diff options
Diffstat (limited to 'debian/patches-applied/parse-kernel-rlimits.patch')
-rw-r--r-- | debian/patches-applied/parse-kernel-rlimits.patch | 208 |
1 files changed, 0 insertions, 208 deletions
diff --git a/debian/patches-applied/parse-kernel-rlimits.patch b/debian/patches-applied/parse-kernel-rlimits.patch deleted file mode 100644 index 77e6f378..00000000 --- a/debian/patches-applied/parse-kernel-rlimits.patch +++ /dev/null @@ -1,208 +0,0 @@ -Description: Since the kernel sets a number of dynamic rlimits based on the - system properities (e.g. physical memory for nproc), these rlimits should - be respected by PAM. Parse /proc/1/limits for the kernel-defined rlimits. -Author: Kees Cook <kees@ubuntu.com> -Bug-Ubuntu: https://launchpad.net/bugs/746655 -Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620302 -Forwarded: https://fedorahosted.org/pipermail/pam-developers/2011-March/000017.html - -Index: pam-debian/modules/pam_limits/pam_limits.c -=================================================================== ---- pam-debian.orig/modules/pam_limits/pam_limits.c 2011-03-31 14:39:14.296355902 -0700 -+++ pam-debian/modules/pam_limits/pam_limits.c 2011-03-31 14:39:14.906363881 -0700 -@@ -55,9 +55,10 @@ - #define LIMITS_DEF_USER 0 /* limit was set by an user entry */ - #define LIMITS_DEF_GROUP 1 /* limit was set by a group entry */ - #define LIMITS_DEF_ALLGROUP 2 /* limit was set by a group entry */ --#define LIMITS_DEF_ALL 3 /* limit was set by an default entry */ --#define LIMITS_DEF_DEFAULT 4 /* limit was set by an default entry */ --#define LIMITS_DEF_NONE 5 /* this limit was not set yet */ -+#define LIMITS_DEF_ALL 3 /* limit was set by an all entry */ -+#define LIMITS_DEF_DEFAULT 4 /* limit was set by an internal default entry */ -+#define LIMITS_DEF_KERNEL 5 /* limit was set from /proc/1/limits */ -+#define LIMITS_DEF_NONE 6 /* this limit was not set yet */ - - static const char *limits_def_names[] = { - "USER", -@@ -65,6 +66,7 @@ - "ALLGROUP", - "ALL", - "DEFAULT", -+ "KERNEL", - "NONE", - NULL - }; -@@ -296,7 +298,139 @@ - return 0; - } - --static int init_limits(struct pam_limit_s *pl) -+static const char * lnames[RLIM_NLIMITS] = { -+ [RLIMIT_CPU] = "Max cpu time", -+ [RLIMIT_FSIZE] = "Max file size", -+ [RLIMIT_DATA] = "Max data size", -+ [RLIMIT_STACK] = "Max stack size", -+ [RLIMIT_CORE] = "Max core file size", -+ [RLIMIT_RSS] = "Max resident set", -+ [RLIMIT_NPROC] = "Max processes", -+ [RLIMIT_NOFILE] = "Max open files", -+ [RLIMIT_MEMLOCK] = "Max locked memory", -+#ifdef RLIMIT_AS -+ [RLIMIT_AS] = "Max address space", -+#endif -+#ifdef RLIMIT_LOCKS -+ [RLIMIT_LOCKS] = "Max file locks", -+#endif -+#ifdef RLIMIT_SIGPENDING -+ [RLIMIT_SIGPENDING] = "Max pending signals", -+#endif -+#ifdef RLIMIT_MSGQUEUE -+ [RLIMIT_MSGQUEUE] = "Max msgqueue size", -+#endif -+#ifdef RLIMIT_NICE -+ [RLIMIT_NICE] = "Max nice priority", -+#endif -+#ifdef RLIMIT_RTPRIO -+ [RLIMIT_RTPRIO] = "Max realtime priority", -+#endif -+#ifdef RLIMIT_RTTIME -+ [RLIMIT_RTTIME] = "Max realtime timeout", -+#endif -+}; -+ -+static int str2rlimit(char *name) { -+ int i; -+ if (!name || *name == '\0') -+ return -1; -+ for(i = 0; i < RLIM_NLIMITS; i++) { -+ if (strcmp(name, lnames[i]) == 0) return i; -+ } -+ return -1; -+} -+ -+static rlim_t str2rlim_t(char *value) { -+ unsigned long long rlimit = 0; -+ -+ if (!value) return (rlim_t)rlimit; -+ if (strcmp(value, "unlimited") == 0) { -+ return RLIM_INFINITY; -+ } -+ rlimit = strtoull(value, NULL, 10); -+ return (rlim_t)rlimit; -+} -+ -+#define LIMITS_SKIP_WHITESPACE { \ -+ /* step backwards over spaces */ \ -+ pos--; \ -+ while (pos && line[pos] == ' ') pos--; \ -+ if (!pos) continue; \ -+ line[pos+1] = '\0'; \ -+} -+#define LIMITS_MARK_ITEM(item) { \ -+ /* step backwards over non-spaces */ \ -+ pos--; \ -+ while (pos && line[pos] != ' ') pos--; \ -+ if (!pos) continue; \ -+ item = line + pos + 1; \ -+} -+ -+static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl) -+{ -+ int i, maxlen = 0; -+ FILE *limitsfile; -+ const char *proclimits = "/proc/1/limits"; -+ char line[256]; -+ char *units, *hard, *soft, *name; -+ -+ if (!(limitsfile = fopen(proclimits, "r"))) { -+ pam_syslog(pamh, LOG_WARNING, "Could not read %s (%s), using PAM internal defaults", proclimits, strerror(errno)); -+ return; -+ } -+ -+ while (fgets(line, 256, limitsfile)) { -+ int pos = strlen(line); -+ if (pos < 2) continue; -+ -+ /* drop trailing newline */ -+ if (line[pos-1] == '\n') { -+ pos--; -+ line[pos] = '\0'; -+ } -+ -+ /* determine formatting boundry of limits report */ -+ if (!maxlen && strncmp(line, "Limit", 5) == 0) { -+ maxlen = pos; -+ continue; -+ } -+ -+ if (pos == maxlen) { -+ /* step backwards over "Units" name */ -+ LIMITS_SKIP_WHITESPACE; -+ LIMITS_MARK_ITEM(units); -+ } -+ else { -+ units = ""; -+ } -+ -+ /* step backwards over "Hard Limit" value */ -+ LIMITS_SKIP_WHITESPACE; -+ LIMITS_MARK_ITEM(hard); -+ -+ /* step backwards over "Soft Limit" value */ -+ LIMITS_SKIP_WHITESPACE; -+ LIMITS_MARK_ITEM(soft); -+ -+ /* step backwards over name of limit */ -+ LIMITS_SKIP_WHITESPACE; -+ name = line; -+ -+ i = str2rlimit(name); -+ if (i < 0 || i >= RLIM_NLIMITS) { -+ pam_syslog(pamh, LOG_DEBUG, "Unknown kernel rlimit '%s' ignored", name); -+ continue; -+ } -+ pl->limits[i].limit.rlim_cur = str2rlim_t(soft); -+ pl->limits[i].limit.rlim_max = str2rlim_t(hard); -+ pl->limits[i].src_soft = LIMITS_DEF_KERNEL; -+ pl->limits[i].src_hard = LIMITS_DEF_KERNEL; -+ } -+ fclose(limitsfile); -+} -+ -+static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl) - { - int i; - int retval = PAM_SUCCESS; -@@ -321,6 +455,23 @@ - } - } else { - pl->limits[i].supported = 1; -+ pl->limits[i].src_soft = LIMITS_DEF_NONE; -+ pl->limits[i].src_hard = LIMITS_DEF_NONE; -+ } -+ } -+ -+#ifdef __linux__ -+ parse_kernel_limits(pamh, pl); -+#endif -+ -+ for(i = 0; i < RLIM_NLIMITS; i++) { -+ if (pl->limits[i].supported && -+ (pl->limits[i].src_soft == LIMITS_DEF_NONE || -+ pl->limits[i].src_hard == LIMITS_DEF_NONE)) { -+#ifdef __linux__ -+ pam_syslog(pamh, LOG_WARNING, "Did not find kernel RLIMIT for %s, using PAM internal default", rlimit2str(i)); -+#endif -+ - pl->limits[i].src_soft = LIMITS_DEF_DEFAULT; - pl->limits[i].src_hard = LIMITS_DEF_DEFAULT; - switch(i) { -@@ -823,7 +974,7 @@ - return PAM_USER_UNKNOWN; - } - -- retval = init_limits(pl); -+ retval = init_limits(pamh, pl); - if (retval != PAM_SUCCESS) { - pam_syslog(pamh, LOG_WARNING, "cannot initialize"); - return PAM_ABORT; |