121576a Fix access check for a repo. — HardenedBSD-pkg

rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9

HardenedBSD Package Manager

Fix access check for a repo.

Vsevolod Stakhov committed 11 years ago

commit 121576a053dcafb2602011d0beab3c9e7ea155fc
parent cae07a8

6 files changed +35 -10

modified libpkg/pkgdb.c

@@ -928,7 +928,7 @@ pkgdb_open_multirepos(const char *dbdir, struct pkgdb *db,

 }
 static int
 file_mode_insecure(const char *path, bool install_as_user)
 pkgdb_is_insecure_mode(const char *path, bool install_as_user)
 {
 	uid_t		fileowner;
 	gid_t		filegroup;

@@ -987,8 +987,8 @@ file_mode_insecure(const char *path, bool install_as_user)

 	return (EPKG_OK);
 }
 static int
 database_access(unsigned mode, const char* dbdir, const char *dbname)
 int
 pkgdb_check_access(unsigned mode, const char* dbdir, const char *dbname)
 {
 	char		 dbpath[MAXPATHLEN];
 	int		 retval;

@@ -1002,7 +1002,7 @@ database_access(unsigned mode, const char* dbdir, const char *dbname)

 	install_as_user = (getenv("INSTALL_AS_USER") != NULL);
 	retval = file_mode_insecure(dbpath, install_as_user);
 	retval = pkgdb_is_insecure_mode(dbpath, install_as_user);
 	database_exists = (retval != EPKG_ENODB);

@@ -1089,17 +1089,17 @@ pkgdb_access(unsigned mode, unsigned database)

 	   Otherwise, just test for read access */
 	if ((mode & PKGDB_MODE_CREATE) != 0) {
 		retval = database_access(PKGDB_MODE_READ|PKGDB_MODE_WRITE,
 		retval = pkgdb_check_access(PKGDB_MODE_READ|PKGDB_MODE_WRITE,
 					 dbdir, NULL);
 	} else
 		retval = database_access(PKGDB_MODE_READ, dbdir, NULL);
 		retval = pkgdb_check_access(PKGDB_MODE_READ, dbdir, NULL);
 	if (retval != EPKG_OK)
 		return (retval);
 	/* Test local.sqlite, if required */
 	if ((database & PKGDB_DB_LOCAL) != 0) {
 		retval = database_access(mode, dbdir, "local");
 		retval = pkgdb_check_access(mode, dbdir, "local");
 		if (retval != EPKG_OK)
 			return (retval);
 	}

@@ -1112,7 +1112,7 @@ pkgdb_access(unsigned mode, unsigned database)

 			if (!pkg_repo_enabled(r))
 				continue;
 			retval = database_access(mode, dbdir, pkg_repo_name(r));
 			retval = r->ops->access(r, mode);
 			if (retval != EPKG_OK)
 				return (retval);
 		}

modified libpkg/private/pkgdb.h

@@ -193,4 +193,13 @@ int pkgdb_begin_solver(struct pkgdb *db);

  */
 int pkgdb_end_solver(struct pkgdb *db);
 /**
  * Check access mode for the specified file
  * @param mode
  * @param dbdir
  * @param dbname
  * @return
  */
 int pkgdb_check_access(unsigned mode, const char* dbdir, const char *dbname);
 #endif

modified libpkg/repo/binary/binary.c

@@ -26,7 +26,7 @@

 struct pkg_repo_ops pkg_repo_binary_ops = {
 	.type = "binary",
 	.init = pkg_repo_binary_init,
 	.access = NULL,
 	.access = pkg_repo_binary_access,
 	.open = NULL,
 	.close = pkg_repo_binary_close,
 	.update = pkg_repo_binary_update,

modified libpkg/repo/binary/binary.h

@@ -33,5 +33,6 @@ extern struct pkg_repo_ops pkg_repo_binary_ops;

 int pkg_repo_binary_update(struct pkg_repo *repo, bool force);
 int pkg_repo_binary_init(struct pkg_repo *repo);
 int pkg_repo_binary_close(struct pkg_repo *repo, bool commit);
 int pkg_repo_binary_access(struct pkg_repo *repo, unsigned mode);
 #endif /* BINARY_H_ */

modified libpkg/repo/binary/init.c

@@ -239,3 +239,18 @@ pkg_repo_binary_close(struct pkg_repo *repo, bool commit)

 	return (retcode);
 }
 int
 pkg_repo_binary_access(struct pkg_repo *repo, unsigned mode)
 {
 	const pkg_object	*o;
 	const char		*dbdir;
 	int			 ret = EPKG_OK;
 	o = pkg_config_get("PKG_DBDIR");
 	dbdir = pkg_object_string(o);
 	ret = pkgdb_check_access(mode, dbdir, pkg_repo_name(repo));
 	return (ret);
 }

modified libpkg/repo/binary/update.c

@@ -452,7 +452,7 @@ cleanup:

 			rc = EPKG_FATAL;
 	}
 	pkg_repo_binary_finalize_prstatements();
 	repo->ops->close(repo, false);
 	if (rc == EPKG_OK)
 		sql_exec(sqlite, "DROP TABLE repo_update;");