1 /* Copyright 1988,1990,1993,1994 by Paul Vixie
4 * Distribute freely, except: don't remove my name from the source or
5 * documentation (don't take credit for my work), mark your changes (don't
6 * get me blamed for your possible bugs), don't alter or remove this
7 * notice. May be sold if buildable source is provided to buyer. No
8 * warrantee of any kind, express or implied, is included with this
9 * software; use at your own risk, responsibility for damages (if any) to
10 * anyone resulting from the use of this software rests entirely with the
13 * Send bug reports, bug fixes, enhancements, requests, flames, etc., and
14 * I'll try to keep a version up to date. I can be reached as follows:
15 * Paul Vixie <paul@vix.com> uunet!decwrl!vixie!paul
18 #if !defined(lint) && !defined(LINT)
19 static const char rcsid[] =
25 #include <sys/signal.h>
27 # include <sys/universe.h>
32 #if defined(LOGIN_CAP)
33 # include <login_cap.h>
36 # include <security/pam_appl.h>
37 # include <security/openpam.h>
41 static void child_process(entry *, user *),
50 Debug(DPROC, ("[%d] do_command(%s, (%s,%d,%d))\n",
51 getpid(), e->cmd, u->name, e->uid, e->gid))
53 /* fork to become asynchronous -- parent process is done immediately,
54 * and continues to run the normal cron code, which means return to
55 * tick(). the child and grandchild don't leave this function, alive.
57 * vfork() is unsuitable, since we have much to do, and the parent
58 * needs to be able to run off and fork other processes.
62 log_it("CRON",getpid(),"error","can't fork");
68 Debug(DPROC, ("[%d] child process done, exiting\n", getpid()))
75 Debug(DPROC, ("[%d] main process returning to work\n", getpid()))
84 int stdin_pipe[2], stdout_pipe[2];
85 register char *input_data;
86 char *usernm, *mailto;
88 # if defined(LOGIN_CAP)
93 Debug(DPROC, ("[%d] child_process('%s')\n", getpid(), e->cmd))
95 /* mark ourselves as different to PS command watchers by upshifting
96 * our program name. This has no effect on some kernels.
98 setproctitle("running job");
100 /* discover some useful and important environment settings
102 usernm = env_get("LOGNAME", e->envp);
103 mailto = env_get("MAILTO", e->envp);
106 /* use PAM to see if the user's account is available,
107 * i.e., not locked or expired or whatever. skip this
108 * for system tasks from /etc/crontab -- they can run
111 if (strcmp(u->name, SYS_NAME)) { /* not equal */
112 pam_handle_t *pamh = NULL;
114 struct pam_conv pamc = {
115 .conv = openpam_nullconv,
119 Debug(DPROC, ("[%d] checking account with PAM\n", getpid()))
121 /* u->name keeps crontab owner name while LOGNAME is the name
122 * of user to run command on behalf of. they should be the
123 * same for a task from a per-user crontab.
125 if (strcmp(u->name, usernm)) {
126 log_it(usernm, getpid(), "username ambiguity", u->name);
130 pam_err = pam_start("cron", usernm, &pamc, &pamh);
131 if (pam_err != PAM_SUCCESS) {
132 log_it("CRON", getpid(), "error", "can't start PAM");
136 pam_err = pam_acct_mgmt(pamh, PAM_SILENT);
137 /* Expired password shouldn't prevent the job from running. */
138 if (pam_err != PAM_SUCCESS && pam_err != PAM_NEW_AUTHTOK_REQD) {
139 log_it(usernm, getpid(), "USER", "account unavailable");
143 pam_end(pamh, pam_err);
148 /* our parent is watching for our death by catching SIGCHLD. we
149 * do not care to watch for our children's deaths this way -- we
150 * use wait() explicitly. so we have to disable the signal (which
151 * was inherited from the parent).
153 (void) signal(SIGCHLD, SIG_DFL);
155 /* on system-V systems, we are ignoring SIGCLD. we have to stop
156 * ignoring it now or the wait() in cron_pclose() won't work.
157 * because of this, we have to wait() for our children here, as well.
159 (void) signal(SIGCLD, SIG_DFL);
162 /* create some pipes to talk to our future child
164 pipe(stdin_pipe); /* child's stdin */
165 pipe(stdout_pipe); /* child's stdout */
167 /* since we are a forked process, we can diddle the command string
168 * we were passed -- nobody else is going to use it again, right?
170 * if a % is present in the command, previous characters are the
171 * command, and subsequent characters are the additional input to
172 * the command. Subsequent %'s will be transformed into newlines,
173 * but that happens later.
175 * If there are escaped %'s, remove the escape character.
178 register int escaped = FALSE;
182 for (input_data = p = e->cmd; (ch = *input_data);
187 if (ch == '%' || ch == '\\')
197 *input_data++ = '\0';
204 /* fork again, this time so we can exec the user's command.
208 log_it("CRON",getpid(),"error","can't vfork");
212 Debug(DPROC, ("[%d] grandchild process Vfork()'ed\n",
215 if (e->uid == ROOT_UID)
219 sleep(random() % Jitter);
222 /* write a log message. we've waited this long to do it
223 * because it was not until now that we knew the PID that
224 * the actual user command shell was going to get and the
225 * PID is part of the log message.
228 char *x = mkprints((u_char *)e->cmd, strlen(e->cmd));
230 log_it(usernm, getpid(), "CMD", x);
234 /* that's the last thing we'll log. close the log files.
240 /* get new pgrp, void tty, etc.
244 /* close the pipe ends that we won't use. this doesn't affect
245 * the parent, who has to read and write them; it keeps the
246 * kernel from recording us as a potential client TWICE --
247 * which would keep it from sending SIGPIPE in otherwise
248 * appropriate circumstances.
250 close(stdin_pipe[WRITE_PIPE]);
251 close(stdout_pipe[READ_PIPE]);
253 /* grandchild process. make std{in,out} be the ends of
254 * pipes opened by our daddy; make stderr go to stdout.
256 close(STDIN); dup2(stdin_pipe[READ_PIPE], STDIN);
257 close(STDOUT); dup2(stdout_pipe[WRITE_PIPE], STDOUT);
258 close(STDERR); dup2(STDOUT, STDERR);
260 /* close the pipes we just dup'ed. The resources will remain.
262 close(stdin_pipe[READ_PIPE]);
263 close(stdout_pipe[WRITE_PIPE]);
265 /* set our login universe. Do this in the grandchild
266 * so that the child can invoke /usr/lib/sendmail
271 # if defined(LOGIN_CAP)
272 /* Set user's entire context, but skip the environment
273 * as cron provides a separate interface for this
275 if ((pwd = getpwnam(usernm)) == NULL)
276 pwd = getpwuid(e->uid);
279 pwd->pw_gid = e->gid;
280 if (e->class != NULL)
281 lc = login_getclass(e->class);
284 setusercontext(lc, pwd, e->uid,
285 LOGIN_SETALL & ~(LOGIN_SETPATH|LOGIN_SETENV)) == 0)
288 /* fall back to the old method */
291 /* set our directory, uid and gid. Set gid first,
292 * since once we set uid, we've lost root privileges.
294 if (setgid(e->gid) != 0) {
295 log_it(usernm, getpid(),
296 "error", "setgid failed");
300 if (initgroups(usernm, e->gid) != 0) {
301 log_it(usernm, getpid(),
302 "error", "initgroups failed");
306 if (setlogin(usernm) != 0) {
307 log_it(usernm, getpid(),
308 "error", "setlogin failed");
311 if (setuid(e->uid) != 0) {
312 log_it(usernm, getpid(),
313 "error", "setuid failed");
316 /* we aren't root after this..*/
317 #if defined(LOGIN_CAP)
322 chdir(env_get("HOME", e->envp));
327 char *shell = env_get("SHELL", e->envp);
330 if (DebugFlags & DTEST) {
332 "debug DTEST is on, not exec'ing command.\n");
334 "\tcmd='%s' shell='%s'\n", e->cmd, shell);
337 # endif /*DEBUGGING*/
338 execle(shell, shell, "-c", e->cmd, (char *)0, e->envp);
339 warn("execl: couldn't exec `%s'", shell);
350 /* middle process, child of original cron, parent of process running
351 * the user's command.
354 Debug(DPROC, ("[%d] child continues, closing pipes\n", getpid()))
356 /* close the ends of the pipe that will only be referenced in the
357 * grandchild process...
359 close(stdin_pipe[READ_PIPE]);
360 close(stdout_pipe[WRITE_PIPE]);
363 * write, to the pipe connected to child's stdin, any input specified
364 * after a % in the crontab entry. while we copy, convert any
365 * additional %'s to newlines. when done, if some characters were
366 * written and the last one wasn't a newline, write a newline.
368 * Note that if the input data won't fit into one pipe buffer (2K
369 * or 4K on most BSD systems), and the child doesn't read its stdin,
370 * we would block here. thus we must fork again.
373 if (*input_data && fork() == 0) {
374 register FILE *out = fdopen(stdin_pipe[WRITE_PIPE], "w");
375 register int need_newline = FALSE;
376 register int escaped = FALSE;
380 warn("fdopen failed in child2");
384 Debug(DPROC, ("[%d] child2 sending data to grandchild\n", getpid()))
386 /* close the pipe we don't use, since we inherited it and
387 * are part of its reference count now.
389 close(stdout_pipe[READ_PIPE]);
394 * \x -> \x for all x != %
396 while ((ch = *input_data++)) {
405 if (!(escaped = (ch == '\\'))) {
407 need_newline = (ch != '\n');
415 /* close the pipe, causing an EOF condition. fclose causes
416 * stdin_pipe[WRITE_PIPE] to be closed, too.
420 Debug(DPROC, ("[%d] child2 done sending to grandchild\n", getpid()))
424 /* close the pipe to the grandkiddie's stdin, since its wicked uncle
425 * ernie back there has it open and will close it when he's done.
427 close(stdin_pipe[WRITE_PIPE]);
432 * read output from the grandchild. it's stderr has been redirected to
433 * it's stdout, which has been redirected to our pipe. if there is any
434 * output, we'll be mailing it to the user whose crontab this is...
435 * when the grandchild exits, we'll get EOF.
438 Debug(DPROC, ("[%d] child reading output from grandchild\n", getpid()))
441 register FILE *in = fdopen(stdout_pipe[READ_PIPE], "r");
445 warn("fdopen failed in child");
452 register int bytes = 1;
456 ("[%d] got data (%x:%c) from grandchild\n",
459 /* get name of recipient. this is MAILTO if set to a
460 * valid local username; USER otherwise.
462 if (mailto == NULL) {
463 /* MAILTO not present, set to USER,
464 * unless globally overriden.
471 if (mailto && *mailto == '\0')
474 /* if we are supposed to be mailing, MAILTO will
475 * be non-NULL. only in this case should we set
476 * up the mail command and subjects and stuff...
481 auto char mailcmd[MAX_COMMAND];
482 auto char hostname[MAXHOSTNAMELEN];
484 (void) gethostname(hostname, MAXHOSTNAMELEN);
485 (void) snprintf(mailcmd, sizeof(mailcmd),
487 if (!(mail = cron_popen(mailcmd, "w", e))) {
489 (void) _exit(ERROR_EXIT);
491 fprintf(mail, "From: %s (Cron Daemon)\n", usernm);
492 fprintf(mail, "To: %s\n", mailto);
493 fprintf(mail, "Subject: Cron <%s@%s> %s\n",
494 usernm, first_word(hostname, "."),
496 # if defined(MAIL_DATE)
497 fprintf(mail, "Date: %s\n",
498 arpadate(&TargetTime));
499 # endif /* MAIL_DATE */
500 for (env = e->envp; *env; env++)
501 fprintf(mail, "X-Cron-Env: <%s>\n",
505 /* this was the first char from the pipe
510 /* we have to read the input pipe no matter whether
511 * we mail or not, but obviously we only write to
512 * mail pipe if we ARE mailing.
515 while (EOF != (ch = getc(in))) {
521 /* only close pipe if we opened it -- i.e., we're
526 Debug(DPROC, ("[%d] closing pipe to mail\n",
528 /* Note: the pclose will probably see
529 * the termination of the grandchild
530 * in addition to the mail process, since
531 * it (the grandchild) is likely to exit
532 * after closing its stdout.
534 status = cron_pclose(mail);
537 /* if there was output and we could not mail it,
538 * log the facts so the poor user can figure out
541 if (mailto && status) {
542 char buf[MAX_TEMPSTR];
544 snprintf(buf, sizeof(buf),
545 "mailed %d byte%s of output but got status 0x%04x\n",
546 bytes, (bytes==1)?"":"s",
548 log_it(usernm, getpid(), "MAIL", buf);
551 } /*if data from grandchild*/
553 Debug(DPROC, ("[%d] got EOF from grandchild\n", getpid()))
555 fclose(in); /* also closes stdout_pipe[READ_PIPE] */
558 /* wait for children to die.
560 for (; children > 0; children--)
565 Debug(DPROC, ("[%d] waiting for grandchild #%d to finish\n",
569 Debug(DPROC, ("[%d] no more grandchildren--mail written?\n",
573 Debug(DPROC, ("[%d] grandchild #%d finished, status=%04x",
574 getpid(), pid, WEXITSTATUS(waiter)))
575 if (WIFSIGNALED(waiter) && WCOREDUMP(waiter))
576 Debug(DPROC, (", dumped core"))
587 /* Dynix (Sequent) hack to put the user associated with
588 * the passed user structure into the ATT universe if
589 * necessary. We have to dig the gecos info out of
590 * the user's password entry to see if the magic
591 * "universe(att)" string is present.
598 p = getpwuid(u->uid);
606 for (i = 0; i < 4; i++)
608 if ((s = strchr(s, ',')) == NULL)
612 if (strcmp(s, "universe(att)"))
615 (void) universe(U_ATT);
projects / FreeBSD / releng / 10.0.git / blob