11305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 21305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * $Id: bsd-cray.c,v 1.17 2007/08/15 09:17:43 dtucker Exp $ 31305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 41305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * bsd-cray.c 51305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 61305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Copyright (c) 2002, Cray Inc. (Wendy Palm <wendyp@cray.com>) 71305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Significant portions provided by 81305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Wayne Schroeder, SDSC <schroeder@sdsc.edu> 91305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * William Jones, UTexas <jones@tacc.utexas.edu> 101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Redistribution and use in source and binary forms, with or without 121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * modification, are permitted provided that the following conditions 131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * are met: 141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 1. Redistributions of source code must retain the above copyright 151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * notice, this list of conditions and the following disclaimer. 161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 2. Redistributions in binary form must reproduce the above copyright 171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * notice, this list of conditions and the following disclaimer in the 181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * documentation and/or other materials provided with the distribution. 191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Created: Apr 22 16.34:00 2002 wp 321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * This file contains functions required for proper execution 341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * on UNICOS systems. 351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * 361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef _UNICOS 381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <udb.h> 401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <tmpdir.h> 411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <unistd.h> 421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/category.h> 431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <utmp.h> 441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/jtab.h> 451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <signal.h> 461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/priv.h> 471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/secparm.h> 481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/tfm.h> 491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/usrv.h> 501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/sysv.h> 511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/sectab.h> 521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/secstat.h> 531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/stat.h> 541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <sys/session.h> 551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <stdarg.h> 561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <stdlib.h> 571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <string.h> 581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <unistd.h> 591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <pwd.h> 601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <fcntl.h> 611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <errno.h> 621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <ia.h> 631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <urm.h> 641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "ssh.h" 651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "includes.h" 671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "sys/types.h" 681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifndef HAVE_STRUCT_SOCKADDR_STORAGE 701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# define _SS_MAXSIZE 128 /* Implementation specific max size */ 711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) 721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# define ss_family ss_sa.sa_family 741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ 751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifndef IN6_IS_ADDR_LOOPBACK 771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# define IN6_IS_ADDR_LOOPBACK(a) \ 781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood (((u_int32_t *) (a))[0] == 0 && ((u_int32_t *) (a))[1] == 0 && \ 791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ((u_int32_t *) (a))[2] == 0 && ((u_int32_t *) (a))[3] == htonl (1)) 801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif /* !IN6_IS_ADDR_LOOPBACK */ 811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifndef AF_INET6 831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* Define it to something that should never appear */ 841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define AF_INET6 AF_MAX 851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "log.h" 881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "servconf.h" 891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include "bsd-cray.h" 901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#define MAXACID 80 921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodextern ServerOptions options; 941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodchar cray_tmpdir[TPATHSIZ + 1]; /* job TMPDIR path */ 961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstruct sysv sysv; /* system security structure */ 981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodstruct usrv usrv; /* user security structure */ 991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 1011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Functions. 1021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 1031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid cray_retain_utmp(struct utmp *, int); 1041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid cray_delete_tmpdir(char *, int, uid_t); 1051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid cray_init_job(struct passwd *); 1061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid cray_set_tmpdir(struct utmp *); 1071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid cray_login_failure(char *, int); 1081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint cray_setup(uid_t, char *, const char *); 1091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint cray_access_denied(char *); 1101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 1121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcray_login_failure(char *username, int errcode) 1131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 1141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct udb *ueptr; /* UDB pointer for username */ 1151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_failure_t fsent; /* ia_failure structure */ 1161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_failure_ret_t fret; /* ia_failure return stuff */ 1171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct jtab jtab; /* job table structure */ 1181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int jid = 0; /* job id */ 1191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((jid = getjtab(&jtab)) < 0) 1211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("cray_login_failure(): getjtab error"); 1221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood getsysudb(); 1241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((ueptr = getudbnam(username)) == UDB_NULL) 1251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("cray_login_failure(): getudbname() returned NULL"); 1261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood endudb(); 1271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood memset(&fsent, '\0', sizeof(fsent)); 1291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.revision = 0; 1301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.uname = username; 1311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.host = (char *)get_canonical_hostname(options.use_dns); 1321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.ttyn = "sshd"; 1331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.caller = IA_SSHD; 1341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.flags = IA_INTERACTIVE; 1351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.ueptr = ueptr; 1361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.jid = jid; 1371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.errcode = errcode; 1381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.pwdp = NULL; 1391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.exitcode = 0; /* dont exit in ia_failure() */ 1401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fret.revision = 0; 1421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fret.normal = 0; 1431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 1451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Call ia_failure because of an login failure. 1461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 1471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_failure(&fsent, &fret); 1481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 1491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 1511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Cray access denied 1521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 1531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint 1541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcray_access_denied(char *username) 1551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 1561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct udb *ueptr; /* UDB pointer for username */ 1571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int errcode; /* IA errorcode */ 1581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood errcode = 0; 1601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood getsysudb(); 1611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((ueptr = getudbnam(username)) == UDB_NULL) 1621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("cray_login_failure(): getudbname() returned NULL"); 1631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood endudb(); 1641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (ueptr != NULL && ueptr->ue_disabled) 1661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood errcode = IA_DISABLED; 1671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (errcode) 1681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood cray_login_failure(username, errcode); 1691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return (errcode); 1711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 1721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 1741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * record_failed_login: generic "login failed" interface function 1751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 1761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 1771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodrecord_failed_login(const char *user, const char *hostname, const char *ttyname) 1781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 1791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood cray_login_failure((char *)user, IA_UDBERR); 1801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 1811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodint 1831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcray_setup (uid_t uid, char *username, const char *command) 1841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 1851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood extern struct udb *getudb(); 1861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood extern char *setlimits(); 1871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 1881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int err; /* error return */ 1891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood time_t system_time; /* current system clock */ 1901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood time_t expiration_time; /* password expiration time */ 1911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int maxattempts; /* maximum no. of failed login attempts */ 1921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int SecureSys; /* unicos security flag */ 1931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int minslevel = 0; /* system minimum security level */ 1941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int i, j; 1951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int valid_acct = -1; /* flag for reading valid acct */ 1961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char acct_name[MAXACID] = { "" }; /* used to read acct name */ 1971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct jtab jtab; /* Job table struct */ 1981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct udb ue; /* udb entry for logging-in user */ 1991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct udb *up; /* pointer to UDB entry */ 2001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct secstat secinfo; /* file security attributes */ 2011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct servprov init_info; /* used for sesscntl() call */ 2021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int jid; /* job ID */ 2031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int pid; /* process ID */ 2041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *sr; /* status return from setlimits() */ 2051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *ttyn = NULL; /* ttyname or command name*/ 2061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char hostname[MAXHOSTNAMELEN]; 2071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* passwd stuff for ia_user */ 2081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood passwd_t pwdacm, pwddialup, pwdudb, pwdwal, pwddce; 2091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_user_ret_t uret; /* stuff returned from ia_user */ 2101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_user_t usent; /* ia_user main structure */ 2111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int ia_rcode; /* ia_user return code */ 2121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_failure_t fsent; /* ia_failure structure */ 2131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_failure_ret_t fret; /* ia_failure return stuff */ 2141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_success_t ssent; /* ia_success structure */ 2151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_success_ret_t sret; /* ia_success return stuff */ 2161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int ia_mlsrcode; /* ia_mlsuser return code */ 2171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int secstatrc; /* [f]secstat return code */ 2181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (SecureSys = (int)sysconf(_SC_CRAY_SECURE_SYS)) { 2201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood getsysv(&sysv, sizeof(struct sysv)); 2211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood minslevel = sysv.sy_minlvl; 2221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (getusrv(&usrv) < 0) 2231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("getusrv() failed, errno = %d", errno); 2241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 2251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood hostname[0] = '\0'; 2261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strlcpy(hostname, 2271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood (char *)get_canonical_hostname(options.use_dns), 2281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood MAXHOSTNAMELEN); 2291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 2301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Fetch user's UDB entry. 2311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 2321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood getsysudb(); 2331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((up = getudbnam(username)) == UDB_NULL) 2341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("cannot fetch user's UDB entry"); 2351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 2371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Prevent any possible fudging so perform a data 2381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * safety check and compare the supplied uid against 2391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * the udb's uid. 2401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 2411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (up->ue_uid != uid) 2421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("IA uid missmatch"); 2431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood endudb(); 2441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((jid = getjtab(&jtab)) < 0) { 2461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("getjtab"); 2471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return(-1); 2481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 2491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pid = getpid(); 2501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ttyn = ttyname(0); 2511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (SecureSys) { 2521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (ttyn != NULL) 2531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood secstatrc = secstat(ttyn, &secinfo); 2541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 2551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood secstatrc = fsecstat(1, &secinfo); 2561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (secstatrc == 0) 2581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("[f]secstat() successful"); 2591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood else 2601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("[f]secstat() error, rc = %d", secstatrc); 2611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 2621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((ttyn == NULL) && ((char *)command != NULL)) 2631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ttyn = (char *)command; 2641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 2651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Initialize all structures to call ia_user 2661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 2671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usent.revision = 0; 2681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usent.uname = username; 2691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usent.host = hostname; 2701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usent.ttyn = ttyn; 2711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usent.caller = IA_SSHD; 2721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usent.pswdlist = &pwdacm; 2731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usent.ueptr = &ue; 2741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usent.flags = IA_INTERACTIVE | IA_FFLAG; 2751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwdacm.atype = IA_SECURID; 2761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwdacm.pwdp = NULL; 2771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwdacm.next = &pwdudb; 2781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwdudb.atype = IA_UDB; 2801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwdudb.pwdp = NULL; 2811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwdudb.next = &pwddce; 2821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwddce.atype = IA_DCE; 2841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwddce.pwdp = NULL; 2851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwddce.next = &pwddialup; 2861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwddialup.atype = IA_DIALUP; 2881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwddialup.pwdp = NULL; 2891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* pwddialup.next = &pwdwal; */ 2901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwddialup.next = NULL; 2911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwdwal.atype = IA_WAL; 2931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwdwal.pwdp = NULL; 2941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood pwdwal.next = NULL; 2951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 2961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood uret.revision = 0; 2971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood uret.pswd = NULL; 2981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood uret.normal = 0; 2991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_rcode = ia_user(&usent, &uret); 3011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood switch (ia_rcode) { 3021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 3031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * These are acceptable return codes from ia_user() 3041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 3051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case IA_UDBWEEK: /* Password Expires in 1 week */ 3061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood expiration_time = ue.ue_pwage.time + ue.ue_pwage.maxage; 3071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf ("WARNING - your current password will expire %s\n", 3081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ctime((const time_t *)&expiration_time)); 3091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 3101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case IA_UDBEXPIRED: 3111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (ttyname(0) != NULL) { 3121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Force a password change */ 3131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("Your password has expired; Choose a new one.\n"); 3141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood execl("/bin/passwd", "passwd", username, 0); 3151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood exit(9); 3161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 3171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 3181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case IA_NORMAL: /* Normal Return Code */ 3191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 3201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case IA_BACKDOOR: 3211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* XXX: can we memset it to zero here so save some of this */ 3221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strlcpy(ue.ue_name, "root", sizeof(ue.ue_name)); 3231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strlcpy(ue.ue_dir, "/", sizeof(ue.ue_dir)); 3241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strlcpy(ue.ue_shell, "/bin/sh", sizeof(ue.ue_shell)); 3251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_passwd[0] = '\0'; 3271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_age[0] = '\0'; 3281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_comment[0] = '\0'; 3291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_loghost[0] = '\0'; 3301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_logline[0] = '\0'; 3311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_uid = -1; 3331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_nice[UDBRC_INTER] = 0; 3341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; i < MAXVIDS; i++) 3361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_gids[i] = 0; 3371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_logfails = 0; 3391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_minlvl = ue.ue_maxlvl = ue.ue_deflvl = minslevel; 3401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_defcomps = 0; 3411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_comparts = 0; 3421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_permits = 0; 3431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_trap = 0; 3441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_disabled = 0; 3451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_logtime = 0; 3461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 3471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case IA_CONSOLE: /* Superuser not from Console */ 3481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case IA_TRUSTED: /* Trusted user */ 3491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options.permit_root_login > PERMIT_NO) 3501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; /* Accept root login */ 3511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood default: 3521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 3531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * These are failed return codes from ia_user() 3541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 3551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood switch (ia_rcode) 3561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood { 3571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case IA_BADAUTH: 3581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("Bad authorization, access denied.\n"); 3591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 3601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case IA_DISABLED: 3611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("Your login has been disabled. Contact the system "); 3621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("administrator for assistance.\n"); 3631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 3641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case IA_GETSYSV: 3651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("getsysv() failed - errno = %d\n", errno); 3661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 3671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case IA_MAXLOGS: 3681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("Maximum number of failed login attempts exceeded.\n"); 3691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("Access denied.\n"); 3701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 3711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case IA_UDBPWDNULL: 3721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (SecureSys) 3731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("NULL Password not allowed on MLS systems.\n"); 3741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 3751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood default: 3761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 3771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 3781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 3801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Authentication failed. 3811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 3821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("sshd: Login incorrect, (0%o)\n", 3831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_rcode-IA_ERRORCODE); 3841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 3851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 3861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Initialize structure for ia_failure 3871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * which will exit. 3881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 3891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.revision = 0; 3901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.uname = username; 3911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.host = hostname; 3921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.ttyn = ttyn; 3931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.caller = IA_SSHD; 3941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.flags = IA_INTERACTIVE; 3951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.ueptr = &ue; 3961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.jid = jid; 3971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.errcode = ia_rcode; 3981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.pwdp = uret.pswd; 3991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.exitcode = 1; 4001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fret.revision = 0; 4021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fret.normal = 0; 4031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 4051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Call ia_failure because of an IA failure. 4061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * There is no return because ia_failure exits. 4071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 4081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_failure(&fsent, &fret); 4091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood exit(1); 4111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 4121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_mlsrcode = IA_NORMAL; 4141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (SecureSys) { 4151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("calling ia_mlsuser()"); 4161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_mlsrcode = ia_mlsuser(&ue, &secinfo, &usrv, NULL, 0); 4171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 4181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (ia_mlsrcode != IA_NORMAL) { 4191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("sshd: Login incorrect, (0%o)\n", 4201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_mlsrcode-IA_ERRORCODE); 4211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 4221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Initialize structure for ia_failure 4231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * which will exit. 4241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 4251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.revision = 0; 4261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.uname = username; 4271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.host = hostname; 4281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.ttyn = ttyn; 4291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.caller = IA_SSHD; 4301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.flags = IA_INTERACTIVE; 4311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.ueptr = &ue; 4321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.jid = jid; 4331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.errcode = ia_mlsrcode; 4341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.pwdp = uret.pswd; 4351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fsent.exitcode = 1; 4361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fret.revision = 0; 4371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fret.normal = 0; 4381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 4401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Call ia_failure because of an IA failure. 4411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * There is no return because ia_failure exits. 4421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 4431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_failure(&fsent,&fret); 4441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood exit(1); 4451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 4461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Provide login status information */ 4481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (options.print_lastlog && ue.ue_logtime != 0) { 4491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("Last successful login was : %.*s ", 19, 4501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood (char *)ctime(&ue.ue_logtime)); 4511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (*ue.ue_loghost != '\0') { 4531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("from %.*s\n", sizeof(ue.ue_loghost), 4541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_loghost); 4551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else { 4561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("on %.*s\n", sizeof(ue.ue_logline), 4571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_logline); 4581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 4591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (SecureSys && (ue.ue_logfails != 0)) { 4611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf(" followed by %d failed attempts\n", 4621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_logfails); 4631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 4641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 4651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 4671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Call ia_success to process successful I/A. 4681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 4691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ssent.revision = 0; 4701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ssent.uname = username; 4711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ssent.host = hostname; 4721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ssent.ttyn = ttyn; 4731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ssent.caller = IA_SSHD; 4741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ssent.flags = IA_INTERACTIVE; 4751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ssent.ueptr = &ue; 4761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ssent.jid = jid; 4771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ssent.errcode = ia_rcode; 4781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ssent.us = NULL; 4791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ssent.time = 1; /* Set ue_logtime */ 4801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sret.revision = 0; 4821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sret.normal = 0; 4831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ia_success(&ssent, &sret); 4851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 4861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 4871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Query for account, iff > 1 valid acid & askacid permbit 4881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 4891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (((ue.ue_permbits & PERMBITS_ACCTID) || 4901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood (ue.ue_acids[0] >= 0) && (ue.ue_acids[1] >= 0)) && 4911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_permbits & PERMBITS_ASKACID) { 4921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (ttyname(0) != NULL) { 4931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("cray_setup: ttyname true case, %.100s", ttyname); 4941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while (valid_acct == -1) { 4951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("Account (? for available accounts)" 4961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood " [%s]: ", acid2nam(ue.ue_acids[0])); 4971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fgets(acct_name, MAXACID, stdin); 4981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood switch (acct_name[0]) { 4991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case EOF: 5001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood exit(0); 5011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 5021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case '\0': 5031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood valid_acct = ue.ue_acids[0]; 5041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strlcpy(acct_name, acid2nam(valid_acct), MAXACID); 5051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 5061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood case '?': 5071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* Print the list 3 wide */ 5081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0, j = 0; i < MAXVIDS; i++) { 5091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (ue.ue_acids[i] == -1) { 5101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("\n"); 5111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 5121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 5131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (++j == 4) { 5141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood j = 1; 5151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("\n"); 5161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 5171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf(" %s", 5181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood acid2nam(ue.ue_acids[i])); 5191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 5201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (ue.ue_permbits & PERMBITS_ACCTID) { 5211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("\"acctid\" permbit also allows" 5221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood " you to select any valid " 5231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "account name.\n"); 5241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 5251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("\n"); 5261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 5271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood default: 5281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood valid_acct = nam2acid(acct_name); 5291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (valid_acct == -1) 5301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf( 5311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "Account id not found for" 5321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood " account name \"%s\"\n\n", 5331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood acct_name); 5341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 5351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 5361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 5371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * If an account was given, search the user's 5381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * acids array to verify they can use this account. 5391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 5401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((valid_acct != -1) && 5411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood !(ue.ue_permbits & PERMBITS_ACCTID)) { 5421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (i = 0; i < MAXVIDS; i++) { 5431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (ue.ue_acids[i] == -1) 5441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 5451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (valid_acct == ue.ue_acids[i]) 5461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 5471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 5481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (i == MAXVIDS || 5491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_acids[i] == -1) { 5501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fprintf(stderr, "Cannot set" 5511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood " account name to " 5521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "\"%s\", permission " 5531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood "denied\n\n", acct_name); 5541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood valid_acct = -1; 5551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 5561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 5571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 5581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else { 5591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 5601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * The client isn't connected to a terminal and can't 5611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * respond to an acid prompt. Use default acid. 5621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 5631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("cray_setup: ttyname false case, %.100s", 5641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ttyname); 5651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood valid_acct = ue.ue_acids[0]; 5661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 5671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else { 5681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 5691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * The user doesn't have the askacid permbit set or 5701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * only has one valid account to use. 5711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 5721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood valid_acct = ue.ue_acids[0]; 5731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 5741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (acctid(0, valid_acct) < 0) { 5751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf ("Bad account id: %d\n", valid_acct); 5761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood exit(1); 5771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 5781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 5801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Now set shares, quotas, limits, including CPU time for the 5811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * (interactive) job and process, and set up permissions 5821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * (for chown etc), etc. 5831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 5841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (setshares(ue.ue_uid, valid_acct, printf, 0, 0)) { 5851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood printf("Unable to give %d shares to <%s>(%d/%d)\n", 5861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ue.ue_shares, ue.ue_name, ue.ue_uid, valid_acct); 5871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood exit(1); 5881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 5891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 5901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sr = setlimits(username, C_PROC, pid, UDBRC_INTER); 5911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (sr != NULL) { 5921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("%.200s", sr); 5931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood exit(1); 5941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 5951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sr = setlimits(username, C_JOB, jid, UDBRC_INTER); 5961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (sr != NULL) { 5971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("%.200s", sr); 5981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood exit(1); 5991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 6011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Place the service provider information into 6021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * the session table (Unicos) or job table (Unicos/mk). 6031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * There exist double defines for the job/session table in 6041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * unicos/mk (jtab.h) so no need for a compile time switch. 6051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 6061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood memset(&init_info, '\0', sizeof(init_info)); 6071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood init_info.s_sessinit.si_id = URM_SPT_LOGIN; 6081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood init_info.s_sessinit.si_pid = getpid(); 6091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood init_info.s_sessinit.si_sid = jid; 6101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood sesscntl(0, S_SETSERVPO, (int)&init_info); 6111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 6131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Set user and controlling tty security attributes. 6141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 6151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (SecureSys) { 6161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (setusrv(&usrv) == -1) { 6171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("setusrv() failed, errno = %d",errno); 6181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood exit(1); 6191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return (0); 6231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 6241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 6261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * The rc.* and /etc/sdaemon methods of starting a program on unicos/unicosmk 6271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * can have pal privileges that sshd can inherit which 6281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * could allow a user to su to root with out a password. 6291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * This subroutine clears all privileges. 6301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 6311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 6321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwooddrop_cray_privs() 6331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 6341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#if defined(_SC_CRAY_PRIV_SU) 6351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood priv_proc_t *privstate; 6361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int result; 6371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood extern int priv_set_proc(); 6381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood extern priv_proc_t *priv_init_proc(); 6391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 6411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * If ether of theses two flags are not set 6421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * then don't allow this version of ssh to run. 6431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 6441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!sysconf(_SC_CRAY_PRIV_SU)) 6451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("Not PRIV_SU system."); 6461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (!sysconf(_SC_CRAY_POSIX_PRIV)) 6471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("Not POSIX_PRIV."); 6481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug("Setting MLS labels.");; 6501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (sysconf(_SC_CRAY_SECURE_MAC)) { 6521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usrv.sv_minlvl = SYSLOW; 6531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usrv.sv_actlvl = SYSHIGH; 6541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usrv.sv_maxlvl = SYSHIGH; 6551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else { 6561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usrv.sv_minlvl = sysv.sy_minlvl; 6571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usrv.sv_actlvl = sysv.sy_minlvl; 6581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usrv.sv_maxlvl = sysv.sy_maxlvl; 6591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usrv.sv_actcmp = 0; 6611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usrv.sv_valcmp = sysv.sy_valcmp; 6621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usrv.sv_intcat = TFM_SYSTEM; 6641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood usrv.sv_valcat |= (TFM_SYSTEM | TFM_SYSFILE); 6651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (setusrv(&usrv) < 0) { 6671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__, 6681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strerror(errno)); 6691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((privstate = priv_init_proc()) != NULL) { 6721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood result = priv_set_proc(privstate); 6731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (result != 0 ) { 6741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("%s(%d): priv_set_proc(): %s", 6751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood __FILE__, __LINE__, strerror(errno)); 6761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood priv_free_proc(privstate); 6781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 6791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood debug ("Privileges should be cleared..."); 6801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#else 6811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* XXX: do this differently */ 6821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood# error Cray systems must be run with _SC_CRAY_PRIV_SU on! 6831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif 6841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 6851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 6881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Retain utmp/wtmp information - used by cray accounting. 6891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 6901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 6911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcray_retain_utmp(struct utmp *ut, int pid) 6921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 6931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int fd; 6941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct utmp utmp; 6951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 6961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) { 6971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* XXX use atomicio */ 6981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) { 6991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (pid == utmp.ut_pid) { 7001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ut->ut_jid = utmp.ut_jid; 7011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strncpy(ut->ut_tpath, utmp.ut_tpath, sizeof(utmp.ut_tpath)); 7021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strncpy(ut->ut_host, utmp.ut_host, sizeof(utmp.ut_host)); 7031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strncpy(ut->ut_name, utmp.ut_name, sizeof(utmp.ut_name)); 7041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 7051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 7061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 7071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood close(fd); 7081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } else 7091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("Unable to open utmp file"); 7101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 7111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 7131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * tmpdir support. 7141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 7151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 7171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * find and delete jobs tmpdir. 7181305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 7191305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 7201305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcray_delete_tmpdir(char *login, int jid, uid_t uid) 7211305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 7221305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood static char jtmp[TPATHSIZ]; 7231305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct stat statbuf; 7241305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int child, c, wstat; 7251305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7261305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (c = 'a'; c <= 'z'; c++) { 7271305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c); 7281305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (stat(jtmp, &statbuf) == 0 && statbuf.st_uid == uid) 7291305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 7301305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 7311305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7321305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (c > 'z') 7331305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return; 7341305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7351305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((child = fork()) == 0) { 7361305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood execl(CLEANTMPCMD, CLEANTMPCMD, login, jtmp, (char *)NULL); 7371305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("cray_delete_tmpdir: execl of CLEANTMPCMD failed"); 7381305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 7391305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7401305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood while (waitpid(child, &wstat, 0) == -1 && errno == EINTR) 7411305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ; 7421305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 7431305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7441305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 7451305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Remove tmpdir on job termination. 7461305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 7471305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 7481305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcray_job_termination_handler(int sig) 7491305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 7501305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int jid; 7511305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood char *login = NULL; 7521305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct jtab jtab; 7531305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7541305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((jid = waitjob(&jtab)) == -1 || 7551305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood (login = uid2nam(jtab.j_uid)) == NULL) 7561305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return; 7571305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7581305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood cray_delete_tmpdir(login, jid, jtab.j_uid); 7591305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 7601305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7611305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 7621305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Set job id and create tmpdir directory. 7631305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 7641305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 7651305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcray_init_job(struct passwd *pw) 7661305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 7671305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int jid; 7681305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int c; 7691305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7701305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood jid = setjob(pw->pw_uid, WJSIGNAL); 7711305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (jid < 0) 7721305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood fatal("System call setjob failure"); 7731305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7741305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood for (c = 'a'; c <= 'z'; c++) { 7751305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood snprintf(cray_tmpdir, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c); 7761305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (mkdir(cray_tmpdir, JTMPMODE) != 0) 7771305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood continue; 7781305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (chown(cray_tmpdir, pw->pw_uid, pw->pw_gid) != 0) { 7791305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood rmdir(cray_tmpdir); 7801305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood continue; 7811305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 7821305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood break; 7831305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood } 7841305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7851305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if (c > 'z') 7861305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood cray_tmpdir[0] = '\0'; 7871305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 7881305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7891305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 7901305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcray_set_tmpdir(struct utmp *ut) 7911305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 7921305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood int jid; 7931305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood struct jtab jbuf; 7941305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7951305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood if ((jid = getjtab(&jbuf)) < 0) 7961305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return; 7971305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 7981305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood /* 7991305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Set jid and tmpdir in utmp record. 8001305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 8011305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood ut->ut_jid = jid; 8021305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood strncpy(ut->ut_tpath, cray_tmpdir, TPATHSIZ); 8031305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 8041305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif /* UNICOS */ 8051305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood 8061305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#ifdef _UNICOSMP 8071305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#include <pwd.h> 8081305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood/* 8091305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood * Set job id and create tmpdir directory. 8101305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood */ 8111305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodvoid 8121305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwoodcray_init_job(struct passwd *pw) 8131305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood{ 8141305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood initrm_silent(pw->pw_uid); 8151305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood return; 8161305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood} 8171305e95ba6ff9fa202d0818caf10405df4b0f648Mike Lockwood#endif /* _UNICOSMP */ 818