1/*
2 * CDDL HEADER START
3 *
4 * The contents of this file are subject to the terms of the
5 * Common Development and Distribution License (the "License").
6 * You may not use this file except in compliance with the License.
7 *
8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9 * or http://www.opensolaris.org/os/licensing.
10 * See the License for the specific language governing permissions
11 * and limitations under the License.
12 *
13 * When distributing Covered Code, include this CDDL HEADER in each
14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15 * If applicable, add the following below this CDDL HEADER, with the
16 * fields enclosed by brackets "[]" replaced with your own identifying
17 * information: Portions Copyright [yyyy] [name of copyright owner]
18 *
19 * CDDL HEADER END
20 */
21
22/*
23 * Copyright (c) 2011 Gary Mills
24 *
25 * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
26 * Use is subject to license terms.
27 * Copyright (c) 2016 by Delphix. All rights reserved.
28 */
29
30/*	Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T	*/
31/*	  All Rights Reserved  	*/
32
33#include <sys/resource.h>
34#include <sys/stat.h>
35#include <sys/types.h>
36
37#include <dirent.h>
38#include <string.h>
39#include <stdlib.h>
40#include <fcntl.h>
41#include <pwd.h>
42#include <stdio.h>
43#include <ctype.h>
44#include <time.h>
45#include <signal.h>
46#include <errno.h>
47#include <limits.h>
48#include <ulimit.h>
49#include <unistd.h>
50#include <locale.h>
51#include <libintl.h>
52#include <tzfile.h>
53#include <project.h>
54#include <paths.h>
55
56#include "cron.h"
57
58#define	TMPFILE		"_at" /* prefix for temporary files	*/
59/*
60 * Mode for creating files in ATDIR.
61 * Setuid bit on so that if an owner of a file gives that file
62 * away to someone else, the setuid bit will no longer be set.
63 * If this happens, atrun will not execute the file
64 */
65#define	ATMODE		(S_ISUID | S_IRUSR | S_IRGRP | S_IROTH)
66#define	ROOT		0	/* user-id of super-user */
67#define	MAXTRYS		100	/* max trys to create at job file */
68
69#define	BADTIME		"bad time specification"
70#define	BADQUEUE	"queue name must be a single character a-z"
71#define	NOTCQUEUE	"queue c is reserved for cron entries"
72#define	BADSHELL	"because your login shell isn't /usr/bin/sh,"\
73			"you can't use at"
74#define	WARNSHELL	"commands will be executed using %s\n"
75#define	CANTCD		"can't change directory to the at directory"
76#define	CANTCHOWN	"can't change the owner of your job to you"
77#define	CANTCHUID	"can't change user identifier"
78#define	CANTCREATE	"can't create a job for you"
79#define	INVALIDUSER	"you are not a valid user (no entry in /etc/passwd)"
80#define	NOOPENDIR	"can't open the at directory"
81#define	NOTALLOWED	"you are not authorized to use at.  Sorry."
82#define	USAGE\
83	"usage: at [-c|-k|-s] [-m] [-f file] [-p project] [-q queuename] "\
84	    "-t time\n"\
85	"       at [-c|-k|-s] [-m] [-f file] [-p project] [-q queuename] "\
86	    "timespec\n"\
87	"       at -l [-p project] [-q queuename] [at_job_id...]\n"\
88	"       at -r at_job_id ...\n"
89
90#define	FORMAT		"%a %b %e %H:%M:%S %Y"
91
92static int leap(int);
93static int atoi_for2(char *);
94static int check_queue(char *, int);
95static int list_jobs(int, char **, int, int);
96static int remove_jobs(int, char **, char *);
97static void usage(void);
98static void catch(int);
99static void copy(char *, FILE *, int);
100static void atime(struct tm *, struct tm *);
101static int not_this_project(char *);
102static char *mkjobname(time_t);
103static time_t parse_time(char *);
104static time_t gtime(struct tm *);
105static void escapestr(const char *);
106void atabort(char *)__NORETURN;
107void yyerror(void);
108extern int yyparse(void);
109
110extern void	audit_at_delete(char *, char *, int);
111extern int	audit_at_create(char *, int);
112extern int	audit_cron_is_anc_name(char *);
113extern int	audit_cron_delete_anc_file(char *, char *);
114
115/*
116 * Error in getdate(3G)
117 */
118static char 	*errlist[] = {
119/* 0 */ 	"",
120/* 1 */	"getdate: The DATEMSK environment variable is not set",
121/* 2 */	"getdate: Error on \"open\" of the template file",
122/* 3 */	"getdate: Error on \"stat\" of the template file",
123/* 4 */	"getdate: The template file is not a regular file",
124/* 5 */	"getdate: An error is encountered while reading the template",
125/* 6 */	"getdate: Malloc(3C) failed",
126/* 7 */	"getdate: There is no line in the template that matches the input",
127/* 8 */	"getdate: Invalid input specification"
128};
129
130int		gmtflag = 0;
131int		mday[12] = {31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31};
132uid_t		user;
133struct	tm	*tp, at, rt;
134static int	cshflag		= 0;
135static int	kshflag		= 0;
136static int	shflag		= 0;
137static int	mflag		= 0;
138static int	pflag		= 0;
139static char	*Shell;
140static char	*tfname;
141static char	pname[80];
142static char	pname1[80];
143static short	jobtype = ATEVENT;	/* set to 1 if batch job */
144extern char	*argp;
145extern int	per_errno;
146static projid_t	project;
147
148int
149main(int argc, char **argv)
150{
151	FILE		*inputfile;
152	int		i, fd;
153	int		try = 0;
154	int		fflag = 0;
155	int		lflag = 0;
156	int		qflag = 0;
157	int		rflag = 0;
158	int		tflag = 0;
159	int		c;
160	int		tflen;
161	char		*file;
162	char		*login;
163	char		*job;
164	char		*jobfile = NULL; /* file containing job to be run */
165	char		argpbuf[LINE_MAX], timebuf[80];
166	time_t		now;
167	time_t		when = 0;
168	struct	tm	*ct;
169	char		*proj;
170	struct project	prj, *pprj;
171	char		mybuf[PROJECT_BUFSZ];
172	char		ipbuf[PROJECT_BUFSZ];
173
174	(void) setlocale(LC_ALL, "");
175#if !defined(TEXT_DOMAIN)	/* Should be defined by cc -D */
176#define	TEXT_DOMAIN "SYS_TEST"	/* Use this only if it weren't */
177#endif
178	(void) textdomain(TEXT_DOMAIN);
179
180	user = getuid();
181	login = getuser(user);
182	if (login == NULL) {
183		if (per_errno == 2)
184			atabort(BADSHELL);
185		else
186			atabort(INVALIDUSER);
187	}
188
189	if (!allowed(login, ATALLOW, ATDENY))
190		atabort(NOTALLOWED);
191
192	while ((c = getopt(argc, argv, "cklmsrf:p:q:t:")) != EOF)
193		switch (c) {
194			case 'c':
195				cshflag++;
196				break;
197			case 'f':
198				fflag++;
199				jobfile = optarg;
200				break;
201			case 'k':
202				kshflag++;
203				break;
204			case 'l':
205				lflag++;
206				break;
207			case 'm':
208				mflag++;
209				break;
210			case 'p':
211				proj = optarg;
212				pprj = &prj;
213				if ((pprj = getprojbyname(proj, pprj,
214				    (void *)&mybuf, sizeof (mybuf))) != NULL) {
215					project = pprj->pj_projid;
216					if (inproj(login, pprj->pj_name,
217					    (void *)&ipbuf, sizeof (ipbuf)))
218						pflag++;
219					else {
220						(void) fprintf(stderr,
221						    gettext("at: user %s is "
222						    "not a member of "
223						    "project %s (%d)\n"),
224						    login, pprj->pj_name,
225						    project);
226						exit(2);
227					}
228					break;
229				}
230				pprj = &prj;
231				if (isdigit(proj[0]) &&
232				    (pprj = getprojbyid(atoi(proj), pprj,
233				    (void *)&mybuf, sizeof (mybuf))) != NULL) {
234					project = pprj->pj_projid;
235					if (inproj(login, pprj->pj_name,
236					    (void *)&ipbuf, sizeof (ipbuf)))
237						pflag++;
238					else {
239						(void) fprintf(stderr,
240						    gettext("at: user %s is "
241						    "not a member of "
242						    "project %s (%d)\n"),
243						    login, pprj->pj_name,
244						    project);
245						exit(2);
246					}
247					break;
248				}
249				(void) fprintf(stderr, gettext("at: project "
250				    "%s not found.\n"), proj);
251				exit(2);
252				break;
253			case 'q':
254				qflag++;
255				if (optarg[1] != '\0')
256					atabort(BADQUEUE);
257				jobtype = *optarg - 'a';
258				if ((jobtype < 0) || (jobtype > 25))
259					atabort(BADQUEUE);
260				if (jobtype == 2)
261					atabort(NOTCQUEUE);
262				break;
263			case 'r':
264				rflag++;
265				break;
266			case 's':
267				shflag++;
268				break;
269			case 't':
270				tflag++;
271				when = parse_time(optarg);
272				break;
273			default:
274				usage();
275		}
276
277	argc -= optind;
278	argv += optind;
279
280	if (lflag + rflag > 1)
281		usage();
282
283	if (lflag) {
284		if (cshflag || kshflag || shflag || mflag ||
285		    fflag || tflag || rflag)
286			usage();
287		return (list_jobs(argc, argv, qflag, jobtype));
288	}
289
290	if (rflag) {
291		if (cshflag || kshflag || shflag || mflag ||
292		    fflag || tflag || qflag)
293			usage();
294		return (remove_jobs(argc, argv, login));
295	}
296
297	if ((argc + tflag == 0) && (jobtype != BATCHEVENT))
298		usage();
299
300	if (cshflag + kshflag + shflag > 1)
301		atabort("ambiguous shell request");
302
303	time(&now);
304
305	if (jobtype == BATCHEVENT)
306		when = now;
307
308	if (when == 0) { /* figure out what time to run the job */
309		int	argplen = sizeof (argpbuf) - 1;
310
311		argpbuf[0] = '\0';
312		argp = argpbuf;
313		i = 0;
314		while (i < argc) {
315			/* guard against buffer overflow */
316			argplen -= strlen(argv[i]) + 1;
317			if (argplen < 0)
318				atabort(BADTIME);
319
320			strcat(argp, argv[i]);
321			strcat(argp, " ");
322			i++;
323		}
324		if ((file = getenv("DATEMSK")) == 0 || file[0] == '\0') {
325			tp = localtime(&now);
326			/*
327			 * Fix for 1047182 - we have to let yyparse
328			 * check bounds on mday[] first, then fixup
329			 * the leap year case.
330			 */
331			yyparse();
332
333			mday[1] = 28 + leap(at.tm_year);
334
335			if (at.tm_mday > mday[at.tm_mon])
336				atabort("bad date");
337
338			atime(&at, &rt);
339			when = gtime(&at);
340			if (!gmtflag) {
341				when += timezone;
342				if (localtime(&when)->tm_isdst)
343					when -= (timezone-altzone);
344			}
345		} else {	/*   DATEMSK is set  */
346			if ((ct = getdate(argpbuf)) == NULL)
347				atabort(errlist[getdate_err]);
348			else
349				when = mktime(ct);
350		}
351	}
352
353	if (when < now)	/* time has already past */
354		atabort("too late");
355
356	tflen = strlen(ATDIR) + 1 + strlen(TMPFILE) +
357	    10 + 1; /* 10 for an INT_MAX pid */
358	tfname = xmalloc(tflen);
359	snprintf(tfname, tflen, "%s/%s%d", ATDIR, TMPFILE, getpid());
360
361	/* catch INT, HUP, TERM and QUIT signals */
362	if (signal(SIGINT, catch) == SIG_IGN)
363		signal(SIGINT, SIG_IGN);
364	if (signal(SIGHUP, catch) == SIG_IGN)
365		signal(SIGHUP, SIG_IGN);
366	if (signal(SIGQUIT, catch) == SIG_IGN)
367		signal(SIGQUIT, SIG_IGN);
368	if (signal(SIGTERM, catch) == SIG_IGN)
369		signal(SIGTERM, SIG_IGN);
370	if ((fd = open(tfname, O_CREAT|O_EXCL|O_WRONLY, ATMODE)) < 0)
371		atabort(CANTCREATE);
372	if (chown(tfname, user, getgid()) == -1) {
373		unlink(tfname);
374		atabort(CANTCHOWN);
375	}
376	close(1);
377	dup(fd);
378	close(fd);
379	sprintf(pname, "%s", PROTO);
380	sprintf(pname1, "%s.%c", PROTO, 'a'+jobtype);
381
382	/*
383	 * Open the input file with the user's permissions.
384	 */
385	if (jobfile != NULL) {
386		if ((seteuid(user) < 0) ||
387		    (inputfile = fopen(jobfile, "r")) == NULL) {
388			unlink(tfname);
389			fprintf(stderr, "at: %s: %s\n", jobfile, errmsg(errno));
390			exit(1);
391		}
392		else
393			seteuid(0);
394	} else
395		inputfile = stdin;
396
397	copy(jobfile, inputfile, when);
398	while (rename(tfname, job = mkjobname(when)) == -1) {
399		sleep(1);
400		if (++try > MAXTRYS / 10) {
401			unlink(tfname);
402			atabort(CANTCREATE);
403		}
404	}
405	unlink(tfname);
406	if (audit_at_create(job, 0))
407		atabort(CANTCREATE);
408
409	cron_sendmsg(ADD, login, strrchr(job, '/')+1, AT);
410	if (per_errno == 2)
411		fprintf(stderr, gettext(WARNSHELL), Shell);
412	cftime(timebuf, FORMAT, &when);
413	fprintf(stderr, gettext("job %s at %s\n"),
414	    strrchr(job, '/')+1, timebuf);
415	if (when - MINUTE < HOUR)
416		fprintf(stderr, gettext(
417		    "at: this job may not be executed at the proper time.\n"));
418	return (0);
419}
420
421
422static char *
423mkjobname(time_t t)
424{
425	int i, fd;
426	char *name;
427
428	name = xmalloc(200);
429	for (i = 0; i < MAXTRYS; i++) {
430		sprintf(name, "%s/%ld.%c", ATDIR, t, 'a'+jobtype);
431		/* fix for 1099183, 1116833 - create file here, avoid race */
432		if ((fd = open(name, O_CREAT | O_EXCL, ATMODE)) > 0) {
433			close(fd);
434			return (name);
435		}
436		t += 1;
437	}
438	atabort("queue full");
439	/* NOTREACHED */
440}
441
442
443static void
444catch(int x)
445{
446	unlink(tfname);
447	exit(1);
448}
449
450
451void
452atabort(char *msg)
453{
454	fprintf(stderr, "at: %s\n", gettext(msg));
455
456	exit(1);
457}
458
459int
460yywrap(void)
461{
462	return (1);
463}
464
465void
466yyerror(void)
467{
468	atabort(BADTIME);
469}
470
471/*
472 * add time structures logically
473 */
474static void
475atime(struct tm *a, struct tm *b)
476{
477	if ((a->tm_sec += b->tm_sec) >= 60) {
478		b->tm_min += a->tm_sec / 60;
479		a->tm_sec %= 60;
480	}
481	if ((a->tm_min += b->tm_min) >= 60) {
482		b->tm_hour += a->tm_min / 60;
483		a->tm_min %= 60;
484	}
485	if ((a->tm_hour += b->tm_hour) >= 24) {
486		b->tm_mday += a->tm_hour / 24;
487		a->tm_hour %= 24;
488	}
489	a->tm_year += b->tm_year;
490	if ((a->tm_mon += b->tm_mon) >= 12) {
491		a->tm_year += a->tm_mon / 12;
492		a->tm_mon %= 12;
493	}
494	a->tm_mday += b->tm_mday;
495	mday[1] = 28 + leap(a->tm_year);
496	while (a->tm_mday > mday[a->tm_mon]) {
497		a->tm_mday -= mday[a->tm_mon++];
498		if (a->tm_mon > 11) {
499			a->tm_mon = 0;
500			mday[1] = 28 + leap(++a->tm_year);
501		}
502	}
503
504}
505
506static int
507leap(int year)
508{
509	return (isleap(year + TM_YEAR_BASE));
510}
511
512/*
513 * return time from time structure
514 */
515static time_t
516gtime(struct tm *tptr)
517{
518	int i;
519	long	tv;
520	int	dmsize[12] =
521	    {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31};
522
523
524	tv = 0;
525	for (i = 1970; i != tptr->tm_year+TM_YEAR_BASE; i++)
526		tv += (365 + isleap(i));
527		/*
528		 * We call isleap since leap() adds
529		 * 1900 onto any value passed
530		 */
531
532	if (!leap(tptr->tm_year) && at.tm_mday == 29 && at.tm_mon == 1)
533		atabort("bad date - not a leap year");
534
535	if ((leap(tptr->tm_year)) && tptr->tm_mon >= 2)
536		++tv;
537
538	for (i = 0; i < tptr->tm_mon; ++i)
539		tv += dmsize[i];
540	tv += tptr->tm_mday - 1;
541	tv = 24 * tv + tptr->tm_hour;
542	tv = 60 * tv + tptr->tm_min;
543	tv = 60 * tv + tptr->tm_sec;
544	return (tv);
545}
546
547/*
548 * Escape a string to be used inside the job shell script.
549 */
550static void
551escapestr(const char *str)
552{
553	char c;
554	(void) putchar('\'');
555	while ((c = *str++) != '\0') {
556		if (c != '\'')
557			(void) putchar(c);
558		else
559			(void) fputs("'\\''", stdout); /* ' -> '\'' */
560	}
561	(void) putchar('\'');
562}
563
564/*
565 * make job file from proto + stdin
566 */
567static void
568copy(char *jobfile, FILE *inputfile, int when)
569{
570	int c;
571	FILE *pfp;
572	char *shell;
573	char	dirbuf[PATH_MAX + 1];
574	char	line[LINE_MAX];
575	char **ep;
576	mode_t um;
577	char *val;
578	extern char **environ;
579	uid_t realusr, effeusr;
580	int ttyinput;
581	int ulimit_flag = 0;
582	struct rlimit rlp;
583	struct project prj, *pprj;
584	char pbuf[PROJECT_BUFSZ];
585	char pbuf2[PROJECT_BUFSZ];
586	char *user;
587
588	/*
589	 * Fix for 1099381:
590	 * If the inputfile is from a tty, then turn on prompting, and
591	 * put out a prompt now, instead of waiting for a lot of file
592	 * activity to complete.
593	 */
594	ttyinput = isatty(fileno(inputfile));
595	if (ttyinput) {
596		fputs("at> ", stderr);
597		fflush(stderr);
598	}
599
600	/*
601	 * Fix for 1053807:
602	 * Determine what shell we should use to run the job. If the user
603	 * didn't explicitly request that their current shell be over-
604	 * ridden (shflag or cshflag), then we use the current shell.
605	 */
606	if (cshflag)
607		Shell = shell = "/bin/csh";
608	else if (kshflag) {
609		Shell = shell = "/bin/ksh";
610		ulimit_flag = 1;
611	} else if (shflag) {
612		Shell = shell = "/bin/sh";
613		ulimit_flag = 1;
614	} else if (((Shell = val = getenv("SHELL")) != NULL) &&
615	    (*val != '\0')) {
616		shell = "$SHELL";
617		if ((strstr(val, "/sh") != NULL) ||
618		    (strstr(val, "/ksh") != NULL))
619			ulimit_flag = 1;
620	} else {
621		/* SHELL is NULL or unset, therefore use default */
622		Shell = shell = _PATH_BSHELL;
623		ulimit_flag = 1;
624	}
625
626	printf(": %s job\n", jobtype ? "batch" : "at");
627	printf(": jobname: %.127s\n", (jobfile == NULL) ? "stdin" : jobfile);
628	printf(": notify by mail: %s\n", (mflag) ? "yes" : "no");
629
630	if (pflag) {
631		(void) printf(": project: %d\n", project);
632	} else {
633		/*
634		 * Check if current user is a member of current project.
635		 * This check is done here to avoid setproject() failure
636		 * later when the job gets executed.  If current user does
637		 * not belong to current project, user's default project
638		 * will be used instead.  This is achieved by not specifying
639		 * the project (": project: <project>\n") in the job file.
640		 */
641		if ((user = getuser(getuid())) == NULL)
642			atabort(INVALIDUSER);
643		project = getprojid();
644		pprj = getprojbyid(project, &prj, pbuf, sizeof (pbuf));
645		if (pprj != NULL) {
646			if (inproj(user, pprj->pj_name, pbuf2, sizeof (pbuf2)))
647				(void) printf(": project: %d\n", project);
648		}
649	}
650
651	for (ep = environ; *ep; ep++) {
652		if ((val = strchr(*ep, '=')) == NULL)
653			continue;
654		*val++ = '\0';
655		(void) printf("export %s; %s=", *ep, *ep);
656		escapestr(val);
657		(void) putchar('\n');
658		*--val = '=';
659	}
660	if ((pfp = fopen(pname1, "r")) == NULL &&
661	    (pfp = fopen(pname, "r")) == NULL)
662		atabort("no prototype");
663	/*
664	 * Put in a line to run the proper shell using the rest of
665	 * the file as input.  Note that 'exec'ing the shell will
666	 * cause sh() to leave a /tmp/sh### file around. (1053807)
667	 */
668	printf("%s << '...the rest of this file is shell input'\n", shell);
669
670	um = umask(0);
671	while ((c = getc(pfp)) != EOF) {
672		if (c != '$')
673			putchar(c);
674		else switch (c =  getc(pfp)) {
675		case EOF:
676			goto out;
677		case 'd':
678			/*
679			 * Must obtain current working directory as the user
680			 */
681
682			dirbuf[0] = '\0';
683			realusr = getuid();
684			effeusr = geteuid();
685			/* change euid for getcwd */
686			if (seteuid(realusr) < 0) {
687				atabort(CANTCHUID);
688			}
689			if (getcwd(dirbuf, sizeof (dirbuf)) == NULL) {
690				atabort(
691				    "can't obtain current working directory");
692			}
693			/* change back afterwards */
694			if (seteuid(effeusr) < 0) {
695				atabort(CANTCHUID);
696			}
697			escapestr(dirbuf);
698			break;
699		case 'm':
700			printf("%o", um);
701			break;
702		case '<':
703			if (ulimit_flag) {
704				if (getrlimit(RLIMIT_FSIZE, &rlp) == 0) {
705					if (rlp.rlim_cur == RLIM_INFINITY)
706						printf("ulimit unlimited\n");
707					else
708						printf("ulimit %lld\n",
709						    rlp.rlim_cur / 512);
710				}
711			}
712			/*
713			 * fix for 1113572 - use fputs() so that a
714			 * newline isn't appended to the one returned
715			 * with fgets(); 1099381 - prompt for input.
716			 */
717			while (fgets(line, LINE_MAX, inputfile) != NULL) {
718				fputs(line, stdout);
719				if (ttyinput)
720					fputs("at> ", stderr);
721			}
722			if (ttyinput) /* clean up the final output */
723				fputs("<EOT>\n", stderr);
724			break;
725		case 't':
726			printf(":%lu", when);
727			break;
728		default:
729			putchar(c);
730		}
731	}
732out:
733	fclose(pfp);
734	fflush(NULL);
735}
736
737/* remove jobs that are specified */
738static int
739remove_jobs(int argc, char **argv, char *login)
740{
741	int		i, r;
742	int		error = 0;
743	struct stat	buf;
744	struct passwd *pw;
745
746	pw = getpwuid(user);
747	if (pw == NULL) {
748		atabort("Invalid user.\n");
749	}
750
751	if (argc == 0)
752		usage();
753	if (chdir(ATDIR) == -1)
754		atabort(CANTCD);
755	for (i = 0; i < argc; i++)
756		if (strchr(argv[i], '/') != NULL) {
757			fprintf(stderr, "at: %s: not a valid job-id\n",
758			    argv[i]);
759		} else if (stat(argv[i], &buf)) {
760			fprintf(stderr, "at: %s: ", argv[i]);
761			perror("");
762		} else if ((user != buf.st_uid) &&
763		    (!cron_admin(pw->pw_name))) {
764			fprintf(stderr, "at: you don't own %s\n",
765			    argv[i]);
766			error = 1;
767		} else {
768			if (cron_admin(pw->pw_name)) {
769				login = getuser((uid_t)buf.st_uid);
770				if (login == NULL) {
771					if (per_errno == 2)
772						atabort(BADSHELL);
773					else
774						atabort(INVALIDUSER);
775					}
776			}
777			cron_sendmsg(DELETE, login, argv[i], AT);
778			r = unlink(argv[i]);
779			audit_at_delete(argv[i], ATDIR, r);
780		}
781	return (error);
782}
783
784
785
786static int
787list_jobs(int argc, char **argv, int qflag, int queue)
788{
789	DIR		*dir;
790	int		i;
791	int		error = 0;
792	char		*patdir, *atdir, *ptr;
793	char		timebuf[80];
794	time_t		t;
795	struct stat	buf, st1, st2;
796	struct dirent	*dentry;
797	struct passwd	*pw;
798	unsigned int	atdirlen;
799	int r;
800	struct passwd	*pwd, pwds;
801	char buf_pwd[1024];
802	char job_file[PATH_MAX];
803
804	pwd = getpwuid_r(user, &pwds, buf_pwd, sizeof (buf_pwd));
805	if (pwd == NULL) {
806		atabort("Invalid user.\n");
807	}
808
809	/* list jobs for user */
810	if (chdir(ATDIR) == -1)
811		atabort(CANTCD);
812
813	atdirlen = strlen(ATDIR);
814	atdir = xmalloc(atdirlen + 1);
815	strcpy(atdir, ATDIR);
816	patdir = strrchr(atdir, '/');
817	*patdir = '\0';
818	if (argc == 0) {
819		/* list all jobs for a user */
820		if (stat(ATDIR, &st1) != 0 || stat(atdir, &st2) != 0)
821			atabort("Can not get status of spooling"
822			    "directory for at");
823		if ((dir = opendir(ATDIR)) == NULL)
824			atabort(NOOPENDIR);
825		while (1) {
826			if ((dentry = readdir(dir)) == NULL)
827				break;
828			if ((dentry->d_ino == st1.st_ino) ||
829			    (dentry->d_ino == st2.st_ino))
830				continue;
831			if ((r = audit_cron_is_anc_name(dentry->d_name)) == 1)
832				continue;
833			if (stat(dentry->d_name, &buf)) {
834				unlink(dentry->d_name);
835				audit_cron_delete_anc_file(dentry->d_name,
836				    NULL);
837				continue;
838			}
839			if ((!cron_admin(pwd->pw_name)) &&
840			    (buf.st_uid != user))
841				continue;
842			ptr = dentry->d_name;
843			if (((t = num(&ptr)) == 0) || (*ptr != '.'))
844				continue;
845			strcpy(job_file, patdir);
846			strcat(job_file, dentry->d_name);
847			if (pflag && not_this_project(job_file))
848				continue;
849			ascftime(timebuf, FORMAT, localtime(&t));
850			if ((cron_admin(pwd->pw_name)) &&
851			    ((pw = getpwuid(buf.st_uid)) != NULL)) {
852				if (!qflag || (qflag &&
853				    check_queue(ptr, queue)))
854					printf("user = %s\t%s\t%s\n",
855					    pw->pw_name, dentry->d_name,
856					    timebuf);
857			} else
858				if (!qflag || (qflag &&
859				    check_queue(ptr, queue)))
860					printf("%s\t%s\n",
861					    dentry->d_name, timebuf);
862		}
863		(void) closedir(dir);
864	} else	/* list particular jobs for user */
865		for (i = 0; i < argc; i++) {
866			ptr = argv[i];
867			strlcpy(job_file, patdir, PATH_MAX);
868			strlcat(job_file, ptr, PATH_MAX);
869			if (((t = num(&ptr)) == 0) || (*ptr != '.')) {
870				fprintf(stderr, gettext(
871				    "at: invalid job name %s\n"), argv[i]);
872				error = 1;
873			} else if (stat(argv[i], &buf)) {
874				fprintf(stderr, "at: %s: ", argv[i]);
875				perror("");
876				error = 1;
877			} else if ((user != buf.st_uid) &&
878			    (!cron_admin(pwd->pw_name))) {
879				fprintf(stderr, gettext(
880				    "at: you don't own %s\n"), argv[i]);
881				error = 1;
882			} else if (pflag && not_this_project(job_file)) {
883				continue;
884			} else {
885				if (!qflag || (qflag &&
886				    check_queue(ptr, queue))) {
887					ascftime(timebuf, FORMAT,
888					    localtime(&t));
889					printf("%s\t%s\n", argv[i], timebuf);
890				}
891			}
892		}
893	return (error);
894}
895
896/*
897 * open the command file and read the project id line
898 * compare to the project number provided via -p on the command line
899 * return 0 if they match, 1 if they don't match or an error occurs.
900 */
901#define	SKIPCOUNT 3	/* lines to skip to get to project line in file */
902
903static int
904not_this_project(char *filename)
905{
906	FILE *fp;
907	projid_t sproj;
908	int i;
909
910	if ((fp = fopen(filename, "r")) == NULL)
911		return (1);
912
913	for (i = 0; i < SKIPCOUNT; i++)
914		fscanf(fp, "%*[^\n]\n");
915
916	fscanf(fp, ": project: %d\n", &sproj);
917	fclose(fp);
918
919	return (sproj == project ? 0 : 1);
920}
921
922static int
923check_queue(char *name, int queue)
924{
925	if ((name[strlen(name) - 1] - 'a') == queue)
926		return (1);
927	else
928		return (0);
929}
930
931static time_t
932parse_time(char *t)
933{
934	int		century = 0;
935	int		seconds = 0;
936	char		*p;
937	time_t		when	= 0;
938	struct tm	tm;
939
940	/*
941	 * time in the following format (defined by the touch(1) spec):
942	 *	[[CC]YY]MMDDhhmm[.SS]
943	 */
944	if ((p = strchr(t, '.')) != NULL) {
945		if (strchr(p+1, '.') != NULL)
946			atabort(BADTIME);
947		seconds = atoi_for2(p+1);
948		*p = '\0';
949	}
950
951	memset(&tm, 0, sizeof (struct tm));
952	when = time(0);
953	tm.tm_year = localtime(&when)->tm_year;
954
955	switch (strlen(t)) {
956		case 12:	/* CCYYMMDDhhmm */
957			century = atoi_for2(t);
958			t += 2;
959			/* FALLTHROUGH */
960		case 10:	/* YYMMDDhhmm */
961			tm.tm_year = atoi_for2(t);
962			t += 2;
963			if (century == 0) {
964				if (tm.tm_year < 69)
965					tm.tm_year += 100;
966			} else
967				tm.tm_year += (century - 19) * 100;
968			/* FALLTHROUGH */
969		case 8:		/* MMDDhhmm */
970			tm.tm_mon = atoi_for2(t) - 1;
971			t += 2;
972			tm.tm_mday = atoi_for2(t);
973			t += 2;
974			tm.tm_hour = atoi_for2(t);
975			t += 2;
976			tm.tm_min = atoi_for2(t);
977			t += 2;
978			tm.tm_sec = seconds;
979			break;
980		default:
981			atabort(BADTIME);
982	}
983
984	if ((when = mktime(&tm)) == -1)
985		atabort(BADTIME);
986	if (tm.tm_isdst)
987		when -= (timezone-altzone);
988	return (when);
989}
990
991static int
992atoi_for2(char *p)
993{
994	int value;
995
996	value = (*p - '0') * 10 + *(p+1) - '0';
997	if ((value < 0) || (value > 99))
998		atabort(BADTIME);
999	return (value);
1000}
1001
1002static void
1003usage(void)
1004{
1005	fprintf(stderr, USAGE);
1006	exit(1);
1007}
1008