crypto/dist/heimdal/appl/login/limits_conf.c

   1 /*
   2  * Copyright (c) 2005 Kungliga Tekniska Högskolan
   3  * (Royal Institute of Technology, Stockholm, Sweden).
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * 1. Redistributions of source code must retain the above copyright
  11  *    notice, this list of conditions and the following disclaimer.
  12  *
  13  * 2. Redistributions in binary form must reproduce the above copyright
  14  *    notice, this list of conditions and the following disclaimer in the
  15  *    documentation and/or other materials provided with the distribution.
  16  *
  17  * 3. Neither the name of the Institute nor the names of its contributors
  18  *    may be used to endorse or promote products derived from this software
  19  *    without specific prior written permission.
  20  *
  21  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
  22  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  23  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  24  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
  25  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  26  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  27  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  28  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  29  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  30  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  31  * SUCH DAMAGE.
  32  */
  33
  34 #include "login_locl.h"
  35
  36 __RCSID("$Heimdal: limits_conf.c 19215 2006-12-04 23:41:18Z lha $"
  37         "$NetBSD$");
  38
  39 #include <errno.h>
  40 #include <limits.h>
  41 #ifdef HAVE_SYS_RESOURCE_H
  42 #include <sys/resource.h>
  43 #endif
  44
  45 struct limit {
  46     const char *name;
  47     int resource;
  48     int scale;
  49     int has_limit;
  50     struct rlimit limit;
  51 } limits[] = {
  52 #define LIM(X, S) { #X, RLIMIT_##X, S, 0 }
  53     LIM(CORE, 1024),
  54     LIM(CPU, 60),
  55     LIM(DATA, 1024),
  56     LIM(FSIZE, 1024),
  57 #ifdef RLIMIT_MEMLOCK
  58     LIM(MEMLOCK, 1024),
  59 #endif
  60     LIM(NOFILE, 1),
  61 #ifdef RLIMIT_NPROC
  62     LIM(NPROC, 1),
  63 #endif
  64 #ifdef RLIMIT_RSS
  65     LIM(RSS, 1024),
  66 #endif
  67     LIM(STACK, 1024),
  68
  69 #ifdef RLIMIT_AS
  70     LIM(AS, 1024),
  71 #endif
  72 #ifdef RLIMIT_LOCKS
  73     LIM(LOCKS, 1),
  74 #endif
  75     /*
  76       maxlogins
  77       priority
  78     */
  79     { NULL, 0 }
  80 };
  81
  82 static struct limit *
  83 find_limit(const char *name)
  84 {
  85     struct limit *l;
  86     for(l = limits; l->name != NULL; l++)
  87         if(strcasecmp(name, l->name) == 0)
  88             return l;
  89     return NULL;
  90 }
  91
  92 /* this function reads limits.conf files similar to pam_limits
  93    unimplemented features include:
  94         % maxlogins
  95         "-" no limits,
  96         priorities etc that are not set via setrlimit
  97    XXX uses static storage, and clobbers getgr*
  98 */
  99
 100 int
 101 read_limits_conf(const char *file, const struct passwd *pwd)
 102 {
 103     FILE *f;
 104     char *args[4];
 105     int lineno = 0;
 106     char buf[1024];
 107     struct limit *l;
 108     rlim_t value;
 109
 110     f = fopen(file, "r");
 111     if(f == NULL) {
 112         if(errno != ENOENT && errno != ENOTDIR)
 113             syslog(LOG_ERR, "%s: %m", file);
 114         return -1;
 115     }
 116
 117     while(fgets(buf, sizeof(buf), f) != NULL) {
 118         char *last = NULL;
 119         char *end = NULL;
 120         int level;
 121
 122         lineno++;
 123
 124         if(buf[0] == '\0') {
 125             syslog(LOG_ERR, "%s: line %d: NUL character", file, lineno);
 126             continue;
 127         }
 128         if(buf[strlen(buf) - 1] != '\n') {
 129             /* file did not end with a newline, figure out if we're at
 130                the EOF, or if our buffer was too small */
 131             int eof = 1;
 132             int c;
 133             while((c = fgetc(f)) != EOF) {
 134                 eof = 0;
 135                 if(c == '\n')
 136                     break;
 137             }
 138             if(!eof) {
 139                 syslog(LOG_ERR, "%s: line %d: line too long", file, lineno);
 140                 continue;
 141             }
 142         }
 143         buf[strcspn(buf, "#\r\n")] = '\0';
 144         if((args[0] = strtok_r(buf, " \t", &last)) == NULL ||
 145            (args[1] = strtok_r(NULL, " \t", &last)) == NULL ||
 146            (args[2] = strtok_r(NULL, " \t", &last)) == NULL ||
 147            (args[3] = strtok_r(NULL, " \t", &last)) == NULL) {
 148             if(args[0] != NULL) /* this would include comment lines */
 149                 syslog(LOG_ERR, "%s: line %d: malformed line", file, lineno);
 150             continue;
 151         }
 152
 153         l = find_limit(args[2]);
 154         if(l == NULL) {
 155             syslog(LOG_ERR, "%s: line %d: unknown limit %s", file, lineno, args[2]);
 156             continue;
 157         }
 158         if(strcmp(args[3], "-") == 0) {
 159             value = RLIM_INFINITY;
 160         } else {
 161             errno = 0;
 162             value = strtol(args[3], &end, 10);
 163             if(*end != '\0') {
 164                 syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]);
 165                 continue;
 166             }
 167             if((value == LONG_MIN || value == LONG_MAX) && errno == ERANGE) {
 168                 syslog(LOG_ERR, "%s: line %d: bad value %s", file, lineno, args[3]);
 169                 continue;
 170             }
 171             if(value * l->scale < value)
 172                 value = RLIM_INFINITY;
 173             else
 174                 value *= l->scale;
 175         }
 176         level = 0;
 177         /* XXX unclear: if you set group hard and user soft limit,
 178            should the hard limit still apply? this code doesn't. */
 179         if(strcmp(args[0], pwd->pw_name) == 0)
 180             level = 3;
 181         if(*args[0] == '@') {
 182             struct group *gr;
 183             gr = getgrnam(args[0] + 1);
 184             if(gr != NULL && gr->gr_gid == pwd->pw_gid)
 185                 level = 2;
 186         }
 187         if(strcmp(args[0], "*") == 0)
 188             level = 1;
 189         if(level == 0 || level < l->has_limit) /* not for us */
 190             continue;
 191         if(l->has_limit < level) {
 192             if(getrlimit(l->resource, &l->limit) < 0)
 193                 continue;
 194             l->has_limit = level;
 195         }
 196
 197         /* XXX unclear: if you soft to more than default hard, should
 198            we set hard to soft? this code doesn't. */
 199         if(strcasecmp(args[1], "soft") == 0 || strcmp(args[1], "-") == 0)
 200             l->limit.rlim_cur = value;
 201         if(strcasecmp(args[1], "hard") == 0 || strcmp(args[1], "-") == 0)
 202             l->limit.rlim_max = value;
 203     }
 204     fclose(f);
 205     for(l = limits; l->name != NULL; l++) {
 206         if(l->has_limit) {
 207             if(l->limit.rlim_cur > l->limit.rlim_max)
 208                 l->limit.rlim_cur = l->limit.rlim_max;
 209             if(setrlimit(l->resource, &l->limit) != 0)
 210                 syslog(LOG_ERR, "setrlimit RLIM_%s failed: %m", l->name);
 211         }
 212         l->has_limit = 0;
 213     }
 214     return 0;
 215 }