[openssh-commits] [openssh] 01/03: Remove UNICOS support.
git+noreply at mindrot.org
git+noreply at mindrot.org
Thu Feb 15 20:07:01 AEDT 2018
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit ddc0f3814881ea279a6b6d4d98e03afc60ae1ed7
Author: Darren Tucker <dtucker at dtucker.net>
Date: Tue Feb 13 09:10:46 2018 +1100
Remove UNICOS support.
The code required to support it is quite invasive to the mainline
code that is synced with upstream and is an ongoing maintenance burden.
Both the hardware and software are literal museum pieces these days and
we could not find anyone still running OpenSSH on one.
---
auth2.c | 8 -
configure.ac | 34 --
defines.h | 24 --
loginrec.c | 6 -
openbsd-compat/Makefile.in | 2 +-
openbsd-compat/bsd-cray.c | 816 ----------------------------------------
openbsd-compat/bsd-cray.h | 59 ---
openbsd-compat/bsd-openpty.c | 11 -
openbsd-compat/openbsd-compat.h | 1 -
session.c | 23 --
sshd.c | 7 -
sshpty.c | 25 --
12 files changed, 1 insertion(+), 1015 deletions(-)
diff --git a/auth2.c b/auth2.c
index 67b6b05e..c80911ae 100644
--- a/auth2.c
+++ b/auth2.c
@@ -349,13 +349,6 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
}
#endif
-#ifdef _UNICOS
- if (authenticated && cray_access_denied(authctxt->user)) {
- authenticated = 0;
- fatal("Access denied for user %s.", authctxt->user);
- }
-#endif /* _UNICOS */
-
if (authenticated == 1) {
/* turn off userauth */
ssh_dispatch_set(ssh, SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore);
@@ -366,7 +359,6 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method,
authctxt->success = 1;
ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
} else {
-
/* Allow initial try of "none" auth without failure penalty */
if (!partial && !authctxt->server_caused_failure &&
(authctxt->attempt > 1 || strcmp(method, "none") != 0))
diff --git a/configure.ac b/configure.ac
index 753395f1..38600e32 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1073,40 +1073,6 @@ mips-sony-bsd|mips-sony-newsos4)
TEST_SHELL=$SHELL # let configure find us a capable shell
SKIP_DISABLE_LASTLOG_DEFINE=yes
;;
-*-*-unicosmk*)
- AC_DEFINE([NO_SSH_LASTLOG], [1],
- [Define if you don't want to use lastlog in session.c])
- AC_DEFINE([SETEUID_BREAKS_SETUID])
- AC_DEFINE([BROKEN_SETREUID])
- AC_DEFINE([BROKEN_SETREGID])
- AC_DEFINE([USE_PIPES])
- AC_DEFINE([DISABLE_FD_PASSING])
- LDFLAGS="$LDFLAGS"
- LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
- MANTYPE=cat
- ;;
-*-*-unicosmp*)
- AC_DEFINE([SETEUID_BREAKS_SETUID])
- AC_DEFINE([BROKEN_SETREUID])
- AC_DEFINE([BROKEN_SETREGID])
- AC_DEFINE([WITH_ABBREV_NO_TTY])
- AC_DEFINE([USE_PIPES])
- AC_DEFINE([DISABLE_FD_PASSING])
- LDFLAGS="$LDFLAGS"
- LIBS="$LIBS -lgen -lacid -ldb"
- MANTYPE=cat
- ;;
-*-*-unicos*)
- AC_DEFINE([SETEUID_BREAKS_SETUID])
- AC_DEFINE([BROKEN_SETREUID])
- AC_DEFINE([BROKEN_SETREGID])
- AC_DEFINE([USE_PIPES])
- AC_DEFINE([DISABLE_FD_PASSING])
- AC_DEFINE([NO_SSH_LASTLOG])
- LDFLAGS="$LDFLAGS -Wl,-Dmsglevel=334:fatal"
- LIBS="$LIBS -lgen -lrsc -lshare -luex -lacm"
- MANTYPE=cat
- ;;
*-dec-osf*)
AC_MSG_CHECKING([for Digital Unix SIA])
no_osfsia=""
diff --git a/defines.h b/defines.h
index f1662edc..3fa5ec5a 100644
--- a/defines.h
+++ b/defines.h
@@ -214,24 +214,12 @@ typedef signed char int8_t;
# if (SIZEOF_SHORT_INT == 2)
typedef short int int16_t;
# else
-# ifdef _UNICOS
-# if (SIZEOF_SHORT_INT == 4)
-typedef short int16_t;
-# else
-typedef long int16_t;
-# endif
-# else
# error "16 bit int type not found."
-# endif /* _UNICOS */
# endif
# if (SIZEOF_INT == 4)
typedef int int32_t;
# else
-# ifdef _UNICOS
-typedef long int32_t;
-# else
# error "32 bit int type not found."
-# endif /* _UNICOS */
# endif
#endif
@@ -247,24 +235,12 @@ typedef unsigned char u_int8_t;
# if (SIZEOF_SHORT_INT == 2)
typedef unsigned short int u_int16_t;
# else
-# ifdef _UNICOS
-# if (SIZEOF_SHORT_INT == 4)
-typedef unsigned short u_int16_t;
-# else
-typedef unsigned long u_int16_t;
-# endif
-# else
# error "16 bit int type not found."
-# endif
# endif
# if (SIZEOF_INT == 4)
typedef unsigned int u_int32_t;
# else
-# ifdef _UNICOS
-typedef unsigned long u_int32_t;
-# else
# error "32 bit int type not found."
-# endif
# endif
# endif
#define __BIT_TYPES_DEFINED__
diff --git a/loginrec.c b/loginrec.c
index 788553e9..bdbc9bbf 100644
--- a/loginrec.c
+++ b/loginrec.c
@@ -663,15 +663,9 @@ construct_utmp(struct logininfo *li,
switch (li->type) {
case LTYPE_LOGIN:
ut->ut_type = USER_PROCESS;
-#ifdef _UNICOS
- cray_set_tmpdir(ut);
-#endif
break;
case LTYPE_LOGOUT:
ut->ut_type = DEAD_PROCESS;
-#ifdef _UNICOS
- cray_retain_utmp(ut, li->pid);
-#endif
break;
}
# endif
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 213ded4d..62dbf856 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@
OPENBSD=base64.o basename.o bcrypt_pbkdf.o bindresvport.o blowfish.o daemon.o dirname.o fmt_scaled.o getcwd.o getgrouplist.o getopt_long.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o pwcache.o readpassphrase.o reallocarray.o realpath.o recallocarray.o rresvport.o setenv.o setproctitle.o sha1.o sha2.o rmd160.o md5.o sigact.o strcasestr.o strlcat.o strlcpy.o strmode.o strnlen.o strptime.o strsep.o strtonum.o strtoll.o strtoul.o strtoull.o timingsafe_bcmp.o vis.o bl [...]
-COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-getpagesize.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-malloc.o bsd-setres_id.o bsd-signal.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o
+COMPAT=arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-err.o bsd-getpagesize.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-malloc.o bsd-setres_id.o bsd-signal.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xcrypt.o kludge-fd_set.o
PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-net.o port-uw.o
diff --git a/openbsd-compat/bsd-cray.c b/openbsd-compat/bsd-cray.c
deleted file mode 100644
index c02e6326..00000000
--- a/openbsd-compat/bsd-cray.c
+++ /dev/null
@@ -1,816 +0,0 @@
-/*
- *
- * bsd-cray.c
- *
- * Copyright (c) 2002, Cray Inc. (Wendy Palm <wendyp at cray.com>)
- * Significant portions provided by
- * Wayne Schroeder, SDSC <schroeder at sdsc.edu>
- * William Jones, UTexas <jones at tacc.utexas.edu>
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * Created: Apr 22 16.34:00 2002 wp
- *
- * This file contains functions required for proper execution
- * on UNICOS systems.
- *
- */
-#ifdef _UNICOS
-
-#include <udb.h>
-#include <tmpdir.h>
-#include <unistd.h>
-#include <sys/category.h>
-#include <utmp.h>
-#include <sys/jtab.h>
-#include <signal.h>
-#include <sys/priv.h>
-#include <sys/secparm.h>
-#include <sys/tfm.h>
-#include <sys/usrv.h>
-#include <sys/sysv.h>
-#include <sys/sectab.h>
-#include <sys/secstat.h>
-#include <sys/stat.h>
-#include <sys/session.h>
-#include <stdarg.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-#include <pwd.h>
-#include <fcntl.h>
-#include <errno.h>
-#include <ia.h>
-#include <urm.h>
-#include "ssh.h"
-
-#include "includes.h"
-#include "sys/types.h"
-
-#ifndef HAVE_STRUCT_SOCKADDR_STORAGE
-# define _SS_MAXSIZE 128 /* Implementation specific max size */
-# define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr))
-
-# define ss_family ss_sa.sa_family
-#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */
-
-#ifndef IN6_IS_ADDR_LOOPBACK
-# define IN6_IS_ADDR_LOOPBACK(a) \
- (((u_int32_t *) (a))[0] == 0 && ((u_int32_t *) (a))[1] == 0 && \
- ((u_int32_t *) (a))[2] == 0 && ((u_int32_t *) (a))[3] == htonl (1))
-#endif /* !IN6_IS_ADDR_LOOPBACK */
-
-#ifndef AF_INET6
-/* Define it to something that should never appear */
-#define AF_INET6 AF_MAX
-#endif
-
-#include "log.h"
-#include "servconf.h"
-#include "bsd-cray.h"
-
-#define MAXACID 80
-
-extern ServerOptions options;
-
-char cray_tmpdir[TPATHSIZ + 1]; /* job TMPDIR path */
-
-struct sysv sysv; /* system security structure */
-struct usrv usrv; /* user security structure */
-
-/*
- * Functions.
- */
-void cray_retain_utmp(struct utmp *, int);
-void cray_delete_tmpdir(char *, int, uid_t);
-void cray_init_job(struct passwd *);
-void cray_set_tmpdir(struct utmp *);
-void cray_login_failure(char *, int);
-int cray_setup(uid_t, char *, const char *);
-int cray_access_denied(char *);
-
-void
-cray_login_failure(char *username, int errcode)
-{
- struct udb *ueptr; /* UDB pointer for username */
- ia_failure_t fsent; /* ia_failure structure */
- ia_failure_ret_t fret; /* ia_failure return stuff */
- struct jtab jtab; /* job table structure */
- int jid = 0; /* job id */
-
- if ((jid = getjtab(&jtab)) < 0)
- debug("cray_login_failure(): getjtab error");
-
- getsysudb();
- if ((ueptr = getudbnam(username)) == UDB_NULL)
- debug("cray_login_failure(): getudbname() returned NULL");
- endudb();
-
- memset(&fsent, '\0', sizeof(fsent));
- fsent.revision = 0;
- fsent.uname = username;
- fsent.host = (char *)get_canonical_hostname(options.use_dns);
- fsent.ttyn = "sshd";
- fsent.caller = IA_SSHD;
- fsent.flags = IA_INTERACTIVE;
- fsent.ueptr = ueptr;
- fsent.jid = jid;
- fsent.errcode = errcode;
- fsent.pwdp = NULL;
- fsent.exitcode = 0; /* dont exit in ia_failure() */
-
- fret.revision = 0;
- fret.normal = 0;
-
- /*
- * Call ia_failure because of an login failure.
- */
- ia_failure(&fsent, &fret);
-}
-
-/*
- * Cray access denied
- */
-int
-cray_access_denied(char *username)
-{
- struct udb *ueptr; /* UDB pointer for username */
- int errcode; /* IA errorcode */
-
- errcode = 0;
- getsysudb();
- if ((ueptr = getudbnam(username)) == UDB_NULL)
- debug("cray_login_failure(): getudbname() returned NULL");
- endudb();
-
- if (ueptr != NULL && ueptr->ue_disabled)
- errcode = IA_DISABLED;
- if (errcode)
- cray_login_failure(username, errcode);
-
- return (errcode);
-}
-
-/*
- * record_failed_login: generic "login failed" interface function
- */
-void
-record_failed_login(const char *user, const char *hostname, const char *ttyname)
-{
- cray_login_failure((char *)user, IA_UDBERR);
-}
-
-int
-cray_setup (uid_t uid, char *username, const char *command)
-{
- extern struct udb *getudb();
- extern char *setlimits();
-
- int err; /* error return */
- time_t system_time; /* current system clock */
- time_t expiration_time; /* password expiration time */
- int maxattempts; /* maximum no. of failed login attempts */
- int SecureSys; /* unicos security flag */
- int minslevel = 0; /* system minimum security level */
- int i, j;
- int valid_acct = -1; /* flag for reading valid acct */
- char acct_name[MAXACID] = { "" }; /* used to read acct name */
- struct jtab jtab; /* Job table struct */
- struct udb ue; /* udb entry for logging-in user */
- struct udb *up; /* pointer to UDB entry */
- struct secstat secinfo; /* file security attributes */
- struct servprov init_info; /* used for sesscntl() call */
- int jid; /* job ID */
- int pid; /* process ID */
- char *sr; /* status return from setlimits() */
- char *ttyn = NULL; /* ttyname or command name*/
- char hostname[MAXHOSTNAMELEN];
- /* passwd stuff for ia_user */
- passwd_t pwdacm, pwddialup, pwdudb, pwdwal, pwddce;
- ia_user_ret_t uret; /* stuff returned from ia_user */
- ia_user_t usent; /* ia_user main structure */
- int ia_rcode; /* ia_user return code */
- ia_failure_t fsent; /* ia_failure structure */
- ia_failure_ret_t fret; /* ia_failure return stuff */
- ia_success_t ssent; /* ia_success structure */
- ia_success_ret_t sret; /* ia_success return stuff */
- int ia_mlsrcode; /* ia_mlsuser return code */
- int secstatrc; /* [f]secstat return code */
-
- if (SecureSys = (int)sysconf(_SC_CRAY_SECURE_SYS)) {
- getsysv(&sysv, sizeof(struct sysv));
- minslevel = sysv.sy_minlvl;
- if (getusrv(&usrv) < 0)
- fatal("getusrv() failed, errno = %d", errno);
- }
- hostname[0] = '\0';
- strlcpy(hostname,
- (char *)get_canonical_hostname(options.use_dns),
- MAXHOSTNAMELEN);
- /*
- * Fetch user's UDB entry.
- */
- getsysudb();
- if ((up = getudbnam(username)) == UDB_NULL)
- fatal("cannot fetch user's UDB entry");
-
- /*
- * Prevent any possible fudging so perform a data
- * safety check and compare the supplied uid against
- * the udb's uid.
- */
- if (up->ue_uid != uid)
- fatal("IA uid missmatch");
- endudb();
-
- if ((jid = getjtab(&jtab)) < 0) {
- debug("getjtab");
- return(-1);
- }
- pid = getpid();
- ttyn = ttyname(0);
- if (SecureSys) {
- if (ttyn != NULL)
- secstatrc = secstat(ttyn, &secinfo);
- else
- secstatrc = fsecstat(1, &secinfo);
-
- if (secstatrc == 0)
- debug("[f]secstat() successful");
- else
- fatal("[f]secstat() error, rc = %d", secstatrc);
- }
- if ((ttyn == NULL) && ((char *)command != NULL))
- ttyn = (char *)command;
- /*
- * Initialize all structures to call ia_user
- */
- usent.revision = 0;
- usent.uname = username;
- usent.host = hostname;
- usent.ttyn = ttyn;
- usent.caller = IA_SSHD;
- usent.pswdlist = &pwdacm;
- usent.ueptr = &ue;
- usent.flags = IA_INTERACTIVE | IA_FFLAG;
- pwdacm.atype = IA_SECURID;
- pwdacm.pwdp = NULL;
- pwdacm.next = &pwdudb;
-
- pwdudb.atype = IA_UDB;
- pwdudb.pwdp = NULL;
- pwdudb.next = &pwddce;
-
- pwddce.atype = IA_DCE;
- pwddce.pwdp = NULL;
- pwddce.next = &pwddialup;
-
- pwddialup.atype = IA_DIALUP;
- pwddialup.pwdp = NULL;
- /* pwddialup.next = &pwdwal; */
- pwddialup.next = NULL;
-
- pwdwal.atype = IA_WAL;
- pwdwal.pwdp = NULL;
- pwdwal.next = NULL;
-
- uret.revision = 0;
- uret.pswd = NULL;
- uret.normal = 0;
-
- ia_rcode = ia_user(&usent, &uret);
- switch (ia_rcode) {
- /*
- * These are acceptable return codes from ia_user()
- */
- case IA_UDBWEEK: /* Password Expires in 1 week */
- expiration_time = ue.ue_pwage.time + ue.ue_pwage.maxage;
- printf ("WARNING - your current password will expire %s\n",
- ctime((const time_t *)&expiration_time));
- break;
- case IA_UDBEXPIRED:
- if (ttyname(0) != NULL) {
- /* Force a password change */
- printf("Your password has expired; Choose a new one.\n");
- execl("/bin/passwd", "passwd", username, 0);
- exit(9);
- }
- break;
- case IA_NORMAL: /* Normal Return Code */
- break;
- case IA_BACKDOOR:
- /* XXX: can we memset it to zero here so save some of this */
- strlcpy(ue.ue_name, "root", sizeof(ue.ue_name));
- strlcpy(ue.ue_dir, "/", sizeof(ue.ue_dir));
- strlcpy(ue.ue_shell, "/bin/sh", sizeof(ue.ue_shell));
-
- ue.ue_passwd[0] = '\0';
- ue.ue_age[0] = '\0';
- ue.ue_comment[0] = '\0';
- ue.ue_loghost[0] = '\0';
- ue.ue_logline[0] = '\0';
-
- ue.ue_uid = -1;
- ue.ue_nice[UDBRC_INTER] = 0;
-
- for (i = 0; i < MAXVIDS; i++)
- ue.ue_gids[i] = 0;
-
- ue.ue_logfails = 0;
- ue.ue_minlvl = ue.ue_maxlvl = ue.ue_deflvl = minslevel;
- ue.ue_defcomps = 0;
- ue.ue_comparts = 0;
- ue.ue_permits = 0;
- ue.ue_trap = 0;
- ue.ue_disabled = 0;
- ue.ue_logtime = 0;
- break;
- case IA_CONSOLE: /* Superuser not from Console */
- case IA_TRUSTED: /* Trusted user */
- if (options.permit_root_login > PERMIT_NO)
- break; /* Accept root login */
- default:
- /*
- * These are failed return codes from ia_user()
- */
- switch (ia_rcode)
- {
- case IA_BADAUTH:
- printf("Bad authorization, access denied.\n");
- break;
- case IA_DISABLED:
- printf("Your login has been disabled. Contact the system ");
- printf("administrator for assistance.\n");
- break;
- case IA_GETSYSV:
- printf("getsysv() failed - errno = %d\n", errno);
- break;
- case IA_MAXLOGS:
- printf("Maximum number of failed login attempts exceeded.\n");
- printf("Access denied.\n");
- break;
- case IA_UDBPWDNULL:
- if (SecureSys)
- printf("NULL Password not allowed on MLS systems.\n");
- break;
- default:
- break;
- }
-
- /*
- * Authentication failed.
- */
- printf("sshd: Login incorrect, (0%o)\n",
- ia_rcode-IA_ERRORCODE);
-
- /*
- * Initialize structure for ia_failure
- * which will exit.
- */
- fsent.revision = 0;
- fsent.uname = username;
- fsent.host = hostname;
- fsent.ttyn = ttyn;
- fsent.caller = IA_SSHD;
- fsent.flags = IA_INTERACTIVE;
- fsent.ueptr = &ue;
- fsent.jid = jid;
- fsent.errcode = ia_rcode;
- fsent.pwdp = uret.pswd;
- fsent.exitcode = 1;
-
- fret.revision = 0;
- fret.normal = 0;
-
- /*
- * Call ia_failure because of an IA failure.
- * There is no return because ia_failure exits.
- */
- ia_failure(&fsent, &fret);
-
- exit(1);
- }
-
- ia_mlsrcode = IA_NORMAL;
- if (SecureSys) {
- debug("calling ia_mlsuser()");
- ia_mlsrcode = ia_mlsuser(&ue, &secinfo, &usrv, NULL, 0);
- }
- if (ia_mlsrcode != IA_NORMAL) {
- printf("sshd: Login incorrect, (0%o)\n",
- ia_mlsrcode-IA_ERRORCODE);
- /*
- * Initialize structure for ia_failure
- * which will exit.
- */
- fsent.revision = 0;
- fsent.uname = username;
- fsent.host = hostname;
- fsent.ttyn = ttyn;
- fsent.caller = IA_SSHD;
- fsent.flags = IA_INTERACTIVE;
- fsent.ueptr = &ue;
- fsent.jid = jid;
- fsent.errcode = ia_mlsrcode;
- fsent.pwdp = uret.pswd;
- fsent.exitcode = 1;
- fret.revision = 0;
- fret.normal = 0;
-
- /*
- * Call ia_failure because of an IA failure.
- * There is no return because ia_failure exits.
- */
- ia_failure(&fsent,&fret);
- exit(1);
- }
-
- /* Provide login status information */
- if (options.print_lastlog && ue.ue_logtime != 0) {
- printf("Last successful login was : %.*s ", 19,
- (char *)ctime(&ue.ue_logtime));
-
- if (*ue.ue_loghost != '\0') {
- printf("from %.*s\n", sizeof(ue.ue_loghost),
- ue.ue_loghost);
- } else {
- printf("on %.*s\n", sizeof(ue.ue_logline),
- ue.ue_logline);
- }
-
- if (SecureSys && (ue.ue_logfails != 0)) {
- printf(" followed by %d failed attempts\n",
- ue.ue_logfails);
- }
- }
-
- /*
- * Call ia_success to process successful I/A.
- */
- ssent.revision = 0;
- ssent.uname = username;
- ssent.host = hostname;
- ssent.ttyn = ttyn;
- ssent.caller = IA_SSHD;
- ssent.flags = IA_INTERACTIVE;
- ssent.ueptr = &ue;
- ssent.jid = jid;
- ssent.errcode = ia_rcode;
- ssent.us = NULL;
- ssent.time = 1; /* Set ue_logtime */
-
- sret.revision = 0;
- sret.normal = 0;
-
- ia_success(&ssent, &sret);
-
- /*
- * Query for account, iff > 1 valid acid & askacid permbit
- */
- if (((ue.ue_permbits & PERMBITS_ACCTID) ||
- (ue.ue_acids[0] >= 0) && (ue.ue_acids[1] >= 0)) &&
- ue.ue_permbits & PERMBITS_ASKACID) {
- if (ttyname(0) != NULL) {
- debug("cray_setup: ttyname true case, %.100s", ttyname);
- while (valid_acct == -1) {
- printf("Account (? for available accounts)"
- " [%s]: ", acid2nam(ue.ue_acids[0]));
- fgets(acct_name, MAXACID, stdin);
- switch (acct_name[0]) {
- case EOF:
- exit(0);
- break;
- case '\0':
- valid_acct = ue.ue_acids[0];
- strlcpy(acct_name, acid2nam(valid_acct), MAXACID);
- break;
- case '?':
- /* Print the list 3 wide */
- for (i = 0, j = 0; i < MAXVIDS; i++) {
- if (ue.ue_acids[i] == -1) {
- printf("\n");
- break;
- }
- if (++j == 4) {
- j = 1;
- printf("\n");
- }
- printf(" %s",
- acid2nam(ue.ue_acids[i]));
- }
- if (ue.ue_permbits & PERMBITS_ACCTID) {
- printf("\"acctid\" permbit also allows"
- " you to select any valid "
- "account name.\n");
- }
- printf("\n");
- break;
- default:
- valid_acct = nam2acid(acct_name);
- if (valid_acct == -1)
- printf(
- "Account id not found for"
- " account name \"%s\"\n\n",
- acct_name);
- break;
- }
- /*
- * If an account was given, search the user's
- * acids array to verify they can use this account.
- */
- if ((valid_acct != -1) &&
- !(ue.ue_permbits & PERMBITS_ACCTID)) {
- for (i = 0; i < MAXVIDS; i++) {
- if (ue.ue_acids[i] == -1)
- break;
- if (valid_acct == ue.ue_acids[i])
- break;
- }
- if (i == MAXVIDS ||
- ue.ue_acids[i] == -1) {
- fprintf(stderr, "Cannot set"
- " account name to "
- "\"%s\", permission "
- "denied\n\n", acct_name);
- valid_acct = -1;
- }
- }
- }
- } else {
- /*
- * The client isn't connected to a terminal and can't
- * respond to an acid prompt. Use default acid.
- */
- debug("cray_setup: ttyname false case, %.100s",
- ttyname);
- valid_acct = ue.ue_acids[0];
- }
- } else {
- /*
- * The user doesn't have the askacid permbit set or
- * only has one valid account to use.
- */
- valid_acct = ue.ue_acids[0];
- }
- if (acctid(0, valid_acct) < 0) {
- printf ("Bad account id: %d\n", valid_acct);
- exit(1);
- }
-
- /*
- * Now set shares, quotas, limits, including CPU time for the
- * (interactive) job and process, and set up permissions
- * (for chown etc), etc.
- */
- if (setshares(ue.ue_uid, valid_acct, printf, 0, 0)) {
- printf("Unable to give %d shares to <%s>(%d/%d)\n",
- ue.ue_shares, ue.ue_name, ue.ue_uid, valid_acct);
- exit(1);
- }
-
- sr = setlimits(username, C_PROC, pid, UDBRC_INTER);
- if (sr != NULL) {
- debug("%.200s", sr);
- exit(1);
- }
- sr = setlimits(username, C_JOB, jid, UDBRC_INTER);
- if (sr != NULL) {
- debug("%.200s", sr);
- exit(1);
- }
- /*
- * Place the service provider information into
- * the session table (Unicos) or job table (Unicos/mk).
- * There exist double defines for the job/session table in
- * unicos/mk (jtab.h) so no need for a compile time switch.
- */
- memset(&init_info, '\0', sizeof(init_info));
- init_info.s_sessinit.si_id = URM_SPT_LOGIN;
- init_info.s_sessinit.si_pid = getpid();
- init_info.s_sessinit.si_sid = jid;
- sesscntl(0, S_SETSERVPO, (int)&init_info);
-
- /*
- * Set user and controlling tty security attributes.
- */
- if (SecureSys) {
- if (setusrv(&usrv) == -1) {
- debug("setusrv() failed, errno = %d",errno);
- exit(1);
- }
- }
-
- return (0);
-}
-
-/*
- * The rc.* and /etc/sdaemon methods of starting a program on unicos/unicosmk
- * can have pal privileges that sshd can inherit which
- * could allow a user to su to root with out a password.
- * This subroutine clears all privileges.
- */
-void
-drop_cray_privs()
-{
-#if defined(_SC_CRAY_PRIV_SU)
- priv_proc_t *privstate;
- int result;
- extern int priv_set_proc();
- extern priv_proc_t *priv_init_proc();
-
- /*
- * If ether of theses two flags are not set
- * then don't allow this version of ssh to run.
- */
- if (!sysconf(_SC_CRAY_PRIV_SU))
- fatal("Not PRIV_SU system.");
- if (!sysconf(_SC_CRAY_POSIX_PRIV))
- fatal("Not POSIX_PRIV.");
-
- debug("Setting MLS labels.");;
-
- if (sysconf(_SC_CRAY_SECURE_MAC)) {
- usrv.sv_minlvl = SYSLOW;
- usrv.sv_actlvl = SYSHIGH;
- usrv.sv_maxlvl = SYSHIGH;
- } else {
- usrv.sv_minlvl = sysv.sy_minlvl;
- usrv.sv_actlvl = sysv.sy_minlvl;
- usrv.sv_maxlvl = sysv.sy_maxlvl;
- }
- usrv.sv_actcmp = 0;
- usrv.sv_valcmp = sysv.sy_valcmp;
-
- usrv.sv_intcat = TFM_SYSTEM;
- usrv.sv_valcat |= (TFM_SYSTEM | TFM_SYSFILE);
-
- if (setusrv(&usrv) < 0) {
- fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__,
- strerror(errno));
- }
-
- if ((privstate = priv_init_proc()) != NULL) {
- result = priv_set_proc(privstate);
- if (result != 0 ) {
- fatal("%s(%d): priv_set_proc(): %s",
- __FILE__, __LINE__, strerror(errno));
- }
- priv_free_proc(privstate);
- }
- debug ("Privileges should be cleared...");
-#else
- /* XXX: do this differently */
-# error Cray systems must be run with _SC_CRAY_PRIV_SU on!
-#endif
-}
-
-
-/*
- * Retain utmp/wtmp information - used by cray accounting.
- */
-void
-cray_retain_utmp(struct utmp *ut, int pid)
-{
- int fd;
- struct utmp utmp;
-
- if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) {
- /* XXX use atomicio */
- while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) {
- if (pid == utmp.ut_pid) {
- ut->ut_jid = utmp.ut_jid;
- strncpy(ut->ut_tpath, utmp.ut_tpath, sizeof(utmp.ut_tpath));
- strncpy(ut->ut_host, utmp.ut_host, sizeof(utmp.ut_host));
- strncpy(ut->ut_name, utmp.ut_name, sizeof(utmp.ut_name));
- break;
- }
- }
- close(fd);
- } else
- fatal("Unable to open utmp file");
-}
-
-/*
- * tmpdir support.
- */
-
-/*
- * find and delete jobs tmpdir.
- */
-void
-cray_delete_tmpdir(char *login, int jid, uid_t uid)
-{
- static char jtmp[TPATHSIZ];
- struct stat statbuf;
- int child, c, wstat;
-
- for (c = 'a'; c <= 'z'; c++) {
- snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c);
- if (stat(jtmp, &statbuf) == 0 && statbuf.st_uid == uid)
- break;
- }
-
- if (c > 'z')
- return;
-
- if ((child = fork()) == 0) {
- execl(CLEANTMPCMD, CLEANTMPCMD, login, jtmp, (char *)NULL);
- fatal("cray_delete_tmpdir: execl of CLEANTMPCMD failed");
- }
-
- while (waitpid(child, &wstat, 0) == -1 && errno == EINTR)
- ;
-}
-
-/*
- * Remove tmpdir on job termination.
- */
-void
-cray_job_termination_handler(int sig)
-{
- int jid;
- char *login = NULL;
- struct jtab jtab;
-
- if ((jid = waitjob(&jtab)) == -1 ||
- (login = uid2nam(jtab.j_uid)) == NULL)
- return;
-
- cray_delete_tmpdir(login, jid, jtab.j_uid);
-}
-
-/*
- * Set job id and create tmpdir directory.
- */
-void
-cray_init_job(struct passwd *pw)
-{
- int jid;
- int c;
-
- jid = setjob(pw->pw_uid, WJSIGNAL);
- if (jid < 0)
- fatal("System call setjob failure");
-
- for (c = 'a'; c <= 'z'; c++) {
- snprintf(cray_tmpdir, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c);
- if (mkdir(cray_tmpdir, JTMPMODE) != 0)
- continue;
- if (chown(cray_tmpdir, pw->pw_uid, pw->pw_gid) != 0) {
- rmdir(cray_tmpdir);
- continue;
- }
- break;
- }
-
- if (c > 'z')
- cray_tmpdir[0] = '\0';
-}
-
-void
-cray_set_tmpdir(struct utmp *ut)
-{
- int jid;
- struct jtab jbuf;
-
- if ((jid = getjtab(&jbuf)) < 0)
- return;
-
- /*
- * Set jid and tmpdir in utmp record.
- */
- ut->ut_jid = jid;
- strncpy(ut->ut_tpath, cray_tmpdir, TPATHSIZ);
-}
-#endif /* UNICOS */
-
-#ifdef _UNICOSMP
-#include <pwd.h>
-/*
- * Set job id and create tmpdir directory.
- */
-void
-cray_init_job(struct passwd *pw)
-{
- initrm_silent(pw->pw_uid);
- return;
-}
-#endif /* _UNICOSMP */
diff --git a/openbsd-compat/bsd-cray.h b/openbsd-compat/bsd-cray.h
deleted file mode 100644
index ca626a02..00000000
--- a/openbsd-compat/bsd-cray.h
+++ /dev/null
@@ -1,59 +0,0 @@
-/*
- * Copyright (c) 2002, Cray Inc. (Wendy Palm <wendyp at cray.com>)
- * Significant portions provided by
- * Wayne Schroeder, SDSC <schroeder at sdsc.edu>
- * William Jones, UTexas <jones at tacc.utexas.edu>
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- * Created: Apr 22 16.34:00 2002 wp
- *
- * This file contains functions required for proper execution
- * on UNICOS systems.
- *
- */
-
-#ifndef _BSD_CRAY_H
-#define _BSD_CRAY_H
-
-#ifdef _UNICOS
-
-void cray_init_job(struct passwd *);
-void cray_job_termination_handler(int);
-void cray_login_failure(char *, int );
-int cray_access_denied(char *);
-extern char cray_tmpdir[];
-
-#define CUSTOM_FAILED_LOGIN 1
-
-#ifndef IA_SSHD
-# define IA_SSHD IA_LOGIN
-#endif
-#ifndef MAXHOSTNAMELEN
-# define MAXHOSTNAMELEN 64
-#endif
-#ifndef _CRAYT3E
-# define TIOCGPGRP (tIOC|20)
-#endif
-
-#endif /* UNICOS */
-
-#endif /* _BSD_CRAY_H */
diff --git a/openbsd-compat/bsd-openpty.c b/openbsd-compat/bsd-openpty.c
index b2823586..48fb6059 100644
--- a/openbsd-compat/bsd-openpty.c
+++ b/openbsd-compat/bsd-openpty.c
@@ -147,17 +147,6 @@ openpty(int *amaster, int *aslave, char *name, struct termios *termp,
}
return (0);
-#elif defined(_UNICOS)
- char ptbuf[64], ttbuf[64];
- int i;
- int highpty;
-
- highpty = 128;
-#ifdef _SC_CRAY_NPTY
- if ((highpty = sysconf(_SC_CRAY_NPTY)) == -1)
- highpty = 128;
-#endif /* _SC_CRAY_NPTY */
-
for (i = 0; i < highpty; i++) {
snprintf(ptbuf, sizeof(ptbuf), "/dev/pty/%03d", i);
snprintf(ttbuf, sizeof(ttbuf), "/dev/ttyp%03d", i);
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index c7f66060..8155a0dd 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -316,7 +316,6 @@ char *shadow_pw(struct passwd *pw);
#include "fake-rfc2553.h"
/* Routines for a single OS platform */
-#include "bsd-cray.h"
#include "bsd-cygwin_util.h"
#include "port-aix.h"
diff --git a/session.c b/session.c
index e9301267..51c5ea0e 100644
--- a/session.c
+++ b/session.c
@@ -450,11 +450,6 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
close(err[0]);
#endif
-
-#ifdef _UNICOS
- cray_init_job(s->pw); /* set up cray jid and tmpdir */
-#endif
-
/* Do processing for the child (exec command etc). */
do_child(ssh, s, command);
/* NOTREACHED */
@@ -462,9 +457,6 @@ do_exec_no_pty(struct ssh *ssh, Session *s, const char *command)
break;
}
-#ifdef _UNICOS
- signal(WJSIGNAL, cray_job_termination_handler);
-#endif /* _UNICOS */
#ifdef HAVE_CYGWIN
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
#endif
@@ -576,9 +568,6 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command)
close(ttyfd);
/* record login, etc. similar to login(1) */
-#ifdef _UNICOS
- cray_init_job(s->pw); /* set up cray jid and tmpdir */
-#endif /* _UNICOS */
#ifndef HAVE_OSF_SIA
do_login(ssh, s, command);
#endif
@@ -592,9 +581,6 @@ do_exec_pty(struct ssh *ssh, Session *s, const char *command)
break;
}
-#ifdef _UNICOS
- signal(WJSIGNAL, cray_job_termination_handler);
-#endif /* _UNICOS */
#ifdef HAVE_CYGWIN
cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
#endif
@@ -1080,11 +1066,6 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
child_set_env(&env, &envsize, "SSH_ORIGINAL_COMMAND",
original_command);
-#ifdef _UNICOS
- if (cray_tmpdir[0] != '\0')
- child_set_env(&env, &envsize, "TMPDIR", cray_tmpdir);
-#endif /* _UNICOS */
-
/*
* Since we clear KRB5CCNAME at startup, if it's set now then it
* must have been set by a native authentication method (eg AIX or
@@ -1485,10 +1466,6 @@ do_child(struct ssh *ssh, Session *s, const char *command)
exit(1);
}
-#ifdef _UNICOS
- cray_setup(pw->pw_uid, pw->pw_name, command);
-#endif /* _UNICOS */
-
/*
* Login(1) does this as well, and it needs uid 0 for the "-h"
* switch, so we let login(1) to this for us.
diff --git a/sshd.c b/sshd.c
index 17931068..7466d5a4 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1602,13 +1602,6 @@ main(int ac, char **av)
if (getenv("KRB5CCNAME") != NULL)
(void) unsetenv("KRB5CCNAME");
-#ifdef _UNICOS
- /* Cray can define user privs drop all privs now!
- * Not needed on PRIV_SU systems!
- */
- drop_cray_privs();
-#endif
-
sensitive_data.have_ssh2_key = 0;
/*
diff --git a/sshpty.c b/sshpty.c
index fe2fb5aa..4da84d05 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -100,30 +100,6 @@ pty_make_controlling_tty(int *ttyfd, const char *tty)
{
int fd;
-#ifdef _UNICOS
- if (setsid() < 0)
- error("setsid: %.100s", strerror(errno));
-
- fd = open(tty, O_RDWR|O_NOCTTY);
- if (fd != -1) {
- signal(SIGHUP, SIG_IGN);
- ioctl(fd, TCVHUP, (char *)NULL);
- signal(SIGHUP, SIG_DFL);
- setpgid(0, 0);
- close(fd);
- } else {
- error("Failed to disconnect from controlling tty.");
- }
-
- debug("Setting controlling tty using TCSETCTTY.");
- ioctl(*ttyfd, TCSETCTTY, NULL);
- fd = open("/dev/tty", O_RDWR);
- if (fd < 0)
- error("%.100s: %.100s", tty, strerror(errno));
- close(*ttyfd);
- *ttyfd = fd;
-#else /* _UNICOS */
-
/* First disconnect from the old controlling tty. */
#ifdef TIOCNOTTY
fd = open(_PATH_TTY, O_RDWR | O_NOCTTY);
@@ -167,7 +143,6 @@ pty_make_controlling_tty(int *ttyfd, const char *tty)
strerror(errno));
else
close(fd);
-#endif /* _UNICOS */
}
/* Changes the window size associated with the pty. */
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list