summaryrefslogtreecommitdiff
path: root/openbsd-compat/bsd-cray.c
diff options
context:
space:
mode:
Diffstat (limited to 'openbsd-compat/bsd-cray.c')
-rw-r--r--openbsd-compat/bsd-cray.c810
1 files changed, 397 insertions, 413 deletions
diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c
index edb3112b3..f2ac428cc 100644
--- a/openbsd-compat/bsd-cray.c
+++ b/openbsd-compat/bsd-cray.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * $Id: bsd-cray.c,v 1.8 2002/09/26 00:38:51 tim Exp $ 2 * $Id: bsd-cray.c,v 1.12 2003/06/03 02:45:27 dtucker Exp $
3 * 3 *
4 * bsd-cray.c 4 * bsd-cray.c
5 * 5 *
@@ -67,10 +67,10 @@
67 67
68extern ServerOptions options; 68extern ServerOptions options;
69 69
70char cray_tmpdir[TPATHSIZ+1]; /* job TMPDIR path */ 70char cray_tmpdir[TPATHSIZ + 1]; /* job TMPDIR path */
71 71
72struct sysv sysv; /* system security structure */ 72struct sysv sysv; /* system security structure */
73struct usrv usrv; /* user security structure */ 73struct usrv usrv; /* user security structure */
74 74
75/* 75/*
76 * Functions. 76 * Functions.
@@ -86,39 +86,40 @@ int cray_access_denied(char *);
86void 86void
87cray_login_failure(char *username, int errcode) 87cray_login_failure(char *username, int errcode)
88{ 88{
89 struct udb *ueptr; /* UDB pointer for username */ 89 struct udb *ueptr; /* UDB pointer for username */
90 ia_failure_t fsent; /* ia_failure structure */ 90 ia_failure_t fsent; /* ia_failure structure */
91 ia_failure_ret_t fret; /* ia_failure return stuff */ 91 ia_failure_ret_t fret; /* ia_failure return stuff */
92 struct jtab jtab; /* job table structure */ 92 struct jtab jtab; /* job table structure */
93 int jid = 0; /* job id */ 93 int jid = 0; /* job id */
94 94
95 if ((jid = getjtab(&jtab)) < 0) { 95 if ((jid = getjtab(&jtab)) < 0)
96 debug("cray_login_failure(): getjtab error"); 96 debug("cray_login_failure(): getjtab error");
97 } 97
98 getsysudb(); 98 getsysudb();
99 if ((ueptr = getudbnam(username)) == UDB_NULL) { 99 if ((ueptr = getudbnam(username)) == UDB_NULL)
100 debug("cray_login_failure(): getudbname() returned NULL"); 100 debug("cray_login_failure(): getudbname() returned NULL");
101 }
102 endudb(); 101 endudb();
103 fsent.revision = 0; 102
104 fsent.uname = username; 103 memset(&fsent, '\0', sizeof(fsent));
105 fsent.host = (char *)get_canonical_hostname(options.verify_reverse_mapping); 104 fsent.revision = 0;
106 fsent.ttyn = "sshd"; 105 fsent.uname = username;
107 fsent.caller = IA_SSHD; 106 fsent.host = (char *)get_canonical_hostname(options.use_dns);
108 fsent.flags = IA_INTERACTIVE; 107 fsent.ttyn = "sshd";
109 fsent.ueptr = ueptr; 108 fsent.caller = IA_SSHD;
110 fsent.jid = jid; 109 fsent.flags = IA_INTERACTIVE;
111 fsent.errcode = errcode; 110 fsent.ueptr = ueptr;
112 fsent.pwdp = NULL; 111 fsent.jid = jid;
113 fsent.exitcode = 0; /* dont exit in ia_failure() */ 112 fsent.errcode = errcode;
114 113 fsent.pwdp = NULL;
115 fret.revision = 0; 114 fsent.exitcode = 0; /* dont exit in ia_failure() */
116 fret.normal = 0; 115
116 fret.revision = 0;
117 fret.normal = 0;
117 118
118 /* 119 /*
119 * Call ia_failure because of an login failure. 120 * Call ia_failure because of an login failure.
120 */ 121 */
121 ia_failure(&fsent,&fret); 122 ia_failure(&fsent, &fret);
122} 123}
123 124
124/* 125/*
@@ -127,338 +128,316 @@ cray_login_failure(char *username, int errcode)
127int 128int
128cray_access_denied(char *username) 129cray_access_denied(char *username)
129{ 130{
130 struct udb *ueptr; /* UDB pointer for username */ 131 struct udb *ueptr; /* UDB pointer for username */
131 int errcode; /* IA errorcode */ 132 int errcode; /* IA errorcode */
132 133
133 errcode = 0; 134 errcode = 0;
134 getsysudb(); 135 getsysudb();
135 if ((ueptr = getudbnam(username)) == UDB_NULL) { 136 if ((ueptr = getudbnam(username)) == UDB_NULL)
136 debug("cray_login_failure(): getudbname() returned NULL"); 137 debug("cray_login_failure(): getudbname() returned NULL");
137 }
138 endudb(); 138 endudb();
139 if (ueptr && ueptr->ue_disabled) 139
140 if (ueptr != NULL && ueptr->ue_disabled)
140 errcode = IA_DISABLED; 141 errcode = IA_DISABLED;
141 if (errcode) 142 if (errcode)
142 cray_login_failure(username, errcode); 143 cray_login_failure(username, errcode);
144
143 return (errcode); 145 return (errcode);
144} 146}
145 147
148/*
149 * record_failed_login: generic "login failed" interface function
150 */
151void
152record_failed_login(const char *user, const char *ttyname)
153{
154 cray_login_failure((char *)user, IA_UDBERR);
155}
156
146int 157int
147cray_setup (uid_t uid, char *username, const char *command) 158cray_setup (uid_t uid, char *username, const char *command)
148{ 159{
149 extern struct udb *getudb(); 160 extern struct udb *getudb();
150 extern char *setlimits(); 161 extern char *setlimits();
151 162
152 int err; /* error return */ 163 int err; /* error return */
153 time_t system_time; /* current system clock */ 164 time_t system_time; /* current system clock */
154 time_t expiration_time; /* password expiration time */ 165 time_t expiration_time; /* password expiration time */
155 int maxattempts; /* maximum no. of failed login attempts */ 166 int maxattempts; /* maximum no. of failed login attempts */
156 int SecureSys; /* unicos security flag */ 167 int SecureSys; /* unicos security flag */
157 int minslevel = 0; /* system minimum security level */ 168 int minslevel = 0; /* system minimum security level */
158 int i, j; 169 int i, j;
159 int valid_acct = -1; /* flag for reading valid acct */ 170 int valid_acct = -1; /* flag for reading valid acct */
160 char acct_name[MAXACID] = { "" }; /* used to read acct name */ 171 char acct_name[MAXACID] = { "" }; /* used to read acct name */
161 struct jtab jtab; /* Job table struct */ 172 struct jtab jtab; /* Job table struct */
162 struct udb ue; /* udb entry for logging-in user */ 173 struct udb ue; /* udb entry for logging-in user */
163 struct udb *up; /* pointer to UDB entry */ 174 struct udb *up; /* pointer to UDB entry */
164 struct secstat secinfo; /* file security attributes */ 175 struct secstat secinfo; /* file security attributes */
165 struct servprov init_info; /* used for sesscntl() call */ 176 struct servprov init_info; /* used for sesscntl() call */
166 int jid; /* job ID */ 177 int jid; /* job ID */
167 int pid; /* process ID */ 178 int pid; /* process ID */
168 char *sr; /* status return from setlimits() */ 179 char *sr; /* status return from setlimits() */
169 char *ttyn = NULL; /* ttyname or command name*/ 180 char *ttyn = NULL; /* ttyname or command name*/
170 char hostname[MAXHOSTNAMELEN]; 181 char hostname[MAXHOSTNAMELEN];
171 passwd_t pwdacm, 182 /* passwd stuff for ia_user */
172 pwddialup, 183 passwd_t pwdacm, pwddialup, pwdudb, pwdwal, pwddce;
173 pwdudb, 184 ia_user_ret_t uret; /* stuff returned from ia_user */
174 pwdwal, 185 ia_user_t usent /* ia_user main structure */
175 pwddce; /* passwd stuff for ia_user */ 186 int ia_rcode; /* ia_user return code */
176 ia_user_ret_t uret; /* stuff returned from ia_user */ 187 ia_failure_t fsent; /* ia_failure structure */
177 ia_user_t usent; /* ia_user main structure */
178 int ia_rcode; /* ia_user return code */
179 ia_failure_t fsent; /* ia_failure structure */
180 ia_failure_ret_t fret; /* ia_failure return stuff */ 188 ia_failure_ret_t fret; /* ia_failure return stuff */
181 ia_success_t ssent; /* ia_success structure */ 189 ia_success_t ssent; /* ia_success structure */
182 ia_success_ret_t sret; /* ia_success return stuff */ 190 ia_success_ret_t sret; /* ia_success return stuff */
183 int ia_mlsrcode; /* ia_mlsuser return code */ 191 int ia_mlsrcode; /* ia_mlsuser return code */
184 int secstatrc; /* [f]secstat return code */ 192 int secstatrc; /* [f]secstat return code */
185 193
186 if (SecureSys = (int)sysconf(_SC_CRAY_SECURE_SYS)) { 194 if (SecureSys = (int)sysconf(_SC_CRAY_SECURE_SYS)) {
187 getsysv(&sysv, sizeof(struct sysv)); 195 getsysv(&sysv, sizeof(struct sysv));
188 minslevel = sysv.sy_minlvl; 196 minslevel = sysv.sy_minlvl;
189 if (getusrv(&usrv) < 0) { 197 if (getusrv(&usrv) < 0)
190 debug("getusrv() failed, errno = %d",errno); 198 fatal("getusrv() failed, errno = %d", errno);
191 exit(1);
192 }
193 } 199 }
194 hostname[0] = '\0'; 200 hostname[0] = '\0';
195 strncpy(hostname, 201 strlcpy(hostname,
196 (char *)get_canonical_hostname(options.verify_reverse_mapping), 202 (char *)get_canonical_hostname(options.use_dns),
197 MAXHOSTNAMELEN); 203 MAXHOSTNAMELEN);
198 /* 204 /*
199 * Fetch user's UDB entry. 205 * Fetch user's UDB entry.
200 */ 206 */
201 getsysudb(); 207 getsysudb();
202 if ((up = getudbnam(username)) == UDB_NULL) { 208 if ((up = getudbnam(username)) == UDB_NULL)
203 debug("cannot fetch user's UDB entry"); 209 fatal("cannot fetch user's UDB entry");
204 exit(1); 210
205 } 211 /*
206 212 * Prevent any possible fudging so perform a data
207 /* 213 * safety check and compare the supplied uid against
208 * Prevent any possible fudging so perform a data 214 * the udb's uid.
209 * safety check and compare the supplied uid against 215 */
210 * the udb's uid. 216 if (up->ue_uid != uid)
211 */ 217 fatal("IA uid missmatch");
212 if (up->ue_uid != uid) {
213 debug("IA uid missmatch");
214 exit(1);
215 }
216 endudb(); 218 endudb();
217 219
218 if ((jid = getjtab (&jtab)) < 0) { 220 if ((jid = getjtab(&jtab)) < 0) {
219 debug("getjtab"); 221 debug("getjtab");
220 return -1; 222 return(-1);
221 } 223 }
222 pid = getpid(); 224 pid = getpid();
223 ttyn = ttyname(0); 225 ttyn = ttyname(0);
224 if (SecureSys) { 226 if (SecureSys) {
225 if (ttyn) { 227 if (ttyn != NULL)
226 secstatrc = secstat(ttyn, &secinfo); 228 secstatrc = secstat(ttyn, &secinfo);
227 } else { 229 else
228 secstatrc = fsecstat(1, &secinfo); 230 secstatrc = fsecstat(1, &secinfo);
229 } 231
230 if (secstatrc == 0) { 232 if (secstatrc == 0)
231 debug("[f]secstat() successful"); 233 debug("[f]secstat() successful");
232 } else { 234 else
233 debug("[f]secstat() error, rc = %d", secstatrc); 235 fatal("[f]secstat() error, rc = %d", secstatrc);
234 exit(1);
235 }
236 } 236 }
237 if ((ttyn == NULL) && ((char *)command != NULL)) 237 if ((ttyn == NULL) && ((char *)command != NULL))
238 ttyn = (char *)command; 238 ttyn = (char *)command;
239 /* 239 /*
240 * Initialize all structures to call ia_user 240 * Initialize all structures to call ia_user
241 */ 241 */
242 usent.revision = 0; 242 usent.revision = 0;
243 usent.uname = username; 243 usent.uname = username;
244 usent.host = hostname; 244 usent.host = hostname;
245 usent.ttyn = ttyn; 245 usent.ttyn = ttyn;
246 usent.caller = IA_SSHD; 246 usent.caller = IA_SSHD;
247 usent.pswdlist = &pwdacm; 247 usent.pswdlist = &pwdacm;
248 usent.ueptr = &ue; 248 usent.ueptr = &ue;
249 usent.flags = IA_INTERACTIVE | IA_FFLAG; 249 usent.flags = IA_INTERACTIVE | IA_FFLAG;
250 pwdacm.atype = IA_SECURID; 250 pwdacm.atype = IA_SECURID;
251 pwdacm.pwdp = NULL; 251 pwdacm.pwdp = NULL;
252 pwdacm.next = &pwdudb; 252 pwdacm.next = &pwdudb;
253 253
254 pwdudb.atype = IA_UDB; 254 pwdudb.atype = IA_UDB;
255 pwdudb.pwdp = NULL; 255 pwdudb.pwdp = NULL;
256 pwdudb.next = &pwddce; 256 pwdudb.next = &pwddce;
257 257
258 pwddce.atype = IA_DCE; 258 pwddce.atype = IA_DCE;
259 pwddce.pwdp = NULL; 259 pwddce.pwdp = NULL;
260 pwddce.next = &pwddialup; 260 pwddce.next = &pwddialup;
261 261
262 pwddialup.atype = IA_DIALUP; 262 pwddialup.atype = IA_DIALUP;
263 pwddialup.pwdp = NULL; 263 pwddialup.pwdp = NULL;
264 /* pwddialup.next = &pwdwal; */ 264 /* pwddialup.next = &pwdwal; */
265 pwddialup.next = NULL; 265 pwddialup.next = NULL;
266 266
267 pwdwal.atype = IA_WAL; 267 pwdwal.atype = IA_WAL;
268 pwdwal.pwdp = NULL; 268 pwdwal.pwdp = NULL;
269 pwdwal.next = NULL; 269 pwdwal.next = NULL;
270 270
271 uret.revision = 0; 271 uret.revision = 0;
272 uret.pswd = NULL; 272 uret.pswd = NULL;
273 uret.normal = 0; 273 uret.normal = 0;
274 274
275 ia_rcode = ia_user(&usent, &uret); 275 ia_rcode = ia_user(&usent, &uret);
276 276 switch (ia_rcode) {
277 switch (ia_rcode) { 277 /*
278 /* 278 * These are acceptable return codes from ia_user()
279 * These are acceptable return codes from ia_user() 279 */
280 */ 280 case IA_UDBWEEK: /* Password Expires in 1 week */
281 case IA_UDBWEEK: /* Password Expires in 1 week */ 281 expiration_time = ue.ue_pwage.time + ue.ue_pwage.maxage;
282 expiration_time = ue.ue_pwage.time + ue.ue_pwage.maxage; 282 printf ("WARNING - your current password will expire %s\n",
283 printf ("WARNING - your current password will expire %s\n", 283 ctime((const time_t *)&expiration_time));
284 ctime((const time_t *)&expiration_time)); 284 break;
285 break; 285 case IA_UDBEXPIRED:
286 case IA_UDBEXPIRED: 286 if (ttyname(0) != NULL) {
287 if (ttyname(0) != NULL) { 287 /* Force a password change */
288 /* Force a password change */ 288 printf("Your password has expired; Choose a new one.\n");
289 printf("Your password has expired; Choose a new one.\n"); 289 execl("/bin/passwd", "passwd", username, 0);
290 execl("/bin/passwd", "passwd", username, 0); 290 exit(9);
291 exit(9); 291 }
292 } 292 break;
293 293 case IA_NORMAL: /* Normal Return Code */
294 break; 294 break;
295 case IA_NORMAL: /* Normal Return Code */ 295 case IA_BACKDOOR:
296 break; 296 /* XXX: can we memset it to zero here so save some of this */
297 case IA_BACKDOOR: 297 strlcpy(ue.ue_name, "root", sizeof(ue.ue_name));
298 strcpy(ue.ue_name, "root"); 298 strlcpy(ue.ue_dir, "/", sizeof(ue.ue_dir));
299 strcpy(ue.ue_passwd, ""); 299 strlcpy(ue.ue_shell, "/bin/sh", sizeof(ue.ue_shell));
300 strcpy(ue.ue_dir, "/"); 300
301 strcpy(ue.ue_shell, "/bin/sh"); 301 ue.ue_passwd[0] = '\0';
302 strcpy(ue.ue_age, ""); 302 ue.ue_age[0] = '\0';
303 strcpy(ue.ue_comment, ""); 303 ue.ue_comment[0] = '\0';
304 strcpy(ue.ue_loghost, ""); 304 ue.ue_loghost[0] = '\0';
305 strcpy(ue.ue_logline, ""); 305 ue.ue_logline[0] = '\0';
306 ue.ue_uid=-1; 306
307 ue.ue_nice[UDBRC_INTER]=0; 307 ue.ue_uid = -1;
308 for (i=0;i<MAXVIDS;i++) 308 ue.ue_nice[UDBRC_INTER] = 0;
309 ue.ue_gids[i]=0; 309
310 ue.ue_logfails=0; 310 for (i = 0; i < MAXVIDS; i++)
311 ue.ue_minlvl=minslevel; 311 ue.ue_gids[i] = 0;
312 ue.ue_maxlvl=minslevel; 312
313 ue.ue_deflvl=minslevel; 313 ue.ue_logfails = 0;
314 ue.ue_defcomps=0; 314 ue.ue_minlvl = ue.ue_maxlvl = ue.ue_deflvl = minslevel;
315 ue.ue_comparts=0; 315 ue.ue_defcomps = 0;
316 ue.ue_permits=0; 316 ue.ue_comparts = 0;
317 ue.ue_trap=0; 317 ue.ue_permits = 0;
318 ue.ue_disabled=0; 318 ue.ue_trap = 0;
319 ue.ue_logtime=0; 319 ue.ue_disabled = 0;
320 break; 320 ue.ue_logtime = 0;
321 case IA_CONSOLE: /* Superuser not from Console */ 321 break;
322 case IA_TRUSTED: /* Trusted user */ 322 case IA_CONSOLE: /* Superuser not from Console */
323 if (options.permit_root_login > PERMIT_NO) 323 case IA_TRUSTED: /* Trusted user */
324 break; /* Accept root login */ 324 if (options.permit_root_login > PERMIT_NO)
325 default: 325 break; /* Accept root login */
326 /* 326 default:
327 * These are failed return codes from ia_user() 327 /*
328 */ 328 * These are failed return codes from ia_user()
329 switch (ia_rcode) 329 */
330 { 330 switch (ia_rcode)
331 case IA_BADAUTH: 331 {
332 printf ("Bad authorization, access denied.\n"); 332 case IA_BADAUTH:
333 break; 333 printf("Bad authorization, access denied.\n");
334 case IA_DIALUPERR: 334 break;
335 break; 335 case IA_DISABLED:
336 case IA_DISABLED: 336 printf("Your login has been disabled. Contact the system ");
337 printf ("Your login has been disabled. Contact the system "); 337 printf("administrator for assistance.\n");
338 printf ("administrator for assistance.\n"); 338 break;
339 break; 339 case IA_GETSYSV:
340 case IA_GETSYSV: 340 printf("getsysv() failed - errno = %d\n", errno);
341 printf ("getsysv() failed - errno = %d\n", errno); 341 break;
342 break; 342 case IA_MAXLOGS:
343 case IA_LOCALHOST: 343 printf("Maximum number of failed login attempts exceeded.\n");
344 break; 344 printf("Access denied.\n");
345 case IA_MAXLOGS: 345 break;
346 printf ("Maximum number of failed login attempts exceeded.\n"); 346 case IA_UDBPWDNULL:
347 printf ("Access denied.\n"); 347 if (SecureSys)
348 break; 348 printf("NULL Password not allowed on MLS systems.\n");
349 case IA_NOPASS: 349 break;
350 break; 350 default:
351 case IA_PUBLIC: 351 break;
352 break; 352 }
353 case IA_SECURIDERR: 353
354 break; 354 /*
355 case IA_CONSOLE: 355 * Authentication failed.
356 break; 356 */
357 case IA_TRUSTED: 357 printf("sshd: Login incorrect, (0%o)\n",
358 break; 358 ia_rcode-IA_ERRORCODE);
359 case IA_UDBERR: 359
360 break; 360 /*
361 case IA_UDBPWDNULL: 361 * Initialize structure for ia_failure
362 /* 362 * which will exit.
363 * NULL password not allowed on MLS systems 363 */
364 */ 364 fsent.revision = 0;
365 if (SecureSys) { 365 fsent.uname = username;
366 printf("NULL Password not allowed on MLS systems.\n"); 366 fsent.host = hostname;
367 } 367 fsent.ttyn = ttyn;
368 break; 368 fsent.caller = IA_SSHD;
369 case IA_UNKNOWN: 369 fsent.flags = IA_INTERACTIVE;
370 break; 370 fsent.ueptr = &ue;
371 case IA_UNKNOWNYP: 371 fsent.jid = jid;
372 break; 372 fsent.errcode = ia_rcode;
373 case IA_WALERR: 373 fsent.pwdp = uret.pswd;
374 break; 374 fsent.exitcode = 1;
375 default: 375
376 /* nothing special */ 376 fret.revision = 0;
377 ; 377 fret.normal = 0;
378 } /* 2. switch (ia_rcode) */ 378
379 /* 379 /*
380 * Authentication failed. 380 * Call ia_failure because of an IA failure.
381 */ 381 * There is no return because ia_failure exits.
382 printf("sshd: Login incorrect, (0%o)\n", 382 */
383 ia_rcode-IA_ERRORCODE); 383 ia_failure(&fsent, &fret);
384 384
385 /* 385 exit(1);
386 * Initialize structure for ia_failure 386 }
387 * which will exit. 387
388 */
389 fsent.revision = 0;
390 fsent.uname = username;
391 fsent.host = hostname;
392 fsent.ttyn = ttyn;
393 fsent.caller = IA_SSHD;
394 fsent.flags = IA_INTERACTIVE;
395 fsent.ueptr = &ue;
396 fsent.jid = jid;
397 fsent.errcode = ia_rcode;
398 fsent.pwdp = uret.pswd;
399 fsent.exitcode = 1;
400
401 fret.revision = 0;
402 fret.normal = 0;
403
404 /*
405 * Call ia_failure because of an IA failure.
406 * There is no return because ia_failure exits.
407 */
408
409 ia_failure(&fsent,&fret);
410
411 exit(1);
412 } /* 1. switch (ia_rcode) */
413 ia_mlsrcode = IA_NORMAL; 388 ia_mlsrcode = IA_NORMAL;
414 if (SecureSys) { 389 if (SecureSys) {
415 debug("calling ia_mlsuser()"); 390 debug("calling ia_mlsuser()");
416 ia_mlsrcode = ia_mlsuser (&ue, &secinfo, &usrv, NULL, 0); 391 ia_mlsrcode = ia_mlsuser(&ue, &secinfo, &usrv, NULL, 0);
417 } 392 }
418 if (ia_mlsrcode != IA_NORMAL) { 393 if (ia_mlsrcode != IA_NORMAL) {
419 printf("sshd: Login incorrect, (0%o)\n", 394 printf("sshd: Login incorrect, (0%o)\n",
420 ia_mlsrcode-IA_ERRORCODE); 395 ia_mlsrcode-IA_ERRORCODE);
421 /* 396 /*
422 * Initialize structure for ia_failure 397 * Initialize structure for ia_failure
423 * which will exit. 398 * which will exit.
424 */ 399 */
425 fsent.revision = 0; 400 fsent.revision = 0;
426 fsent.uname = username; 401 fsent.uname = username;
427 fsent.host = hostname; 402 fsent.host = hostname;
428 fsent.ttyn = ttyn; 403 fsent.ttyn = ttyn;
429 fsent.caller = IA_SSHD; 404 fsent.caller = IA_SSHD;
430 fsent.flags = IA_INTERACTIVE; 405 fsent.flags = IA_INTERACTIVE;
431 fsent.ueptr = &ue; 406 fsent.ueptr = &ue;
432 fsent.jid = jid; 407 fsent.jid = jid;
433 fsent.errcode = ia_mlsrcode; 408 fsent.errcode = ia_mlsrcode;
434 fsent.pwdp = uret.pswd; 409 fsent.pwdp = uret.pswd;
435 fsent.exitcode = 1; 410 fsent.exitcode = 1;
436 fret.revision = 0; 411 fret.revision = 0;
437 fret.normal = 0; 412 fret.normal = 0;
438 413
439 /* 414 /*
440 * Call ia_failure because of an IA failure. 415 * Call ia_failure because of an IA failure.
441 * There is no return because ia_failure exits. 416 * There is no return because ia_failure exits.
442 */ 417 */
443 ia_failure(&fsent,&fret); 418 ia_failure(&fsent,&fret);
444 exit(1); 419 exit(1);
445 } 420 }
446 421
447 /* Provide login status information */ 422 /* Provide login status information */
448 if (options.print_lastlog && ue.ue_logtime != 0) { 423 if (options.print_lastlog && ue.ue_logtime != 0) {
449 printf("Last successful login was : %.*s ", 424 printf("Last successful login was : %.*s ", 19,
450 19, (char *)ctime(&ue.ue_logtime)); 425 (char *)ctime(&ue.ue_logtime));
451 426
452 if (*ue.ue_loghost != '\0') 427 if (*ue.ue_loghost != '\0') {
453 printf("from %.*s\n", sizeof(ue.ue_loghost), ue.ue_loghost); 428 printf("from %.*s\n", sizeof(ue.ue_loghost),
454 429 ue.ue_loghost);
455 else printf("on %.*s\n", sizeof(ue.ue_logline), ue.ue_logline); 430 } else {
456 431 printf("on %.*s\n", sizeof(ue.ue_logline),
457 if ( SecureSys && (ue.ue_logfails != 0)) 432 ue.ue_logline);
458 printf(" followed by %d failed attempts\n", ue.ue_logfails); 433 }
459 } 434
460 435 if (SecureSys && (ue.ue_logfails != 0)) {
461 436 printf(" followed by %d failed attempts\n",
437 ue.ue_logfails);
438 }
439 }
440
462 /* 441 /*
463 * Call ia_success to process successful I/A. 442 * Call ia_success to process successful I/A.
464 */ 443 */
@@ -472,109 +451,116 @@ cray_setup (uid_t uid, char *username, const char *command)
472 ssent.jid = jid; 451 ssent.jid = jid;
473 ssent.errcode = ia_rcode; 452 ssent.errcode = ia_rcode;
474 ssent.us = NULL; 453 ssent.us = NULL;
475 ssent.time = 1; /* Set ue_logtime */ 454 ssent.time = 1; /* Set ue_logtime */
476 455
477 sret.revision = 0; 456 sret.revision = 0;
478 sret.normal = 0; 457 sret.normal = 0;
479 458
480 ia_success(&ssent,&sret); 459 ia_success(&ssent, &sret);
481 460
482 /* 461 /*
483 * Query for account, iff > 1 valid acid & askacid permbit 462 * Query for account, iff > 1 valid acid & askacid permbit
484 */ 463 */
485 if (((ue.ue_permbits & PERMBITS_ACCTID) || 464 if (((ue.ue_permbits & PERMBITS_ACCTID) ||
486 (ue.ue_acids[0] >= 0) && (ue.ue_acids[1] >= 0)) && 465 (ue.ue_acids[0] >= 0) && (ue.ue_acids[1] >= 0)) &&
487 ue.ue_permbits & PERMBITS_ASKACID) { 466 ue.ue_permbits & PERMBITS_ASKACID) {
488 if (ttyname(0) != NULL) { 467 if (ttyname(0) != NULL) {
489 debug("cray_setup: ttyname true case, %.100s", ttyname); 468 debug("cray_setup: ttyname true case, %.100s", ttyname);
490 while (valid_acct == -1) { 469 while (valid_acct == -1) {
491 printf("Account (? for available accounts)" 470 printf("Account (? for available accounts)"
492 " [%s]: ", acid2nam(ue.ue_acids[0])); 471 " [%s]: ", acid2nam(ue.ue_acids[0]));
493 gets(acct_name); 472 fgets(acct_name, MAXACID, stdin);
494 switch (acct_name[0]) { 473 switch (acct_name[0]) {
495 case EOF: 474 case EOF:
496 exit(0); 475 exit(0);
497 break; 476 break;
498 case '\0': 477 case '\0':
499 valid_acct = ue.ue_acids[0]; 478 valid_acct = ue.ue_acids[0];
500 strcpy(acct_name, acid2nam(valid_acct)); 479 strlcpy(acct_name, acid2nam(valid_acct), MAXACID);
501 break; 480 break;
502 case '?': 481 case '?':
503 /* Print the list 3 wide */ 482 /* Print the list 3 wide */
504 for (i = 0, j = 0; i < MAXVIDS; i++) { 483 for (i = 0, j = 0; i < MAXVIDS; i++) {
505 if (ue.ue_acids[i] == -1) { 484 if (ue.ue_acids[i] == -1) {
506 printf("\n"); 485 printf("\n");
507 break; 486 break;
508 } 487 }
509 if (++j == 4) { 488 if (++j == 4) {
510 j = 1; 489 j = 1;
511 printf("\n"); 490 printf("\n");
512 } 491 }
513 printf(" %s", 492 printf(" %s",
514 acid2nam(ue.ue_acids[i])); 493 acid2nam(ue.ue_acids[i]));
515 } 494 }
516 if (ue.ue_permbits & PERMBITS_ACCTID) 495 if (ue.ue_permbits & PERMBITS_ACCTID) {
517 printf("\"acctid\" permbit also allows" 496 printf("\"acctid\" permbit also allows"
518 " you to select any valid " 497 " you to select any valid "
519 "account name.\n"); 498 "account name.\n");
520 printf("\n"); 499 }
521 break; 500 printf("\n");
522 default: 501 break;
523 if ((valid_acct = nam2acid(acct_name)) == -1) printf("Account id not found for" 502 default:
524 " account name \"%s\"\n\n", 503 valid_acct = nam2acid(acct_name);
525 acct_name); 504 if (valid_acct == -1) {
526 break; 505 printf(
527 } 506 "Account id not found for"
528 /* 507 " account name \"%s\"\n\n",
529 * If an account was given, search the user's 508 acct_name);
530 * acids array to verify they can use this account. 509 break;
531 */ 510 }
532 if ((valid_acct != -1) && 511 /*
533 !(ue.ue_permbits & PERMBITS_ACCTID)) { 512 * If an account was given, search the user's
534 for (i = 0; i < MAXVIDS; i++) { 513 * acids array to verify they can use this account.
535 if (ue.ue_acids[i] == -1) 514 */
536 break; 515 if ((valid_acct != -1) &&
537 if (valid_acct == ue.ue_acids[i]) 516 !(ue.ue_permbits & PERMBITS_ACCTID)) {
538 break; 517 for (i = 0; i < MAXVIDS; i++) {
539 } 518 if (ue.ue_acids[i] == -1)
540 if (i == MAXVIDS || 519 break;
541 ue.ue_acids[i] == -1) { 520 if (valid_acct == ue.ue_acids[i])
542 fprintf(stderr, "Cannot set" 521 break;
543 " account name to " 522 }
544 "\"%s\", permission " 523 if (i == MAXVIDS ||
545 "denied\n\n", acct_name); 524 ue.ue_acids[i] == -1) {
546 valid_acct = -1; 525 fprintf(stderr, "Cannot set"
547 } 526 " account name to "
548 } 527 "\"%s\", permission "
549 } 528 "denied\n\n", acct_name);
529 valid_acct = -1;
530 }
531 }
532 }
533 } else {
534 /*
535 * The client isn't connected to a terminal and can't
536 * respond to an acid prompt. Use default acid.
537 */
538 debug("cray_setup: ttyname false case, %.100s",
539 ttyname);
540 valid_acct = ue.ue_acids[0];
541 }
550 } else { 542 } else {
551 /* 543 /*
552 * The client isn't connected to a terminal and can't 544 * The user doesn't have the askacid permbit set or
553 * respond to an acid prompt. Use default acid. 545 * only has one valid account to use.
554 */ 546 */
555 debug("cray_setup: ttyname false case, %.100s", ttyname);
556 valid_acct = ue.ue_acids[0]; 547 valid_acct = ue.ue_acids[0];
557 } 548 }
558 } else { 549 if (acctid(0, valid_acct) < 0) {
559 /* 550 printf ("Bad account id: %d\n", valid_acct);
560 * The user doesn't have the askacid permbit set or 551 exit(1);
561 * only has one valid account to use. 552 }
562 */ 553
563 valid_acct = ue.ue_acids[0]; 554 /*
564 } 555 * Now set shares, quotas, limits, including CPU time for the
565 if (acctid(0, valid_acct) < 0) { 556 * (interactive) job and process, and set up permissions
566 printf ("Bad account id: %d\n", valid_acct); 557 * (for chown etc), etc.
567 exit(1); 558 */
568 }
569
570/* set up shares and quotas */
571/* Now set shares, quotas, limits, including CPU time for the (interactive)
572 * job and process, and set up permissions (for chown etc), etc.
573 */
574 if (setshares(ue.ue_uid, valid_acct, printf, 0, 0)) { 559 if (setshares(ue.ue_uid, valid_acct, printf, 0, 0)) {
575 printf("Unable to give %d shares to <%s>(%d/%d)\n", ue.ue_shares, ue.ue_name, ue.ue_uid, valid_acct); 560 printf("Unable to give %d shares to <%s>(%d/%d)\n",
561 ue.ue_shares, ue.ue_name, ue.ue_uid, valid_acct);
576 exit(1); 562 exit(1);
577 } 563 }
578 564
579 sr = setlimits(username, C_PROC, pid, UDBRC_INTER); 565 sr = setlimits(username, C_PROC, pid, UDBRC_INTER);
580 if (sr != NULL) { 566 if (sr != NULL) {
@@ -587,17 +573,15 @@ cray_setup (uid_t uid, char *username, const char *command)
587 exit(1); 573 exit(1);
588 } 574 }
589 /* 575 /*
590 * Place the service provider information into 576 * Place the service provider information into
591 * the session table (Unicos) or job table (Unicos/mk). 577 * the session table (Unicos) or job table (Unicos/mk).
592 * There exist double defines for the job/session table in 578 * There exist double defines for the job/session table in
593 * unicos/mk (jtab.h) so no need for a compile time switch. 579 * unicos/mk (jtab.h) so no need for a compile time switch.
594 */ 580 */
595 bzero((char *)&init_info, sizeof(struct servprov)); 581 memset(&init_info, '\0', sizeof(init_info));
596 init_info.s_sessinit.si_id = URM_SPT_LOGIN; 582 init_info.s_sessinit.si_id = URM_SPT_LOGIN;
597 init_info.s_sessinit.si_pid = getpid(); 583 init_info.s_sessinit.si_pid = getpid();
598 init_info.s_sessinit.si_sid = jid; 584 init_info.s_sessinit.si_sid = jid;
599 init_info.s_routing.seqno = 0;
600 init_info.s_routing.iadrs = 0;
601 sesscntl(0, S_SETSERVPO, (int)&init_info); 585 sesscntl(0, S_SETSERVPO, (int)&init_info);
602 586
603 /* 587 /*
@@ -610,7 +594,7 @@ cray_setup (uid_t uid, char *username, const char *command)
610 } 594 }
611 } 595 }
612 596
613 return(0); 597 return (0);
614} 598}
615 599
616/* 600/*
@@ -623,10 +607,10 @@ void
623drop_cray_privs() 607drop_cray_privs()
624{ 608{
625#if defined(_SC_CRAY_PRIV_SU) 609#if defined(_SC_CRAY_PRIV_SU)
626 priv_proc_t* privstate; 610 priv_proc_t *privstate;
627 int result; 611 int result;
628 extern int priv_set_proc(); 612 extern int priv_set_proc();
629 extern priv_proc_t* priv_init_proc(); 613 extern priv_proc_t *priv_init_proc();
630 614
631 /* 615 /*
632 * If ether of theses two flags are not set 616 * If ether of theses two flags are not set
@@ -654,15 +638,17 @@ drop_cray_privs()
654 usrv.sv_intcat = TFM_SYSTEM; 638 usrv.sv_intcat = TFM_SYSTEM;
655 usrv.sv_valcat |= (TFM_SYSTEM | TFM_SYSFILE); 639 usrv.sv_valcat |= (TFM_SYSTEM | TFM_SYSFILE);
656 640
657 if (setusrv(&usrv) < 0) 641 if (setusrv(&usrv) < 0) {
658 fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__, 642 fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__,
659 strerror(errno)); 643 strerror(errno));
644 }
660 645
661 if ((privstate = priv_init_proc()) != NULL) { 646 if ((privstate = priv_init_proc()) != NULL) {
662 result = priv_set_proc(privstate); 647 result = priv_set_proc(privstate);
663 if (result != 0 ) 648 if (result != 0 ) {
664 fatal("%s(%d): priv_set_proc(): %s", 649 fatal("%s(%d): priv_set_proc(): %s",
665 __FILE__, __LINE__, strerror(errno)); 650 __FILE__, __LINE__, strerror(errno));
651 }
666 priv_free_proc(privstate); 652 priv_free_proc(privstate);
667 } 653 }
668 debug ("Privileges should be cleared..."); 654 debug ("Privileges should be cleared...");
@@ -683,6 +669,7 @@ cray_retain_utmp(struct utmp *ut, int pid)
683 struct utmp utmp; 669 struct utmp utmp;
684 670
685 if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) { 671 if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) {
672 /* XXX use atomicio */
686 while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) { 673 while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) {
687 if (pid == utmp.ut_pid) { 674 if (pid == utmp.ut_pid) {
688 ut->ut_jid = utmp.ut_jid; 675 ut->ut_jid = utmp.ut_jid;
@@ -693,9 +680,8 @@ cray_retain_utmp(struct utmp *ut, int pid)
693 } 680 }
694 } 681 }
695 close(fd); 682 close(fd);
696 } 683 } else
697 else 684 fatal("Unable to open utmp file");
698 fatal("Unable to open utmp file");
699} 685}
700 686
701/* 687/*
@@ -708,11 +694,9 @@ cray_retain_utmp(struct utmp *ut, int pid)
708void 694void
709cray_delete_tmpdir(char *login, int jid, uid_t uid) 695cray_delete_tmpdir(char *login, int jid, uid_t uid)
710{ 696{
711 int child;
712 static char jtmp[TPATHSIZ]; 697 static char jtmp[TPATHSIZ];
713 struct stat statbuf; 698 struct stat statbuf;
714 int c; 699 int child, c, wstat;
715 int wstat;
716 700
717 for (c = 'a'; c <= 'z'; c++) { 701 for (c = 'a'; c <= 'z'; c++) {
718 snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c); 702 snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c);
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-06 23:41:22 +0000