]> andersk Git - openssh.git/blame - openbsd-compat/bsd-cray.c
andersk / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- (dtucker) Move handling of bad password authentications into a platform
[openssh.git] / openbsd-compat / bsd-cray.c
CommitLineData
0c83d9ea 1/*
2 * $Id$
3 *
4 * bsd-cray.c
5 *
6 * Copyright (c) 2002, Cray Inc. (Wendy Palm <wendyp@cray.com>)
7 * Significant portions provided by
8 * Wayne Schroeder, SDSC <schroeder@sdsc.edu>
9 * William Jones, UTexas <jones@tacc.utexas.edu>
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 * 1. Redistributions of source code must retain the above copyright
15 * notice, this list of conditions and the following disclaimer.
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in the
18 * documentation and/or other materials provided with the distribution.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 *
31 * Created: Apr 22 16.34:00 2002 wp
32 *
33 * This file contains functions required for proper execution
34 * on UNICOS systems.
35 *
ca5c7d6a 36 */
ef51930f 37#ifdef _UNICOS
ca5c7d6a 38
ca5c7d6a 39#include <udb.h>
40#include <tmpdir.h>
41#include <unistd.h>
42#include <sys/category.h>
43#include <utmp.h>
44#include <sys/jtab.h>
45#include <signal.h>
1a23ac2c 46#include <sys/priv.h>
47#include <sys/secparm.h>
56b54901 48#include <sys/tfm.h>
1a23ac2c 49#include <sys/usrv.h>
50#include <sys/sysv.h>
51#include <sys/sectab.h>
56b54901 52#include <sys/secstat.h>
ca5c7d6a 53#include <sys/stat.h>
56b54901 54#include <sys/session.h>
ca5c7d6a 55#include <stdlib.h>
56#include <pwd.h>
57#include <fcntl.h>
58#include <errno.h>
56b54901 59#include <ia.h>
60#include <urm.h>
61#include "ssh.h"
62#include "log.h"
63#include "servconf.h"
1a23ac2c 64#include "bsd-cray.h"
65
56b54901 66#define MAXACID 80
67
68extern ServerOptions options;
69
68187931 70char cray_tmpdir[TPATHSIZ+1]; /* job TMPDIR path */
ca5c7d6a 71
56b54901 72struct sysv sysv; /* system security structure */
73struct usrv usrv; /* user security structure */
74
ca5c7d6a 75/*
76 * Functions.
77 */
ca5c7d6a 78void cray_retain_utmp(struct utmp *, int);
8280a5ae 79void cray_delete_tmpdir(char *, int, uid_t);
ca5c7d6a 80void cray_init_job(struct passwd *);
81void cray_set_tmpdir(struct utmp *);
56b54901 82void cray_login_failure(char *, int);
83int cray_setup(uid_t, char *, const char *);
84int cray_access_denied(char *);
85
86void
87cray_login_failure(char *username, int errcode)
88{
89 struct udb *ueptr; /* UDB pointer for username */
90 ia_failure_t fsent; /* ia_failure structure */
91 ia_failure_ret_t fret; /* ia_failure return stuff */
92 struct jtab jtab; /* job table structure */
93 int jid = 0; /* job id */
94
95 if ((jid = getjtab(&jtab)) < 0) {
96 debug("cray_login_failure(): getjtab error");
97 }
98 getsysudb();
99 if ((ueptr = getudbnam(username)) == UDB_NULL) {
100 debug("cray_login_failure(): getudbname() returned NULL");
101 }
102 endudb();
103 fsent.revision = 0;
104 fsent.uname = username;
105 fsent.host = (char *)get_canonical_hostname(options.verify_reverse_mapping);
106 fsent.ttyn = "sshd";
107 fsent.caller = IA_SSHD;
108 fsent.flags = IA_INTERACTIVE;
109 fsent.ueptr = ueptr;
110 fsent.jid = jid;
111 fsent.errcode = errcode;
112 fsent.pwdp = NULL;
113 fsent.exitcode = 0; /* dont exit in ia_failure() */
114
115 fret.revision = 0;
116 fret.normal = 0;
ca5c7d6a 117
56b54901 118 /*
119 * Call ia_failure because of an login failure.
120 */
121 ia_failure(&fsent,&fret);
122}
1a23ac2c 123
68187931 124/*
56b54901 125 * Cray access denied
126 */
127int
128cray_access_denied(char *username)
ca5c7d6a 129{
56b54901 130 struct udb *ueptr; /* UDB pointer for username */
131 int errcode; /* IA errorcode */
132
133 errcode = 0;
134 getsysudb();
135 if ((ueptr = getudbnam(username)) == UDB_NULL) {
136 debug("cray_login_failure(): getudbname() returned NULL");
137 }
138 endudb();
139 if (ueptr && ueptr->ue_disabled)
140 errcode = IA_DISABLED;
141 if (errcode)
142 cray_login_failure(username, errcode);
143 return (errcode);
144}
145
73d9dad3 146/*
147 * record_failed_login: generic "login failed" interface function
148 */
149record_failed_login(const char *user, const char *ttyname)
150{
151 cray_login_failure((char *)user, IA_UDBERR);
152}
153
56b54901 154int
155cray_setup (uid_t uid, char *username, const char *command)
156{
157 extern struct udb *getudb();
ca5c7d6a 158 extern char *setlimits();
68187931 159
56b54901 160 int err; /* error return */
161 time_t system_time; /* current system clock */
162 time_t expiration_time; /* password expiration time */
163 int maxattempts; /* maximum no. of failed login attempts */
164 int SecureSys; /* unicos security flag */
165 int minslevel = 0; /* system minimum security level */
166 int i, j;
167 int valid_acct = -1; /* flag for reading valid acct */
168 char acct_name[MAXACID] = { "" }; /* used to read acct name */
169 struct jtab jtab; /* Job table struct */
170 struct udb ue; /* udb entry for logging-in user */
171 struct udb *up; /* pointer to UDB entry */
172 struct secstat secinfo; /* file security attributes */
173 struct servprov init_info; /* used for sesscntl() call */
174 int jid; /* job ID */
175 int pid; /* process ID */
176 char *sr; /* status return from setlimits() */
177 char *ttyn = NULL; /* ttyname or command name*/
178 char hostname[MAXHOSTNAMELEN];
179 passwd_t pwdacm,
180 pwddialup,
181 pwdudb,
182 pwdwal,
183 pwddce; /* passwd stuff for ia_user */
184 ia_user_ret_t uret; /* stuff returned from ia_user */
185 ia_user_t usent; /* ia_user main structure */
186 int ia_rcode; /* ia_user return code */
187 ia_failure_t fsent; /* ia_failure structure */
188 ia_failure_ret_t fret; /* ia_failure return stuff */
189 ia_success_t ssent; /* ia_success structure */
190 ia_success_ret_t sret; /* ia_success return stuff */
191 int ia_mlsrcode; /* ia_mlsuser return code */
192 int secstatrc; /* [f]secstat return code */
193
194 if (SecureSys = (int)sysconf(_SC_CRAY_SECURE_SYS)) {
195 getsysv(&sysv, sizeof(struct sysv));
196 minslevel = sysv.sy_minlvl;
197 if (getusrv(&usrv) < 0) {
198 debug("getusrv() failed, errno = %d",errno);
199 exit(1);
200 }
68187931 201 }
56b54901 202 hostname[0] = '\0';
203 strncpy(hostname,
204 (char *)get_canonical_hostname(options.verify_reverse_mapping),
205 MAXHOSTNAMELEN);
206 /*
207 * Fetch user's UDB entry.
208 */
209 getsysudb();
210 if ((up = getudbnam(username)) == UDB_NULL) {
211 debug("cannot fetch user's UDB entry");
212 exit(1);
213 }
214
215 /*
216 * Prevent any possible fudging so perform a data
217 * safety check and compare the supplied uid against
218 * the udb's uid.
219 */
220 if (up->ue_uid != uid) {
221 debug("IA uid missmatch");
222 exit(1);
223 }
224 endudb();
225
226 if ((jid = getjtab (&jtab)) < 0) {
227 debug("getjtab");
228 return -1;
229 }
230 pid = getpid();
231 ttyn = ttyname(0);
232 if (SecureSys) {
233 if (ttyn) {
234 secstatrc = secstat(ttyn, &secinfo);
235 } else {
236 secstatrc = fsecstat(1, &secinfo);
237 }
238 if (secstatrc == 0) {
239 debug("[f]secstat() successful");
240 } else {
241 debug("[f]secstat() error, rc = %d", secstatrc);
242 exit(1);
243 }
244 }
245 if ((ttyn == NULL) && ((char *)command != NULL))
246 ttyn = (char *)command;
247 /*
248 * Initialize all structures to call ia_user
249 */
250 usent.revision = 0;
251 usent.uname = username;
252 usent.host = hostname;
253 usent.ttyn = ttyn;
254 usent.caller = IA_SSHD;
255 usent.pswdlist = &pwdacm;
256 usent.ueptr = &ue;
257 usent.flags = IA_INTERACTIVE | IA_FFLAG;
258 pwdacm.atype = IA_SECURID;
259 pwdacm.pwdp = NULL;
260 pwdacm.next = &pwdudb;
261
262 pwdudb.atype = IA_UDB;
263 pwdudb.pwdp = NULL;
264 pwdudb.next = &pwddce;
265
266 pwddce.atype = IA_DCE;
267 pwddce.pwdp = NULL;
268 pwddce.next = &pwddialup;
269
270 pwddialup.atype = IA_DIALUP;
271 pwddialup.pwdp = NULL;
272 /* pwddialup.next = &pwdwal; */
273 pwddialup.next = NULL;
274
275 pwdwal.atype = IA_WAL;
276 pwdwal.pwdp = NULL;
277 pwdwal.next = NULL;
278
279 uret.revision = 0;
280 uret.pswd = NULL;
281 uret.normal = 0;
282
283 ia_rcode = ia_user(&usent, &uret);
284
285 switch (ia_rcode) {
286 /*
287 * These are acceptable return codes from ia_user()
288 */
289 case IA_UDBWEEK: /* Password Expires in 1 week */
290 expiration_time = ue.ue_pwage.time + ue.ue_pwage.maxage;
291 printf ("WARNING - your current password will expire %s\n",
292 ctime((const time_t *)&expiration_time));
293 break;
294 case IA_UDBEXPIRED:
295 if (ttyname(0) != NULL) {
296 /* Force a password change */
297 printf("Your password has expired; Choose a new one.\n");
298 execl("/bin/passwd", "passwd", username, 0);
299 exit(9);
300 }
301
302 break;
303 case IA_NORMAL: /* Normal Return Code */
304 break;
305 case IA_BACKDOOR:
306 strcpy(ue.ue_name, "root");
307 strcpy(ue.ue_passwd, "");
308 strcpy(ue.ue_dir, "/");
309 strcpy(ue.ue_shell, "/bin/sh");
310 strcpy(ue.ue_age, "");
311 strcpy(ue.ue_comment, "");
312 strcpy(ue.ue_loghost, "");
313 strcpy(ue.ue_logline, "");
314 ue.ue_uid=-1;
315 ue.ue_nice[UDBRC_INTER]=0;
316 for (i=0;i<MAXVIDS;i++)
317 ue.ue_gids[i]=0;
318 ue.ue_logfails=0;
319 ue.ue_minlvl=minslevel;
320 ue.ue_maxlvl=minslevel;
321 ue.ue_deflvl=minslevel;
322 ue.ue_defcomps=0;
323 ue.ue_comparts=0;
324 ue.ue_permits=0;
325 ue.ue_trap=0;
326 ue.ue_disabled=0;
327 ue.ue_logtime=0;
328 break;
329 case IA_CONSOLE: /* Superuser not from Console */
330 case IA_TRUSTED: /* Trusted user */
331 if (options.permit_root_login > PERMIT_NO)
332 break; /* Accept root login */
333 default:
334 /*
335 * These are failed return codes from ia_user()
336 */
337 switch (ia_rcode)
338 {
339 case IA_BADAUTH:
340 printf ("Bad authorization, access denied.\n");
341 break;
342 case IA_DIALUPERR:
343 break;
344 case IA_DISABLED:
345 printf ("Your login has been disabled. Contact the system ");
346 printf ("administrator for assistance.\n");
347 break;
348 case IA_GETSYSV:
349 printf ("getsysv() failed - errno = %d\n", errno);
350 break;
351 case IA_LOCALHOST:
352 break;
353 case IA_MAXLOGS:
354 printf ("Maximum number of failed login attempts exceeded.\n");
355 printf ("Access denied.\n");
356 break;
357 case IA_NOPASS:
358 break;
359 case IA_PUBLIC:
360 break;
361 case IA_SECURIDERR:
362 break;
363 case IA_CONSOLE:
364 break;
365 case IA_TRUSTED:
366 break;
367 case IA_UDBERR:
368 break;
369 case IA_UDBPWDNULL:
370 /*
371 * NULL password not allowed on MLS systems
372 */
373 if (SecureSys) {
374 printf("NULL Password not allowed on MLS systems.\n");
375 }
376 break;
377 case IA_UNKNOWN:
378 break;
379 case IA_UNKNOWNYP:
380 break;
381 case IA_WALERR:
382 break;
383 default:
384 /* nothing special */
385 ;
386 } /* 2. switch (ia_rcode) */
387 /*
388 * Authentication failed.
389 */
390 printf("sshd: Login incorrect, (0%o)\n",
391 ia_rcode-IA_ERRORCODE);
392
393 /*
394 * Initialize structure for ia_failure
395 * which will exit.
396 */
397 fsent.revision = 0;
398 fsent.uname = username;
399 fsent.host = hostname;
400 fsent.ttyn = ttyn;
401 fsent.caller = IA_SSHD;
402 fsent.flags = IA_INTERACTIVE;
403 fsent.ueptr = &ue;
404 fsent.jid = jid;
405 fsent.errcode = ia_rcode;
406 fsent.pwdp = uret.pswd;
407 fsent.exitcode = 1;
408
409 fret.revision = 0;
410 fret.normal = 0;
411
412 /*
413 * Call ia_failure because of an IA failure.
414 * There is no return because ia_failure exits.
415 */
416
417 ia_failure(&fsent,&fret);
418
419 exit(1);
420 } /* 1. switch (ia_rcode) */
421 ia_mlsrcode = IA_NORMAL;
422 if (SecureSys) {
423 debug("calling ia_mlsuser()");
424 ia_mlsrcode = ia_mlsuser (&ue, &secinfo, &usrv, NULL, 0);
425 }
426 if (ia_mlsrcode != IA_NORMAL) {
427 printf("sshd: Login incorrect, (0%o)\n",
428 ia_mlsrcode-IA_ERRORCODE);
429 /*
430 * Initialize structure for ia_failure
431 * which will exit.
432 */
433 fsent.revision = 0;
434 fsent.uname = username;
435 fsent.host = hostname;
436 fsent.ttyn = ttyn;
437 fsent.caller = IA_SSHD;
438 fsent.flags = IA_INTERACTIVE;
439 fsent.ueptr = &ue;
440 fsent.jid = jid;
441 fsent.errcode = ia_mlsrcode;
442 fsent.pwdp = uret.pswd;
443 fsent.exitcode = 1;
444 fret.revision = 0;
445 fret.normal = 0;
446
447 /*
448 * Call ia_failure because of an IA failure.
449 * There is no return because ia_failure exits.
450 */
451 ia_failure(&fsent,&fret);
452 exit(1);
1a23ac2c 453 }
ca5c7d6a 454
56b54901 455 /* Provide login status information */
456 if (options.print_lastlog && ue.ue_logtime != 0) {
457 printf("Last successful login was : %.*s ",
458 19, (char *)ctime(&ue.ue_logtime));
459
460 if (*ue.ue_loghost != '\0')
461 printf("from %.*s\n", sizeof(ue.ue_loghost), ue.ue_loghost);
462
463 else printf("on %.*s\n", sizeof(ue.ue_logline), ue.ue_logline);
464
465 if ( SecureSys && (ue.ue_logfails != 0))
466 printf(" followed by %d failed attempts\n", ue.ue_logfails);
467 }
468
469
470 /*
471 * Call ia_success to process successful I/A.
472 */
473 ssent.revision = 0;
474 ssent.uname = username;
475 ssent.host = hostname;
476 ssent.ttyn = ttyn;
477 ssent.caller = IA_SSHD;
478 ssent.flags = IA_INTERACTIVE;
479 ssent.ueptr = &ue;
480 ssent.jid = jid;
481 ssent.errcode = ia_rcode;
482 ssent.us = NULL;
483 ssent.time = 1; /* Set ue_logtime */
484
485 sret.revision = 0;
486 sret.normal = 0;
487
488 ia_success(&ssent,&sret);
489
490 /*
491 * Query for account, iff > 1 valid acid & askacid permbit
492 */
493 if (((ue.ue_permbits & PERMBITS_ACCTID) ||
494 (ue.ue_acids[0] >= 0) && (ue.ue_acids[1] >= 0)) &&
495 ue.ue_permbits & PERMBITS_ASKACID) {
496 if (ttyname(0) != NULL) {
497 debug("cray_setup: ttyname true case, %.100s", ttyname);
498 while (valid_acct == -1) {
499 printf("Account (? for available accounts)"
500 " [%s]: ", acid2nam(ue.ue_acids[0]));
501 gets(acct_name);
502 switch (acct_name[0]) {
503 case EOF:
504 exit(0);
505 break;
506 case '\0':
507 valid_acct = ue.ue_acids[0];
508 strcpy(acct_name, acid2nam(valid_acct));
509 break;
510 case '?':
511 /* Print the list 3 wide */
512 for (i = 0, j = 0; i < MAXVIDS; i++) {
513 if (ue.ue_acids[i] == -1) {
514 printf("\n");
515 break;
516 }
517 if (++j == 4) {
518 j = 1;
519 printf("\n");
520 }
521 printf(" %s",
522 acid2nam(ue.ue_acids[i]));
523 }
524 if (ue.ue_permbits & PERMBITS_ACCTID)
525 printf("\"acctid\" permbit also allows"
526 " you to select any valid "
527 "account name.\n");
528 printf("\n");
529 break;
530 default:
531 if ((valid_acct = nam2acid(acct_name)) == -1) printf("Account id not found for"
532 " account name \"%s\"\n\n",
533 acct_name);
534 break;
535 }
536 /*
537 * If an account was given, search the user's
538 * acids array to verify they can use this account.
539 */
540 if ((valid_acct != -1) &&
541 !(ue.ue_permbits & PERMBITS_ACCTID)) {
542 for (i = 0; i < MAXVIDS; i++) {
543 if (ue.ue_acids[i] == -1)
544 break;
545 if (valid_acct == ue.ue_acids[i])
546 break;
547 }
548 if (i == MAXVIDS ||
549 ue.ue_acids[i] == -1) {
550 fprintf(stderr, "Cannot set"
551 " account name to "
552 "\"%s\", permission "
553 "denied\n\n", acct_name);
554 valid_acct = -1;
555 }
556 }
557 }
558 } else {
559 /*
560 * The client isn't connected to a terminal and can't
561 * respond to an acid prompt. Use default acid.
562 */
563 debug("cray_setup: ttyname false case, %.100s", ttyname);
564 valid_acct = ue.ue_acids[0];
565 }
566 } else {
567 /*
568 * The user doesn't have the askacid permbit set or
569 * only has one valid account to use.
570 */
571 valid_acct = ue.ue_acids[0];
572 }
573 if (acctid(0, valid_acct) < 0) {
574 printf ("Bad account id: %d\n", valid_acct);
575 exit(1);
576 }
577
578/* set up shares and quotas */
579/* Now set shares, quotas, limits, including CPU time for the (interactive)
580 * job and process, and set up permissions (for chown etc), etc.
581 */
582 if (setshares(ue.ue_uid, valid_acct, printf, 0, 0)) {
583 printf("Unable to give %d shares to <%s>(%d/%d)\n", ue.ue_shares, ue.ue_name, ue.ue_uid, valid_acct);
584 exit(1);
585 }
1a23ac2c 586
68187931 587 sr = setlimits(username, C_PROC, pid, UDBRC_INTER);
56b54901 588 if (sr != NULL) {
589 debug("%.200s", sr);
590 exit(1);
591 }
68187931 592 sr = setlimits(username, C_JOB, jid, UDBRC_INTER);
56b54901 593 if (sr != NULL) {
594 debug("%.200s", sr);
595 exit(1);
596 }
597 /*
598 * Place the service provider information into
599 * the session table (Unicos) or job table (Unicos/mk).
600 * There exist double defines for the job/session table in
601 * unicos/mk (jtab.h) so no need for a compile time switch.
602 */
603 bzero((char *)&init_info, sizeof(struct servprov));
604 init_info.s_sessinit.si_id = URM_SPT_LOGIN;
605 init_info.s_sessinit.si_pid = getpid();
606 init_info.s_sessinit.si_sid = jid;
607 init_info.s_routing.seqno = 0;
608 init_info.s_routing.iadrs = 0;
609 sesscntl(0, S_SETSERVPO, (int)&init_info);
1a23ac2c 610
56b54901 611 /*
612 * Set user and controlling tty security attributes.
613 */
614 if (SecureSys) {
615 if (setusrv(&usrv) == -1) {
616 debug("setusrv() failed, errno = %d",errno);
617 exit(1);
618 }
619 }
620
621 return(0);
68187931 622}
1a23ac2c 623
68187931 624/*
1a23ac2c 625 * The rc.* and /etc/sdaemon methods of starting a program on unicos/unicosmk
626 * can have pal privileges that sshd can inherit which
627 * could allow a user to su to root with out a password.
628 * This subroutine clears all privileges.
629 */
630void
631drop_cray_privs()
632{
633#if defined(_SC_CRAY_PRIV_SU)
68187931 634 priv_proc_t* privstate;
635 int result;
636 extern int priv_set_proc();
637 extern priv_proc_t* priv_init_proc();
1a23ac2c 638
639 /*
640 * If ether of theses two flags are not set
68187931 641 * then don't allow this version of ssh to run.
642 */
643 if (!sysconf(_SC_CRAY_PRIV_SU))
644 fatal("Not PRIV_SU system.");
645 if (!sysconf(_SC_CRAY_POSIX_PRIV))
646 fatal("Not POSIX_PRIV.");
1a23ac2c 647
56b54901 648 debug("Setting MLS labels.");;
649
650 if (sysconf(_SC_CRAY_SECURE_MAC)) {
651 usrv.sv_minlvl = SYSLOW;
652 usrv.sv_actlvl = SYSHIGH;
653 usrv.sv_maxlvl = SYSHIGH;
654 } else {
655 usrv.sv_minlvl = sysv.sy_minlvl;
656 usrv.sv_actlvl = sysv.sy_minlvl;
657 usrv.sv_maxlvl = sysv.sy_maxlvl;
658 }
659 usrv.sv_actcmp = 0;
660 usrv.sv_valcmp = sysv.sy_valcmp;
661
662 usrv.sv_intcat = TFM_SYSTEM;
663 usrv.sv_valcat |= (TFM_SYSTEM | TFM_SYSFILE);
1a23ac2c 664
68187931 665 if (setusrv(&usrv) < 0)
8280a5ae 666 fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__,
68187931 667 strerror(errno));
ca5c7d6a 668
1a23ac2c 669 if ((privstate = priv_init_proc()) != NULL) {
68187931 670 result = priv_set_proc(privstate);
671 if (result != 0 )
8280a5ae 672 fatal("%s(%d): priv_set_proc(): %s",
68187931 673 __FILE__, __LINE__, strerror(errno));
674 priv_free_proc(privstate);
675 }
676 debug ("Privileges should be cleared...");
1a23ac2c 677#else
68187931 678 /* XXX: do this differently */
679# error Cray systems must be run with _SC_CRAY_PRIV_SU on!
1a23ac2c 680#endif
ca5c7d6a 681}
682
683
684/*
685 * Retain utmp/wtmp information - used by cray accounting.
686 */
687void
688cray_retain_utmp(struct utmp *ut, int pid)
689{
690 int fd;
68187931 691 struct utmp utmp;
692
693 if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) {
694 while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) {
695 if (pid == utmp.ut_pid) {
696 ut->ut_jid = utmp.ut_jid;
4809bc4c 697 strncpy(ut->ut_tpath, utmp.ut_tpath, sizeof(utmp.ut_tpath));
698 strncpy(ut->ut_host, utmp.ut_host, sizeof(utmp.ut_host));
699 strncpy(ut->ut_name, utmp.ut_name, sizeof(utmp.ut_name));
68187931 700 break;
ca5c7d6a 701 }
702 }
703 close(fd);
68187931 704 }
56b54901 705 else
706 fatal("Unable to open utmp file");
ca5c7d6a 707}
708
709/*
710 * tmpdir support.
711 */
712
713/*
714 * find and delete jobs tmpdir.
715 */
716void
717cray_delete_tmpdir(char *login, int jid, uid_t uid)
718{
719 int child;
68187931 720 static char jtmp[TPATHSIZ];
721 struct stat statbuf;
722 int c;
723 int wstat;
724
725 for (c = 'a'; c <= 'z'; c++) {
726 snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c);
727 if (stat(jtmp, &statbuf) == 0 && statbuf.st_uid == uid)
728 break;
729 }
ca5c7d6a 730
68187931 731 if (c > 'z')
732 return;
ca5c7d6a 733
68187931 734 if ((child = fork()) == 0) {
8280a5ae 735 execl(CLEANTMPCMD, CLEANTMPCMD, login, jtmp, (char *)NULL);
68187931 736 fatal("cray_delete_tmpdir: execl of CLEANTMPCMD failed");
737 }
ca5c7d6a 738
68187931 739 while (waitpid(child, &wstat, 0) == -1 && errno == EINTR)
740 ;
ca5c7d6a 741}
742
743/*
744 * Remove tmpdir on job termination.
745 */
746void
68187931 747cray_job_termination_handler(int sig)
ca5c7d6a 748{
749 int jid;
750 char *login = NULL;
751 struct jtab jtab;
752
56b54901 753 debug("received signal %d",sig);
ca5c7d6a 754
755 if ((jid = waitjob(&jtab)) == -1 ||
68187931 756 (login = uid2nam(jtab.j_uid)) == NULL)
757 return;
ca5c7d6a 758
759 cray_delete_tmpdir(login, jid, jtab.j_uid);
760}
761
ca5c7d6a 762/*
763 * Set job id and create tmpdir directory.
764 */
68187931 765void
ca5c7d6a 766cray_init_job(struct passwd *pw)
68187931 767{
768 int jid;
769 int c;
770
771 jid = setjob(pw->pw_uid, WJSIGNAL);
772 if (jid < 0)
773 fatal("System call setjob failure");
774
775 for (c = 'a'; c <= 'z'; c++) {
776 snprintf(cray_tmpdir, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c);
777 if (mkdir(cray_tmpdir, JTMPMODE) != 0)
778 continue;
779 if (chown(cray_tmpdir, pw->pw_uid, pw->pw_gid) != 0) {
780 rmdir(cray_tmpdir);
781 continue;
782 }
783 break;
784 }
785
786 if (c > 'z')
787 cray_tmpdir[0] = '\0';
788}
ca5c7d6a 789
790void
791cray_set_tmpdir(struct utmp *ut)
68187931 792{
793 int jid;
794 struct jtab jbuf;
ca5c7d6a 795
68187931 796 if ((jid = getjtab(&jbuf)) < 0)
797 return;
ca5c7d6a 798
799 /*
800 * Set jid and tmpdir in utmp record.
68187931 801 */
ca5c7d6a 802 ut->ut_jid = jid;
803 strncpy(ut->ut_tpath, cray_tmpdir, TPATHSIZ);
68187931 804}
ca5c7d6a 805#endif
git-cvsimport mirror of OpenSSH
This page took 5.24766 seconds and 5 git commands to generate.