2.2.1p1 / AIX 4.2.1.0.06 login nits, and Solaris utmp (again)

Mon Jun 19 23:03:06 EST 2000

Here's a patch to support AIX's additional user information (various
hard and soft rlimits, default umask).  Special thanks to Matthew Clarke
for suggestions and help in testing.

I've also included a buffer overrun fix I ran into with Solaris 2.7
(loginrec.c). I haven't gone over the rest of this file too carefully,
but maybe this will help some other people.
-- 
Tom Bertelson           "Any sufficiently advanced technology
RHI Consulting           is indistinguishable from magic."
tbert at abac.com             -- Arthur C. Clarke
-------------- next part --------------

--- configure.in~	Thu Jun  8 21:58:35 2000
+++ configure.in	Fri Jun 16 11:21:23 2000
@@ -38,6 +38,8 @@
 	AC_DEFINE(BROKEN_GETADDRINFO)
 	dnl AIX handles lastlog as part of its login message
 	AC_DEFINE(DISABLE_LASTLOG)
+	MANTYPE='$(CATMAN)'
+	mansubdir=cat
 	;;
 *-*-hpux10*)
 	if test -z "$GCC"; then
@@ -168,7 +170,7 @@
 fi
 
 # Checks for header files.
-AC_CHECK_HEADERS(bstring.h endian.h lastlog.h login.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h stddef.h time.h util.h utmp.h utmpx.h)
+AC_CHECK_HEADERS(bstring.h endian.h lastlog.h login.h maillock.h netdb.h netgroup.h netinet/in_systm.h paths.h poll.h pty.h shadow.h security/pam_appl.h sys/bitypes.h sys/bsdtty.h sys/cdefs.h sys/poll.h sys/select.h sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h stddef.h time.h usersec.h util.h utmp.h utmpx.h)
 
 # Checks for library functions.
 AC_CHECK_FUNCS(arc4random atexit b64_ntop bcopy bindresvport_af clock freeaddrinfo gai_strerror getaddrinfo getnameinfo getrusage innetgr md5_crypt memmove mkdtemp on_exit openpty rresvport_af setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy vsnprintf vhangup _getpty __b64_ntop)
@@ -183,6 +185,11 @@
 AC_CHECK_FUNCS(entutxent getutxent getutxid getutxline pututxline )
 AC_CHECK_FUNCS(setutxent utmpxname)
 
+AC_CHECK_FUNC(getuserattr, 
+	[AC_DEFINE(HAVE_GETUSERATTR)],
+	[AC_CHECK_LIB(s, getuserattr, [LIBS="$LIBS -ls"; AC_DEFINE(HAVE_GETUSERATTR)])]
+)
+
 AC_CHECK_FUNC(login, 
 	[AC_DEFINE(HAVE_LOGIN)],
 	[AC_CHECK_LIB(bsd, login, [LIBS="$LIBS -lbsd"; AC_DEFINE(HAVE_LOGIN)])]
@@ -994,7 +1001,7 @@
 		[ char *lastlog = _PATH_LASTLOG; ],
 		[ AC_MSG_RESULT(yes) ],
 		[
-			AC_MSG_RESULT(no),
+			AC_MSG_RESULT(no)
 			system_lastlog_path=no
 		])
 	]
--- config.h.in~	Fri Jun  9 06:56:25 2000
+++ config.h.in	Fri Jun 16 11:21:24 2000
@@ -242,6 +242,9 @@
 /* Define if you have the gettimeofday function.  */
 #undef HAVE_GETTIMEOFDAY
 
+/* Define if you have the getuserattr function.  */
+#undef HAVE_GETUSERATTR
+
 /* Define if you have the getutent function.  */
 #undef HAVE_GETUTENT
 
@@ -421,6 +424,9 @@
 
 /* Define if you have the <time.h> header file.  */
 #undef HAVE_TIME_H
+
+/* Define if you have the <usersec.h> header file.  */
+#undef HAVE_USERSEC_H
 
 /* Define if you have the <util.h> header file.  */
 #undef HAVE_UTIL_H
--- loginrec.c~	Wed Jun  7 07:32:13 2000
+++ loginrec.c	Fri Jun 16 11:57:42 2000
@@ -1289,7 +1300,9 @@
 lastlog_populate_entry(struct logininfo *li, struct lastlog *last)
 {
 	line_fullname(li->line, last->ll_line, sizeof(li->line));
-	strlcpy(li->hostname, last->ll_host, sizeof(li->hostname));
+	strlcpy(li->hostname, last->ll_host,
+		sizeof(li->hostname) < sizeof(last->ll_host) + 1 ?
+		sizeof(li->hostname) : sizeof(last->ll_host) + 1);
 	li->tv_sec = last->ll_time;
 }
 
--- session.c~	Wed Jun  7 07:22:38 2000
+++ session.c	Fri Jun 16 11:21:24 2000
@@ -9,6 +9,9 @@
 
 #include "includes.h"
 RCSID("$OpenBSD: session.c,v 1.17 2000/06/05 19:53:40 markus Exp $");
+#if defined(HAVE_USERSEC_H)
+#include <usersec.h>
+#endif
 
 #include "xmalloc.h"
 #include "ssh.h"
@@ -836,6 +839,41 @@
 	   switch, so we let login(1) to this for us. */
 	if (!options.use_login) {
 		if (getuid() == 0 || geteuid() == 0) {
+#if defined(HAVE_GETUSERATTR)
+			struct rlimit rlim;
+			rlim_t tlim;
+			int mask;
+
+#define set_limit(SOFT, HARD, RLIMIT, MULTIPLIER)			\
+	getrlimit(RLIMIT, &rlim);					\
+	tlim = (rlim_t) 0;						\
+	if (getuserattr(pw->pw_name, SOFT, &tlim, SEC_INT) != -1 && tlim) \
+		rlim.rlim_cur = tlim * MULTIPLIER;			\
+	tlim = (rlim_t) 0;						\
+	if (getuserattr(pw->pw_name, HARD, &tlim, SEC_INT) != -1 && tlim) \
+		rlim.rlim_max = tlim * MULTIPLIER;			\
+	if (rlim.rlim_cur > rlim.rlim_max)				\
+		rlim.rlim_max = rlim.rlim_cur;				\
+	if (setrlimit(RLIMIT, &rlim) != 0)				\
+		error("setrlimit(%.10s) failed: %.100s", SOFT, strerror(errno))
+
+			set_limit(S_UFSIZE, S_UFSIZE_HARD, RLIMIT_FSIZE, 512);
+			set_limit(S_UCPU, S_UCPU_HARD, RLIMIT_CPU, 1);
+			set_limit(S_UDATA, S_UDATA_HARD, RLIMIT_DATA, 512);
+			set_limit(S_USTACK, S_USTACK_HARD, RLIMIT_STACK, 512);
+			set_limit(S_URSS, S_URSS_HARD, RLIMIT_RSS, 512);
+			set_limit(S_UCORE, S_UCORE_HARD, RLIMIT_CORE, 512);
+#if defined(S_UNOFILE)
+			set_limit(S_UNOFILE, S_UNOFILE_HARD, RLIMIT_NOFILE, 1);
+#endif
+
+			if (getuserattr(pw->pw_name, S_UMASK, &mask, SEC_INT) != -1) {
+				/* Convert decimal to octal */
+				(void) snprintf(buf, sizeof buf, "%d", mask);
+				(void) sscanf(buf, "%o", &mask);
+				(void) umask(mask);
+			}
+#endif
 			if (setgid(pw->pw_gid) < 0) {
 				perror("setgid");
 				exit(1);
