bin/xbps-pkgdb: check file and symlink owners & perms

Author: classabbyamp

bin/xbps-pkgdb/Makefile

@@ -5,5 +5,6 @@ BIN =	xbps-pkgdb
 OBJS =	main.o check.o check_pkg_files.o
 OBJS +=	check_pkg_alternatives.o check_pkg_rundeps.o
 OBJS +=	check_pkg_symlinks.o check_pkg_unneeded.o
+OBJS += check_files.o
 
 include $(TOPDIR)/mk/prog.mk

bin/xbps-pkgdb/check_files.c

@@ -0,0 +1,52 @@
+#include <assert.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/stat.h>
+
+#include "defs.h"
+
+int
+file_mode_check(const char *file, const mode_t mode) {
+	struct stat sb;
+
+	assert(file != NULL);
+	assert(mode);
+
+	if (lstat(file, &sb) == -1)
+		return -errno;
+
+	if (sb.st_mode != mode)
+		return ERANGE;
+
+	return 0;
+}
+
+int
+file_user_check(struct idtree * idt, const char *file, const char *user) {
+	struct stat sb;
+	char *act_user;
+
+	assert(file != NULL);
+	assert(user != NULL);
+
+	if (lstat(file, &sb) == -1)
+		return -errno;
+
+	act_user = idtree_username(idt, sb.st_uid);
+	return strcmp(user, act_user) == 0 ? 0 : ERANGE;
+}
+
+int
+file_group_check(struct idtree * idt, const char *file, const char *grp) {
+	struct stat sb;
+	char *act_grp;
+
+	assert(file != NULL);
+	assert(grp != NULL);
+
+	if (lstat(file, &sb) == -1)
+		return -errno;
+
+	act_grp = idtree_groupname(idt, sb.st_gid);
+	return strcmp(grp, act_grp) == 0 ? 0 : ERANGE;
+}

bin/xbps-pkgdb/check_pkg_files.c

@@ -43,7 +43,11 @@
  * 	o Check the hash for all installed files, except
  * 	  configuration files (which is expected if they are modified).
  *
- * 	o Compares stored file modification time.
+ * 	o Check the mode for all installed files, except configuration files.
+ *
+ * 	o Check the user for all installed files, except configuration files.
+ *
+ * 	o Check the group for all installed files, except configuration files.
  *
  * Return 0 if test ran successfully, 1 otherwise and -1 on error.
  */
@@ -55,10 +59,12 @@ check_pkg_files(struct xbps_handle *xhp, const char *pkgname, void *arg)
 	xbps_object_t obj;
 	xbps_object_iterator_t iter;
 	xbps_dictionary_t pkg_filesd = arg;
-	const char *file = NULL, *sha256 = NULL;
+	const char *file = NULL, *sha256 = NULL, *user = NULL, *group = NULL;
 	char *path;
-	bool mutable, test_broken = false;
+	bool mutable, test_broken = false, noexist = false;
 	int rv = 0, errors = 0;
+	mode_t mode = 0;
+	struct idtree *idt = NULL;
 
 	array = xbps_dictionary_get(pkg_filesd, "files");
 	if (array != NULL && xbps_array_count(array) > 0) {
@@ -67,44 +73,104 @@ check_pkg_files(struct xbps_handle *xhp, const char *pkgname, void *arg)
 			return -1;
 
 		while ((obj = xbps_object_iterator_next(iter))) {
+			noexist = mutable = false;
+
 			xbps_dictionary_get_cstring_nocopy(obj, "file", &file);
 			/* skip noextract files */
 			if (xhp->noextract && xbps_patterns_match(xhp->noextract, file))
 				continue;
 			path = xbps_xasprintf("%s/%s", xhp->rootdir, file);
-			xbps_dictionary_get_cstring_nocopy(obj,
-				"sha256", &sha256);
+
+			xbps_dictionary_get_bool(obj, "mutable", &mutable);
+
+			/* check sha256 */
+			xbps_dictionary_get_cstring_nocopy(obj, "sha256", &sha256);
 			rv = xbps_file_sha256_check(path, sha256);
 			switch (rv) {
 			case 0:
-				free(path);
 				break;
 			case ENOENT:
-				xbps_error_printf("%s: unexistent file %s.\n",
-				    pkgname, file);
-				free(path);
-				test_broken = true;
+				xbps_error_printf("%s: unexistent file %s.\n", pkgname, file);
+				test_broken = noexist = true;
 				break;
 			case ERANGE:
-				mutable = false;
-				xbps_dictionary_get_bool(obj,
-				    "mutable", &mutable);
 				if (!mutable) {
-					xbps_error_printf("%s: hash mismatch "
-					    "for %s.\n", pkgname, file);
+					xbps_error_printf("%s: hash mismatch for %s.\n", pkgname, file);
 					test_broken = true;
 				}
-				free(path);
 				break;
 			default:
-				xbps_error_printf(
-				    "%s: can't check `%s' (%s)\n",
-				    pkgname, file, strerror(rv));
-				free(path);
+				xbps_error_printf("%s: can't check `%s' (%s)\n", pkgname, file, strerror(rv));
 				break;
 			}
-                }
-                xbps_object_iterator_release(iter);
+
+			if (noexist) {
+				free(path);
+				continue;
+			}
+
+			/* check mode */
+			mode = 0;
+			if (xbps_dictionary_get_uint32(obj, "mode", &mode)) {
+				rv = file_mode_check(path, mode);
+				switch (rv) {
+					case 0:
+						break;
+					case ERANGE:
+						if (!mutable) {
+							xbps_error_printf("%s: mode mismatch for %s.\n", pkgname, file);
+							test_broken = true;
+						}
+						break;
+					default:
+						xbps_error_printf("%s: can't check `%s' (%s)\n", pkgname, file, strerror(-rv));
+						break;
+				}
+			}
+
+			/* check user */
+			user = NULL;
+			xbps_dictionary_get_cstring_nocopy(obj, "user", &user);
+			if (user == NULL)
+				user = "root";
+			rv = file_user_check(idt, path, user);
+			switch (rv) {
+				case 0:
+					break;
+				case ERANGE:
+					if (!mutable) {
+						xbps_error_printf("%s: user mismatch for %s.\n", pkgname, file);
+						test_broken = true;
+					}
+					break;
+				default:
+					xbps_error_printf("%s: can't check `%s' (%s)\n", pkgname, file, strerror(-rv));
+					break;
+			}
+
+			/* check group */
+			group = NULL;
+			xbps_dictionary_get_cstring_nocopy(obj, "group", &group);
+			if (group == NULL)
+			group = "root";
+			rv = file_group_check(idt, path, group);
+			switch (rv) {
+				case 0:
+					break;
+				case ERANGE:
+					if (!mutable) {
+						xbps_error_printf("%s: group mismatch for %s.\n", pkgname, file);
+						test_broken = true;
+					}
+					break;
+				default:
+					xbps_error_printf("%s: can't check `%s' (%s)\n", pkgname, file, strerror(-rv));
+					break;
+			}
+
+			free(path);
+		}
+		xbps_object_iterator_release(iter);
 	}
 	if (test_broken) {
 		xbps_error_printf("%s: files check FAILED.\n", pkgname);

bin/xbps-pkgdb/check_pkg_symlinks.c

@@ -41,9 +41,11 @@
  * The following task is accomplished in this file:
  *
  * 	o Check for target file in symlinks, so that we can check that
- * 	  they have not been modified.
+ * 	  they have not been modified or broken.
  *
- * returns 0 if test ran successfully, 1 otherwise and -1 on error.
+ * 	o Check for symlink ownership.
+ *
+ * returns 0 if test ran successfully and -1 on error.
  */
 
 int
@@ -52,14 +54,16 @@ check_pkg_symlinks(struct xbps_handle *xhp, const char *pkgname, void *arg)
 	xbps_array_t array;
 	xbps_object_t obj;
 	xbps_dictionary_t filesd = arg;
+	bool test_broken = false;
 	int rv = 0;
+	struct idtree *idt = NULL;
 
 	array = xbps_dictionary_get(filesd, "links");
 	if (array == NULL)
 		return 0;
 
 	for (unsigned int i = 0; i < xbps_array_count(array); i++) {
-		const char *file = NULL, *tgt = NULL;
+		const char *file = NULL, *tgt = NULL, *user = NULL, *group = NULL;
 		char path[PATH_MAX], *lnk = NULL;
 
 		obj = xbps_array_get(array, i);
@@ -83,16 +87,51 @@ check_pkg_symlinks(struct xbps_handle *xhp, const char *pkgname, void *arg)
 		snprintf(path, sizeof(path), "%s/%s", xhp->rootdir, file);
 		if ((lnk = xbps_symlink_target(xhp, path, tgt)) == NULL) {
 			xbps_error_printf("%s: broken symlink %s (target: %s)\n", pkgname, file, tgt);
-			rv = -1;
+			test_broken = true;
 			continue;
 		}
 		if (strcmp(lnk, tgt)) {
 			xbps_warn_printf("%s: modified symlink %s "
 			    "points to %s (shall be %s)\n",
 			    pkgname, file, lnk, tgt);
-			rv = -1;
+			test_broken = true;
+		}
+
+		user = NULL;
+		xbps_dictionary_get_cstring_nocopy(obj, "user", &user);
+		if (user == NULL)
+			user = "root";
+		rv = file_user_check(idt, path, user);
+		switch (rv) {
+			case 0:
+				break;
+			case ERANGE:
+				xbps_error_printf("%s: user mismatch for %s.\n", pkgname, file);
+				test_broken = true;
+				break;
+			default:
+				xbps_error_printf("%s: can't check `%s' (%s)\n", pkgname, file, strerror(-rv));
+				break;
 		}
+
+		group = NULL;
+		xbps_dictionary_get_cstring_nocopy(obj, "group", &group);
+		if (group == NULL)
+			group = "root";
+		rv = file_group_check(idt, path, group);
+		switch (rv) {
+			case 0:
+				break;
+			case ERANGE:
+				xbps_error_printf("%s: group mismatch for %s.\n", pkgname, file);
+				test_broken = true;
+				break;
+			default:
+				xbps_error_printf("%s: can't check `%s' (%s)\n", pkgname, file, strerror(-rv));
+				break;
+		}
+
 		free(lnk);
 	}
-	return rv;
+	return test_broken ? -1 : 0;
 }

bin/xbps-pkgdb/defs.h

@@ -29,6 +29,8 @@
 #include <sys/time.h>
 #include <xbps.h>
 
+#include "idtree.h"
+
 /* from check.c */
 int	check_pkg_integrity(struct xbps_handle *, xbps_dictionary_t, const char *);
 int	check_pkg_integrity_all(struct xbps_handle *);
@@ -45,4 +47,9 @@ CHECK_PKG_DECL(alternatives);
 /* from convert.c */
 void	convert_pkgdb_format(struct xbps_handle *);
 
+/* from check_files.c */
+int file_mode_check(const char *, const mode_t);
+int file_user_check(struct idtree *, const char *, const char *);
+int file_group_check(struct idtree *, const char *, const char *);
+
 #endif /* !_XBPS_PKGDB_DEFS_H_ */

include/idtree.h

@@ -0,0 +1,16 @@
+#ifndef IDTREE_H
+#define IDTREE_H
+
+#include <sys/types.h>
+
+struct idtree {
+	long id;
+	char *name;
+	struct idtree *left, *right;
+	int level;
+};
+
+char * idtree_username(struct idtree *, uid_t);
+char * idtree_groupname(struct idtree *, gid_t);
+
+#endif /* IDTREE_H */

lib/Makefile

@@ -32,7 +32,7 @@ LIBFETCH_INCS = fetch/common.h
 LIBFETCH_GEN = fetch/ftperr.h fetch/httperr.h
 
 # External code used by libxbps
-EXTOBJS = external/dewey.o external/fexec.o external/mkpath.o
+EXTOBJS = external/dewey.o external/fexec.o external/mkpath.o external/idtree.o
 
 # libxbps
 OBJS = package_configure.o package_config_files.o package_orphans.o