- (bal) Fixed AIX environment handling, use setpcred() instead of existing
code. (Bugzilla Bug 261)
diff --git a/ChangeLog b/ChangeLog
index 40554ea..20ba05d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,6 @@
20020620
+ - (bal) Fixed AIX environment handling, use setpcred() instead of existing
+ code. (Bugzilla Bug 261)
- (bal) OpenBSD CVS Sync
- todd@cvs.openbsd.org 2002/06/14 21:35:00
[monitor_wrap.c]
@@ -931,4 +933,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2217 2002/06/20 23:53:53 mouring Exp $
+$Id: ChangeLog,v 1.2218 2002/06/21 00:01:18 mouring Exp $
diff --git a/configure.ac b/configure.ac
index 450e49d..9daf3b0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.66 2002/06/12 16:57:15 mouring Exp $
+# $Id: configure.ac,v 1.67 2002/06/21 00:01:19 mouring Exp $
AC_INIT
AC_CONFIG_SRCDIR([ssh.c])
@@ -571,9 +571,9 @@
mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
setenv seteuid setgroups setlogin setproctitle setresgid setreuid \
- setrlimit setsid setvbuf sigaction sigvec snprintf socketpair \
- strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp truncate \
- utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
+ setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
+ socketpair strerror strlcat strlcpy strmode strsep sysconf tcgetpgrp \
+ truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
dnl IRIX and Solaris 2.5.1 have dirname() in libgen
AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
@@ -621,11 +621,6 @@
AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
AC_CHECK_FUNCS(setutxent utmpxname)
-AC_CHECK_FUNC(getuserattr,
- [AC_DEFINE(HAVE_GETUSERATTR)],
- [AC_CHECK_LIB(s, getuserattr, [LIBS="$LIBS -ls"; AC_DEFINE(HAVE_GETUSERATTR)])]
-)
-
AC_CHECK_FUNC(daemon,
[AC_DEFINE(HAVE_DAEMON)],
[AC_CHECK_LIB(bsd, daemon, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_DAEMON)])]
diff --git a/openbsd-compat/port-aix.c b/openbsd-compat/port-aix.c
index 31697d7..ca0a88e 100644
--- a/openbsd-compat/port-aix.c
+++ b/openbsd-compat/port-aix.c
@@ -2,104 +2,9 @@
#ifdef _AIX
-#ifdef HAVE_USERSEC_H
-#include <usersec.h>
-#endif /* HAVE_USERSEC_H */
-
#include <uinfo.h>
#include <../xmalloc.h>
-/* AIX limits */
-#if defined(HAVE_GETUSERATTR) && !defined(S_UFSIZE_HARD) && defined(S_UFSIZE)
-# define S_UFSIZE_HARD S_UFSIZE "_hard"
-# define S_UCPU_HARD S_UCPU "_hard"
-# define S_UDATA_HARD S_UDATA "_hard"
-# define S_USTACK_HARD S_USTACK "_hard"
-# define S_URSS_HARD S_URSS "_hard"
-# define S_UCORE_HARD S_UCORE "_hard"
-# define S_UNOFILE_HARD S_UNOFILE "_hard"
-#endif
-
-#if defined(HAVE_GETUSERATTR)
-/*
- * AIX-specific login initialisation
- */
-void
-set_limit(char *user, char *soft, char *hard, int resource, int mult)
-{
- struct rlimit rlim;
- int slim, hlim;
-
- getrlimit(resource, &rlim);
-
- slim = 0;
- if (getuserattr(user, soft, &slim, SEC_INT) != -1) {
- if (slim < 0) {
- rlim.rlim_cur = RLIM_INFINITY;
- } else if (slim != 0) {
- /* See the wackiness below */
- if (rlim.rlim_cur == slim * mult)
- slim = 0;
- else
- rlim.rlim_cur = slim * mult;
- }
- }
- hlim = 0;
- if (getuserattr(user, hard, &hlim, SEC_INT) != -1) {
- if (hlim < 0) {
- rlim.rlim_max = RLIM_INFINITY;
- } else if (hlim != 0) {
- rlim.rlim_max = hlim * mult;
- }
- }
-
- /*
- * XXX For cpu and fsize the soft limit is set to the hard limit
- * if the hard limit is left at its default value and the soft limit
- * is changed from its default value, either by requesting it
- * (slim == 0) or by setting it to the current default. At least
- * that's how rlogind does it. If you're confused you're not alone.
- * Bug or feature? AIX 4.3.1.2
- */
- if ((!strcmp(soft, "fsize") || !strcmp(soft, "cpu"))
- && hlim == 0 && slim != 0)
- rlim.rlim_max = rlim.rlim_cur;
- /* A specified hard limit limits the soft limit */
- else if (hlim > 0 && rlim.rlim_cur > rlim.rlim_max)
- rlim.rlim_cur = rlim.rlim_max;
- /* A soft limit can increase a hard limit */
- else if (rlim.rlim_cur > rlim.rlim_max)
- rlim.rlim_max = rlim.rlim_cur;
-
- if (setrlimit(resource, &rlim) != 0)
- error("setrlimit(%.10s) failed: %.100s", soft, strerror(errno));
-}
-
-void
-set_limits_from_userattr(char *user)
-{
- int mask;
- char buf[16];
-
- set_limit(user, S_UFSIZE, S_UFSIZE_HARD, RLIMIT_FSIZE, 512);
- set_limit(user, S_UCPU, S_UCPU_HARD, RLIMIT_CPU, 1);
- set_limit(user, S_UDATA, S_UDATA_HARD, RLIMIT_DATA, 512);
- set_limit(user, S_USTACK, S_USTACK_HARD, RLIMIT_STACK, 512);
- set_limit(user, S_URSS, S_URSS_HARD, RLIMIT_RSS, 512);
- set_limit(user, S_UCORE, S_UCORE_HARD, RLIMIT_CORE, 512);
-#if defined(S_UNOFILE)
- set_limit(user, S_UNOFILE, S_UNOFILE_HARD, RLIMIT_NOFILE, 1);
-#endif
-
- if (getuserattr(user, S_UMASK, &mask, SEC_INT) != -1) {
- /* Convert decimal to octal */
- (void) snprintf(buf, sizeof(buf), "%d", mask);
- if (sscanf(buf, "%o", &mask) == 1)
- umask(mask);
- }
-}
-#endif /* defined(HAVE_GETUSERATTR) */
-
/*
* AIX has a "usrinfo" area where logname and
* other stuff is stored - a few applications
diff --git a/openbsd-compat/port-aix.h b/openbsd-compat/port-aix.h
index 29d2ee6..e4d14f4 100644
--- a/openbsd-compat/port-aix.h
+++ b/openbsd-compat/port-aix.h
@@ -1,10 +1,5 @@
#ifdef _AIX
-#ifdef HAVE_GETUSERATTR
-void set_limit(char *user, char *soft, char *hard, int resource, int mult);
-void set_limits_from_userattr(char *user);
-#endif /* HAVE_GETUSERATTR */
-
void aix_usrinfo(struct passwd *pw, char *tty, int ttyfd);
#endif /* _AIX */
diff --git a/session.c b/session.c
index a2d8a9c..f6f9c54 100644
--- a/session.c
+++ b/session.c
@@ -1153,9 +1153,9 @@
#else /* HAVE_CYGWIN */
if (getuid() == 0 || geteuid() == 0) {
#endif /* HAVE_CYGWIN */
-#ifdef HAVE_GETUSERATTR
- set_limits_from_userattr(pw->pw_name);
-#endif /* HAVE_GETUSERATTR */
+#ifdef HAVE_SETPCRED
+ setpcred(pw->pw_name);
+#endif /* HAVE_SETPCRED */
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid,
(LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {