Check for and use setrlimit (do ulimit -n unlimited) if available.

Rev: ChangeLog:1.551 Rev: NEWS:1.103 Rev: configure.ac:1.19 Rev: src/lshd.c:1.145

Check for and use setrlimit (do ulimit -n unlimited) if available.
Rev: ChangeLog:1.551 Rev: NEWS:1.103 Rev: configure.ac:1.19 Rev: src/lshd.c:1.145
572a2e44 · Pontus Freyhult · d0cb7359 · 572a2e44 · 572a2e44 · 572a2e44
Commit 572a2e44 authored Oct 04, 2002 by Pontus Freyhult
--- a/ChangeLog
+++ b/ChangeLog
--- a/NEWS
+++ b/NEWS
+News for the 1.x.y release
+
+	lshd now does the equivalence of ulimit -n unlimited, this is
+	inherited by processes started upon client requests. If you
+	don't want this, you should use /etc/{profile,login,whatever}
+	to set limits for your users. Do note that PAM-based solutions
+	will NOT work as PAM is used from a separate process that
+	terminates as soon as the authentication is finished (this of
+	course goes for environment variables too).
+
 News for the 1.5 release

 	Implemented the server side of X11 forwarding. Try lshd
@@ -63,7 +73,7 @@ News for the 1.4 release

 	lshd now sets SSH_CLIENT and SSH_TTY (if appropiate).
 	
-	TCP-wrapper support contributed by Pontus Sköld, pass
+	TCP-wrapper support contributed by Pontus Sköld, pass
 	--with-tcpwrappers to configure to enable.

 	Display more information about unknown keys, including
@@ -107,7 +117,7 @@ News for the 1.3.7 release
 	before exec:ing the shell.
 	
 	Helper program to let the server use PAM passwords.
-	Contributed by Pontus Sköld.
+	Contributed by Pontus Sköld.

 	New option --server to lsh-keygen and lsh-writekey. It makes
 	the programs use the system seed-file, and also changes
@@ -127,7 +137,7 @@ News for the 1.3.7 release
 	sftp on the server. Appeared already in 1.3.6, but wasn't
 	mentioned in NEWS.

-	Pontus Sköld's file transfer client lsftp is included in the
+	Pontus Sköld's file transfer client lsftp is included in the
 	distribution.
 	
 News for the 1.3.6 release
@@ -555,7 +565,7 @@ News for the lsh-0.1.18 release
 	lsh now reads ACL:s from the ~/.lsh/known_hosts file.

 	First attempt at a m4-based testsuite. It depends on m4 being
-	able to handle the eight-bit quote characters » and «. If your
+	able to handle the eight-bit quote characters » and «. If your
 	m4 doesn't do that, get the latest beta of GNU m4 or recompile
 	GNU m4-1.4 with CFLAGS=-funsigned-char.

@@ -798,7 +808,7 @@ TASKLIST and NOTES files now included in the snapshot.

 NEWS since the 1998-12-17 snapshot:

-Support for md5 (by Balázs Scheidler).
+Support for md5 (by Balázs Scheidler).

 Various bugfixes.

@@ -815,4 +825,4 @@ together (crypto_cascade()).
 Some untested support for blowfish and 3DES. A -c command line option
 is needed.

-A few bugfixes. Thanks to J.H.M. Dassen (Ray) and Balázs Scheidler.
+A few bugfixes. Thanks to J.H.M. Dassen (Ray) and Balázs Scheidler.
--- a/configure.ac
+++ b/configure.ac
@@ -303,6 +303,7 @@ AC_CHECK_HEADERS(pty.h)
 AC_CHECK_HEADERS(stropts.h)
 AC_CHECK_HEADERS(syslog.h)
 AC_CHECK_HEADERS(argp.h)
+AC_CHECK_HEADERS(sys/resource.h)

 AC_CHECK_HEADERS(utmp.h, [have_utmp_h=yes], [have_utmp_h=no])
 AC_CHECK_HEADERS(utmpx.h, [have_utmpx_h=yes], [have_utmpx_h=no])
@@ -528,6 +529,7 @@ AC_CHECK_FUNCS(openpty)
 AC_CHECK_FUNCS(cfmakeraw)
 AC_CHECK_FUNCS(logwtmp login logout pututline pututxline updwtmp updwtmpx)
 AC_CHECK_FUNCS(getaddrinfo getnameinfo gai_strerror)
+AC_CHECK_FUNCS(setrlimit)
 AC_FUNC_GETPGRP
 AC_CHECK_FUNCS(syslog)
 AC_REPLACE_FUNCS(memxor)

--- a/src/lshd.c
+++ b/src/lshd.c
@@ -6,7 +6,7 @@

 /* lsh, an implementation of the ssh protocol
 *
- * Copyright (C) 1998 Niels Mller
+ * Copyright (C) 1998 Niels Mller
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License as
@@ -85,6 +85,12 @@ struct command_2 close_on_sighup;
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
+#if TIME_WITH_SYS_TIME && HAVE_SYS_TIME_H
+#include <sys/time.h>
+#endif
+#if HAVE_SYS_RESOURCE_H
+#include <sys/resource.h>
+#endif
 #if HAVE_UNISTD_H
 #include <unistd.h>
 #endif
@@ -925,6 +931,17 @@ main(int argc, char **argv)
 {
  struct lshd_options *options;

+#if HAVE_SETRLIMIT && HAVE_SYS_RESOURCE_H
+  /* Try to increase max number of open files, ignore any error */
+
+  struct rlimit r;
+
+  r.rlim_max = RLIM_INFINITY;
+  r.rlim_cur = RLIM_INFINITY;
+
+  setrlimit(RLIMIT_NOFILE, &r);
+#endif
+
  io_init();
  
  /* For filtering messages. Could perhaps also be used when converting
@@ -934,6 +951,7 @@ main(int argc, char **argv)
  /* FIXME: Choose character set depending on the locale */
  set_local_charset(CHARSET_LATIN1);

+
  options = make_lshd_options();

  if (!options)