[jackhill/guix/guix.git] / gnu / packages / patches / linux-pam-no-setfsuid.patch

On systems without 'setfsuid', use 'setreuid' instead.

The patch originates from the Debian project for GNU/Hurd.
Authors: Steve Langasek <vorlon@debian.org>
Upstream status: A ticket was opened to request apply the patch,
ticket: 'https://fedorahosted.org/linux-pam/ticket/64'.

--- Linux-PAM-1.2.1/libpam/pam_modutil_priv.c	2015-03-24 06:02:32.000000000 -0600
+++ pam_modutil_priv-mod.c	2016-09-20 13:36:53.150663205 -0500
@@ -14,7 +14,9 @@
 #include <syslog.h>
 #include <pwd.h>
 #include <grp.h>
+#ifdef HAVE_SYS_FSUID_H
 #include <sys/fsuid.h>
+#endif /* HAVE_SYS_FSUID_H */
 
 /*
  * Two setfsuid() calls in a row are necessary to check
@@ -22,17 +24,55 @@
  */
 static int change_uid(uid_t uid, uid_t *save)
 {
+#ifdef HAVE_SYS_FSUID_H
 	uid_t tmp = setfsuid(uid);
 	if (save)
 		*save = tmp;
 	return (uid_t) setfsuid(uid) == uid ? 0 : -1;
+#else
+	uid_t euid = geteuid();
+	uid_t ruid = getuid();
+	if (save)
+		*save = ruid;
+	if (ruid == uid && uid != 0)
+		if (setreuid(euid, uid))
+			return -1;
+	else {
+		setreuid(0, -1);
+		if (setreuid(-1, uid)) {
+			setreuid(-1, 0);
+			setreuid(0, -1);
+			if (setreuid(-1, uid))
+				return -1;
+		}
+	}
+#endif
 }
 static int change_gid(gid_t gid, gid_t *save)
 {
+#ifdef HAVE_SYS_FSUID_H
 	gid_t tmp = setfsgid(gid);
 	if (save)
 		*save = tmp;
 	return (gid_t) setfsgid(gid) == gid ? 0 : -1;
+#else
+	gid_t egid = getegid();
+	gid_t rgid = getgid();
+	if (save)
+		*save = rgid;
+	if (rgid == gid)
+		if (setregid(egid, gid))
+			return -1;
+	else {
+		setregid(0, -1);
+		if (setregid(-1, gid)) {
+			setregid(-1, 0);
+			setregid(0, -1);
+			if (setregid(-1, gid))
+				return -1;
+		}
+	}
+#endif
 }
 
 static int cleanup(struct pam_modutil_privs *p)
Commit	Line	Data
411264c2 RS	1	On systems without 'setfsuid', use 'setreuid' instead.
	2
	3	The patch originates from the Debian project for GNU/Hurd.
	4	Authors: Steve Langasek <vorlon@debian.org>
	5	Upstream status: A ticket was opened to request apply the patch,
	6	ticket: 'https://fedorahosted.org/linux-pam/ticket/64'.
	7
	8	--- Linux-PAM-1.2.1/libpam/pam_modutil_priv.c 2015-03-24 06:02:32.000000000 -0600
	9	+++ pam_modutil_priv-mod.c 2016-09-20 13:36:53.150663205 -0500
	10	@@ -14,7 +14,9 @@
	11	#include <syslog.h>
	12	#include <pwd.h>
	13	#include <grp.h>
	14	+#ifdef HAVE_SYS_FSUID_H
	15	#include <sys/fsuid.h>
	16	+#endif /* HAVE_SYS_FSUID_H */
	17
	18	/*
	19	* Two setfsuid() calls in a row are necessary to check
	20	@@ -22,17 +24,55 @@
	21	*/
	22	static int change_uid(uid_t uid, uid_t *save)
	23	{
	24	+#ifdef HAVE_SYS_FSUID_H
	25	uid_t tmp = setfsuid(uid);
	26	if (save)
	27	*save = tmp;
	28	return (uid_t) setfsuid(uid) == uid ? 0 : -1;
	29	+#else
	30	+ uid_t euid = geteuid();
	31	+ uid_t ruid = getuid();
	32	+ if (save)
	33	+ *save = ruid;
	34	+ if (ruid == uid && uid != 0)
	35	+ if (setreuid(euid, uid))
	36	+ return -1;
	37	+ else {
	38	+ setreuid(0, -1);
	39	+ if (setreuid(-1, uid)) {
	40	+ setreuid(-1, 0);
	41	+ setreuid(0, -1);
	42	+ if (setreuid(-1, uid))
	43	+ return -1;
	44	+ }
	45	+ }
	46	+#endif
	47	}
	48	static int change_gid(gid_t gid, gid_t *save)
	49	{
	50	+#ifdef HAVE_SYS_FSUID_H
	51	gid_t tmp = setfsgid(gid);
	52	if (save)
	53	*save = tmp;
	54	return (gid_t) setfsgid(gid) == gid ? 0 : -1;
	55	+#else
	56	+ gid_t egid = getegid();
	57	+ gid_t rgid = getgid();
	58	+ if (save)
	59	+ *save = rgid;
	60	+ if (rgid == gid)
	61	+ if (setregid(egid, gid))
	62	+ return -1;
	63	+ else {
	64	+ setregid(0, -1);
65	+ if (setregid(-1, gid)) {
66	+ setregid(-1, 0);
67	+ setregid(0, -1);
68	+ if (setregid(-1, gid))
69	+ return -1;
70	+ }
71	+ }
72	+#endif
73	}
74
75	static int cleanup(struct pam_modutil_privs *p)