meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch

From a334fac72112c01cd322f7c97ef7ca21457ab52f Mon Sep 17 00:00:00 2001
From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
Date: Sun, 15 May 2022 05:04:10 +0000
Subject: [PATCH] Make netgroup support optional

On at least Linux/musl and Linux/uclibc, netgroup support is not
available.  PolKit fails to compile on these systems for that reason.

This change makes netgroup support conditional on the presence of the
setnetgrent(3) function which is required for the support to work.  If
that function is not available on the system, an error will be returned
to the administrator if unix-netgroup: is specified in configuration.

(sam: rebased for Meson and Duktape.)

Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/163
Closes: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/52
Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>

Ported back the change in configure.ac (upstream removed autotools
support).

Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66]
Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

---
 configure.ac                                    |  2 +-
 meson.build                                     |  1 +
 src/polkit/polkitidentity.c                     | 17 +++++++++++++++++
 src/polkit/polkitunixnetgroup.c                 |  3 +++
 .../polkitbackendinteractiveauthority.c         | 14 ++++++++------
 src/polkitbackend/polkitbackendjsauthority.cpp  |  2 ++
 test/polkit/polkitidentitytest.c                |  8 +++++++-
 test/polkit/polkitunixnetgrouptest.c            |  2 ++
 .../test-polkitbackendjsauthority.c             |  2 ++
 9 files changed, 43 insertions(+), 8 deletions(-)

diff --git a/configure.ac b/configure.ac
index ca4b9f2..4c5d596 100644
--- a/configure.ac
+++ b/configure.ac
@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
 	     [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
 AC_SUBST(EXPAT_LIBS)
 
-AC_CHECK_FUNCS(clearenv fdatasync)
+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
 
 if test "x$GCC" = "xyes"; then
   LDFLAGS="-Wl,--as-needed $LDFLAGS"
diff --git a/meson.build b/meson.build
index 733bbff..d840926 100644
--- a/meson.build
+++ b/meson.build
@@ -82,6 +82,7 @@ config_h.set('_GNU_SOURCE', true)
 check_functions = [
   'clearenv',
   'fdatasync',
+  'setnetgrent',
 ]
 
 foreach func: check_functions
diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
index 3aa1f7f..793f17d 100644
--- a/src/polkit/polkitidentity.c
+++ b/src/polkit/polkitidentity.c
@@ -182,7 +182,15 @@ polkit_identity_from_string  (const gchar   *str,
     }
   else if (g_str_has_prefix (str, "unix-netgroup:"))
     {
+#ifndef HAVE_SETNETGRENT
+      g_set_error (error,
+                   POLKIT_ERROR,
+                   POLKIT_ERROR_FAILED,
+                   "Netgroups are not available on this machine ('%s')",
+                   str);
+#else
       identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
+#endif
     }
 
   if (identity == NULL && (error != NULL && *error == NULL))
@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
       GVariant *v;
       const char *name;
 
+#ifndef HAVE_SETNETGRENT
+      g_set_error (error,
+                   POLKIT_ERROR,
+                   POLKIT_ERROR_FAILED,
+                   "Netgroups are not available on this machine");
+      goto out;
+#else
+
       v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
       if (v == NULL)
         {
@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
       name = g_variant_get_string (v, NULL);
       ret = polkit_unix_netgroup_new (name);
       g_variant_unref (v);
+#endif
     }
   else
     {
diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
index 8a2b369..83f8d4a 100644
--- a/src/polkit/polkitunixnetgroup.c
+++ b/src/polkit/polkitunixnetgroup.c
@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
 PolkitIdentity *
 polkit_unix_netgroup_new (const gchar *name)
 {
+#ifndef HAVE_SETNETGRENT
+  g_assert_not_reached();
+#endif
   g_return_val_if_fail (name != NULL, NULL);
   return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
                                        "name", name,
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
index 056d9a8..36c2f3d 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity                    *group,
   GList *ret;
 
   ret = NULL;
+#ifdef HAVE_SETNETGRENT
   name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
 
-#ifdef HAVE_SETNETGRENT_RETURN
+# ifdef HAVE_SETNETGRENT_RETURN
   if (setnetgrent (name) == 0)
     {
       g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
       goto out;
     }
-#else
+# else
   setnetgrent (name);
-#endif
+# endif /* HAVE_SETNETGRENT_RETURN */
 
   for (;;)
     {
-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
       const char *hostname, *username, *domainname;
-#else
+# else
       char *hostname, *username, *domainname;
-#endif
+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
       PolkitIdentity *user;
       GError *error = NULL;
 
@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity                    *group,
 
  out:
   endnetgrent ();
+#endif /* HAVE_SETNETGRENT */
   return ret;
 }
 
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
index 5027815..bcb040c 100644
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
@@ -1524,6 +1524,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
 
   JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
 
+#ifdef HAVE_SETNETGRENT
   JS::RootedString usrstr (authority->priv->cx);
   usrstr = args[0].toString();
   user = JS_EncodeStringToUTF8 (cx, usrstr);
@@ -1538,6 +1539,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
     {
       is_in_netgroup =  true;
     }
+#endif
 
   ret = true;
 
diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
index e91967b..2635c4c 100644
--- a/test/polkit/polkitidentitytest.c
+++ b/test/polkit/polkitidentitytest.c
@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = {
   {"unix-group:root", "unix-group:jane", FALSE},
   {"unix-group:jane", "unix-group:jane", TRUE},
 
+#ifdef HAVE_SETNETGRENT
   {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
   {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
+#endif
 
   {"unix-user:root", "unix-group:root", FALSE},
+#ifdef HAVE_SETNETGRENT
   {"unix-user:jane", "unix-netgroup:foo", FALSE},
+#endif
 
   {NULL},
 };
@@ -181,11 +185,13 @@ main (int argc, char *argv[])
   g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
   g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
 
+#ifdef HAVE_SETNETGRENT
   g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
+  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
+#endif
 
   g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
   g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
-  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
 
   add_comparison_tests ();
 
diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
index 3701ba1..e1d211e 100644
--- a/test/polkit/polkitunixnetgrouptest.c
+++ b/test/polkit/polkitunixnetgrouptest.c
@@ -69,7 +69,9 @@ int
 main (int argc, char *argv[])
 {
   g_test_init (&argc, &argv, NULL);
+#ifdef HAVE_SETNETGRENT
   g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
   g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
+#endif
   return g_test_run ();
 }
diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
index f97e0e0..fc52149 100644
--- a/test/polkitbackend/test-polkitbackendjsauthority.c
+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
@@ -137,12 +137,14 @@ test_get_admin_identities (void)
         "unix-group:users"
       }
     },
+#ifdef HAVE_SETNETGRENT
     {
       "net.company.action3",
       {
         "unix-netgroup:foo"
       }
     },
+#endif
   };
   guint n;