WITH_MPM?=	prefork # or worker, event, itk

.if ${WITH_MPM:L} == "itk"

OPTIONS+=ITK_LIMITS "mpm-itk rlimits based on login class" Off

.endif

.   if defined (WITH_ITK_LIMITS)

EXTRA_PATCHES+=	${PATCHDIR}/mpm-itk-limits

.   endif

--- server/mpm/experimental/itk/Makefile.in.orig	2011-07-01 10:33:45.000000000 +0000

+++ server/mpm/experimental/itk/Makefile.in	2011-07-01 10:33:57.000000000 +0000

@@ -1,5 +1,6 @@

 LTLIBRARY_NAME    = libitk.la

 LTLIBRARY_SOURCES = itk.c

+LTLIBRARY_LIBADD  = -lutil

 include $(top_srcdir)/build/ltlib.mk

--- server/mpm/experimental/itk/itk.c.orig	2011-07-01 10:04:40.000000000 +0000

+++ server/mpm/experimental/itk/itk.c	2011-07-01 10:17:19.000000000 +0000

@@ -41,6 +41,8 @@

 #if APR_HAVE_SYS_TYPES_H

 #include <sys/types.h>

 #endif

+#include <pwd.h>

+#include <login_cap.h>

 #define CORE_PRIVATE

@@ -1438,6 +1440,8 @@

     gid_t wanted_gid;

     const char *wanted_username;

     int err = 0;

+    struct passwd *pw;

+    login_cap_t *lc;

     itk_server_conf *sconf =

         (itk_server_conf *) ap_get_module_config(r->server->module_config, &mpm_itk_module);

@@ -1481,6 +1485,23 @@

         wanted_username = unixd_config.user_name;

     }

+    if ((pw = getpwuid(wanted_uid)) == NULL) {

+        _DBG("crit: invalid uid: (%ld)", wanted_uid, strerror(errno));

+        err = 1;

+    }

+

+    /*

+     * Apply user resource limits based on login class.

+     */

+    if ((lc = login_getclassbyname(pw->pw_class, pw)) == NULL) {

+        _DBG("failed to login_getclassbyname()", strerror(errno));

+        err = 1;

+    }

+    if ((setusercontext(lc, pw, wanted_uid, LOGIN_SETRESOURCES)) != 0) {

+        _DBG("failed to setusercontext()", strerror(errno));

+        err = 1;

+    }

+

     if (!err && wanted_uid != -1 && wanted_gid != -1 && (getuid() != wanted_uid || getgid() != wanted_gid)) {

         if (setgid(wanted_gid)) {

             _DBG("setgid(%d): %s", wanted_gid, strerror(errno));