summaryrefslogtreecommitdiff
path: root/methods
diff options
context:
space:
mode:
authorJulian Andres Klode <julian.klode@canonical.com>2019-02-05 16:57:47 +0100
committerJulian Andres Klode <julian.klode@canonical.com>2019-03-01 10:04:22 +0100
commit58ebfeb08cf979c1702dfca44c258e2f176e4212 (patch)
tree9ea86bad7912cacefc146b301646a4dd9d719613 /methods
parent08e35a30d5c1829580b155d8951314168c859456 (diff)
Add support for /etc/apt/auth.conf.d/*.conf (netrcparts)
This allows us to install matching auth files for sources.list.d files, for example; very useful. The chmod() stuff we inherited from auth.conf handling is awful, but what can we do? It's not needed anymore in later versions, as they open files before dropping privileges, but ugh, not backporting that. (parts cherry-picked from commit feed3ec105cd6be7b5d23da14c6cfca8572ee725) LP: #1811120
Diffstat (limited to 'methods')
-rw-r--r--methods/ftp.cc16
-rw-r--r--methods/http.cc17
-rw-r--r--methods/https.cc15
3 files changed, 48 insertions, 0 deletions
diff --git a/methods/ftp.cc b/methods/ftp.cc
index edb758a81..cb45a816a 100644
--- a/methods/ftp.cc
+++ b/methods/ftp.cc
@@ -1018,6 +1018,22 @@ bool FtpMethod::Fetch(FetchItem *Itm)
Res.IMSHit = false;
maybe_add_auth (Get, _config->FindFile("Dir::Etc::netrc"));
+ if(Get.User.empty() || Get.Password.empty())
+ {
+ auto const netrcparts = _config->FindDir("Dir::Etc::netrcparts");
+ if (not netrcparts.empty())
+ {
+ _error->PushToStack();
+ for (auto const &netrc : GetListOfFilesInDir(netrcparts, "conf", true, true))
+ {
+ maybe_add_auth (Get, netrc);
+ if (Get.User.empty() == false || Get.Password.empty() == false)
+ break;
+ }
+ _error->RevertToStack();
+ }
+ }
+
// Connect to the server
if (Server == 0 || Server->Comp(Get) == false)
diff --git a/methods/http.cc b/methods/http.cc
index 96b24a146..699d801f0 100644
--- a/methods/http.cc
+++ b/methods/http.cc
@@ -748,7 +748,24 @@ void HttpMethod::SendReq(FetchItem *Itm)
Req << "Proxy-Authorization: Basic "
<< Base64Encode(Server->Proxy.User + ":" + Server->Proxy.Password) << "\r\n";
+
maybe_add_auth (Uri, _config->FindFile("Dir::Etc::netrc"));
+ if(Uri.User.empty() || Uri.Password.empty())
+ {
+ auto const netrcparts = _config->FindDir("Dir::Etc::netrcparts");
+ if (not netrcparts.empty())
+ {
+ _error->PushToStack();
+ for (auto const &netrc : GetListOfFilesInDir(netrcparts, "conf", true, true))
+ {
+ maybe_add_auth (Uri, netrc);
+ if (Uri.User.empty() == false || Uri.Password.empty() == false)
+ break;
+ }
+ _error->RevertToStack();
+ }
+ }
+
if (Uri.User.empty() == false || Uri.Password.empty() == false)
Req << "Authorization: Basic "
<< Base64Encode(Uri.User + ":" + Uri.Password) << "\r\n";
diff --git a/methods/https.cc b/methods/https.cc
index 85733ecd4..ea4b33c6d 100644
--- a/methods/https.cc
+++ b/methods/https.cc
@@ -240,6 +240,21 @@ bool HttpsMethod::Fetch(FetchItem *Itm)
SetupProxy();
maybe_add_auth (Uri, _config->FindFile("Dir::Etc::netrc"));
+ if(Uri.User.empty() || Uri.Password.empty())
+ {
+ auto const netrcparts = _config->FindDir("Dir::Etc::netrcparts");
+ if (not netrcparts.empty())
+ {
+ _error->PushToStack();
+ for (auto const &netrc : GetListOfFilesInDir(netrcparts, "conf", true, true))
+ {
+ maybe_add_auth (Uri, netrc);
+ if (Uri.User.empty() == false || Uri.Password.empty() == false)
+ break;
+ }
+ _error->RevertToStack();
+ }
+ }
// The "+" is encoded as a workaround for a amazon S3 bug
// see LP bugs #1003633 and #1086997. (taken from http method)