Cray fixes (bug 367) based on patch from Wendy Palm @ cray.

This does not include the deattack.c fixes.
2002-09-25 17:38:46 -07:00 · 2002-09-25 17:38:46 -07:00 · 81ed518b9b
--- a/4
+++ b/4
@ -1,6 +1,8 @@
 20020925
 - (bal) Fix issue where successfull login does not clear failure counts
   in AIX.  Patch by dtucker@zip.com.au ok by djm
+ - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray.
+    This does not include the deattack.c fixes.

 20020923
 - (djm) OpenBSD CVS Sync
@ -719,4 +721,4 @@
     save auth method before monitor_reset_key_state(); bugzilla bug #284;
     ok provos@

-$Id: ChangeLog,v 1.2481 2002/09/25 23:14:14 mouring Exp $
+$Id: ChangeLog,v 1.2482 2002/09/26 00:38:46 tim Exp $
--- a/acconfig.h
+++ b/acconfig.h
@ -1,4 +1,4 @@
-/* $Id: acconfig.h,v 1.144 2002/07/14 20:36:50 tim Exp $ */
+/* $Id: acconfig.h,v 1.145 2002/09/26 00:38:48 tim Exp $ */

 #ifndef _CONFIG_H
 #define _CONFIG_H
@ -150,6 +150,9 @@
 /* Define if you don't want to use lastlog */
 #undef DISABLE_LASTLOG

+/* Define if you don't want to use lastlog in session.c */
+#undef NO_SSH_LASTLOG
+
 /* Define if you don't want to use utmp */
 #undef DISABLE_UTMP

--- a/auth1.c
+++ b/auth1.c
@ -304,6 +304,15 @@ do_authloop(Authctxt *authctxt)
 			fatal("INTERNAL ERROR: authenticated invalid user %s",
 			    authctxt->user);

+#ifdef _UNICOS
+		if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
+			cray_login_failure(authctxt->user, IA_UDBERR);
+		if (authenticated && cray_access_denied(authctxt->user)) {
+			authenticated = 0;
+			fatal("Access denied for user %s.",authctxt->user);
+		}
+#endif /* _UNICOS */
+
 #ifdef HAVE_CYGWIN
 		if (authenticated &&
 		    !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) {
--- a/auth2.c
+++ b/auth2.c
@ -216,6 +216,13 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
 		authenticated = 0;
 #endif /* USE_PAM */

+#ifdef _UNICOS
+	if (authenticated && cray_access_denied(authctxt->user)) {
+		authenticated = 0;
+		fatal("Access denied for user %s.",authctxt->user);
+	}
+#endif /* _UNICOS */
+
 	/* Log before sending the reply */
 	auth_log(authctxt, authenticated, method, " ssh2");

@ -235,6 +242,10 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method)
 		if (authctxt->failures++ > AUTH_FAIL_MAX) {
 			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
 		}
+#ifdef _UNICOS
+		if (strcmp(method, "password") == 0)
+			cray_login_failure(authctxt->user, IA_UDBERR);
+#endif /* _UNICOS */
 		methods = authmethods_get();
 		packet_start(SSH2_MSG_USERAUTH_FAILURE);
 		packet_put_cstring(methods);
--- a/configure.ac
+++ b/configure.ac
@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.88 2002/09/23 23:54:12 tim Exp $
+# $Id: configure.ac,v 1.89 2002/09/26 00:38:47 tim Exp $

 AC_INIT
 AC_CONFIG_SRCDIR([ssh.c])
@ -303,6 +303,7 @@ mips-sony-bsd|mips-sony-newsos4)
 	no_libnsl=1
 	AC_DEFINE(USE_PIPES)
 	AC_DEFINE(DISABLE_FD_PASSING)
+	AC_DEFINE(NO_SSH_LASTLOG)
 	LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
 	LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
 	MANTYPE=cat
@ -376,14 +377,14 @@ AC_ARG_WITH(libs,

 # Checks for header files.
 AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
-	getopt.h glob.h lastlog.h limits.h login.h \
+	getopt.h glob.h ia.h lastlog.h limits.h login.h \
 	login_cap.h maillock.h netdb.h netgroup.h \
 	netinet/in_systm.h paths.h pty.h readpassphrase.h \
 	rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
 	strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
 	sys/mman.h sys/select.h sys/stat.h \
 	sys/stropts.h sys/sysmacros.h sys/time.h \
-	sys/un.h time.h ttyent.h usersec.h \
+	sys/un.h time.h tmpdir.h ttyent.h usersec.h \
 	util.h utime.h utmp.h utmpx.h)

 # Checks for libraries.
--- a/defines.h
+++ b/defines.h
@ -1,7 +1,7 @@
 #ifndef _DEFINES_H
 #define _DEFINES_H

-/* $Id: defines.h,v 1.95 2002/08/21 02:54:12 mouring Exp $ */
+/* $Id: defines.h,v 1.96 2002/09/26 00:38:48 tim Exp $ */


 /* Constants */
@ -124,7 +124,7 @@ typedef char int8_t;
 # if (SIZEOF_SHORT_INT == 2)
 typedef short int int16_t;
 # else
-#  if defined(_CRAY) && !defined(_CRAYSV2)
+#  ifdef _UNICOS
 #   if (SIZEOF_SHORT_INT == 4)
 typedef short int16_t;
 #   else
@ -132,16 +132,16 @@ typedef long  int16_t;
 #   endif
 #  else
 #   error "16 bit int type not found."
-#  endif /* _CRAY */
+#  endif /* _UNICOS */
 # endif
 # if (SIZEOF_INT == 4)
 typedef int int32_t;
 # else
-#  if defined(_CRAY) && !defined(_CRAYSV2)
+#  ifdef _UNICOS
 typedef long  int32_t;
 #  else
 #   error "32 bit int type not found."
-#  endif /* _CRAY */
+#  endif /* _UNICOS */
 # endif
 #endif

@ -161,7 +161,7 @@ typedef unsigned char u_int8_t;
 #  if (SIZEOF_SHORT_INT == 2)
 typedef unsigned short int u_int16_t;
 #  else
-#   if defined(_CRAY) && !defined(_CRAYSV2)
+#   ifdef _UNICOS
 #    if (SIZEOF_SHORT_INT == 4)
 typedef unsigned short u_int16_t;
 #    else
@ -174,7 +174,7 @@ typedef unsigned long  u_int16_t;
 #  if (SIZEOF_INT == 4)
 typedef unsigned int u_int32_t;
 #  else
-#   if defined(_CRAY) && !defined(_CRAYSV2)
+#   ifdef _UNICOS
 typedef unsigned long  u_int32_t;
 #   else
 #    error "32 bit int type not found."
--- a/includes.h
+++ b/includes.h
@ -149,6 +149,14 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg }
 # include <readpassphrase.h>
 #endif

+#ifdef HAVE_IA_H
+# include <ia.h>
+#endif
+
+#ifdef HAVE_TMPDIR_H
+# include <tmpdir.h>
+#endif
+
 #include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */

 #include "defines.h"
--- a/loginrec.c
+++ b/loginrec.c
@ -163,7 +163,7 @@
 #include "log.h"
 #include "atomicio.h"

-RCSID("$Id: loginrec.c,v 1.43 2002/07/22 23:34:25 mouring Exp $");
+RCSID("$Id: loginrec.c,v 1.44 2002/09/26 00:38:49 tim Exp $");

 #ifdef HAVE_UTIL_H
 #  include <util.h>
@ -622,13 +622,13 @@ construct_utmp(struct logininfo *li,
 	switch (li->type) {
 	case LTYPE_LOGIN:
 		ut->ut_type = USER_PROCESS;
-#if defined(_CRAY) && !defined(_CRAYSV2)
+#ifdef _UNICOS
 		cray_set_tmpdir(ut);
 #endif
 		break;
 	case LTYPE_LOGOUT:
 		ut->ut_type = DEAD_PROCESS;
-#if defined(_CRAY) && !defined(_CRAYSV2)
+#ifdef _UNICOS
 		cray_retain_utmp(ut, li->pid);
 #endif
 		break;
--- a/openbsd-compat/bsd-cray.c
+++ b/openbsd-compat/bsd-cray.c
@ -1,5 +1,5 @@
 /* 
- * $Id: bsd-cray.c,v 1.7 2002/07/23 21:00:18 mouring Exp $
+ * $Id: bsd-cray.c,v 1.8 2002/09/26 00:38:51 tim Exp $
 *
 * bsd-cray.c
 *
@ -34,7 +34,7 @@
 * on UNICOS systems.
 *
 */
-#if defined(_CRAY) && !defined(_CRAYSV2)
+#ifdef _UNICOS

 #include <udb.h>
 #include <tmpdir.h>
--- a/openbsd-compat/bsd-cray.h
+++ b/openbsd-compat/bsd-cray.h
@ -1,5 +1,5 @@
 /* 
- * $Id: bsd-cray.h,v 1.4 2002/07/23 21:00:18 mouring Exp $
+ * $Id: bsd-cray.h,v 1.5 2002/09/26 00:38:51 tim Exp $
 *
 * bsd-cray.h
 *
@ -37,7 +37,7 @@
 #ifndef _BSD_CRAY_H
 #define _BSD_CRAY_H

-#if defined(_CRAY) && !defined(_CRAYSV2)
+#ifdef _UNICOS
 void cray_init_job(struct passwd *);		/* init cray job */
 void cray_job_termination_handler(int);		/* process end of job signal */
 void cray_login_failure(char *username, int errcode);
--- a/serverloop.c
+++ b/serverloop.c
@ -144,7 +144,9 @@ sigchld_handler(int sig)
 	int save_errno = errno;
 	debug("Received SIGCHLD.");
 	child_terminated = 1;
+#ifndef _UNICOS
 	mysignal(SIGCHLD, sigchld_handler);
+#endif
 	notify_parent();
 	errno = save_errno;
 }
--- a/session.c
+++ b/session.c
@ -512,10 +512,17 @@ do_exec_no_pty(Session *s, const char *command)
 			perror("dup2 stderr");
 #endif /* USE_PIPES */

+#ifdef _UNICOS
+		cray_init_job(s->pw); /* set up cray jid and tmpdir */
+#endif
+
 		/* Do processing for the child (exec command etc). */
 		do_child(s, command);
 		/* NOTREACHED */
 	}
+#ifdef _UNICOS
+	signal(WJSIGNAL, cray_job_termination_handler);
+#endif /* _UNICOS */
 #ifdef HAVE_CYGWIN
 	if (is_winnt)
 		cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
@ -603,8 +610,12 @@ do_exec_pty(Session *s, const char *command)

 		/* record login, etc. similar to login(1) */
 #ifndef HAVE_OSF_SIA
-		if (!(options.use_login && command == NULL))
+		if (!(options.use_login && command == NULL)) {
+#ifdef _UNICOS
+			cray_init_job(s->pw); /* set up cray jid and tmpdir */
+#endif /* _UNICOS */
 			do_login(s, command);
+		}
 # ifdef LOGIN_NEEDS_UTMPX
 		else
 			do_pre_login(s);
@ -615,6 +626,9 @@ do_exec_pty(Session *s, const char *command)
 		do_child(s, command);
 		/* NOTREACHED */
 	}
+#ifdef _UNICOS
+	signal(WJSIGNAL, cray_job_termination_handler);
+#endif /* _UNICOS */
 #ifdef HAVE_CYGWIN
 	if (is_winnt)
 		cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
@ -755,6 +769,7 @@ do_login(Session *s, const char *command)
 		printf("%s\n", aixloginmsg);
 #endif /* WITH_AIXAUTHENTICATE */

+#ifndef NO_SSH_LASTLOG
 	if (options.print_lastlog && s->last_login_time != 0) {
 		time_string = ctime(&s->last_login_time);
 		if (strchr(time_string, '\n'))
@ -765,6 +780,7 @@ do_login(Session *s, const char *command)
 			printf("Last login: %s from %s\r\n", time_string,
 			    s->hostname);
 	}
+#endif /* NO_SSH_LASTLOG */

 	do_motd();
 }
@ -1024,6 +1040,11 @@ do_setup_env(Session *s, const char *shell)
 		child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
 		    original_command);

+#ifdef _UNICOS
+	if (cray_tmpdir[0] != '\0')
+		child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir);
+#endif /* _UNICOS */
+
 #ifdef _AIX
 	{
 		char *cp;
@ -1275,6 +1296,10 @@ do_child(Session *s, const char *command)
 	if (options.use_login && command != NULL)
 		options.use_login = 0;

+#ifdef _UNICOS
+	cray_setup(pw->pw_uid, pw->pw_name, command);
+#endif /* _UNICOS */
+
 	/*
 	 * Login(1) does this as well, and it needs uid 0 for the "-h"
 	 * switch, so we let login(1) to this for us.
--- a/sshd.c
+++ b/sshd.c
@ -940,7 +940,7 @@ main(int ac, char **av)
 	    SYSLOG_FACILITY_AUTH : options.log_facility,
 	    !inetd_flag);

-#if defined(_CRAY) && !defined(_CRAYSV2)
+#ifdef _UNICOS
 	/* Cray can define user privs drop all prives now!
 	 * Not needed on PRIV_SU systems!
 	 */
--- a/sshpty.c
+++ b/sshpty.c
@ -162,7 +162,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen)
 	}
 	return 1;
 #else /* HAVE_DEV_PTS_AND_PTC */
-#if defined(_CRAY) && !defined(_CRAYSV2)
+#ifdef _UNICOS
 	char buf[64];
 	int i;
 	int highpty;
@ -268,7 +268,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
 	void *old;
 #endif /* USE_VHANGUP */

-#if defined(_CRAY) && !defined(_CRAYSV2)
+#ifdef _UNICOS
 	if (setsid() < 0)
 		error("setsid: %.100s", strerror(errno));

@ -290,7 +290,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
 		error("%.100s: %.100s", ttyname, strerror(errno));
 	close(*ttyfd);
 	*ttyfd = fd;
-#else /* _CRAY */
+#else /* _UNICOS */

 	/* First disconnect from the old controlling tty. */
 #ifdef TIOCNOTTY
@ -345,7 +345,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname)
 		    strerror(errno));
 	else 
 		close(fd);
-#endif /* _CRAY */
+#endif /* _UNICOS */
 }

 /* Changes the window size associated with the pty. */