summaryrefslogtreecommitdiff
path: root/methods/aptmethod.h
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2017-07-07 22:21:44 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2017-07-26 19:09:04 +0200
commit881ec045b6660e2fe0c6953720260e380ceeeb99 (patch)
tree231454f60c5d3bd20396444316bf15671a7a5ee7 /methods/aptmethod.h
parent6291fa81da6ed4c32d0dde33fa559cd155faff11 (diff)
allow the auth.conf to be root:root owned
Opening the file before we drop privileges in the methods allows us to avoid chowning in the acquire main process which can apply to the wrong file (imagine Binary scoped settings) and surprises users as their permission setup is overridden. There are no security benefits as the file is open, so an evil method could as before read the contents of the file, but it isn't worse than before and we avoid permission problems in this setup.
Diffstat (limited to 'methods/aptmethod.h')
-rw-r--r--methods/aptmethod.h57
1 files changed, 39 insertions, 18 deletions
diff --git a/methods/aptmethod.h b/methods/aptmethod.h
index a9af63fb7..23fd036dd 100644
--- a/methods/aptmethod.h
+++ b/methods/aptmethod.h
@@ -43,24 +43,6 @@ public:
return true;
}
- bool MaybeAddAuthTo(URI &uri)
- {
- if (uri.User.empty() == false || uri.Password.empty() == false)
- return true;
- auto const netrc = _config->FindFile("Dir::Etc::netrc");
- if (netrc.empty() == true)
- return true;
- // ignore errors with opening the auth file as it doesn't need to exist
- _error->PushToStack();
- FileFd authconf(netrc, FileFd::ReadOnly);
- _error->RevertToStack();
- if (authconf.IsOpen() == false)
- return true;
- if (authconf.Seek(0) == false)
- return false;
- return MaybeAddAuth(authconf, uri);
- }
-
bool CalculateHashes(FetchItem const * const Itm, FetchResult &Res) const APT_NONNULL(2)
{
Hashes Hash(Itm->ExpectedHashes);
@@ -167,5 +149,44 @@ public:
}
}
};
+class aptAuthConfMethod : public aptMethod
+{
+ FileFd authconf;
+public:
+ virtual bool Configuration(std::string Message) APT_OVERRIDE
+ {
+ if (pkgAcqMethod::Configuration(Message) == false)
+ return false;
+
+ std::string const conf = std::string("Binary::") + Binary;
+ _config->MoveSubTree(conf.c_str(), NULL);
+ auto const netrc = _config->FindFile("Dir::Etc::netrc");
+ if (netrc.empty() == false)
+ {
+ // ignore errors with opening the auth file as it doesn't need to exist
+ _error->PushToStack();
+ authconf.Open(netrc, FileFd::ReadOnly);
+ _error->RevertToStack();
+ }
+
+ DropPrivsOrDie();
+
+ return true;
+ }
+
+ bool MaybeAddAuthTo(URI &uri)
+ {
+ if (uri.User.empty() == false || uri.Password.empty() == false)
+ return true;
+ if (authconf.IsOpen() == false)
+ return true;
+ if (authconf.Seek(0) == false)
+ return false;
+ return MaybeAddAuth(authconf, uri);
+ }
+
+ aptAuthConfMethod(std::string &&Binary, char const * const Ver, unsigned long const Flags) APT_NONNULL(3) :
+ aptMethod(std::move(Binary), Ver, Flags) {}
+};
#endif