apt-private/private-download.cc

   1 // Include Files                                                        /*{{{*/
   2 #include <config.h>
   3
   4 #include <apt-pkg/acquire.h>
   5 #include <apt-pkg/acquire-item.h>
   6 #include <apt-pkg/configuration.h>
   7 #include <apt-pkg/error.h>
   8 #include <apt-pkg/fileutl.h>
   9 #include <apt-pkg/strutl.h>
  10
  11 #include <apt-private/private-output.h>
  12 #include <apt-private/private-download.h>
  13
  14 #include <fstream>
  15 #include <string>
  16 #include <vector>
  17
  18 #include <unistd.h>
  19 #include <sys/types.h>
  20 #include <pwd.h>
  21 #include <fcntl.h>
  22
  23 #include <apti18n.h>
  24                                                                         /*}}}*/
  25
  26 bool CheckDropPrivsMustBeDisabled(pkgAcquire &Fetcher)                  /*{{{*/
  27 {
  28    // no need/possibility to drop privs
  29    if(getuid() != 0)
  30       return true;
  31
  32    // the user does not want to drop privs
  33    std::string SandboxUser = _config->Find("APT::Sandbox::User");
  34    if (SandboxUser.empty())
  35       return true;
  36
  37    struct passwd const * const pw = getpwnam(SandboxUser.c_str());
  38    if (pw == NULL)
  39       return true;
  40
  41    if (seteuid(pw->pw_uid) != 0)
  42       return _error->Errno("seteuid", "seteuid %u failed", pw->pw_uid);
  43
  44    bool res = true;
  45    // check if we can write to destfile
  46    for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin();
  47         I != Fetcher.ItemsEnd() && res == true; ++I)
  48    {
  49       int fd = open((*I)->DestFile.c_str(), O_CREAT | O_RDWR, 0600);
  50       if (fd < 0)
  51       {
  52          res = false;
  53          std::string msg;
  54          strprintf(msg, _("Can't drop privileges for downloading as file '%s' couldn't be accessed by user '%s'."),
  55                (*I)->DestFile.c_str(), SandboxUser.c_str());
  56          c0out << msg << std::endl;
  57          _config->Set("APT::Sandbox::User", "");
  58       }
  59       close(fd);
  60    }
  61
  62    if (seteuid(0) != 0)
  63       return _error->Errno("seteuid", "seteuid %u failed", 0);
  64
  65    return res;
  66 }
  67                                                                         /*}}}*/
  68 // CheckAuth - check if each download comes form a trusted source       /*{{{*/
  69 bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser)
  70 {
  71    std::string UntrustedList;
  72    for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
  73       if (!(*I)->IsTrusted())
  74           UntrustedList += std::string((*I)->ShortDesc()) + " ";
  75
  76    if (UntrustedList == "")
  77       return true;
  78
  79    return AuthPrompt(UntrustedList, PromptUser);
  80 }
  81
  82 bool AuthPrompt(std::string const &UntrustedList, bool const PromptUser)
  83 {
  84    ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,"");
  85
  86    if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
  87    {
  88       c2out << _("Authentication warning overridden.\n");
  89       return true;
  90    }
  91
  92    if (PromptUser == false)
  93       return _error->Error(_("Some packages could not be authenticated"));
  94
  95    if (_config->FindI("quiet",0) < 2
  96        && _config->FindB("APT::Get::Assume-Yes",false) == false)
  97    {
  98       c2out << _("Install these packages without verification?") << std::flush;
  99       if (!YnPrompt(false))
 100          return _error->Error(_("Some packages could not be authenticated"));
 101
 102       return true;
 103    }
 104    else if (_config->FindB("APT::Get::Force-Yes",false) == true)
 105       return true;
 106
 107    return _error->Error(_("There are problems and -y was used without --force-yes"));
 108 }
 109                                                                         /*}}}*/
 110 bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failure, bool * const TransientNetworkFailure)/*{{{*/
 111 {
 112    pkgAcquire::RunResult res;
 113    if(PulseInterval > 0)
 114       res = Fetcher.Run(PulseInterval);
 115    else
 116       res = Fetcher.Run();
 117
 118    if (res == pkgAcquire::Failed)
 119       return false;
 120
 121    for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin();
 122         I != Fetcher.ItemsEnd(); ++I)
 123    {
 124
 125       if ((*I)->Status == pkgAcquire::Item::StatDone &&
 126             (*I)->Complete == true)
 127          continue;
 128
 129       if (TransientNetworkFailure != NULL && (*I)->Status == pkgAcquire::Item::StatIdle)
 130       {
 131          *TransientNetworkFailure = true;
 132          continue;
 133       }
 134
 135       ::URI uri((*I)->DescURI());
 136       uri.User.clear();
 137       uri.Password.clear();
 138       std::string descUri = std::string(uri);
 139       _error->Error(_("Failed to fetch %s  %s\n"), descUri.c_str(),
 140             (*I)->ErrorText.c_str());
 141
 142       if (Failure != NULL)
 143          *Failure = true;
 144    }
 145
 146    return true;
 147 }
 148                                                                         /*}}}*/