From 74caf6ff817de8e4d6cab5fafa5c01e88fb658b4 Mon Sep 17 00:00:00 2001
From: Jan Rekorajski <baggins@sith.mimuw.edu.pl>
Date: Fri, 1 Dec 2000 18:22:34 +0000
Subject: [PATCH] Relevant BUGIDs: 124062

Purpose of commit: new feature

Commit summary:
---------------
add change_uid option to pam_limits, and set real uid only
if this option is present
---
 CHANGELOG                       | 2 ++
 doc/modules/pam_limits.sgml     | 6 ++++++
 modules/pam_limits/README       | 6 ++++++
 modules/pam_limits/pam_limits.c | 8 ++++++--
 4 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 0fa94d0f..0b026dee 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -35,6 +35,8 @@ Where you should replace XXXXX with a bug-id.
 0.73: please submit patches for this section with actual code/doc
       patches!
 
+* add change_uid option to pam_limits, and set real uid only if
+  this option is present (Bug 124062 - baggins)
 * pam_limits - set real uid to the user for who we set limits.
   (Bug 123972 - baggins)
 * removed static variables from pam_limits (thread safe now). (Bug
diff --git a/doc/modules/pam_limits.sgml b/doc/modules/pam_limits.sgml
index f7a2245e..3b30a2c3 100644
--- a/doc/modules/pam_limits.sgml
+++ b/doc/modules/pam_limits.sgml
@@ -74,6 +74,12 @@ verbose logging to <tt/syslog(3)/.
 <item><tt>conf=/path/to/file.conf</tt> -
 indicate an alternative <em/limits/ configuration file to the default.
 
+<item><tt/change_uid/ - 
+change real uid to the user for who the limits are set up.  Use this
+option if you have problems like login not forking a shell for user
+who has no processes. Be warned that something else may break when
+you do this.
+
 </itemize>
 
 <tag><bf>Examples/suggested usage:</bf></tag>
diff --git a/modules/pam_limits/README b/modules/pam_limits/README
index 06a6857a..918e6c91 100644
--- a/modules/pam_limits/README
+++ b/modules/pam_limits/README
@@ -68,6 +68,12 @@ ARGUMENTS RECOGNIZED:
     conf=/path/to/file	the limits configuration file if different from the
 			one set at compile time.
 
+    change_uid		change real uid to the user for who the limits
+    			are set up.  Use this option if you have problems
+			like login not forking a shell for user who has
+			no processes.  Be warned that something else
+			may break when you do this.
+
 MODULE SERVICES PROVIDED:
 	session            _open_session and _close_session (blank)
 
diff --git a/modules/pam_limits/pam_limits.c b/modules/pam_limits/pam_limits.c
index 07dc3556..34d76bf5 100644
--- a/modules/pam_limits/pam_limits.c
+++ b/modules/pam_limits/pam_limits.c
@@ -91,6 +91,7 @@ static void _pam_log(int err, const char *format, ...)
 /* argument parsing */
 
 #define PAM_DEBUG_ARG       0x0001
+#define PAM_DO_SETREUID     0x0002
 
 static int _pam_parse(int argc, const char **argv, struct pam_limit_s *pl)
 {
@@ -105,6 +106,8 @@ static int _pam_parse(int argc, const char **argv, struct pam_limit_s *pl)
                ctrl |= PAM_DEBUG_ARG;
           else if (!strncmp(*argv,"conf=",5))
                 strcpy(pl->conf_file,*argv+5);
+	  else if (!strncmp(*argv,"change_uid",10))
+		ctrl |= PAM_DO_SETREUID;
           else {
                _pam_log(LOG_ERR,"pam_parse: unknown option; %s",*argv);
           }
@@ -564,8 +567,9 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags,
         _pam_log(LOG_WARNING, "error parsing the configuration file");
         return PAM_IGNORE;
     }
-    
-    setreuid(pwd->pw_uid, -1);
+
+    if (ctrl & PAM_DO_SETREUID)
+	setreuid(pwd->pw_uid, -1);
     retval = setup_limits(pwd->pw_name, ctrl, &pl);
     if (retval & LOGIN_ERR) {
         printf("\nToo many logins for '%s'\n",pwd->pw_name);
-- 
2.40.0