GNOME Bugzilla – Bug 728256
gcredentials: add NetBSD support
Last modified: 2014-09-30 00:48:35 UTC
From the jist of the discussion in bug 701482, here is my cut'n'paste attempt at gcredential support in NetBSD. Essentially, same again, but a native struct called something else and a sysctl command with a different name. I assume that spoofing is supported. It compiles, and $ gio/tests/credentials /credentials/basic: OK The principle is based on the tested patch I attached to https://bugs.freedesktop.org/show_bug.cgi?id=69702#c2 (patch coming once I have a bug number)
Created attachment 274354 [details] [review] gcredentials: add NetBSD support
hi Patrick, Thanks for the patch. We're trying to get to a place with GLib where we don't accept patches that add code in #ifdef unless we have regular builds (ideally daily builds, by jhbuild) for the platform in question. See https://wiki.gnome.org/Projects/GLib/SupportedPlatforms We've had a long interest in having a NetBSD builder setup for GLib. It's not _too_ difficult to do this, but it does require some minding (and pinging/filing-bugs when things go wrong). Is there anyone that could help with setting up a builder? I'd be more than happy to help with any questions.
Does the patch look reasonable to you? I add my patches to pkgsrc, given the lead time on getting patches into gnome, and the bulk builders there are quick to point out trouble (on all sorts of platforms). I could help setting up / mind a builder given access to a box ;-)
The patch looks reasonable except for maybe the missing checks for -1 in the to_string(). Are you sure that this will never happen?
Thanks for the review! getpid(), geteuid() and getegid() "are always successful", so I don't see how -1 in particular could get into the struct.
I think it's for the case where the values are sent by another process. On at least some systems, it's possible to write any value at all in there and the kernel simply checks it for validity. If you're root, it lets you do whatever you want. If you put -1, it is taken to mean "no claim at all" and left alone as well. I'm not sure if it works this way on NetBSD or not...
Created attachment 274369 [details] [review] gcredentials: add NetBSD support Add checks for uid et al. = -1 Originally I thought, "why would I not want to see uid=-1 in my logs?", but I suppose there is no reason to make this different.
Attachment 274369 [details] pushed as afce39c - gcredentials: add NetBSD support
(In reply to comment #8) > Attachment 274369 [details] pushed as afce39c - gcredentials: add NetBSD support This patch changes the values of 2 other enums.(G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED and G_CREDENTIALS_TYPE_SOLARIS_UCRED) Is this allowed in GLib? I find some warnings here: http://upstream-tracker.org/compat_reports/glib/2.41.1_to_2.41.2/abi_compat_report.html#Medium_Risk_Problems
Good question. If it isn't allowed, we need to: diff --git a/gio/gioenums.h b/gio/gioenums.h index d06331b..6e9297a 100644 --- a/gio/gioenums.h +++ b/gio/gioenums.h @@ -1379,9 +1379,9 @@ typedef enum G_CREDENTIALS_TYPE_LINUX_UCRED, G_CREDENTIALS_TYPE_FREEBSD_CMSGCRED, G_CREDENTIALS_TYPE_NETBSD_SOCKCRED, - G_CREDENTIALS_TYPE_NETBSD_UNPCBID, G_CREDENTIALS_TYPE_OPENBSD_SOCKPEERCRED, - G_CREDENTIALS_TYPE_SOLARIS_UCRED + G_CREDENTIALS_TYPE_SOLARIS_UCRED, + G_CREDENTIALS_TYPE_NETBSD_UNPCBID } GCredentialsType; /**
Doh. Yes, we need to do that.
Created attachment 287362 [details] [review] GCredentials: Fix ABI break when adding NetBSD support I hope this patch can be pushed to both master and glib-2-42 branch.
It looks fine to me (obviously) - I don't know the rules about saying reviewed commit now...
Comment on attachment 287362 [details] [review] GCredentials: Fix ABI break when adding NetBSD support yeah, looks right
Pushed to master - https://git.gnome.org/browse/glib/commit/?id=45344f362256d725e8e8b5d334b5062853554115 Pushed to glib-2-42 - https://git.gnome.org/browse/glib/commit/?id=677fd208a08aad1653544bda87a1056f23d1aaa2