update the existing 027_pam_limits_better_init_allow_explicit_root patch

instead of creating a new parse-kernel-rlimits.patch, to keep these changes logically grouped together; and add a DEP3 patch header here since we didn't have one before
author: Steve Langasek <vorlon@debian.org> 2011-05-01 00:08:23 -0700
committer: Steve Langasek <vorlon@debian.org> 2019-01-08 21:51:58 -0800
commit: 28f777aa533a436603af78b92e5f75b04193f800 (patch)
tree: 9e51300b5ef8265996116916741ad6ce3a00242b /debian/patches-applied/parse-kernel-rlimits.patch
parent: f0a4da02e0f06e27ef4da8afaf3af08163282a19 (diff)
1 files changed, 0 insertions, 208 deletions
diff --git a/debian/patches-applied/parse-kernel-rlimits.patch b/debian/patches-applied/parse-kernel-rlimits.patch
deleted file mode 100644
index 77e6f378..00000000
--- a/debian/patches-applied/parse-kernel-rlimits.patch
+++ /dev/null
@@ -1,208 +0,0 @@
-Description: Since the kernel sets a number of dynamic rlimits based on the
- system properities (e.g. physical memory for nproc), these rlimits should
- be respected by PAM. Parse /proc/1/limits for the kernel-defined rlimits.
-Author: Kees Cook <kees@ubuntu.com>
-Bug-Ubuntu: https://launchpad.net/bugs/746655
-Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620302
-Forwarded: https://fedorahosted.org/pipermail/pam-developers/2011-March/000017.html
-
-Index: pam-debian/modules/pam_limits/pam_limits.c
-===================================================================
---- pam-debian.orig/modules/pam_limits/pam_limits.c	2011-03-31 14:39:14.296355902 -0700
-+++ pam-debian/modules/pam_limits/pam_limits.c	2011-03-31 14:39:14.906363881 -0700
-@@ -55,9 +55,10 @@
- #define LIMITS_DEF_USER     0 /* limit was set by an user entry */
- #define LIMITS_DEF_GROUP    1 /* limit was set by a group entry */
- #define LIMITS_DEF_ALLGROUP 2 /* limit was set by a group entry */
--#define LIMITS_DEF_ALL      3 /* limit was set by an default entry */
--#define LIMITS_DEF_DEFAULT  4 /* limit was set by an default entry */
--#define LIMITS_DEF_NONE     5 /* this limit was not set yet */
-+#define LIMITS_DEF_ALL      3 /* limit was set by an all entry */
-+#define LIMITS_DEF_DEFAULT  4 /* limit was set by an internal default entry */
-+#define LIMITS_DEF_KERNEL   5 /* limit was set from /proc/1/limits */
-+#define LIMITS_DEF_NONE     6 /* this limit was not set yet */
- 
- static const char *limits_def_names[] = {
-        "USER",
-@@ -65,6 +66,7 @@
-        "ALLGROUP",
-        "ALL",
-        "DEFAULT",
-+       "KERNEL",
-        "NONE",
-        NULL
- };
-@@ -296,7 +298,139 @@
-     return 0;
- }
- 
--static int init_limits(struct pam_limit_s *pl)
-+static const char * lnames[RLIM_NLIMITS] = {
-+        [RLIMIT_CPU] = "Max cpu time",
-+        [RLIMIT_FSIZE] = "Max file size",
-+        [RLIMIT_DATA] = "Max data size",
-+        [RLIMIT_STACK] = "Max stack size",
-+        [RLIMIT_CORE] = "Max core file size",
-+        [RLIMIT_RSS] = "Max resident set",
-+        [RLIMIT_NPROC] = "Max processes",
-+        [RLIMIT_NOFILE] = "Max open files",
-+        [RLIMIT_MEMLOCK] = "Max locked memory",
-+#ifdef RLIMIT_AS
-+        [RLIMIT_AS] = "Max address space",
-+#endif
-+#ifdef RLIMIT_LOCKS
-+        [RLIMIT_LOCKS] = "Max file locks",
-+#endif
-+#ifdef RLIMIT_SIGPENDING
-+        [RLIMIT_SIGPENDING] = "Max pending signals",
-+#endif
-+#ifdef RLIMIT_MSGQUEUE
-+        [RLIMIT_MSGQUEUE] = "Max msgqueue size",
-+#endif
-+#ifdef RLIMIT_NICE
-+        [RLIMIT_NICE] = "Max nice priority",
-+#endif
-+#ifdef RLIMIT_RTPRIO
-+        [RLIMIT_RTPRIO] = "Max realtime priority",
-+#endif
-+#ifdef RLIMIT_RTTIME
-+        [RLIMIT_RTTIME] = "Max realtime timeout",
-+#endif
-+};
-+
-+static int str2rlimit(char *name) {
-+    int i;
-+    if (!name || *name == '\0')
-+        return -1;
-+    for(i = 0; i < RLIM_NLIMITS; i++) {
-+        if (strcmp(name, lnames[i]) == 0) return i;
-+    }
-+    return -1;
-+}
-+
-+static rlim_t str2rlim_t(char *value) {
-+    unsigned long long rlimit = 0;
-+
-+    if (!value) return (rlim_t)rlimit;
-+    if (strcmp(value, "unlimited") == 0) {
-+        return RLIM_INFINITY;
-+    }
-+    rlimit = strtoull(value, NULL, 10);
-+    return (rlim_t)rlimit;
-+}
-+
-+#define LIMITS_SKIP_WHITESPACE { \
-+        /* step backwards over spaces */ \
-+        pos--; \
-+        while (pos && line[pos] == ' ') pos--; \
-+        if (!pos) continue; \
-+        line[pos+1] = '\0'; \
-+}
-+#define LIMITS_MARK_ITEM(item) { \
-+        /* step backwards over non-spaces */ \
-+        pos--; \
-+        while (pos && line[pos] != ' ') pos--; \
-+        if (!pos) continue; \
-+        item = line + pos + 1; \
-+}
-+
-+static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl)
-+{
-+    int i, maxlen = 0;
-+    FILE *limitsfile;
-+    const char *proclimits = "/proc/1/limits";
-+    char line[256];
-+    char *units, *hard, *soft, *name;
-+
-+    if (!(limitsfile = fopen(proclimits, "r"))) {
-+        pam_syslog(pamh, LOG_WARNING, "Could not read %s (%s), using PAM internal defaults", proclimits, strerror(errno));
-+        return;
-+    }
-+
-+    while (fgets(line, 256, limitsfile)) {
-+        int pos = strlen(line);
-+        if (pos < 2) continue;
-+
-+        /* drop trailing newline */
-+        if (line[pos-1] == '\n') {
-+            pos--;
-+            line[pos] = '\0';
-+        }
-+
-+        /* determine formatting boundry of limits report */
-+        if (!maxlen && strncmp(line, "Limit", 5) == 0) {
-+            maxlen = pos;
-+            continue;
-+        }
-+
-+        if (pos == maxlen) {
-+            /* step backwards over "Units" name */
-+            LIMITS_SKIP_WHITESPACE;
-+            LIMITS_MARK_ITEM(units);
-+        }
-+        else {
-+            units = "";
-+        }
-+
-+        /* step backwards over "Hard Limit" value */
-+        LIMITS_SKIP_WHITESPACE;
-+        LIMITS_MARK_ITEM(hard);
-+
-+        /* step backwards over "Soft Limit" value */
-+        LIMITS_SKIP_WHITESPACE;
-+        LIMITS_MARK_ITEM(soft);
-+
-+        /* step backwards over name of limit */
-+        LIMITS_SKIP_WHITESPACE;
-+        name = line;
-+
-+        i = str2rlimit(name);
-+        if (i < 0 || i >= RLIM_NLIMITS) {
-+            pam_syslog(pamh, LOG_DEBUG, "Unknown kernel rlimit '%s' ignored", name);
-+            continue;
-+        }
-+        pl->limits[i].limit.rlim_cur = str2rlim_t(soft);
-+        pl->limits[i].limit.rlim_max = str2rlim_t(hard);
-+        pl->limits[i].src_soft = LIMITS_DEF_KERNEL;
-+        pl->limits[i].src_hard = LIMITS_DEF_KERNEL;
-+    }
-+    fclose(limitsfile);
-+}
-+
-+static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl)
- {
-     int i;
-     int retval = PAM_SUCCESS;
-@@ -321,6 +455,23 @@
- 	    }
- 	} else {
- 	    pl->limits[i].supported = 1;
-+	    pl->limits[i].src_soft = LIMITS_DEF_NONE;
-+	    pl->limits[i].src_hard = LIMITS_DEF_NONE;
-+	}
-+    }
-+
-+#ifdef __linux__
-+    parse_kernel_limits(pamh, pl);
-+#endif
-+
-+    for(i = 0; i < RLIM_NLIMITS; i++) {
-+	if (pl->limits[i].supported &&
-+	    (pl->limits[i].src_soft == LIMITS_DEF_NONE ||
-+	     pl->limits[i].src_hard == LIMITS_DEF_NONE)) {
-+#ifdef __linux__
-+	    pam_syslog(pamh, LOG_WARNING, "Did not find kernel RLIMIT for %s, using PAM internal default", rlimit2str(i));
-+#endif
-+
- 	    pl->limits[i].src_soft = LIMITS_DEF_DEFAULT;
- 	    pl->limits[i].src_hard = LIMITS_DEF_DEFAULT;
- 	    switch(i) {
-@@ -823,7 +974,7 @@
-         return PAM_USER_UNKNOWN;
-     }
- 
--    retval = init_limits(pl);
-+    retval = init_limits(pamh, pl);
-     if (retval != PAM_SUCCESS) {
-         pam_syslog(pamh, LOG_WARNING, "cannot initialize");
-         return PAM_ABORT;
author	Steve Langasek <vorlon@debian.org>	2011-05-01 00:08:23 -0700
committer	Steve Langasek <vorlon@debian.org>	2019-01-08 21:51:58 -0800
commit	28f777aa533a436603af78b92e5f75b04193f800 (patch)
tree	9e51300b5ef8265996116916741ad6ce3a00242b /debian/patches-applied/parse-kernel-rlimits.patch
parent	f0a4da02e0f06e27ef4da8afaf3af08163282a19 (diff)