| Age | Commit message (Collapse) | Author |
|---|
|
Only a single white space character was consumed, we should be
consuming all white space between fields. This change makes things
consistent with how lines without a username are parsed.
OK deraadt@ sthen@
|
|
The bit_nset() macro was being called with the high value one too
large for the special strings. There is no security impact due to
the layout of the bit strings but this was somewhat lucky. This
introduces a set_range() function that performs range checks before
calling bit_nset().
|
|
|
|
The bounds are checked for normal ranges in set_element() but in
the case of random ranges this is too late. As a result, a random
range with an invalid high/low bounds would only result in a syntax
error if the randomized value was out of bounds. This means the
entry would be "randomly" rejected by cron or crontab. OK kn@
|
|
A bug in the parsing of the optional number after the '~' in a
random range prevented proper syntax checking. OK kn@
|
|
This extends the random range syntax to support step values. Instead
of choosing a random number between the high and low values, the
field is treated as a range with a random offset less than the step
value. This can be used to avoid thundering herd problems where
multiple machines contact a server all at the same time via cron jobs.
The syntax is similar to the existing range/step syntax but uses a
random range. For example, instead of "0-59/10" in the minutes
field, "0~59/10" can be used to run a command every 10 minutes where
the first command starts at a random offset in the range [0,9].
The high and low numbers are optional, "~/10" can be used instead.
Requested by job@, OK phessler@
|
|
This fixes a bug introduced in rev 1.86 where if the second seteuid()
call failed, a temporary file would be left in the spool directory.
|
|
any parts of his diff not taken are noted on tech
|
|
Also clear the entire timeout if the remaining time becomes negative
instead of just clearing tv_sec or tv_nsec. OK cheloha@.
|
|
By default cron runs as a daemon, with stderr redirected to /dev/null.
Better not exit silently, as spotted by sthen@, danj@, "wxallowed" on
irc/libera and myself. There probably is a bug lurking in ppoll(2)
usage or in the syscall implementation.
ok millert@
|
|
ok millert
|
|
apostrophe.
|
|
|
|
3rd (variadic) mode_t parameter is irrelevant. Many developers in the past
have passed mode_t (0, 044, 0644, or such), which might lead future people
to copy this broken idiom, and perhaps even believe this parameter has some
meaning or implication or application. Delete them all.
This comes out of a conversation where tb@ noticed that a strange (but
intentional) pledge behaviour is to always knock-out high-bits from
mode_t on a number of system calls as a safety factor, and his bewilderment
that this appeared to be happening against valid modes (at least visually),
but no sorry, they are all irrelevant junk. They could all be 0xdeafbeef.
ok millert
|
|
ok millert
|
|
options field was difficult to describe concisely;
- tweak wording accordingly
- sort flags
- condense STANDARDS to avoid text repitition, as suggested by deraadt
- document flags may be combined, now deraadt fixed the parsing
ok millert deraadt
|
|
-ns are now possible, as well as (useless) repetition like -nnn.
ok millert
|
|
We want to log when the job is added but will not be run, not every
time the run queue is processed.
|
|
field before command, rather than muddling up the command description to
explain them messily as some sort of exception
ok millert
|
|
This adds a new "-s" flag to the command field which indicates that
only a single instance of the job should run concurrenty.
OK beck@ job@ deraadt@
|
|
For example "0~30" will result in a random value between 0 and 30
inclusive. If either (or both) of the numbers on either side of
the '~' are omitted, the appropriate limit (low or high) for the
field will be used. OK deraadt@ beck@ jmc@
|
|
are actually locale-dependent on OpenBSD, and the programs should better
not be locale-dependent even when compiled on other systems.
millert@ points out that the month and weekday names in the fourth and
fifth columns of crontab(5) could in theory be made locale-dependent,
but we certainly don't want that, and currently, they are only compared
against static const char * arrays in entry.c containing English names.
Patch sent in by Jan Stary <hans at stare dot cz>.
OK millert@
|
|
OK Ingo Schwarze
|
|
|
|
GID_MAX-1 for good measure. OK deraadt@
|
|
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
|
|
ok deraadt@
|
|
|
|
|
|
|
|
OK jmc@ millert@
|
|
perform the fclose() in process_crontab(). Previously we were
closing the crontab fd twice--once in load_user() via fclose() and
once in process_crontab(). OK tb@
|
|
Not needed in theory, but could prevent accidental leaks. ok millert@
|
|
Fixes a failure at restart if a child process still has the socket
opened. Spotted by millert@, ok friehm@ millert@
|
|
ok jca@
|
|
|
|
a file when we scanned the at spool earlier.
|
|
by group crontab. The at(1) command now creates files owned by
group crontab, the crontab(1) command already does this.
Files in the crontab spool with parse errors are now ignored;
crontab(1) will not install a crontab file with parse errors.
The system crontab file (/etc/crontab) is not affected by this.
The required permissions on crontab files have been tightened.
Files in the cron spool must be mode 0600 (as created by crontab(1)).
The system crontab file may be readable/writable by the owner,
readable by group and readable by other. The system crontab must
be readable by the owner.
|
|
with openat(), fstatat() and unlinkat(). This is similar to how
we run cron jobs and eliminates the need for run_job() to find the
basename of the at file. OK deraadt@
|
|
group-writable, not after. Pointed out by Solar Designer.
|
|
Original patch from Wouter Clarie <wclarie at gmail com>,
tweaked in joint work with jca@,
OK millert@, OK jca@ on an earlier version.
|
|
|
|
stash a struct timespec, not just a time_t. Fixes a bug where cron
could skip re-reading the spool after two consecutive changes.
|
|
|
|
exec of shell + editor fails.
|
|
and/or syslog depending on whether stderr is hooked up at the time.
Also remove closelog() which is not needed since we are headed for exec.
OK guenther@
|
|
clearing it and then ORin in SA_RESTART.
|
|
"(username) WHAT (details)". Logs due to normal operation (e.g.
crontab operations or running commands) are logged at LOG_INFO like
before. Actual errors are logged at LOG_ERR, less important things
are logged at LOG_WARNING OR LOG_NOTICE. Also ignore SIGHUP now
that there is no log file to reopen.
|
