diff options
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 58 |
1 files changed, 58 insertions, 0 deletions
@@ -9,6 +9,9 @@ | |||
9 | 9 | ||
10 | #include "includes.h" | 10 | #include "includes.h" |
11 | RCSID("$OpenBSD: session.c,v 1.20 2000/06/18 04:42:54 markus Exp $"); | 11 | RCSID("$OpenBSD: session.c,v 1.20 2000/06/18 04:42:54 markus Exp $"); |
12 | #if defined(HAVE_USERSEC_H) | ||
13 | #include <usersec.h> | ||
14 | #endif | ||
12 | 15 | ||
13 | #include "xmalloc.h" | 16 | #include "xmalloc.h" |
14 | #include "ssh.h" | 17 | #include "ssh.h" |
@@ -789,6 +792,57 @@ void do_pam_environment(char ***env, int *envsize) | |||
789 | } | 792 | } |
790 | #endif /* USE_PAM */ | 793 | #endif /* USE_PAM */ |
791 | 794 | ||
795 | #if defined(HAVE_GETUSERATTR) | ||
796 | /* | ||
797 | * AIX-specific login initialisation | ||
798 | */ | ||
799 | void set_limit(char *user, char *soft, char *hard, int resource, int mult) | ||
800 | { | ||
801 | struct rlimit rlim; | ||
802 | rlim_t tlim; | ||
803 | int mask; | ||
804 | |||
805 | getrlimit(resource, &rlim); | ||
806 | |||
807 | tlim = (rlim_t) 0; | ||
808 | if (getuserattr(user, soft, &tlim, SEC_INT) != -1 && tlim) | ||
809 | rlim.rlim_cur = tlim * mult; | ||
810 | |||
811 | tlim = (rlim_t) 0; | ||
812 | if (getuserattr(user, hard, &tlim, SEC_INT) != -1 && tlim) | ||
813 | rlim.rlim_max = tlim * mult; | ||
814 | |||
815 | if (rlim.rlim_cur > rlim.rlim_max) | ||
816 | rlim.rlim_max = rlim.rlim_cur; | ||
817 | |||
818 | if (setrlimit(resource, &rlim) != 0) | ||
819 | error("setrlimit(%.10s) failed: %.100s", soft, strerror(errno)) | ||
820 | } | ||
821 | |||
822 | void set_limits_from_userattr(char *user) | ||
823 | { | ||
824 | int mask; | ||
825 | char buf[16]; | ||
826 | |||
827 | set_limit(user, S_UFSIZE, S_UFSIZE_HARD, RLIMIT_FSIZE, 512); | ||
828 | set_limit(user, S_UCPU, S_UCPU_HARD, RLIMIT_CPU, 1); | ||
829 | set_limit(user, S_UDATA, S_UDATA_HARD, RLIMIT_DATA, 512); | ||
830 | set_limit(user, S_USTACK, S_USTACK_HARD, RLIMIT_STACK, 512); | ||
831 | set_limit(user, S_URSS, S_URSS_HARD, RLIMIT_RSS, 512); | ||
832 | set_limit(user, S_UCORE, S_UCORE_HARD, RLIMIT_CORE, 512); | ||
833 | #if defined(S_UNOFILE) | ||
834 | set_limit(user, S_UNOFILE, S_UNOFILE_HARD, RLIMIT_NOFILE, 1); | ||
835 | #endif | ||
836 | |||
837 | if (getuserattr(user, S_UMASK, &mask, SEC_INT) != -1) { | ||
838 | /* Convert decimal to octal */ | ||
839 | (void) snprintf(buf, sizeof(buf), "%d", mask); | ||
840 | if (sscanf(buf, "%o", &mask) == 1) | ||
841 | umask(mask); | ||
842 | } | ||
843 | } | ||
844 | #endif /* defined(HAVE_GETUSERATTR) */ | ||
845 | |||
792 | /* | 846 | /* |
793 | * Performs common processing for the child, such as setting up the | 847 | * Performs common processing for the child, such as setting up the |
794 | * environment, closing extra file descriptors, setting the user and group | 848 | * environment, closing extra file descriptors, setting the user and group |
@@ -855,6 +909,10 @@ do_child(const char *command, struct passwd * pw, const char *term, | |||
855 | } | 909 | } |
856 | #else /* HAVE_OSF_SIA */ | 910 | #else /* HAVE_OSF_SIA */ |
857 | if (getuid() == 0 || geteuid() == 0) { | 911 | if (getuid() == 0 || geteuid() == 0) { |
912 | #if defined(HAVE_GETUSERATTR) | ||
913 | set_limits_from_userattr(pw->pw_name); | ||
914 | #endif /* defined(HAVE_GETUSERATTR) */ | ||
915 | |||
858 | if (setgid(pw->pw_gid) < 0) { | 916 | if (setgid(pw->pw_gid) < 0) { |
859 | perror("setgid"); | 917 | perror("setgid"); |
860 | exit(1); | 918 | exit(1); |