Call for testing for 3.5 OpenSSH

Wed Sep 25 03:03:49 EST 2002

Will this patch work for you?
It's got everything except your deattack.c patch.


On Tue, 24 Sep 2002, Wendy Palm wrote:

[snip]
> ia.h does not exist on the sv2.  yes, can do the check in
> configure.
>
> > > *** openssh/session.c   Wed Sep 18 20:50:49 2002
> > > --- openssh.cray/session.c      Mon Sep 23 12:47:35 2002
> > > + #if defined(_CRAY) && ! defined(_CRAYSV2)
> > > + #include <tmpdir.h>
> > > + #endif
> >
> > Can we use HAVE_TMPDIR_H ?
>
> however you guys want to do it is fine with me.

-- 
Tim Rice				Multitalents	(707) 887-1469
tim at multitalents.net

-------------- next part --------------

--- configure.ac.old	Mon Sep 23 16:54:12 2002
+++ configure.ac	Tue Sep 24 08:47:08 2002
@@ -376,14 +376,14 @@
 
 # Checks for header files.
 AC_CHECK_HEADERS(bstring.h crypt.h endian.h floatingpoint.h \
-	getopt.h glob.h lastlog.h limits.h login.h \
+	getopt.h glob.h ia.h lastlog.h limits.h login.h \
 	login_cap.h maillock.h netdb.h netgroup.h \
 	netinet/in_systm.h paths.h pty.h readpassphrase.h \
 	rpc/types.h security/pam_appl.h shadow.h stddef.h stdint.h \
 	strings.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h \
 	sys/mman.h sys/select.h sys/stat.h \
 	sys/stropts.h sys/sysmacros.h sys/time.h \
-	sys/un.h time.h ttyent.h usersec.h \
+	sys/un.h time.h tmpdir.h ttyent.h usersec.h \
 	util.h utime.h utmp.h utmpx.h)
 
 # Checks for libraries.
--- includes.h.old	Thu Jul 18 09:57:09 2002
+++ includes.h	Tue Sep 24 08:50:37 2002
@@ -149,6 +149,14 @@
 # include <readpassphrase.h>
 #endif
 
+#ifdef HAVE_IA_H
+# include <ia.h>
+#endif
+
+#ifdef HAVE_TMPDIR_H
+# include <tmpdir.h>
+#endif
+
 #include <openssl/opensslv.h> /* For OPENSSL_VERSION_NUMBER */
 
 #include "defines.h"
--- auth1.c.orig	Thu Sep 12 13:09:26 2002
+++ auth1.c	Tue Sep 24 09:07:59 2002
@@ -304,6 +304,15 @@
 			fatal("INTERNAL ERROR: authenticated invalid user %s",
 			    authctxt->user);
 
+# if defined(_CRAY) && ! defined(_CRAYSV2)
+		if (type == SSH_CMSG_AUTH_PASSWORD && !authenticated)
+			cray_login_failure(authctxt->user, IA_UDBERR);
+		if (authenticated && cray_access_denied(authctxt->user)) {
+			authenticated = 0;
+			fatal("Access denied for user %s.",authctxt->user);
+		}
+#endif /* _CRAY */
+
 #ifdef HAVE_CYGWIN
 		if (authenticated &&
 		    !check_nt_auth(type == SSH_CMSG_AUTH_PASSWORD, pw)) {
--- auth2.c.orig	Tue Sep 10 10:09:45 2002
+++ auth2.c	Tue Sep 24 09:07:59 2002
@@ -216,6 +216,13 @@
 		authenticated = 0;
 #endif /* USE_PAM */
 
+#if defined(_CRAY) && !defined(_CRAYSV2)
+	if (authenticated && cray_access_denied(authctxt->user)) {
+		authenticated = 0;
+		fatal("Access denied for user %s.",authctxt->user);
+	}
+#endif /* _CRAY */
+
 	/* Log before sending the reply */
 	auth_log(authctxt, authenticated, method, " ssh2");
 
@@ -235,6 +242,10 @@
 		if (authctxt->failures++ > AUTH_FAIL_MAX) {
 			packet_disconnect(AUTH_FAIL_MSG, authctxt->user);
 		}
+#if defined(_CRAY) && !defined(_CRAYSV2)
+		if (strcmp(method, "password") == 0)
+			cray_login_failure(authctxt->user, IA_UDBERR);
+#endif /* _CRAY */
 		methods = authmethods_get();
 		packet_start(SSH2_MSG_USERAUTH_FAILURE);
 		packet_put_cstring(methods);
--- serverloop.c.orig	Mon Sep 23 07:28:01 2002
+++ serverloop.c	Tue Sep 24 09:07:59 2002
@@ -144,7 +144,9 @@
 	int save_errno = errno;
 	debug("Received SIGCHLD.");
 	child_terminated = 1;
+#if !defined(_CRAY) || defined(_CRAYSV2)
 	mysignal(SIGCHLD, sigchld_handler);
+#endif
 	notify_parent();
 	errno = save_errno;
 }
--- session.c.orig	Mon Sep 23 07:28:02 2002
+++ session.c	Tue Sep 24 09:07:59 2002
@@ -519,10 +519,17 @@
 			perror("dup2 stderr");
 #endif /* USE_PIPES */
 
+#if defined(_CRAY) && ! defined(_CRAYSV2)
+		cray_init_job(s->pw); /* set up cray jid and tmpdir */
+#endif
+
 		/* Do processing for the child (exec command etc). */
 		do_child(s, command);
 		/* NOTREACHED */
 	}
+#if defined(_CRAY) && ! defined(_CRAYSV2)
+	signal(WJSIGNAL, cray_job_termination_handler);
+#endif /* _CRAY */
 #ifdef HAVE_CYGWIN
 	if (is_winnt)
 		cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
@@ -611,7 +618,12 @@
 		/* record login, etc. similar to login(1) */
 #ifndef HAVE_OSF_SIA
 		if (!(options.use_login && command == NULL))
+		{
+#if defined(_CRAY) && !defined(_CRAYSV2)
+			cray_init_job(s->pw); /* set up cray jid and tmpdir */
+#endif /* _CRAY */
 			do_login(s, command);
+		}
 # ifdef LOGIN_NEEDS_UTMPX
 		else
 			do_pre_login(s);
@@ -622,6 +634,9 @@
 		do_child(s, command);
 		/* NOTREACHED */
 	}
+#if defined(_CRAY) && !defined(_CRAYSV2)
+	signal(WJSIGNAL, cray_job_termination_handler);
+#endif /* _CRAY */
 #ifdef HAVE_CYGWIN
 	if (is_winnt)
 		cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
@@ -762,6 +777,7 @@
 		printf("%s\n", aixloginmsg);
 #endif /* WITH_AIXAUTHENTICATE */
 
+#if !defined(_CRAY) || defined(_CRAYSV2)
 	if (options.print_lastlog && s->last_login_time != 0) {
 		time_string = ctime(&s->last_login_time);
 		if (strchr(time_string, '\n'))
@@ -772,7 +788,7 @@
 			printf("Last login: %s from %s\r\n", time_string,
 			    s->hostname);
 	}
-
+#endif /* _CRAY */
 	do_motd();
 }
 
@@ -1031,6 +1047,11 @@
 		child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
 		    original_command);
 
+#if defined(_CRAY) && !defined(_CRAYSV2)
+	if (cray_tmpdir[0] != '\0')
+		child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir);
+#endif /* _CRAY */
+
 #ifdef _AIX
 	{
 		char *cp;
@@ -1281,6 +1302,10 @@
 	/* login(1) is only called if we execute the login shell */
 	if (options.use_login && command != NULL)
 		options.use_login = 0;
+
+#if defined(_CRAY) && !defined(_CRAYSV2)
+	cray_setup(pw->pw_uid, pw->pw_name, command);
+#endif /* _CRAY */
 
 	/*
 	 * Login(1) does this as well, and it needs uid 0 for the "-h"
