]> git.saurik.com Git - apt.git/blame - apt-private/private-download.cc
check that auth.conf exists before chowning it
[apt.git] / apt-private / private-download.cc
CommitLineData
866893a6
DK
1// Include Files /*{{{*/
2#include <config.h>
3
4#include <apt-pkg/acquire.h>
5#include <apt-pkg/acquire-item.h>
6#include <apt-pkg/configuration.h>
7#include <apt-pkg/error.h>
460601d5 8#include <apt-pkg/fileutl.h>
866893a6
DK
9#include <apt-pkg/strutl.h>
10
453b82a3
DK
11#include <apt-private/private-output.h>
12#include <apt-private/private-download.h>
866893a6
DK
13
14#include <fstream>
15#include <string>
16#include <vector>
17
460601d5
DK
18#include <unistd.h>
19#include <sys/types.h>
20#include <pwd.h>
21#include <fcntl.h>
9c81f8de
DK
22#include <sys/vfs.h>
23#include <sys/statvfs.h>
24#include <errno.h>
460601d5 25
866893a6
DK
26#include <apti18n.h>
27 /*}}}*/
28
460601d5
DK
29bool CheckDropPrivsMustBeDisabled(pkgAcquire &Fetcher) /*{{{*/
30{
31 // no need/possibility to drop privs
32 if(getuid() != 0)
33 return true;
34
35 // the user does not want to drop privs
36 std::string SandboxUser = _config->Find("APT::Sandbox::User");
37 if (SandboxUser.empty())
38 return true;
39
40 struct passwd const * const pw = getpwnam(SandboxUser.c_str());
41 if (pw == NULL)
42 return true;
43
44 if (seteuid(pw->pw_uid) != 0)
45 return _error->Errno("seteuid", "seteuid %u failed", pw->pw_uid);
46
47 bool res = true;
48 // check if we can write to destfile
49 for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin();
50 I != Fetcher.ItemsEnd() && res == true; ++I)
51 {
52 int fd = open((*I)->DestFile.c_str(), O_CREAT | O_RDWR, 0600);
53 if (fd < 0)
54 {
55 res = false;
56 std::string msg;
57 strprintf(msg, _("Can't drop privileges for downloading as file '%s' couldn't be accessed by user '%s'."),
58 (*I)->DestFile.c_str(), SandboxUser.c_str());
59 c0out << msg << std::endl;
60 _config->Set("APT::Sandbox::User", "");
61 }
62 close(fd);
63 }
64
65 if (seteuid(0) != 0)
66 return _error->Errno("seteuid", "seteuid %u failed", 0);
67
68 return res;
69}
70 /*}}}*/
866893a6
DK
71// CheckAuth - check if each download comes form a trusted source /*{{{*/
72bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser)
73{
74 std::string UntrustedList;
75 for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
76 if (!(*I)->IsTrusted())
77 UntrustedList += std::string((*I)->ShortDesc()) + " ";
78
79 if (UntrustedList == "")
80 return true;
81
a3f1d60c
MV
82 return AuthPrompt(UntrustedList, PromptUser);
83}
84
460601d5 85bool AuthPrompt(std::string const &UntrustedList, bool const PromptUser)
a3f1d60c 86{
866893a6
DK
87 ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,"");
88
89 if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
90 {
91 c2out << _("Authentication warning overridden.\n");
92 return true;
93 }
94
95 if (PromptUser == false)
96 return _error->Error(_("Some packages could not be authenticated"));
97
98 if (_config->FindI("quiet",0) < 2
99 && _config->FindB("APT::Get::Assume-Yes",false) == false)
100 {
101 c2out << _("Install these packages without verification?") << std::flush;
102 if (!YnPrompt(false))
103 return _error->Error(_("Some packages could not be authenticated"));
104
105 return true;
106 }
107 else if (_config->FindB("APT::Get::Force-Yes",false) == true)
108 return true;
109
110 return _error->Error(_("There are problems and -y was used without --force-yes"));
111}
112 /*}}}*/
113bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failure, bool * const TransientNetworkFailure)/*{{{*/
114{
115 pkgAcquire::RunResult res;
116 if(PulseInterval > 0)
117 res = Fetcher.Run(PulseInterval);
118 else
119 res = Fetcher.Run();
120
121 if (res == pkgAcquire::Failed)
122 return false;
123
124 for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin();
125 I != Fetcher.ItemsEnd(); ++I)
126 {
127
128 if ((*I)->Status == pkgAcquire::Item::StatDone &&
129 (*I)->Complete == true)
130 continue;
131
132 if (TransientNetworkFailure != NULL && (*I)->Status == pkgAcquire::Item::StatIdle)
133 {
134 *TransientNetworkFailure = true;
135 continue;
136 }
137
138 ::URI uri((*I)->DescURI());
139 uri.User.clear();
140 uri.Password.clear();
141 std::string descUri = std::string(uri);
142 _error->Error(_("Failed to fetch %s %s\n"), descUri.c_str(),
143 (*I)->ErrorText.c_str());
144
145 if (Failure != NULL)
146 *Failure = true;
147 }
148
149 return true;
150}
151 /*}}}*/
9c81f8de
DK
152bool CheckFreeSpaceBeforeDownload(std::string const &Dir, unsigned long long FetchBytes)/*{{{*/
153{
154 uint32_t const RAMFS_MAGIC = 0x858458f6;
155 /* Check for enough free space, but only if we are actually going to
156 download */
157 if (_config->FindB("APT::Get::Print-URIs", false) == true ||
158 _config->FindB("APT::Get::Download", true) == false)
159 return true;
160
161 struct statvfs Buf;
162 if (statvfs(Dir.c_str(),&Buf) != 0) {
163 if (errno == EOVERFLOW)
164 return _error->WarningE("statvfs",_("Couldn't determine free space in %s"),
165 Dir.c_str());
166 else
167 return _error->Errno("statvfs",_("Couldn't determine free space in %s"),
168 Dir.c_str());
169 }
170 else
171 {
172 unsigned long long const FreeBlocks = _config->Find("APT::Sandbox::User").empty() ? Buf.f_bfree : Buf.f_bavail;
173 if (FreeBlocks < (FetchBytes / Buf.f_bsize))
174 {
175 struct statfs Stat;
176 if (statfs(Dir.c_str(),&Stat) != 0
177#if HAVE_STRUCT_STATFS_F_TYPE
178 || Stat.f_type != RAMFS_MAGIC
179#endif
180 )
181 return _error->Error(_("You don't have enough free space in %s."),
182 Dir.c_str());
183 }
184 }
185 return true;
186}
187 /*}}}*/