diff mbox

gnu: Add linux-pam.

Message ID ea67bcc1c1a2e6d04877f87b0e62e2d9@openmailbox.org
State New
Headers show

Commit Message

rennes@openmailbox.org Aug. 27, 2016, 4:47 a.m. UTC
This is a patch for linux-pam, at compile on the Hurd system searches 
the file fsuid.h. The patch was taken from the Debian project.

  * This patch is prerequisite for lsh/openssh packages.
  * The patch was build and installed on Linux and the Hurd systems.

Thanks

Comments

Ricardo Wurmus Aug. 27, 2016, 8 a.m. UTC | #1
rennes@openmailbox.org writes:

> This is a patch for linux-pam, at compile on the Hurd system searches 
> the file fsuid.h. The patch was taken from the Debian project.
>
>   * This patch is prerequisite for lsh/openssh packages.
>   * The patch was build and installed on Linux and the Hurd systems.

Thanks for the patch!

Would you like to try to get the patch accepted upstream by the
developers of linux-pam?  If I remember correctly, a lot of the patches
for Debian Hurd are in need of being sent upstream, so getting the patch
accepted would be the best for all involved projects.

@Manolis: What do you think about this?

~~ Ricardo
Manolis Ragkousis Aug. 27, 2016, 7:54 p.m. UTC | #2
Hello Rene,

First of all thank you for helping with the port :-).

Now on the patch.

> Subject: [PATCH] gnu: Add linux-pam.

Maybe we should change the name of the patch to "[PATCH] gnu: Make
linux-pam build on non Linux systems."

Other than that looks good to me. As Ricardo said check the status of
the patch upstream because it will help all projects involved.

@Ricardo: If you are okay with it, I will sign it and push it to master
(or core-updates?).

Thank you again for testing things out,
Manolis



On 08/27/16 07:47, rennes@openmailbox.org wrote:
> This is a patch for linux-pam, at compile on the Hurd system searches
> the file fsuid.h. The patch was taken from the Debian project.
> 
>  * This patch is prerequisite for lsh/openssh packages.
>  * The patch was build and installed on Linux and the Hurd systems.
> 
> Thanks
rennes@openmailbox.org Sept. 4, 2016, 3:43 a.m. UTC | #3
On 2016-08-27 03:00, Ricardo Wurmus wrote:
> 
> Would you like to try to get the patch accepted upstream by the
> developers of linux-pam?  If I remember correctly, a lot of the patches
> for Debian Hurd are in need of being sent upstream, so getting the 
> patch
> accepted would be the best for all involved projects.
> 

Apologizes for the delay, I request to pam developers team but I still 
don't have answer.
Ludovic Courtès Sept. 15, 2016, 8:31 p.m. UTC | #4
Hello!

rennes@openmailbox.org skribis:

> This is a patch for linux-pam, at compile on the Hurd system searches
> the file fsuid.h. The patch was taken from the Debian project.
>
>  * This patch is prerequisite for lsh/openssh packages.
>  * The patch was build and installed on Linux and the Hurd systems.
>
> Thanks
>
> From c7ddf09a79ad33d69b5ac8080b6131763e836ae5 Mon Sep 17 00:00:00 2001
> From: Rene Saavedra <rennes@openmailbox.org>
> Date: Fri, 26 Aug 2016 23:19:14 -0500
> Subject: [PATCH] gnu: Add linux-pam.
>
> 	* gnu/packages/linux.scm (linux-pam): Use it.
> 	* gnu/packages/patches/linux-pam-no-setfsuid.patch: New file.
> 	* gnu/local.mk (dist_patch_DATA): Add it.

What’s the status of this patch?

If discussion with upstream is underway, we could apply it in
core-udpates.

Thanks,
Ludo’.
rennes@openmailbox.org Sept. 15, 2016, 8:46 p.m. UTC | #5
Hello Ludovic,

> What’s the status of this patch?
> 
> If discussion with upstream is underway, we could apply it in
> core-udpates.

I have not been answered by the team of linux-pam. This is my ticket:

https://fedorahosted.org/linux-pam/ticket/64


Thanks
Ludovic Courtès Sept. 20, 2016, 2:55 a.m. UTC | #6
Hi,

rennes <rennes@openmailbox.org> skribis:

>> What’s the status of this patch?
>> 
>> If discussion with upstream is underway, we could apply it in
>> core-udpates.
>
> I have not been answered by the team of linux-pam. This is my ticket:
>
> https://fedorahosted.org/linux-pam/ticket/64

Then I think we can install the patch (in core-updates), making sure it
contains a reference to the above ticket.

Could you send the updated patch?

TIA!

Ludo’.
diff mbox

Patch

From c7ddf09a79ad33d69b5ac8080b6131763e836ae5 Mon Sep 17 00:00:00 2001
From: Rene Saavedra <rennes@openmailbox.org>
Date: Fri, 26 Aug 2016 23:19:14 -0500
Subject: [PATCH] gnu: Add linux-pam.

	* gnu/packages/linux.scm (linux-pam): Use it.
	* gnu/packages/patches/linux-pam-no-setfsuid.patch: New file.
	* gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/local.mk                                     |  2 +
 gnu/packages/linux.scm                           |  6 +-
 gnu/packages/patches/linux-pam-no-setfsuid.patch | 79 ++++++++++++++++++++++++
 3 files changed, 86 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/linux-pam-no-setfsuid.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index b8c5378..391aa8a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -5,6 +5,7 @@ 
 # Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 # Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
 # Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+# Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 #
 # This file is part of GNU Guix.
 #
@@ -644,6 +645,7 @@  dist_patch_DATA =						\
   %D%/packages/patches/libwmf-CVE-2015-4695.patch		\
   %D%/packages/patches/libwmf-CVE-2015-4696.patch		\
   %D%/packages/patches/libxslt-generated-ids.patch		\
+  %D%/packages/patches/linux-pam-no-setfsuid.patch		\
   %D%/packages/patches/lirc-localstatedir.patch			\
   %D%/packages/patches/lm-sensors-hwmon-attrs.patch		\
   %D%/packages/patches/lua-CVE-2014-5461.patch                      \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 1fd792d..8d7ff4c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -14,6 +14,7 @@ 
 ;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
+;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -390,7 +391,10 @@  It has been modified to remove all non-free binary blobs.")
                                 version ".tar.bz2")))
       (sha256
        (base32
-        "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))))
+        "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))
+      ;; On the Hurd system in the 'build' phase seeks fsuid.h file.
+      (patches (search-patches
+                "linux-pam-no-setfsuid.patch"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("flex" ,flex)
diff --git a/gnu/packages/patches/linux-pam-no-setfsuid.patch b/gnu/packages/patches/linux-pam-no-setfsuid.patch
new file mode 100644
index 0000000..7940c5a
--- /dev/null
+++ b/gnu/packages/patches/linux-pam-no-setfsuid.patch
@@ -0,0 +1,79 @@ 
+The patch originates from the Debian project for the Hurd system.
+
+On systems without setfsuid(), use setreuid() instead.
+
+Authors: Steve Langasek <vorlon@debian.org>
+
+Upstream status: to be forwarded, now that pam_modutil_{drop,regain}_priv
+ are implemented
+
+Index: pam.debian/libpam/pam_modutil_priv.c
+===================================================================
+--- pam.debian.orig/libpam/pam_modutil_priv.c
++++ pam.debian/libpam/pam_modutil_priv.c
+@@ -14,7 +14,9 @@
+ #include <syslog.h>
+ #include <pwd.h>
+ #include <grp.h>
++#ifdef HAVE_SYS_FSUID_H
+ #include <sys/fsuid.h>
++#endif /* HAVE_SYS_FSUID_H */
+ 
+ /*
+  * Two setfsuid() calls in a row are necessary to check
+@@ -22,17 +24,55 @@
+  */
+ static int change_uid(uid_t uid, uid_t *save)
+ {
++#ifdef HAVE_SYS_FSUID_H
+ 	uid_t tmp = setfsuid(uid);
+ 	if (save)
+ 		*save = tmp;
+ 	return (uid_t) setfsuid(uid) == uid ? 0 : -1;
++#else
++	uid_t euid = geteuid();
++	uid_t ruid = getuid();
++	if (save)
++		*save = ruid;
++	if (ruid == uid && uid != 0)
++		if (setreuid(euid, uid))
++			return -1;
++	else {
++		setreuid(0, -1);
++		if (setreuid(-1, uid)) {
++			setreuid(-1, 0);
++			setreuid(0, -1);
++			if (setreuid(-1, uid))
++				return -1;
++		}
++	}
++#endif
+ }
+ static int change_gid(gid_t gid, gid_t *save)
+ {
++#ifdef HAVE_SYS_FSUID_H
+ 	gid_t tmp = setfsgid(gid);
+ 	if (save)
+ 		*save = tmp;
+ 	return (gid_t) setfsgid(gid) == gid ? 0 : -1;
++#else
++	gid_t egid = getegid();
++	gid_t rgid = getgid();
++	if (save)
++		*save = rgid;
++	if (rgid == gid)
++		if (setregid(egid, gid))
++			return -1;
++	else {
++		setregid(0, -1);
++		if (setregid(-1, gid)) {
++			setregid(-1, 0);
++			setregid(0, -1);
++			if (setregid(-1, gid))
++				return -1;
++		}
++	}
++#endif
+ }
+ 
+ static int cleanup(struct pam_modutil_privs *p)
-- 
2.6.3