See https://gitlab.freedesktop.org/polkit/polkit/merge_requests/10 From 778bb45e0e0cbabe2b04adf67a500af1dab09768 Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Wed, 11 Jul 2018 04:54:26 -0500 Subject: [PATCH] make netgroup support optional On at least Linux/musl and Linux/uclibc, netgroup support is not available. PolKit fails to compile on these systems for that reason. This change makes netgroup support conditional on the presence of the setnetgrent(3) function which is required for the support to work. If that function is not available on the system, an error will be returned to the administrator if unix-netgroup: is specified in configuration. Fixes bug 50145. Closes polkit/polkit#14. Signed-off-by: A. Wilcox --- configure.ac | 2 +- src/polkit/polkitidentity.c | 16 ++++++++++++++++ src/polkit/polkitunixnetgroup.c | 3 +++ .../polkitbackendinteractiveauthority.c | 14 ++++++++------ src/polkitbackend/polkitbackendjsauthority.cpp | 2 ++ test/polkit/polkitidentitytest.c | 9 ++++++++- test/polkit/polkitunixnetgrouptest.c | 3 +++ .../test-polkitbackendjsauthority.c | 2 ++ 8 files changed, 43 insertions(+), 8 deletions(-) diff --git a/configure.ac b/configure.ac index 5cedb4e..87aa0ad 100644 --- a/configure.ac +++ b/configure.ac @@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"], [AC_MSG_ERROR([Can't find expat library. Please install expat.])]) AC_SUBST(EXPAT_LIBS) -AC_CHECK_FUNCS(clearenv fdatasync) +AC_CHECK_FUNCS(clearenv fdatasync setnetgrent) if test "x$GCC" = "xyes"; then LDFLAGS="-Wl,--as-needed $LDFLAGS" diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c index 3aa1f7f..10e9c17 100644 --- a/src/polkit/polkitidentity.c +++ b/src/polkit/polkitidentity.c @@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str, } else if (g_str_has_prefix (str, "unix-netgroup:")) { +#ifndef HAVE_SETNETGRENT + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Netgroups are not available on this machine ('%s')", + str); +#else identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1); +#endif } if (identity == NULL && (error != NULL && *error == NULL)) @@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant *variant, GVariant *v; const char *name; +#ifndef HAVE_SETNETGRENT + g_set_error (error, + POLKIT_ERROR, + POLKIT_ERROR_FAILED, + "Netgroups are not available on this machine"); + goto out; +#else v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error); if (v == NULL) { @@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant *variant, name = g_variant_get_string (v, NULL); ret = polkit_unix_netgroup_new (name); g_variant_unref (v); +#endif } else { diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c index 8a2b369..83f8d4a 100644 --- a/src/polkit/polkitunixnetgroup.c +++ b/src/polkit/polkitunixnetgroup.c @@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group, PolkitIdentity * polkit_unix_netgroup_new (const gchar *name) { +#ifndef HAVE_SETNETGRENT + g_assert_not_reached(); +#endif g_return_val_if_fail (name != NULL, NULL); return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP, "name", name, diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index 056d9a8..36c2f3d 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group, GList *ret; ret = NULL; +#ifdef HAVE_SETNETGRENT name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); -#ifdef HAVE_SETNETGRENT_RETURN +# ifdef HAVE_SETNETGRENT_RETURN if (setnetgrent (name) == 0) { g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); goto out; } -#else +# else setnetgrent (name); -#endif +# endif /* HAVE_SETNETGRENT_RETURN */ for (;;) { -#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) +# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) const char *hostname, *username, *domainname; -#else +# else char *hostname, *username, *domainname; -#endif +# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ PolkitIdentity *user; GError *error = NULL; @@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group, out: endnetgrent (); +#endif /* HAVE_SETNETGRENT */ return ret; } diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp index 9b752d1..09b2878 100644 --- a/src/polkitbackend/polkitbackendjsauthority.cpp +++ b/src/polkitbackend/polkitbackendjsauthority.cpp @@ -1502,6 +1502,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, JS::CallArgs args = JS::CallArgsFromVp (argc, vp); +#ifdef HAVE_SETNETGRENT JS::RootedString usrstr (authority->priv->cx); usrstr = args[0].toString(); user = JS_EncodeStringToUTF8 (cx, usrstr); @@ -1519,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, JS_free (cx, netgroup); JS_free (cx, user); +#endif ret = true; diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c index e91967b..e829aaa 100644 --- a/test/polkit/polkitidentitytest.c +++ b/test/polkit/polkitidentitytest.c @@ -19,6 +19,7 @@ * Author: Nikki VonHollen */ +#include "config.h" #include "glib.h" #include #include @@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = { {"unix-group:root", "unix-group:jane", FALSE}, {"unix-group:jane", "unix-group:jane", TRUE}, +#ifdef HAVE_SETNETGRENT {"unix-netgroup:foo", "unix-netgroup:foo", TRUE}, {"unix-netgroup:foo", "unix-netgroup:bar", FALSE}, +#endif {"unix-user:root", "unix-group:root", FALSE}, +#ifdef HAVE_SETNETGRENT {"unix-user:jane", "unix-netgroup:foo", FALSE}, +#endif {NULL}, }; @@ -181,11 +186,13 @@ main (int argc, char *argv[]) g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string); g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string); +#ifdef HAVE_SETNETGRENT g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string); + g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); +#endif g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant); g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant); - g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant); add_comparison_tests (); diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c index 3701ba1..e3352eb 100644 --- a/test/polkit/polkitunixnetgrouptest.c +++ b/test/polkit/polkitunixnetgrouptest.c @@ -19,6 +19,7 @@ * Author: Nikki VonHollen */ +#include "config.h" #include "glib.h" #include #include @@ -69,7 +70,9 @@ int main (int argc, char *argv[]) { g_test_init (&argc, &argv, NULL); +#ifdef HAVE_SETNETGRENT g_test_add_func ("/PolkitUnixNetgroup/new", test_new); g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name); +#endif return g_test_run (); } diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c index 71aad23..fdd28f3 100644 --- a/test/polkitbackend/test-polkitbackendjsauthority.c +++ b/test/polkitbackend/test-polkitbackendjsauthority.c @@ -137,12 +137,14 @@ test_get_admin_identities (void) "unix-group:users" } }, +#ifdef HAVE_SETNETGRENT { "net.company.action3", { "unix-netgroup:foo" } }, +#endif }; guint n; -- 2.18.1