1/* 2 * $Id: bsd-cray.c,v 1.8 2002/09/26 00:38:51 tim Exp $ 3 * 4 * bsd-cray.c 5 * 6 * Copyright (c) 2002, Cray Inc. (Wendy Palm <wendyp@cray.com>) 7 * Significant portions provided by 8 * Wayne Schroeder, SDSC <schroeder@sdsc.edu> 9 * William Jones, UTexas <jones@tacc.utexas.edu> 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 * 31 * Created: Apr 22 16.34:00 2002 wp 32 * 33 * This file contains functions required for proper execution 34 * on UNICOS systems. 35 * 36 */ 37 38#pragma ident "%Z%%M% %I% %E% SMI" 39 40#include "includes.h" 41 42#ifdef _UNICOS 43 44#include <udb.h> 45#include <tmpdir.h> 46#include <unistd.h> 47#include <sys/category.h> 48#include <utmp.h> 49#include <sys/jtab.h> 50#include <signal.h> 51#include <sys/priv.h> 52#include <sys/secparm.h> 53#include <sys/tfm.h> 54#include <sys/usrv.h> 55#include <sys/sysv.h> 56#include <sys/sectab.h> 57#include <sys/secstat.h> 58#include <sys/stat.h> 59#include <sys/session.h> 60#include <stdlib.h> 61#include <pwd.h> 62#include <fcntl.h> 63#include <errno.h> 64#include <ia.h> 65#include <urm.h> 66#include "ssh.h" 67#include "log.h" 68#include "servconf.h" 69#include "bsd-cray.h" 70 71#define MAXACID 80 72 73extern ServerOptions options; 74 75char cray_tmpdir[TPATHSIZ+1]; /* job TMPDIR path */ 76 77struct sysv sysv; /* system security structure */ 78struct usrv usrv; /* user security structure */ 79 80/* 81 * Functions. 82 */ 83void cray_retain_utmp(struct utmp *, int); 84void cray_delete_tmpdir(char *, int, uid_t); 85void cray_init_job(struct passwd *); 86void cray_set_tmpdir(struct utmp *); 87void cray_login_failure(char *, int); 88int cray_setup(uid_t, char *, const char *); 89int cray_access_denied(char *); 90 91void 92cray_login_failure(char *username, int errcode) 93{ 94 struct udb *ueptr; /* UDB pointer for username */ 95 ia_failure_t fsent; /* ia_failure structure */ 96 ia_failure_ret_t fret; /* ia_failure return stuff */ 97 struct jtab jtab; /* job table structure */ 98 int jid = 0; /* job id */ 99 100 if ((jid = getjtab(&jtab)) < 0) { 101 debug("cray_login_failure(): getjtab error"); 102 } 103 getsysudb(); 104 if ((ueptr = getudbnam(username)) == UDB_NULL) { 105 debug("cray_login_failure(): getudbname() returned NULL"); 106 } 107 endudb(); 108 fsent.revision = 0; 109 fsent.uname = username; 110 fsent.host = (char *)get_canonical_hostname(options.verify_reverse_mapping); 111 fsent.ttyn = "sshd"; 112 fsent.caller = IA_SSHD; 113 fsent.flags = IA_INTERACTIVE; 114 fsent.ueptr = ueptr; 115 fsent.jid = jid; 116 fsent.errcode = errcode; 117 fsent.pwdp = NULL; 118 fsent.exitcode = 0; /* dont exit in ia_failure() */ 119 120 fret.revision = 0; 121 fret.normal = 0; 122 123 /* 124 * Call ia_failure because of an login failure. 125 */ 126 ia_failure(&fsent,&fret); 127} 128 129/* 130 * Cray access denied 131 */ 132int 133cray_access_denied(char *username) 134{ 135 struct udb *ueptr; /* UDB pointer for username */ 136 int errcode; /* IA errorcode */ 137 138 errcode = 0; 139 getsysudb(); 140 if ((ueptr = getudbnam(username)) == UDB_NULL) { 141 debug("cray_login_failure(): getudbname() returned NULL"); 142 } 143 endudb(); 144 if (ueptr && ueptr->ue_disabled) 145 errcode = IA_DISABLED; 146 if (errcode) 147 cray_login_failure(username, errcode); 148 return (errcode); 149} 150 151int 152cray_setup (uid_t uid, char *username, const char *command) 153{ 154 extern struct udb *getudb(); 155 extern char *setlimits(); 156 157 int err; /* error return */ 158 time_t system_time; /* current system clock */ 159 time_t expiration_time; /* password expiration time */ 160 int maxattempts; /* maximum no. of failed login attempts */ 161 int SecureSys; /* unicos security flag */ 162 int minslevel = 0; /* system minimum security level */ 163 int i, j; 164 int valid_acct = -1; /* flag for reading valid acct */ 165 char acct_name[MAXACID] = { "" }; /* used to read acct name */ 166 struct jtab jtab; /* Job table struct */ 167 struct udb ue; /* udb entry for logging-in user */ 168 struct udb *up; /* pointer to UDB entry */ 169 struct secstat secinfo; /* file security attributes */ 170 struct servprov init_info; /* used for sesscntl() call */ 171 int jid; /* job ID */ 172 int pid; /* process ID */ 173 char *sr; /* status return from setlimits() */ 174 char *ttyn = NULL; /* ttyname or command name*/ 175 char hostname[MAXHOSTNAMELEN]; 176 passwd_t pwdacm, 177 pwddialup, 178 pwdudb, 179 pwdwal, 180 pwddce; /* passwd stuff for ia_user */ 181 ia_user_ret_t uret; /* stuff returned from ia_user */ 182 ia_user_t usent; /* ia_user main structure */ 183 int ia_rcode; /* ia_user return code */ 184 ia_failure_t fsent; /* ia_failure structure */ 185 ia_failure_ret_t fret; /* ia_failure return stuff */ 186 ia_success_t ssent; /* ia_success structure */ 187 ia_success_ret_t sret; /* ia_success return stuff */ 188 int ia_mlsrcode; /* ia_mlsuser return code */ 189 int secstatrc; /* [f]secstat return code */ 190 191 if (SecureSys = (int)sysconf(_SC_CRAY_SECURE_SYS)) { 192 getsysv(&sysv, sizeof(struct sysv)); 193 minslevel = sysv.sy_minlvl; 194 if (getusrv(&usrv) < 0) { 195 debug("getusrv() failed, errno = %d",errno); 196 exit(1); 197 } 198 } 199 hostname[0] = '\0'; 200 strncpy(hostname, 201 (char *)get_canonical_hostname(options.verify_reverse_mapping), 202 MAXHOSTNAMELEN); 203 /* 204 * Fetch user's UDB entry. 205 */ 206 getsysudb(); 207 if ((up = getudbnam(username)) == UDB_NULL) { 208 debug("cannot fetch user's UDB entry"); 209 exit(1); 210 } 211 212 /* 213 * Prevent any possible fudging so perform a data 214 * safety check and compare the supplied uid against 215 * the udb's uid. 216 */ 217 if (up->ue_uid != uid) { 218 debug("IA uid missmatch"); 219 exit(1); 220 } 221 endudb(); 222 223 if ((jid = getjtab (&jtab)) < 0) { 224 debug("getjtab"); 225 return -1; 226 } 227 pid = getpid(); 228 ttyn = ttyname(0); 229 if (SecureSys) { 230 if (ttyn) { 231 secstatrc = secstat(ttyn, &secinfo); 232 } else { 233 secstatrc = fsecstat(1, &secinfo); 234 } 235 if (secstatrc == 0) { 236 debug("[f]secstat() successful"); 237 } else { 238 debug("[f]secstat() error, rc = %d", secstatrc); 239 exit(1); 240 } 241 } 242 if ((ttyn == NULL) && ((char *)command != NULL)) 243 ttyn = (char *)command; 244 /* 245 * Initialize all structures to call ia_user 246 */ 247 usent.revision = 0; 248 usent.uname = username; 249 usent.host = hostname; 250 usent.ttyn = ttyn; 251 usent.caller = IA_SSHD; 252 usent.pswdlist = &pwdacm; 253 usent.ueptr = &ue; 254 usent.flags = IA_INTERACTIVE | IA_FFLAG; 255 pwdacm.atype = IA_SECURID; 256 pwdacm.pwdp = NULL; 257 pwdacm.next = &pwdudb; 258 259 pwdudb.atype = IA_UDB; 260 pwdudb.pwdp = NULL; 261 pwdudb.next = &pwddce; 262 263 pwddce.atype = IA_DCE; 264 pwddce.pwdp = NULL; 265 pwddce.next = &pwddialup; 266 267 pwddialup.atype = IA_DIALUP; 268 pwddialup.pwdp = NULL; 269 /* pwddialup.next = &pwdwal; */ 270 pwddialup.next = NULL; 271 272 pwdwal.atype = IA_WAL; 273 pwdwal.pwdp = NULL; 274 pwdwal.next = NULL; 275 276 uret.revision = 0; 277 uret.pswd = NULL; 278 uret.normal = 0; 279 280 ia_rcode = ia_user(&usent, &uret); 281 282 switch (ia_rcode) { 283 /* 284 * These are acceptable return codes from ia_user() 285 */ 286 case IA_UDBWEEK: /* Password Expires in 1 week */ 287 expiration_time = ue.ue_pwage.time + ue.ue_pwage.maxage; 288 printf ("WARNING - your current password will expire %s\n", 289 ctime((const time_t *)&expiration_time)); 290 break; 291 case IA_UDBEXPIRED: 292 if (ttyname(0) != NULL) { 293 /* Force a password change */ 294 printf("Your password has expired; Choose a new one.\n"); 295 execl("/bin/passwd", "passwd", username, 0); 296 exit(9); 297 } 298 299 break; 300 case IA_NORMAL: /* Normal Return Code */ 301 break; 302 case IA_BACKDOOR: 303 strcpy(ue.ue_name, "root"); 304 strcpy(ue.ue_passwd, ""); 305 strcpy(ue.ue_dir, "/"); 306 strcpy(ue.ue_shell, "/bin/sh"); 307 strcpy(ue.ue_age, ""); 308 strcpy(ue.ue_comment, ""); 309 strcpy(ue.ue_loghost, ""); 310 strcpy(ue.ue_logline, ""); 311 ue.ue_uid=-1; 312 ue.ue_nice[UDBRC_INTER]=0; 313 for (i=0;i<MAXVIDS;i++) 314 ue.ue_gids[i]=0; 315 ue.ue_logfails=0; 316 ue.ue_minlvl=minslevel; 317 ue.ue_maxlvl=minslevel; 318 ue.ue_deflvl=minslevel; 319 ue.ue_defcomps=0; 320 ue.ue_comparts=0; 321 ue.ue_permits=0; 322 ue.ue_trap=0; 323 ue.ue_disabled=0; 324 ue.ue_logtime=0; 325 break; 326 case IA_CONSOLE: /* Superuser not from Console */ 327 case IA_TRUSTED: /* Trusted user */ 328 if (options.permit_root_login > PERMIT_NO) 329 break; /* Accept root login */ 330 default: 331 /* 332 * These are failed return codes from ia_user() 333 */ 334 switch (ia_rcode) 335 { 336 case IA_BADAUTH: 337 printf ("Bad authorization, access denied.\n"); 338 break; 339 case IA_DIALUPERR: 340 break; 341 case IA_DISABLED: 342 printf ("Your login has been disabled. Contact the system "); 343 printf ("administrator for assistance.\n"); 344 break; 345 case IA_GETSYSV: 346 printf ("getsysv() failed - errno = %d\n", errno); 347 break; 348 case IA_LOCALHOST: 349 break; 350 case IA_MAXLOGS: 351 printf ("Maximum number of failed login attempts exceeded.\n"); 352 printf ("Access denied.\n"); 353 break; 354 case IA_NOPASS: 355 break; 356 case IA_PUBLIC: 357 break; 358 case IA_SECURIDERR: 359 break; 360 case IA_CONSOLE: 361 break; 362 case IA_TRUSTED: 363 break; 364 case IA_UDBERR: 365 break; 366 case IA_UDBPWDNULL: 367 /* 368 * NULL password not allowed on MLS systems 369 */ 370 if (SecureSys) { 371 printf("NULL Password not allowed on MLS systems.\n"); 372 } 373 break; 374 case IA_UNKNOWN: 375 break; 376 case IA_UNKNOWNYP: 377 break; 378 case IA_WALERR: 379 break; 380 default: 381 /* nothing special */ 382 ; 383 } /* 2. switch (ia_rcode) */ 384 /* 385 * Authentication failed. 386 */ 387 printf("sshd: Login incorrect, (0%o)\n", 388 ia_rcode-IA_ERRORCODE); 389 390 /* 391 * Initialize structure for ia_failure 392 * which will exit. 393 */ 394 fsent.revision = 0; 395 fsent.uname = username; 396 fsent.host = hostname; 397 fsent.ttyn = ttyn; 398 fsent.caller = IA_SSHD; 399 fsent.flags = IA_INTERACTIVE; 400 fsent.ueptr = &ue; 401 fsent.jid = jid; 402 fsent.errcode = ia_rcode; 403 fsent.pwdp = uret.pswd; 404 fsent.exitcode = 1; 405 406 fret.revision = 0; 407 fret.normal = 0; 408 409 /* 410 * Call ia_failure because of an IA failure. 411 * There is no return because ia_failure exits. 412 */ 413 414 ia_failure(&fsent,&fret); 415 416 exit(1); 417 } /* 1. switch (ia_rcode) */ 418 ia_mlsrcode = IA_NORMAL; 419 if (SecureSys) { 420 debug("calling ia_mlsuser()"); 421 ia_mlsrcode = ia_mlsuser (&ue, &secinfo, &usrv, NULL, 0); 422 } 423 if (ia_mlsrcode != IA_NORMAL) { 424 printf("sshd: Login incorrect, (0%o)\n", 425 ia_mlsrcode-IA_ERRORCODE); 426 /* 427 * Initialize structure for ia_failure 428 * which will exit. 429 */ 430 fsent.revision = 0; 431 fsent.uname = username; 432 fsent.host = hostname; 433 fsent.ttyn = ttyn; 434 fsent.caller = IA_SSHD; 435 fsent.flags = IA_INTERACTIVE; 436 fsent.ueptr = &ue; 437 fsent.jid = jid; 438 fsent.errcode = ia_mlsrcode; 439 fsent.pwdp = uret.pswd; 440 fsent.exitcode = 1; 441 fret.revision = 0; 442 fret.normal = 0; 443 444 /* 445 * Call ia_failure because of an IA failure. 446 * There is no return because ia_failure exits. 447 */ 448 ia_failure(&fsent,&fret); 449 exit(1); 450 } 451 452 /* Provide login status information */ 453 if (options.print_lastlog && ue.ue_logtime != 0) { 454 printf("Last successful login was : %.*s ", 455 19, (char *)ctime(&ue.ue_logtime)); 456 457 if (*ue.ue_loghost != '\0') 458 printf("from %.*s\n", sizeof(ue.ue_loghost), ue.ue_loghost); 459 460 else printf("on %.*s\n", sizeof(ue.ue_logline), ue.ue_logline); 461 462 if ( SecureSys && (ue.ue_logfails != 0)) 463 printf(" followed by %d failed attempts\n", ue.ue_logfails); 464 } 465 466 467 /* 468 * Call ia_success to process successful I/A. 469 */ 470 ssent.revision = 0; 471 ssent.uname = username; 472 ssent.host = hostname; 473 ssent.ttyn = ttyn; 474 ssent.caller = IA_SSHD; 475 ssent.flags = IA_INTERACTIVE; 476 ssent.ueptr = &ue; 477 ssent.jid = jid; 478 ssent.errcode = ia_rcode; 479 ssent.us = NULL; 480 ssent.time = 1; /* Set ue_logtime */ 481 482 sret.revision = 0; 483 sret.normal = 0; 484 485 ia_success(&ssent,&sret); 486 487 /* 488 * Query for account, iff > 1 valid acid & askacid permbit 489 */ 490 if (((ue.ue_permbits & PERMBITS_ACCTID) || 491 (ue.ue_acids[0] >= 0) && (ue.ue_acids[1] >= 0)) && 492 ue.ue_permbits & PERMBITS_ASKACID) { 493 if (ttyname(0) != NULL) { 494 debug("cray_setup: ttyname true case, %.100s", ttyname); 495 while (valid_acct == -1) { 496 printf("Account (? for available accounts)" 497 " [%s]: ", acid2nam(ue.ue_acids[0])); 498 gets(acct_name); 499 switch (acct_name[0]) { 500 case EOF: 501 exit(0); 502 break; 503 case '\0': 504 valid_acct = ue.ue_acids[0]; 505 strcpy(acct_name, acid2nam(valid_acct)); 506 break; 507 case '?': 508 /* Print the list 3 wide */ 509 for (i = 0, j = 0; i < MAXVIDS; i++) { 510 if (ue.ue_acids[i] == -1) { 511 printf("\n"); 512 break; 513 } 514 if (++j == 4) { 515 j = 1; 516 printf("\n"); 517 } 518 printf(" %s", 519 acid2nam(ue.ue_acids[i])); 520 } 521 if (ue.ue_permbits & PERMBITS_ACCTID) 522 printf("\"acctid\" permbit also allows" 523 " you to select any valid " 524 "account name.\n"); 525 printf("\n"); 526 break; 527 default: 528 if ((valid_acct = nam2acid(acct_name)) == -1) printf("Account id not found for" 529 " account name \"%s\"\n\n", 530 acct_name); 531 break; 532 } 533 /* 534 * If an account was given, search the user's 535 * acids array to verify they can use this account. 536 */ 537 if ((valid_acct != -1) && 538 !(ue.ue_permbits & PERMBITS_ACCTID)) { 539 for (i = 0; i < MAXVIDS; i++) { 540 if (ue.ue_acids[i] == -1) 541 break; 542 if (valid_acct == ue.ue_acids[i]) 543 break; 544 } 545 if (i == MAXVIDS || 546 ue.ue_acids[i] == -1) { 547 fprintf(stderr, "Cannot set" 548 " account name to " 549 "\"%s\", permission " 550 "denied\n\n", acct_name); 551 valid_acct = -1; 552 } 553 } 554 } 555 } else { 556 /* 557 * The client isn't connected to a terminal and can't 558 * respond to an acid prompt. Use default acid. 559 */ 560 debug("cray_setup: ttyname false case, %.100s", ttyname); 561 valid_acct = ue.ue_acids[0]; 562 } 563 } else { 564 /* 565 * The user doesn't have the askacid permbit set or 566 * only has one valid account to use. 567 */ 568 valid_acct = ue.ue_acids[0]; 569 } 570 if (acctid(0, valid_acct) < 0) { 571 printf ("Bad account id: %d\n", valid_acct); 572 exit(1); 573 } 574 575/* set up shares and quotas */ 576/* Now set shares, quotas, limits, including CPU time for the (interactive) 577 * job and process, and set up permissions (for chown etc), etc. 578 */ 579 if (setshares(ue.ue_uid, valid_acct, printf, 0, 0)) { 580 printf("Unable to give %d shares to <%s>(%d/%d)\n", ue.ue_shares, ue.ue_name, ue.ue_uid, valid_acct); 581 exit(1); 582 } 583 584 sr = setlimits(username, C_PROC, pid, UDBRC_INTER); 585 if (sr != NULL) { 586 debug("%.200s", sr); 587 exit(1); 588 } 589 sr = setlimits(username, C_JOB, jid, UDBRC_INTER); 590 if (sr != NULL) { 591 debug("%.200s", sr); 592 exit(1); 593 } 594 /* 595 * Place the service provider information into 596 * the session table (Unicos) or job table (Unicos/mk). 597 * There exist double defines for the job/session table in 598 * unicos/mk (jtab.h) so no need for a compile time switch. 599 */ 600 bzero((char *)&init_info, sizeof(struct servprov)); 601 init_info.s_sessinit.si_id = URM_SPT_LOGIN; 602 init_info.s_sessinit.si_pid = getpid(); 603 init_info.s_sessinit.si_sid = jid; 604 init_info.s_routing.seqno = 0; 605 init_info.s_routing.iadrs = 0; 606 sesscntl(0, S_SETSERVPO, (int)&init_info); 607 608 /* 609 * Set user and controlling tty security attributes. 610 */ 611 if (SecureSys) { 612 if (setusrv(&usrv) == -1) { 613 debug("setusrv() failed, errno = %d",errno); 614 exit(1); 615 } 616 } 617 618 return(0); 619} 620 621/* 622 * The rc.* and /etc/sdaemon methods of starting a program on unicos/unicosmk 623 * can have pal privileges that sshd can inherit which 624 * could allow a user to su to root with out a password. 625 * This subroutine clears all privileges. 626 */ 627void 628drop_cray_privs() 629{ 630#if defined(_SC_CRAY_PRIV_SU) 631 priv_proc_t* privstate; 632 int result; 633 extern int priv_set_proc(); 634 extern priv_proc_t* priv_init_proc(); 635 636 /* 637 * If ether of theses two flags are not set 638 * then don't allow this version of ssh to run. 639 */ 640 if (!sysconf(_SC_CRAY_PRIV_SU)) 641 fatal("Not PRIV_SU system."); 642 if (!sysconf(_SC_CRAY_POSIX_PRIV)) 643 fatal("Not POSIX_PRIV."); 644 645 debug("Setting MLS labels.");; 646 647 if (sysconf(_SC_CRAY_SECURE_MAC)) { 648 usrv.sv_minlvl = SYSLOW; 649 usrv.sv_actlvl = SYSHIGH; 650 usrv.sv_maxlvl = SYSHIGH; 651 } else { 652 usrv.sv_minlvl = sysv.sy_minlvl; 653 usrv.sv_actlvl = sysv.sy_minlvl; 654 usrv.sv_maxlvl = sysv.sy_maxlvl; 655 } 656 usrv.sv_actcmp = 0; 657 usrv.sv_valcmp = sysv.sy_valcmp; 658 659 usrv.sv_intcat = TFM_SYSTEM; 660 usrv.sv_valcat |= (TFM_SYSTEM | TFM_SYSFILE); 661 662 if (setusrv(&usrv) < 0) 663 fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__, 664 strerror(errno)); 665 666 if ((privstate = priv_init_proc()) != NULL) { 667 result = priv_set_proc(privstate); 668 if (result != 0 ) 669 fatal("%s(%d): priv_set_proc(): %s", 670 __FILE__, __LINE__, strerror(errno)); 671 priv_free_proc(privstate); 672 } 673 debug ("Privileges should be cleared..."); 674#else 675 /* XXX: do this differently */ 676# error Cray systems must be run with _SC_CRAY_PRIV_SU on! 677#endif 678} 679 680 681/* 682 * Retain utmp/wtmp information - used by cray accounting. 683 */ 684void 685cray_retain_utmp(struct utmp *ut, int pid) 686{ 687 int fd; 688 struct utmp utmp; 689 690 if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) { 691 while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) { 692 if (pid == utmp.ut_pid) { 693 ut->ut_jid = utmp.ut_jid; 694 strncpy(ut->ut_tpath, utmp.ut_tpath, sizeof(utmp.ut_tpath)); 695 strncpy(ut->ut_host, utmp.ut_host, sizeof(utmp.ut_host)); 696 strncpy(ut->ut_name, utmp.ut_name, sizeof(utmp.ut_name)); 697 break; 698 } 699 } 700 close(fd); 701 } 702 else 703 fatal("Unable to open utmp file"); 704} 705 706/* 707 * tmpdir support. 708 */ 709 710/* 711 * find and delete jobs tmpdir. 712 */ 713void 714cray_delete_tmpdir(char *login, int jid, uid_t uid) 715{ 716 int child; 717 static char jtmp[TPATHSIZ]; 718 struct stat statbuf; 719 int c; 720 int wstat; 721 722 for (c = 'a'; c <= 'z'; c++) { 723 snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c); 724 if (stat(jtmp, &statbuf) == 0 && statbuf.st_uid == uid) 725 break; 726 } 727 728 if (c > 'z') 729 return; 730 731 if ((child = fork()) == 0) { 732 execl(CLEANTMPCMD, CLEANTMPCMD, login, jtmp, (char *)NULL); 733 fatal("cray_delete_tmpdir: execl of CLEANTMPCMD failed"); 734 } 735 736 while (waitpid(child, &wstat, 0) == -1 && errno == EINTR) 737 ; 738} 739 740/* 741 * Remove tmpdir on job termination. 742 */ 743void 744cray_job_termination_handler(int sig) 745{ 746 int jid; 747 char *login = NULL; 748 struct jtab jtab; 749 750 debug("received signal %d",sig); 751 752 if ((jid = waitjob(&jtab)) == -1 || 753 (login = uid2nam(jtab.j_uid)) == NULL) 754 return; 755 756 cray_delete_tmpdir(login, jid, jtab.j_uid); 757} 758 759/* 760 * Set job id and create tmpdir directory. 761 */ 762void 763cray_init_job(struct passwd *pw) 764{ 765 int jid; 766 int c; 767 768 jid = setjob(pw->pw_uid, WJSIGNAL); 769 if (jid < 0) 770 fatal("System call setjob failure"); 771 772 for (c = 'a'; c <= 'z'; c++) { 773 snprintf(cray_tmpdir, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c); 774 if (mkdir(cray_tmpdir, JTMPMODE) != 0) 775 continue; 776 if (chown(cray_tmpdir, pw->pw_uid, pw->pw_gid) != 0) { 777 rmdir(cray_tmpdir); 778 continue; 779 } 780 break; 781 } 782 783 if (c > 'z') 784 cray_tmpdir[0] = '\0'; 785} 786 787void 788cray_set_tmpdir(struct utmp *ut) 789{ 790 int jid; 791 struct jtab jbuf; 792 793 if ((jid = getjtab(&jbuf)) < 0) 794 return; 795 796 /* 797 * Set jid and tmpdir in utmp record. 798 */ 799 ut->ut_jid = jid; 800 strncpy(ut->ut_tpath, cray_tmpdir, TPATHSIZ); 801} 802#endif 803