diff options
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | acconfig.h | 5 | ||||
| -rw-r--r-- | auth1.c | 9 | ||||
| -rw-r--r-- | auth2.c | 11 | ||||
| -rw-r--r-- | configure.ac | 7 | ||||
| -rw-r--r-- | defines.h | 14 | ||||
| -rw-r--r-- | includes.h | 8 | ||||
| -rw-r--r-- | loginrec.c | 6 | ||||
| -rw-r--r-- | openbsd-compat/bsd-cray.c | 4 | ||||
| -rw-r--r-- | openbsd-compat/bsd-cray.h | 4 | ||||
| -rw-r--r-- | serverloop.c | 2 | ||||
| -rw-r--r-- | session.c | 27 | ||||
| -rw-r--r-- | sshd.c | 2 | ||||
| -rw-r--r-- | sshpty.c | 8 |
14 files changed, 86 insertions, 25 deletions
@@ -1,6 +1,8 @@ 20020925 - (bal) Fix issue where successfull login does not clear failure counts in AIX. Patch by dtucker@zip.com.au ok by djm + - (tim) Cray fixes (bug 367) based on patch from Wendy Palm @ cray. + This does not include the deattack.c fixes. 20020923 - (djm) OpenBSD CVS Sync @@ -719,4 +721,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2481 2002/09/25 23:14:14 mouring Exp $ +$Id: ChangeLog,v 1.2482 2002/09/26 00:38:46 tim Exp $ @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.144 2002/07/14 20:36:50 tim Exp $ */ +/* $Id: acconfig.h,v 1.145 2002/09/26 00:38:48 tim Exp $ */ #ifndef _CONFIG_H #define _CONFIG_H @@ -150,6 +150,9 @@ /* Define if you don't want to use lastlog */ #undef DISABLE_LASTLOG +/* Define if you don't want to use lastlog in session.c */ +#undef NO_SSH_LASTLOG + /* Define if you don't want to use utmp */ #undef DISABLE_UTMP @@ -304,6 +304,15 @@ do_authloop(Authctxt *authctxt) fatal("INTERNAL ERROR: authenticated invalid user %s", authctxt->user); +#ifdef _UNICOS + if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated) + cray_login_failure(authctxt->user, IA_UDBERR); + if (authenticated && cray_access_denied(authctxt->user)) { + authenticated = 0; + fatal("Access denied for user %s.",authctxt->user); + } +#endif /* _UNICOS */ + #ifdef HAVE_CYGWIN if (authenticated && !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) { @@ -216,6 +216,13 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) authenticated = 0; #endif /* USE_PAM */ +#ifdef _UNICOS + if (authenticated && cray_access_denied(authctxt->user)) { + authenticated = 0; + fatal("Access denied for user %s.",authctxt->user); + } +#endif /* _UNICOS */ + /* Log before sending the reply */ auth_log(authctxt, authenticated, method, " ssh2"); @@ -235,6 +242,10 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) if (authctxt->failures++ > AUTH_FAIL_MAX) { packet_disconnect(AUTH_FAIL_MSG, authctxt->user); } +#ifdef _UNICOS + if (strcmp(method, "password") == 0) + cray_login_failure(authctxt->user, IA_UDBERR); +#endif /* _UNICOS */ methods = authmethods_get(); packet_start(SSH2_MSG_USERAUTH_FAILURE); packet_put_cstring(methods); diff --git a/configure.ac b/configure.ac index f88d993e..5fe50e56 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.88 2002/09/23 23:54:12 tim Exp $ +# $Id: configure.ac,v 1.89 2002/09/26 00:38:47 tim Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -303,6 +303,7 @@ mips-sony-bsd|mips-sony-newsos4) no_libnsl=1 AC_DEFINE(USE_PIPES) AC_DEFINE(DISABLE_FD_PASSING) + AC_DEFINE(NO_SSH_LASTLOG) LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal" LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm" MANTYPE=cat @@ -376,14 +377,14 @@ AC_ARG_WITH(libs, # Checks for header files. AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \ - getopt.h glob.h lastlog.h limits.h login.h \ + getopt.h glob.h ia.h lastlog.h limits.h login.h \ login_cap.h maillock.h netdb.h netgroup.h \ netinet/in_systm.h paths.h pty.h readpassphrase.h \ rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \ strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \ sys/mman.h sys/select.h sys/stat.h \ sys/stropts.h sys/sysmacros.h sys/time.h \ - sys/un.h time.h ttyent.h usersec.h \ + sys/un.h time.h tmpdir.h ttyent.h usersec.h \ util.h utime.h utmp.h utmpx.h) # Checks for libraries. @@ -1,7 +1,7 @@ #ifndef _DEFINES_H #define _DEFINES_H -/* $Id: defines.h,v 1.95 2002/08/21 02:54:12 mouring Exp $ */ +/* $Id: defines.h,v 1.96 2002/09/26 00:38:48 tim Exp $ */ /* Constants */ @@ -124,7 +124,7 @@ typedef char int8_t; # if (SIZEOF_SHORT_INT == 2) typedef short int int16_t; # else -# if defined(_CRAY) && !defined(_CRAYSV2) +# ifdef _UNICOS # if (SIZEOF_SHORT_INT == 4) typedef short int16_t; # else @@ -132,16 +132,16 @@ typedef long int16_t; # endif # else # error "16 bit int type not found." -# endif /* _CRAY */ +# endif /* _UNICOS */ # endif # if (SIZEOF_INT == 4) typedef int int32_t; # else -# if defined(_CRAY) && !defined(_CRAYSV2) +# ifdef _UNICOS typedef long int32_t; # else # error "32 bit int type not found." -# endif /* _CRAY */ +# endif /* _UNICOS */ # endif #endif @@ -161,7 +161,7 @@ typedef unsigned char u_int8_t; # if (SIZEOF_SHORT_INT == 2) typedef unsigned short int u_int16_t; # else -# if defined(_CRAY) && !defined(_CRAYSV2) +# ifdef _UNICOS # if (SIZEOF_SHORT_INT == 4) typedef unsigned short u_int16_t; # else @@ -174,7 +174,7 @@ typedef unsigned long u_int16_t; # if (SIZEOF_INT == 4) typedef unsigned int u_int32_t; # else -# if defined(_CRAY) && !defined(_CRAYSV2) +# ifdef _UNICOS typedef unsigned long u_int32_t; # else # error "32 bit int type not found." @@ -149,6 +149,14 @@ static /**/const char *const rcsid[] = { (char *)rcsid, "\100(#)" msg } # include <readpassphrase.h> #endif +#ifdef HAVE_IA_H +# include <ia.h> +#endif + +#ifdef HAVE_TMPDIR_H +# include <tmpdir.h> +#endif + #include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */ #include "defines.h" @@ -163,7 +163,7 @@ #include "log.h" #include "atomicio.h" -RCSID("$Id: loginrec.c,v 1.43 2002/07/22 23:34:25 mouring Exp $"); +RCSID("$Id: loginrec.c,v 1.44 2002/09/26 00:38:49 tim Exp $"); #ifdef HAVE_UTIL_H # include <util.h> @@ -622,13 +622,13 @@ construct_utmp(struct logininfo *li, switch (li->type) { case LTYPE_LOGIN: ut->ut_type = USER_PROCESS; -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS cray_set_tmpdir(ut); #endif break; case LTYPE_LOGOUT: ut->ut_type = DEAD_PROCESS; -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS cray_retain_utmp(ut, li->pid); #endif break; diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c index 8a14b080..edb3112b 100644 --- a/openbsd-compat/bsd-cray.c +++ b/openbsd-compat/bsd-cray.c @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.c,v 1.7 2002/07/23 21:00:18 mouring Exp $ + * $Id: bsd-cray.c,v 1.8 2002/09/26 00:38:51 tim Exp $ * * bsd-cray.c * @@ -34,7 +34,7 @@ * on UNICOS systems. * */ -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS #include <udb.h> #include <tmpdir.h> diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h index 0b75b226..8868b436 100644 --- a/openbsd-compat/bsd-cray.h +++ b/openbsd-compat/bsd-cray.h @@ -1,5 +1,5 @@ /* - * $Id: bsd-cray.h,v 1.4 2002/07/23 21:00:18 mouring Exp $ + * $Id: bsd-cray.h,v 1.5 2002/09/26 00:38:51 tim Exp $ * * bsd-cray.h * @@ -37,7 +37,7 @@ #ifndef _BSD_CRAY_H #define _BSD_CRAY_H -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS void cray_init_job(struct passwd *); /* init cray job */ void cray_job_termination_handler(int); /* process end of job signal */ void cray_login_failure(char *username, int errcode); diff --git a/serverloop.c b/serverloop.c index 5112de68..58e20dfb 100644 --- a/serverloop.c +++ b/serverloop.c @@ -144,7 +144,9 @@ sigchld_handler(int sig) int save_errno = errno; debug("Received SIGCHLD."); child_terminated = 1; +#ifndef _UNICOS mysignal(SIGCHLD, sigchld_handler); +#endif notify_parent(); errno = save_errno; } @@ -512,10 +512,17 @@ do_exec_no_pty(Session *s, const char *command) perror("dup2 stderr"); #endif /* USE_PIPES */ +#ifdef _UNICOS + cray_init_job(s->pw); /* set up cray jid and tmpdir */ +#endif + /* Do processing for the child (exec command etc). */ do_child(s, command); /* NOTREACHED */ } +#ifdef _UNICOS + signal(WJSIGNAL, cray_job_termination_handler); +#endif /* _UNICOS */ #ifdef HAVE_CYGWIN if (is_winnt) cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); @@ -603,8 +610,12 @@ do_exec_pty(Session *s, const char *command) /* record login, etc. similar to login(1) */ #ifndef HAVE_OSF_SIA - if (!(options.use_login && command == NULL)) + if (!(options.use_login && command == NULL)) { +#ifdef _UNICOS + cray_init_job(s->pw); /* set up cray jid and tmpdir */ +#endif /* _UNICOS */ do_login(s, command); + } # ifdef LOGIN_NEEDS_UTMPX else do_pre_login(s); @@ -615,6 +626,9 @@ do_exec_pty(Session *s, const char *command) do_child(s, command); /* NOTREACHED */ } +#ifdef _UNICOS + signal(WJSIGNAL, cray_job_termination_handler); +#endif /* _UNICOS */ #ifdef HAVE_CYGWIN if (is_winnt) cygwin_set_impersonation_token(INVALID_HANDLE_VALUE); @@ -755,6 +769,7 @@ do_login(Session *s, const char *command) printf("%s\n", aixloginmsg); #endif /* WITH_AIXAUTHENTICATE */ +#ifndef NO_SSH_LASTLOG if (options.print_lastlog && s->last_login_time != 0) { time_string = ctime(&s->last_login_time); if (strchr(time_string, '\n')) @@ -765,6 +780,7 @@ do_login(Session *s, const char *command) printf("Last login: %s from %s\r\n", time_string, s->hostname); } +#endif /* NO_SSH_LASTLOG */ do_motd(); } @@ -1024,6 +1040,11 @@ do_setup_env(Session *s, const char *shell) child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND", original_command); +#ifdef _UNICOS + if (cray_tmpdir[0] != '\0') + child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir); +#endif /* _UNICOS */ + #ifdef _AIX { char *cp; @@ -1275,6 +1296,10 @@ do_child(Session *s, const char *command) if (options.use_login && command != NULL) options.use_login = 0; +#ifdef _UNICOS + cray_setup(pw->pw_uid, pw->pw_name, command); +#endif /* _UNICOS */ + /* * Login(1) does this as well, and it needs uid 0 for the "-h" * switch, so we let login(1) to this for us. @@ -940,7 +940,7 @@ main(int ac, char **av) SYSLOG_FACILITY_AUTH : options.log_facility, !inetd_flag); -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS /* Cray can define user privs drop all prives now! * Not needed on PRIV_SU systems! */ @@ -162,7 +162,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) } return 1; #else /* HAVE_DEV_PTS_AND_PTC */ -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS char buf[64]; int i; int highpty; @@ -268,7 +268,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) void *old; #endif /* USE_VHANGUP */ -#if defined(_CRAY) && !defined(_CRAYSV2) +#ifdef _UNICOS if (setsid() < 0) error("setsid: %.100s", strerror(errno)); @@ -290,7 +290,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) error("%.100s: %.100s", ttyname, strerror(errno)); close(*ttyfd); *ttyfd = fd; -#else /* _CRAY */ +#else /* _UNICOS */ /* First disconnect from the old controlling tty. */ #ifdef TIOCNOTTY @@ -345,7 +345,7 @@ pty_make_controlling_tty(int *ttyfd, const char *ttyname) strerror(errno)); else close(fd); -#endif /* _CRAY */ +#endif /* _UNICOS */ } /* Changes the window size associated with the pty. */ |