aboutsummaryrefslogtreecommitdiffstats
path: root/main/polkit/make-innetgr-optional.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/polkit/make-innetgr-optional.patch')
-rw-r--r--main/polkit/make-innetgr-optional.patch236
1 files changed, 210 insertions, 26 deletions
diff --git a/main/polkit/make-innetgr-optional.patch b/main/polkit/make-innetgr-optional.patch
index 338c201745..36eabbbd7b 100644
--- a/main/polkit/make-innetgr-optional.patch
+++ b/main/polkit/make-innetgr-optional.patch
@@ -1,3 +1,36 @@
+See https://gitlab.freedesktop.org/polkit/polkit/merge_requests/10
+
+From 778bb45e0e0cbabe2b04adf67a500af1dab09768 Mon Sep 17 00:00:00 2001
+From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
+Date: Wed, 11 Jul 2018 04:54:26 -0500
+Subject: [PATCH] make netgroup support optional
+
+On at least Linux/musl and Linux/uclibc, netgroup support is not
+available. PolKit fails to compile on these systems for that reason.
+
+This change makes netgroup support conditional on the presence of the
+setnetgrent(3) function which is required for the support to work. If
+that function is not available on the system, an error will be returned
+to the administrator if unix-netgroup: is specified in configuration.
+
+Fixes bug 50145.
+
+Closes polkit/polkit#14.
+
+Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
+---
+ configure.ac | 2 +-
+ src/polkit/polkitidentity.c | 16 ++++++++++++++++
+ src/polkit/polkitunixnetgroup.c | 3 +++
+ .../polkitbackendinteractiveauthority.c | 14 ++++++++------
+ src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++
+ test/polkit/polkitidentitytest.c | 9 ++++++++-
+ test/polkit/polkitunixnetgrouptest.c | 3 +++
+ .../test-polkitbackendjsauthority.c | 2 ++
+ 8 files changed, 43 insertions(+), 8 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5cedb4e..87aa0ad 100644
--- a/configure.ac
+++ b/configure.ac
@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
@@ -5,64 +38,215 @@
AC_SUBST(EXPAT_LIBS)
-AC_CHECK_FUNCS(clearenv fdatasync)
-+AC_CHECK_FUNCS(clearenv fdatasync getnetgrent)
++AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
if test "x$GCC" = "xyes"; then
LDFLAGS="-Wl,--as-needed $LDFLAGS"
+diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
+index 3aa1f7f..10e9c17 100644
+--- a/src/polkit/polkitidentity.c
++++ b/src/polkit/polkitidentity.c
+@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
+ }
+ else if (g_str_has_prefix (str, "unix-netgroup:"))
+ {
++#ifndef HAVE_SETNETGRENT
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Netgroups are not available on this machine ('%s')",
++ str);
++#else
+ identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
++#endif
+ }
+
+ if (identity == NULL && (error != NULL && *error == NULL))
+@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant *variant,
+ GVariant *v;
+ const char *name;
+
++#ifndef HAVE_SETNETGRENT
++ g_set_error (error,
++ POLKIT_ERROR,
++ POLKIT_ERROR_FAILED,
++ "Netgroups are not available on this machine");
++ goto out;
++#else
+ v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
+ if (v == NULL)
+ {
+@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
+ name = g_variant_get_string (v, NULL);
+ ret = polkit_unix_netgroup_new (name);
+ g_variant_unref (v);
++#endif
+ }
+ else
+ {
+diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
+index 8a2b369..83f8d4a 100644
+--- a/src/polkit/polkitunixnetgroup.c
++++ b/src/polkit/polkitunixnetgroup.c
+@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
+ PolkitIdentity *
+ polkit_unix_netgroup_new (const gchar *name)
+ {
++#ifndef HAVE_SETNETGRENT
++ g_assert_not_reached();
++#endif
+ g_return_val_if_fail (name != NULL, NULL);
+ return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
+ "name", name,
+diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
+index 056d9a8..36c2f3d 100644
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
-@@ -2228,6 +2228,7 @@ get_users_in_net_group (PolkitIdentity *group,
+@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group,
+ GList *ret;
+
ret = NULL;
++#ifdef HAVE_SETNETGRENT
name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
-+#if defined HAVE_GETNETGRENT
- #ifdef HAVE_SETNETGRENT_RETURN
+-#ifdef HAVE_SETNETGRENT_RETURN
++# ifdef HAVE_SETNETGRENT_RETURN
if (setnetgrent (name) == 0)
{
-@@ -2236,6 +2237,7 @@ get_users_in_net_group (PolkitIdentity *group,
+ g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
+ goto out;
}
- #else
+-#else
++# else
setnetgrent (name);
-+#endif
- #endif
+-#endif
++# endif /* HAVE_SETNETGRENT_RETURN */
for (;;)
-@@ -2248,8 +2250,10 @@ get_users_in_net_group (PolkitIdentity *group,
+ {
+-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
++# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
+ const char *hostname, *username, *domainname;
+-#else
++# else
+ char *hostname, *username, *domainname;
+-#endif
++# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
PolkitIdentity *user;
GError *error = NULL;
-+#if defined HAVE_GETNETGRENT
- if (getnetgrent (&hostname, &username, &domainname) == 0)
- break;
-+#endif
-
- /* Skip NULL entries since we never want to make everyone an admin
- * Skip "-" entries which mean "no match ever" in netgroup land */
-@@ -2274,7 +2278,9 @@ get_users_in_net_group (PolkitIdentity *group,
- ret = g_list_reverse (ret);
+@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group,
out:
-+#if defined HAVE_GETNETGRENT
endnetgrent ();
-+#endif
++#endif /* HAVE_SETNETGRENT */
return ret;
}
+diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
+index 9b752d1..09b2878 100644
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
-@@ -1499,6 +1499,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+@@ -1502,6 +1502,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
-+#if defined HAVE_GETNETGRENT
- user = JS_EncodeString (cx, args[0].toString());
- netgroup = JS_EncodeString (cx, args[1].toString());
++#ifdef HAVE_SETNETGRENT
+ JS::RootedString usrstr (authority->priv->cx);
+ usrstr = args[0].toString();
+ user = JS_EncodeStringToUTF8 (cx, usrstr);
+@@ -1519,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
-@@ -1514,6 +1515,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
+ JS_free (cx, netgroup);
JS_free (cx, user);
++#endif
ret = true;
+
+diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
+index e91967b..e829aaa 100644
+--- a/test/polkit/polkitidentitytest.c
++++ b/test/polkit/polkitidentitytest.c
+@@ -19,6 +19,7 @@
+ * Author: Nikki VonHollen <vonhollen@google.com>
+ */
+
++#include "config.h"
+ #include "glib.h"
+ #include <polkit/polkit.h>
+ #include <polkit/polkitprivate.h>
+@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
+ {"unix-group:root", "unix-group:jane", FALSE},
+ {"unix-group:jane", "unix-group:jane", TRUE},
+
++#ifdef HAVE_SETNETGRENT
+ {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
+ {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
++#endif
+
+ {"unix-user:root", "unix-group:root", FALSE},
++#ifdef HAVE_SETNETGRENT
+ {"unix-user:jane", "unix-netgroup:foo", FALSE},
++#endif
+
+ {NULL},
+ };
+@@ -181,11 +186,13 @@ main (int argc, char *argv[])
+ g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
+ g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
+
++#ifdef HAVE_SETNETGRENT
+ g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
++ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
+#endif
- args.rval ().setBoolean (is_in_netgroup);
+ g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
+ g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
+- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
+
+ add_comparison_tests ();
+
+diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
+index 3701ba1..e3352eb 100644
+--- a/test/polkit/polkitunixnetgrouptest.c
++++ b/test/polkit/polkitunixnetgrouptest.c
+@@ -19,6 +19,7 @@
+ * Author: Nikki VonHollen <vonhollen@google.com>
+ */
+
++#include "config.h"
+ #include "glib.h"
+ #include <polkit/polkit.h>
+ #include <string.h>
+@@ -69,7 +70,9 @@ int
+ main (int argc, char *argv[])
+ {
+ g_test_init (&argc, &argv, NULL);
++#ifdef HAVE_SETNETGRENT
+ g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
+ g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
++#endif
+ return g_test_run ();
+ }
+diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
+index 71aad23..fdd28f3 100644
+--- a/test/polkitbackend/test-polkitbackendjsauthority.c
++++ b/test/polkitbackend/test-polkitbackendjsauthority.c
+@@ -137,12 +137,14 @@ test_get_admin_identities (void)
+ "unix-group:users"
+ }
+ },
++#ifdef HAVE_SETNETGRENT
+ {
+ "net.company.action3",
+ {
+ "unix-netgroup:foo"
+ }
+ },
++#endif
+ };
+ guint n;
+--
+2.18.1
+