]> git.saurik.com Git - apt.git/blobdiff - apt-private/private-download.cc
projects / apt.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge remote-tracking branch 'upstream/debian/experimental' into feature/srv-records
[apt.git] / apt-private / private-download.cc
diff --git a/apt-private/private-download.cc b/apt-private/private-download.cc
index f02991cde25658e165d1f45e1adb63fa0d873544..18a9b1fbce23429b63bf8f956c868d6e8d7c3cfe 100644 (file)
--- a/apt-private/private-download.cc
+++ b/apt-private/private-download.cc
@@ -5,31 +5,96 @@
 #include <apt-pkg/acquire-item.h>
 #include <apt-pkg/configuration.h>
 #include <apt-pkg/error.h>
 #include <apt-pkg/acquire-item.h>
 #include <apt-pkg/configuration.h>
 #include <apt-pkg/error.h>
+#include <apt-pkg/fileutl.h>
 #include <apt-pkg/strutl.h>
 
 #include <apt-pkg/strutl.h>
 
-#include "private-output.h"
-
-#include <locale.h>
+#include <apt-private/private-output.h>
+#include <apt-private/private-download.h>
 
 #include <fstream>
 #include <string>
 #include <vector>
 
 
 #include <fstream>
 #include <string>
 #include <vector>
 
+#include <unistd.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <fcntl.h>
+#include <sys/vfs.h>
+#include <sys/statvfs.h>
+#include <errno.h>
+
 #include <apti18n.h>
                                                                        /*}}}*/
 
 #include <apti18n.h>
                                                                        /*}}}*/
 
+bool CheckDropPrivsMustBeDisabled(pkgAcquire &Fetcher)                 /*{{{*/
+{
+   // no need/possibility to drop privs
+   if(getuid() != 0)
+      return true;
+
+   // the user does not want to drop privs
+   std::string SandboxUser = _config->Find("APT::Sandbox::User");
+   if (SandboxUser.empty())
+      return true;
+
+   struct passwd const * const pw = getpwnam(SandboxUser.c_str());
+   if (pw == NULL)
+      return true;
+
+   if (seteuid(pw->pw_uid) != 0)
+      return _error->Errno("seteuid", "seteuid %u failed", pw->pw_uid);
+
+   bool res = true;
+   // check if we can write to destfile
+   for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin();
+       I != Fetcher.ItemsEnd() && res == true; ++I)
+   {
+      if ((*I)->DestFile.empty())
+        continue;
+      // we assume that an existing (partial) file means that we have sufficient rights
+      if (RealFileExists((*I)->DestFile))
+        continue;
+      int fd = open((*I)->DestFile.c_str(), O_CREAT | O_EXCL | O_RDWR, 0600);
+      if (fd < 0)
+      {
+        res = false;
+        std::string msg;
+        strprintf(msg, _("Can't drop privileges for downloading as file '%s' couldn't be accessed by user '%s'."),
+              (*I)->DestFile.c_str(), SandboxUser.c_str());
+        std::cerr << "W: " << msg << std::endl;
+        _config->Set("APT::Sandbox::User", "");
+        break;
+      }
+      unlink((*I)->DestFile.c_str());
+      close(fd);
+   }
+
+   if (seteuid(0) != 0)
+      return _error->Errno("seteuid", "seteuid %u failed", 0);
+
+   return res;
+}
+                                                                       /*}}}*/
 // CheckAuth - check if each download comes form a trusted source      /*{{{*/
 bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser)
 {
 // CheckAuth - check if each download comes form a trusted source      /*{{{*/
 bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser)
 {
-   std::string UntrustedList;
+   std::vector<std::string> UntrustedList;
    for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
       if (!(*I)->IsTrusted())
    for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin(); I < Fetcher.ItemsEnd(); ++I)
       if (!(*I)->IsTrusted())
-          UntrustedList += std::string((*I)->ShortDesc()) + " ";
+        UntrustedList.push_back((*I)->ShortDesc());
 
 
-   if (UntrustedList == "")
+   if (UntrustedList.empty())
       return true;
 
       return true;
 
-   ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,"");
+   return AuthPrompt(UntrustedList, PromptUser);
+}
+
+bool AuthPrompt(std::vector<std::string> const &UntrustedList, bool const PromptUser)
+{
+   ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"), UntrustedList,
+        [](std::string const&) { return true; },
+        [](std::string const&str) { return str; },
+        [](std::string const&) { return ""; });
 
    if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
    {
 
    if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
    {
@@ -49,10 +114,12 @@ bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser)
 
       return true;
    }
 
       return true;
    }
-   else if (_config->FindB("APT::Get::Force-Yes",false) == true)
+   else if (_config->FindB("APT::Get::Force-Yes",false) == true) {
+      _error->Warning(_("--force-yes is deprecated, use one of the options starting with --allow instead."));
       return true;
       return true;
+   }
 
 
-   return _error->Error(_("There are problems and -y was used without --force-yes"));
+   return _error->Error(_("There were unauthenticated packages and -y was used without --allow-unauthenticated"));
 }
                                                                        /*}}}*/
 bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failure, bool * const TransientNetworkFailure)/*{{{*/
 }
                                                                        /*}}}*/
 bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failure, bool * const TransientNetworkFailure)/*{{{*/
@@ -94,3 +161,39 @@ bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failu
    return true;
 }
                                                                        /*}}}*/
    return true;
 }
                                                                        /*}}}*/
+bool CheckFreeSpaceBeforeDownload(std::string const &Dir, unsigned long long FetchBytes)/*{{{*/
+{
+   uint32_t const RAMFS_MAGIC = 0x858458f6;
+   /* Check for enough free space, but only if we are actually going to
+      download */
+   if (_config->FindB("APT::Get::Print-URIs", false) == true ||
+       _config->FindB("APT::Get::Download", true) == false)
+      return true;
+
+   struct statvfs Buf;
+   if (statvfs(Dir.c_str(),&Buf) != 0) {
+      if (errno == EOVERFLOW)
+        return _error->WarningE("statvfs",_("Couldn't determine free space in %s"),
+              Dir.c_str());
+      else
+        return _error->Errno("statvfs",_("Couldn't determine free space in %s"),
+              Dir.c_str());
+   }
+   else
+   {
+      unsigned long long const FreeBlocks = _config->Find("APT::Sandbox::User").empty() ? Buf.f_bfree : Buf.f_bavail;
+      if (FreeBlocks < (FetchBytes / Buf.f_bsize))
+      {
+        struct statfs Stat;
+        if (statfs(Dir.c_str(),&Stat) != 0
+#if HAVE_STRUCT_STATFS_F_TYPE
+              || Stat.f_type != RAMFS_MAGIC
+#endif
+           )
+           return _error->Error(_("You don't have enough free space in %s."),
+                 Dir.c_str());
+      }
+   }
+   return true;
+}
+                                                                       /*}}}*/
APT (for Cydia)