meta-openembedded/meta-oe/recipes-extended/polkit/polkit/0004-Make-netgroup-support-optional.patch - stefanberger/openbmc - Gitiles

 From 7ef2621ab7adcedc099ed39acfb73c6fa835cbc3 Mon Sep 17 00:00:00 2001
 From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
 Date: Sun, 15 May 2022 05:04:10 +0000
 Subject: [PATCH] Make netgroup support optional

 On at least Linux/musl and Linux/uclibc, netgroup support is not
 available.  PolKit fails to compile on these systems for that reason.

 This change makes netgroup support conditional on the presence of the
 setnetgrent(3) function which is required for the support to work.  If
 that function is not available on the system, an error will be returned
 to the administrator if unix-netgroup: is specified in configuration.

 (sam: rebased for Meson and Duktape.)

 Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
 Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/163
 Closes: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/52
 Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>

 Ported back the change in configure.ac (upstream removed autotools
 support).

 Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66]
 Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

 ---
  configure.ac                                    |  2 +-
  meson.build                                     |  1 +
  src/polkit/polkitidentity.c                     | 17 +++++++++++++++++
  src/polkit/polkitunixnetgroup.c                 |  3 +++
  .../polkitbackendinteractiveauthority.c         | 14 ++++++++------
  src/polkitbackend/polkitbackendjsauthority.cpp  |  2 ++
  test/polkit/polkitidentitytest.c                |  8 +++++++-
  test/polkit/polkitunixnetgrouptest.c            |  2 ++
  .../test-polkitbackendjsauthority.c             |  2 ++
  9 files changed, 43 insertions(+), 8 deletions(-)

 diff --git a/configure.ac b/configure.ac
 index 59858df..5a7fc11 100644
 --- a/configure.ac
 +++ b/configure.ac
 @@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
  	     [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
  AC_SUBST(EXPAT_LIBS)

 -AC_CHECK_FUNCS(clearenv fdatasync)
 +AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)

  if test "x$GCC" = "xyes"; then
    LDFLAGS="-Wl,--as-needed $LDFLAGS"
 diff --git a/meson.build b/meson.build
 index 733bbff..d840926 100644
 --- a/meson.build
 +++ b/meson.build
 @@ -82,6 +82,7 @@ config_h.set('_GNU_SOURCE', true)
  check_functions = [
    'clearenv',
    'fdatasync',
 +  'setnetgrent',
  ]

  foreach func: check_functions
 diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
 index 3aa1f7f..793f17d 100644
 --- a/src/polkit/polkitidentity.c
 +++ b/src/polkit/polkitidentity.c
 @@ -182,7 +182,15 @@ polkit_identity_from_string  (const gchar   *str,
      }
    else if (g_str_has_prefix (str, "unix-netgroup:"))
      {
 +#ifndef HAVE_SETNETGRENT
 +      g_set_error (error,
 +                   POLKIT_ERROR,
 +                   POLKIT_ERROR_FAILED,
 +                   "Netgroups are not available on this machine ('%s')",
 +                   str);
 +#else
        identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
 +#endif
      }

    if (identity == NULL && (error != NULL && *error == NULL))
 @@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
        GVariant *v;
        const char *name;

 +#ifndef HAVE_SETNETGRENT
 +      g_set_error (error,
 +                   POLKIT_ERROR,
 +                   POLKIT_ERROR_FAILED,
 +                   "Netgroups are not available on this machine");
 +      goto out;
 +#else
 +
        v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
        if (v == NULL)
          {
 @@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
        name = g_variant_get_string (v, NULL);
        ret = polkit_unix_netgroup_new (name);
        g_variant_unref (v);
 +#endif
      }
    else
      {
 diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
 index 8a2b369..83f8d4a 100644
 --- a/src/polkit/polkitunixnetgroup.c
 +++ b/src/polkit/polkitunixnetgroup.c
 @@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
  PolkitIdentity *
  polkit_unix_netgroup_new (const gchar *name)
  {
 +#ifndef HAVE_SETNETGRENT
 +  g_assert_not_reached();
 +#endif
    g_return_val_if_fail (name != NULL, NULL);
    return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
                                         "name", name,
 diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
 index 056d9a8..36c2f3d 100644
 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c
 +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
 @@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity                    *group,
    GList *ret;

    ret = NULL;
 +#ifdef HAVE_SETNETGRENT
    name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));

 -#ifdef HAVE_SETNETGRENT_RETURN
 +# ifdef HAVE_SETNETGRENT_RETURN
    if (setnetgrent (name) == 0)
      {
        g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
        goto out;
      }
 -#else
 +# else
    setnetgrent (name);
 -#endif
 +# endif /* HAVE_SETNETGRENT_RETURN */

    for (;;)
      {
 -#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
 +# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
        const char *hostname, *username, *domainname;
 -#else
 +# else
        char *hostname, *username, *domainname;
 -#endif
 +# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
        PolkitIdentity *user;
        GError *error = NULL;

 @@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity                    *group,

   out:
    endnetgrent ();
 +#endif /* HAVE_SETNETGRENT */
    return ret;
  }

 diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
 index 5027815..bcb040c 100644
 --- a/src/polkitbackend/polkitbackendjsauthority.cpp
 +++ b/src/polkitbackend/polkitbackendjsauthority.cpp
 @@ -1524,6 +1524,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,

    JS::CallArgs args = JS::CallArgsFromVp (argc, vp);

 +#ifdef HAVE_SETNETGRENT
    JS::RootedString usrstr (authority->priv->cx);
    usrstr = args[0].toString();
    user = JS_EncodeStringToUTF8 (cx, usrstr);
 @@ -1538,6 +1539,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
      {
        is_in_netgroup =  true;
      }
 +#endif

    ret = true;

 diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
 index e91967b..2635c4c 100644
 --- a/test/polkit/polkitidentitytest.c
 +++ b/test/polkit/polkitidentitytest.c
 @@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = {
    {"unix-group:root", "unix-group:jane", FALSE},
    {"unix-group:jane", "unix-group:jane", TRUE},

 +#ifdef HAVE_SETNETGRENT
    {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
    {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
 +#endif

    {"unix-user:root", "unix-group:root", FALSE},
 +#ifdef HAVE_SETNETGRENT
    {"unix-user:jane", "unix-netgroup:foo", FALSE},
 +#endif

    {NULL},
  };
 @@ -181,11 +185,13 @@ main (int argc, char *argv[])
    g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
    g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);

 +#ifdef HAVE_SETNETGRENT
    g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
 +  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
 +#endif

    g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
    g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
 -  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);

    add_comparison_tests ();

 diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
 index 3701ba1..e1d211e 100644
 --- a/test/polkit/polkitunixnetgrouptest.c
 +++ b/test/polkit/polkitunixnetgrouptest.c
 @@ -69,7 +69,9 @@ int
  main (int argc, char *argv[])
  {
    g_test_init (&argc, &argv, NULL);
 +#ifdef HAVE_SETNETGRENT
    g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
    g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
 +#endif
    return g_test_run ();
  }
 diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
 index f97e0e0..fc52149 100644
 --- a/test/polkitbackend/test-polkitbackendjsauthority.c
 +++ b/test/polkitbackend/test-polkitbackendjsauthority.c
 @@ -137,12 +137,14 @@ test_get_admin_identities (void)
          "unix-group:users"
        }
      },
 +#ifdef HAVE_SETNETGRENT
      {
        "net.company.action3",
        {
          "unix-netgroup:foo"
        }
      },
 +#endif
    };
    guint n;
	From 7ef2621ab7adcedc099ed39acfb73c6fa835cbc3 Mon Sep 17 00:00:00 2001
	From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
	Date: Sun, 15 May 2022 05:04:10 +0000
	Subject: [PATCH] Make netgroup support optional

	On at least Linux/musl and Linux/uclibc, netgroup support is not
	available. PolKit fails to compile on these systems for that reason.

	This change makes netgroup support conditional on the presence of the
	setnetgrent(3) function which is required for the support to work. If
	that function is not available on the system, an error will be returned
	to the administrator if unix-netgroup: is specified in configuration.

	(sam: rebased for Meson and Duktape.)

	Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
	Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/163
	Closes: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/52
	Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>

	Ported back the change in configure.ac (upstream removed autotools
	support).

	Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66]
	Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>

	---
	configure.ac \| 2 +-
	meson.build \| 1 +
	src/polkit/polkitidentity.c \| 17 +++++++++++++++++
	src/polkit/polkitunixnetgroup.c \| 3 +++
	.../polkitbackendinteractiveauthority.c \| 14 ++++++++------
	src/polkitbackend/polkitbackendjsauthority.cpp \| 2 ++
	test/polkit/polkitidentitytest.c \| 8 +++++++-
	test/polkit/polkitunixnetgrouptest.c \| 2 ++
	.../test-polkitbackendjsauthority.c \| 2 ++
	9 files changed, 43 insertions(+), 8 deletions(-)

	diff --git a/configure.ac b/configure.ac
	index 59858df..5a7fc11 100644
	--- a/configure.ac
	+++ b/configure.ac
	@@ -100,7 +100,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
	[AC_MSG_ERROR([Can't find expat library. Please install expat.])])
	AC_SUBST(EXPAT_LIBS)

	-AC_CHECK_FUNCS(clearenv fdatasync)
	+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)

	if test "x$GCC" = "xyes"; then
	LDFLAGS="-Wl,--as-needed $LDFLAGS"
	diff --git a/meson.build b/meson.build
	index 733bbff..d840926 100644
	--- a/meson.build
	+++ b/meson.build
	@@ -82,6 +82,7 @@ config_h.set('_GNU_SOURCE', true)
	check_functions = [
	'clearenv',
	'fdatasync',
	+ 'setnetgrent',
	]

	foreach func: check_functions
	diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
	index 3aa1f7f..793f17d 100644
	--- a/src/polkit/polkitidentity.c
	+++ b/src/polkit/polkitidentity.c
	@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
	}
	else if (g_str_has_prefix (str, "unix-netgroup:"))
	{
	+#ifndef HAVE_SETNETGRENT
	+ g_set_error (error,
	+ POLKIT_ERROR,
	+ POLKIT_ERROR_FAILED,
	+ "Netgroups are not available on this machine ('%s')",
	+ str);
	+#else
	identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
	+#endif
	}

	if (identity == NULL && (error != NULL && *error == NULL))
	@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant *variant,
	GVariant *v;
	const char *name;

	+#ifndef HAVE_SETNETGRENT
	+ g_set_error (error,
	+ POLKIT_ERROR,
	+ POLKIT_ERROR_FAILED,
	+ "Netgroups are not available on this machine");
	+ goto out;
	+#else
	+
	v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
	if (v == NULL)
	{
	@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
	name = g_variant_get_string (v, NULL);
	ret = polkit_unix_netgroup_new (name);
	g_variant_unref (v);
	+#endif
	}
	else
	{
	diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
	index 8a2b369..83f8d4a 100644
	--- a/src/polkit/polkitunixnetgroup.c
	+++ b/src/polkit/polkitunixnetgroup.c
	@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
	PolkitIdentity *
	polkit_unix_netgroup_new (const gchar *name)
	{
	+#ifndef HAVE_SETNETGRENT
	+ g_assert_not_reached();
	+#endif
	g_return_val_if_fail (name != NULL, NULL);
	return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
	"name", name,
	diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
	index 056d9a8..36c2f3d 100644
	--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
	+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
	@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group,
	GList *ret;

	ret = NULL;
	+#ifdef HAVE_SETNETGRENT
	name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));

	-#ifdef HAVE_SETNETGRENT_RETURN
	+# ifdef HAVE_SETNETGRENT_RETURN
	if (setnetgrent (name) == 0)
	{
	g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
	goto out;
	}
	-#else
	+# else
	setnetgrent (name);
	-#endif
	+# endif /* HAVE_SETNETGRENT_RETURN */

	for (;;)
	{
	-#if defined(HAVE_NETBSD) \|\| defined(HAVE_OPENBSD)
	+# if defined(HAVE_NETBSD) \|\| defined(HAVE_OPENBSD)
	const char hostname, username, *domainname;
	-#else
	+# else
	char hostname, username, *domainname;
	-#endif
	+# endif /* defined(HAVE_NETBSD) \|\| defined(HAVE_OPENBSD) */
	PolkitIdentity *user;
	GError *error = NULL;

	@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group,

	out:
	endnetgrent ();
	+#endif /* HAVE_SETNETGRENT */
	return ret;
	}

	diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
	index 5027815..bcb040c 100644
	--- a/src/polkitbackend/polkitbackendjsauthority.cpp
	+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
	@@ -1524,6 +1524,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,

	JS::CallArgs args = JS::CallArgsFromVp (argc, vp);

	+#ifdef HAVE_SETNETGRENT
	JS::RootedString usrstr (authority->priv->cx);
	usrstr = args[0].toString();
	user = JS_EncodeStringToUTF8 (cx, usrstr);
	@@ -1538,6 +1539,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
	{
	is_in_netgroup = true;
	}
	+#endif

	ret = true;

	diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
	index e91967b..2635c4c 100644
	--- a/test/polkit/polkitidentitytest.c
	+++ b/test/polkit/polkitidentitytest.c
	@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = {
	{"unix-group:root", "unix-group:jane", FALSE},
	{"unix-group:jane", "unix-group:jane", TRUE},

	+#ifdef HAVE_SETNETGRENT
	{"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
	{"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
	+#endif

	{"unix-user:root", "unix-group:root", FALSE},
	+#ifdef HAVE_SETNETGRENT
	{"unix-user:jane", "unix-netgroup:foo", FALSE},
	+#endif

	{NULL},
	};
	@@ -181,11 +185,13 @@ main (int argc, char *argv[])
	g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
	g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);

	+#ifdef HAVE_SETNETGRENT
	g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
	+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
	+#endif

	g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
	g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
	- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);

	add_comparison_tests ();

	diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
	index 3701ba1..e1d211e 100644
	--- a/test/polkit/polkitunixnetgrouptest.c
	+++ b/test/polkit/polkitunixnetgrouptest.c
	@@ -69,7 +69,9 @@ int
	main (int argc, char *argv[])
	{
	g_test_init (&argc, &argv, NULL);
	+#ifdef HAVE_SETNETGRENT
	g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
	g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
	+#endif
	return g_test_run ();
	}
	diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
	index f97e0e0..fc52149 100644
	--- a/test/polkitbackend/test-polkitbackendjsauthority.c
	+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
	@@ -137,12 +137,14 @@ test_get_admin_identities (void)
	"unix-group:users"
	}
	},
	+#ifdef HAVE_SETNETGRENT
	{
	"net.company.action3",
	{
	"unix-netgroup:foo"
	}
	},
	+#endif
	};
	guint n;