1 files changed, 58 insertions, 0 deletions
diff --git a/session.c b/session.c
index 29956777f..1f0d227d0 100644
--- a/session.c
+++ b/session.c
@@ -9,6 +9,9 @@
 #include "includes.h"
 RCSID("$OpenBSD: session.c,v 1.20 2000/06/18 04:42:54 markus Exp $");
+#if defined(HAVE_USERSEC_H)
+#include <usersec.h>
+#endif
 #include "xmalloc.h"
 #include "ssh.h"
@@ -789,6 +792,57 @@ void do_pam_environment(char ***env, int *envsize)
 }
 #endif /* USE_PAM */
+#if defined(HAVE_GETUSERATTR)
+/*
+ * AIX-specific login initialisation
+ */
+void set_limit(char *user, char *soft, char *hard, int resource, int mult)
+{
+        struct rlimit rlim;
+        rlim_t tlim;
+        int mask;
+        getrlimit(resource, &rlim);
+        tlim = (rlim_t) 0;
+        if (getuserattr(user, soft, &tlim, SEC_INT) != -1 && tlim)
+                rlim.rlim_cur = tlim * mult;
+        tlim = (rlim_t) 0;
+        if (getuserattr(user, hard, &tlim, SEC_INT) != -1 && tlim)
+                rlim.rlim_max = tlim * mult;
+        if (rlim.rlim_cur > rlim.rlim_max)
+                rlim.rlim_max = rlim.rlim_cur;
+        if (setrlimit(resource, &rlim) != 0)
+                error("setrlimit(%.10s) failed: %.100s", soft, strerror(errno))
+}
+void set_limits_from_userattr(char *user)
+{
+        int mask;
+        char buf[16];
+        set_limit(user, S_UFSIZE, S_UFSIZE_HARD, RLIMIT_FSIZE, 512);
+        set_limit(user, S_UCPU, S_UCPU_HARD, RLIMIT_CPU, 1);
+        set_limit(user, S_UDATA, S_UDATA_HARD, RLIMIT_DATA, 512);
+        set_limit(user, S_USTACK, S_USTACK_HARD, RLIMIT_STACK, 512);
+        set_limit(user, S_URSS, S_URSS_HARD, RLIMIT_RSS, 512);
+        set_limit(user, S_UCORE, S_UCORE_HARD, RLIMIT_CORE, 512);
+#if defined(S_UNOFILE)
+        set_limit(user, S_UNOFILE, S_UNOFILE_HARD, RLIMIT_NOFILE, 1);
+#endif
+        if (getuserattr(user, S_UMASK, &mask, SEC_INT) != -1) {
+                /* Convert decimal to octal */
+                (void) snprintf(buf, sizeof(buf), "%d", mask);
+                if (sscanf(buf, "%o", &mask) == 1)
+                        umask(mask);
+        }
+}
+#endif /* defined(HAVE_GETUSERATTR) */
 /*
 * Performs common processing for the child, such as setting up the
 * environment, closing extra file descriptors, setting the user and group
@@ -855,6 +909,10 @@ do_child(const char *command, struct passwd * pw, const char *term,
                }
 #else /* HAVE_OSF_SIA */
                if (getuid() == 0 || geteuid() == 0) {
+#if defined(HAVE_GETUSERATTR)
+                        set_limits_from_userattr(pw->pw_name);
+#endif /* defined(HAVE_GETUSERATTR) */
                        if (setgid(pw->pw_gid) < 0) {
                                perror("setgid");
                                exit(1);

diff --git a/session.c b/session.c index 29956777f..1f0d227d0 100644 --- a/session.c +++ b/session.c
@@ -9,6 +9,9 @@
9		9
10	#include "includes.h"	10	#include "includes.h"
11	RCSID("$OpenBSD: session.c,v 1.20 2000/06/18 04:42:54 markus Exp $");	11	RCSID("$OpenBSD: session.c,v 1.20 2000/06/18 04:42:54 markus Exp $");
		12	#if defined(HAVE_USERSEC_H)
		13	#include <usersec.h>
		14	#endif
12		15
13	#include "xmalloc.h"	16	#include "xmalloc.h"
14	#include "ssh.h"	17	#include "ssh.h"
@@ -789,6 +792,57 @@ void do_pam_environment(char **env, int envsize)
789	}	792	}
790	#endif /* USE_PAM */	793	#endif /* USE_PAM */
791		794
		795	#if defined(HAVE_GETUSERATTR)
		796	/*
		797	* AIX-specific login initialisation
		798	*/
		799	void set_limit(char user, char soft, char *hard, int resource, int mult)
		800	{
		801	struct rlimit rlim;
		802	rlim_t tlim;
		803	int mask;
		804
		805	getrlimit(resource, &rlim);
		806
		807	tlim = (rlim_t) 0;
		808	if (getuserattr(user, soft, &tlim, SEC_INT) != -1 && tlim)
		809	rlim.rlim_cur = tlim * mult;
		810
		811	tlim = (rlim_t) 0;
		812	if (getuserattr(user, hard, &tlim, SEC_INT) != -1 && tlim)
		813	rlim.rlim_max = tlim * mult;
		814
		815	if (rlim.rlim_cur > rlim.rlim_max)
		816	rlim.rlim_max = rlim.rlim_cur;
		817
		818	if (setrlimit(resource, &rlim) != 0)
		819	error("setrlimit(%.10s) failed: %.100s", soft, strerror(errno))
		820	}
		821
		822	void set_limits_from_userattr(char *user)
		823	{
		824	int mask;
		825	char buf[16];
		826
		827	set_limit(user, S_UFSIZE, S_UFSIZE_HARD, RLIMIT_FSIZE, 512);
		828	set_limit(user, S_UCPU, S_UCPU_HARD, RLIMIT_CPU, 1);
		829	set_limit(user, S_UDATA, S_UDATA_HARD, RLIMIT_DATA, 512);
		830	set_limit(user, S_USTACK, S_USTACK_HARD, RLIMIT_STACK, 512);
		831	set_limit(user, S_URSS, S_URSS_HARD, RLIMIT_RSS, 512);
		832	set_limit(user, S_UCORE, S_UCORE_HARD, RLIMIT_CORE, 512);
		833	#if defined(S_UNOFILE)
		834	set_limit(user, S_UNOFILE, S_UNOFILE_HARD, RLIMIT_NOFILE, 1);
		835	#endif
		836
		837	if (getuserattr(user, S_UMASK, &mask, SEC_INT) != -1) {
		838	/* Convert decimal to octal */
		839	(void) snprintf(buf, sizeof(buf), "%d", mask);
		840	if (sscanf(buf, "%o", &mask) == 1)
		841	umask(mask);
		842	}
		843	}
		844	#endif /* defined(HAVE_GETUSERATTR) */
		845
792	/*	846	/*
793	* Performs common processing for the child, such as setting up the	847	* Performs common processing for the child, such as setting up the
794	* environment, closing extra file descriptors, setting the user and group	848	* environment, closing extra file descriptors, setting the user and group
@@ -855,6 +909,10 @@ do_child(const char command, struct passwd pw, const char *term,
855	}	909	}
856	#else /* HAVE_OSF_SIA */	910	#else /* HAVE_OSF_SIA */
857	if (getuid() == 0 \|\| geteuid() == 0) {	911	if (getuid() == 0 \|\| geteuid() == 0) {
		912	#if defined(HAVE_GETUSERATTR)
		913	set_limits_from_userattr(pw->pw_name);
		914	#endif /* defined(HAVE_GETUSERATTR) */
		915
858	if (setgid(pw->pw_gid) < 0) {	916	if (setgid(pw->pw_gid) < 0) {
859	perror("setgid");	917	perror("setgid");
860	exit(1);	918	exit(1);