summaryrefslogtreecommitdiff
path: root/openbsd-compat/bsd-cray.c
diff options
context:
space:
mode:
Diffstat (limited to 'openbsd-compat/bsd-cray.c')
-rw-r--r--openbsd-compat/bsd-cray.c810
1 files changed, 413 insertions, 397 deletions
diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c
index f2ac428cc..edb3112b3 100644
--- a/openbsd-compat/bsd-cray.c
+++ b/openbsd-compat/bsd-cray.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * $Id: bsd-cray.c,v 1.12 2003/06/03 02:45:27 dtucker Exp $ 2 * $Id: bsd-cray.c,v 1.8 2002/09/26 00:38:51 tim Exp $
3 * 3 *
4 * bsd-cray.c 4 * bsd-cray.c
5 * 5 *
@@ -67,10 +67,10 @@
67 67
68extern ServerOptions options; 68extern ServerOptions options;
69 69
70char cray_tmpdir[TPATHSIZ + 1]; /* job TMPDIR path */ 70char cray_tmpdir[TPATHSIZ+1]; /* job TMPDIR path */
71 71
72struct sysv sysv; /* system security structure */ 72struct sysv sysv; /* system security structure */
73struct usrv usrv; /* user security structure */ 73struct usrv usrv; /* user security structure */
74 74
75/* 75/*
76 * Functions. 76 * Functions.
@@ -86,40 +86,39 @@ int cray_access_denied(char *);
86void 86void
87cray_login_failure(char *username, int errcode) 87cray_login_failure(char *username, int errcode)
88{ 88{
89 struct udb *ueptr; /* UDB pointer for username */ 89 struct udb *ueptr; /* UDB pointer for username */
90 ia_failure_t fsent; /* ia_failure structure */ 90 ia_failure_t fsent; /* ia_failure structure */
91 ia_failure_ret_t fret; /* ia_failure return stuff */ 91 ia_failure_ret_t fret; /* ia_failure return stuff */
92 struct jtab jtab; /* job table structure */ 92 struct jtab jtab; /* job table structure */
93 int jid = 0; /* job id */ 93 int jid = 0; /* job id */
94 94
95 if ((jid = getjtab(&jtab)) < 0) 95 if ((jid = getjtab(&jtab)) < 0) {
96 debug("cray_login_failure(): getjtab error"); 96 debug("cray_login_failure(): getjtab error");
97 97 }
98 getsysudb(); 98 getsysudb();
99 if ((ueptr = getudbnam(username)) == UDB_NULL) 99 if ((ueptr = getudbnam(username)) == UDB_NULL) {
100 debug("cray_login_failure(): getudbname() returned NULL"); 100 debug("cray_login_failure(): getudbname() returned NULL");
101 }
101 endudb(); 102 endudb();
102 103 fsent.revision = 0;
103 memset(&fsent, '\0', sizeof(fsent)); 104 fsent.uname = username;
104 fsent.revision = 0; 105 fsent.host = (char *)get_canonical_hostname(options.verify_reverse_mapping);
105 fsent.uname = username; 106 fsent.ttyn = "sshd";
106 fsent.host = (char *)get_canonical_hostname(options.use_dns); 107 fsent.caller = IA_SSHD;
107 fsent.ttyn = "sshd"; 108 fsent.flags = IA_INTERACTIVE;
108 fsent.caller = IA_SSHD; 109 fsent.ueptr = ueptr;
109 fsent.flags = IA_INTERACTIVE; 110 fsent.jid = jid;
110 fsent.ueptr = ueptr; 111 fsent.errcode = errcode;
111 fsent.jid = jid; 112 fsent.pwdp = NULL;
112 fsent.errcode = errcode; 113 fsent.exitcode = 0; /* dont exit in ia_failure() */
113 fsent.pwdp = NULL; 114
114 fsent.exitcode = 0; /* dont exit in ia_failure() */ 115 fret.revision = 0;
115 116 fret.normal = 0;
116 fret.revision = 0;
117 fret.normal = 0;
118 117
119 /* 118 /*
120 * Call ia_failure because of an login failure. 119 * Call ia_failure because of an login failure.
121 */ 120 */
122 ia_failure(&fsent, &fret); 121 ia_failure(&fsent,&fret);
123} 122}
124 123
125/* 124/*
@@ -128,316 +127,338 @@ cray_login_failure(char *username, int errcode)
128int 127int
129cray_access_denied(char *username) 128cray_access_denied(char *username)
130{ 129{
131 struct udb *ueptr; /* UDB pointer for username */ 130 struct udb *ueptr; /* UDB pointer for username */
132 int errcode; /* IA errorcode */ 131 int errcode; /* IA errorcode */
133 132
134 errcode = 0; 133 errcode = 0;
135 getsysudb(); 134 getsysudb();
136 if ((ueptr = getudbnam(username)) == UDB_NULL) 135 if ((ueptr = getudbnam(username)) == UDB_NULL) {
137 debug("cray_login_failure(): getudbname() returned NULL"); 136 debug("cray_login_failure(): getudbname() returned NULL");
137 }
138 endudb(); 138 endudb();
139 139 if (ueptr && ueptr->ue_disabled)
140 if (ueptr != NULL && ueptr->ue_disabled)
141 errcode = IA_DISABLED; 140 errcode = IA_DISABLED;
142 if (errcode) 141 if (errcode)
143 cray_login_failure(username, errcode); 142 cray_login_failure(username, errcode);
144
145 return (errcode); 143 return (errcode);
146} 144}
147 145
148/*
149 * record_failed_login: generic "login failed" interface function
150 */
151void
152record_failed_login(const char *user, const char *ttyname)
153{
154 cray_login_failure((char *)user, IA_UDBERR);
155}
156
157int 146int
158cray_setup (uid_t uid, char *username, const char *command) 147cray_setup (uid_t uid, char *username, const char *command)
159{ 148{
160 extern struct udb *getudb(); 149 extern struct udb *getudb();
161 extern char *setlimits(); 150 extern char *setlimits();
162 151
163 int err; /* error return */ 152 int err; /* error return */
164 time_t system_time; /* current system clock */ 153 time_t system_time; /* current system clock */
165 time_t expiration_time; /* password expiration time */ 154 time_t expiration_time; /* password expiration time */
166 int maxattempts; /* maximum no. of failed login attempts */ 155 int maxattempts; /* maximum no. of failed login attempts */
167 int SecureSys; /* unicos security flag */ 156 int SecureSys; /* unicos security flag */
168 int minslevel = 0; /* system minimum security level */ 157 int minslevel = 0; /* system minimum security level */
169 int i, j; 158 int i, j;
170 int valid_acct = -1; /* flag for reading valid acct */ 159 int valid_acct = -1; /* flag for reading valid acct */
171 char acct_name[MAXACID] = { "" }; /* used to read acct name */ 160 char acct_name[MAXACID] = { "" }; /* used to read acct name */
172 struct jtab jtab; /* Job table struct */ 161 struct jtab jtab; /* Job table struct */
173 struct udb ue; /* udb entry for logging-in user */ 162 struct udb ue; /* udb entry for logging-in user */
174 struct udb *up; /* pointer to UDB entry */ 163 struct udb *up; /* pointer to UDB entry */
175 struct secstat secinfo; /* file security attributes */ 164 struct secstat secinfo; /* file security attributes */
176 struct servprov init_info; /* used for sesscntl() call */ 165 struct servprov init_info; /* used for sesscntl() call */
177 int jid; /* job ID */ 166 int jid; /* job ID */
178 int pid; /* process ID */ 167 int pid; /* process ID */
179 char *sr; /* status return from setlimits() */ 168 char *sr; /* status return from setlimits() */
180 char *ttyn = NULL; /* ttyname or command name*/ 169 char *ttyn = NULL; /* ttyname or command name*/
181 char hostname[MAXHOSTNAMELEN]; 170 char hostname[MAXHOSTNAMELEN];
182 /* passwd stuff for ia_user */ 171 passwd_t pwdacm,
183 passwd_t pwdacm, pwddialup, pwdudb, pwdwal, pwddce; 172 pwddialup,
184 ia_user_ret_t uret; /* stuff returned from ia_user */ 173 pwdudb,
185 ia_user_t usent /* ia_user main structure */ 174 pwdwal,
186 int ia_rcode; /* ia_user return code */ 175 pwddce; /* passwd stuff for ia_user */
187 ia_failure_t fsent; /* ia_failure structure */ 176 ia_user_ret_t uret; /* stuff returned from ia_user */
177 ia_user_t usent; /* ia_user main structure */
178 int ia_rcode; /* ia_user return code */
179 ia_failure_t fsent; /* ia_failure structure */
188 ia_failure_ret_t fret; /* ia_failure return stuff */ 180 ia_failure_ret_t fret; /* ia_failure return stuff */
189 ia_success_t ssent; /* ia_success structure */ 181 ia_success_t ssent; /* ia_success structure */
190 ia_success_ret_t sret; /* ia_success return stuff */ 182 ia_success_ret_t sret; /* ia_success return stuff */
191 int ia_mlsrcode; /* ia_mlsuser return code */ 183 int ia_mlsrcode; /* ia_mlsuser return code */
192 int secstatrc; /* [f]secstat return code */ 184 int secstatrc; /* [f]secstat return code */
193 185
194 if (SecureSys = (int)sysconf(_SC_CRAY_SECURE_SYS)) { 186 if (SecureSys = (int)sysconf(_SC_CRAY_SECURE_SYS)) {
195 getsysv(&sysv, sizeof(struct sysv)); 187 getsysv(&sysv, sizeof(struct sysv));
196 minslevel = sysv.sy_minlvl; 188 minslevel = sysv.sy_minlvl;
197 if (getusrv(&usrv) < 0) 189 if (getusrv(&usrv) < 0) {
198 fatal("getusrv() failed, errno = %d", errno); 190 debug("getusrv() failed, errno = %d",errno);
191 exit(1);
192 }
199 } 193 }
200 hostname[0] = '\0'; 194 hostname[0] = '\0';
201 strlcpy(hostname, 195 strncpy(hostname,
202 (char *)get_canonical_hostname(options.use_dns), 196 (char *)get_canonical_hostname(options.verify_reverse_mapping),
203 MAXHOSTNAMELEN); 197 MAXHOSTNAMELEN);
204 /* 198 /*
205 * Fetch user's UDB entry. 199 * Fetch user's UDB entry.
206 */ 200 */
207 getsysudb(); 201 getsysudb();
208 if ((up = getudbnam(username)) == UDB_NULL) 202 if ((up = getudbnam(username)) == UDB_NULL) {
209 fatal("cannot fetch user's UDB entry"); 203 debug("cannot fetch user's UDB entry");
210 204 exit(1);
211 /* 205 }
212 * Prevent any possible fudging so perform a data 206
213 * safety check and compare the supplied uid against 207 /*
214 * the udb's uid. 208 * Prevent any possible fudging so perform a data
215 */ 209 * safety check and compare the supplied uid against
216 if (up->ue_uid != uid) 210 * the udb's uid.
217 fatal("IA uid missmatch"); 211 */
212 if (up->ue_uid != uid) {
213 debug("IA uid missmatch");
214 exit(1);
215 }
218 endudb(); 216 endudb();
219 217
220 if ((jid = getjtab(&jtab)) < 0) { 218 if ((jid = getjtab (&jtab)) < 0) {
221 debug("getjtab"); 219 debug("getjtab");
222 return(-1); 220 return -1;
223 } 221 }
224 pid = getpid(); 222 pid = getpid();
225 ttyn = ttyname(0); 223 ttyn = ttyname(0);
226 if (SecureSys) { 224 if (SecureSys) {
227 if (ttyn != NULL) 225 if (ttyn) {
228 secstatrc = secstat(ttyn, &secinfo); 226 secstatrc = secstat(ttyn, &secinfo);
229 else 227 } else {
230 secstatrc = fsecstat(1, &secinfo); 228 secstatrc = fsecstat(1, &secinfo);
231 229 }
232 if (secstatrc == 0) 230 if (secstatrc == 0) {
233 debug("[f]secstat() successful"); 231 debug("[f]secstat() successful");
234 else 232 } else {
235 fatal("[f]secstat() error, rc = %d", secstatrc); 233 debug("[f]secstat() error, rc = %d", secstatrc);
234 exit(1);
235 }
236 } 236 }
237 if ((ttyn == NULL) && ((char *)command != NULL)) 237 if ((ttyn == NULL) && ((char *)command != NULL))
238 ttyn = (char *)command; 238 ttyn = (char *)command;
239 /* 239 /*
240 * Initialize all structures to call ia_user 240 * Initialize all structures to call ia_user
241 */ 241 */
242 usent.revision = 0; 242 usent.revision = 0;
243 usent.uname = username; 243 usent.uname = username;
244 usent.host = hostname; 244 usent.host = hostname;
245 usent.ttyn = ttyn; 245 usent.ttyn = ttyn;
246 usent.caller = IA_SSHD; 246 usent.caller = IA_SSHD;
247 usent.pswdlist = &pwdacm; 247 usent.pswdlist = &pwdacm;
248 usent.ueptr = &ue; 248 usent.ueptr = &ue;
249 usent.flags = IA_INTERACTIVE | IA_FFLAG; 249 usent.flags = IA_INTERACTIVE | IA_FFLAG;
250 pwdacm.atype = IA_SECURID; 250 pwdacm.atype = IA_SECURID;
251 pwdacm.pwdp = NULL; 251 pwdacm.pwdp = NULL;
252 pwdacm.next = &pwdudb; 252 pwdacm.next = &pwdudb;
253 253
254 pwdudb.atype = IA_UDB; 254 pwdudb.atype = IA_UDB;
255 pwdudb.pwdp = NULL; 255 pwdudb.pwdp = NULL;
256 pwdudb.next = &pwddce; 256 pwdudb.next = &pwddce;
257 257
258 pwddce.atype = IA_DCE; 258 pwddce.atype = IA_DCE;
259 pwddce.pwdp = NULL; 259 pwddce.pwdp = NULL;
260 pwddce.next = &pwddialup; 260 pwddce.next = &pwddialup;
261 261
262 pwddialup.atype = IA_DIALUP; 262 pwddialup.atype = IA_DIALUP;
263 pwddialup.pwdp = NULL; 263 pwddialup.pwdp = NULL;
264 /* pwddialup.next = &pwdwal; */ 264 /* pwddialup.next = &pwdwal; */
265 pwddialup.next = NULL; 265 pwddialup.next = NULL;
266 266
267 pwdwal.atype = IA_WAL; 267 pwdwal.atype = IA_WAL;
268 pwdwal.pwdp = NULL; 268 pwdwal.pwdp = NULL;
269 pwdwal.next = NULL; 269 pwdwal.next = NULL;
270 270
271 uret.revision = 0; 271 uret.revision = 0;
272 uret.pswd = NULL; 272 uret.pswd = NULL;
273 uret.normal = 0; 273 uret.normal = 0;
274 274
275 ia_rcode = ia_user(&usent, &uret); 275 ia_rcode = ia_user(&usent, &uret);
276 switch (ia_rcode) { 276
277 /* 277 switch (ia_rcode) {
278 * These are acceptable return codes from ia_user() 278 /*
279 */ 279 * These are acceptable return codes from ia_user()
280 case IA_UDBWEEK: /* Password Expires in 1 week */ 280 */
281 expiration_time = ue.ue_pwage.time + ue.ue_pwage.maxage; 281 case IA_UDBWEEK: /* Password Expires in 1 week */
282 printf ("WARNING - your current password will expire %s\n", 282 expiration_time = ue.ue_pwage.time + ue.ue_pwage.maxage;
283 ctime((const time_t *)&expiration_time)); 283 printf ("WARNING - your current password will expire %s\n",
284 break; 284 ctime((const time_t *)&expiration_time));
285 case IA_UDBEXPIRED: 285 break;
286 if (ttyname(0) != NULL) { 286 case IA_UDBEXPIRED:
287 /* Force a password change */ 287 if (ttyname(0) != NULL) {
288 printf("Your password has expired; Choose a new one.\n"); 288 /* Force a password change */
289 execl("/bin/passwd", "passwd", username, 0); 289 printf("Your password has expired; Choose a new one.\n");
290 exit(9); 290 execl("/bin/passwd", "passwd", username, 0);
291 } 291 exit(9);
292 break; 292 }
293 case IA_NORMAL: /* Normal Return Code */ 293
294 break; 294 break;
295 case IA_BACKDOOR: 295 case IA_NORMAL: /* Normal Return Code */
296 /* XXX: can we memset it to zero here so save some of this */ 296 break;
297 strlcpy(ue.ue_name, "root", sizeof(ue.ue_name)); 297 case IA_BACKDOOR:
298 strlcpy(ue.ue_dir, "/", sizeof(ue.ue_dir)); 298 strcpy(ue.ue_name, "root");
299 strlcpy(ue.ue_shell, "/bin/sh", sizeof(ue.ue_shell)); 299 strcpy(ue.ue_passwd, "");
300 300 strcpy(ue.ue_dir, "/");
301 ue.ue_passwd[0] = '\0'; 301 strcpy(ue.ue_shell, "/bin/sh");
302 ue.ue_age[0] = '\0'; 302 strcpy(ue.ue_age, "");
303 ue.ue_comment[0] = '\0'; 303 strcpy(ue.ue_comment, "");
304 ue.ue_loghost[0] = '\0'; 304 strcpy(ue.ue_loghost, "");
305 ue.ue_logline[0] = '\0'; 305 strcpy(ue.ue_logline, "");
306 306 ue.ue_uid=-1;
307 ue.ue_uid = -1; 307 ue.ue_nice[UDBRC_INTER]=0;
308 ue.ue_nice[UDBRC_INTER] = 0; 308 for (i=0;i<MAXVIDS;i++)
309 309 ue.ue_gids[i]=0;
310 for (i = 0; i < MAXVIDS; i++) 310 ue.ue_logfails=0;
311 ue.ue_gids[i] = 0; 311 ue.ue_minlvl=minslevel;
312 312 ue.ue_maxlvl=minslevel;
313 ue.ue_logfails = 0; 313 ue.ue_deflvl=minslevel;
314 ue.ue_minlvl = ue.ue_maxlvl = ue.ue_deflvl = minslevel; 314 ue.ue_defcomps=0;
315 ue.ue_defcomps = 0; 315 ue.ue_comparts=0;
316 ue.ue_comparts = 0; 316 ue.ue_permits=0;
317 ue.ue_permits = 0; 317 ue.ue_trap=0;
318 ue.ue_trap = 0; 318 ue.ue_disabled=0;
319 ue.ue_disabled = 0; 319 ue.ue_logtime=0;
320 ue.ue_logtime = 0; 320 break;
321 break; 321 case IA_CONSOLE: /* Superuser not from Console */
322 case IA_CONSOLE: /* Superuser not from Console */ 322 case IA_TRUSTED: /* Trusted user */
323 case IA_TRUSTED: /* Trusted user */ 323 if (options.permit_root_login > PERMIT_NO)
324 if (options.permit_root_login > PERMIT_NO) 324 break; /* Accept root login */
325 break; /* Accept root login */ 325 default:
326 default: 326 /*
327 /* 327 * These are failed return codes from ia_user()
328 * These are failed return codes from ia_user() 328 */
329 */ 329 switch (ia_rcode)
330 switch (ia_rcode) 330 {
331 { 331 case IA_BADAUTH:
332 case IA_BADAUTH: 332 printf ("Bad authorization, access denied.\n");
333 printf("Bad authorization, access denied.\n"); 333 break;
334 break; 334 case IA_DIALUPERR:
335 case IA_DISABLED: 335 break;
336 printf("Your login has been disabled. Contact the system "); 336 case IA_DISABLED:
337 printf("administrator for assistance.\n"); 337 printf ("Your login has been disabled. Contact the system ");
338 break; 338 printf ("administrator for assistance.\n");
339 case IA_GETSYSV: 339 break;
340 printf("getsysv() failed - errno = %d\n", errno); 340 case IA_GETSYSV:
341 break; 341 printf ("getsysv() failed - errno = %d\n", errno);
342 case IA_MAXLOGS: 342 break;
343 printf("Maximum number of failed login attempts exceeded.\n"); 343 case IA_LOCALHOST:
344 printf("Access denied.\n"); 344 break;
345 break; 345 case IA_MAXLOGS:
346 case IA_UDBPWDNULL: 346 printf ("Maximum number of failed login attempts exceeded.\n");
347 if (SecureSys) 347 printf ("Access denied.\n");
348 printf("NULL Password not allowed on MLS systems.\n"); 348 break;
349 break; 349 case IA_NOPASS:
350 default: 350 break;
351 break; 351 case IA_PUBLIC:
352 } 352 break;
353 353 case IA_SECURIDERR:
354 /* 354 break;
355 * Authentication failed. 355 case IA_CONSOLE:
356 */ 356 break;
357 printf("sshd: Login incorrect, (0%o)\n", 357 case IA_TRUSTED:
358 ia_rcode-IA_ERRORCODE); 358 break;
359 359 case IA_UDBERR:
360 /* 360 break;
361 * Initialize structure for ia_failure 361 case IA_UDBPWDNULL:
362 * which will exit. 362 /*
363 */ 363 * NULL password not allowed on MLS systems
364 fsent.revision = 0; 364 */
365 fsent.uname = username; 365 if (SecureSys) {
366 fsent.host = hostname; 366 printf("NULL Password not allowed on MLS systems.\n");
367 fsent.ttyn = ttyn; 367 }
368 fsent.caller = IA_SSHD; 368 break;
369 fsent.flags = IA_INTERACTIVE; 369 case IA_UNKNOWN:
370 fsent.ueptr = &ue; 370 break;
371 fsent.jid = jid; 371 case IA_UNKNOWNYP:
372 fsent.errcode = ia_rcode; 372 break;
373 fsent.pwdp = uret.pswd; 373 case IA_WALERR:
374 fsent.exitcode = 1; 374 break;
375 375 default:
376 fret.revision = 0; 376 /* nothing special */
377 fret.normal = 0; 377 ;
378 378 } /* 2. switch (ia_rcode) */
379 /* 379 /*
380 * Call ia_failure because of an IA failure. 380 * Authentication failed.
381 * There is no return because ia_failure exits. 381 */
382 */ 382 printf("sshd: Login incorrect, (0%o)\n",
383 ia_failure(&fsent, &fret); 383 ia_rcode-IA_ERRORCODE);
384 384
385 exit(1); 385 /*
386 } 386 * Initialize structure for ia_failure
387 387 * which will exit.
388 */
389 fsent.revision = 0;
390 fsent.uname = username;
391 fsent.host = hostname;
392 fsent.ttyn = ttyn;
393 fsent.caller = IA_SSHD;
394 fsent.flags = IA_INTERACTIVE;
395 fsent.ueptr = &ue;
396 fsent.jid = jid;
397 fsent.errcode = ia_rcode;
398 fsent.pwdp = uret.pswd;
399 fsent.exitcode = 1;
400
401 fret.revision = 0;
402 fret.normal = 0;
403
404 /*
405 * Call ia_failure because of an IA failure.
406 * There is no return because ia_failure exits.
407 */
408
409 ia_failure(&fsent,&fret);
410
411 exit(1);
412 } /* 1. switch (ia_rcode) */
388 ia_mlsrcode = IA_NORMAL; 413 ia_mlsrcode = IA_NORMAL;
389 if (SecureSys) { 414 if (SecureSys) {
390 debug("calling ia_mlsuser()"); 415 debug("calling ia_mlsuser()");
391 ia_mlsrcode = ia_mlsuser(&ue, &secinfo, &usrv, NULL, 0); 416 ia_mlsrcode = ia_mlsuser (&ue, &secinfo, &usrv, NULL, 0);
392 } 417 }
393 if (ia_mlsrcode != IA_NORMAL) { 418 if (ia_mlsrcode != IA_NORMAL) {
394 printf("sshd: Login incorrect, (0%o)\n", 419 printf("sshd: Login incorrect, (0%o)\n",
395 ia_mlsrcode-IA_ERRORCODE); 420 ia_mlsrcode-IA_ERRORCODE);
396 /* 421 /*
397 * Initialize structure for ia_failure 422 * Initialize structure for ia_failure
398 * which will exit. 423 * which will exit.
399 */ 424 */
400 fsent.revision = 0; 425 fsent.revision = 0;
401 fsent.uname = username; 426 fsent.uname = username;
402 fsent.host = hostname; 427 fsent.host = hostname;
403 fsent.ttyn = ttyn; 428 fsent.ttyn = ttyn;
404 fsent.caller = IA_SSHD; 429 fsent.caller = IA_SSHD;
405 fsent.flags = IA_INTERACTIVE; 430 fsent.flags = IA_INTERACTIVE;
406 fsent.ueptr = &ue; 431 fsent.ueptr = &ue;
407 fsent.jid = jid; 432 fsent.jid = jid;
408 fsent.errcode = ia_mlsrcode; 433 fsent.errcode = ia_mlsrcode;
409 fsent.pwdp = uret.pswd; 434 fsent.pwdp = uret.pswd;
410 fsent.exitcode = 1; 435 fsent.exitcode = 1;
411 fret.revision = 0; 436 fret.revision = 0;
412 fret.normal = 0; 437 fret.normal = 0;
413 438
414 /* 439 /*
415 * Call ia_failure because of an IA failure. 440 * Call ia_failure because of an IA failure.
416 * There is no return because ia_failure exits. 441 * There is no return because ia_failure exits.
417 */ 442 */
418 ia_failure(&fsent,&fret); 443 ia_failure(&fsent,&fret);
419 exit(1); 444 exit(1);
420 } 445 }
421 446
422 /* Provide login status information */ 447 /* Provide login status information */
423 if (options.print_lastlog && ue.ue_logtime != 0) { 448 if (options.print_lastlog && ue.ue_logtime != 0) {
424 printf("Last successful login was : %.*s ", 19, 449 printf("Last successful login was : %.*s ",
425 (char *)ctime(&ue.ue_logtime)); 450 19, (char *)ctime(&ue.ue_logtime));
426 451
427 if (*ue.ue_loghost != '\0') { 452 if (*ue.ue_loghost != '\0')
428 printf("from %.*s\n", sizeof(ue.ue_loghost), 453 printf("from %.*s\n", sizeof(ue.ue_loghost), ue.ue_loghost);
429 ue.ue_loghost); 454
430 } else { 455 else printf("on %.*s\n", sizeof(ue.ue_logline), ue.ue_logline);
431 printf("on %.*s\n", sizeof(ue.ue_logline), 456
432 ue.ue_logline); 457 if ( SecureSys && (ue.ue_logfails != 0))
433 } 458 printf(" followed by %d failed attempts\n", ue.ue_logfails);
434 459 }
435 if (SecureSys && (ue.ue_logfails != 0)) { 460
436 printf(" followed by %d failed attempts\n", 461
437 ue.ue_logfails);
438 }
439 }
440
441 /* 462 /*
442 * Call ia_success to process successful I/A. 463 * Call ia_success to process successful I/A.
443 */ 464 */
@@ -451,116 +472,109 @@ cray_setup (uid_t uid, char *username, const char *command)
451 ssent.jid = jid; 472 ssent.jid = jid;
452 ssent.errcode = ia_rcode; 473 ssent.errcode = ia_rcode;
453 ssent.us = NULL; 474 ssent.us = NULL;
454 ssent.time = 1; /* Set ue_logtime */ 475 ssent.time = 1; /* Set ue_logtime */
455 476
456 sret.revision = 0; 477 sret.revision = 0;
457 sret.normal = 0; 478 sret.normal = 0;
458 479
459 ia_success(&ssent, &sret); 480 ia_success(&ssent,&sret);
460 481
461 /* 482 /*
462 * Query for account, iff > 1 valid acid & askacid permbit 483 * Query for account, iff > 1 valid acid & askacid permbit
463 */ 484 */
464 if (((ue.ue_permbits & PERMBITS_ACCTID) || 485 if (((ue.ue_permbits & PERMBITS_ACCTID) ||
465 (ue.ue_acids[0] >= 0) && (ue.ue_acids[1] >= 0)) && 486 (ue.ue_acids[0] >= 0) && (ue.ue_acids[1] >= 0)) &&
466 ue.ue_permbits & PERMBITS_ASKACID) { 487 ue.ue_permbits & PERMBITS_ASKACID) {
467 if (ttyname(0) != NULL) { 488 if (ttyname(0) != NULL) {
468 debug("cray_setup: ttyname true case, %.100s", ttyname); 489 debug("cray_setup: ttyname true case, %.100s", ttyname);
469 while (valid_acct == -1) { 490 while (valid_acct == -1) {
470 printf("Account (? for available accounts)" 491 printf("Account (? for available accounts)"
471 " [%s]: ", acid2nam(ue.ue_acids[0])); 492 " [%s]: ", acid2nam(ue.ue_acids[0]));
472 fgets(acct_name, MAXACID, stdin); 493 gets(acct_name);
473 switch (acct_name[0]) { 494 switch (acct_name[0]) {
474 case EOF: 495 case EOF:
475 exit(0); 496 exit(0);
476 break; 497 break;
477 case '\0': 498 case '\0':
478 valid_acct = ue.ue_acids[0]; 499 valid_acct = ue.ue_acids[0];
479 strlcpy(acct_name, acid2nam(valid_acct), MAXACID); 500 strcpy(acct_name, acid2nam(valid_acct));
480 break; 501 break;
481 case '?': 502 case '?':
482 /* Print the list 3 wide */ 503 /* Print the list 3 wide */
483 for (i = 0, j = 0; i < MAXVIDS; i++) { 504 for (i = 0, j = 0; i < MAXVIDS; i++) {
484 if (ue.ue_acids[i] == -1) { 505 if (ue.ue_acids[i] == -1) {
485 printf("\n"); 506 printf("\n");
486 break; 507 break;
487 } 508 }
488 if (++j == 4) { 509 if (++j == 4) {
489 j = 1; 510 j = 1;
490 printf("\n"); 511 printf("\n");
491 } 512 }
492 printf(" %s", 513 printf(" %s",
493 acid2nam(ue.ue_acids[i])); 514 acid2nam(ue.ue_acids[i]));
494 } 515 }
495 if (ue.ue_permbits & PERMBITS_ACCTID) { 516 if (ue.ue_permbits & PERMBITS_ACCTID)
496 printf("\"acctid\" permbit also allows" 517 printf("\"acctid\" permbit also allows"
497 " you to select any valid " 518 " you to select any valid "
498 "account name.\n"); 519 "account name.\n");
499 } 520 printf("\n");
500 printf("\n"); 521 break;
501 break; 522 default:
502 default: 523 if ((valid_acct = nam2acid(acct_name)) == -1) printf("Account id not found for"
503 valid_acct = nam2acid(acct_name); 524 " account name \"%s\"\n\n",
504 if (valid_acct == -1) { 525 acct_name);
505 printf( 526 break;
506 "Account id not found for" 527 }
507 " account name \"%s\"\n\n", 528 /*
508 acct_name); 529 * If an account was given, search the user's
509 break; 530 * acids array to verify they can use this account.
510 } 531 */
511 /* 532 if ((valid_acct != -1) &&
512 * If an account was given, search the user's 533 !(ue.ue_permbits & PERMBITS_ACCTID)) {
513 * acids array to verify they can use this account. 534 for (i = 0; i < MAXVIDS; i++) {
514 */ 535 if (ue.ue_acids[i] == -1)
515 if ((valid_acct != -1) && 536 break;
516 !(ue.ue_permbits & PERMBITS_ACCTID)) { 537 if (valid_acct == ue.ue_acids[i])
517 for (i = 0; i < MAXVIDS; i++) { 538 break;
518 if (ue.ue_acids[i] == -1) 539 }
519 break; 540 if (i == MAXVIDS ||
520 if (valid_acct == ue.ue_acids[i]) 541 ue.ue_acids[i] == -1) {
521 break; 542 fprintf(stderr, "Cannot set"
522 } 543 " account name to "
523 if (i == MAXVIDS || 544 "\"%s\", permission "
524 ue.ue_acids[i] == -1) { 545 "denied\n\n", acct_name);
525 fprintf(stderr, "Cannot set" 546 valid_acct = -1;
526 " account name to " 547 }
527 "\"%s\", permission " 548 }
528 "denied\n\n", acct_name); 549 }
529 valid_acct = -1;
530 }
531 }
532 }
533 } else {
534 /*
535 * The client isn't connected to a terminal and can't
536 * respond to an acid prompt. Use default acid.
537 */
538 debug("cray_setup: ttyname false case, %.100s",
539 ttyname);
540 valid_acct = ue.ue_acids[0];
541 }
542 } else { 550 } else {
543 /* 551 /*
544 * The user doesn't have the askacid permbit set or 552 * The client isn't connected to a terminal and can't
545 * only has one valid account to use. 553 * respond to an acid prompt. Use default acid.
546 */ 554 */
555 debug("cray_setup: ttyname false case, %.100s", ttyname);
547 valid_acct = ue.ue_acids[0]; 556 valid_acct = ue.ue_acids[0];
548 } 557 }
549 if (acctid(0, valid_acct) < 0) { 558 } else {
550 printf ("Bad account id: %d\n", valid_acct); 559 /*
551 exit(1); 560 * The user doesn't have the askacid permbit set or
552 } 561 * only has one valid account to use.
553 562 */
554 /* 563 valid_acct = ue.ue_acids[0];
555 * Now set shares, quotas, limits, including CPU time for the 564 }
556 * (interactive) job and process, and set up permissions 565 if (acctid(0, valid_acct) < 0) {
557 * (for chown etc), etc. 566 printf ("Bad account id: %d\n", valid_acct);
558 */ 567 exit(1);
568 }
569
570/* set up shares and quotas */
571/* Now set shares, quotas, limits, including CPU time for the (interactive)
572 * job and process, and set up permissions (for chown etc), etc.
573 */
559 if (setshares(ue.ue_uid, valid_acct, printf, 0, 0)) { 574 if (setshares(ue.ue_uid, valid_acct, printf, 0, 0)) {
560 printf("Unable to give %d shares to <%s>(%d/%d)\n", 575 printf("Unable to give %d shares to <%s>(%d/%d)\n", ue.ue_shares, ue.ue_name, ue.ue_uid, valid_acct);
561 ue.ue_shares, ue.ue_name, ue.ue_uid, valid_acct);
562 exit(1); 576 exit(1);
563 } 577 }
564 578
565 sr = setlimits(username, C_PROC, pid, UDBRC_INTER); 579 sr = setlimits(username, C_PROC, pid, UDBRC_INTER);
566 if (sr != NULL) { 580 if (sr != NULL) {
@@ -573,15 +587,17 @@ cray_setup (uid_t uid, char *username, const char *command)
573 exit(1); 587 exit(1);
574 } 588 }
575 /* 589 /*
576 * Place the service provider information into 590 * Place the service provider information into
577 * the session table (Unicos) or job table (Unicos/mk). 591 * the session table (Unicos) or job table (Unicos/mk).
578 * There exist double defines for the job/session table in 592 * There exist double defines for the job/session table in
579 * unicos/mk (jtab.h) so no need for a compile time switch. 593 * unicos/mk (jtab.h) so no need for a compile time switch.
580 */ 594 */
581 memset(&init_info, '\0', sizeof(init_info)); 595 bzero((char *)&init_info, sizeof(struct servprov));
582 init_info.s_sessinit.si_id = URM_SPT_LOGIN; 596 init_info.s_sessinit.si_id = URM_SPT_LOGIN;
583 init_info.s_sessinit.si_pid = getpid(); 597 init_info.s_sessinit.si_pid = getpid();
584 init_info.s_sessinit.si_sid = jid; 598 init_info.s_sessinit.si_sid = jid;
599 init_info.s_routing.seqno = 0;
600 init_info.s_routing.iadrs = 0;
585 sesscntl(0, S_SETSERVPO, (int)&init_info); 601 sesscntl(0, S_SETSERVPO, (int)&init_info);
586 602
587 /* 603 /*
@@ -594,7 +610,7 @@ cray_setup (uid_t uid, char *username, const char *command)
594 } 610 }
595 } 611 }
596 612
597 return (0); 613 return(0);
598} 614}
599 615
600/* 616/*
@@ -607,10 +623,10 @@ void
607drop_cray_privs() 623drop_cray_privs()
608{ 624{
609#if defined(_SC_CRAY_PRIV_SU) 625#if defined(_SC_CRAY_PRIV_SU)
610 priv_proc_t *privstate; 626 priv_proc_t* privstate;
611 int result; 627 int result;
612 extern int priv_set_proc(); 628 extern int priv_set_proc();
613 extern priv_proc_t *priv_init_proc(); 629 extern priv_proc_t* priv_init_proc();
614 630
615 /* 631 /*
616 * If ether of theses two flags are not set 632 * If ether of theses two flags are not set
@@ -638,17 +654,15 @@ drop_cray_privs()
638 usrv.sv_intcat = TFM_SYSTEM; 654 usrv.sv_intcat = TFM_SYSTEM;
639 usrv.sv_valcat |= (TFM_SYSTEM | TFM_SYSFILE); 655 usrv.sv_valcat |= (TFM_SYSTEM | TFM_SYSFILE);
640 656
641 if (setusrv(&usrv) < 0) { 657 if (setusrv(&usrv) < 0)
642 fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__, 658 fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__,
643 strerror(errno)); 659 strerror(errno));
644 }
645 660
646 if ((privstate = priv_init_proc()) != NULL) { 661 if ((privstate = priv_init_proc()) != NULL) {
647 result = priv_set_proc(privstate); 662 result = priv_set_proc(privstate);
648 if (result != 0 ) { 663 if (result != 0 )
649 fatal("%s(%d): priv_set_proc(): %s", 664 fatal("%s(%d): priv_set_proc(): %s",
650 __FILE__, __LINE__, strerror(errno)); 665 __FILE__, __LINE__, strerror(errno));
651 }
652 priv_free_proc(privstate); 666 priv_free_proc(privstate);
653 } 667 }
654 debug ("Privileges should be cleared..."); 668 debug ("Privileges should be cleared...");
@@ -669,7 +683,6 @@ cray_retain_utmp(struct utmp *ut, int pid)
669 struct utmp utmp; 683 struct utmp utmp;
670 684
671 if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) { 685 if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) {
672 /* XXX use atomicio */
673 while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) { 686 while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) {
674 if (pid == utmp.ut_pid) { 687 if (pid == utmp.ut_pid) {
675 ut->ut_jid = utmp.ut_jid; 688 ut->ut_jid = utmp.ut_jid;
@@ -680,8 +693,9 @@ cray_retain_utmp(struct utmp *ut, int pid)
680 } 693 }
681 } 694 }
682 close(fd); 695 close(fd);
683 } else 696 }
684 fatal("Unable to open utmp file"); 697 else
698 fatal("Unable to open utmp file");
685} 699}
686 700
687/* 701/*
@@ -694,9 +708,11 @@ cray_retain_utmp(struct utmp *ut, int pid)
694void 708void
695cray_delete_tmpdir(char *login, int jid, uid_t uid) 709cray_delete_tmpdir(char *login, int jid, uid_t uid)
696{ 710{
711 int child;
697 static char jtmp[TPATHSIZ]; 712 static char jtmp[TPATHSIZ];
698 struct stat statbuf; 713 struct stat statbuf;
699 int child, c, wstat; 714 int c;
715 int wstat;
700 716
701 for (c = 'a'; c <= 'z'; c++) { 717 for (c = 'a'; c <= 'z'; c++) {
702 snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c); 718 snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-08 01:05:33 +0000