[PATCH] gnu: Add linux-pam.

[PATCH] gnu: Add linux-pam.

[rennes]

[-- Attachment #1: Type: text/plain, Size: 268 bytes --]

This is a patch for linux-pam, at compile on the Hurd system searches 
the file fsuid.h. The patch was taken from the Debian project.

  * This patch is prerequisite for lsh/openssh packages.
  * The patch was build and installed on Linux and the Hurd systems.

Thanks

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-gnu-Add-linux-pam.patch --]
[-- Type: text/x-diff; name=0001-gnu-Add-linux-pam.patch, Size: 4582 bytes --]

From c7ddf09a79ad33d69b5ac8080b6131763e836ae5 Mon Sep 17 00:00:00 2001
From: Rene Saavedra <rennes@openmailbox.org>
Date: Fri, 26 Aug 2016 23:19:14 -0500
Subject: [PATCH] gnu: Add linux-pam.

	* gnu/packages/linux.scm (linux-pam): Use it.
	* gnu/packages/patches/linux-pam-no-setfsuid.patch: New file.
	* gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/local.mk                                     |  2 +
 gnu/packages/linux.scm                           |  6 +-
 gnu/packages/patches/linux-pam-no-setfsuid.patch | 79 ++++++++++++++++++++++++
 3 files changed, 86 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/linux-pam-no-setfsuid.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index b8c5378..391aa8a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -5,6 +5,7 @@
 # Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 # Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
 # Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+# Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 #
 # This file is part of GNU Guix.
 #
@@ -644,6 +645,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libwmf-CVE-2015-4695.patch		\
   %D%/packages/patches/libwmf-CVE-2015-4696.patch		\
   %D%/packages/patches/libxslt-generated-ids.patch		\
+  %D%/packages/patches/linux-pam-no-setfsuid.patch		\
   %D%/packages/patches/lirc-localstatedir.patch			\
   %D%/packages/patches/lm-sensors-hwmon-attrs.patch		\
   %D%/packages/patches/lua-CVE-2014-5461.patch                      \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 1fd792d..8d7ff4c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -14,6 +14,7 @@
 ;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
+;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -390,7 +391,10 @@ It has been modified to remove all non-free binary blobs.")
                                 version ".tar.bz2")))
       (sha256
        (base32
-        "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))))
+        "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))
+      ;; On the Hurd system in the 'build' phase seeks fsuid.h file.
+      (patches (search-patches
+                "linux-pam-no-setfsuid.patch"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("flex" ,flex)
diff --git a/gnu/packages/patches/linux-pam-no-setfsuid.patch b/gnu/packages/patches/linux-pam-no-setfsuid.patch
new file mode 100644
index 0000000..7940c5a
--- /dev/null
+++ b/gnu/packages/patches/linux-pam-no-setfsuid.patch
@@ -0,0 +1,79 @@
+The patch originates from the Debian project for the Hurd system.
+
+On systems without setfsuid(), use setreuid() instead.
+
+Authors: Steve Langasek <vorlon@debian.org>
+
+Upstream status: to be forwarded, now that pam_modutil_{drop,regain}_priv
+ are implemented
+
+Index: pam.debian/libpam/pam_modutil_priv.c
+===================================================================
+--- pam.debian.orig/libpam/pam_modutil_priv.c
++++ pam.debian/libpam/pam_modutil_priv.c
+@@ -14,7 +14,9 @@
+ #include <syslog.h>
+ #include <pwd.h>
+ #include <grp.h>
++#ifdef HAVE_SYS_FSUID_H
+ #include <sys/fsuid.h>
++#endif /* HAVE_SYS_FSUID_H */
+ 
+ /*
+  * Two setfsuid() calls in a row are necessary to check
+@@ -22,17 +24,55 @@
+  */
+ static int change_uid(uid_t uid, uid_t *save)
+ {
++#ifdef HAVE_SYS_FSUID_H
+ 	uid_t tmp = setfsuid(uid);
+ 	if (save)
+ 		*save = tmp;
+ 	return (uid_t) setfsuid(uid) == uid ? 0 : -1;
++#else
++	uid_t euid = geteuid();
++	uid_t ruid = getuid();
++	if (save)
++		*save = ruid;
++	if (ruid == uid && uid != 0)
++		if (setreuid(euid, uid))
++			return -1;
++	else {
++		setreuid(0, -1);
++		if (setreuid(-1, uid)) {
++			setreuid(-1, 0);
++			setreuid(0, -1);
++			if (setreuid(-1, uid))
++				return -1;
++		}
++	}
++#endif
+ }
+ static int change_gid(gid_t gid, gid_t *save)
+ {
++#ifdef HAVE_SYS_FSUID_H
+ 	gid_t tmp = setfsgid(gid);
+ 	if (save)
+ 		*save = tmp;
+ 	return (gid_t) setfsgid(gid) == gid ? 0 : -1;
++#else
++	gid_t egid = getegid();
++	gid_t rgid = getgid();
++	if (save)
++		*save = rgid;
++	if (rgid == gid)
++		if (setregid(egid, gid))
++			return -1;
++	else {
++		setregid(0, -1);
++		if (setregid(-1, gid)) {
++			setregid(-1, 0);
++			setregid(0, -1);
++			if (setregid(-1, gid))
++				return -1;
++		}
++	}
++#endif
+ }
+ 
+ static int cleanup(struct pam_modutil_privs *p)
-- 
2.6.3

Re: [PATCH] gnu: Add linux-pam.

[Ricardo Wurmus]

rennes@openmailbox.org writes:

> This is a patch for linux-pam, at compile on the Hurd system searches 
> the file fsuid.h. The patch was taken from the Debian project.
>
>   * This patch is prerequisite for lsh/openssh packages.
>   * The patch was build and installed on Linux and the Hurd systems.

Thanks for the patch!

Would you like to try to get the patch accepted upstream by the
developers of linux-pam?  If I remember correctly, a lot of the patches
for Debian Hurd are in need of being sent upstream, so getting the patch
accepted would be the best for all involved projects.

@Manolis: What do you think about this?

~~ Ricardo

Re: [PATCH] gnu: Add linux-pam.

[Manolis Ragkousis]

Hello Rene,

First of all thank you for helping with the port :-).

Now on the patch.

> Subject: [PATCH] gnu: Add linux-pam.

Maybe we should change the name of the patch to "[PATCH] gnu: Make
linux-pam build on non Linux systems."

Other than that looks good to me. As Ricardo said check the status of
the patch upstream because it will help all projects involved.

@Ricardo: If you are okay with it, I will sign it and push it to master
(or core-updates?).

Thank you again for testing things out,
Manolis



On 08/27/16 07:47, rennes@openmailbox.org wrote:
> This is a patch for linux-pam, at compile on the Hurd system searches
> the file fsuid.h. The patch was taken from the Debian project.
> 
>  * This patch is prerequisite for lsh/openssh packages.
>  * The patch was build and installed on Linux and the Hurd systems.
> 
> Thanks

Re: [PATCH] gnu: Add linux-pam.

[rennes]

On 2016-08-27 03:00, Ricardo Wurmus wrote:
> 
> Would you like to try to get the patch accepted upstream by the
> developers of linux-pam?  If I remember correctly, a lot of the patches
> for Debian Hurd are in need of being sent upstream, so getting the 
> patch
> accepted would be the best for all involved projects.
> 

Apologizes for the delay, I request to pam developers team but I still 
don't have answer.

Re: [PATCH] gnu: Add linux-pam.

[Ludovic Courtès]

Hello!

rennes@openmailbox.org skribis:

> This is a patch for linux-pam, at compile on the Hurd system searches
> the file fsuid.h. The patch was taken from the Debian project.
>
>  * This patch is prerequisite for lsh/openssh packages.
>  * The patch was build and installed on Linux and the Hurd systems.
>
> Thanks
>
> From c7ddf09a79ad33d69b5ac8080b6131763e836ae5 Mon Sep 17 00:00:00 2001
> From: Rene Saavedra <rennes@openmailbox.org>
> Date: Fri, 26 Aug 2016 23:19:14 -0500
> Subject: [PATCH] gnu: Add linux-pam.
>
> 	* gnu/packages/linux.scm (linux-pam): Use it.
> 	* gnu/packages/patches/linux-pam-no-setfsuid.patch: New file.
> 	* gnu/local.mk (dist_patch_DATA): Add it.

What’s the status of this patch?

If discussion with upstream is underway, we could apply it in
core-udpates.

Thanks,
Ludo’.

Re: [PATCH] gnu: Add linux-pam.

[rennes]

Hello Ludovic,

> What’s the status of this patch?
> 
> If discussion with upstream is underway, we could apply it in
> core-udpates.

I have not been answered by the team of linux-pam. This is my ticket:

https://fedorahosted.org/linux-pam/ticket/64


Thanks

Re: [PATCH] gnu: Add linux-pam.

[Ludovic Courtès]

Hi,

rennes <rennes@openmailbox.org> skribis:

>> What’s the status of this patch?
>> 
>> If discussion with upstream is underway, we could apply it in
>> core-udpates.
>
> I have not been answered by the team of linux-pam. This is my ticket:
>
> https://fedorahosted.org/linux-pam/ticket/64

Then I think we can install the patch (in core-updates), making sure it
contains a reference to the above ticket.

Could you send the updated patch?

TIA!

Ludo’.

Re: [PATCH] gnu: Add linux-pam.

[rennes]

[-- Attachment #1: Type: text/plain, Size: 195 bytes --]

Hello,

> Then I think we can install the patch (in core-updates), making sure
> it
> contains a reference to the above ticket.
> 
> Could you send the updated patch?

attached the updated patch.

[-- Attachment #2: 0001-gnu-Add-linux-pam.patch --]
[-- Type: text/x-patch, Size: 4571 bytes --]

From b4753711aabcefa410b2eb4ced9d25e084bb7658 Mon Sep 17 00:00:00 2001
From: Rene Saavedra <rennes@openmailbox.org>
Date: Tue, 20 Sep 2016 14:59:20 -0500
Subject: [PATCH] gnu: Add linux-pam.

	* gnu/packages/linux.scm (linux-pam): Use it.
	* gnu/packages/patches/linux-pam-no-setfsuid.patch: New file.
	* gnu/local.mk (dist_patch_DATA): Add it.

---
 gnu/local.mk                                     |  2 +
 gnu/packages/linux.scm                           |  7 ++-
 gnu/packages/patches/linux-pam-no-setfsuid.patch | 75 ++++++++++++++++++++++++
 3 files changed, 83 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/linux-pam-no-setfsuid.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index a756638..f0415f6 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -5,6 +5,7 @@
 # Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 # Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
 # Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+# Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 #
 # This file is part of GNU Guix.
 #
@@ -658,6 +659,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libwmf-CVE-2015-4695.patch		\
   %D%/packages/patches/libwmf-CVE-2015-4696.patch		\
   %D%/packages/patches/libxslt-generated-ids.patch		\
+  %D%/packages/patches/linux-pam-no-setfsuid.patch		\
   %D%/packages/patches/lirc-localstatedir.patch			\
   %D%/packages/patches/llvm-for-extempore.patch			\
   %D%/packages/patches/lm-sensors-hwmon-attrs.patch		\
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 5e9263e..e5dbc42 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -15,6 +15,7 @@
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
+;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -371,7 +372,11 @@ It has been modified to remove all non-free binary blobs.")
                                 version ".tar.bz2")))
       (sha256
        (base32
-        "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))))
+        "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))
+      ;; On the Hurd system in the 'build' phase seeks fsuid.h file.
+      ;; See the patch for details.
+      (patches (search-patches
+                "linux-pam-no-setfsuid.patch"))))    
     (build-system gnu-build-system)
     (native-inputs
      `(("flex" ,flex)
diff --git a/gnu/packages/patches/linux-pam-no-setfsuid.patch b/gnu/packages/patches/linux-pam-no-setfsuid.patch
new file mode 100644
index 0000000..c14721d
--- /dev/null
+++ b/gnu/packages/patches/linux-pam-no-setfsuid.patch
@@ -0,0 +1,75 @@
+On systems without setfsuid(), use setreuid() instead.
+
+The patch originates from the Debian project for the Hurd system.
+Authors: Steve Langasek <vorlon@debian.org>
+Upstream status: A ticket was opened to request apply the patch,
+ticket: 'https://fedorahosted.org/linux-pam/ticket/64'.
+
+--- Linux-PAM-1.2.1/libpam/pam_modutil_priv.c	2015-03-24 06:02:32.000000000 -0600
++++ pam_modutil_priv-mod.c	2016-09-20 13:36:53.150663205 -0500
+@@ -14,7 +14,9 @@
+ #include <syslog.h>
+ #include <pwd.h>
+ #include <grp.h>
++#ifdef HAVE_SYS_FSUID_H
+ #include <sys/fsuid.h>
++#endif /* HAVE_SYS_FSUID_H */
+ 
+ /*
+  * Two setfsuid() calls in a row are necessary to check
+@@ -22,17 +24,55 @@
+  */
+ static int change_uid(uid_t uid, uid_t *save)
+ {
++#ifdef HAVE_SYS_FSUID_H  
+ 	uid_t tmp = setfsuid(uid);
+ 	if (save)
+ 		*save = tmp;
+ 	return (uid_t) setfsuid(uid) == uid ? 0 : -1;
++#else
++	uid_t euid = geteuid();
++	uid_t ruid = getuid();
++	if (save)
++		*save = ruid;
++	if (ruid == uid && uid != 0)
++		if (setreuid(euid, uid))
++			return -1;
++	else {
++		setreuid(0, -1);
++		if (setreuid(-1, uid)) {
++			setreuid(-1, 0);
++			setreuid(0, -1);
++			if (setreuid(-1, uid))
++				return -1;
++		}
++	}
++#endif
+ }
+ static int change_gid(gid_t gid, gid_t *save)
+ {
++#ifdef HAVE_SYS_FSUID_H  
+ 	gid_t tmp = setfsgid(gid);
+ 	if (save)
+ 		*save = tmp;
+ 	return (gid_t) setfsgid(gid) == gid ? 0 : -1;
++#else
++	gid_t egid = getegid();
++	gid_t rgid = getgid();
++	if (save)
++		*save = rgid;
++	if (rgid == gid)
++		if (setregid(egid, gid))
++			return -1;
++	else {
++		setregid(0, -1);
++		if (setregid(-1, gid)) {
++			setregid(-1, 0);
++			setregid(0, -1);
++			if (setregid(-1, gid))
++				return -1;
++		}
++	}
++#endif	
+ }
+ 
+ static int cleanup(struct pam_modutil_privs *p)
-- 
2.6.3

Re: [PATCH] gnu: Add linux-pam.

[Ludovic Courtès]

Hi,

rennes <rennes@openmailbox.org> skribis:

> From b4753711aabcefa410b2eb4ced9d25e084bb7658 Mon Sep 17 00:00:00 2001
> From: Rene Saavedra <rennes@openmailbox.org>
> Date: Tue, 20 Sep 2016 14:59:20 -0500
> Subject: [PATCH] gnu: Add linux-pam.
>
> 	* gnu/packages/linux.scm (linux-pam): Use it.
> 	* gnu/packages/patches/linux-pam-no-setfsuid.patch: New file.
> 	* gnu/local.mk (dist_patch_DATA): Add it.

Applied a slightly modified variant as
411264c250cb6a6485851890f0d3ec5fb508dbfa.

Thanks!

Ludo’.