summaryrefslogtreecommitdiff
path: root/apt-private/private-download.cc
diff options
context:
space:
mode:
authorMichael Vogt <mvo@debian.org>2015-08-18 11:54:05 +0200
committerMichael Vogt <mvo@debian.org>2015-08-18 11:54:05 +0200
commit21248c0f00ee71412dbadc6ebf84011cf974346d (patch)
tree7dc1f5904399482d2128765b5b86d57a4ac5b3e1 /apt-private/private-download.cc
parente5f34ad3b043abf033c1626eb8449b75955d6760 (diff)
parent4fc6b7570c3e97b65c118b58cdf6729fa94c9b03 (diff)
Merge branch 'debian/experimental' into feature/srv-records
Conflicts: cmdline/apt-helper.cc cmdline/makefile
Diffstat (limited to 'apt-private/private-download.cc')
-rw-r--r--apt-private/private-download.cc99
1 files changed, 99 insertions, 0 deletions
diff --git a/apt-private/private-download.cc b/apt-private/private-download.cc
index a095f0c67..37fae18e9 100644
--- a/apt-private/private-download.cc
+++ b/apt-private/private-download.cc
@@ -5,6 +5,7 @@
#include <apt-pkg/acquire-item.h>
#include <apt-pkg/configuration.h>
#include <apt-pkg/error.h>
+#include <apt-pkg/fileutl.h>
#include <apt-pkg/strutl.h>
#include <apt-private/private-output.h>
@@ -14,9 +15,66 @@
#include <string>
#include <vector>
+#include <unistd.h>
+#include <sys/types.h>
+#include <pwd.h>
+#include <fcntl.h>
+#include <sys/vfs.h>
+#include <sys/statvfs.h>
+#include <errno.h>
+
#include <apti18n.h>
/*}}}*/
+bool CheckDropPrivsMustBeDisabled(pkgAcquire &Fetcher) /*{{{*/
+{
+ // no need/possibility to drop privs
+ if(getuid() != 0)
+ return true;
+
+ // the user does not want to drop privs
+ std::string SandboxUser = _config->Find("APT::Sandbox::User");
+ if (SandboxUser.empty())
+ return true;
+
+ struct passwd const * const pw = getpwnam(SandboxUser.c_str());
+ if (pw == NULL)
+ return true;
+
+ if (seteuid(pw->pw_uid) != 0)
+ return _error->Errno("seteuid", "seteuid %u failed", pw->pw_uid);
+
+ bool res = true;
+ // check if we can write to destfile
+ for (pkgAcquire::ItemIterator I = Fetcher.ItemsBegin();
+ I != Fetcher.ItemsEnd() && res == true; ++I)
+ {
+ if ((*I)->DestFile.empty())
+ continue;
+ // we assume that an existing (partial) file means that we have sufficient rights
+ if (RealFileExists((*I)->DestFile))
+ continue;
+ int fd = open((*I)->DestFile.c_str(), O_CREAT | O_EXCL | O_RDWR, 0600);
+ if (fd < 0)
+ {
+ res = false;
+ std::string msg;
+ strprintf(msg, _("Can't drop privileges for downloading as file '%s' couldn't be accessed by user '%s'."),
+ (*I)->DestFile.c_str(), SandboxUser.c_str());
+ std::cerr << "W: " << msg << std::endl;
+ _config->Set("APT::Sandbox::User", "");
+ break;
+ }
+ unlink((*I)->DestFile.c_str());
+ close(fd);
+ }
+
+ if (seteuid(0) != 0)
+ return _error->Errno("seteuid", "seteuid %u failed", 0);
+
+ return res;
+}
+ /*}}}*/
// CheckAuth - check if each download comes form a trusted source /*{{{*/
bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser)
{
@@ -28,6 +86,11 @@ bool CheckAuth(pkgAcquire& Fetcher, bool const PromptUser)
if (UntrustedList == "")
return true;
+ return AuthPrompt(UntrustedList, PromptUser);
+}
+
+bool AuthPrompt(std::string const &UntrustedList, bool const PromptUser)
+{
ShowList(c2out,_("WARNING: The following packages cannot be authenticated!"),UntrustedList,"");
if (_config->FindB("APT::Get::AllowUnauthenticated",false) == true)
@@ -93,3 +156,39 @@ bool AcquireRun(pkgAcquire &Fetcher, int const PulseInterval, bool * const Failu
return true;
}
/*}}}*/
+bool CheckFreeSpaceBeforeDownload(std::string const &Dir, unsigned long long FetchBytes)/*{{{*/
+{
+ uint32_t const RAMFS_MAGIC = 0x858458f6;
+ /* Check for enough free space, but only if we are actually going to
+ download */
+ if (_config->FindB("APT::Get::Print-URIs", false) == true ||
+ _config->FindB("APT::Get::Download", true) == false)
+ return true;
+
+ struct statvfs Buf;
+ if (statvfs(Dir.c_str(),&Buf) != 0) {
+ if (errno == EOVERFLOW)
+ return _error->WarningE("statvfs",_("Couldn't determine free space in %s"),
+ Dir.c_str());
+ else
+ return _error->Errno("statvfs",_("Couldn't determine free space in %s"),
+ Dir.c_str());
+ }
+ else
+ {
+ unsigned long long const FreeBlocks = _config->Find("APT::Sandbox::User").empty() ? Buf.f_bfree : Buf.f_bavail;
+ if (FreeBlocks < (FetchBytes / Buf.f_bsize))
+ {
+ struct statfs Stat;
+ if (statfs(Dir.c_str(),&Stat) != 0
+#if HAVE_STRUCT_STATFS_F_TYPE
+ || Stat.f_type != RAMFS_MAGIC
+#endif
+ )
+ return _error->Error(_("You don't have enough free space in %s."),
+ Dir.c_str());
+ }
+ }
+ return true;
+}
+ /*}}}*/