Brad Bishop | 15ae250 | 2019-06-18 21:44:24 -0400 | [diff] [blame^] | 1 | From 21aa2747e8f0048759aab184b07dd6389666d5e6 Mon Sep 17 00:00:00 2001 |
| 2 | From: Khem Raj <raj.khem@gmail.com> |
| 3 | Date: Wed, 22 May 2019 13:18:55 -0700 |
| 4 | Subject: [PATCH] make netgroup support optional |
| 5 | |
| 6 | On at least Linux/musl and Linux/uclibc, netgroup |
| 7 | support is not available. PolKit fails to compile on these systems |
| 8 | for that reason. |
| 9 | |
| 10 | This change makes netgroup support conditional on the presence of the |
| 11 | setnetgrent(3) function which is required for the support to work. If |
| 12 | that function is not available on the system, an error will be returned |
| 13 | to the administrator if unix-netgroup: is specified in configuration. |
| 14 | |
| 15 | Fixes bug 50145. |
| 16 | |
| 17 | Closes polkit/polkit#14. |
| 18 | Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com> |
| 19 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
| 20 | --- |
| 21 | configure.ac | 2 +- |
| 22 | src/polkit/polkitidentity.c | 16 ++++++++++++++++ |
| 23 | src/polkit/polkitunixnetgroup.c | 3 +++ |
| 24 | .../polkitbackendinteractiveauthority.c | 14 ++++++++------ |
| 25 | src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++ |
| 26 | test/polkit/polkitidentitytest.c | 9 ++++++++- |
| 27 | test/polkit/polkitunixnetgrouptest.c | 3 +++ |
| 28 | .../test-polkitbackendjsauthority.c | 2 ++ |
| 29 | 8 files changed, 43 insertions(+), 8 deletions(-) |
| 30 | |
| 31 | --- a/configure.ac |
| 32 | +++ b/configure.ac |
| 33 | @@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXP |
| 34 | [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) |
| 35 | AC_SUBST(EXPAT_LIBS) |
| 36 | |
| 37 | -AC_CHECK_FUNCS(clearenv fdatasync) |
| 38 | +AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) |
| 39 | |
| 40 | if test "x$GCC" = "xyes"; then |
| 41 | LDFLAGS="-Wl,--as-needed $LDFLAGS" |
| 42 | --- a/src/polkit/polkitidentity.c |
| 43 | +++ b/src/polkit/polkitidentity.c |
| 44 | @@ -182,7 +182,15 @@ polkit_identity_from_string (const gcha |
| 45 | } |
| 46 | else if (g_str_has_prefix (str, "unix-netgroup:")) |
| 47 | { |
| 48 | +#ifndef HAVE_SETNETGRENT |
| 49 | + g_set_error (error, |
| 50 | + POLKIT_ERROR, |
| 51 | + POLKIT_ERROR_FAILED, |
| 52 | + "Netgroups are not available on this machine ('%s')", |
| 53 | + str); |
| 54 | +#else |
| 55 | identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); |
| 56 | +#endif |
| 57 | } |
| 58 | |
| 59 | if (identity == NULL && (error != NULL && *error == NULL)) |
| 60 | @@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVaria |
| 61 | GVariant *v; |
| 62 | const char *name; |
| 63 | |
| 64 | +#ifndef HAVE_SETNETGRENT |
| 65 | + g_set_error (error, |
| 66 | + POLKIT_ERROR, |
| 67 | + POLKIT_ERROR_FAILED, |
| 68 | + "Netgroups are not available on this machine"); |
| 69 | + goto out; |
| 70 | +#else |
| 71 | v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); |
| 72 | if (v == NULL) |
| 73 | { |
| 74 | @@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVaria |
| 75 | name = g_variant_get_string (v, NULL); |
| 76 | ret = polkit_unix_netgroup_new (name); |
| 77 | g_variant_unref (v); |
| 78 | +#endif |
| 79 | } |
| 80 | else |
| 81 | { |
| 82 | --- a/src/polkit/polkitunixnetgroup.c |
| 83 | +++ b/src/polkit/polkitunixnetgroup.c |
| 84 | @@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUni |
| 85 | PolkitIdentity * |
| 86 | polkit_unix_netgroup_new (const gchar *name) |
| 87 | { |
| 88 | +#ifndef HAVE_SETNETGRENT |
| 89 | + g_assert_not_reached(); |
| 90 | +#endif |
| 91 | g_return_val_if_fail (name != NULL, NULL); |
| 92 | return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, |
| 93 | "name", name, |
| 94 | --- a/src/polkitbackend/polkitbackendinteractiveauthority.c |
| 95 | +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c |
| 96 | @@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity |
| 97 | GList *ret; |
| 98 | |
| 99 | ret = NULL; |
| 100 | +#ifdef HAVE_SETNETGRENT |
| 101 | name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); |
| 102 | |
| 103 | -#ifdef HAVE_SETNETGRENT_RETURN |
| 104 | +# ifdef HAVE_SETNETGRENT_RETURN |
| 105 | if (setnetgrent (name) == 0) |
| 106 | { |
| 107 | g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); |
| 108 | goto out; |
| 109 | } |
| 110 | -#else |
| 111 | +# else |
| 112 | setnetgrent (name); |
| 113 | -#endif |
| 114 | +# endif /* HAVE_SETNETGRENT_RETURN */ |
| 115 | |
| 116 | for (;;) |
| 117 | { |
| 118 | -#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) |
| 119 | +# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) |
| 120 | const char *hostname, *username, *domainname; |
| 121 | -#else |
| 122 | +# else |
| 123 | char *hostname, *username, *domainname; |
| 124 | -#endif |
| 125 | +# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ |
| 126 | PolkitIdentity *user; |
| 127 | GError *error = NULL; |
| 128 | |
| 129 | @@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity |
| 130 | |
| 131 | out: |
| 132 | endnetgrent (); |
| 133 | +#endif /* HAVE_SETNETGRENT */ |
| 134 | return ret; |
| 135 | } |
| 136 | |
| 137 | --- a/src/polkitbackend/polkitbackendjsauthority.cpp |
| 138 | +++ b/src/polkitbackend/polkitbackendjsauthority.cpp |
| 139 | @@ -1502,6 +1502,7 @@ js_polkit_user_is_in_netgroup (JSContext |
| 140 | |
| 141 | JS::CallArgs args = JS::CallArgsFromVp (argc, vp); |
| 142 | |
| 143 | +#ifdef HAVE_SETNETGRENT |
| 144 | JS::RootedString usrstr (authority->priv->cx); |
| 145 | usrstr = args[0].toString(); |
| 146 | user = JS_EncodeStringToUTF8 (cx, usrstr); |
| 147 | @@ -1519,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext |
| 148 | |
| 149 | JS_free (cx, netgroup); |
| 150 | JS_free (cx, user); |
| 151 | +#endif |
| 152 | |
| 153 | ret = true; |
| 154 | |
| 155 | --- a/test/polkit/polkitidentitytest.c |
| 156 | +++ b/test/polkit/polkitidentitytest.c |
| 157 | @@ -19,6 +19,7 @@ |
| 158 | * Author: Nikki VonHollen <vonhollen@google.com> |
| 159 | */ |
| 160 | |
| 161 | +#include "config.h" |
| 162 | #include "glib.h" |
| 163 | #include <polkit/polkit.h> |
| 164 | #include <polkit/polkitprivate.h> |
| 165 | @@ -145,11 +146,15 @@ struct ComparisonTestData comparison_tes |
| 166 | {"unix-group:root", "unix-group:jane", FALSE}, |
| 167 | {"unix-group:jane", "unix-group:jane", TRUE}, |
| 168 | |
| 169 | +#ifdef HAVE_SETNETGRENT |
| 170 | {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, |
| 171 | {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, |
| 172 | +#endif |
| 173 | |
| 174 | {"unix-user:root", "unix-group:root", FALSE}, |
| 175 | +#ifdef HAVE_SETNETGRENT |
| 176 | {"unix-user:jane", "unix-netgroup:foo", FALSE}, |
| 177 | +#endif |
| 178 | |
| 179 | {NULL}, |
| 180 | }; |
| 181 | @@ -181,11 +186,13 @@ main (int argc, char *argv[]) |
| 182 | g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); |
| 183 | g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); |
| 184 | |
| 185 | +#ifdef HAVE_SETNETGRENT |
| 186 | g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); |
| 187 | + g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); |
| 188 | +#endif |
| 189 | |
| 190 | g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); |
| 191 | g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); |
| 192 | - g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); |
| 193 | |
| 194 | add_comparison_tests (); |
| 195 | |
| 196 | --- a/test/polkit/polkitunixnetgrouptest.c |
| 197 | +++ b/test/polkit/polkitunixnetgrouptest.c |
| 198 | @@ -19,6 +19,7 @@ |
| 199 | * Author: Nikki VonHollen <vonhollen@google.com> |
| 200 | */ |
| 201 | |
| 202 | +#include "config.h" |
| 203 | #include "glib.h" |
| 204 | #include <polkit/polkit.h> |
| 205 | #include <string.h> |
| 206 | @@ -69,7 +70,9 @@ int |
| 207 | main (int argc, char *argv[]) |
| 208 | { |
| 209 | g_test_init (&argc, &argv, NULL); |
| 210 | +#ifdef HAVE_SETNETGRENT |
| 211 | g_test_add_func ("/PolkitUnixNetgroup/new", test_new); |
| 212 | g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); |
| 213 | +#endif |
| 214 | return g_test_run (); |
| 215 | } |
| 216 | --- a/test/polkitbackend/test-polkitbackendjsauthority.c |
| 217 | +++ b/test/polkitbackend/test-polkitbackendjsauthority.c |
| 218 | @@ -137,12 +137,14 @@ test_get_admin_identities (void) |
| 219 | "unix-group:users" |
| 220 | } |
| 221 | }, |
| 222 | +#ifdef HAVE_SETNETGRENT |
| 223 | { |
| 224 | "net.company.action3", |
| 225 | { |
| 226 | "unix-netgroup:foo" |
| 227 | } |
| 228 | }, |
| 229 | +#endif |
| 230 | }; |
| 231 | guint n; |
| 232 | |