Andrew Geissler | 87f5cff | 2022-09-30 13:13:31 -0500 | [diff] [blame^] | 1 | From a334fac72112c01cd322f7c97ef7ca21457ab52f Mon Sep 17 00:00:00 2001 |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 2 | From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> |
| 3 | Date: Sun, 15 May 2022 05:04:10 +0000 |
| 4 | Subject: [PATCH] Make netgroup support optional |
| 5 | |
| 6 | On at least Linux/musl and Linux/uclibc, netgroup support is not |
| 7 | available. PolKit fails to compile on these systems for that reason. |
| 8 | |
| 9 | This change makes netgroup support conditional on the presence of the |
| 10 | setnetgrent(3) function which is required for the support to work. If |
| 11 | that function is not available on the system, an error will be returned |
| 12 | to the administrator if unix-netgroup: is specified in configuration. |
| 13 | |
| 14 | (sam: rebased for Meson and Duktape.) |
| 15 | |
| 16 | Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/14 |
| 17 | Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/163 |
| 18 | Closes: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/52 |
| 19 | Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com> |
| 20 | |
| 21 | Ported back the change in configure.ac (upstream removed autotools |
| 22 | support). |
| 23 | |
| 24 | Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66] |
| 25 | Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com> |
| 26 | |
| 27 | --- |
| 28 | configure.ac | 2 +- |
| 29 | meson.build | 1 + |
| 30 | src/polkit/polkitidentity.c | 17 +++++++++++++++++ |
| 31 | src/polkit/polkitunixnetgroup.c | 3 +++ |
| 32 | .../polkitbackendinteractiveauthority.c | 14 ++++++++------ |
| 33 | src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++ |
| 34 | test/polkit/polkitidentitytest.c | 8 +++++++- |
| 35 | test/polkit/polkitunixnetgrouptest.c | 2 ++ |
| 36 | .../test-polkitbackendjsauthority.c | 2 ++ |
| 37 | 9 files changed, 43 insertions(+), 8 deletions(-) |
| 38 | |
| 39 | diff --git a/configure.ac b/configure.ac |
Andrew Geissler | 87f5cff | 2022-09-30 13:13:31 -0500 | [diff] [blame^] | 40 | index ca4b9f2..4c5d596 100644 |
Patrick Williams | 92b42cb | 2022-09-03 06:53:57 -0500 | [diff] [blame] | 41 | --- a/configure.ac |
| 42 | +++ b/configure.ac |
| 43 | @@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], |
| 44 | [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) |
| 45 | AC_SUBST(EXPAT_LIBS) |
| 46 | |
| 47 | -AC_CHECK_FUNCS(clearenv fdatasync) |
| 48 | +AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) |
| 49 | |
| 50 | if test "x$GCC" = "xyes"; then |
| 51 | LDFLAGS="-Wl,--as-needed $LDFLAGS" |
| 52 | diff --git a/meson.build b/meson.build |
| 53 | index 733bbff..d840926 100644 |
| 54 | --- a/meson.build |
| 55 | +++ b/meson.build |
| 56 | @@ -82,6 +82,7 @@ config_h.set('_GNU_SOURCE', true) |
| 57 | check_functions = [ |
| 58 | 'clearenv', |
| 59 | 'fdatasync', |
| 60 | + 'setnetgrent', |
| 61 | ] |
| 62 | |
| 63 | foreach func: check_functions |
| 64 | diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c |
| 65 | index 3aa1f7f..793f17d 100644 |
| 66 | --- a/src/polkit/polkitidentity.c |
| 67 | +++ b/src/polkit/polkitidentity.c |
| 68 | @@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, |
| 69 | } |
| 70 | else if (g_str_has_prefix (str, "unix-netgroup:")) |
| 71 | { |
| 72 | +#ifndef HAVE_SETNETGRENT |
| 73 | + g_set_error (error, |
| 74 | + POLKIT_ERROR, |
| 75 | + POLKIT_ERROR_FAILED, |
| 76 | + "Netgroups are not available on this machine ('%s')", |
| 77 | + str); |
| 78 | +#else |
| 79 | identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); |
| 80 | +#endif |
| 81 | } |
| 82 | |
| 83 | if (identity == NULL && (error != NULL && *error == NULL)) |
| 84 | @@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant, |
| 85 | GVariant *v; |
| 86 | const char *name; |
| 87 | |
| 88 | +#ifndef HAVE_SETNETGRENT |
| 89 | + g_set_error (error, |
| 90 | + POLKIT_ERROR, |
| 91 | + POLKIT_ERROR_FAILED, |
| 92 | + "Netgroups are not available on this machine"); |
| 93 | + goto out; |
| 94 | +#else |
| 95 | + |
| 96 | v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); |
| 97 | if (v == NULL) |
| 98 | { |
| 99 | @@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, |
| 100 | name = g_variant_get_string (v, NULL); |
| 101 | ret = polkit_unix_netgroup_new (name); |
| 102 | g_variant_unref (v); |
| 103 | +#endif |
| 104 | } |
| 105 | else |
| 106 | { |
| 107 | diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c |
| 108 | index 8a2b369..83f8d4a 100644 |
| 109 | --- a/src/polkit/polkitunixnetgroup.c |
| 110 | +++ b/src/polkit/polkitunixnetgroup.c |
| 111 | @@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, |
| 112 | PolkitIdentity * |
| 113 | polkit_unix_netgroup_new (const gchar *name) |
| 114 | { |
| 115 | +#ifndef HAVE_SETNETGRENT |
| 116 | + g_assert_not_reached(); |
| 117 | +#endif |
| 118 | g_return_val_if_fail (name != NULL, NULL); |
| 119 | return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, |
| 120 | "name", name, |
| 121 | diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c |
| 122 | index 056d9a8..36c2f3d 100644 |
| 123 | --- a/src/polkitbackend/polkitbackendinteractiveauthority.c |
| 124 | +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c |
| 125 | @@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group, |
| 126 | GList *ret; |
| 127 | |
| 128 | ret = NULL; |
| 129 | +#ifdef HAVE_SETNETGRENT |
| 130 | name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); |
| 131 | |
| 132 | -#ifdef HAVE_SETNETGRENT_RETURN |
| 133 | +# ifdef HAVE_SETNETGRENT_RETURN |
| 134 | if (setnetgrent (name) == 0) |
| 135 | { |
| 136 | g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); |
| 137 | goto out; |
| 138 | } |
| 139 | -#else |
| 140 | +# else |
| 141 | setnetgrent (name); |
| 142 | -#endif |
| 143 | +# endif /* HAVE_SETNETGRENT_RETURN */ |
| 144 | |
| 145 | for (;;) |
| 146 | { |
| 147 | -#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) |
| 148 | +# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) |
| 149 | const char *hostname, *username, *domainname; |
| 150 | -#else |
| 151 | +# else |
| 152 | char *hostname, *username, *domainname; |
| 153 | -#endif |
| 154 | +# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ |
| 155 | PolkitIdentity *user; |
| 156 | GError *error = NULL; |
| 157 | |
| 158 | @@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group, |
| 159 | |
| 160 | out: |
| 161 | endnetgrent (); |
| 162 | +#endif /* HAVE_SETNETGRENT */ |
| 163 | return ret; |
| 164 | } |
| 165 | |
| 166 | diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp |
| 167 | index 5027815..bcb040c 100644 |
| 168 | --- a/src/polkitbackend/polkitbackendjsauthority.cpp |
| 169 | +++ b/src/polkitbackend/polkitbackendjsauthority.cpp |
| 170 | @@ -1524,6 +1524,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, |
| 171 | |
| 172 | JS::CallArgs args = JS::CallArgsFromVp (argc, vp); |
| 173 | |
| 174 | +#ifdef HAVE_SETNETGRENT |
| 175 | JS::RootedString usrstr (authority->priv->cx); |
| 176 | usrstr = args[0].toString(); |
| 177 | user = JS_EncodeStringToUTF8 (cx, usrstr); |
| 178 | @@ -1538,6 +1539,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, |
| 179 | { |
| 180 | is_in_netgroup = true; |
| 181 | } |
| 182 | +#endif |
| 183 | |
| 184 | ret = true; |
| 185 | |
| 186 | diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c |
| 187 | index e91967b..2635c4c 100644 |
| 188 | --- a/test/polkit/polkitidentitytest.c |
| 189 | +++ b/test/polkit/polkitidentitytest.c |
| 190 | @@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = { |
| 191 | {"unix-group:root", "unix-group:jane", FALSE}, |
| 192 | {"unix-group:jane", "unix-group:jane", TRUE}, |
| 193 | |
| 194 | +#ifdef HAVE_SETNETGRENT |
| 195 | {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, |
| 196 | {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, |
| 197 | +#endif |
| 198 | |
| 199 | {"unix-user:root", "unix-group:root", FALSE}, |
| 200 | +#ifdef HAVE_SETNETGRENT |
| 201 | {"unix-user:jane", "unix-netgroup:foo", FALSE}, |
| 202 | +#endif |
| 203 | |
| 204 | {NULL}, |
| 205 | }; |
| 206 | @@ -181,11 +185,13 @@ main (int argc, char *argv[]) |
| 207 | g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); |
| 208 | g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); |
| 209 | |
| 210 | +#ifdef HAVE_SETNETGRENT |
| 211 | g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); |
| 212 | + g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); |
| 213 | +#endif |
| 214 | |
| 215 | g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); |
| 216 | g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); |
| 217 | - g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); |
| 218 | |
| 219 | add_comparison_tests (); |
| 220 | |
| 221 | diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c |
| 222 | index 3701ba1..e1d211e 100644 |
| 223 | --- a/test/polkit/polkitunixnetgrouptest.c |
| 224 | +++ b/test/polkit/polkitunixnetgrouptest.c |
| 225 | @@ -69,7 +69,9 @@ int |
| 226 | main (int argc, char *argv[]) |
| 227 | { |
| 228 | g_test_init (&argc, &argv, NULL); |
| 229 | +#ifdef HAVE_SETNETGRENT |
| 230 | g_test_add_func ("/PolkitUnixNetgroup/new", test_new); |
| 231 | g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); |
| 232 | +#endif |
| 233 | return g_test_run (); |
| 234 | } |
| 235 | diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c |
| 236 | index f97e0e0..fc52149 100644 |
| 237 | --- a/test/polkitbackend/test-polkitbackendjsauthority.c |
| 238 | +++ b/test/polkitbackend/test-polkitbackendjsauthority.c |
| 239 | @@ -137,12 +137,14 @@ test_get_admin_identities (void) |
| 240 | "unix-group:users" |
| 241 | } |
| 242 | }, |
| 243 | +#ifdef HAVE_SETNETGRENT |
| 244 | { |
| 245 | "net.company.action3", |
| 246 | { |
| 247 | "unix-netgroup:foo" |
| 248 | } |
| 249 | }, |
| 250 | +#endif |
| 251 | }; |
| 252 | guint n; |
| 253 | |