| /* |
| * $Id: bsd-cray.c,v 1.6 2002/05/15 16:39:51 mouring Exp $ |
| * |
| * bsd-cray.c |
| * |
| * Copyright (c) 2002, Cray Inc. (Wendy Palm <wendyp@cray.com>) |
| * Significant portions provided by |
| * Wayne Schroeder, SDSC <schroeder@sdsc.edu> |
| * William Jones, UTexas <jones@tacc.utexas.edu> |
| * |
| * Redistribution and use in source and binary forms, with or without |
| * modification, are permitted provided that the following conditions |
| * are met: |
| * 1. Redistributions of source code must retain the above copyright |
| * notice, this list of conditions and the following disclaimer. |
| * 2. Redistributions in binary form must reproduce the above copyright |
| * notice, this list of conditions and the following disclaimer in the |
| * documentation and/or other materials provided with the distribution. |
| * |
| * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR |
| * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, |
| * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| * |
| * Created: Apr 22 16.34:00 2002 wp |
| * |
| * This file contains functions required for proper execution |
| * on UNICOS systems. |
| * |
| */ |
| |
| #ifdef _CRAY |
| #include <udb.h> |
| #include <tmpdir.h> |
| #include <unistd.h> |
| #include <sys/category.h> |
| #include <utmp.h> |
| #include <sys/jtab.h> |
| #include <signal.h> |
| #include <sys/priv.h> |
| #include <sys/secparm.h> |
| #include <sys/usrv.h> |
| #include <sys/sysv.h> |
| #include <sys/sectab.h> |
| #include <sys/stat.h> |
| #include <stdlib.h> |
| #include <pwd.h> |
| #include <fcntl.h> |
| #include <errno.h> |
| |
| #include "bsd-cray.h" |
| |
| char cray_tmpdir[TPATHSIZ+1]; /* job TMPDIR path */ |
| |
| /* |
| * Functions. |
| */ |
| void cray_retain_utmp(struct utmp *, int); |
| void cray_delete_tmpdir(char *, int, uid_t); |
| void cray_init_job(struct passwd *); |
| void cray_set_tmpdir(struct utmp *); |
| |
| |
| /* |
| * Orignal written by: |
| * Wayne Schroeder |
| * San Diego Supercomputer Center |
| * schroeder@sdsc.edu |
| */ |
| void |
| cray_setup(uid_t uid, char *username) |
| { |
| struct udb *p; |
| extern char *setlimits(); |
| int i, j; |
| int accts[MAXVIDS]; |
| int naccts; |
| int err; |
| char *sr; |
| int pid; |
| struct jtab jbuf; |
| int jid; |
| |
| if ((jid = getjtab(&jbuf)) < 0) |
| fatal("getjtab: no jid"); |
| |
| err = setudb(); /* open and rewind the Cray User DataBase */ |
| if (err != 0) |
| fatal("UDB open failure"); |
| naccts = 0; |
| p = getudbnam(username); |
| if (p == NULL) |
| fatal("No UDB entry for %.100s", username); |
| if (uid != p->ue_uid) |
| fatal("UDB entry %.100s uid(%d) does not match uid %d", |
| username, (int) p->ue_uid, (int) uid); |
| for (j = 0; p->ue_acids[j] != -1 && j < MAXVIDS; j++) { |
| accts[naccts] = p->ue_acids[j]; |
| naccts++; |
| } |
| endudb(); /* close the udb */ |
| |
| if (naccts != 0) { |
| /* Perhaps someday we'll prompt users who have multiple accounts |
| to let them pick one (like CRI's login does), but for now just set |
| the account to the first entry. */ |
| if (acctid(0, accts[0]) < 0) |
| fatal("System call acctid failed, accts[0]=%d", accts[0]); |
| } |
| |
| /* Now set limits, including CPU time for the (interactive) job and process, |
| and set up permissions (for chown etc), etc. This is via an internal CRI |
| routine, setlimits, used by CRI's login. */ |
| |
| pid = getpid(); |
| sr = setlimits(username, C_PROC, pid, UDBRC_INTER); |
| if (sr != NULL) |
| fatal("%.200s", sr); |
| |
| sr = setlimits(username, C_JOB, jid, UDBRC_INTER); |
| if (sr != NULL) |
| fatal("%.200s", sr); |
| |
| } |
| |
| /* |
| * The rc.* and /etc/sdaemon methods of starting a program on unicos/unicosmk |
| * can have pal privileges that sshd can inherit which |
| * could allow a user to su to root with out a password. |
| * This subroutine clears all privileges. |
| */ |
| void |
| drop_cray_privs() |
| { |
| #if defined(_SC_CRAY_PRIV_SU) |
| priv_proc_t* privstate; |
| int result; |
| extern int priv_set_proc(); |
| extern priv_proc_t* priv_init_proc(); |
| struct usrv usrv; |
| |
| /* |
| * If ether of theses two flags are not set |
| * then don't allow this version of ssh to run. |
| */ |
| if (!sysconf(_SC_CRAY_PRIV_SU)) |
| fatal("Not PRIV_SU system."); |
| if (!sysconf(_SC_CRAY_POSIX_PRIV)) |
| fatal("Not POSIX_PRIV."); |
| |
| debug("Dropping privileges."); |
| |
| memset(&usrv, 0, sizeof(usrv)); |
| if (setusrv(&usrv) < 0) |
| fatal("%s(%d): setusrv(): %s", __FILE__, __LINE__, |
| strerror(errno)); |
| |
| if ((privstate = priv_init_proc()) != NULL) { |
| result = priv_set_proc(privstate); |
| if (result != 0 ) |
| fatal("%s(%d): priv_set_proc(): %s", |
| __FILE__, __LINE__, strerror(errno)); |
| priv_free_proc(privstate); |
| } |
| debug ("Privileges should be cleared..."); |
| #else |
| /* XXX: do this differently */ |
| # error Cray systems must be run with _SC_CRAY_PRIV_SU on! |
| #endif |
| } |
| |
| |
| /* |
| * Retain utmp/wtmp information - used by cray accounting. |
| */ |
| void |
| cray_retain_utmp(struct utmp *ut, int pid) |
| { |
| int fd; |
| struct utmp utmp; |
| |
| if ((fd = open(UTMP_FILE, O_RDONLY)) != -1) { |
| while (read(fd, (char *)&utmp, sizeof(utmp)) == sizeof(utmp)) { |
| if (pid == utmp.ut_pid) { |
| ut->ut_jid = utmp.ut_jid; |
| /* XXX: MIN_SIZEOF here? can this go in loginrec? */ |
| strncpy(ut->ut_tpath, utmp.ut_tpath, sizeof(utmp.ut_tpath)); |
| strncpy(ut->ut_host, utmp.ut_host, sizeof(utmp.ut_host)); |
| strncpy(ut->ut_name, utmp.ut_name, sizeof(utmp.ut_name)); |
| break; |
| } |
| } |
| close(fd); |
| } |
| /* XXX: error message? */ |
| } |
| |
| /* |
| * tmpdir support. |
| */ |
| |
| /* |
| * find and delete jobs tmpdir. |
| */ |
| void |
| cray_delete_tmpdir(char *login, int jid, uid_t uid) |
| { |
| int child; |
| static char jtmp[TPATHSIZ]; |
| struct stat statbuf; |
| int c; |
| int wstat; |
| |
| for (c = 'a'; c <= 'z'; c++) { |
| snprintf(jtmp, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c); |
| if (stat(jtmp, &statbuf) == 0 && statbuf.st_uid == uid) |
| break; |
| } |
| |
| if (c > 'z') |
| return; |
| |
| if ((child = fork()) == 0) { |
| execl(CLEANTMPCMD, CLEANTMPCMD, login, jtmp, (char *)NULL); |
| fatal("cray_delete_tmpdir: execl of CLEANTMPCMD failed"); |
| } |
| |
| while (waitpid(child, &wstat, 0) == -1 && errno == EINTR) |
| ; |
| } |
| |
| /* |
| * Remove tmpdir on job termination. |
| */ |
| void |
| cray_job_termination_handler(int sig) |
| { |
| int jid; |
| char *login = NULL; |
| struct jtab jtab; |
| |
| debug("Received SIG JOB."); |
| |
| if ((jid = waitjob(&jtab)) == -1 || |
| (login = uid2nam(jtab.j_uid)) == NULL) |
| return; |
| |
| cray_delete_tmpdir(login, jid, jtab.j_uid); |
| } |
| |
| /* |
| * Set job id and create tmpdir directory. |
| */ |
| void |
| cray_init_job(struct passwd *pw) |
| { |
| int jid; |
| int c; |
| |
| jid = setjob(pw->pw_uid, WJSIGNAL); |
| if (jid < 0) |
| fatal("System call setjob failure"); |
| |
| for (c = 'a'; c <= 'z'; c++) { |
| snprintf(cray_tmpdir, TPATHSIZ, "%s/jtmp.%06d%c", JTMPDIR, jid, c); |
| if (mkdir(cray_tmpdir, JTMPMODE) != 0) |
| continue; |
| if (chown(cray_tmpdir, pw->pw_uid, pw->pw_gid) != 0) { |
| rmdir(cray_tmpdir); |
| continue; |
| } |
| break; |
| } |
| |
| if (c > 'z') |
| cray_tmpdir[0] = '\0'; |
| } |
| |
| void |
| cray_set_tmpdir(struct utmp *ut) |
| { |
| int jid; |
| struct jtab jbuf; |
| |
| if ((jid = getjtab(&jbuf)) < 0) |
| return; |
| |
| /* |
| * Set jid and tmpdir in utmp record. |
| */ |
| ut->ut_jid = jid; |
| strncpy(ut->ut_tpath, cray_tmpdir, TPATHSIZ); |
| } |
| #endif |