[PATCH] gnu: Add linux-pam.

[rennes@openmailbox.org]

[-- Attachment #1: Type: text/plain, Size: 268 bytes --]

This is a patch for linux-pam, at compile on the Hurd system searches 
the file fsuid.h. The patch was taken from the Debian project.

  * This patch is prerequisite for lsh/openssh packages.
  * The patch was build and installed on Linux and the Hurd systems.

Thanks

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-gnu-Add-linux-pam.patch --]
[-- Type: text/x-diff; name=0001-gnu-Add-linux-pam.patch, Size: 4582 bytes --]

From c7ddf09a79ad33d69b5ac8080b6131763e836ae5 Mon Sep 17 00:00:00 2001
From: Rene Saavedra <rennes@openmailbox.org>
Date: Fri, 26 Aug 2016 23:19:14 -0500
Subject: [PATCH] gnu: Add linux-pam.

	* gnu/packages/linux.scm (linux-pam): Use it.
	* gnu/packages/patches/linux-pam-no-setfsuid.patch: New file.
	* gnu/local.mk (dist_patch_DATA): Add it.
---
 gnu/local.mk                                     |  2 +
 gnu/packages/linux.scm                           |  6 +-
 gnu/packages/patches/linux-pam-no-setfsuid.patch | 79 ++++++++++++++++++++++++
 3 files changed, 86 insertions(+), 1 deletion(-)
 create mode 100644 gnu/packages/patches/linux-pam-no-setfsuid.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index b8c5378..391aa8a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -5,6 +5,7 @@
 # Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 # Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
 # Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+# Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 #
 # This file is part of GNU Guix.
 #
@@ -644,6 +645,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libwmf-CVE-2015-4695.patch		\
   %D%/packages/patches/libwmf-CVE-2015-4696.patch		\
   %D%/packages/patches/libxslt-generated-ids.patch		\
+  %D%/packages/patches/linux-pam-no-setfsuid.patch		\
   %D%/packages/patches/lirc-localstatedir.patch			\
   %D%/packages/patches/lm-sensors-hwmon-attrs.patch		\
   %D%/packages/patches/lua-CVE-2014-5461.patch                      \
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 1fd792d..8d7ff4c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -14,6 +14,7 @@
 ;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
+;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -390,7 +391,10 @@ It has been modified to remove all non-free binary blobs.")
                                 version ".tar.bz2")))
       (sha256
        (base32
-        "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))))
+        "1n9lnf9gjs72kbj1g354v1xhi2j27aqaah15vykh7cnkq08i4arl"))
+      ;; On the Hurd system in the 'build' phase seeks fsuid.h file.
+      (patches (search-patches
+                "linux-pam-no-setfsuid.patch"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("flex" ,flex)
diff --git a/gnu/packages/patches/linux-pam-no-setfsuid.patch b/gnu/packages/patches/linux-pam-no-setfsuid.patch
new file mode 100644
index 0000000..7940c5a
--- /dev/null
+++ b/gnu/packages/patches/linux-pam-no-setfsuid.patch
@@ -0,0 +1,79 @@
+The patch originates from the Debian project for the Hurd system.
+
+On systems without setfsuid(), use setreuid() instead.
+
+Authors: Steve Langasek <vorlon@debian.org>
+
+Upstream status: to be forwarded, now that pam_modutil_{drop,regain}_priv
+ are implemented
+
+Index: pam.debian/libpam/pam_modutil_priv.c
+===================================================================
+--- pam.debian.orig/libpam/pam_modutil_priv.c
++++ pam.debian/libpam/pam_modutil_priv.c
+@@ -14,7 +14,9 @@
+ #include <syslog.h>
+ #include <pwd.h>
+ #include <grp.h>
++#ifdef HAVE_SYS_FSUID_H
+ #include <sys/fsuid.h>
++#endif /* HAVE_SYS_FSUID_H */
+ 
+ /*
+  * Two setfsuid() calls in a row are necessary to check
+@@ -22,17 +24,55 @@
+  */
+ static int change_uid(uid_t uid, uid_t *save)
+ {
++#ifdef HAVE_SYS_FSUID_H
+ 	uid_t tmp = setfsuid(uid);
+ 	if (save)
+ 		*save = tmp;
+ 	return (uid_t) setfsuid(uid) == uid ? 0 : -1;
++#else
++	uid_t euid = geteuid();
++	uid_t ruid = getuid();
++	if (save)
++		*save = ruid;
++	if (ruid == uid && uid != 0)
++		if (setreuid(euid, uid))
++			return -1;
++	else {
++		setreuid(0, -1);
++		if (setreuid(-1, uid)) {
++			setreuid(-1, 0);
++			setreuid(0, -1);
++			if (setreuid(-1, uid))
++				return -1;
++		}
++	}
++#endif
+ }
+ static int change_gid(gid_t gid, gid_t *save)
+ {
++#ifdef HAVE_SYS_FSUID_H
+ 	gid_t tmp = setfsgid(gid);
+ 	if (save)
+ 		*save = tmp;
+ 	return (gid_t) setfsgid(gid) == gid ? 0 : -1;
++#else
++	gid_t egid = getegid();
++	gid_t rgid = getgid();
++	if (save)
++		*save = rgid;
++	if (rgid == gid)
++		if (setregid(egid, gid))
++			return -1;
++	else {
++		setregid(0, -1);
++		if (setregid(-1, gid)) {
++			setregid(-1, 0);
++			setregid(0, -1);
++			if (setregid(-1, gid))
++				return -1;
++		}
++	}
++#endif
+ }
+ 
+ static int cleanup(struct pam_modutil_privs *p)
-- 
2.6.3