Bug 25155

Summary: polkit does not compile without pam
Product: PolicyKit Reporter: Andrey V. Panov <panov>
Component: daemonAssignee: David Zeuthen (not reading bugmail) <zeuthen>
Status: RESOLVED FIXED QA Contact: David Zeuthen (not reading bugmail) <zeuthen>
Severity: normal    
Priority: medium CC: ampsaltis, bunk, freedesktop-bugs, rw
Version: unspecified   
Hardware: All   
OS: Linux (All)   
Whiteboard:
i915 platform: i915 features:
Attachments: patch to support shadow in polkit-1
patch to support shadow in polkit-1

Description Andrey V. Panov 2009-11-17 20:09:40 UTC 
polkit-0.95 does not compile without pam on Slackware linux:

make[4]: Entering directory `/usr/local/src/polkit-0.95/src/polkitagent'
  CCLD   polkit-agent-helper-1
polkit_agent_helper_1-polkitagenthelper.o: In function `main':
polkitagenthelper.c:(.text+0x42): undefined reference to `pam_end'
polkitagenthelper.c:(.text+0x1be): undefined reference to `pam_start'
polkitagenthelper.c:(.text+0x1d3): undefined reference to `pam_strerror'
polkitagenthelper.c:(.text+0x20b): undefined reference to `pam_set_item'
polkitagenthelper.c:(.text+0x220): undefined reference to `pam_strerror'
polkitagenthelper.c:(.text+0x257): undefined reference to `pam_authenticate'
polkitagenthelper.c:(.text+0x26c): undefined reference to `pam_strerror'
polkitagenthelper.c:(.text+0x2e4): undefined reference to `pam_acct_mgmt'
polkitagenthelper.c:(.text+0x2f9): undefined reference to `pam_strerror'
polkitagenthelper.c:(.text+0x331): undefined reference to `pam_get_item'
polkitagenthelper.c:(.text+0x346): undefined reference to `pam_strerror'
polkitagenthelper.c:(.text+0x3b2): undefined reference to `pam_end'
collect2: ld returned 1 exit status

It was configured --with-authfw=shadow since Slackware utilizes shadow and has not pam.
Comment 1 Nirbheek Chauhan 2010-03-06 15:26:20 UTC 
There was a patch for shadow support posted on the mailing list last month[1]. Has there been any progress in getting that into the tree? Gentoo is also interested in this[2] since we give the option of using shadow instead of pam for our users.

1. http://lists.freedesktop.org/archives/polkit-devel/2010-January/000288.html
2. http://bugs.gentoo.org/show_bug.cgi?id=291116
Comment 2 Robby Workman 2010-06-24 14:24:27 UTC 
The patch is now in the Slackware tree, and it seems fine, but there's still not review from David et al in upstream.

http://lists.freedesktop.org/archives/polkit-devel/2010-June/000310.html
Comment 3 Andrew Psaltis 2010-06-29 15:33:38 UTC 
Created attachment 36614 [details] [review]
patch to support shadow in polkit-1

David,

Attached is a corrected version of the polkit-1 shadow patch.  It was tested on Slackware 13.1 and Fedora 13 installs. All suggested corrections were implemented except:

-- Moving the $(NULL) in the modified Makefile.am.  There were was a block of lines below that particular part that selected a particular backend to compile in.  As far as I can tell, it was correct as it was (I am no expert on automake, though).

-- Using "#define _XOPEN_SOURCE" to use crypt(3), as it resulted in compiler warnings related to usleep(3) and clearenv(3).  After a little fiddling, I discovered that "#define _GNU_SOURCE" worked, and produced no compiler warnings for either backend.  It is defined in polkitagenthelperprivate.h.

I also formatted the patch using git-format-patch(1), which I believe what you wanted me to use.

If anything else needs to be changed, please tell me, and I'll take a look at it as soon as I can.

~Andrew
Comment 4 David Zeuthen (not reading bugmail) 2010-06-30 10:08:36 UTC 
Comment on attachment 36614 [details] [review]
patch to support shadow in polkit-1

This patch has trailing whitespace.

The patch also, for some reason, fails to apply with 'git am' - please test that as well (it applies fine with just using patch -p1).
Comment 5 David Zeuthen (not reading bugmail) 2010-06-30 10:13:38 UTC 
>Robby Workman <rw@rlworkman.net> changed:
>         Priority|medium                      |high

Really? First of all, the Priority field is useless; second, no, it's not going to make things go faster if you set it to high; third, it's a sure-fire way to piss off most maintainers; fourth, I think the Priority field was reserved for triagers/maintainers, not as a way for people to whine "my bug is more important than other bugs!".
Comment 6 David Zeuthen (not reading bugmail) 2010-06-30 10:34:38 UTC 
(In reply to comment #5)
> >Robby Workman <rw@rlworkman.net> changed:
> >         Priority|medium                      |high
> 
> Really? First of all, the Priority field is useless; second, no, it's not going
> to make things go faster if you set it to high; third, it's a sure-fire way to
> piss off most maintainers; fourth, I think the Priority field was reserved for
> triagers/maintainers, not as a way for people to whine "my bug is more
> important than other bugs!".

Of course if this was a honest mistake, no worries. I just get really agitated when people play around with the Priority. Anyway, water under the bridge, let's focus on getting this patch committed.
Comment 7 Andrew Psaltis 2010-06-30 16:18:45 UTC 
Created attachment 36648 [details] [review]
patch to support shadow in polkit-1

Here's round two.

This one fixes the whitespace errors that Robby mentioned.  In order to apply it with 'git am', I had to 'rm -rf .git/rebase-apply' first.  Once done, the patching should go without incident.
Comment 8 David Zeuthen (not reading bugmail) 2010-07-02 13:35:19 UTC 
(In reply to comment #7)
> Created an attachment (id=36648) [details]
> patch to support shadow in polkit-1
> 
> Here's round two.
> 
> This one fixes the whitespace errors that Robby mentioned.  In order to apply
> it with 'git am', I had to 'rm -rf .git/rebase-apply' first.  Once done, the
> patching should go without incident.

Committed with a patch like the one in [1] on top and then squashed into one, see

http://cgit.freedesktop.org/PolicyKit/commit/?id=a2edcef54d2ab1a92f729e34dfa0c183b2533c61

[1] :

--- a/src/polkitagent/Makefile.am
+++ b/src/polkitagent/Makefile.am
@@ -68,7 +68,8 @@ libpolkit_agent_1_la_LDFLAGS = -export-symbols-regex '(^polkit_.*)'
 libexec_PROGRAMS = polkit-agent-helper-1
 
 polkit_agent_helper_1_SOURCES = 					\
-	polkitagenthelperprivate.c polkitagenthelperprivate.h
+	polkitagenthelperprivate.c polkitagenthelperprivate.h		\
+	$(NULL)
 
 if POLKIT_AUTHFW_PAM
 polkit_agent_helper_1_SOURCES += polkitagenthelper-pam.c
@@ -76,7 +77,6 @@ endif
 if POLKIT_AUTHFW_SHADOW
 polkit_agent_helper_1_SOURCES += polkitagenthelper-shadow.c
 endif
-polkit_agent_helper_1_SOURCES += $(NULL)
 
--- a/src/polkitagent/polkitagenthelper-pam.c
+++ b/src/polkitagent/polkitagenthelper-pam.c
@@ -49,7 +49,7 @@ main (int argc, char *argv[])
   pam_h = NULL;
 
   /* clear the entire environment to avoid attacks using with libraries honoring environment variables */
-  if (clearenv () != 0)
+  if (_polkit_clearenv () != 0)
     goto error;

--- a/src/polkitagent/polkitagenthelper-shadow.c
+++ b/src/polkitagent/polkitagenthelper-shadow.c
@@ -51,7 +51,7 @@ main (int argc, char *argv[])
 
   /* clear the entire environment to avoid attacks with
      libraries honoring environment variables */
-  if (clearenv () != 0)
+  if (_polkit_clearenv () != 0)
     goto error;

--- a/src/polkitagent/polkitagenthelperprivate.c
+++ b/src/polkitagent/polkitagenthelperprivate.c
@@ -29,13 +29,19 @@
 #ifndef HAVE_CLEARENV
 extern char **environ;
 
-static int
-clearenv (void)
+int
+_polkit_clearenv (void)
 {
   if (environ != NULL)
     environ[0] = NULL;
   return 0;
 }
+#else
+int
+_polkit_clearenv (void)
+{
+  return clearenv ();
+}
 #endif

--- a/src/polkitagent/polkitagenthelperprivate.h
+++ b/src/polkitagent/polkitagenthelperprivate.h
@@ -36,6 +36,8 @@
 #  define LOG_AUTHPRIV    (10<<3)
 #endif
 
+int _polkit_clearenv (void);

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.