diff options
Diffstat (limited to 'crypto/openssh/openbsd-compat/bsd-cray.c')
-rw-r--r-- | crypto/openssh/openbsd-compat/bsd-cray.c | 300 |
1 files changed, 300 insertions, 0 deletions
diff --git a/crypto/openssh/openbsd-compat/bsd-cray.c b/crypto/openssh/openbsd-compat/bsd-cray.c new file mode 100644 index 0000000..9bab75b --- /dev/null +++ b/crypto/openssh/openbsd-compat/bsd-cray.c @@ -0,0 +1,300 @@ +/* + * $Id: bsd-cray.c,v 1.6 2002/05/15 16:39:51 mouring Exp $ + * + * bsd-cray.c + * + * Copyright (c) 2002, Cray Inc. (Wendy Palm <wendyp@cray.com>) + * Significant portions provided by + * Wayne Schroeder, SDSC <schroeder@sdsc.edu> + * William Jones, UTexas <jones@tacc.utexas.edu> + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF + * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * Created: Apr 22 16.34:00 2002 wp + * + * This file contains functions required for proper execution + * on UNICOS systems. + * + */ + +#ifdef _CRAY +#include <udb.h> +#include <tmpdir.h> +#include <unistd.h> +#include <sys/category.h> +#include <utmp.h> +#include <sys/jtab.h> +#include <signal.h> +#include <sys/priv.h> +#include <sys/secparm.h> +#include <sys/usrv.h> +#include <sys/sysv.h> +#include <sys/sectab.h> +#include <sys/stat.h> +#include <stdlib.h> +#include <pwd.h> +#include <fcntl.h> +#include <errno.h> + +#include "bsd-cray.h" + +char cray_tmpdir[TPATHSIZ+1]; /* job TMPDIR path */ + +/* + * Functions. + */ +void cray_retain_utmp(struct utmp *, int); +void cray_delete_tmpdir(char *, int, uid_t); +void cray_init_job(struct passwd *); +void cray_set_tmpdir(struct utmp *); + + +/* + * Orignal written by: + * Wayne Schroeder + * San Diego Supercomputer Center + * schroeder@sdsc.edu +*/ +void +cray_setup(uid_t uid, char *username) +{ + struct udb *p; + extern char *setlimits(); + int i, j; + int accts[MAXVIDS]; + int naccts; + int err; + char *sr; + int pid; + struct jtab jbuf; + int jid; + + if ((jid = getjtab(&jbuf)) < 0) + fatal("getjtab: no jid"); + + err = setudb(); /* open and rewind the Cray User DataBase */ + if (err != 0) + fatal("UDB open failure"); + naccts = 0; + p = getudbnam(username); + if (p == NULL) + fatal("No UDB entry for %.100s", username); + if (uid != p->ue_uid) + fatal("UDB entry %.100s uid(%d) does not match uid %d", + username, (int) p->ue_uid, (int) uid); + for (j = 0; p->ue_acids[j] != -1 && j < MAXVIDS; j++) { + accts[naccts] = p->ue_acids[j]; + naccts++; + } + endudb(); /* close the udb */ + + if (naccts != 0) { + /* Perhaps someday we'll prompt users who have multiple accounts + to let them pick one (like CRI's login does), but for now just set + the account to the first entry. */ + if (acctid(0, accts[0]) < 0) + fatal("System call acctid failed, accts[0]=%d", accts[0]); + } + + /* Now set limits, including CPU time for the (interactive) job and process, + and set up permissions (for chown etc), etc. This is via an internal CRI + routine, setlimits, used by CRI's login. */ + + pid = getpid(); + sr = setlimits(username, C_PROC, pid, UDBRC_INTER); + if (sr != NULL) + fatal("%.200s", sr); + + sr = setlimits(username, C_JOB, jid, UDBRC_INTER); + if (sr != NULL) + fatal("%.200s", sr); + +} + +/* + * The rc.* and /etc/sdaemon methods of starting a program on unicos/unicosmk + * can have pal privileges that sshd can inherit which + * could allow a user to su to root with out a password. + * This subroutine clears all privileges. + */ +void +drop_cray_privs() +{ +#if defined(_SC_CRAY_PRIV_SU) + priv_proc_t* privstate; + int result; + extern int priv_set_proc(); + extern priv_proc_t* priv_init_proc(); + struct usrv usrv; + + /* + * If ether of theses two flags are not set + * then don't allow this version of ssh to run. + */ + if (!sysconf(_SC_CRAY_PRIV_SU)) + fatal("Not PRIV_SU system."); + if (!sysconf(_SC_CRAY_POSIX_PRIV)) + fatal("Not POSIX_PRIV."); + + debug("Dropping privileges."); + + memset(&usrv, 0, sizeof(usrv)); + if (setusrv(&usrv) < 0) + fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__, + strerror(errno)); + + if ((privstate = priv_init_proc()) != NULL) { + result = priv_set_proc(privstate); + if (result != 0 ) + fatal("%s(%d): priv_set_proc(): %s", + __FILE__, __LINE__, strerror(errno)); + priv_free_proc(privstate); + } + debug ("Privileges should be cleared..."); +#else + /* XXX: do this differently */ +# error Cray systems must be run with _SC_CRAY_PRIV_SU on! +#endif +} + + +/* + * Retain utmp/wtmp information - used by cray accounting. + */ +void +cray_retain_utmp(struct utmp *ut, int pid) +{ + int fd; + struct utmp utmp; + + if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) { + while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) { + if (pid == utmp.ut_pid) { + ut->ut_jid = utmp.ut_jid; + /* XXX: MIN_SIZEOF here? can this go in loginrec? */ + strncpy(ut->ut_tpath, utmp.ut_tpath, sizeof(utmp.ut_tpath)); + strncpy(ut->ut_host, utmp.ut_host, sizeof(utmp.ut_host)); + strncpy(ut->ut_name, utmp.ut_name, sizeof(utmp.ut_name)); + break; + } + } + close(fd); + } + /* XXX: error message? */ +} + +/* + * tmpdir support. + */ + +/* + * find and delete jobs tmpdir. + */ +void +cray_delete_tmpdir(char *login, int jid, uid_t uid) +{ + int child; + static char jtmp[TPATHSIZ]; + struct stat statbuf; + int c; + int wstat; + + for (c = 'a'; c <= 'z'; c++) { + snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c); + if (stat(jtmp, &statbuf) == 0 && statbuf.st_uid == uid) + break; + } + + if (c > 'z') + return; + + if ((child = fork()) == 0) { + execl(CLEANTMPCMD, CLEANTMPCMD, login, jtmp, (char *)NULL); + fatal("cray_delete_tmpdir: execl of CLEANTMPCMD failed"); + } + + while (waitpid(child, &wstat, 0) == -1 && errno == EINTR) + ; +} + +/* + * Remove tmpdir on job termination. + */ +void +cray_job_termination_handler(int sig) +{ + int jid; + char *login = NULL; + struct jtab jtab; + + debug("Received SIG JOB."); + + if ((jid = waitjob(&jtab)) == -1 || + (login = uid2nam(jtab.j_uid)) == NULL) + return; + + cray_delete_tmpdir(login, jid, jtab.j_uid); +} + +/* + * Set job id and create tmpdir directory. + */ +void +cray_init_job(struct passwd *pw) +{ + int jid; + int c; + + jid = setjob(pw->pw_uid, WJSIGNAL); + if (jid < 0) + fatal("System call setjob failure"); + + for (c = 'a'; c <= 'z'; c++) { + snprintf(cray_tmpdir, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c); + if (mkdir(cray_tmpdir, JTMPMODE) != 0) + continue; + if (chown(cray_tmpdir, pw->pw_uid, pw->pw_gid) != 0) { + rmdir(cray_tmpdir); + continue; + } + break; + } + + if (c > 'z') + cray_tmpdir[0] = '\0'; +} + +void +cray_set_tmpdir(struct utmp *ut) +{ + int jid; + struct jtab jbuf; + + if ((jid = getjtab(&jbuf)) < 0) + return; + + /* + * Set jid and tmpdir in utmp record. + */ + ut->ut_jid = jid; + strncpy(ut->ut_tpath, cray_tmpdir, TPATHSIZ); +} +#endif |