atrun.c revision 7768
1/* 2 * atrun.c - run jobs queued by at; run with root privileges. 3 * Copyright (C) 1993, 1994 Thomas Koenig 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. The name of the author(s) may not be used to endorse or promote 11 * products derived from this software without specific prior written 12 * permission. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26/* System Headers */ 27 28#include <sys/fcntl.h> 29#include <sys/types.h> 30#include <sys/stat.h> 31#include <sys/wait.h> 32#include <ctype.h> 33#include <dirent.h> 34#include <errno.h> 35#include <pwd.h> 36#include <grp.h> 37#include <signal.h> 38#include <stddef.h> 39#include <stdio.h> 40#include <stdlib.h> 41#include <string.h> 42#include <time.h> 43#include <unistd.h> 44#include <syslog.h> 45#ifndef __FreeBSD__ 46#include <getopt.h> 47#else 48#include <paths.h> 49#endif 50 51/* Local headers */ 52 53#ifndef __FreeBSD__ 54#include "gloadavg.h" 55#endif 56#define MAIN 57#include "privs.h" 58 59/* Macros */ 60 61#ifndef ATJOB_DIR 62#define ATJOB_DIR "/usr/spool/atjobs/" 63#endif 64 65#ifndef ATSPOOL_DIR 66#define ATSPOOL_DIR "/usr/spool/atspool/" 67#endif 68 69#ifndef LOADAVG_MX 70#define LOADAVG_MX 1.5 71#endif 72 73/* File scope variables */ 74 75static char *namep; 76static char rcsid[] = "$Id: atrun.c,v 1.1 1994/05/10 18:23:08 kernel Exp $"; 77static debug = 0; 78 79/* Local functions */ 80static void 81perr(const char *a) 82{ 83 if (debug) 84 { 85 perror(a); 86 } 87 else 88 syslog(LOG_ERR, "%s: %m", a); 89 90 exit(EXIT_FAILURE); 91} 92 93static int 94write_string(int fd, const char* a) 95{ 96 return write(fd, a, strlen(a)); 97} 98 99#ifdef DEBUG_FORK 100static pid_t 101myfork() 102{ 103 pid_t res; 104 res = fork(); 105 if (res == 0) 106 kill(getpid(),SIGSTOP); 107 return res; 108} 109 110#define fork myfork 111#endif 112 113static void 114run_file(const char *filename, uid_t uid, gid_t gid) 115{ 116/* Run a file by by spawning off a process which redirects I/O, 117 * spawns a subshell, then waits for it to complete and sends 118 * mail to the user. 119 */ 120 pid_t pid; 121 int fd_out, fd_in; 122 int queue; 123 char mailbuf[9]; 124 char *mailname = NULL; 125 FILE *stream; 126 int send_mail = 0; 127 struct stat buf; 128 off_t size; 129 struct passwd *pentry; 130 int fflags; 131 132 133 PRIV_START 134 135 if (chmod(filename, S_IRUSR) != 0) 136 { 137 perr("Cannot change file permissions"); 138 } 139 140 PRIV_END 141 142 pid = fork(); 143 if (pid == -1) 144 perr("Cannot fork"); 145 146 else if (pid > 0) 147 return; 148 149 /* Let's see who we mail to. Hopefully, we can read it from 150 * the command file; if not, send it to the owner, or, failing that, 151 * to root. 152 */ 153 154 pentry = getpwuid(uid); 155 if (pentry == NULL) 156 { 157 syslog(LOG_ERR,"Userid %lu not found - aborting job %s", 158 (unsigned long) uid, filename); 159 exit(EXIT_FAILURE); 160 } 161 PRIV_START 162 163 stream=fopen(filename, "r"); 164 165 PRIV_END 166 167 if (stream == NULL) 168 perr("Cannot open input file"); 169 170 if ((fd_in = dup(fileno(stream))) <0) 171 perr("Error duplicating input file descriptor"); 172 173 if ((fflags = fcntl(fd_in, F_GETFD)) <0) 174 perr("Error in fcntl"); 175 176 fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC); 177 178 if (fscanf(stream, "#! /bin/sh\n# mail %8s %d", mailbuf, &send_mail) == 2) 179 { 180 mailname = mailbuf; 181 pentry = getpwnam(mailname); 182 if (pentry == NULL || pentry->pw_uid != uid) { 183 syslog(LOG_ERR,"Userid %lu mismatch name %s - aborting job %s", 184 (unsigned long) uid, mailname, filename); 185 exit(EXIT_FAILURE); 186 } 187 } 188 else 189 { 190 mailname = pentry->pw_name; 191 } 192 fclose(stream); 193 if (chdir(ATSPOOL_DIR) < 0) 194 perr("Cannot chdir to " ATSPOOL_DIR); 195 196 /* Create a file to hold the output of the job we are about to run. 197 * Write the mail header. 198 */ 199 if((fd_out=open(filename, 200 O_WRONLY | O_CREAT | O_EXCL, S_IWUSR | S_IRUSR)) < 0) 201 perr("Cannot create output file"); 202 203 write_string(fd_out, "Subject: Output from your job "); 204 write_string(fd_out, filename); 205 write_string(fd_out, "\n\n"); 206 fstat(fd_out, &buf); 207 size = buf.st_size; 208 209 close(STDIN_FILENO); 210 close(STDOUT_FILENO); 211 close(STDERR_FILENO); 212 213 pid = fork(); 214 if (pid < 0) 215 perr("Error in fork"); 216 217 else if (pid == 0) 218 { 219 char *nul = NULL; 220 char **nenvp = &nul; 221 222 /* Set up things for the child; we want standard input from the input file, 223 * and standard output and error sent to our output file. 224 */ 225 226 if (lseek(fd_in, (off_t) 0, SEEK_SET) < 0) 227 perr("Error in lseek"); 228 229 if (dup(fd_in) != STDIN_FILENO) 230 perr("Error in I/O redirection"); 231 232 if (dup(fd_out) != STDOUT_FILENO) 233 perr("Error in I/O redirection"); 234 235 if (dup(fd_out) != STDERR_FILENO) 236 perr("Error in I/O redirection"); 237 238 close(fd_in); 239 close(fd_out); 240 if (chdir(ATJOB_DIR) < 0) 241 perr("Cannot chdir to " ATJOB_DIR); 242 243 queue = *filename; 244 245 PRIV_START 246 247 nice(tolower(queue) - 'a'); 248 249 chdir(pentry->pw_dir); 250 251 if (initgroups(pentry->pw_name,pentry->pw_gid)) 252 perr("Cannot delete saved userids"); 253 254 if (setgid(gid) < 0) 255 perr("Cannot change group"); 256 257 if (setuid(uid) < 0) 258 perr("Cannot set user id"); 259 260 if(execle("/bin/sh","sh",(char *) NULL, nenvp) != 0) 261 perr("Exec failed"); 262 263 PRIV_END 264 } 265 /* We're the parent. Let's wait. 266 */ 267 close(fd_in); 268 close(fd_out); 269 waitpid(pid, (int *) NULL, 0); 270 271 /* Send mail. Unlink the output file first, so it is deleted after 272 * the run. 273 */ 274 stat(filename, &buf); 275 if (open(filename, O_RDONLY) != STDIN_FILENO) 276 perr("Open of jobfile failed"); 277 278 unlink(filename); 279 if ((buf.st_size != size) || send_mail) 280 { 281#ifdef __FreeBSD__ 282 execl(_PATH_SENDMAIL, "sendmail", "-F", "Atrun Service", 283 mailname, (char *) NULL); 284#else 285 execl(MAIL_CMD, MAIL_CMD, mailname, (char *) NULL); 286#endif 287 perr("Exec failed"); 288 } 289 exit(EXIT_SUCCESS); 290} 291 292/* Global functions */ 293 294int 295main(int argc, char *argv[]) 296{ 297/* Browse through ATJOB_DIR, checking all the jobfiles wether they should 298 * be executed and or deleted. The queue is coded into the first byte of 299 * the job filename, the date (in minutes since Eon) as a hex number in the 300 * following eight bytes, followed by a dot and a serial number. A file 301 * which has not been executed yet is denoted by its execute - bit set. 302 * For those files which are to be executed, run_file() is called, which forks 303 * off a child which takes care of I/O redirection, forks off another child 304 * for execution and yet another one, optionally, for sending mail. 305 * Files which already have run are removed during the next invocation. 306 */ 307 DIR *spool; 308 struct dirent *dirent; 309 struct stat buf; 310 unsigned long ctm; 311 char queue; 312 time_t now, run_time; 313 char batch_name[] = "Z2345678901234"; 314 uid_t batch_uid; 315 gid_t batch_gid; 316 int c; 317 int run_batch; 318 double load_avg = LOADAVG_MX; 319 320/* We don't need root privileges all the time; running under uid and gid daemon 321 * is fine. 322 */ 323 324 RELINQUISH_PRIVS_ROOT(DAEMON_UID, DAEMON_GID) 325 326 openlog("atrun", LOG_PID, LOG_CRON); 327 328 opterr = 0; 329 errno = 0; 330 while((c=getopt(argc, argv, "dl:"))!= EOF) 331 { 332 switch (c) 333 { 334 case 'l': 335 if (sscanf(optarg, "%lf", &load_avg) != 1) 336 perr("garbled option -l"); 337 if (load_avg <= 0.) 338 load_avg = LOADAVG_MX; 339 break; 340 341 case 'd': 342 debug ++; 343 break; 344 345 case '?': 346 perr("unknown option"); 347 break; 348 349 default: 350 perr("idiotic option - aborted"); 351 break; 352 } 353 } 354 355 namep = argv[0]; 356 if (chdir(ATJOB_DIR) != 0) 357 perr("Cannot change to " ATJOB_DIR); 358 359 /* Main loop. Open spool directory for reading and look over all the 360 * files in there. If the filename indicates that the job should be run 361 * and the x bit is set, fork off a child which sets its user and group 362 * id to that of the files and exec a /bin/sh which executes the shell 363 * script. Unlink older files if they should no longer be run. For 364 * deletion, their r bit has to be turned on. 365 * 366 * Also, pick the oldest batch job to run, at most one per invocation of 367 * atrun. 368 */ 369 if ((spool = opendir(".")) == NULL) 370 perr("Cannot read " ATJOB_DIR); 371 372 now = time(NULL); 373 run_batch = 0; 374 batch_uid = (uid_t) -1; 375 batch_gid = (gid_t) -1; 376 377 while ((dirent = readdir(spool)) != NULL) 378 { 379 if (stat(dirent->d_name,&buf) != 0) 380 perr("Cannot stat in " ATJOB_DIR); 381 382 /* We don't want directories 383 */ 384 if (!S_ISREG(buf.st_mode)) 385 continue; 386 387 if (sscanf(dirent->d_name,"%c%8lx",&queue,&ctm) != 2) 388 continue; 389 390 run_time = (time_t) ctm*60; 391 392 if ((S_IXUSR & buf.st_mode) && (run_time <=now)) 393 { 394 if (isupper(queue) && (strcmp(batch_name,dirent->d_name) > 0)) 395 { 396 run_batch = 1; 397 strncpy(batch_name, dirent->d_name, sizeof(batch_name)); 398 batch_uid = buf.st_uid; 399 batch_gid = buf.st_gid; 400 } 401 402 /* The file is executable and old enough 403 */ 404 if (islower(queue)) 405 run_file(dirent->d_name, buf.st_uid, buf.st_gid); 406 } 407 /* Delete older files 408 */ 409 if ((run_time < now) && !(S_IXUSR & buf.st_mode) && (S_IRUSR & buf.st_mode)) 410 unlink(dirent->d_name); 411 } 412 /* run the single batch file, if any 413 */ 414#ifndef __FreeBSD__ 415 if (run_batch && (gloadavg() < load_avg)) { 416#else 417 if (run_batch) { 418 double la; 419 420 if (getloadavg(&la, 1) != 1) 421 perr("Error in getloadavg"); 422 if (la < load_avg) 423#endif 424 run_file(batch_name, batch_uid, batch_gid); 425 } 426 427 closelog(); 428 exit(EXIT_SUCCESS); 429} 430