diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-21 00:01:18 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-21 00:01:18 +0000 |
commit | f0bfa839bda8309c45b807e55bb2b2dfac7a6f9a (patch) | |
tree | 78c8060f8eba6fe257229b727d5c0343c9bbba36 | |
parent | 3c73dfe55ebe0f302cc5a9bc590b96427eefb0a6 (diff) |
- (bal) Fixed AIX environment handling, use setpcred() instead of existing
code. (Bugzilla Bug 261)
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | configure.ac | 13 | ||||
-rw-r--r-- | openbsd-compat/port-aix.c | 95 | ||||
-rw-r--r-- | openbsd-compat/port-aix.h | 5 | ||||
-rw-r--r-- | session.c | 6 |
5 files changed, 10 insertions, 113 deletions
@@ -1,4 +1,6 @@ | |||
1 | 20020620 | 1 | 20020620 |
2 | - (bal) Fixed AIX environment handling, use setpcred() instead of existing | ||
3 | code. (Bugzilla Bug 261) | ||
2 | - (bal) OpenBSD CVS Sync | 4 | - (bal) OpenBSD CVS Sync |
3 | - todd@cvs.openbsd.org 2002/06/14 21:35:00 | 5 | - todd@cvs.openbsd.org 2002/06/14 21:35:00 |
4 | [monitor_wrap.c] | 6 | [monitor_wrap.c] |
@@ -931,4 +933,4 @@ | |||
931 | - (stevesk) entropy.c: typo in debug message | 933 | - (stevesk) entropy.c: typo in debug message |
932 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 934 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
933 | 935 | ||
934 | $Id: ChangeLog,v 1.2217 2002/06/20 23:53:53 mouring Exp $ | 936 | $Id: ChangeLog,v 1.2218 2002/06/21 00:01:18 mouring Exp $ |
diff --git a/configure.ac b/configure.ac index 450e49d24..9daf3b007 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.66 2002/06/12 16:57:15 mouring Exp $ | 1 | # $Id: configure.ac,v 1.67 2002/06/21 00:01:19 mouring Exp $ |
2 | 2 | ||
3 | AC_INIT | 3 | AC_INIT |
4 | AC_CONFIG_SRCDIR([ssh.c]) | 4 | AC_CONFIG_SRCDIR([ssh.c]) |
@@ -571,9 +571,9 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \ | |||
571 | mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ | 571 | mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ |
572 | realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ | 572 | realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ |
573 | setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ | 573 | setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ |
574 | setrlimit setsid setvbuf sigaction sigvec snprintf socketpair \ | 574 | setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ |
575 | strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp truncate \ | 575 | socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \ |
576 | utimes vhangup vsnprintf waitpid __b64_ntop _getpty) | 576 | truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) |
577 | 577 | ||
578 | dnl IRIX and Solaris 2.5.1 have dirname() in libgen | 578 | dnl IRIX and Solaris 2.5.1 have dirname() in libgen |
579 | AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ | 579 | AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[ |
@@ -621,11 +621,6 @@ dnl Checks for utmpx functions | |||
621 | AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) | 621 | AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline ) |
622 | AC_CHECK_FUNCS(setutxent utmpxname) | 622 | AC_CHECK_FUNCS(setutxent utmpxname) |
623 | 623 | ||
624 | AC_CHECK_FUNC(getuserattr, | ||
625 | [AC_DEFINE(HAVE_GETUSERATTR)], | ||
626 | [AC_CHECK_LIB(s, getuserattr, [LIBS="$LIBS -ls"; AC_DEFINE(HAVE_GETUSERATTR)])] | ||
627 | ) | ||
628 | |||
629 | AC_CHECK_FUNC(daemon, | 624 | AC_CHECK_FUNC(daemon, |
630 | [AC_DEFINE(HAVE_DAEMON)], | 625 | [AC_DEFINE(HAVE_DAEMON)], |
631 | [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])] | 626 | [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])] |
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 31697d7de..ca0a88e69 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c | |||
@@ -2,104 +2,9 @@ | |||
2 | 2 | ||
3 | #ifdef _AIX | 3 | #ifdef _AIX |
4 | 4 | ||
5 | #ifdef HAVE_USERSEC_H | ||
6 | #include <usersec.h> | ||
7 | #endif /* HAVE_USERSEC_H */ | ||
8 | |||
9 | #include <uinfo.h> | 5 | #include <uinfo.h> |
10 | #include <../xmalloc.h> | 6 | #include <../xmalloc.h> |
11 | 7 | ||
12 | /* AIX limits */ | ||
13 | #if defined(HAVE_GETUSERATTR) && !defined(S_UFSIZE_HARD) && defined(S_UFSIZE) | ||
14 | # define S_UFSIZE_HARD S_UFSIZE "_hard" | ||
15 | # define S_UCPU_HARD S_UCPU "_hard" | ||
16 | # define S_UDATA_HARD S_UDATA "_hard" | ||
17 | # define S_USTACK_HARD S_USTACK "_hard" | ||
18 | # define S_URSS_HARD S_URSS "_hard" | ||
19 | # define S_UCORE_HARD S_UCORE "_hard" | ||
20 | # define S_UNOFILE_HARD S_UNOFILE "_hard" | ||
21 | #endif | ||
22 | |||
23 | #if defined(HAVE_GETUSERATTR) | ||
24 | /* | ||
25 | * AIX-specific login initialisation | ||
26 | */ | ||
27 | void | ||
28 | set_limit(char *user, char *soft, char *hard, int resource, int mult) | ||
29 | { | ||
30 | struct rlimit rlim; | ||
31 | int slim, hlim; | ||
32 | |||
33 | getrlimit(resource, &rlim); | ||
34 | |||
35 | slim = 0; | ||
36 | if (getuserattr(user, soft, &slim, SEC_INT) != -1) { | ||
37 | if (slim < 0) { | ||
38 | rlim.rlim_cur = RLIM_INFINITY; | ||
39 | } else if (slim != 0) { | ||
40 | /* See the wackiness below */ | ||
41 | if (rlim.rlim_cur == slim * mult) | ||
42 | slim = 0; | ||
43 | else | ||
44 | rlim.rlim_cur = slim * mult; | ||
45 | } | ||
46 | } | ||
47 | hlim = 0; | ||
48 | if (getuserattr(user, hard, &hlim, SEC_INT) != -1) { | ||
49 | if (hlim < 0) { | ||
50 | rlim.rlim_max = RLIM_INFINITY; | ||
51 | } else if (hlim != 0) { | ||
52 | rlim.rlim_max = hlim * mult; | ||
53 | } | ||
54 | } | ||
55 | |||
56 | /* | ||
57 | * XXX For cpu and fsize the soft limit is set to the hard limit | ||
58 | * if the hard limit is left at its default value and the soft limit | ||
59 | * is changed from its default value, either by requesting it | ||
60 | * (slim == 0) or by setting it to the current default. At least | ||
61 | * that's how rlogind does it. If you're confused you're not alone. | ||
62 | * Bug or feature? AIX 4.3.1.2 | ||
63 | */ | ||
64 | if ((!strcmp(soft, "fsize") || !strcmp(soft, "cpu")) | ||
65 | && hlim == 0 && slim != 0) | ||
66 | rlim.rlim_max = rlim.rlim_cur; | ||
67 | /* A specified hard limit limits the soft limit */ | ||
68 | else if (hlim > 0 && rlim.rlim_cur > rlim.rlim_max) | ||
69 | rlim.rlim_cur = rlim.rlim_max; | ||
70 | /* A soft limit can increase a hard limit */ | ||
71 | else if (rlim.rlim_cur > rlim.rlim_max) | ||
72 | rlim.rlim_max = rlim.rlim_cur; | ||
73 | |||
74 | if (setrlimit(resource, &rlim) != 0) | ||
75 | error("setrlimit(%.10s) failed: %.100s", soft, strerror(errno)); | ||
76 | } | ||
77 | |||
78 | void | ||
79 | set_limits_from_userattr(char *user) | ||
80 | { | ||
81 | int mask; | ||
82 | char buf[16]; | ||
83 | |||
84 | set_limit(user, S_UFSIZE, S_UFSIZE_HARD, RLIMIT_FSIZE, 512); | ||
85 | set_limit(user, S_UCPU, S_UCPU_HARD, RLIMIT_CPU, 1); | ||
86 | set_limit(user, S_UDATA, S_UDATA_HARD, RLIMIT_DATA, 512); | ||
87 | set_limit(user, S_USTACK, S_USTACK_HARD, RLIMIT_STACK, 512); | ||
88 | set_limit(user, S_URSS, S_URSS_HARD, RLIMIT_RSS, 512); | ||
89 | set_limit(user, S_UCORE, S_UCORE_HARD, RLIMIT_CORE, 512); | ||
90 | #if defined(S_UNOFILE) | ||
91 | set_limit(user, S_UNOFILE, S_UNOFILE_HARD, RLIMIT_NOFILE, 1); | ||
92 | #endif | ||
93 | |||
94 | if (getuserattr(user, S_UMASK, &mask, SEC_INT) != -1) { | ||
95 | /* Convert decimal to octal */ | ||
96 | (void) snprintf(buf, sizeof(buf), "%d", mask); | ||
97 | if (sscanf(buf, "%o", &mask) == 1) | ||
98 | umask(mask); | ||
99 | } | ||
100 | } | ||
101 | #endif /* defined(HAVE_GETUSERATTR) */ | ||
102 | |||
103 | /* | 8 | /* |
104 | * AIX has a "usrinfo" area where logname and | 9 | * AIX has a "usrinfo" area where logname and |
105 | * other stuff is stored - a few applications | 10 | * other stuff is stored - a few applications |
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 29d2ee630..e4d14f4ae 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h | |||
@@ -1,10 +1,5 @@ | |||
1 | #ifdef _AIX | 1 | #ifdef _AIX |
2 | 2 | ||
3 | #ifdef HAVE_GETUSERATTR | ||
4 | void set_limit(char *user, char *soft, char *hard, int resource, int mult); | ||
5 | void set_limits_from_userattr(char *user); | ||
6 | #endif /* HAVE_GETUSERATTR */ | ||
7 | |||
8 | void aix_usrinfo(struct passwd *pw, char *tty, int ttyfd); | 3 | void aix_usrinfo(struct passwd *pw, char *tty, int ttyfd); |
9 | 4 | ||
10 | #endif /* _AIX */ | 5 | #endif /* _AIX */ |
@@ -1153,9 +1153,9 @@ do_setusercontext(struct passwd *pw) | |||
1153 | #else /* HAVE_CYGWIN */ | 1153 | #else /* HAVE_CYGWIN */ |
1154 | if (getuid() == 0 || geteuid() == 0) { | 1154 | if (getuid() == 0 || geteuid() == 0) { |
1155 | #endif /* HAVE_CYGWIN */ | 1155 | #endif /* HAVE_CYGWIN */ |
1156 | #ifdef HAVE_GETUSERATTR | 1156 | #ifdef HAVE_SETPCRED |
1157 | set_limits_from_userattr(pw->pw_name); | 1157 | setpcred(pw->pw_name); |
1158 | #endif /* HAVE_GETUSERATTR */ | 1158 | #endif /* HAVE_SETPCRED */ |
1159 | #ifdef HAVE_LOGIN_CAP | 1159 | #ifdef HAVE_LOGIN_CAP |
1160 | if (setusercontext(lc, pw, pw->pw_uid, | 1160 | if (setusercontext(lc, pw, pw->pw_uid, |
1161 | (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { | 1161 | (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { |