diff options
| author | Julian Andres Klode <julian.klode@canonical.com> | 2019-12-04 13:58:38 +0100 |
|---|---|---|
| committer | Julian Andres Klode <julian.klode@canonical.com> | 2020-01-15 22:07:25 +0100 |
| commit | a9916c3faa2b8c6fa288599efec65868d050b0ef (patch) | |
| tree | a16aee2e340d061e7820bc0ea87f8c64b372faea /apt-pkg/contrib | |
| parent | 5db3a38926aa820546c411dd9f49f57eea24cd9e (diff) | |
netrc: Add warning when ignoring entries for unencrypted protocols
Commit 93f33052de84e9aeaf19c92291d043dad2665bbd restricted auth.conf
entries to only apply to https by default, but this was silent - there
was no information why http sources with auth.conf entries suddenly
started failing. Add such information, and extend test case to cover
it.
Diffstat (limited to 'apt-pkg/contrib')
| -rw-r--r-- | apt-pkg/contrib/netrc.cc | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/apt-pkg/contrib/netrc.cc b/apt-pkg/contrib/netrc.cc index 2069a0394..4f5206e6c 100644 --- a/apt-pkg/contrib/netrc.cc +++ b/apt-pkg/contrib/netrc.cc @@ -11,6 +11,7 @@ ##################################################################### */ /*}}}*/ #include <config.h> +#include <apti18n.h> #include <apt-pkg/configuration.h> #include <apt-pkg/error.h> @@ -47,6 +48,8 @@ bool MaybeAddAuth(FileFd &NetRCFile, URI &Uri) std::string line; while (NetRCFile.Eof() == false || line.empty() == false) { + bool protocolSpecified = false; + if (line.empty()) { if (NetRCFile.ReadLine(line) == false) @@ -75,7 +78,8 @@ bool MaybeAddAuth(FileFd &NetRCFile, URI &Uri) // If token contains a protocol: Check it first, and strip it away if // it matches. If it does not match, ignore this stanza. // If there is no protocol, only allow https protocols. - if (token.find("://") != std::string::npos) + protocolSpecified = token.find("://") != std::string::npos; + if (protocolSpecified) { if (not APT::String::Startswith(token, Uri.Access + "://")) { @@ -84,14 +88,7 @@ bool MaybeAddAuth(FileFd &NetRCFile, URI &Uri) } token.erase(0, Uri.Access.length() + 3); } - else if (Uri.Access != "https" && Uri.Access != "tor+https") - { - if (Debug) - std::clog << "MaybeAddAuth: Rejecting matching host adding '" << Uri.User << "' and '" << Uri.Password << "' for " - << (std::string)Uri << " from " << NetRCFile.Name() << "as the protocol is not https" << std::endl; - active_token = NO; - break; - } + if (token.find('/') == std::string::npos) { if (Uri.Port != 0 && Uri.Host == token) @@ -108,6 +105,15 @@ bool MaybeAddAuth(FileFd &NetRCFile, URI &Uri) else active_token = NO; } + + if (active_token == GOOD_MACHINE && not protocolSpecified) + { + if (Uri.Access != "https" && Uri.Access != "tor+https") + { + _error->Warning(_("%s: Credentials for %s match, but the protocol is not encrypted. Annotate with %s:// to use."), NetRCFile.Name().c_str(), token.c_str(), Uri.Access.c_str()); + active_token = NO; + } + } break; case GOOD_MACHINE: if (token == "login") |