diff options
Diffstat (limited to 'user/polkit/0001-make-netgroup-support-optional.patch')
-rw-r--r-- | user/polkit/0001-make-netgroup-support-optional.patch | 278 |
1 files changed, 24 insertions, 254 deletions
diff --git a/user/polkit/0001-make-netgroup-support-optional.patch b/user/polkit/0001-make-netgroup-support-optional.patch index 1a7716c45..6387974be 100644 --- a/user/polkit/0001-make-netgroup-support-optional.patch +++ b/user/polkit/0001-make-netgroup-support-optional.patch @@ -1,4 +1,4 @@ -From aafb9fd0e79775146186ee1d7ffef1f76cdbc1bb Mon Sep 17 00:00:00 2001 +From 778bb45e0e0cbabe2b04adf67a500af1dab09768 Mon Sep 17 00:00:00 2001 From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> Date: Wed, 11 Jul 2018 04:54:26 -0500 Subject: [PATCH] make netgroup support optional @@ -12,253 +12,23 @@ that function is not available on the system, an error will be returned to the administrator if unix-netgroup: is specified in configuration. Fixes bug 50145. + +Closes polkit/polkit#14. + +Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com> --- - 0001-make-netgroup-support-optional.patch | 226 ++++++++++++++++++ - configure.ac | 2 +- - src/polkit/polkitidentity.c | 16 ++ - src/polkit/polkitunixnetgroup.c | 3 + - .../polkitbackendinteractiveauthority.c | 14 +- - .../polkitbackendjsauthority.cpp | 2 + - test/polkit/polkitidentitytest.c | 9 +- - test/polkit/polkitunixnetgrouptest.c | 3 + - .../test-polkitbackendjsauthority.c | 2 + - 9 files changed, 269 insertions(+), 8 deletions(-) - create mode 100644 0001-make-netgroup-support-optional.patch + configure.ac | 2 +- + src/polkit/polkitidentity.c | 16 ++++++++++++++++ + src/polkit/polkitunixnetgroup.c | 3 +++ + .../polkitbackendinteractiveauthority.c | 14 ++++++++------ + src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++ + test/polkit/polkitidentitytest.c | 9 ++++++++- + test/polkit/polkitunixnetgrouptest.c | 3 +++ + .../test-polkitbackendjsauthority.c | 2 ++ + 8 files changed, 43 insertions(+), 8 deletions(-) -diff --git a/0001-make-netgroup-support-optional.patch b/0001-make-netgroup-support-optional.patch -new file mode 100644 -index 0000000..dedc5f7 ---- /dev/null -+++ b/0001-make-netgroup-support-optional.patch -@@ -0,0 +1,226 @@ -+From 73eada88dd344333cc1d1f9c5c35413fcee1dd67 Mon Sep 17 00:00:00 2001 -+From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> -+Date: Wed, 11 Jul 2018 04:54:26 -0500 -+Subject: [PATCH] make netgroup support optional -+ -+On at least Linux/musl and Linux/uclibc, netgroup support is not -+available. PolKit fails to compile on these systems for that reason. -+ -+This change makes netgroup support conditional on the presence of the -+setnetgrent(3) function which is required for the support to work. If -+that function is not available on the system, an error will be returned -+to the administrator if unix-netgroup: is specified in configuration. -+ -+Fixes bug 50145. -+--- -+ configure.ac | 2 +- -+ src/polkit/polkitidentity.c | 16 ++++++++++++++++ -+ src/polkit/polkitunixnetgroup.c | 3 +++ -+ .../polkitbackendinteractiveauthority.c | 14 ++++++++------ -+ src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++ -+ test/polkit/polkitidentitytest.c | 9 ++++++++- -+ test/polkit/polkitunixnetgrouptest.c | 3 +++ -+ 7 files changed, 41 insertions(+), 8 deletions(-) -+ -+diff --git a/configure.ac b/configure.ac -+index bfa87dd..cb86ac7 100644 -+--- a/configure.ac -++++ b/configure.ac -+@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], -+ [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) -+ AC_SUBST(EXPAT_LIBS) -+ -+-AC_CHECK_FUNCS(clearenv fdatasync) -++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) -+ -+ if test "x$GCC" = "xyes"; then -+ LDFLAGS="-Wl,--as-needed $LDFLAGS" -+diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c -+index 3aa1f7f..10e9c17 100644 -+--- a/src/polkit/polkitidentity.c -++++ b/src/polkit/polkitidentity.c -+@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, -+ } -+ else if (g_str_has_prefix (str, "unix-netgroup:")) -+ { -++#ifndef HAVE_SETNETGRENT -++ g_set_error (error, -++ POLKIT_ERROR, -++ POLKIT_ERROR_FAILED, -++ "Netgroups are not available on this machine ('%s')", -++ str); -++#else -+ identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); -++#endif -+ } -+ -+ if (identity == NULL && (error != NULL && *error == NULL)) -+@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant *variant, -+ GVariant *v; -+ const char *name; -+ -++#ifndef HAVE_SETNETGRENT -++ g_set_error (error, -++ POLKIT_ERROR, -++ POLKIT_ERROR_FAILED, -++ "Netgroups are not available on this machine"); -++ goto out; -++#else -+ v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); -+ if (v == NULL) -+ { -+@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, -+ name = g_variant_get_string (v, NULL); -+ ret = polkit_unix_netgroup_new (name); -+ g_variant_unref (v); -++#endif -+ } -+ else -+ { -+diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c -+index 8a2b369..83f8d4a 100644 -+--- a/src/polkit/polkitunixnetgroup.c -++++ b/src/polkit/polkitunixnetgroup.c -+@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, -+ PolkitIdentity * -+ polkit_unix_netgroup_new (const gchar *name) -+ { -++#ifndef HAVE_SETNETGRENT -++ g_assert_not_reached(); -++#endif -+ g_return_val_if_fail (name != NULL, NULL); -+ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, -+ "name", name, -+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c -+index cb6fdab..ab47a98 100644 -+--- a/src/polkitbackend/polkitbackendinteractiveauthority.c -++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c -+@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group, -+ GList *ret; -+ -+ ret = NULL; -++#ifdef HAVE_SETNETGRENT -+ name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); -+ -+-#ifdef HAVE_SETNETGRENT_RETURN -++# ifdef HAVE_SETNETGRENT_RETURN -+ if (setnetgrent (name) == 0) -+ { -+ g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); -+ goto out; -+ } -+-#else -++# else -+ setnetgrent (name); -+-#endif -++# endif /* HAVE_SETNETGRENT_RETURN */ -+ -+ for (;;) -+ { -+-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) -++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) -+ const char *hostname, *username, *domainname; -+-#else -++# else -+ char *hostname, *username, *domainname; -+-#endif -++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ -+ PolkitIdentity *user; -+ GError *error = NULL; -+ -+@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group, -+ -+ out: -+ endnetgrent (); -++#endif /* HAVE_SETNETGRENT */ -+ return ret; -+ } -+ -+diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp -+index 517f3c6..45b0378 100644 -+--- a/src/polkitbackend/polkitbackendjsauthority.cpp -++++ b/src/polkitbackend/polkitbackendjsauthority.cpp -+@@ -1499,6 +1499,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, -+ -+ JS::CallArgs args = JS::CallArgsFromVp (argc, vp); -+ -++#ifdef HAVE_SETNETGRENT -+ user = JS_EncodeString (cx, args[0].toString()); -+ netgroup = JS_EncodeString (cx, args[1].toString()); -+ -+@@ -1512,6 +1513,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, -+ -+ JS_free (cx, netgroup); -+ JS_free (cx, user); -++#endif -+ -+ ret = true; -+ -+diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c -+index e91967b..e829aaa 100644 -+--- a/test/polkit/polkitidentitytest.c -++++ b/test/polkit/polkitidentitytest.c -+@@ -19,6 +19,7 @@ -+ * Author: Nikki VonHollen <vonhollen@google.com> -+ */ -+ -++#include "config.h" -+ #include "glib.h" -+ #include <polkit/polkit.h> -+ #include <polkit/polkitprivate.h> -+@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = { -+ {"unix-group:root", "unix-group:jane", FALSE}, -+ {"unix-group:jane", "unix-group:jane", TRUE}, -+ -++#ifdef HAVE_SETNETGRENT -+ {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, -+ {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, -++#endif -+ -+ {"unix-user:root", "unix-group:root", FALSE}, -++#ifdef HAVE_SETNETGRENT -+ {"unix-user:jane", "unix-netgroup:foo", FALSE}, -++#endif -+ -+ {NULL}, -+ }; -+@@ -181,11 +186,13 @@ main (int argc, char *argv[]) -+ g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); -+ g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); -+ -++#ifdef HAVE_SETNETGRENT -+ g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); -++ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); -++#endif -+ -+ g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); -+ g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); -+- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); -+ -+ add_comparison_tests (); -+ -+diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c -+index 3701ba1..e3352eb 100644 -+--- a/test/polkit/polkitunixnetgrouptest.c -++++ b/test/polkit/polkitunixnetgrouptest.c -+@@ -19,6 +19,7 @@ -+ * Author: Nikki VonHollen <vonhollen@google.com> -+ */ -+ -++#include "config.h" -+ #include "glib.h" -+ #include <polkit/polkit.h> -+ #include <string.h> -+@@ -69,7 +70,9 @@ int -+ main (int argc, char *argv[]) -+ { -+ g_test_init (&argc, &argv, NULL); -++#ifdef HAVE_SETNETGRENT -+ g_test_add_func ("/PolkitUnixNetgroup/new", test_new); -+ g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); -++#endif -+ return g_test_run (); -+ } -+-- -+2.17.1 -+ diff --git a/configure.ac b/configure.ac -index bfa87dd..cb86ac7 100644 +index 5cedb4e..87aa0ad 100644 --- a/configure.ac +++ b/configure.ac @@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], @@ -327,7 +97,7 @@ index 8a2b369..83f8d4a 100644 return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, "name", name, diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c -index cb6fdab..ab47a98 100644 +index 056d9a8..36c2f3d 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group, @@ -372,18 +142,18 @@ index cb6fdab..ab47a98 100644 } diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp -index 517f3c6..45b0378 100644 +index 9b752d1..09b2878 100644 --- a/src/polkitbackend/polkitbackendjsauthority.cpp +++ b/src/polkitbackend/polkitbackendjsauthority.cpp -@@ -1499,6 +1499,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, +@@ -1502,6 +1502,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, JS::CallArgs args = JS::CallArgsFromVp (argc, vp); +#ifdef HAVE_SETNETGRENT - user = JS_EncodeString (cx, args[0].toString()); - netgroup = JS_EncodeString (cx, args[1].toString()); - -@@ -1512,6 +1513,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, + JS::RootedString usrstr (authority->priv->cx); + usrstr = args[0].toString(); + user = JS_EncodeStringToUTF8 (cx, usrstr); +@@ -1519,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, JS_free (cx, netgroup); JS_free (cx, user); @@ -457,7 +227,7 @@ index 3701ba1..e3352eb 100644 return g_test_run (); } diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c -index b484a26..01e4907 100644 +index 71aad23..fdd28f3 100644 --- a/test/polkitbackend/test-polkitbackendjsauthority.c +++ b/test/polkitbackend/test-polkitbackendjsauthority.c @@ -137,12 +137,14 @@ test_get_admin_identities (void) @@ -476,5 +246,5 @@ index b484a26..01e4907 100644 guint n; -- -2.17.1 +2.21.0 |