6 * Copyright (c) 2002, Cray Inc. (Wendy Palm <wendyp@cray.com>)
7 * Significant portions provided by
8 * Wayne Schroeder, SDSC <schroeder@sdsc.edu>
9 * William Jones, UTexas <jones@tacc.utexas.edu>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 * Created: Apr 22 16.34:00 2002 wp
33 * This file contains functions required for proper execution
42 #include <sys/category.h>
47 #include <sys/secparm.h>
50 #include <sys/sectab.h>
59 char cray_tmpdir[TPATHSIZ+1]; /* job TMPDIR path */
64 void cray_retain_utmp(struct utmp *, int);
65 void cray_delete_tmpdir(char *, int, uid_t);
66 void cray_init_job(struct passwd *);
67 void cray_set_tmpdir(struct utmp *);
73 * San Diego Supercomputer Center
77 cray_setup(uid_t uid, char *username)
80 extern char *setlimits();
90 if ((jid = getjtab(&jbuf)) < 0)
91 fatal("getjtab: no jid");
93 err = setudb(); /* open and rewind the Cray User DataBase */
95 fatal("UDB open failure");
97 p = getudbnam(username);
99 fatal("No UDB entry for %.100s", username);
100 if (uid != p->ue_uid)
101 fatal("UDB entry %.100s uid(%d) does not match uid %d",
102 username, (int) p->ue_uid, (int) uid);
103 for (j = 0; p->ue_acids[j] != -1 && j < MAXVIDS; j++) {
104 accts[naccts] = p->ue_acids[j];
107 endudb(); /* close the udb */
110 /* Perhaps someday we'll prompt users who have multiple accounts
111 to let them pick one (like CRI's login does), but for now just set
112 the account to the first entry. */
113 if (acctid(0, accts[0]) < 0)
114 fatal("System call acctid failed, accts[0]=%d", accts[0]);
117 /* Now set limits, including CPU time for the (interactive) job and process,
118 and set up permissions (for chown etc), etc. This is via an internal CRI
119 routine, setlimits, used by CRI's login. */
122 sr = setlimits(username, C_PROC, pid, UDBRC_INTER);
126 sr = setlimits(username, C_JOB, jid, UDBRC_INTER);
133 * The rc.* and /etc/sdaemon methods of starting a program on unicos/unicosmk
134 * can have pal privileges that sshd can inherit which
135 * could allow a user to su to root with out a password.
136 * This subroutine clears all privileges.
141 #if defined(_SC_CRAY_PRIV_SU)
142 priv_proc_t* privstate;
144 extern int priv_set_proc();
145 extern priv_proc_t* priv_init_proc();
149 * If ether of theses two flags are not set
150 * then don't allow this version of ssh to run.
152 if (!sysconf(_SC_CRAY_PRIV_SU))
153 fatal("Not PRIV_SU system.");
154 if (!sysconf(_SC_CRAY_POSIX_PRIV))
155 fatal("Not POSIX_PRIV.");
157 debug("Dropping privileges.");
159 memset(&usrv, 0, sizeof(usrv));
160 if (setusrv(&usrv) < 0)
161 fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__,
164 if ((privstate = priv_init_proc()) != NULL) {
165 result = priv_set_proc(privstate);
167 fatal("%s(%d): priv_set_proc(): %s",
168 __FILE__, __LINE__, strerror(errno));
169 priv_free_proc(privstate);
171 debug ("Privileges should be cleared...");
173 /* XXX: do this differently */
174 # error Cray systems must be run with _SC_CRAY_PRIV_SU on!
180 * Retain utmp/wtmp information - used by cray accounting.
183 cray_retain_utmp(struct utmp *ut, int pid)
188 if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) {
189 while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) {
190 if (pid == utmp.ut_pid) {
191 ut->ut_jid = utmp.ut_jid;
192 /* XXX: MIN_SIZEOF here? can this go in loginrec? */
193 strncpy(ut->ut_tpath, utmp.ut_tpath, sizeof(utmp.ut_tpath));
194 strncpy(ut->ut_host, utmp.ut_host, sizeof(utmp.ut_host));
195 strncpy(ut->ut_name, utmp.ut_name, sizeof(utmp.ut_name));
201 /* XXX: error message? */
209 * find and delete jobs tmpdir.
212 cray_delete_tmpdir(char *login, int jid, uid_t uid)
215 static char jtmp[TPATHSIZ];
220 for (c = 'a'; c <= 'z'; c++) {
221 snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c);
222 if (stat(jtmp, &statbuf) == 0 && statbuf.st_uid == uid)
229 if ((child = fork()) == 0) {
230 execl(CLEANTMPCMD, CLEANTMPCMD, login, jtmp, (char *)NULL);
231 fatal("cray_delete_tmpdir: execl of CLEANTMPCMD failed");
234 while (waitpid(child, &wstat, 0) == -1 && errno == EINTR)
239 * Remove tmpdir on job termination.
242 cray_job_termination_handler(int sig)
248 debug("Received SIG JOB.");
250 if ((jid = waitjob(&jtab)) == -1 ||
251 (login = uid2nam(jtab.j_uid)) == NULL)
254 cray_delete_tmpdir(login, jid, jtab.j_uid);
258 * Set job id and create tmpdir directory.
261 cray_init_job(struct passwd *pw)
266 jid = setjob(pw->pw_uid, WJSIGNAL);
268 fatal("System call setjob failure");
270 for (c = 'a'; c <= 'z'; c++) {
271 snprintf(cray_tmpdir, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c);
272 if (mkdir(cray_tmpdir, JTMPMODE) != 0)
274 if (chown(cray_tmpdir, pw->pw_uid, pw->pw_gid) != 0) {
282 cray_tmpdir[0] = '\0';
286 cray_set_tmpdir(struct utmp *ut)
291 if ((jid = getjtab(&jbuf)) < 0)
295 * Set jid and tmpdir in utmp record.
298 strncpy(ut->ut_tpath, cray_tmpdir, TPATHSIZ);