[apt.git] / apt-private / private-download.cc

// Include Files							/*{{{*/
#include <config.h>

#include <apt-pkg/acquire.h>
#include <apt-pkg/acquire-item.h>
#include <apt-pkg/configuration.h>
#include <apt-pkg/error.h>
#include <apt-pkg/fileutl.h>
#include <apt-pkg/strutl.h>

#include <apt-private/private-output.h>
#include <apt-private/private-download.h>

#include <fstream>
#include <string>
#include <vector>

#include <unistd.h>
#include <sys/types.h>
#include <pwd.h>
#include <fcntl.h>
#include <sys/vfs.h>
#include <sys/statvfs.h>
#include <errno.h>

#include <apti18n.h>
									/*}}}*/

bool CheckDropPrivsMustBeDisabled(pkgAcquire &Fetcher)			/*{{{*/
{
   // no need/possibility to drop privs
   if(getuid() != 0)
      return true;

   // the user does not want to drop privs
   std::string SandboxUser = _config->Find("APT::Sandbox::User");
   if (SandboxUser.empty())
      return true;

   struct passwd const * const pw = getpwnam(SandboxUser.c_str());
   if (pw == NULL)
      return true;

   if (seteuid(pw->pw_uid) != 0)
      return _error->Errno("seteuid", "seteuid %u failed", pw->pw_uid);

   bool res = true;
   // check if we can write to destfile
   for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin();
	I != Fetcher.ItemsEnd() && res == true; ++I)
   {
      if ((*I)->DestFile.empty())
	 continue;
      // we assume that an existing (partial) file means that we have sufficient rights
      if (RealFileExists((*I)->DestFile))
	 continue;
      int fd = open((*I)->DestFile.c_str(), O_CREAT | O_EXCL | O_RDWR, 0600);
      if (fd < 0)
      {
	 res = false;
	 std::string msg;
	 strprintf(msg, _("Can't drop privileges for downloading as file '%s' couldn't be accessed by user '%s'."),
	       (*I)->DestFile.c_str(), SandboxUser.c_str());
	 std::cerr << "W: " << msg << std::endl;
	 _config->Set("APT::Sandbox::User", "");
	 break;
      }
      unlink((*I)->DestFile.c_str());
      close(fd);
   }

   if (seteuid(0) != 0)
      return _error->Errno("seteuid", "seteuid %u failed", 0);

   return res;
}
									/*}}}*/
// CheckAuth - check if each download comes form a trusted source	/*{{{*/
bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser)
{
   std::vector<std::string> UntrustedList;
   for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
      if (!(*I)->IsTrusted())
	 UntrustedList.push_back((*I)->ShortDesc());

   if (UntrustedList.empty())
      return true;

   return AuthPrompt(UntrustedList, PromptUser);
}

bool AuthPrompt(std::vector<std::string> const &UntrustedList, bool const PromptUser)
{
   ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"), UntrustedList,
	 [](std::string const&) { return true; },
	 [](std::string const&str) { return str; },
	 [](std::string const&) { return ""; });

   if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
   {
      c2out << _("Authentication warning overridden.\n");
      return true;
   }

   if (PromptUser == false)
      return _error->Error(_("Some packages could not be authenticated"));

   if (_config->FindI("quiet",0) < 2
       && _config->FindB("APT::Get::Assume-Yes",false) == false)
   {
      c2out << _("Install these packages without verification?") << std::flush;
      if (!YnPrompt(false))
         return _error->Error(_("Some packages could not be authenticated"));

      return true;
   }
   else if (_config->FindB("APT::Get::Force-Yes",false) == true)
      return true;

   return _error->Error(_("There are problems and -y was used without --force-yes"));
}
									/*}}}*/
bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failure, bool * const TransientNetworkFailure)/*{{{*/
{
   pkgAcquire::RunResult res;
   if(PulseInterval > 0)
      res = Fetcher.Run(PulseInterval);
   else
      res = Fetcher.Run();

   if (res == pkgAcquire::Failed)
      return false;

   for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin();
	I != Fetcher.ItemsEnd(); ++I)
   {

      if ((*I)->Status == pkgAcquire::Item::StatDone &&
	    (*I)->Complete == true)
	 continue;

      if (TransientNetworkFailure != NULL && (*I)->Status == pkgAcquire::Item::StatIdle)
      {
	 *TransientNetworkFailure = true;
	 continue;
      }

      ::URI uri((*I)->DescURI());
      uri.User.clear();
      uri.Password.clear();
      std::string descUri = std::string(uri);
      _error->Error(_("Failed to fetch %s  %s\n"), descUri.c_str(),
	    (*I)->ErrorText.c_str());

      if (Failure != NULL)
	 *Failure = true;
   }

   return true;
}
									/*}}}*/
bool CheckFreeSpaceBeforeDownload(std::string const &Dir, unsigned long long FetchBytes)/*{{{*/
{
   uint32_t const RAMFS_MAGIC = 0x858458f6;
   /* Check for enough free space, but only if we are actually going to
      download */
   if (_config->FindB("APT::Get::Print-URIs", false) == true ||
       _config->FindB("APT::Get::Download", true) == false)
      return true;

   struct statvfs Buf;
   if (statvfs(Dir.c_str(),&Buf) != 0) {
      if (errno == EOVERFLOW)
	 return _error->WarningE("statvfs",_("Couldn't determine free space in %s"),
	       Dir.c_str());
      else
	 return _error->Errno("statvfs",_("Couldn't determine free space in %s"),
	       Dir.c_str());
   }
   else
   {
      unsigned long long const FreeBlocks = _config->Find("APT::Sandbox::User").empty() ? Buf.f_bfree : Buf.f_bavail;
      if (FreeBlocks < (FetchBytes / Buf.f_bsize))
      {
	 struct statfs Stat;
	 if (statfs(Dir.c_str(),&Stat) != 0
#if HAVE_STRUCT_STATFS_F_TYPE
	       || Stat.f_type != RAMFS_MAGIC
#endif
	    )
	    return _error->Error(_("You don't have enough free space in %s."),
		  Dir.c_str());
      }
   }
   return true;
}
									/*}}}*/
Commit	Line	Data
866893a6 DK	1	// Include Files /{{{/
	2	#include <config.h>
	3
	4	#include <apt-pkg/acquire.h>
	5	#include <apt-pkg/acquire-item.h>
	6	#include <apt-pkg/configuration.h>
	7	#include <apt-pkg/error.h>
460601d5	8	#include <apt-pkg/fileutl.h>
866893a6 DK	9	#include <apt-pkg/strutl.h>
866893a6 DK	10
453b82a3 DK	11	#include <apt-private/private-output.h>
453b82a3 DK	12	#include <apt-private/private-download.h>
866893a6 DK	13
	14	#include <fstream>
	15	#include <string>
	16	#include <vector>
	17
460601d5 DK	18	#include <unistd.h>
	19	#include <sys/types.h>
	20	#include <pwd.h>
	21	#include <fcntl.h>
9c81f8de DK	22	#include <sys/vfs.h>
	23	#include <sys/statvfs.h>
	24	#include <errno.h>
460601d5	25
866893a6 DK	26	#include <apti18n.h>
	27	/}}}/
	28
460601d5 DK	29	bool CheckDropPrivsMustBeDisabled(pkgAcquire &Fetcher) /{{{/
	30	{
	31	// no need/possibility to drop privs
	32	if(getuid() != 0)
	33	return true;
	34
	35	// the user does not want to drop privs
	36	std::string SandboxUser = _config->Find("APT::Sandbox::User");
	37	if (SandboxUser.empty())
	38	return true;
	39
	40	struct passwd const * const pw = getpwnam(SandboxUser.c_str());
	41	if (pw == NULL)
	42	return true;
	43
	44	if (seteuid(pw->pw_uid) != 0)
	45	return _error->Errno("seteuid", "seteuid %u failed", pw->pw_uid);
	46
	47	bool res = true;
	48	// check if we can write to destfile
	49	for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin();
	50	I != Fetcher.ItemsEnd() && res == true; ++I)
	51	{
03aa0847 DK	52	if ((*I)->DestFile.empty())
	53	continue;
	54	// we assume that an existing (partial) file means that we have sufficient rights
	55	if (RealFileExists((*I)->DestFile))
	56	continue;
	57	int fd = open((*I)->DestFile.c_str(), O_CREAT \| O_EXCL \| O_RDWR, 0600);
460601d5 DK	58	if (fd < 0)
	59	{
	60	res = false;
	61	std::string msg;
	62	strprintf(msg, _("Can't drop privileges for downloading as file '%s' couldn't be accessed by user '%s'."),
	63	(*I)->DestFile.c_str(), SandboxUser.c_str());
03aa0847	64	std::cerr << "W: " << msg << std::endl;
460601d5	65	_config->Set("APT::Sandbox::User", "");
03aa0847	66	break;
460601d5	67	}
03aa0847	68	unlink((*I)->DestFile.c_str());
460601d5 DK	69	close(fd);
	70	}
	71
	72	if (seteuid(0) != 0)
	73	return _error->Errno("seteuid", "seteuid %u failed", 0);
	74
	75	return res;
	76	}
	77	/}}}/
866893a6 DK	78	// CheckAuth - check if each download comes form a trusted source /{{{/
	79	bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser)
	80	{
9112f777	81	std::vector<std::string> UntrustedList;
866893a6 DK	82	for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
866893a6 DK	83	if (!(*I)->IsTrusted())
9112f777	84	UntrustedList.push_back((*I)->ShortDesc());
866893a6	85
9112f777	86	if (UntrustedList.empty())
866893a6 DK	87	return true;
866893a6 DK	88
a3f1d60c MV	89	return AuthPrompt(UntrustedList, PromptUser);
	90	}
	91
9112f777	92	bool AuthPrompt(std::vector<std::string> const &UntrustedList, bool const PromptUser)
a3f1d60c	93	{
9112f777 DK	94	ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"), UntrustedList,
	95	[](std::string const&) { return true; },
	96	[](std::string const&str) { return str; },
	97	[](std::string const&) { return ""; });
866893a6 DK	98
	99	if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
	100	{
	101	c2out << _("Authentication warning overridden.\n");
	102	return true;
	103	}
	104
	105	if (PromptUser == false)
	106	return _error->Error(_("Some packages could not be authenticated"));
	107
	108	if (_config->FindI("quiet",0) < 2
	109	&& _config->FindB("APT::Get::Assume-Yes",false) == false)
	110	{
	111	c2out << _("Install these packages without verification?") << std::flush;
	112	if (!YnPrompt(false))
	113	return _error->Error(_("Some packages could not be authenticated"));
	114
	115	return true;
	116	}
	117	else if (_config->FindB("APT::Get::Force-Yes",false) == true)
	118	return true;
	119
	120	return _error->Error(_("There are problems and -y was used without --force-yes"));
	121	}
	122	/}}}/
	123	bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failure, bool * const TransientNetworkFailure)/{{{/
	124	{
	125	pkgAcquire::RunResult res;
	126	if(PulseInterval > 0)
	127	res = Fetcher.Run(PulseInterval);
	128	else
	129	res = Fetcher.Run();
	130
	131	if (res == pkgAcquire::Failed)
	132	return false;
	133
	134	for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin();
	135	I != Fetcher.ItemsEnd(); ++I)
	136	{
	137
	138	if ((*I)->Status == pkgAcquire::Item::StatDone &&
	139	(*I)->Complete == true)
	140	continue;
	141
	142	if (TransientNetworkFailure != NULL && (*I)->Status == pkgAcquire::Item::StatIdle)
	143	{
	144	*TransientNetworkFailure = true;
	145	continue;
	146	}
	147
	148	::URI uri((*I)->DescURI());
	149	uri.User.clear();
	150	uri.Password.clear();
	151	std::string descUri = std::string(uri);
	152	_error->Error(_("Failed to fetch %s %s\n"), descUri.c_str(),
	153	(*I)->ErrorText.c_str());
	154
	155	if (Failure != NULL)
	156	*Failure = true;
	157	}
	158
	159	return true;
	160	}
	161	/}}}/
9c81f8de DK	162	bool CheckFreeSpaceBeforeDownload(std::string const &Dir, unsigned long long FetchBytes)/{{{/
	163	{
	164	uint32_t const RAMFS_MAGIC = 0x858458f6;
	165	/* Check for enough free space, but only if we are actually going to
	166	download */
	167	if (_config->FindB("APT::Get::Print-URIs", false) == true \|\|
	168	_config->FindB("APT::Get::Download", true) == false)
	169	return true;
	170
	171	struct statvfs Buf;
	172	if (statvfs(Dir.c_str(),&Buf) != 0) {
	173	if (errno == EOVERFLOW)
	174	return _error->WarningE("statvfs",_("Couldn't determine free space in %s"),
	175	Dir.c_str());
	176	else
	177	return _error->Errno("statvfs",_("Couldn't determine free space in %s"),
	178	Dir.c_str());
	179	}
	180	else
	181	{
	182	unsigned long long const FreeBlocks = _config->Find("APT::Sandbox::User").empty() ? Buf.f_bfree : Buf.f_bavail;
	183	if (FreeBlocks < (FetchBytes / Buf.f_bsize))
	184	{
	185	struct statfs Stat;
	186	if (statfs(Dir.c_str(),&Stat) != 0
	187	#if HAVE_STRUCT_STATFS_F_TYPE
	188	\|\| Stat.f_type != RAMFS_MAGIC
	189	#endif
	190	)
	191	return _error->Error(_("You don't have enough free space in %s."),
	192	Dir.c_str());
	193	}
	194	}
	195	return true;
	196	}
	197	/}}}/