8edcb84730
0001-make-netgroup-support-optional.patch patches configure.ac, but we don't autoreconf the package, which is not good. However, simply adding AUTORECONF = YES is not sufficient: polkit Makefile.am use the automake conditional HAVE_INTROSPECTION, which is "available" only when the gobject-introspection m4 file is installed. Since we don't want to make gobject-introspection a mandatory dependency of polkit, we take a simpler route: add a copy of introspection.m4 into the polkit source tree. This is only a 142 lines file, and it can be dropped when 0001-make-netgroup-support-optional.patch is merged upstream. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
404 lines
14 KiB
Diff
404 lines
14 KiB
Diff
From 1b854ef4bb15032091a33fed587e5ba6f3e582eb Mon Sep 17 00:00:00 2001
|
|
From: Khem Raj <raj.khem@gmail.com>
|
|
Date: Wed, 22 May 2019 13:18:55 -0700
|
|
Subject: [PATCH] make netgroup support optional
|
|
|
|
On at least Linux/musl and Linux/uclibc, netgroup
|
|
support is not available. PolKit fails to compile on these systems
|
|
for that reason.
|
|
|
|
This change makes netgroup support conditional on the presence of the
|
|
setnetgrent(3) function which is required for the support to work. If
|
|
that function is not available on the system, an error will be returned
|
|
to the administrator if unix-netgroup: is specified in configuration.
|
|
|
|
Fixes bug 50145.
|
|
|
|
Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
|
|
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
|
Signed-off-by: Adam Duskett <aduskett@gmail.com>
|
|
[Thomas: add introspection.m4.]
|
|
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
|
|
---
|
|
buildutil/introspection.m4 | 142 ++++++++++++++++++
|
|
configure.ac | 2 +-
|
|
src/polkit/polkitidentity.c | 16 ++
|
|
src/polkit/polkitunixnetgroup.c | 3 +
|
|
.../polkitbackendinteractiveauthority.c | 14 +-
|
|
.../polkitbackendjsauthority.cpp | 2 +
|
|
test/polkit/polkitidentitytest.c | 9 +-
|
|
test/polkit/polkitunixnetgrouptest.c | 3 +
|
|
.../test-polkitbackendjsauthority.c | 2 +
|
|
9 files changed, 185 insertions(+), 8 deletions(-)
|
|
create mode 100644 buildutil/introspection.m4
|
|
|
|
diff --git a/buildutil/introspection.m4 b/buildutil/introspection.m4
|
|
new file mode 100644
|
|
index 0000000..b0ccd68
|
|
--- /dev/null
|
|
+++ b/buildutil/introspection.m4
|
|
@@ -0,0 +1,142 @@
|
|
+dnl -*- mode: autoconf -*-
|
|
+dnl Copyright 2009 Johan Dahlin
|
|
+dnl
|
|
+dnl This file is free software; the author(s) gives unlimited
|
|
+dnl permission to copy and/or distribute it, with or without
|
|
+dnl modifications, as long as this notice is preserved.
|
|
+dnl
|
|
+
|
|
+# serial 1
|
|
+
|
|
+dnl This is a copy of AS_AC_EXPAND
|
|
+dnl
|
|
+dnl (C) 2003, 2004, 2005 Thomas Vander Stichele <thomas at apestaart dot org>
|
|
+dnl Copying and distribution of this file, with or without modification,
|
|
+dnl are permitted in any medium without royalty provided the copyright
|
|
+dnl notice and this notice are preserved.
|
|
+m4_define([_GOBJECT_INTROSPECTION_AS_AC_EXPAND],
|
|
+[
|
|
+ EXP_VAR=[$1]
|
|
+ FROM_VAR=[$2]
|
|
+
|
|
+ dnl first expand prefix and exec_prefix if necessary
|
|
+ prefix_save=$prefix
|
|
+ exec_prefix_save=$exec_prefix
|
|
+
|
|
+ dnl if no prefix given, then use /usr/local, the default prefix
|
|
+ if test "x$prefix" = "xNONE"; then
|
|
+ prefix="$ac_default_prefix"
|
|
+ fi
|
|
+ dnl if no exec_prefix given, then use prefix
|
|
+ if test "x$exec_prefix" = "xNONE"; then
|
|
+ exec_prefix=$prefix
|
|
+ fi
|
|
+
|
|
+ full_var="$FROM_VAR"
|
|
+ dnl loop until it doesn't change anymore
|
|
+ while true; do
|
|
+ new_full_var="`eval echo $full_var`"
|
|
+ if test "x$new_full_var" = "x$full_var"; then break; fi
|
|
+ full_var=$new_full_var
|
|
+ done
|
|
+
|
|
+ dnl clean up
|
|
+ full_var=$new_full_var
|
|
+ AC_SUBST([$1], "$full_var")
|
|
+
|
|
+ dnl restore prefix and exec_prefix
|
|
+ prefix=$prefix_save
|
|
+ exec_prefix=$exec_prefix_save
|
|
+])
|
|
+
|
|
+m4_define([_GOBJECT_INTROSPECTION_CHECK_INTERNAL],
|
|
+[
|
|
+ AC_BEFORE([AC_PROG_LIBTOOL],[$0])dnl setup libtool first
|
|
+ AC_BEFORE([AM_PROG_LIBTOOL],[$0])dnl setup libtool first
|
|
+ AC_BEFORE([LT_INIT],[$0])dnl setup libtool first
|
|
+
|
|
+ dnl enable/disable introspection
|
|
+ m4_if([$2], [require],
|
|
+ [dnl
|
|
+ enable_introspection=yes
|
|
+ ],[dnl
|
|
+ AC_ARG_ENABLE(introspection,
|
|
+ AS_HELP_STRING([--enable-introspection[=@<:@no/auto/yes@:>@]],
|
|
+ [Enable introspection for this build]),,
|
|
+ [enable_introspection=auto])
|
|
+ ])dnl
|
|
+
|
|
+ AC_MSG_CHECKING([for gobject-introspection])
|
|
+
|
|
+ dnl presence/version checking
|
|
+ AS_CASE([$enable_introspection],
|
|
+ [no], [dnl
|
|
+ found_introspection="no (disabled, use --enable-introspection to enable)"
|
|
+ ],dnl
|
|
+ [yes],[dnl
|
|
+ PKG_CHECK_EXISTS([gobject-introspection-1.0],,
|
|
+ AC_MSG_ERROR([gobject-introspection-1.0 is not installed]))
|
|
+ PKG_CHECK_EXISTS([gobject-introspection-1.0 >= $1],
|
|
+ found_introspection=yes,
|
|
+ AC_MSG_ERROR([You need to have gobject-introspection >= $1 installed to build AC_PACKAGE_NAME]))
|
|
+ ],dnl
|
|
+ [auto],[dnl
|
|
+ PKG_CHECK_EXISTS([gobject-introspection-1.0 >= $1], found_introspection=yes, found_introspection=no)
|
|
+ dnl Canonicalize enable_introspection
|
|
+ enable_introspection=$found_introspection
|
|
+ ],dnl
|
|
+ [dnl
|
|
+ AC_MSG_ERROR([invalid argument passed to --enable-introspection, should be one of @<:@no/auto/yes@:>@])
|
|
+ ])dnl
|
|
+
|
|
+ AC_MSG_RESULT([$found_introspection])
|
|
+
|
|
+ dnl expand datadir/libdir so we can pass them to pkg-config
|
|
+ dnl and get paths relative to our target directories
|
|
+ _GOBJECT_INTROSPECTION_AS_AC_EXPAND(_GI_EXP_DATADIR, "$datadir")
|
|
+ _GOBJECT_INTROSPECTION_AS_AC_EXPAND(_GI_EXP_LIBDIR, "$libdir")
|
|
+
|
|
+ INTROSPECTION_SCANNER=
|
|
+ INTROSPECTION_COMPILER=
|
|
+ INTROSPECTION_GENERATE=
|
|
+ INTROSPECTION_GIRDIR=
|
|
+ INTROSPECTION_TYPELIBDIR=
|
|
+ if test "x$found_introspection" = "xyes"; then
|
|
+ INTROSPECTION_SCANNER=$PKG_CONFIG_SYSROOT_DIR`$PKG_CONFIG --variable=g_ir_scanner gobject-introspection-1.0`
|
|
+ INTROSPECTION_COMPILER=$PKG_CONFIG_SYSROOT_DIR`$PKG_CONFIG --variable=g_ir_compiler gobject-introspection-1.0`
|
|
+ INTROSPECTION_GENERATE=$PKG_CONFIG_SYSROOT_DIR`$PKG_CONFIG --variable=g_ir_generate gobject-introspection-1.0`
|
|
+ INTROSPECTION_GIRDIR=`$PKG_CONFIG --define-variable=datadir="${_GI_EXP_DATADIR}" --variable=girdir gobject-introspection-1.0`
|
|
+ INTROSPECTION_TYPELIBDIR="$($PKG_CONFIG --define-variable=libdir="${_GI_EXP_LIBDIR}" --variable=typelibdir gobject-introspection-1.0)"
|
|
+ INTROSPECTION_CFLAGS=`$PKG_CONFIG --cflags gobject-introspection-1.0`
|
|
+ INTROSPECTION_LIBS=`$PKG_CONFIG --libs gobject-introspection-1.0`
|
|
+ INTROSPECTION_MAKEFILE=$PKG_CONFIG_SYSROOT_DIR`$PKG_CONFIG --variable=datadir gobject-introspection-1.0`/gobject-introspection-1.0/Makefile.introspection
|
|
+ fi
|
|
+ AC_SUBST(INTROSPECTION_SCANNER)
|
|
+ AC_SUBST(INTROSPECTION_COMPILER)
|
|
+ AC_SUBST(INTROSPECTION_GENERATE)
|
|
+ AC_SUBST(INTROSPECTION_GIRDIR)
|
|
+ AC_SUBST(INTROSPECTION_TYPELIBDIR)
|
|
+ AC_SUBST(INTROSPECTION_CFLAGS)
|
|
+ AC_SUBST(INTROSPECTION_LIBS)
|
|
+ AC_SUBST(INTROSPECTION_MAKEFILE)
|
|
+
|
|
+ AM_CONDITIONAL(HAVE_INTROSPECTION, test "x$found_introspection" = "xyes")
|
|
+])
|
|
+
|
|
+
|
|
+dnl Usage:
|
|
+dnl GOBJECT_INTROSPECTION_CHECK([minimum-g-i-version])
|
|
+
|
|
+AC_DEFUN([GOBJECT_INTROSPECTION_CHECK],
|
|
+[
|
|
+ _GOBJECT_INTROSPECTION_CHECK_INTERNAL([$1])
|
|
+])
|
|
+
|
|
+dnl Usage:
|
|
+dnl GOBJECT_INTROSPECTION_REQUIRE([minimum-g-i-version])
|
|
+
|
|
+
|
|
+AC_DEFUN([GOBJECT_INTROSPECTION_REQUIRE],
|
|
+[
|
|
+ _GOBJECT_INTROSPECTION_CHECK_INTERNAL([$1], [require])
|
|
+])
|
|
diff --git a/configure.ac b/configure.ac
|
|
index 5cedb4e..87aa0ad 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -99,7 +99,7 @@ AC_CHECK_LIB(expat,XML_ParserCreate,[EXPAT_LIBS="-lexpat"],
|
|
[AC_MSG_ERROR([Can't find expat library. Please install expat.])])
|
|
AC_SUBST(EXPAT_LIBS)
|
|
|
|
-AC_CHECK_FUNCS(clearenv fdatasync)
|
|
+AC_CHECK_FUNCS(clearenv fdatasync setnetgrent)
|
|
|
|
if test "x$GCC" = "xyes"; then
|
|
LDFLAGS="-Wl,--as-needed $LDFLAGS"
|
|
diff --git a/src/polkit/polkitidentity.c b/src/polkit/polkitidentity.c
|
|
index 3aa1f7f..10e9c17 100644
|
|
--- a/src/polkit/polkitidentity.c
|
|
+++ b/src/polkit/polkitidentity.c
|
|
@@ -182,7 +182,15 @@ polkit_identity_from_string (const gchar *str,
|
|
}
|
|
else if (g_str_has_prefix (str, "unix-netgroup:"))
|
|
{
|
|
+#ifndef HAVE_SETNETGRENT
|
|
+ g_set_error (error,
|
|
+ POLKIT_ERROR,
|
|
+ POLKIT_ERROR_FAILED,
|
|
+ "Netgroups are not available on this machine ('%s')",
|
|
+ str);
|
|
+#else
|
|
identity = polkit_unix_netgroup_new (str + sizeof "unix-netgroup:" - 1);
|
|
+#endif
|
|
}
|
|
|
|
if (identity == NULL && (error != NULL && *error == NULL))
|
|
@@ -344,6 +352,13 @@ polkit_identity_new_for_gvariant (GVariant *variant,
|
|
GVariant *v;
|
|
const char *name;
|
|
|
|
+#ifndef HAVE_SETNETGRENT
|
|
+ g_set_error (error,
|
|
+ POLKIT_ERROR,
|
|
+ POLKIT_ERROR_FAILED,
|
|
+ "Netgroups are not available on this machine");
|
|
+ goto out;
|
|
+#else
|
|
v = lookup_asv (details_gvariant, "name", G_VARIANT_TYPE_STRING, error);
|
|
if (v == NULL)
|
|
{
|
|
@@ -353,6 +368,7 @@ polkit_identity_new_for_gvariant (GVariant *variant,
|
|
name = g_variant_get_string (v, NULL);
|
|
ret = polkit_unix_netgroup_new (name);
|
|
g_variant_unref (v);
|
|
+#endif
|
|
}
|
|
else
|
|
{
|
|
diff --git a/src/polkit/polkitunixnetgroup.c b/src/polkit/polkitunixnetgroup.c
|
|
index 8a2b369..83f8d4a 100644
|
|
--- a/src/polkit/polkitunixnetgroup.c
|
|
+++ b/src/polkit/polkitunixnetgroup.c
|
|
@@ -194,6 +194,9 @@ polkit_unix_netgroup_set_name (PolkitUnixNetgroup *group,
|
|
PolkitIdentity *
|
|
polkit_unix_netgroup_new (const gchar *name)
|
|
{
|
|
+#ifndef HAVE_SETNETGRENT
|
|
+ g_assert_not_reached();
|
|
+#endif
|
|
g_return_val_if_fail (name != NULL, NULL);
|
|
return POLKIT_IDENTITY (g_object_new (POLKIT_TYPE_UNIX_NETGROUP,
|
|
"name", name,
|
|
diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c
|
|
index 056d9a8..36c2f3d 100644
|
|
--- a/src/polkitbackend/polkitbackendinteractiveauthority.c
|
|
+++ b/src/polkitbackend/polkitbackendinteractiveauthority.c
|
|
@@ -2233,25 +2233,26 @@ get_users_in_net_group (PolkitIdentity *group,
|
|
GList *ret;
|
|
|
|
ret = NULL;
|
|
+#ifdef HAVE_SETNETGRENT
|
|
name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group));
|
|
|
|
-#ifdef HAVE_SETNETGRENT_RETURN
|
|
+# ifdef HAVE_SETNETGRENT_RETURN
|
|
if (setnetgrent (name) == 0)
|
|
{
|
|
g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno));
|
|
goto out;
|
|
}
|
|
-#else
|
|
+# else
|
|
setnetgrent (name);
|
|
-#endif
|
|
+# endif /* HAVE_SETNETGRENT_RETURN */
|
|
|
|
for (;;)
|
|
{
|
|
-#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
|
|
+# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD)
|
|
const char *hostname, *username, *domainname;
|
|
-#else
|
|
+# else
|
|
char *hostname, *username, *domainname;
|
|
-#endif
|
|
+# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */
|
|
PolkitIdentity *user;
|
|
GError *error = NULL;
|
|
|
|
@@ -2282,6 +2283,7 @@ get_users_in_net_group (PolkitIdentity *group,
|
|
|
|
out:
|
|
endnetgrent ();
|
|
+#endif /* HAVE_SETNETGRENT */
|
|
return ret;
|
|
}
|
|
|
|
diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
index 9b752d1..09b2878 100644
|
|
--- a/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
+++ b/src/polkitbackend/polkitbackendjsauthority.cpp
|
|
@@ -1502,6 +1502,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
|
|
|
|
JS::CallArgs args = JS::CallArgsFromVp (argc, vp);
|
|
|
|
+#ifdef HAVE_SETNETGRENT
|
|
JS::RootedString usrstr (authority->priv->cx);
|
|
usrstr = args[0].toString();
|
|
user = JS_EncodeStringToUTF8 (cx, usrstr);
|
|
@@ -1519,6 +1520,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx,
|
|
|
|
JS_free (cx, netgroup);
|
|
JS_free (cx, user);
|
|
+#endif
|
|
|
|
ret = true;
|
|
|
|
diff --git a/test/polkit/polkitidentitytest.c b/test/polkit/polkitidentitytest.c
|
|
index e91967b..e829aaa 100644
|
|
--- a/test/polkit/polkitidentitytest.c
|
|
+++ b/test/polkit/polkitidentitytest.c
|
|
@@ -19,6 +19,7 @@
|
|
* Author: Nikki VonHollen <vonhollen@google.com>
|
|
*/
|
|
|
|
+#include "config.h"
|
|
#include "glib.h"
|
|
#include <polkit/polkit.h>
|
|
#include <polkit/polkitprivate.h>
|
|
@@ -145,11 +146,15 @@ struct ComparisonTestData comparison_test_data [] = {
|
|
{"unix-group:root", "unix-group:jane", FALSE},
|
|
{"unix-group:jane", "unix-group:jane", TRUE},
|
|
|
|
+#ifdef HAVE_SETNETGRENT
|
|
{"unix-netgroup:foo", "unix-netgroup:foo", TRUE},
|
|
{"unix-netgroup:foo", "unix-netgroup:bar", FALSE},
|
|
+#endif
|
|
|
|
{"unix-user:root", "unix-group:root", FALSE},
|
|
+#ifdef HAVE_SETNETGRENT
|
|
{"unix-user:jane", "unix-netgroup:foo", FALSE},
|
|
+#endif
|
|
|
|
{NULL},
|
|
};
|
|
@@ -181,11 +186,13 @@ main (int argc, char *argv[])
|
|
g_test_add_data_func ("/PolkitIdentity/group_string_2", "unix-group:jane", test_string);
|
|
g_test_add_data_func ("/PolkitIdentity/group_string_3", "unix-group:users", test_string);
|
|
|
|
+#ifdef HAVE_SETNETGRENT
|
|
g_test_add_data_func ("/PolkitIdentity/netgroup_string", "unix-netgroup:foo", test_string);
|
|
+ g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
|
|
+#endif
|
|
|
|
g_test_add_data_func ("/PolkitIdentity/user_gvariant", "unix-user:root", test_gvariant);
|
|
g_test_add_data_func ("/PolkitIdentity/group_gvariant", "unix-group:root", test_gvariant);
|
|
- g_test_add_data_func ("/PolkitIdentity/netgroup_gvariant", "unix-netgroup:foo", test_gvariant);
|
|
|
|
add_comparison_tests ();
|
|
|
|
diff --git a/test/polkit/polkitunixnetgrouptest.c b/test/polkit/polkitunixnetgrouptest.c
|
|
index 3701ba1..e3352eb 100644
|
|
--- a/test/polkit/polkitunixnetgrouptest.c
|
|
+++ b/test/polkit/polkitunixnetgrouptest.c
|
|
@@ -19,6 +19,7 @@
|
|
* Author: Nikki VonHollen <vonhollen@google.com>
|
|
*/
|
|
|
|
+#include "config.h"
|
|
#include "glib.h"
|
|
#include <polkit/polkit.h>
|
|
#include <string.h>
|
|
@@ -69,7 +70,9 @@ int
|
|
main (int argc, char *argv[])
|
|
{
|
|
g_test_init (&argc, &argv, NULL);
|
|
+#ifdef HAVE_SETNETGRENT
|
|
g_test_add_func ("/PolkitUnixNetgroup/new", test_new);
|
|
g_test_add_func ("/PolkitUnixNetgroup/set_name", test_set_name);
|
|
+#endif
|
|
return g_test_run ();
|
|
}
|
|
diff --git a/test/polkitbackend/test-polkitbackendjsauthority.c b/test/polkitbackend/test-polkitbackendjsauthority.c
|
|
index 71aad23..fdd28f3 100644
|
|
--- a/test/polkitbackend/test-polkitbackendjsauthority.c
|
|
+++ b/test/polkitbackend/test-polkitbackendjsauthority.c
|
|
@@ -137,12 +137,14 @@ test_get_admin_identities (void)
|
|
"unix-group:users"
|
|
}
|
|
},
|
|
+#ifdef HAVE_SETNETGRENT
|
|
{
|
|
"net.company.action3",
|
|
{
|
|
"unix-netgroup:foo"
|
|
}
|
|
},
|
|
+#endif
|
|
};
|
|
guint n;
|
|
|
|
--
|
|
2.25.1
|
|
|