5 files changed, 10 insertions, 113 deletions
diff --git a/ChangeLog b/ChangeLog
index 40554ea8f..20ba05d8d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
 20020620
+ - (bal) Fixed AIX environment handling, use setpcred() instead of existing
+   code.  (Bugzilla Bug 261)
 - (bal) OpenBSD CVS Sync
   - todd@cvs.openbsd.org 2002/06/14 21:35:00
     [monitor_wrap.c]
@@ -931,4 +933,4 @@
 - (stevesk) entropy.c: typo in debug message
 - (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2217 2002/06/20 23:53:53 mouring Exp $
+$Id: ChangeLog,v 1.2218 2002/06/21 00:01:18 mouring Exp $
diff --git a/configure.ac b/configure.ac
index 450e49d24..9daf3b007 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.66 2002/06/12 16:57:15 mouring Exp $
+# $Id: configure.ac,v 1.67 2002/06/21 00:01:19 mouring Exp $
 AC_INIT
 AC_CONFIG_SRCDIR([ssh.c])
@@ -571,9 +571,9 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
        mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
        realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
        setenv seteuid setgroups setlogin setproctitle setresgid setreuid \
-        setrlimit setsid setvbuf sigaction sigvec snprintf socketpair \
+        setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
-        strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp truncate \
+        socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
-        utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
+        truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
@@ -621,11 +621,6 @@ dnl    Checks for utmpx functions
 AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
 AC_CHECK_FUNCS(setutxent utmpxname)
-AC_CHECK_FUNC(getuserattr, 
-        [AC_DEFINE(HAVE_GETUSERATTR)],
-        [AC_CHECK_LIB(s, getuserattr, [LIBS="$LIBS -ls"; AC_DEFINE(HAVE_GETUSERATTR)])]
-)
 AC_CHECK_FUNC(daemon, 
        [AC_DEFINE(HAVE_DAEMON)],
        [AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index 31697d7de..ca0a88e69 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -2,104 +2,9 @@
 #ifdef _AIX
-#ifdef HAVE_USERSEC_H
-#include <usersec.h>
-#endif /* HAVE_USERSEC_H */
 #include <uinfo.h>
 #include <../xmalloc.h>
-/* AIX limits */
-#if defined(HAVE_GETUSERATTR) && !defined(S_UFSIZE_HARD) && defined(S_UFSIZE)
-# define S_UFSIZE_HARD  S_UFSIZE "_hard"
-# define S_UCPU_HARD  S_UCPU "_hard"
-# define S_UDATA_HARD  S_UDATA "_hard"
-# define S_USTACK_HARD  S_USTACK "_hard"
-# define S_URSS_HARD  S_URSS "_hard"
-# define S_UCORE_HARD  S_UCORE "_hard"
-# define S_UNOFILE_HARD S_UNOFILE "_hard"
-#endif
-#if defined(HAVE_GETUSERATTR)
-/*
- * AIX-specific login initialisation
- */
-void 
-set_limit(char *user, char *soft, char *hard, int resource, int mult)
-{
-        struct rlimit rlim;
-        int slim, hlim;
-        getrlimit(resource, &rlim);
-        slim = 0;
-        if (getuserattr(user, soft, &slim, SEC_INT) != -1) {
-                if (slim < 0) {
-                        rlim.rlim_cur = RLIM_INFINITY;
-                } else if (slim != 0) {
-                        /* See the wackiness below */
-                        if (rlim.rlim_cur == slim * mult)
-                                slim = 0;
-                        else
-                                rlim.rlim_cur = slim * mult;
-                }
-        }
-        hlim = 0;
-        if (getuserattr(user, hard, &hlim, SEC_INT) != -1) {
-                if (hlim < 0) {
-                        rlim.rlim_max = RLIM_INFINITY;
-                } else if (hlim != 0) {
-                        rlim.rlim_max = hlim * mult;
-                }
-        }
-        /*
-         * XXX For cpu and fsize the soft limit is set to the hard limit
-         * if the hard limit is left at its default value and the soft limit
-         * is changed from its default value, either by requesting it
-         * (slim == 0) or by setting it to the current default.  At least
-         * that's how rlogind does it.  If you're confused you're not alone.
-         * Bug or feature? AIX 4.3.1.2
-         */
-        if ((!strcmp(soft, "fsize") || !strcmp(soft, "cpu"))
-            && hlim == 0 && slim != 0)
-                rlim.rlim_max = rlim.rlim_cur;
-        /* A specified hard limit limits the soft limit */
-        else if (hlim > 0 && rlim.rlim_cur > rlim.rlim_max)
-                rlim.rlim_cur = rlim.rlim_max;
-        /* A soft limit can increase a hard limit */
-        else if (rlim.rlim_cur > rlim.rlim_max)
-                rlim.rlim_max = rlim.rlim_cur;
-        if (setrlimit(resource, &rlim) != 0)
-                error("setrlimit(%.10s) failed: %.100s", soft, strerror(errno));
-}
-void 
-set_limits_from_userattr(char *user)
-{
-        int mask;
-        char buf[16];
-        set_limit(user, S_UFSIZE, S_UFSIZE_HARD, RLIMIT_FSIZE, 512);
-        set_limit(user, S_UCPU, S_UCPU_HARD, RLIMIT_CPU, 1);
-        set_limit(user, S_UDATA, S_UDATA_HARD, RLIMIT_DATA, 512);
-        set_limit(user, S_USTACK, S_USTACK_HARD, RLIMIT_STACK, 512);
-        set_limit(user, S_URSS, S_URSS_HARD, RLIMIT_RSS, 512);
-        set_limit(user, S_UCORE, S_UCORE_HARD, RLIMIT_CORE, 512);
-#if defined(S_UNOFILE)
-        set_limit(user, S_UNOFILE, S_UNOFILE_HARD, RLIMIT_NOFILE, 1);
-#endif
-        if (getuserattr(user, S_UMASK, &mask, SEC_INT) != -1) {
-                /* Convert decimal to octal */
-                (void) snprintf(buf, sizeof(buf), "%d", mask);
-                if (sscanf(buf, "%o", &mask) == 1)
-                        umask(mask);
-        }
-}
-#endif /* defined(HAVE_GETUSERATTR) */
 /*
 * AIX has a "usrinfo" area where logname and
 * other stuff is stored - a few applications
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index 29d2ee630..e4d14f4ae 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -1,10 +1,5 @@
 #ifdef _AIX
-#ifdef HAVE_GETUSERATTR
-void set_limit(char *user, char *soft, char *hard, int resource, int mult);
-void set_limits_from_userattr(char *user);
-#endif /* HAVE_GETUSERATTR */
 void aix_usrinfo(struct passwd *pw, char *tty, int ttyfd);
 #endif /* _AIX */
diff --git a/session.c b/session.c
index a2d8a9c43..f6f9c5448 100644
--- a/session.c
+++ b/session.c
@@ -1153,9 +1153,9 @@ do_setusercontext(struct passwd *pw)
 #else /* HAVE_CYGWIN */
        if (getuid() == 0 || geteuid() == 0) {
 #endif /* HAVE_CYGWIN */
-#ifdef HAVE_GETUSERATTR
+#ifdef HAVE_SETPCRED
-                set_limits_from_userattr(pw->pw_name);
+                setpcred(pw->pw_name);
-#endif /* HAVE_GETUSERATTR */
+#endif /* HAVE_SETPCRED */
 #ifdef HAVE_LOGIN_CAP
                if (setusercontext(lc, pw, pw->pw_uid,
                    (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {

diff --git a/ChangeLog b/ChangeLog index 40554ea8f..20ba05d8d 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,4 +1,6 @@
1	20020620	1	20020620
		2	- (bal) Fixed AIX environment handling, use setpcred() instead of existing
		3	code. (Bugzilla Bug 261)
2	- (bal) OpenBSD CVS Sync	4	- (bal) OpenBSD CVS Sync
3	- todd@cvs.openbsd.org 2002/06/14 21:35:00	5	- todd@cvs.openbsd.org 2002/06/14 21:35:00
4	[monitor_wrap.c]	6	[monitor_wrap.c]
@@ -931,4 +933,4 @@
931	- (stevesk) entropy.c: typo in debug message	933	- (stevesk) entropy.c: typo in debug message
932	- (djm) ssh-keygen -i needs seeded RNG; report from markus@	934	- (djm) ssh-keygen -i needs seeded RNG; report from markus@
933		935
934	$Id: ChangeLog,v 1.2217 2002/06/20 23:53:53 mouring Exp $	936	$Id: ChangeLog,v 1.2218 2002/06/21 00:01:18 mouring Exp $


diff --git a/configure.ac b/configure.ac index 450e49d24..9daf3b007 100644 --- a/configure.ac +++ b/configure.ac
@@ -1,4 +1,4 @@
1	# $Id: configure.ac,v 1.66 2002/06/12 16:57:15 mouring Exp $	1	# $Id: configure.ac,v 1.67 2002/06/21 00:01:19 mouring Exp $
2		2
3	AC_INIT	3	AC_INIT
4	AC_CONFIG_SRCDIR([ssh.c])	4	AC_CONFIG_SRCDIR([ssh.c])
@@ -571,9 +571,9 @@ AC_CHECK_FUNCS(arc4random b64_ntop bcopy bindresvport_sa \
571	mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \	571	mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
572	realpath recvmsg rresvport_af sendmsg setdtablesize setegid \	572	realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
573	setenv seteuid setgroups setlogin setproctitle setresgid setreuid \	573	setenv seteuid setgroups setlogin setproctitle setresgid setreuid \
574	setrlimit setsid setvbuf sigaction sigvec snprintf socketpair \	574	setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
575	strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp truncate \	575	socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
576	utimes vhangup vsnprintf waitpid __b64_ntop _getpty)	576	truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
577		577
578	dnl IRIX and Solaris 2.5.1 have dirname() in libgen	578	dnl IRIX and Solaris 2.5.1 have dirname() in libgen
579	AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[	579	AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
@@ -621,11 +621,6 @@ dnl Checks for utmpx functions
621	AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )	621	AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
622	AC_CHECK_FUNCS(setutxent utmpxname)	622	AC_CHECK_FUNCS(setutxent utmpxname)
623		623
624	AC_CHECK_FUNC(getuserattr,
625	[AC_DEFINE(HAVE_GETUSERATTR)],
626	[AC_CHECK_LIB(s, getuserattr, [LIBS="$LIBS -ls"; AC_DEFINE(HAVE_GETUSERATTR)])]
627	)
628
629	AC_CHECK_FUNC(daemon,	624	AC_CHECK_FUNC(daemon,
630	[AC_DEFINE(HAVE_DAEMON)],	625	[AC_DEFINE(HAVE_DAEMON)],
631	[AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]	626	[AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]


diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c index 31697d7de..ca0a88e69 100644 --- a/openbsd-compat/port-aix.c +++ b/openbsd-compat/port-aix.c
@@ -2,104 +2,9 @@
2		2
3	#ifdef _AIX	3	#ifdef _AIX
4		4
5	#ifdef HAVE_USERSEC_H
6	#include <usersec.h>
7	#endif /* HAVE_USERSEC_H */
8
9	#include <uinfo.h>	5	#include <uinfo.h>
10	#include <../xmalloc.h>	6	#include <../xmalloc.h>
11		7
12	/* AIX limits */
13	#if defined(HAVE_GETUSERATTR) && !defined(S_UFSIZE_HARD) && defined(S_UFSIZE)
14	# define S_UFSIZE_HARD S_UFSIZE "_hard"
15	# define S_UCPU_HARD S_UCPU "_hard"
16	# define S_UDATA_HARD S_UDATA "_hard"
17	# define S_USTACK_HARD S_USTACK "_hard"
18	# define S_URSS_HARD S_URSS "_hard"
19	# define S_UCORE_HARD S_UCORE "_hard"
20	# define S_UNOFILE_HARD S_UNOFILE "_hard"
21	#endif
22
23	#if defined(HAVE_GETUSERATTR)
24	/*
25	* AIX-specific login initialisation
26	*/
27	void
28	set_limit(char user, char soft, char *hard, int resource, int mult)
29	{
30	struct rlimit rlim;
31	int slim, hlim;
32
33	getrlimit(resource, &rlim);
34
35	slim = 0;
36	if (getuserattr(user, soft, &slim, SEC_INT) != -1) {
37	if (slim < 0) {
38	rlim.rlim_cur = RLIM_INFINITY;
39	} else if (slim != 0) {
40	/* See the wackiness below */
41	if (rlim.rlim_cur == slim * mult)
42	slim = 0;
43	else
44	rlim.rlim_cur = slim * mult;
45	}
46	}
47	hlim = 0;
48	if (getuserattr(user, hard, &hlim, SEC_INT) != -1) {
49	if (hlim < 0) {
50	rlim.rlim_max = RLIM_INFINITY;
51	} else if (hlim != 0) {
52	rlim.rlim_max = hlim * mult;
53	}
54	}
55
56	/*
57	* XXX For cpu and fsize the soft limit is set to the hard limit
58	* if the hard limit is left at its default value and the soft limit
59	* is changed from its default value, either by requesting it
60	* (slim == 0) or by setting it to the current default. At least
61	* that's how rlogind does it. If you're confused you're not alone.
62	* Bug or feature? AIX 4.3.1.2
63	*/
64	if ((!strcmp(soft, "fsize") \|\| !strcmp(soft, "cpu"))
65	&& hlim == 0 && slim != 0)
66	rlim.rlim_max = rlim.rlim_cur;
67	/* A specified hard limit limits the soft limit */
68	else if (hlim > 0 && rlim.rlim_cur > rlim.rlim_max)
69	rlim.rlim_cur = rlim.rlim_max;
70	/* A soft limit can increase a hard limit */
71	else if (rlim.rlim_cur > rlim.rlim_max)
72	rlim.rlim_max = rlim.rlim_cur;
73
74	if (setrlimit(resource, &rlim) != 0)
75	error("setrlimit(%.10s) failed: %.100s", soft, strerror(errno));
76	}
77
78	void
79	set_limits_from_userattr(char *user)
80	{
81	int mask;
82	char buf[16];
83
84	set_limit(user, S_UFSIZE, S_UFSIZE_HARD, RLIMIT_FSIZE, 512);
85	set_limit(user, S_UCPU, S_UCPU_HARD, RLIMIT_CPU, 1);
86	set_limit(user, S_UDATA, S_UDATA_HARD, RLIMIT_DATA, 512);
87	set_limit(user, S_USTACK, S_USTACK_HARD, RLIMIT_STACK, 512);
88	set_limit(user, S_URSS, S_URSS_HARD, RLIMIT_RSS, 512);
89	set_limit(user, S_UCORE, S_UCORE_HARD, RLIMIT_CORE, 512);
90	#if defined(S_UNOFILE)
91	set_limit(user, S_UNOFILE, S_UNOFILE_HARD, RLIMIT_NOFILE, 1);
92	#endif
93
94	if (getuserattr(user, S_UMASK, &mask, SEC_INT) != -1) {
95	/* Convert decimal to octal */
96	(void) snprintf(buf, sizeof(buf), "%d", mask);
97	if (sscanf(buf, "%o", &mask) == 1)
98	umask(mask);
99	}
100	}
101	#endif /* defined(HAVE_GETUSERATTR) */
102
103	/*	8	/*
104	* AIX has a "usrinfo" area where logname and	9	* AIX has a "usrinfo" area where logname and
105	* other stuff is stored - a few applications	10	* other stuff is stored - a few applications


diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h index 29d2ee630..e4d14f4ae 100644 --- a/openbsd-compat/port-aix.h +++ b/openbsd-compat/port-aix.h
@@ -1,10 +1,5 @@
1	#ifdef _AIX	1	#ifdef _AIX
2		2
3	#ifdef HAVE_GETUSERATTR
4	void set_limit(char user, char soft, char *hard, int resource, int mult);
5	void set_limits_from_userattr(char *user);
6	#endif /* HAVE_GETUSERATTR */
7
8	void aix_usrinfo(struct passwd pw, char tty, int ttyfd);	3	void aix_usrinfo(struct passwd pw, char tty, int ttyfd);
9		4
10	#endif /* _AIX */	5	#endif /* _AIX */


diff --git a/session.c b/session.c index a2d8a9c43..f6f9c5448 100644 --- a/session.c +++ b/session.c
@@ -1153,9 +1153,9 @@ do_setusercontext(struct passwd *pw)
1153	#else /* HAVE_CYGWIN */	1153	#else /* HAVE_CYGWIN */
1154	if (getuid() == 0 \|\| geteuid() == 0) {	1154	if (getuid() == 0 \|\| geteuid() == 0) {
1155	#endif /* HAVE_CYGWIN */	1155	#endif /* HAVE_CYGWIN */
1156	#ifdef HAVE_GETUSERATTR	1156	#ifdef HAVE_SETPCRED
1157	set_limits_from_userattr(pw->pw_name);	1157	setpcred(pw->pw_name);
1158	#endif /* HAVE_GETUSERATTR */	1158	#endif /* HAVE_SETPCRED */
1159	#ifdef HAVE_LOGIN_CAP	1159	#ifdef HAVE_LOGIN_CAP
1160	if (setusercontext(lc, pw, pw->pw_uid,	1160	if (setusercontext(lc, pw, pw->pw_uid,
1161	(LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {	1161	(LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {