25a9dde21a24271c927bc
| Split |
Close |
| Expand all |
| Collapse all |
--- old/usr/src/cmd/cron/crontab.c
+++ new/usr/src/cmd/cron/crontab.c
1 1 /*
2 2 * CDDL HEADER START
3 3 *
4 4 * The contents of this file are subject to the terms of the
5 5 * Common Development and Distribution License (the "License").
6 6 * You may not use this file except in compliance with the License.
7 7 *
8 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 9 * or http://www.opensolaris.org/os/licensing.
10 10 * See the License for the specific language governing permissions
11 11 * and limitations under the License.
12 12 *
13 13 * When distributing Covered Code, include this CDDL HEADER in each
14 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 15 * If applicable, add the following below this CDDL HEADER, with the
16 16 * fields enclosed by brackets "[]" replaced with your own identifying
17 17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 18 *
|
↓ open down ↓ |
18 lines elided |
↑ open up ↑ |
19 19 * CDDL HEADER END
20 20 */
21 21 /*
22 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved.
23 23 * Use is subject to license terms.
24 24 */
25 25 /* Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T */
26 26 /* All Rights Reserved */
27 27
28 28 /*
29 - * Copyright 2019 OmniOS Community Edition (OmniOSce) Association.
29 + * Copyright 2020 OmniOS Community Edition (OmniOSce) Association.
30 30 */
31 31
32 32 #include <sys/types.h>
33 33 #include <sys/stat.h>
34 34 #include <sys/types.h>
35 35 #include <sys/wait.h>
36 36 #include <errno.h>
37 37 #include <signal.h>
38 38 #include <stdio.h>
39 39 #include <stdlib.h>
40 40 #include <string.h>
41 41 #include <fcntl.h>
42 42 #include <ctype.h>
43 43 #include <pwd.h>
44 44 #include <unistd.h>
45 45 #include <locale.h>
46 46 #include <nl_types.h>
47 47 #include <langinfo.h>
48 48 #include <libintl.h>
49 49 #include <security/pam_appl.h>
50 50 #include <limits.h>
51 51 #include <libzoneinfo.h>
52 52 #include "cron.h"
53 53 #include "getresponse.h"
54 54
55 55 #if defined(XPG4)
56 56 #define VIPATH "/usr/xpg4/bin/vi"
57 57 #elif defined(XPG6)
58 58 #define VIPATH "/usr/xpg6/bin/vi"
59 59 #else
60 60 #define _XPG_NOTDEFINED
61 61 #define VIPATH "vi"
62 62 #endif
63 63
64 64 #define TMPFILE "_cron" /* prefix for tmp file */
|
↓ open down ↓ |
25 lines elided |
↑ open up ↑ |
65 65 #define CRMODE 0600 /* mode for creating crontabs */
66 66
67 67 #define BADCREATE \
68 68 "can't create your crontab file in the crontab directory."
69 69 #define BADOPEN "can't open your crontab file."
70 70 #define BADSHELL \
71 71 "because your login shell isn't /usr/bin/sh, you can't use cron."
72 72 #define WARNSHELL "warning: commands will be executed using /usr/bin/sh\n"
73 73 #define BADUSAGE \
74 74 "usage:\n" \
75 - "\tcrontab [file]\n" \
76 - "\tcrontab -e [username]\n" \
77 - "\tcrontab -l [username]\n" \
78 - "\tcrontab -r [username]"
75 + "\tcrontab [-u username] [file]\n" \
76 + "\tcrontab [-u username] { -e | -l | -r }\n" \
77 + "\tcrontab { -e | -l | -r } [username]"
79 78 #define INVALIDUSER "you are not a valid user (no entry in /etc/passwd)."
80 79 #define NOTALLOWED "you are not authorized to use cron. Sorry."
81 80 #define NOTROOT \
82 81 "you must be super-user to access another user's crontab file"
83 82 #define AUDITREJECT "The audit context for your shell has not been set."
84 83 #define EOLN "unexpected end of line."
85 84 #define UNEXPECT "unexpected character found in line."
86 85 #define OUTOFBOUND "number out of bounds."
87 86 #define OVERFLOW "too many elements."
88 87 #define ERRSFND "errors detected in input, no crontab file generated."
89 88 #define ED_ERROR \
90 89 " The editor indicates that an error occurred while you were\n"\
91 90 " editing the crontab data - usually a minor typing error.\n\n"
92 91 #define BADREAD "error reading your crontab file"
93 92 #define ED_PROMPT \
94 93 " Edit again, to ensure crontab information is intact (%s/%s)?\n"\
95 94 " ('%s' will discard edits.)"
96 95 #define NAMETOOLONG "login name too long"
97 96 #define BAD_TZ "Timezone unrecognized in: %s"
98 97 #define BAD_SHELL "Invalid shell specified: %s"
99 98 #define BAD_HOME "Unable to access directory: %s\t%s\n"
100 99
101 100 extern int per_errno;
102 101
103 102 extern int audit_crontab_modify(char *, char *, int);
104 103 extern int audit_crontab_delete(char *, int);
105 104 extern int audit_crontab_not_allowed(uid_t, char *);
106 105
107 106 int err;
108 107 int cursor;
109 108 char *cf;
110 109 char *tnam;
111 110 char edtemp[5+13+1];
112 111 char line[CTLINESIZE];
113 112 static char login[UNAMESIZE];
114 113
115 114 static void catch(int);
116 115 static void crabort(char *);
117 116 static void cerror(char *);
118 117 static void copycron(FILE *);
119 118
120 119 int
121 120 main(int argc, char **argv)
122 121 {
123 122 int c, r;
124 123 int rflag = 0;
125 124 int lflag = 0;
126 125 int eflag = 0;
127 126 int errflg = 0;
128 127 char *pp;
|
↓ open down ↓ |
40 lines elided |
↑ open up ↑ |
129 128 FILE *fp, *tmpfp;
130 129 struct stat stbuf;
131 130 struct passwd *pwp;
132 131 time_t omodtime;
133 132 char *editor;
134 133 uid_t ruid;
135 134 pid_t pid;
136 135 int stat_loc;
137 136 int ret;
138 137 char real_login[UNAMESIZE];
138 + char *user = NULL;
139 139 int tmpfd = -1;
140 140 pam_handle_t *pamh;
141 141 int pam_error;
142 142 char *buf;
143 143 size_t buflen;
144 144
145 145 (void) setlocale(LC_ALL, "");
146 146 #if !defined(TEXT_DOMAIN) /* Should be defined by cc -D */
147 -#define TEXT_DOMAIN "SYS_TEST" /* Use this only if it weren't */
147 +#define TEXT_DOMAIN "SYS_TEST" /* Use this only if it wasn't */
148 148 #endif
149 149 (void) textdomain(TEXT_DOMAIN);
150 150
151 151 if (init_yes() < 0) {
152 152 (void) fprintf(stderr, gettext(ERR_MSG_INIT_YES),
153 153 strerror(errno));
154 154 exit(1);
155 155 }
156 156
157 - while ((c = getopt(argc, argv, "elr")) != EOF)
157 + while ((c = getopt(argc, argv, "elru:")) != EOF) {
158 158 switch (c) {
159 159 case 'e':
160 160 eflag++;
161 161 break;
162 162 case 'l':
163 163 lflag++;
164 164 break;
165 165 case 'r':
166 166 rflag++;
167 167 break;
168 + case 'u':
169 + user = optarg;
170 + break;
168 171 case '?':
169 172 errflg++;
170 173 break;
171 174 }
175 + }
172 176
177 + argc -= optind;
178 + argv += optind;
179 +
173 180 if (eflag + lflag + rflag > 1)
174 181 errflg++;
175 182
176 - argc -= optind;
177 - argv += optind;
183 + if ((eflag || lflag || rflag) && argc > 0) {
184 + if (user != NULL)
185 + errflg++;
186 + else
187 + user = *argv;
188 + }
189 +
178 190 if (errflg || argc > 1)
179 191 crabort(BADUSAGE);
180 192
181 193 ruid = getuid();
182 194 if ((pwp = getpwuid(ruid)) == NULL)
183 195 crabort(INVALIDUSER);
184 196
185 197 if (strlcpy(real_login, pwp->pw_name, sizeof (real_login))
186 - >= sizeof (real_login))
198 + >= sizeof (real_login)) {
187 199 crabort(NAMETOOLONG);
200 + }
188 201
189 - if ((eflag || lflag || rflag) && argc == 1) {
190 - if ((pwp = getpwnam(*argv)) == NULL)
202 + if (user != NULL) {
203 + if ((pwp = getpwnam(user)) == NULL)
191 204 crabort(INVALIDUSER);
192 205
193 206 if (!cron_admin(real_login)) {
194 207 if (pwp->pw_uid != ruid)
195 208 crabort(NOTROOT);
196 209 else
197 210 pp = getuser(ruid);
198 - } else
199 - pp = *argv++;
211 + } else {
212 + pp = user;
213 + }
200 214 } else {
201 215 pp = getuser(ruid);
202 216 }
203 217
204 218 if (pp == NULL) {
205 219 if (per_errno == 2)
206 220 crabort(BADSHELL);
207 221 else
208 222 crabort(INVALIDUSER);
209 223 }
210 224 if (strlcpy(login, pp, sizeof (login)) >= sizeof (login))
211 225 crabort(NAMETOOLONG);
212 226 if (!allowed(login, CRONALLOW, CRONDENY))
213 227 crabort(NOTALLOWED);
214 228
215 229 /* Do account validation check */
216 230 pam_error = pam_start("cron", pp, NULL, &pamh);
217 231 if (pam_error != PAM_SUCCESS) {
218 232 crabort((char *)pam_strerror(pamh, pam_error));
219 233 }
220 234 pam_error = pam_acct_mgmt(pamh, PAM_SILENT);
221 235 if (pam_error != PAM_SUCCESS) {
222 236 (void) fprintf(stderr, gettext("Warning - Invalid account: "
223 237 "'%s' not allowed to execute cronjobs\n"), pp);
224 238 }
225 239 (void) pam_end(pamh, PAM_SUCCESS);
226 240
227 241
228 242 /* check for unaudited shell */
229 243 if (audit_crontab_not_allowed(ruid, pp))
230 244 crabort(AUDITREJECT);
231 245
232 246 cf = xmalloc(strlen(CRONDIR)+strlen(login)+2);
233 247 strcat(strcat(strcpy(cf, CRONDIR), "/"), login);
234 248
235 249 if (rflag) {
236 250 r = unlink(cf);
237 251 cron_sendmsg(DELETE, login, login, CRON);
238 252 audit_crontab_delete(cf, r);
239 253 exit(0);
240 254 }
241 255 if (lflag) {
242 256 if ((fp = fopen(cf, "r")) == NULL)
243 257 crabort(BADOPEN);
244 258 while (fgets(line, CTLINESIZE, fp) != NULL)
245 259 fputs(line, stdout);
246 260 fclose(fp);
247 261 exit(0);
248 262 }
249 263 if (eflag) {
250 264 if ((fp = fopen(cf, "r")) == NULL) {
251 265 if (errno != ENOENT)
252 266 crabort(BADOPEN);
253 267 }
254 268 (void) strcpy(edtemp, "/tmp/crontabXXXXXX");
255 269 tmpfd = mkstemp(edtemp);
256 270 if (fchown(tmpfd, ruid, -1) == -1) {
257 271 (void) close(tmpfd);
258 272 crabort("fchown of temporary file failed");
259 273 }
260 274 (void) close(tmpfd);
261 275 /*
262 276 * Fork off a child with user's permissions,
263 277 * to edit the crontab file
264 278 */
265 279 if ((pid = fork()) == (pid_t)-1)
266 280 crabort("fork failed");
267 281 if (pid == 0) { /* child process */
268 282 /* give up super-user privileges. */
269 283 setuid(ruid);
270 284 if ((tmpfp = fopen(edtemp, "w")) == NULL)
271 285 crabort("can't create temporary file");
272 286 if (fp != NULL) {
273 287 /*
274 288 * Copy user's crontab file to temporary file.
275 289 */
276 290 while (fgets(line, CTLINESIZE, fp) != NULL) {
277 291 fputs(line, tmpfp);
278 292 if (ferror(tmpfp)) {
279 293 fclose(fp);
280 294 fclose(tmpfp);
281 295 crabort("write error on"
282 296 "temporary file");
283 297 }
284 298 }
285 299 if (ferror(fp)) {
286 300 fclose(fp);
287 301 fclose(tmpfp);
288 302 crabort(BADREAD);
289 303 }
290 304 fclose(fp);
291 305 }
292 306 if (fclose(tmpfp) == EOF)
293 307 crabort("write error on temporary file");
294 308 if (stat(edtemp, &stbuf) < 0)
295 309 crabort("can't stat temporary file");
296 310 omodtime = stbuf.st_mtime;
297 311 #ifdef _XPG_NOTDEFINED
298 312 editor = getenv("VISUAL");
299 313 if (editor == NULL) {
300 314 #endif
301 315 editor = getenv("EDITOR");
302 316 if (editor == NULL)
303 317 editor = VIPATH;
304 318 #ifdef _XPG_NOTDEFINED
305 319 }
306 320 #endif
307 321 buflen = strlen(editor) + strlen(edtemp) + 2;
308 322 buf = xmalloc(buflen);
309 323 (void) snprintf(buf, buflen, "%s %s", editor, edtemp);
310 324
311 325 sleep(1);
312 326
313 327 while (1) {
314 328 ret = system(buf);
315 329
316 330 /* sanity checks */
317 331 if ((tmpfp = fopen(edtemp, "r")) == NULL)
318 332 crabort("can't open temporary file");
319 333 if (fstat(fileno(tmpfp), &stbuf) < 0)
320 334 crabort("can't stat temporary file");
321 335 if (stbuf.st_size == 0)
322 336 crabort("temporary file empty");
323 337 if (omodtime == stbuf.st_mtime) {
324 338 (void) unlink(edtemp);
325 339 fprintf(stderr, gettext(
326 340 "The crontab file was not"
327 341 " changed.\n"));
328 342 exit(1);
329 343 }
330 344 if ((ret) && (errno != EINTR)) {
331 345 /*
332 346 * Some editors (like 'vi') can return
333 347 * a non-zero exit status even though
334 348 * everything is okay. Need to check.
335 349 */
336 350 fprintf(stderr, gettext(ED_ERROR));
337 351 fflush(stderr);
338 352 if (isatty(fileno(stdin))) {
339 353 /* Interactive */
340 354 fprintf(stdout,
341 355 gettext(ED_PROMPT),
342 356 yesstr, nostr, nostr);
343 357 fflush(stdout);
344 358
345 359 if (yes()) {
346 360 /* Edit again */
347 361 continue;
348 362 } else {
349 363 /* Dump changes */
350 364 (void) unlink(edtemp);
351 365 exit(1);
352 366 }
353 367 } else {
354 368 /*
355 369 * Non-interactive, dump changes
356 370 */
357 371 (void) unlink(edtemp);
358 372 exit(1);
359 373 }
360 374 }
361 375 exit(0);
362 376 } /* while (1) */
363 377 }
364 378
365 379 /* fix for 1125555 - ignore common signals while waiting */
366 380 (void) signal(SIGINT, SIG_IGN);
367 381 (void) signal(SIGHUP, SIG_IGN);
368 382 (void) signal(SIGQUIT, SIG_IGN);
369 383 (void) signal(SIGTERM, SIG_IGN);
370 384 wait(&stat_loc);
371 385 if ((stat_loc & 0xFF00) != 0)
372 386 exit(1);
373 387
374 388 /*
375 389 * unlink edtemp as 'ruid'. The file contents will be held
376 390 * since we open the file descriptor 'tmpfp' before calling
377 391 * unlink.
378 392 */
379 393 if (((ret = seteuid(ruid)) < 0) ||
380 394 ((tmpfp = fopen(edtemp, "r")) == NULL) ||
381 395 (unlink(edtemp) == -1)) {
382 396 fprintf(stderr, "crontab: %s: %s\n",
383 397 edtemp, errmsg(errno));
384 398 if ((ret < 0) || (tmpfp == NULL))
385 399 (void) unlink(edtemp);
386 400 exit(1);
387 401 } else
388 402 seteuid(0);
389 403
390 404 copycron(tmpfp);
391 405 } else {
392 406 if (argc == 0)
393 407 copycron(stdin);
394 408 else if (seteuid(getuid()) != 0 || (fp = fopen(argv[0], "r"))
395 409 == NULL)
396 410 crabort(BADOPEN);
397 411 else {
398 412 seteuid(0);
399 413 copycron(fp);
400 414 }
401 415 }
402 416 cron_sendmsg(ADD, login, login, CRON);
403 417 /*
404 418 * if (per_errno == 2)
405 419 * fprintf(stderr, gettext(WARNSHELL));
406 420 */
407 421 return (0);
408 422 }
409 423
410 424 static void
411 425 copycron(FILE *fp)
412 426 {
413 427 FILE *tfp;
414 428 char pid[6], *tnam_end;
415 429 int t;
416 430 char buf[LINE_MAX];
417 431 cferror_t cferr;
418 432
419 433 sprintf(pid, "%-5d", getpid());
420 434 tnam = xmalloc(strlen(CRONDIR)+strlen(TMPFILE)+7);
421 435 strcat(strcat(strcat(strcpy(tnam, CRONDIR), "/"), TMPFILE), pid);
422 436 /* cut trailing blanks */
423 437 tnam_end = strchr(tnam, ' ');
424 438 if (tnam_end != NULL)
425 439 *tnam_end = 0;
426 440 /* catch SIGINT, SIGHUP, SIGQUIT signals */
427 441 if (signal(SIGINT, catch) == SIG_IGN)
428 442 signal(SIGINT, SIG_IGN);
429 443 if (signal(SIGHUP, catch) == SIG_IGN) signal(SIGHUP, SIG_IGN);
430 444 if (signal(SIGQUIT, catch) == SIG_IGN) signal(SIGQUIT, SIG_IGN);
431 445 if (signal(SIGTERM, catch) == SIG_IGN) signal(SIGTERM, SIG_IGN);
432 446 if ((t = creat(tnam, CRMODE)) == -1) crabort(BADCREATE);
433 447 if ((tfp = fdopen(t, "w")) == NULL) {
434 448 unlink(tnam);
435 449 crabort(BADCREATE);
436 450 }
437 451 err = 0; /* if errors found, err set to 1 */
438 452 while (fgets(line, CTLINESIZE, fp) != NULL) {
439 453 cursor = 0;
440 454 while (line[cursor] == ' ' || line[cursor] == '\t')
441 455 cursor++;
442 456 /* fix for 1039689 - treat blank line like a comment */
443 457 if (line[cursor] == '#' || line[cursor] == '\n')
444 458 goto cont;
445 459
446 460 if (strncmp(&line[cursor], ENV_TZ, strlen(ENV_TZ)) == 0) {
447 461 char *x;
448 462
449 463 strncpy(buf, &line[cursor + strlen(ENV_TZ)],
450 464 sizeof (buf));
451 465 if ((x = strchr(buf, '\n')) != NULL)
452 466 *x = '\0';
453 467
454 468 if (isvalid_tz(buf, NULL, _VTZ_ALL)) {
455 469 goto cont;
456 470 } else {
457 471 err = 1;
458 472 fprintf(stderr, BAD_TZ, &line[cursor]);
459 473 continue;
460 474 }
461 475 } else if (strncmp(&line[cursor], ENV_SHELL,
462 476 strlen(ENV_SHELL)) == 0) {
463 477 char *x;
464 478
465 479 strncpy(buf, &line[cursor + strlen(ENV_SHELL)],
466 480 sizeof (buf));
467 481 if ((x = strchr(buf, '\n')) != NULL)
468 482 *x = '\0';
469 483
470 484 if (isvalid_shell(buf)) {
471 485 goto cont;
472 486 } else {
473 487 err = 1;
474 488 fprintf(stderr, BAD_SHELL, &line[cursor]);
475 489 continue;
476 490 }
477 491 } else if (strncmp(&line[cursor], ENV_HOME,
478 492 strlen(ENV_HOME)) == 0) {
479 493 char *x;
480 494
481 495 strncpy(buf, &line[cursor + strlen(ENV_HOME)],
482 496 sizeof (buf));
483 497 if ((x = strchr(buf, '\n')) != NULL)
484 498 *x = '\0';
485 499 if (chdir(buf) == 0) {
486 500 goto cont;
487 501 } else {
488 502 err = 1;
489 503 fprintf(stderr, BAD_HOME, &line[cursor],
490 504 strerror(errno));
491 505 continue;
492 506 }
493 507 }
494 508
495 509 if ((cferr = next_field(0, 59, line, &cursor, NULL)) != CFOK ||
496 510 (cferr = next_field(0, 23, line, &cursor, NULL)) != CFOK ||
497 511 (cferr = next_field(1, 31, line, &cursor, NULL)) != CFOK ||
498 512 (cferr = next_field(1, 12, line, &cursor, NULL)) != CFOK ||
499 513 (cferr = next_field(0, 6, line, &cursor, NULL)) != CFOK) {
500 514 switch (cferr) {
501 515 case CFEOLN:
502 516 cerror(EOLN);
503 517 break;
504 518 case CFUNEXPECT:
505 519 cerror(UNEXPECT);
506 520 break;
507 521 case CFOUTOFBOUND:
508 522 cerror(OUTOFBOUND);
509 523 break;
510 524 case CFEOVERFLOW:
511 525 cerror(OVERFLOW);
512 526 break;
513 527 case CFENOMEM:
514 528 (void) fprintf(stderr, "Out of memory\n");
515 529 exit(55);
516 530 break;
517 531 default:
518 532 break;
519 533 }
520 534 continue;
521 535 }
522 536
523 537 if (line[++cursor] == '\0') {
524 538 cerror(EOLN);
525 539 continue;
526 540 }
527 541 cont:
528 542 if (fputs(line, tfp) == EOF) {
529 543 unlink(tnam);
530 544 crabort(BADCREATE);
531 545 }
532 546 }
533 547 fclose(fp);
534 548 fclose(tfp);
535 549
536 550 /* audit differences between old and new crontabs */
537 551 audit_crontab_modify(cf, tnam, err);
538 552
539 553 if (!err) {
540 554 /* make file tfp the new crontab */
541 555 unlink(cf);
542 556 if (link(tnam, cf) == -1) {
543 557 unlink(tnam);
544 558 crabort(BADCREATE);
545 559 }
546 560 } else {
547 561 crabort(ERRSFND);
548 562 }
549 563 unlink(tnam);
550 564 }
551 565
552 566 static void
553 567 cerror(char *msg)
554 568 {
555 569 fprintf(stderr, gettext("%scrontab: error on previous line; %s\n"),
556 570 line, msg);
557 571 err = 1;
558 572 }
559 573
560 574
561 575 static void
562 576 catch(int x)
563 577 {
564 578 unlink(tnam);
565 579 exit(1);
566 580 }
567 581
568 582 static void
569 583 crabort(char *msg)
570 584 {
571 585 int sverrno;
572 586
573 587 if (strcmp(edtemp, "") != 0) {
574 588 sverrno = errno;
575 589 (void) unlink(edtemp);
576 590 errno = sverrno;
577 591 }
578 592 if (tnam != NULL) {
579 593 sverrno = errno;
580 594 (void) unlink(tnam);
581 595 errno = sverrno;
582 596 }
583 597 fprintf(stderr, "crontab: %s\n", gettext(msg));
584 598 exit(1);
585 599 }
|
↓ open down ↓ |
376 lines elided |
↑ open up ↑ |
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX