int
do_rlogin (const char *remote_host, char *name, int namelen, char *term,
int termlen)
{
struct passwd *pwd;
char remote_name[32];
char *cp;
int remote_speed = 9600;
int speed_name = B9600;
int i;
TERMIO termio;
get_remote_string (remote_name, sizeof remote_name);
get_remote_string (name, namelen);
get_remote_string (term, termlen);
if ((cp = strchr (term, '/'))) {
*cp++ = '\0';
if (!(remote_speed = atoi (cp)))
remote_speed = 9600;
}
for (i = 0; speed_table[i].spd_baud != remote_speed &&
speed_table[i].spd_name != -1; i++);
if (speed_table[i].spd_name != -1)
speed_name = speed_table[i].spd_name;
/*
* Put the terminal in cooked mode with echo turned on.
*/
GTTY (0, &termio);
termio.c_iflag |= ICRNL | IXON;
termio.c_oflag |= OPOST | ONLCR;
termio.c_lflag |= ICANON | ECHO | ECHOE;
#ifdef CBAUD
termio.c_cflag = (termio.c_cflag & ~CBAUD) | speed_name;
#else
termio.c_cflag = (termio.c_cflag) | speed_name;
#endif
STTY (0, &termio);
if (!(pwd = getpwnam (name)))
return 0;
/*
* ruserok() returns 0 for success on modern systems, and 1 on
* older ones. If you are having trouble with people logging
* in without giving a required password, THIS is the culprit -
* go fix the #define in config.h.
*/
#ifndef RUSEROK
return 0;
#else
return ruserok (remote_host, pwd->pw_uid == 0,
remote_name, name) == RUSEROK;
#endif
}
/*ARGSUSED*/
int
pam_sm_authenticate(
pam_handle_t *pamh,
int flags,
int argc,
const char **argv)
{
char *host = NULL, *lusername = NULL;
struct passwd pwd;
char pwd_buffer[1024];
int is_superuser;
char *rusername;
int i;
int debug = 0;
for (i = 0; i < argc; i++) {
if (strcasecmp(argv[i], "debug") == 0)
debug = 1;
else
syslog(LOG_DEBUG, "illegal option %s", argv[i]);
}
if (pam_get_item(pamh, PAM_USER, (void **) &lusername) != PAM_SUCCESS)
return (PAM_SERVICE_ERR);
if (pam_get_item(pamh, PAM_RHOST, (void **) &host) != PAM_SUCCESS)
return (PAM_SERVICE_ERR);
if (pam_get_item(pamh, PAM_RUSER, (void **)&rusername) != PAM_SUCCESS)
return (PAM_SERVICE_ERR);
if (lusername == NULL || *lusername == '\0')
return (PAM_USER_UNKNOWN);
if (rusername == NULL || *rusername == '\0')
return (PAM_AUTH_ERR);
if (host == NULL || *host == '\0')
return (PAM_AUTH_ERR);
if (debug) {
syslog(LOG_DEBUG,
"rhosts authenticate: user = %s, host = %s",
lusername, host);
}
if (getpwnam_r(lusername, &pwd, pwd_buffer, sizeof (pwd_buffer))
== NULL)
return (PAM_USER_UNKNOWN);
if (pwd.pw_uid == 0)
is_superuser = 1;
else
is_superuser = 0;
return (ruserok(host, is_superuser, rusername, lusername)
== -1 ? PAM_AUTH_ERR : PAM_SUCCESS);
}
static char*
rhostsattach(Fcall *rx, Fcall *tx)
{
USED(tx);
if(ruserok(remotehostname, 0, rx->uname, rx->uname) < 0){
fprint(2, "ruserok(%s, %s) not okay\n", remotehostname, rx->uname);
return "u9fs: rhosts authentication failed";
}
return 0;
}
int site_check_user_map(
job *pjob, /* I */
char *luser, /* I */
char *EMsg) /* O (optional,minsize=1024) */
{
char *orighost;
char owner[PBS_MAXUSER + 1];
char *p1;
char *p2;
int rc;
int ProxyAllowed = 0;
int ProxyRequested = 0;
int HostAllowed = 0;
char *dptr;
#ifdef MUNGE_AUTH
char uh[PBS_MAXUSER + PBS_MAXHOSTNAME + 2];
#endif
if (EMsg != NULL)
EMsg[0] = '\0';
/* get just the owner name, without the "@host" */
p1 = pjob->ji_wattr[JOB_ATR_job_owner].at_val.at_str;
p2 = owner;
while ((*p1 != '@') && (*p1 != '\0'))
*p2++ = *p1++;
*p2 = '\0';
orighost = get_variable(pjob, pbs_o_host);
if (orighost == NULL)
{
/* access denied */
log_event(
PBSEVENT_JOB,
PBS_EVENTCLASS_JOB,
pjob->ji_qs.ji_jobid,
msg_orighost);
if (EMsg != NULL)
strcpy(EMsg, "source host not specified");
return(-1);
}
if ((server.sv_attr[(int)SRV_ATR_AllowProxyUser].at_flags & ATR_VFLAG_SET) && \
(server.sv_attr[(int)SRV_ATR_AllowProxyUser].at_val.at_long == 1))
{
ProxyAllowed = 1;
}
if (strcmp(owner, luser) != 0)
{
ProxyRequested = 1;
}
if (!strcmp(orighost, server_host) && !strcmp(owner, luser))
{
/* submitting from server host, access allowed */
if ((ProxyRequested == 0) || (ProxyAllowed == 1))
{
return(0);
}
/* host is fine, must validate proxy via ruserok() */
HostAllowed = 1;
}
/* make short host name */
if ((dptr = strchr(orighost, '.')) != NULL)
{
*dptr = '\0';
}
if ((HostAllowed == 0) &&
(server.sv_attr[SRV_ATR_AllowNodeSubmit].at_flags & ATR_VFLAG_SET) &&
(server.sv_attr[SRV_ATR_AllowNodeSubmit].at_val.at_long == 1) &&
(find_nodebyname(orighost) != NULL))
{
/* job submitted from compute host, access allowed */
if (dptr != NULL)
*dptr = '.';
if ((ProxyRequested == 0) || (ProxyAllowed == 1))
{
return(0);
}
/* host is fine, must validate proxy via ruserok() */
HostAllowed = 1;
}
if ((HostAllowed == 0) &&
(server.sv_attr[(int)SRV_ATR_SubmitHosts].at_flags & ATR_VFLAG_SET))
{
struct array_strings *submithosts = NULL;
char *testhost;
int hostnum = 0;
submithosts = server.sv_attr[(int)SRV_ATR_SubmitHosts].at_val.at_arst;
for (hostnum = 0;hostnum < submithosts->as_usedptr;hostnum++)
{
testhost = submithosts->as_string[hostnum];
if (!strcasecmp(testhost, orighost))
{
/* job submitted from host found in trusted submit host list, access allowed */
if (dptr != NULL)
*dptr = '.';
if ((ProxyRequested == 0) || (ProxyAllowed == 1))
{
return(0);
}
/* host is fine, must validate proxy via ruserok() */
HostAllowed = 1;
break;
}
} /* END for (hostnum) */
} /* END if (SRV_ATR_SubmitHosts) */
if (dptr != NULL)
*dptr = '.';
#ifdef MUNGE_AUTH
sprintf(uh, "%s@%s", owner, orighost);
rc = acl_check(&server.sv_attr[SRV_ATR_authusers], uh, ACL_User_Host);
if(rc <= 0)
{
/* rc == 0 means we did not find a match.
this is a failure */
if(EMsg != NULL)
{
snprintf(EMsg, 1024, "could not authorize user %s from %s",
owner, orighost);
}
rc = -1; /* -1 is what set_jobexid is expecting for a failure*/
}
else
{
/*SUCCESS*/
rc = 0; /* the call to ruserok below was in the code first. ruserok returns
0 on success but acl_check returns a positive value on success.
We set rc to 0 to be consistent with the original ruserok functionality */
}
#else
rc = ruserok(orighost, 0, owner, luser);
if (rc != 0 && EMsg != NULL)
{
/* Test rc so as to not fill this message in the case of success, since other
* callers might not fill this message in the case of their errors and
* very misleading error message will go into the logs.
*/
snprintf(EMsg, 1024, "ruserok failed validating %s/%s from %s",
owner,
luser,
orighost);
}
#endif
#ifdef sun
/* broken Sun ruserok() sets process so it appears to be owned */
/* by the luser, change it back for cosmetic reasons */
setuid(0);
#endif /* sun */
return(rc);
} /* END site_check_user_map() */
PAM_EXTERN
int pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc,
const char **argv)
{
const char *luser = NULL;
const char *ruser = NULL, *rhost = NULL;
const char *opt_superuser = NULL;
const void *c_void;
int opt_debug = 0;
int opt_silent;
int as_root;
int retval;
opt_silent = flags & PAM_SILENT;
while (argc-- > 0) {
if (strcmp(*argv, "debug") == 0)
opt_debug = 1;
else if (strcmp (*argv, "silent") == 0 || strcmp(*argv, "suppress") == 0)
opt_silent = 1;
else if (strncmp(*argv, "superuser="******"superuser="******"superuser="******"unrecognized option '%s'", *argv);
++argv;
}
retval = pam_get_item (pamh, PAM_RHOST, &c_void);
if (retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_ERR, "could not get the remote host name");
return retval;
}
rhost = c_void;
retval = pam_get_item(pamh, PAM_RUSER, &c_void);
ruser = c_void;
if (retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_ERR, "could not get the remote username");
return retval;
}
retval = pam_get_user(pamh, &luser, NULL);
if (retval != PAM_SUCCESS) {
pam_syslog(pamh, LOG_ERR, "could not determine name of local user");
return retval;
}
if (rhost == NULL || ruser == NULL || luser == NULL)
return PAM_AUTH_ERR;
if (opt_superuser && strcmp(opt_superuser, luser) == 0)
as_root = 1;
else {
struct passwd *lpwd;
lpwd = pam_modutil_getpwnam(pamh, luser);
if (lpwd == NULL) {
if (opt_debug)
/* don't print by default, could be the user's password */
pam_syslog(pamh, LOG_DEBUG,
"user '%s' unknown to this system", luser);
return PAM_USER_UNKNOWN;
}
as_root = (lpwd->pw_uid == 0);
}
#ifdef HAVE_RUSEROK_AF
retval = ruserok_af (rhost, as_root, ruser, luser, PF_UNSPEC);
#else
retval = ruserok (rhost, as_root, ruser, luser);
#endif
if (retval != 0) {
if (!opt_silent || opt_debug)
pam_syslog(pamh, LOG_WARNING, "denied access to %s@%s as %s",
ruser, rhost, luser);
return PAM_AUTH_ERR;
} else {
if (!opt_silent || opt_debug)
pam_syslog(pamh, LOG_NOTICE, "allowed access to %s@%s as %s",
ruser, rhost, luser);
return PAM_SUCCESS;
}
}
int
svr_chk_owner(struct batch_request *preq, job *pjob)
{
char owner[PBS_MAXUSER+1];
char *pu;
char *ph;
char rmtuser[PBS_MAXUSER+PBS_MAXHOSTNAME+2];
extern int ruserok(const char *rhost, int suser, const char *ruser,
const char *luser);
#ifdef WIN32
extern int user_read_password(char *user, char **cred, size_t *len);
extern int read_cred(job *pjob, char **cred, size_t *len);
extern int decrypt_pwd(char *crypted, size_t len, char **passwd);
#endif
/* Are the owner and requestor the same? */
snprintf(rmtuser, sizeof(rmtuser), "%s",
pjob->ji_wattr[(int)JOB_ATR_job_owner].at_val.at_str);
pu = rmtuser;
ph = strchr(rmtuser, '@');
if (!ph)
return -1;
*ph++ = '\0';
if (strcmp(preq->rq_user, pu) == 0) {
/* Avoid the lookup if they match. */
if (strcmp(preq->rq_host, ph) == 0)
return 0;
/* Perform the lookup. */
if (is_same_host(preq->rq_host, ph))
return 0;
}
/* map requestor user@host to "local" name */
pu = site_map_user(preq->rq_user, preq->rq_host);
if (pu == NULL)
return (-1);
(void)strncpy(rmtuser, pu, PBS_MAXUSER);
/*
* Get job owner name without "@host" and then map to "local" name.
*/
get_jobowner(pjob->ji_wattr[(int)JOB_ATR_job_owner].at_val.at_str, owner);
pu = site_map_user(owner, get_hostPart(pjob->ji_wattr[(int)JOB_ATR_job_owner].at_val.at_str));
if (server.sv_attr[(int)SRV_ATR_FlatUID].at_val.at_long) {
/* with flatuid, all that must match is user names */
return (strcmp(rmtuser, pu));
} else {
/* non-flatuid space, must validate rmtuser vs owner */
#ifdef WIN32
if ( (server.sv_attr[SRV_ATR_ssignon_enable].at_flags & \
ATR_VFLAG_SET) && \
(server.sv_attr[SRV_ATR_ssignon_enable].at_val.at_long \
== 1) ) {
/* read/cache user password */
cache_usertoken_and_homedir(pu, NULL, 0,
user_read_password, (char *)pu, pbs_decrypt_pwd, 0);
} else {
/* read/cache job password */
cache_usertoken_and_homedir(pu, NULL, 0,
read_cred, (job *)pjob, pbs_decrypt_pwd, 0);
}
#endif
return (ruserok(preq->rq_host, 0, rmtuser, pu));
}
}
int
site_check_user_map(void *pobj, int objtype, char *luser)
{
char *orighost;
char owner[PBS_MAXUSER+1];
char *p1;
char *objid;
int event_type, event_class;
int rc;
/* set pointer variables etc based on object's type */
if (objtype == JOB_OBJECT) {
p1 = ((job *)pobj)->ji_wattr[JOB_ATR_job_owner].at_val.at_str;
objid = ((job *)pobj)->ji_qs.ji_jobid;
event_type = PBSEVENT_JOB;
event_class = PBS_EVENTCLASS_JOB;
} else {
p1 = ((resc_resv *)pobj)->ri_wattr[RESV_ATR_resv_owner].at_val.at_str;
objid = ((resc_resv *)pobj)->ri_qs.ri_resvID;
event_type = PBSEVENT_JOB;
event_class = PBS_EVENTCLASS_JOB;
}
/* the owner name, without the "@host" */
cvrt_fqn_to_name(p1, owner);
orighost = strchr(p1, '@');
if ((orighost == (char *)0) || (*++orighost == '\0')) {
log_event(event_type, event_class, LOG_INFO, objid, msg_orighost);
return (-1);
}
if (!strcasecmp(orighost, server_host) && !strcmp(owner, luser))
return (0);
#ifdef WIN32
rc = ruserok(orighost, isAdminPrivilege(luser), owner, luser);
if (rc == -2) {
sprintf(log_buffer, "User %s does not exist!", luser);
log_err(0, "site_check_user_map", log_buffer);
rc = -1;
} else if (rc == -3) {
sprintf(log_buffer,
"User %s's [HOMEDIR]/.rhosts is unreadable! Needs SYSTEM or Everyone access", luser);
log_err(0, "site_check_user_map", log_buffer);
rc = -1;
}
#else
rc = ruserok(orighost, 0, owner, luser);
#endif
#ifdef sun
/* broken Sun ruserok() sets process so it appears to be owned */
/* by the luser, change it back for cosmetic reasons */
if (setuid(0) == -1) {
log_err(errno, "site_check_user_map", "cannot go back to root");
exit(1);
}
#endif /* sun */
return (rc);
}
/*
* check for trusted host and user
*/
static int
check_host(
struct svc_req *rqstp /* RPC stuff */
)
{
struct authsys_parms *sys_credp;
SVCXPRT *transp = rqstp->rq_xprt;
struct netconfig *nconfp = NULL;
struct nd_hostservlist *hservlistp = NULL;
int i;
int rval = -1;
char *inplace = NULL;
/* check for root */
/*LINTED*/
sys_credp = (struct authsys_parms *)rqstp->rq_clntcred;
assert(sys_credp != NULL);
if (sys_credp->aup_uid != 0)
goto out;
/* get hostnames */
if (transp->xp_netid == NULL) {
md_eprintf("transp->xp_netid == NULL\n");
goto out;
}
if ((nconfp = getnetconfigent(transp->xp_netid)) == NULL) {
#ifdef DEBUG
nc_perror("getnetconfigent(transp->xp_netid)");
#endif
goto out;
}
if ((__netdir_getbyaddr_nosrv(nconfp, &hservlistp, &transp->xp_rtaddr)
!= 0) || (hservlistp == NULL)) {
#ifdef DEBUG
netdir_perror("netdir_getbyaddr(transp->xp_rtaddr)");
#endif
goto out;
}
/* check hostnames */
for (i = 0; (i < hservlistp->h_cnt); ++i) {
struct nd_hostserv *hservp = &hservlistp->h_hostservs[i];
char *hostname = hservp->h_host;
inplace = strdup(hostname);
/* localhost is OK */
if (strcmp(hostname, mynode()) == 0) {
rval = 0;
goto out;
}
/* check for remote root access */
if (ruserok(hostname, 1, "root", "root") == 0) {
rval = 0;
goto out;
}
sdssc_cm_nm2nid(inplace);
if (strcmp(inplace, hostname)) {
/*
* If the names are now different it indicates
* that hostname was converted to a nodeid. This
* will only occur if hostname is part of the same
* cluster that the current node is in.
* If the machine is not running in a cluster than
* sdssc_cm_nm2nid is a noop which leaves inplace
* alone.
*/
rval = 0;
goto out;
}
}
/* cleanup, return success */
out:
if (inplace)
free(inplace);
if (hservlistp != NULL)
netdir_free(hservlistp, ND_HOSTSERVLIST);
if (nconfp != NULL)
Free(nconfp);
return (rval);
}
