--- Begin Message ---
Index: pam-1.5.3/modules/pam_nologin/tst-pam_nologin-retval.c
===================================================================
--- pam-1.5.3.orig/modules/pam_nologin/tst-pam_nologin-retval.c
+++ pam-1.5.3/modules/pam_nologin/tst-pam_nologin-retval.c
@@ -182,9 +182,17 @@ main(void)
pam_start_confdir(service_file, pw->pw_name,
&conv, ".", &pamh));
ASSERT_NE(NULL, pamh);
+#ifndef __GNU__ /* This assertion fails on GNU/Hurd */
ASSERT_EQ(PAM_SYSTEM_ERR, pam_authenticate(pamh, 0));
+#else
+ ASSERT_EQ(PAM_PERM_DENIED, pam_authenticate(pamh, 0));
+#endif
ASSERT_EQ(PAM_PERM_DENIED, pam_setcred(pamh, 0));
+#ifndef __GNU__ /* This assertion fails on GNU/Hurd */
ASSERT_EQ(PAM_SYSTEM_ERR, pam_acct_mgmt(pamh, 0));
+#else
+ ASSERT_EQ(PAM_PERM_DENIED, pam_acct_mgmt(pamh, 0));
+#endif
ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_chauthtok(pamh, 0));
ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_open_session(pamh, 0));
ASSERT_EQ(PAM_MODULE_UNKNOWN, pam_close_session(pamh, 0));
Description: define PATH_MAX for compatibility when it's not already set
Some platforms, such as the Hurd, don't set PATH_MAX. Set a reasonable
default value in this case.
Authors: Steve Langasek <vor...@debian.org>, Svante Signell
<svante.sign...@gmail.com>
Bug-Debian: http://bugs.debian.org/<tbd>
Index: pam-1.5.3/libpam/include/path_max.h
===================================================================
--- /dev/null
+++ pam-1.5.3/libpam/include/path_max.h
@@ -0,0 +1,7 @@
+/*
+ * Define PATH_MAX if not available
+ */
+
+#ifndef PAH_MAX
+#define PATH_MAX 4096
+#endif
Index: pam-1.5.3/tests/tst-dlopen.c
===================================================================
--- pam-1.5.3.orig/tests/tst-dlopen.c
+++ pam-1.5.3/tests/tst-dlopen.c
@@ -16,6 +16,9 @@
#include <limits.h>
#include <sys/stat.h>
+/* Hurd compatibility */
+#include "path_max.h"
+
/* Simple program to see if dlopen() would succeed. */
int main(int argc, char **argv)
{
Index: pam-1.5.3/modules/pam_debug/tst-pam_debug-retval.c
===================================================================
--- pam-1.5.3.orig/modules/pam_debug/tst-pam_debug-retval.c
+++ pam-1.5.3/modules/pam_debug/tst-pam_debug-retval.c
@@ -11,6 +11,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include "path_max.h"
#define MODULE_NAME "pam_debug"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
Index: pam-1.5.3/modules/pam_deny/tst-pam_deny-retval.c
===================================================================
--- pam-1.5.3.orig/modules/pam_deny/tst-pam_deny-retval.c
+++ pam-1.5.3/modules/pam_deny/tst-pam_deny-retval.c
@@ -11,6 +11,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include "path_max.h"
#define MODULE_NAME "pam_deny"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
Index: pam-1.5.3/modules/pam_echo/tst-pam_echo-retval.c
===================================================================
--- pam-1.5.3.orig/modules/pam_echo/tst-pam_echo-retval.c
+++ pam-1.5.3/modules/pam_echo/tst-pam_echo-retval.c
@@ -11,6 +11,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include "path_max.h"
#define MODULE_NAME "pam_echo"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
Index: pam-1.5.3/modules/pam_faildelay/tst-pam_faildelay-retval.c
===================================================================
--- pam-1.5.3.orig/modules/pam_faildelay/tst-pam_faildelay-retval.c
+++ pam-1.5.3/modules/pam_faildelay/tst-pam_faildelay-retval.c
@@ -11,6 +11,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include "path_max.h"
#define MODULE_NAME "pam_faildelay"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
Index: pam-1.5.3/modules/pam_localuser/tst-pam_localuser-retval.c
===================================================================
--- pam-1.5.3.orig/modules/pam_localuser/tst-pam_localuser-retval.c
+++ pam-1.5.3/modules/pam_localuser/tst-pam_localuser-retval.c
@@ -12,6 +12,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include "path_max.h"
#define MODULE_NAME "pam_localuser"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
Index: pam-1.5.3/modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c
===================================================================
--- pam-1.5.3.orig/modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c
+++ pam-1.5.3/modules/pam_mkhomedir/tst-pam_mkhomedir-retval.c
@@ -14,6 +14,7 @@
#include <pwd.h>
#include <sys/stat.h>
#include <security/pam_appl.h>
+#include "path_max.h"
#define MODULE_NAME "pam_mkhomedir"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
Index: pam-1.5.3/modules/pam_nologin/tst-pam_nologin-retval.c
===================================================================
--- pam-1.5.3.orig/modules/pam_nologin/tst-pam_nologin-retval.c
+++ pam-1.5.3/modules/pam_nologin/tst-pam_nologin-retval.c
@@ -12,6 +12,7 @@
#include <unistd.h>
#include <pwd.h>
#include <security/pam_appl.h>
+#include "path_max.h"
#define MODULE_NAME "pam_nologin"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
Index: pam-1.5.3/modules/pam_permit/tst-pam_permit-retval.c
===================================================================
--- pam-1.5.3.orig/modules/pam_permit/tst-pam_permit-retval.c
+++ pam-1.5.3/modules/pam_permit/tst-pam_permit-retval.c
@@ -11,6 +11,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include "path_max.h"
#define MODULE_NAME "pam_permit"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
Index: pam-1.5.3/modules/pam_rootok/tst-pam_rootok-retval.c
===================================================================
--- pam-1.5.3.orig/modules/pam_rootok/tst-pam_rootok-retval.c
+++ pam-1.5.3/modules/pam_rootok/tst-pam_rootok-retval.c
@@ -11,6 +11,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include "path_max.h"
#define MODULE_NAME "pam_rootok"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
Index: pam-1.5.3/modules/pam_warn/tst-pam_warn-retval.c
===================================================================
--- pam-1.5.3.orig/modules/pam_warn/tst-pam_warn-retval.c
+++ pam-1.5.3/modules/pam_warn/tst-pam_warn-retval.c
@@ -11,6 +11,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include "path_max.h"
#define MODULE_NAME "pam_warn"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
Index: pam-1.5.3/modules/pam_pwhistory/opasswd.c
===================================================================
--- pam-1.5.3.orig/modules/pam_pwhistory/opasswd.c
+++ pam-1.5.3/modules/pam_pwhistory/opasswd.c
@@ -71,6 +71,7 @@
#include "pam_inline.h"
#include "opasswd.h"
+#include "path_max.h"
#ifndef RANDOM_DEVICE
#define RANDOM_DEVICE "/dev/urandom"
Index: pam-1.5.3/modules/pam_env/tst-pam_env-retval.c
===================================================================
--- pam-1.5.3.orig/modules/pam_env/tst-pam_env-retval.c
+++ pam-1.5.3/modules/pam_env/tst-pam_env-retval.c
@@ -16,6 +16,7 @@
#include <unistd.h>
#include <sys/stat.h>
#include <security/pam_appl.h>
+#include <path_max.h>
#define MODULE_NAME "pam_env"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
Index: pam-1.5.3/modules/pam_faillock/tst-pam_faillock-retval.c
===================================================================
--- pam-1.5.3.orig/modules/pam_faillock/tst-pam_faillock-retval.c
+++ pam-1.5.3/modules/pam_faillock/tst-pam_faillock-retval.c
@@ -9,6 +9,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include "path_max.h"
#define MODULE_NAME "pam_faillock"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
Index: pam-1.5.3/modules/pam_pwhistory/tst-pam_pwhistory-retval.c
===================================================================
--- pam-1.5.3.orig/modules/pam_pwhistory/tst-pam_pwhistory-retval.c
+++ pam-1.5.3/modules/pam_pwhistory/tst-pam_pwhistory-retval.c
@@ -11,6 +11,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include "path_max.h"
#define MODULE_NAME "pam_pwhistory"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
Index: pam-1.5.3/modules/pam_time/tst-pam_time-retval.c
===================================================================
--- pam-1.5.3.orig/modules/pam_time/tst-pam_time-retval.c
+++ pam-1.5.3/modules/pam_time/tst-pam_time-retval.c
@@ -12,6 +12,7 @@
#include <string.h>
#include <unistd.h>
#include <security/pam_appl.h>
+#include "path_max.h"
#define MODULE_NAME "pam_time"
#define TEST_NAME "tst-" MODULE_NAME "-retval"
Index: pam-1.5.3/examples/tty_conv.c
===================================================================
--- pam-1.5.3.orig/examples/tty_conv.c
+++ pam-1.5.3/examples/tty_conv.c
@@ -6,7 +6,12 @@
#include <string.h>
#include <errno.h>
#include <unistd.h>
+#ifndef __GNU__
#include <termio.h>
+#else
+#include <termios.h>
+#include <sys/ioctl.h>
+#endif
#include <security/pam_appl.h>
/***************************************
@@ -16,6 +21,7 @@
***************************************/
static void echoOff(int fd, int off)
{
+#ifndef __GNU__
struct termio tty;
if (ioctl(fd, TCGETA, &tty) < 0)
{
@@ -39,6 +45,31 @@ static void echoOff(int fd, int off)
fprintf(stderr, "TCSETAW failed: %s\n", strerror(errno));
}
}
+#else
+ struct termios tty;
+ if (ioctl(fd, TIOCGETA, &tty) < 0)
+ {
+ fprintf(stderr, "TIOCGETA failed: %s\n", strerror(errno));
+ return;
+ }
+
+ if (off)
+ {
+ tty.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
+ if (ioctl(fd, TIOCSETAF, &tty) < 0)
+ {
+ fprintf(stderr, "TIOCSETAF failed: %s\n", strerror(errno));
+ }
+ }
+ else
+ {
+ tty.c_lflag |= (ECHO | ECHOE | ECHOK | ECHONL);
+ if (ioctl(fd, TIOCSETAW, &tty) < 0)
+ {
+ fprintf(stderr, "TIOCSETAW failed: %s\n", strerror(errno));
+ }
+ }
+#endif
}
/***************************************
--- a/debian/libpam-modules-bin.install 2024-04-09 00:35:07.000000000 +0200
+++ b/debian/libpam-modules-bin.install 2024-04-11 14:16:48.000000000 +0200
@@ -1,9 +1,10 @@
+#!/usr/bin/dh-exec
usr/sbin/unix_chkpwd
usr/sbin/unix_update
usr/sbin/mkhomedir_helper
-usr/sbin/pam_namespace_helper
+[linux-any] usr/sbin/pam_namespace_helper
usr/sbin/pwhistory_helper
usr/sbin/pam_timestamp_check
usr/sbin/faillock
modules/pam_faillock/faillock.8 usr/share/man/man8
-usr/lib/systemd/system/pam_namespace.service
+[linux-any] usr/lib/systemd/system/pam_namespace.service
Index: pam-1.5.3/modules/pam_limits/pam_limits.c
===================================================================
--- pam-1.5.3.orig/modules/pam_limits/pam_limits.c
+++ pam-1.5.3/modules/pam_limits/pam_limits.c
@@ -28,7 +28,9 @@
#include <syslog.h>
#include <stdarg.h>
#include <signal.h>
+#ifdef __linux__
#include <sys/prctl.h>
+#endif
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/resource.h>
@@ -402,6 +404,7 @@ static rlim_t str2rlim_t(char *value) {
item = line + pos + 1; \
}
+#ifdef __linux__
static void parse_kernel_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl)
{
int i, maxlen = 0;
@@ -470,6 +473,7 @@ static void parse_kernel_limits(pam_hand
pl->limits[RLIMIT_NOFILE].limit.rlim_cur = FD_SETSIZE;
}
}
+#endif
static int init_limits(pam_handle_t *pamh, struct pam_limit_s *pl, int ctrl)
{
@@ -1177,10 +1181,12 @@ static int setup_limits(pam_handle_t *pa
}
if (pl->nonewprivs) {
+#ifdef __linux__
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) < 0) {
pam_syslog(pamh, LOG_ERR, "Could not set prctl(PR_SET_NO_NEW_PRIVS): %m");
retval |= LIMIT_ERR;
}
+#endif
}
if (!retval && pl->chroot_dir[0]) {
--- End Message ---