cron.tar/._bin000755 000766 000024 00000000336 12515245661 015220 0ustar00sarahkinirystaff000000 000000 Mac OS X  2¬ÞATTRÞ˜F˜Fcom.apple.quarantineq/0001;54fddb9b;Google\x20Chrome;CF9999EB-8557-4E38-B9CE-61524ACE8CFAcron.tar/bin/000755 000766 000024 00000000000 12515245661 015053 5ustar00sarahkinirystaff000000 000000 cron.tar/bin/._admin000755 000766 000024 00000000336 12515245661 016310 0ustar00sarahkinirystaff000000 000000 Mac OS X  2¬ÞATTRÞ˜F˜Fcom.apple.quarantineq/0001;54fddb9b;Google\x20Chrome;CF9999EB-8557-4E38-B9CE-61524ACE8CFAcron.tar/bin/admin/000755 000766 000024 00000000000 12515245661 016143 5ustar00sarahkinirystaff000000 000000 cron.tar/bin/._jail_safe_crontab.pl000755 000766 000024 00000000336 12156173147 021257 0ustar00sarahkinirystaff000000 000000 Mac OS X  2¬ÞATTRÞ˜F˜Fcom.apple.quarantineq/0001;54fddb9b;Google\x20Chrome;CF9999EB-8557-4E38-B9CE-61524ACE8CFAcron.tar/bin/jail_safe_crontab.pl000755 000766 000024 00000011723 12156173147 021044 0ustar00sarahkinirystaff000000 000000 #!/usr/local/cpanel/3rdparty/bin/perl # cpanel - bin/jail_safe_crontab.pl Copyright(c) 2013 cPanel, Inc. # All Rights Reserved. # copyright@cpanel.net http://cpanel.net # This code is subject to the cPanel license. Unauthorized copying is prohibited # no for production; # use warnings; use strict; use Cpanel::LoadFile (); use Cpanel::TempFile (); use Cpanel::PwCache (); use Cpanel::Wrap (); use Cpanel::Wrap::Config (); use Cpanel::FindBin (); my ( $username, $shell ) = ( Cpanel::PwCache::getpwuid($>) )[ 0, 8 ]; # Not jailed, just pass the request if ( -x '/usr/bin/crontab' && $shell !~ m/\/(?:no|jail)shell/ ) { exec '/usr/bin/crontab', @ARGV; print "Failed to execute: /usr/bin/crontab: $!\n"; exit 1; } my ( $crontab_fetch_result, $crontab_text ) = _get_crontab_text(); if ( !$crontab_fetch_result ) { print $crontab_text . "\n"; exit(1); } if ( grep { $_ eq '-e' } @ARGV ) { _edit_crontab(); } elsif ( grep { $_ eq '-l' } @ARGV ) { _display_crontab(); } elsif ( grep { $_ eq '-r' } @ARGV ) { _remove_crontab(); } elsif ( grep { $_ =~ m/^-[^ler]/ } @ARGV ) { print "Invalid option: $ARGV[0]\n"; _usage(); } elsif ( length $ARGV[0] ) { _install_crontab_from_file(); } else { _install_crontab_from_stdin(); } sub _remove_crontab { my ( $install_status, $install_message ) = _install_new_crontab(''); print $install_message . "\n"; exit(0); } sub _display_crontab { print $crontab_text; exit(0); } sub _install_crontab_from_file { my ($filename) = @ARGV; if ( !-e $filename ) { print "'$filename' does not exist.\n"; _usage(); } my $new_crontab_text = Cpanel::LoadFile::loadfile($filename); if ( !length $new_crontab_text ) { print "File '$filename' is empty.\n"; _usage(); } my ( $install_status, $install_message ) = _install_new_crontab($new_crontab_text); print $install_message . "\n"; } sub _install_crontab_from_stdin { local $/; my $new_crontab_text = readline( \*STDIN ); if ( !length $new_crontab_text ) { print "No input on stdin.\n"; _usage(); } my ( $install_status, $install_message ) = _install_new_crontab($new_crontab_text); print $install_message . "\n"; } sub _edit_crontab { my $temp_obj = Cpanel::TempFile->new(); my ( $temp_file, $temp_fh ) = $temp_obj->file(); if ( !$temp_fh ) { print "Failed to create a temporary file.\n"; exit(1); } print {$temp_fh} $crontab_text; close($temp_fh); my ( $get_editor_bin_status, $editor_bin ) = _get_editor_bin(); if ( !$get_editor_bin_status ) { print $editor_bin . "\n"; exit(1); } system $editor_bin, $temp_file; my $new_crontab_text = Cpanel::LoadFile::loadfile($temp_file); if ( $new_crontab_text eq $crontab_text ) { print "$0: no changes\n"; exit(0); } my ( $install_status, $install_message ) = _install_new_crontab($new_crontab_text); print $install_message . "\n"; exit(0); } sub _install_new_crontab { my ($crontab_text) = @_; my $result = Cpanel::Wrap::send_cpwrapd_request( 'namespace' => 'Cpanel', 'module' => 'cron', 'function' => 'SAVE', 'data' => { 'crontab' => $crontab_text }, 'env' => Cpanel::Wrap::Config::safe_hashref_of_allowed_env(), ); if ( !$result->{'status'} ) { return ( 0, "Cpanel::Wrap::send_cpwrapd_request failed to save crontab: " . $result->{'statusmsg'} ); } return ( 1, "$0: installing new crontab" ); } sub _get_editor_bin { my $editor_bin; foreach my $editor ( $ENV{'VISUAL'}, $ENV{'EDITOR'}, 'nano', 'vim', 'pico', 'emacs' ) { $editor_bin = Cpanel::FindBin::findbin($editor); last if $editor_bin; } return ( 1, $editor_bin ) if defined $editor_bin; return ( 0, "No editor found, please set the VISUAL or EDITOR enviroment variables." ); } sub _get_crontab_text { my $result = Cpanel::Wrap::send_cpwrapd_request( 'namespace' => 'Cpanel', 'module' => 'cron', 'function' => 'FETCH', 'env' => Cpanel::Wrap::Config::safe_hashref_of_allowed_env(), ); if ( !$result->{'status'} ) { return ( 0, "Cpanel::Wrap::send_cpwrapd_request failed to fetch crontab: " . $result->{'statusmsg'} ); } if ( $result->{'data'}->{'denied'} ) { return ( 0, "You ($username) are not allowed to use this program ($0)\nSee crontab(1) for more information" ); } if ( !exists $result->{'data'}->{'crontab'} ) { return ( 0, "Could not fetch crontab: " . $result->{'statusmsg'} ); } return ( 1, $result->{'data'}->{'crontab'} ); } sub _usage { print < \&perform_fetch, 'SAVE' => \&perform_save, ); my $logger; if ( !caller() ) { local $@; my ( $status, $message, $action ) = eval { __PACKAGE__->script(@ARGV) }; if ($@) { print "$@\n"; exit 1; } if ( !$message ) { print "Invalid message returned.\n"; exit 1; } my $message_ref_type = ref $message; if ( !$message_ref_type ) { print $message . "\n"; } elsif ( $message_ref_type eq 'ARRAY' ) { for my $message_part ( @{$message} ) { print $message_part . "\n"; } } elsif ( $message_ref_type eq 'HASH' ) { print "." . "\n"; print Cpanel::AdminBin::Serializer::Dump($message); } else { print "Invalid message returned.\n"; exit 1; } if ( !$status ) { exit(5); #Errno::EIO } exit 0; } sub script { my ( $class, @argv ) = @_; alarm(500); if ( $argv[0] eq '--bincheck' ) { return ( 1, "BinCheck ok" ); } ## TODO?: 'IGNORE' might be more appropriate $SIG{'TERM'} = sub { return; }; $SIG{'PIPE'} = sub { return; }; $SIG{'USR1'} = sub { return; }; $SIG{'USR2'} = sub { return; }; $SIG{'HUP'} = sub { return; }; my ( $status, $uid, $action, @args ) = _get_command_line_arguments(); if ( !exists $admin_commands{$action} ) { $logger ||= Cpanel::Logger->new(); $logger->warn( 'no valid action:' . $action ); return ( 0, "no valid action" ); } my ( $user, $gid, $home_directory ) = ( Cpanel::PwCache::getpwuid( int($uid) ) )[ 0, 3, 7 ]; ## valid users: 'cpanel' or existing user ## invalid: 'root' or non-existing user if ( $user ne 'cpanel' && ( !$user || $user eq 'root' || !-e "/var/cpanel/users/$user" ) ) { $logger ||= Cpanel::Logger->new(); $logger->warn('invalid user'); return ( 0, "Invalid user: $user" ); } $ENV{'REMOTE_USER'} = $user; $ENV{'PATH'} = '/usr/bin'; #always find /usr/bin/crontab my $cp = Cpanel->new(); $cp->initcp($user); my $dns = $Cpanel::CPDATA{'DNS'}; if ( !$dns || $dns eq 'yourdomain.com' ) { $logger ||= Cpanel::Logger->new(); $logger->warn('Uninitialized Cpanel::CPDATA, no DNS'); my $locale = Cpanel::Locale->get_handle(); return ( 0, $locale->maketext('admin-nodns') ); } return ( ( $admin_commands{$action}->( $user, $action, @args ) ), $action ); } sub perform_save { my ( $uid_user, $action ) = @_; my ( $status, $input ) = _get_extended_arguments_from_stdin($action); if ( !$status ) { return ( 0, { 'status' => 0, 'statusmsg' => $input, 'message' => $input } ); } my $crontab = $input->{'crontab'}; if ( !exists $input->{'crontab'} ) { my $failmsg = "'crontab' key is missing from request"; return ( 0, { 'status' => 0, 'statusmsg' => $failmsg, 'message' => $failmsg } ); } my ( $allowed_to_use_crontab, $allowed_to_use_crontab_reason ) = Cpanel::Cron::Edit::user_is_permitted_to_use_crontab($uid_user); if ( !$allowed_to_use_crontab ) { return ( 1, { 'status' => 0, 'denied' => 1, 'statusmsg' => $allowed_to_use_crontab_reason, 'message' => $allowed_to_use_crontab_reason } ); } return Cpanel::Cron::Edit::save_user_cron( $uid_user, \$crontab ); } sub perform_fetch { my ( $uid_user, $action ) = @_; my ( $allowed_to_use_crontab, $allowed_to_use_crontab_reason ) = Cpanel::Cron::Edit::user_is_permitted_to_use_crontab($uid_user); if ( !$allowed_to_use_crontab ) { return ( 1, { 'status' => 0, 'denied' => 1, 'statusmsg' => $allowed_to_use_crontab_reason, 'message' => $allowed_to_use_crontab_reason } ); } my ( $status, $crontab ) = Cpanel::Cron::Edit::fetch_user_cron($uid_user); return ( 1, { 'crontab' => $crontab } ); } # This is a separate function so that tests can mock it. sub _get_command_line_arguments { my $uid = $ARGV[0]; my $stdin = *STDIN; my ( $action, @args ) = split( / /, readline($stdin) ); chomp($action); chomp( $args[-1] ) if @args; return ( 1, $uid, $action, @args ); } sub _get_extended_arguments_from_stdin { my ($method_name) = @_; my $input; my $stdin = *STDIN; my $check = readline($stdin); chomp($check) if $check; local $SIG{'__DIE__'} = sub { }; my $valid = ( $check && $check eq '.' ) && eval { $input = Cpanel::AdminBin::Serializer::SafeLoadFile($stdin); }; if ( !$valid ) { $logger ||= Cpanel::Logger->new(); my $message = "Error parsing $method_name input"; if ($@) { $message .= " ($@)"; } $logger->warn($message); return ( 0, $message ); } return ( 1, $input ); } 1; cron.tar/bin/admin/Cpanel/._cron.conf000644 000766 000024 00000000336 12156122022 021356 0ustar00sarahkinirystaff000000 000000 Mac OS X  2¬ÞATTRÞ˜F˜Fcom.apple.quarantineq/0001;54fddb9b;Google\x20Chrome;CF9999EB-8557-4E38-B9CE-61524ACE8CFAcron.tar/bin/admin/Cpanel/cron.conf000644 000766 000024 00000000131 12156122022 021132 0ustar00sarahkinirystaff000000 000000 mode=full allowed_parents=/usr/local/cpanel/bin/jail_safe_crontab,/usr/local/bin/crontab