]>
Commit | Line | Data |
---|---|---|
866893a6 DK |
1 | // Include Files /*{{{*/ |
2 | #include <config.h> | |
3 | ||
4 | #include <apt-pkg/acquire.h> | |
5 | #include <apt-pkg/acquire-item.h> | |
6 | #include <apt-pkg/configuration.h> | |
7 | #include <apt-pkg/error.h> | |
460601d5 | 8 | #include <apt-pkg/fileutl.h> |
866893a6 DK |
9 | #include <apt-pkg/strutl.h> |
10 | ||
453b82a3 DK |
11 | #include <apt-private/private-output.h> |
12 | #include <apt-private/private-download.h> | |
866893a6 DK |
13 | |
14 | #include <fstream> | |
15 | #include <string> | |
16 | #include <vector> | |
17 | ||
460601d5 DK |
18 | #include <unistd.h> |
19 | #include <sys/types.h> | |
20 | #include <pwd.h> | |
21 | #include <fcntl.h> | |
9c81f8de DK |
22 | #include <sys/vfs.h> |
23 | #include <sys/statvfs.h> | |
24 | #include <errno.h> | |
460601d5 | 25 | |
866893a6 DK |
26 | #include <apti18n.h> |
27 | /*}}}*/ | |
28 | ||
460601d5 DK |
29 | bool CheckDropPrivsMustBeDisabled(pkgAcquire &Fetcher) /*{{{*/ |
30 | { | |
31 | // no need/possibility to drop privs | |
32 | if(getuid() != 0) | |
33 | return true; | |
34 | ||
35 | // the user does not want to drop privs | |
36 | std::string SandboxUser = _config->Find("APT::Sandbox::User"); | |
37 | if (SandboxUser.empty()) | |
38 | return true; | |
39 | ||
40 | struct passwd const * const pw = getpwnam(SandboxUser.c_str()); | |
41 | if (pw == NULL) | |
42 | return true; | |
43 | ||
44 | if (seteuid(pw->pw_uid) != 0) | |
45 | return _error->Errno("seteuid", "seteuid %u failed", pw->pw_uid); | |
46 | ||
47 | bool res = true; | |
48 | // check if we can write to destfile | |
49 | for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); | |
50 | I != Fetcher.ItemsEnd() && res == true; ++I) | |
51 | { | |
03aa0847 DK |
52 | if ((*I)->DestFile.empty()) |
53 | continue; | |
54 | // we assume that an existing (partial) file means that we have sufficient rights | |
55 | if (RealFileExists((*I)->DestFile)) | |
56 | continue; | |
57 | int fd = open((*I)->DestFile.c_str(), O_CREAT | O_EXCL | O_RDWR, 0600); | |
460601d5 DK |
58 | if (fd < 0) |
59 | { | |
60 | res = false; | |
61 | std::string msg; | |
62 | strprintf(msg, _("Can't drop privileges for downloading as file '%s' couldn't be accessed by user '%s'."), | |
63 | (*I)->DestFile.c_str(), SandboxUser.c_str()); | |
03aa0847 | 64 | std::cerr << "W: " << msg << std::endl; |
460601d5 | 65 | _config->Set("APT::Sandbox::User", ""); |
03aa0847 | 66 | break; |
460601d5 | 67 | } |
03aa0847 | 68 | unlink((*I)->DestFile.c_str()); |
460601d5 DK |
69 | close(fd); |
70 | } | |
71 | ||
72 | if (seteuid(0) != 0) | |
73 | return _error->Errno("seteuid", "seteuid %u failed", 0); | |
74 | ||
75 | return res; | |
76 | } | |
77 | /*}}}*/ | |
866893a6 DK |
78 | // CheckAuth - check if each download comes form a trusted source /*{{{*/ |
79 | bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser) | |
80 | { | |
9112f777 | 81 | std::vector<std::string> UntrustedList; |
866893a6 DK |
82 | for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I) |
83 | if (!(*I)->IsTrusted()) | |
9112f777 | 84 | UntrustedList.push_back((*I)->ShortDesc()); |
866893a6 | 85 | |
9112f777 | 86 | if (UntrustedList.empty()) |
866893a6 DK |
87 | return true; |
88 | ||
a3f1d60c MV |
89 | return AuthPrompt(UntrustedList, PromptUser); |
90 | } | |
91 | ||
9112f777 | 92 | bool AuthPrompt(std::vector<std::string> const &UntrustedList, bool const PromptUser) |
a3f1d60c | 93 | { |
9112f777 DK |
94 | ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"), UntrustedList, |
95 | [](std::string const&) { return true; }, | |
96 | [](std::string const&str) { return str; }, | |
97 | [](std::string const&) { return ""; }); | |
866893a6 DK |
98 | |
99 | if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true) | |
100 | { | |
101 | c2out << _("Authentication warning overridden.\n"); | |
102 | return true; | |
103 | } | |
104 | ||
105 | if (PromptUser == false) | |
106 | return _error->Error(_("Some packages could not be authenticated")); | |
107 | ||
108 | if (_config->FindI("quiet",0) < 2 | |
109 | && _config->FindB("APT::Get::Assume-Yes",false) == false) | |
110 | { | |
111 | c2out << _("Install these packages without verification?") << std::flush; | |
112 | if (!YnPrompt(false)) | |
113 | return _error->Error(_("Some packages could not be authenticated")); | |
114 | ||
115 | return true; | |
116 | } | |
b381a482 JAK |
117 | else if (_config->FindB("APT::Get::Force-Yes",false) == true) { |
118 | _error->Warning(_("--force-yes is deprecated, use one of the options starting with --allow instead.")); | |
866893a6 | 119 | return true; |
b381a482 | 120 | } |
866893a6 | 121 | |
b381a482 | 122 | return _error->Error(_("There were unauthenticated packages and -y was used without --allow-unauthenticated")); |
866893a6 DK |
123 | } |
124 | /*}}}*/ | |
125 | bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failure, bool * const TransientNetworkFailure)/*{{{*/ | |
126 | { | |
127 | pkgAcquire::RunResult res; | |
128 | if(PulseInterval > 0) | |
129 | res = Fetcher.Run(PulseInterval); | |
130 | else | |
131 | res = Fetcher.Run(); | |
132 | ||
133 | if (res == pkgAcquire::Failed) | |
134 | return false; | |
135 | ||
136 | for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); | |
137 | I != Fetcher.ItemsEnd(); ++I) | |
138 | { | |
139 | ||
140 | if ((*I)->Status == pkgAcquire::Item::StatDone && | |
141 | (*I)->Complete == true) | |
142 | continue; | |
143 | ||
144 | if (TransientNetworkFailure != NULL && (*I)->Status == pkgAcquire::Item::StatIdle) | |
145 | { | |
146 | *TransientNetworkFailure = true; | |
147 | continue; | |
148 | } | |
149 | ||
150 | ::URI uri((*I)->DescURI()); | |
151 | uri.User.clear(); | |
152 | uri.Password.clear(); | |
153 | std::string descUri = std::string(uri); | |
154 | _error->Error(_("Failed to fetch %s %s\n"), descUri.c_str(), | |
155 | (*I)->ErrorText.c_str()); | |
156 | ||
157 | if (Failure != NULL) | |
158 | *Failure = true; | |
159 | } | |
160 | ||
161 | return true; | |
162 | } | |
163 | /*}}}*/ | |
9c81f8de DK |
164 | bool CheckFreeSpaceBeforeDownload(std::string const &Dir, unsigned long long FetchBytes)/*{{{*/ |
165 | { | |
166 | uint32_t const RAMFS_MAGIC = 0x858458f6; | |
167 | /* Check for enough free space, but only if we are actually going to | |
168 | download */ | |
169 | if (_config->FindB("APT::Get::Print-URIs", false) == true || | |
170 | _config->FindB("APT::Get::Download", true) == false) | |
171 | return true; | |
172 | ||
173 | struct statvfs Buf; | |
174 | if (statvfs(Dir.c_str(),&Buf) != 0) { | |
175 | if (errno == EOVERFLOW) | |
176 | return _error->WarningE("statvfs",_("Couldn't determine free space in %s"), | |
177 | Dir.c_str()); | |
178 | else | |
179 | return _error->Errno("statvfs",_("Couldn't determine free space in %s"), | |
180 | Dir.c_str()); | |
181 | } | |
182 | else | |
183 | { | |
184 | unsigned long long const FreeBlocks = _config->Find("APT::Sandbox::User").empty() ? Buf.f_bfree : Buf.f_bavail; | |
185 | if (FreeBlocks < (FetchBytes / Buf.f_bsize)) | |
186 | { | |
187 | struct statfs Stat; | |
188 | if (statfs(Dir.c_str(),&Stat) != 0 | |
189 | #if HAVE_STRUCT_STATFS_F_TYPE | |
190 | || Stat.f_type != RAMFS_MAGIC | |
191 | #endif | |
192 | ) | |
193 | return _error->Error(_("You don't have enough free space in %s."), | |
194 | Dir.c_str()); | |
195 | } | |
196 | } | |
197 | return true; | |
198 | } | |
199 | /*}}}*/ |