On systems without setfsuid(), use setreuid() instead.

Authors: Steve Langasek <vorlon@debian.org>

Upstream status: superseded by pam_modutil_set_euid proposal

Index: Linux-PAM/modules/pam_xauth/pam_xauth.c
===================================================================
--- Linux-PAM/modules/pam_xauth/pam_xauth.c.orig
+++ Linux-PAM/modules/pam_xauth/pam_xauth.c
@@ -35,7 +35,9 @@
 
 #include "config.h"
 #include <sys/types.h>
+#ifdef HAVE_SYS_FSUID_H
 #include <sys/fsuid.h>
+#endif /* HAVE_SYS_FSUID_H */
 #include <sys/wait.h>
 #include <errno.h>
 #include <fnmatch.h>
@@ -210,6 +212,9 @@
 	FILE *fp;
 	int i;
 	uid_t euid;
+#ifndef HAVE_SYS_FSUID_H
+	uid_t uid;
+#endif
 	/* Check this user's <sense> file. */
 	pwd = pam_modutil_getpwnam(pamh, this_user);
 	if (pwd == NULL) {
@@ -226,9 +231,34 @@
 		return PAM_SESSION_ERR;
 	}
 	euid = geteuid();
+#ifdef HAVE_SYS_FSUID_H
 	setfsuid(pwd->pw_uid);
+#else
+	uid = getuid();
+	if (uid == pwd->pw_uid)
+		setreuid(euid, uid);
+	else {
+		setreuid(0, -1);
+		if (setreuid(-1, uid) == -1) {
+			setreuid(-1, 0);
+			setreuid(0, -1);
+			if (setreuid(-1, pwd->pw_uid))
+				return PAM_CRED_INSUFFICIENT;
+		}
+	}
+#endif
 	fp = fopen(path, "r");
+#ifdef HAVE_SYS_FSUID_H
 	setfsuid(euid);
+#else
+	if (uid == pwd->pw_uid)
+		setreuid(uid, euid);
+	else {
+		if (setreuid(-1, 0) != -1)
+			setreuid(uid, -1);
+		setreuid(-1, euid);
+	}
+#endif
 	if (fp != NULL) {
 		char buf[LINE_MAX], *tmp;
 		/* Scan the file for a list of specs of users to "trust". */
@@ -297,6 +327,9 @@
 	int fd, i, debug = 0;
 	int retval = PAM_SUCCESS;
 	uid_t systemuser = 499, targetuser = 0, euid;
+#ifndef HAVE_SYS_FSUID_H
+	uid_t uid;
+#endif
 
 	/* Parse arguments.  We don't understand many, so no sense in breaking
 	 * this into a separate function. */
@@ -541,9 +574,34 @@
 
 		/* Generate a new file to hold the data. */
 		euid = geteuid();
+#ifdef HAVE_SYS_FSUID_H
 		setfsuid(tpwd->pw_uid);
+#else
+		uid = getuid();
+		if (uid == tpwd->pw_uid)
+			setreuid(euid, uid);
+		else {
+			setreuid(0, -1);
+			if (setreuid(-1, uid) == -1) {
+				setreuid(-1, 0);
+				setreuid(0, -1);
+				if (setreuid(-1, tpwd->pw_uid))
+					return PAM_CRED_INSUFFICIENT;
+			}
+		}
+#endif
 		fd = mkstemp(xauthority + strlen(XAUTHENV) + 1);
+#ifdef HAVE_SYS_FSUID_H
 		setfsuid(euid);
+#else
+		if (uid == tpwd->pw_uid)
+			setreuid(uid, euid);
+		else {
+			if (setreuid(-1, 0) == -1)
+				setreuid(uid, -1);
+			setreuid(-1, euid);
+		}
+#endif
 		if (fd == -1) {
 			pam_syslog(pamh, LOG_ERR,
 				   "error creating temporary file `%s': %m",
