From 74caf6ff817de8e4d6cab5fafa5c01e88fb658b4 Mon Sep 17 00:00:00 2001
From: Jan Rekorajski <baggins@sith.mimuw.edu.pl>
Date: Fri, 1 Dec 2000 18:22:34 +0000
Subject: Relevant BUGIDs: 124062

Purpose of commit: new feature

Commit summary:
---------------
add change_uid option to pam_limits, and set real uid only
if this option is present
---
 modules/pam_limits/README       | 6 ++++++
 modules/pam_limits/pam_limits.c | 8 ++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

(limited to 'modules')

diff --git a/modules/pam_limits/README b/modules/pam_limits/README
index 06a6857a..918e6c91 100644
--- a/modules/pam_limits/README
+++ b/modules/pam_limits/README
@@ -68,6 +68,12 @@ ARGUMENTS RECOGNIZED:
     conf=/path/to/file	the limits configuration file if different from the
 			one set at compile time.
 
+    change_uid		change real uid to the user for who the limits
+    			are set up.  Use this option if you have problems
+			like login not forking a shell for user who has
+			no processes.  Be warned that something else
+			may break when you do this.
+
 MODULE SERVICES PROVIDED:
 	session            _open_session and _close_session (blank)
 
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index 07dc3556..34d76bf5 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -91,6 +91,7 @@ static void _pam_log(int err, const char *format, ...)
 /* argument parsing */
 
 #define PAM_DEBUG_ARG       0x0001
+#define PAM_DO_SETREUID     0x0002
 
 static int _pam_parse(int argc, const char **argv, struct pam_limit_s *pl)
 {
@@ -105,6 +106,8 @@ static int _pam_parse(int argc, const char **argv, struct pam_limit_s *pl)
                ctrl |= PAM_DEBUG_ARG;
           else if (!strncmp(*argv,"conf=",5))
                 strcpy(pl->conf_file,*argv+5);
+	  else if (!strncmp(*argv,"change_uid",10))
+		ctrl |= PAM_DO_SETREUID;
           else {
                _pam_log(LOG_ERR,"pam_parse: unknown option; %s",*argv);
           }
@@ -564,8 +567,9 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
         _pam_log(LOG_WARNING, "error parsing the configuration file");
         return PAM_IGNORE;
     }
-    
-    setreuid(pwd->pw_uid, -1);
+
+    if (ctrl & PAM_DO_SETREUID)
+	setreuid(pwd->pw_uid, -1);
     retval = setup_limits(pwd->pw_name, ctrl, &pl);
     if (retval & LOGIN_ERR) {
         printf("\nToo many logins for '%s'\n",pwd->pw_name);
-- 
cgit v1.2.3