[GE users] Modified sshd, for accounting

Ron Chen ron_chen_123 at yahoo.com
Wed Mar 9 01:39:37 GMT 2005


Firt of all, I asked Anthony to send to this list
because I want this reply to be archived on the
project site, so that I don't have to ask the rogers
site owner to update the stuff for me.
=======================================================

We worked with the OpenSSH guys 2 years ago, and they
agreed to look at our changes and merge them into
their tree if it's simple to do. But then I didn't
have time to work on the code cleanup part, if you are
interested, please help!

(If we get this done, others can grab the source from
OpenSSH and run something like "./configure
--with-sge" and get an SGE integrated SSH daemon!)

And I only tested it with SGE 5.3. Last night, I
ported the code to SGE6. Changes are needed because
the SGE functions got new names.

Warning: I only tested it with SGE 5.3, and SGE6.0 was
never tested.

 -Ron


--- "Anthony J. Ciani" <aciani1 at uic.edu> wrote:
> About a year ago, Ron Chen made a patch to modify
> sshd to give it the same
> accounting and control ability as SGE's rshd.  The
> link to the website
> with the patch and instructions is now invalid. 
> Anyone know where this
> is now?


	
		
__________________________________ 
Celebrate Yahoo!'s 10th Birthday! 
Yahoo! Netrospective: 100 Moments of the Web 
http://birthday.yahoo.com/netrospective/

    [ Part 2: "sgessh.txt" ]

1) compile OpenSSH on your system, install it (use
--prefix to point to a different location so that it
won't overwrite the default one). Make sure you can
use it to login to the machine.

2) compile SGE source.

3) modify sshd.c in your OpenSSH source.

4) put sgessh.c in your OpenSSH source directory, and
compile with "gcc -c"

5) collect the needed object files for "libsgessh.a"

6) recompile sshd, and make will complain about
missing symbols, so copy and paste the link line
command, add "sgessh.o" that you've just compiled to
the list of object files. Also, link against
libsgessh.a.




- SGE:     5.3p5
- OpenSSH: 3.7.1p2

% diff -C3 sshd.org.c sshd.c
============================
*** sshd.org.c  2004-04-07 11:11:19.00000000
--- sshd.c      2004-04-07 11:12:49.00000000
***************
*** 669,675 ****
       demote_sensitive_data();

       /* Drop privileges */
!       do_setusercontext(authctxt->pw);

       /* It is safe now to apply the key state */
       monitor_apply_keystate(pmonitor);
--- 669,678 ----
       demote_sensitive_data();

       /* Drop privileges */
!         sgessh_do_setusercontext(authctxt->pw);
!
!         /* SGE will do it */
!       /* do_setusercontext(authctxt->pw); */

       /* It is safe now to apply the key state */
       monitor_apply_keystate(pmonitor);
***************
*** 822,827 ****
--- 825,833 ----
       __progname = ssh_get_progname(av[0]);
       init_rng();

+         /* get SGE configuration */
+         sgessh_readconfig();
+
       /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
       saved_argc = ac;
       saved_argv = xmalloc(sizeof(*saved_argv) * (ac + 1));

sgessh.c
========
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <pwd.h>
#include <paths.h>

extern int foreground;

#define MAXPATHLEN 1024

static char *s_qsub_gid = NULL;
static char err_str[1024];
static char start_dir[MAXPATHLEN];
static char work_dir[MAXPATHLEN];

int sgessh_readconfig()
{
  /* we are now in active job directory - read config before we change
  ** to user directory
  ** and initialize admin user
  */
 read_config("config");

 if (set_admin_username(get_conf_val("admin_user"), err_str)) {
    exit(1);
 }

 s_qsub_gid = get_conf_val("qsub_gid");

 getcwd(start_dir, MAXPATHLEN);

 return 0;
}

int sgessh_do_setusercontext(struct passwd *pwd)
{
  gid_t add_grp_id;
  char *target_user;
  int min_gid, min_uid;
  char err_str[1024];

  if (getuid() != 0)
   return do_setusercontext();

  getcwd(work_dir, MAXPATHLEN);

#if 1
  target_user = pwd->pw_name;
  min_gid = pwd->pw_gid;
  min_uid = pwd->pw_uid;
#endif

  chdir(start_dir);

  switch2admin_user();

  foreground = 0; /* setosjobid shall write to shepherd trace file */

  setosjobid(0, &add_grp_id, pwd);

  setrlimits(0);
  switch2start_user();

  setuidgidaddgrp(target_user, NULL,min_gid, min_uid,
                           add_grp_id, err_str, 0, 0);

  chdir(work_dir);

  return;

  if (*(pwd->pw_shell) == '\0')
     pwd->pw_shell = _PATH_BSHELL;

#if BSD > 43
  if (setlogin(pwd->pw_name) < 0)
     syslog(LOG_ERR, "setlogin() failed: %m");
#endif

  if(s_qsub_gid != NULL && strcmp(s_qsub_gid, "no") != 0)
     pwd->pw_gid = atoi(s_qsub_gid);

  setgid((gid_t)pwd->pw_gid);
  initgroups(pwd->pw_name, pwd->pw_gid);

  /* add Additional group id to current list of groups */

  if (add_grp_id)
     if (add_group(add_grp_id, err_str) == -1);

 chdir(work_dir);

}

libsgessh.a
===========
setosjobid.o
config_file.o
err_trace.o
sge_switch_user.o
execution_states.o
qlogin_starter.o
setenv.o
setjoblimit.o
setrlimits.o
sge_parse_num_par.o





- SGE:     6.0update3
- OpenSSH: 3.9p1


% gcc <the rest of link line of sshd> sgessh.o -LLINUXAMD64_26/ -luti -lrmon -lgdi -llck -lsge -lsgessh -lpthread

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <pwd.h>
#include <paths.h>

extern int foreground;

#define MAXPATHLEN 1024

static char *s_qsub_gid = NULL;
static char err_str[1024];
static char start_dir[MAXPATHLEN];
static char work_dir[MAXPATHLEN];

int sgessh_readconfig()
{
 /* we are now in active job directory - read config before we change
 ** to user directory
 ** and initialize admin user
 */
read_config("config");

if (sge_set_admin_username(get_conf_val("admin_user"), err_str)) {
   exit(1);
}

s_qsub_gid = get_conf_val("qsub_gid");

getcwd(start_dir, MAXPATHLEN);

return 0;
}

int sgessh_do_setusercontext(struct passwd *pwd)
{
 gid_t add_grp_id;
 char *target_user;
 int min_gid, min_uid;
 char err_str[1024];

 if (getuid() != 0)
  return do_setusercontext();

 getcwd(work_dir, MAXPATHLEN);

#if 1
 target_user = pwd->pw_name;
 min_gid = pwd->pw_gid;
 min_uid = pwd->pw_uid;
#endif

 chdir(start_dir);

 sge_switch2admin_user();

 foreground = 0; /* setosjobid shall write to shepherd trace file */

 setosjobid(0, &add_grp_id, pwd);

 setrlimits(0);
 sge_switch2start_user();

 sge_set_uid_gid_addgrp(target_user, NULL,min_gid, min_uid,
                          add_grp_id, err_str, 0, 0);

 chdir(work_dir);

 return;

 if (*(pwd->pw_shell) == '\0')
    pwd->pw_shell = _PATH_BSHELL;

#if BSD > 43
 if (setlogin(pwd->pw_name) < 0)
    syslog(LOG_ERR, "setlogin() failed: %m");
#endif

 if(s_qsub_gid != NULL && strcmp(s_qsub_gid, "no") != 0)
    pwd->pw_gid = atoi(s_qsub_gid);

 setgid((gid_t)pwd->pw_gid);
 initgroups(pwd->pw_name, pwd->pw_gid);

 /* add Additional group id to current list of groups */

 if (add_grp_id)
    if (sge_add_group(add_grp_id, err_str) == -1);

 chdir(work_dir);

}



libsgessh.a
===========
config_file.o
sge_parse_num_par.o
setosjobid.o
err_trace.o
execution_states.o
qlogin_starter.o
setrlimits.o
setjoblimit.o



    [ Part 3: "Attached Text" ]

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net



More information about the gridengine-users mailing list