diff options
Diffstat (limited to 'user/polkit/0001-make-netgroup-support-optional.patch')
| -rw-r--r-- | user/polkit/0001-make-netgroup-support-optional.patch | 480 |
1 files changed, 480 insertions, 0 deletions
diff --git a/user/polkit/0001-make-netgroup-support-optional.patch b/user/polkit/0001-make-netgroup-support-optional.patch new file mode 100644 index 000000000..1a7716c45 --- /dev/null +++ b/user/polkit/0001-make-netgroup-support-optional.patch @@ -0,0 +1,480 @@ +From aafb9fd0e79775146186ee1d7ffef1f76cdbc1bb Mon Sep 17 00:00:00 2001 +From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> +Date: Wed, 11 Jul 2018 04:54:26 -0500 +Subject: [PATCH] make netgroup support optional + +On at least Linux/musl and Linux/uclibc, netgroup support is not +available. PolKit fails to compile on these systems for that reason. + +This change makes netgroup support conditional on the presence of the +setnetgrent(3) function which is required for the support to work. If +that function is not available on the system, an error will be returned +to the administrator if unix-netgroup: is specified in configuration. + +Fixes bug 50145. +--- + 0001-make-netgroup-support-optional.patch | 226 ++++++++++++++++++ + configure.ac | 2 +- + src/polkit/polkitidentity.c | 16 ++ + src/polkit/polkitunixnetgroup.c | 3 + + .../polkitbackendinteractiveauthority.c | 14 +- + .../polkitbackendjsauthority.cpp | 2 + + test/polkit/polkitidentitytest.c | 9 +- + test/polkit/polkitunixnetgrouptest.c | 3 + + .../test-polkitbackendjsauthority.c | 2 + + 9 files changed, 269 insertions(+), 8 deletions(-) + create mode 100644 0001-make-netgroup-support-optional.patch + +diff --git a/0001-make-netgroup-support-optional.patch b/0001-make-netgroup-support-optional.patch +new file mode 100644 +index 0000000..dedc5f7 +--- /dev/null ++++ b/0001-make-netgroup-support-optional.patch +@@ -0,0 +1,226 @@ ++From 73eada88dd344333cc1d1f9c5c35413fcee1dd67 Mon Sep 17 00:00:00 2001 ++From: "A. Wilcox" <AWilcox@Wilcox-Tech.com> ++Date: Wed, 11 Jul 2018 04:54:26 -0500 ++Subject: [PATCH] make netgroup support optional ++ ++On at least Linux/musl and Linux/uclibc, netgroup support is not ++available. PolKit fails to compile on these systems for that reason. ++ ++This change makes netgroup support conditional on the presence of the ++setnetgrent(3) function which is required for the support to work. If ++that function is not available on the system, an error will be returned ++to the administrator if unix-netgroup: is specified in configuration. ++ ++Fixes bug 50145. ++--- ++ configure.ac | 2 +- ++ src/polkit/polkitidentity.c | 16 ++++++++++++++++ ++ src/polkit/polkitunixnetgroup.c | 3 +++ ++ .../polkitbackendinteractiveauthority.c | 14 ++++++++------ ++ src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++ ++ test/polkit/polkitidentitytest.c | 9 ++++++++- ++ test/polkit/polkitunixnetgrouptest.c | 3 +++ ++ 7 files changed, 41 insertions(+), 8 deletions(-) ++ ++diff --git a/configure.ac b/configure.ac ++index bfa87dd..cb86ac7 100644 ++--- a/configure.ac +++++ b/configure.ac ++@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], ++ [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) ++ AC_SUBST(EXPAT_LIBS) ++ ++-AC_CHECK_FUNCS(clearenv fdatasync) +++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) ++ ++ if test "x$GCC" = "xyes"; then ++ LDFLAGS="-Wl,--as-needed $LDFLAGS" ++diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c ++index 3aa1f7f..10e9c17 100644 ++--- a/src/polkit/polkitidentity.c +++++ b/src/polkit/polkitidentity.c ++@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, ++ } ++ else if (g_str_has_prefix (str, "unix-netgroup:")) ++ { +++#ifndef HAVE_SETNETGRENT +++ g_set_error (error, +++ POLKIT_ERROR, +++ POLKIT_ERROR_FAILED, +++ "Netgroups are not available on this machine ('%s')", +++ str); +++#else ++ identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); +++#endif ++ } ++ ++ if (identity == NULL && (error != NULL && *error == NULL)) ++@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant *variant, ++ GVariant *v; ++ const char *name; ++ +++#ifndef HAVE_SETNETGRENT +++ g_set_error (error, +++ POLKIT_ERROR, +++ POLKIT_ERROR_FAILED, +++ "Netgroups are not available on this machine"); +++ goto out; +++#else ++ v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); ++ if (v == NULL) ++ { ++@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, ++ name = g_variant_get_string (v, NULL); ++ ret = polkit_unix_netgroup_new (name); ++ g_variant_unref (v); +++#endif ++ } ++ else ++ { ++diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c ++index 8a2b369..83f8d4a 100644 ++--- a/src/polkit/polkitunixnetgroup.c +++++ b/src/polkit/polkitunixnetgroup.c ++@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, ++ PolkitIdentity * ++ polkit_unix_netgroup_new (const gchar *name) ++ { +++#ifndef HAVE_SETNETGRENT +++ g_assert_not_reached(); +++#endif ++ g_return_val_if_fail (name != NULL, NULL); ++ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, ++ "name", name, ++diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c ++index cb6fdab..ab47a98 100644 ++--- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c ++@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group, ++ GList *ret; ++ ++ ret = NULL; +++#ifdef HAVE_SETNETGRENT ++ name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); ++ ++-#ifdef HAVE_SETNETGRENT_RETURN +++# ifdef HAVE_SETNETGRENT_RETURN ++ if (setnetgrent (name) == 0) ++ { ++ g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); ++ goto out; ++ } ++-#else +++# else ++ setnetgrent (name); ++-#endif +++# endif /* HAVE_SETNETGRENT_RETURN */ ++ ++ for (;;) ++ { ++-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) +++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) ++ const char *hostname, *username, *domainname; ++-#else +++# else ++ char *hostname, *username, *domainname; ++-#endif +++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ ++ PolkitIdentity *user; ++ GError *error = NULL; ++ ++@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group, ++ ++ out: ++ endnetgrent (); +++#endif /* HAVE_SETNETGRENT */ ++ return ret; ++ } ++ ++diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp ++index 517f3c6..45b0378 100644 ++--- a/src/polkitbackend/polkitbackendjsauthority.cpp +++++ b/src/polkitbackend/polkitbackendjsauthority.cpp ++@@ -1499,6 +1499,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, ++ ++ JS::CallArgs args = JS::CallArgsFromVp (argc, vp); ++ +++#ifdef HAVE_SETNETGRENT ++ user = JS_EncodeString (cx, args[0].toString()); ++ netgroup = JS_EncodeString (cx, args[1].toString()); ++ ++@@ -1512,6 +1513,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, ++ ++ JS_free (cx, netgroup); ++ JS_free (cx, user); +++#endif ++ ++ ret = true; ++ ++diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c ++index e91967b..e829aaa 100644 ++--- a/test/polkit/polkitidentitytest.c +++++ b/test/polkit/polkitidentitytest.c ++@@ -19,6 +19,7 @@ ++ * Author: Nikki VonHollen <vonhollen@google.com> ++ */ ++ +++#include "config.h" ++ #include "glib.h" ++ #include <polkit/polkit.h> ++ #include <polkit/polkitprivate.h> ++@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = { ++ {"unix-group:root", "unix-group:jane", FALSE}, ++ {"unix-group:jane", "unix-group:jane", TRUE}, ++ +++#ifdef HAVE_SETNETGRENT ++ {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, ++ {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, +++#endif ++ ++ {"unix-user:root", "unix-group:root", FALSE}, +++#ifdef HAVE_SETNETGRENT ++ {"unix-user:jane", "unix-netgroup:foo", FALSE}, +++#endif ++ ++ {NULL}, ++ }; ++@@ -181,11 +186,13 @@ main (int argc, char *argv[]) ++ g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); ++ g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); ++ +++#ifdef HAVE_SETNETGRENT ++ g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); +++ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); +++#endif ++ ++ g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); ++ g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); ++- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); ++ ++ add_comparison_tests (); ++ ++diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c ++index 3701ba1..e3352eb 100644 ++--- a/test/polkit/polkitunixnetgrouptest.c +++++ b/test/polkit/polkitunixnetgrouptest.c ++@@ -19,6 +19,7 @@ ++ * Author: Nikki VonHollen <vonhollen@google.com> ++ */ ++ +++#include "config.h" ++ #include "glib.h" ++ #include <polkit/polkit.h> ++ #include <string.h> ++@@ -69,7 +70,9 @@ int ++ main (int argc, char *argv[]) ++ { ++ g_test_init (&argc, &argv, NULL); +++#ifdef HAVE_SETNETGRENT ++ g_test_add_func ("/PolkitUnixNetgroup/new", test_new); ++ g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); +++#endif ++ return g_test_run (); ++ } ++-- ++2.17.1 ++ +diff --git a/configure.ac b/configure.ac +index bfa87dd..cb86ac7 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], + [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) + AC_SUBST(EXPAT_LIBS) + +-AC_CHECK_FUNCS(clearenv fdatasync) ++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) + + if test "x$GCC" = "xyes"; then + LDFLAGS="-Wl,--as-needed $LDFLAGS" +diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c +index 3aa1f7f..10e9c17 100644 +--- a/src/polkit/polkitidentity.c ++++ b/src/polkit/polkitidentity.c +@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, + } + else if (g_str_has_prefix (str, "unix-netgroup:")) + { ++#ifndef HAVE_SETNETGRENT ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Netgroups are not available on this machine ('%s')", ++ str); ++#else + identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); ++#endif + } + + if (identity == NULL && (error != NULL && *error == NULL)) +@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant *variant, + GVariant *v; + const char *name; + ++#ifndef HAVE_SETNETGRENT ++ g_set_error (error, ++ POLKIT_ERROR, ++ POLKIT_ERROR_FAILED, ++ "Netgroups are not available on this machine"); ++ goto out; ++#else + v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); + if (v == NULL) + { +@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, + name = g_variant_get_string (v, NULL); + ret = polkit_unix_netgroup_new (name); + g_variant_unref (v); ++#endif + } + else + { +diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c +index 8a2b369..83f8d4a 100644 +--- a/src/polkit/polkitunixnetgroup.c ++++ b/src/polkit/polkitunixnetgroup.c +@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, + PolkitIdentity * + polkit_unix_netgroup_new (const gchar *name) + { ++#ifndef HAVE_SETNETGRENT ++ g_assert_not_reached(); ++#endif + g_return_val_if_fail (name != NULL, NULL); + return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, + "name", name, +diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c +index cb6fdab..ab47a98 100644 +--- a/src/polkitbackend/polkitbackendinteractiveauthority.c ++++ b/src/polkitbackend/polkitbackendinteractiveauthority.c +@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group, + GList *ret; + + ret = NULL; ++#ifdef HAVE_SETNETGRENT + name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); + +-#ifdef HAVE_SETNETGRENT_RETURN ++# ifdef HAVE_SETNETGRENT_RETURN + if (setnetgrent (name) == 0) + { + g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); + goto out; + } +-#else ++# else + setnetgrent (name); +-#endif ++# endif /* HAVE_SETNETGRENT_RETURN */ + + for (;;) + { +-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) ++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) + const char *hostname, *username, *domainname; +-#else ++# else + char *hostname, *username, *domainname; +-#endif ++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ + PolkitIdentity *user; + GError *error = NULL; + +@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group, + + out: + endnetgrent (); ++#endif /* HAVE_SETNETGRENT */ + return ret; + } + +diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp +index 517f3c6..45b0378 100644 +--- a/src/polkitbackend/polkitbackendjsauthority.cpp ++++ b/src/polkitbackend/polkitbackendjsauthority.cpp +@@ -1499,6 +1499,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, + + JS::CallArgs args = JS::CallArgsFromVp (argc, vp); + ++#ifdef HAVE_SETNETGRENT + user = JS_EncodeString (cx, args[0].toString()); + netgroup = JS_EncodeString (cx, args[1].toString()); + +@@ -1512,6 +1513,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, + + JS_free (cx, netgroup); + JS_free (cx, user); ++#endif + + ret = true; + +diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c +index e91967b..e829aaa 100644 +--- a/test/polkit/polkitidentitytest.c ++++ b/test/polkit/polkitidentitytest.c +@@ -19,6 +19,7 @@ + * Author: Nikki VonHollen <vonhollen@google.com> + */ + ++#include "config.h" + #include "glib.h" + #include <polkit/polkit.h> + #include <polkit/polkitprivate.h> +@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = { + {"unix-group:root", "unix-group:jane", FALSE}, + {"unix-group:jane", "unix-group:jane", TRUE}, + ++#ifdef HAVE_SETNETGRENT + {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, + {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, ++#endif + + {"unix-user:root", "unix-group:root", FALSE}, ++#ifdef HAVE_SETNETGRENT + {"unix-user:jane", "unix-netgroup:foo", FALSE}, ++#endif + + {NULL}, + }; +@@ -181,11 +186,13 @@ main (int argc, char *argv[]) + g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); + g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); + ++#ifdef HAVE_SETNETGRENT + g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); ++ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); ++#endif + + g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); + g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); +- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); + + add_comparison_tests (); + +diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c +index 3701ba1..e3352eb 100644 +--- a/test/polkit/polkitunixnetgrouptest.c ++++ b/test/polkit/polkitunixnetgrouptest.c +@@ -19,6 +19,7 @@ + * Author: Nikki VonHollen <vonhollen@google.com> + */ + ++#include "config.h" + #include "glib.h" + #include <polkit/polkit.h> + #include <string.h> +@@ -69,7 +70,9 @@ int + main (int argc, char *argv[]) + { + g_test_init (&argc, &argv, NULL); ++#ifdef HAVE_SETNETGRENT + g_test_add_func ("/PolkitUnixNetgroup/new", test_new); + g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); ++#endif + return g_test_run (); + } +diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c +index b484a26..01e4907 100644 +--- a/test/polkitbackend/test-polkitbackendjsauthority.c ++++ b/test/polkitbackend/test-polkitbackendjsauthority.c +@@ -137,12 +137,14 @@ test_get_admin_identities (void) + "unix-group:users" + } + }, ++#ifdef HAVE_SETNETGRENT + { + "net.company.action3", + { + "unix-netgroup:foo" + } + }, ++#endif + }; + guint n; + +-- +2.17.1 + |