From 99a4e14fe0615c0f8a404aec0db42feb98451eb9 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Tue, 9 Jul 2002 14:06:40 +0000 Subject: - (bal) NO_IPPORT_RESERVED_CONCEPT used instead of CYGWIN so other platforms lacking that concept can share it. Patch by vinschen@redhat.com --- serverloop.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'serverloop.c') diff --git a/serverloop.c b/serverloop.c index 134921355..912f62501 100644 --- a/serverloop.c +++ b/serverloop.c @@ -972,8 +972,11 @@ server_input_global_request(int type, u_int32_t seq, void *ctxt) /* check permissions */ if (!options.allow_tcp_forwarding || - no_port_forwarding_flag || - (listen_port < IPPORT_RESERVED && pw->pw_uid != 0)) { + no_port_forwarding_flag +#ifndef NO_IPPORT_RESERVED_CONCEPT + || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0) +#endif + ) { success = 0; packet_send_debug("Server has disabled port forwarding."); } else { -- cgit v1.2.3 From 16aed055787953630641d7b0aa4c1f6cf3a6269f Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Sun, 22 Sep 2002 01:26:27 +1000 Subject: - stevesk@cvs.openbsd.org 2002/09/19 16:03:15 [serverloop.c] log IP address also; ok markus@ --- ChangeLog | 5 ++++- serverloop.c | 10 +++++++--- 2 files changed, 11 insertions(+), 4 deletions(-) (limited to 'serverloop.c') diff --git a/ChangeLog b/ChangeLog index 82415d2ef..0e2c2ba3a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ - markus@cvs.openbsd.org 2002/09/19 15:51:23 [ssh-add.c] typo; cd@kalkatraz.de + - stevesk@cvs.openbsd.org 2002/09/19 16:03:15 + [serverloop.c] + log IP address also; ok markus@ 20020919 - (djm) OpenBSD CVS Sync @@ -686,4 +689,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2473 2002/09/21 15:26:00 djm Exp $ +$Id: ChangeLog,v 1.2474 2002/09/21 15:26:27 djm Exp $ diff --git a/serverloop.c b/serverloop.c index 912f62501..5112de680 100644 --- a/serverloop.c +++ b/serverloop.c @@ -35,13 +35,14 @@ */ #include "includes.h" -RCSID("$OpenBSD: serverloop.c,v 1.103 2002/06/24 14:33:27 markus Exp $"); +RCSID("$OpenBSD: serverloop.c,v 1.104 2002/09/19 16:03:15 stevesk Exp $"); #include "xmalloc.h" #include "packet.h" #include "buffer.h" #include "log.h" #include "servconf.h" +#include "canohost.h" #include "sshpty.h" #include "channels.h" #include "compat.h" @@ -347,14 +348,17 @@ process_input(fd_set * readset) if (FD_ISSET(connection_in, readset)) { len = read(connection_in, buf, sizeof(buf)); if (len == 0) { - verbose("Connection closed by remote host."); + verbose("Connection closed by %.100s", + get_remote_ipaddr()); connection_closed = 1; if (compat20) return; fatal_cleanup(); } else if (len < 0) { if (errno != EINTR && errno != EAGAIN) { - verbose("Read error from remote host: %.100s", strerror(errno)); + verbose("Read error from remote host " + "%.100s: %.100s", + get_remote_ipaddr(), strerror(errno)); fatal_cleanup(); } } else { -- cgit v1.2.3 From 81ed518b9b888502cc57b23c02c47634ca508748 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Wed, 25 Sep 2002 17:38:46 -0700 Subject: Cray fixes (bug 367) based on patch from Wendy Palm @ cray. This does not include the deattack.c fixes. --- ChangeLog | 4 +++- acconfig.h | 5 ++++- auth1.c | 9 +++++++++ auth2.c | 11 +++++++++++ configure.ac | 7 ++++--- defines.h | 14 +++++++------- includes.h | 8 ++++++++ loginrec.c | 6 +++--- openbsd-compat/bsd-cray.c | 4 ++-- openbsd-compat/bsd-cray.h | 4 ++-- serverloop.c | 2 ++ session.c | 27 ++++++++++++++++++++++++++- sshd.c | 2 +- sshpty.c | 8 ++++---- 14 files changed, 86 insertions(+), 25 deletions(-) (limited to 'serverloop.c') diff --git a/ChangeLog b/ChangeLog index a42c010af..24074d183 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20020925 - (bal) Fix issue where successfull login does not clear failure counts in AIX. Patch by dtucker@zip.com.au ok by djm + - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray. + This does not include the deattack.c fixes. 20020923 - (djm) OpenBSD CVS Sync @@ -719,4 +721,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2481 2002/09/25 23:14:14 mouring Exp $ +$Id: ChangeLog,v 1.2482 2002/09/26 00:38:46 tim Exp $ diff --git a/acconfig.h b/acconfig.h index f8fc650d7..3e058f3ea 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.144 2002/07/14 20:36:50 tim Exp $ */ +/* $Id: acconfig.h,v 1.145 2002/09/26 00:38:48 tim Exp $ */ #ifndef _CONFIG_H #define _CONFIG_H @@ -150,6 +150,9 @@ /* Define if you don't want to use lastlog */ #undef DISABLE_LASTLOG +/* Define if you don't want to use lastlog in session.c */ +#undef NO_SSH_LASTLOG + /* Define if you don't want to use utmp */ #undef DISABLE_UTMP diff --git a/auth1.c b/auth1.c index 4d2b92a22..676c8a667 100644 --- a/auth1.c +++ b/auth1.c @@ -304,6 +304,15 @@ do_authloop(Authctxt *authctxt) fatal("INTERNAL ERROR: authenticated invalid user %s", authctxt->user); +#ifdef _UNICOS + if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated) + cray_login_failure(authctxt->user, IA_UDBERR); + if (authenticated && cray_access_denied(authctxt->user)) { + authenticated = 0; + fatal("Access denied for user %s.",authctxt->user); + } +#endif /* _UNICOS */ + #ifdef HAVE_CYGWIN if (authenticated && !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { diff --git a/auth2.c b/auth2.c index 1cb9769ff..17c58552a 100644 --- a/auth2.c +++ b/auth2.c @@ -216,6 +216,13 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) authenticated = 0; #endif /* USE_PAM */ +#ifdef _UNICOS + if (authenticated && cray_access_denied(authctxt->user)) { + authenticated = 0; + fatal("Access denied for user %s.",authctxt->user); + } +#endif /* _UNICOS */ + /* Log before sending the reply */ auth_log(authctxt, authenticated, method, " ssh2"); @@ -235,6 +242,10 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) if (authctxt->failures++ > AUTH_FAIL_MAX) { packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } +#ifdef _UNICOS + if (strcmp(method, "password") == 0) + cray_login_failure(authctxt->user, IA_UDBERR); +#endif /* _UNICOS */ methods = authmethods_get(); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); diff --git a/configure.ac b/configure.ac index f88d993e6..5fe50e56b 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.88 2002/09/23 23:54:12 tim Exp $ +# $Id: configure.ac,v 1.89 2002/09/26 00:38:47 tim Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -303,6 +303,7 @@ mips-sony-bsd|mips-sony-newsos4) no_libnsl=1 AC_DEFINE(USE_PIPES) AC_DEFINE(DISABLE_FD_PASSING) + AC_DEFINE(NO_SSH_LASTLOG) LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" MANTYPE=cat @@ -376,14 +377,14 @@ AC_ARG_WITH(libs, # Checks for header files. AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \ - getopt.h glob.h lastlog.h limits.h login.h \ + getopt.h glob.h ia.h lastlog.h limits.h login.h \ login_cap.h maillock.h netdb.h netgroup.h \ netinet/in_systm.h paths.h pty.h readpassphrase.h \ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ sys/mman.h sys/select.h sys/stat.h \ sys/stropts.h sys/sysmacros.h sys/time.h \ - sys/un.h time.h ttyent.h usersec.h \ + sys/un.h time.h tmpdir.h ttyent.h usersec.h \ util.h utime.h utmp.h utmpx.h) # Checks for libraries. diff --git a/defines.h b/defines.h index 42b12e9a4..ab19a077c 100644 --- a/defines.h +++ b/defines.h @@ -1,7 +1,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.95 2002/08/21 02:54:12 mouring Exp $ */ +/* $Id: defines.h,v 1.96 2002/09/26 00:38:48 tim Exp $ */ /* Constants */ @@ -124,7 +124,7 @@ typedef char int8_t; # if (SIZEOF_SHORT_INT == 2) typedef short int int16_t; # else -# if defined(_CRAY) && !defined(_CRAYSV2) +# ifdef _UNICOS # if (SIZEOF_SHORT_INT == 4) typedef short int16_t; # else @@ -132,16 +132,16 @@ typedef long int16_t; # endif # else # error "16 bit int type not found." -# endif /* _CRAY */ +# endif /* _UNICOS */ # endif # if (SIZEOF_INT == 4) typedef int int32_t; # else -# if defined(_CRAY) && !defined(_CRAYSV2) +# ifdef _UNICOS typedef long int32_t; # else # error "32 bit int type not found." -# endif /* _CRAY */ +# endif /* _UNICOS */ # endif #endif @@ -161,7 +161,7 @@ typedef unsigned char u_int8_t; # if (SIZEOF_SHORT_INT == 2) typedef unsigned short int u_int16_t; # else -# if defined(_CRAY) && !defined(_CRAYSV2) +# ifdef _UNICOS # if (SIZEOF_SHORT_INT == 4) typedef unsigned short u_int16_t; # else @@ -174,7 +174,7 @@ typedef unsigned long u_int16_t; # if (SIZEOF_INT == 4) typedef unsigned int u_int32_t; # else -# if defined(_CRAY) && !defined(_CRAYSV2) +# ifdef _UNICOS typedef unsigned long u_int32_t; # else # error "32 bit int type not found." diff --git a/includes.h b/includes.h index f6aa2ae67..d7b875c52 100644 --- a/includes.h +++ b/includes.h @@ -149,6 +149,14 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } # include #endif +#ifdef HAVE_IA_H +# include +#endif + +#ifdef HAVE_TMPDIR_H +# include +#endif + #include /* For OPENSSL_VERSION_NUMBER */ #include "defines.h" diff --git a/loginrec.c b/loginrec.c index 6dc608a4e..02c3106a3 100644 --- a/loginrec.c +++ b/loginrec.c @@ -163,7 +163,7 @@ #include "log.h" #include "atomicio.h" -RCSID("$Id: loginrec.c,v 1.43 2002/07/22 23:34:25 mouring Exp $"); +RCSID("$Id: loginrec.c,v 1.44 2002/09/26 00:38:49 tim Exp $"); #ifdef HAVE_UTIL_H # include @@ -622,13 +622,13 @@ construct_utmp(struct logininfo *li, switch (li->type) { case LTYPE_LOGIN: ut->ut_type = USER_PROCESS; -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS cray_set_tmpdir(ut); #endif break; case LTYPE_LOGOUT: ut->ut_type = DEAD_PROCESS; -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS cray_retain_utmp(ut, li->pid); #endif break; diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c index 8a14b0807..edb3112b3 100644 --- a/openbsd-compat/bsd-cray.c +++ b/openbsd-compat/bsd-cray.c @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.c,v 1.7 2002/07/23 21:00:18 mouring Exp $ + * $Id: bsd-cray.c,v 1.8 2002/09/26 00:38:51 tim Exp $ * * bsd-cray.c * @@ -34,7 +34,7 @@ * on UNICOS systems. * */ -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS #include #include diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h index 0b75b2268..8868b4364 100644 --- a/openbsd-compat/bsd-cray.h +++ b/openbsd-compat/bsd-cray.h @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.h,v 1.4 2002/07/23 21:00:18 mouring Exp $ + * $Id: bsd-cray.h,v 1.5 2002/09/26 00:38:51 tim Exp $ * * bsd-cray.h * @@ -37,7 +37,7 @@ #ifndef _BSD_CRAY_H #define _BSD_CRAY_H -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS void cray_init_job(struct passwd *); /* init cray job */ void cray_job_termination_handler(int); /* process end of job signal */ void cray_login_failure(char *username, int errcode); diff --git a/serverloop.c b/serverloop.c index 5112de680..58e20dfb9 100644 --- a/serverloop.c +++ b/serverloop.c @@ -144,7 +144,9 @@ sigchld_handler(int sig) int save_errno = errno; debug("Received SIGCHLD."); child_terminated = 1; +#ifndef _UNICOS mysignal(SIGCHLD, sigchld_handler); +#endif notify_parent(); errno = save_errno; } diff --git a/session.c b/session.c index 0ccd2006d..9074525a4 100644 --- a/session.c +++ b/session.c @@ -512,10 +512,17 @@ do_exec_no_pty(Session *s, const char *command) perror("dup2 stderr"); #endif /* USE_PIPES */ +#ifdef _UNICOS + cray_init_job(s->pw); /* set up cray jid and tmpdir */ +#endif + /* Do processing for the child (exec command etc). */ do_child(s, command); /* NOTREACHED */ } +#ifdef _UNICOS + signal(WJSIGNAL, cray_job_termination_handler); +#endif /* _UNICOS */ #ifdef HAVE_CYGWIN if (is_winnt) cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); @@ -603,8 +610,12 @@ do_exec_pty(Session *s, const char *command) /* record login, etc. similar to login(1) */ #ifndef HAVE_OSF_SIA - if (!(options.use_login && command == NULL)) + if (!(options.use_login && command == NULL)) { +#ifdef _UNICOS + cray_init_job(s->pw); /* set up cray jid and tmpdir */ +#endif /* _UNICOS */ do_login(s, command); + } # ifdef LOGIN_NEEDS_UTMPX else do_pre_login(s); @@ -615,6 +626,9 @@ do_exec_pty(Session *s, const char *command) do_child(s, command); /* NOTREACHED */ } +#ifdef _UNICOS + signal(WJSIGNAL, cray_job_termination_handler); +#endif /* _UNICOS */ #ifdef HAVE_CYGWIN if (is_winnt) cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); @@ -755,6 +769,7 @@ do_login(Session *s, const char *command) printf("%s\n", aixloginmsg); #endif /* WITH_AIXAUTHENTICATE */ +#ifndef NO_SSH_LASTLOG if (options.print_lastlog && s->last_login_time != 0) { time_string = ctime(&s->last_login_time); if (strchr(time_string, '\n')) @@ -765,6 +780,7 @@ do_login(Session *s, const char *command) printf("Last login: %s from %s\r\n", time_string, s->hostname); } +#endif /* NO_SSH_LASTLOG */ do_motd(); } @@ -1024,6 +1040,11 @@ do_setup_env(Session *s, const char *shell) child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command); +#ifdef _UNICOS + if (cray_tmpdir[0] != '\0') + child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); +#endif /* _UNICOS */ + #ifdef _AIX { char *cp; @@ -1275,6 +1296,10 @@ do_child(Session *s, const char *command) if (options.use_login && command != NULL) options.use_login = 0; +#ifdef _UNICOS + cray_setup(pw->pw_uid, pw->pw_name, command); +#endif /* _UNICOS */ + /* * Login(1) does this as well, and it needs uid 0 for the "-h" * switch, so we let login(1) to this for us. diff --git a/sshd.c b/sshd.c index 17f001669..37026dc2e 100644 --- a/sshd.c +++ b/sshd.c @@ -940,7 +940,7 @@ main(int ac, char **av) SYSLOG_FACILITY_AUTH : options.log_facility, !inetd_flag); -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS /* Cray can define user privs drop all prives now! * Not needed on PRIV_SU systems! */ diff --git a/sshpty.c b/sshpty.c index e3027ca2e..28d0e310c 100644 --- a/sshpty.c +++ b/sshpty.c @@ -162,7 +162,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) } return 1; #else /* HAVE_DEV_PTS_AND_PTC */ -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS char buf[64]; int i; int highpty; @@ -268,7 +268,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) void *old; #endif /* USE_VHANGUP */ -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS if (setsid() < 0) error("setsid: %.100s", strerror(errno)); @@ -290,7 +290,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) error("%.100s: %.100s", ttyname, strerror(errno)); close(*ttyfd); *ttyfd = fd; -#else /* _CRAY */ +#else /* _UNICOS */ /* First disconnect from the old controlling tty. */ #ifdef TIOCNOTTY @@ -345,7 +345,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) strerror(errno)); else close(fd); -#endif /* _CRAY */ +#endif /* _UNICOS */ } /* Changes the window size associated with the pty. */ -- cgit v1.2.3