1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
|
// -*- mode: cpp; mode: fold -*-
// Description /*{{{*/
/* ######################################################################
netrc file parser - returns the login and password of a give host in
a specified netrc-type file
Originally written by Daniel Stenberg, <daniel@haxx.se>, et al. and
placed into the Public Domain, do with it what you will.
##################################################################### */
/*}}}*/
#include <config.h>
#include <apt-pkg/configuration.h>
#include <apt-pkg/error.h>
#include <apt-pkg/fileutl.h>
#include <apt-pkg/strutl.h>
#include <iostream>
#include "netrc.h"
/* Get user and password from .netrc when given a machine name */
bool MaybeAddAuth(FileFd &NetRCFile, URI &Uri)
{
if (Uri.User.empty() == false || Uri.Password.empty() == false)
return true;
if (NetRCFile.IsOpen() == false || NetRCFile.Failed())
return false;
auto const Debug = _config->FindB("Debug::Acquire::netrc", false);
std::string lookfor;
if (Uri.Port != 0)
strprintf(lookfor, "%s:%i%s", Uri.Host.c_str(), Uri.Port, Uri.Path.c_str());
else
lookfor.append(Uri.Host).append(Uri.Path);
enum
{
NO,
MACHINE,
GOOD_MACHINE,
LOGIN,
PASSWORD
} active_token = NO;
std::string line;
while (NetRCFile.Eof() == false || line.empty() == false)
{
if (line.empty())
{
if (NetRCFile.ReadLine(line) == false)
break;
else if (line.empty())
continue;
}
auto tokenend = line.find_first_of("\t ");
std::string token;
if (tokenend != std::string::npos)
{
token = line.substr(0, tokenend);
line.erase(0, tokenend + 1);
}
else
std::swap(line, token);
if (token.empty())
continue;
switch (active_token)
{
case NO:
if (token == "machine")
active_token = MACHINE;
break;
case MACHINE:
// If token contains a protocol: Check it first, and strip it away if
// it matches. If it does not match, ignore this stanza.
// If there is no protocol, only allow https protocols.
if (token.find("://") != std::string::npos)
{
if (not APT::String::Startswith(token, Uri.Access + "://"))
{
active_token = NO;
break;
}
token.erase(0, Uri.Access.length() + 3);
}
else if (Uri.Access != "https" && Uri.Access != "tor+https")
{
if (Debug)
std::clog << "MaybeAddAuth: Rejecting matching host adding '" << Uri.User << "' and '" << Uri.Password << "' for "
<< (std::string)Uri << " from " << NetRCFile.Name() << "as the protocol is not https" << std::endl;
active_token = NO;
break;
}
if (token.find('/') == std::string::npos)
{
if (Uri.Port != 0 && Uri.Host == token)
active_token = GOOD_MACHINE;
else if (lookfor.compare(0, lookfor.length() - Uri.Path.length(), token) == 0)
active_token = GOOD_MACHINE;
else
active_token = NO;
}
else
{
if (APT::String::Startswith(lookfor, token))
active_token = GOOD_MACHINE;
else
active_token = NO;
}
break;
case GOOD_MACHINE:
if (token == "login")
active_token = LOGIN;
else if (token == "password")
active_token = PASSWORD;
else if (token == "machine")
{
if (Debug)
std::clog << "MaybeAddAuth: Found matching host adding '" << Uri.User << "' and '" << Uri.Password << "' for "
<< (std::string)Uri << " from " << NetRCFile.Name() << std::endl;
return true;
}
break;
case LOGIN:
std::swap(Uri.User, token);
active_token = GOOD_MACHINE;
break;
case PASSWORD:
std::swap(Uri.Password, token);
active_token = GOOD_MACHINE;
break;
}
}
if (active_token == GOOD_MACHINE)
{
if (Debug)
std::clog << "MaybeAddAuth: Found matching host adding '" << Uri.User << "' and '" << Uri.Password << "' for "
<< (std::string)Uri << " from " << NetRCFile.Name() << std::endl;
return true;
}
else if (active_token == NO)
{
if (Debug)
std::clog << "MaybeAddAuth: Found no matching host for "
<< (std::string)Uri << " from " << NetRCFile.Name() << std::endl;
return true;
}
else if (Debug)
{
std::clog << "MaybeAddAuth: Found no matching host (syntax error: token:";
switch (active_token)
{
case NO: std::clog << "NO"; break;
case MACHINE: std::clog << "MACHINE"; break;
case GOOD_MACHINE: std::clog << "GOOD_MACHINE"; break;
case LOGIN: std::clog << "LOGIN"; break;
case PASSWORD: std::clog << "PASSWORD"; break;
}
std::clog << ") for " << (std::string)Uri << " from " << NetRCFile.Name() << std::endl;
}
return false;
}
/* Check if we are authorized. */
bool IsAuthorized(pkgCache::PkgFileIterator const I, std::vector<std::unique_ptr<FileFd>> &authconfs)
{
if (authconfs.empty())
{
_error->PushToStack();
auto const netrc = _config->FindFile("Dir::Etc::netrc");
if (not netrc.empty())
{
authconfs.emplace_back(new FileFd());
authconfs.back()->Open(netrc, FileFd::ReadOnly);
}
auto const netrcparts = _config->FindDir("Dir::Etc::netrcparts");
if (not netrcparts.empty())
{
for (auto const &netrc : GetListOfFilesInDir(netrcparts, "conf", true, true))
{
authconfs.emplace_back(new FileFd());
authconfs.back()->Open(netrc, FileFd::ReadOnly);
}
}
_error->RevertToStack();
}
// FIXME: Use the full base url
URI uri(std::string("https://") + I.Site() + "/");
for (auto &authconf : authconfs)
{
if (not authconf->IsOpen())
continue;
if (not authconf->Seek(0))
continue;
MaybeAddAuth(*authconf, uri);
if (not uri.User.empty() || not uri.Password.empty())
return true;
}
return false;
}
|