diff options
| -rw-r--r-- | apt-pkg/acquire.cc | 10 | ||||
| -rw-r--r-- | apt-pkg/init.cc | 1 | ||||
| -rw-r--r-- | methods/ftp.cc | 16 | ||||
| -rw-r--r-- | methods/http.cc | 17 | ||||
| -rw-r--r-- | methods/https.cc | 15 | ||||
| -rwxr-xr-x | test/integration/test-authentication-basic | 18 |
6 files changed, 75 insertions, 2 deletions
diff --git a/apt-pkg/acquire.cc b/apt-pkg/acquire.cc index ed0ddf7ac..bf1c3a4fe 100644 --- a/apt-pkg/acquire.cc +++ b/apt-pkg/acquire.cc @@ -87,6 +87,16 @@ void pkgAcquire::Initialize() if(AuthConf.empty() == false && RealFileExists(AuthConf) && chown(AuthConf.c_str(), pw->pw_uid, gr->gr_gid) != 0) _error->WarningE("SetupAPTPartialDirectory", "chown to %s:root of file %s failed", SandboxUser.c_str(), AuthConf.c_str()); + + std::string const AuthParts = _config->FindDir("Dir::Etc::netrcparts"); + if (AuthParts.empty() == false && DirectoryExists(AuthParts)) + { + for (auto const &AuthConf : GetListOfFilesInDir(AuthParts, "conf", true, true)) + { + if (RealFileExists(AuthConf) && chown(AuthConf.c_str(), pw->pw_uid, gr->gr_gid) != 0) + _error->WarningE("SetupAPTPartialDirectory", "chown to %s:root of file %s failed", SandboxUser.c_str(), AuthConf.c_str()); + } + } } } } diff --git a/apt-pkg/init.cc b/apt-pkg/init.cc index f5ca43465..645df044e 100644 --- a/apt-pkg/init.cc +++ b/apt-pkg/init.cc @@ -63,6 +63,7 @@ bool pkgInitConfig(Configuration &Cnf) Cnf.CndSet("Dir::Etc::sourceparts","sources.list.d"); Cnf.CndSet("Dir::Etc::main","apt.conf"); Cnf.CndSet("Dir::Etc::netrc", "auth.conf"); + Cnf.CndSet("Dir::Etc::netrcparts", "auth.conf.d"); Cnf.CndSet("Dir::Etc::parts","apt.conf.d"); Cnf.CndSet("Dir::Etc::preferences","preferences"); Cnf.CndSet("Dir::Etc::preferencesparts","preferences.d"); diff --git a/methods/ftp.cc b/methods/ftp.cc index edb758a81..cb45a816a 100644 --- a/methods/ftp.cc +++ b/methods/ftp.cc @@ -1018,6 +1018,22 @@ bool FtpMethod::Fetch(FetchItem *Itm) Res.IMSHit = false; maybe_add_auth (Get, _config->FindFile("Dir::Etc::netrc")); + if(Get.User.empty() || Get.Password.empty()) + { + auto const netrcparts = _config->FindDir("Dir::Etc::netrcparts"); + if (not netrcparts.empty()) + { + _error->PushToStack(); + for (auto const &netrc : GetListOfFilesInDir(netrcparts, "conf", true, true)) + { + maybe_add_auth (Get, netrc); + if (Get.User.empty() == false || Get.Password.empty() == false) + break; + } + _error->RevertToStack(); + } + } + // Connect to the server if (Server == 0 || Server->Comp(Get) == false) diff --git a/methods/http.cc b/methods/http.cc index 96b24a146..699d801f0 100644 --- a/methods/http.cc +++ b/methods/http.cc @@ -748,7 +748,24 @@ void HttpMethod::SendReq(FetchItem *Itm) Req << "Proxy-Authorization: Basic " << Base64Encode(Server->Proxy.User + ":" + Server->Proxy.Password) << "\r\n"; + maybe_add_auth (Uri, _config->FindFile("Dir::Etc::netrc")); + if(Uri.User.empty() || Uri.Password.empty()) + { + auto const netrcparts = _config->FindDir("Dir::Etc::netrcparts"); + if (not netrcparts.empty()) + { + _error->PushToStack(); + for (auto const &netrc : GetListOfFilesInDir(netrcparts, "conf", true, true)) + { + maybe_add_auth (Uri, netrc); + if (Uri.User.empty() == false || Uri.Password.empty() == false) + break; + } + _error->RevertToStack(); + } + } + if (Uri.User.empty() == false || Uri.Password.empty() == false) Req << "Authorization: Basic " << Base64Encode(Uri.User + ":" + Uri.Password) << "\r\n"; diff --git a/methods/https.cc b/methods/https.cc index 85733ecd4..ea4b33c6d 100644 --- a/methods/https.cc +++ b/methods/https.cc @@ -240,6 +240,21 @@ bool HttpsMethod::Fetch(FetchItem *Itm) SetupProxy(); maybe_add_auth (Uri, _config->FindFile("Dir::Etc::netrc")); + if(Uri.User.empty() || Uri.Password.empty()) + { + auto const netrcparts = _config->FindDir("Dir::Etc::netrcparts"); + if (not netrcparts.empty()) + { + _error->PushToStack(); + for (auto const &netrc : GetListOfFilesInDir(netrcparts, "conf", true, true)) + { + maybe_add_auth (Uri, netrc); + if (Uri.User.empty() == false || Uri.Password.empty() == false) + break; + } + _error->RevertToStack(); + } + } // The "+" is encoded as a workaround for a amazon S3 bug // see LP bugs #1003633 and #1086997. (taken from http method) diff --git a/test/integration/test-authentication-basic b/test/integration/test-authentication-basic index 9a15c7604..124b85eab 100755 --- a/test/integration/test-authentication-basic +++ b/test/integration/test-authentication-basic @@ -13,6 +13,7 @@ setupaptarchive --no-update changetohttpswebserver --authorization="$(printf '%s' 'star@irc:hunter2' | base64 )" echo 'See, when YOU type hunter2, it shows to us as *******' > aptarchive/bash +echo 'Debug::Acquire::netrc "true";' > rootdir/etc/apt/apt.conf.d/netrcdebug.conf testauthfailure() { testfailure apthelper download-file "${1}/bash" ./downloaded/bash @@ -48,7 +49,8 @@ Conf foo (1 unstable [all])' aptget install foo -s } authfile() { - local AUTHCONF='rootdir/etc/apt/auth.conf' + local AUTHCONF="${2:-rootdir/etc/apt/auth.conf}" + mkdir -p "$(dirname "$AUTHCONF")" rm -f "$AUTHCONF" printf '%s' "$1" > "$AUTHCONF" chmod 600 "$AUTHCONF" @@ -80,6 +82,16 @@ machine localhost login star@irc password hunter2' testauthsuccess "$1" + + # delete file, make sure it fails; add auth.conf.d snippet, works again. + rm rootdir/etc/apt/auth.conf + testauthfailure "$1" + + authfile 'machine localhost +login star@irc +password hunter2' rootdir/etc/apt/auth.conf.d/myauth.conf + testauthsuccess "$1" + rm rootdir/etc/apt/auth.conf.d/myauth.conf } msgmsg 'server basic auth' @@ -94,7 +106,9 @@ rewritesourceslist "http://localhost:${APTHTTPPORT}" msgmsg 'proxy to server basic auth' webserverconfig 'aptwebserver::request::absolute' 'uri' -export http_proxy="http://localhost:${APTHTTPPORT}" +# using ip instead of localhost avoids picking up the auth for the repo +# for the proxy as well as we serve them both over the same server… +export http_proxy="http://127.0.0.1:${APTHTTPPORT}" runtest "http://localhost:${APTHTTPPORT}" unset http_proxy |