tyler.durden/openssh-portable
1
0
Fork 0
mirror of https://github.com/PowerShell/openssh-portable.git synced 2025-07-27 07:44:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

- (djm) AIX getuserattr() session initialisation from Tom Bertelson

Browse Source 
<tbert@abac.com>
This commit is contained in:
Damien Miller 2000-07-09 23:53:07 +10:00
parent 31abc9addb
commit 5fc8565d20
3 changed files with 69 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
acconfig.h
View File

@ -6,6 +6,9 @@
@TOP@ @TOP@
/* Define if you have the getuserattr function. */
#undef HAVE_GETUSERATTR
/* Work around problematic Linux PAM modules handling of PAM_TTY */ /* Work around problematic Linux PAM modules handling of PAM_TTY */
#undef PAM_TTY_KLUDGE #undef PAM_TTY_KLUDGE

9
configure.in
View File

@ -40,6 +40,8 @@ case "$host" in
mansubdir=cat mansubdir=cat
dnl AIX handles lastlog as part of its login message dnl AIX handles lastlog as part of its login message
AC_DEFINE(DISABLE_LASTLOG) AC_DEFINE(DISABLE_LASTLOG)
MANTYPE='$(CATMAN)'
mansubdir=cat
;; ;;
*-*-hpux10*) *-*-hpux10*)
if test -z "$GCC"; then if test -z "$GCC"; then
@ -206,7 +208,7 @@ if test -z "$no_libnsl" ; then
fi fi
# Checks for header files. # Checks for header files.
AC_CHECK_HEADERS(bstring.h endian.h lastlog.h limits.h login.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h stddef.h time.h util.h utmp.h utmpx.h) AC_CHECK_HEADERS(bstring.h endian.h lastlog.h limits.h login.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stat.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h stddef.h time.h usersec.h util.h utmp.h utmpx.h)
# Checks for library functions. # Checks for library functions.
AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock freeaddrinfo gai_strerror getaddrinfo getnameinfo getrusage innetgr md5_crypt memmove mkdtemp on_exit openpty rresvport_af setenv seteuid setlogin setproctitle setreuid sigaction sigvec snprintf strlcat strlcpy vsnprintf vhangup _getpty __b64_ntop) AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock freeaddrinfo gai_strerror getaddrinfo getnameinfo getrusage innetgr md5_crypt memmove mkdtemp on_exit openpty rresvport_af setenv seteuid setlogin setproctitle setreuid sigaction sigvec snprintf strlcat strlcpy vsnprintf vhangup _getpty __b64_ntop)
@ -221,6 +223,11 @@ dnl checks for utmpx functions
AC_CHECK_FUNCS(entutxent getutxent getutxid getutxline pututxline ) AC_CHECK_FUNCS(entutxent getutxent getutxid getutxline pututxline )
AC_CHECK_FUNCS(setutxent utmpxname) AC_CHECK_FUNCS(setutxent utmpxname)
AC_CHECK_FUNC(getuserattr,
[AC_DEFINE(HAVE_GETUSERATTR)],
[AC_CHECK_LIB(s, getuserattr, [LIBS="$LIBS -ls"; AC_DEFINE(HAVE_GETUSERATTR)])]
)
AC_CHECK_FUNC(login, AC_CHECK_FUNC(login,
[AC_DEFINE(HAVE_LOGIN)], [AC_DEFINE(HAVE_LOGIN)],
[AC_CHECK_LIB(bsd, login, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_LOGIN)])] [AC_CHECK_LIB(bsd, login, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_LOGIN)])]

58
session.c
View File

@ -9,6 +9,9 @@
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: session.c,v 1.20 2000/06/18 04:42:54 markus Exp $"); RCSID("$OpenBSD: session.c,v 1.20 2000/06/18 04:42:54 markus Exp $");
#if defined(HAVE_USERSEC_H)
#include <usersec.h>
#endif
#include "xmalloc.h" #include "xmalloc.h"
#include "ssh.h" #include "ssh.h"
@ -789,6 +792,57 @@ void do_pam_environment(char ***env, int *envsize)
} }
#endif /* USE_PAM */ #endif /* USE_PAM */
#if defined(HAVE_GETUSERATTR)
/*
* AIX-specific login initialisation
*/
void set_limit(char *user, char *soft, char *hard, int resource, int mult)
{
struct rlimit rlim;
rlim_t tlim;
int mask;
getrlimit(resource, &rlim);
tlim = (rlim_t) 0;
if (getuserattr(user, soft, &tlim, SEC_INT) != -1 && tlim)
rlim.rlim_cur = tlim * mult;
tlim = (rlim_t) 0;
if (getuserattr(user, hard, &tlim, SEC_INT) != -1 && tlim)
rlim.rlim_max = tlim * mult;
if (rlim.rlim_cur > rlim.rlim_max)
rlim.rlim_max = rlim.rlim_cur;
if (setrlimit(resource, &rlim) != 0)
error("setrlimit(%.10s) failed: %.100s", soft, strerror(errno))
}
void set_limits_from_userattr(char *user)
{
int mask;
char buf[16];
set_limit(user, S_UFSIZE, S_UFSIZE_HARD, RLIMIT_FSIZE, 512);
set_limit(user, S_UCPU, S_UCPU_HARD, RLIMIT_CPU, 1);
set_limit(user, S_UDATA, S_UDATA_HARD, RLIMIT_DATA, 512);
set_limit(user, S_USTACK, S_USTACK_HARD, RLIMIT_STACK, 512);
set_limit(user, S_URSS, S_URSS_HARD, RLIMIT_RSS, 512);
set_limit(user, S_UCORE, S_UCORE_HARD, RLIMIT_CORE, 512);
#if defined(S_UNOFILE)
set_limit(user, S_UNOFILE, S_UNOFILE_HARD, RLIMIT_NOFILE, 1);
#endif
if (getuserattr(user, S_UMASK, &mask, SEC_INT) != -1) {
/* Convert decimal to octal */
(void) snprintf(buf, sizeof(buf), "%d", mask);
if (sscanf(buf, "%o", &mask) == 1)
umask(mask);
}
}
#endif /* defined(HAVE_GETUSERATTR) */
/* /*
* Performs common processing for the child, such as setting up the * Performs common processing for the child, such as setting up the
* environment, closing extra file descriptors, setting the user and group * environment, closing extra file descriptors, setting the user and group
@ -855,6 +909,10 @@ do_child(const char *command, struct passwd * pw, const char *term,
} }
#else /* HAVE_OSF_SIA */ #else /* HAVE_OSF_SIA */
if (getuid() == 0 || geteuid() == 0) { if (getuid() == 0 || geteuid() == 0) {
#if defined(HAVE_GETUSERATTR)
set_limits_from_userattr(pw->pw_name);
#endif /* defined(HAVE_GETUSERATTR) */
if (setgid(pw->pw_gid) < 0) { if (setgid(pw->pw_gid) < 0) {
perror("setgid"); perror("setgid");
exit(1); exit(1);