Subversion Repositories planix.SVN

#include <u.h>

#include <libc.h>

#include <bio.h>

#include <libsec.h>

#include <auth.h>

#include "authcmdlib.h"

char CRONLOG[] = "cron";

enum {

	Minute = 60,

	Hour = 60 * Minute,

	Day = 24 * Hour,

};

typedef struct Job	Job;

typedef struct Time	Time;

typedef struct User	User;

struct Time{			/* bit masks for each valid time */

	uvlong	min;

	ulong	hour;

	ulong	mday;

	ulong	wday;

	ulong	mon;

};

struct Job{

	char	*host;		/* where ... */

	Time	time;			/* when ... */

	char	*cmd;			/* and what to execute */

	Job	*next;

};

struct User{

	Qid	lastqid;			/* of last read /cron/user/cron */

	char	*name;			/* who ... */

	Job	*jobs;			/* wants to execute these jobs */

};

User	*users;

int	nuser;

int	maxuser;

char	*savec;

char	*savetok;

int	tok;

int	debug;

ulong	lexval;

void	rexec(User*, Job*);

void	readalljobs(void);

Job	*readjobs(char*, User*);

int	getname(char**);

uvlong	gettime(int, int);

int	gettok(int, int);

void	initcap(void);

void	pushtok(void);

void	usage(void);

void	freejobs(Job*);

User	*newuser(char*);

void	*emalloc(ulong);

void	*erealloc(void*, ulong);

int	myauth(int, char*);

void	createuser(void);

int	mkcmd(char*, char*, int);

void	printjobs(void);

int	qidcmp(Qid, Qid);

int	becomeuser(char*);

ulong

minute(ulong tm)

{

	return tm - tm%Minute;		/* round down to the minute */

}

int

sleepuntil(ulong tm)

{

	ulong now = time(0);

	if (now < tm)

		return sleep((tm - now)*1000);

	else

		return 0;

}

#pragma varargck	argpos clog 1

#pragma varargck	argpos fatal 1

static void

clog(char *fmt, ...)

{

	char msg[256];

	va_list arg;

	va_start(arg, fmt);

	vseprint(msg, msg + sizeof msg, fmt, arg);

	va_end(arg);

	syslog(0, CRONLOG, msg);

}

static void

fatal(char *fmt, ...)

{

	char msg[256];

	va_list arg;

	va_start(arg, fmt);

	vseprint(msg, msg + sizeof msg, fmt, arg);

	va_end(arg);

	clog("%s", msg);

	error("%s", msg);

}

static int

openlock(char *file)

{

	return create(file, ORDWR, 0600);

}

static int

mklock(char *file)

{

	int fd, try;

	Dir *dir;

	fd = openlock(file);

	if (fd >= 0) {

		/* make it a lock file if it wasn't */

		dir = dirfstat(fd);

		if (dir == nil)

			error("%s vanished: %r", file);

		dir->mode |= DMEXCL;

		dir->qid.type |= QTEXCL;

		dirfwstat(fd, dir);

		free(dir);

		/* reopen in case it wasn't a lock file at last open */

		close(fd);

	}

	for (try = 0; try < 65 && (fd = openlock(file)) < 0; try++)

		sleep(10*1000);

	return fd;

}

void

main(int argc, char *argv[])

{

	Job *j;

	Tm tm;

	Time t;

	ulong now, last;		/* in seconds */

	int i, lock;

	debug = 0;

	ARGBEGIN{

	case 'c':

		createuser();

		exits(0);

	case 'd':

		debug = 1;

		break;

	default:

		usage();

	}ARGEND

	if(debug){

		readalljobs();

		printjobs();

		exits(0);

	}

	initcap();		/* do this early, before cpurc removes it */

	switch(fork()){

	case -1:

		fatal("can't fork: %r");

	case 0:

		break;

	default:

		exits(0);

	}

	/*

	 * it can take a few minutes before the file server notices that

	 * we've rebooted and gives up the lock.

	 */

	lock = mklock("/cron/lock");

	if (lock < 0)

		fatal("cron already running: %r");

	argv0 = "cron";

	srand(getpid()*time(0));

	last = time(0);

	for(;;){

		readalljobs();

		/*

		 * the system's notion of time may have jumped forward or

		 * backward an arbitrary amount since the last call to time().

		 */

		now = time(0);

		/*

		 * if time has jumped backward, just note it and adapt.

		 * if time has jumped forward more than a day,

		 * just execute one day's jobs.

		 */

		if (now < last) {

			clog("time went backward");

			last = now;

		} else if (now - last > Day) {

			clog("time advanced more than a day");

			last = now - Day;

		}

		now = minute(now);

		for(last = minute(last); last <= now; last += Minute){

			tm = *localtime(last);

			t.min = 1ULL << tm.min;

			t.hour = 1 << tm.hour;

			t.wday = 1 << tm.wday;

			t.mday = 1 << tm.mday;

			t.mon =  1 << (tm.mon + 1);

			for(i = 0; i < nuser; i++)

				for(j = users[i].jobs; j; j = j->next)

					if(j->time.min & t.min

					&& j->time.hour & t.hour

					&& j->time.wday & t.wday

					&& j->time.mday & t.mday

					&& j->time.mon & t.mon)

						rexec(&users[i], j);

		}

		seek(lock, 0, 0);

		write(lock, "x", 1);	/* keep the lock alive */

		/*

		 * if we're not at next minute yet, sleep until a second past

		 * (to allow for sleep intervals being approximate),

		 * which synchronises with minute roll-over as a side-effect.

		 */

		sleepuntil(now + Minute + 1);

	}

	/* not reached */

}

void

createuser(void)

{

	Dir d;

	char file[128], *user;

	int fd;

	user = getuser();

	snprint(file, sizeof file, "/cron/%s", user);

	fd = create(file, OREAD, 0755|DMDIR);

	if(fd < 0)

		fatal("couldn't create %s: %r", file);

	nulldir(&d);

	d.gid = user;

	dirfwstat(fd, &d);

	close(fd);

	snprint(file, sizeof file, "/cron/%s/cron", user);

	fd = create(file, OREAD, 0644);

	if(fd < 0)

		fatal("couldn't create %s: %r", file);

	nulldir(&d);

	d.gid = user;

	dirfwstat(fd, &d);

	close(fd);

}

void

readalljobs(void)

{

	User *u;

	Dir *d, *du;

	char file[128];

	int i, n, fd;

	fd = open("/cron", OREAD);

	if(fd < 0)

		fatal("can't open /cron: %r");

	while((n = dirread(fd, &d)) > 0){

		for(i = 0; i < n; i++){

			if(strcmp(d[i].name, "log") == 0 ||

			    !(d[i].qid.type & QTDIR))

				continue;

			if(strcmp(d[i].name, d[i].uid) != 0){

				syslog(1, CRONLOG, "cron for %s owned by %s",

					d[i].name, d[i].uid);

				continue;

			}

			u = newuser(d[i].name);

			snprint(file, sizeof file, "/cron/%s/cron", d[i].name);

			du = dirstat(file);

			if(du == nil || qidcmp(u->lastqid, du->qid) != 0){

				freejobs(u->jobs);

				u->jobs = readjobs(file, u);

			}

			free(du);

		}

		free(d);

	}

	close(fd);

}

/*

 * parse user's cron file

 * other lines: minute hour monthday month weekday host command

 */

Job *

readjobs(char *file, User *user)

{

	Biobuf *b;

	Job *j, *jobs;

	Dir *d;

	int line;

	d = dirstat(file);

	if(!d)

		return nil;

	b = Bopen(file, OREAD);

	if(!b){

		free(d);

		return nil;

	}

	jobs = nil;

	user->lastqid = d->qid;

	free(d);

	for(line = 1; savec = Brdline(b, '\n'); line++){

		savec[Blinelen(b) - 1] = '\0';

		while(*savec == ' ' || *savec == '\t')

			savec++;

		if(*savec == '#' || *savec == '\0')

			continue;

		if(strlen(savec) > 1024){

			clog("%s: line %d: line too long", user->name, line);

			continue;

		}

		j = emalloc(sizeof *j);

		j->time.min = gettime(0, 59);

		if(j->time.min && (j->time.hour = gettime(0, 23))

		&& (j->time.mday = gettime(1, 31))

		&& (j->time.mon = gettime(1, 12))

		&& (j->time.wday = gettime(0, 6))

		&& getname(&j->host)){

			j->cmd = emalloc(strlen(savec) + 1);

			strcpy(j->cmd, savec);

			j->next = jobs;

			jobs = j;

		}else{

			clog("%s: line %d: syntax error", user->name, line);

			free(j);

		}

	}

	Bterm(b);

	return jobs;

}

void

printjobs(void)

{

	char buf[8*1024];

	Job *j;

	int i;

	for(i = 0; i < nuser; i++){

		print("user %s\n", users[i].name);

		for(j = users[i].jobs; j; j = j->next)

			if(!mkcmd(j->cmd, buf, sizeof buf))

				print("\tbad job %s on host %s\n",

					j->cmd, j->host);

			else

				print("\tjob %s on host %s\n", buf, j->host);

	}

}

User *

newuser(char *name)

{

	int i;

	for(i = 0; i < nuser; i++)

		if(strcmp(users[i].name, name) == 0)

			return &users[i];

	if(nuser == maxuser){

		maxuser += 32;

		users = erealloc(users, maxuser * sizeof *users);

	}

	memset(&users[nuser], 0, sizeof(users[nuser]));

	users[nuser].name = strdup(name);

	users[nuser].jobs = 0;

	users[nuser].lastqid.type = QTFILE;

	users[nuser].lastqid.path = ~0LL;

	users[nuser].lastqid.vers = ~0L;

	return &users[nuser++];

}

void

freejobs(Job *j)

{

	Job *next;

	for(; j; j = next){

		next = j->next;

		free(j->cmd);

		free(j->host);

		free(j);

	}

}

int

getname(char **namep)

{

	int c;

	char buf[64], *p;

	if(!savec)

		return 0;

	while(*savec == ' ' || *savec == '\t')

		savec++;

	for(p = buf; (c = *savec) && c != ' ' && c != '\t'; p++){

		if(p >= buf+sizeof buf -1)

			return 0;

		*p = *savec++;

	}

	*p = '\0';

	*namep = strdup(buf);

	if(*namep == 0){

		clog("internal error: strdup failure");

		_exits(0);

	}

	while(*savec == ' ' || *savec == '\t')

		savec++;

	return p > buf;

}

/*

 * return the next time range (as a bit vector) in the file:

 * times: '*'

 * 	| range

 * range: number

 *	| number '-' number

 *	| range ',' range

 * a return of zero means a syntax error was discovered

 */

uvlong

gettime(int min, int max)

{

	uvlong n, m, e;

	if(gettok(min, max) == '*')

		return ~0ULL;

	n = 0;

	while(tok == '1'){

		m = 1ULL << lexval;

		n |= m;

		if(gettok(0, 0) == '-'){

			if(gettok(lexval, max) != '1')

				return 0;

			e = 1ULL << lexval;

			for( ; m <= e; m <<= 1)

				n |= m;

			gettok(min, max);

		}

		if(tok != ',')

			break;

		if(gettok(min, max) != '1')

			return 0;

	}

	pushtok();

	return n;

}

void

pushtok(void)

{

	savec = savetok;

}

int

gettok(int min, int max)

{

	char c;

	savetok = savec;

	if(!savec)

		return tok = 0;

	while((c = *savec) == ' ' || c == '\t')

		savec++;

	switch(c){

	case '0': case '1': case '2': case '3': case '4':

	case '5': case '6': case '7': case '8': case '9':

		lexval = strtoul(savec, &savec, 10);

		if(lexval < min || lexval > max)

			return tok = 0;

		return tok = '1';

	case '*': case '-': case ',':

		savec++;

		return tok = c;

	default:

		return tok = 0;

	}

}

int

call(char *host)

{

	char *na, *p;

	na = netmkaddr(host, 0, "rexexec");

	p = utfrune(na, L'!');

	if(!p)

		return -1;

	p = utfrune(p+1, L'!');

	if(!p)

		return -1;

	if(strcmp(p, "!rexexec") != 0)

		return -2;

	return dial(na, 0, 0, 0);

}

/*

 * convert command to run properly on the remote machine

 * need to escape the quotes so they don't get stripped

 */

int

mkcmd(char *cmd, char *buf, int len)

{

	char *p;

	int n, m;

	n = sizeof "exec rc -c '" -1;

	if(n >= len)

		return 0;

	strcpy(buf, "exec rc -c '");

	while(p = utfrune(cmd, L'\'')){

		p++;

		m = p - cmd;

		if(n + m + 1 >= len)

			return 0;

		strncpy(&buf[n], cmd, m);

		n += m;

		buf[n++] = '\'';

		cmd = p;

	}

	m = strlen(cmd);

	if(n + m + sizeof "'</dev/null>/dev/null>[2=1]" >= len)

		return 0;

	strcpy(&buf[n], cmd);

	strcpy(&buf[n+m], "'</dev/null>/dev/null>[2=1]");

	return 1;

}

void

rexec(User *user, Job *j)

{

	char buf[8*1024];

	int n, fd;

	AuthInfo *ai;

	switch(rfork(RFPROC|RFNOWAIT|RFNAMEG|RFENVG|RFFDG)){

	case 0:

		break;

	case -1:

		clog("can't fork a job for %s: %r\n", user->name);

	default:

		return;

	}

	if(!mkcmd(j->cmd, buf, sizeof buf)){

		clog("internal error: cmd buffer overflow");

		_exits(0);

	}

	/*

	 * local call, auth, cmd with no i/o

	 */

	if(strcmp(j->host, "local") == 0){

		if(becomeuser(user->name) < 0){

			clog("%s: can't change uid for %s on %s: %r",

				user->name, j->cmd, j->host);

			_exits(0);

		}

		putenv("service", "rx");

		clog("%s: ran '%s' on %s", user->name, j->cmd, j->host);

		execl("/bin/rc", "rc", "-lc", buf, nil);

		clog("%s: exec failed for %s on %s: %r",

			user->name, j->cmd, j->host);

		_exits(0);

	}

	/*

	 * remote call, auth, cmd with no i/o

	 * give it 2 min to complete

	 */

	alarm(2*Minute*1000);

	fd = call(j->host);

	if(fd < 0){

		if(fd == -2)

			clog("%s: dangerous host %s", user->name, j->host);

		clog("%s: can't call %s: %r", user->name, j->host);

		_exits(0);

	}

	clog("%s: called %s on %s", user->name, j->cmd, j->host);

	if(becomeuser(user->name) < 0){

		clog("%s: can't change uid for %s on %s: %r",

			user->name, j->cmd, j->host);

		_exits(0);

	}

	ai = auth_proxy(fd, nil, "proto=p9any role=client");

	if(ai == nil){

		clog("%s: can't authenticate for %s on %s: %r",

			user->name, j->cmd, j->host);

		_exits(0);

	}

	clog("%s: authenticated %s on %s", user->name, j->cmd, j->host);

	write(fd, buf, strlen(buf)+1);

	write(fd, buf, 0);

	while((n = read(fd, buf, sizeof(buf)-1)) > 0){

		buf[n] = 0;

		clog("%s: %s\n", j->cmd, buf);

	}

	_exits(0);

}

void *

emalloc(ulong n)

{

	void *p;

	if(p = mallocz(n, 1))

		return p;

	fatal("out of memory");

	return 0;

}

void *

erealloc(void *p, ulong n)

{

	if(p = realloc(p, n))

		return p;

	fatal("out of memory");

	return 0;

}

void

usage(void)

{

	fprint(2, "usage: cron [-c]\n");

	exits("usage");

}

int

qidcmp(Qid a, Qid b)

{

	/* might be useful to know if a > b, but not for cron */

	return(a.path != b.path || a.vers != b.vers);

}

void

memrandom(void *p, int n)

{

	uchar *cp;

	for(cp = (uchar*)p; n > 0; n--)

		*cp++ = fastrand();

}

/*

 *  keep caphash fd open since opens of it could be disabled

 */

static int caphashfd;

void

initcap(void)

{

	caphashfd = open("#¤/caphash", OCEXEC|OWRITE);

	if(caphashfd < 0)

		fprint(2, "%s: opening #¤/caphash: %r\n", argv0);

}

/*

 *  create a change uid capability 

 */

char*

mkcap(char *from, char *to)

{

	uchar rand[20];

	char *cap;

	char *key;

	int nfrom, nto, ncap;

	uchar hash[SHA1dlen];

	if(caphashfd < 0)

		return nil;

	/* create the capability */

	nto = strlen(to);

	nfrom = strlen(from);

	ncap = nfrom + 1 + nto + 1 + sizeof(rand)*3 + 1;

	cap = emalloc(ncap);

	snprint(cap, ncap, "%s@%s", from, to);

	memrandom(rand, sizeof(rand));

	key = cap+nfrom+1+nto+1;

	enc64(key, sizeof(rand)*3, rand, sizeof(rand));

	/* hash the capability */

	hmac_sha1((uchar*)cap, strlen(cap), (uchar*)key, strlen(key), hash, nil);

	/* give the kernel the hash */

	key[-1] = '@';

	if(write(caphashfd, hash, SHA1dlen) < 0){

		free(cap);

		return nil;

	}

	return cap;

}

int

usecap(char *cap)

{

	int fd, rv;

	fd = open("#¤/capuse", OWRITE);

	if(fd < 0)

		return -1;

	rv = write(fd, cap, strlen(cap));

	close(fd);

	return rv;

}

int

becomeuser(char *new)

{

	char *cap;

	int rv;

	cap = mkcap(getuser(), new);

	if(cap == nil)

		return -1;

	rv = usecap(cap);

	free(cap);

	newns(new, nil);

	return rv;

}