- experiments to get pam_limits working in ssh

Changed files:
    openssh-pam-limits.patch -> 1.1

diff --git a/openssh-pam-limits.patch b/openssh-pam-limits.patch
new file mode 100644 (file)
index 0000000..8582e37
--- /dev/null
+++ b/openssh-pam-limits.patch
@@ -0,0 +1,104 @@
+diff -ur openssh-3.2.3p1.orig/session.c openssh-3.2.3p1/session.c
+--- openssh-3.2.3p1.orig/session.c     Mon May 13 02:48:58 2002
++++ openssh-3.2.3p1/session.c  Thu May 30 21:33:40 2002
+@@ -340,6 +340,44 @@
+       }
+ }
+ 
++struct _user_limits_struct {
++    int supported;
++    struct rlimit limit;
++};
++
++static int _save_limits(struct _user_limits_struct *pl)
++{
++    int i, r;
++    int retval = 0;
++
++    for(i = 0; i < RLIM_NLIMITS; i++) {
++      pl[i].supported = 0;
++      pl[i].limit.rlim_cur = RLIM_INFINITY;
++      pl[i].limit.rlim_max = RLIM_INFINITY;
++      r = getrlimit(i, &pl[i].limit);
++      if (r == -1) {
++          if (errno != EINVAL) {
++              retval = -1;
++          }
++      } else {
++          pl[i].supported = 1;
++      }
++    }
++
++    return retval;
++}    
++
++static void _restore_limits(struct _user_limits_struct *pl)
++{
++    int i;
++    int status;
++
++    for (i=0; i<RLIM_NLIMITS; i++) {
++      if (pl[i].supported)
++          status |= setrlimit(i, &pl[i].limit);
++    }
++}
++            
+ /*
+  * This is called to fork and execute a command when we have no tty.  This
+  * will call do_child from the child, and server_loop from the parent after
+@@ -349,6 +387,9 @@
+ do_exec_no_pty(Session *s, const char *command)
+ {
+       int pid;
++#if defined(USE_PAM)
++      struct _user_limits_struct pl[RLIM_NLIMITS];
++#endif /* USE_PAM */
+ 
+ #ifdef USE_PIPES
+       int pin[2], pout[2], perr[2];
+@@ -370,6 +411,7 @@
+       session_proctitle(s);
+ 
+ #if defined(USE_PAM)
++      _save_limits(pl);
+       do_pam_session(s->pw->pw_name, NULL);
+       do_pam_setcred(1);
+       if (is_pam_password_change_required())
+@@ -430,6 +472,9 @@
+               do_child(s, command);
+               /* NOTREACHED */
+       }
++#if defined(USE_PAM)
++      _restore_limits(pl);
++#endif /* USE_PAM */
+ #ifdef HAVE_CYGWIN
+       if (is_winnt)
+               cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
+@@ -481,6 +526,9 @@
+ {
+       int fdout, ptyfd, ttyfd, ptymaster;
+       pid_t pid;
++#if defined(USE_PAM)
++      struct _user_limits_struct pl[RLIM_NLIMITS];
++#endif /* USE_PAM */
+ 
+       if (s == NULL)
+               fatal("do_exec_pty: no session");
+@@ -488,6 +536,7 @@
+       ttyfd = s->ttyfd;
+ 
+ #if defined(USE_PAM)
++      _save_limits(pl);
+       do_pam_session(s->pw->pw_name, s->tty);
+       do_pam_setcred(1);
+ #endif
+@@ -528,6 +577,9 @@
+               do_child(s, command);
+               /* NOTREACHED */
+       }
++#if defined(USE_PAM)
++      _restore_limits(pl);
++#endif /* USE_PAM */
+ #ifdef HAVE_CYGWIN
+       if (is_winnt)
+               cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);