Browse Source

Add support for /etc/apt/auth.conf.d/*.conf (netrcparts)

This allows us to install matching auth files for sources.list.d
files, for example; very useful.

This converts aptmethod's authfd from one FileFd to a vector of
pointers to FileFd, as FileFd cannot be copied, and move operators
are hard.
tags/debian/1.8.0_alpha3
Julian Andres Klode 2 years ago
parent
commit
bbfcc05c19
5 changed files with 56 additions and 13 deletions
  1. +1
    -0
      apt-pkg/init.cc
  2. +6
    -1
      doc/apt_auth.conf.5.xml
  3. +1
    -0
      doc/examples/configure-index
  4. +36
    -11
      methods/aptmethod.h
  5. +12
    -1
      test/integration/test-authentication-basic

+ 1
- 0
apt-pkg/init.cc View File

@@ -150,6 +150,7 @@ bool pkgInitConfig(Configuration &Cnf)
Cnf.CndSet("Dir::Etc::sourceparts","sources.list.d");
Cnf.CndSet("Dir::Etc::main","apt.conf");
Cnf.CndSet("Dir::Etc::netrc", "auth.conf");
Cnf.CndSet("Dir::Etc::netrcparts", "auth.conf.d");
Cnf.CndSet("Dir::Etc::parts","apt.conf.d");
Cnf.CndSet("Dir::Etc::preferences","preferences");
Cnf.CndSet("Dir::Etc::preferencesparts","preferences.d");


+ 6
- 1
doc/apt_auth.conf.5.xml View File

@@ -36,7 +36,8 @@ needed to connect to a proxy or to download data from a repository on the other
hand shouldn't always be accessible by everyone and can hence not be placed in a
file with world-readable file permissions.</para>

<para>The APT auth.conf file <filename>/etc/apt/auth.conf</filename> can be used to store
<para>The APT auth.conf file <filename>/etc/apt/auth.conf</filename>, and .conf files inside
<filename>/etc/apt/auth.conf.d</filename> can be used to store
login information in a netrc-like format with restrictive file permissions.</para>
</refsect1>

@@ -119,6 +120,10 @@ you need multiple they should all have a path specified in the
<listitem><para>Login information for APT sources and proxies in a netrc-like format.
Configuration Item: <literal>Dir::Etc::netrc</literal>.</para></listitem>
</varlistentry>
<varlistentry><term><filename>/etc/apt/auth.conf.d/*.conf</filename></term>
<listitem><para>Login information for APT sources and proxies in a netrc-like format.
Configuration Item: <literal>Dir::Etc::netrcparts</literal>.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>



+ 1
- 0
doc/examples/configure-index View File

@@ -399,6 +399,7 @@ Dir "<DIR>"
Etc "<DIR>" {
Main "<FILE>";
Netrc "<FILE>";
NetrcParts "<DIR>";
Parts "<DIR>";
Preferences "<FILE>";
PreferencesParts "<DIR>";


+ 36
- 11
methods/aptmethod.h View File

@@ -11,6 +11,7 @@

#include <algorithm>
#include <locale>
#include <memory>
#include <string>
#include <vector>

@@ -471,8 +472,9 @@ protected:
};
class aptAuthConfMethod : public aptMethod
{
FileFd authconf;
public:
std::vector<std::unique_ptr<FileFd>> authconfs;

public:
virtual bool Configuration(std::string Message) APT_OVERRIDE
{
if (pkgAcqMethod::Configuration(Message) == false)
@@ -481,14 +483,25 @@ public:
std::string const conf = std::string("Binary::") + Binary;
_config->MoveSubTree(conf.c_str(), NULL);

// ignore errors with opening the auth file as it doesn't need to exist
_error->PushToStack();
auto const netrc = _config->FindFile("Dir::Etc::netrc");
if (netrc.empty() == false)
{
// ignore errors with opening the auth file as it doesn't need to exist
_error->PushToStack();
authconf.Open(netrc, FileFd::ReadOnly);
_error->RevertToStack();
authconfs.emplace_back(new FileFd());
authconfs.back()->Open(netrc, FileFd::ReadOnly);
}

auto const netrcparts = _config->FindDir("Dir::Etc::netrcparts");
if (netrcparts.empty() == false)
{
for (auto const &netrc : GetListOfFilesInDir(netrcparts, "conf", true, true))
{
authconfs.emplace_back(new FileFd());
authconfs.back()->Open(netrc, FileFd::ReadOnly);
}
}
_error->RevertToStack();

DropPrivsOrDie();

@@ -500,13 +513,25 @@ public:

bool MaybeAddAuthTo(URI &uri)
{
bool result = true;

if (uri.User.empty() == false || uri.Password.empty() == false)
return true;
if (authconf.IsOpen() == false)
return true;
if (authconf.Seek(0) == false)
return false;
return MaybeAddAuth(authconf, uri);

for (auto &authconf : authconfs)
{
if (authconf->IsOpen() == false)
continue;
if (authconf->Seek(0) == false)
{
result = false;
continue;
}

result &= MaybeAddAuth(*authconf, uri);
}

return result;
}

aptAuthConfMethod(std::string &&Binary, char const *const Ver, unsigned long const Flags) APT_NONNULL(3)


+ 12
- 1
test/integration/test-authentication-basic View File

@@ -53,7 +53,8 @@ Conf foo (1 unstable [all])' aptget install foo -s
}

authfile() {
local AUTHCONF='rootdir/etc/apt/auth.conf'
local AUTHCONF="${2:-rootdir/etc/apt/auth.conf}"
mkdir -p "$(dirname "$AUTHCONF")"
rm -f "$AUTHCONF"
printf '%s' "$1" > "$AUTHCONF"
chmod 600 "$AUTHCONF"
@@ -85,6 +86,16 @@ machine localhost
login star@irc
password hunter2'
testauthsuccess "$1"

# delete file, make sure it fails; add auth.conf.d snippet, works again.
rm rootdir/etc/apt/auth.conf
testauthfailure "$1"

authfile 'machine localhost
login star@irc
password hunter2' rootdir/etc/apt/auth.conf.d/myauth.conf
testauthsuccess "$1"
rm rootdir/etc/apt/auth.conf.d/myauth.conf
}

msgmsg 'server basic auth'


Loading…
Cancel
Save