[apple/system_cmds.git] / at.tproj / at.c

/*
 * Copyright (c) 1999 Apple Computer, Inc. All rights reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 * 
 * Copyright (c) 1999-2003 Apple Computer, Inc.  All Rights Reserved.
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */
/*
 * at.c : Put file into atrun queue
 * Copyright (C) 1993  Thomas Koenig
 *
 * Atrun & Atq modifications
 * Copyright (C) 1993  David Parsons
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. The name of the author(s) may not be used to endorse or promote
 *    products derived from this software without specific prior written
 *    permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 */

#define _USE_BSD 1

/* System Headers */
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/wait.h>
#include <ctype.h>
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <pwd.h>
#include <signal.h>
#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>

/* Local headers */
#include "at.h"
#include "panic.h"
#include "parsetime.h"
#include "pathnames.h"
#define MAIN
#include "privs.h"
#include "perm.h"

/* Macros */
#define ALARMC 10		/* Number of seconds to wait for timeout */

#define SIZE 255
#define TIMESIZE 50

/* File scope variables */
static char rcsid[] = "$Id: at.c,v 1.1.1.2 2000/01/11 02:10:04 wsanchez Exp $";
char *no_export[] =
{
	"TERM", "TERMCAP", "DISPLAY", "_"
};
static send_mail = 0;

/* External variables */
extern char **environ;
int fcreated;
char *namep;
char atfile[FILENAME_MAX];

char *atinput = (char *) 0;	/* where to get input from */
char atqueue = 0;		/* which queue to examine for jobs (atq) */
char atverify = 0;		/* verify time instead of queuing job */

/* Function declarations */
static void sigc	__P((int signo));
static void alarmc	__P((int signo));
static char *cwdname	__P((void));
static void writefile	__P((time_t runtimer, char queue));
static void list_jobs	__P((void));

/* Signal catching functions */

static void 
sigc(signo)
	int signo;
{
/* If the user presses ^C, remove the spool file and exit
 */
	if (fcreated) {
		PRIV_START
		unlink(atfile);
		PRIV_END
	}

	exit(EXIT_FAILURE);
}

static void 
alarmc(signo)
	int signo;
{
/* Time out after some seconds
 */
	panic("File locking timed out");
}

/* Local functions */

static char *
cwdname()
{
/* Read in the current directory; the name will be overwritten on
 * subsequent calls.
 */
	static char *ptr = NULL;
	static size_t size = SIZE;

	if (ptr == NULL)
		ptr = (char *) malloc(size);

	while (1) {
		if (ptr == NULL)
			panic("Out of memory");

		if (getcwd(ptr, size - 1) != NULL)
			return ptr;

		if (errno != ERANGE)
			perr("Cannot get directory");

		free(ptr);
		size += SIZE;
		ptr = (char *) malloc(size);
	}
}

static void
writefile(runtimer, queue)
	time_t runtimer;
	char queue;
{
	/*
	 * This does most of the work if at or batch are invoked for
	 * writing a job.
	 */
	int i;
	char *ap, *ppos, *mailname;
	struct passwd *pass_entry;
	struct stat statbuf;
	int fdes, lockdes, fd2;
	FILE *fp, *fpin;
	struct sigaction act;
	char **atenv;
	int ch;
	mode_t cmask;
	struct flock lock;

	/*
	 * Install the signal handler for SIGINT; terminate after removing the
	 * spool file if necessary
	 */
	act.sa_handler = sigc;
	sigemptyset(&(act.sa_mask));
	act.sa_flags = 0;

	sigaction(SIGINT, &act, NULL);

	strcpy(atfile, _PATH_ATJOBS);
	ppos = atfile + strlen(_PATH_ATJOBS);

	/*
	 * Loop over all possible file names for running something at this
	 *  particular time, see if a file is there; the first empty slot at
	 *  any particular time is used.  Lock the file _PATH_LOCKFILE first
	 *  to make sure we're alone when doing this.
	 */

	PRIV_START

	if ((lockdes = open(_PATH_LOCKFILE, O_WRONLY | O_CREAT, 0600)) < 0)
		perr2("Cannot open lockfile ", _PATH_LOCKFILE);

	lock.l_type = F_WRLCK;
	lock.l_whence = SEEK_SET;
	lock.l_start = 0;
	lock.l_len = 0;

	act.sa_handler = alarmc;
	sigemptyset(&(act.sa_mask));
	act.sa_flags = 0;

	/*
	 * Set an alarm so a timeout occurs after ALARMC seconds, in case
	 * something is seriously broken.
	 */
	sigaction(SIGALRM, &act, NULL);
	alarm(ALARMC);
	fcntl(lockdes, F_SETLKW, &lock);
	alarm(0);

	for (i = 0; i < AT_MAXJOBS; i++) {
		sprintf(ppos, "%c%8lx.%3x", queue,
		    (unsigned long) (runtimer / 60), i);
		for (ap = ppos; *ap != '\0'; ap++)
			if (*ap == ' ')
				*ap = '0';

		if (stat(atfile, &statbuf) != 0) {
			if (errno == ENOENT)
				break;
			else
				perr2("Cannot access ", _PATH_ATJOBS);
		}
	}			/* for */

	if (i >= AT_MAXJOBS)
		panic("Too many jobs already");

	/*
	 * Create the file. The x bit is only going to be set after it has
	 * been completely written out, to make sure it is not executed in
	 * the meantime.  To make sure they do not get deleted, turn off
	 * their r bit.  Yes, this is a kluge.
	 */
	cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
	if ((fdes = creat(atfile, O_WRONLY)) == -1)
		perr("Cannot create atjob file");

	if ((fd2 = dup(fdes)) < 0)
		perr("Error in dup() of job file");

	if (fchown(fd2, real_uid, -1) != 0)
		perr("Cannot give away file");

	PRIV_END

	/*
	 * We no longer need suid root; now we just need to be able to
	 * write to the directory, if necessary.
	 */

	    REDUCE_PRIV(0);

	/*
	 * We've successfully created the file; let's set the flag so it
	 * gets removed in case of an interrupt or error.
	 */
	fcreated = 1;

	/* Now we can release the lock, so other people can access it */
	lock.l_type = F_UNLCK;
	lock.l_whence = SEEK_SET;
	lock.l_start = 0;
	lock.l_len = 0;
	fcntl(lockdes, F_SETLKW, &lock);
	close(lockdes);

	if ((fp = fdopen(fdes, "w")) == NULL)
		panic("Cannot reopen atjob file");

	/*
	 * Get the userid to mail to, first by trying getlogin(), which
	 * reads /etc/utmp, then from LOGNAME, finally from getpwuid().
	 */
	mailname = getlogin();
	if (mailname == NULL)
		mailname = getenv("LOGNAME");

	if ((mailname == NULL) || (mailname[0] == '\0')
	    || (strlen(mailname) > 8)) {
		pass_entry = getpwuid(getuid());
		if (pass_entry != NULL)
			mailname = pass_entry->pw_name;
	}

	if (atinput != (char *) NULL) {
		fpin = freopen(atinput, "r", stdin);
		if (fpin == NULL)
			perr("Cannot open input file");
	}
	fprintf(fp, "#! /bin/sh\n# mail %8s %d\n", mailname, send_mail);

	/* Write out the umask at the time of invocation */
	fprintf(fp, "umask %lo\n", (unsigned long) cmask);

	/*
	 * Write out the environment. Anything that may look like a special
	 * character to the shell is quoted, except for \n, which is done
	 * with a pair of "'s.  Dont't export the no_export list (such as
	 * TERM or DISPLAY) because we don't want these.
	 */
	for (atenv = environ; *atenv != NULL; atenv++) {
		int export = 1;
		char *eqp;

		eqp = strchr(*atenv, '=');
		if (ap == NULL)
			eqp = *atenv;
		else {
			int i;

			for (i = 0;i < sizeof(no_export) /
			    sizeof(no_export[0]); i++) {
				export = export
				    && (strncmp(*atenv, no_export[i],
					(size_t) (eqp - *atenv)) != 0);
			}
			eqp++;
		}

		if (export) {
			fwrite(*atenv, sizeof(char), eqp - *atenv, fp);
			for (ap = eqp; *ap != '\0'; ap++) {
				if (*ap == '\n')
					fprintf(fp, "\"\n\"");
				else {
					if (!isalnum(*ap))
						fputc('\\', fp);

					fputc(*ap, fp);
				}
			}
			fputs("; export ", fp);
			fwrite(*atenv, sizeof(char), eqp - *atenv - 1, fp);
			fputc('\n', fp);

		}
	}
	/*
	 * Cd to the directory at the time and write out all the commands
	 * the user supplies from stdin.
	 */
	fprintf(fp, "cd %s\n", cwdname());

	while ((ch = getchar()) != EOF)
		fputc(ch, fp);

	fprintf(fp, "\n");
	if (ferror(fp))
		panic("Output error");

	if (ferror(stdin))
		panic("Input error");

	fclose(fp);

	/*
	 * Set the x bit so that we're ready to start executing
	 */
	if (fchmod(fd2, S_IRUSR | S_IWUSR | S_IXUSR) < 0)
		perr("Cannot give away file");

	close(fd2);
	fprintf(stderr, "Job %s will be executed using /bin/sh\n", ppos);
}

static void
list_jobs()
{
	/*
	 * List all a user's jobs in the queue, by looping through
	 * _PATH_ATJOBS, or everybody's if we are root
	 */
	struct passwd *pw;
	DIR *spool;
	struct dirent *dirent;
	struct stat buf;
	struct tm runtime;
	unsigned long ctm;
	char queue;
	time_t runtimer;
	char timestr[TIMESIZE];
	int first = 1;

	PRIV_START

	    if (chdir(_PATH_ATJOBS) != 0)
		perr2("Cannot change to ", _PATH_ATJOBS);

	if ((spool = opendir(".")) == NULL)
		perr2("Cannot open ", _PATH_ATJOBS);

	/* Loop over every file in the directory */
	while ((dirent = readdir(spool)) != NULL) {
		if (stat(dirent->d_name, &buf) != 0)
			perr2("Cannot stat in ", _PATH_ATJOBS);

		/*
		 * See it's a regular file and has its x bit turned on and
		 * is the user's
		 */
		if (!S_ISREG(buf.st_mode)
		    || ((buf.st_uid != real_uid) && !(real_uid == 0))
		    || !(S_IXUSR & buf.st_mode || atverify))
			continue;

		if (sscanf(dirent->d_name, "%c%8lx", &queue, &ctm) != 2)
			continue;

		if (atqueue && (queue != atqueue))
			continue;

		runtimer = 60 * (time_t) ctm;
		runtime = *localtime(&runtimer);
		strftime(timestr, TIMESIZE, "%X %x", &runtime);
		if (first) {
			printf("Date\t\t\tOwner\tQueue\tJob#\n");
			first = 0;
		}
		pw = getpwuid(buf.st_uid);

		printf("%s\t%s\t%c%s\t%s\n",
		    timestr,
		    pw ? pw->pw_name : "???",
		    queue,
		    (S_IXUSR & buf.st_mode) ? "" : "(done)",
		    dirent->d_name);
	}
	PRIV_END
}

static void
delete_jobs(argc, argv)
	int argc;
	char **argv;
{
	/* Delete every argument (job - ID) given */
	int i;
	struct stat buf;

	PRIV_START

	    if (chdir(_PATH_ATJOBS) != 0)
		perr2("Cannot change to ", _PATH_ATJOBS);

	for (i = optind; i < argc; i++) {
		if (stat(argv[i], &buf) != 0)
			perr(argv[i]);
		if ((buf.st_uid != real_uid) && !(real_uid == 0)) {
			fprintf(stderr, "%s: Not owner\n", argv[i]);
			exit(EXIT_FAILURE);
		}
		if (unlink(argv[i]) != 0)
			perr(argv[i]);
	}
	PRIV_END
}				/* delete_jobs */

/* Global functions */

int
main(argc, argv)
	int argc;
	char **argv;
{
	int c;
	char queue = 'a';
	char *pgm;

	enum {
		ATQ, ATRM, AT, BATCH
	};			/* what program we want to run */
	int program = AT;	/* our default program */
	char *options = "q:f:mv";	/* default options for at */
	time_t timer;

	RELINQUISH_PRIVS

	/* Eat any leading paths */
	if ((pgm = strrchr(argv[0], '/')) == NULL)
		pgm = argv[0];
	else
		pgm++;

	namep = pgm;

	/* find out what this program is supposed to do */
	if (strcmp(pgm, "atq") == 0) {
		program = ATQ;
		options = "q:v";
	} else if (strcmp(pgm, "atrm") == 0) {
		program = ATRM;
		options = "";
	} else if (strcmp(pgm, "batch") == 0) {
		program = BATCH;
		options = "f:mv";
	}

	/* process whatever options we can process */
	opterr = 1;
	while ((c = getopt(argc, argv, options)) != EOF)
		switch (c) {
		case 'v':	/* verify time settings */
			atverify = 1;
			break;

		case 'm':	/* send mail when job is complete */
			send_mail = 1;
			break;

		case 'f':
			atinput = optarg;
			break;

		case 'q':	/* specify queue */
			if (strlen(optarg) > 1)
				usage();

			atqueue = queue = *optarg;
			if ((!islower(queue)) || (queue > 'l'))
				usage();
			break;

		default:
			usage();
			break;
		}
	/* end of options eating */

	/* select our program */
	if (!check_permission())
	{
        	fprintf(stderr, "You do not have permission to use %s.\n",namep);
        	exit(EXIT_FAILURE);
	}  
	switch (program) {
	case ATQ:

		REDUCE_PRIV(0);

		list_jobs();
		break;

	case ATRM:

		REDUCE_PRIV(0);

		delete_jobs(argc, argv);
		break;

	case AT:
		timer = parsetime(argc, argv);
		if (atverify) {
			struct tm *tm = localtime(&timer);

			fprintf(stderr, "%s\n", asctime(tm));
		}
		writefile(timer, queue);
		break;

	case BATCH:
		writefile(time(NULL), 'b');
		break;

	default:
		panic("Internal error");
		break;
	}
	exit(EXIT_SUCCESS);
}
Commit	Line	Data
1815bff5 A	1	/*
	2	* Copyright (c) 1999 Apple Computer, Inc. All rights reserved.
	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
6d658acd A	6	* Copyright (c) 1999-2003 Apple Computer, Inc. All Rights Reserved.
	7	*
	8	* This file contains Original Code and/or Modifications of Original Code
	9	* as defined in and that are subject to the Apple Public Source License
	10	* Version 2.0 (the 'License'). You may not use this file except in
	11	* compliance with the License. Please obtain a copy of the License at
	12	* http://www.opensource.apple.com/apsl/ and read it before using this
	13	* file.
1815bff5 A	14	*
	15	* The Original Code and all software distributed under the License are
	16	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	17	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	18	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
6d658acd A	19	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	20	* Please see the License for the specific language governing rights and
	21	* limitations under the License.
1815bff5 A	22	*
	23	* @APPLE_LICENSE_HEADER_END@
	24	*/
	25	/*
	26	* at.c : Put file into atrun queue
	27	* Copyright (C) 1993 Thomas Koenig
	28	*
	29	* Atrun & Atq modifications
	30	* Copyright (C) 1993 David Parsons
	31	* All rights reserved.
	32	*
	33	* Redistribution and use in source and binary forms, with or without
	34	* modification, are permitted provided that the following conditions
	35	* are met:
	36	* 1. Redistributions of source code must retain the above copyright
	37	* notice, this list of conditions and the following disclaimer.
	38	* 2. The name of the author(s) may not be used to endorse or promote
	39	* products derived from this software without specific prior written
	40	* permission.
	41	*
	42	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
	43	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
	44	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	45	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
	46	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	47	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	48	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	49	* THEORY OF LIABILITY, WETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	50	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	51	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	52	*/
	53
	54	#define _USE_BSD 1
	55
	56	/* System Headers */
	57	#include <sys/types.h>
	58	#include <sys/stat.h>
	59	#include <sys/wait.h>
	60	#include <ctype.h>
	61	#include <dirent.h>
	62	#include <errno.h>
	63	#include <fcntl.h>
	64	#include <pwd.h>
	65	#include <signal.h>
	66	#include <stddef.h>
	67	#include <stdio.h>
	68	#include <stdlib.h>
	69	#include <string.h>
	70	#include <time.h>
	71	#include <unistd.h>
	72
	73	/* Local headers */
	74	#include "at.h"
	75	#include "panic.h"
	76	#include "parsetime.h"
	77	#include "pathnames.h"
	78	#define MAIN
	79	#include "privs.h"
	80	#include "perm.h"
	81
	82	/* Macros */
	83	#define ALARMC 10 /* Number of seconds to wait for timeout */
	84
	85	#define SIZE 255
86	#define TIMESIZE 50
87
88	/* File scope variables */
89	static char rcsid[] = "$Id: at.c,v 1.1.1.2 2000/01/11 02:10:04 wsanchez Exp $";
90	char *no_export[] =
91	{
92	"TERM", "TERMCAP", "DISPLAY", "_"
93	};
94	static send_mail = 0;
95
96	/* External variables */
97	extern char **environ;
98	int fcreated;
99	char *namep;
100	char atfile[FILENAME_MAX];
101
102	char atinput = (char ) 0; /* where to get input from */
103	char atqueue = 0; /* which queue to examine for jobs (atq) */
104	char atverify = 0; /* verify time instead of queuing job */
105
106	/* Function declarations */
107	static void sigc __P((int signo));
108	static void alarmc __P((int signo));
109	static char *cwdname __P((void));
110	static void writefile __P((time_t runtimer, char queue));
111	static void list_jobs __P((void));
112
113	/* Signal catching functions */
114
115	static void
116	sigc(signo)
117	int signo;
118	{
119	/* If the user presses ^C, remove the spool file and exit
120	*/
121	if (fcreated) {
122	PRIV_START
123	unlink(atfile);
124	PRIV_END
125	}
126
127	exit(EXIT_FAILURE);
128	}
129
130	static void
131	alarmc(signo)
132	int signo;
133	{
134	/* Time out after some seconds
135	*/
136	panic("File locking timed out");
137	}
138
139	/* Local functions */
140
141	static char *
142	cwdname()
143	{
144	/* Read in the current directory; the name will be overwritten on
145	* subsequent calls.
146	*/
147	static char *ptr = NULL;
148	static size_t size = SIZE;
149
150	if (ptr == NULL)
151	ptr = (char *) malloc(size);
152
153	while (1) {
154	if (ptr == NULL)
155	panic("Out of memory");
156
157	if (getcwd(ptr, size - 1) != NULL)
158	return ptr;
159
160	if (errno != ERANGE)
161	perr("Cannot get directory");
162
163	free(ptr);
164	size += SIZE;
165	ptr = (char *) malloc(size);
166	}
167	}
168
169	static void
170	writefile(runtimer, queue)
171	time_t runtimer;
172	char queue;
173	{
174	/*
175	* This does most of the work if at or batch are invoked for
176	* writing a job.
177	*/
178	int i;
179	char ap, ppos, *mailname;
180	struct passwd *pass_entry;
181	struct stat statbuf;
182	int fdes, lockdes, fd2;
183	FILE fp, fpin;
184	struct sigaction act;
185	char **atenv;
186	int ch;
187	mode_t cmask;
188	struct flock lock;
189
190	/*
191	* Install the signal handler for SIGINT; terminate after removing the
192	* spool file if necessary
193	*/
194	act.sa_handler = sigc;
195	sigemptyset(&(act.sa_mask));
196	act.sa_flags = 0;
197
198	sigaction(SIGINT, &act, NULL);
199
200	strcpy(atfile, _PATH_ATJOBS);
201	ppos = atfile + strlen(_PATH_ATJOBS);
202
203	/*
204	* Loop over all possible file names for running something at this
205	* particular time, see if a file is there; the first empty slot at
206	* any particular time is used. Lock the file _PATH_LOCKFILE first
207	* to make sure we're alone when doing this.
208	*/
209
210	PRIV_START
211
212	if ((lockdes = open(_PATH_LOCKFILE, O_WRONLY \| O_CREAT, 0600)) < 0)
213	perr2("Cannot open lockfile ", _PATH_LOCKFILE);
214
215	lock.l_type = F_WRLCK;
216	lock.l_whence = SEEK_SET;
217	lock.l_start = 0;
218	lock.l_len = 0;
219
220	act.sa_handler = alarmc;
221	sigemptyset(&(act.sa_mask));
222	act.sa_flags = 0;
223
224	/*
225	* Set an alarm so a timeout occurs after ALARMC seconds, in case
226	* something is seriously broken.
227	*/
228	sigaction(SIGALRM, &act, NULL);
229	alarm(ALARMC);
230	fcntl(lockdes, F_SETLKW, &lock);
231	alarm(0);
232
233	for (i = 0; i < AT_MAXJOBS; i++) {
234	sprintf(ppos, "%c%8lx.%3x", queue,
235	(unsigned long) (runtimer / 60), i);
236	for (ap = ppos; *ap != '\0'; ap++)
237	if (*ap == ' ')
238	*ap = '0';
239
240	if (stat(atfile, &statbuf) != 0) {
241	if (errno == ENOENT)
242	break;
243	else
244	perr2("Cannot access ", _PATH_ATJOBS);
245	}
246	} /* for */
247
248	if (i >= AT_MAXJOBS)
249	panic("Too many jobs already");
250
251	/*
252	* Create the file. The x bit is only going to be set after it has
253	* been completely written out, to make sure it is not executed in
254	* the meantime. To make sure they do not get deleted, turn off
255	* their r bit. Yes, this is a kluge.
256	*/
257	cmask = umask(S_IRUSR \| S_IWUSR \| S_IXUSR);
258	if ((fdes = creat(atfile, O_WRONLY)) == -1)
259	perr("Cannot create atjob file");
260
261	if ((fd2 = dup(fdes)) < 0)
262	perr("Error in dup() of job file");
263
264	if (fchown(fd2, real_uid, -1) != 0)
265	perr("Cannot give away file");
266
267	PRIV_END
268
269	/*
270	* We no longer need suid root; now we just need to be able to
271	* write to the directory, if necessary.
272	*/
273
274	REDUCE_PRIV(0);
275
276	/*
277	* We've successfully created the file; let's set the flag so it
278	* gets removed in case of an interrupt or error.
279	*/
280	fcreated = 1;
281
282	/* Now we can release the lock, so other people can access it */
283	lock.l_type = F_UNLCK;
284	lock.l_whence = SEEK_SET;
285	lock.l_start = 0;
286	lock.l_len = 0;
287	fcntl(lockdes, F_SETLKW, &lock);
288	close(lockdes);
289
290	if ((fp = fdopen(fdes, "w")) == NULL)
291	panic("Cannot reopen atjob file");
292
293	/*
294	* Get the userid to mail to, first by trying getlogin(), which
295	* reads /etc/utmp, then from LOGNAME, finally from getpwuid().
296	*/
297	mailname = getlogin();
298	if (mailname == NULL)
299	mailname = getenv("LOGNAME");
300
301	if ((mailname == NULL) \|\| (mailname[0] == '\0')
302	\|\| (strlen(mailname) > 8)) {
303	pass_entry = getpwuid(getuid());
304	if (pass_entry != NULL)
305	mailname = pass_entry->pw_name;
306	}
307
308	if (atinput != (char *) NULL) {
309	fpin = freopen(atinput, "r", stdin);
310	if (fpin == NULL)
311	perr("Cannot open input file");
312	}
313	fprintf(fp, "#! /bin/sh\n# mail %8s %d\n", mailname, send_mail);
314
315	/* Write out the umask at the time of invocation */
316	fprintf(fp, "umask %lo\n", (unsigned long) cmask);
317
318	/*
319	* Write out the environment. Anything that may look like a special
320	* character to the shell is quoted, except for \n, which is done
321	* with a pair of "'s. Dont't export the no_export list (such as
322	* TERM or DISPLAY) because we don't want these.
323	*/
324	for (atenv = environ; *atenv != NULL; atenv++) {
325	int export = 1;
326	char *eqp;
327
328	eqp = strchr(*atenv, '=');
329	if (ap == NULL)
330	eqp = *atenv;
331	else {
332	int i;
333
334	for (i = 0;i < sizeof(no_export) /
335	sizeof(no_export[0]); i++) {
336	export = export
337	&& (strncmp(*atenv, no_export[i],
338	(size_t) (eqp - *atenv)) != 0);
339	}
340	eqp++;
341	}
342
343	if (export) {
344	fwrite(atenv, sizeof(char), eqp - atenv, fp);
345	for (ap = eqp; *ap != '\0'; ap++) {
346	if (*ap == '\n')
347	fprintf(fp, "\"\n\"");
348	else {
349	if (!isalnum(*ap))
350	fputc('\\', fp);
351
352	fputc(*ap, fp);
353	}
354	}
355	fputs("; export ", fp);
356	fwrite(atenv, sizeof(char), eqp - atenv - 1, fp);
357	fputc('\n', fp);
358
359	}
360	}
361	/*
362	* Cd to the directory at the time and write out all the commands
363	* the user supplies from stdin.
364	*/
365	fprintf(fp, "cd %s\n", cwdname());
366
367	while ((ch = getchar()) != EOF)
368	fputc(ch, fp);
369
370	fprintf(fp, "\n");
371	if (ferror(fp))
372	panic("Output error");
373
374	if (ferror(stdin))
375	panic("Input error");
376
377	fclose(fp);
378
379	/*
380	* Set the x bit so that we're ready to start executing
381	*/
382	if (fchmod(fd2, S_IRUSR \| S_IWUSR \| S_IXUSR) < 0)
383	perr("Cannot give away file");
384
385	close(fd2);
386	fprintf(stderr, "Job %s will be executed using /bin/sh\n", ppos);
387	}
388
389	static void
390	list_jobs()
391	{
392	/*
393	* List all a user's jobs in the queue, by looping through
394	* _PATH_ATJOBS, or everybody's if we are root
395	*/
396	struct passwd *pw;
397	DIR *spool;
398	struct dirent *dirent;
399	struct stat buf;
400	struct tm runtime;
401	unsigned long ctm;
402	char queue;
403	time_t runtimer;
404	char timestr[TIMESIZE];
405	int first = 1;
406
407	PRIV_START
408
409	if (chdir(_PATH_ATJOBS) != 0)
410	perr2("Cannot change to ", _PATH_ATJOBS);
411
412	if ((spool = opendir(".")) == NULL)
413	perr2("Cannot open ", _PATH_ATJOBS);
414
415	/* Loop over every file in the directory */
416	while ((dirent = readdir(spool)) != NULL) {
417	if (stat(dirent->d_name, &buf) != 0)
418	perr2("Cannot stat in ", _PATH_ATJOBS);
419
420	/*
421	* See it's a regular file and has its x bit turned on and
422	* is the user's
423	*/
424	if (!S_ISREG(buf.st_mode)
425	\|\| ((buf.st_uid != real_uid) && !(real_uid == 0))
426	\|\| !(S_IXUSR & buf.st_mode \|\| atverify))
427	continue;
428
429	if (sscanf(dirent->d_name, "%c%8lx", &queue, &ctm) != 2)
430	continue;
431
432	if (atqueue && (queue != atqueue))
433	continue;
434
435	runtimer = 60 * (time_t) ctm;
436	runtime = *localtime(&runtimer);
437	strftime(timestr, TIMESIZE, "%X %x", &runtime);
438	if (first) {
439	printf("Date\t\t\tOwner\tQueue\tJob#\n");
440	first = 0;
441	}
442	pw = getpwuid(buf.st_uid);
443
444	printf("%s\t%s\t%c%s\t%s\n",
445	timestr,
446	pw ? pw->pw_name : "???",
447	queue,
448	(S_IXUSR & buf.st_mode) ? "" : "(done)",
449	dirent->d_name);
450	}
451	PRIV_END
452	}
453
454	static void
455	delete_jobs(argc, argv)
456	int argc;
457	char **argv;
458	{
459	/* Delete every argument (job - ID) given */
460	int i;
461	struct stat buf;
462
463	PRIV_START
464
465	if (chdir(_PATH_ATJOBS) != 0)
466	perr2("Cannot change to ", _PATH_ATJOBS);
467
468	for (i = optind; i < argc; i++) {
469	if (stat(argv[i], &buf) != 0)
470	perr(argv[i]);
471	if ((buf.st_uid != real_uid) && !(real_uid == 0)) {
472	fprintf(stderr, "%s: Not owner\n", argv[i]);
473	exit(EXIT_FAILURE);
474	}
475	if (unlink(argv[i]) != 0)
476	perr(argv[i]);
477	}
478	PRIV_END
479	} /* delete_jobs */
480
481	/* Global functions */
482
483	int
484	main(argc, argv)
485	int argc;
486	char **argv;
487	{
488	int c;
489	char queue = 'a';
490	char *pgm;
491
492	enum {
493	ATQ, ATRM, AT, BATCH
494	}; /* what program we want to run */
495	int program = AT; /* our default program */
496	char options = "q:f:mv"; / default options for at */
497	time_t timer;
498
499	RELINQUISH_PRIVS
500
501	/* Eat any leading paths */
502	if ((pgm = strrchr(argv[0], '/')) == NULL)
503	pgm = argv[0];
504	else
505	pgm++;
506
507	namep = pgm;
508
509	/* find out what this program is supposed to do */
510	if (strcmp(pgm, "atq") == 0) {
511	program = ATQ;
512	options = "q:v";
513	} else if (strcmp(pgm, "atrm") == 0) {
514	program = ATRM;
515	options = "";
516	} else if (strcmp(pgm, "batch") == 0) {
517	program = BATCH;
518	options = "f:mv";
519	}
520
521	/* process whatever options we can process */
522	opterr = 1;
523	while ((c = getopt(argc, argv, options)) != EOF)
524	switch (c) {
525	case 'v': /* verify time settings */
526	atverify = 1;
527	break;
528
529	case 'm': /* send mail when job is complete */
530	send_mail = 1;
531	break;
532
533	case 'f':
534	atinput = optarg;
535	break;
536
537	case 'q': /* specify queue */
538	if (strlen(optarg) > 1)
539	usage();
540
541	atqueue = queue = *optarg;
542	if ((!islower(queue)) \|\| (queue > 'l'))
543	usage();
544	break;
545
546	default:
547	usage();
548	break;
549	}
550	/* end of options eating */
551
552	/* select our program */
553	if (!check_permission())
554	{
555	fprintf(stderr, "You do not have permission to use %s.\n",namep);
556	exit(EXIT_FAILURE);
557	}
558	switch (program) {
559	case ATQ:
560
561	REDUCE_PRIV(0);
562
563	list_jobs();
564	break;
565
566	case ATRM:
567
568	REDUCE_PRIV(0);
569
570	delete_jobs(argc, argv);
571	break;
572
573	case AT:
574	timer = parsetime(argc, argv);
575	if (atverify) {
576	struct tm *tm = localtime(&timer);
577
578	fprintf(stderr, "%s\n", asctime(tm));
579	}
580	writefile(timer, queue);
581	break;
582
583	case BATCH:
584	writefile(time(NULL), 'b');
585	break;
586
587	default:
588	panic("Internal error");
589	break;
590	}
591	exit(EXIT_SUCCESS);
592	}