Re: [peruser] Segfaults on peruser_post_read

Tue, 13 May 2008 10:51:37 -0700 

Hi, Janno Sannik!

On 13 may 2008 17:24:12, Janno Sannik wrote about "Re: [peruser] Segfaults
on peruser_post_read":

> offtopic: BTW. We are working on a patch to add memory limit and nice 
> level setting support on peruser so stay tuned :)

I use the following patch for setting limits:

 #if APR_HAS_SHARED_MEMORY
 #include "apr_shm.h"
 #else
 #error "Peruser MPM requres shared memory support."
 #endif

+#ifdef PERUSER_PAM_SESSION
+#include <security/pam_appl.h>
+#endif /* PERUSER_PAM_SESSION */
+

 /* should be APR-ized */
 #include <grp.h>
@@ -1420,6 +1428,55 @@
         return -1;
       }
     }
+
+
+    #ifdef PERUSER_PAM_SESSION
+    /*
+     * Use PAM session support. Initial goal was to use the pam_limits
module.
+     */
+    #ifndef PAM_SERVICE_NAME
+    #define PAM_SERVICE_NAME "peruser"
+    #endif /* PAM_SERVICE_NAME */
+
+    if(senv->uid > 1000) {
+
+    struct passwd *pw;
+    pw = getpwuid (senv->uid);
+
+    /*
+    ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL,
+                 "user: %s", pw->pw_name);
+    */
+
+    #define PAM_CALL(call, name, err_code, do_end) \
+    do \
+    { \
+        rc = (call); \
+        if (rc != PAM_SUCCESS) \
+        { \
+            ap_log_error(APLOG_MARK, APLOG_WARNING, 0, NULL, \
+                         "error: %s(): [%d] %s", (name), rc,
pam_strerror(pamh, rc)); \
+            (do_end) && pam_end(pamh, rc); \
+            exit(err_code); \
+        } \
+    } while (0)
+
+    {
+    int     rc;
+    pam_handle_t    *pamh = NULL;
+    struct pam_conv pamc = { NULL, NULL };
+
+    PAM_CALL(pam_start(PAM_SERVICE_NAME, pw->pw_name, &pamc, &pamh),
"pam_start", 241, 0);
+    PAM_CALL(pam_open_session(pamh, 0), "pam_open_session", 242, 1);
+    PAM_CALL(pam_close_session(pamh, 0), "pam_close_session", 243, 1);
+    PAM_CALL(pam_end(pamh, 0), "pam_end", 244, 0);
+    }
+
+    #undef PAM_CALL
+    }
+
+    #undef PAM_SERVICE_NAME
+    #endif /* PERUSER_PAM_SESSION */

     if (senv->uid == -1 && senv->gid == -1) {
         return unixd_setup_child();

# cat /etc/pam.d/peruser
session    required     pam_limits.so   conf=/etc/security/peruser.conf

I can say it works pretty well ;)

--
BRGDS. Alexey Vlasov.

_______________________________________________
Peruser mailing list
[email protected]
http://www.telana.com/mailman/listinfo/peruser

Reply via email to