summaryrefslogtreecommitdiff
path: root/debian/patches-applied/hurd_no_setfsuid
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches-applied/hurd_no_setfsuid')
-rw-r--r--debian/patches-applied/hurd_no_setfsuid110
1 files changed, 110 insertions, 0 deletions
diff --git a/debian/patches-applied/hurd_no_setfsuid b/debian/patches-applied/hurd_no_setfsuid
new file mode 100644
index 00000000..71ae5d77
--- /dev/null
+++ b/debian/patches-applied/hurd_no_setfsuid
@@ -0,0 +1,110 @@
+On systems without setfsuid(), use setreuid() instead.
+
+Authors: Steve Langasek <vorlon@debian.org>
+
+Upstream status: superseded by pam_modutil_set_euid proposal
+
+Index: Linux-PAM/modules/pam_xauth/pam_xauth.c
+===================================================================
+--- Linux-PAM/modules/pam_xauth/pam_xauth.c.orig
++++ Linux-PAM/modules/pam_xauth/pam_xauth.c
+@@ -35,7 +35,9 @@
+
+ #include "config.h"
+ #include <sys/types.h>
++#ifdef HAVE_SYS_FSUID_H
+ #include <sys/fsuid.h>
++#endif /* HAVE_SYS_FSUID_H */
+ #include <sys/wait.h>
+ #include <errno.h>
+ #include <fnmatch.h>
+@@ -210,6 +212,9 @@
+ FILE *fp;
+ int i;
+ uid_t euid;
++#ifndef HAVE_SYS_FSUID_H
++ uid_t uid;
++#endif
+ /* Check this user's <sense> file. */
+ pwd = pam_modutil_getpwnam(pamh, this_user);
+ if (pwd == NULL) {
+@@ -226,9 +231,34 @@
+ return PAM_SESSION_ERR;
+ }
+ euid = geteuid();
++#ifdef HAVE_SYS_FSUID_H
+ setfsuid(pwd->pw_uid);
++#else
++ uid = getuid();
++ if (uid == pwd->pw_uid)
++ setreuid(euid, uid);
++ else {
++ setreuid(0, -1);
++ if (setreuid(-1, uid) == -1) {
++ setreuid(-1, 0);
++ setreuid(0, -1);
++ if (setreuid(-1, pwd->pw_uid))
++ return PAM_CRED_INSUFFICIENT;
++ }
++ }
++#endif
+ fp = fopen(path, "r");
++#ifdef HAVE_SYS_FSUID_H
+ setfsuid(euid);
++#else
++ if (uid == pwd->pw_uid)
++ setreuid(uid, euid);
++ else {
++ if (setreuid(-1, 0) == -1)
++ setreuid(uid, -1);
++ setreuid(-1, euid);
++ }
++#endif
+ if (fp != NULL) {
+ char buf[LINE_MAX], *tmp;
+ /* Scan the file for a list of specs of users to "trust". */
+@@ -297,6 +327,9 @@
+ int fd, i, debug = 0;
+ int retval = PAM_SUCCESS;
+ uid_t systemuser = 499, targetuser = 0, euid;
++#ifndef HAVE_SYS_FSUID_H
++ uid_t uid;
++#endif
+
+ /* Parse arguments. We don't understand many, so no sense in breaking
+ * this into a separate function. */
+@@ -541,9 +574,34 @@
+
+ /* Generate a new file to hold the data. */
+ euid = geteuid();
++#ifdef HAVE_SYS_FSUID_H
+ setfsuid(tpwd->pw_uid);
++#else
++ uid = getuid();
++ if (uid == tpwd->pw_uid)
++ setreuid(euid, uid);
++ else {
++ setreuid(0, -1);
++ if (setreuid(-1, uid) == -1) {
++ setreuid(-1, 0);
++ setreuid(0, -1);
++ if (setreuid(-1, tpwd->pw_uid))
++ return PAM_CRED_INSUFFICIENT;
++ }
++ }
++#endif
+ fd = mkstemp(xauthority + strlen(XAUTHENV) + 1);
++#ifdef HAVE_SYS_FSUID_H
+ setfsuid(euid);
++#else
++ if (uid == tpwd->pw_uid)
++ setreuid(uid, euid);
++ else {
++ if (setreuid(-1, 0) == -1)
++ setreuid(uid, -1);
++ setreuid(-1, euid);
++ }
++#endif
+ if (fd == -1) {
+ pam_syslog(pamh, LOG_ERR,
+ "error creating temporary file `%s': %m",
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-24 10:28:24 +0000