atd-secprec

1. --- a/atd.c 2015-12-06 16:45:10.000000000 +0100
2. +++ b/atd.c 2016-02-20 12:23:19.000000000 +0100
3. @@ -276,6 +276,7 @@
4.   */
5.      pid_t pid;
6.      int fd_out, fd_in;
7. +    char shell_path[256];
8.      char jobbuf[9];
9.      char *mailname = NULL;
10.      int mailsize = 128;
11. @@ -296,6 +297,8 @@
12.      int retcode;
13.  #endif
14.  
15. +   memset(shell_path, '\0', 256);
16. +
17.  #ifdef _SC_LOGIN_NAME_MAX
18.      errno = 0;
19.      rc = sysconf(_SC_LOGIN_NAME_MAX);
20. @@ -308,12 +311,12 @@
21.  #endif
22.      sscanf(filename, "%c%5lx", &queue, &jobno);
23.      if ((mailname = malloc(mailsize+1)) == NULL)
24. -   pabort("Job %8lu : out of virtual memory", jobno);
25. +   pabort("Job %lu : out of virtual memory", jobno);
26.  
27. -    sprintf(jobbuf, "%8lu", jobno);
28. +    sprintf(jobbuf, "%lu", jobno);
29.  
30.      if ((newname = strdup(filename)) == 0)
31. -   pabort("Job %8lu : out of virtual memory", jobno);
32. +   pabort("Job %lu : out of virtual memory", jobno);
33.      newname[0] = '=';
34.  
35.      /* We try to make a hard link to lock the file.  If we fail, then
36. @@ -350,7 +353,7 @@
37.  
38.      pentry = getpwuid(uid);
39.      if (pentry == NULL) {
40. -   pabort("Userid %lu not found - aborting job %8lu (%.500s)",
41. +   pabort("Userid %lu not found - aborting job %lu (%.500s)",
42.            (unsigned long) uid, jobno, filename);
43.      }
44.      PRIV_START
45. @@ -372,17 +375,17 @@
46.     perr("Error in fstat of input file");
47.  
48.      if (S_ISLNK(lbuf.st_mode))
49. -   perr("Symbolic link encountered in job %8lu (%.500s) - aborting",
50. +   perr("Symbolic link encountered in job %lu (%.500s) - aborting",
51.          jobno, filename);
52.  
53.      if ((lbuf.st_dev != buf.st_dev) || (lbuf.st_ino != buf.st_ino) ||
54.     (lbuf.st_uid != buf.st_uid) || (lbuf.st_gid != buf.st_gid) ||
55.     (lbuf.st_size != buf.st_size))
56. -   perr("Somebody changed files from under us for job %8lu (%.500s) - "
57. +   perr("Somebody changed files from under us for job %lu (%.500s) - "
58.          "aborting", jobno, filename);
59.  
60.      if (buf.st_nlink > 2) {
61. -   perr("Somebody is trying to run a linked script for job %8lu (%.500s)",
62. +   perr("Somebody is trying to run a linked script for job %lu (%.500s)",
63.          jobno, filename);
64.      }
65.      if ((fflags = fcntl(fd_in, F_GETFD)) < 0)
66. @@ -397,20 +400,19 @@
67.       * NFS and works with local file systems.  It's not clear where
68.       * the bug is located.  -Joey
69.       */
70. -    sprintf(fmt, "#!/bin/sh\n# atrun uid=%%d gid=%%d\n# mail %%%ds %%d",
71. -   mailsize );
72. +    sprintf(fmt, "#!%%255s\n# atrun uid=%%d gid=%%d\n# mail %%%ds %%d", mailsize);
73.  
74.      if (fscanf(stream, fmt,
75. -          &nuid, &ngid, mailname, &send_mail) != 4)
76. +          shell_path, &nuid, &ngid, mailname, &send_mail) != 5)
77.     pabort("File %.500s is in wrong format - aborting",
78.            filename);
79.  
80.      if (mailname[0] == '-')
81. -   pabort("illegal mail name %.300s in job %8lu (%.300s)", mailname,
82. +   pabort("illegal mail name %.300s in job %lu (%.300s)", mailname,
83.            jobno, filename);
84.  
85.      if (nuid != uid)
86. -   pabort("Job %8lu (%.500s) - userid %d does not match file uid %d",
87. +   pabort("Job %lu (%.500s) - userid %d does not match file uid %d",
88.            jobno, filename, nuid, uid);
89.  
90.      /* We are now committed to executing this script.  Unlink the
91. @@ -437,7 +439,7 @@
92.     perr("Cannot create output file");
93.      PRIV_START
94.      if (fchown(fd_out, uid, ngid) == -1)
95. -        syslog(LOG_WARNING, "Warning: could not change owner of output file for job %li to %i:%i: %s",
96. +        syslog(LOG_WARNING, "Warning: could not change owner of output file for job %li to %i:%i : %s",
97.                  jobno, uid, ngid, strerror(errno));
98.      PRIV_END
99.  
100. @@ -445,6 +447,8 @@
101.      write_string(fd_out, jobbuf);
102.      write_string(fd_out, "\nTo: ");
103.      write_string(fd_out, mailname);    
104. +    write_string(fd_out, "\nX-Atd-Job: ");
105. +    write_string(fd_out, jobbuf);
106.      write_string(fd_out, "\n\n");
107.      fstat(fd_out, &buf);
108.      size = buf.st_size;
109. @@ -514,8 +518,8 @@
110.  
111.         chdir("/");
112.  
113. -       if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
114. -       perr("Exec failed for /bin/sh");
115. +       if (execle(shell_path, shell_path, (char *) NULL, nenvp) != 0)
116. +       perr("Exec failed for %s", shell_path);
117.  
118.     PRIV_END
119.      }
120. @@ -601,6 +605,7 @@
121.      struct dirent *dirent;
122.      struct stat buf;
123.      unsigned long ctm;
124. +    unsigned int  ctmsec;
125.      unsigned long jobno;
126.      char queue;
127.      char batch_queue = '\0';
128. @@ -651,8 +656,12 @@
129.      while ((dirent = readdir(spool)) != NULL) {
130.  
131.     /* Avoid the stat if this doesn't look like a job file */
132. -   if (sscanf(dirent->d_name, "%c%5lx%8lx", &queue, &jobno, &ctm) != 3)
133. -       continue;
134. +   if (sscanf(dirent->d_name, "%c%5lx%8lx%2u", &queue, &jobno, &ctm, &ctmsec) != 4)
135. +   {
136. +       ctmsec = 0;
137. +       if (sscanf(dirent->d_name, "%c%5lx%8lx", &queue, &jobno, &ctm) != 3)
138. +           continue;
139. +   }
140.  
141.     /* Chances are a '=' file has been deleted from under us.
142.      * Ignore.
143. @@ -669,7 +678,7 @@
144.         continue;
145.     }
146.  
147. -   run_time = (time_t) ctm *60;
148. +   run_time = (time_t) ctm * 60 + ctmsec;
149.  
150.     /* Skip lock files */
151.     if (queue == '=') {