[packages/openssh.git] / openssh-pam-limits.patch

diff -ur openssh-3.2.3p1.orig/session.c openssh-3.2.3p1/session.c
--- openssh-3.2.3p1.orig/session.c	Mon May 13 02:48:58 2002
+++ openssh-3.2.3p1/session.c	Thu May 30 21:33:40 2002
@@ -340,6 +340,44 @@
 	}
 }
 
+struct _user_limits_struct {
+    int supported;
+    struct rlimit limit;
+};
+
+static int _save_limits(struct _user_limits_struct *pl)
+{
+    int i, r;
+    int retval = 0;
+
+    for(i = 0; i < RLIM_NLIMITS; i++) {
+	pl[i].supported = 0;
+	pl[i].limit.rlim_cur = RLIM_INFINITY;
+	pl[i].limit.rlim_max = RLIM_INFINITY;
+	r = getrlimit(i, &pl[i].limit);
+	if (r == -1) {
+	    if (errno != EINVAL) {
+		retval = -1;
+	    }
+	} else {
+	    pl[i].supported = 1;
+	}
+    }
+
+    return retval;
+}    
+
+static void _restore_limits(struct _user_limits_struct *pl)
+{
+    int i;
+    int status;
+
+    for (i=0; i<RLIM_NLIMITS; i++) {
+	if (pl[i].supported)
+	    status |= setrlimit(i, &pl[i].limit);
+    }
+}
+            
 /*
  * This is called to fork and execute a command when we have no tty.  This
  * will call do_child from the child, and server_loop from the parent after
@@ -349,6 +387,9 @@
 do_exec_no_pty(Session *s, const char *command)
 {
 	int pid;
+#if defined(USE_PAM)
+	struct _user_limits_struct pl[RLIM_NLIMITS];
+#endif /* USE_PAM */
 
 #ifdef USE_PIPES
 	int pin[2], pout[2], perr[2];
@@ -370,6 +411,7 @@
 	session_proctitle(s);
 
 #if defined(USE_PAM)
+	_save_limits(pl);
 	do_pam_session(s->pw->pw_name, NULL);
 	do_pam_setcred(1);
 	if (is_pam_password_change_required())
@@ -430,6 +472,9 @@
 		do_child(s, command);
 		/* NOTREACHED */
 	}
+#if defined(USE_PAM)
+	_restore_limits(pl);
+#endif /* USE_PAM */
 #ifdef HAVE_CYGWIN
 	if (is_winnt)
 		cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
@@ -481,6 +526,9 @@
 {
 	int fdout, ptyfd, ttyfd, ptymaster;
 	pid_t pid;
+#if defined(USE_PAM)
+	struct _user_limits_struct pl[RLIM_NLIMITS];
+#endif /* USE_PAM */
 
 	if (s == NULL)
 		fatal("do_exec_pty: no session");
@@ -488,6 +536,7 @@
 	ttyfd = s->ttyfd;
 
 #if defined(USE_PAM)
+	_save_limits(pl);
 	do_pam_session(s->pw->pw_name, s->tty);
 	do_pam_setcred(1);
 #endif
@@ -528,6 +577,9 @@
 		do_child(s, command);
 		/* NOTREACHED */
 	}
+#if defined(USE_PAM)
+	_restore_limits(pl);
+#endif /* USE_PAM */
 #ifdef HAVE_CYGWIN
 	if (is_winnt)
 		cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
Commit	Line	Data
bfa9258b	1	diff -ur openssh-3.2.3p1.orig/session.c openssh-3.2.3p1/session.c
	2	--- openssh-3.2.3p1.orig/session.c Mon May 13 02:48:58 2002
	3	+++ openssh-3.2.3p1/session.c Thu May 30 21:33:40 2002
	4	@@ -340,6 +340,44 @@
	5	}
	6	}
	7
	8	+struct _user_limits_struct {
	9	+ int supported;
	10	+ struct rlimit limit;
	11	+};
	12	+
	13	+static int _save_limits(struct _user_limits_struct *pl)
	14	+{
	15	+ int i, r;
	16	+ int retval = 0;
	17	+
	18	+ for(i = 0; i < RLIM_NLIMITS; i++) {
	19	+ pl[i].supported = 0;
	20	+ pl[i].limit.rlim_cur = RLIM_INFINITY;
	21	+ pl[i].limit.rlim_max = RLIM_INFINITY;
	22	+ r = getrlimit(i, &pl[i].limit);
	23	+ if (r == -1) {
	24	+ if (errno != EINVAL) {
	25	+ retval = -1;
	26	+ }
	27	+ } else {
	28	+ pl[i].supported = 1;
	29	+ }
	30	+ }
	31	+
	32	+ return retval;
	33	+}
	34	+
	35	+static void _restore_limits(struct _user_limits_struct *pl)
	36	+{
	37	+ int i;
	38	+ int status;
	39	+
	40	+ for (i=0; i<RLIM_NLIMITS; i++) {
	41	+ if (pl[i].supported)
	42	+ status \|= setrlimit(i, &pl[i].limit);
	43	+ }
	44	+}
	45	+
	46	/*
	47	* This is called to fork and execute a command when we have no tty. This
	48	* will call do_child from the child, and server_loop from the parent after
	49	@@ -349,6 +387,9 @@
	50	do_exec_no_pty(Session s, const char command)
	51	{
	52	int pid;
	53	+#if defined(USE_PAM)
	54	+ struct _user_limits_struct pl[RLIM_NLIMITS];
	55	+#endif /* USE_PAM */
	56
	57	#ifdef USE_PIPES
	58	int pin[2], pout[2], perr[2];
	59	@@ -370,6 +411,7 @@
	60	session_proctitle(s);
	61
	62	#if defined(USE_PAM)
	63	+ _save_limits(pl);
	64	do_pam_session(s->pw->pw_name, NULL);
65	do_pam_setcred(1);
66	if (is_pam_password_change_required())
67	@@ -430,6 +472,9 @@
68	do_child(s, command);
69	/* NOTREACHED */
70	}
71	+#if defined(USE_PAM)
72	+ _restore_limits(pl);
73	+#endif /* USE_PAM */
74	#ifdef HAVE_CYGWIN
75	if (is_winnt)
76	cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);
77	@@ -481,6 +526,9 @@
78	{
79	int fdout, ptyfd, ttyfd, ptymaster;
80	pid_t pid;
81	+#if defined(USE_PAM)
82	+ struct _user_limits_struct pl[RLIM_NLIMITS];
83	+#endif /* USE_PAM */
84
85	if (s == NULL)
86	fatal("do_exec_pty: no session");
87	@@ -488,6 +536,7 @@
88	ttyfd = s->ttyfd;
89
90	#if defined(USE_PAM)
91	+ _save_limits(pl);
92	do_pam_session(s->pw->pw_name, s->tty);
93	do_pam_setcred(1);
94	#endif
95	@@ -528,6 +577,9 @@
96	do_child(s, command);
97	/* NOTREACHED */
98	}
99	+#if defined(USE_PAM)
100	+ _restore_limits(pl);
101	+#endif /* USE_PAM */
102	#ifdef HAVE_CYGWIN
103	if (is_winnt)
104	cygwin_set_impersonation_token(INVALID_HANDLE_VALUE);