1*4882a593SmuzhiyunFrom 5cf1a5fe6f8a24f1c95a749e3f347eeed2f591dd Mon Sep 17 00:00:00 2001
2*4882a593SmuzhiyunFrom: "A. Wilcox" <AWilcox@Wilcox-Tech.com>
3*4882a593SmuzhiyunDate: Sun, 15 May 2022 05:04:10 +0000
4*4882a593SmuzhiyunSubject: [PATCH] Make netgroup support optional
5*4882a593Smuzhiyun
6*4882a593SmuzhiyunOn at least Linux/musl and Linux/uclibc, netgroup support is not
7*4882a593Smuzhiyunavailable.  PolKit fails to compile on these systems for that reason.
8*4882a593Smuzhiyun
9*4882a593SmuzhiyunThis change makes netgroup support conditional on the presence of the
10*4882a593Smuzhiyunsetnetgrent(3) function which is required for the support to work.  If
11*4882a593Smuzhiyunthat function is not available on the system, an error will be returned
12*4882a593Smuzhiyunto the administrator if unix-netgroup: is specified in configuration.
13*4882a593Smuzhiyun
14*4882a593Smuzhiyun(sam: rebased for Meson and Duktape.)
15*4882a593Smuzhiyun
16*4882a593SmuzhiyunCloses: https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
17*4882a593SmuzhiyunCloses: https://gitlab.freedesktop.org/polkit/polkit/-/issues/163
18*4882a593SmuzhiyunCloses: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/52
19*4882a593SmuzhiyunSigned-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
20*4882a593Smuzhiyun
21*4882a593SmuzhiyunPorted back the change in configure.ac (upstream removed autotools
22*4882a593Smuzhiyunsupport).
23*4882a593Smuzhiyun
24*4882a593SmuzhiyunUpstream-Status: Backport [https://gitlab.freedesktop.org/polkit/polkit/-/commit/b57deee8178190a7ecc75290fa13cf7daabc2c66]
25*4882a593SmuzhiyunSigned-off-by: Marta Rybczynska <marta.rybczynska@huawei.com>
26*4882a593Smuzhiyun
27*4882a593Smuzhiyun---
28*4882a593Smuzhiyun configure.ac                                    |  2 +-
29*4882a593Smuzhiyun meson.build                                     |  1 +
30*4882a593Smuzhiyun src/polkit/polkitidentity.c                     | 17 +++++++++++++++++
31*4882a593Smuzhiyun src/polkit/polkitunixnetgroup.c                 |  3 +++
32*4882a593Smuzhiyun .../polkitbackendinteractiveauthority.c         | 14 ++++++++------
33*4882a593Smuzhiyun src/polkitbackend/polkitbackendjsauthority.cpp  |  2 ++
34*4882a593Smuzhiyun test/polkit/polkitidentitytest.c                |  8 +++++++-
35*4882a593Smuzhiyun test/polkit/polkitunixnetgrouptest.c            |  2 ++
36*4882a593Smuzhiyun .../test-polkitbackendjsauthority.c             |  2 ++
37*4882a593Smuzhiyun 9 files changed, 43 insertions(+), 8 deletions(-)
38*4882a593Smuzhiyun
39*4882a593Smuzhiyundiff --git a/configure.ac b/configure.ac
40*4882a593Smuzhiyunindex 18e4223..0f87ea0 100644
41*4882a593Smuzhiyun--- a/configure.ac
42*4882a593Smuzhiyun+++ b/configure.ac
43*4882a593Smuzhiyun@@ -117,7 +117,7 @@ CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
44*4882a593Smuzhiyun CC="$PTHREAD_CC"
45*4882a593Smuzhiyun AC_CHECK_FUNCS([pthread_condattr_setclock])
46*4882a593Smuzhiyun
47*4882a593Smuzhiyun-AC_CHECK_FUNCS(clearenv fdatasync)
48*4882a593Smuzhiyun+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
49*4882a593Smuzhiyun
50*4882a593Smuzhiyun if test "x$GCC" = "xyes"; then
51*4882a593Smuzhiyun   LDFLAGS="-Wl,--as-needed $LDFLAGS"
52*4882a593Smuzhiyundiff --git a/meson.build b/meson.build
53*4882a593Smuzhiyunindex 7506231..2d9d67a 100644
54*4882a593Smuzhiyun--- a/meson.build
55*4882a593Smuzhiyun+++ b/meson.build
56*4882a593Smuzhiyun@@ -82,6 +82,7 @@ config_h.set('_GNU_SOURCE', true)
57*4882a593Smuzhiyun check_functions = [
58*4882a593Smuzhiyun   'clearenv',
59*4882a593Smuzhiyun   'fdatasync',
60*4882a593Smuzhiyun+  'setnetgrent',
61*4882a593Smuzhiyun ]
62*4882a593Smuzhiyun
63*4882a593Smuzhiyun foreach func: check_functions
64*4882a593Smuzhiyundiff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
65*4882a593Smuzhiyunindex 3aa1f7f..793f17d 100644
66*4882a593Smuzhiyun--- a/src/polkit/polkitidentity.c
67*4882a593Smuzhiyun+++ b/src/polkit/polkitidentity.c
68*4882a593Smuzhiyun@@ -182,7 +182,15 @@ polkit_identity_from_string  (const gchar   *str,
69*4882a593Smuzhiyun     }
70*4882a593Smuzhiyun   else if (g_str_has_prefix (str, "unix-netgroup:"))
71*4882a593Smuzhiyun     {
72*4882a593Smuzhiyun+#ifndef HAVE_SETNETGRENT
73*4882a593Smuzhiyun+      g_set_error (error,
74*4882a593Smuzhiyun+                   POLKIT_ERROR,
75*4882a593Smuzhiyun+                   POLKIT_ERROR_FAILED,
76*4882a593Smuzhiyun+                   "Netgroups are not available on this machine ('%s')",
77*4882a593Smuzhiyun+                   str);
78*4882a593Smuzhiyun+#else
79*4882a593Smuzhiyun       identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
80*4882a593Smuzhiyun+#endif
81*4882a593Smuzhiyun     }
82*4882a593Smuzhiyun
83*4882a593Smuzhiyun   if (identity == NULL && (error != NULL && *error == NULL))
84*4882a593Smuzhiyun@@ -344,6 +352,14 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
85*4882a593Smuzhiyun       GVariant *v;
86*4882a593Smuzhiyun       const char *name;
87*4882a593Smuzhiyun
88*4882a593Smuzhiyun+#ifndef HAVE_SETNETGRENT
89*4882a593Smuzhiyun+      g_set_error (error,
90*4882a593Smuzhiyun+                   POLKIT_ERROR,
91*4882a593Smuzhiyun+                   POLKIT_ERROR_FAILED,
92*4882a593Smuzhiyun+                   "Netgroups are not available on this machine");
93*4882a593Smuzhiyun+      goto out;
94*4882a593Smuzhiyun+#else
95*4882a593Smuzhiyun+
96*4882a593Smuzhiyun       v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
97*4882a593Smuzhiyun       if (v == NULL)
98*4882a593Smuzhiyun         {
99*4882a593Smuzhiyun@@ -353,6 +369,7 @@ polkit_identity_new_for_gvariant (GVariant  *variant,
100*4882a593Smuzhiyun       name = g_variant_get_string (v, NULL);
101*4882a593Smuzhiyun       ret = polkit_unix_netgroup_new (name);
102*4882a593Smuzhiyun       g_variant_unref (v);
103*4882a593Smuzhiyun+#endif
104*4882a593Smuzhiyun     }
105*4882a593Smuzhiyun   else
106*4882a593Smuzhiyun     {
107*4882a593Smuzhiyundiff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
108*4882a593Smuzhiyunindex 8a2b369..83f8d4a 100644
109*4882a593Smuzhiyun--- a/src/polkit/polkitunixnetgroup.c
110*4882a593Smuzhiyun+++ b/src/polkit/polkitunixnetgroup.c
111*4882a593Smuzhiyun@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
112*4882a593Smuzhiyun PolkitIdentity *
113*4882a593Smuzhiyun polkit_unix_netgroup_new (const gchar *name)
114*4882a593Smuzhiyun {
115*4882a593Smuzhiyun+#ifndef HAVE_SETNETGRENT
116*4882a593Smuzhiyun+  g_assert_not_reached();
117*4882a593Smuzhiyun+#endif
118*4882a593Smuzhiyun   g_return_val_if_fail (name != NULL, NULL);
119*4882a593Smuzhiyun   return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
120*4882a593Smuzhiyun                                        "name", name,
121*4882a593Smuzhiyundiff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
122*4882a593Smuzhiyunindex 056d9a8..36c2f3d 100644
123*4882a593Smuzhiyun--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
124*4882a593Smuzhiyun+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
125*4882a593Smuzhiyun@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity                    *group,
126*4882a593Smuzhiyun   GList *ret;
127*4882a593Smuzhiyun
128*4882a593Smuzhiyun   ret = NULL;
129*4882a593Smuzhiyun+#ifdef HAVE_SETNETGRENT
130*4882a593Smuzhiyun   name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
131*4882a593Smuzhiyun
132*4882a593Smuzhiyun-#ifdef HAVE_SETNETGRENT_RETURN
133*4882a593Smuzhiyun+# ifdef HAVE_SETNETGRENT_RETURN
134*4882a593Smuzhiyun   if (setnetgrent (name) == 0)
135*4882a593Smuzhiyun     {
136*4882a593Smuzhiyun       g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
137*4882a593Smuzhiyun       goto out;
138*4882a593Smuzhiyun     }
139*4882a593Smuzhiyun-#else
140*4882a593Smuzhiyun+# else
141*4882a593Smuzhiyun   setnetgrent (name);
142*4882a593Smuzhiyun-#endif
143*4882a593Smuzhiyun+# endif /* HAVE_SETNETGRENT_RETURN */
144*4882a593Smuzhiyun
145*4882a593Smuzhiyun   for (;;)
146*4882a593Smuzhiyun     {
147*4882a593Smuzhiyun-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
148*4882a593Smuzhiyun+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
149*4882a593Smuzhiyun       const char *hostname, *username, *domainname;
150*4882a593Smuzhiyun-#else
151*4882a593Smuzhiyun+# else
152*4882a593Smuzhiyun       char *hostname, *username, *domainname;
153*4882a593Smuzhiyun-#endif
154*4882a593Smuzhiyun+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
155*4882a593Smuzhiyun       PolkitIdentity *user;
156*4882a593Smuzhiyun       GError *error = NULL;
157*4882a593Smuzhiyun
158*4882a593Smuzhiyun@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity                    *group,
159*4882a593Smuzhiyun
160*4882a593Smuzhiyun  out:
161*4882a593Smuzhiyun   endnetgrent ();
162*4882a593Smuzhiyun+#endif /* HAVE_SETNETGRENT */
163*4882a593Smuzhiyun   return ret;
164*4882a593Smuzhiyun }
165*4882a593Smuzhiyun
166*4882a593Smuzhiyundiff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
167*4882a593Smuzhiyunindex 11e91c0..9ee0391 100644
168*4882a593Smuzhiyun--- a/src/polkitbackend/polkitbackendjsauthority.cpp
169*4882a593Smuzhiyun+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
170*4882a593Smuzhiyun@@ -1291,6 +1291,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
171*4882a593Smuzhiyun
172*4882a593Smuzhiyun   JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
173*4882a593Smuzhiyun
174*4882a593Smuzhiyun+#ifdef HAVE_SETNETGRENT
175*4882a593Smuzhiyun   JS::RootedString usrstr (authority->priv->cx);
176*4882a593Smuzhiyun   usrstr = args[0].toString();
177*4882a593Smuzhiyun   user = JS_EncodeStringToUTF8 (cx, usrstr);
178*4882a593Smuzhiyun@@ -1305,6 +1306,7 @@ js_polkit_user_is_in_netgroup (JSContext  *cx,
179*4882a593Smuzhiyun     {
180*4882a593Smuzhiyun       is_in_netgroup =  true;
181*4882a593Smuzhiyun     }
182*4882a593Smuzhiyun+#endif
183*4882a593Smuzhiyun
184*4882a593Smuzhiyun   ret = true;
185*4882a593Smuzhiyun
186*4882a593Smuzhiyundiff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
187*4882a593Smuzhiyunindex e91967b..2635c4c 100644
188*4882a593Smuzhiyun--- a/test/polkit/polkitidentitytest.c
189*4882a593Smuzhiyun+++ b/test/polkit/polkitidentitytest.c
190*4882a593Smuzhiyun@@ -145,11 +145,15 @@ struct ComparisonTestData comparison_test_data [] = {
191*4882a593Smuzhiyun   {"unix-group:root", "unix-group:jane", FALSE},
192*4882a593Smuzhiyun   {"unix-group:jane", "unix-group:jane", TRUE},
193*4882a593Smuzhiyun
194*4882a593Smuzhiyun+#ifdef HAVE_SETNETGRENT
195*4882a593Smuzhiyun   {"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
196*4882a593Smuzhiyun   {"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
197*4882a593Smuzhiyun+#endif
198*4882a593Smuzhiyun
199*4882a593Smuzhiyun   {"unix-user:root", "unix-group:root", FALSE},
200*4882a593Smuzhiyun+#ifdef HAVE_SETNETGRENT
201*4882a593Smuzhiyun   {"unix-user:jane", "unix-netgroup:foo", FALSE},
202*4882a593Smuzhiyun+#endif
203*4882a593Smuzhiyun
204*4882a593Smuzhiyun   {NULL},
205*4882a593Smuzhiyun };
206*4882a593Smuzhiyun@@ -181,11 +185,13 @@ main (int argc, char *argv[])
207*4882a593Smuzhiyun   g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
208*4882a593Smuzhiyun   g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
209*4882a593Smuzhiyun
210*4882a593Smuzhiyun+#ifdef HAVE_SETNETGRENT
211*4882a593Smuzhiyun   g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
212*4882a593Smuzhiyun+  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
213*4882a593Smuzhiyun+#endif
214*4882a593Smuzhiyun
215*4882a593Smuzhiyun   g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
216*4882a593Smuzhiyun   g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
217*4882a593Smuzhiyun-  g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
218*4882a593Smuzhiyun
219*4882a593Smuzhiyun   add_comparison_tests ();
220*4882a593Smuzhiyun
221*4882a593Smuzhiyundiff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
222*4882a593Smuzhiyunindex 3701ba1..e1d211e 100644
223*4882a593Smuzhiyun--- a/test/polkit/polkitunixnetgrouptest.c
224*4882a593Smuzhiyun+++ b/test/polkit/polkitunixnetgrouptest.c
225*4882a593Smuzhiyun@@ -69,7 +69,9 @@ int
226*4882a593Smuzhiyun main (int argc, char *argv[])
227*4882a593Smuzhiyun {
228*4882a593Smuzhiyun   g_test_init (&argc, &argv, NULL);
229*4882a593Smuzhiyun+#ifdef HAVE_SETNETGRENT
230*4882a593Smuzhiyun   g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
231*4882a593Smuzhiyun   g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
232*4882a593Smuzhiyun+#endif
233*4882a593Smuzhiyun   return g_test_run ();
234*4882a593Smuzhiyun }
235*4882a593Smuzhiyundiff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
236*4882a593Smuzhiyunindex 2103b17..b187a2f 100644
237*4882a593Smuzhiyun--- a/test/polkitbackend/test-polkitbackendjsauthority.c
238*4882a593Smuzhiyun+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
239*4882a593Smuzhiyun@@ -137,12 +137,14 @@ test_get_admin_identities (void)
240*4882a593Smuzhiyun         "unix-group:users"
241*4882a593Smuzhiyun       }
242*4882a593Smuzhiyun     },
243*4882a593Smuzhiyun+#ifdef HAVE_SETNETGRENT
244*4882a593Smuzhiyun     {
245*4882a593Smuzhiyun       "net.company.action3",
246*4882a593Smuzhiyun       {
247*4882a593Smuzhiyun         "unix-netgroup:foo"
248*4882a593Smuzhiyun       }
249*4882a593Smuzhiyun     },
250*4882a593Smuzhiyun+#endif
251*4882a593Smuzhiyun   };
252*4882a593Smuzhiyun   guint n;
253*4882a593Smuzhiyun
254