6 #include "authcmdlib.h"
8 char CRONLOG[] = "cron";
16 typedef struct Job Job;
17 typedef struct Time Time;
18 typedef struct User User;
20 struct Time{ /* bit masks for each valid time */
29 char *host; /* where ... */
30 Time time; /* when ... */
31 char *cmd; /* and what to execute */
36 Qid lastqid; /* of last read /cron/user/cron */
37 char *name; /* who ... */
38 Job *jobs; /* wants to execute these jobs */
50 void rexec(User*, Job*);
51 void readalljobs(void);
52 Job *readjobs(char*, User*);
54 uvlong gettime(int, int);
62 void *erealloc(void*, ulong);
63 int myauth(int, char*);
64 void createuser(void);
65 int mkcmd(char*, char*, int);
68 int becomeuser(char*);
73 return tm - tm%Minute; /* round down to the minute */
82 return sleep((tm - now)*1000);
87 #pragma varargck argpos clog 1
88 #pragma varargck argpos fatal 1
97 vseprint(msg, msg + sizeof msg, fmt, arg);
99 syslog(0, CRONLOG, msg);
103 fatal(char *fmt, ...)
109 vseprint(msg, msg + sizeof msg, fmt, arg);
118 return create(file, ORDWR, 0600);
129 /* make it a lock file if it wasn't */
132 error("%s vanished: %r", file);
134 dir->qid.type |= QTEXCL;
138 /* reopen in case it wasn't a lock file at last open */
141 for (try = 0; try < 65 && (fd = openlock(file)) < 0; try++)
147 main(int argc, char *argv[])
152 ulong now, last; /* in seconds */
173 initcap(); /* do this early, before cpurc removes it */
185 * it can take a few minutes before the file server notices that
186 * we've rebooted and gives up the lock.
188 lock = mklock("/cron/lock");
190 fatal("cron already running: %r");
193 srand(getpid()*time(0));
198 * the system's notion of time may have jumped forward or
199 * backward an arbitrary amount since the last call to time().
203 * if time has jumped backward, just note it and adapt.
204 * if time has jumped forward more than a day,
205 * just execute one day's jobs.
208 clog("time went backward");
210 } else if (now - last > Day) {
211 clog("time advanced more than a day");
215 for(last = minute(last); last <= now; last += Minute){
216 tm = *localtime(last);
217 t.min = 1ULL << tm.min;
218 t.hour = 1 << tm.hour;
219 t.wday = 1 << tm.wday;
220 t.mday = 1 << tm.mday;
221 t.mon = 1 << (tm.mon + 1);
222 for(i = 0; i < nuser; i++)
223 for(j = users[i].jobs; j; j = j->next)
224 if(j->time.min & t.min
225 && j->time.hour & t.hour
226 && j->time.wday & t.wday
227 && j->time.mday & t.mday
228 && j->time.mon & t.mon)
232 write(lock, "x", 1); /* keep the lock alive */
234 * if we're not at next minute yet, sleep until a second past
235 * (to allow for sleep intervals being approximate),
236 * which synchronises with minute roll-over as a side-effect.
238 sleepuntil(now + Minute + 1);
247 char file[128], *user;
251 sprint(file, "/cron/%s", user);
252 fd = create(file, OREAD, 0755|DMDIR);
254 sysfatal("couldn't create %s: %r", file);
259 sprint(file, "/cron/%s/cron", user);
260 fd = create(file, OREAD, 0644);
262 sysfatal("couldn't create %s: %r", file);
277 fd = open("/cron", OREAD);
279 fatal("can't open /cron\n");
280 while((n = dirread(fd, &d)) > 0){
281 for(i = 0; i < n; i++){
282 if(strcmp(d[i].name, "log") == 0 ||
283 !(d[i].qid.type & QTDIR))
285 if(strcmp(d[i].name, d[i].uid) != 0){
286 syslog(1, CRONLOG, "cron for %s owned by %s",
287 d[i].name, d[i].uid);
290 u = newuser(d[i].name);
291 sprint(file, "/cron/%s/cron", d[i].name);
293 if(du == nil || qidcmp(u->lastqid, du->qid) != 0){
295 u->jobs = readjobs(file, u);
305 * parse user's cron file
306 * other lines: minute hour monthday month weekday host command
309 readjobs(char *file, User *user)
319 b = Bopen(file, OREAD);
325 user->lastqid = d->qid;
327 for(line = 1; savec = Brdline(b, '\n'); line++){
328 savec[Blinelen(b) - 1] = '\0';
329 while(*savec == ' ' || *savec == '\t')
331 if(*savec == '#' || *savec == '\0')
333 if(strlen(savec) > 1024){
334 clog("%s: line %d: line too long", user->name, line);
337 j = emalloc(sizeof *j);
338 j->time.min = gettime(0, 59);
339 if(j->time.min && (j->time.hour = gettime(0, 23))
340 && (j->time.mday = gettime(1, 31))
341 && (j->time.mon = gettime(1, 12))
342 && (j->time.wday = gettime(0, 6))
343 && getname(&j->host)){
344 j->cmd = emalloc(strlen(savec) + 1);
345 strcpy(j->cmd, savec);
349 clog("%s: line %d: syntax error", user->name, line);
364 for(i = 0; i < nuser; i++){
365 print("user %s\n", users[i].name);
366 for(j = users[i].jobs; j; j = j->next)
367 if(!mkcmd(j->cmd, buf, sizeof buf))
368 print("\tbad job %s on host %s\n",
371 print("\tjob %s on host %s\n", buf, j->host);
380 for(i = 0; i < nuser; i++)
381 if(strcmp(users[i].name, name) == 0)
383 if(nuser == maxuser){
385 users = erealloc(users, maxuser * sizeof *users);
387 memset(&users[nuser], 0, sizeof(users[nuser]));
388 users[nuser].name = strdup(name);
389 users[nuser].jobs = 0;
390 users[nuser].lastqid.type = QTFILE;
391 users[nuser].lastqid.path = ~0LL;
392 users[nuser].lastqid.vers = ~0L;
393 return &users[nuser++];
410 getname(char **namep)
417 while(*savec == ' ' || *savec == '\t')
419 for(p = buf; (c = *savec) && c != ' ' && c != '\t'; p++){
420 if(p >= buf+sizeof buf -1)
425 *namep = strdup(buf);
427 clog("internal error: strdup failure");
430 while(*savec == ' ' || *savec == '\t')
436 * return the next time range (as a bit vector) in the file:
440 * | number '-' number
442 * a return of zero means a syntax error was discovered
445 gettime(int min, int max)
449 if(gettok(min, max) == '*')
455 if(gettok(0, 0) == '-'){
456 if(gettok(lexval, max) != '1')
459 for( ; m <= e; m <<= 1)
465 if(gettok(min, max) != '1')
479 gettok(int min, int max)
486 while((c = *savec) == ' ' || c == '\t')
489 case '0': case '1': case '2': case '3': case '4':
490 case '5': case '6': case '7': case '8': case '9':
491 lexval = strtoul(savec, &savec, 10);
492 if(lexval < min || lexval > max)
495 case '*': case '-': case ',':
508 na = netmkaddr(host, 0, "rexexec");
509 p = utfrune(na, L'!');
512 p = utfrune(p+1, L'!');
515 if(strcmp(p, "!rexexec") != 0)
517 return dial(na, 0, 0, 0);
521 * convert command to run properly on the remote machine
522 * need to escape the quotes so they don't get stripped
525 mkcmd(char *cmd, char *buf, int len)
530 n = sizeof "exec rc -c '" -1;
533 strcpy(buf, "exec rc -c '");
534 while(p = utfrune(cmd, L'\'')){
539 strncpy(&buf[n], cmd, m);
545 if(n + m + sizeof "'</dev/null>/dev/null>[2=1]" >= len)
547 strcpy(&buf[n], cmd);
548 strcpy(&buf[n+m], "'</dev/null>/dev/null>[2=1]");
553 rexec(User *user, Job *j)
559 switch(rfork(RFPROC|RFNOWAIT|RFNAMEG|RFENVG|RFFDG)){
563 clog("can't fork a job for %s: %r\n", user->name);
568 if(!mkcmd(j->cmd, buf, sizeof buf)){
569 clog("internal error: cmd buffer overflow");
574 * local call, auth, cmd with no i/o
576 if(strcmp(j->host, "local") == 0){
577 if(becomeuser(user->name) < 0){
578 clog("%s: can't change uid for %s on %s: %r",
579 user->name, j->cmd, j->host);
582 putenv("service", "rx");
583 clog("%s: ran '%s' on %s", user->name, j->cmd, j->host);
584 execl("/bin/rc", "rc", "-lc", buf, nil);
585 clog("%s: exec failed for %s on %s: %r",
586 user->name, j->cmd, j->host);
591 * remote call, auth, cmd with no i/o
592 * give it 2 min to complete
594 alarm(2*Minute*1000);
598 clog("%s: dangerous host %s", user->name, j->host);
599 clog("%s: can't call %s: %r", user->name, j->host);
602 clog("%s: called %s on %s", user->name, j->cmd, j->host);
603 if(becomeuser(user->name) < 0){
604 clog("%s: can't change uid for %s on %s: %r",
605 user->name, j->cmd, j->host);
608 ai = auth_proxy(fd, nil, "proto=p9any role=client");
610 clog("%s: can't authenticate for %s on %s: %r",
611 user->name, j->cmd, j->host);
614 clog("%s: authenticated %s on %s", user->name, j->cmd, j->host);
615 write(fd, buf, strlen(buf)+1);
617 while((n = read(fd, buf, sizeof(buf)-1)) > 0){
619 clog("%s: %s\n", j->cmd, buf);
629 if(p = mallocz(n, 1))
631 fatal("out of memory");
636 erealloc(void *p, ulong n)
638 if(p = realloc(p, n))
640 fatal("out of memory");
647 fprint(2, "usage: cron [-c]\n");
654 /* might be useful to know if a > b, but not for cron */
655 return(a.path != b.path || a.vers != b.vers);
659 memrandom(void *p, int n)
663 for(cp = (uchar*)p; n > 0; n--)
668 * keep caphash fd open since opens of it could be disabled
670 static int caphashfd;
675 caphashfd = open("#¤/caphash", OCEXEC|OWRITE);
677 fprint(2, "%s: opening #¤/caphash: %r\n", argv0);
681 * create a change uid capability
684 mkcap(char *from, char *to)
690 uchar hash[SHA1dlen];
695 /* create the capability */
697 nfrom = strlen(from);
698 cap = emalloc(nfrom+1+nto+1+sizeof(rand)*3+1);
699 sprint(cap, "%s@%s", from, to);
700 memrandom(rand, sizeof(rand));
701 key = cap+nfrom+1+nto+1;
702 enc64(key, sizeof(rand)*3, rand, sizeof(rand));
704 /* hash the capability */
705 hmac_sha1((uchar*)cap, strlen(cap), (uchar*)key, strlen(key), hash, nil);
707 /* give the kernel the hash */
709 if(write(caphashfd, hash, SHA1dlen) < 0){
722 fd = open("#¤/capuse", OWRITE);
725 rv = write(fd, cap, strlen(cap));
731 becomeuser(char *new)
736 cap = mkcap(getuser(), new);