#!/bin/sh
# script to apply patches to ssh-1.2.22 to create the unicos version
# of ssh-1.2.22
#
# Usage:
# ApplySshPatches {targetdir} {patchdir}
# Don't use trailing "/" and patchdir should be a fully
# qualified path.
#
PATCH="/usr/bin/patch -R"
TARGETDIR=$1
if [ "$TARGETDIR" = "" ]
then
   echo "TARGETDIR invalid"
   echo "Usage: ApplySshPatches {targetdir} {patchdir}"
   exit
fi
PATCHDIR=$2
if [ "$PATCHDIR" = "" ]
then
   echo "PATCHDIR invalid"
   echo "Usage: ApplySshPatches {targetdir} {patchdir}"
   exit
fi
if [ ! -x $TARGETDIR/configure ]
then
   echo
   echo Error
   echo "$TARGETDIR does not look like it is a secure shell distribution"
   echo "Make sure TARGETDIR is a valid Secure Shell 1.2.22 distribution"
   echo
   exit
fi
#
# Clean up files in case this is a restart
#
/bin/rm -rf $PATCHDIR/*.patch
echo Old Patch files removed, if any.
sleep 5
#
# Here are the files that are new
#
set -x
cp $PATCHDIR/install.unicos $TARGETDIR/INSTALL.UNICOS
cp $PATCHDIR/ipopts_ok.c $TARGETDIR
cp $PATCHDIR/ssh-unicos.c $TARGETDIR
cp $PATCHDIR/ssh-unicos.h $TARGETDIR
cp $PATCHDIR/ssh.db $TARGETDIR
cp $PATCHDIR/sshd.db $TARGETDIR
# 
# I don't know if these are needed but I included them for
# completeness. I did not find them in the ssh distribution
# but they appeared in the LANL version. Maybe a different
# GNU MP was used?
#
cp $PATCHDIR/add_n.S $TARGETDIR/gmp-2.0.2-ssh-2/mpn/
cp $PATCHDIR/addmul_1.S $TARGETDIR/gmp-2.0.2-ssh-2/mpn/
cp $PATCHDIR/lshift.S $TARGETDIR/gmp-2.0.2-ssh-2/mpn/
cp $PATCHDIR/mul_1.S $TARGETDIR/gmp-2.0.2-ssh-2/mpn/
cp $PATCHDIR/rshift.S $TARGETDIR/gmp-2.0.2-ssh-2/mpn/
cp $PATCHDIR/sub_n.S $TARGETDIR/gmp-2.0.2-ssh-2/mpn/
cp $PATCHDIR/submul_1.S $TARGETDIR/gmp-2.0.2-ssh-2/mpn/
cp $PATCHDIR/udiv_fp.S $TARGETDIR/gmp-2.0.2-ssh-2/mpn/
mkdir -p $TARGETDIR/gmp-2.0.2-ssh-2/mpn/t3e/CVS
cp $PATCHDIR/Root $TARGETDIR/gmp-2.0.2-ssh-2/mpn/t3e/CVS/Root
cp $PATCHDIR/Repository $TARGETDIR/gmp-2.0.2-ssh-2/mpn/t3e/CVS/Repository
cp $PATCHDIR/Entries $TARGETDIR/gmp-2.0.2-ssh-2/mpn/t3e/CVS/Entries
cp $PATCHDIR/gmp-mparam.h $TARGETDIR/gmp-2.0.2-ssh-2/mpn/t3e/gmp-mparam.h

# Here is where the patching starts
#
# Damn, what a *@%&!@% pain in the rear. This took over
# four hours to get in working order.  All the diffs
# and special characters that get interpreted by the shell
# had to be fixed.
# Arrgghhh!  Finally done. Hope someone appreciates this!
# Stupid U.S. export laws!  -vgh

/bin/cat << EOF > $PATCHDIR/INSTALL.patch
14,15d13
< (For UNICOS systems, see also INSTALL.UNICOS)
< 
EOF
$PATCH -b -i $PATCHDIR/INSTALL.patch $TARGETDIR/INSTALL

/bin/cat << EOF > $PATCHDIR/Makefile.in.patch
11c11
< # \$Id: Makefile.in,v 1.41 1998-05-18 15:24:07-06 rrb LANL rrb \$
---
> # \$Id: Makefile.in,v 1.40 1997/09/02 13:21:56 kivinen Exp \$
13,16d12
< # Revision 1.41  1998-05-18 15:24:07-06  rrb
< # Add ipopts_ok.o and ssh-unicos.o
< #
< #
290,291c286
< 	userfile.o signals.o blowfish.o \\
< 	ipopts_ok.o
---
> 	userfile.o signals.o blowfish.o
294,295c289
< 	serverloop.o \$(COMMON_OBJS) \$(KERBEROS_OBJS) \\
< 	ssh-unicos.o
---
> 	serverloop.o \$(COMMON_OBJS) \$(KERBEROS_OBJS)
EOF
$PATCH -b -i $PATCHDIR/Makefile.in.patch $TARGETDIR/Makefile.in

/bin/cat << EOF > $PATCHDIR/authfd.c.patch
506c506
<   auth->num_identities = buffer_get_signed_int(&auth->identities);
---
>   auth->num_identities = buffer_get_int(&auth->identities);
529c529
<   *bitsp = buffer_get_signed_int(&auth->identities);
---
>   *bitsp = buffer_get_int(&auth->identities);
EOF
$PATCH -b -i $PATCHDIR/authfd.c.patch $TARGETDIR/authfd.c



/bin/cat << EOF > $PATCHDIR/bufaux.c.patch
127,148d126
< /* Returns an integer from the buffer (4 bytes, msb first). */
< /* SIZEOF_INT must be max value (INT_MAX), not storage size */
< #if   SIZEOF_INT == 8
< int buffer_get_signed_int(Buffer *buffer)
< {
<     unsigned int unsigned_integer = buffer_get_int(buffer);
<     if (unsigned_integer < 2147483648)
<       return (int)unsigned_integer;
<     else /* subtract from 2 ^ 32 and multiply by -1 */
<       return (int)(4294967296 - unsigned_integer) * -1;
< }
< #else /* SIZEOF_INT != 8 -- try 4 */
< #if   SIZEOF_INT == 4
< int buffer_get_signed_int(Buffer *buffer)
< {
<   return (int)(buffer_get_int(buffer));
< }
< #else /* not 64-bit and not 32-bit */
< /* Generate compile-time error */
< "Can only deal with 64-bit and 32-bit unsigned integer types "
< #endif        /* SIZEOF_INT == 4 */
< #endif        /* SIZEOF_INT == 8 */
EOF
$PATCH -b -i $PATCHDIR/bufaux.c.patch $TARGETDIR/bufaux.c

/bin/cat << EOF > $PATCHDIR/bufaux.h.patch 
42,43d41
< /* Returns a signed integer from the buffer (4 bytes, msb first). */
< int buffer_get_signed_int(Buffer *buffer);
EOF
$PATCH -b -i $PATCHDIR/bufaux.h.patch $TARGETDIR/bufaux.h

/bin/cat << EOF > $PATCHDIR/canohost.c.patch
1d0
< static char rcsid[] = "\$Header: /localsw/UNICOS/ssh-1.2.22.ut/RCS/canohost.c,v 1.4 1998-05-18 15:30:24-06 rrb LANL \$";
18c17
<  * \$Id: canohost.c,v 1.4 1998-05-18 15:30:24-06 rrb LANL \$
---
>  * \$Id: canohost.c,v 1.3 1997/03/19 15:59:45 kivinen Exp \$
20,23d18
<  * If there are IP options on the connected socket, call ipopts_ok to
<  * make sure the options are acceptable.  Used only when the IPSO macro
<  * is defined.
<  *
54,57d48
< #ifdef	IPSO
< extern	int	ipopts_ok (const unsigned char* op, int len);
< #endif	IPSO
< 
154,156d144
< 	/* Note: "text" buffer must be at least 3x as big as options. */
< #ifdef	IPSO
< 	if ( ! ipopts_ok (options, option_size)) {
157a146
> 	/* Note: "text" buffer must be at least 3x as big as options. */
160,170d148
<  
< 	    log_msg ("Connection from %.100s with disallowed IP options:%.800s",
< 			inet_ntoa(from.sin_addr), text);
< 	    packet_disconnect (
< 		"Connection from %.100s with disallowed IP options:%.800s",
< 		inet_ntoa(from.sin_addr), text);
< 	}
< #else	!IPSO
< 	cp = text;
< 	for (ucp = options; option_size > 0; ucp++, option_size--, cp += 3)
< 	  sprintf(cp, " %2.2x", *ucp);
175d152
< #endif	IPSO
EOF
$PATCH -b -i $PATCHDIR/bufaux.h.patch $TARGETDIR/bufaux.h

/bin/cat << EOF > $PATCHDIR/clientloop.c.patch
313c313
< 	  exit_status = packet_get_signed_int();
---
> 	  exit_status = packet_get_int();
EOF
$PATCH -b -i $PATCHDIR/clientloop.c.patch $TARGETDIR/clientloop.c

/bin/cat << EOF > $PATCHDIR/config.guess.patch 
322,324d321
<     CRAY*J90:*:*:*)
<         echo j90-cray-unicos\${UNAME_RELEASE}
<         exit 0 ;;
330,332d326
< 	exit 0 ;;
<     CRAY*T3E:*:*:*)
< 	echo t3e-cray-unicosmk\${UNAME_RELEASE}
EOF
$PATCH -b -i $PATCHDIR/config.sub.patch $TARGETDIR/config.sub

/bin/cat << EOF > $PATCHDIR/config.sub.patch
242c242
< 	c90-cray)
---
> 	[ctj]90-cray)
245,256d244
< 		;;
< 	j90-cray)
< 		basic_machine=j90-cray
< 		os=-unicos
< 		;;
< 	t90-cray)
< 		basic_machine=t90-cray
< 		os=-unicos
< 		;;
< 	t3e-cray)
< 		basic_machine=t3e-cray
< 		os=-unicosmk
EOF
$PATCH -b -i $PATCHDIR/config.sub.patch $TARGETDIR/config.sub

/bin/cat << EOF > $PATCHDIR/configure.patch
1641,1649d1640
<   t90-cray-unicos*)
<     CFLAGS="\$CFLAGS -DCRAY_STACKSEG_END=_getb67 -DCRAY -DCRAY_TS"
<     LIBS="\$LIBS -lrsc -lshare -lm -lrsc -lurm -luex -lacm"
<     no_libsocket=yes
<     no_libsun=yes
<     no_libnsl=yes
<     no_libbsd=yes
<     no_libdir=yes
<     ;;
1651,1657c1642,1643
<     CFLAGS="\$CFLAGS -DCRAY_STACKSEG_END=_getb67 -DCRAY"
<     LIBS="\$LIBS -lrsc -lshare -lm -lrsc -lurm -luex -lacm"
<     no_libsocket=yes
<     no_libsun=yes
<     no_libnsl=yes
<     no_libbsd=yes
<     no_libdir=yes
---
>     CFLAGS="\$CFLAGS -DCRAY_STACKSEG_END=_getb67"
>     LIBS="\$LIBS -lrsc"
3090d3075
<   if test -z "\$no_libbsd"; then
3092d3076
<   fi
3546d3529
< if test -z "\$no_libbsd"; then
3548d3530
< fi
EOF
$PATCH -b -i $PATCHDIR/configure.patch $TARGETDIR/configure

/bin/cat << EOF > $PATCHDIR/configure.in.patch 
583c583
<     LIBS="\$LIBS -lrsc -lshare -lm -lurm -luex -lacm"
---
>     LIBS="\$LIBS -lrsc"
EOF
$PATCH -b -i $PATCHDIR/configure.in.patch $TARGETDIR/configure.in

/bin/cat << EOF > $PATCHDIR/des.c.patch
36,39d35
<  * Revision 1.3  1998/06/02  01:22:25  vgh
<  * 	Added Howard Kash's T90 fixes for masking upper 32 bits
<  *      to des.c is 64-bit clean.
<  *
47,48d42
< #define MASK32(x) ((x) & 0x0ffffffff)
< 
356c350
<       l^=MASK32(t<<size);
---
> 	l^=(t<<size);
377c371
<       (a)^=MASK32((t)<<(n)))
---
> 	(a)^=((t)<<(n)))
396c390
<       t=((t>>4)+MASK32(t<<28)); \\
---
> 	t=((t>>4)+(t<<28)); \\
425,426c419,420
<   t=MASK32(r<<1)|(r>>31);
<   r=MASK32(l<<1)|(l>>31);
---
>   t=(r<<1)|(r>>31);
>   r=(l<<1)|(l>>31);
447,448c441,442
<   l=(l>>1)|MASK32(l<<31);
<   r=(r>>1)|MASK32(r<<31);
---
>   l=(l>>1)|(l<<31);
>   r=(r>>1)|(r<<31);
458c452
< #define HPERM_OP(a,t,n,m) ((t)=((MASK32((a)<<(16-(n)))^(a))&(m)),\\
---
> #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\\
481c475
<   d = (MASK32(d & 0xff) << 16) | (d & 0xff00) |
---
>   d = ((d & 0xff) << 16) | (d & 0xff00) |
489c483
<       { c=((c>>2)|MASK32(c<<26)); d=((d>>2)|MASK32(d<<26)); }
---
> 	{ c=((c>>2)|(c<<26)); d=((d>>2)|(d<<26)); }
491c485
<       { c=((c>>1)|MASK32(c<<27)); d=((d>>1)|MASK32(d<<27)); }
---
> 	{ c=((c>>1)|(c<<27)); d=((d>>1)|(d<<27)); }
510c504
<       *schedule++ = (MASK32(t << 16) | (s & 0xffff));
---
>       *schedule++ = ((t << 16) | (s & 0xffff));
512c506
<       *schedule++ = MASK32(s << 4) | (s >> 28);
---
>       *schedule++ = (s << 4) | (s >> 28);
EOF
$PATCH -b -i $PATCHDIR/des.c.patch $TARGETDIR/des.c

/bin/cat << EOF > $PATCHDIR/login.c.patch
21c21
<  * \$Id: login.c,v 1.8 1998-05-18 15:16:56-06 rrb LANL rrb \$
---
>  * \$Id: login.c,v 1.7 1997/03/26 07:09:49 kivinen Exp \$
23,25d22
<  * Revision 1.8  1998-05-18 15:16:56-06  rrb
<  * Move UNICOS operations into ssh-unicos.c
<  *
88,93d84
< 
< #ifdef	CRAY
< # include <udb.h>
< # include "ssh-unicos.h"
< #endif	CRAY
< 
211,223d201
< #ifdef CRAY
< /* Crays record the time of last login in the user database -- much */
< /* nicer than having to root through the lastlog file. */
<     struct udb *up;
< 
<     if ((up = getudbuid(uid)) == UDB_NULL) return 0;
<     strncpy (buf, up->ue_loghost, bufsize);
<     if (strlen(up->ue_logline) > 0) {
< 	strncat (buf, " on ", bufsize-strlen(buf));
< 	strncat (buf, up->ue_logline, bufsize-strlen(buf));
<     } /* if */
<     return ((long )up->ue_logtime);
< #else
225d202
< #endif /* CRAY */
506,515d482
< #endif   
< #ifdef CRAY
<     /* UNICOS and UNICOS/mk record the last login info in the user database */
<     if (uid < (uid_t )0) {
< 	log_msg ("interactive session for pid %d on tty %s ended",
< 	    (int )pid, ttyname);
<     } else {
< 	update_udb (user, uid, ttyname, host);
<     }
<     return;
EOF
$PATCH -b -i $PATCHDIR/login.c.patch $TARGETDIR/login.c

/bin/cat << EOF > $PATCHDIR/md5.c.patch
19,24d18
<  *
<  * Revision 1997/11/15 Victor Hazlewood, San Diego Supercomputer Center
<  *      Added ifdef CRAY_TS for CRAY T90 architecture.  This code
<  *      was not 64-bit clean and T90's use 64-bit functional units.
<  *      A shift is masked off to 32 bits to sanitize its circular behavior
<  *      
148,152c142,143
< #ifdef CRAY_TS
< #define MD5STEP(f, w, x, y, z, data, s) ( w += f(x, y, z) + data,  w = (w<<s)&0xffffffff | (w&0xffffffff)>>(32-s),  w += x )
< #else
< #define MD5STEP(f, w, x, y, z, data, s) ( w += f(x, y, z) + data,  w = w<<s | w>>(32-s),  w += x )
< #endif
---
> #define MD5STEP(f, w, x, y, z, data, s) \\
> 	( w += f(x, y, z) + data,  w = w<<s | w>>(32-s),  w += x )
EOF
$PATCH -b -i $PATCHDIR/md5.c.patch $TARGETDIR/md5.c

/bin/cat << EOF > $PATCHDIR/newchannels.c.patch 
667c667
<   channel = packet_get_signed_int();
---
>   channel = packet_get_int();
680c680
<   channel = packet_get_signed_int();
---
>   channel = packet_get_int();
695c695
<   channel = packet_get_signed_int();
---
>   channel = packet_get_int();
1120c1120
<   channel = packet_get_signed_int();
---
>   channel = packet_get_int();
1207c1207
<   channel = packet_get_signed_int();
---
>   channel = packet_get_int();
1214c1214
<   remote_channel = packet_get_signed_int();
---
>   remote_channel = packet_get_int();
1229c1229
<   channel = packet_get_signed_int();
---
>   channel = packet_get_int();
1515c1515
<   port = packet_get_signed_int();
---
>   port = packet_get_int();
1517c1517
<   host_port = packet_get_signed_int();
---
>   host_port = packet_get_int();
1580c1580
<   remote_channel = packet_get_signed_int();
---
>   remote_channel = packet_get_int();
1590c1590
<   host_port = packet_get_signed_int();
---
>   host_port = packet_get_int();
1859c1859
<   remote_channel = packet_get_signed_int();
---
>   remote_channel = packet_get_int();
2359c2359
<   remote_channel = packet_get_signed_int();
---
>   remote_channel = packet_get_int();
EOF
$PATCH -b -i $PATCHDIR/newchannels.c.patch $TARGETDIR/newchannels.c

/bin/cat << EOF > $PATCHDIR/packet.c.patch
611,617d610
< /* Returns an integer from the packet data. */
< 
< int packet_get_signed_int()
< {
<   return buffer_get_signed_int(&incoming_packet);
< }
< 
EOF
$PATCH -b -i $PATCHDIR/packet.c.patch $TARGETDIR/packet.c

/bin/cat << EOF > $PATCHDIR/packet.h.patch
146,148d145
< /* Returns an integer from the packet data. */
< int packet_get_signed_int(void);
< 
EOF
$PATCH -b -i $PATCHDIR/packet.h.patch $TARGETDIR/packet.h

/bin/cat << EOF > $PATCHDIR/pty.c.patch
17c17
<  * \$Id: pty.c,v 1.12 1998-05-26 15:22:15-06 rrb LANL rrb \$
---
>  * \$Id: pty.c,v 1.11 1997/03/26 07:09:31 kivinen Exp \$
19,21d18
<  * Revision 1.12  1998-05-26 15:22:15-06  rrb
<  * On UNICOS, apply a security label to the pty device.
<  *
84,87d80
< #ifdef	CRAY
< # include "ssh-unicos.h"
< #endif	CRAY
< 
405d397
<       if (!pty_labeled (buf)) return (0);
415,416c407
<       if (pty_labeled (namebuf)) return (1);
<       else return 0;
---
>       return 1;
533d523
<       debug("Disconnect from the old controlling tty using TIOCNOTTY.");
540d529
< 
546,547d534
<     } else {
<       debug("Successfully disconnected from the controlling tty.");
559,560c546
<   debug("Setting controlling tty using TCSETCTTY on CRAY.");
<   /* debug("ttyname = %s, *ttyfd = %d",ttyname,*ttyfd); */
---
>   debug("Setting controlling tty using TCSETCTTY.");
576,581d561
< 
< #ifdef CRAY
<   debug("Openning controlling tty, /dev/tty, for read/write.");
<   fd = open("/dev/tty", O_RDWR);
< #else  /* CRAY */
<   debug("Openning controlling tty, /dev/tty, for write only.");
583,584d562
< #endif /* CRAY */
< 
590,593d567
<       debug("Verified that we now have a controlling tty (/dev/tty) fd=%d ttyfd=%d",fd,*ttyfd);
< 
< #     ifndef CRAY
<           debug("Closing file descriptor %d.",fd);
595,598d568
< #     else  /* not_CRAY */
<           debug("Avoid closing fd=%d (/dev/tty).",fd);
< #     endif /* not_CRAY */
< 
603,604d572
< 
<       debug("Openning controlling ttyname, %s, for read/write.",ttyname);
609d576
< 
612,625d578
< 
< #elif CRAY /* NOT (HAVE_VHANGUP && !HAVE_REVOKE) */
<     debug("Closing ttyfd file descriptor %d",*ttyfd);
<     close(*ttyfd);
< 
<     debug("Change *ttyfd from %d to %d.",*ttyfd,fd);
<     *ttyfd = fd;
< /*
<     debug("Dupping /dev/tty to STDIN, STDOUT, and STDERR.");
<     dup2(fd, STDIN_FILENO);
<     dup2(fd, STDOUT_FILENO);
<     dup2(fd, STDERR_FILENO);
<  */
< 
EOF
$PATCH -b -i $PATCHDIR/pty.c.patch $TARGETDIR/pty.c

/bin/cat << EOF > $PATCHDIR/serverloop.c.patch
159,162c159,162
< 	  row = packet_get_signed_int();
< 	  col = packet_get_signed_int();
< 	  xpixel = packet_get_signed_int();
< 	  ypixel = packet_get_signed_int();
---
> 	  row = packet_get_int();
> 	  col = packet_get_int();
> 	  xpixel = packet_get_int();
> 	  ypixel = packet_get_int();
174c174
< 	    remote_channel = packet_get_signed_int();
---
> 	    remote_channel = packet_get_int();
EOF
$PATCH -b -i $PATCHDIR/serverloop.c.patch $TARGETDIR/serverloop.c

/bin/cat << EOF > $PATCHDIR/ssh-agent.c.patch
194c194
<   pub_bits = buffer_get_signed_int(&e->input);
---
>   pub_bits = buffer_get_int(&e->input);
EOF
$PATCH -b -i $PATCHDIR/ssh-agent.c.patch $TARGETDIR/ssh-agent.c

/bin/cat << EOF > $PATCHDIR/ssh-askpass.c.patch
385c385
< 	  database = XrmGetStringDatabase((const char *)prop_return);
---
> 	  database = XrmGetStringDatabase(prop_return);
EOF
$PATCH -b -i $PATCHDIR/ssh-askpass.c.patch $TARGETDIR/ssh-askpass.c

/bin/cat << EOF > $PATCHDIR/ssh.c.patch
736,738d735
< /** DEBUG **/
<       debug ("Disabling rhosts authentication (not root)...");
< /** DEBUG **/
797,799d793
< /** DEBUG **/
<       debug ("About to load host private key...");
< /** DEBUG **/
EOF
$PATCH -b -i $PATCHDIR/ssh.c.patch $TARGETDIR/ssh.c

/bin/cat << EOF > $PATCHDIR/sshconnect.c.patch
463,465d462
< #ifdef CRAY
< 	      hp_static = gethostbyname((char *)host);
< #else
467d463
< #endif
EOF
$PATCH -b -i $PATCHDIR/sshconnect.c.patch $TARGETDIR/sshconnect.c

/bin/cat << EOF > $PATCHDIR/sshd.c.patch
21c21
<  * \$Id: sshd.c,v 1.49 1998-05-20 15:54:44-06 rrb LANL rrb \$
---
>  * \$Id: sshd.c,v 1.47 1998/01/03 06:42:43 kivinen Exp \$
23,55d22
<  * Revision 1.49  1998-05-20 15:54:44-06  rrb
<  * Reopen stderr for proper operation on MLS system.
<  *
<  * Revision 1.48  1998-05-18 15:16:19-06  rrb
<  * Move major UNICOS function from sshd.c to ssh-unicos.c.
<  * Add ability to work in a UNICOS MLS MAC system:
<  *     Handle connections at multiple security labels.
<  *     Ensure the user is allowed to log-in at the socket's label.
<  *     Drop privilege before exec to user shell/command.
<  *     Properly setup user's security label and security validation
<  *         information for the session.
<  *     Apply security label to the pty.
<  * Make the job temporary directory name based on the jid rather than pid.
<  * Allow for multi-level TMPDIR directory, with appropriate TMPDIR
<  *     name construction rules.
<  * Clean-up TMPDIR upon session termination.
<  * Cause the job to issue a WJSIGNAL upon termination so that the
<  *     TMPDIR can be cleaned up according to normal UNICOS procedures.
<  * Record authentication failures in the udb.
<  * Record connection failures when the connection is attempted at an
<  *     invalid security label.
<  * Remove TMPDIR environment variable upon the main daemon invocation to
<  *     prevent problems with kerberos 5 operations.  When a sysadmin starts
<  *     sshd on a CRAY, TMPDIR is usually defined.  sshd becomes a separate
<  *     job, thus when the administrator logs off, the normal TMPDIR cleanup
<  *     occurs.  Kerberos library routines use TMPDIR, if it is defined, as
<  *     the location to place replay cache files.  If the TMPDIR directory
<  *     is missing, some kerberos operations, such as k5 password logins
<  *     and TGT forwarding, will fail.  Undefining TMPDIR in the main daemon
<  *     causes kerberos 5 to use built-in system defaults.  On UNICOS, this
<  *     is /usr/tmp.
<  * Display login failure count since last successful login.
<  *
452c419,422
< # include "ssh-unicos.h"
---
> #include <udb.h>
> #include <unistd.h>
> #include <sys/category.h>
> extern char *setlimits();
580a551
> 
924,927d894
< #ifdef  CRAY
<   unicos_init();	/* initialize structures needed for UNICOS */
< #endif  CRAY
< 
971,974d937
< #ifdef  CRAY
<       set_unicos_sockopts (listen_sock);
< #endif  CRAY
< 
1143,1146d1105
< #ifdef  CRAY
<   get_unicos_connect_info (sock_in);	/* get MLS connection label */
< #endif  CRAY
< 
1668,1675d1626
< #ifdef CRAY
< /*
<  *      Read and store the udb entry for this user.
<  *      Then ensure the user is allowed access, or determine
<  *      if a password change is required.
<  */
<   get_udbent (user);
<   if ( unicos_access_denied (&forced_command)) return 0;
1677,1678d1627
< #endif /* CRAY */
< 
1917,1922d1865
< #ifdef  CRAY
< /*
<  *	Register a routine which will record failed login attempt in the udb.
<  */
<   register_udb_authfail ( user );
< #endif  CRAY
2377,2382d2319
< #ifdef  CRAY
< /*      
<  *      Cancel failure-attempt recording routine
<  */
<   cancel_udb_authfail();
< #endif  CRAY
2414,2422d2350
< #ifdef  CRAY
< /*
<  *      Setup to catch WJSIGNAL so that this daemon can
<  *      cleanup the job temporary directory created for the
<  *      login session.
<  */
<   catch_jobsignal();
< #endif  CRAY
< 
2453c2381
< 	  compression_level = packet_get_signed_int();
---
> 	  compression_level = packet_get_int();
2528,2531c2456,2459
< 	  row = packet_get_signed_int();
< 	  col = packet_get_signed_int();
< 	  xpixel = packet_get_signed_int();
< 	  ypixel = packet_get_signed_int();
---
> 	  row = packet_get_int();
> 	  col = packet_get_int();
> 	  xpixel = packet_get_int();
> 	  ypixel = packet_get_int();
2579c2507
< 	    screen = packet_get_signed_int();
---
> 	    screen = packet_get_int();
2746,2752d2673
< #ifdef  CRAY
< /*
<  *      Cancel WJSIGNAL handling in the child.
<  */
<   ignore_jobsignal();
< #endif  CRAY
< 
2794,2801d2714
< #ifdef  CRAY
< /*
<  *      If MLS is active, validate security information.  If the
<  *      connection is not allowed, mls_validate does not return.
<  *      If MLS is not active, this is a no-op.
<  */
<   mls_validate( /*havepty*/ FALSE );
< #endif  CRAY
2877d2789
<   char tty_device[100];
2901a2814
> 
2911,2917d2823
< #ifdef  CRAY
< /*
<  *      Cancel WJSIGNAL handling in the child.
<  */
<   ignore_jobsignal();
< #endif  CRAY
< 
2942,2964d2847
< #ifdef	CRAY
< /*
<  *	On UNICOS systems, dup2(ttyfd, fileno(stderr) causes problems.
<  *	For some as yet unexplained reason, output to stderr is 
<  *	truncated at the first format specification - that is, 
<  *	fprintf (stderr, "something %d\n") will send "something " to
<  *	stderr, but that is all.  Somehow all this reassociation messes
<  *	up stderr.  To get stderr working again (at least on UNICOS), 
<  *	stderr must be closed and reopened.  It is of no use to send 
<  *	error messages to stderr until this can be corrected.  All such 
<  *	messages will appear as "error: " or "debug: ".  Such situations
<  *	will show up when using "ssh -v {somehost}" as a pile of 
<  *	"debug: debug: debug:..." during the login process when sshd is run
<  *	in debug mode.  syslog still works, so calls to error, fatal, and 
<  *	debug will still be logged, if syslog is configured appropriately.  
<  *	stderr must be opened "w+" or programs such as "more" and "tset" 
<  *	will not operate properly.
<  */
<       if ( freopen (ttyname, "w+", stderr) == NULL ) 
< 	 error ("freopen(stderr->%s) failed: %.100s", ttyname, strerror(errno));
< 
< #else	!CRAY
< 
2968,2969d2850
< #endif	CRAY
< 
2984,2991d2864
< #ifdef  CRAY
< /*
<  *      If MLS is active, validate security information.  If the
<  *      connection is not allowed, mls_validate does not return.
<  *      If MLS is not active, this is a no-op.
<  */
<       mls_validate( /*havepty*/ TRUE );
< #endif  CRAY
3009,3019d2881
< 
<           FILE *fi;
< 
<           /* Print /etc/issue if it exists. */
<           fi = fopen("/etc/issue", "r");
<           if (fi) {
<               while (fgets(line, sizeof(line), fi))
<                 fputs(line, stdout);
<               fclose(fi);
< 	  } /* if */
< 
3025,3029d2886
< #ifdef	CRAY
< /*
<  *		Last login information will be shown later.
<  */	
< #else	!CRAY
3035d2891
< #endif	CRAY
3444,3446c3300,3301
< #ifdef	CRAY
<   /* Set account number, job ID, limits, and permissions. */
<   if (cray_setup (user_uid, user_name, ttyname) < 0)
---
> #ifdef CRAY   /* set up accounting account number, job, limits, permissions  */
>   if (cray_setup(user_uid, user_name) < 0)
3448c3303
< #endif	CRAY
---
> #endif
3486,3491d3340
< #ifdef  CRAY
< /*
<  *      Set user security attributes and drop all privilege.
<  */
<     set_seclabel();
< #endif  CRAY
3559c3408
<   if (getenv("TZ")) {
---
>   if (getenv("TZ"))
3561,3565d3409
< #ifdef CRAY
<   } else {
<     child_set_env(&env, &envsize, "TZ", "GMT0");
< #endif
<   }
3632,3636d3475
< #ifdef CRAY
<     /* Bind the temporary directory path to TMPDIR. */
<     child_set_env(&env, &envsize, "TMPDIR", TmpDir);
< #endif
<   
3645a3485
>   
3834a3675,3773
> 
> #ifdef CRAY
> /*
>  On a Cray, set the account number for the current process to the user's 
>  default account.  If this is not done, the process will have an account 
>  of zero and accounting (Cray System Accounting and/or SDSC Resource
>  Management (realtime)) will not operate correctly.
> 
>  This routine also calls setjob to set up an Cray Job (also known 
>  as a Session).  This is needed for CRI's Cray System Accounting 
>  and SDSC's Resource Management accounting/management system.
> 
>  It also calls setlimit, to set up limits and permissions.
>  
>  Wayne Schroeder
>  San Diego Supercomputer Center
>  schroeder@sdsc.edu
>  
> */
> int cray_setup(uid, username)
> uid_t uid;
> char *username;
> {
>   register struct udb *p;
>   extern struct udb *getudb();
>   int i, j;
>   int accts[MAXVIDS];
>   int naccts;
>   int err, jid;
>   char *sr;
>   int pid;
> 
>   /* Find all of the accounts for a particular user */
>   err = setudb();    /* open and rewind the Cray User DataBase */
>   if(err != 0)
>     {
>       debug("UDB open failure");
>       return(-1);
>     }
>   naccts = 0;
>   while ((p = getudb()) != UDB_NULL) 
>     {
>       if (p->ue_uid == -1) break;
>       if(uid == p->ue_uid) 
> 	{
> 	  for(j = 0; p->ue_acids[j] != -1 && j < MAXVIDS; j++) 
> 	    {
> 	      accts[naccts] = p->ue_acids[j];
> 	      naccts++;
> 	    }
> 	}
>     }
>   endudb();        /* close the udb */
>   if (naccts == 0 || accts[0] == 0)
>     {
>       debug("No Cray accounts found");
>       return(-1);
>     }
>  
>   /* Perhaps someday we'll prompt users who have multiple accounts
>      to let them pick one (like CRI's login does), but for now just set 
>      the account to the first entry. */
>   if (acctid(0, accts[0]) < 0) 
>     {
>       debug("System call acctid failed, accts[0]=%d",accts[0]);
>       return(-1);
>     } 
>  
>   /* Now call setjob to create a new job(/session).  This assigns a new Session
>      ID and session table entry to the calling process.  This process will be
>      the first process in the job/session. */
>   jid = setjob(uid, 0);
>   if (jid < 0) 
>     {
>       debug("System call setjob failure");
>       return(-1);
>     }
> 
>   /* Now set limits, including CPU time for the (interactive) job and process,
>      and set up permissions (for chown etc), etc.  This is via an internal CRI
>      routine, setlimits, used by CRI's login. */
> 
>   pid = getpid();
>   sr = setlimits(username, C_PROC, pid, UDBRC_INTER);
>   if (sr != NULL) 
>     {
>       debug(sr);
>       return(-1);
>     }
>   sr = setlimits(username, C_JOB, jid, UDBRC_INTER);
>   if (sr != NULL) 
>     {
>       debug(sr);
>       return(-1);
>     }
> 
>   return(0);
> }
> #endif /* CRAY */
EOF
$PATCH -b -i $PATCHDIR/sshd.c.patch $TARGETDIR/sshd.c

/bin/cat << EOF > $PATCHDIR/ttymodes.c.patch
400c400
< 	  baud = packet_get_signed_int();
---
> 	  baud = packet_get_int();
406c406
< 	  baud = packet_get_signed_int();
---
> 	  baud = packet_get_int();
EOF
$PATCH -b -i $PATCHDIR/ttymodes.c.patch $TARGETDIR/ttymodes.c

/bin/cat << EOF > $PATCHDIR/userfile.c.patch
421c421
< 	  mode = buffer_get_signed_int(&packet);
---
> 	  mode = buffer_get_int(&packet);
433c433
< 	  handle = buffer_get_signed_int(&packet);
---
> 	  handle = buffer_get_int(&packet);
449c449
< 	  handle = buffer_get_signed_int(&packet);
---
> 	  handle = buffer_get_int(&packet);
462c462
< 	  handle = buffer_get_signed_int(&packet);
---
> 	  handle = buffer_get_int(&packet);
473,474c473,474
< 	  handle = buffer_get_signed_int(&packet);
< 	  offset = buffer_get_signed_int(&packet);
---
> 	  handle = buffer_get_int(&packet);
> 	  offset = buffer_get_int(&packet);
487c487
< 	  mode = buffer_get_signed_int(&packet);
---
> 	  mode = buffer_get_int(&packet);
538c538
< 	  handle = buffer_get_signed_int(&packet);
---
> 	  handle = buffer_get_int(&packet);
636,638d635
< #ifdef CRAY
<       if (initgroups((char *)username, gid) < 0)
< #else
640d636
< #endif
743c739
<   handle = buffer_get_signed_int(&packet);
---
>   handle = buffer_get_int(&packet);
769c765
<       ret = buffer_get_signed_int(&packet);
---
>       ret = buffer_get_int(&packet);
895c891
< 	  ret = buffer_get_signed_int(&packet);
---
> 	  ret = buffer_get_int(&packet);
958c954
<       return buffer_get_signed_int(&packet);
---
>       return buffer_get_int(&packet);
987c983
<   return buffer_get_signed_int(&packet);
---
>   return buffer_get_int(&packet);
1011c1007
<   ret = buffer_get_signed_int(&packet);
---
>   ret = buffer_get_int(&packet);
1036c1032
<   return buffer_get_signed_int(&packet);
---
>   return buffer_get_int(&packet);
1069c1065
<   handle = buffer_get_signed_int(&packet);
---
>   handle = buffer_get_int(&packet);
1098c1094
<       ret = buffer_get_signed_int(&packet);
---
>       ret = buffer_get_int(&packet);
EOF
$PATCH -b -i $PATCHDIR/userfile.c.patch $TARGETDIR/userfile.c

/bin/cat << EOF > $PATCHDIR/gmp-2.0.2-ssh-2/config.guess.patch
322,324d321
<     CRAY*J90:*:*:*)
< 	echo j90-cray-unicos\${UNAME_RELEASE}
< 	exit 0 ;;
330,332d326
< 	exit 0 ;;
<     CRAY*T3E:*:*:*)
< 	echo t3e-cray-unicos\${UNAME_RELEASE}
EOF
$PATCH -b -i $PATCHDIR/gmp-2.0.2-ssh-2/config.guess.patch $TARGETDIR/gmp-2.0.2-ssh-2/config.guess

/bin/cat << EOF > $PATCHDIR/gmp-2.0.2-ssh-2/config.sub.patch
242c242
< 	c90-cray)
---
> 	[ctj]90-cray)
245,256d244
< 		;;
< 	j90-cray)
< 		basic_machine=j90-cray
< 		os=-unicos
< 		;;
< 	t90-cray)
< 		basic_machine=t90-cray
< 		os=-unicos
< 		;;
< 	t3e-cray)
< 		basic_machine=t3e-cray
< 		os=-unicosmk
EOF
$PATCH -b -i $PATCHDIR/gmp-2.0.2-ssh-2/config.sub.patch $TARGETDIR/gmp-2.0.2-ssh-2/config.sub

/bin/cat << EOF > $PATCHDIR/gmp-2.0.2-ssh-2/configure.patch
1805c1805
<   cray2-cray-unicos* | [xy]mp-cray-unicos* | [ctj]90-cray-unicos* | t3e-cray-unicos*)
---
>   cray2-cray-unicos* | [xy]mp-cray-unicos* | [ctj]90-cray-unicos*)
EOF
$PATCH -b -i $PATCHDIR/gmp-2.0.2-ssh-2/configure.patch $TARGETDIR/gmp-2.0.2-ssh-2/configure

