mirror of git://anongit.mindrot.org/openssh.git
301 lines
7.2 KiB
C
301 lines
7.2 KiB
C
/*
|
|
* $Id: bsd-cray.c,v 1.6 2002/05/15 16:39:51 mouring Exp $
|
|
*
|
|
* bsd-cray.c
|
|
*
|
|
* Copyright (c) 2002, Cray Inc. (Wendy Palm <wendyp@cray.com>)
|
|
* Significant portions provided by
|
|
* Wayne Schroeder, SDSC <schroeder@sdsc.edu>
|
|
* William Jones, UTexas <jones@tacc.utexas.edu>
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
* documentation and/or other materials provided with the distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
|
|
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
|
|
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
|
|
* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*
|
|
* Created: Apr 22 16.34:00 2002 wp
|
|
*
|
|
* This file contains functions required for proper execution
|
|
* on UNICOS systems.
|
|
*
|
|
*/
|
|
|
|
#ifdef _CRAY
|
|
#include <udb.h>
|
|
#include <tmpdir.h>
|
|
#include <unistd.h>
|
|
#include <sys/category.h>
|
|
#include <utmp.h>
|
|
#include <sys/jtab.h>
|
|
#include <signal.h>
|
|
#include <sys/priv.h>
|
|
#include <sys/secparm.h>
|
|
#include <sys/usrv.h>
|
|
#include <sys/sysv.h>
|
|
#include <sys/sectab.h>
|
|
#include <sys/stat.h>
|
|
#include <stdlib.h>
|
|
#include <pwd.h>
|
|
#include <fcntl.h>
|
|
#include <errno.h>
|
|
|
|
#include "bsd-cray.h"
|
|
|
|
char cray_tmpdir[TPATHSIZ+1]; /* job TMPDIR path */
|
|
|
|
/*
|
|
* Functions.
|
|
*/
|
|
void cray_retain_utmp(struct utmp *, int);
|
|
void cray_delete_tmpdir(char *, int, uid_t);
|
|
void cray_init_job(struct passwd *);
|
|
void cray_set_tmpdir(struct utmp *);
|
|
|
|
|
|
/*
|
|
* Orignal written by:
|
|
* Wayne Schroeder
|
|
* San Diego Supercomputer Center
|
|
* schroeder@sdsc.edu
|
|
*/
|
|
void
|
|
cray_setup(uid_t uid, char *username)
|
|
{
|
|
struct udb *p;
|
|
extern char *setlimits();
|
|
int i, j;
|
|
int accts[MAXVIDS];
|
|
int naccts;
|
|
int err;
|
|
char *sr;
|
|
int pid;
|
|
struct jtab jbuf;
|
|
int jid;
|
|
|
|
if ((jid = getjtab(&jbuf)) < 0)
|
|
fatal("getjtab: no jid");
|
|
|
|
err = setudb(); /* open and rewind the Cray User DataBase */
|
|
if (err != 0)
|
|
fatal("UDB open failure");
|
|
naccts = 0;
|
|
p = getudbnam(username);
|
|
if (p == NULL)
|
|
fatal("No UDB entry for %.100s", username);
|
|
if (uid != p->ue_uid)
|
|
fatal("UDB entry %.100s uid(%d) does not match uid %d",
|
|
username, (int) p->ue_uid, (int) uid);
|
|
for (j = 0; p->ue_acids[j] != -1 && j < MAXVIDS; j++) {
|
|
accts[naccts] = p->ue_acids[j];
|
|
naccts++;
|
|
}
|
|
endudb(); /* close the udb */
|
|
|
|
if (naccts != 0) {
|
|
/* Perhaps someday we'll prompt users who have multiple accounts
|
|
to let them pick one (like CRI's login does), but for now just set
|
|
the account to the first entry. */
|
|
if (acctid(0, accts[0]) < 0)
|
|
fatal("System call acctid failed, accts[0]=%d", accts[0]);
|
|
}
|
|
|
|
/* Now set limits, including CPU time for the (interactive) job and process,
|
|
and set up permissions (for chown etc), etc. This is via an internal CRI
|
|
routine, setlimits, used by CRI's login. */
|
|
|
|
pid = getpid();
|
|
sr = setlimits(username, C_PROC, pid, UDBRC_INTER);
|
|
if (sr != NULL)
|
|
fatal("%.200s", sr);
|
|
|
|
sr = setlimits(username, C_JOB, jid, UDBRC_INTER);
|
|
if (sr != NULL)
|
|
fatal("%.200s", sr);
|
|
|
|
}
|
|
|
|
/*
|
|
* The rc.* and /etc/sdaemon methods of starting a program on unicos/unicosmk
|
|
* can have pal privileges that sshd can inherit which
|
|
* could allow a user to su to root with out a password.
|
|
* This subroutine clears all privileges.
|
|
*/
|
|
void
|
|
drop_cray_privs()
|
|
{
|
|
#if defined(_SC_CRAY_PRIV_SU)
|
|
priv_proc_t* privstate;
|
|
int result;
|
|
extern int priv_set_proc();
|
|
extern priv_proc_t* priv_init_proc();
|
|
struct usrv usrv;
|
|
|
|
/*
|
|
* If ether of theses two flags are not set
|
|
* then don't allow this version of ssh to run.
|
|
*/
|
|
if (!sysconf(_SC_CRAY_PRIV_SU))
|
|
fatal("Not PRIV_SU system.");
|
|
if (!sysconf(_SC_CRAY_POSIX_PRIV))
|
|
fatal("Not POSIX_PRIV.");
|
|
|
|
debug("Dropping privileges.");
|
|
|
|
memset(&usrv, 0, sizeof(usrv));
|
|
if (setusrv(&usrv) < 0)
|
|
fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__,
|
|
strerror(errno));
|
|
|
|
if ((privstate = priv_init_proc()) != NULL) {
|
|
result = priv_set_proc(privstate);
|
|
if (result != 0 )
|
|
fatal("%s(%d): priv_set_proc(): %s",
|
|
__FILE__, __LINE__, strerror(errno));
|
|
priv_free_proc(privstate);
|
|
}
|
|
debug ("Privileges should be cleared...");
|
|
#else
|
|
/* XXX: do this differently */
|
|
# error Cray systems must be run with _SC_CRAY_PRIV_SU on!
|
|
#endif
|
|
}
|
|
|
|
|
|
/*
|
|
* Retain utmp/wtmp information - used by cray accounting.
|
|
*/
|
|
void
|
|
cray_retain_utmp(struct utmp *ut, int pid)
|
|
{
|
|
int fd;
|
|
struct utmp utmp;
|
|
|
|
if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) {
|
|
while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) {
|
|
if (pid == utmp.ut_pid) {
|
|
ut->ut_jid = utmp.ut_jid;
|
|
/* XXX: MIN_SIZEOF here? can this go in loginrec? */
|
|
strncpy(ut->ut_tpath, utmp.ut_tpath, sizeof(utmp.ut_tpath));
|
|
strncpy(ut->ut_host, utmp.ut_host, sizeof(utmp.ut_host));
|
|
strncpy(ut->ut_name, utmp.ut_name, sizeof(utmp.ut_name));
|
|
break;
|
|
}
|
|
}
|
|
close(fd);
|
|
}
|
|
/* XXX: error message? */
|
|
}
|
|
|
|
/*
|
|
* tmpdir support.
|
|
*/
|
|
|
|
/*
|
|
* find and delete jobs tmpdir.
|
|
*/
|
|
void
|
|
cray_delete_tmpdir(char *login, int jid, uid_t uid)
|
|
{
|
|
int child;
|
|
static char jtmp[TPATHSIZ];
|
|
struct stat statbuf;
|
|
int c;
|
|
int wstat;
|
|
|
|
for (c = 'a'; c <= 'z'; c++) {
|
|
snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c);
|
|
if (stat(jtmp, &statbuf) == 0 && statbuf.st_uid == uid)
|
|
break;
|
|
}
|
|
|
|
if (c > 'z')
|
|
return;
|
|
|
|
if ((child = fork()) == 0) {
|
|
execl(CLEANTMPCMD, CLEANTMPCMD, login, jtmp, (char *)NULL);
|
|
fatal("cray_delete_tmpdir: execl of CLEANTMPCMD failed");
|
|
}
|
|
|
|
while (waitpid(child, &wstat, 0) == -1 && errno == EINTR)
|
|
;
|
|
}
|
|
|
|
/*
|
|
* Remove tmpdir on job termination.
|
|
*/
|
|
void
|
|
cray_job_termination_handler(int sig)
|
|
{
|
|
int jid;
|
|
char *login = NULL;
|
|
struct jtab jtab;
|
|
|
|
debug("Received SIG JOB.");
|
|
|
|
if ((jid = waitjob(&jtab)) == -1 ||
|
|
(login = uid2nam(jtab.j_uid)) == NULL)
|
|
return;
|
|
|
|
cray_delete_tmpdir(login, jid, jtab.j_uid);
|
|
}
|
|
|
|
/*
|
|
* Set job id and create tmpdir directory.
|
|
*/
|
|
void
|
|
cray_init_job(struct passwd *pw)
|
|
{
|
|
int jid;
|
|
int c;
|
|
|
|
jid = setjob(pw->pw_uid, WJSIGNAL);
|
|
if (jid < 0)
|
|
fatal("System call setjob failure");
|
|
|
|
for (c = 'a'; c <= 'z'; c++) {
|
|
snprintf(cray_tmpdir, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c);
|
|
if (mkdir(cray_tmpdir, JTMPMODE) != 0)
|
|
continue;
|
|
if (chown(cray_tmpdir, pw->pw_uid, pw->pw_gid) != 0) {
|
|
rmdir(cray_tmpdir);
|
|
continue;
|
|
}
|
|
break;
|
|
}
|
|
|
|
if (c > 'z')
|
|
cray_tmpdir[0] = '\0';
|
|
}
|
|
|
|
void
|
|
cray_set_tmpdir(struct utmp *ut)
|
|
{
|
|
int jid;
|
|
struct jtab jbuf;
|
|
|
|
if ((jid = getjtab(&jbuf)) < 0)
|
|
return;
|
|
|
|
/*
|
|
* Set jid and tmpdir in utmp record.
|
|
*/
|
|
ut->ut_jid = jid;
|
|
strncpy(ut->ut_tpath, cray_tmpdir, TPATHSIZ);
|
|
}
|
|
#endif
|