gnu/packages/patches/linux-pam-no-setfsuid.patch

   1 On systems without 'setfsuid', use 'setreuid' instead.
   2
   3 The patch originates from the Debian project for GNU/Hurd.
   4 Authors: Steve Langasek <vorlon@debian.org>
   5 Upstream status: A ticket was opened to request apply the patch,
   6 ticket: 'https://fedorahosted.org/linux-pam/ticket/64'.
   7
   8 --- Linux-PAM-1.2.1/libpam/pam_modutil_priv.c   2015-03-24 06:02:32.000000000 -0600
   9 +++ pam_modutil_priv-mod.c      2016-09-20 13:36:53.150663205 -0500
  10 @@ -14,7 +14,9 @@
  11  #include <syslog.h>
  12  #include <pwd.h>
  13  #include <grp.h>
  14 +#ifdef HAVE_SYS_FSUID_H
  15  #include <sys/fsuid.h>
  16 +#endif /* HAVE_SYS_FSUID_H */
  17
  18  /*
  19   * Two setfsuid() calls in a row are necessary to check
  20 @@ -22,17 +24,55 @@
  21   */
  22  static int change_uid(uid_t uid, uid_t *save)
  23  {
  24 +#ifdef HAVE_SYS_FSUID_H
  25         uid_t tmp = setfsuid(uid);
  26         if (save)
  27                 *save = tmp;
  28         return (uid_t) setfsuid(uid) == uid ? 0 : -1;
  29 +#else
  30 +       uid_t euid = geteuid();
  31 +       uid_t ruid = getuid();
  32 +       if (save)
  33 +               *save = ruid;
  34 +       if (ruid == uid && uid != 0)
  35 +               if (setreuid(euid, uid))
  36 +                       return -1;
  37 +       else {
  38 +               setreuid(0, -1);
  39 +               if (setreuid(-1, uid)) {
  40 +                       setreuid(-1, 0);
  41 +                       setreuid(0, -1);
  42 +                       if (setreuid(-1, uid))
  43 +                               return -1;
  44 +               }
  45 +       }
  46 +#endif
  47  }
  48  static int change_gid(gid_t gid, gid_t *save)
  49  {
  50 +#ifdef HAVE_SYS_FSUID_H
  51         gid_t tmp = setfsgid(gid);
  52         if (save)
  53                 *save = tmp;
  54         return (gid_t) setfsgid(gid) == gid ? 0 : -1;
  55 +#else
  56 +       gid_t egid = getegid();
  57 +       gid_t rgid = getgid();
  58 +       if (save)
  59 +               *save = rgid;
  60 +       if (rgid == gid)
  61 +               if (setregid(egid, gid))
  62 +                       return -1;
  63 +       else {
  64 +               setregid(0, -1);
  65 +               if (setregid(-1, gid)) {
  66 +                       setregid(-1, 0);
  67 +                       setregid(0, -1);
  68 +                       if (setregid(-1, gid))
  69 +                               return -1;
  70 +               }
  71 +       }
  72 +#endif
  73  }
  74
  75  static int cleanup(struct pam_modutil_privs *p)