1 /* $OpenBSD: database.c,v 1.16 2004/06/22 03:15:33 avsm Exp $ */
2
3 /* Copyright 1988,1990,1993,1994 by Paul Vixie
4 * All rights reserved
5 */
6
7 /*
8 * Copyright (c) 2004 by Internet Systems Consortium, Inc. ("ISC")
9 * Copyright (c) 1997,2000 by Internet Software Consortium, Inc.
10 *
11 * Permission to use, copy, modify, and distribute this software for any
12 * purpose with or without fee is hereby granted, provided that the above
13 * copyright notice and this permission notice appear in all copies.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
16 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
17 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
18 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
21 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 */
23
24 #if !defined(lint) && !defined(LINT)
25 static char const rcsid[] = "$OpenBSD: database.c,v 1.16 2004/06/22 03:15:33 avsm Exp $";
26 #endif
27
28 /* vix 26jan87 [RCS has the log]
29 */
30
31 #include "cron.h"
32
33 #define HASH(a,b) ((a)+(b))
34
35 static void process_crontab(const char *, const char *,
36 const char *, struct stat *,
37 cron_db *, cron_db *);
38
39 void
load_database(cron_db * old_db)40 load_database(cron_db *old_db) {
41 struct stat statbuf, syscron_stat;
42 cron_db new_db;
43 DIR_T *dp;
44 DIR *dir;
45 user *u, *nu;
46
47 Debug(DLOAD, ("[%ld] load_database()\n", (long)getpid()))
48
49 /* before we start loading any data, do a stat on SPOOL_DIR
50 * so that if anything changes as of this moment (i.e., before we've
51 * cached any of the database), we'll see the changes next time.
52 */
53 if (stat(SPOOL_DIR, &statbuf) < OK) {
54 log_it("CRON", getpid(), "STAT FAILED", SPOOL_DIR);
55 (void) exit(ERROR_EXIT);
56 }
57
58 /* track system crontab file
59 */
60 if (stat(SYSCRONTAB, &syscron_stat) < OK)
61 syscron_stat.st_mtime = 0;
62
63 /* if spooldir's mtime has not changed, we don't need to fiddle with
64 * the database.
65 *
66 * Note that old_db->mtime is initialized to 0 in main(), and
67 * so is guaranteed to be different than the stat() mtime the first
68 * time this function is called.
69 */
70 if (old_db->mtime == HASH(statbuf.st_mtime, syscron_stat.st_mtime)) {
71 Debug(DLOAD, ("[%ld] spool dir mtime unch, no load needed.\n",
72 (long)getpid()))
73 return;
74 }
75
76 /* something's different. make a new database, moving unchanged
77 * elements from the old database, reloading elements that have
78 * actually changed. Whatever is left in the old database when
79 * we're done is chaff -- crontabs that disappeared.
80 */
81 new_db.mtime = HASH(statbuf.st_mtime, syscron_stat.st_mtime);
82 new_db.head = new_db.tail = NULL;
83
84 if (syscron_stat.st_mtime) {
85 process_crontab(ROOT_USER, NULL, SYSCRONTAB, &syscron_stat,
86 &new_db, old_db);
87 }
88
89 /* we used to keep this dir open all the time, for the sake of
90 * efficiency. however, we need to close it in every fork, and
91 * we fork a lot more often than the mtime of the dir changes.
92 */
93 if (!(dir = opendir(SPOOL_DIR))) {
94 log_it("CRON", getpid(), "OPENDIR FAILED", SPOOL_DIR);
95 (void) exit(ERROR_EXIT);
96 }
97
98 while (NULL != (dp = readdir(dir))) {
99 char fname[MAXNAMLEN+1], tabname[MAXNAMLEN];
100
101 /* avoid file names beginning with ".". this is good
102 * because we would otherwise waste two guaranteed calls
103 * to getpwnam() for . and .., and also because user names
104 * starting with a period are just too nasty to consider.
105 */
106 if (dp->d_name[0] == '.')
107 continue;
108
109 if (strlcpy(fname, dp->d_name, sizeof fname) >= sizeof fname)
110 continue; /* XXX log? */
111
112 if (snprintf(tabname, sizeof tabname, "%s/%s", SPOOL_DIR, fname) >=
113 sizeof(tabname))
114 continue; /* XXX log? */
115
116 process_crontab(fname, fname, tabname,
117 &statbuf, &new_db, old_db);
118 }
119 closedir(dir);
120
121 /* if we don't do this, then when our children eventually call
122 * getpwnam() in do_command.c's child_process to verify MAILTO=,
123 * they will screw us up (and v-v).
124 */
125 endpwent();
126
127 /* whatever's left in the old database is now junk.
128 */
129 Debug(DLOAD, ("unlinking old database:\n"))
130 for (u = old_db->head; u != NULL; u = nu) {
131 Debug(DLOAD, ("\t%s\n", u->name))
132 nu = u->next;
133 unlink_user(old_db, u);
134 free_user(u);
135 }
136
137 /* overwrite the database control block with the new one.
138 */
139 *old_db = new_db;
140 Debug(DLOAD, ("load_database is done\n"))
141 }
142
143 void
link_user(cron_db * db,user * u)144 link_user(cron_db *db, user *u) {
145 if (db->head == NULL)
146 db->head = u;
147 if (db->tail)
148 db->tail->next = u;
149 u->prev = db->tail;
150 u->next = NULL;
151 db->tail = u;
152 }
153
154 void
unlink_user(cron_db * db,user * u)155 unlink_user(cron_db *db, user *u) {
156 if (u->prev == NULL)
157 db->head = u->next;
158 else
159 u->prev->next = u->next;
160
161 if (u->next == NULL)
162 db->tail = u->prev;
163 else
164 u->next->prev = u->prev;
165 }
166
167 user *
find_user(cron_db * db,const char * name)168 find_user(cron_db *db, const char *name) {
169 user *u;
170
171 for (u = db->head; u != NULL; u = u->next)
172 if (strcmp(u->name, name) == 0)
173 break;
174 return (u);
175 }
176
177 static void
process_crontab(const char * uname,const char * fname,const char * tabname,struct stat * statbuf,cron_db * new_db,cron_db * old_db)178 process_crontab(const char *uname, const char *fname, const char *tabname,
179 struct stat *statbuf, cron_db *new_db, cron_db *old_db)
180 {
181 struct passwd *pw = NULL;
182 int crontab_fd = OK - 1;
183 user *u;
184
185 if (fname == NULL) {
186 /* must be set to something for logging purposes.
187 */
188 fname = "*system*";
189 } else if ((pw = getpwnam(uname)) == NULL) {
190 /* file doesn't have a user in passwd file.
191 */
192 log_it(fname, getpid(), "ORPHAN", "no passwd entry");
193 goto next_crontab;
194 }
195
196 if ((crontab_fd = open(tabname, O_RDONLY|O_NONBLOCK|O_NOFOLLOW, 0)) < OK) {
197 /* crontab not accessible?
198 */
199 log_it(fname, getpid(), "CAN'T OPEN", tabname);
200 goto next_crontab;
201 }
202
203 if (fstat(crontab_fd, statbuf) < OK) {
204 log_it(fname, getpid(), "FSTAT FAILED", tabname);
205 goto next_crontab;
206 }
207 if (!S_ISREG(statbuf->st_mode)) {
208 log_it(fname, getpid(), "NOT REGULAR", tabname);
209 goto next_crontab;
210 }
211 if ((statbuf->st_mode & 07577) != 0400) {
212 log_it(fname, getpid(), "BAD FILE MODE", tabname);
213 goto next_crontab;
214 }
215 if (statbuf->st_uid != ROOT_UID && (pw == NULL ||
216 statbuf->st_uid != pw->pw_uid || strcmp(uname, pw->pw_name) != 0)) {
217 log_it(fname, getpid(), "WRONG FILE OWNER", tabname);
218 goto next_crontab;
219 }
220 if (statbuf->st_nlink != 1) {
221 log_it(fname, getpid(), "BAD LINK COUNT", tabname);
222 goto next_crontab;
223 }
224
225 Debug(DLOAD, ("\t%s:", fname))
226 u = find_user(old_db, fname);
227 if (u != NULL) {
228 /* if crontab has not changed since we last read it
229 * in, then we can just use our existing entry.
230 */
231 if (u->mtime == statbuf->st_mtime) {
232 Debug(DLOAD, (" [no change, using old data]"))
233 unlink_user(old_db, u);
234 link_user(new_db, u);
235 goto next_crontab;
236 }
237
238 /* before we fall through to the code that will reload
239 * the user, let's deallocate and unlink the user in
240 * the old database. This is more a point of memory
241 * efficiency than anything else, since all leftover
242 * users will be deleted from the old database when
243 * we finish with the crontab...
244 */
245 Debug(DLOAD, (" [delete old data]"))
246 unlink_user(old_db, u);
247 free_user(u);
248 log_it(fname, getpid(), "RELOAD", tabname);
249 }
250 u = load_user(crontab_fd, pw, fname);
251 if (u != NULL) {
252 u->mtime = statbuf->st_mtime;
253 link_user(new_db, u);
254 }
255
256 next_crontab:
257 if (crontab_fd >= OK) {
258 Debug(DLOAD, (" [done]\n"))
259 close(crontab_fd);
260 }
261 }
262