[unix-history] / usr.bin / crontab / crontab.c

/* Copyright 1988,1990,1993,1994 by Paul Vixie
 * All rights reserved
 *
 * Distribute freely, except: don't remove my name from the source or
 * documentation (don't take credit for my work), mark your changes (don't
 * get me blamed for your possible bugs), don't alter or remove this
 * notice.  May be sold if buildable source is provided to buyer.  No
 * warrantee of any kind, express or implied, is included with this
 * software; use at your own risk, responsibility for damages (if any) to
 * anyone resulting from the use of this software rests entirely with the
 * user.
 *
 * Send bug reports, bug fixes, enhancements, requests, flames, etc., and
 * I'll try to keep a version up to date.  I can be reached as follows:
 * Paul Vixie          <paul@vix.com>          uunet!decwrl!vixie!paul
 * From Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp
 */

#if !defined(lint) && !defined(LINT)
static char rcsid[] = "$Id: /home/cvs/386BSD/src/usr.bin/crontab/crontab.c,v 1.3 1994/01/27 19:06:16 nate Exp $";
#endif

/* crontab - install and manage per-user crontab files
 * vix 02may87 [RCS has the rest of the log]
 * vix 26jan87 [original]
 */


#define	MAIN_PROGRAM


#include "cron.h"
#include <errno.h>
#include <fcntl.h>
#include <sys/file.h>
#include <sys/stat.h>
#ifdef USE_UTIMES
# include <sys/time.h>
#else
# include <time.h>
# include <utime.h>
#endif
#if defined(POSIX)
# include <locale.h>
#endif


#define NHEADER_LINES 3


enum opt_t	{ opt_unknown, opt_list, opt_delete, opt_edit, opt_replace };

#if DEBUGGING
static char	*Options[] = { "???", "list", "delete", "edit", "replace" };
#endif


static	PID_T		Pid;
static	char		User[MAX_UNAME], RealUser[MAX_UNAME];
static	char		Filename[MAX_FNAME];
static	FILE		*NewCrontab;
static	int		CheckErrorCount;
static	enum opt_t	Option;
static	struct passwd	*pw;
static	void		list_cmd __P((void)),
			delete_cmd __P((void)),
			edit_cmd __P((void)),
			poke_daemon __P((void)),
			check_error __P((char *)),
			parse_args __P((int c, char *v[]));
static	int		replace_cmd __P((void));


static void
usage(msg)
	char *msg;
{
	fprintf(stderr, "%s: usage error: %s\n", ProgramName, msg);
	fprintf(stderr, "usage:\t%s [-u user] file\n", ProgramName);
	fprintf(stderr, "\t%s [-u user] { -e | -l | -r }\n", ProgramName);
	fprintf(stderr, "\t\t(default operation is replace, per 1003.2)\n");
	fprintf(stderr, "\t-e\t(edit user's crontab)\n");
	fprintf(stderr, "\t-l\t(list user's crontab)\n");
	fprintf(stderr, "\t-r\t(delete user's crontab)\n");
	exit(ERROR_EXIT);
}


int
main(argc, argv)
	int	argc;
	char	*argv[];
{
	int	exitstatus;

	Pid = getpid();
	ProgramName = argv[0];

#if defined(POSIX)
	setlocale(LC_ALL, "");
#endif

#if defined(BSD)
	setlinebuf(stderr);
#endif
	parse_args(argc, argv);		/* sets many globals, opens a file */
	set_cron_uid();
	set_cron_cwd();
	if (!allowed(User)) {
		fprintf(stderr,
			"You (%s) are not allowed to use this program (%s)\n",
			User, ProgramName);
		fprintf(stderr, "See crontab(1) for more information\n");
		log_it(RealUser, Pid, "AUTH", "crontab command not allowed");
		exit(ERROR_EXIT);
	}
	exitstatus = OK_EXIT;
	switch (Option) {
	case opt_list:		list_cmd();
				break;
	case opt_delete:	delete_cmd();
				break;
	case opt_edit:		edit_cmd();
				break;
	case opt_replace:	if (replace_cmd() < 0)
					exitstatus = ERROR_EXIT;
				break;
	}
	exit(0);
	/*NOTREACHED*/
}
	

static void
parse_args(argc, argv)
	int	argc;
	char	*argv[];
{
	int		argch;

	if (!(pw = getpwuid(getuid()))) {
		fprintf(stderr, "%s: your UID isn't in the passwd file.\n",
			ProgramName);
		fprintf(stderr, "bailing out.\n");
		exit(ERROR_EXIT);
	}
	strcpy(User, pw->pw_name);
	strcpy(RealUser, User);
	Filename[0] = '\0';
	Option = opt_unknown;
	while (EOF != (argch = getopt(argc, argv, "u:lerx:"))) {
		switch (argch) {
		case 'x':
			if (!set_debug_flags(optarg))
				usage("bad debug option");
			break;
		case 'u':
			if (getuid() != ROOT_UID)
			{
				fprintf(stderr,
					"must be privileged to use -u\n");
				exit(ERROR_EXIT);
			}
			if (!(pw = getpwnam(optarg)))
			{
				fprintf(stderr, "%s:  user `%s' unknown\n",
					ProgramName, optarg);
				exit(ERROR_EXIT);
			}
			(void) strcpy(User, optarg);
			break;
		case 'l':
			if (Option != opt_unknown)
				usage("only one operation permitted");
			Option = opt_list;
			break;
		case 'r':
			if (Option != opt_unknown)
				usage("only one operation permitted");
			Option = opt_delete;
			break;
		case 'e':
			if (Option != opt_unknown)
				usage("only one operation permitted");
			Option = opt_edit;
			break;
		default:
			usage("unrecognized option");
		}
	}

	endpwent();

	if (Option != opt_unknown) {
		if (argv[optind] != NULL) {
			usage("no arguments permitted after this option");
		}
	} else {
		if (argv[optind] != NULL) {
			Option = opt_replace;
			(void) strcpy (Filename, argv[optind]);
		} else {
			usage("file name must be specified for replace");
		}
	}

	if (Option == opt_replace) {
		/* we have to open the file here because we're going to
		 * chdir(2) into /var/cron before we get around to
		 * reading the file.
		 */
		if (!strcmp(Filename, "-")) {
			NewCrontab = stdin;
		} else {
			/* relinquish the setuid status of the binary during
			 * the open, lest nonroot users read files they should
			 * not be able to read.  we can't use access() here
			 * since there's a race condition.  thanks go out to
			 * Arnt Gulbrandsen <agulbra@pvv.unit.no> for spotting
			 * the race.
			 */

			if (swap_uids() < OK) {
				perror("swapping uids");
				exit(ERROR_EXIT);
			}
			if (!(NewCrontab = fopen(Filename, "r"))) {
				perror(Filename);
				exit(ERROR_EXIT);
			}
			if (swap_uids() < OK) {
				perror("swapping uids back");
				exit(ERROR_EXIT);
			}
		}
	}

	Debug(DMISC, ("user=%s, file=%s, option=%s\n",
		      User, Filename, Options[(int)Option]))
}


static void
list_cmd() {
	char	n[MAX_FNAME];
	FILE	*f;
	int	ch;

	log_it(RealUser, Pid, "LIST", User);
	(void) sprintf(n, CRON_TAB(User));
	if (!(f = fopen(n, "r"))) {
		if (errno == ENOENT)
			fprintf(stderr, "no crontab for %s\n", User);
		else
			perror(n);
		exit(ERROR_EXIT);
	}

	/* file is open. copy to stdout, close.
	 */
	Set_LineNum(1)
	while (EOF != (ch = get_char(f)))
		putchar(ch);
	fclose(f);
}


static void
delete_cmd() {
	char	n[MAX_FNAME];

	log_it(RealUser, Pid, "DELETE", User);
	(void) sprintf(n, CRON_TAB(User));
	if (unlink(n)) {
		if (errno == ENOENT)
			fprintf(stderr, "no crontab for %s\n", User);
		else
			perror(n);
		exit(ERROR_EXIT);
	}
	poke_daemon();
}


static void
check_error(msg)
	char	*msg;
{
	CheckErrorCount++;
	fprintf(stderr, "\"%s\":%d: %s\n", Filename, LineNumber-1, msg);
}


static void
edit_cmd() {
	char		n[MAX_FNAME], q[MAX_TEMPSTR], *editor;
	FILE		*f;
	int		ch, t, x;
	struct stat	statbuf;
	time_t		mtime;
	WAIT_T		waiter;
	PID_T		pid, xpid;

	log_it(RealUser, Pid, "BEGIN EDIT", User);
	(void) sprintf(n, CRON_TAB(User));
	if (!(f = fopen(n, "r"))) {
		if (errno != ENOENT) {
			perror(n);
			exit(ERROR_EXIT);
		}
		fprintf(stderr, "no crontab for %s - using an empty one\n",
			User);
		if (!(f = fopen("/dev/null", "r"))) {
			perror("/dev/null");
			exit(ERROR_EXIT);
		}
	}

	(void) sprintf(Filename, "/tmp/crontab.%d", Pid);
	if (-1 == (t = open(Filename, O_CREAT|O_EXCL|O_RDWR, 0600))) {
		perror(Filename);
		goto fatal;
	}
#ifdef HAS_FCHOWN
	if (fchown(t, getuid(), getgid()) < 0) {
#else
	if (chown(Filename, getuid(), getgid()) < 0) {
#endif
		perror("fchown");
		goto fatal;
	}
	if (!(NewCrontab = fdopen(t, "r+"))) {
		perror("fdopen");
		goto fatal;
	}

	Set_LineNum(1)

	/* ignore the top few comments since we probably put them there.
	 */
	for (x = 0;  x < NHEADER_LINES;  x++) {
		ch = get_char(f);
		if (EOF == ch)
			break;
		if ('#' != ch) {
			putc(ch, NewCrontab);
			break;
		}
		while (EOF != (ch = get_char(f)))
			if (ch == '\n')
				break;
		if (EOF == ch)
			break;
	}

	/* copy the rest of the crontab (if any) to the temp file.
	 */
	if (EOF != ch)
		while (EOF != (ch = get_char(f)))
			putc(ch, NewCrontab);
	fclose(f);
	if (fflush(NewCrontab) < OK) {
		perror(Filename);
		exit(ERROR_EXIT);
	}
 again:
	rewind(NewCrontab);
	if (ferror(NewCrontab)) {
		fprintf(stderr, "%s: error while writing new crontab to %s\n",
			ProgramName, Filename);
 fatal:		unlink(Filename);
		exit(ERROR_EXIT);
	}
	if (fstat(t, &statbuf) < 0) {
		perror("fstat");
		goto fatal;
	}
	mtime = statbuf.st_mtime;

	if ((!(editor = getenv("VISUAL")))
	 && (!(editor = getenv("EDITOR")))
	    ) {
		editor = EDITOR;
	}

	/* we still have the file open.  editors will generally rewrite the
	 * original file rather than renaming/unlinking it and starting a
	 * new one; even backup files are supposed to be made by copying
	 * rather than by renaming.  if some editor does not support this,
	 * then don't use it.  the security problems are more severe if we
	 * close and reopen the file around the edit.
	 */

	switch (pid = fork()) {
	case -1:
		perror("fork");
		goto fatal;
	case 0:
		/* child */
		if (setuid(getuid()) < 0) {
			perror("setuid(getuid())");
			exit(ERROR_EXIT);
		}
		if (chdir("/tmp") < 0) {
			perror("chdir(/tmp)");
			exit(ERROR_EXIT);
		}
		if (strlen(editor) + strlen(Filename) + 2 >= MAX_TEMPSTR) {
			fprintf(stderr, "%s: editor or filename too long\n",
				ProgramName);
			exit(ERROR_EXIT);
		}
		sprintf(q, "%s %s", editor, Filename);
		execlp(_PATH_BSHELL, _PATH_BSHELL, "-c", q, NULL);
		perror(editor);
		exit(ERROR_EXIT);
		/*NOTREACHED*/
	default:
		/* parent */
		break;
	}

	/* parent */
	xpid = wait(&waiter);
	if (xpid != pid) {
		fprintf(stderr, "%s: wrong PID (%d != %d) from \"%s\"\n",
			ProgramName, xpid, pid, editor);
		goto fatal;
	}
	if (WIFEXITED(waiter) && WEXITSTATUS(waiter)) {
		fprintf(stderr, "%s: \"%s\" exited with status %d\n",
			ProgramName, editor, WEXITSTATUS(waiter));
		goto fatal;
	}
	if (WIFSIGNALED(waiter)) {
		fprintf(stderr,
			"%s: \"%s\" killed; signal %d (%score dumped)\n",
			ProgramName, editor, WTERMSIG(waiter),
			WCOREDUMP(waiter) ?"" :"no ");
		goto fatal;
	}
	if (fstat(t, &statbuf) < 0) {
		perror("fstat");
		goto fatal;
	}
	if (mtime == statbuf.st_mtime) {
		fprintf(stderr, "%s: no changes made to crontab\n",
			ProgramName);
		goto remove;
	}
	fprintf(stderr, "%s: installing new crontab\n", ProgramName);
	switch (replace_cmd()) {
	case 0:
		break;
	case -1:
		for (;;) {
			printf("Do you want to retry the same edit? ");
			fflush(stdout);
			q[0] = '\0';
			(void) fgets(q, sizeof q, stdin);
			switch (islower(q[0]) ? q[0] : tolower(q[0])) {
			case 'y':
				goto again;
			case 'n':
				goto abandon;
			default:
				fprintf(stderr, "Enter Y or N\n");
			}
		}
		/*NOTREACHED*/
	case -2:
	abandon:
		fprintf(stderr, "%s: edits left in %s\n",
			ProgramName, Filename);
		goto done;
	default:
		fprintf(stderr, "%s: panic: bad switch() in replace_cmd()\n");
		goto fatal;
	}
 remove:
	unlink(Filename);
 done:
	log_it(RealUser, Pid, "END EDIT", User);
}
	

/* returns	0	on success
 *		-1	on syntax error
 *		-2	on install error
 */
static int
replace_cmd() {
	char	n[MAX_FNAME], envstr[MAX_ENVSTR], tn[MAX_FNAME];
	FILE	*tmp;
	int	ch, eof;
	entry	*e;
	time_t	now = time(NULL);
	char	**envp = env_init();

	(void) sprintf(n, "tmp.%d", Pid);
	(void) sprintf(tn, CRON_TAB(n));
	if (!(tmp = fopen(tn, "w+"))) {
		perror(tn);
		return (-2);
	}

	/* write a signature at the top of the file.
	 *
	 * VERY IMPORTANT: make sure NHEADER_LINES agrees with this code.
	 */
	fprintf(tmp, "# DO NOT EDIT THIS FILE - edit the master and reinstall.\n");
	fprintf(tmp, "# (%s installed on %-24.24s)\n", Filename, ctime(&now));
	fprintf(tmp, "# (Cron version -- %s)\n", rcsid);

	/* copy the crontab to the tmp
	 */
	rewind(NewCrontab);
	Set_LineNum(1)
	while (EOF != (ch = get_char(NewCrontab)))
		putc(ch, tmp);
	ftruncate(fileno(tmp), ftell(tmp));
	fflush(tmp);  rewind(tmp);

	if (ferror(tmp)) {
		fprintf(stderr, "%s: error while writing new crontab to %s\n",
			ProgramName, tn);
		fclose(tmp);  unlink(tn);
		return (-2);
	}

	/* check the syntax of the file being installed.
	 */

	/* BUG: was reporting errors after the EOF if there were any errors
	 * in the file proper -- kludged it by stopping after first error.
	 *		vix 31mar87
	 */
	Set_LineNum(1 - NHEADER_LINES)
	CheckErrorCount = 0;  eof = FALSE;
	while (!CheckErrorCount && !eof) {
		switch (load_env(envstr, tmp)) {
		case ERR:
			eof = TRUE;
			break;
		case FALSE:
			e = load_entry(tmp, check_error, pw, envp);
			if (e)
				free(e);
			break;
		case TRUE:
			break;
		}
	}

	if (CheckErrorCount != 0) {
		fprintf(stderr, "errors in crontab file, can't install.\n");
		fclose(tmp);  unlink(tn);
		return (-1);
	}

#ifdef HAS_FCHOWN
	if (fchown(fileno(tmp), ROOT_UID, -1) < OK)
#else
	if (chown(tn, ROOT_UID, -1) < OK)
#endif
	{
		perror("chown");
		fclose(tmp);  unlink(tn);
		return (-2);
	}

#ifdef HAS_FCHMOD
	if (fchmod(fileno(tmp), 0600) < OK)
#else
	if (chmod(tn, 0600) < OK)
#endif
	{
		perror("chown");
		fclose(tmp);  unlink(tn);
		return (-2);
	}

	if (fclose(tmp) == EOF) {
		perror("fclose");
		unlink(tn);
		return (-2);
	}

	(void) sprintf(n, CRON_TAB(User));
	if (rename(tn, n)) {
		fprintf(stderr, "%s: error renaming %s to %s\n",
			ProgramName, tn, n);
		perror("rename");
		unlink(tn);
		return (-2);
	}
	log_it(RealUser, Pid, "REPLACE", User);

	poke_daemon();

	return (0);
}


static void
poke_daemon() {
#ifdef USE_UTIMES
	struct timeval tvs[2];
	struct timezone tz;

	(void) gettimeofday(&tvs[0], &tz);
	tvs[1] = tvs[0];
	if (utimes(SPOOL_DIR, tvs) < OK) {
		fprintf(stderr, "crontab: can't update mtime on spooldir\n");
		perror(SPOOL_DIR);
		return;
	}
#else
	if (utime(SPOOL_DIR, NULL) < OK) {
		fprintf(stderr, "crontab: can't update mtime on spooldir\n");
		perror(SPOOL_DIR);
		return;
	}
#endif /*USE_UTIMES*/
}
Commit	Line	Data
693d8207	1	/* Copyright 1988,1990,1993,1994 by Paul Vixie
15637ed4 RG	2	* All rights reserved
	3	*
	4	* Distribute freely, except: don't remove my name from the source or
	5	* documentation (don't take credit for my work), mark your changes (don't
	6	* get me blamed for your possible bugs), don't alter or remove this
	7	* notice. May be sold if buildable source is provided to buyer. No
	8	* warrantee of any kind, express or implied, is included with this
	9	* software; use at your own risk, responsibility for damages (if any) to
	10	* anyone resulting from the use of this software rests entirely with the
	11	* user.
	12	*
	13	* Send bug reports, bug fixes, enhancements, requests, flames, etc., and
	14	* I'll try to keep a version up to date. I can be reached as follows:
693d8207 GR	15	* Paul Vixie <paul@vix.com> uunet!decwrl!vixie!paul
	16	* From Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp
	17	*/
	18
	19	#if !defined(lint) && !defined(LINT)
0701a35f	20	static char rcsid[] = "$Id: /home/cvs/386BSD/src/usr.bin/crontab/crontab.c,v 1.3 1994/01/27 19:06:16 nate Exp $";
693d8207 GR	21	#endif
	22
	23	/* crontab - install and manage per-user crontab files
	24	* vix 02may87 [RCS has the rest of the log]
	25	* vix 26jan87 [original]
15637ed4 RG	26	*/
	27
	28
	29	#define MAIN_PROGRAM
	30
	31
	32	#include "cron.h"
15637ed4	33	#include <errno.h>
693d8207	34	#include <fcntl.h>
15637ed4	35	#include <sys/file.h>
693d8207 GR	36	#include <sys/stat.h>
693d8207 GR	37	#ifdef USE_UTIMES
15637ed4	38	# include <sys/time.h>
693d8207 GR	39	#else
	40	# include <time.h>
	41	# include <utime.h>
	42	#endif
	43	#if defined(POSIX)
	44	# include <locale.h>
	45	#endif
15637ed4	46
15637ed4	47
693d8207	48	#define NHEADER_LINES 3
15637ed4	49
15637ed4	50
693d8207	51	enum opt_t { opt_unknown, opt_list, opt_delete, opt_edit, opt_replace };
15637ed4 RG	52
15637ed4 RG	53	#if DEBUGGING
693d8207	54	static char *Options[] = { "???", "list", "delete", "edit", "replace" };
15637ed4 RG	55	#endif
15637ed4 RG	56
693d8207 GR	57
	58	static PID_T Pid;
	59	static char User[MAX_UNAME], RealUser[MAX_UNAME];
	60	static char Filename[MAX_FNAME];
	61	static FILE *NewCrontab;
	62	static int CheckErrorCount;
	63	static enum opt_t Option;
	64	static struct passwd *pw;
	65	static void list_cmd __P((void)),
	66	delete_cmd __P((void)),
	67	edit_cmd __P((void)),
	68	poke_daemon __P((void)),
	69	check_error __P((char *)),
	70	parse_args __P((int c, char *v[]));
	71	static int replace_cmd __P((void));
	72
	73
	74	static void
	75	usage(msg)
	76	char *msg;
15637ed4	77	{
693d8207 GR	78	fprintf(stderr, "%s: usage error: %s\n", ProgramName, msg);
	79	fprintf(stderr, "usage:\t%s [-u user] file\n", ProgramName);
	80	fprintf(stderr, "\t%s [-u user] { -e \| -l \| -r }\n", ProgramName);
	81	fprintf(stderr, "\t\t(default operation is replace, per 1003.2)\n");
	82	fprintf(stderr, "\t-e\t(edit user's crontab)\n");
	83	fprintf(stderr, "\t-l\t(list user's crontab)\n");
	84	fprintf(stderr, "\t-r\t(delete user's crontab)\n");
15637ed4 RG	85	exit(ERROR_EXIT);
	86	}
	87
	88
693d8207	89	int
15637ed4 RG	90	main(argc, argv)
	91	int argc;
	92	char *argv[];
	93	{
693d8207	94	int exitstatus;
15637ed4 RG	95
	96	Pid = getpid();
	97	ProgramName = argv[0];
693d8207 GR	98
	99	#if defined(POSIX)
	100	setlocale(LC_ALL, "");
	101	#endif
	102
15637ed4 RG	103	#if defined(BSD)
	104	setlinebuf(stderr);
	105	#endif
	106	parse_args(argc, argv); /* sets many globals, opens a file */
	107	set_cron_uid();
	108	set_cron_cwd();
	109	if (!allowed(User)) {
	110	fprintf(stderr,
	111	"You (%s) are not allowed to use this program (%s)\n",
	112	User, ProgramName);
	113	fprintf(stderr, "See crontab(1) for more information\n");
	114	log_it(RealUser, Pid, "AUTH", "crontab command not allowed");
	115	exit(ERROR_EXIT);
	116	}
693d8207 GR	117	exitstatus = OK_EXIT;
693d8207 GR	118	switch (Option) {
15637ed4 RG	119	case opt_list: list_cmd();
	120	break;
	121	case opt_delete: delete_cmd();
	122	break;
693d8207 GR	123	case opt_edit: edit_cmd();
	124	break;
	125	case opt_replace: if (replace_cmd() < 0)
	126	exitstatus = ERROR_EXIT;
15637ed4 RG	127	break;
15637ed4 RG	128	}
693d8207 GR	129	exit(0);
693d8207 GR	130	/NOTREACHED/
15637ed4 RG	131	}
	132
	133
693d8207	134	static void
15637ed4 RG	135	parse_args(argc, argv)
	136	int argc;
	137	char *argv[];
	138	{
15637ed4 RG	139	int argch;
15637ed4 RG	140
693d8207	141	if (!(pw = getpwuid(getuid()))) {
15637ed4 RG	142	fprintf(stderr, "%s: your UID isn't in the passwd file.\n",
	143	ProgramName);
	144	fprintf(stderr, "bailing out.\n");
	145	exit(ERROR_EXIT);
	146	}
	147	strcpy(User, pw->pw_name);
	148	strcpy(RealUser, User);
	149	Filename[0] = '\0';
	150	Option = opt_unknown;
693d8207 GR	151	while (EOF != (argch = getopt(argc, argv, "u:lerx:"))) {
693d8207 GR	152	switch (argch) {
15637ed4 RG	153	case 'x':
15637ed4 RG	154	if (!set_debug_flags(optarg))
693d8207	155	usage("bad debug option");
15637ed4 RG	156	break;
	157	case 'u':
	158	if (getuid() != ROOT_UID)
	159	{
	160	fprintf(stderr,
	161	"must be privileged to use -u\n");
	162	exit(ERROR_EXIT);
	163	}
693d8207	164	if (!(pw = getpwnam(optarg)))
15637ed4 RG	165	{
	166	fprintf(stderr, "%s: user `%s' unknown\n",
	167	ProgramName, optarg);
	168	exit(ERROR_EXIT);
	169	}
	170	(void) strcpy(User, optarg);
	171	break;
	172	case 'l':
	173	if (Option != opt_unknown)
693d8207	174	usage("only one operation permitted");
15637ed4 RG	175	Option = opt_list;
15637ed4 RG	176	break;
693d8207	177	case 'r':
15637ed4	178	if (Option != opt_unknown)
693d8207	179	usage("only one operation permitted");
15637ed4 RG	180	Option = opt_delete;
15637ed4 RG	181	break;
693d8207	182	case 'e':
15637ed4	183	if (Option != opt_unknown)
693d8207 GR	184	usage("only one operation permitted");
693d8207 GR	185	Option = opt_edit;
15637ed4 RG	186	break;
15637ed4 RG	187	default:
693d8207	188	usage("unrecognized option");
15637ed4 RG	189	}
	190	}
	191
	192	endpwent();
	193
693d8207 GR	194	if (Option != opt_unknown) {
	195	if (argv[optind] != NULL) {
	196	usage("no arguments permitted after this option");
	197	}
	198	} else {
	199	if (argv[optind] != NULL) {
	200	Option = opt_replace;
	201	(void) strcpy (Filename, argv[optind]);
	202	} else {
	203	usage("file name must be specified for replace");
	204	}
	205	}
15637ed4 RG	206
15637ed4 RG	207	if (Option == opt_replace) {
15637ed4 RG	208	/* we have to open the file here because we're going to
	209	* chdir(2) into /var/cron before we get around to
	210	* reading the file.
	211	*/
	212	if (!strcmp(Filename, "-")) {
	213	NewCrontab = stdin;
	214	} else {
693d8207 GR	215	/* relinquish the setuid status of the binary during
	216	* the open, lest nonroot users read files they should
	217	* not be able to read. we can't use access() here
	218	* since there's a race condition. thanks go out to
	219	* Arnt Gulbrandsen <agulbra@pvv.unit.no> for spotting
	220	* the race.
	221	*/
	222
	223	if (swap_uids() < OK) {
	224	perror("swapping uids");
	225	exit(ERROR_EXIT);
	226	}
15637ed4 RG	227	if (!(NewCrontab = fopen(Filename, "r"))) {
	228	perror(Filename);
	229	exit(ERROR_EXIT);
	230	}
693d8207 GR	231	if (swap_uids() < OK) {
	232	perror("swapping uids back");
	233	exit(ERROR_EXIT);
	234	}
15637ed4 RG	235	}
	236	}
	237
	238	Debug(DMISC, ("user=%s, file=%s, option=%s\n",
693d8207	239	User, Filename, Options[(int)Option]))
15637ed4 RG	240	}
	241
	242
693d8207 GR	243	static void
693d8207 GR	244	list_cmd() {
15637ed4 RG	245	char n[MAX_FNAME];
	246	FILE *f;
	247	int ch;
	248
	249	log_it(RealUser, Pid, "LIST", User);
	250	(void) sprintf(n, CRON_TAB(User));
693d8207	251	if (!(f = fopen(n, "r"))) {
15637ed4 RG	252	if (errno == ENOENT)
	253	fprintf(stderr, "no crontab for %s\n", User);
	254	else
	255	perror(n);
	256	exit(ERROR_EXIT);
	257	}
	258
	259	/* file is open. copy to stdout, close.
	260	*/
	261	Set_LineNum(1)
	262	while (EOF != (ch = get_char(f)))
	263	putchar(ch);
	264	fclose(f);
	265	}
	266
	267
693d8207 GR	268	static void
693d8207 GR	269	delete_cmd() {
15637ed4 RG	270	char n[MAX_FNAME];
	271
	272	log_it(RealUser, Pid, "DELETE", User);
	273	(void) sprintf(n, CRON_TAB(User));
693d8207	274	if (unlink(n)) {
15637ed4 RG	275	if (errno == ENOENT)
	276	fprintf(stderr, "no crontab for %s\n", User);
	277	else
	278	perror(n);
	279	exit(ERROR_EXIT);
	280	}
	281	poke_daemon();
	282	}
	283
	284
693d8207	285	static void
15637ed4 RG	286	check_error(msg)
	287	char *msg;
	288	{
693d8207 GR	289	CheckErrorCount++;
693d8207 GR	290	fprintf(stderr, "\"%s\":%d: %s\n", Filename, LineNumber-1, msg);
15637ed4 RG	291	}
	292
	293
693d8207 GR	294	static void
	295	edit_cmd() {
	296	char n[MAX_FNAME], q[MAX_TEMPSTR], *editor;
	297	FILE *f;
	298	int ch, t, x;
	299	struct stat statbuf;
	300	time_t mtime;
	301	WAIT_T waiter;
	302	PID_T pid, xpid;
15637ed4	303
693d8207 GR	304	log_it(RealUser, Pid, "BEGIN EDIT", User);
	305	(void) sprintf(n, CRON_TAB(User));
	306	if (!(f = fopen(n, "r"))) {
	307	if (errno != ENOENT) {
	308	perror(n);
	309	exit(ERROR_EXIT);
	310	}
	311	fprintf(stderr, "no crontab for %s - using an empty one\n",
	312	User);
	313	if (!(f = fopen("/dev/null", "r"))) {
	314	perror("/dev/null");
	315	exit(ERROR_EXIT);
	316	}
	317	}
	318
	319	(void) sprintf(Filename, "/tmp/crontab.%d", Pid);
	320	if (-1 == (t = open(Filename, O_CREAT\|O_EXCL\|O_RDWR, 0600))) {
	321	perror(Filename);
	322	goto fatal;
	323	}
	324	#ifdef HAS_FCHOWN
	325	if (fchown(t, getuid(), getgid()) < 0) {
	326	#else
	327	if (chown(Filename, getuid(), getgid()) < 0) {
	328	#endif
	329	perror("fchown");
	330	goto fatal;
	331	}
	332	if (!(NewCrontab = fdopen(t, "r+"))) {
	333	perror("fdopen");
	334	goto fatal;
	335	}
	336
	337	Set_LineNum(1)
	338
	339	/* ignore the top few comments since we probably put them there.
	340	*/
	341	for (x = 0; x < NHEADER_LINES; x++) {
	342	ch = get_char(f);
	343	if (EOF == ch)
	344	break;
	345	if ('#' != ch) {
	346	putc(ch, NewCrontab);
	347	break;
	348	}
	349	while (EOF != (ch = get_char(f)))
	350	if (ch == '\n')
	351	break;
	352	if (EOF == ch)
	353	break;
	354	}
	355
	356	/* copy the rest of the crontab (if any) to the temp file.
	357	*/
	358	if (EOF != ch)
	359	while (EOF != (ch = get_char(f)))
	360	putc(ch, NewCrontab);
	361	fclose(f);
	362	if (fflush(NewCrontab) < OK) {
	363	perror(Filename);
	364	exit(ERROR_EXIT);
	365	}
	366	again:
	367	rewind(NewCrontab);
368	if (ferror(NewCrontab)) {
369	fprintf(stderr, "%s: error while writing new crontab to %s\n",
370	ProgramName, Filename);
371	fatal: unlink(Filename);
372	exit(ERROR_EXIT);
373	}
374	if (fstat(t, &statbuf) < 0) {
375	perror("fstat");
376	goto fatal;
377	}
378	mtime = statbuf.st_mtime;
379
380	if ((!(editor = getenv("VISUAL")))
381	&& (!(editor = getenv("EDITOR")))
382	) {
383	editor = EDITOR;
384	}
385
386	/* we still have the file open. editors will generally rewrite the
387	* original file rather than renaming/unlinking it and starting a
388	* new one; even backup files are supposed to be made by copying
389	* rather than by renaming. if some editor does not support this,
390	* then don't use it. the security problems are more severe if we
391	* close and reopen the file around the edit.
392	*/
393
394	switch (pid = fork()) {
395	case -1:
396	perror("fork");
397	goto fatal;
398	case 0:
399	/* child */
400	if (setuid(getuid()) < 0) {
401	perror("setuid(getuid())");
402	exit(ERROR_EXIT);
403	}
404	if (chdir("/tmp") < 0) {
405	perror("chdir(/tmp)");
406	exit(ERROR_EXIT);
407	}
bdcadc69 NW	408	if (strlen(editor) + strlen(Filename) + 2 >= MAX_TEMPSTR) {
	409	fprintf(stderr, "%s: editor or filename too long\n",
	410	ProgramName);
	411	exit(ERROR_EXIT);
	412	}
	413	sprintf(q, "%s %s", editor, Filename);
	414	execlp(_PATH_BSHELL, _PATH_BSHELL, "-c", q, NULL);
693d8207 GR	415	perror(editor);
	416	exit(ERROR_EXIT);
	417	/NOTREACHED/
	418	default:
	419	/* parent */
	420	break;
	421	}
	422
	423	/* parent */
	424	xpid = wait(&waiter);
	425	if (xpid != pid) {
	426	fprintf(stderr, "%s: wrong PID (%d != %d) from \"%s\"\n",
	427	ProgramName, xpid, pid, editor);
	428	goto fatal;
	429	}
	430	if (WIFEXITED(waiter) && WEXITSTATUS(waiter)) {
	431	fprintf(stderr, "%s: \"%s\" exited with status %d\n",
	432	ProgramName, editor, WEXITSTATUS(waiter));
	433	goto fatal;
	434	}
	435	if (WIFSIGNALED(waiter)) {
	436	fprintf(stderr,
	437	"%s: \"%s\" killed; signal %d (%score dumped)\n",
	438	ProgramName, editor, WTERMSIG(waiter),
	439	WCOREDUMP(waiter) ?"" :"no ");
	440	goto fatal;
	441	}
	442	if (fstat(t, &statbuf) < 0) {
	443	perror("fstat");
	444	goto fatal;
	445	}
	446	if (mtime == statbuf.st_mtime) {
	447	fprintf(stderr, "%s: no changes made to crontab\n",
	448	ProgramName);
	449	goto remove;
	450	}
	451	fprintf(stderr, "%s: installing new crontab\n", ProgramName);
	452	switch (replace_cmd()) {
	453	case 0:
	454	break;
	455	case -1:
	456	for (;;) {
	457	printf("Do you want to retry the same edit? ");
	458	fflush(stdout);
	459	q[0] = '\0';
	460	(void) fgets(q, sizeof q, stdin);
	461	switch (islower(q[0]) ? q[0] : tolower(q[0])) {
	462	case 'y':
	463	goto again;
	464	case 'n':
	465	goto abandon;
	466	default:
	467	fprintf(stderr, "Enter Y or N\n");
	468	}
	469	}
	470	/NOTREACHED/
	471	case -2:
	472	abandon:
	473	fprintf(stderr, "%s: edits left in %s\n",
	474	ProgramName, Filename);
	475	goto done;
	476	default:
	477	fprintf(stderr, "%s: panic: bad switch() in replace_cmd()\n");
	478	goto fatal;
479	}
480	remove:
481	unlink(Filename);
482	done:
483	log_it(RealUser, Pid, "END EDIT", User);
484	}
485
486
487	/* returns 0 on success
488	* -1 on syntax error
489	* -2 on install error
490	*/
491	static int
492	replace_cmd() {
15637ed4 RG	493	char n[MAX_FNAME], envstr[MAX_ENVSTR], tn[MAX_FNAME];
15637ed4 RG	494	FILE *tmp;
693d8207	495	int ch, eof;
15637ed4	496	entry *e;
15637ed4	497	time_t now = time(NULL);
693d8207	498	char **envp = env_init();
15637ed4 RG	499
	500	(void) sprintf(n, "tmp.%d", Pid);
	501	(void) sprintf(tn, CRON_TAB(n));
693d8207	502	if (!(tmp = fopen(tn, "w+"))) {
15637ed4	503	perror(tn);
693d8207	504	return (-2);
15637ed4 RG	505	}
15637ed4 RG	506
693d8207 GR	507	/* write a signature at the top of the file.
	508	*
	509	* VERY IMPORTANT: make sure NHEADER_LINES agrees with this code.
15637ed4	510	*/
693d8207	511	fprintf(tmp, "# DO NOT EDIT THIS FILE - edit the master and reinstall.\n");
15637ed4 RG	512	fprintf(tmp, "# (%s installed on %-24.24s)\n", Filename, ctime(&now));
	513	fprintf(tmp, "# (Cron version -- %s)\n", rcsid);
	514
	515	/* copy the crontab to the tmp
	516	*/
693d8207	517	rewind(NewCrontab);
15637ed4 RG	518	Set_LineNum(1)
	519	while (EOF != (ch = get_char(NewCrontab)))
	520	putc(ch, tmp);
693d8207	521	ftruncate(fileno(tmp), ftell(tmp));
15637ed4 RG	522	fflush(tmp); rewind(tmp);
	523
	524	if (ferror(tmp)) {
	525	fprintf(stderr, "%s: error while writing new crontab to %s\n",
	526	ProgramName, tn);
	527	fclose(tmp); unlink(tn);
693d8207	528	return (-2);
15637ed4 RG	529	}
	530
	531	/* check the syntax of the file being installed.
	532	*/
	533
	534	/* BUG: was reporting errors after the EOF if there were any errors
	535	* in the file proper -- kludged it by stopping after first error.
	536	* vix 31mar87
	537	*/
693d8207 GR	538	Set_LineNum(1 - NHEADER_LINES)
	539	CheckErrorCount = 0; eof = FALSE;
	540	while (!CheckErrorCount && !eof) {
	541	switch (load_env(envstr, tmp)) {
	542	case ERR:
	543	eof = TRUE;
	544	break;
	545	case FALSE:
	546	e = load_entry(tmp, check_error, pw, envp);
	547	if (e)
	548	free(e);
	549	break;
	550	case TRUE:
	551	break;
15637ed4 RG	552	}
	553	}
	554
693d8207	555	if (CheckErrorCount != 0) {
15637ed4 RG	556	fprintf(stderr, "errors in crontab file, can't install.\n");
15637ed4 RG	557	fclose(tmp); unlink(tn);
693d8207	558	return (-1);
15637ed4 RG	559	}
15637ed4 RG	560
693d8207	561	#ifdef HAS_FCHOWN
15637ed4	562	if (fchown(fileno(tmp), ROOT_UID, -1) < OK)
693d8207 GR	563	#else
	564	if (chown(tn, ROOT_UID, -1) < OK)
	565	#endif
15637ed4 RG	566	{
	567	perror("chown");
	568	fclose(tmp); unlink(tn);
693d8207	569	return (-2);
15637ed4 RG	570	}
15637ed4 RG	571
693d8207	572	#ifdef HAS_FCHMOD
15637ed4	573	if (fchmod(fileno(tmp), 0600) < OK)
693d8207 GR	574	#else
	575	if (chmod(tn, 0600) < OK)
	576	#endif
15637ed4 RG	577	{
	578	perror("chown");
	579	fclose(tmp); unlink(tn);
693d8207	580	return (-2);
15637ed4 RG	581	}
	582
	583	if (fclose(tmp) == EOF) {
	584	perror("fclose");
	585	unlink(tn);
693d8207	586	return (-2);
15637ed4 RG	587	}
	588
	589	(void) sprintf(n, CRON_TAB(User));
693d8207	590	if (rename(tn, n)) {
15637ed4 RG	591	fprintf(stderr, "%s: error renaming %s to %s\n",
	592	ProgramName, tn, n);
	593	perror("rename");
	594	unlink(tn);
693d8207	595	return (-2);
15637ed4 RG	596	}
	597	log_it(RealUser, Pid, "REPLACE", User);
	598
	599	poke_daemon();
693d8207 GR	600
693d8207 GR	601	return (0);
15637ed4 RG	602	}
	603
	604
693d8207 GR	605	static void
	606	poke_daemon() {
	607	#ifdef USE_UTIMES
15637ed4 RG	608	struct timeval tvs[2];
	609	struct timezone tz;
	610
	611	(void) gettimeofday(&tvs[0], &tz);
	612	tvs[1] = tvs[0];
693d8207	613	if (utimes(SPOOL_DIR, tvs) < OK) {
15637ed4 RG	614	fprintf(stderr, "crontab: can't update mtime on spooldir\n");
	615	perror(SPOOL_DIR);
	616	return;
	617	}
693d8207 GR	618	#else
693d8207 GR	619	if (utime(SPOOL_DIR, NULL) < OK) {
15637ed4 RG	620	fprintf(stderr, "crontab: can't update mtime on spooldir\n");
	621	perror(SPOOL_DIR);
	622	return;
	623	}
693d8207	624	#endif /USE_UTIMES/
15637ed4	625	}