4 files changed, 116 insertions, 104 deletions
diff --git a/changelog b/changelog
index 835f2c9a..5fb9d485 100644
--- a/changelog
+++ b/changelog
@@ -68,7 +68,7 @@ pam (0.99.7.1-2) UNRELEASED; urgency=low
     of AC_CHECK_HEADER, so crack.h is actually included.  Also remove
     unnecessary string copies, which break on the Hurd due to PATH_MAX.
   * Patch 038: partially merged/superseded upstream; also add new Hurd
-    fixes for pam_xauth.
+    fix for pam_xauth.
   * Patch 061: partially merged upstream
   * Use ${binary:Version} instead of ${Source-Version} in
     debian/control.
@@ -148,8 +148,10 @@ pam (0.99.7.1-2) UNRELEASED; urgency=low
     this patch as well.  Closes: #439040.
   * Update 015_hurd_portability to include -pthread in
     libpam_la_LDFLAGS, required for portability to non-Linux platforms.
+  * New patch hurd_no_setfsuid: if we don't have sys/fsuid.h, work around
+    using setreuid instead.
 
- -- Steve Langasek <vorlon@debian.org>  Tue, 21 Aug 2007 18:29:45 -0700
+ -- Steve Langasek <vorlon@debian.org>  Sat, 25 Aug 2007 03:49:47 -0700
 
 pam (0.79-4) unstable; urgency=medium
 
diff --git a/patches-applied/038_support_hurd b/patches-applied/038_support_hurd
index 11bfc5ef..b0883d41 100644
--- a/patches-applied/038_support_hurd
+++ b/patches-applied/038_support_hurd
@@ -92,17 +92,7 @@ Index: Linux-PAM/modules/pam_xauth/pam_xauth.c
 ===================================================================
 --- Linux-PAM/modules/pam_xauth/pam_xauth.c.orig
 +++ Linux-PAM/modules/pam_xauth/pam_xauth.c
-@@ -35,7 +35,9 @@
- 
- #include "config.h"
- #include <sys/types.h>
-+#ifdef HAVE_SYS_FSUID_H
- #include <sys/fsuid.h>
-+#endif /* HAVE_SYS_FSUID_H */
- #include <sys/wait.h>
- #include <errno.h>
- #include <fnmatch.h>
-@@ -63,6 +65,11 @@
+@@ -63,6 +63,11 @@
  #define XAUTHDEF ".Xauthority"
  #define XAUTHTMP ".xauthXXXXXX"
  
@@ -114,94 +104,3 @@ Index: Linux-PAM/modules/pam_xauth/pam_xauth.c
  /* Possible paths to xauth executable */
  static const char * const xauthpaths[] = {
  #ifdef PAM_PATH_XAUTH
-@@ -205,6 +212,9 @@
- 	FILE *fp;
- 	int i;
- 	uid_t euid;
-+#ifdef HAVE_SYS_FSUID_H
-+	uid_t uid;
-+#endif
- 	/* Check this user's <sense> file. */
- 	pwd = pam_modutil_getpwnam(pamh, this_user);
- 	if (pwd == NULL) {
-@@ -221,9 +228,34 @@
- 		return PAM_SESSION_ERR;
- 	}
- 	euid = geteuid();
-+#ifdef HAVE_SYS_FSUID_H
- 	setfsuid(pwd->pw_uid);
-+#else
-+	uid = getuid();
-+	if (uid == pwd->pw_uid)
-+		setreuid(euid, uid);
-+	else {
-+		setreuid(0, -1);
-+		if (setreuid(-1, uid) == -1) {
-+			setreuid(-1, 0);
-+			setreuid(0, -1);
-+			if (setreuid(-1, pwd->pw_uid)
-+				return PAM_CRED_INSUFFICIENT;
-+		}
-+	}
-+#endif
- 	fp = fopen(path, "r");
-+#ifdef HAVE_SYS_FSUID_H
- 	setfsuid(euid);
-+#else
-+	if (uid == pwd->pw_uid)
-+		setreuid(uid, euid);
-+	else {
-+		if (setreuid(-1, 0) == -1)
-+			setreuid(uid, -1);
-+		setreuid(-1, euid);
-+	}
-+#endif
- 	if (fp != NULL) {
- 		char buf[LINE_MAX], *tmp;
- 		/* Scan the file for a list of specs of users to "trust". */
-@@ -292,6 +327,9 @@
- 	int fd, i, debug = 0;
- 	int retval = PAM_SUCCESS;
- 	uid_t systemuser = 499, targetuser = 0, euid;
-+#ifdef HAVE_SYS_FSUID_H
-+	uid_t uid;
-+#endif
- 
- 	/* Parse arguments.  We don't understand many, so no sense in breaking
- 	 * this into a separate function. */
-@@ -536,9 +574,34 @@
- 
- 		/* Generate a new file to hold the data. */
- 		euid = geteuid();
-+#ifdef HAVE_SYS_FSUID_H
- 		setfsuid(tpwd->pw_uid);
-+#else
-+		uid = getuid();
-+		if (uid == tpwd->pw_uid)
-+			setreuid(euid, uid);
-+		else {
-+			setreuid(0, -1);
-+			if (setreuid(-1, uid) == -1) {
-+				setreuid(-1, 0);
-+				setreuid(0, -1);
-+				if (setreuid(-1, tpwd->pw_uid)
-+					return PAM_CRED_INSUFFICIENT;
-+			}
-+		}
-+#endif
- 		fd = mkstemp(xauthority + strlen(XAUTHENV) + 1);
-+#ifdef HAVE_SYS_FSUID_H
- 		setfsuid(euid);
-+#else
-+		if (uid == tpwd->pw_uid)
-+			setreuid(uid, euid);
-+		else {
-+			if (setreuid(-1, 0) == -1)
-+				setreuid(uid, -1);
-+			setreuid(-1, euid);
-+		}
-+#endif
- 		if (fd == -1) {
- 			pam_syslog(pamh, LOG_ERR,
- 				   "error creating temporary file `%s': %m",
-
diff --git a/patches-applied/hurd_no_setfsuid b/patches-applied/hurd_no_setfsuid
new file mode 100644
index 00000000..e80eaf83
--- /dev/null
+++ b/patches-applied/hurd_no_setfsuid
@@ -0,0 +1,110 @@
+On systems without setfsuid(), use setreuid() instead.
+
+Authors: Steve Langasek <vorlon@debian.org>
+
+Upstream status: superseded by pam_modutil_set_euid proposal
+
+Index: Linux-PAM/modules/pam_xauth/pam_xauth.c
+===================================================================
+--- Linux-PAM/modules/pam_xauth/pam_xauth.c.orig
++++ Linux-PAM/modules/pam_xauth/pam_xauth.c
+@@ -35,7 +35,9 @@
+ 
+ #include "config.h"
+ #include <sys/types.h>
++#ifdef HAVE_SYS_FSUID_H
+ #include <sys/fsuid.h>
++#endif /* HAVE_SYS_FSUID_H */
+ #include <sys/wait.h>
+ #include <errno.h>
+ #include <fnmatch.h>
+@@ -210,6 +212,9 @@
+ 	FILE *fp;
+ 	int i;
+ 	uid_t euid;
++#ifdef HAVE_SYS_FSUID_H
++	uid_t uid;
++#endif
+ 	/* Check this user's <sense> file. */
+ 	pwd = pam_modutil_getpwnam(pamh, this_user);
+ 	if (pwd == NULL) {
+@@ -226,9 +231,34 @@
+ 		return PAM_SESSION_ERR;
+ 	}
+ 	euid = geteuid();
++#ifdef HAVE_SYS_FSUID_H
+ 	setfsuid(pwd->pw_uid);
++#else
++	uid = getuid();
++	if (uid == pwd->pw_uid)
++		setreuid(euid, uid);
++	else {
++		setreuid(0, -1);
++		if (setreuid(-1, uid) == -1) {
++			setreuid(-1, 0);
++			setreuid(0, -1);
++			if (setreuid(-1, pwd->pw_uid)
++				return PAM_CRED_INSUFFICIENT;
++		}
++	}
++#endif
+ 	fp = fopen(path, "r");
++#ifdef HAVE_SYS_FSUID_H
+ 	setfsuid(euid);
++#else
++	if (uid == pwd->pw_uid)
++		setreuid(uid, euid);
++	else {
++		if (setreuid(-1, 0) == -1)
++			setreuid(uid, -1);
++		setreuid(-1, euid);
++	}
++#endif
+ 	if (fp != NULL) {
+ 		char buf[LINE_MAX], *tmp;
+ 		/* Scan the file for a list of specs of users to "trust". */
+@@ -297,6 +327,9 @@
+ 	int fd, i, debug = 0;
+ 	int retval = PAM_SUCCESS;
+ 	uid_t systemuser = 499, targetuser = 0, euid;
++#ifdef HAVE_SYS_FSUID_H
++	uid_t uid;
++#endif
+ 
+ 	/* Parse arguments.  We don't understand many, so no sense in breaking
+ 	 * this into a separate function. */
+@@ -541,9 +574,34 @@
+ 
+ 		/* Generate a new file to hold the data. */
+ 		euid = geteuid();
++#ifdef HAVE_SYS_FSUID_H
+ 		setfsuid(tpwd->pw_uid);
++#else
++		uid = getuid();
++		if (uid == tpwd->pw_uid)
++			setreuid(euid, uid);
++		else {
++			setreuid(0, -1);
++			if (setreuid(-1, uid) == -1) {
++				setreuid(-1, 0);
++				setreuid(0, -1);
++				if (setreuid(-1, tpwd->pw_uid)
++					return PAM_CRED_INSUFFICIENT;
++			}
++		}
++#endif
+ 		fd = mkstemp(xauthority + strlen(XAUTHENV) + 1);
++#ifdef HAVE_SYS_FSUID_H
+ 		setfsuid(euid);
++#else
++		if (uid == tpwd->pw_uid)
++			setreuid(uid, euid);
++		else {
++			if (setreuid(-1, 0) == -1)
++				setreuid(uid, -1);
++			setreuid(-1, euid);
++		}
++#endif
+ 		if (fd == -1) {
+ 			pam_syslog(pamh, LOG_ERR,
+ 				   "error creating temporary file `%s': %m",
diff --git a/patches-applied/series b/patches-applied/series
index 5d1e2f65..73fcfd4d 100644
--- a/patches-applied/series
+++ b/patches-applied/series
@@ -13,6 +13,7 @@
 032_pam_limits_EPERM_NOT_FATAL -p0
 036_pam_wheel_getlogin_considered_harmful -p0
 038_support_hurd -p0
+hurd_no_setfsuid -p0
 040_pam_limits_log_failure -p0
 043_pam_unix_unknown_user_not_alert -p0
 045_pam_dispatch_jump_is_ignore -p0