summaryrefslogtreecommitdiff
path: root/apt-pkg/acquire.cc
diff options
context:
space:
mode:
authorDavid Kalnischkies <david@kalnischkies.de>2014-10-23 01:28:05 +0200
committerDavid Kalnischkies <david@kalnischkies.de>2014-10-23 01:28:05 +0200
commit03aa08472dcd689572a46ce6efdb1dccf6136334 (patch)
tree5a2ee0d77bfc4d59ef380c15acdbdbe85aae921f /apt-pkg/acquire.cc
parente845cde33c5d13a0e2dd924a388705a0738d4f96 (diff)
chown finished partial files earlier
partial files are chowned by the Item baseclass to let the methods work with them. Now, this baseclass is also responsible for chowning the files back to root instead of having various deeper levels do this. The consequence is that all overloaded Failed() methods now call the Item::Failed base as their first step. The same is done for Done(). The effect is that even in partial files usually don't belong to _apt anymore, helping sneakernets and reducing possibilities of a bad method modifying files not belonging to them. The change is supported by the framework not only supporting being run as root, but with proper permission management, too, so that privilege dropping can be tested with them.
Diffstat (limited to 'apt-pkg/acquire.cc')
-rw-r--r--apt-pkg/acquire.cc40
1 files changed, 25 insertions, 15 deletions
diff --git a/apt-pkg/acquire.cc b/apt-pkg/acquire.cc
index 1e20b74be..2c89c2dea 100644
--- a/apt-pkg/acquire.cc
+++ b/apt-pkg/acquire.cc
@@ -54,23 +54,38 @@ pkgAcquire::pkgAcquire() : LockFD(-1), Queues(0), Workers(0), Configs(0), Log(NU
Debug(_config->FindB("Debug::pkgAcquire",false)),
Running(false)
{
- string const Mode = _config->Find("Acquire::Queue-Mode","host");
- if (strcasecmp(Mode.c_str(),"host") == 0)
- QueueMode = QueueHost;
- if (strcasecmp(Mode.c_str(),"access") == 0)
- QueueMode = QueueAccess;
+ Initialize();
}
pkgAcquire::pkgAcquire(pkgAcquireStatus *Progress) : LockFD(-1), Queues(0), Workers(0),
Configs(0), Log(NULL), ToFetch(0),
Debug(_config->FindB("Debug::pkgAcquire",false)),
Running(false)
{
+ Initialize();
+ SetLog(Progress);
+}
+void pkgAcquire::Initialize()
+{
string const Mode = _config->Find("Acquire::Queue-Mode","host");
if (strcasecmp(Mode.c_str(),"host") == 0)
QueueMode = QueueHost;
if (strcasecmp(Mode.c_str(),"access") == 0)
QueueMode = QueueAccess;
- SetLog(Progress);
+
+ // chown the auth.conf file as it will be accessed by our methods
+ std::string const SandboxUser = _config->Find("APT::Sandbox::User");
+ if (getuid() == 0 && SandboxUser.empty() == false) // if we aren't root, we can't chown, so don't try it
+ {
+ struct passwd const * const pw = getpwnam(SandboxUser.c_str());
+ struct group const * const gr = getgrnam("root");
+ if (pw != NULL && gr != NULL)
+ {
+ std::string const AuthConf = _config->FindFile("Dir::Etc::netrc");
+ if(AuthConf.empty() == false && RealFileExists(AuthConf) &&
+ chown(AuthConf.c_str(), pw->pw_uid, gr->gr_gid) != 0)
+ _error->WarningE("SetupAPTPartialDirectory", "chown to %s:root of file %s failed", SandboxUser.c_str(), AuthConf.c_str());
+ }
+ }
}
/*}}}*/
// Acquire::GetLock - lock directory and prepare for action /*{{{*/
@@ -81,21 +96,16 @@ static bool SetupAPTPartialDirectory(std::string const &grand, std::string const
CreateAPTDirectoryIfNeeded(parent, partial) == false)
return false;
- if (getuid() == 0) // if we aren't root, we can't chown, so don't try it
+ std::string const SandboxUser = _config->Find("APT::Sandbox::User");
+ if (getuid() == 0 && SandboxUser.empty() == false) // if we aren't root, we can't chown, so don't try it
{
- std::string SandboxUser = _config->Find("APT::Sandbox::User");
- struct passwd *pw = getpwnam(SandboxUser.c_str());
- struct group *gr = getgrnam("root");
+ struct passwd const * const pw = getpwnam(SandboxUser.c_str());
+ struct group const * const gr = getgrnam("root");
if (pw != NULL && gr != NULL)
{
// chown the partial dir
if(chown(partial.c_str(), pw->pw_uid, gr->gr_gid) != 0)
_error->WarningE("SetupAPTPartialDirectory", "chown to %s:root of directory %s failed", SandboxUser.c_str(), partial.c_str());
- // chown the auth.conf file
- std::string const AuthConf = _config->FindFile("Dir::Etc::netrc");
- if(AuthConf.empty() == false && RealFileExists(AuthConf) &&
- chown(AuthConf.c_str(), pw->pw_uid, gr->gr_gid) != 0)
- _error->WarningE("SetupAPTPartialDirectory", "chown to %s:root of file %s failed", SandboxUser.c_str(), AuthConf.c_str());
}
}
if (chmod(partial.c_str(), 0700) != 0)