automatic update by autodist [release 3.1.14-1mamba;Thu Oct 10 2013]
This commit is contained in:
parent
7f4b0eaa44
commit
21d413ab4f
@ -1,2 +1,7 @@
|
||||
# at
|
||||
|
||||
At and batch read commands from standard input or from a specified file.
|
||||
At allows you to specify that a command will be run at a particular time (now or a specified time in the future).
|
||||
Batch will execute commands when the system load levels drop to a particular level.
|
||||
Both commands use /bin/sh to run the commands.
|
||||
|
||||
|
14
at-3.1.10-daylight.patch
Normal file
14
at-3.1.10-daylight.patch
Normal file
@ -0,0 +1,14 @@
|
||||
--- at-3.1.10/at.c.daylight 2007-03-31 00:03:47.000000000 +0200
|
||||
+++ at-3.1.10/at.c 2007-03-31 00:06:23.000000000 +0200
|
||||
@@ -840,8 +840,9 @@
|
||||
|
||||
if( tm.tm_mday )
|
||||
{
|
||||
- tm.tm_isdst = tm_now.tm_isdst;
|
||||
- return mktime(&tm);
|
||||
+ tm.tm_isdst = -1;
|
||||
+ t = mktime(&tm);
|
||||
+ return t;
|
||||
} else
|
||||
return 0L;
|
||||
}
|
59
at-3.1.10-dont_fork.patch
Normal file
59
at-3.1.10-dont_fork.patch
Normal file
@ -0,0 +1,59 @@
|
||||
--- at-3.1.10/daemon.c.dontfork 2005-08-05 05:16:01.000000000 +0200
|
||||
+++ at-3.1.10/daemon.c 2006-09-12 13:53:10.000000000 +0200
|
||||
@@ -50,7 +50,8 @@
|
||||
|
||||
static const char *svnid = "$Id$";
|
||||
|
||||
-int daemon_debug;
|
||||
+int daemon_debug = 0;
|
||||
+int daemon_nofork = 0;
|
||||
|
||||
static int
|
||||
lock_fd(int fd)
|
||||
@@ -119,15 +120,18 @@
|
||||
(open("/dev/null", O_RDWR) != 2)) {
|
||||
perr("Error redirecting I/O");
|
||||
}
|
||||
+ }
|
||||
+ if (daemon_nofork) pid = getpid();
|
||||
+ else {
|
||||
pid = fork();
|
||||
if (pid == -1) {
|
||||
perr("Cannot fork");
|
||||
} else if (pid != 0) {
|
||||
exit(0);
|
||||
}
|
||||
+ (void) setsid();
|
||||
}
|
||||
old_umask = umask(S_IWGRP | S_IWOTH);
|
||||
- (void) setsid();
|
||||
|
||||
PRIV_START
|
||||
|
||||
--- at-3.1.10/atd.8.in.dontfork 2005-08-29 10:08:51.000000000 +0200
|
||||
+++ at-3.1.10/atd.8.in 2006-09-12 13:53:10.000000000 +0200
|
||||
@@ -10,6 +10,7 @@
|
||||
.IR batch_interval ]
|
||||
.RB [ -d ]
|
||||
.RB [ -s ]
|
||||
+.RB [ -n ]
|
||||
.SH DESCRIPTION
|
||||
.B atd
|
||||
runs jobs queued by
|
||||
@@ -46,6 +47,9 @@
|
||||
is installed as
|
||||
.B @prefix@/sbin/atrun
|
||||
for backward compatibility.
|
||||
+.TP 8
|
||||
+.B -n
|
||||
+Don't fork option.
|
||||
.SH WARNING
|
||||
.B atd
|
||||
won't work if its spool directory is mounted via NFS even if
|
||||
--- at-3.1.10/daemon.h.dontfork 2005-08-05 05:16:01.000000000 +0200
|
||||
+++ at-3.1.10/daemon.h 2006-09-12 13:54:43.000000000 +0200
|
||||
@@ -14,3 +14,4 @@
|
||||
perr (const char *fmt, ...);
|
||||
|
||||
extern int daemon_debug;
|
||||
+extern int daemon_nofork;
|
84
at-3.1.10-fix_no_export.patch
Normal file
84
at-3.1.10-fix_no_export.patch
Normal file
@ -0,0 +1,84 @@
|
||||
--- at-3.1.10/at.c.fix 2006-09-12 13:21:16.000000000 +0200
|
||||
+++ at-3.1.10/at.c 2006-09-12 13:20:08.000000000 +0200
|
||||
@@ -396,8 +396,9 @@
|
||||
unsigned int i;
|
||||
for (i = 0; i < sizeof(no_export) / sizeof(no_export[0]); i++) {
|
||||
export = export
|
||||
- && (strncmp(*atenv, no_export[i],
|
||||
- (size_t) (eqp - *atenv)) != 0);
|
||||
+ && ( (((size_t) (eqp - *atenv)) != strlen(no_export[i]))
|
||||
+ ||(strncmp(*atenv, no_export[i],(size_t) (eqp - *atenv)) != 0)
|
||||
+ );
|
||||
}
|
||||
eqp++;
|
||||
}
|
||||
--- at-3.1.10/at.1.in.fix 2006-09-12 13:21:16.000000000 +0200
|
||||
+++ at-3.1.10/at.1.in 2006-09-12 13:10:28.000000000 +0200
|
||||
@@ -42,8 +42,7 @@
|
||||
and
|
||||
.B batch
|
||||
read commands from standard input or a specified file which are to
|
||||
-be executed at a later time, using
|
||||
-.BR /bin/sh .
|
||||
+be executed at a later time.
|
||||
.TP 8
|
||||
.BR at
|
||||
executes commands at a specified time.
|
||||
@@ -244,8 +243,56 @@
|
||||
option argument, which must have the same format as specified for the
|
||||
.BR touch(1)
|
||||
utility's
|
||||
-.B -t
|
||||
+.B \-t
|
||||
time option argument ([[CC]YY]MMDDhhmm).
|
||||
+.SH ENVIRONMENT
|
||||
+.P
|
||||
+.TP 8
|
||||
+.B SHELL
|
||||
+The value of the SHELL environment variable at the time of
|
||||
+.B at
|
||||
+invocation will determine which shell is used to execute the
|
||||
+.B at
|
||||
+job commands. If SHELL is unset when
|
||||
+.B at
|
||||
+is invoked, the user's login shell will be used; otherwise,
|
||||
+if SHELL is set when
|
||||
+.B at
|
||||
+is invoked, it must contain the path of a shell interpreter
|
||||
+executable that will be used to run the commands at the specified time.
|
||||
+.P
|
||||
+.B at
|
||||
+will record the values of
|
||||
+environment variables present at time of
|
||||
+.B at
|
||||
+invocation. When the commands are run at the specified time,
|
||||
+.B at
|
||||
+will restore these variables to their recorded values .
|
||||
+These variables are excluded from this processing and are never
|
||||
+set by
|
||||
+.B at
|
||||
+when the commands are run :
|
||||
+.br
|
||||
+.BI TERM,
|
||||
+.BI DISPLAY,
|
||||
+.BI SHELLOPTS,
|
||||
+.BI _,
|
||||
+.BI PPID,
|
||||
+.BI BASH_VERSINFO,
|
||||
+.BI EUID,
|
||||
+.BI UID,
|
||||
+.BI GROUPS.
|
||||
+.br
|
||||
+If the user submitting the
|
||||
+.B at
|
||||
+job is not the super-user, variables that alter the behaviour of the
|
||||
+loader
|
||||
+.BR ld.so(8),
|
||||
+such as
|
||||
+.B LD_LIBRARY_PATH
|
||||
+, cannot be recorded and restored by
|
||||
+.B at .
|
||||
+.P
|
||||
.SH FILES
|
||||
.I @ATJBD@
|
||||
.br
|
245
at-3.1.10-instinet.patch
Normal file
245
at-3.1.10-instinet.patch
Normal file
@ -0,0 +1,245 @@
|
||||
--- at-3.1.10/atd.c.instinet 2006-09-12 11:01:10.000000000 +0200
|
||||
+++ at-3.1.10/atd.c 2006-09-12 11:24:49.000000000 +0200
|
||||
@@ -102,7 +102,7 @@
|
||||
static const char *svnid = "$Id$";
|
||||
static double load_avg = LOADAVG_MX;
|
||||
static time_t now;
|
||||
-static time_t last_chg;
|
||||
+//static time_t last_chg;
|
||||
static int nothing_to_do;
|
||||
unsigned int batch_interval;
|
||||
static int run_as_daemon = 0;
|
||||
@@ -197,7 +197,7 @@
|
||||
#endif
|
||||
|
||||
static void
|
||||
-run_file(const char *filename, uid_t uid, gid_t gid)
|
||||
+run_file(char *filename, uid_t uid, gid_t gid)
|
||||
{
|
||||
/* Run a file by by spawning off a process which redirects I/O,
|
||||
* spawns a subshell, then waits for it to complete and sends
|
||||
@@ -208,7 +208,7 @@
|
||||
char jobbuf[9];
|
||||
char *mailname = NULL;
|
||||
int mailsize = 128;
|
||||
- char *newname;
|
||||
+ char newname[256];
|
||||
FILE *stream;
|
||||
int send_mail = 0;
|
||||
struct stat buf, lbuf;
|
||||
@@ -242,11 +242,17 @@
|
||||
|
||||
sprintf(jobbuf, "%8lu", jobno);
|
||||
|
||||
- if ((newname = malloc(strlen(filename) + 1)) == NULL)
|
||||
- pabort("Job %8lu : out of virtual memory", jobno);
|
||||
+ if( strlen( filename ) >= sizeof( newname ) - 1 )
|
||||
+ pabort("File name too long: %s", filename );
|
||||
|
||||
strcpy(newname, filename);
|
||||
|
||||
+ newname[0] = '!';
|
||||
+
|
||||
+ if( rename( filename, newname ) < 0 )
|
||||
+ perr( "Error renaming job file." );
|
||||
+
|
||||
+ filename[0] = '!';
|
||||
newname[0] = '=';
|
||||
|
||||
/* We try to make a hard link to lock the file. If we fail, then
|
||||
@@ -264,14 +270,15 @@
|
||||
}
|
||||
}
|
||||
/* If something goes wrong between here and the unlink() call,
|
||||
- * the job gets restarted as soon as the "=" entry is cleared
|
||||
- * by the main atd loop.
|
||||
- */
|
||||
+ * the job will remain in the "!" queue.
|
||||
+ * no point in retrying, and need glaring proof that something went wrong
|
||||
+ */
|
||||
|
||||
pid = fork();
|
||||
- if (pid == -1)
|
||||
+ if (pid == -1) {
|
||||
+ unlink(newname);
|
||||
perr("Cannot fork");
|
||||
-
|
||||
+ }
|
||||
else if (pid != 0) {
|
||||
free(mailname);
|
||||
free(newname);
|
||||
@@ -284,6 +291,7 @@
|
||||
|
||||
pentry = getpwuid(uid);
|
||||
if (pentry == NULL) {
|
||||
+ unlink(newname);
|
||||
pabort("Userid %lu not found - aborting job %8lu (%.500s)",
|
||||
(unsigned long) uid, jobno, filename);
|
||||
}
|
||||
@@ -293,35 +301,43 @@
|
||||
|
||||
PRIV_END
|
||||
|
||||
- if (stream == NULL)
|
||||
+ if (stream == NULL) {
|
||||
+ unlink( newname );
|
||||
perr("Cannot open input file");
|
||||
-
|
||||
- if ((fd_in = dup(fileno(stream))) < 0)
|
||||
+ }
|
||||
+ if ((fd_in = dup(fileno(stream))) < 0) {
|
||||
+ unlink( newname );
|
||||
perr("Error duplicating input file descriptor");
|
||||
-
|
||||
- if (fstat(fd_in, &buf) == -1)
|
||||
+ }
|
||||
+ if (fstat(fd_in, &buf) == -1) {
|
||||
+ unlink( newname );
|
||||
perr("Error in fstat of input file descriptor");
|
||||
-
|
||||
- if (lstat(filename, &lbuf) == -1)
|
||||
+ }
|
||||
+ if (lstat(filename, &lbuf) == -1) {
|
||||
+ unlink( newname );
|
||||
perr("Error in fstat of input file");
|
||||
-
|
||||
- if (S_ISLNK(lbuf.st_mode))
|
||||
+ }
|
||||
+ if (S_ISLNK(lbuf.st_mode)) {
|
||||
+ unlink( newname );
|
||||
perr("Symbolic link encountered in job %8lu (%.500s) - aborting",
|
||||
jobno, filename);
|
||||
-
|
||||
+ }
|
||||
if ((lbuf.st_dev != buf.st_dev) || (lbuf.st_ino != buf.st_ino) ||
|
||||
(lbuf.st_uid != buf.st_uid) || (lbuf.st_gid != buf.st_gid) ||
|
||||
- (lbuf.st_size != buf.st_size))
|
||||
+ (lbuf.st_size != buf.st_size)) {
|
||||
+ unlink( newname );
|
||||
perr("Somebody changed files from under us for job %8lu (%.500s) - "
|
||||
"aborting", jobno, filename);
|
||||
-
|
||||
+ }
|
||||
if (buf.st_nlink > 2) {
|
||||
+ unlink( newname );
|
||||
perr("Somebody is trying to run a linked script for job %8lu (%.500s)",
|
||||
jobno, filename);
|
||||
}
|
||||
- if ((fflags = fcntl(fd_in, F_GETFD)) < 0)
|
||||
+ if ((fflags = fcntl(fd_in, F_GETFD)) < 0) {
|
||||
+ unlink( newname );
|
||||
perr("Error in fcntl");
|
||||
-
|
||||
+ }
|
||||
fcntl(fd_in, F_SETFD, fflags & ~FD_CLOEXEC);
|
||||
|
||||
/*
|
||||
@@ -335,28 +351,44 @@
|
||||
mailsize );
|
||||
|
||||
if (fscanf(stream, fmt,
|
||||
- &nuid, &ngid, mailname, &send_mail) != 4)
|
||||
+ &nuid, &ngid, mailname, &send_mail) != 4) {
|
||||
+ unlink( newname );
|
||||
pabort("File %.500s is in wrong format - aborting",
|
||||
filename);
|
||||
+ }
|
||||
|
||||
- if (mailname[0] == '-')
|
||||
+ if (mailname[0] == '-') {
|
||||
+ unlink( newname );
|
||||
pabort("illegal mail name %.300s in job %8lu (%.300s)", mailname,
|
||||
jobno, filename);
|
||||
-
|
||||
- if (nuid != uid)
|
||||
+ }
|
||||
+ if (nuid != uid) {
|
||||
+ unlink( newname );
|
||||
pabort("Job %8lu (%.500s) - userid %d does not match file uid %d",
|
||||
jobno, filename, nuid, uid);
|
||||
-
|
||||
+ }
|
||||
+ if (ngid != gid) {
|
||||
+ unlink( newname );
|
||||
+ pabort("Job %8lu %.500s - groupid %d does not match file gid %d",
|
||||
+ jobno, filename, ngid, gid);
|
||||
+ }
|
||||
/* We are now committed to executing this script. Unlink the
|
||||
* original.
|
||||
*/
|
||||
|
||||
unlink(filename);
|
||||
|
||||
+ /* If we bail out from now on, the job gets stuck in "="
|
||||
+ * The main loop should take care of that.
|
||||
+ */
|
||||
+
|
||||
fclose(stream);
|
||||
+
|
||||
if (chdir(ATSPOOL_DIR) < 0)
|
||||
perr("Cannot chdir to " ATSPOOL_DIR);
|
||||
|
||||
+ filename[0] = queue;
|
||||
+
|
||||
/* Create a file to hold the output of the job we are about to run.
|
||||
* Write the mail header. Complain in case
|
||||
*/
|
||||
@@ -466,19 +498,19 @@
|
||||
#endif
|
||||
|
||||
/* Send mail. Unlink the output file after opening it, so it
|
||||
- * doesn't hang around after the run.
|
||||
+ * doesn't hang around after the run (if we are to send mail).
|
||||
*/
|
||||
- stat(filename, &buf);
|
||||
- if (open(filename, O_RDONLY) != STDIN_FILENO)
|
||||
- perr("Open of jobfile failed");
|
||||
-
|
||||
- unlink(filename);
|
||||
+ if( send_mail != -1 ) {
|
||||
+ stat(filename, &buf);
|
||||
+ if (open(filename, O_RDONLY) != STDIN_FILENO)
|
||||
+ perr("Open of jobfile failed");
|
||||
+ unlink(filename);
|
||||
+ }
|
||||
|
||||
/* The job is now finished. We can delete its input file.
|
||||
*/
|
||||
chdir(ATJOB_DIR);
|
||||
unlink(newname);
|
||||
- free(newname);
|
||||
|
||||
if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) {
|
||||
|
||||
@@ -508,6 +540,8 @@
|
||||
exit(EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
+#define CHECK_INTERVAL_5MIN 300
|
||||
+
|
||||
static time_t
|
||||
run_loop()
|
||||
{
|
||||
@@ -537,7 +571,7 @@
|
||||
* atrun.
|
||||
*/
|
||||
|
||||
- next_job = now + CHECK_INTERVAL;
|
||||
+ next_job = now + CHECK_INTERVAL_5MIN;
|
||||
if (next_batch == 0)
|
||||
next_batch = now;
|
||||
|
||||
@@ -548,11 +582,11 @@
|
||||
|
||||
if (stat(".", &buf) == -1)
|
||||
perr("Cannot stat " ATJOB_DIR);
|
||||
-
|
||||
+/*
|
||||
if (nothing_to_do && buf.st_mtime <= last_chg)
|
||||
return next_job;
|
||||
last_chg = buf.st_mtime;
|
||||
-
|
||||
+*/
|
||||
if ((spool = opendir(".")) == NULL)
|
||||
perr("Cannot read " ATJOB_DIR);
|
||||
|
14
at-3.1.10-lexer-parser.patch
Normal file
14
at-3.1.10-lexer-parser.patch
Normal file
@ -0,0 +1,14 @@
|
||||
--- at-3.1.10/parsetime.y.parser 2005-08-05 05:31:04.000000000 +0200
|
||||
+++ at-3.1.10/parsetime.y 2006-09-07 12:47:45.000000000 +0200
|
||||
@@ -55,8 +55,10 @@
|
||||
%%
|
||||
timespec : spec_base
|
||||
| spec_base inc_or_dec
|
||||
+ {
|
||||
+ time_only = 0;
|
||||
+ }
|
||||
;
|
||||
-
|
||||
spec_base : date
|
||||
| time
|
||||
{
|
11
at-3.1.10-man-timespec-path.patch
Normal file
11
at-3.1.10-man-timespec-path.patch
Normal file
@ -0,0 +1,11 @@
|
||||
--- at-3.1.10/at.1.in.path 2005-08-29 10:09:24.000000000 +0200
|
||||
+++ at-3.1.10/at.1.in 2006-09-07 11:07:21.000000000 +0200
|
||||
@@ -110,7 +110,7 @@
|
||||
.B at 1am tomorrow.
|
||||
.PP
|
||||
The exact definition of the time specification can be found in
|
||||
-.IR @prefix@/share/doc/at/timespec .
|
||||
+.IR @prefix@/share/doc/at-@VERSION@/timespec.
|
||||
.PP
|
||||
For both
|
||||
.BR at " and " batch ,
|
83
at-3.1.10-perm.patch
Normal file
83
at-3.1.10-perm.patch
Normal file
@ -0,0 +1,83 @@
|
||||
--- at-3.1.10/at.c.perm 2006-11-14 12:26:27.000000000 +0100
|
||||
+++ at-3.1.10/at.c 2006-11-14 12:28:15.000000000 +0100
|
||||
@@ -144,17 +144,12 @@
|
||||
*/
|
||||
if (fcreated) {
|
||||
/*
|
||||
- PRIV_START
|
||||
-
|
||||
We need the unprivileged uid here since the file is owned by the real
|
||||
(not effective) uid.
|
||||
*/
|
||||
setregid(real_gid, effective_gid);
|
||||
unlink(atfile);
|
||||
setregid(effective_gid, real_gid);
|
||||
- /*
|
||||
- PRIV_END
|
||||
- */
|
||||
}
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
@@ -314,18 +309,18 @@
|
||||
* bit. Yes, this is a kluge.
|
||||
*/
|
||||
cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
|
||||
- seteuid(real_uid);
|
||||
+ seteuid(effective_uid);
|
||||
if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1)
|
||||
perr("Cannot create atjob file %.500s", atfile);
|
||||
- seteuid(effective_uid);
|
||||
+ //seteuid(effective_uid);
|
||||
|
||||
if ((fd2 = dup(fd)) < 0)
|
||||
perr("Error in dup() of job file");
|
||||
|
||||
- /*
|
||||
+
|
||||
if (fchown(fd2, real_uid, real_gid) != 0)
|
||||
perr("Cannot give away file");
|
||||
- */
|
||||
+
|
||||
|
||||
PRIV_END
|
||||
|
||||
@@ -656,6 +651,7 @@
|
||||
We need the unprivileged uid here since the file is owned by the real
|
||||
(not effective) uid.
|
||||
*/
|
||||
+// PRIV_START
|
||||
setregid(real_gid, effective_gid);
|
||||
|
||||
if (queue == '=') {
|
||||
@@ -668,17 +664,17 @@
|
||||
|
||||
setregid(effective_gid, real_gid);
|
||||
done = 1;
|
||||
-
|
||||
+// PRIV_END
|
||||
break;
|
||||
|
||||
case CAT:
|
||||
{
|
||||
FILE *fp;
|
||||
int ch;
|
||||
-
|
||||
+ // PRIV_START
|
||||
setregid(real_gid, effective_gid);
|
||||
fp = fopen(dirent->d_name, "r");
|
||||
-
|
||||
+ // PRIV_END
|
||||
if (fp) {
|
||||
while ((ch = getc(fp)) != EOF) {
|
||||
putchar(ch);
|
||||
--- at-3.1.10/Makefile.in.perm 2006-11-14 12:26:27.000000000 +0100
|
||||
+++ at-3.1.10/Makefile.in 2006-11-14 12:26:27.000000000 +0100
|
||||
@@ -97,7 +97,7 @@
|
||||
$(INSTALL) -m 755 -d $(IROOT)$(atdocdir)
|
||||
$(INSTALL) -m 755 -d $(IROOT)$(ATJOB_DIR)
|
||||
$(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d
|
||||
- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT) $(ATSPOOL_DIR)
|
||||
+ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR)
|
||||
chmod 700 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR)
|
||||
touch $(IROOT)$(LFILE)
|
||||
chmod 600 $(IROOT)$(LFILE)
|
27
at-3.1.10-pie.patch
Normal file
27
at-3.1.10-pie.patch
Normal file
@ -0,0 +1,27 @@
|
||||
--- at-3.1.10/Makefile.in.pie 2006-09-12 08:28:13.000000000 +0200
|
||||
+++ at-3.1.10/Makefile.in 2006-09-12 08:30:47.000000000 +0200
|
||||
@@ -69,13 +69,13 @@
|
||||
all: at atd atrun
|
||||
|
||||
at: $(ATOBJECTS)
|
||||
- $(CC) $(CFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB)
|
||||
+ $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB)
|
||||
rm -f $(CLONES)
|
||||
$(LN_S) -f at atq
|
||||
$(LN_S) -f at atrm
|
||||
|
||||
atd: $(RUNOBJECTS)
|
||||
- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB)
|
||||
+ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(PAMLIB)
|
||||
|
||||
y.tab.c y.tab.h: parsetime.y
|
||||
$(YACC) -d parsetime.y
|
||||
@@ -87,7 +87,7 @@
|
||||
configure
|
||||
|
||||
.c.o:
|
||||
- $(CC) -c $(CFLAGS) $(DEFS) $*.c
|
||||
+ $(CC) -c $(CFLAGS) -fpie $(DEFS) $*.c
|
||||
|
||||
install: all
|
||||
$(INSTALL) -g root -o root -m 755 -d $(IROOT)$(etcdir)
|
56
at-3.1.10-typo.patch
Normal file
56
at-3.1.10-typo.patch
Normal file
@ -0,0 +1,56 @@
|
||||
--- at-3.1.10/atrun.8.in.typo 2005-08-29 10:08:41.000000000 +0200
|
||||
+++ at-3.1.10/atrun.8.in 2006-09-12 10:00:57.000000000 +0200
|
||||
@@ -11,7 +11,7 @@
|
||||
.B atrun
|
||||
runs jobs queued by
|
||||
.BR at(1) .
|
||||
-It is a shell script containing invoking
|
||||
+It is a shell script invoking
|
||||
.B @sbindir@/atd
|
||||
with the
|
||||
.I -s
|
||||
--- at-3.1.10/atd.c.typo 2006-09-12 10:00:57.000000000 +0200
|
||||
+++ at-3.1.10/atd.c 2006-09-12 10:07:19.000000000 +0200
|
||||
@@ -316,7 +316,7 @@
|
||||
"aborting", jobno, filename);
|
||||
|
||||
if (buf.st_nlink > 2) {
|
||||
- perr("Someboy is trying to run a linked script for job %8lu (%.500s)",
|
||||
+ perr("Somebody is trying to run a linked script for job %8lu (%.500s)",
|
||||
jobno, filename);
|
||||
}
|
||||
if ((fflags = fcntl(fd_in, F_GETFD)) < 0)
|
||||
@@ -607,6 +607,7 @@
|
||||
* Let's remove the lockfile and reschedule.
|
||||
*/
|
||||
strncpy(lock_name, dirent->d_name, sizeof(lock_name));
|
||||
+ lock_name[sizeof(lock_name)-1] = '\0';
|
||||
lock_name[0] = '=';
|
||||
unlink(lock_name);
|
||||
next_job = now;
|
||||
@@ -623,7 +624,7 @@
|
||||
nothing_to_do = 0;
|
||||
|
||||
/* There's a job for later. Note its execution time if it's
|
||||
- * the earlierst so far.
|
||||
+ * the earliest so far.
|
||||
*/
|
||||
if (run_time > now) {
|
||||
if (next_job > run_time) {
|
||||
@@ -641,6 +642,7 @@
|
||||
run_batch++;
|
||||
if (strcmp(batch_name, dirent->d_name) > 0) {
|
||||
strncpy(batch_name, dirent->d_name, sizeof(batch_name));
|
||||
+ batch_name[sizeof(batch_name)-1] = '\0';
|
||||
batch_uid = buf.st_uid;
|
||||
batch_gid = buf.st_gid;
|
||||
batch_queue = queue;
|
||||
@@ -683,7 +685,7 @@
|
||||
int
|
||||
main(int argc, char *argv[])
|
||||
{
|
||||
-/* Browse through ATJOB_DIR, checking all the jobfiles wether they should
|
||||
+/* Browse through ATJOB_DIR, checking all the jobfiles whether they should
|
||||
* be executed and or deleted. The queue is coded into the first byte of
|
||||
* the job filename, the date (in minutes since Eon) as a hex number in the
|
||||
* following eight bytes, followed by a dot and a serial number. A file
|
12
at-3.1.10-usage.patch
Normal file
12
at-3.1.10-usage.patch
Normal file
@ -0,0 +1,12 @@
|
||||
--- at-3.1.10/panic.c.usage 2006-09-07 13:21:23.000000000 +0200
|
||||
+++ at-3.1.10/panic.c 2006-09-07 13:24:00.000000000 +0200
|
||||
@@ -92,7 +92,8 @@
|
||||
/* Print usage and exit.
|
||||
*/
|
||||
fprintf(stderr, "Usage: at [-V] [-q x] [-f file] [-mldbv] time\n"
|
||||
- " at -c job ...\n"
|
||||
+ " at [-V] [-q x] [-f file] [-m] -t [[CC]YY]MMDDhhmm\n"
|
||||
+ " at -c job [job...]\n"
|
||||
" atq [-V] [-q x]\n"
|
||||
" atrm [-V] job ...\n"
|
||||
" batch\n");
|
17
at-3.1.12-opt_V.patch
Normal file
17
at-3.1.12-opt_V.patch
Normal file
@ -0,0 +1,17 @@
|
||||
diff -up at-3.1.12/at.c.opt_V at-3.1.12/at.c
|
||||
--- at-3.1.12/at.c.opt_V 2009-11-23 16:11:52.000000000 +0100
|
||||
+++ at-3.1.12/at.c 2009-12-02 13:20:29.770215516 +0100
|
||||
@@ -853,10 +853,9 @@ main(int argc, char **argv)
|
||||
*/
|
||||
|
||||
if (disp_version) {
|
||||
- fprintf(stderr, "at version " VERSION "\n"
|
||||
- "Please report bugs to the Debian bug tracking system (http://bugs.debian.org/)\n"
|
||||
- "or contact the maintainers (at@packages.debian.org).\n");
|
||||
- exit(EXIT_SUCCESS);
|
||||
+ fprintf(stderr, "at version " VERSION "\n");
|
||||
+ if (argc == 2)
|
||||
+ exit(EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
/* select our program
|
152
at-3.1.12-selinux.patch
Normal file
152
at-3.1.12-selinux.patch
Normal file
@ -0,0 +1,152 @@
|
||||
diff -up at-3.1.12/config.h.in.selinux at-3.1.12/config.h.in
|
||||
--- at-3.1.12/config.h.in.selinux 2009-12-02 16:32:19.469228959 +0100
|
||||
+++ at-3.1.12/config.h.in 2009-12-02 16:32:57.706966488 +0100
|
||||
@@ -71,6 +71,9 @@
|
||||
/* Define if you are building with_pam */
|
||||
#undef WITH_PAM
|
||||
|
||||
+/* Define if you are building with_selinux */
|
||||
+#undef WITH_SELINUX
|
||||
+
|
||||
/* Define to 1 if you have the `pstat_getdynamic' function. */
|
||||
#undef HAVE_PSTAT_GETDYNAMIC
|
||||
|
||||
diff -up at-3.1.12/configure.ac.selinux at-3.1.12/configure.ac
|
||||
--- at-3.1.12/configure.ac.selinux 2009-12-02 16:31:15.323246019 +0100
|
||||
+++ at-3.1.12/configure.ac 2009-12-02 16:32:01.425966844 +0100
|
||||
@@ -266,5 +266,13 @@ AC_ARG_WITH(daemon_groupname,
|
||||
)
|
||||
AC_SUBST(DAEMON_GROUPNAME)
|
||||
|
||||
+AC_ARG_WITH(selinux,
|
||||
+[ --with-selinux Define to run with selinux],
|
||||
+AC_DEFINE(WITH_SELINUX),
|
||||
+)
|
||||
+AC_CHECK_LIB(selinux, is_selinux_enabled, SELINUXLIB=-lselinux)
|
||||
+AC_SUBST(SELINUXLIB)
|
||||
+AC_SUBST(WITH_SELINUX)
|
||||
+
|
||||
AC_CONFIG_FILES(Makefile atrun atd.8 atrun.8 at.1 batch)
|
||||
AC_OUTPUT
|
||||
diff -up at-3.1.12/Makefile.in.selinux at-3.1.12/Makefile.in
|
||||
--- at-3.1.12/Makefile.in.selinux 2009-12-02 16:30:11.923216529 +0100
|
||||
+++ at-3.1.12/Makefile.in 2009-12-02 16:30:57.949215706 +0100
|
||||
@@ -39,6 +39,7 @@ LIBS = @LIBS@
|
||||
LIBOBJS = @LIBOBJS@
|
||||
INSTALL = @INSTALL@
|
||||
PAMLIB = @PAMLIB@
|
||||
+SELINUXLIB = @SELINUXLIB@
|
||||
|
||||
CLONES = atq atrm
|
||||
ATOBJECTS = at.o panic.o perm.o posixtm.o y.tab.o lex.yy.o
|
||||
diff -up at-3.1.12/atd.c.selinux at-3.1.12/atd.c
|
||||
--- at-3.1.12/atd.c.selinux 2009-12-03 13:03:57.182284669 +0100
|
||||
+++ at-3.1.12/atd.c 2009-12-03 13:07:20.542272874 +0100
|
||||
@@ -83,6 +83,14 @@
|
||||
#include "getloadavg.h"
|
||||
#endif
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+#include <selinux/selinux.h>
|
||||
+#include <selinux/get_context_list.h>
|
||||
+int selinux_enabled=0;
|
||||
+#include <selinux/flask.h>
|
||||
+#include <selinux/av_permissions.h>
|
||||
+#endif
|
||||
+
|
||||
#ifndef LOG_ATD
|
||||
#define LOG_ATD LOG_DAEMON
|
||||
#endif
|
||||
@@ -202,6 +210,68 @@ myfork()
|
||||
#define ATD_MAIL_NAME "mailx"
|
||||
#endif
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+static int set_selinux_context(const char *name, const char *filename) {
|
||||
+ security_context_t user_context=NULL;
|
||||
+ security_context_t file_context=NULL;
|
||||
+ struct av_decision avd;
|
||||
+ int retval=-1;
|
||||
+ char *seuser=NULL;
|
||||
+ char *level=NULL;
|
||||
+
|
||||
+ if (getseuserbyname(name, &seuser, &level) == 0) {
|
||||
+ retval=get_default_context_with_level(seuser, level, NULL, &user_context);
|
||||
+ free(seuser);
|
||||
+ free(level);
|
||||
+ if (retval) {
|
||||
+ if (security_getenforce()==1) {
|
||||
+ perr("execle: couldn't get security context for user %s\n", name);
|
||||
+ } else {
|
||||
+ syslog(LOG_ERR, "execle: couldn't get security context for user %s\n", name);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ /*
|
||||
+ * Since crontab files are not directly executed,
|
||||
+ * crond must ensure that the crontab file has
|
||||
+ * a context that is appropriate for the context of
|
||||
+ * the user cron job. It performs an entrypoint
|
||||
+ * permission check for this purpose.
|
||||
+ */
|
||||
+ if (fgetfilecon(STDIN_FILENO, &file_context) < 0)
|
||||
+ perr("fgetfilecon FAILED %s", filename);
|
||||
+
|
||||
+ retval = security_compute_av(user_context,
|
||||
+ file_context,
|
||||
+ SECCLASS_FILE,
|
||||
+ FILE__ENTRYPOINT,
|
||||
+ &avd);
|
||||
+ freecon(file_context);
|
||||
+ if (retval || ((FILE__ENTRYPOINT & avd.allowed) != FILE__ENTRYPOINT)) {
|
||||
+ if (security_getenforce()==1) {
|
||||
+ perr("Not allowed to set exec context to %s for user %s\n", user_context,name);
|
||||
+ } else {
|
||||
+ syslog(LOG_ERR, "Not allowed to set exec context to %s for user %s\n", user_context,name);
|
||||
+ retval = -1;
|
||||
+ goto err;
|
||||
+ }
|
||||
+ }
|
||||
+ if (setexeccon(user_context) < 0) {
|
||||
+ if (security_getenforce()==1) {
|
||||
+ perr("Could not set exec context to %s for user %s\n", user_context,name);
|
||||
+ retval = -1;
|
||||
+ } else {
|
||||
+ syslog(LOG_ERR, "Could not set exec context to %s for user %s\n", user_context,name);
|
||||
+ }
|
||||
+ }
|
||||
+ err:
|
||||
+ freecon(user_context);
|
||||
+ return 0;
|
||||
+}
|
||||
+#endif
|
||||
+
|
||||
static void
|
||||
run_file(const char *filename, uid_t uid, gid_t gid)
|
||||
{
|
||||
@@ -452,6 +522,12 @@ run_file(const char *filename, uid_t uid
|
||||
perr("Cannot reset signal handler to default");
|
||||
|
||||
chdir("/");
|
||||
+#ifdef WITH_SELINUX
|
||||
+ if (selinux_enabled > 0) {
|
||||
+ if (set_selinux_context(pentry->pw_name, filename) < 0)
|
||||
+ perr("SELinux Failed to set context\n");
|
||||
+ }
|
||||
+#endif
|
||||
|
||||
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
|
||||
perr("Exec failed for /bin/sh");
|
||||
@@ -774,6 +850,10 @@ main(int argc, char *argv[])
|
||||
struct passwd *pwe;
|
||||
struct group *ge;
|
||||
|
||||
+#ifdef WITH_SELINUX
|
||||
+ selinux_enabled=is_selinux_enabled();
|
||||
+#endif
|
||||
+
|
||||
/* We don't need root privileges all the time; running under uid and gid
|
||||
* daemon is fine.
|
||||
*/
|
55
at-3.1.12-shell.patch
Normal file
55
at-3.1.12-shell.patch
Normal file
@ -0,0 +1,55 @@
|
||||
diff -up at-3.1.12/at.c.shell at-3.1.12/at.c
|
||||
--- at-3.1.12/at.c.shell 2009-12-02 13:25:12.706989310 +0100
|
||||
+++ at-3.1.12/at.c 2009-12-02 13:26:01.991966200 +0100
|
||||
@@ -62,11 +62,8 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
-#ifdef TM_IN_SYS_TIME
|
||||
#include <sys/time.h>
|
||||
-#else
|
||||
#include <time.h>
|
||||
-#endif
|
||||
|
||||
#ifdef HAVE_UNISTD_H
|
||||
#include <unistd.h>
|
||||
@@ -244,6 +241,12 @@ writefile(time_t runtimer, char queue)
|
||||
int kill_errno;
|
||||
int rc;
|
||||
int mailsize = 128;
|
||||
+ struct timeval tv;
|
||||
+ struct timezone tz;
|
||||
+ long int i;
|
||||
+
|
||||
+ gettimeofday(&tv, &tz);
|
||||
+ srandom(getpid()+tv.tv_usec);
|
||||
|
||||
/* Install the signal handler for SIGINT; terminate after removing the
|
||||
* spool file if necessary
|
||||
@@ -461,6 +464,9 @@ writefile(time_t runtimer, char queue)
|
||||
fprintf(fp, " || {\n\t echo 'Execution directory "
|
||||
"inaccessible' >&2\n\t exit 1\n}\n");
|
||||
|
||||
+ i = random();
|
||||
+ fprintf(fp, "${SHELL:-/bin/sh} << marcinDELIMITER%08lx\n", i);
|
||||
+
|
||||
istty = isatty(fileno(stdin));
|
||||
if (istty) {
|
||||
fprintf(stderr, "at> ");
|
||||
@@ -477,6 +483,7 @@ writefile(time_t runtimer, char queue)
|
||||
fprintf(stderr, "<EOT>\n");
|
||||
}
|
||||
fprintf(fp, "\n");
|
||||
+ fprintf(fp, "marcinDELIMITER%08lx\n", i);
|
||||
if (ferror(fp))
|
||||
panic("Output error");
|
||||
|
||||
@@ -926,7 +933,7 @@ main(int argc, char **argv)
|
||||
It also alows a warning diagnostic to be printed. Because of the
|
||||
possible variance, we always output the diagnostic. */
|
||||
|
||||
- fprintf(stderr, "warning: commands will be executed using /bin/sh\n");
|
||||
+ //fprintf(stderr, "warning: commands will be executed using /bin/sh\n");
|
||||
|
||||
writefile(timer, queue);
|
||||
break;
|
82
at-3.1.13-makefile.patch
Normal file
82
at-3.1.13-makefile.patch
Normal file
@ -0,0 +1,82 @@
|
||||
diff -up at-3.1.13/Makefile.in.make at-3.1.13/Makefile.in
|
||||
--- at-3.1.13/Makefile.in.make 2011-06-25 14:43:14.000000000 +0200
|
||||
+++ at-3.1.13/Makefile.in 2011-07-29 08:06:28.317600053 +0200
|
||||
@@ -65,13 +65,13 @@ LIST = Filelist Filelist.asc
|
||||
all: at atd atrun
|
||||
|
||||
at: $(ATOBJECTS)
|
||||
- $(CC) $(CFLAGS) -o at $(ATOBJECTS) $(LIBS) $(LEXLIB)
|
||||
+ $(CC) $(CFLAGS) -o at -pie $(ATOBJECTS) $(LIBS) $(LEXLIB) $(SELINUXLIB) $(PAMLIB)
|
||||
rm -f $(CLONES)
|
||||
$(LN_S) -f at atq
|
||||
$(LN_S) -f at atrm
|
||||
|
||||
atd: $(RUNOBJECTS)
|
||||
- $(CC) $(CFLAGS) -o atd $(RUNOBJECTS) $(LIBS) $(PAMLIB)
|
||||
+ $(CC) $(CFLAGS) -o atd -pie $(RUNOBJECTS) $(LIBS) $(SELINUXLIB) $(PAMLIB)
|
||||
|
||||
y.tab.c y.tab.h: parsetime.y
|
||||
$(YACC) -d parsetime.y
|
||||
@@ -83,38 +83,41 @@ atrun: atrun.in
|
||||
configure
|
||||
|
||||
.c.o:
|
||||
- $(CC) -c $(CFLAGS) $(DEFS) $*.c
|
||||
+ $(CC) -c $(CFLAGS) -fPIE $(DEFS) $*.c
|
||||
|
||||
install: all
|
||||
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(etcdir)
|
||||
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(bindir)
|
||||
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(sbindir)
|
||||
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(docdir)
|
||||
- $(INSTALL) -g root -o root -m 755 -d $(IROOT)$(atdocdir)
|
||||
- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR)
|
||||
- chmod 1770 $(IROOT)$(ATSPOOL_DIR) $(IROOT)$(ATJOB_DIR)
|
||||
+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)
|
||||
+ $(INSTALL) -m 755 -d $(IROOT)$(bindir)
|
||||
+ $(INSTALL) -m 755 -d $(IROOT)$(sbindir)
|
||||
+ $(INSTALL) -m 755 -d $(IROOT)$(docdir)
|
||||
+ $(INSTALL) -m 755 -d $(IROOT)$(atdocdir)
|
||||
+ $(INSTALL) -m 755 -d $(IROOT)$(etcdir)/pam.d/
|
||||
+ $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 755 -d $(IROOT)$(ATSPOOL_DIR)
|
||||
+ chmod 700 $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR)
|
||||
+ chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(ATJOB_DIR) $(IROOT)$(ATSPOOL_DIR)
|
||||
touch $(IROOT)$(LFILE)
|
||||
chmod 600 $(IROOT)$(LFILE)
|
||||
chown $(DAEMON_USERNAME):$(DAEMON_GROUPNAME) $(IROOT)$(LFILE)
|
||||
- test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -o root -g $(DAEMON_GROUPNAME) -m 640 at.deny $(IROOT)$(etcdir)/
|
||||
- $(INSTALL) -g $(DAEMON_GROUPNAME) -o $(DAEMON_USERNAME) -m 6755 at $(IROOT)$(bindir)
|
||||
+ test -f $(IROOT)$(etcdir)/at.allow || test -f $(IROOT)$(etcdir)/at.deny || $(INSTALL) -m 600 at.deny $(IROOT)$(etcdir)/
|
||||
+ $(INSTALL) -o $(INSTALL_ROOT_USER) -g $(DAEMON_GROUPNAME) pam_atd $(IROOT)$(etcdir)/pam.d/atd
|
||||
+ $(INSTALL) -m 4755 at $(IROOT)$(bindir)
|
||||
$(LN_S) -f at $(IROOT)$(bindir)/atq
|
||||
$(LN_S) -f at $(IROOT)$(bindir)/atrm
|
||||
- $(INSTALL) -g root -o root -m 755 batch $(IROOT)$(bindir)
|
||||
- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man1dir)
|
||||
- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man5dir)
|
||||
- $(INSTALL) -d -o root -g root -m 755 $(IROOT)$(man8dir)
|
||||
- $(INSTALL) -g root -o root -m 755 atd $(IROOT)$(sbindir)
|
||||
- $(INSTALL) -g root -o root -m 755 atrun $(IROOT)$(sbindir)
|
||||
- $(INSTALL) -g root -o root -m 644 at.1 $(IROOT)$(man1dir)/
|
||||
+ $(INSTALL) -m 755 batch $(IROOT)$(bindir)
|
||||
+ $(INSTALL) -d -m 755 $(IROOT)$(man1dir)
|
||||
+ $(INSTALL) -d -m 755 $(IROOT)$(man5dir)
|
||||
+ $(INSTALL) -d -m 755 $(IROOT)$(man8dir)
|
||||
+ $(INSTALL) -m 755 atd $(IROOT)$(sbindir)
|
||||
+ $(INSTALL) -m 755 atrun $(IROOT)$(sbindir)
|
||||
+ $(INSTALL) -m 644 at.1 $(IROOT)$(man1dir)/
|
||||
cd $(IROOT)$(man1dir) && $(LN_S) -f at.1 atq.1 && $(LN_S) -f at.1 batch.1 && $(LN_S) -f at.1 atrm.1
|
||||
- $(INSTALL) -g root -o root -m 644 atd.8 $(IROOT)$(man8dir)/
|
||||
+ $(INSTALL) -m 644 atd.8 $(IROOT)$(man8dir)/
|
||||
sed "s,\$${exec_prefix},$(exec_prefix),g" <atrun.8>tmpman
|
||||
- $(INSTALL) -g root -o root -m 644 tmpman $(IROOT)$(man8dir)/atrun.8
|
||||
+ $(INSTALL) -m 644 tmpman $(IROOT)$(man8dir)/atrun.8
|
||||
rm -f tmpman
|
||||
- $(INSTALL) -g root -o root -m 644 at.allow.5 $(IROOT)$(man5dir)/
|
||||
+ $(INSTALL) -m 644 at.allow.5 $(IROOT)$(man5dir)/
|
||||
cd $(IROOT)$(man5dir) && $(LN_S) -f at.allow.5 at.deny.5
|
||||
- $(INSTALL) -g root -o root -m 644 $(DOCS) $(IROOT)$(atdocdir)
|
||||
+ $(INSTALL) -m 644 $(DOCS) $(IROOT)$(atdocdir)
|
||||
rm -f $(IROOT)$(mandir)/cat1/at.1* $(IROOT)$(mandir)/cat1/batch.1* \
|
||||
$(IROOT)$(mandir)/cat1/atq.1*
|
||||
rm -f $(IROOT)$(mandir)/cat1/atd.8*
|
430
at-3.1.13-pam.patch
Normal file
430
at-3.1.13-pam.patch
Normal file
@ -0,0 +1,430 @@
|
||||
diff -up at-3.1.13/at.c.pam at-3.1.13/at.c
|
||||
--- at-3.1.13/at.c.pam 2011-07-29 13:51:50.234127938 +0200
|
||||
+++ at-3.1.13/at.c 2011-07-29 13:51:50.245127883 +0200
|
||||
@@ -141,18 +141,13 @@ sigc(int signo)
|
||||
/* If the user presses ^C, remove the spool file and exit
|
||||
*/
|
||||
if (fcreated) {
|
||||
- /*
|
||||
PRIV_START
|
||||
-
|
||||
+ /*
|
||||
We need the unprivileged uid here since the file is owned by the real
|
||||
(not effective) uid.
|
||||
*/
|
||||
- setregid(real_gid, effective_gid);
|
||||
- unlink(atfile);
|
||||
- setregid(effective_gid, real_gid);
|
||||
- /*
|
||||
+ unlink(atfile);
|
||||
PRIV_END
|
||||
- */
|
||||
}
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
@@ -318,26 +313,19 @@ writefile(time_t runtimer, char queue)
|
||||
* bit. Yes, this is a kluge.
|
||||
*/
|
||||
cmask = umask(S_IRUSR | S_IWUSR | S_IXUSR);
|
||||
- seteuid(real_uid);
|
||||
+ if ((seteuid(effective_uid)) < 0)
|
||||
+ perr("Error in seteuid: %s", errno);
|
||||
if ((fd = open(atfile, O_CREAT | O_EXCL | O_TRUNC | O_WRONLY, S_IRUSR)) == -1)
|
||||
perr("Cannot create atjob file %.500s", atfile);
|
||||
- seteuid(effective_uid);
|
||||
|
||||
if ((fd2 = dup(fd)) < 0)
|
||||
perr("Error in dup() of job file");
|
||||
|
||||
- /*
|
||||
if (fchown(fd2, real_uid, real_gid) != 0)
|
||||
- perr("Cannot give away file");
|
||||
- */
|
||||
+ perr("Cannot give real_uid and real_gid the file");
|
||||
|
||||
PRIV_END
|
||||
|
||||
- /* We no longer need suid root; now we just need to be able to write
|
||||
- * to the directory, if necessary.
|
||||
- */
|
||||
-
|
||||
- REDUCE_PRIV(daemon_uid, daemon_gid)
|
||||
/* We've successfully created the file; let's set the flag so it
|
||||
* gets removed in case of an interrupt or error.
|
||||
*/
|
||||
@@ -661,7 +649,7 @@ process_jobs(int argc, char **argv, int
|
||||
We need the unprivileged uid here since the file is owned by the real
|
||||
(not effective) uid.
|
||||
*/
|
||||
- setregid(real_gid, effective_gid);
|
||||
+ PRIV_START
|
||||
|
||||
if (queue == '=') {
|
||||
fprintf(stderr, "Warning: deleting running job\n");
|
||||
@@ -670,8 +658,8 @@ process_jobs(int argc, char **argv, int
|
||||
perr("Cannot unlink %.500s", dirent->d_name);
|
||||
rc = EXIT_FAILURE;
|
||||
}
|
||||
+ PRIV_END
|
||||
|
||||
- setregid(effective_gid, real_gid);
|
||||
done = 1;
|
||||
|
||||
break;
|
||||
@@ -681,7 +669,7 @@ process_jobs(int argc, char **argv, int
|
||||
FILE *fp;
|
||||
int ch;
|
||||
|
||||
- setregid(real_gid, effective_gid);
|
||||
+ PRIV_START
|
||||
fp = fopen(dirent->d_name, "r");
|
||||
|
||||
if (fp) {
|
||||
@@ -694,7 +682,7 @@ process_jobs(int argc, char **argv, int
|
||||
perr("Cannot open %.500s", dirent->d_name);
|
||||
rc = EXIT_FAILURE;
|
||||
}
|
||||
- setregid(effective_gid, real_gid);
|
||||
+ PRIV_END
|
||||
}
|
||||
break;
|
||||
|
||||
diff -up at-3.1.13/atd.c.pam at-3.1.13/atd.c
|
||||
--- at-3.1.13/atd.c.pam 2011-07-29 13:51:50.240127908 +0200
|
||||
+++ at-3.1.13/atd.c 2011-07-29 13:54:35.805384873 +0200
|
||||
@@ -111,7 +111,7 @@ static int run_as_daemon = 0;
|
||||
|
||||
static volatile sig_atomic_t term_signal = 0;
|
||||
|
||||
-#ifdef HAVE_PAM
|
||||
+#ifdef WITH_PAM
|
||||
#include <security/pam_appl.h>
|
||||
|
||||
static pam_handle_t *pamh = NULL;
|
||||
@@ -120,15 +120,7 @@ static const struct pam_conv conv = {
|
||||
NULL
|
||||
};
|
||||
|
||||
-#define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
|
||||
- fprintf(stderr,"\n%s\n",pam_strerror(pamh, retcode)); \
|
||||
- syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
|
||||
- pam_end(pamh, retcode); exit(1); \
|
||||
- }
|
||||
-#define PAM_END { retcode = pam_close_session(pamh,0); \
|
||||
- pam_end(pamh,retcode); }
|
||||
-
|
||||
-#endif /* HAVE_PAM */
|
||||
+#endif /* WITH_PAM */
|
||||
|
||||
/* Signal handlers */
|
||||
RETSIGTYPE
|
||||
@@ -235,7 +227,7 @@ run_file(const char *filename, uid_t uid
|
||||
char fmt[64];
|
||||
unsigned long jobno;
|
||||
int rc;
|
||||
-#ifdef HAVE_PAM
|
||||
+#ifdef WITH_PAM
|
||||
int retcode;
|
||||
#endif
|
||||
|
||||
@@ -395,17 +387,10 @@ run_file(const char *filename, uid_t uid
|
||||
fstat(fd_out, &buf);
|
||||
size = buf.st_size;
|
||||
|
||||
-#ifdef HAVE_PAM
|
||||
- PRIV_START
|
||||
- retcode = pam_start("atd", pentry->pw_name, &conv, &pamh);
|
||||
- PAM_FAIL_CHECK;
|
||||
- retcode = pam_acct_mgmt(pamh, PAM_SILENT);
|
||||
- PAM_FAIL_CHECK;
|
||||
- retcode = pam_open_session(pamh, PAM_SILENT);
|
||||
- PAM_FAIL_CHECK;
|
||||
- retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT);
|
||||
- PAM_FAIL_CHECK;
|
||||
- PRIV_END
|
||||
+#ifdef WITH_PAM
|
||||
+ PAM_HANDLING;
|
||||
+ closelog();
|
||||
+ openlog("atd", LOG_PID, LOG_ATD);
|
||||
#endif
|
||||
|
||||
close(STDIN_FILENO);
|
||||
@@ -419,7 +404,14 @@ run_file(const char *filename, uid_t uid
|
||||
else if (pid == 0) {
|
||||
char *nul = NULL;
|
||||
char **nenvp = &nul;
|
||||
+ char **pam_envp=0L;
|
||||
|
||||
+ PRIV_START
|
||||
+#ifdef WITH_PAM
|
||||
+ pam_envp = pam_getenvlist(pamh);
|
||||
+ if ( ( pam_envp != 0L ) && (pam_envp[0] != 0L) )
|
||||
+ nenvp = pam_envp;
|
||||
+#endif
|
||||
/* Set up things for the child; we want standard input from the
|
||||
* input file, and standard output and error sent to our output file.
|
||||
*/
|
||||
@@ -438,8 +430,6 @@ run_file(const char *filename, uid_t uid
|
||||
close(fd_in);
|
||||
close(fd_out);
|
||||
|
||||
- PRIV_START
|
||||
-
|
||||
nice((tolower((int) queue) - 'a' + 1) * 2);
|
||||
|
||||
if (initgroups(pentry->pw_name, pentry->pw_gid))
|
||||
@@ -458,7 +448,16 @@ run_file(const char *filename, uid_t uid
|
||||
|
||||
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
|
||||
perr("Exec failed for /bin/sh");
|
||||
-
|
||||
+#ifdef WITH_PAM
|
||||
+ if ( ( nenvp != &nul ) && (pam_envp != 0L) && (*pam_envp != 0L))
|
||||
+ {
|
||||
+ for( nenvp = pam_envp; *nenvp != 0L; nenvp++)
|
||||
+ free(*nenvp);
|
||||
+ free( pam_envp );
|
||||
+ nenvp = &nul;
|
||||
+ pam_envp=0L;
|
||||
+ }
|
||||
+#endif
|
||||
PRIV_END
|
||||
}
|
||||
/* We're the parent. Let's wait.
|
||||
@@ -471,14 +470,6 @@ run_file(const char *filename, uid_t uid
|
||||
*/
|
||||
waitpid(pid, (int *) NULL, 0);
|
||||
|
||||
-#ifdef HAVE_PAM
|
||||
- PRIV_START
|
||||
- pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
|
||||
- retcode = pam_close_session(pamh, PAM_SILENT);
|
||||
- pam_end(pamh, retcode);
|
||||
- PRIV_END
|
||||
-#endif
|
||||
-
|
||||
/* Send mail. Unlink the output file after opening it, so it
|
||||
* doesn't hang around after the run.
|
||||
*/
|
||||
@@ -509,8 +500,19 @@ run_file(const char *filename, uid_t uid
|
||||
unlink(newname);
|
||||
free(newname);
|
||||
|
||||
+#ifdef ATD_MAIL_PROGRAM
|
||||
if (((send_mail != -1) && (buf.st_size != size)) || (send_mail == 1)) {
|
||||
+ int mail_pid = -1;
|
||||
+#ifdef WITH_PAM
|
||||
+ PAM_HANDLING;
|
||||
+ closelog();
|
||||
+ openlog("atd", LOG_PID, LOG_ATD);
|
||||
+#endif
|
||||
+
|
||||
+ mail_pid = fork();
|
||||
|
||||
+ if ( mail_pid == 0 )
|
||||
+ {
|
||||
PRIV_START
|
||||
|
||||
if (initgroups(pentry->pw_name, pentry->pw_gid))
|
||||
@@ -535,7 +537,23 @@ run_file(const char *filename, uid_t uid
|
||||
perr("Exec failed for mail command");
|
||||
|
||||
PRIV_END
|
||||
+ }
|
||||
+ else if ( mail_pid == -1 ) {
|
||||
+ perr("fork of mailer failed");
|
||||
+ }
|
||||
+ else {
|
||||
+ /* Parent */
|
||||
+ waitpid(mail_pid, (int *) NULL, 0);
|
||||
+ }
|
||||
+#ifdef WITH_PAM
|
||||
+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
|
||||
+ pam_close_session(pamh, PAM_SILENT);
|
||||
+ pam_end(pamh, PAM_ABORT);
|
||||
+ closelog();
|
||||
+ openlog("atd", LOG_PID, LOG_ATD);
|
||||
+#endif
|
||||
}
|
||||
+#endif
|
||||
exit(EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
diff -up at-3.1.13/config.h.in.pam at-3.1.13/config.h.in
|
||||
--- at-3.1.13/config.h.in.pam 2011-06-25 14:43:14.000000000 +0200
|
||||
+++ at-3.1.13/config.h.in 2011-07-29 13:51:50.246127878 +0200
|
||||
@@ -68,8 +68,8 @@
|
||||
/* Define to 1 if you have the <nlist.h> header file. */
|
||||
#undef HAVE_NLIST_H
|
||||
|
||||
-/* Define to 1 for PAM support */
|
||||
-#undef HAVE_PAM
|
||||
+/* Define if you are building with_pam */
|
||||
+#undef WITH_PAM
|
||||
|
||||
/* Define to 1 if you have the `pstat_getdynamic' function. */
|
||||
#undef HAVE_PSTAT_GETDYNAMIC
|
||||
diff -up at-3.1.13/configure.ac.pam at-3.1.13/configure.ac
|
||||
--- at-3.1.13/configure.ac.pam 2011-06-25 14:43:14.000000000 +0200
|
||||
+++ at-3.1.13/configure.ac 2011-07-29 13:51:50.247127873 +0200
|
||||
@@ -84,7 +84,7 @@ AC_FUNC_GETLOADAVG
|
||||
AC_CHECK_FUNCS(getcwd mktime strftime setreuid setresuid sigaction waitpid)
|
||||
AC_CHECK_HEADERS(security/pam_appl.h, [
|
||||
PAMLIB="-lpam"
|
||||
- AC_DEFINE(HAVE_PAM, 1, [Define to 1 for PAM support])
|
||||
+ AC_DEFINE(WITH_PAM, 1, [Define to 1 for PAM support])
|
||||
])
|
||||
|
||||
dnl Checking for programs
|
||||
@@ -238,6 +238,13 @@ AC_ARG_WITH(daemon_username,
|
||||
)
|
||||
AC_SUBST(DAEMON_USERNAME)
|
||||
|
||||
+AC_ARG_WITH(pam,
|
||||
+[ --with-pam Define to enable pam support ],
|
||||
+AC_DEFINE(WITH_PAM),
|
||||
+)
|
||||
+AC_CHECK_LIB(pam, pam_start, PAMLIB='-lpam -lpam_misc')
|
||||
+AC_SUBST(PAMLIB)
|
||||
+
|
||||
AC_MSG_CHECKING(groupname to run under)
|
||||
AC_ARG_WITH(daemon_groupname,
|
||||
[ --with-daemon_groupname=DAEMON_GROUPNAME Groupname to run under (default daemon) ],
|
||||
diff -up at-3.1.13/perm.c.pam at-3.1.13/perm.c
|
||||
--- at-3.1.13/perm.c.pam 2011-06-25 14:43:14.000000000 +0200
|
||||
+++ at-3.1.13/perm.c 2011-07-29 13:51:50.248127868 +0200
|
||||
@@ -51,6 +51,14 @@
|
||||
#define PRIV_END while(0)
|
||||
#endif
|
||||
|
||||
+#ifdef WITH_PAM
|
||||
+#include <security/pam_appl.h>
|
||||
+static pam_handle_t *pamh = NULL;
|
||||
+static const struct pam_conv conv = {
|
||||
+ NULL
|
||||
+};
|
||||
+#endif
|
||||
+
|
||||
/* Structures and unions */
|
||||
|
||||
|
||||
@@ -108,18 +116,51 @@ user_in_file(const char *path, const cha
|
||||
int
|
||||
check_permission()
|
||||
{
|
||||
- uid_t uid = geteuid();
|
||||
+ uid_t euid = geteuid(), uid=getuid(), egid=getegid(), gid=getgid();
|
||||
struct passwd *pentry;
|
||||
int allow = 0, deny = 1;
|
||||
|
||||
- if (uid == 0)
|
||||
+ int retcode = 0;
|
||||
+ if (euid == 0)
|
||||
return 1;
|
||||
|
||||
- if ((pentry = getpwuid(uid)) == NULL) {
|
||||
+ if ((pentry = getpwuid(euid)) == NULL) {
|
||||
perror("Cannot access user database");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
+#ifdef WITH_PAM
|
||||
+/*
|
||||
+ * We must check if the atd daemon userid will be allowed to gain the job owner user's
|
||||
+ * credentials with PAM . If not, the user has been denied at(1) usage, eg. with pam_access.
|
||||
+ */
|
||||
+ if (setreuid(daemon_uid, daemon_uid) != 0) {
|
||||
+ fprintf(stderr, "cannot set egid: %s", strerror(errno));
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ if (setregid(daemon_gid, daemon_gid) != 0) {
|
||||
+ fprintf(stderr, "cannot set euid: %s", strerror(errno));
|
||||
+ exit(1);
|
||||
+ }
|
||||
+
|
||||
+ pam_close_session(pamh,PAM_SILENT);
|
||||
+
|
||||
+ PAM_HANDLING;
|
||||
+
|
||||
+ pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT );
|
||||
+ pam_close_session(pamh,PAM_SILENT);
|
||||
+ pam_end(pamh, PAM_ABORT);
|
||||
+
|
||||
+ if (setregid(gid,egid) != 0) {
|
||||
+ fprintf(stderr, "cannot set egid: %s", strerror(errno));
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ if (setreuid(uid,euid) != 0) {
|
||||
+ fprintf(stderr, "cannot set euid: %s", strerror(errno));
|
||||
+ exit(1);
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
allow = user_in_file(ETCDIR "/at.allow", pentry->pw_name);
|
||||
if (allow==0 || allow==1)
|
||||
return allow;
|
||||
diff -up at-3.1.13/privs.h.pam at-3.1.13/privs.h
|
||||
--- at-3.1.13/privs.h.pam 2011-06-25 14:43:14.000000000 +0200
|
||||
+++ at-3.1.13/privs.h 2011-07-29 13:51:50.248127868 +0200
|
||||
@@ -144,3 +144,61 @@ extern gid_t real_gid, effective_gid, da
|
||||
#error "Cannot implement user ID swapping without setreuid or setresuid"
|
||||
#endif
|
||||
#endif
|
||||
+
|
||||
+#ifdef WITH_PAM
|
||||
+/* PAM failed after session was open. */
|
||||
+#define PAM_SESSION_FAIL if (retcode != PAM_SUCCESS) \
|
||||
+ pam_close_session(pamh,PAM_SILENT);
|
||||
+
|
||||
+/* syslog will be logging error messages */
|
||||
+#ifdef HAVE_UNISTD_H
|
||||
+#include <syslog.h>
|
||||
+#endif
|
||||
+
|
||||
+/* PAM fail even before opening the session */
|
||||
+#define PAM_FAIL_CHECK \
|
||||
+ do { if (retcode != PAM_SUCCESS) { \
|
||||
+ fprintf(stderr,"PAM failure: %s\n",pam_strerror(pamh, retcode)); \
|
||||
+ syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
|
||||
+ if (pamh) \
|
||||
+ pam_end(pamh, retcode); \
|
||||
+ if (setregid(getgid(),getegid()) != 0) { \
|
||||
+ fprintf(stderr, "cannot set egid: %s", strerror(errno)); \
|
||||
+ exit(1); \
|
||||
+ } \
|
||||
+ if (setreuid(getuid(),geteuid()) != 0) { \
|
||||
+ fprintf(stderr, "cannot set euid: %s", strerror(errno)); \
|
||||
+ exit(1); \
|
||||
+ } \
|
||||
+ exit(1); \
|
||||
+ } \
|
||||
+ } while (0) \
|
||||
+
|
||||
+/* PAM - check after every operation whether they passed */
|
||||
+#define PAM_HANDLING \
|
||||
+ do { pamh = NULL; \
|
||||
+ retcode = pam_start("atd", pentry->pw_name, &conv, &pamh); \
|
||||
+ PAM_FAIL_CHECK; \
|
||||
+ retcode = pam_set_item(pamh, PAM_TTY, "atd"); \
|
||||
+ PAM_FAIL_CHECK; \
|
||||
+ retcode = pam_acct_mgmt(pamh, PAM_SILENT); \
|
||||
+ PAM_FAIL_CHECK; \
|
||||
+ retcode = pam_open_session(pamh, PAM_SILENT); \
|
||||
+ PAM_FAIL_CHECK; \
|
||||
+ retcode = pam_setcred(pamh, PAM_ESTABLISH_CRED | PAM_SILENT); \
|
||||
+ PAM_SESSION_FAIL; \
|
||||
+ PAM_FAIL_CHECK; \
|
||||
+ } while (0)
|
||||
+
|
||||
+/* OLD FAIL_CHECK ONLY FOR perm.c
|
||||
+ * define PAM_FAIL_CHECK if (retcode != PAM_SUCCESS) { \
|
||||
+ * fprintf(stderr,"\nPAM failure %s\n",pam_strerror(pamh, retcode)); \
|
||||
+ * syslog(LOG_ERR,"%s",pam_strerror(pamh, retcode)); \
|
||||
+ * if (pamh) \
|
||||
+ * pam_end(pamh, retcode); \
|
||||
+ * exit(1); \
|
||||
+ * }
|
||||
+ */
|
||||
+
|
||||
+#endif
|
||||
+
|
11
at-3.1.7-lockfile.patch
Normal file
11
at-3.1.7-lockfile.patch
Normal file
@ -0,0 +1,11 @@
|
||||
--- at-3.1.7/at.c.lockfile Wed Oct 22 17:56:22 1997
|
||||
+++ at-3.1.7/at.c Wed Oct 22 17:56:40 1997
|
||||
@@ -199,7 +199,7 @@
|
||||
fscanf(fid, "%5lx", &jobno);
|
||||
rewind(fid);
|
||||
} else {
|
||||
- fid = fopen(ATJOB_DIR "/.SEQ", "w");
|
||||
+ fid = fopen(LFILE, "w");
|
||||
if (fid == NULL)
|
||||
return EOF;
|
||||
}
|
12
at-3.1.7-sigchld.patch
Normal file
12
at-3.1.7-sigchld.patch
Normal file
@ -0,0 +1,12 @@
|
||||
--- at-3.1.7/atd.c.sigchld Mon May 24 16:56:41 1999
|
||||
+++ at-3.1.7/atd.c Mon May 24 16:58:57 1999
|
||||
@@ -348,6 +348,9 @@
|
||||
if (setuid(uid) < 0)
|
||||
perr("Cannot set user id");
|
||||
|
||||
+ if (SIG_ERR == signal(SIGCHLD, SIG_DFL))
|
||||
+ perr("Cannot reset signal handler to default");
|
||||
+
|
||||
chdir("/");
|
||||
|
||||
if (execle("/bin/sh", "sh", (char *) NULL, nenvp) != 0)
|
12
at-3.1.8-perr.patch
Normal file
12
at-3.1.8-perr.patch
Normal file
@ -0,0 +1,12 @@
|
||||
--- at-3.1.8/atd.c.org 2002-07-19 16:20:24.000000000 +0900
|
||||
+++ at-3.1.8/atd.c 2002-07-19 16:22:30.000000000 +0900
|
||||
@@ -453,7 +453,8 @@
|
||||
#elif defined(MAILX)
|
||||
execl(MAILX, "mailx", mailname, (char *) NULL);
|
||||
#else
|
||||
-#error "No mail command specified."
|
||||
+/*#error "No mail command specified."*/
|
||||
+ perr("No mail command specified.");
|
||||
#endif
|
||||
perr("Exec failed for mail command");
|
||||
|
139
at-3.1.8-t_option.patch
Normal file
139
at-3.1.8-t_option.patch
Normal file
@ -0,0 +1,139 @@
|
||||
--- at-3.1.10/at.1.in.t_opti 2006-09-12 12:48:04.000000000 +0200
|
||||
+++ at-3.1.10/at.1.in 2006-09-12 12:45:40.000000000 +0200
|
||||
@@ -12,6 +12,16 @@
|
||||
.RB [ -mldbv ]
|
||||
.B TIME
|
||||
.br
|
||||
+.B at
|
||||
+.RB [ -V ]
|
||||
+.RB [ -q
|
||||
+.IR queue ]
|
||||
+.RB [ -f
|
||||
+.IR file ]
|
||||
+.RB [ -mldbv ]
|
||||
+.RB -t
|
||||
+.IR time_arg
|
||||
+.br
|
||||
.B "at -c"
|
||||
.I job
|
||||
.RI [ job... ]
|
||||
@@ -227,6 +237,15 @@
|
||||
.B
|
||||
\-c
|
||||
cats the jobs listed on the command line to standard output.
|
||||
+.TP
|
||||
+.BI \-t " time_arg"
|
||||
+Submit the job to be run at the time specified by the
|
||||
+.BI time_arg
|
||||
+option argument, which must have the same format as specified for the
|
||||
+.BR touch(1)
|
||||
+utility's
|
||||
+.B -t
|
||||
+time option argument ([[CC]YY]MMDDhhmm).
|
||||
.SH FILES
|
||||
.I @ATJBD@
|
||||
.br
|
||||
--- at-3.1.10/at.c.t_ 2006-09-12 10:15:56.000000000 +0200
|
||||
+++ at-3.1.10/at.c 2006-09-12 10:30:17.000000000 +0200
|
||||
@@ -750,6 +750,101 @@
|
||||
return p;
|
||||
}
|
||||
|
||||
+/* Handle POSIX.2 '-t' option :
|
||||
+ * Parses time string in "touch(1)" format:
|
||||
+ * [[CC]YY]MMDDhhmm[.ss]
|
||||
+ * and returns time_t .
|
||||
+ */
|
||||
+time_t
|
||||
+t_option(char *s)
|
||||
+{
|
||||
+ time_t t=time(0L);
|
||||
+ struct tm tm, tm_now=*localtime(&t);
|
||||
+ int l;
|
||||
+
|
||||
+ if((s == 0L) || (*s == '\0'))
|
||||
+ {
|
||||
+ return 0L;
|
||||
+ };
|
||||
+ memset(&tm,'\0',sizeof(tm));
|
||||
+ l = strnlen(s,15);
|
||||
+ switch(l)
|
||||
+ {
|
||||
+ case 15:
|
||||
+ /* CCYYMMDDhhmm.ss */
|
||||
+ sscanf(s, "%4d%2d%2d%2d%2d.%2d",
|
||||
+ &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec
|
||||
+ );
|
||||
+ if(tm.tm_year)
|
||||
+ tm.tm_year -= 1900 ;
|
||||
+
|
||||
+ break;
|
||||
+
|
||||
+ case 13:
|
||||
+ /* YYMMDDhhmm.ss */
|
||||
+ sscanf(s, "%2d%2d%2d%2d%2d.%2d",
|
||||
+ &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec
|
||||
+ );
|
||||
+ if(tm.tm_year)
|
||||
+ tm.tm_year += 100 ; /* Y2.1K+ bug! */
|
||||
+
|
||||
+ break;
|
||||
+
|
||||
+ case 11:
|
||||
+ /* MMDDhhmm.ss */
|
||||
+ sscanf(s, "%2d%2d%2d%2d.%2d",
|
||||
+ &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec
|
||||
+ );
|
||||
+
|
||||
+ tm.tm_year = tm_now.tm_year;
|
||||
+
|
||||
+ if(tm.tm_mon)
|
||||
+ tm.tm_mon -= 1;
|
||||
+ break;
|
||||
+
|
||||
+ case 12:
|
||||
+ /* CCYYMMDDhhmm */
|
||||
+ sscanf(s, "%4d%2d%2d%2d%2d",
|
||||
+ &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min
|
||||
+ );
|
||||
+ if(tm.tm_year)
|
||||
+ tm.tm_year -= 1900 ;
|
||||
+ break;
|
||||
+
|
||||
+ case 10:
|
||||
+ /* YYMMDDhhmm */
|
||||
+ sscanf(s, "%2d%2d%2d%2d%2d",
|
||||
+ &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min
|
||||
+ );
|
||||
+ if(tm.tm_year)
|
||||
+ tm.tm_year += 100 ; /* Y2.1K+ bug! */
|
||||
+ break;
|
||||
+
|
||||
+ case 8:
|
||||
+ /* MMDDhhmm */
|
||||
+ sscanf(s, "%2d%2d%2d%2d",
|
||||
+ &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min
|
||||
+ );
|
||||
+ if( tm.tm_mday )
|
||||
+ tm.tm_year = tm_now.tm_year;
|
||||
+ break;
|
||||
+ default:
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ if( tm.tm_mon )
|
||||
+ tm.tm_mon -= 1;
|
||||
+
|
||||
+ if( tm.tm_mday )
|
||||
+ {
|
||||
+ tm.tm_isdst = tm_now.tm_isdst;
|
||||
+ return mktime(&tm);
|
||||
+ } else
|
||||
+ return 0L;
|
||||
+}
|
||||
+
|
||||
+
|
||||
+
|
||||
int
|
||||
main(int argc, char **argv)
|
||||
{
|
23
at-3.1.8-test.patch
Normal file
23
at-3.1.8-test.patch
Normal file
@ -0,0 +1,23 @@
|
||||
diff -u at-3.1.8/Makefile.in.orig at-3.1.8/Makefile.in
|
||||
--- at-3.1.8/Makefile.in.orig Wed Feb 14 13:59:09 2001
|
||||
+++ at-3.1.8/Makefile.in Mon Feb 19 14:48:42 2001
|
||||
@@ -51,6 +51,8 @@
|
||||
|
||||
OTHERS = parsetime.l parsetime.y
|
||||
|
||||
+TEST_VERBOSE = 0
|
||||
+
|
||||
DOCS = Problems Copyright README ChangeLog timespec
|
||||
|
||||
MISC = COPYING Makefile.in configure acconfig.h install-sh \
|
||||
@@ -150,6 +152,9 @@
|
||||
|
||||
parsetest: lex.yy.c y.tab.c
|
||||
$(CC) -o parsetest $(CFLAGS) $(DEFS) -DTEST_PARSER -DNEED_YYWRAP lex.yy.c y.tab.c
|
||||
+
|
||||
+test: parsetest
|
||||
+ PERL_DL_NONLAZY=1 perl -e 'use Test::Harness qw(&runtests $$verbose); $$verbose=$(TEST_VERBOSE); runtests @ARGV;' test.pl
|
||||
|
||||
.depend: $(CSRCS)
|
||||
gcc $(CFLAGS) $(DEFS) -MM $(CSRCS) > .depend
|
||||
diff -u at-3.1.8/test.pl.orig at-3.1.8/test.pl
|
191
at.spec
Normal file
191
at.spec
Normal file
@ -0,0 +1,191 @@
|
||||
%define atdaemon_groupid 65022
|
||||
%define atdaemon_userid 65022
|
||||
|
||||
Name: at
|
||||
Version: 3.1.14
|
||||
Release: 1mamba
|
||||
Summary: Job spooling tools
|
||||
Group: System/Servers
|
||||
Vendor: openmamba
|
||||
Distribution: openmamba
|
||||
Packager: Silvan Calarco <silvan.calarco@mambasoft.it>
|
||||
URL: http://ftp.debian.org/debian/pool/main/a/at/
|
||||
Source0: http://ftp.debian.org/debian/pool/main/a/at/at_%{version}.orig.tar.gz
|
||||
Source1: atd-initscript
|
||||
Source2: atd-pam
|
||||
# patches stolen from fedora
|
||||
Patch0: %{name}-3.1.7-lockfile.patch
|
||||
Patch1: %{name}-3.1.10-man-timespec-path.patch
|
||||
Patch2: %{name}-3.1.7-sigchld.patch
|
||||
Patch3: %{name}-3.1.10-typo.patch
|
||||
Patch4: %{name}-3.1.10-lexer-parser.patch
|
||||
Patch5: %{name}-3.1.8-test.patch
|
||||
Patch6: %{name}-3.1.8-perr.patch
|
||||
Patch7: %{name}-3.1.10-instinet.patch
|
||||
Patch8: %{name}-3.1.12-shell.patch
|
||||
Patch9: %{name}-3.1.10-pie.patch
|
||||
Patch10: %{name}-3.1.8-t_option.patch
|
||||
Patch11: %{name}-3.1.10-usage.patch
|
||||
Patch12: %{name}-3.1.10-fix_no_export.patch
|
||||
Patch13: %{name}-3.1.10-dont_fork.patch
|
||||
Patch14: %{name}-3.1.13-pam.patch
|
||||
Patch15: %{name}-3.1.13-makefile.patch
|
||||
Patch16: %{name}-3.1.10-daylight.patch
|
||||
Patch17: %{name}-3.1.10-perm.patch
|
||||
Patch18: %{name}-3.1.12-opt_V.patch
|
||||
Patch19: %{name}-3.1.12-selinux.patch
|
||||
License: GPL
|
||||
## AUTOBUILDREQ-BEGIN
|
||||
BuildRequires: glibc-devel
|
||||
BuildRequires: pam-devel
|
||||
## AUTOBUILDREQ-END
|
||||
BuildRequires: libselinux-devel
|
||||
BuildRequires: systemd-devel
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||
|
||||
%description
|
||||
At and batch read commands from standard input or from a specified file.
|
||||
At allows you to specify that a command will be run at a particular time (now or a specified time in the future).
|
||||
Batch will execute commands when the system load levels drop to a particular level.
|
||||
Both commands use /bin/sh to run the commands.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
#%patch0 -p1 -b .lockfile
|
||||
#%patch1 -p1 -b .paths
|
||||
%patch2 -p1 -b .sigchld
|
||||
#%patch3 -p1 -b .typo
|
||||
%patch4 -p1 -b .lexer
|
||||
%patch5 -p1 -b .test
|
||||
%patch6 -p1 -b .perr
|
||||
#%patch7 -p1 -b .instinet
|
||||
%patch8 -p1 -b .shell
|
||||
#%patch9 -p1 -b .pie
|
||||
%patch10 -p1 -b .t_option
|
||||
#%patch11 -p1 -b .usage
|
||||
%patch12 -p1 -b .fix_no_export
|
||||
#%patch13 -p1 -b .dont_fork
|
||||
%patch14 -p1 -b .pam
|
||||
#%patch15 -p1 -b .makefile
|
||||
%patch16 -p1 -b .daylight
|
||||
#%patch17 -p1 -b .perm
|
||||
%patch18 -p1 -b .opt_V
|
||||
#%patch19 -p1 -b .selinux
|
||||
|
||||
install %{SOURCE2} pam_atd
|
||||
|
||||
sed -i "s|-g root||g" Makefile.in
|
||||
sed -i "s|-o root||g" Makefile.in
|
||||
|
||||
%build
|
||||
# for patch2
|
||||
rm -f lex.yy.* y.tab.*
|
||||
sed -i "s|/var/run|/run|g" configure
|
||||
|
||||
%configure \
|
||||
--with-atspool=%{_localstatedir}/spool/at/spool \
|
||||
--with-jobdir=%{_localstatedir}/spool/at \
|
||||
--with-daemon_username=atdaemon \
|
||||
--with-daemon_groupname=atdaemon \
|
||||
--with-systemdsystemunitdir=%_unitdir
|
||||
|
||||
%make -j1
|
||||
#LANG=C make test >/dev/null
|
||||
|
||||
%install
|
||||
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
|
||||
|
||||
%makeinstall \
|
||||
IROOT=%{buildroot} \
|
||||
DAEMON_USERNAME=`id -nu` \
|
||||
DAEMON_GROUPNAME=`id -ng` \
|
||||
INSTALL_ROOT_USER=`id -nu` \
|
||||
INSTALL_ROOT_GROUP=`id -nu` \
|
||||
docdir=%{_docdir}
|
||||
|
||||
# prefix=%{buildroot}%{_prefix} \
|
||||
# bindir=%{buildroot}%{_bindir} \
|
||||
# sbindir=%{buildroot}%{_sbindir} \
|
||||
# etcdir=%{buildroot}%{_sysconfdir} \
|
||||
# mandir=%{buildroot}%{_mandir} \
|
||||
# ATJOB_DIR=%{buildroot}%{_localstatedir}/spool/at \
|
||||
# ATSPOOL_DIR=%{buildroot}%{_localstatedir}/spool/at/spool \
|
||||
#install -D -m 0755 %{S:1} %{buildroot}%{_initrddir}/atd
|
||||
|
||||
%clean
|
||||
[ "%{buildroot}" != / ] && rm -rf "%{buildroot}"
|
||||
|
||||
%pre
|
||||
groupadd -g %{atdaemon_groupid} atdaemon 2>/dev/null
|
||||
useradd -u %{atdaemon_userid} -g atdaemon -c "at daemon" \
|
||||
-d /var/empty -s /bin/false atdaemon 2>/dev/null
|
||||
exit 0
|
||||
|
||||
%post
|
||||
touch %{_localstatedir}/spool/at/.SEQ
|
||||
chmod 600 %{_localstatedir}/spool/at/.SEQ
|
||||
chown atdaemon:atdaemon %{_localstatedir}/spool/at/.SEQ
|
||||
#/sbin/chkconfig --add atd
|
||||
exit 0
|
||||
|
||||
%preun
|
||||
if [ $1 -eq 0 ]; then
|
||||
service atd stop >/dev/null 2>&1
|
||||
/sbin/chkconfig --del atd
|
||||
userdel atdaemon >/dev/null 2>&1
|
||||
fi
|
||||
exit 0
|
||||
|
||||
%postun
|
||||
if [ $1 -eq 1 ]; then
|
||||
service atd condrestart >/dev/null 2>&1
|
||||
fi
|
||||
exit 0
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%attr(4755,root,root) %{_bindir}/at
|
||||
%config(noreplace) %{_sysconfdir}/at.deny
|
||||
#%attr(0640,root,atdaemon) %config(noreplace) /etc/pam.d/atd
|
||||
%{_bindir}/batch
|
||||
%{_bindir}/atrm
|
||||
%{_bindir}/atq
|
||||
%{_sbindir}/atrun
|
||||
%{_sbindir}/atd
|
||||
/lib/systemd/system/atd.service
|
||||
%attr(0700,atdaemon,atdaemon) %dir %{_localstatedir}/spool/at
|
||||
%attr(0700,atdaemon,atdaemon) %dir %{_localstatedir}/spool/at/spool
|
||||
%ghost %{_localstatedir}/spool/at/.SEQ
|
||||
%{_mandir}/man1/*
|
||||
%{_mandir}/man5/*
|
||||
%{_mandir}/man8/*
|
||||
%dir %{_docdir}/at
|
||||
%{_docdir}/at
|
||||
|
||||
%changelog
|
||||
* Thu Oct 10 2013 Automatic Build System <autodist@mambasoft.it> 3.1.14-1mamba
|
||||
- automatic update by autodist
|
||||
|
||||
* Sat Sep 10 2011 Automatic Build System <autodist@mambasoft.it> 3.1.13-1mamba
|
||||
- automatic version update by autodist
|
||||
|
||||
* Sun Dec 27 2009 Silvan Calarco <silvan.calarco@mambasoft.it> 3.1.12-1mamba
|
||||
- update to 3.1.12
|
||||
|
||||
* Mon Aug 25 2008 Aleph0 <aleph0@openmamba.org> 3.1.10-3mamba
|
||||
- remove broken symlink to debian copyright
|
||||
|
||||
* Mon Jul 02 2007 Silvan Calarco <silvan.calarco@mambasoft.it> 3.1.10-2mamba
|
||||
- fix pam file for new release
|
||||
|
||||
* Wed Jan 17 2007 Davide Madrisan <davide.madrisan@qilinux.it> 3.1.10-1qilnx
|
||||
- update to version 3.1.10 by autospec
|
||||
- added missing build requirements
|
||||
- fixed permissions of at binary
|
||||
- enabled support for pam
|
||||
- use the service script to start/restart/stop the atd service
|
||||
- fixed owner and group for /var/spool/at/.SEQ
|
||||
- modified homedir for atd daemon: now is /var/empty
|
||||
|
||||
* Thu Apr 29 2004 Silvan Calarco <silvan.calarco@mambasoft.it> 3.1.8-1qilnx
|
||||
- first build
|
85
atd-initscript
Normal file
85
atd-initscript
Normal file
@ -0,0 +1,85 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# /etc/rc.d/init.d/atd
|
||||
#
|
||||
# Starts the at daemon
|
||||
#
|
||||
# chkconfig: 345 40 60
|
||||
# description: Runs commands scheduled by the at command at the time \
|
||||
# specified when at was run, and runs batch commands when the load \
|
||||
# average is low enough.
|
||||
# processname: atd
|
||||
|
||||
# Source function library.
|
||||
. /etc/init.d/functions
|
||||
|
||||
test -x /usr/sbin/atd || exit 0
|
||||
|
||||
RETVAL=0
|
||||
|
||||
#
|
||||
# See how we were called.
|
||||
#
|
||||
|
||||
prog="atd"
|
||||
|
||||
start() {
|
||||
# Check if atd is already running
|
||||
if [ ! -f /var/lock/subsys/atd ]; then
|
||||
echo -n $"Starting $prog: "
|
||||
daemon /usr/sbin/atd
|
||||
RETVAL=$?
|
||||
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/atd
|
||||
echo
|
||||
fi
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
stop() {
|
||||
echo -n $"Stopping $prog: "
|
||||
killproc /usr/sbin/atd
|
||||
RETVAL=$?
|
||||
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/atd
|
||||
echo
|
||||
return $RETVAL
|
||||
}
|
||||
|
||||
|
||||
restart() {
|
||||
stop
|
||||
start
|
||||
}
|
||||
|
||||
reload() {
|
||||
restart
|
||||
}
|
||||
|
||||
status_at() {
|
||||
status /usr/sbin/atd
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
start
|
||||
;;
|
||||
stop)
|
||||
stop
|
||||
;;
|
||||
reload|restart)
|
||||
restart
|
||||
;;
|
||||
condrestart)
|
||||
if [ -f /var/lock/subsys/atd ]; then
|
||||
restart
|
||||
fi
|
||||
;;
|
||||
status)
|
||||
status_at
|
||||
;;
|
||||
*)
|
||||
echo $"Usage: $0 {start|stop|restart|condrestart|status}"
|
||||
exit 1
|
||||
esac
|
||||
|
||||
exit $?
|
||||
exit $RETVAL
|
13
atd-pam
Normal file
13
atd-pam
Normal file
@ -0,0 +1,13 @@
|
||||
#
|
||||
# The PAM configuration file for the at daemon
|
||||
#
|
||||
#
|
||||
auth sufficient pam_rootok.so
|
||||
auth include system-auth
|
||||
auth required pam_env.so
|
||||
account include system-auth
|
||||
session include system-auth
|
||||
# Sets up user limits, please uncomment and read /etc/security/limits.conf
|
||||
# to enable this functionality.
|
||||
# session required pam_limits.so
|
||||
#
|
Loading…
Reference in New Issue
Block a user