summaryrefslogtreecommitdiff
path: root/debian/patches-applied/008_modules_pam_limits_chroot
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches-applied/008_modules_pam_limits_chroot')
-rw-r--r--debian/patches-applied/008_modules_pam_limits_chroot132
1 files changed, 0 insertions, 132 deletions
diff --git a/debian/patches-applied/008_modules_pam_limits_chroot b/debian/patches-applied/008_modules_pam_limits_chroot
deleted file mode 100644
index 7a86fdd5..00000000
--- a/debian/patches-applied/008_modules_pam_limits_chroot
+++ /dev/null
@@ -1,132 +0,0 @@
-Index: pam/modules/pam_limits/pam_limits.c
-===================================================================
---- pam.orig/modules/pam_limits/pam_limits.c
-+++ pam/modules/pam_limits/pam_limits.c
-@@ -90,6 +90,7 @@
- specific user or to count all logins */
- int priority; /* the priority to run user process with */
- int nonewprivs; /* whether to prctl(PR_SET_NO_NEW_PRIVS) */
-+ char chroot_dir[8092]; /* directory to chroot into */
- struct user_limits_struct limits[RLIM_NLIMITS];
- const char *conf_file;
- int utmp_after_pam_call;
-@@ -101,6 +102,7 @@
-
- #define LIMIT_PRI RLIM_NLIMITS+3
- #define LIMIT_NONEWPRIVS RLIM_NLIMITS+4
-+#define LIMIT_CHROOT RLIM_NLIMITS+5
-
- #define LIMIT_SOFT 1
- #define LIMIT_HARD 2
-@@ -484,6 +486,8 @@
- pl->login_limit = -2;
- pl->login_limit_def = LIMITS_DEF_NONE;
-
-+ pl->chroot_dir[0] = '\0';
-+
- return retval;
- }
-
-@@ -591,6 +595,8 @@
- limit_item = LIMIT_PRI;
- } else if (strcmp(lim_item, "nonewprivs") == 0) {
- limit_item = LIMIT_NONEWPRIVS;
-+ } else if (strcmp(lim_item, "chroot") == 0) {
-+ limit_item = LIMIT_CHROOT;
- } else {
- pam_syslog(pamh, LOG_DEBUG, "unknown limit item '%s'", lim_item);
- return;
-@@ -640,9 +646,9 @@
- pam_syslog(pamh, LOG_DEBUG,
- "wrong limit value '%s' for limit type '%s'",
- lim_value, lim_type);
-- return;
-+ return;
- }
-- } else {
-+ } else if (limit_item != LIMIT_CHROOT) {
- #ifdef __USE_FILE_OFFSET64
- rlimit_value = strtoull (lim_value, &endptr, 10);
- #else
-@@ -717,7 +723,11 @@
- break;
- }
-
-- if ( (limit_item != LIMIT_LOGIN)
-+ if (limit_item == LIMIT_CHROOT) {
-+ strncpy(pl->chroot_dir, value_orig, sizeof(pl->chroot_dir)-1);
-+ pl->chroot_dir[sizeof(pl->chroot_dir)-1]='\0';
-+ }
-+ else if ( (limit_item != LIMIT_LOGIN)
- && (limit_item != LIMIT_NUMSYSLOGINS)
- && (limit_item != LIMIT_PRI)
- && (limit_item != LIMIT_NONEWPRIVS) ) {
-@@ -1071,6 +1081,15 @@
- }
- }
-
-+ if (!retval && pl->chroot_dir[0]) {
-+ i = chdir(pl->chroot_dir);
-+ if (i == 0)
-+ i = chroot(pl->chroot_dir);
-+ if (i == 0)
-+ i = chdir("/");
-+ if (i != 0)
-+ retval = LIMIT_ERR;
-+ }
- return retval;
- }
-
-Index: pam/modules/pam_limits/limits.conf.5.xml
-===================================================================
---- pam.orig/modules/pam_limits/limits.conf.5.xml
-+++ pam/modules/pam_limits/limits.conf.5.xml
-@@ -273,6 +273,12 @@
- (Linux 2.6.12 and higher)</para>
- </listitem>
- </varlistentry>
-+ <varlistentry>
-+ <term><option>chroot</option></term>
-+ <listitem>
-+ <para>the directory to chroot the user to</para>
-+ </listitem>
-+ </varlistentry>
- </variablelist>
- </listitem>
- </varlistentry>
-Index: pam/modules/pam_limits/limits.conf.5
-===================================================================
---- pam.orig/modules/pam_limits/limits.conf.5
-+++ pam/modules/pam_limits/limits.conf.5
-@@ -279,6 +279,11 @@
- .RS 4
- maximum realtime priority allowed for non\-privileged processes (Linux 2\&.6\&.12 and higher)
- .RE
-+.PP
-+\fBchroot\fR
-+.RS 4
-+the directory to chroot the user to
-+.RE
- .RE
- .PP
- All items support the values
-Index: pam/modules/pam_limits/limits.conf
-===================================================================
---- pam.orig/modules/pam_limits/limits.conf
-+++ pam/modules/pam_limits/limits.conf
-@@ -46,6 +46,7 @@
- # - msgqueue - max memory used by POSIX message queues (bytes)
- # - nice - max nice priority allowed to raise to values: [-20, 19]
- # - rtprio - max realtime priority
-+# - chroot - change root to directory (Debian-specific)
- #
- #<domain> <type> <item> <value>
- #
-@@ -56,6 +57,7 @@
- #@faculty soft nproc 20
- #@faculty hard nproc 50
- #ftp hard nproc 0
-+#ftp - chroot /ftp
- #@student - maxlogins 4
-
- # End of file
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-22 00:00:46 +0000