summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@dtucker.net>2018-02-13 09:10:46 +1100
committerDarren Tucker <dtucker@dtucker.net>2018-02-15 20:04:02 +1100
commitddc0f3814881ea279a6b6d4d98e03afc60ae1ed7 (patch)
treed09efd846cd29f2dfeb0acd04756294e4f6761c9
parent174bed686968494723e6db881208cc4dac0d020f (diff)
Remove UNICOS support.
The code required to support it is quite invasive to the mainline code that is synced with upstream and is an ongoing maintenance burden. Both the hardware and software are literal museum pieces these days and we could not find anyone still running OpenSSH on one.
Diffstat
-rw-r--r--auth2.c8
-rw-r--r--configure.ac34
-rw-r--r--defines.h24
-rw-r--r--loginrec.c6
-rw-r--r--openbsd-compat/Makefile.in2
-rw-r--r--openbsd-compat/bsd-cray.c816
-rw-r--r--openbsd-compat/bsd-cray.h59
-rw-r--r--openbsd-compat/bsd-openpty.c11
-rw-r--r--openbsd-compat/openbsd-compat.h1
-rw-r--r--session.c23
-rw-r--r--sshd.c7
-rw-r--r--sshpty.c25
12 files changed, 1 insertions, 1015 deletions
diff --git a/auth2.c b/auth2.c
index 67b6b05e8..c80911aeb 100644
--- a/auth2.c
+++ b/auth2.c
@@ -349,13 +349,6 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
349 } 349 }
350#endif 350#endif
351 351
352#ifdef _UNICOS
353 if (authenticated && cray_access_denied(authctxt->user)) {
354 authenticated = 0;
355 fatal("Access denied for user %s.", authctxt->user);
356 }
357#endif /* _UNICOS */
358
359 if (authenticated == 1) { 352 if (authenticated == 1) {
360 /* turn off userauth */ 353 /* turn off userauth */
361 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); 354 ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
@@ -366,7 +359,6 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
366 authctxt->success = 1; 359 authctxt->success = 1;
367 ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user); 360 ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
368 } else { 361 } else {
369
370 /* Allow initial try of "none" auth without failure penalty */ 362 /* Allow initial try of "none" auth without failure penalty */
371 if (!partial && !authctxt->server_caused_failure && 363 if (!partial && !authctxt->server_caused_failure &&
372 (authctxt->attempt > 1 || strcmp(method, "none") != 0)) 364 (authctxt->attempt > 1 || strcmp(method, "none") != 0))
diff --git a/configure.ac b/configure.ac
index 753395f10..38600e321 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1073,40 +1073,6 @@ mips-sony-bsd|mips-sony-newsos4)
1073 TEST_SHELL=$SHELL # let configure find us a capable shell 1073 TEST_SHELL=$SHELL # let configure find us a capable shell
1074 SKIP_DISABLE_LASTLOG_DEFINE=yes 1074 SKIP_DISABLE_LASTLOG_DEFINE=yes
1075 ;; 1075 ;;
1076*-*-unicosmk*)
1077 AC_DEFINE([NO_SSH_LASTLOG], [1],
1078 [Define if you don't want to use lastlog in session.c])
1079 AC_DEFINE([SETEUID_BREAKS_SETUID])
1080 AC_DEFINE([BROKEN_SETREUID])
1081 AC_DEFINE([BROKEN_SETREGID])
1082 AC_DEFINE([USE_PIPES])
1083 AC_DEFINE([DISABLE_FD_PASSING])
1084 LDFLAGS="$LDFLAGS"
1085 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1086 MANTYPE=cat
1087 ;;
1088*-*-unicosmp*)
1089 AC_DEFINE([SETEUID_BREAKS_SETUID])
1090 AC_DEFINE([BROKEN_SETREUID])
1091 AC_DEFINE([BROKEN_SETREGID])
1092 AC_DEFINE([WITH_ABBREV_NO_TTY])
1093 AC_DEFINE([USE_PIPES])
1094 AC_DEFINE([DISABLE_FD_PASSING])
1095 LDFLAGS="$LDFLAGS"
1096 LIBS="$LIBS -lgen -lacid -ldb"
1097 MANTYPE=cat
1098 ;;
1099*-*-unicos*)
1100 AC_DEFINE([SETEUID_BREAKS_SETUID])
1101 AC_DEFINE([BROKEN_SETREUID])
1102 AC_DEFINE([BROKEN_SETREGID])
1103 AC_DEFINE([USE_PIPES])
1104 AC_DEFINE([DISABLE_FD_PASSING])
1105 AC_DEFINE([NO_SSH_LASTLOG])
1106 LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
1107 LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
1108 MANTYPE=cat
1109 ;;
1110*-dec-osf*) 1076*-dec-osf*)
1111 AC_MSG_CHECKING([for Digital Unix SIA]) 1077 AC_MSG_CHECKING([for Digital Unix SIA])
1112 no_osfsia="" 1078 no_osfsia=""
diff --git a/defines.h b/defines.h
index f1662edcf..3fa5ec5a9 100644
--- a/defines.h
+++ b/defines.h
@@ -214,24 +214,12 @@ typedef signed char int8_t;
214# if (SIZEOF_SHORT_INT == 2) 214# if (SIZEOF_SHORT_INT == 2)
215typedef short int int16_t; 215typedef short int int16_t;
216# else 216# else
217# ifdef _UNICOS
218# if (SIZEOF_SHORT_INT == 4)
219typedef short int16_t;
220# else
221typedef long int16_t;
222# endif
223# else
224# error "16 bit int type not found." 217# error "16 bit int type not found."
225# endif /* _UNICOS */
226# endif 218# endif
227# if (SIZEOF_INT == 4) 219# if (SIZEOF_INT == 4)
228typedef int int32_t; 220typedef int int32_t;
229# else 221# else
230# ifdef _UNICOS
231typedef long int32_t;
232# else
233# error "32 bit int type not found." 222# error "32 bit int type not found."
234# endif /* _UNICOS */
235# endif 223# endif
236#endif 224#endif
237 225
@@ -247,24 +235,12 @@ typedef unsigned char u_int8_t;
247# if (SIZEOF_SHORT_INT == 2) 235# if (SIZEOF_SHORT_INT == 2)
248typedef unsigned short int u_int16_t; 236typedef unsigned short int u_int16_t;
249# else 237# else
250# ifdef _UNICOS
251# if (SIZEOF_SHORT_INT == 4)
252typedef unsigned short u_int16_t;
253# else
254typedef unsigned long u_int16_t;
255# endif
256# else
257# error "16 bit int type not found." 238# error "16 bit int type not found."
258# endif
259# endif 239# endif
260# if (SIZEOF_INT == 4) 240# if (SIZEOF_INT == 4)
261typedef unsigned int u_int32_t; 241typedef unsigned int u_int32_t;
262# else 242# else
263# ifdef _UNICOS
264typedef unsigned long u_int32_t;
265# else
266# error "32 bit int type not found." 243# error "32 bit int type not found."
267# endif
268# endif 244# endif
269# endif 245# endif
270#define __BIT_TYPES_DEFINED__ 246#define __BIT_TYPES_DEFINED__
diff --git a/loginrec.c b/loginrec.c
index 788553e92..bdbc9bbf4 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -663,15 +663,9 @@ construct_utmp(struct logininfo *li,
663 switch (li->type) { 663 switch (li->type) {
664 case LTYPE_LOGIN: 664 case LTYPE_LOGIN:
665 ut->ut_type = USER_PROCESS; 665 ut->ut_type = USER_PROCESS;
666#ifdef _UNICOS
667 cray_set_tmpdir(ut);
668#endif
669 break; 666 break;
670 case LTYPE_LOGOUT: 667 case LTYPE_LOGOUT:
671 ut->ut_type = DEAD_PROCESS; 668 ut->ut_type = DEAD_PROCESS;
672#ifdef _UNICOS
673 cray_retain_utmp(ut, li->pid);
674#endif
675 break; 669 break;
676 } 670 }
677# endif 671# endif
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 213ded4d4..62dbf8566 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@
18 18
19OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o recallocarray.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strcasestr.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o freezero.o 19OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o recallocarray.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strcasestr.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o blowfish.o bcrypt_pbkdf.o explicit_bzero.o freezero.o
20 20
21COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-getpagesize.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-malloc.o bsd-setres_id.o bsd-signal.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o 21COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-getpagesize.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-malloc.o bsd-setres_id.o bsd-signal.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o
22 22
23PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-net.o port-uw.o 23PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-net.o port-uw.o
24 24
diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c
deleted file mode 100644
index c02e63261..000000000
--- a/openbsd-compat/bsd-cray.c
+++ /dev/null
@@ -1,816 +0,0 @@
1/*
2 *
3 * bsd-cray.c
4 *
5 * Copyright (c) 2002, Cray Inc. (Wendy Palm <wendyp@cray.com>)
6 * Significant portions provided by
7 * Wayne Schroeder, SDSC <schroeder@sdsc.edu>
8 * William Jones, UTexas <jones@tacc.utexas.edu>
9 *
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
12 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
20 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
21 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
22 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
23 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
24 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
28 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 *
30 * Created: Apr 22 16.34:00 2002 wp
31 *
32 * This file contains functions required for proper execution
33 * on UNICOS systems.
34 *
35 */
36#ifdef _UNICOS
37
38#include <udb.h>
39#include <tmpdir.h>
40#include <unistd.h>
41#include <sys/category.h>
42#include <utmp.h>
43#include <sys/jtab.h>
44#include <signal.h>
45#include <sys/priv.h>
46#include <sys/secparm.h>
47#include <sys/tfm.h>
48#include <sys/usrv.h>
49#include <sys/sysv.h>
50#include <sys/sectab.h>
51#include <sys/secstat.h>
52#include <sys/stat.h>
53#include <sys/session.h>
54#include <stdarg.h>
55#include <stdlib.h>
56#include <string.h>
57#include <unistd.h>
58#include <pwd.h>
59#include <fcntl.h>
60#include <errno.h>
61#include <ia.h>
62#include <urm.h>
63#include "ssh.h"
64
65#include "includes.h"
66#include "sys/types.h"
67
68#ifndef HAVE_STRUCT_SOCKADDR_STORAGE
69# define _SS_MAXSIZE 128 /* Implementation specific max size */
70# define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr))
71
72# define ss_family ss_sa.sa_family
73#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */
74
75#ifndef IN6_IS_ADDR_LOOPBACK
76# define IN6_IS_ADDR_LOOPBACK(a) \
77 (((u_int32_t *) (a))[0] == 0 && ((u_int32_t *) (a))[1] == 0 && \
78 ((u_int32_t *) (a))[2] == 0 && ((u_int32_t *) (a))[3] == htonl (1))
79#endif /* !IN6_IS_ADDR_LOOPBACK */
80
81#ifndef AF_INET6
82/* Define it to something that should never appear */
83#define AF_INET6 AF_MAX
84#endif
85
86#include "log.h"
87#include "servconf.h"
88#include "bsd-cray.h"
89
90#define MAXACID 80
91
92extern ServerOptions options;
93
94char cray_tmpdir[TPATHSIZ + 1]; /* job TMPDIR path */
95
96struct sysv sysv; /* system security structure */
97struct usrv usrv; /* user security structure */
98
99/*
100 * Functions.
101 */
102void cray_retain_utmp(struct utmp *, int);
103void cray_delete_tmpdir(char *, int, uid_t);
104void cray_init_job(struct passwd *);
105void cray_set_tmpdir(struct utmp *);
106void cray_login_failure(char *, int);
107int cray_setup(uid_t, char *, const char *);
108int cray_access_denied(char *);
109
110void
111cray_login_failure(char *username, int errcode)
112{
113 struct udb *ueptr; /* UDB pointer for username */
114 ia_failure_t fsent; /* ia_failure structure */
115 ia_failure_ret_t fret; /* ia_failure return stuff */
116 struct jtab jtab; /* job table structure */
117 int jid = 0; /* job id */
118
119 if ((jid = getjtab(&jtab)) < 0)
120 debug("cray_login_failure(): getjtab error");
121
122 getsysudb();
123 if ((ueptr = getudbnam(username)) == UDB_NULL)
124 debug("cray_login_failure(): getudbname() returned NULL");
125 endudb();
126
127 memset(&fsent, '\0', sizeof(fsent));
128 fsent.revision = 0;
129 fsent.uname = username;
130 fsent.host = (char *)get_canonical_hostname(options.use_dns);
131 fsent.ttyn = "sshd";
132 fsent.caller = IA_SSHD;
133 fsent.flags = IA_INTERACTIVE;
134 fsent.ueptr = ueptr;
135 fsent.jid = jid;
136 fsent.errcode = errcode;
137 fsent.pwdp = NULL;
138 fsent.exitcode = 0; /* dont exit in ia_failure() */
139
140 fret.revision = 0;
141 fret.normal = 0;
142
143 /*
144 * Call ia_failure because of an login failure.
145 */
146 ia_failure(&fsent, &fret);
147}
148
149/*
150 * Cray access denied
151 */
152int
153cray_access_denied(char *username)
154{
155 struct udb *ueptr; /* UDB pointer for username */
156 int errcode; /* IA errorcode */
157
158 errcode = 0;
159 getsysudb();
160 if ((ueptr = getudbnam(username)) == UDB_NULL)
161 debug("cray_login_failure(): getudbname() returned NULL");
162 endudb();
163
164 if (ueptr != NULL && ueptr->ue_disabled)
165 errcode = IA_DISABLED;
166 if (errcode)
167 cray_login_failure(username, errcode);
168
169 return (errcode);
170}
171
172/*
173 * record_failed_login: generic "login failed" interface function
174 */
175void
176record_failed_login(const char *user, const char *hostname, const char *ttyname)
177{
178 cray_login_failure((char *)user, IA_UDBERR);
179}
180
181int
182cray_setup (uid_t uid, char *username, const char *command)
183{
184 extern struct udb *getudb();
185 extern char *setlimits();
186
187 int err; /* error return */
188 time_t system_time; /* current system clock */
189 time_t expiration_time; /* password expiration time */
190 int maxattempts; /* maximum no. of failed login attempts */
191 int SecureSys; /* unicos security flag */
192 int minslevel = 0; /* system minimum security level */
193 int i, j;
194 int valid_acct = -1; /* flag for reading valid acct */
195 char acct_name[MAXACID] = { "" }; /* used to read acct name */
196 struct jtab jtab; /* Job table struct */
197 struct udb ue; /* udb entry for logging-in user */
198 struct udb *up; /* pointer to UDB entry */
199 struct secstat secinfo; /* file security attributes */
200 struct servprov init_info; /* used for sesscntl() call */
201 int jid; /* job ID */
202 int pid; /* process ID */
203 char *sr; /* status return from setlimits() */
204 char *ttyn = NULL; /* ttyname or command name*/
205 char hostname[MAXHOSTNAMELEN];
206 /* passwd stuff for ia_user */
207 passwd_t pwdacm, pwddialup, pwdudb, pwdwal, pwddce;
208 ia_user_ret_t uret; /* stuff returned from ia_user */
209 ia_user_t usent; /* ia_user main structure */
210 int ia_rcode; /* ia_user return code */
211 ia_failure_t fsent; /* ia_failure structure */
212 ia_failure_ret_t fret; /* ia_failure return stuff */
213 ia_success_t ssent; /* ia_success structure */
214 ia_success_ret_t sret; /* ia_success return stuff */
215 int ia_mlsrcode; /* ia_mlsuser return code */
216 int secstatrc; /* [f]secstat return code */
217
218 if (SecureSys = (int)sysconf(_SC_CRAY_SECURE_SYS)) {
219 getsysv(&sysv, sizeof(struct sysv));
220 minslevel = sysv.sy_minlvl;
221 if (getusrv(&usrv) < 0)
222 fatal("getusrv() failed, errno = %d", errno);
223 }
224 hostname[0] = '\0';
225 strlcpy(hostname,
226 (char *)get_canonical_hostname(options.use_dns),
227 MAXHOSTNAMELEN);
228 /*
229 * Fetch user's UDB entry.
230 */
231 getsysudb();
232 if ((up = getudbnam(username)) == UDB_NULL)
233 fatal("cannot fetch user's UDB entry");
234
235 /*
236 * Prevent any possible fudging so perform a data
237 * safety check and compare the supplied uid against
238 * the udb's uid.
239 */
240 if (up->ue_uid != uid)
241 fatal("IA uid missmatch");
242 endudb();
243
244 if ((jid = getjtab(&jtab)) < 0) {
245 debug("getjtab");
246 return(-1);
247 }
248 pid = getpid();
249 ttyn = ttyname(0);
250 if (SecureSys) {
251 if (ttyn != NULL)
252 secstatrc = secstat(ttyn, &secinfo);
253 else
254 secstatrc = fsecstat(1, &secinfo);
255
256 if (secstatrc == 0)
257 debug("[f]secstat() successful");
258 else
259 fatal("[f]secstat() error, rc = %d", secstatrc);
260 }
261 if ((ttyn == NULL) && ((char *)command != NULL))
262 ttyn = (char *)command;
263 /*
264 * Initialize all structures to call ia_user
265 */
266 usent.revision = 0;
267 usent.uname = username;
268 usent.host = hostname;
269 usent.ttyn = ttyn;
270 usent.caller = IA_SSHD;
271 usent.pswdlist = &pwdacm;
272 usent.ueptr = &ue;
273 usent.flags = IA_INTERACTIVE | IA_FFLAG;
274 pwdacm.atype = IA_SECURID;
275 pwdacm.pwdp = NULL;
276 pwdacm.next = &pwdudb;
277
278 pwdudb.atype = IA_UDB;
279 pwdudb.pwdp = NULL;
280 pwdudb.next = &pwddce;
281
282 pwddce.atype = IA_DCE;
283 pwddce.pwdp = NULL;
284 pwddce.next = &pwddialup;
285
286 pwddialup.atype = IA_DIALUP;
287 pwddialup.pwdp = NULL;
288 /* pwddialup.next = &pwdwal; */
289 pwddialup.next = NULL;
290
291 pwdwal.atype = IA_WAL;
292 pwdwal.pwdp = NULL;
293 pwdwal.next = NULL;
294
295 uret.revision = 0;
296 uret.pswd = NULL;
297 uret.normal = 0;
298
299 ia_rcode = ia_user(&usent, &uret);
300 switch (ia_rcode) {
301 /*
302 * These are acceptable return codes from ia_user()
303 */
304 case IA_UDBWEEK: /* Password Expires in 1 week */
305 expiration_time = ue.ue_pwage.time + ue.ue_pwage.maxage;
306 printf ("WARNING - your current password will expire %s\n",
307 ctime((const time_t *)&expiration_time));
308 break;
309 case IA_UDBEXPIRED:
310 if (ttyname(0) != NULL) {
311 /* Force a password change */
312 printf("Your password has expired; Choose a new one.\n");
313 execl("/bin/passwd", "passwd", username, 0);
314 exit(9);
315 }
316 break;
317 case IA_NORMAL: /* Normal Return Code */
318 break;
319 case IA_BACKDOOR:
320 /* XXX: can we memset it to zero here so save some of this */
321 strlcpy(ue.ue_name, "root", sizeof(ue.ue_name));
322 strlcpy(ue.ue_dir, "/", sizeof(ue.ue_dir));
323 strlcpy(ue.ue_shell, "/bin/sh", sizeof(ue.ue_shell));
324
325 ue.ue_passwd[0] = '\0';
326 ue.ue_age[0] = '\0';
327 ue.ue_comment[0] = '\0';
328 ue.ue_loghost[0] = '\0';
329 ue.ue_logline[0] = '\0';
330
331 ue.ue_uid = -1;
332 ue.ue_nice[UDBRC_INTER] = 0;
333
334 for (i = 0; i < MAXVIDS; i++)
335 ue.ue_gids[i] = 0;
336
337 ue.ue_logfails = 0;
338 ue.ue_minlvl = ue.ue_maxlvl = ue.ue_deflvl = minslevel;
339 ue.ue_defcomps = 0;
340 ue.ue_comparts = 0;
341 ue.ue_permits = 0;
342 ue.ue_trap = 0;
343 ue.ue_disabled = 0;
344 ue.ue_logtime = 0;
345 break;
346 case IA_CONSOLE: /* Superuser not from Console */
347 case IA_TRUSTED: /* Trusted user */
348 if (options.permit_root_login > PERMIT_NO)
349 break; /* Accept root login */
350 default:
351 /*
352 * These are failed return codes from ia_user()
353 */
354 switch (ia_rcode)
355 {
356 case IA_BADAUTH:
357 printf("Bad authorization, access denied.\n");
358 break;
359 case IA_DISABLED:
360 printf("Your login has been disabled. Contact the system ");
361 printf("administrator for assistance.\n");
362 break;
363 case IA_GETSYSV:
364 printf("getsysv() failed - errno = %d\n", errno);
365 break;
366 case IA_MAXLOGS:
367 printf("Maximum number of failed login attempts exceeded.\n");
368 printf("Access denied.\n");
369 break;
370 case IA_UDBPWDNULL:
371 if (SecureSys)
372 printf("NULL Password not allowed on MLS systems.\n");
373 break;
374 default:
375 break;
376 }
377
378 /*
379 * Authentication failed.
380 */
381 printf("sshd: Login incorrect, (0%o)\n",
382 ia_rcode-IA_ERRORCODE);
383
384 /*
385 * Initialize structure for ia_failure
386 * which will exit.
387 */
388 fsent.revision = 0;
389 fsent.uname = username;
390 fsent.host = hostname;
391 fsent.ttyn = ttyn;
392 fsent.caller = IA_SSHD;
393 fsent.flags = IA_INTERACTIVE;
394 fsent.ueptr = &ue;
395 fsent.jid = jid;
396 fsent.errcode = ia_rcode;
397 fsent.pwdp = uret.pswd;
398 fsent.exitcode = 1;
399
400 fret.revision = 0;
401 fret.normal = 0;
402
403 /*
404 * Call ia_failure because of an IA failure.
405 * There is no return because ia_failure exits.
406 */
407 ia_failure(&fsent, &fret);
408
409 exit(1);
410 }
411
412 ia_mlsrcode = IA_NORMAL;
413 if (SecureSys) {
414 debug("calling ia_mlsuser()");
415 ia_mlsrcode = ia_mlsuser(&ue, &secinfo, &usrv, NULL, 0);
416 }
417 if (ia_mlsrcode != IA_NORMAL) {
418 printf("sshd: Login incorrect, (0%o)\n",
419 ia_mlsrcode-IA_ERRORCODE);
420 /*
421 * Initialize structure for ia_failure
422 * which will exit.
423 */
424 fsent.revision = 0;
425 fsent.uname = username;
426 fsent.host = hostname;
427 fsent.ttyn = ttyn;
428 fsent.caller = IA_SSHD;
429 fsent.flags = IA_INTERACTIVE;
430 fsent.ueptr = &ue;
431 fsent.jid = jid;
432 fsent.errcode = ia_mlsrcode;
433 fsent.pwdp = uret.pswd;
434 fsent.exitcode = 1;
435 fret.revision = 0;
436 fret.normal = 0;
437
438 /*
439 * Call ia_failure because of an IA failure.
440 * There is no return because ia_failure exits.
441 */
442 ia_failure(&fsent,&fret);
443 exit(1);
444 }
445
446 /* Provide login status information */
447 if (options.print_lastlog && ue.ue_logtime != 0) {
448 printf("Last successful login was : %.*s ", 19,
449 (char *)ctime(&ue.ue_logtime));
450
451 if (*ue.ue_loghost != '\0') {
452 printf("from %.*s\n", sizeof(ue.ue_loghost),
453 ue.ue_loghost);
454 } else {
455 printf("on %.*s\n", sizeof(ue.ue_logline),
456 ue.ue_logline);
457 }
458
459 if (SecureSys && (ue.ue_logfails != 0)) {
460 printf(" followed by %d failed attempts\n",
461 ue.ue_logfails);
462 }
463 }
464
465 /*
466 * Call ia_success to process successful I/A.
467 */
468 ssent.revision = 0;
469 ssent.uname = username;
470 ssent.host = hostname;
471 ssent.ttyn = ttyn;
472 ssent.caller = IA_SSHD;
473 ssent.flags = IA_INTERACTIVE;
474 ssent.ueptr = &ue;
475 ssent.jid = jid;
476 ssent.errcode = ia_rcode;
477 ssent.us = NULL;
478 ssent.time = 1; /* Set ue_logtime */
479
480 sret.revision = 0;
481 sret.normal = 0;
482
483 ia_success(&ssent, &sret);
484
485 /*
486 * Query for account, iff > 1 valid acid & askacid permbit
487 */
488 if (((ue.ue_permbits & PERMBITS_ACCTID) ||
489 (ue.ue_acids[0] >= 0) && (ue.ue_acids[1] >= 0)) &&
490 ue.ue_permbits & PERMBITS_ASKACID) {
491 if (ttyname(0) != NULL) {
492 debug("cray_setup: ttyname true case, %.100s", ttyname);
493 while (valid_acct == -1) {
494 printf("Account (? for available accounts)"
495 " [%s]: ", acid2nam(ue.ue_acids[0]));
496 fgets(acct_name, MAXACID, stdin);
497 switch (acct_name[0]) {
498 case EOF:
499 exit(0);
500 break;
501 case '\0':
502 valid_acct = ue.ue_acids[0];
503 strlcpy(acct_name, acid2nam(valid_acct), MAXACID);
504 break;
505 case '?':
506 /* Print the list 3 wide */
507 for (i = 0, j = 0; i < MAXVIDS; i++) {
508 if (ue.ue_acids[i] == -1) {
509 printf("\n");
510 break;
511 }
512 if (++j == 4) {
513 j = 1;
514 printf("\n");
515 }
516 printf(" %s",
517 acid2nam(ue.ue_acids[i]));
518 }
519 if (ue.ue_permbits & PERMBITS_ACCTID) {
520 printf("\"acctid\" permbit also allows"
521 " you to select any valid "
522 "account name.\n");
523 }
524 printf("\n");
525 break;
526 default:
527 valid_acct = nam2acid(acct_name);
528 if (valid_acct == -1)
529 printf(
530 "Account id not found for"
531 " account name \"%s\"\n\n",
532 acct_name);
533 break;
534 }
535 /*
536 * If an account was given, search the user's
537 * acids array to verify they can use this account.
538 */
539 if ((valid_acct != -1) &&
540 !(ue.ue_permbits & PERMBITS_ACCTID)) {
541 for (i = 0; i < MAXVIDS; i++) {
542 if (ue.ue_acids[i] == -1)
543 break;
544 if (valid_acct == ue.ue_acids[i])
545 break;
546 }
547 if (i == MAXVIDS ||
548 ue.ue_acids[i] == -1) {
549 fprintf(stderr, "Cannot set"
550 " account name to "
551 "\"%s\", permission "
552 "denied\n\n", acct_name);
553 valid_acct = -1;
554 }
555 }
556 }
557 } else {
558 /*
559 * The client isn't connected to a terminal and can't
560 * respond to an acid prompt. Use default acid.
561 */
562 debug("cray_setup: ttyname false case, %.100s",
563 ttyname);
564 valid_acct = ue.ue_acids[0];
565 }
566 } else {
567 /*
568 * The user doesn't have the askacid permbit set or
569 * only has one valid account to use.
570 */
571 valid_acct = ue.ue_acids[0];
572 }
573 if (acctid(0, valid_acct) < 0) {
574 printf ("Bad account id: %d\n", valid_acct);
575 exit(1);
576 }
577
578 /*
579 * Now set shares, quotas, limits, including CPU time for the
580 * (interactive) job and process, and set up permissions
581 * (for chown etc), etc.
582 */
583 if (setshares(ue.ue_uid, valid_acct, printf, 0, 0)) {
584 printf("Unable to give %d shares to <%s>(%d/%d)\n",
585 ue.ue_shares, ue.ue_name, ue.ue_uid, valid_acct);
586 exit(1);
587 }
588
589 sr = setlimits(username, C_PROC, pid, UDBRC_INTER);
590 if (sr != NULL) {
591 debug("%.200s", sr);
592 exit(1);
593 }
594 sr = setlimits(username, C_JOB, jid, UDBRC_INTER);
595 if (sr != NULL) {
596 debug("%.200s", sr);
597 exit(1);
598 }
599 /*
600 * Place the service provider information into
601 * the session table (Unicos) or job table (Unicos/mk).
602 * There exist double defines for the job/session table in
603 * unicos/mk (jtab.h) so no need for a compile time switch.
604 */
605 memset(&init_info, '\0', sizeof(init_info));
606 init_info.s_sessinit.si_id = URM_SPT_LOGIN;
607 init_info.s_sessinit.si_pid = getpid();
608 init_info.s_sessinit.si_sid = jid;
609 sesscntl(0, S_SETSERVPO, (int)&init_info);
610
611 /*
612 * Set user and controlling tty security attributes.
613 */
614 if (SecureSys) {
615 if (setusrv(&usrv) == -1) {
616 debug("setusrv() failed, errno = %d",errno);
617 exit(1);
618 }
619 }
620
621 return (0);
622}
623
624/*
625 * The rc.* and /etc/sdaemon methods of starting a program on unicos/unicosmk
626 * can have pal privileges that sshd can inherit which
627 * could allow a user to su to root with out a password.
628 * This subroutine clears all privileges.
629 */
630void
631drop_cray_privs()
632{
633#if defined(_SC_CRAY_PRIV_SU)
634 priv_proc_t *privstate;
635 int result;
636 extern int priv_set_proc();
637 extern priv_proc_t *priv_init_proc();
638
639 /*
640 * If ether of theses two flags are not set
641 * then don't allow this version of ssh to run.
642 */
643 if (!sysconf(_SC_CRAY_PRIV_SU))
644 fatal("Not PRIV_SU system.");
645 if (!sysconf(_SC_CRAY_POSIX_PRIV))
646 fatal("Not POSIX_PRIV.");
647
648 debug("Setting MLS labels.");;
649
650 if (sysconf(_SC_CRAY_SECURE_MAC)) {
651 usrv.sv_minlvl = SYSLOW;
652 usrv.sv_actlvl = SYSHIGH;
653 usrv.sv_maxlvl = SYSHIGH;
654 } else {
655 usrv.sv_minlvl = sysv.sy_minlvl;
656 usrv.sv_actlvl = sysv.sy_minlvl;
657 usrv.sv_maxlvl = sysv.sy_maxlvl;
658 }
659 usrv.sv_actcmp = 0;
660 usrv.sv_valcmp = sysv.sy_valcmp;
661
662 usrv.sv_intcat = TFM_SYSTEM;
663 usrv.sv_valcat |= (TFM_SYSTEM | TFM_SYSFILE);
664
665 if (setusrv(&usrv) < 0) {
666 fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__,
667 strerror(errno));
668 }
669
670 if ((privstate = priv_init_proc()) != NULL) {
671 result = priv_set_proc(privstate);
672 if (result != 0 ) {
673 fatal("%s(%d): priv_set_proc(): %s",
674 __FILE__, __LINE__, strerror(errno));
675 }
676 priv_free_proc(privstate);
677 }
678 debug ("Privileges should be cleared...");
679#else
680 /* XXX: do this differently */
681# error Cray systems must be run with _SC_CRAY_PRIV_SU on!
682#endif
683}
684
685
686/*
687 * Retain utmp/wtmp information - used by cray accounting.
688 */
689void
690cray_retain_utmp(struct utmp *ut, int pid)
691{
692 int fd;
693 struct utmp utmp;
694
695 if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) {
696 /* XXX use atomicio */
697 while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) {
698 if (pid == utmp.ut_pid) {
699 ut->ut_jid = utmp.ut_jid;
700 strncpy(ut->ut_tpath, utmp.ut_tpath, sizeof(utmp.ut_tpath));
701 strncpy(ut->ut_host, utmp.ut_host, sizeof(utmp.ut_host));
702 strncpy(ut->ut_name, utmp.ut_name, sizeof(utmp.ut_name));
703 break;
704 }
705 }
706 close(fd);
707 } else
708 fatal("Unable to open utmp file");
709}
710
711/*
712 * tmpdir support.
713 */
714
715/*
716 * find and delete jobs tmpdir.
717 */
718void
719cray_delete_tmpdir(char *login, int jid, uid_t uid)
720{
721 static char jtmp[TPATHSIZ];
722 struct stat statbuf;
723 int child, c, wstat;
724
725 for (c = 'a'; c <= 'z'; c++) {
726 snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c);
727 if (stat(jtmp, &statbuf) == 0 && statbuf.st_uid == uid)
728 break;
729 }
730
731 if (c > 'z')
732 return;
733
734 if ((child = fork()) == 0) {
735 execl(CLEANTMPCMD, CLEANTMPCMD, login, jtmp, (char *)NULL);
736 fatal("cray_delete_tmpdir: execl of CLEANTMPCMD failed");
737 }
738
739 while (waitpid(child, &wstat, 0) == -1 && errno == EINTR)
740 ;
741}
742
743/*
744 * Remove tmpdir on job termination.
745 */
746void
747cray_job_termination_handler(int sig)
748{
749 int jid;
750 char *login = NULL;
751 struct jtab jtab;
752
753 if ((jid = waitjob(&jtab)) == -1 ||
754 (login = uid2nam(jtab.j_uid)) == NULL)
755 return;
756
757 cray_delete_tmpdir(login, jid, jtab.j_uid);
758}
759
760/*
761 * Set job id and create tmpdir directory.
762 */
763void
764cray_init_job(struct passwd *pw)
765{
766 int jid;
767 int c;
768
769 jid = setjob(pw->pw_uid, WJSIGNAL);
770 if (jid < 0)
771 fatal("System call setjob failure");
772
773 for (c = 'a'; c <= 'z'; c++) {
774 snprintf(cray_tmpdir, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c);
775 if (mkdir(cray_tmpdir, JTMPMODE) != 0)
776 continue;
777 if (chown(cray_tmpdir, pw->pw_uid, pw->pw_gid) != 0) {
778 rmdir(cray_tmpdir);
779 continue;
780 }
781 break;
782 }
783
784 if (c > 'z')
785 cray_tmpdir[0] = '\0';
786}
787
788void
789cray_set_tmpdir(struct utmp *ut)
790{
791 int jid;
792 struct jtab jbuf;
793
794 if ((jid = getjtab(&jbuf)) < 0)
795 return;
796
797 /*
798 * Set jid and tmpdir in utmp record.
799 */
800 ut->ut_jid = jid;
801 strncpy(ut->ut_tpath, cray_tmpdir, TPATHSIZ);
802}
803#endif /* UNICOS */
804
805#ifdef _UNICOSMP
806#include <pwd.h>
807/*
808 * Set job id and create tmpdir directory.
809 */
810void
811cray_init_job(struct passwd *pw)
812{
813 initrm_silent(pw->pw_uid);
814 return;
815}
816#endif /* _UNICOSMP */
diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h
deleted file mode 100644
index ca626a021..000000000
--- a/openbsd-compat/bsd-cray.h
+++ /dev/null
@@ -1,59 +0,0 @@
1/*
2 * Copyright (c) 2002, Cray Inc. (Wendy Palm <wendyp@cray.com>)
3 * Significant portions provided by
4 * Wayne Schroeder, SDSC <schroeder@sdsc.edu>
5 * William Jones, UTexas <jones@tacc.utexas.edu>
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
18 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
19 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
21 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
22 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
23 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
24 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
25 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 *
27 * Created: Apr 22 16.34:00 2002 wp
28 *
29 * This file contains functions required for proper execution
30 * on UNICOS systems.
31 *
32 */
33
34#ifndef _BSD_CRAY_H
35#define _BSD_CRAY_H
36
37#ifdef _UNICOS
38
39void cray_init_job(struct passwd *);
40void cray_job_termination_handler(int);
41void cray_login_failure(char *, int );
42int cray_access_denied(char *);
43extern char cray_tmpdir[];
44
45#define CUSTOM_FAILED_LOGIN 1
46
47#ifndef IA_SSHD
48# define IA_SSHD IA_LOGIN
49#endif
50#ifndef MAXHOSTNAMELEN
51# define MAXHOSTNAMELEN 64
52#endif
53#ifndef _CRAYT3E
54# define TIOCGPGRP (tIOC|20)
55#endif
56
57#endif /* UNICOS */
58
59#endif /* _BSD_CRAY_H */
diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c
index b28235860..48fb6059e 100644
--- a/openbsd-compat/bsd-openpty.c
+++ b/openbsd-compat/bsd-openpty.c
@@ -147,17 +147,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp,
147 } 147 }
148 return (0); 148 return (0);
149 149
150#elif defined(_UNICOS)
151 char ptbuf[64], ttbuf[64];
152 int i;
153 int highpty;
154
155 highpty = 128;
156#ifdef _SC_CRAY_NPTY
157 if ((highpty = sysconf(_SC_CRAY_NPTY)) == -1)
158 highpty = 128;
159#endif /* _SC_CRAY_NPTY */
160
161 for (i = 0; i < highpty; i++) { 150 for (i = 0; i < highpty; i++) {
162 snprintf(ptbuf, sizeof(ptbuf), "/dev/pty/%03d", i); 151 snprintf(ptbuf, sizeof(ptbuf), "/dev/pty/%03d", i);
163 snprintf(ttbuf, sizeof(ttbuf), "/dev/ttyp%03d", i); 152 snprintf(ttbuf, sizeof(ttbuf), "/dev/ttyp%03d", i);
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index c7f660609..8155a0dd7 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -316,7 +316,6 @@ char *shadow_pw(struct passwd *pw);
316#include "fake-rfc2553.h" 316#include "fake-rfc2553.h"
317 317
318/* Routines for a single OS platform */ 318/* Routines for a single OS platform */
319#include "bsd-cray.h"
320#include "bsd-cygwin_util.h" 319#include "bsd-cygwin_util.h"
321 320
322#include "port-aix.h" 321#include "port-aix.h"
diff --git a/session.c b/session.c
index e93012679..51c5ea0ec 100644
--- a/session.c
+++ b/session.c
@@ -450,11 +450,6 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
450 close(err[0]); 450 close(err[0]);
451#endif 451#endif
452 452
453
454#ifdef _UNICOS
455 cray_init_job(s->pw); /* set up cray jid and tmpdir */
456#endif
457
458 /* Do processing for the child (exec command etc). */ 453 /* Do processing for the child (exec command etc). */
459 do_child(ssh, s, command); 454 do_child(ssh, s, command);
460 /* NOTREACHED */ 455 /* NOTREACHED */
@@ -462,9 +457,6 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
462 break; 457 break;
463 } 458 }
464 459
465#ifdef _UNICOS
466 signal(WJSIGNAL, cray_job_termination_handler);
467#endif /* _UNICOS */
468#ifdef HAVE_CYGWIN 460#ifdef HAVE_CYGWIN
469 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); 461 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
470#endif 462#endif
@@ -576,9 +568,6 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command)
576 close(ttyfd); 568 close(ttyfd);
577 569
578 /* record login, etc. similar to login(1) */ 570 /* record login, etc. similar to login(1) */
579#ifdef _UNICOS
580 cray_init_job(s->pw); /* set up cray jid and tmpdir */
581#endif /* _UNICOS */
582#ifndef HAVE_OSF_SIA 571#ifndef HAVE_OSF_SIA
583 do_login(ssh, s, command); 572 do_login(ssh, s, command);
584#endif 573#endif
@@ -592,9 +581,6 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command)
592 break; 581 break;
593 } 582 }
594 583
595#ifdef _UNICOS
596 signal(WJSIGNAL, cray_job_termination_handler);
597#endif /* _UNICOS */
598#ifdef HAVE_CYGWIN 584#ifdef HAVE_CYGWIN
599 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); 585 cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
600#endif 586#endif
@@ -1080,11 +1066,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
1080 child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", 1066 child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
1081 original_command); 1067 original_command);
1082 1068
1083#ifdef _UNICOS
1084 if (cray_tmpdir[0] != '\0')
1085 child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir);
1086#endif /* _UNICOS */
1087
1088 /* 1069 /*
1089 * Since we clear KRB5CCNAME at startup, if it's set now then it 1070 * Since we clear KRB5CCNAME at startup, if it's set now then it
1090 * must have been set by a native authentication method (eg AIX or 1071 * must have been set by a native authentication method (eg AIX or
@@ -1485,10 +1466,6 @@ do_child(struct ssh *ssh, Session *s, const char *command)
1485 exit(1); 1466 exit(1);
1486 } 1467 }
1487 1468
1488#ifdef _UNICOS
1489 cray_setup(pw->pw_uid, pw->pw_name, command);
1490#endif /* _UNICOS */
1491
1492 /* 1469 /*
1493 * Login(1) does this as well, and it needs uid 0 for the "-h" 1470 * Login(1) does this as well, and it needs uid 0 for the "-h"
1494 * switch, so we let login(1) to this for us. 1471 * switch, so we let login(1) to this for us.
diff --git a/sshd.c b/sshd.c
index 17931068d..7466d5a44 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1602,13 +1602,6 @@ main(int ac, char **av)
1602 if (getenv("KRB5CCNAME") != NULL) 1602 if (getenv("KRB5CCNAME") != NULL)
1603 (void) unsetenv("KRB5CCNAME"); 1603 (void) unsetenv("KRB5CCNAME");
1604 1604
1605#ifdef _UNICOS
1606 /* Cray can define user privs drop all privs now!
1607 * Not needed on PRIV_SU systems!
1608 */
1609 drop_cray_privs();
1610#endif
1611
1612 sensitive_data.have_ssh2_key = 0; 1605 sensitive_data.have_ssh2_key = 0;
1613 1606
1614 /* 1607 /*
diff --git a/sshpty.c b/sshpty.c
index fe2fb5aa2..4da84d05f 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -100,30 +100,6 @@ pty_make_controlling_tty(int *ttyfd, const char *tty)
100{ 100{
101 int fd; 101 int fd;
102 102
103#ifdef _UNICOS
104 if (setsid() < 0)
105 error("setsid: %.100s", strerror(errno));
106
107 fd = open(tty, O_RDWR|O_NOCTTY);
108 if (fd != -1) {
109 signal(SIGHUP, SIG_IGN);
110 ioctl(fd, TCVHUP, (char *)NULL);
111 signal(SIGHUP, SIG_DFL);
112 setpgid(0, 0);
113 close(fd);
114 } else {
115 error("Failed to disconnect from controlling tty.");
116 }
117
118 debug("Setting controlling tty using TCSETCTTY.");
119 ioctl(*ttyfd, TCSETCTTY, NULL);
120 fd = open("/dev/tty", O_RDWR);
121 if (fd < 0)
122 error("%.100s: %.100s", tty, strerror(errno));
123 close(*ttyfd);
124 *ttyfd = fd;
125#else /* _UNICOS */
126
127 /* First disconnect from the old controlling tty. */ 103 /* First disconnect from the old controlling tty. */
128#ifdef TIOCNOTTY 104#ifdef TIOCNOTTY
129 fd = open(_PATH_TTY, O_RDWR | O_NOCTTY); 105 fd = open(_PATH_TTY, O_RDWR | O_NOCTTY);
@@ -167,7 +143,6 @@ pty_make_controlling_tty(int *ttyfd, const char *tty)
167 strerror(errno)); 143 strerror(errno));
168 else 144 else
169 close(fd); 145 close(fd);
170#endif /* _UNICOS */
171} 146}
172 147
173/* Changes the window size associated with the pty. */ 148/* Changes the window size associated with the pty. */
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-21 05:59:51 +0000