diff options
| -rw-r--r-- | patches-applied/006_docs_cleanup | 2 | ||||
| -rw-r--r-- | patches-applied/015_hurd_portability | 7 | ||||
| -rw-r--r-- | patches-applied/038_support_hurd | 73 |
3 files changed, 76 insertions, 6 deletions
diff --git a/patches-applied/006_docs_cleanup b/patches-applied/006_docs_cleanup index c9a3130c..46f21db4 100644 --- a/patches-applied/006_docs_cleanup +++ b/patches-applied/006_docs_cleanup @@ -1,3 +1,5 @@ +Upstream status: submitted in <20070823050649.GA3925@dario.dodds.net> + Index: Linux-PAM/doc/man/pam.conf-syntax.xml =================================================================== --- Linux-PAM/doc/man/pam.conf-syntax.xml.orig diff --git a/patches-applied/015_hurd_portability b/patches-applied/015_hurd_portability index edd93dd9..f39ae126 100644 --- a/patches-applied/015_hurd_portability +++ b/patches-applied/015_hurd_portability @@ -1,5 +1,8 @@ -Patch from Igor Khavkine <i_khavki@alcor.concordia.ca>Patch from -Debian bug #76119 +Patch from Debian bug #76119 +Authors: Igor Khavkine <i_khavki@alcor.concordia.ca>, + Steve Langasek <vorlon@debian.org> + +Upstream status: submitted in <20070823084620.GA3852@dario.dodds.net> Index: Linux-PAM/configure.in =================================================================== diff --git a/patches-applied/038_support_hurd b/patches-applied/038_support_hurd index b3b02a71..117c7e12 100644 --- a/patches-applied/038_support_hurd +++ b/patches-applied/038_support_hurd @@ -1,10 +1,12 @@ -Patch from Michal 'hramrach' Suchanek" <hramrach_l@centrum.cz> - This patch is slightly hurd-specific in that it uses getline which is not portable. However hurd is basically the only modern os without maxhostnamelen +Authors: Michal 'hramrach' Suchanek" <hramrach_l@centrum.cz>, + Steve Langasek <vorlon@debian.org> + +Upstream status: submitted in <20070823084620.GA3852@dario.dodds.net> Index: Linux-PAM/modules/pam_rhosts/pam_rhosts_auth.c =================================================================== @@ -112,31 +114,94 @@ Index: Linux-PAM/modules/pam_xauth/pam_xauth.c /* Possible paths to xauth executable */ static const char * const xauthpaths[] = { #ifdef PAM_PATH_XAUTH -@@ -221,9 +228,13 @@ +@@ -205,6 +212,9 @@ + FILE *fp; + int i; + uid_t euid; ++#ifdef HAVE_SYS_FSUID_H ++ uid_t uid; ++#endif + /* Check this user's <sense> file. */ + pwd = pam_modutil_getpwnam(pamh, this_user); + if (pwd == NULL) { +@@ -221,9 +228,34 @@ return PAM_SESSION_ERR; } euid = geteuid(); +#ifdef HAVE_SYS_FSUID_H setfsuid(pwd->pw_uid); ++#else ++ uid = getuid(); ++ if (uid == pwd->pw_uid) ++ setreuid(euid, uid); ++ else { ++ setreuid(0, -1); ++ if (setreuid(-1, uid) == -1) { ++ setreuid(-1, 0); ++ setreuid(0, -1); ++ if (setreuid(-1, pwd->pw_uid) ++ return PAM_CRED_INSUFFICIENT; ++ } ++ } +#endif fp = fopen(path, "r"); +#ifdef HAVE_SYS_FSUID_H setfsuid(euid); ++else ++ if (uid == pwd->pw_uid) ++ setreuid(uid, euid); ++ else { ++ if (setreuid(-1, 0) == -1) ++ setreuid(uid, -1); ++ setreuid(-1, euid); ++ } +#endif if (fp != NULL) { char buf[LINE_MAX], *tmp; /* Scan the file for a list of specs of users to "trust". */ -@@ -536,9 +547,13 @@ +@@ -292,6 +327,9 @@ + int fd, i, debug = 0; + int retval = PAM_SUCCESS; + uid_t systemuser = 499, targetuser = 0, euid; ++#ifdef HAVE_SYS_FSUID_H ++ uid_t uid; ++#endif + + /* Parse arguments. We don't understand many, so no sense in breaking + * this into a separate function. */ +@@ -536,9 +574,34 @@ /* Generate a new file to hold the data. */ euid = geteuid(); +#ifdef HAVE_SYS_FSUID_H setfsuid(tpwd->pw_uid); ++#else ++ uid = getuid(); ++ if (uid == tpwd->pw_uid) ++ setreuid(euid, uid); ++ else { ++ setreuid(0, -1); ++ if (setreuid(-1, uid) == -1) { ++ setreuid(-1, 0); ++ setreuid(0, -1); ++ if (setreuid(-1, tpwd->pw_uid) ++ return PAM_CRED_INSUFFICIENT; ++ } ++ } +#endif fd = mkstemp(xauthority + strlen(XAUTHENV) + 1); +#ifdef HAVE_SYS_FSUID_H setfsuid(euid); ++else ++ if (uid == tpwd->pw_uid) ++ setreuid(uid, euid); ++ else { ++ if (setreuid(-1, 0) == -1) ++ setreuid(uid, -1); ++ setreuid(-1, euid); ++ } +#endif if (fd == -1) { pam_syslog(pamh, LOG_ERR, "error creating temporary file `%s': %m", + |