- (bal) Second around of UNICOS patches. A few other things left.
Patches by William L. Jones <jones@mail.utexas.edu>
This commit is contained in:
parent
ff2866cf51
commit
6db66ff387
|
@ -98,7 +98,7 @@
|
|||
[ssh-keygen.c]
|
||||
allow uploading RSA keys for non-default AUT0 (sha1 over passphrase
|
||||
like sectok).
|
||||
- markus@cvs.openbsd.org 2001/08/01 23:38:45
|
||||
- markus@cvs.openbsd.org 2001/08/01 23:38:45
|
||||
[scard.c ssh.c]
|
||||
support finish rsa keys.
|
||||
free public keys after login -> call finish -> close smartcard.
|
||||
|
@ -122,7 +122,7 @@
|
|||
- jakob@cvs.openbsd.org 2001/08/02 15:43:57
|
||||
[ssh-agent.c ssh.c ssh-keygen.c]
|
||||
add /* SMARTCARD */ to #else/#endif. ok markus@
|
||||
- jakob@cvs.openbsd.org 2001/08/02 16:14:05
|
||||
- jakob@cvs.openbsd.org 2001/08/02 16:14:05
|
||||
[scard.c ssh-agent.c ssh.c ssh-keygen.c]
|
||||
clean up some /* SMARTCARD */. ok markus@
|
||||
- mpech@cvs.openbsd.org 2001/08/02 18:37:35
|
||||
|
@ -148,6 +148,8 @@
|
|||
[scp.c]
|
||||
use alarm vs. setitimer for portable; ok markus@
|
||||
- (bal) ssh-keyscan double -lssh hack due to seed_rng().
|
||||
- (bal) Second around of UNICOS patches. A few other things left.
|
||||
Patches by William L. Jones <jones@mail.utexas.edu>
|
||||
|
||||
20010803
|
||||
- (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on
|
||||
|
@ -6258,4 +6260,4 @@
|
|||
- Wrote replacements for strlcpy and mkdtemp
|
||||
- Released 1.0pre1
|
||||
|
||||
$Id: ChangeLog,v 1.1466 2001/08/06 22:56:46 mouring Exp $
|
||||
$Id: ChangeLog,v 1.1467 2001/08/06 23:29:16 mouring Exp $
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
# $Id: configure.in,v 1.304 2001/07/24 17:00:14 mouring Exp $
|
||||
# $Id: configure.in,v 1.305 2001/08/06 23:29:17 mouring Exp $
|
||||
|
||||
AC_INIT(ssh.c)
|
||||
|
||||
|
@ -1453,6 +1453,7 @@ if (test -z "$RANDOM_POOL" && test -z "$PRNGD") ; then
|
|||
OSSH_PATH_ENTROPY_PROG(PROG_IFCONFIG, ifconfig)
|
||||
OSSH_PATH_ENTROPY_PROG(PROG_JSTAT, jstat)
|
||||
OSSH_PATH_ENTROPY_PROG(PROG_PS, ps)
|
||||
OSSH_PATH_ENTROPY_PROG(PROG_SAR, sar)
|
||||
OSSH_PATH_ENTROPY_PROG(PROG_W, w)
|
||||
OSSH_PATH_ENTROPY_PROG(PROG_WHO, who)
|
||||
OSSH_PATH_ENTROPY_PROG(PROG_LAST, last)
|
||||
|
|
|
@ -163,7 +163,7 @@
|
|||
#include "log.h"
|
||||
#include "atomicio.h"
|
||||
|
||||
RCSID("$Id: loginrec.c,v 1.33 2001/05/08 20:33:06 mouring Exp $");
|
||||
RCSID("$Id: loginrec.c,v 1.34 2001/08/06 23:29:17 mouring Exp $");
|
||||
|
||||
#ifdef HAVE_UTIL_H
|
||||
# include <util.h>
|
||||
|
@ -616,9 +616,15 @@ construct_utmp(struct logininfo *li,
|
|||
switch (li->type) {
|
||||
case LTYPE_LOGIN:
|
||||
ut->ut_type = USER_PROCESS;
|
||||
#ifdef _CRAY
|
||||
cray_set_tmpdir(ut);
|
||||
#endif
|
||||
break;
|
||||
case LTYPE_LOGOUT:
|
||||
ut->ut_type = DEAD_PROCESS;
|
||||
#ifdef _CRAY
|
||||
cray_retain_utmp(ut, li->pid);
|
||||
#endif
|
||||
break;
|
||||
}
|
||||
# endif
|
||||
|
|
|
@ -12,18 +12,24 @@
|
|||
#include <utmp.h>
|
||||
#include <sys/jtab.h>
|
||||
#include <signal.h>
|
||||
#include <sys/priv.h>
|
||||
#include <sys/secparm.h>
|
||||
#include <sys/usrv.h>
|
||||
#include <sys/sysv.h>
|
||||
#include <sys/sectab.h>
|
||||
#include <sys/stat.h>
|
||||
#include <stdlib.h>
|
||||
#include <pwd.h>
|
||||
#include <fcntl.h>
|
||||
#include <errno.h>
|
||||
|
||||
#include "bsd-cray.h"
|
||||
|
||||
char cray_tmpdir[TPATHSIZ+1]; /* job TMPDIR path */
|
||||
|
||||
/*
|
||||
* Functions.
|
||||
*/
|
||||
int cray_setup(uid_t, char *);
|
||||
void cray_retain_utmp(struct utmp *, int);
|
||||
void cray_create_tmpdir(int, uid_t, gid_t);
|
||||
void cray_delete_tmpdir(char *, int , uid_t);
|
||||
|
@ -31,17 +37,17 @@ void cray_job_termination_handler (int);
|
|||
void cray_init_job(struct passwd *);
|
||||
void cray_set_tmpdir(struct utmp *);
|
||||
|
||||
|
||||
/*
|
||||
* Orignal written by:
|
||||
* Wayne Schroeder
|
||||
* San Diego Supercomputer Center
|
||||
* schroeder@sdsc.edu
|
||||
*/
|
||||
int
|
||||
void
|
||||
cray_setup(uid_t uid, char *username)
|
||||
{
|
||||
struct udb *p;
|
||||
extern struct udb *getudb();
|
||||
extern char *setlimits();
|
||||
int i, j;
|
||||
int accts[MAXVIDS];
|
||||
|
@ -52,58 +58,83 @@ cray_setup(uid_t uid, char *username)
|
|||
struct jtab jbuf;
|
||||
int jid;
|
||||
|
||||
if ((jid = getjtab (&jbuf)) < 0) {
|
||||
debug("getjtab");
|
||||
return -1;
|
||||
}
|
||||
if ((jid = getjtab (&jbuf)) < 0) fatal("getjtab: no jid");
|
||||
|
||||
/* Find all of the accounts for a particular user */
|
||||
err = setudb(); /* open and rewind the Cray User DataBase */
|
||||
if(err != 0) {
|
||||
debug("UDB open failure");
|
||||
return -1;
|
||||
}
|
||||
err = setudb(); /* open and rewind the Cray User DataBase */
|
||||
if(err != 0) fatal("UDB open failure");
|
||||
naccts = 0;
|
||||
while ((p = getudb()) != UDB_NULL) {
|
||||
if (p->ue_uid == -1) break;
|
||||
if(uid == p->ue_uid) {
|
||||
for(j = 0; p->ue_acids[j] != -1 && j < MAXVIDS; j++) {
|
||||
accts[naccts] = p->ue_acids[j];
|
||||
naccts++;
|
||||
}
|
||||
}
|
||||
}
|
||||
endudb(); /* close the udb */
|
||||
if (naccts == 0 || accts[0] == 0) {
|
||||
debug("No Cray accounts found");
|
||||
return -1;
|
||||
p = getudbnam(username);
|
||||
if (p == NULL) fatal("No UDB entry for %s", username);
|
||||
if(uid != p->ue_uid)
|
||||
fatal("UDB etnry %s uid(%d) does not match uid %d\n",
|
||||
username, p->ue_uid, uid);
|
||||
for(j = 0; p->ue_acids[j] != -1 && j < MAXVIDS; j++) {
|
||||
accts[naccts] = p->ue_acids[j];
|
||||
naccts++;
|
||||
}
|
||||
endudb(); /* close the udb */
|
||||
|
||||
if (naccts != 0) {
|
||||
/* Perhaps someday we'll prompt users who have multiple accounts
|
||||
to let them pick one (like CRI's login does), but for now just set
|
||||
the account to the first entry. */
|
||||
if (acctid(0, accts[0]) < 0)
|
||||
fatal("System call acctid failed, accts[0]=%d",accts[0]);
|
||||
}
|
||||
|
||||
/* Perhaps someday we'll prompt users who have multiple accounts
|
||||
to let them pick one (like CRI's login does), but for now just set
|
||||
the account to the first entry. */
|
||||
if (acctid(0, accts[0]) < 0) {
|
||||
debug("System call acctid failed, accts[0]=%d",accts[0]);
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Now set limits, including CPU time for the (interactive) job and process,
|
||||
and set up permissions (for chown etc), etc. This is via an internal CRI
|
||||
routine, setlimits, used by CRI's login. */
|
||||
/* Now set limits, including CPU time for the (interactive) job and process,
|
||||
and set up permissions (for chown etc), etc. This is via an internal CRI
|
||||
routine, setlimits, used by CRI's login. */
|
||||
|
||||
pid = getpid();
|
||||
sr = setlimits(username, C_PROC, pid, UDBRC_INTER);
|
||||
if (sr != NULL) {
|
||||
debug("%.200s", sr);
|
||||
return -1;
|
||||
}
|
||||
sr = setlimits(username, C_JOB, jid, UDBRC_INTER);
|
||||
if (sr != NULL) {
|
||||
debug("%.200s", sr);
|
||||
return -1;
|
||||
}
|
||||
if (sr != NULL) fatal("%.200s", sr);
|
||||
|
||||
return 0;
|
||||
sr = setlimits(username, C_JOB, jid, UDBRC_INTER);
|
||||
if (sr != NULL) fatal("%.200s", sr);
|
||||
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* The rc.* and /etc/sdaemon methods of starting a program on unicos/unicosmk
|
||||
* can have pal privileges that sshd can inherit which
|
||||
* could allow a user to su to root with out a password.
|
||||
* This subroutine clears all privileges.
|
||||
*/
|
||||
void
|
||||
drop_cray_privs()
|
||||
{
|
||||
#if defined(_SC_CRAY_PRIV_SU)
|
||||
priv_proc_t* privstate;
|
||||
int result;
|
||||
extern int priv_set_proc();
|
||||
extern priv_proc_t* priv_init_proc();
|
||||
struct usrv usrv;
|
||||
|
||||
/*
|
||||
* If ether of theses two flags are not set
|
||||
* then don't allow this version of ssh to run.
|
||||
*/
|
||||
if (!sysconf(_SC_CRAY_PRIV_SU)) fatal("Not PRIV_SU system.");
|
||||
if (!sysconf(_SC_CRAY_POSIX_PRIV)) fatal("Not POSIX_PRIV.");
|
||||
|
||||
debug ("Dropping privileges.");
|
||||
|
||||
memset(&usrv, 0, sizeof(usrv));
|
||||
if (setusrv(&usrv) < 0)
|
||||
fatal ("%s(%d): setusrv(): %s\n", __FILE__, __LINE__, strerror(errno));
|
||||
|
||||
if ((privstate = priv_init_proc()) != NULL) {
|
||||
result = priv_set_proc(privstate);
|
||||
if ( result != 0 ) fatal ("%s(%d): priv_set_proc(): %s\n",
|
||||
__FILE__, __LINE__, strerror(errno));
|
||||
priv_free_proc(privstate);
|
||||
}
|
||||
debug ("Privileges should be cleared...");
|
||||
#else
|
||||
Cray systems must be run with _SC_CRAY_PRIV_SU on!
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: openbsd-compat.h,v 1.11 2001/07/14 03:22:54 djm Exp $ */
|
||||
/* $Id: openbsd-compat.h,v 1.12 2001/08/06 23:29:18 mouring Exp $ */
|
||||
|
||||
#ifndef _OPENBSD_H
|
||||
#define _OPENBSD_H
|
||||
|
@ -38,4 +38,7 @@
|
|||
#include "fake-getnameinfo.h"
|
||||
#include "fake-socket.h"
|
||||
|
||||
/* Routines for a single OS platform */
|
||||
#include "bsd-cray.h"
|
||||
|
||||
#endif /* _OPENBSD_H */
|
||||
|
|
7
sshd.c
7
sshd.c
|
@ -679,6 +679,13 @@ main(int ac, char **av)
|
|||
options.log_facility == -1 ? SYSLOG_FACILITY_AUTH : options.log_facility,
|
||||
!inetd_flag);
|
||||
|
||||
#ifdef _CRAY
|
||||
/* Cray can define user privs drop all prives now!
|
||||
* Not needed on PRIV_SU systems!
|
||||
*/
|
||||
drop_cray_privs();
|
||||
#endif
|
||||
|
||||
seed_rng();
|
||||
|
||||
/* Read server configuration options from the configuration file. */
|
||||
|
|
59
sshpty.c
59
sshpty.c
|
@ -162,6 +162,34 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
|
|||
}
|
||||
return 1;
|
||||
#else /* HAVE_DEV_PTS_AND_PTC */
|
||||
#ifdef _CRAY
|
||||
char buf[64];
|
||||
int i;
|
||||
int highpty;
|
||||
|
||||
#ifdef _SC_CRAY_NPTY
|
||||
highpty = sysconf(_SC_CRAY_NPTY);
|
||||
if (highpty == -1)
|
||||
highpty = 128;
|
||||
#else
|
||||
highpty = 128;
|
||||
#endif
|
||||
|
||||
for (i = 0; i < highpty; i++) {
|
||||
snprintf(buf, sizeof(buf), "/dev/pty/%03d", i);
|
||||
*ptyfd = open(buf, O_RDWR|O_NOCTTY);
|
||||
if (*ptyfd < 0) continue;
|
||||
snprintf(namebuf, namebuflen, "/dev/ttyp%03d", i);
|
||||
/* Open the slave side. */
|
||||
*ttyfd = open(namebuf, O_RDWR|O_NOCTTY);
|
||||
if (*ttyfd < 0) {
|
||||
error("%.100s: %.100s", namebuf, strerror(errno));
|
||||
close(*ptyfd);
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
#else
|
||||
/* BSD-style pty code. */
|
||||
char buf[64];
|
||||
int i;
|
||||
|
@ -196,6 +224,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
|
|||
return 1;
|
||||
}
|
||||
return 0;
|
||||
#endif /* CRAY */
|
||||
#endif /* HAVE_DEV_PTS_AND_PTC */
|
||||
#endif /* HAVE_DEV_PTMX */
|
||||
#endif /* HAVE__GETPTY */
|
||||
|
@ -218,6 +247,35 @@ pty_release(const char *ttyname)
|
|||
void
|
||||
pty_make_controlling_tty(int *ttyfd, const char *ttyname)
|
||||
{
|
||||
#ifdef _CRAY
|
||||
int fd;
|
||||
|
||||
if (setsid() < 0)
|
||||
error("setsid: %.100s", strerror(errno));
|
||||
|
||||
fd = open(ttyname, O_RDWR|O_NOCTTY);
|
||||
if (fd >= 0) {
|
||||
signal(SIGHUP, SIG_IGN);
|
||||
ioctl(fd, TCVHUP, (char *)0);
|
||||
signal(SIGHUP, SIG_DFL);
|
||||
setpgid(0,0);
|
||||
close(fd);
|
||||
} else {
|
||||
error("Failed to disconnect from controlling tty.");
|
||||
}
|
||||
|
||||
|
||||
debug("Setting controlling tty using TCSETCTTY.\n");
|
||||
ioctl(*ttyfd, TCSETCTTY, NULL);
|
||||
|
||||
fd = open("/dev/tty", O_RDWR);
|
||||
|
||||
if (fd < 0)
|
||||
error("%.100s: %.100s", ttyname, strerror(errno));
|
||||
|
||||
close(*ttyfd);
|
||||
*ttyfd = fd;
|
||||
#else
|
||||
int fd;
|
||||
#ifdef USE_VHANGUP
|
||||
void *old;
|
||||
|
@ -277,6 +335,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
|
|||
else {
|
||||
close(fd);
|
||||
}
|
||||
#endif
|
||||
}
|
||||
|
||||
/* Changes the window size associated with the pty. */
|
||||
|
|
Loading…
Reference in New Issue