+ ia_mlsrcode = IA_NORMAL;
+ if (SecureSys) {
+ debug("calling ia_mlsuser()");
+ ia_mlsrcode = ia_mlsuser(&ue, &secinfo, &usrv, NULL, 0);
+ }
+ if (ia_mlsrcode != IA_NORMAL) {
+ printf("sshd: Login incorrect, (0%o)\n",
+ ia_mlsrcode-IA_ERRORCODE);
+ /*
+ * Initialize structure for ia_failure
+ * which will exit.
+ */
+ fsent.revision = 0;
+ fsent.uname = username;
+ fsent.host = hostname;
+ fsent.ttyn = ttyn;
+ fsent.caller = IA_SSHD;
+ fsent.flags = IA_INTERACTIVE;
+ fsent.ueptr = &ue;
+ fsent.jid = jid;
+ fsent.errcode = ia_mlsrcode;
+ fsent.pwdp = uret.pswd;
+ fsent.exitcode = 1;
+ fret.revision = 0;
+ fret.normal = 0;
+
+ /*
+ * Call ia_failure because of an IA failure.
+ * There is no return because ia_failure exits.
+ */
+ ia_failure(&fsent,&fret);
+ exit(1);
+ }
+
+ /* Provide login status information */
+ if (options.print_lastlog && ue.ue_logtime != 0) {
+ printf("Last successful login was : %.*s ", 19,
+ (char *)ctime(&ue.ue_logtime));
+
+ if (*ue.ue_loghost != '\0') {
+ printf("from %.*s\n", sizeof(ue.ue_loghost),
+ ue.ue_loghost);
+ } else {
+ printf("on %.*s\n", sizeof(ue.ue_logline),
+ ue.ue_logline);
+ }
+
+ if (SecureSys && (ue.ue_logfails != 0)) {
+ printf(" followed by %d failed attempts\n",
+ ue.ue_logfails);
+ }
+ }
+
+ /*
+ * Call ia_success to process successful I/A.
+ */
+ ssent.revision = 0;
+ ssent.uname = username;
+ ssent.host = hostname;
+ ssent.ttyn = ttyn;
+ ssent.caller = IA_SSHD;
+ ssent.flags = IA_INTERACTIVE;
+ ssent.ueptr = &ue;
+ ssent.jid = jid;
+ ssent.errcode = ia_rcode;
+ ssent.us = NULL;
+ ssent.time = 1; /* Set ue_logtime */
+
+ sret.revision = 0;
+ sret.normal = 0;
+
+ ia_success(&ssent, &sret);
+
+ /*
+ * Query for account, iff > 1 valid acid & askacid permbit
+ */
+ if (((ue.ue_permbits & PERMBITS_ACCTID) ||
+ (ue.ue_acids[0] >= 0) && (ue.ue_acids[1] >= 0)) &&
+ ue.ue_permbits & PERMBITS_ASKACID) {
+ if (ttyname(0) != NULL) {
+ debug("cray_setup: ttyname true case, %.100s", ttyname);
+ while (valid_acct == -1) {
+ printf("Account (? for available accounts)"
+ " [%s]: ", acid2nam(ue.ue_acids[0]));
+ fgets(acct_name, MAXACID, stdin);
+ switch (acct_name[0]) {
+ case EOF:
+ exit(0);
+ break;
+ case '\0':
+ valid_acct = ue.ue_acids[0];
+ strlcpy(acct_name, acid2nam(valid_acct), MAXACID);
+ break;
+ case '?':
+ /* Print the list 3 wide */
+ for (i = 0, j = 0; i < MAXVIDS; i++) {
+ if (ue.ue_acids[i] == -1) {
+ printf("\n");
+ break;
+ }
+ if (++j == 4) {
+ j = 1;
+ printf("\n");
+ }
+ printf(" %s",
+ acid2nam(ue.ue_acids[i]));
+ }
+ if (ue.ue_permbits & PERMBITS_ACCTID) {
+ printf("\"acctid\" permbit also allows"
+ " you to select any valid "
+ "account name.\n");
+ }
+ printf("\n");
+ break;
+ default:
+ valid_acct = nam2acid(acct_name);
+ if (valid_acct == -1)
+ printf(
+ "Account id not found for"
+ " account name \"%s\"\n\n",
+ acct_name);
+ break;
+ }
+ /*
+ * If an account was given, search the user's
+ * acids array to verify they can use this account.
+ */
+ if ((valid_acct != -1) &&
+ !(ue.ue_permbits & PERMBITS_ACCTID)) {
+ for (i = 0; i < MAXVIDS; i++) {
+ if (ue.ue_acids[i] == -1)
+ break;
+ if (valid_acct == ue.ue_acids[i])
+ break;
+ }
+ if (i == MAXVIDS ||
+ ue.ue_acids[i] == -1) {
+ fprintf(stderr, "Cannot set"
+ " account name to "
+ "\"%s\", permission "
+ "denied\n\n", acct_name);
+ valid_acct = -1;
+ }
+ }
+ }
+ } else {
+ /*
+ * The client isn't connected to a terminal and can't
+ * respond to an acid prompt. Use default acid.
+ */
+ debug("cray_setup: ttyname false case, %.100s",
+ ttyname);
+ valid_acct = ue.ue_acids[0];
+ }
+ } else {
+ /*
+ * The user doesn't have the askacid permbit set or
+ * only has one valid account to use.
+ */
+ valid_acct = ue.ue_acids[0];
+ }
+ if (acctid(0, valid_acct) < 0) {
+ printf ("Bad account id: %d\n", valid_acct);
+ exit(1);
+ }
+
+ /*
+ * Now set shares, quotas, limits, including CPU time for the
+ * (interactive) job and process, and set up permissions
+ * (for chown etc), etc.
+ */
+ if (setshares(ue.ue_uid, valid_acct, printf, 0, 0)) {
+ printf("Unable to give %d shares to <%s>(%d/%d)\n",
+ ue.ue_shares, ue.ue_name, ue.ue_uid, valid_acct);
+ exit(1);
+ }