diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2001-08-06 23:29:16 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-08-06 23:29:16 +0000 |
commit | 6db66ff3877f52110cda3104e798d91091af7200 (patch) | |
tree | 29ce760512a91bdd7bdc6a7961e3d851404afeff | |
parent | ff2866cf5198be7669423641538bb910080ee029 (diff) |
- (bal) Second around of UNICOS patches. A few other things left.
Patches by William L. Jones <jones@mail.utexas.edu>
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | configure.in | 3 | ||||
-rw-r--r-- | loginrec.c | 8 | ||||
-rw-r--r-- | openbsd-compat/bsd-cray.c | 123 | ||||
-rw-r--r-- | openbsd-compat/openbsd-compat.h | 5 | ||||
-rw-r--r-- | sshd.c | 7 | ||||
-rw-r--r-- | sshpty.c | 59 |
7 files changed, 161 insertions, 52 deletions
@@ -98,7 +98,7 @@ | |||
98 | [ssh-keygen.c] | 98 | [ssh-keygen.c] |
99 | allow uploading RSA keys for non-default AUT0 (sha1 over passphrase | 99 | allow uploading RSA keys for non-default AUT0 (sha1 over passphrase |
100 | like sectok). | 100 | like sectok). |
101 | - markus@cvs.openbsd.org 2001/08/01 23:38:45 | 101 | - markus@cvs.openbsd.org 2001/08/01 23:38:45 |
102 | [scard.c ssh.c] | 102 | [scard.c ssh.c] |
103 | support finish rsa keys. | 103 | support finish rsa keys. |
104 | free public keys after login -> call finish -> close smartcard. | 104 | free public keys after login -> call finish -> close smartcard. |
@@ -122,7 +122,7 @@ | |||
122 | - jakob@cvs.openbsd.org 2001/08/02 15:43:57 | 122 | - jakob@cvs.openbsd.org 2001/08/02 15:43:57 |
123 | [ssh-agent.c ssh.c ssh-keygen.c] | 123 | [ssh-agent.c ssh.c ssh-keygen.c] |
124 | add /* SMARTCARD */ to #else/#endif. ok markus@ | 124 | add /* SMARTCARD */ to #else/#endif. ok markus@ |
125 | - jakob@cvs.openbsd.org 2001/08/02 16:14:05 | 125 | - jakob@cvs.openbsd.org 2001/08/02 16:14:05 |
126 | [scard.c ssh-agent.c ssh.c ssh-keygen.c] | 126 | [scard.c ssh-agent.c ssh.c ssh-keygen.c] |
127 | clean up some /* SMARTCARD */. ok markus@ | 127 | clean up some /* SMARTCARD */. ok markus@ |
128 | - mpech@cvs.openbsd.org 2001/08/02 18:37:35 | 128 | - mpech@cvs.openbsd.org 2001/08/02 18:37:35 |
@@ -148,6 +148,8 @@ | |||
148 | [scp.c] | 148 | [scp.c] |
149 | use alarm vs. setitimer for portable; ok markus@ | 149 | use alarm vs. setitimer for portable; ok markus@ |
150 | - (bal) ssh-keyscan double -lssh hack due to seed_rng(). | 150 | - (bal) ssh-keyscan double -lssh hack due to seed_rng(). |
151 | - (bal) Second around of UNICOS patches. A few other things left. | ||
152 | Patches by William L. Jones <jones@mail.utexas.edu> | ||
151 | 153 | ||
152 | 20010803 | 154 | 20010803 |
153 | - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on | 155 | - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on |
@@ -6258,4 +6260,4 @@ | |||
6258 | - Wrote replacements for strlcpy and mkdtemp | 6260 | - Wrote replacements for strlcpy and mkdtemp |
6259 | - Released 1.0pre1 | 6261 | - Released 1.0pre1 |
6260 | 6262 | ||
6261 | $Id: ChangeLog,v 1.1466 2001/08/06 22:56:46 mouring Exp $ | 6263 | $Id: ChangeLog,v 1.1467 2001/08/06 23:29:16 mouring Exp $ |
diff --git a/configure.in b/configure.in index 75b3626d2..4210d3e94 100644 --- a/configure.in +++ b/configure.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.in,v 1.304 2001/07/24 17:00:14 mouring Exp $ | 1 | # $Id: configure.in,v 1.305 2001/08/06 23:29:17 mouring Exp $ |
2 | 2 | ||
3 | AC_INIT(ssh.c) | 3 | AC_INIT(ssh.c) |
4 | 4 | ||
@@ -1453,6 +1453,7 @@ if (test -z "$RANDOM_POOL" && test -z "$PRNGD") ; then | |||
1453 | OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig) | 1453 | OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig) |
1454 | OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat) | 1454 | OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat) |
1455 | OSSH_PATH_ENTROPY_PROG(PROG_PS, ps) | 1455 | OSSH_PATH_ENTROPY_PROG(PROG_PS, ps) |
1456 | OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar) | ||
1456 | OSSH_PATH_ENTROPY_PROG(PROG_W, w) | 1457 | OSSH_PATH_ENTROPY_PROG(PROG_W, w) |
1457 | OSSH_PATH_ENTROPY_PROG(PROG_WHO, who) | 1458 | OSSH_PATH_ENTROPY_PROG(PROG_WHO, who) |
1458 | OSSH_PATH_ENTROPY_PROG(PROG_LAST, last) | 1459 | OSSH_PATH_ENTROPY_PROG(PROG_LAST, last) |
diff --git a/loginrec.c b/loginrec.c index e121ce354..5789aad76 100644 --- a/loginrec.c +++ b/loginrec.c | |||
@@ -163,7 +163,7 @@ | |||
163 | #include "log.h" | 163 | #include "log.h" |
164 | #include "atomicio.h" | 164 | #include "atomicio.h" |
165 | 165 | ||
166 | RCSID("$Id: loginrec.c,v 1.33 2001/05/08 20:33:06 mouring Exp $"); | 166 | RCSID("$Id: loginrec.c,v 1.34 2001/08/06 23:29:17 mouring Exp $"); |
167 | 167 | ||
168 | #ifdef HAVE_UTIL_H | 168 | #ifdef HAVE_UTIL_H |
169 | # include <util.h> | 169 | # include <util.h> |
@@ -616,9 +616,15 @@ construct_utmp(struct logininfo *li, | |||
616 | switch (li->type) { | 616 | switch (li->type) { |
617 | case LTYPE_LOGIN: | 617 | case LTYPE_LOGIN: |
618 | ut->ut_type = USER_PROCESS; | 618 | ut->ut_type = USER_PROCESS; |
619 | #ifdef _CRAY | ||
620 | cray_set_tmpdir(ut); | ||
621 | #endif | ||
619 | break; | 622 | break; |
620 | case LTYPE_LOGOUT: | 623 | case LTYPE_LOGOUT: |
621 | ut->ut_type = DEAD_PROCESS; | 624 | ut->ut_type = DEAD_PROCESS; |
625 | #ifdef _CRAY | ||
626 | cray_retain_utmp(ut, li->pid); | ||
627 | #endif | ||
622 | break; | 628 | break; |
623 | } | 629 | } |
624 | # endif | 630 | # endif |
diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c index c887322cb..a11a5b6aa 100644 --- a/openbsd-compat/bsd-cray.c +++ b/openbsd-compat/bsd-cray.c | |||
@@ -12,18 +12,24 @@ | |||
12 | #include <utmp.h> | 12 | #include <utmp.h> |
13 | #include <sys/jtab.h> | 13 | #include <sys/jtab.h> |
14 | #include <signal.h> | 14 | #include <signal.h> |
15 | #include <sys/priv.h> | ||
16 | #include <sys/secparm.h> | ||
17 | #include <sys/usrv.h> | ||
18 | #include <sys/sysv.h> | ||
19 | #include <sys/sectab.h> | ||
15 | #include <sys/stat.h> | 20 | #include <sys/stat.h> |
16 | #include <stdlib.h> | 21 | #include <stdlib.h> |
17 | #include <pwd.h> | 22 | #include <pwd.h> |
18 | #include <fcntl.h> | 23 | #include <fcntl.h> |
19 | #include <errno.h> | 24 | #include <errno.h> |
20 | 25 | ||
26 | #include "bsd-cray.h" | ||
27 | |||
21 | char cray_tmpdir[TPATHSIZ+1]; /* job TMPDIR path */ | 28 | char cray_tmpdir[TPATHSIZ+1]; /* job TMPDIR path */ |
22 | 29 | ||
23 | /* | 30 | /* |
24 | * Functions. | 31 | * Functions. |
25 | */ | 32 | */ |
26 | int cray_setup(uid_t, char *); | ||
27 | void cray_retain_utmp(struct utmp *, int); | 33 | void cray_retain_utmp(struct utmp *, int); |
28 | void cray_create_tmpdir(int, uid_t, gid_t); | 34 | void cray_create_tmpdir(int, uid_t, gid_t); |
29 | void cray_delete_tmpdir(char *, int , uid_t); | 35 | void cray_delete_tmpdir(char *, int , uid_t); |
@@ -31,17 +37,17 @@ void cray_job_termination_handler (int); | |||
31 | void cray_init_job(struct passwd *); | 37 | void cray_init_job(struct passwd *); |
32 | void cray_set_tmpdir(struct utmp *); | 38 | void cray_set_tmpdir(struct utmp *); |
33 | 39 | ||
40 | |||
34 | /* | 41 | /* |
35 | * Orignal written by: | 42 | * Orignal written by: |
36 | * Wayne Schroeder | 43 | * Wayne Schroeder |
37 | * San Diego Supercomputer Center | 44 | * San Diego Supercomputer Center |
38 | * schroeder@sdsc.edu | 45 | * schroeder@sdsc.edu |
39 | */ | 46 | */ |
40 | int | 47 | void |
41 | cray_setup(uid_t uid, char *username) | 48 | cray_setup(uid_t uid, char *username) |
42 | { | 49 | { |
43 | struct udb *p; | 50 | struct udb *p; |
44 | extern struct udb *getudb(); | ||
45 | extern char *setlimits(); | 51 | extern char *setlimits(); |
46 | int i, j; | 52 | int i, j; |
47 | int accts[MAXVIDS]; | 53 | int accts[MAXVIDS]; |
@@ -52,58 +58,83 @@ cray_setup(uid_t uid, char *username) | |||
52 | struct jtab jbuf; | 58 | struct jtab jbuf; |
53 | int jid; | 59 | int jid; |
54 | 60 | ||
55 | if ((jid = getjtab (&jbuf)) < 0) { | 61 | if ((jid = getjtab (&jbuf)) < 0) fatal("getjtab: no jid"); |
56 | debug("getjtab"); | ||
57 | return -1; | ||
58 | } | ||
59 | 62 | ||
60 | /* Find all of the accounts for a particular user */ | 63 | err = setudb(); /* open and rewind the Cray User DataBase */ |
61 | err = setudb(); /* open and rewind the Cray User DataBase */ | 64 | if(err != 0) fatal("UDB open failure"); |
62 | if(err != 0) { | ||
63 | debug("UDB open failure"); | ||
64 | return -1; | ||
65 | } | ||
66 | naccts = 0; | 65 | naccts = 0; |
67 | while ((p = getudb()) != UDB_NULL) { | 66 | p = getudbnam(username); |
68 | if (p->ue_uid == -1) break; | 67 | if (p == NULL) fatal("No UDB entry for %s", username); |
69 | if(uid == p->ue_uid) { | 68 | if(uid != p->ue_uid) |
70 | for(j = 0; p->ue_acids[j] != -1 && j < MAXVIDS; j++) { | 69 | fatal("UDB etnry %s uid(%d) does not match uid %d\n", |
71 | accts[naccts] = p->ue_acids[j]; | 70 | username, p->ue_uid, uid); |
72 | naccts++; | 71 | for(j = 0; p->ue_acids[j] != -1 && j < MAXVIDS; j++) { |
73 | } | 72 | accts[naccts] = p->ue_acids[j]; |
74 | } | 73 | naccts++; |
75 | } | ||
76 | endudb(); /* close the udb */ | ||
77 | if (naccts == 0 || accts[0] == 0) { | ||
78 | debug("No Cray accounts found"); | ||
79 | return -1; | ||
80 | } | ||
81 | |||
82 | /* Perhaps someday we'll prompt users who have multiple accounts | ||
83 | to let them pick one (like CRI's login does), but for now just set | ||
84 | the account to the first entry. */ | ||
85 | if (acctid(0, accts[0]) < 0) { | ||
86 | debug("System call acctid failed, accts[0]=%d",accts[0]); | ||
87 | return -1; | ||
88 | } | 74 | } |
75 | endudb(); /* close the udb */ | ||
76 | |||
77 | if (naccts != 0) { | ||
78 | /* Perhaps someday we'll prompt users who have multiple accounts | ||
79 | to let them pick one (like CRI's login does), but for now just set | ||
80 | the account to the first entry. */ | ||
81 | if (acctid(0, accts[0]) < 0) | ||
82 | fatal("System call acctid failed, accts[0]=%d",accts[0]); | ||
83 | } | ||
89 | 84 | ||
90 | /* Now set limits, including CPU time for the (interactive) job and process, | 85 | /* Now set limits, including CPU time for the (interactive) job and process, |
91 | and set up permissions (for chown etc), etc. This is via an internal CRI | 86 | and set up permissions (for chown etc), etc. This is via an internal CRI |
92 | routine, setlimits, used by CRI's login. */ | 87 | routine, setlimits, used by CRI's login. */ |
93 | 88 | ||
94 | pid = getpid(); | 89 | pid = getpid(); |
95 | sr = setlimits(username, C_PROC, pid, UDBRC_INTER); | 90 | sr = setlimits(username, C_PROC, pid, UDBRC_INTER); |
96 | if (sr != NULL) { | 91 | if (sr != NULL) fatal("%.200s", sr); |
97 | debug("%.200s", sr); | 92 | |
98 | return -1; | ||
99 | } | ||
100 | sr = setlimits(username, C_JOB, jid, UDBRC_INTER); | 93 | sr = setlimits(username, C_JOB, jid, UDBRC_INTER); |
101 | if (sr != NULL) { | 94 | if (sr != NULL) fatal("%.200s", sr); |
102 | debug("%.200s", sr); | ||
103 | return -1; | ||
104 | } | ||
105 | 95 | ||
106 | return 0; | 96 | } |
97 | |||
98 | |||
99 | /* | ||
100 | * The rc.* and /etc/sdaemon methods of starting a program on unicos/unicosmk | ||
101 | * can have pal privileges that sshd can inherit which | ||
102 | * could allow a user to su to root with out a password. | ||
103 | * This subroutine clears all privileges. | ||
104 | */ | ||
105 | void | ||
106 | drop_cray_privs() | ||
107 | { | ||
108 | #if defined(_SC_CRAY_PRIV_SU) | ||
109 | priv_proc_t* privstate; | ||
110 | int result; | ||
111 | extern int priv_set_proc(); | ||
112 | extern priv_proc_t* priv_init_proc(); | ||
113 | struct usrv usrv; | ||
114 | |||
115 | /* | ||
116 | * If ether of theses two flags are not set | ||
117 | * then don't allow this version of ssh to run. | ||
118 | */ | ||
119 | if (!sysconf(_SC_CRAY_PRIV_SU)) fatal("Not PRIV_SU system."); | ||
120 | if (!sysconf(_SC_CRAY_POSIX_PRIV)) fatal("Not POSIX_PRIV."); | ||
121 | |||
122 | debug ("Dropping privileges."); | ||
123 | |||
124 | memset(&usrv, 0, sizeof(usrv)); | ||
125 | if (setusrv(&usrv) < 0) | ||
126 | fatal ("%s(%d): setusrv(): %s\n", __FILE__, __LINE__, strerror(errno)); | ||
127 | |||
128 | if ((privstate = priv_init_proc()) != NULL) { | ||
129 | result = priv_set_proc(privstate); | ||
130 | if ( result != 0 ) fatal ("%s(%d): priv_set_proc(): %s\n", | ||
131 | __FILE__, __LINE__, strerror(errno)); | ||
132 | priv_free_proc(privstate); | ||
133 | } | ||
134 | debug ("Privileges should be cleared..."); | ||
135 | #else | ||
136 | Cray systems must be run with _SC_CRAY_PRIV_SU on! | ||
137 | #endif | ||
107 | } | 138 | } |
108 | 139 | ||
109 | 140 | ||
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index ca7871c0d..ab07315b6 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: openbsd-compat.h,v 1.11 2001/07/14 03:22:54 djm Exp $ */ | 1 | /* $Id: openbsd-compat.h,v 1.12 2001/08/06 23:29:18 mouring Exp $ */ |
2 | 2 | ||
3 | #ifndef _OPENBSD_H | 3 | #ifndef _OPENBSD_H |
4 | #define _OPENBSD_H | 4 | #define _OPENBSD_H |
@@ -38,4 +38,7 @@ | |||
38 | #include "fake-getnameinfo.h" | 38 | #include "fake-getnameinfo.h" |
39 | #include "fake-socket.h" | 39 | #include "fake-socket.h" |
40 | 40 | ||
41 | /* Routines for a single OS platform */ | ||
42 | #include "bsd-cray.h" | ||
43 | |||
41 | #endif /* _OPENBSD_H */ | 44 | #endif /* _OPENBSD_H */ |
@@ -679,6 +679,13 @@ main(int ac, char **av) | |||
679 | options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility, | 679 | options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility, |
680 | !inetd_flag); | 680 | !inetd_flag); |
681 | 681 | ||
682 | #ifdef _CRAY | ||
683 | /* Cray can define user privs drop all prives now! | ||
684 | * Not needed on PRIV_SU systems! | ||
685 | */ | ||
686 | drop_cray_privs(); | ||
687 | #endif | ||
688 | |||
682 | seed_rng(); | 689 | seed_rng(); |
683 | 690 | ||
684 | /* Read server configuration options from the configuration file. */ | 691 | /* Read server configuration options from the configuration file. */ |
@@ -162,6 +162,34 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) | |||
162 | } | 162 | } |
163 | return 1; | 163 | return 1; |
164 | #else /* HAVE_DEV_PTS_AND_PTC */ | 164 | #else /* HAVE_DEV_PTS_AND_PTC */ |
165 | #ifdef _CRAY | ||
166 | char buf[64]; | ||
167 | int i; | ||
168 | int highpty; | ||
169 | |||
170 | #ifdef _SC_CRAY_NPTY | ||
171 | highpty = sysconf(_SC_CRAY_NPTY); | ||
172 | if (highpty == -1) | ||
173 | highpty = 128; | ||
174 | #else | ||
175 | highpty = 128; | ||
176 | #endif | ||
177 | |||
178 | for (i = 0; i < highpty; i++) { | ||
179 | snprintf(buf, sizeof(buf), "/dev/pty/%03d", i); | ||
180 | *ptyfd = open(buf, O_RDWR|O_NOCTTY); | ||
181 | if (*ptyfd < 0) continue; | ||
182 | snprintf(namebuf, namebuflen, "/dev/ttyp%03d", i); | ||
183 | /* Open the slave side. */ | ||
184 | *ttyfd = open(namebuf, O_RDWR|O_NOCTTY); | ||
185 | if (*ttyfd < 0) { | ||
186 | error("%.100s: %.100s", namebuf, strerror(errno)); | ||
187 | close(*ptyfd); | ||
188 | } | ||
189 | return 1; | ||
190 | } | ||
191 | return 0; | ||
192 | #else | ||
165 | /* BSD-style pty code. */ | 193 | /* BSD-style pty code. */ |
166 | char buf[64]; | 194 | char buf[64]; |
167 | int i; | 195 | int i; |
@@ -196,6 +224,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) | |||
196 | return 1; | 224 | return 1; |
197 | } | 225 | } |
198 | return 0; | 226 | return 0; |
227 | #endif /* CRAY */ | ||
199 | #endif /* HAVE_DEV_PTS_AND_PTC */ | 228 | #endif /* HAVE_DEV_PTS_AND_PTC */ |
200 | #endif /* HAVE_DEV_PTMX */ | 229 | #endif /* HAVE_DEV_PTMX */ |
201 | #endif /* HAVE__GETPTY */ | 230 | #endif /* HAVE__GETPTY */ |
@@ -218,6 +247,35 @@ pty_release(const char *ttyname) | |||
218 | void | 247 | void |
219 | pty_make_controlling_tty(int *ttyfd, const char *ttyname) | 248 | pty_make_controlling_tty(int *ttyfd, const char *ttyname) |
220 | { | 249 | { |
250 | #ifdef _CRAY | ||
251 | int fd; | ||
252 | |||
253 | if (setsid() < 0) | ||
254 | error("setsid: %.100s", strerror(errno)); | ||
255 | |||
256 | fd = open(ttyname, O_RDWR|O_NOCTTY); | ||
257 | if (fd >= 0) { | ||
258 | signal(SIGHUP, SIG_IGN); | ||
259 | ioctl(fd, TCVHUP, (char *)0); | ||
260 | signal(SIGHUP, SIG_DFL); | ||
261 | setpgid(0,0); | ||
262 | close(fd); | ||
263 | } else { | ||
264 | error("Failed to disconnect from controlling tty."); | ||
265 | } | ||
266 | |||
267 | |||
268 | debug("Setting controlling tty using TCSETCTTY.\n"); | ||
269 | ioctl(*ttyfd, TCSETCTTY, NULL); | ||
270 | |||
271 | fd = open("/dev/tty", O_RDWR); | ||
272 | |||
273 | if (fd < 0) | ||
274 | error("%.100s: %.100s", ttyname, strerror(errno)); | ||
275 | |||
276 | close(*ttyfd); | ||
277 | *ttyfd = fd; | ||
278 | #else | ||
221 | int fd; | 279 | int fd; |
222 | #ifdef USE_VHANGUP | 280 | #ifdef USE_VHANGUP |
223 | void *old; | 281 | void *old; |
@@ -277,6 +335,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) | |||
277 | else { | 335 | else { |
278 | close(fd); | 336 | close(fd); |
279 | } | 337 | } |
338 | #endif | ||
280 | } | 339 | } |
281 | 340 | ||
282 | /* Changes the window size associated with the pty. */ | 341 | /* Changes the window size associated with the pty. */ |