summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteve Langasek <vorlon@debian.org>2011-05-01 00:08:23 -0700
committerSteve Langasek <vorlon@debian.org>2019-01-08 21:51:58 -0800
commit28f777aa533a436603af78b92e5f75b04193f800 (patch)
tree9e51300b5ef8265996116916741ad6ce3a00242b
parentf0a4da02e0f06e27ef4da8afaf3af08163282a19 (diff)
update the existing 027_pam_limits_better_init_allow_explicit_root patch
instead of creating a new parse-kernel-rlimits.patch, to keep these changes logically grouped together; and add a DEP3 patch header here since we didn't have one before
-rw-r--r--debian/changelog2
-rw-r--r--debian/patches-applied/027_pam_limits_better_init_allow_explicit_root270
-rw-r--r--debian/patches-applied/parse-kernel-rlimits.patch208
-rw-r--r--debian/patches-applied/series1
4 files changed, 234 insertions, 247 deletions
diff --git a/debian/changelog b/debian/changelog
index f4fc6550..fd03653d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,7 @@
pam (1.1.2-3) UNRELEASED; urgency=low
[ Kees Cook ]
- * debian/patches-applied/parse-kernel-rlimits.patch: load rlimit defaults
+ * 027_pam_limits_better_init_allow_explicit_root: load rlimit defaults
from the kernel (via /proc/1/limits), instead of continuing to hardcode
the settings internally. Fall back to internal defaults when the kernel
rlimits are not found. Closes: #620302. (LP: #746655, #391761)
diff --git a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root
index 07e383ec..fa152c5e 100644
--- a/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root
+++ b/debian/patches-applied/027_pam_limits_better_init_allow_explicit_root
@@ -1,10 +1,29 @@
-Allow explicit limits for root.
-Also, remove limits on su.
-Index: pam.deb/modules/pam_limits/pam_limits.c
+Description: Allow explicit limits for root and reset limits on each session
+ When crossing session boundaries (such as when su'ing from one user to
+ another), if the target account has no limit specified in limits.conf we
+ want to use the default, not the current value configured for the
+ source account.
+ .
+ On Linux, we query default limits by parsing /proc/1/limits, so that we
+ can sanely inherit kernel defaults that vary with system resources (such as
+ nproc). If /proc/1/limits is unavailable, fall back to a set of
+ hard-coded values that shadow the currently known defaults on Linux.
+ .
+ Also, don't apply wildcard limits to the root account; only apply limits to
+ root that reference root by name.
+Author: Peter Paluch <peterp@frcatel.fri.utc.sk>,
+ Ben Collins <bcollins@debian.org>,
+ Steve Langasek <vorlon@debian.org>,
+ Kees Cook <kees@ubuntu.com>
+Bug-Ubuntu: https://launchpad.net/bugs/746655
+Bug-Debian: http://bugs.debian.org/63230
+Bug-Debian: http://bugs.debian.org/620302
+Forwarded: https://fedorahosted.org/pipermail/pam-developers/2011-March/000017.html
+Index: pam.debian/modules/pam_limits/pam_limits.c
===================================================================
---- pam.deb.orig/modules/pam_limits/pam_limits.c
-+++ pam.deb/modules/pam_limits/pam_limits.c
-@@ -45,6 +45,10 @@
+--- pam.debian.orig/modules/pam_limits/pam_limits.c
++++ pam.debian/modules/pam_limits/pam_limits.c
+@@ -45,15 +45,20 @@
#include <libaudit.h>
#endif
@@ -15,7 +34,28 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
/* Module defines */
#define LINE_LENGTH 1024
-@@ -74,6 +78,7 @@
+ #define LIMITS_DEF_USER 0 /* limit was set by an user entry */
+ #define LIMITS_DEF_GROUP 1 /* limit was set by a group entry */
+ #define LIMITS_DEF_ALLGROUP 2 /* limit was set by a group entry */
+-#define LIMITS_DEF_ALL 3 /* limit was set by an default entry */
+-#define LIMITS_DEF_DEFAULT 4 /* limit was set by an default entry */
+-#define LIMITS_DEF_NONE 5 /* this limit was not set yet */
++#define LIMITS_DEF_ALL 3 /* limit was set by an all entry */
++#define LIMITS_DEF_DEFAULT 4 /* limit was set by an internal default entry */
++#define LIMITS_DEF_KERNEL 5 /* limit was set from /proc/1/limits */
++#define LIMITS_DEF_NONE 6 /* this limit was not set yet */
+
+ static const char *limits_def_names[] = {
+ "USER",
+@@ -61,6 +66,7 @@
+ "ALLGROUP",
+ "ALL",
+ "DEFAULT",
++ "KERNEL",
+ "NONE",
+ NULL
+ };
+@@ -74,6 +80,7 @@
/* internal data */
struct pam_limit_s {
@@ -23,7 +63,144 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
int login_limit; /* the max logins limit */
int login_limit_def; /* which entry set the login limit */
int flag_numsyslogins; /* whether to limit logins only for a
-@@ -295,9 +300,18 @@
+@@ -291,13 +298,154 @@
+ return 0;
+ }
+
+-static int init_limits(struct pam_limit_s *pl)
++static const char * lnames[RLIM_NLIMITS] = {
++ [RLIMIT_CPU] = "Max cpu time",
++ [RLIMIT_FSIZE] = "Max file size",
++ [RLIMIT_DATA] = "Max data size",
++ [RLIMIT_STACK] = "Max stack size",
++ [RLIMIT_CORE] = "Max core file size",
++ [RLIMIT_RSS] = "Max resident set",
++ [RLIMIT_NPROC] = "Max processes",
++ [RLIMIT_NOFILE] = "Max open files",
++ [RLIMIT_MEMLOCK] = "Max locked memory",
++#ifdef RLIMIT_AS
++ [RLIMIT_AS] = "Max address space",
++#endif
++#ifdef RLIMIT_LOCKS
++ [RLIMIT_LOCKS] = "Max file locks",
++#endif
++#ifdef RLIMIT_SIGPENDING
++ [RLIMIT_SIGPENDING] = "Max pending signals",
++#endif
++#ifdef RLIMIT_MSGQUEUE
++ [RLIMIT_MSGQUEUE] = "Max msgqueue size",
++#endif
++#ifdef RLIMIT_NICE
++ [RLIMIT_NICE] = "Max nice priority",
++#endif
++#ifdef RLIMIT_RTPRIO
++ [RLIMIT_RTPRIO] = "Max realtime priority",
++#endif
++#ifdef RLIMIT_RTTIME
++ [RLIMIT_RTTIME] = "Max realtime timeout",
++#endif
++};
++
++static int str2rlimit(char *name) {
++ int i;
++ if (!name || *name == '\0')
++ return -1;
++ for(i = 0; i < RLIM_NLIMITS; i++) {
++ if (strcmp(name, lnames[i]) == 0) return i;
++ }
++ return -1;
++}
++
++static rlim_t str2rlim_t(char *value) {
++ unsigned long long rlimit = 0;
++
++ if (!value) return (rlim_t)rlimit;
++ if (strcmp(value, "unlimited") == 0) {
++ return RLIM_INFINITY;
++ }
++ rlimit = strtoull(value, NULL, 10);
++ return (rlim_t)rlimit;
++}
++
++#define LIMITS_SKIP_WHITESPACE { \
++ /* step backwards over spaces */ \
++ pos--; \
++ while (pos && line[pos] == ' ') pos--; \
++ if (!pos) continue; \
++ line[pos+1] = '\0'; \
++}
++#define LIMITS_MARK_ITEM(item) { \
++ /* step backwards over non-spaces */ \
++ pos--; \
++ while (pos && line[pos] != ' ') pos--; \
++ if (!pos) continue; \
++ item = line + pos + 1; \
++}
++
++static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl)
++{
++ int i, maxlen = 0;
++ FILE *limitsfile;
++ const char *proclimits = "/proc/1/limits";
++ char line[256];
++ char *units, *hard, *soft, *name;
++
++ if (!(limitsfile = fopen(proclimits, "r"))) {
++ pam_syslog(pamh, LOG_WARNING, "Could not read %s (%s), using PAM internal defaults", proclimits, strerror(errno));
++ return;
++ }
++
++ while (fgets(line, 256, limitsfile)) {
++ int pos = strlen(line);
++ if (pos < 2) continue;
++
++ /* drop trailing newline */
++ if (line[pos-1] == '\n') {
++ pos--;
++ line[pos] = '\0';
++ }
++
++ /* determine formatting boundry of limits report */
++ if (!maxlen && strncmp(line, "Limit", 5) == 0) {
++ maxlen = pos;
++ continue;
++ }
++
++ if (pos == maxlen) {
++ /* step backwards over "Units" name */
++ LIMITS_SKIP_WHITESPACE;
++ LIMITS_MARK_ITEM(units);
++ }
++ else {
++ units = "";
++ }
++
++ /* step backwards over "Hard Limit" value */
++ LIMITS_SKIP_WHITESPACE;
++ LIMITS_MARK_ITEM(hard);
++
++ /* step backwards over "Soft Limit" value */
++ LIMITS_SKIP_WHITESPACE;
++ LIMITS_MARK_ITEM(soft);
++
++ /* step backwards over name of limit */
++ LIMITS_SKIP_WHITESPACE;
++ name = line;
++
++ i = str2rlimit(name);
++ if (i < 0 || i >= RLIM_NLIMITS) {
++ pam_syslog(pamh, LOG_DEBUG, "Unknown kernel rlimit '%s' ignored", name);
++ continue;
++ }
++ pl->limits[i].limit.rlim_cur = str2rlim_t(soft);
++ pl->limits[i].limit.rlim_max = str2rlim_t(hard);
++ pl->limits[i].src_soft = LIMITS_DEF_KERNEL;
++ pl->limits[i].src_hard = LIMITS_DEF_KERNEL;
++ }
++ fclose(limitsfile);
++}
++
++static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl)
{
int i;
int retval = PAM_SUCCESS;
@@ -42,12 +219,22 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
for(i = 0; i < RLIM_NLIMITS; i++) {
int r = getrlimit(i, &pl->limits[i].limit);
if (r == -1) {
-@@ -307,8 +321,56 @@
- }
- } else {
- pl->limits[i].supported = 1;
-- pl->limits[i].src_soft = LIMITS_DEF_NONE;
-- pl->limits[i].src_hard = LIMITS_DEF_NONE;
+@@ -312,6 +460,71 @@
+ }
+ }
+
++#ifdef __linux__
++ parse_kernel_limits(pamh, pl);
++#endif
++
++ for(i = 0; i < RLIM_NLIMITS; i++) {
++ if (pl->limits[i].supported &&
++ (pl->limits[i].src_soft == LIMITS_DEF_NONE ||
++ pl->limits[i].src_hard == LIMITS_DEF_NONE)) {
++#ifdef __linux__
++ pam_syslog(pamh, LOG_WARNING, "Did not find kernel RLIMIT for %s, using PAM internal default", rlimit2str(i));
++#endif
++
+ pl->limits[i].src_soft = LIMITS_DEF_DEFAULT;
+ pl->limits[i].src_hard = LIMITS_DEF_DEFAULT;
+ switch(i) {
@@ -98,10 +285,13 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
+ pl->limits[i].src_hard = LIMITS_DEF_NONE;
+ break;
+ }
- }
- }
-
-@@ -591,7 +653,7 @@
++ }
++ }
++
+ errno = 0;
+ pl->priority = getpriority (PRIO_PROCESS, 0);
+ if (pl->priority == -1 && errno != 0)
+@@ -591,7 +804,7 @@
if (strcmp(uname, domain) == 0) /* this user have a limit */
process_limit(pamh, LIMITS_DEF_USER, ltype, item, value, ctrl, pl);
@@ -110,7 +300,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
if (ctrl & PAM_DEBUG_ARG) {
pam_syslog(pamh, LOG_DEBUG,
"checking if %s is in group %s",
-@@ -600,7 +662,7 @@
+@@ -600,7 +813,7 @@
if (pam_modutil_user_in_group_nam_nam(pamh, uname, domain+1))
process_limit(pamh, LIMITS_DEF_GROUP, ltype, item, value, ctrl,
pl);
@@ -119,7 +309,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
if (ctrl & PAM_DEBUG_ARG) {
pam_syslog(pamh, LOG_DEBUG,
"checking if %s is in group %s",
-@@ -614,7 +676,7 @@
+@@ -614,7 +827,7 @@
process_limit(pamh, LIMITS_DEF_ALLGROUP, ltype, item, value, ctrl,
pl);
}
@@ -128,7 +318,7 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
process_limit(pamh, LIMITS_DEF_DEFAULT, ltype, item, value, ctrl,
pl);
} else if (i == 2 && ltype[0] == '-') { /* Probably a no-limit line */
-@@ -649,6 +711,12 @@
+@@ -649,6 +862,12 @@
int status;
int retval = LIMITED_OK;
@@ -141,7 +331,14 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
for (i=0, status=LIMITED_OK; i<RLIM_NLIMITS; i++) {
int res;
-@@ -749,6 +817,8 @@
+@@ -743,12 +962,14 @@
+ return PAM_USER_UNKNOWN;
+ }
+
+- retval = init_limits(pl);
++ retval = init_limits(pamh, pl);
+ if (retval != PAM_SUCCESS) {
+ pam_syslog(pamh, LOG_WARNING, "cannot initialize");
return PAM_ABORT;
}
@@ -150,10 +347,10 @@ Index: pam.deb/modules/pam_limits/pam_limits.c
retval = parse_config_file(pamh, pwd->pw_name, ctrl, pl);
if (retval == PAM_IGNORE) {
D(("the configuration file ('%s') has an applicable '<domain> -' entry", CONF_FILE));
-Index: pam.deb/modules/pam_limits/limits.conf
+Index: pam.debian/modules/pam_limits/limits.conf
===================================================================
---- pam.deb.orig/modules/pam_limits/limits.conf
-+++ pam.deb/modules/pam_limits/limits.conf
+--- pam.debian.orig/modules/pam_limits/limits.conf
++++ pam.debian/modules/pam_limits/limits.conf
@@ -11,6 +11,9 @@
# - the wildcard *, for default entry
# - the wildcard %, can be also used with %group syntax,
@@ -172,10 +369,10 @@ Index: pam.deb/modules/pam_limits/limits.conf
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
-Index: pam.deb/modules/pam_limits/limits.conf.5.xml
+Index: pam.debian/modules/pam_limits/limits.conf.5.xml
===================================================================
---- pam.deb.orig/modules/pam_limits/limits.conf.5.xml
-+++ pam.deb/modules/pam_limits/limits.conf.5.xml
+--- pam.debian.orig/modules/pam_limits/limits.conf.5.xml
++++ pam.debian/modules/pam_limits/limits.conf.5.xml
@@ -57,6 +57,11 @@
</para>
</listitem>
@@ -196,11 +393,11 @@ Index: pam.deb/modules/pam_limits/limits.conf.5.xml
* hard rss 10000
@student hard nproc 20
@faculty soft nproc 20
-Index: pam.deb/modules/pam_limits/limits.conf.5
+Index: pam.debian/modules/pam_limits/limits.conf.5
===================================================================
---- pam.deb.orig/modules/pam_limits/limits.conf.5
-+++ pam.deb/modules/pam_limits/limits.conf.5
-@@ -84,6 +84,11 @@
+--- pam.debian.orig/modules/pam_limits/limits.conf.5
++++ pam.debian/modules/pam_limits/limits.conf.5
+@@ -93,6 +93,11 @@
\fI%group\fR
syntax\&.
.RE
@@ -212,7 +409,7 @@ Index: pam.deb/modules/pam_limits/limits.conf.5
.RE
.PP
\fB<type>\fR
-@@ -256,6 +261,7 @@
+@@ -265,6 +270,7 @@
.\}
.nf
* soft core 0
@@ -220,10 +417,10 @@ Index: pam.deb/modules/pam_limits/limits.conf.5
* hard rss 10000
@student hard nproc 20
@faculty soft nproc 20
-Index: pam.deb/modules/pam_limits/README
+Index: pam.debian/modules/pam_limits/README
===================================================================
---- pam.deb.orig/modules/pam_limits/README 2009-08-24 20:18:05 +0000
-+++ pam.deb/modules/pam_limits/README 2009-08-26 00:32:41 +0000
+--- pam.debian.orig/modules/pam_limits/README
++++ pam.debian/modules/pam_limits/README
@@ -55,6 +55,7 @@
limits.conf.
@@ -232,4 +429,3 @@ Index: pam.deb/modules/pam_limits/README
* hard rss 10000
@student hard nproc 20
@faculty soft nproc 20
-
diff --git a/debian/patches-applied/parse-kernel-rlimits.patch b/debian/patches-applied/parse-kernel-rlimits.patch
deleted file mode 100644
index 77e6f378..00000000
--- a/debian/patches-applied/parse-kernel-rlimits.patch
+++ /dev/null
@@ -1,208 +0,0 @@
-Description: Since the kernel sets a number of dynamic rlimits based on the
- system properities (e.g. physical memory for nproc), these rlimits should
- be respected by PAM. Parse /proc/1/limits for the kernel-defined rlimits.
-Author: Kees Cook <kees@ubuntu.com>
-Bug-Ubuntu: https://launchpad.net/bugs/746655
-Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620302
-Forwarded: https://fedorahosted.org/pipermail/pam-developers/2011-March/000017.html
-
-Index: pam-debian/modules/pam_limits/pam_limits.c
-===================================================================
---- pam-debian.orig/modules/pam_limits/pam_limits.c 2011-03-31 14:39:14.296355902 -0700
-+++ pam-debian/modules/pam_limits/pam_limits.c 2011-03-31 14:39:14.906363881 -0700
-@@ -55,9 +55,10 @@
- #define LIMITS_DEF_USER 0 /* limit was set by an user entry */
- #define LIMITS_DEF_GROUP 1 /* limit was set by a group entry */
- #define LIMITS_DEF_ALLGROUP 2 /* limit was set by a group entry */
--#define LIMITS_DEF_ALL 3 /* limit was set by an default entry */
--#define LIMITS_DEF_DEFAULT 4 /* limit was set by an default entry */
--#define LIMITS_DEF_NONE 5 /* this limit was not set yet */
-+#define LIMITS_DEF_ALL 3 /* limit was set by an all entry */
-+#define LIMITS_DEF_DEFAULT 4 /* limit was set by an internal default entry */
-+#define LIMITS_DEF_KERNEL 5 /* limit was set from /proc/1/limits */
-+#define LIMITS_DEF_NONE 6 /* this limit was not set yet */
-
- static const char *limits_def_names[] = {
- "USER",
-@@ -65,6 +66,7 @@
- "ALLGROUP",
- "ALL",
- "DEFAULT",
-+ "KERNEL",
- "NONE",
- NULL
- };
-@@ -296,7 +298,139 @@
- return 0;
- }
-
--static int init_limits(struct pam_limit_s *pl)
-+static const char * lnames[RLIM_NLIMITS] = {
-+ [RLIMIT_CPU] = "Max cpu time",
-+ [RLIMIT_FSIZE] = "Max file size",
-+ [RLIMIT_DATA] = "Max data size",
-+ [RLIMIT_STACK] = "Max stack size",
-+ [RLIMIT_CORE] = "Max core file size",
-+ [RLIMIT_RSS] = "Max resident set",
-+ [RLIMIT_NPROC] = "Max processes",
-+ [RLIMIT_NOFILE] = "Max open files",
-+ [RLIMIT_MEMLOCK] = "Max locked memory",
-+#ifdef RLIMIT_AS
-+ [RLIMIT_AS] = "Max address space",
-+#endif
-+#ifdef RLIMIT_LOCKS
-+ [RLIMIT_LOCKS] = "Max file locks",
-+#endif
-+#ifdef RLIMIT_SIGPENDING
-+ [RLIMIT_SIGPENDING] = "Max pending signals",
-+#endif
-+#ifdef RLIMIT_MSGQUEUE
-+ [RLIMIT_MSGQUEUE] = "Max msgqueue size",
-+#endif
-+#ifdef RLIMIT_NICE
-+ [RLIMIT_NICE] = "Max nice priority",
-+#endif
-+#ifdef RLIMIT_RTPRIO
-+ [RLIMIT_RTPRIO] = "Max realtime priority",
-+#endif
-+#ifdef RLIMIT_RTTIME
-+ [RLIMIT_RTTIME] = "Max realtime timeout",
-+#endif
-+};
-+
-+static int str2rlimit(char *name) {
-+ int i;
-+ if (!name || *name == '\0')
-+ return -1;
-+ for(i = 0; i < RLIM_NLIMITS; i++) {
-+ if (strcmp(name, lnames[i]) == 0) return i;
-+ }
-+ return -1;
-+}
-+
-+static rlim_t str2rlim_t(char *value) {
-+ unsigned long long rlimit = 0;
-+
-+ if (!value) return (rlim_t)rlimit;
-+ if (strcmp(value, "unlimited") == 0) {
-+ return RLIM_INFINITY;
-+ }
-+ rlimit = strtoull(value, NULL, 10);
-+ return (rlim_t)rlimit;
-+}
-+
-+#define LIMITS_SKIP_WHITESPACE { \
-+ /* step backwards over spaces */ \
-+ pos--; \
-+ while (pos && line[pos] == ' ') pos--; \
-+ if (!pos) continue; \
-+ line[pos+1] = '\0'; \
-+}
-+#define LIMITS_MARK_ITEM(item) { \
-+ /* step backwards over non-spaces */ \
-+ pos--; \
-+ while (pos && line[pos] != ' ') pos--; \
-+ if (!pos) continue; \
-+ item = line + pos + 1; \
-+}
-+
-+static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl)
-+{
-+ int i, maxlen = 0;
-+ FILE *limitsfile;
-+ const char *proclimits = "/proc/1/limits";
-+ char line[256];
-+ char *units, *hard, *soft, *name;
-+
-+ if (!(limitsfile = fopen(proclimits, "r"))) {
-+ pam_syslog(pamh, LOG_WARNING, "Could not read %s (%s), using PAM internal defaults", proclimits, strerror(errno));
-+ return;
-+ }
-+
-+ while (fgets(line, 256, limitsfile)) {
-+ int pos = strlen(line);
-+ if (pos < 2) continue;
-+
-+ /* drop trailing newline */
-+ if (line[pos-1] == '\n') {
-+ pos--;
-+ line[pos] = '\0';
-+ }
-+
-+ /* determine formatting boundry of limits report */
-+ if (!maxlen && strncmp(line, "Limit", 5) == 0) {
-+ maxlen = pos;
-+ continue;
-+ }
-+
-+ if (pos == maxlen) {
-+ /* step backwards over "Units" name */
-+ LIMITS_SKIP_WHITESPACE;
-+ LIMITS_MARK_ITEM(units);
-+ }
-+ else {
-+ units = "";
-+ }
-+
-+ /* step backwards over "Hard Limit" value */
-+ LIMITS_SKIP_WHITESPACE;
-+ LIMITS_MARK_ITEM(hard);
-+
-+ /* step backwards over "Soft Limit" value */
-+ LIMITS_SKIP_WHITESPACE;
-+ LIMITS_MARK_ITEM(soft);
-+
-+ /* step backwards over name of limit */
-+ LIMITS_SKIP_WHITESPACE;
-+ name = line;
-+
-+ i = str2rlimit(name);
-+ if (i < 0 || i >= RLIM_NLIMITS) {
-+ pam_syslog(pamh, LOG_DEBUG, "Unknown kernel rlimit '%s' ignored", name);
-+ continue;
-+ }
-+ pl->limits[i].limit.rlim_cur = str2rlim_t(soft);
-+ pl->limits[i].limit.rlim_max = str2rlim_t(hard);
-+ pl->limits[i].src_soft = LIMITS_DEF_KERNEL;
-+ pl->limits[i].src_hard = LIMITS_DEF_KERNEL;
-+ }
-+ fclose(limitsfile);
-+}
-+
-+static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl)
- {
- int i;
- int retval = PAM_SUCCESS;
-@@ -321,6 +455,23 @@
- }
- } else {
- pl->limits[i].supported = 1;
-+ pl->limits[i].src_soft = LIMITS_DEF_NONE;
-+ pl->limits[i].src_hard = LIMITS_DEF_NONE;
-+ }
-+ }
-+
-+#ifdef __linux__
-+ parse_kernel_limits(pamh, pl);
-+#endif
-+
-+ for(i = 0; i < RLIM_NLIMITS; i++) {
-+ if (pl->limits[i].supported &&
-+ (pl->limits[i].src_soft == LIMITS_DEF_NONE ||
-+ pl->limits[i].src_hard == LIMITS_DEF_NONE)) {
-+#ifdef __linux__
-+ pam_syslog(pamh, LOG_WARNING, "Did not find kernel RLIMIT for %s, using PAM internal default", rlimit2str(i));
-+#endif
-+
- pl->limits[i].src_soft = LIMITS_DEF_DEFAULT;
- pl->limits[i].src_hard = LIMITS_DEF_DEFAULT;
- switch(i) {
-@@ -823,7 +974,7 @@
- return PAM_USER_UNKNOWN;
- }
-
-- retval = init_limits(pl);
-+ retval = init_limits(pamh, pl);
- if (retval != PAM_SUCCESS) {
- pam_syslog(pamh, LOG_WARNING, "cannot initialize");
- return PAM_ABORT;
diff --git a/debian/patches-applied/series b/debian/patches-applied/series
index 4229f047..4fdb9cd8 100644
--- a/debian/patches-applied/series
+++ b/debian/patches-applied/series
@@ -21,4 +21,3 @@ update-motd
fix-man-crud
sys-types-include.patch
no_PATH_MAX_on_hurd
-parse-kernel-rlimits.patch