diff options
| author | A. Wilcox <AWilcox@Wilcox-Tech.com> | 2022-05-15 05:04:10 +0000 |
|---|---|---|
| committer | Jan Rybar <jrybar@redhat.com> | 2022-07-14 12:50:49 +0000 |
| commit | b57deee8178190a7ecc75290fa13cf7daabc2c66 (patch) | |
| tree | 83e43baf32a418b74492b123b4e437641fcdd31f /src/polkitbackend | |
| parent | 827b0ddac5b1ef00a47fca4526fcf057bee5f1db (diff) | |
| download | polkit-b57deee8178190a7ecc75290fa13cf7daabc2c66.tar.gz | |
Make netgroup support optional
On at least Linux/musl and Linux/uclibc, netgroup support is not
available. PolKit fails to compile on these systems for that reason.
This change makes netgroup support conditional on the presence of the
setnetgrent(3) function which is required for the support to work. If
that function is not available on the system, an error will be returned
to the administrator if unix-netgroup: is specified in configuration.
(sam: rebased for Meson and Duktape.)
Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/14
Closes: https://gitlab.freedesktop.org/polkit/polkit/-/issues/163
Closes: https://gitlab.freedesktop.org/polkit/polkit/-/merge_requests/52
Signed-off-by: A. Wilcox <AWilcox@Wilcox-Tech.com>
Diffstat (limited to 'src/polkitbackend')
| -rw-r--r-- | src/polkitbackend/polkitbackendduktapeauthority.c | 4 | ||||
| -rw-r--r-- | src/polkitbackend/polkitbackendinteractiveauthority.c | 14 | ||||
| -rw-r--r-- | src/polkitbackend/polkitbackendjsauthority.cpp | 2 |
3 files changed, 12 insertions, 8 deletions
diff --git a/src/polkitbackend/polkitbackendduktapeauthority.c b/src/polkitbackend/polkitbackendduktapeauthority.c index c89dbcf..f4b4304 100644 --- a/src/polkitbackend/polkitbackendduktapeauthority.c +++ b/src/polkitbackend/polkitbackendduktapeauthority.c @@ -1035,7 +1035,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) user = duk_require_string (cx, 0); netgroup = duk_require_string (cx, 1); - +#ifdef HAVE_SETNETGRENT if (innetgr (netgroup, NULL, /* host */ user, @@ -1043,7 +1043,7 @@ js_polkit_user_is_in_netgroup (duk_context *cx) { is_in_netgroup = TRUE; } - +#endif duk_push_boolean (cx, is_in_netgroup); return 1; } diff --git a/src/polkitbackend/polkitbackendinteractiveauthority.c b/src/polkitbackend/polkitbackendinteractiveauthority.c index d935a7a..1cfc88e 100644 --- a/src/polkitbackend/polkitbackendinteractiveauthority.c +++ b/src/polkitbackend/polkitbackendinteractiveauthority.c @@ -2248,25 +2248,26 @@ get_users_in_net_group (PolkitIdentity *group, GList *ret; ret = NULL; +#ifdef HAVE_SETNETGRENT name = polkit_unix_netgroup_get_name (POLKIT_UNIX_NETGROUP (group)); -#ifdef HAVE_SETNETGRENT_RETURN +# ifdef HAVE_SETNETGRENT_RETURN if (setnetgrent (name) == 0) { g_warning ("Error looking up net group with name %s: %s", name, g_strerror (errno)); goto out; } -#else +# else setnetgrent (name); -#endif +# endif /* HAVE_SETNETGRENT_RETURN */ for (;;) { -#if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) +# if defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) const char *hostname, *username, *domainname; -#else +# else char *hostname, *username, *domainname; -#endif +# endif /* defined(HAVE_NETBSD) || defined(HAVE_OPENBSD) */ PolkitIdentity *user; GError *error = NULL; @@ -2297,6 +2298,7 @@ get_users_in_net_group (PolkitIdentity *group, out: endnetgrent (); +#endif /* HAVE_SETNETGRENT */ return ret; } diff --git a/src/polkitbackend/polkitbackendjsauthority.cpp b/src/polkitbackend/polkitbackendjsauthority.cpp index 2568e8e..999269b 100644 --- a/src/polkitbackend/polkitbackendjsauthority.cpp +++ b/src/polkitbackend/polkitbackendjsauthority.cpp @@ -1271,6 +1271,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, JS::CallArgs args = JS::CallArgsFromVp (argc, vp); +#ifdef HAVE_SETNETGRENT JS::RootedString usrstr (authority->priv->cx); usrstr = args[0].toString(); user = JS_EncodeStringToUTF8 (cx, usrstr); @@ -1285,6 +1286,7 @@ js_polkit_user_is_in_netgroup (JSContext *cx, { is_in_netgroup = true; } +#endif ret = true; |