summaryrefslogtreecommitdiff
path: root/methods/ftp.cc
AgeCommit message (Collapse)Author
2017-10-22Sandbox methods with seccomp-BPF; except cdrom, gpgv, rshJulian Andres Klode
This reduces the number of syscalls to about 140 from about 350 or so, significantly reducing security risks. Also change prepare-release to ignore the architecture lists in the build dependencies when generating the build-depends package for travis. We might want to clean up things a bit more and/or move it somewhere else.
2017-07-26allow the auth.conf to be root:root ownedDavid Kalnischkies
Opening the file before we drop privileges in the methods allows us to avoid chowning in the acquire main process which can apply to the wrong file (imagine Binary scoped settings) and surprises users as their permission setup is overridden. There are no security benefits as the file is open, so an evil method could as before read the contents of the file, but it isn't worse than before and we avoid permission problems in this setup.
2017-07-26reimplement and document auth.confDavid Kalnischkies
We have support for an netrc-like auth.conf file since 0.7.25 (closing 518473), but it was never documented in apt that it even exists and netrc seems to have fallen out of usage as a manpage for it no longer exists making the feature even more arcane. On top of that the code was a bit of a mess (as it is written in c-style) and as a result the matching of machine tokens to URIs also a bit strange by checking for less specific matches (= without path) first. We now do a single pass over the stanzas. In practice early adopters of the undocumented implementation will not really notice the differences and the 'new' behaviour is simpler to document and more usual for an apt user. Closes: #811181
2017-07-26fail early in http if server answer is too small as wellDavid Kalnischkies
Failing on too much data is good, but we can do better by checking for exact filesizes as we know with hashsums how large a file should be, so if we get a file which has a size we do not expect we can drop it directly, regardless of if the file is larger or smaller than what we expect which should catch most cases which would end up as hashsum errors later now a lot sooner.
2017-07-26fail earlier if server answers with too much dataDavid Kalnischkies
We tend to operate on rather large static files, which means we usually get Content-Length information from the server. If we combine this information with the filesize we are expecting (factoring in pipelining) we can avoid reading a bunch of data we are ending up rejecting anyhow by just closing the connection saving bandwidth and time both for the server as well as the client.
2017-07-12Reformat and sort all includes with clang-formatJulian Andres Klode
This makes it easier to see which headers includes what. The changes were done by running git grep -l '#\s*include' \ | grep -E '.(cc|h)$' \ | xargs sed -i -E 's/(^\s*)#(\s*)include/\1#\2 include/' To modify all include lines by adding a space, and then running ./git-clang-format.sh.
2017-06-28methods: connect: Switch from int fds to new MethodFdJulian Andres Klode
Use std::unique_ptr<MethodFd> everywhere we used an integer-based file descriptor before. This allows us to implement stuff like TLS support easily. Gbp-Dch: ignore
2017-06-28methods: connect: Change PkgAcqMethod to aptMethodJulian Andres Klode
This will allow us to access ConfigFind() and stuff which makes it possible for us to implement TLS support. Gbp-Dch: ignore
2017-01-19fix various typos reported by spellintianDavid Kalnischkies
Most of them in (old) code comments. The two instances of user visible string changes the po files of the manpages are fixed up as well. Gbp-Dch: Ignore Reported-By: spellintian
2016-06-27methods/ftp: Cope with weird PASV responsesJulian Andres Klode
wu-ftpd sends the response without parens, whereas we expect them. I did not test the patch, but it should work. I added another return true if Pos is still npos after the second find to make sure we don't add npos to the string. Thanks: Lukasz Stelmach for the initial patch Closes: #420940
2016-05-28use std::locale::global instead of setlocaleDavid Kalnischkies
We use a wild mixture of C and C++ ways of generating output, so having a consistent world-view in both styles sounds like a good idea and should help in preventing regressions.
2015-11-05allow acquire method specific options via Binary scopeDavid Kalnischkies
Allows users who know what they are getting themselves into with this trick to e.g. disable privilege dropping for e.g. file:// until they can fix up the permissions on those repositories. It helps also the test framework and people with a similar setup (= me) to run in less modified environments.
2015-11-04wrap every unlink call to check for != /dev/nullDavid Kalnischkies
Unlinking /dev/null is bad, we shouldn't do that. Also, we should print at least a warning if we tried to unlink a file but didn't manage to pull it of (ignoring the case were the file is /dev/null or doesn't exist in the first place). This got triggered by a relatively unlikely to cause problem in pkgAcquire::Worker::PrepareFiles which would while temporary uncompressed files (which are set to keep compressed) figure out that to files are the same and prepare for sharing by deleting them. Bad move. That also shows why not printing a warning is a bad idea as this hide the error for in non-root test runs. Git-Dch: Ignore
2015-08-27fix various typos reported by codespellDavid Kalnischkies
Reported-By: codespell
2015-08-14Make apt compile with clang++ againMichael Vogt
This allows us to run the clang static analyzer and to run the testsuite with the clang MemorySanitizer.
2015-08-10add c++11 override marker to overridden methodsDavid Kalnischkies
C++11 adds the 'override' specifier to mark that a method is overriding a base class method and error out if not. We hide it in the APT_OVERRIDE macro to ensure that we keep compiling in pre-c++11 standards. Reported-By: clang-modernize -add-override -override-macros Git-Dch: Ignore
2015-04-19calculate only expected hashes in methodsDavid Kalnischkies
Methods get told which hashes are expected by the acquire system, which means we can use this list to restrict what we calculate in the methods as any extra we are calculating is wasted effort as we can't compare it with anything anyway. Adding support for a new hash algorithm is therefore 'free' now and if a algorithm is no longer provided in a repository for a file, we automatically stop calculating it. In practice this results in a speed-up in Debian as we don't have SHA512 here (so far), so we practically stop calculating it.
2015-04-10reimplement the last uses of sprintfDavid Kalnischkies
Working with strings c-style is complicated and error-prune, so by converting to c++ style we gain some simplicity and avoid buffer overflows by later extensions. Git-Dch: Ignore
2014-10-13Fix backward compatiblity of the new pkgAcquireMethod::DropPrivsOrDie()Michael Vogt
Do not drop privileges in the methods when using a older version of libapt that does not support the chown magic in partial/ yet. To do this DropPrivileges() now will ignore a empty Apt::Sandbox::User. Cleanup all hardcoded _apt along the way.
2014-10-07Send "Fail-Reason: MaximumSizeExceeded" from the methodMichael Vogt
Communicate the fail reason from the methods to the parent and Rename() failed files.
2014-10-07make expected-size a maximum-size check as this is what we want at this pointMichael Vogt
2014-10-07add ftp expected size checkMichael Vogt
2014-09-27fix: Member variable 'X' is not initialized in the constructor.David Kalnischkies
Reported-By: cppcheck Git-Dch: Ignore
2014-09-24methods: Fail if we cannot drop privilegesJulian Andres Klode
2014-09-24Drop Privileges to "Debian-apt" in most acquire methodsMichael Vogt
Add a new "Debian-apt" user that owns the /var/lib/apt/lists and /var/cache/apt/archive directories. The methods http, https, ftp, gpgv, gzip switch to this user when they start. Thanks to Julian and "ioerror" and tors "switch_id()" code.
2014-03-13cleanup headers and especially #includes everywhereDavid Kalnischkies
Beside being a bit cleaner it hopefully also resolves oddball problems I have with high levels of parallel jobs. Git-Dch: Ignore Reported-By: iwyu (include-what-you-use)
2014-03-13warning: unused parameter ‘foo’ [-Wunused-parameter]David Kalnischkies
Reported-By: gcc -Wunused-parameter Git-Dch: Ignore
2014-03-13fix -Wmissing-field-initializers warningsDavid Kalnischkies
Reported-By: gcc Git-Dch: Ignore
2014-02-22Fix typos in documentation (codespell)Michael Vogt
2014-02-11use utimes instead of utimensat/futimensDavid Kalnischkies
cppcheck complains about the obsolete utime as it was removed in POSIX1.2008 and recommends usage of utimensat/futimens instead as those are in POSIX and so commit 9ce3cfc9 switched to them. It is just that they aren't as portable as the standard suggests: At least our kFreeBSD and Hurd ports stumble over it at runtime. So to make both, the ports and cppcheck happy, we use utimes instead. Closes: 738567
2014-01-16correct some style/performance/warnings from cppcheckDavid Kalnischkies
The most "visible" change is from utime to utimensat/futimens as the first one isn't part of POSIX anymore. Reported-By: cppcheck Git-Dch: Ignore
2013-07-26fix missing va_end()Michael Vogt
2012-03-04fix two "(style) Variable 'Res' is assigned a value that is never used"David Kalnischkies
2012-03-04fix "(error) Possible null pointer dereference: BindAddr" by ensuringDavid Kalnischkies
that BindAddr isn't NULL after getaddrinfo()
2012-03-04fix a bunch of cppcheck "(warning) Member variable '<#>' is notDavid Kalnischkies
initialized in the constructor." messages (no functional change)
2011-12-17try to avoid direct usage of .Fd() if possible and do read()s and coDavid Kalnischkies
on the FileFd instead
2011-09-19use forward declaration in headers if possible instead of includesDavid Kalnischkies
2011-09-13merge with debian/experimentalDavid Kalnischkies
2011-09-13Support large files in the complete toolset. Indexes of thisDavid Kalnischkies
size are pretty unlikely for now, but we need it for deb packages which could become bigger than 4GB now (LP: #815895)
2011-09-13reorder includes: add <config.h> if needed and include it at firstDavid Kalnischkies
2011-08-11follow the recommendation of cppcheck to make some method methods (scnr)David Kalnischkies
const and initial mostly Debug member values in the constructors
2011-08-11cppcheck complains about some possible speed improvements which could beDavid Kalnischkies
done on the mirco-optimazation level, so lets fix them: (performance) Possible inefficient checking for emptiness. (performance) Prefer prefix ++/-- operators for non-primitive types.
2010-06-09move the users away from the deprecated StrToTime() methodDavid Kalnischkies
2009-10-16add ftp support, basic debuggingMichael Vogt
2009-10-16add maybe_add_auth for ftp as wellMichael Vogt
2008-12-15Make apt proxy options have the highest priority, unified proxy determining ↵Eugene V. Lyubimkin
code.
2007-10-02 - methods/ftp.cc: likewise;Otavio Salvador
2006-05-08* methods/ftp.cc: remove a tried-to-downloaded file if the file is missing ↵Michael Vogt
on the sever
2005-05-23* merged with my apt--fixes--0 branchMichael Vogt
Patches applied: * apt@packages.debian.org/apt--misc-abi-changes--0--patch-4 Merge from mainline * apt@packages.debian.org/apt--misc-abi-changes--0--patch-5 Merge from mainline * apt@packages.debian.org/apt--misc-abi-changes--0--patch-6 Collapse both pkgAcquire::Run() methods into one, with a default value * michael.vogt@ubuntu.com--2005/apt--fixes--0--base-0 tag of apt@packages.debian.org/apt--main--0--patch-79 * michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-1 * merged obvious fixes into the tree to make it easy for matt to merge * michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-2 * more merges from otavio that looks good/uncritical * michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-3 * merged Matts misc-abi-changes tree * michael.vogt@ubuntu.com--2005/apt--fixes--0--patch-4 * finalized the changelog for a ubuntu build * otavio@debian.org--2005/apt--fixes--0--base-0 tag of apt@packages.debian.org/apt--main--0--patch-71 * otavio@debian.org--2005/apt--fixes--0--patch-1 Fix comments about the need of xmlto * otavio@debian.org--2005/apt--fixes--0--patch-2 Fix a compile warning * otavio@debian.org--2005/apt--fixes--0--patch-3 Sync with apt--main--0--patch-76 * otavio@debian.org--2005/apt--fixes--0--patch-4 Sync with apt--main--0--patch-78 * otavio@debian.org--2005/apt--fixes--0--patch-5 Add fixes that was wrongly included on DDTP changes. * otavio@debian.org--2005/apt--fixes--0--patch-8 Add information about the other fixes include on this branch now. * otavio@debian.org--2005/apt--fixes--0--patch-9 Merge last changes from apt--main--0. * otavio@debian.org--2005/apt--fixes--0--patch-10 Fix warnings about min/max change in gcc-4.0 * otavio@debian.org--2005/apt--fixes--0--patch-11 Fix remaning warnings while compiling gcc-4.0 * otavio@debian.org--2005/apt--fixes--0--patch-12 Add changelog entry about the fixes for warnings while compiling using GCC 4.0 compiler.
2005-03-09Complete unfuzzification of PO files after the capitalization fixesChristian Perrier