Hello,
On 2025-02-08 09:05, Sam Hartman wrote:
* I work with the porter and review the patches.
Thanks.
I have put 2 patches in attachment. `hurd-fix.patch` is the
real patch for fixing problems on Hurd. You have to put this
to `debian/patches` manually and change the `series`.
`hurd-debian.patch` is to fix and remove current wrong
things about Hurd and fix install file problem in debian.
However, you still have to manually add `hurd-fix.patch` to
`debian/patches` and do whatever you want then.
No tests are disabled on Hurd. I have tested on my Hurd and it
works. I can't guarantee the patch works perfectly. But I'm
willing to improve it again.
This patch still uses a PATH_MAX stuck on Hurd. But it at least
can unblock your other works. For solving the real problems,
I'll try to push PATH_MAX and related portable patches to
upstream as much as I can. If I make it, the Hurd patch can be
removed then. No guarantee also. I'm just a porter.
* I summarize my thinking on the thread I started about PATHMAX and max
hostname, letting people know what patches I'm open to and what
patches
I'm not. I'll try to make a response within two weeks.
If you do not hear from me in that time, please prod me until you get a
response.
I have no idea on this. I have read some of your debate mails. For the
.install problem, I think this can't be avoid when a program has to
be run on different platforms. I should be very common for the product
files of building to be different on different platforms. I'm not
demanding you to always handle this like some duty. I just want to
say this is inevitable truth.
Thanks.
--
Yuqian Yang <crup...@crupest.life>
diff --git a/examples/tty_conv.c b/examples/tty_conv.c
index 59bbb3b3..0a7af97c 100644
--- a/examples/tty_conv.c
+++ b/examples/tty_conv.c
@@ -8,7 +8,6 @@
#include <unistd.h>
#include <termios.h>
#include <security/pam_appl.h>
-#include <sys/ioctl.h>
/***************************************
* @brief echo off/on
@@ -18,7 +17,7 @@
static void echoOff(int fd, int off)
{
struct termios tty;
- if (ioctl(fd, TCGETA, &tty) < 0)
+ if (tcgetattr(fd, &tty) < 0)
{
fprintf(stderr, "TCGETA failed: %s\n", strerror(errno));
return;
@@ -27,7 +26,7 @@ static void echoOff(int fd, int off)
if (off)
{
tty.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
- if (ioctl(fd, TCSETAF, &tty) < 0)
+ if (tcsetattr(fd, TCSAFLUSH, &tty) < 0)
{
fprintf(stderr, "TCSETAF failed: %s\n", strerror(errno));
}
@@ -35,7 +34,7 @@ static void echoOff(int fd, int off)
else
{
tty.c_lflag |= (ECHO | ECHOE | ECHOK | ECHONL);
- if (ioctl(fd, TCSETAW, &tty) < 0)
+ if (tcsetattr(fd, TCSADRAIN, &tty) < 0)
{
fprintf(stderr, "TCSETAW failed: %s\n", strerror(errno));
}
diff --git a/libpam/include/pam_hurd_max_stub.h b/libpam/include/pam_hurd_max_stub.h
new file mode 100644
index 00000000..c3c9b510
--- /dev/null
+++ b/libpam/include/pam_hurd_max_stub.h
@@ -0,0 +1,11 @@
+#ifndef PAM_HURD_MAX_STUB_H
+#define PAM_HURD_MAX_STUB_H
+
+/*
+ * Define PATH_MAX if not available
+ */
+#ifndef PATH_MAX
+#define PATH_MAX 4096
+#endif
+
+#endif
diff --git a/libpam/pam_modutil_priv.c b/libpam/pam_modutil_priv.c
index a463e06a..cf0ce3ce 100644
--- a/libpam/pam_modutil_priv.c
+++ b/libpam/pam_modutil_priv.c
@@ -14,7 +14,9 @@
#include <syslog.h>
#include <pwd.h>
#include <grp.h>
+#ifdef HAVE_SYS_FSUID_H
#include <sys/fsuid.h>
+#endif /* HAVE_SYS_FSUID_H */
/*
* Two setfsuid() calls in a row are necessary to check
@@ -22,17 +24,32 @@
*/
static int change_uid(uid_t uid, uid_t *save)
{
+#ifdef HAVE_SYS_FSUID_H
uid_t tmp = setfsuid(uid);
if (save)
*save = tmp;
return (uid_t) setfsuid(uid) == uid ? 0 : -1;
+#else
+ uid_t euid = geteuid();
+ if (save)
+ *save = euid;
+ return setresuid(-1, uid, euid);
+#endif
}
+
static int change_gid(gid_t gid, gid_t *save)
{
+#ifdef HAVE_SYS_FSUID_H
gid_t tmp = setfsgid(gid);
if (save)
*save = tmp;
return (gid_t) setfsgid(gid) == gid ? 0 : -1;
+#else
+ uid_t egid = getegid();
+ if (save)
+ *save = egid;
+ return setresgid(-1, gid, egid);
+#endif
}
static int cleanup(struct pam_modutil_privs *p)
diff --git a/modules/pam_debug/tst-pam_debug-retval.c b/modules/pam_debug/tst-pam_debug-retval.c
index e83c89d5..ae5772a3 100644
--- a/modules/pam_debug/tst-pam_debug-retval.c
+++ b/modules/pam_debug/tst-pam_debug-retval.c
@@ -11,6 +11,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include <pam_hurd_max_stub.h>
#define MODULE_NAME "pam_debug"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
diff --git a/modules/pam_deny/tst-pam_deny-retval.c b/modules/pam_deny/tst-pam_deny-retval.c
index 665fcef4..3fa29591 100644
--- a/modules/pam_deny/tst-pam_deny-retval.c
+++ b/modules/pam_deny/tst-pam_deny-retval.c
@@ -11,6 +11,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include <pam_hurd_max_stub.h>
#define MODULE_NAME "pam_deny"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
diff --git a/modules/pam_echo/tst-pam_echo-retval.c b/modules/pam_echo/tst-pam_echo-retval.c
index 8264cb0e..acceffd0 100644
--- a/modules/pam_echo/tst-pam_echo-retval.c
+++ b/modules/pam_echo/tst-pam_echo-retval.c
@@ -11,6 +11,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include <pam_hurd_max_stub.h>
#define MODULE_NAME "pam_echo"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
diff --git a/modules/pam_faildelay/tst-pam_faildelay-retval.c b/modules/pam_faildelay/tst-pam_faildelay-retval.c
index 72b16ef9..a73876ad 100644
--- a/modules/pam_faildelay/tst-pam_faildelay-retval.c
+++ b/modules/pam_faildelay/tst-pam_faildelay-retval.c
@@ -11,6 +11,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include <pam_hurd_max_stub.h>
#define MODULE_NAME "pam_faildelay"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
diff --git a/modules/pam_localuser/tst-pam_localuser-retval.c b/modules/pam_localuser/tst-pam_localuser-retval.c
index f6c22f97..1f576ab4 100644
--- a/modules/pam_localuser/tst-pam_localuser-retval.c
+++ b/modules/pam_localuser/tst-pam_localuser-retval.c
@@ -12,6 +12,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include <pam_hurd_max_stub.h>
#define MODULE_NAME "pam_localuser"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
diff --git a/modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c b/modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c
index 282c5cd0..ada30f9b 100644
--- a/modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c
+++ b/modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c
@@ -14,6 +14,7 @@
#include <pwd.h>
#include <sys/stat.h>
#include <security/pam_appl.h>
+#include <pam_hurd_max_stub.h>
#define MODULE_NAME "pam_mkhomedir"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
diff --git a/modules/pam_nologin/tst-pam_nologin-retval.c b/modules/pam_nologin/tst-pam_nologin-retval.c
index 4d44a380..47e3f2d1 100644
--- a/modules/pam_nologin/tst-pam_nologin-retval.c
+++ b/modules/pam_nologin/tst-pam_nologin-retval.c
@@ -12,6 +12,7 @@
#include <unistd.h>
#include <pwd.h>
#include <security/pam_appl.h>
+#include <pam_hurd_max_stub.h>
#define MODULE_NAME "pam_nologin"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
diff --git a/modules/pam_permit/tst-pam_permit-retval.c b/modules/pam_permit/tst-pam_permit-retval.c
index aacdedba..a129bb82 100644
--- a/modules/pam_permit/tst-pam_permit-retval.c
+++ b/modules/pam_permit/tst-pam_permit-retval.c
@@ -11,6 +11,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include <pam_hurd_max_stub.h>
#define MODULE_NAME "pam_permit"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
diff --git a/modules/pam_rootok/tst-pam_rootok-retval.c b/modules/pam_rootok/tst-pam_rootok-retval.c
index 990ee126..bb05a195 100644
--- a/modules/pam_rootok/tst-pam_rootok-retval.c
+++ b/modules/pam_rootok/tst-pam_rootok-retval.c
@@ -11,6 +11,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include <pam_hurd_max_stub.h>
#define MODULE_NAME "pam_rootok"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
diff --git a/modules/pam_warn/tst-pam_warn-retval.c b/modules/pam_warn/tst-pam_warn-retval.c
index 48b1f311..83bf2aad 100644
--- a/modules/pam_warn/tst-pam_warn-retval.c
+++ b/modules/pam_warn/tst-pam_warn-retval.c
@@ -11,6 +11,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include <pam_hurd_max_stub.h>
#define MODULE_NAME "pam_warn"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c
index 5e80b312..6c70b3f7 100644
--- a/modules/pam_xauth/pam_xauth.c
+++ b/modules/pam_xauth/pam_xauth.c
@@ -67,6 +67,10 @@
#include "pam_cc_compat.h"
#include "pam_inline.h"
+#ifndef HOST_NAME_MAX
+#define HOST_NAME_MAX 255
+#endif
+
#define DATANAME "pam_xauth_cookie_file"
#define XAUTHENV "XAUTHORITY"
#define HOMEENV "HOME"
diff --git a/tests/tst-dlopen.c b/tests/tst-dlopen.c
index cba3e9a8..118091ad 100644
--- a/tests/tst-dlopen.c
+++ b/tests/tst-dlopen.c
@@ -14,9 +14,7 @@
#include <limits.h>
#include <sys/stat.h>
-#ifndef PATH_MAX
-# define PATH_MAX 4096
-#endif
+#include <pam_hurd_max_stub.h>
/* Simple program to see if dlopen() would succeed. */
int main(int argc, char **argv)
diff --git a/debian/libpam-modules-bin.install b/debian/libpam-modules-bin.install
old mode 100644
new mode 100755
index 3c70ef6f..2c81062c
--- a/debian/libpam-modules-bin.install
+++ b/debian/libpam-modules-bin.install
@@ -1,8 +1,9 @@
+#!/usr/bin/dh-exec
usr/sbin/unix_chkpwd
-usr/sbin/unix_update
+[linux-any] usr/sbin/unix_update
usr/sbin/mkhomedir_helper
-usr/sbin/pam_namespace_helper
+[linux-any] usr/sbin/pam_namespace_helper
usr/sbin/pwhistory_helper
usr/sbin/pam_timestamp_check
usr/sbin/faillock
-usr/lib/systemd/system/pam_namespace.service
+[linux-any] usr/lib/systemd/system/pam_namespace.service
\ No newline at end of file
diff --git a/debian/patches/hurd_no_setfsuid b/debian/patches/hurd_no_setfsuid
deleted file mode 100644
index 16d8ba54..00000000
--- a/debian/patches/hurd_no_setfsuid
+++ /dev/null
@@ -1,84 +0,0 @@
-From: Sam Hartman <hartm...@debian.org>
-Date: Mon, 11 Sep 2023 14:00:42 -0600
-Subject: hurd_no_setfsuid
-
-On systems without setfsuid(), use setreuid() instead.
-
-Authors: Steve Langasek <vor...@debian.org>
-
-Upstream status: to be forwarded, now that pam_modutil_{drop,regain}_priv
- are implemented
----
- libpam/pam_modutil_priv.c | 40 ++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 40 insertions(+)
-
-diff --git a/libpam/pam_modutil_priv.c b/libpam/pam_modutil_priv.c
-index a463e06..7df6e6b 100644
---- a/libpam/pam_modutil_priv.c
-+++ b/libpam/pam_modutil_priv.c
-@@ -14,7 +14,9 @@
- #include <syslog.h>
- #include <pwd.h>
- #include <grp.h>
-+#ifdef HAVE_SYS_FSUID_H
- #include <sys/fsuid.h>
-+#endif /* HAVE_SYS_FSUID_H */
-
- /*
- * Two setfsuid() calls in a row are necessary to check
-@@ -22,17 +24,55 @@
- */
- static int change_uid(uid_t uid, uid_t *save)
- {
-+#ifdef HAVE_SYS_FSUID_H
- uid_t tmp = setfsuid(uid);
- if (save)
- *save = tmp;
- return (uid_t) setfsuid(uid) == uid ? 0 : -1;
-+#else
-+ uid_t euid = geteuid();
-+ uid_t ruid = getuid();
-+ if (save)
-+ *save = ruid;
-+ if (ruid == uid && uid != 0)
-+ if (setreuid(euid, uid))
-+ return -1;
-+ else {
-+ setreuid(0, -1);
-+ if (setreuid(-1, uid)) {
-+ setreuid(-1, 0);
-+ setreuid(0, -1);
-+ if (setreuid(-1, uid))
-+ return -1;
-+ }
-+ }
-+#endif
- }
- static int change_gid(gid_t gid, gid_t *save)
- {
-+#ifdef HAVE_SYS_FSUID_H
- gid_t tmp = setfsgid(gid);
- if (save)
- *save = tmp;
- return (gid_t) setfsgid(gid) == gid ? 0 : -1;
-+#else
-+ gid_t egid = getegid();
-+ gid_t rgid = getgid();
-+ if (save)
-+ *save = rgid;
-+ if (rgid == gid)
-+ if (setregid(egid, gid))
-+ return -1;
-+ else {
-+ setregid(0, -1);
-+ if (setregid(-1, gid)) {
-+ setregid(-1, 0);
-+ setregid(0, -1);
-+ if (setregid(-1, gid))
-+ return -1;
-+ }
-+ }
-+#endif
- }
-
- static int cleanup(struct pam_modutil_privs *p)
diff --git a/debian/patches/series b/debian/patches/series
index 1745a718..72004d79 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,8 +10,6 @@ pam-limits-nofile-fd-setsize-cap
008_modules_pam_limits_chroot
040_pam_limits_log_failure
045_pam_dispatch_jump_is_ignore
-# Broken after meson.build ; see #1095194
-# hurd_no_setfsuid
PAM-manpage-section
update-motd
lib_security_multiarch_compat
