From f0bfa839bda8309c45b807e55bb2b2dfac7a6f9a Mon Sep 17 00:00:00 2001
From: Ben Lindstrom <mouring@eviladmin.org>
Date: Fri, 21 Jun 2002 00:01:18 +0000
Subject: [PATCH]  - (bal) Fixed AIX environment handling, use setpcred()
 instead of existing    code.  (Bugzilla Bug 261)

---
 ChangeLog                 |  4 +-
 configure.ac              | 13 ++----
 openbsd-compat/port-aix.c | 95 ---------------------------------------
 openbsd-compat/port-aix.h |  5 ---
 session.c                 |  6 +--
 5 files changed, 10 insertions(+), 113 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 40554ea8f..20ba05d8d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
 20020620
+ - (bal) Fixed AIX environment handling, use setpcred() instead of existing
+   code.  (Bugzilla Bug 261)
  - (bal) OpenBSD CVS Sync
    - todd@cvs.openbsd.org 2002/06/14 21:35:00
      [monitor_wrap.c]
@@ -931,4 +933,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2217 2002/06/20 23:53:53 mouring Exp $
+$Id: ChangeLog,v 1.2218 2002/06/21 00:01:18 mouring Exp $
diff --git a/configure.ac b/configure.ac
index 450e49d24..9daf3b007 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.66 2002/06/12 16:57:15 mouring Exp $
+# $Id: configure.ac,v 1.67 2002/06/21 00:01:19 mouring Exp $
 
 AC_INIT
 AC_CONFIG_SRCDIR([ssh.c])
@@ -571,9 +571,9 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
 	mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
 	realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
 	setenv seteuid setgroups setlogin setproctitle setresgid setreuid \
-	setrlimit setsid setvbuf sigaction sigvec snprintf socketpair \
-	strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp truncate \
-	utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
+	setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
+	socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
+	truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
 
 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
@@ -621,11 +621,6 @@ dnl    Checks for utmpx functions
 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
 AC_CHECK_FUNCS(setutxent utmpxname)
 
-AC_CHECK_FUNC(getuserattr, 
-	[AC_DEFINE(HAVE_GETUSERATTR)],
-	[AC_CHECK_LIB(s, getuserattr, [LIBS="$LIBS -ls"; AC_DEFINE(HAVE_GETUSERATTR)])]
-)
-
 AC_CHECK_FUNC(daemon, 
 	[AC_DEFINE(HAVE_DAEMON)],
 	[AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index 31697d7de..ca0a88e69 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -2,104 +2,9 @@
 
 #ifdef _AIX
 
-#ifdef HAVE_USERSEC_H
-#include <usersec.h>
-#endif /* HAVE_USERSEC_H */
-
 #include <uinfo.h>
 #include <../xmalloc.h>
 
-/* AIX limits */
-#if defined(HAVE_GETUSERATTR) && !defined(S_UFSIZE_HARD) && defined(S_UFSIZE)
-# define S_UFSIZE_HARD  S_UFSIZE "_hard"
-# define S_UCPU_HARD  S_UCPU "_hard"
-# define S_UDATA_HARD  S_UDATA "_hard"
-# define S_USTACK_HARD  S_USTACK "_hard"
-# define S_URSS_HARD  S_URSS "_hard"
-# define S_UCORE_HARD  S_UCORE "_hard"
-# define S_UNOFILE_HARD S_UNOFILE "_hard"
-#endif
-
-#if defined(HAVE_GETUSERATTR)
-/*
- * AIX-specific login initialisation
- */
-void 
-set_limit(char *user, char *soft, char *hard, int resource, int mult)
-{
-        struct rlimit rlim;
-        int slim, hlim;
-
-        getrlimit(resource, &rlim);
-
-        slim = 0;
-        if (getuserattr(user, soft, &slim, SEC_INT) != -1) {
-                if (slim < 0) {
-                        rlim.rlim_cur = RLIM_INFINITY;
-                } else if (slim != 0) {
-                        /* See the wackiness below */
-                        if (rlim.rlim_cur == slim * mult)
-                                slim = 0;
-                        else
-                                rlim.rlim_cur = slim * mult;
-                }
-        }
-        hlim = 0;
-        if (getuserattr(user, hard, &hlim, SEC_INT) != -1) {
-                if (hlim < 0) {
-                        rlim.rlim_max = RLIM_INFINITY;
-                } else if (hlim != 0) {
-                        rlim.rlim_max = hlim * mult;
-                }
-        }
-
-        /*
-         * XXX For cpu and fsize the soft limit is set to the hard limit
-         * if the hard limit is left at its default value and the soft limit
-         * is changed from its default value, either by requesting it
-         * (slim == 0) or by setting it to the current default.  At least
-         * that's how rlogind does it.  If you're confused you're not alone.
-         * Bug or feature? AIX 4.3.1.2
-         */
-        if ((!strcmp(soft, "fsize") || !strcmp(soft, "cpu"))
-            && hlim == 0 && slim != 0)
-                rlim.rlim_max = rlim.rlim_cur;
-        /* A specified hard limit limits the soft limit */
-        else if (hlim > 0 && rlim.rlim_cur > rlim.rlim_max)
-                rlim.rlim_cur = rlim.rlim_max;
-        /* A soft limit can increase a hard limit */
-        else if (rlim.rlim_cur > rlim.rlim_max)
-                rlim.rlim_max = rlim.rlim_cur;
-
-        if (setrlimit(resource, &rlim) != 0)
-                error("setrlimit(%.10s) failed: %.100s", soft, strerror(errno));
-}
-
-void 
-set_limits_from_userattr(char *user)
-{
-        int mask;
-        char buf[16];
-
-        set_limit(user, S_UFSIZE, S_UFSIZE_HARD, RLIMIT_FSIZE, 512);
-        set_limit(user, S_UCPU, S_UCPU_HARD, RLIMIT_CPU, 1);
-        set_limit(user, S_UDATA, S_UDATA_HARD, RLIMIT_DATA, 512);
-        set_limit(user, S_USTACK, S_USTACK_HARD, RLIMIT_STACK, 512);
-        set_limit(user, S_URSS, S_URSS_HARD, RLIMIT_RSS, 512);
-        set_limit(user, S_UCORE, S_UCORE_HARD, RLIMIT_CORE, 512);
-#if defined(S_UNOFILE)
-        set_limit(user, S_UNOFILE, S_UNOFILE_HARD, RLIMIT_NOFILE, 1);
-#endif
-
-        if (getuserattr(user, S_UMASK, &mask, SEC_INT) != -1) {
-                /* Convert decimal to octal */
-                (void) snprintf(buf, sizeof(buf), "%d", mask);
-                if (sscanf(buf, "%o", &mask) == 1)
-                        umask(mask);
-        }
-}
-#endif /* defined(HAVE_GETUSERATTR) */
-
 /*
  * AIX has a "usrinfo" area where logname and
  * other stuff is stored - a few applications
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index 29d2ee630..e4d14f4ae 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -1,10 +1,5 @@
 #ifdef _AIX
 
-#ifdef HAVE_GETUSERATTR
-void set_limit(char *user, char *soft, char *hard, int resource, int mult);
-void set_limits_from_userattr(char *user);
-#endif /* HAVE_GETUSERATTR */
-
 void aix_usrinfo(struct passwd *pw, char *tty, int ttyfd);
 
 #endif /* _AIX */
diff --git a/session.c b/session.c
index a2d8a9c43..f6f9c5448 100644
--- a/session.c
+++ b/session.c
@@ -1153,9 +1153,9 @@ do_setusercontext(struct passwd *pw)
 #else /* HAVE_CYGWIN */
 	if (getuid() == 0 || geteuid() == 0) {
 #endif /* HAVE_CYGWIN */
-#ifdef HAVE_GETUSERATTR
-		set_limits_from_userattr(pw->pw_name);
-#endif /* HAVE_GETUSERATTR */
+#ifdef HAVE_SETPCRED
+		setpcred(pw->pw_name);
+#endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
 		if (setusercontext(lc, pw, pw->pw_uid,
 		    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {