Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 15ae2509e522678e761046cdb8693291c09cf78c / . / meta-openembedded / meta-oe / recipes-extended / polkit / polkit / 0003-make-netgroup-support-optional.patch
blob: fd7251369e459fe2596418e9a2c14d606d7f6d92 [file] [log] [blame]
Brad Bishop15ae2502019-06-18 21:44:24 -0400[diff] [blame^]1From 21aa2747e8f0048759aab184b07dd6389666d5e6 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Wed, 22 May 2019 13:18:55 -0700
4Subject: [PATCH] make netgroup support optional
5
6On at least Linux/musl and Linux/uclibc, netgroup
7support is not available. PolKit fails to compile on these systems
8for that reason.
9
10This change makes netgroup support conditional on the presence of the
11setnetgrent(3) function which is required for the support to work. If
12that function is not available on the system, an error will be returned
13to the administrator if unix-netgroup: is specified in configuration.
14
15Fixes bug 50145.
16
17Closes polkit/polkit#14.
18Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
19Signed-off-by: Khem Raj <raj.khem@gmail.com>
20---
21 configure.ac | 2 +-
22 src/polkit/polkitidentity.c | 16 ++++++++++++++++
23 src/polkit/polkitunixnetgroup.c | 3 +++
24 .../polkitbackendinteractiveauthority.c | 14 ++++++++------
25 src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++
26 test/polkit/polkitidentitytest.c | 9 ++++++++-
27 test/polkit/polkitunixnetgrouptest.c | 3 +++
28 .../test-polkitbackendjsauthority.c | 2 ++
29 8 files changed, 43 insertions(+), 8 deletions(-)
30
31--- a/configure.ac
32+++ b/configure.ac
33@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXP
34 [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
35 AC_SUBST(EXPAT_LIBS)
36
37-AC_CHECK_FUNCS(clearenv fdatasync)
38+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
39
40 if test "x$GCC" = "xyes"; then
41 LDFLAGS="-Wl,--as-needed $LDFLAGS"
42--- a/src/polkit/polkitidentity.c
43+++ b/src/polkit/polkitidentity.c
44@@ -182,7 +182,15 @@ polkit_identity_from_string (const gcha
45 }
46 else if (g_str_has_prefix (str, "unix-netgroup:"))
47 {
48+#ifndef HAVE_SETNETGRENT
49+ g_set_error (error,
50+ POLKIT_ERROR,
51+ POLKIT_ERROR_FAILED,
52+ "Netgroups are not available on this machine ('%s')",
53+ str);
54+#else
55 identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
56+#endif
57 }
58
59 if (identity == NULL && (error != NULL && *error == NULL))
60@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVaria
61 GVariant *v;
62 const char *name;
63
64+#ifndef HAVE_SETNETGRENT
65+ g_set_error (error,
66+ POLKIT_ERROR,
67+ POLKIT_ERROR_FAILED,
68+ "Netgroups are not available on this machine");
69+ goto out;
70+#else
71 v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
72 if (v == NULL)
73 {
74@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVaria
75 name = g_variant_get_string (v, NULL);
76 ret = polkit_unix_netgroup_new (name);
77 g_variant_unref (v);
78+#endif
79 }
80 else
81 {
82--- a/src/polkit/polkitunixnetgroup.c
83+++ b/src/polkit/polkitunixnetgroup.c
84@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUni
85 PolkitIdentity *
86 polkit_unix_netgroup_new (const gchar *name)
87 {
88+#ifndef HAVE_SETNETGRENT
89+ g_assert_not_reached();
90+#endif
91 g_return_val_if_fail (name != NULL, NULL);
92 return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
93 "name", name,
94--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
95+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
96@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity
97 GList *ret;
98
99 ret = NULL;
100+#ifdef HAVE_SETNETGRENT
101 name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
102
103-#ifdef HAVE_SETNETGRENT_RETURN
104+# ifdef HAVE_SETNETGRENT_RETURN
105 if (setnetgrent (name) == 0)
106 {
107 g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
108 goto out;
109 }
110-#else
111+# else
112 setnetgrent (name);
113-#endif
114+# endif /* HAVE_SETNETGRENT_RETURN */
115
116 for (;;)
117 {
118-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
119+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
120 const char *hostname, *username, *domainname;
121-#else
122+# else
123 char *hostname, *username, *domainname;
124-#endif
125+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
126 PolkitIdentity *user;
127 GError *error = NULL;
128
129@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity
130
131 out:
132 endnetgrent ();
133+#endif /* HAVE_SETNETGRENT */
134 return ret;
135 }
136
137--- a/src/polkitbackend/polkitbackendjsauthority.cpp
138+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
139@@ -1502,6 +1502,7 @@ js_polkit_user_is_in_netgroup (JSContext
140
141 JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
142
143+#ifdef HAVE_SETNETGRENT
144 JS::RootedString usrstr (authority->priv->cx);
145 usrstr = args[0].toString();
146 user = JS_EncodeStringToUTF8 (cx, usrstr);
147@@ -1519,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext
148
149 JS_free (cx, netgroup);
150 JS_free (cx, user);
151+#endif
152
153 ret = true;
154
155--- a/test/polkit/polkitidentitytest.c
156+++ b/test/polkit/polkitidentitytest.c
157@@ -19,6 +19,7 @@
158 * Author: Nikki VonHollen <vonhollen@google.com>
159 */
160
161+#include "config.h"
162 #include "glib.h"
163 #include <polkit/polkit.h>
164 #include <polkit/polkitprivate.h>
165@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_tes
166 {"unix-group:root", "unix-group:jane", FALSE},
167 {"unix-group:jane", "unix-group:jane", TRUE},
168
169+#ifdef HAVE_SETNETGRENT
170 {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
171 {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
172+#endif
173
174 {"unix-user:root", "unix-group:root", FALSE},
175+#ifdef HAVE_SETNETGRENT
176 {"unix-user:jane", "unix-netgroup:foo", FALSE},
177+#endif
178
179 {NULL},
180 };
181@@ -181,11 +186,13 @@ main (int argc, char *argv[])
182 g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
183 g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
184
185+#ifdef HAVE_SETNETGRENT
186 g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
187+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
188+#endif
189
190 g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
191 g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
192- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
193
194 add_comparison_tests ();
195
196--- a/test/polkit/polkitunixnetgrouptest.c
197+++ b/test/polkit/polkitunixnetgrouptest.c
198@@ -19,6 +19,7 @@
199 * Author: Nikki VonHollen <vonhollen@google.com>
200 */
201
202+#include "config.h"
203 #include "glib.h"
204 #include <polkit/polkit.h>
205 #include <string.h>
206@@ -69,7 +70,9 @@ int
207 main (int argc, char *argv[])
208 {
209 g_test_init (&argc, &argv, NULL);
210+#ifdef HAVE_SETNETGRENT
211 g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
212 g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
213+#endif
214 return g_test_run ();
215 }
216--- a/test/polkitbackend/test-polkitbackendjsauthority.c
217+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
218@@ -137,12 +137,14 @@ test_get_admin_identities (void)
219 "unix-group:users"
220 }
221 },
222+#ifdef HAVE_SETNETGRENT
223 {
224 "net.company.action3",
225 {
226 "unix-netgroup:foo"
227 }
228 },
229+#endif
230 };
231 guint n;
232