#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <fcntl.h>
#include <pwd.h>
#include <grp.h>
#include <dirent.h>
#include <sys/select.h>
#include <errno.h>
#include <sys/stat.h>
-#include <sys/types.h>
#include <apti18n.h>
/*}}}*/
// Acquire::pkgAcquire - Constructor /*{{{*/
// ---------------------------------------------------------------------
/* We grab some runtime state from the configuration space */
-pkgAcquire::pkgAcquire() : LockFD(-1), Queues(0), Workers(0), Configs(0), Log(NULL), ToFetch(0),
+pkgAcquire::pkgAcquire() : LockFD(-1), d(NULL), Queues(0), Workers(0), Configs(0), Log(NULL), ToFetch(0),
Debug(_config->FindB("Debug::pkgAcquire",false)),
Running(false)
{
Initialize();
}
-pkgAcquire::pkgAcquire(pkgAcquireStatus *Progress) : LockFD(-1), Queues(0), Workers(0),
+pkgAcquire::pkgAcquire(pkgAcquireStatus *Progress) : LockFD(-1), d(NULL), Queues(0), Workers(0),
Configs(0), Log(NULL), ToFetch(0),
Debug(_config->FindB("Debug::pkgAcquire",false)),
Running(false)
/* This runs the queues. It manages a select loop for all of the
Worker tasks. The workers interact with the queues and items to
manage the actual fetch. */
+static void CheckDropPrivsMustBeDisabled(pkgAcquire const &Fetcher)
+{
+ if(getuid() != 0)
+ return;
+
+ std::string SandboxUser = _config->Find("APT::Sandbox::User");
+ if (SandboxUser.empty())
+ return;
+
+ struct passwd const * const pw = getpwnam(SandboxUser.c_str());
+ if (pw == NULL)
+ return;
+
+ gid_t const old_euid = geteuid();
+ gid_t const old_egid = getegid();
+ if (setegid(pw->pw_gid) != 0)
+ _error->Errno("setegid", "setegid %u failed", pw->pw_gid);
+ if (seteuid(pw->pw_uid) != 0)
+ _error->Errno("seteuid", "seteuid %u failed", pw->pw_uid);
+
+ bool dropPrivs = true;
+ for (pkgAcquire::ItemCIterator I = Fetcher.ItemsBegin();
+ I != Fetcher.ItemsEnd() && dropPrivs == true; ++I)
+ {
+ std::string filename = (*I)->DestFile;
+ if (filename.empty())
+ continue;
+
+ // no need to drop privileges for a complete file
+ if ((*I)->Complete == true)
+ continue;
+
+ // we check directory instead of file as the file might or might not
+ // exist already as a link or not which complicates everything…
+ std::string dirname = flNotFile(filename);
+ if (unlikely(dirname.empty()))
+ continue;
+ // translate relative to absolute for DirectoryExists
+ // FIXME: What about ../ and ./../ ?
+ if (dirname.substr(0,2) == "./")
+ dirname = SafeGetCWD() + dirname.substr(2);
+
+ if (DirectoryExists(dirname))
+ ;
+ else
+ continue; // assume it is created correctly by the acquire system
+
+ if (faccessat(-1, dirname.c_str(), R_OK | W_OK | X_OK, AT_EACCESS | AT_SYMLINK_NOFOLLOW) != 0)
+ {
+ dropPrivs = false;
+ _error->WarningE("pkgAcquire::Run", _("Can't drop privileges for downloading as file '%s' couldn't be accessed by user '%s'."),
+ filename.c_str(), SandboxUser.c_str());
+ _config->Set("APT::Sandbox::User", "");
+ break;
+ }
+ }
+
+ if (seteuid(old_euid) != 0)
+ _error->Errno("seteuid", "seteuid %u failed", old_euid);
+ if (setegid(old_egid) != 0)
+ _error->Errno("setegid", "setegid %u failed", old_egid);
+}
pkgAcquire::RunResult pkgAcquire::Run(int PulseIntervall)
{
+ CheckDropPrivsMustBeDisabled(*this);
+
Running = true;
for (Queue *I = Queues; I != 0; I = I->Next)
// Queue::Queue - Constructor /*{{{*/
// ---------------------------------------------------------------------
/* */
-pkgAcquire::Queue::Queue(string Name,pkgAcquire *Owner) : d(NULL), Next(0),
- Name(Name), Items(0), Workers(0), Owner(Owner), PipeDepth(0), MaxPipeDepth(1)
+pkgAcquire::Queue::Queue(string const &name,pkgAcquire * const owner) : d(NULL), Next(0),
+ Name(name), Items(0), Workers(0), Owner(owner), PipeDepth(0), MaxPipeDepth(1)
{
}
/*}}}*/
{
QItem **I = &Items;
// move to the end of the queue and check for duplicates here
+ HashStringList const hsl = Item.Owner->GetExpectedHashes();
for (; *I != 0; I = &(*I)->Next)
- if (Item.URI == (*I)->URI)
+ if (Item.URI == (*I)->URI || hsl == (*I)->Owner->GetExpectedHashes())
{
+ if (_config->FindB("Debug::pkgAcquire::Worker",false) == true)
+ std::cerr << " @ Queue: Action combined for " << Item.URI << " and " << (*I)->URI << std::endl;
(*I)->Owners.push_back(Item.Owner);
Item.Owner->Status = (*I)->Owner->Status;
return false;
// AcquireStatus::pkgAcquireStatus - Constructor /*{{{*/
// ---------------------------------------------------------------------
/* */
-pkgAcquireStatus::pkgAcquireStatus() : d(NULL), Percent(0), Update(true), MorePulses(false)
+pkgAcquireStatus::pkgAcquireStatus() : d(NULL), Percent(-1), Update(true), MorePulses(false)
{
Start();
}
Time = NewTime;
}
+ double const OldPercent = Percent;
// calculate the percentage, if we have too little data assume 1%
if (TotalBytes > 0 && UnfetchedReleaseFiles)
Percent = 0;
- else
+ else
// use both files and bytes because bytes can be unreliable
- Percent = (0.8 * (CurrentBytes/float(TotalBytes)*100.0) +
+ Percent = (0.8 * (CurrentBytes/float(TotalBytes)*100.0) +
0.2 * (CurrentItems/float(TotalItems)*100.0));
+ double const DiffPercent = Percent - OldPercent;
+ if (DiffPercent < 0.001 && _config->FindB("Acquire::Progress::Diffpercent", false) == true)
+ return true;
int fd = _config->FindI("APT::Status-Fd",-1);
if(fd > 0)
snprintf(msg,sizeof(msg), _("Retrieving file %li of %li (%s remaining)"), i, TotalItems, TimeToStr(ETA).c_str());
else
snprintf(msg,sizeof(msg), _("Retrieving file %li of %li"), i, TotalItems);
-
+
// build the status str
status << "dlstatus:" << i
<< ":" << std::setprecision(3) << Percent
- << ":" << msg
+ << ":" << msg
<< endl;
std::string const dlstatus = status.str();
}
/*}}}*/
+pkgAcquire::UriIterator::UriIterator(pkgAcquire::Queue *Q) : d(NULL), CurQ(Q), CurItem(0)
+{
+ while (CurItem == 0 && CurQ != 0)
+ {
+ CurItem = CurQ->Items;
+ CurQ = CurQ->Next;
+ }
+}
+
APT_CONST pkgAcquire::UriIterator::~UriIterator() {}
APT_CONST pkgAcquire::MethodConfig::~MethodConfig() {}
APT_CONST pkgAcquireStatus::~pkgAcquireStatus() {}
projects / apt.git / blobdiff