From bcd540496d3fc1af59c129a508d22e235990e041 Mon Sep 17 00:00:00 2001
From: Pino Toscano <toscano.pino@tiscali.it>
Date: Fri, 12 May 2023 06:06:53 +0200
Subject: pam_limits: build again on non-Linux OSes

Even if this module is supported officially on Linux, make sure it can
still build fine on non-Linux OSes, to ease its testing/fixing a bit:
- build parse_kernel_limits() and stuff needed for it only on Linux,
  as it is called already only on Linux
- limit the code needed to apply the 'nonewprivs' options to Linux only,
  as it uses a Linux-specific way to set it; add a syslog message for
  other OSes
---
 modules/pam_limits/pam_limits.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'modules/pam_limits')

diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index 87bb4b70..8b1755b7 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -28,7 +28,9 @@
 #include <syslog.h>
 #include <stdarg.h>
 #include <signal.h>
+#ifdef __linux__
 #include <sys/prctl.h>
+#endif
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/resource.h>
@@ -321,6 +323,7 @@ check_logins (pam_handle_t *pamh, const char *name, int limit, int ctrl,
     return 0;
 }
 
+#ifdef __linux__
 static const char *lnames[RLIM_NLIMITS] = {
         [RLIMIT_CPU] = "Max cpu time",
         [RLIMIT_FSIZE] = "Max file size",
@@ -450,6 +453,7 @@ static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int
     }
     fclose(limitsfile);
 }
+#endif
 
 static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl)
 {
@@ -1078,10 +1082,14 @@ static int setup_limits(pam_handle_t *pamh,
     }
 
     if (pl->nonewprivs) {
+#ifdef __linux__
 	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
 	    pam_syslog(pamh, LOG_ERR, "Could not set prctl(PR_SET_NO_NEW_PRIVS): %m");
 	    retval |= LIMIT_ERR;
 	}
+#else
+	pam_syslog(pamh, LOG_INFO, "Setting 'nonewprivs' not supported on this OS");
+#endif
     }
 
     return retval;
-- 
cgit v1.2.3