| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | /* vi: set sw=4 ts=4: */ |
| 2 | /* |
| 3 | * CRONTAB |
| 4 | * |
| 5 | * usually setuid root, -c option only works if getuid() == geteuid() |
| 6 | * |
| 7 | * Copyright 1994 Matthew Dillon (dillon@apollo.west.oic.com) |
| 8 | * Vladimir Oleynik <dzo@simtreas.ru> (C) 2002 |
| 9 | * |
| 10 | * Licensed under GPLv2 or later, see file LICENSE in this source tree. |
| 11 | */ |
| 12 | |
| 13 | //usage:#define crontab_trivial_usage |
| 14 | //usage: "[-c DIR] [-u USER] [-ler]|[FILE]" |
| 15 | //usage:#define crontab_full_usage "\n\n" |
| 16 | //usage: " -c Crontab directory" |
| 17 | //usage: "\n -u User" |
| 18 | //usage: "\n -l List crontab" |
| 19 | //usage: "\n -e Edit crontab" |
| 20 | //usage: "\n -r Delete crontab" |
| 21 | //usage: "\n FILE Replace crontab by FILE ('-': stdin)" |
| 22 | |
| 23 | #include "libbb.h" |
| 24 | |
| 25 | #define CRONTABS CONFIG_FEATURE_CROND_DIR "/crontabs" |
| 26 | #ifndef CRONUPDATE |
| 27 | #define CRONUPDATE "cron.update" |
| 28 | #endif |
| 29 | |
| 30 | static void edit_file(const struct passwd *pas, const char *file) |
| 31 | { |
| 32 | const char *ptr; |
| 33 | pid_t pid; |
| 34 | |
| 35 | pid = xvfork(); |
| 36 | if (pid) { /* parent */ |
| 37 | wait4pid(pid); |
| 38 | return; |
| 39 | } |
| 40 | |
| 41 | /* CHILD - change user and run editor */ |
| 42 | /* initgroups, setgid, setuid */ |
| 43 | change_identity(pas); |
| 44 | setup_environment(pas->pw_shell, |
| 45 | SETUP_ENV_CHANGEENV | SETUP_ENV_TO_TMP, |
| 46 | pas); |
| 47 | ptr = getenv("VISUAL"); |
| 48 | if (!ptr) { |
| 49 | ptr = getenv("EDITOR"); |
| 50 | if (!ptr) |
| 51 | ptr = "vi"; |
| 52 | } |
| 53 | |
| 54 | BB_EXECLP(ptr, ptr, file, NULL); |
| 55 | bb_perror_msg_and_die("can't execute '%s'", ptr); |
| 56 | } |
| 57 | |
| 58 | static int open_as_user(const struct passwd *pas, const char *file) |
| 59 | { |
| 60 | pid_t pid; |
| 61 | char c; |
| 62 | |
| 63 | pid = xvfork(); |
| 64 | if (pid) { /* PARENT */ |
| 65 | if (wait4pid(pid) == 0) { |
| 66 | /* exitcode 0: child says it can read */ |
| 67 | return open(file, O_RDONLY); |
| 68 | } |
| 69 | return -1; |
| 70 | } |
| 71 | |
| 72 | /* CHILD */ |
| 73 | /* initgroups, setgid, setuid */ |
| 74 | change_identity(pas); |
| 75 | /* We just try to read one byte. If it works, file is readable |
| 76 | * under this user. We signal that by exiting with 0. */ |
| 77 | _exit(safe_read(xopen(file, O_RDONLY), &c, 1) < 0); |
| 78 | } |
| 79 | |
| 80 | int crontab_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; |
| 81 | int crontab_main(int argc UNUSED_PARAM, char **argv) |
| 82 | { |
| 83 | const struct passwd *pas; |
| 84 | const char *crontab_dir = CRONTABS; |
| 85 | char *tmp_fname; |
| 86 | char *new_fname; |
| 87 | char *user_name; /* -u USER */ |
| 88 | int fd; |
| 89 | int src_fd; |
| 90 | int opt_ler; |
| 91 | |
| 92 | /* file [opts] Replace crontab from file |
| 93 | * - [opts] Replace crontab from stdin |
| 94 | * -u user User |
| 95 | * -c dir Crontab directory |
| 96 | * -l List crontab for user |
| 97 | * -e Edit crontab for user |
| 98 | * -r Delete crontab for user |
| 99 | * bbox also supports -d == -r, but most other crontab |
| 100 | * implementations do not. Deprecated. |
| 101 | */ |
| 102 | enum { |
| 103 | OPT_u = (1 << 0), |
| 104 | OPT_c = (1 << 1), |
| 105 | OPT_l = (1 << 2), |
| 106 | OPT_e = (1 << 3), |
| 107 | OPT_r = (1 << 4), |
| 108 | OPT_ler = OPT_l + OPT_e + OPT_r, |
| 109 | }; |
| 110 | |
| 111 | opt_complementary = "?1:dr"; /* max one argument; -d implies -r */ |
| 112 | opt_ler = getopt32(argv, "u:c:lerd", &user_name, &crontab_dir); |
| 113 | argv += optind; |
| 114 | |
| 115 | if (sanitize_env_if_suid()) { /* Clears dangerous stuff, sets PATH */ |
| 116 | /* Run by non-root */ |
| 117 | if (opt_ler & (OPT_u|OPT_c)) |
| 118 | bb_error_msg_and_die(bb_msg_you_must_be_root); |
| 119 | } |
| 120 | |
| 121 | if (opt_ler & OPT_u) { |
| 122 | pas = xgetpwnam(user_name); |
| 123 | } else { |
| 124 | pas = xgetpwuid(getuid()); |
| 125 | } |
| 126 | |
| 127 | #define user_name DONT_USE_ME_BEYOND_THIS_POINT |
| 128 | |
| 129 | /* From now on, keep only -l, -e, -r bits */ |
| 130 | opt_ler &= OPT_ler; |
| 131 | if ((opt_ler - 1) & opt_ler) /* more than one bit set? */ |
| 132 | bb_show_usage(); |
| 133 | |
| 134 | /* Read replacement file under user's UID/GID/group vector */ |
| 135 | src_fd = STDIN_FILENO; |
| 136 | if (!opt_ler) { /* Replace? */ |
| 137 | if (!argv[0]) |
| 138 | bb_show_usage(); |
| 139 | if (NOT_LONE_DASH(argv[0])) { |
| 140 | src_fd = open_as_user(pas, argv[0]); |
| 141 | if (src_fd < 0) |
| 142 | bb_error_msg_and_die("user %s cannot read %s", |
| 143 | pas->pw_name, argv[0]); |
| 144 | } |
| 145 | } |
| 146 | |
| 147 | /* cd to our crontab directory */ |
| 148 | xchdir(crontab_dir); |
| 149 | |
| 150 | tmp_fname = NULL; |
| 151 | |
| 152 | /* Handle requested operation */ |
| 153 | switch (opt_ler) { |
| 154 | |
| 155 | default: /* case OPT_r: Delete */ |
| 156 | unlink(pas->pw_name); |
| 157 | break; |
| 158 | |
| 159 | case OPT_l: /* List */ |
| 160 | { |
| 161 | char *args[2] = { pas->pw_name, NULL }; |
| 162 | return bb_cat(args); |
| 163 | /* list exits, |
| 164 | * the rest go play with cron update file */ |
| 165 | } |
| 166 | |
| 167 | case OPT_e: /* Edit */ |
| 168 | tmp_fname = xasprintf("%s.%u", crontab_dir, (unsigned)getpid()); |
| 169 | /* No O_EXCL: we don't want to be stuck if earlier crontabs |
| 170 | * were killed, leaving stale temp file behind */ |
| 171 | src_fd = xopen3(tmp_fname, O_RDWR|O_CREAT|O_TRUNC, 0600); |
| 172 | fchown(src_fd, pas->pw_uid, pas->pw_gid); |
| 173 | fd = open(pas->pw_name, O_RDONLY); |
| 174 | if (fd >= 0) { |
| 175 | bb_copyfd_eof(fd, src_fd); |
| 176 | close(fd); |
| 177 | xlseek(src_fd, 0, SEEK_SET); |
| 178 | } |
| 179 | close_on_exec_on(src_fd); /* don't want editor to see this fd */ |
| 180 | edit_file(pas, tmp_fname); |
| 181 | /* fall through */ |
| 182 | |
| 183 | case 0: /* Replace (no -l, -e, or -r were given) */ |
| 184 | new_fname = xasprintf("%s.new", pas->pw_name); |
| 185 | fd = open(new_fname, O_WRONLY|O_CREAT|O_TRUNC|O_APPEND, 0600); |
| 186 | if (fd >= 0) { |
| 187 | bb_copyfd_eof(src_fd, fd); |
| 188 | close(fd); |
| 189 | xrename(new_fname, pas->pw_name); |
| 190 | } else { |
| 191 | bb_error_msg("can't create %s/%s", |
| 192 | crontab_dir, new_fname); |
| 193 | } |
| 194 | if (tmp_fname) |
| 195 | unlink(tmp_fname); |
| 196 | /*free(tmp_fname);*/ |
| 197 | /*free(new_fname);*/ |
| 198 | |
| 199 | } /* switch */ |
| 200 | |
| 201 | /* Bump notification file. Handle window where crond picks file up |
| 202 | * before we can write our entry out. |
| 203 | */ |
| 204 | while ((fd = open(CRONUPDATE, O_WRONLY|O_CREAT|O_APPEND, 0600)) >= 0) { |
| 205 | struct stat st; |
| 206 | |
| 207 | fdprintf(fd, "%s\n", pas->pw_name); |
| 208 | if (fstat(fd, &st) != 0 || st.st_nlink != 0) { |
| 209 | /*close(fd);*/ |
| 210 | break; |
| 211 | } |
| 212 | /* st.st_nlink == 0: |
| 213 | * file was deleted, maybe crond missed our notification */ |
| 214 | close(fd); |
| 215 | /* loop */ |
| 216 | } |
| 217 | if (fd < 0) { |
| 218 | bb_error_msg("can't append to %s/%s", |
| 219 | crontab_dir, CRONUPDATE); |
| 220 | } |
| 221 | return 0; |
| 222 | } |