summaryrefslogtreecommitdiff
path: root/modules/pam_limits
diff options
context:
space:
mode:
authorTomas Mraz <tm@t8m.info>2005-05-16 20:34:20 +0000
committerTomas Mraz <tm@t8m.info>2005-05-16 20:34:20 +0000
commitb0f37d0d3bf7c08d15dae0b11c601ffed24de6b4 (patch)
treeb9c5b39d9cb1e9f95910084898afbafbdb48139f /modules/pam_limits
parent72188ec3483744ef54c20245ac4125eb1c67e92e (diff)
Relevant BUGIDs: 945449
Purpose of commit: bugfix Commit summary: --------------- Correct support of unlimited limits, use the right type for rlimit value.
Diffstat (limited to 'modules/pam_limits')
-rw-r--r--modules/pam_limits/pam_limits.c61
1 files changed, 36 insertions, 25 deletions
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index 1482833a..f7b228b8 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -30,6 +30,7 @@
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/resource.h>
+#include <limits.h>
#include <utmp.h>
#ifndef UT_USER /* some systems have ut_name instead of ut_user */
@@ -260,7 +261,8 @@ static void process_limit(int source, const char *lim_type,
{
int limit_item;
int limit_type = 0;
- long limit_value;
+ int int_value = 0;
+ unsigned long rlimit_value = 0;
char *endptr;
const char *value_orig = lim_value;
@@ -324,23 +326,30 @@ static void process_limit(int source, const char *lim_type,
_pam_log(LOG_DEBUG,"unknown limit type '%s'", lim_type);
return;
}
-
- limit_value = strtol (lim_value, &endptr, 10);
-
- /* special case value when limiting logins */
- if (limit_value == 0 && value_orig == endptr) { /* no chars read */
- if (strcmp(lim_value,"-") != 0) {
- _pam_log(LOG_DEBUG,"wrong limit value '%s'", lim_value);
+ if (limit_item != LIMIT_PRI && (strcmp(lim_value, "-1") == 0
+ || strcmp(lim_value, "-") == 0 || strcmp(lim_value, "unlimited") == 0
+ || strcmp(lim_value, "infinity") == 0)) {
+ int_value = -1;
+ rlimit_value = RLIM_INFINITY;
+ } else if (limit_item == LIMIT_PRI || limit_item == LIMIT_LOGIN ||
+ limit_item == LIMIT_NUMSYSLOGINS) {
+ long temp;
+ temp = strtol (lim_value, &endptr, 10);
+ temp = temp < INT_MAX ? temp : INT_MAX;
+ int_value = temp > INT_MIN ? temp : INT_MIN;
+ if (int_value == 0 && value_orig == endptr) {
+ _pam_log(LOG_DEBUG, "wrong limit value '%s' for limit type '%s'",
+ lim_value, lim_type);
return;
- } else
- if (limit_item != LIMIT_LOGIN) {
- if (ctrl & PAM_DEBUG_ARG)
- _pam_log(LOG_DEBUG,
- "'-' limit value valid for maxlogins type only");
- return;
- } else
- limit_value = -1;
- }
+ }
+ } else {
+ rlimit_value = strtoul (lim_value, &endptr, 10);
+ if (rlimit_value == 0 && value_orig == endptr) {
+ _pam_log(LOG_DEBUG, "wrong limit value '%s' for limit type '%s'",
+ lim_value, lim_type);
+ return;
+ }
+ }
/* one more special case when limiting logins */
if ((source == LIMITS_DEF_ALL || source == LIMITS_DEF_ALLGROUP)
@@ -353,8 +362,9 @@ static void process_limit(int source, const char *lim_type,
switch(limit_item) {
case RLIMIT_CPU:
- limit_value *= 60;
- break;
+ if (rlimit_value != RLIM_INFINITY)
+ rlimit_value *= 60;
+ break;
case RLIMIT_FSIZE:
case RLIMIT_DATA:
case RLIMIT_STACK:
@@ -362,8 +372,9 @@ static void process_limit(int source, const char *lim_type,
case RLIMIT_RSS:
case RLIMIT_MEMLOCK:
case RLIMIT_AS:
- limit_value *= 1024;
- break;
+ if (rlimit_value != RLIM_INFINITY)
+ rlimit_value *= 1024;
+ break;
}
if ( (limit_item != LIMIT_LOGIN)
@@ -373,7 +384,7 @@ static void process_limit(int source, const char *lim_type,
if (pl->limits[limit_item].src_soft < source) {
return;
} else {
- pl->limits[limit_item].limit.rlim_cur = limit_value;
+ pl->limits[limit_item].limit.rlim_cur = rlimit_value;
pl->limits[limit_item].src_soft = source;
}
}
@@ -381,7 +392,7 @@ static void process_limit(int source, const char *lim_type,
if (pl->limits[limit_item].src_hard < source) {
return;
} else {
- pl->limits[limit_item].limit.rlim_max = limit_value;
+ pl->limits[limit_item].limit.rlim_max = rlimit_value;
pl->limits[limit_item].src_hard = source;
}
}
@@ -389,12 +400,12 @@ static void process_limit(int source, const char *lim_type,
/* recent kernels support negative priority limits (=raise priority) */
if (limit_item == LIMIT_PRI) {
- pl->priority = limit_value;
+ pl->priority = int_value;
} else {
if (pl->login_limit_def < source) {
return;
} else {
- pl->login_limit = limit_value;
+ pl->login_limit = int_value;
pl->login_limit_def = source;
}
}