diff options
| author | Jan Rekorajski <baggins@sith.mimuw.edu.pl> | 2000-12-01 18:22:34 +0000 |
|---|---|---|
| committer | Jan Rekorajski <baggins@sith.mimuw.edu.pl> | 2000-12-01 18:22:34 +0000 |
| commit | 74caf6ff817de8e4d6cab5fafa5c01e88fb658b4 (patch) | |
| tree | 9d712c64775b023d332ab370bf054a203c66b678 | |
| parent | 30661180000c3047534d128af7c0ca2e3d299d46 (diff) | |
| download | pam-74caf6ff817de8e4d6cab5fafa5c01e88fb658b4.tar.gz pam-74caf6ff817de8e4d6cab5fafa5c01e88fb658b4.tar.bz2 pam-74caf6ff817de8e4d6cab5fafa5c01e88fb658b4.zip | |
Relevant BUGIDs: 124062
Purpose of commit: new feature
Commit summary:
---------------
add change_uid option to pam_limits, and set real uid only
if this option is present
| -rw-r--r-- | CHANGELOG | 2 | ||||
| -rw-r--r-- | doc/modules/pam_limits.sgml | 6 | ||||
| -rw-r--r-- | modules/pam_limits/README | 6 | ||||
| -rw-r--r-- | modules/pam_limits/pam_limits.c | 8 |
4 files changed, 20 insertions, 2 deletions
@@ -35,6 +35,8 @@ Where you should replace XXXXX with a bug-id. 0.73: please submit patches for this section with actual code/doc patches! +* add change_uid option to pam_limits, and set real uid only if + this option is present (Bug 124062 - baggins) * pam_limits - set real uid to the user for who we set limits. (Bug 123972 - baggins) * removed static variables from pam_limits (thread safe now). (Bug diff --git a/doc/modules/pam_limits.sgml b/doc/modules/pam_limits.sgml index f7a2245e..3b30a2c3 100644 --- a/doc/modules/pam_limits.sgml +++ b/doc/modules/pam_limits.sgml @@ -74,6 +74,12 @@ verbose logging to <tt/syslog(3)/. <item><tt>conf=/path/to/file.conf</tt> - indicate an alternative <em/limits/ configuration file to the default. +<item><tt/change_uid/ - +change real uid to the user for who the limits are set up. Use this +option if you have problems like login not forking a shell for user +who has no processes. Be warned that something else may break when +you do this. + </itemize> <tag><bf>Examples/suggested usage:</bf></tag> diff --git a/modules/pam_limits/README b/modules/pam_limits/README index 06a6857a..918e6c91 100644 --- a/modules/pam_limits/README +++ b/modules/pam_limits/README @@ -68,6 +68,12 @@ ARGUMENTS RECOGNIZED: conf=/path/to/file the limits configuration file if different from the one set at compile time. + change_uid change real uid to the user for who the limits + are set up. Use this option if you have problems + like login not forking a shell for user who has + no processes. Be warned that something else + may break when you do this. + MODULE SERVICES PROVIDED: session _open_session and _close_session (blank) diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c index 07dc3556..34d76bf5 100644 --- a/modules/pam_limits/pam_limits.c +++ b/modules/pam_limits/pam_limits.c @@ -91,6 +91,7 @@ static void _pam_log(int err, const char *format, ...) /* argument parsing */ #define PAM_DEBUG_ARG 0x0001 +#define PAM_DO_SETREUID 0x0002 static int _pam_parse(int argc, const char **argv, struct pam_limit_s *pl) { @@ -105,6 +106,8 @@ static int _pam_parse(int argc, const char **argv, struct pam_limit_s *pl) ctrl |= PAM_DEBUG_ARG; else if (!strncmp(*argv,"conf=",5)) strcpy(pl->conf_file,*argv+5); + else if (!strncmp(*argv,"change_uid",10)) + ctrl |= PAM_DO_SETREUID; else { _pam_log(LOG_ERR,"pam_parse: unknown option; %s",*argv); } @@ -564,8 +567,9 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, _pam_log(LOG_WARNING, "error parsing the configuration file"); return PAM_IGNORE; } - - setreuid(pwd->pw_uid, -1); + + if (ctrl & PAM_DO_SETREUID) + setreuid(pwd->pw_uid, -1); retval = setup_limits(pwd->pw_name, ctrl, &pl); if (retval & LOGIN_ERR) { printf("\nToo many logins for '%s'\n",pwd->pw_name); |