1From 5cf1a5fe6f8a24f1c95a749e3f347eeed2f591dd Mon Sep 17 00:00:00 2001
2From: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
3Date: Sun, 15 May 2022 05:04:10 +0000
4Subject: [PATCH] Make netgroup support optional
5
6On at least Linux/musl and Linux/uclibc, netgroup support is not
7available.  PolKit fails to compile on these systems for that reason.
8
9This change makes netgroup support conditional on the presence of the
10setnetgrent(3) function which is required for the support to work.  If
11that function is not available on the system, an error will be returned
12to the administrator if unix-netgroup: is specified in configuration.
13
14(sam: rebased for Meson and Duktape.)
15
16Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
17Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/163
18Closes: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/52
19Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
20
21Ported back the change in configure.ac (upstream removed autotools
22support).
23
24Upstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66]
25Signed-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
26
27---
28 configure.ac                                    |  2 +-
29 meson.build                                     |  1 +
30 src/polkit/polkitidentity.c                     | 17 +++++++++++++++++
31 src/polkit/polkitunixnetgroup.c                 |  3 +++
32 .../polkitbackendinteractiveauthority.c         | 14 ++++++++------
33 src/polkitbackend/polkitbackendjsauthority.cpp  |  2 ++
34 test/polkit/polkitidentitytest.c                |  8 +++++++-
35 test/polkit/polkitunixnetgrouptest.c            |  2 ++
36 .../test-polkitbackendjsauthority.c             |  2 ++
37 9 files changed, 43 insertions(+), 8 deletions(-)
38
39diff --git a/configure.ac b/configure.ac
40index 18e4223..0f87ea0 100644
41--- a/configure.ac
42+++ b/configure.ac
43@@ -117,7 +117,7 @@ CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
44 CC="$PTHREAD_CC"
45 AC_CHECK_FUNCS([pthread_condattr_setclock])
46
47-AC_CHECK_FUNCS(clearenv fdatasync)
48+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
49
50 if test "x$GCC" = "xyes"; then
51   LDFLAGS="-Wl,--as-needed $LDFLAGS"
52diff --git a/meson.build b/meson.build
53index 7506231..2d9d67a 100644
54--- a/meson.build
55+++ b/meson.build
56@@ -82,6 +82,7 @@ config_h.set('_GNU_SOURCE', true)
57 check_functions = [
58   'clearenv',
59   'fdatasync',
60+  'setnetgrent',
61 ]
62
63 foreach func: check_functions
64diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
65index 3aa1f7f..793f17d 100644
66--- a/src/polkit/polkitidentity.c
67+++ b/src/polkit/polkitidentity.c
68@@ -182,7 +182,15 @@ polkit_identity_from_string  (const gchar   *str,
69     }
70   else if (g_str_has_prefix (str, "unix-netgroup:"))
71     {
72+#ifndef HAVE_SETNETGRENT
73+      g_set_error (error,
74+                   POLKIT_ERROR,
75+                   POLKIT_ERROR_FAILED,
76+                   "Netgroups are not available on this machine ('%s')",
77+                   str);
78+#else
79       identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
80+#endif
81     }
82
83   if (identity == NULL && (error != NULL && *error == NULL))
84@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
85       GVariant *v;
86       const char *name;
87
88+#ifndef HAVE_SETNETGRENT
89+      g_set_error (error,
90+                   POLKIT_ERROR,
91+                   POLKIT_ERROR_FAILED,
92+                   "Netgroups are not available on this machine");
93+      goto out;
94+#else
95+
96       v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
97       if (v == NULL)
98         {
99@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
100       name = g_variant_get_string (v, NULL);
101       ret = polkit_unix_netgroup_new (name);
102       g_variant_unref (v);
103+#endif
104     }
105   else
106     {
107diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
108index 8a2b369..83f8d4a 100644
109--- a/src/polkit/polkitunixnetgroup.c
110+++ b/src/polkit/polkitunixnetgroup.c
111@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
112 PolkitIdentity *
113 polkit_unix_netgroup_new (const gchar *name)
114 {
115+#ifndef HAVE_SETNETGRENT
116+  g_assert_not_reached();
117+#endif
118   g_return_val_if_fail (name != NULL, NULL);
119   return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
120                                        "name", name,
121diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
122index 056d9a8..36c2f3d 100644
123--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
124+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
125@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity                    *group,
126   GList *ret;
127
128   ret = NULL;
129+#ifdef HAVE_SETNETGRENT
130   name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
131
132-#ifdef HAVE_SETNETGRENT_RETURN
133+# ifdef HAVE_SETNETGRENT_RETURN
134   if (setnetgrent (name) == 0)
135     {
136       g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
137       goto out;
138     }
139-#else
140+# else
141   setnetgrent (name);
142-#endif
143+# endif /* HAVE_SETNETGRENT_RETURN */
144
145   for (;;)
146     {
147-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
148+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
149       const char *hostname, *username, *domainname;
150-#else
151+# else
152       char *hostname, *username, *domainname;
153-#endif
154+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
155       PolkitIdentity *user;
156       GError *error = NULL;
157
158@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity                    *group,
159
160  out:
161   endnetgrent ();
162+#endif /* HAVE_SETNETGRENT */
163   return ret;
164 }
165
166diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
167index 11e91c0..9ee0391 100644
168--- a/src/polkitbackend/polkitbackendjsauthority.cpp
169+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
170@@ -1291,6 +1291,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
171
172   JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
173
174+#ifdef HAVE_SETNETGRENT
175   JS::RootedString usrstr (authority->priv->cx);
176   usrstr = args[0].toString();
177   user = JS_EncodeStringToUTF8 (cx, usrstr);
178@@ -1305,6 +1306,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
179     {
180       is_in_netgroup =  true;
181     }
182+#endif
183
184   ret = true;
185
186diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
187index e91967b..2635c4c 100644
188--- a/test/polkit/polkitidentitytest.c
189+++ b/test/polkit/polkitidentitytest.c
190@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = {
191   {"unix-group:root", "unix-group:jane", FALSE},
192   {"unix-group:jane", "unix-group:jane", TRUE},
193
194+#ifdef HAVE_SETNETGRENT
195   {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
196   {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
197+#endif
198
199   {"unix-user:root", "unix-group:root", FALSE},
200+#ifdef HAVE_SETNETGRENT
201   {"unix-user:jane", "unix-netgroup:foo", FALSE},
202+#endif
203
204   {NULL},
205 };
206@@ -181,11 +185,13 @@ main (int argc, char *argv[])
207   g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
208   g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
209
210+#ifdef HAVE_SETNETGRENT
211   g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
212+  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
213+#endif
214
215   g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
216   g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
217-  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
218
219   add_comparison_tests ();
220
221diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
222index 3701ba1..e1d211e 100644
223--- a/test/polkit/polkitunixnetgrouptest.c
224+++ b/test/polkit/polkitunixnetgrouptest.c
225@@ -69,7 +69,9 @@ int
226 main (int argc, char *argv[])
227 {
228   g_test_init (&argc, &argv, NULL);
229+#ifdef HAVE_SETNETGRENT
230   g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
231   g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
232+#endif
233   return g_test_run ();
234 }
235diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
236index 2103b17..b187a2f 100644
237--- a/test/polkitbackend/test-polkitbackendjsauthority.c
238+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
239@@ -137,12 +137,14 @@ test_get_admin_identities (void)
240         "unix-group:users"
241       }
242     },
243+#ifdef HAVE_SETNETGRENT
244     {
245       "net.company.action3",
246       {
247         "unix-netgroup:foo"
248       }
249     },
250+#endif
251   };
252   guint n;
253
254