Merge branch 'feature/authconf'

author: David Kalnischkies <david@kalnischkies.de> 2017-07-26 19:09:59 +0200
committer: David Kalnischkies <david@kalnischkies.de> 2017-07-26 19:09:59 +0200
commit: 2920e9428e26004f90a1f1ea86f07850b2204f85 (patch)
tree: 601b38dc82e987ad0ed141caa31b480e6f6fb4ca /methods
parent: f2f8e89f08cdf01c83a0b8ab053c65329d85ca90 (diff)
parent: 8580574ec63fedd39a3ab3b9f0025e08eae5f620 (diff)
8 files changed, 55 insertions, 18 deletions
diff --git a/methods/aptmethod.h b/methods/aptmethod.h
index 04858e29d..23fd036dd 100644
--- a/methods/aptmethod.h
+++ b/methods/aptmethod.h
@@ -5,6 +5,7 @@
 #include <apt-pkg/configuration.h>
 #include <apt-pkg/error.h>
 #include <apt-pkg/fileutl.h>
+#include <apt-pkg/netrc.h>
 
 #include <algorithm>
 #include <locale>
@@ -148,5 +149,44 @@ public:
       }
    }
 };
+class aptAuthConfMethod : public aptMethod
+{
+   FileFd authconf;
+public:
+   virtual bool Configuration(std::string Message) APT_OVERRIDE
+   {
+      if (pkgAcqMethod::Configuration(Message) == false)
+	 return false;
+
+      std::string const conf = std::string("Binary::") + Binary;
+      _config->MoveSubTree(conf.c_str(), NULL);
+
+      auto const netrc = _config->FindFile("Dir::Etc::netrc");
+      if (netrc.empty() == false)
+      {
+	 // ignore errors with opening the auth file as it doesn't need to exist
+	 _error->PushToStack();
+	 authconf.Open(netrc, FileFd::ReadOnly);
+	 _error->RevertToStack();
+      }
 
+      DropPrivsOrDie();
+
+      return true;
+   }
+
+   bool MaybeAddAuthTo(URI &uri)
+   {
+      if (uri.User.empty() == false || uri.Password.empty() == false)
+	 return true;
+      if (authconf.IsOpen() == false)
+	 return true;
+      if (authconf.Seek(0) == false)
+	 return false;
+      return MaybeAddAuth(authconf, uri);
+   }
+
+   aptAuthConfMethod(std::string &&Binary, char const * const Ver, unsigned long const Flags) APT_NONNULL(3) :
+      aptMethod(std::move(Binary), Ver, Flags) {}
+};
 #endif
diff --git a/methods/basehttp.cc b/methods/basehttp.cc
index cc5039c75..0eb617f89 100644
--- a/methods/basehttp.cc
+++ b/methods/basehttp.cc
@@ -830,14 +830,14 @@ unsigned long long BaseHttpMethod::FindMaximumObjectSizeInQueue() const	/*{{{*/
 }
 									/*}}}*/
 BaseHttpMethod::BaseHttpMethod(std::string &&Binary, char const * const Ver,unsigned long const Flags) :/*{{{*/
-   aptMethod(std::move(Binary), Ver, Flags), Server(nullptr), PipelineDepth(10),
+   aptAuthConfMethod(std::move(Binary), Ver, Flags), Server(nullptr), PipelineDepth(10),
    AllowRedirect(false), Debug(false)
 {
 }
 									/*}}}*/
 bool BaseHttpMethod::Configuration(std::string Message)			/*{{{*/
 {
-   if (aptMethod::Configuration(Message) == false)
+   if (aptAuthConfMethod::Configuration(Message) == false)
       return false;
 
    _config->CndSet("Acquire::tor::Proxy",
@@ -845,8 +845,9 @@ bool BaseHttpMethod::Configuration(std::string Message)			/*{{{*/
    return true;
 }
 									/*}}}*/
-bool BaseHttpMethod::AddProxyAuth(URI &Proxy, URI const &Server) const	/*{{{*/
+bool BaseHttpMethod::AddProxyAuth(URI &Proxy, URI const &Server) /*{{{*/
 {
+   MaybeAddAuthTo(Proxy);
    if (std::find(methodNames.begin(), methodNames.end(), "tor") != methodNames.end() &&
 	 Proxy.User == "apt-transport-tor" && Proxy.Password.empty())
    {
@@ -857,7 +858,6 @@ bool BaseHttpMethod::AddProxyAuth(URI &Proxy, URI const &Server) const	/*{{{*/
       else
 	 Proxy.Password = std::move(pass);
    }
-   // FIXME: should we support auth.conf for proxies?
    return true;
 }
 									/*}}}*/
diff --git a/methods/basehttp.h b/methods/basehttp.h
index 7000e7b89..aadd59168 100644
--- a/methods/basehttp.h
+++ b/methods/basehttp.h
@@ -115,7 +115,7 @@ struct ServerState
    virtual ~ServerState() {};
 };
 
-class BaseHttpMethod : public aptMethod
+class BaseHttpMethod : public aptAuthConfMethod
 {
    protected:
    virtual bool Fetch(FetchItem *) APT_OVERRIDE;
@@ -164,7 +164,7 @@ class BaseHttpMethod : public aptMethod
    virtual void RotateDNS() = 0;
    virtual bool Configuration(std::string Message) APT_OVERRIDE;
 
-   bool AddProxyAuth(URI &Proxy, URI const &Server) const;
+   bool AddProxyAuth(URI &Proxy, URI const &Server);
 
    BaseHttpMethod(std::string &&Binary, char const * const Ver,unsigned long const Flags);
    virtual ~BaseHttpMethod() {};
diff --git a/methods/curl.cc b/methods/curl.cc
index 71149217a..8e06d858d 100644
--- a/methods/curl.cc
+++ b/methods/curl.cc
@@ -270,7 +270,7 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
    if (SetupProxy() == false)
       return _error->Error("Unsupported proxy configured: %s", URI::SiteOnly(Proxy).c_str());
 
-   maybe_add_auth (Uri, _config->FindFile("Dir::Etc::netrc"));
+   MaybeAddAuthTo(Uri);
    if (Server == nullptr || Server->Comp(Itm->Uri) == false)
       Server = CreateServerState(Itm->Uri);
 
diff --git a/methods/ftp.cc b/methods/ftp.cc
index 4972337e3..341230f69 100644
--- a/methods/ftp.cc
+++ b/methods/ftp.cc
@@ -21,7 +21,6 @@
 #include <apt-pkg/error.h>
 #include <apt-pkg/fileutl.h>
 #include <apt-pkg/hashes.h>
-#include <apt-pkg/netrc.h>
 #include <apt-pkg/strutl.h>
 
 #include <iostream>
@@ -961,7 +960,7 @@ bool FTPConn::Get(const char *Path,FileFd &To,unsigned long long Resume,
 // FtpMethod::FtpMethod - Constructor					/*{{{*/
 // ---------------------------------------------------------------------
 /* */
-FtpMethod::FtpMethod() : aptMethod("ftp","1.0",SendConfig)
+FtpMethod::FtpMethod() : aptAuthConfMethod("ftp", "1.0", SendConfig)
 {
    signal(SIGTERM,SigTerm);
    signal(SIGINT,SigTerm);
@@ -996,7 +995,7 @@ void FtpMethod::SigTerm(int)
 /* We stash the desired pipeline depth */
 bool FtpMethod::Configuration(string Message)
 {
-   if (aptMethod::Configuration(Message) == false)
+   if (aptAuthConfMethod::Configuration(Message) == false)
       return false;
 
    TimeOut = _config->FindI("Acquire::Ftp::Timeout",TimeOut);
@@ -1015,7 +1014,7 @@ bool FtpMethod::Fetch(FetchItem *Itm)
    Res.Filename = Itm->DestFile;
    Res.IMSHit = false;
 
-   maybe_add_auth (Get, _config->FindFile("Dir::Etc::netrc"));
+   MaybeAddAuthTo(Get);
 
    // Connect to the server
    if (Server == 0 || Server->Comp(Get) == false)
diff --git a/methods/ftp.h b/methods/ftp.h
index 67d00d9f1..1859ddce0 100644
--- a/methods/ftp.h
+++ b/methods/ftp.h
@@ -72,7 +72,7 @@ class FTPConn
    ~FTPConn();
 };
 
-class FtpMethod : public aptMethod
+class FtpMethod : public aptAuthConfMethod
 {
    virtual bool Fetch(FetchItem *Itm) APT_OVERRIDE;
    virtual bool Configuration(std::string Message) APT_OVERRIDE;
diff --git a/methods/http.cc b/methods/http.cc
index db4542981..fc22180d3 100644
--- a/methods/http.cc
+++ b/methods/http.cc
@@ -23,7 +23,6 @@
 #include <apt-pkg/error.h>
 #include <apt-pkg/fileutl.h>
 #include <apt-pkg/hashes.h>
-#include <apt-pkg/netrc.h>
 #include <apt-pkg/proxy.h>
 #include <apt-pkg/strutl.h>
 
@@ -330,7 +329,7 @@ struct HttpConnectFd : public MethodFd
 };
 
 bool UnwrapHTTPConnect(std::string Host, int Port, URI Proxy, std::unique_ptr<MethodFd> &Fd,
-		       unsigned long Timeout, aptMethod *Owner)
+		       unsigned long Timeout, aptAuthConfMethod *Owner)
 {
    Owner->Status(_("Connecting to %s (%s)"), "HTTP proxy", URI::SiteOnly(Proxy).c_str());
    // The HTTP server expects a hostname with a trailing :port
@@ -348,9 +347,8 @@ bool UnwrapHTTPConnect(std::string Host, int Port, URI Proxy, std::unique_ptr<Me
       Req << "Host: " << ProperHost << ":" << std::to_string(Proxy.Port) << "\r\n";
    else
       Req << "Host: " << ProperHost << "\r\n";
-   ;
 
-   maybe_add_auth(Proxy, _config->FindFile("Dir::Etc::netrc"));
+   Owner->MaybeAddAuthTo(Proxy);
    if (Proxy.User.empty() == false || Proxy.Password.empty() == false)
       Req << "Proxy-Authorization: Basic "
 	  << Base64Encode(Proxy.User + ":" + Proxy.Password) << "\r\n";
@@ -931,7 +929,7 @@ void HttpMethod::SendReq(FetchItem *Itm)
       Req << "Proxy-Authorization: Basic "
 	 << Base64Encode(Server->Proxy.User + ":" + Server->Proxy.Password) << "\r\n";
 
-   maybe_add_auth (Uri, _config->FindFile("Dir::Etc::netrc"));
+   MaybeAddAuthTo(Uri);
    if (Uri.User.empty() == false || Uri.Password.empty() == false)
       Req << "Authorization: Basic "
 	 << Base64Encode(Uri.User + ":" + Uri.Password) << "\r\n";
diff --git a/methods/http.h b/methods/http.h
index 7a763675c..6d44fbdd4 100644
--- a/methods/http.h
+++ b/methods/http.h
@@ -93,7 +93,7 @@ class CircleBuf
    ~CircleBuf();
 };
 
-bool UnwrapHTTPConnect(std::string To, int Port, URI Proxy, std::unique_ptr<MethodFd> &Fd, unsigned long Timeout, aptMethod *Owner);
+bool UnwrapHTTPConnect(std::string To, int Port, URI Proxy, std::unique_ptr<MethodFd> &Fd, unsigned long Timeout, aptAuthConfMethod *Owner);
 
 struct HttpServerState: public ServerState
 {
author	David Kalnischkies <david@kalnischkies.de>	2017-07-26 19:09:59 +0200
committer	David Kalnischkies <david@kalnischkies.de>	2017-07-26 19:09:59 +0200
commit	2920e9428e26004f90a1f1ea86f07850b2204f85 (patch)
tree	601b38dc82e987ad0ed141caa31b480e6f6fb4ca /methods
parent	f2f8e89f08cdf01c83a0b8ab053c65329d85ca90 (diff)
parent	8580574ec63fedd39a3ab3b9f0025e08eae5f620 (diff)