- if ((!strcmp(soft, "fsize") || !strcmp(soft, "cpu"))
- && hlim == 0 && slim != 0)
- rlim.rlim_max = rlim.rlim_cur;
- /* A specified hard limit limits the soft limit */
- else if (hlim > 0 && rlim.rlim_cur > rlim.rlim_max)
- rlim.rlim_cur = rlim.rlim_max;
- /* A soft limit can increase a hard limit */
- else if (rlim.rlim_cur > rlim.rlim_max)
- rlim.rlim_max = rlim.rlim_cur;
-
- if (setrlimit(resource, &rlim) != 0)
- error("setrlimit(%.10s) failed: %.100s", soft, strerror(errno));
-}
-
-void set_limits_from_userattr(char *user)
-{
- int mask;
- char buf[16];
-
- set_limit(user, S_UFSIZE, S_UFSIZE_HARD, RLIMIT_FSIZE, 512);
- set_limit(user, S_UCPU, S_UCPU_HARD, RLIMIT_CPU, 1);
- set_limit(user, S_UDATA, S_UDATA_HARD, RLIMIT_DATA, 512);
- set_limit(user, S_USTACK, S_USTACK_HARD, RLIMIT_STACK, 512);
- set_limit(user, S_URSS, S_URSS_HARD, RLIMIT_RSS, 512);
- set_limit(user, S_UCORE, S_UCORE_HARD, RLIMIT_CORE, 512);
-#if defined(S_UNOFILE)
- set_limit(user, S_UNOFILE, S_UNOFILE_HARD, RLIMIT_NOFILE, 1);
-#endif
-
- if (getuserattr(user, S_UMASK, &mask, SEC_INT) != -1) {
- /* Convert decimal to octal */
- (void) snprintf(buf, sizeof(buf), "%d", mask);
- if (sscanf(buf, "%o", &mask) == 1)
- umask(mask);
- }
-}
-#endif /* defined(HAVE_GETUSERATTR) */
-
-/*
- * Performs common processing for the child, such as setting up the
- * environment, closing extra file descriptors, setting the user and group
- * ids, and executing the command or shell.
- */
-void
-do_child(const char *command, struct passwd * pw, const char *term,
- const char *display, const char *auth_proto,
- const char *auth_data, const char *ttyname)
-{
- const char *shell, *hostname = NULL, *cp = NULL;
- char buf[256];
- char cmd[1024];
- FILE *f = NULL;
- u_int envsize, i;
- char **env;
- extern char **environ;
- struct stat st;
- char *argv[10];
-#ifdef WITH_IRIX_PROJECT
- prid_t projid;
-#endif /* WITH_IRIX_PROJECT */
-#ifdef WITH_IRIX_JOBS
- jid_t jid = 0;
-#else
-#ifdef WITH_IRIX_ARRAY
- int jid = 0;
-#endif /* WITH_IRIX_ARRAY */
-#endif /* WITH_IRIX_JOBS */
-
-#ifdef USE_PAM
- do_pam_session(pw->pw_name, ttyname);
- do_pam_setcred();
-#endif /* USE_PAM */
-
- /* login(1) is only called if we execute the login shell */
- if (options.use_login && command != NULL)
- options.use_login = 0;
-
-#ifndef USE_PAM /* pam_nologin handles this */
- if (!options.use_login) {
-# ifdef HAVE_LOGIN_CAP
- if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid)
- f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN,
- _PATH_NOLOGIN), "r");
-# else /* HAVE_LOGIN_CAP */
- if (pw->pw_uid)
- f = fopen(_PATH_NOLOGIN, "r");
-# endif /* HAVE_LOGIN_CAP */
- if (f) {
- /* /etc/nologin exists. Print its contents and exit. */
- while (fgets(buf, sizeof(buf), f))
- fputs(buf, stderr);
- fclose(f);
- exit(254);
- }
- }
-#endif /* USE_PAM */
-
- /* Set login name, uid, gid, and groups. */
- /* Login(1) does this as well, and it needs uid 0 for the "-h"
- switch, so we let login(1) to this for us. */
- if (!options.use_login) {
-#ifdef HAVE_OSF_SIA
- session_setup_sia(pw->pw_name, ttyname);
-#else /* HAVE_OSF_SIA */
-#ifdef HAVE_CYGWIN
- if (is_winnt) {
-#else
- if (getuid() == 0 || geteuid() == 0) {
-#endif
-# ifdef HAVE_GETUSERATTR
- set_limits_from_userattr(pw->pw_name);
-# endif /* HAVE_GETUSERATTR */
-# ifdef HAVE_LOGIN_CAP
- if (setusercontext(lc, pw, pw->pw_uid,
- (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
- perror("unable to set user context");
- exit(1);
- }
-# else /* HAVE_LOGIN_CAP */
- if (setlogin(pw->pw_name) < 0)
- error("setlogin failed: %s", strerror(errno));
- if (setgid(pw->pw_gid) < 0) {
- perror("setgid");
- exit(1);
- }
- /* Initialize the group list. */
- if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
- perror("initgroups");
- exit(1);
- }
- endgrent();
-# ifdef WITH_IRIX_JOBS
- jid = jlimit_startjob(pw->pw_name, pw->pw_uid, "interactive");
- if (jid == -1) {
- fatal("Failed to create job container: %.100s",
- strerror(errno));
- }
-# endif /* WITH_IRIX_JOBS */
-# ifdef WITH_IRIX_ARRAY
- /* initialize array session */
- if (jid == 0) {
- if (newarraysess() != 0)
- fatal("Failed to set up new array session: %.100s",
- strerror(errno));
- }
-# endif /* WITH_IRIX_ARRAY */
-# ifdef WITH_IRIX_PROJECT
- /* initialize irix project info */
- if ((projid = getdfltprojuser(pw->pw_name)) == -1) {
- debug("Failed to get project id, using projid 0");
- projid = 0;
- }
- if (setprid(projid))
- fatal("Failed to initialize project %d for %s: %.100s",
- (int)projid, pw->pw_name, strerror(errno));
-# endif /* WITH_IRIX_PROJECT */
-#ifdef WITH_IRIX_AUDIT
- if (sysconf(_SC_AUDIT)) {
- debug("Setting sat id to %d", (int) pw->pw_uid);
- if (satsetid(pw->pw_uid))
- debug("error setting satid: %.100s", strerror(errno));
- }
-#endif /* WITH_IRIX_AUDIT */
-
- /* Permanently switch to the desired uid. */
- permanently_set_uid(pw->pw_uid);
-# endif /* HAVE_LOGIN_CAP */
- }
-#endif /* HAVE_OSF_SIA */
-
-#if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
- /* Sets login uid for accounting */
- if (getluid() == -1 && setluid(pw->pw_uid) == -1)
- error("setluid: %s", strerror(errno));
-#endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */
-
-#ifdef HAVE_CYGWIN
- if (is_winnt)
-#endif
- if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
- fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
- }
- /*
- * Get the shell from the password data. An empty shell field is
- * legal, and means /bin/sh.
- */
- shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
-#ifdef HAVE_LOGIN_CAP
- shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
-#endif
-
-#ifdef AFS
- /* Try to get AFS tokens for the local cell. */
- if (k_hasafs()) {
- char cell[64];
-
- if (k_afs_cell_of_file(pw->pw_dir, cell, sizeof(cell)) == 0)
- krb_afslog(cell, 0);
-
- krb_afslog(0, 0);
- }
-#endif /* AFS */
-
- /* Initialize the environment. */
- envsize = 100;
- env = xmalloc(envsize * sizeof(char *));
- env[0] = NULL;
-
-#ifdef HAVE_CYGWIN
- /*
- * The Windows environment contains some setting which are
- * important for a running system. They must not be dropped.
- */
- copy_environment(&env, &envsize);