diff options
| author | Steve Langasek <vorlon@debian.org> | 2019-01-02 12:24:44 -0800 |
|---|---|---|
| committer | Steve Langasek <vorlon@debian.org> | 2019-01-02 12:27:24 -0800 |
| commit | a6f4ab0bebc76acf85cc0244bd21c1036009c28c (patch) | |
| tree | df0d6a57d2b91ab9038e8d7b0d62f28c2daa66db /debian/patches-applied/hurd_no_setfsuid | |
| parent | 10b6243f4664747e815372070142d6c5853176da (diff) | |
| download | pam-a6f4ab0bebc76acf85cc0244bd21c1036009c28c.tar.gz pam-a6f4ab0bebc76acf85cc0244bd21c1036009c28c.tar.bz2 pam-a6f4ab0bebc76acf85cc0244bd21c1036009c28c.zip | |
fix-up commit for grafting svn history onto git history
Diffstat (limited to 'debian/patches-applied/hurd_no_setfsuid')
| -rw-r--r-- | debian/patches-applied/hurd_no_setfsuid | 110 |
1 files changed, 110 insertions, 0 deletions
diff --git a/debian/patches-applied/hurd_no_setfsuid b/debian/patches-applied/hurd_no_setfsuid new file mode 100644 index 00000000..71ae5d77 --- /dev/null +++ b/debian/patches-applied/hurd_no_setfsuid @@ -0,0 +1,110 @@ +On systems without setfsuid(), use setreuid() instead. + +Authors: Steve Langasek <vorlon@debian.org> + +Upstream status: superseded by pam_modutil_set_euid proposal + +Index: Linux-PAM/modules/pam_xauth/pam_xauth.c +=================================================================== +--- Linux-PAM/modules/pam_xauth/pam_xauth.c.orig ++++ Linux-PAM/modules/pam_xauth/pam_xauth.c +@@ -35,7 +35,9 @@ + + #include "config.h" + #include <sys/types.h> ++#ifdef HAVE_SYS_FSUID_H + #include <sys/fsuid.h> ++#endif /* HAVE_SYS_FSUID_H */ + #include <sys/wait.h> + #include <errno.h> + #include <fnmatch.h> +@@ -210,6 +212,9 @@ + FILE *fp; + int i; + uid_t euid; ++#ifndef HAVE_SYS_FSUID_H ++ uid_t uid; ++#endif + /* Check this user's <sense> file. */ + pwd = pam_modutil_getpwnam(pamh, this_user); + if (pwd == NULL) { +@@ -226,9 +231,34 @@ + return PAM_SESSION_ERR; + } + euid = geteuid(); ++#ifdef HAVE_SYS_FSUID_H + setfsuid(pwd->pw_uid); ++#else ++ uid = getuid(); ++ if (uid == pwd->pw_uid) ++ setreuid(euid, uid); ++ else { ++ setreuid(0, -1); ++ if (setreuid(-1, uid) == -1) { ++ setreuid(-1, 0); ++ setreuid(0, -1); ++ if (setreuid(-1, pwd->pw_uid)) ++ return PAM_CRED_INSUFFICIENT; ++ } ++ } ++#endif + fp = fopen(path, "r"); ++#ifdef HAVE_SYS_FSUID_H + setfsuid(euid); ++#else ++ if (uid == pwd->pw_uid) ++ setreuid(uid, euid); ++ else { ++ if (setreuid(-1, 0) == -1) ++ setreuid(uid, -1); ++ setreuid(-1, euid); ++ } ++#endif + if (fp != NULL) { + char buf[LINE_MAX], *tmp; + /* Scan the file for a list of specs of users to "trust". */ +@@ -297,6 +327,9 @@ + int fd, i, debug = 0; + int retval = PAM_SUCCESS; + uid_t systemuser = 499, targetuser = 0, euid; ++#ifndef HAVE_SYS_FSUID_H ++ uid_t uid; ++#endif + + /* Parse arguments. We don't understand many, so no sense in breaking + * this into a separate function. */ +@@ -541,9 +574,34 @@ + + /* Generate a new file to hold the data. */ + euid = geteuid(); ++#ifdef HAVE_SYS_FSUID_H + setfsuid(tpwd->pw_uid); ++#else ++ uid = getuid(); ++ if (uid == tpwd->pw_uid) ++ setreuid(euid, uid); ++ else { ++ setreuid(0, -1); ++ if (setreuid(-1, uid) == -1) { ++ setreuid(-1, 0); ++ setreuid(0, -1); ++ if (setreuid(-1, tpwd->pw_uid)) ++ return PAM_CRED_INSUFFICIENT; ++ } ++ } ++#endif + fd = mkstemp(xauthority + strlen(XAUTHENV) + 1); ++#ifdef HAVE_SYS_FSUID_H + setfsuid(euid); ++#else ++ if (uid == tpwd->pw_uid) ++ setreuid(uid, euid); ++ else { ++ if (setreuid(-1, 0) == -1) ++ setreuid(uid, -1); ++ setreuid(-1, euid); ++ } ++#endif + if (fd == -1) { + pam_syslog(pamh, LOG_ERR, + "error creating temporary file `%s': %m", |