apt-private/private-download.cc

   1 // Include Files                                                        /*{{{*/
   2 #include <config.h>
   3
   4 #include <apt-pkg/acquire.h>
   5 #include <apt-pkg/acquire-item.h>
   6 #include <apt-pkg/configuration.h>
   7 #include <apt-pkg/error.h>
   8 #include <apt-pkg/fileutl.h>
   9 #include <apt-pkg/strutl.h>
  10
  11 #include <apt-private/private-output.h>
  12 #include <apt-private/private-download.h>
  13
  14 #include <fstream>
  15 #include <string>
  16 #include <vector>
  17
  18 #include <unistd.h>
  19 #include <sys/types.h>
  20 #include <pwd.h>
  21 #include <fcntl.h>
  22 #include <sys/vfs.h>
  23 #include <sys/statvfs.h>
  24 #include <errno.h>
  25
  26 #include <apti18n.h>
  27                                                                         /*}}}*/
  28
  29 bool CheckDropPrivsMustBeDisabled(pkgAcquire &Fetcher)                  /*{{{*/
  30 {
  31    // no need/possibility to drop privs
  32    if(getuid() != 0)
  33       return true;
  34
  35    // the user does not want to drop privs
  36    std::string SandboxUser = _config->Find("APT::Sandbox::User");
  37    if (SandboxUser.empty())
  38       return true;
  39
  40    struct passwd const * const pw = getpwnam(SandboxUser.c_str());
  41    if (pw == NULL)
  42       return true;
  43
  44    if (seteuid(pw->pw_uid) != 0)
  45       return _error->Errno("seteuid", "seteuid %u failed", pw->pw_uid);
  46
  47    bool res = true;
  48    // check if we can write to destfile
  49    for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin();
  50         I != Fetcher.ItemsEnd() && res == true; ++I)
  51    {
  52       if ((*I)->DestFile.empty())
  53          continue;
  54       // we assume that an existing (partial) file means that we have sufficient rights
  55       if (RealFileExists((*I)->DestFile))
  56          continue;
  57       int fd = open((*I)->DestFile.c_str(), O_CREAT | O_EXCL | O_RDWR, 0600);
  58       if (fd < 0)
  59       {
  60          res = false;
  61          std::string msg;
  62          strprintf(msg, _("Can't drop privileges for downloading as file '%s' couldn't be accessed by user '%s'."),
  63                (*I)->DestFile.c_str(), SandboxUser.c_str());
  64          std::cerr << "W: " << msg << std::endl;
  65          _config->Set("APT::Sandbox::User", "");
  66          break;
  67       }
  68       unlink((*I)->DestFile.c_str());
  69       close(fd);
  70    }
  71
  72    if (seteuid(0) != 0)
  73       return _error->Errno("seteuid", "seteuid %u failed", 0);
  74
  75    return res;
  76 }
  77                                                                         /*}}}*/
  78 // CheckAuth - check if each download comes form a trusted source       /*{{{*/
  79 bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser)
  80 {
  81    std::vector<std::string> UntrustedList;
  82    for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
  83       if (!(*I)->IsTrusted())
  84          UntrustedList.push_back((*I)->ShortDesc());
  85
  86    if (UntrustedList.empty())
  87       return true;
  88
  89    return AuthPrompt(UntrustedList, PromptUser);
  90 }
  91
  92 bool AuthPrompt(std::vector<std::string> const &UntrustedList, bool const PromptUser)
  93 {
  94    ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"), UntrustedList,
  95          [](std::string const&) { return true; },
  96          [](std::string const&str) { return str; },
  97          [](std::string const&) { return ""; });
  98
  99    if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
 100    {
 101       c2out << _("Authentication warning overridden.\n");
 102       return true;
 103    }
 104
 105    if (PromptUser == false)
 106       return _error->Error(_("Some packages could not be authenticated"));
 107
 108    if (_config->FindI("quiet",0) < 2
 109        && _config->FindB("APT::Get::Assume-Yes",false) == false)
 110    {
 111       c2out << _("Install these packages without verification?") << std::flush;
 112       if (!YnPrompt(false))
 113          return _error->Error(_("Some packages could not be authenticated"));
 114
 115       return true;
 116    }
 117    else if (_config->FindB("APT::Get::Force-Yes",false) == true) {
 118       _error->Warning(_("--force-yes is deprecated, use one of the options starting with --allow instead."));
 119       return true;
 120    }
 121
 122    return _error->Error(_("There were unauthenticated packages and -y was used without --allow-unauthenticated"));
 123 }
 124                                                                         /*}}}*/
 125 bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failure, bool * const TransientNetworkFailure)/*{{{*/
 126 {
 127    pkgAcquire::RunResult res;
 128    if(PulseInterval > 0)
 129       res = Fetcher.Run(PulseInterval);
 130    else
 131       res = Fetcher.Run();
 132
 133    if (res == pkgAcquire::Failed)
 134       return false;
 135
 136    for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin();
 137         I != Fetcher.ItemsEnd(); ++I)
 138    {
 139
 140       if ((*I)->Status == pkgAcquire::Item::StatDone &&
 141             (*I)->Complete == true)
 142          continue;
 143
 144       if (TransientNetworkFailure != NULL && (*I)->Status == pkgAcquire::Item::StatIdle)
 145       {
 146          *TransientNetworkFailure = true;
 147          continue;
 148       }
 149
 150       ::URI uri((*I)->DescURI());
 151       uri.User.clear();
 152       uri.Password.clear();
 153       std::string descUri = std::string(uri);
 154       _error->Error(_("Failed to fetch %s  %s\n"), descUri.c_str(),
 155             (*I)->ErrorText.c_str());
 156
 157       if (Failure != NULL)
 158          *Failure = true;
 159    }
 160
 161    return true;
 162 }
 163                                                                         /*}}}*/
 164 bool CheckFreeSpaceBeforeDownload(std::string const &Dir, unsigned long long FetchBytes)/*{{{*/
 165 {
 166    uint32_t const RAMFS_MAGIC = 0x858458f6;
 167    /* Check for enough free space, but only if we are actually going to
 168       download */
 169    if (_config->FindB("APT::Get::Print-URIs", false) == true ||
 170        _config->FindB("APT::Get::Download", true) == false)
 171       return true;
 172
 173    struct statvfs Buf;
 174    if (statvfs(Dir.c_str(),&Buf) != 0) {
 175       if (errno == EOVERFLOW)
 176          return _error->WarningE("statvfs",_("Couldn't determine free space in %s"),
 177                Dir.c_str());
 178       else
 179          return _error->Errno("statvfs",_("Couldn't determine free space in %s"),
 180                Dir.c_str());
 181    }
 182    else
 183    {
 184       unsigned long long const FreeBlocks = _config->Find("APT::Sandbox::User").empty() ? Buf.f_bfree : Buf.f_bavail;
 185       if (FreeBlocks < (FetchBytes / Buf.f_bsize))
 186       {
 187          struct statfs Stat;
 188          if (statfs(Dir.c_str(),&Stat) != 0
 189 #if HAVE_STRUCT_STATFS_F_TYPE
 190                || Stat.f_type != RAMFS_MAGIC
 191 #endif
 192             )
 193             return _error->Error(_("You don't have enough free space in %s."),
 194                   Dir.c_str());
 195       }
 196    }
 197    return true;
 198 }
 199                                                                         /*}}}*/