xref: /OK3568_Linux_fs/buildroot/package/polkit/0001-make-netgroup-support-optional.patch (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1From 1b854ef4bb15032091a33fed587e5ba6f3e582eb Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Wed, 22 May 2019 13:18:55 -0700
4Subject: [PATCH] make netgroup support optional
5
6On at least Linux/musl and Linux/uclibc, netgroup
7support is not available.  PolKit fails to compile on these systems
8for that reason.
9
10This change makes netgroup support conditional on the presence of the
11setnetgrent(3) function which is required for the support to work.  If
12that function is not available on the system, an error will be returned
13to the administrator if unix-netgroup: is specified in configuration.
14
15Fixes bug 50145.
16
17Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
18Signed-off-by: Khem Raj <raj.khem@gmail.com>
19[Adam: Extend patch to work with duktape integration.]
20Signed-off-by: Adam Duskett <aduskett@gmail.com>
21[Thomas: add introspection.m4.]
22Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
23---
24 buildutil/introspection.m4                    | 142 ++++++++++++++++++
25 configure.ac                                  |   2 +-
26 src/polkit/polkitidentity.c                   |  16 ++
27 src/polkit/polkitunixnetgroup.c               |   3 +
28 .../polkitbackendduktapeauthority.c           |   2 +
29 .../polkitbackendinteractiveauthority.c       |  14 +-
30 .../polkitbackendjsauthority.cpp              |   3 +-
31 test/polkit/polkitidentitytest.c              |   9 +-
32 test/polkit/polkitunixnetgrouptest.c          |   3 +
33 .../test-polkitbackendjsauthority.c           |   2 +
34 10 files changed, 187 insertions(+), 9 deletions(-)
35 create mode 100644 buildutil/introspection.m4
36
37diff --git a/buildutil/introspection.m4 b/buildutil/introspection.m4
38new file mode 100644
39index 0000000..b0ccd68
40--- /dev/null
41+++ b/buildutil/introspection.m4
42@@ -0,0 +1,142 @@
43+dnl -*- mode: autoconf -*-
44+dnl Copyright 2009 Johan Dahlin
45+dnl
46+dnl This file is free software; the author(s) gives unlimited
47+dnl permission to copy and/or distribute it, with or without
48+dnl modifications, as long as this notice is preserved.
49+dnl
50+
51+# serial 1
52+
53+dnl This is a copy of AS_AC_EXPAND
54+dnl
55+dnl (C) 2003, 2004, 2005 Thomas Vander Stichele <thomas at apestaart dot org>
56+dnl Copying and distribution of this file, with or without modification,
57+dnl are permitted in any medium without royalty provided the copyright
58+dnl notice and this notice are preserved.
59+m4_define([_GOBJECT_INTROSPECTION_AS_AC_EXPAND],
60+[
61+  EXP_VAR=[$1]
62+  FROM_VAR=[$2]
63+
64+  dnl first expand prefix and exec_prefix if necessary
65+  prefix_save=$prefix
66+  exec_prefix_save=$exec_prefix
67+
68+  dnl if no prefix given, then use /usr/local, the default prefix
69+  if test "x$prefix" = "xNONE"; then
70+    prefix="$ac_default_prefix"
71+  fi
72+  dnl if no exec_prefix given, then use prefix
73+  if test "x$exec_prefix" = "xNONE"; then
74+    exec_prefix=$prefix
75+  fi
76+
77+  full_var="$FROM_VAR"
78+  dnl loop until it doesn't change anymore
79+  while true; do
80+    new_full_var="`eval echo $full_var`"
81+    if test "x$new_full_var" = "x$full_var"; then break; fi
82+    full_var=$new_full_var
83+  done
84+
85+  dnl clean up
86+  full_var=$new_full_var
87+  AC_SUBST([$1], "$full_var")
88+
89+  dnl restore prefix and exec_prefix
90+  prefix=$prefix_save
91+  exec_prefix=$exec_prefix_save
92+])
93+
94+m4_define([_GOBJECT_INTROSPECTION_CHECK_INTERNAL],
95+[
96+    AC_BEFORE([AC_PROG_LIBTOOL],[$0])dnl setup libtool first
97+    AC_BEFORE([AM_PROG_LIBTOOL],[$0])dnl setup libtool first
98+    AC_BEFORE([LT_INIT],[$0])dnl setup libtool first
99+
100+    dnl enable/disable introspection
101+    m4_if([$2], [require],
102+    [dnl
103+        enable_introspection=yes
104+    ],[dnl
105+        AC_ARG_ENABLE(introspection,
106+                  AS_HELP_STRING([--enable-introspection[=@<:@no/auto/yes@:>@]],
107+                                 [Enable introspection for this build]),,
108+                                 [enable_introspection=auto])
109+    ])dnl
110+
111+    AC_MSG_CHECKING([for gobject-introspection])
112+
113+    dnl presence/version checking
114+    AS_CASE([$enable_introspection],
115+    [no], [dnl
116+        found_introspection="no (disabled, use --enable-introspection to enable)"
117+    ],dnl
118+    [yes],[dnl
119+        PKG_CHECK_EXISTS([gobject-introspection-1.0],,
120+                         AC_MSG_ERROR([gobject-introspection-1.0 is not installed]))
121+        PKG_CHECK_EXISTS([gobject-introspection-1.0 >= $1],
122+                         found_introspection=yes,
123+                         AC_MSG_ERROR([You need to have gobject-introspection >= $1 installed to build AC_PACKAGE_NAME]))
124+    ],dnl
125+    [auto],[dnl
126+        PKG_CHECK_EXISTS([gobject-introspection-1.0 >= $1], found_introspection=yes, found_introspection=no)
127+	dnl Canonicalize enable_introspection
128+	enable_introspection=$found_introspection
129+    ],dnl
130+    [dnl
131+        AC_MSG_ERROR([invalid argument passed to --enable-introspection, should be one of @<:@no/auto/yes@:>@])
132+    ])dnl
133+
134+    AC_MSG_RESULT([$found_introspection])
135+
136+    dnl expand datadir/libdir so we can pass them to pkg-config
137+    dnl and get paths relative to our target directories
138+    _GOBJECT_INTROSPECTION_AS_AC_EXPAND(_GI_EXP_DATADIR, "$datadir")
139+    _GOBJECT_INTROSPECTION_AS_AC_EXPAND(_GI_EXP_LIBDIR, "$libdir")
140+
141+    INTROSPECTION_SCANNER=
142+    INTROSPECTION_COMPILER=
143+    INTROSPECTION_GENERATE=
144+    INTROSPECTION_GIRDIR=
145+    INTROSPECTION_TYPELIBDIR=
146+    if test "x$found_introspection" = "xyes"; then
147+       INTROSPECTION_SCANNER=$PKG_CONFIG_SYSROOT_DIR`$PKG_CONFIG --variable=g_ir_scanner gobject-introspection-1.0`
148+       INTROSPECTION_COMPILER=$PKG_CONFIG_SYSROOT_DIR`$PKG_CONFIG --variable=g_ir_compiler gobject-introspection-1.0`
149+       INTROSPECTION_GENERATE=$PKG_CONFIG_SYSROOT_DIR`$PKG_CONFIG --variable=g_ir_generate gobject-introspection-1.0`
150+       INTROSPECTION_GIRDIR=`$PKG_CONFIG --define-variable=datadir="${_GI_EXP_DATADIR}" --variable=girdir gobject-introspection-1.0`
151+       INTROSPECTION_TYPELIBDIR="$($PKG_CONFIG --define-variable=libdir="${_GI_EXP_LIBDIR}" --variable=typelibdir gobject-introspection-1.0)"
152+       INTROSPECTION_CFLAGS=`$PKG_CONFIG --cflags gobject-introspection-1.0`
153+       INTROSPECTION_LIBS=`$PKG_CONFIG --libs gobject-introspection-1.0`
154+       INTROSPECTION_MAKEFILE=$PKG_CONFIG_SYSROOT_DIR`$PKG_CONFIG --variable=datadir gobject-introspection-1.0`/gobject-introspection-1.0/Makefile.introspection
155+    fi
156+    AC_SUBST(INTROSPECTION_SCANNER)
157+    AC_SUBST(INTROSPECTION_COMPILER)
158+    AC_SUBST(INTROSPECTION_GENERATE)
159+    AC_SUBST(INTROSPECTION_GIRDIR)
160+    AC_SUBST(INTROSPECTION_TYPELIBDIR)
161+    AC_SUBST(INTROSPECTION_CFLAGS)
162+    AC_SUBST(INTROSPECTION_LIBS)
163+    AC_SUBST(INTROSPECTION_MAKEFILE)
164+
165+    AM_CONDITIONAL(HAVE_INTROSPECTION, test "x$found_introspection" = "xyes")
166+])
167+
168+
169+dnl Usage:
170+dnl   GOBJECT_INTROSPECTION_CHECK([minimum-g-i-version])
171+
172+AC_DEFUN([GOBJECT_INTROSPECTION_CHECK],
173+[
174+  _GOBJECT_INTROSPECTION_CHECK_INTERNAL([$1])
175+])
176+
177+dnl Usage:
178+dnl   GOBJECT_INTROSPECTION_REQUIRE([minimum-g-i-version])
179+
180+
181+AC_DEFUN([GOBJECT_INTROSPECTION_REQUIRE],
182+[
183+  _GOBJECT_INTROSPECTION_CHECK_INTERNAL([$1], [require])
184+])
185diff --git a/configure.ac b/configure.ac
186index 5cedb4e..87aa0ad 100644
187--- a/configure.ac
188+++ b/configure.ac
189@@ -111,7 +111,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
190 	     [AC_MSG_ERROR([Can't find expat library. Please install expat.])])
191 AC_SUBST(EXPAT_LIBS)
192
193-AC_CHECK_FUNCS(clearenv fdatasync)
194+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
195
196 if test "x$GCC" = "xyes"; then
197   LDFLAGS="-Wl,--as-needed $LDFLAGS"
198diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
199index 3aa1f7f..10e9c17 100644
200--- a/src/polkit/polkitidentity.c
201+++ b/src/polkit/polkitidentity.c
202@@ -182,7 +182,15 @@ polkit_identity_from_string  (const gchar   *str,
203     }
204   else if (g_str_has_prefix (str, "unix-netgroup:"))
205     {
206+#ifndef HAVE_SETNETGRENT
207+      g_set_error (error,
208+                   POLKIT_ERROR,
209+                   POLKIT_ERROR_FAILED,
210+                   "Netgroups are not available on this machine ('%s')",
211+                   str);
212+#else
213       identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
214+#endif
215     }
216
217   if (identity == NULL && (error != NULL && *error == NULL))
218@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
219       GVariant *v;
220       const char *name;
221
222+#ifndef HAVE_SETNETGRENT
223+      g_set_error (error,
224+                   POLKIT_ERROR,
225+                   POLKIT_ERROR_FAILED,
226+                   "Netgroups are not available on this machine");
227+      goto out;
228+#else
229       v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
230       if (v == NULL)
231         {
232@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
233       name = g_variant_get_string (v, NULL);
234       ret = polkit_unix_netgroup_new (name);
235       g_variant_unref (v);
236+#endif
237     }
238   else
239     {
240diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
241index 8a2b369..83f8d4a 100644
242--- a/src/polkit/polkitunixnetgroup.c
243+++ b/src/polkit/polkitunixnetgroup.c
244@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
245 PolkitIdentity *
246 polkit_unix_netgroup_new (const gchar *name)
247 {
248+#ifndef HAVE_SETNETGRENT
249+  g_assert_not_reached();
250+#endif
251   g_return_val_if_fail (name != NULL, NULL);
252   return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
253                                        "name", name,
254diff --git a/src/polkitbackend/polkitbackendduktapeauthority.c b/src/polkitbackend/polkitbackendduktapeauthority.c
255index 4b4f8fd..e19b009 100644
256--- a/src/polkitbackend/polkitbackendduktapeauthority.c
257+++ b/src/polkitbackend/polkitbackendduktapeauthority.c
258@@ -1036,6 +1036,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
259   const char *netgroup;
260   gboolean is_in_netgroup = FALSE;
261
262+#ifdef HAVE_SETNETGRENT
263   user = duk_require_string (cx, 0);
264   netgroup = duk_require_string (cx, 1);
265
266@@ -1046,6 +1047,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx)
267     {
268       is_in_netgroup = TRUE;
269     }
270+#endif
271
272   duk_push_boolean (cx, is_in_netgroup);
273   return 1;
274diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
275index 056d9a8..36c2f3d 100644
276--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
277+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
278@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity                    *group,
279   GList *ret;
280
281   ret = NULL;
282+#ifdef HAVE_SETNETGRENT
283   name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
284
285-#ifdef HAVE_SETNETGRENT_RETURN
286+# ifdef HAVE_SETNETGRENT_RETURN
287   if (setnetgrent (name) == 0)
288     {
289       g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
290       goto out;
291     }
292-#else
293+# else
294   setnetgrent (name);
295-#endif
296+# endif /* HAVE_SETNETGRENT_RETURN */
297
298   for (;;)
299     {
300-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
301+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
302       const char *hostname, *username, *domainname;
303-#else
304+# else
305       char *hostname, *username, *domainname;
306-#endif
307+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
308       PolkitIdentity *user;
309       GError *error = NULL;
310
311@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity                    *group,
312
313  out:
314   endnetgrent ();
315+#endif /* HAVE_SETNETGRENT */
316   return ret;
317 }
318
319diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
320index 9b752d1..09b2878 100644
321--- a/src/polkitbackend/polkitbackendjsauthority.cpp
322+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
323@@ -1520,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
324
325   JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
326
327+#ifdef HAVE_SETNETGRENT
328   JS::RootedString usrstr (authority->priv->cx);
329   usrstr = args[0].toString();
330   user = JS_EncodeStringToUTF8 (cx, usrstr);
331@@ -1534,7 +1535,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
332     {
333       is_in_netgroup =  true;
334     }
335-
336+#endif
337   ret = true;
338
339   args.rval ().setBoolean (is_in_netgroup);
340diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
341index e91967b..e829aaa 100644
342--- a/test/polkit/polkitidentitytest.c
343+++ b/test/polkit/polkitidentitytest.c
344@@ -19,6 +19,7 @@
345  * Author: Nikki VonHollen <vonhollen@google.com>
346  */
347
348+#include "config.h"
349 #include "glib.h"
350 #include <polkit/polkit.h>
351 #include <polkit/polkitprivate.h>
352@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
353   {"unix-group:root", "unix-group:jane", FALSE},
354   {"unix-group:jane", "unix-group:jane", TRUE},
355
356+#ifdef HAVE_SETNETGRENT
357   {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
358   {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
359+#endif
360
361   {"unix-user:root", "unix-group:root", FALSE},
362+#ifdef HAVE_SETNETGRENT
363   {"unix-user:jane", "unix-netgroup:foo", FALSE},
364+#endif
365
366   {NULL},
367 };
368@@ -181,11 +186,13 @@ main (int argc, char *argv[])
369   g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
370   g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
371
372+#ifdef HAVE_SETNETGRENT
373   g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
374+  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
375+#endif
376
377   g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
378   g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
379-  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
380
381   add_comparison_tests ();
382
383diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
384index 3701ba1..e3352eb 100644
385--- a/test/polkit/polkitunixnetgrouptest.c
386+++ b/test/polkit/polkitunixnetgrouptest.c
387@@ -19,6 +19,7 @@
388  * Author: Nikki VonHollen <vonhollen@google.com>
389  */
390
391+#include "config.h"
392 #include "glib.h"
393 #include <polkit/polkit.h>
394 #include <string.h>
395@@ -69,7 +70,9 @@ int
396 main (int argc, char *argv[])
397 {
398   g_test_init (&argc, &argv, NULL);
399+#ifdef HAVE_SETNETGRENT
400   g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
401   g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
402+#endif
403   return g_test_run ();
404 }
405diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
406index 71aad23..fdd28f3 100644
407--- a/test/polkitbackend/test-polkitbackendjsauthority.c
408+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
409@@ -137,12 +137,14 @@ test_get_admin_identities (void)
410         "unix-group:users"
411       }
412     },
413+#ifdef HAVE_SETNETGRENT
414     {
415       "net.company.action3",
416       {
417         "unix-netgroup:foo"
418       }
419     },
420+#endif
421   };
422   guint n;
423
424--
4252.25.1
426
427