diff options
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/at/Makefile | 10 | ||||
| -rw-r--r-- | usr.bin/at/at.c | 365 | ||||
| -rw-r--r-- | usr.bin/at/at.h | 6 | ||||
| -rw-r--r-- | usr.bin/at/panic.c | 114 | ||||
| -rw-r--r-- | usr.bin/at/panic.h | 32 | ||||
| -rw-r--r-- | usr.bin/at/parsetime.c | 122 | ||||
| -rw-r--r-- | usr.bin/at/parsetime.h | 30 | ||||
| -rw-r--r-- | usr.bin/at/perm.c | 108 | ||||
| -rw-r--r-- | usr.bin/at/perm.h | 28 | ||||
| -rw-r--r-- | usr.bin/at/privs.h | 44 |
10 files changed, 334 insertions, 525 deletions
diff --git a/usr.bin/at/Makefile b/usr.bin/at/Makefile index f5d9c51e621..a56c946054a 100644 --- a/usr.bin/at/Makefile +++ b/usr.bin/at/Makefile @@ -1,15 +1,17 @@ -# $OpenBSD: Makefile,v 1.7 2002/07/15 19:13:29 millert Exp $ +# $OpenBSD: Makefile,v 1.8 2003/02/20 20:38:08 millert Exp $ PROG= at -SRCS= at.c panic.c parsetime.c perm.c -CFLAGS+=-I${.CURDIR}/../../usr.sbin/cron +SRCS= at.c misc.c parsetime.c +CRONDIR=${.CURDIR}/../../usr.sbin/cron +CFLAGS+=-I${CRONDIR} -DDEBUGGING=0 MAN= at.1 atrm.1 atq.1 LINKS= ${BINDIR}/at ${BINDIR}/atq \ ${BINDIR}/at ${BINDIR}/atrm \ ${BINDIR}/at ${BINDIR}/batch MLINKS= at.1 batch.1 - BINGRP= crontab BINMODE= 2555 +.PATH: ${CRONDIR} + .include <bsd.prog.mk> diff --git a/usr.bin/at/at.c b/usr.bin/at/at.c index 7764db9154d..13e026e2afd 100644 --- a/usr.bin/at/at.c +++ b/usr.bin/at/at.c @@ -1,5 +1,4 @@ -/* $OpenBSD: at.c,v 1.34 2003/02/18 02:25:39 millert Exp $ */ -/* $NetBSD: at.c,v 1.4 1995/03/25 18:13:31 glass Exp $ */ +/* $OpenBSD: at.c,v 1.35 2003/02/20 20:38:08 millert Exp $ */ /* * at.c : Put file into atrun queue @@ -9,7 +8,7 @@ * Copyright (C) 1993 David Parsons * * Traditional BSD behavior and other significant modifications - * Copyright (C) 2002 Todd C. Miller + * Copyright (C) 2002-2003 Todd C. Miller * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -32,49 +31,18 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/stat.h> -#include <sys/time.h> -#include <sys/un.h> - -#include <ctype.h> -#include <dirent.h> -#include <err.h> -#include <errno.h> -#include <fcntl.h> -#include <limits.h> -#include <locale.h> -#include <pwd.h> -#include <signal.h> -#include <stddef.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <time.h> -#include <unistd.h> -#include <utime.h> -#include <utmp.h> - -#if (MAXLOGNAME-1) > UT_NAMESIZE -#define LOGNAMESIZE UT_NAMESIZE -#else -#define LOGNAMESIZE (MAXLOGNAME-1) -#endif +#define MAIN_PROGRAM +#include "cron.h" #include "at.h" -#include "panic.h" -#include "parsetime.h" -#include "perm.h" -#include "pathnames.h" -#define MAIN #include "privs.h" +#include <limits.h> #define ALARMC 10 /* Number of seconds to wait for timeout */ #define TIMESIZE 50 /* Size of buffer passed to strftime() */ #ifndef lint -static const char rcsid[] = "$OpenBSD: at.c,v 1.34 2003/02/18 02:25:39 millert Exp $"; +static const char rcsid[] = "$OpenBSD: at.c,v 1.35 2003/02/20 20:38:08 millert Exp $"; #endif /* Variables to remove from the job's environment. */ @@ -85,7 +53,7 @@ char *no_export[] = }; int program = AT; /* default program mode */ -char atfile[PATH_MAX]; /* path to the at spool file */ +char atfile[MAX_FNAME]; /* path to the at spool file */ int fcreated; /* whether or not we created the file yet */ char *atinput = NULL; /* where to get input from */ char atqueue = 0; /* which queue to examine for jobs (atq) */ @@ -96,39 +64,93 @@ static int send_mail = 0; /* whether we are sending mail */ static void sigc(int); static void alarmc(int); -static void writefile(time_t, char); +static void writefile(const char *, time_t, char); static void list_jobs(int, char **, int, int); -static void poke_daemon(void); static time_t ttime(const char *); +static int check_permission(void); +static void panic(const char *); +static void perr(const char *); +static void perr2(const char *, const char *); +static void usage(void); +time_t parsetime(int, char **); -static void -sigc(int signo) +/* + * Something fatal has happened, print error message and exit. + */ +static __dead void +panic(const char *a) { - /* If the user presses ^C, remove the spool file and exit. */ + (void)fprintf(stderr, "%s: %s\n", ProgramName, a); if (fcreated) { PRIV_START; - (void)unlink(atfile); + unlink(atfile); PRIV_END; } - _exit(EXIT_FAILURE); + exit(ERROR_EXIT); } -static void -alarmc(int signo) +/* + * Two-parameter version of panic(). + */ +static __dead void +panic2(const char *a, const char *b) { - char buf[1024]; + (void)fprintf(stderr, "%s: %s%s\n", ProgramName, a, b); + if (fcreated) { + PRIV_START; + unlink(atfile); + PRIV_END; + } + + exit(ERROR_EXIT); +} - /* Time out after some seconds. */ - strlcpy(buf, __progname, sizeof(buf)); - strlcat(buf, ": File locking timed out\n", sizeof(buf)); - write(STDERR_FILENO, buf, strlen(buf)); +/* + * Some operating system error; print error message and exit. + */ +static __dead void +perr(const char *a) +{ + if (!force) + perror(a); if (fcreated) { PRIV_START; unlink(atfile); PRIV_END; } - _exit(EXIT_FAILURE); + + exit(ERROR_EXIT); +} + +/* + * Two-parameter version of perr(). + */ +static __dead void +perr2(const char *a, const char *b) +{ + if (!force) + (void)fputs(a, stderr); + perr(b); +} + +static void +sigc(int signo) +{ + /* If the user presses ^C, remove the spool file and exit. */ + if (fcreated) { + PRIV_START; + (void)unlink(atfile); + PRIV_END; + } + + _exit(ERROR_EXIT); +} + +static void +alarmc(int signo) +{ + /* just return */ } static int @@ -142,8 +164,8 @@ newjob(time_t runtimer, int queue) * queues instead... */ for (i = 0; i < 120; i++) { - snprintf(atfile, sizeof(atfile), "%s/%ld.%c", - _PATH_ATJOBS, (long)runtimer, queue); + snprintf(atfile, sizeof(atfile), "%s/%ld.%c", AT_DIR, + (long)runtimer, queue); fd = open(atfile, O_WRONLY | O_CREAT | O_EXCL, S_IRUSR); if (fd >= 0) return (fd); @@ -157,11 +179,11 @@ newjob(time_t runtimer, int queue) * writing a job. */ static void -writefile(time_t runtimer, char queue) +writefile(const char *cwd, time_t runtimer, char queue) { - char *ap, *mailname, *shell; + const char *ap; + char *mailname, *shell; char timestr[TIMESIZE]; - char path[PATH_MAX]; struct passwd *pass_entry; struct tm runtime; int fdes, lockdes, fd2; @@ -178,7 +200,7 @@ writefile(time_t runtimer, char queue) * Install the signal handler for SIGINT; terminate after removing the * spool file if necessary */ - memset(&act, 0, sizeof act); + bzero(&act, sizeof act); act.sa_handler = sigc; sigemptyset(&act.sa_mask); act.sa_flags = 0; @@ -186,23 +208,27 @@ writefile(time_t runtimer, char queue) PRIV_START; + if ((lockdes = open(AT_DIR, O_RDONLY, 0)) < 0) + perr("Cannot open jobs dir"); + /* * Lock the jobs dir so we don't have to worry about someone * else grabbing a file name out from under us. * Set an alarm so we don't sleep forever waiting on the lock. * If we don't succeed with ALARMC seconds, something is wrong... */ - memset(&act, 0, sizeof act); + bzero(&act, sizeof act); act.sa_handler = alarmc; sigemptyset(&act.sa_mask); - act.sa_flags = 0; +#ifdef SA_INTERRUPT + act.sa_flags = SA_INTERRUPT; +#endif sigaction(SIGALRM, &act, NULL); alarm(ALARMC); - lockdes = open(_PATH_ATJOBS, O_RDONLY|O_EXLOCK, 0); + ch = flock(lockdes, LOCK_EX); alarm(0); - - if (lockdes < 0) - perr("Cannot lock jobs dir"); + if (ch != 0) + panic("Unable to lock jobs dir"); /* * Create the file. The x bit is only going to be set after it has @@ -243,7 +269,7 @@ writefile(time_t runtimer, char queue) mailname = getenv("USER"); if ((mailname == NULL) || (mailname[0] == '\0') || - (strlen(mailname) > LOGNAMESIZE) || (getpwnam(mailname) == NULL)) { + (strlen(mailname) > MAX_UNAME) || (getpwnam(mailname) == NULL)) { pass_entry = getpwuid(real_uid); if (pass_entry != NULL) mailname = pass_entry->pw_name; @@ -268,7 +294,7 @@ writefile(time_t runtimer, char queue) perr("Cannot open input file"); } (void)fprintf(fp, "#!/bin/sh\n# atrun uid=%ld gid=%ld\n# mail %*s %d\n", - (long)real_uid, (long)real_gid, LOGNAMESIZE, mailname, send_mail); + (long)real_uid, (long)real_gid, MAX_UNAME, mailname, send_mail); /* Write out the umask at the time of invocation */ (void)fprintf(fp, "umask %o\n", cmask); @@ -329,10 +355,8 @@ writefile(time_t runtimer, char queue) * Cd to the directory at the time and write out all the * commands the user supplies from stdin. */ - if ((ap = getcwd(path, sizeof(path))) == NULL) - perr("Cannot get current working directory"); (void)fputs("cd ", fp); - for (; *ap != '\0'; ap++) { + for (ap = cwd; *ap != '\0'; ap++) { if (*ap == '\n') fprintf(fp, "\"\n\""); else { @@ -377,12 +401,14 @@ writefile(time_t runtimer, char queue) (void)close(fd2); /* Poke cron so it knows to reload the at spool. */ - poke_daemon(); + PRIV_START; + poke_daemon(AT_DIR, RELOAD_AT); + PRIV_END; runtime = *localtime(&runtimer); strftime(timestr, TIMESIZE, "%a %b %e %T %Y", &runtime); (void)fprintf(stderr, "commands will be executed using %s\n", shell); - (void)fprintf(stderr, "job %s at %s\n", &atfile[sizeof(_PATH_ATJOBS)], + (void)fprintf(stderr, "job %s at %s\n", &atfile[sizeof(AT_DIR)], timestr); } @@ -440,7 +466,7 @@ print_job(struct atjob *job, int n, struct stat *st, int shortformat) /* * List all of a user's jobs in the queue, by looping through - * _PATH_ATJOBS, or all jobs if we are root. If argc is > 0, argv + * AT_DIR, or all jobs if we are root. If argc is > 0, argv * contains the list of users whose jobs shall be displayed. By * default, the list is sorted by execution date and queue. If * csort is non-zero jobs will be sorted by creation/submission date. @@ -461,34 +487,32 @@ list_jobs(int argc, char **argv, int count_only, int csort) if (argc) { if ((uids = malloc(sizeof(uid_t) * argc)) == NULL) - err(EXIT_FAILURE, "malloc"); + panic("Insufficient virtual memory"); for (i = 0; i < argc; i++) { if ((pw = getpwnam(argv[i])) == NULL) - errx(EXIT_FAILURE, - "%s: invalid user name", argv[i]); + panic2(argv[i], ": invalid user name"); if (pw->pw_uid != real_uid && real_uid != 0) - errx(EXIT_FAILURE, "Only the superuser may " - "display other users' jobs"); + panic("Only the superuser may display other users' jobs"); uids[i] = pw->pw_uid; } } else uids = NULL; - shortformat = strcmp(__progname, "at") == 0; + shortformat = strcmp(ProgramName, "at") == 0; PRIV_START; - if (chdir(_PATH_ATJOBS) != 0) - perr2("Cannot change to ", _PATH_ATJOBS); + if (chdir(AT_DIR) != 0) + perr2("Cannot change to ", AT_DIR); if ((spool = opendir(".")) == NULL) - perr2("Cannot open ", _PATH_ATJOBS); + perr2("Cannot open ", AT_DIR); PRIV_END; - if (fstat(dirfd(spool), &stbuf) != 0) - perr2("Cannot stat ", _PATH_ATJOBS); + if (fstat(spool->dd_fd, &stbuf) != 0) + perr2("Cannot stat ", AT_DIR); /* * The directory's link count should give us a good idea @@ -499,14 +523,14 @@ list_jobs(int argc, char **argv, int count_only, int csort) maxjobs = stbuf.st_nlink + 4; atjobs = (struct atjob **)malloc(maxjobs * sizeof(struct atjob *)); if (atjobs == NULL) - err(EXIT_FAILURE, "malloc"); + panic("Insufficient virtual memory"); /* Loop over every file in the directory. */ while ((dirent = readdir(spool)) != NULL) { PRIV_START; if (stat(dirent->d_name, &stbuf) != 0) - perr2("Cannot stat in ", _PATH_ATJOBS); + perr2("Cannot stat in ", AT_DIR); PRIV_END; @@ -546,15 +570,15 @@ list_jobs(int argc, char **argv, int count_only, int csort) job = (struct atjob *)malloc(sizeof(struct atjob)); if (job == NULL) - err(EXIT_FAILURE, "malloc"); + panic("Insufficient virtual memory"); job->runtimer = runtimer; job->ctime = stbuf.st_ctime; job->queue = queue; if (numjobs == maxjobs) { - maxjobs *= 2; - atjobs = realloc(atjobs, maxjobs * sizeof(struct atjob *)); - if (atjobs == NULL) - err(EXIT_FAILURE, "realloc"); + maxjobs *= 2; + atjobs = realloc(atjobs, maxjobs * sizeof(job)); + if (atjobs == NULL) + panic("Insufficient virtual memory"); } atjobs[numjobs++] = job; } @@ -597,7 +621,7 @@ rmok(int job) } /* - * Loop through all jobs in _PATH_ATJOBS and display or delete ones + * Loop through all jobs in AT_DIR and display or delete ones * that match argv (may be job or username), or all if argc == 0. * Only the superuser may display/delete other people's jobs. */ @@ -618,11 +642,11 @@ process_jobs(int argc, char **argv, int what) PRIV_START; - if (chdir(_PATH_ATJOBS) != 0) - perr2("Cannot change to ", _PATH_ATJOBS); + if (chdir(AT_DIR) != 0) + perr2("Cannot change to ", AT_DIR); if ((spool = opendir(".")) == NULL) - perr2("Cannot open ", _PATH_ATJOBS); + perr2("Cannot open ", AT_DIR); PRIV_END; @@ -633,7 +657,7 @@ process_jobs(int argc, char **argv, int what) if (argc > 0) { if ((jobs = malloc(sizeof(char *) * argc)) == NULL || (uids = malloc(sizeof(uid_t) * argc)) == NULL) - err(EXIT_FAILURE, "malloc"); + panic("Insufficient virtual memory"); for (i = 0; i < argc; i++) { l = strtol(argv[i], &ep, 10); @@ -641,15 +665,16 @@ process_jobs(int argc, char **argv, int what) *(ep + 2) == '\0' && l > 0 && l < INT_MAX) jobs[jobs_len++] = argv[i]; else if ((pw = getpwnam(argv[i])) != NULL) { - if (real_uid != pw->pw_uid && real_uid != 0) - errx(EXIT_FAILURE, - "Only the superuser may %s" - " other users' jobs", what == ATRM - ? "remove" : "print"); + if (real_uid != pw->pw_uid && real_uid != 0) { + fprintf(stderr, "%s: Only the superuser" + " may %s other users' jobs", + ProgramName, what == ATRM + ? "remove" : "view"); + exit(ERROR_EXIT); + } uids[uids_len++] = pw->pw_uid; } else - errx(EXIT_FAILURE, - "%s: invalid user name", argv[i]); + panic2(argv[i], ": invalid user name"); } } @@ -659,7 +684,7 @@ process_jobs(int argc, char **argv, int what) PRIV_START; if (stat(dirent->d_name, &stbuf) != 0) - perr2("Cannot stat in ", _PATH_ATJOBS); + perr2("Cannot stat in ", AT_DIR); PRIV_END; if (stbuf.st_uid != real_uid && real_uid != 0) @@ -676,8 +701,7 @@ process_jobs(int argc, char **argv, int what) job_matches = (argc == 0) ? 1 : 0; if (!job_matches) { for (i = 0; i < jobs_len; i++) { - if (jobs[i] != NULL && - strcmp(dirent->d_name, jobs[i]) == 0) { + if (strcmp(dirent->d_name, jobs[i]) == 0) { jobs[i] = NULL; job_matches = 1; break; @@ -730,9 +754,7 @@ process_jobs(int argc, char **argv, int what) break; default: - errx(EXIT_FAILURE, - "Internal error, process_jobs = %d", - what); + panic("Internal error"); break; } } @@ -740,7 +762,8 @@ process_jobs(int argc, char **argv, int what) for (error = 0, i = 0; i < jobs_len; i++) { if (jobs[i] != NULL) { if (!force) - warnx("%s: no such job", jobs[i]); + fprintf(stderr, "%s: %s: no such job", + ProgramName, jobs[i]); error++; } } @@ -748,8 +771,14 @@ process_jobs(int argc, char **argv, int what) free(uids); /* If we modied the spool, poke cron so it knows to reload. */ - if (changed) - poke_daemon(); + if (changed) { + PRIV_START; + if (chdir(CRONDIR) != 0) + perror(CRONDIR); + else + poke_daemon(AT_DIR, RELOAD_AT); + PRIV_END; + } return (error); } @@ -823,39 +852,55 @@ ttime(const char *arg) "[[CC]YY]MMDDhhmm[.SS]"); } -#define RELOAD_AT 0x4 /* XXX - from cron's macros.h */ +static int +check_permission(void) +{ + int ok; + uid_t uid = geteuid(); + struct passwd *pw; -/* XXX - share with crontab */ -static void -poke_daemon() { - int sock, flags; - unsigned char poke; - struct sockaddr_un sun; + if ((pw = getpwuid(uid)) == NULL) { + perror("Cannot access password database"); + exit(ERROR_EXIT); + } PRIV_START; - if (utime(_PATH_ATJOBS, NULL) < 0) { - warn("can't update mtime on %s", _PATH_ATJOBS); - PRIV_END; - return; - } - - /* Failure to poke the daemon socket is not a fatal error. */ - (void) signal(SIGPIPE, SIG_IGN); - strlcpy(sun.sun_path, CRONDIR "/" SPOOL_DIR "/" CRONSOCK, - sizeof(sun.sun_path)); - sun.sun_family = AF_UNIX; - sun.sun_len = SUN_LEN(&sun); - if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) >= 0 && - connect(sock, (struct sockaddr *)&sun, sizeof(sun)) == 0) { - poke = RELOAD_AT; - write(sock, &poke, 1); - close(sock); - } else - fprintf(stderr, "Warning, cron does not appear to be running.\n"); - (void) signal(SIGPIPE, SIG_DFL); + ok = allowed(pw->pw_name, AT_ALLOW, AT_DENY); PRIV_END; + + return (ok); +} + +static void +usage(void) +{ + /* Print usage and exit. */ + switch (program) { + case AT: + case CAT: + (void)fprintf(stderr, + "usage: at [-bm] [-f file] [-q queue] -t time_arg\n" + " at [-bm] [-f file] [-q queue] timespec\n" + " at -c job [job ...]\n" + " at -l [-q queue] [job ...]\n" + " at -r job [job ...]\n"); + break; + case ATQ: + (void)fprintf(stderr, + "usage: atq [-cnv] [-q queue] [name...]\n"); + break; + case ATRM: + (void)fprintf(stderr, + "usage: atrm [-afi] [[job] [name] ...]\n"); + break; + case BATCH: + (void)fprintf(stderr, + "usage: batch [-m] [-f file] [-q queue] [timespec]\n"); + break; + } + exit(ERROR_EXIT); } int @@ -865,21 +910,27 @@ main(int argc, char **argv) char queue = DEFAULT_AT_QUEUE; char queue_set = 0; char *options = "q:f:t:bcdlmrv"; /* default options for at */ + char cwd[MAX_FNAME]; int ch; int aflag = 0; int cflag = 0; int nflag = 0; + if ((ProgramName = strrchr(argv[0], '/')) != NULL) + ProgramName++; + else + ProgramName = argv[0]; + RELINQUISH_PRIVS; /* find out what this program is supposed to do */ - if (strcmp(__progname, "atq") == 0) { + if (strcmp(ProgramName, "atq") == 0) { program = ATQ; options = "cnvq:"; - } else if (strcmp(__progname, "atrm") == 0) { + } else if (strcmp(ProgramName, "atrm") == 0) { program = ATRM; options = "afi"; - } else if (strcmp(__progname, "batch") == 0) { + } else if (strcmp(ProgramName, "batch") == 0) { program = BATCH; options = "f:q:mv"; } @@ -969,9 +1020,13 @@ main(int argc, char **argv) argc -= optind; argv += optind; + if (getcwd(cwd, sizeof(cwd)) == NULL) + perr("Cannot get current working directory"); + + set_cron_cwd(); + if (!check_permission()) - errx(EXIT_FAILURE, "You do not have permission to use %s.", - __progname); + panic("You do not have permission to use at."); /* select our program */ switch (program) { @@ -988,9 +1043,13 @@ main(int argc, char **argv) case AT: /* Time may have been specified via the -t flag. */ - if (timer == -1) - timer = parsetime(argc, argv); - writefile(timer, queue); + if (timer == -1) { + if (argc == 0) + usage(); + else if ((timer = parsetime(argc, argv)) == -1) + exit(ERROR_EXIT); + } + writefile(cwd, timer, queue); break; case BATCH: @@ -999,17 +1058,17 @@ main(int argc, char **argv) else queue = DEFAULT_BATCH_QUEUE; - if (argc > 0) - timer = parsetime(argc, argv); - else + if (argc == 0) timer = time(NULL); + else if ((timer = parsetime(argc, argv)) == -1) + exit(ERROR_EXIT); - writefile(timer, queue); + writefile(cwd, timer, queue); break; default: panic("Internal error"); break; } - exit(EXIT_SUCCESS); + exit(OK_EXIT); } diff --git a/usr.bin/at/at.h b/usr.bin/at/at.h index 121157ac42b..80b8bd82257 100644 --- a/usr.bin/at/at.h +++ b/usr.bin/at/at.h @@ -1,5 +1,4 @@ -/* $OpenBSD: at.h,v 1.7 2002/05/14 18:05:39 millert Exp $ */ -/* $NetBSD: at.h,v 1.2 1995/03/25 18:13:32 glass Exp $ */ +/* $OpenBSD: at.h,v 1.8 2003/02/20 20:38:08 millert Exp $ */ /* * at.h - header for at(1) @@ -27,7 +26,6 @@ */ extern int fcreated; -extern char *__progname; extern int program; extern char atfile[]; extern char vflag; @@ -42,7 +40,5 @@ struct atjob { char queue; }; -#define AT_MAXJOBS 255 /* max jobs outstanding per user */ - #define DEFAULT_BATCH_QUEUE 'E' #define DEFAULT_AT_QUEUE 'c' diff --git a/usr.bin/at/panic.c b/usr.bin/at/panic.c deleted file mode 100644 index e9e2c635b17..00000000000 --- a/usr.bin/at/panic.c +++ /dev/null @@ -1,114 +0,0 @@ -/* $OpenBSD: panic.c,v 1.10 2002/05/14 18:05:39 millert Exp $ */ -/* $NetBSD: panic.c,v 1.2 1995/03/25 18:13:33 glass Exp $ */ - -/* - * panic.c - terminate fast in case of error - * Copyright (c) 1993 by Thomas Koenig - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. The name of the author(s) may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <unistd.h> - -#include "at.h" -#include "panic.h" -#include "privs.h" - -#ifndef lint -static const char rcsid[] = "$OpenBSD: panic.c,v 1.10 2002/05/14 18:05:39 millert Exp $"; -#endif - -/* - * Something fatal has happened, print error message and exit. - */ -__dead void -panic(const char *a) -{ - (void)fprintf(stderr, "%s: %s\n", __progname, a); - if (fcreated) { - PRIV_START; - unlink(atfile); - PRIV_END; - } - - exit(EXIT_FAILURE); -} - -/* - * Some operating system error; print error message and exit. - */ -__dead void -perr(const char *a) -{ - if (!force) - perror(a); - if (fcreated) { - PRIV_START; - unlink(atfile); - PRIV_END; - } - - exit(EXIT_FAILURE); -} - -/* - * Two-parameter version of perr(). - */ -__dead void -perr2(const char *a, const char *b) -{ - if (!force) - (void)fputs(a, stderr); - perr(b); -} - -__dead void -usage(void) -{ - /* Print usage and exit. */ - switch (program) { - case AT: - case CAT: - (void)fprintf(stderr, - "usage: at [-bm] [-f file] [-q queue] -t time_arg\n" - " at [-bm] [-f file] [-q queue] timespec\n" - " at -c job [job ...]\n" - " at -l [-q queue] [job ...]\n" - " at -r job [job ...]\n"); - break; - case ATQ: - (void)fprintf(stderr, - "usage: atq [-cnv] [-q queue] [name...]\n"); - break; - case ATRM: - (void)fprintf(stderr, - "usage: atrm [-afi] [[job] [name] ...]\n"); - break; - case BATCH: - (void)fprintf(stderr, - "usage: batch [-m] [-f file] [-q queue] [timespec]\n"); - break; - } - exit(EXIT_FAILURE); -} diff --git a/usr.bin/at/panic.h b/usr.bin/at/panic.h deleted file mode 100644 index 725f0feaea5..00000000000 --- a/usr.bin/at/panic.h +++ /dev/null @@ -1,32 +0,0 @@ -/* $OpenBSD: panic.h,v 1.6 2002/05/11 23:16:44 millert Exp $ */ -/* $NetBSD: panic.h,v 1.2 1995/03/25 18:13:35 glass Exp $ */ - -/* - * panic.h - header for at(1) - * Copyright (c) 1993 Thomas Koenig - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. The name of the author(s) may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -__dead void panic(const char *); -__dead void perr(const char *); -__dead void perr2(const char *, const char *); -__dead void usage(void); diff --git a/usr.bin/at/parsetime.c b/usr.bin/at/parsetime.c index f2d734666bd..0ef2db668fa 100644 --- a/usr.bin/at/parsetime.c +++ b/usr.bin/at/parsetime.c @@ -1,5 +1,4 @@ -/* $OpenBSD: parsetime.c,v 1.12 2002/06/14 21:35:00 todd Exp $ */ -/* $NetBSD: parsetime.c,v 1.3 1995/03/25 18:13:36 glass Exp $ */ +/* $OpenBSD: parsetime.c,v 1.13 2003/02/20 20:38:08 millert Exp $ */ /* * parsetime.c - parse time for at(1) @@ -37,7 +36,6 @@ */ #include <sys/types.h> -#include <err.h> #include <errno.h> #include <ctype.h> #include <stdio.h> @@ -47,9 +45,8 @@ #include <tzfile.h> #include <unistd.h> +#include "globals.h" #include "at.h" -#include "panic.h" - /* Structures and unions */ @@ -144,7 +141,7 @@ static int sc_tokid; /* scanner - token id */ static int sc_tokplur; /* scanner - is token plural? */ #ifndef lint -static const char rcsid[] = "$OpenBSD: parsetime.c,v 1.12 2002/06/14 21:35:00 todd Exp $"; +static const char rcsid[] = "$OpenBSD: parsetime.c,v 1.13 2003/02/20 20:38:08 millert Exp $"; #endif /* @@ -170,7 +167,7 @@ parse_token(char *arg) /* * init_scanner() sets up the scanner to eat arguments */ -static void +static int init_scanner(int argc, char **argv) { scp = argv; @@ -180,8 +177,12 @@ init_scanner(int argc, char **argv) while (argc-- > 0) sc_len += strlen(*argv++); - if ((sc_token = (char *) malloc(sc_len)) == NULL) - panic("Insufficient virtual memory"); + if ((sc_token = (char *) malloc(sc_len)) == NULL) { + fprintf(stderr, "%s: Insufficient virtual memory\n", + ProgramName); + return (-1); + } + return (0); } /* @@ -193,7 +194,7 @@ token(void) int idx; for (;;) { - (void)memset(sc_token, 0, sc_len); + bzero(sc_token, sc_len); sc_tokid = EOF; sc_tokplur = 0; idx = 0; @@ -260,18 +261,22 @@ token(void) static void plonk(int tok) { - panic((tok == EOF) ? "incomplete time" : "garbled time"); + fprintf(stderr, "%s: %s time\n", ProgramName, + (tok == EOF) ? "incomplete" : "garbled"); } /* - * expect() gets a token and dies most horribly if it's not the token we want + * expect() gets a token and returns -1 if it's not the token we want */ -static void +static int expect(int desired) { - if (token() != desired) - plonk(sc_tokid); /* and we die here... */ + if (token() != desired) { + plonk(sc_tokid); + return (-1); + } + return (0); } @@ -321,13 +326,14 @@ dateadd(int minutes, struct tm *tm) * at [NOW] PLUS NUMBER [MINUTES|HOURS|DAYS|WEEKS] * */ -static void +static int plus(struct tm *tm) { int delay; int expectplur; - expect(NUMBER); + if (expect(NUMBER) != 0) + return (-1); delay = atoi(sc_token); expectplur = (delay != 1) ? 1 : 0; @@ -341,12 +347,14 @@ plus(struct tm *tm) delay *= 60; case MINUTES: if (expectplur != sc_tokplur) - warnx("pluralization is wrong"); + fprintf(stderr, "%s: pluralization is wrong\n", + ProgramName); dateadd(delay, tm); - return; + return (0); } plonk(sc_tokid); + return (-1); } @@ -354,7 +362,7 @@ plus(struct tm *tm) * tod() computes the time of day * [NUMBER [DOT NUMBER] [AM|PM]] */ -static void +static int tod(struct tm *tm) { int hour, minute = 0; @@ -368,15 +376,16 @@ tod(struct tm *tm) * a HHMM time, otherwise it's HH DOT MM time */ if (token() == DOT) { - expect(NUMBER); + if (expect(NUMBER) != 0) + return (-1); minute = atoi(sc_token); if (minute > 59) - panic("garbled time"); + goto bad; token(); } else if (tlen == 4) { minute = hour % 100; if (minute > 59) - panic("garbled time"); + goto bad; hour = hour / 100; } @@ -385,7 +394,7 @@ tod(struct tm *tm) */ if (sc_tokid == AM || sc_tokid == PM) { if (hour > 12) - panic("garbled time"); + goto bad; if (sc_tokid == PM) { if (hour != 12) /* 12:xx PM is 12:xx, not 24:xx */ @@ -396,7 +405,7 @@ tod(struct tm *tm) } token(); } else if (hour > 23) - panic("garbled time"); + goto bad; /* * if we specify an absolute time, we don't want to bump the day even @@ -414,6 +423,10 @@ tod(struct tm *tm) tm->tm_hour = 0; tm->tm_mday++; } + return (0); +bad: + fprintf(stderr, "%s: garbled time\n", ProgramName); + return (-1); } @@ -463,7 +476,7 @@ assign_date(struct tm *tm, int mday, int mon, int year) * |NUMBER [SLASH NUMBER [SLASH NUMBER]]| * \PLUS NUMBER MINUTES|HOURS|DAYS|WEEKS/ */ -static void +static int month(struct tm *tm) { int year = (-1); @@ -472,7 +485,8 @@ month(struct tm *tm) switch (sc_tokid) { case PLUS: - plus(tm); + if (plus(tm) != 0) + return (-1); break; case TOMORROW: @@ -490,7 +504,8 @@ month(struct tm *tm) * do month mday [year] */ mon = sc_tokid - JAN; - expect(NUMBER); + if (expect(NUMBER) != 0) + return (-1); mday = atoi(sc_token); if (token() == NUMBER) { year = atoi(sc_token); @@ -530,10 +545,12 @@ month(struct tm *tm) int sep; sep = sc_tokid; - expect(NUMBER); + if (expect(NUMBER) != 0) + return (-1); mday = atoi(sc_token); if (token() == sep) { - expect(NUMBER); + if (expect(NUMBER) != 0) + return (-1); year = atoi(sc_token); token(); } @@ -557,15 +574,19 @@ month(struct tm *tm) mday = mon % 100; mon /= 100; } else - panic("garbled time"); + goto bad; mon--; if (mon < 0 || mon > 11 || mday < 1 || mday > 31) - panic("garbled time"); + goto bad; assign_date(tm, mday, mon, year); break; - } /* case */ + } + return (0); +bad: + fprintf(stderr, "%s: garbled time\n", ProgramName); + return (-1); } @@ -581,6 +602,9 @@ parsetime(int argc, char **argv) int hr = 0; /* this MUST be initialized to zero for midnight/noon/teatime */ + if (argc == 0) + return (-1); + nowtimer = time(NULL); nowtime = *localtime(&nowtimer); @@ -588,10 +612,8 @@ parsetime(int argc, char **argv) runtime.tm_sec = 0; runtime.tm_isdst = 0; - if (argc == 0) - usage(); - - init_scanner(argc, argv); + if (init_scanner(argc, argv) == -1) + return (-1); switch (token()) { case NOW: /* now is optional prefix for PLUS tree */ @@ -603,12 +625,13 @@ parsetime(int argc, char **argv) else if (sc_tokid != PLUS) plonk(sc_tokid); case PLUS: - plus(&runtime); + if (plus(&runtime) != 0) + return (-1); break; case NUMBER: - tod(&runtime); - month(&runtime); + if (tod(&runtime) != 0 || month(&runtime) != 0) + return (-1); break; /* @@ -633,10 +656,12 @@ parsetime(int argc, char **argv) token(); /* fall through to month setting */ default: - month(&runtime); + if (month(&runtime) != 0) + return (-1); break; } /* ugly case statement */ - expect(EOF); + if (expect(EOF) != 0) + return (-1); /* * adjust for daylight savings time @@ -648,11 +673,16 @@ parsetime(int argc, char **argv) runtimer = mktime(&runtime); } - if (runtimer < 0) - panic("garbled time"); + if (runtimer < 0) { + fprintf(stderr, "%s: garbled time\n", ProgramName); + return (-1); + } - if (nowtimer > runtimer) - panic("Trying to travel back in time"); + if (nowtimer > runtimer) { + fprintf(stderr, "%s: Trying to travel back in time\n", + ProgramName); + return (-1); + } return (runtimer); } diff --git a/usr.bin/at/parsetime.h b/usr.bin/at/parsetime.h deleted file mode 100644 index bca21610240..00000000000 --- a/usr.bin/at/parsetime.h +++ /dev/null @@ -1,30 +0,0 @@ -/* $OpenBSD: parsetime.h,v 1.4 2002/02/16 21:27:44 millert Exp $ */ -/* $NetBSD: parsetime.h,v 1.2 1995/03/25 18:13:37 glass Exp $ */ - -/* - * parsetime.h - header for at(1) - * Copyright (c) 1993 Thomas Koenig - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. The name of the author(s) may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -time_t parsetime(int, char **); diff --git a/usr.bin/at/perm.c b/usr.bin/at/perm.c deleted file mode 100644 index 6ff4eabfe5a..00000000000 --- a/usr.bin/at/perm.c +++ /dev/null @@ -1,108 +0,0 @@ -/* $OpenBSD: perm.c,v 1.4 2002/05/14 18:05:39 millert Exp $ */ - -/* - * perm.c - check user permission for at(1) - * Copyright (C) 1994 Thomas Koenig - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. The name of the author(s) may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#include <sys/types.h> -#include <errno.h> -#include <pwd.h> -#include <stddef.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <unistd.h> - -#include "at.h" -#include "panic.h" -#include "pathnames.h" -#include "privs.h" - -#ifndef lint -static const char rcsid[] = "$OpenBSD: perm.c,v 1.4 2002/05/14 18:05:39 millert Exp $"; -#endif - -static int check_for_user(FILE *, const char *); - - -static int -check_for_user(FILE *fp, const char *name) -{ - char *buffer; - size_t len; - int found = 0; - - len = strlen(name); - if ((buffer = malloc(len + 2)) == NULL) - panic("Insufficient virtual memory"); - - while (fgets(buffer, len + 2, fp) != NULL) { - if (strncmp(name, buffer, len) == 0 && buffer[len] == '\n') { - found = 1; - break; - } - } - (void)fclose(fp); - free(buffer); - return (found); -} - - -int -check_permission(void) -{ - FILE *fp; - uid_t uid = geteuid(); - struct passwd *pentry; - - if (uid==0) - return 1; - - if ((pentry = getpwuid(uid)) == NULL) { - perror("Cannot access password database"); - exit(EXIT_FAILURE); - } - - PRIV_START; - - fp = fopen(_PATH_AT_ALLOW, "r"); - - PRIV_END; - - if (fp != NULL) { - return (check_for_user(fp, pentry->pw_name)); - } else { - PRIV_START; - - fp = fopen(_PATH_AT_DENY, "r"); - - PRIV_END; - - if (fp != NULL) - return (!check_for_user(fp, pentry->pw_name)); - else - perror(_PATH_AT_DENY); - } - return (0); -} diff --git a/usr.bin/at/perm.h b/usr.bin/at/perm.h deleted file mode 100644 index 3b0f76fe566..00000000000 --- a/usr.bin/at/perm.h +++ /dev/null @@ -1,28 +0,0 @@ -/* $OpenBSD: perm.h,v 1.3 2002/02/16 21:27:44 millert Exp $ */ - -/* - * perm.h - header for at(1) - * Copyright (C) 1994 Thomas Koenig - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. The name of the author(s) may not be used to endorse or promote - * products derived from this software without specific prior written - * permission. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -int check_permission(void); diff --git a/usr.bin/at/privs.h b/usr.bin/at/privs.h index 2485e244cd2..ee3612c9507 100644 --- a/usr.bin/at/privs.h +++ b/usr.bin/at/privs.h @@ -1,5 +1,4 @@ -/* $OpenBSD: privs.h,v 1.6 2002/06/04 00:13:54 deraadt Exp $ */ -/* $NetBSD: privs.h,v 1.3 1995/03/25 18:13:41 glass Exp $ */ +/* $OpenBSD: privs.h,v 1.7 2003/02/20 20:38:08 millert Exp $ */ /* * privs.h - header for privileged operations @@ -33,7 +32,8 @@ /* Relinquish privileges temporarily for a setuid or setgid program * with the option of getting them back later. This is done by - * utilizing POSIX saved user and groups ids. Call RELINQUISH_PRIVS once + * utilizing POSIX saved user and groups ids (or setreuid amd setregid if + * POSIX saved ids are not available). Call RELINQUISH_PRIVS once * at the beginning of the main program. This will cause all operatons * to be executed with the real userid. When you need the privileges * of the setuid/setgid invocation, call PRIV_START; when you no longer @@ -56,16 +56,18 @@ * to the real userid before calling any of them. */ -#ifndef MAIN +#ifndef MAIN_PROGRAM extern #endif uid_t real_uid, effective_uid; -#ifndef MAIN +#ifndef MAIN_PROGRAM extern #endif gid_t real_gid, effective_gid; +#ifdef HAVE_SAVED_UIDS + #define RELINQUISH_PRIVS do { \ real_uid = getuid(); \ effective_uid = geteuid(); \ @@ -94,4 +96,36 @@ gid_t real_gid, effective_gid; seteuid(real_uid); \ } while (0) +#else /* HAVE_SAVED_UIDS */ + +#define RELINQUISH_PRIVS do { \ + real_uid = getuid(); \ + effective_uid = geteuid(); \ + real_gid = getgid(); \ + effective_gid = getegid(); \ + setregid(effective_gid, real_gid); \ + setreuid(effective_uid, real_uid); \ +} while (0) + +#define RELINQUISH_PRIVS_ROOT(a, b) do { \ + real_uid = (a); \ + effective_uid = geteuid(); \ + real_gid = (b); \ + effective_gid = getegid(); \ + setregid(effective_gid, real_gid); \ + setreuid(effective_uid, real_uid); \ +} while (0) + +#define PRIV_START do { \ + setreuid(real_uid, effective_uid); \ + setregid(real_gid, effective_gid); \ +} while (0) + +#define PRIV_END do { \ + setregid(effective_gid, real_gid); \ + setreuid(effective_uid, real_uid); \ +} while (0) + +#endif /* HAVE_SAVED_UIDS */ + #endif /* _PRIVS_H */ |