This does not include the deattack.c fixes.
20020925
- (bal) Fix issue where successfull login does not clear failure counts
in AIX. Patch by dtucker@zip.com.au ok by djm
+ - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
+ This does not include the deattack.c fixes.
20020923
- (djm) OpenBSD CVS Sync
/* Define if you don't want to use lastlog */
#undef DISABLE_LASTLOG
+/* Define if you don't want to use lastlog in session.c */
+#undef NO_SSH_LASTLOG
+
/* Define if you don't want to use utmp */
#undef DISABLE_UTMP
fatal("INTERNAL ERROR: authenticated invalid user %s",
authctxt->user);
+#ifdef _UNICOS
+ if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
+ cray_login_failure(authctxt->user, IA_UDBERR);
+ if (authenticated && cray_access_denied(authctxt->user)) {
+ authenticated = 0;
+ fatal("Access denied for user %s.",authctxt->user);
+ }
+#endif /* _UNICOS */
+
#ifdef HAVE_CYGWIN
if (authenticated &&
!check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) {
authenticated = 0;
#endif /* USE_PAM */
+#ifdef _UNICOS
+ if (authenticated && cray_access_denied(authctxt->user)) {
+ authenticated = 0;
+ fatal("Access denied for user %s.",authctxt->user);
+ }
+#endif /* _UNICOS */
+
/* Log before sending the reply */
auth_log(authctxt, authenticated, method, " ssh2");
if (authctxt->failures++ > AUTH_FAIL_MAX) {
packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
}
+#ifdef _UNICOS
+ if (strcmp(method, "password") == 0)
+ cray_login_failure(authctxt->user, IA_UDBERR);
+#endif /* _UNICOS */
methods = authmethods_get();
packet_start(SSH2_MSG_USERAUTH_FAILURE);
packet_put_cstring(methods);
no_libnsl=1
AC_DEFINE(USE_PIPES)
AC_DEFINE(DISABLE_FD_PASSING)
+ AC_DEFINE(NO_SSH_LASTLOG)
LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
MANTYPE=cat
# Checks for header files.
AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
- getopt.h glob.h lastlog.h limits.h login.h \
+ getopt.h glob.h ia.h lastlog.h limits.h login.h \
login_cap.h maillock.h netdb.h netgroup.h \
netinet/in_systm.h paths.h pty.h readpassphrase.h \
rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
sys/mman.h sys/select.h sys/stat.h \
sys/stropts.h sys/sysmacros.h sys/time.h \
- sys/un.h time.h ttyent.h usersec.h \
+ sys/un.h time.h tmpdir.h ttyent.h usersec.h \
util.h utime.h utmp.h utmpx.h)
# Checks for libraries.
# if (SIZEOF_SHORT_INT == 2)
typedef short int int16_t;
# else
-# if defined(_CRAY) && !defined(_CRAYSV2)
+# ifdef _UNICOS
# if (SIZEOF_SHORT_INT == 4)
typedef short int16_t;
# else
# endif
# else
# error "16 bit int type not found."
-# endif /* _CRAY */
+# endif /* _UNICOS */
# endif
# if (SIZEOF_INT == 4)
typedef int int32_t;
# else
-# if defined(_CRAY) && !defined(_CRAYSV2)
+# ifdef _UNICOS
typedef long int32_t;
# else
# error "32 bit int type not found."
-# endif /* _CRAY */
+# endif /* _UNICOS */
# endif
#endif
# if (SIZEOF_SHORT_INT == 2)
typedef unsigned short int u_int16_t;
# else
-# if defined(_CRAY) && !defined(_CRAYSV2)
+# ifdef _UNICOS
# if (SIZEOF_SHORT_INT == 4)
typedef unsigned short u_int16_t;
# else
# if (SIZEOF_INT == 4)
typedef unsigned int u_int32_t;
# else
-# if defined(_CRAY) && !defined(_CRAYSV2)
+# ifdef _UNICOS
typedef unsigned long u_int32_t;
# else
# error "32 bit int type not found."
# include <readpassphrase.h>
#endif
+#ifdef HAVE_IA_H
+# include <ia.h>
+#endif
+
+#ifdef HAVE_TMPDIR_H
+# include <tmpdir.h>
+#endif
+
#include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
#include "defines.h"
switch (li->type) {
case LTYPE_LOGIN:
ut->ut_type = USER_PROCESS;
-#if defined(_CRAY) && !defined(_CRAYSV2)
+#ifdef _UNICOS
cray_set_tmpdir(ut);
#endif
break;
case LTYPE_LOGOUT:
ut->ut_type = DEAD_PROCESS;
-#if defined(_CRAY) && !defined(_CRAYSV2)
+#ifdef _UNICOS
cray_retain_utmp(ut, li->pid);
#endif
break;
* on UNICOS systems.
*
*/
-#if defined(_CRAY) && !defined(_CRAYSV2)
+#ifdef _UNICOS
#include <udb.h>
#include <tmpdir.h>
#ifndef _BSD_CRAY_H
#define _BSD_CRAY_H
-#if defined(_CRAY) && !defined(_CRAYSV2)
+#ifdef _UNICOS
void cray_init_job(struct passwd *); /* init cray job */
void cray_job_termination_handler(int); /* process end of job signal */
void cray_login_failure(char *username, int errcode);
int save_errno = errno;
debug("Received SIGCHLD.");
child_terminated = 1;
+#ifndef _UNICOS
mysignal(SIGCHLD, sigchld_handler);
+#endif
notify_parent();
errno = save_errno;
}
perror("dup2 stderr");
#endif /* USE_PIPES */
+#ifdef _UNICOS
+ cray_init_job(s->pw); /* set up cray jid and tmpdir */
+#endif
+
/* Do processing for the child (exec command etc). */
do_child(s, command);
/* NOTREACHED */
}
+#ifdef _UNICOS
+ signal(WJSIGNAL, cray_job_termination_handler);
+#endif /* _UNICOS */
#ifdef HAVE_CYGWIN
if (is_winnt)
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
/* record login, etc. similar to login(1) */
#ifndef HAVE_OSF_SIA
- if (!(options.use_login && command == NULL))
+ if (!(options.use_login && command == NULL)) {
+#ifdef _UNICOS
+ cray_init_job(s->pw); /* set up cray jid and tmpdir */
+#endif /* _UNICOS */
do_login(s, command);
+ }
# ifdef LOGIN_NEEDS_UTMPX
else
do_pre_login(s);
do_child(s, command);
/* NOTREACHED */
}
+#ifdef _UNICOS
+ signal(WJSIGNAL, cray_job_termination_handler);
+#endif /* _UNICOS */
#ifdef HAVE_CYGWIN
if (is_winnt)
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
printf("%s\n", aixloginmsg);
#endif /* WITH_AIXAUTHENTICATE */
+#ifndef NO_SSH_LASTLOG
if (options.print_lastlog && s->last_login_time != 0) {
time_string = ctime(&s->last_login_time);
if (strchr(time_string, '\n'))
printf("Last login: %s from %s\r\n", time_string,
s->hostname);
}
+#endif /* NO_SSH_LASTLOG */
do_motd();
}
child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
original_command);
+#ifdef _UNICOS
+ if (cray_tmpdir[0] != '\0')
+ child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir);
+#endif /* _UNICOS */
+
#ifdef _AIX
{
char *cp;
if (options.use_login && command != NULL)
options.use_login = 0;
+#ifdef _UNICOS
+ cray_setup(pw->pw_uid, pw->pw_name, command);
+#endif /* _UNICOS */
+
/*
* Login(1) does this as well, and it needs uid 0 for the "-h"
* switch, so we let login(1) to this for us.
SYSLOG_FACILITY_AUTH : options.log_facility,
!inetd_flag);
-#if defined(_CRAY) && !defined(_CRAYSV2)
+#ifdef _UNICOS
/* Cray can define user privs drop all prives now!
* Not needed on PRIV_SU systems!
*/
}
return 1;
#else /* HAVE_DEV_PTS_AND_PTC */
-#if defined(_CRAY) && !defined(_CRAYSV2)
+#ifdef _UNICOS
char buf[64];
int i;
int highpty;
void *old;
#endif /* USE_VHANGUP */
-#if defined(_CRAY) && !defined(_CRAYSV2)
+#ifdef _UNICOS
if (setsid() < 0)
error("setsid: %.100s", strerror(errno));
error("%.100s: %.100s", ttyname, strerror(errno));
close(*ttyfd);
*ttyfd = fd;
-#else /* _CRAY */
+#else /* _UNICOS */
/* First disconnect from the old controlling tty. */
#ifdef TIOCNOTTY
strerror(errno));
else
close(fd);
-#endif /* _CRAY */
+#endif /* _UNICOS */
}
/* Changes the window size associated with the pty. */