bin/xbps-pkgdb: check file and symlink owners & perms

classabbyamp · classabbyamp · commit 82c85dfaacbb · 2023-03-14T02:15:55.000-04:00
diff --git a/bin/xbps-pkgdb/check_pkg_files.c b/bin/xbps-pkgdb/check_pkg_files.c
@@ -43,7 +43,11 @@
  * 	o Check the hash for all installed files, except
  * 	  configuration files (which is expected if they are modified).
  *
- * 	o Compares stored file modification time.
+ * 	o Check the mode for all installed files, except configuration files.
+ *
+ * 	o Check the owner for all installed files, except configuration files.
+ *
+ * 	o Check the group for all installed files, except configuration files.
  *
  * Return 0 if test ran successfully, 1 otherwise and -1 on error.
  */
@@ -55,10 +59,11 @@ check_pkg_files(struct xbps_handle *xhp, const char *pkgname, void *arg)
 	xbps_object_t obj;
 	xbps_object_iterator_t iter;
 	xbps_dictionary_t pkg_filesd = arg;
-	const char *file = NULL, *sha256 = NULL;
+	const char *file = NULL, *sha256 = NULL, *owner = NULL, *group = NULL;
 	char *path;
-	bool mutable, test_broken = false;
+	bool mutable, test_broken = false, noexist = false;
 	int rv = 0, errors = 0;
+	mode_t mode = 0;
 
 	array = xbps_dictionary_get(pkg_filesd, "files");
 	if (array != NULL && xbps_array_count(array) > 0) {
@@ -67,44 +72,102 @@ check_pkg_files(struct xbps_handle *xhp, const char *pkgname, void *arg)
 			return -1;
 
 		while ((obj = xbps_object_iterator_next(iter))) {
+			noexist = mutable = false;
+
 			xbps_dictionary_get_cstring_nocopy(obj, "file", &file);
 			/* skip noextract files */
 			if (xhp->noextract && xbps_patterns_match(xhp->noextract, file))
 				continue;
 			path = xbps_xasprintf("%s/%s", xhp->rootdir, file);
-			xbps_dictionary_get_cstring_nocopy(obj,
-				"sha256", &sha256);
+
+			xbps_dictionary_get_bool(obj, "mutable", &mutable);
+
+			/* check sha256 */
+			xbps_dictionary_get_cstring_nocopy(obj, "sha256", &sha256);
 			rv = xbps_file_sha256_check(path, sha256);
 			switch (rv) {
 			case 0:
-				free(path);
 				break;
 			case ENOENT:
-				xbps_error_printf("%s: unexistent file %s.\n",
-				    pkgname, file);
-				free(path);
-				test_broken = true;
+				xbps_error_printf("%s: unexistent file %s.\n", pkgname, file);
+				test_broken = noexist = true;
 				break;
 			case ERANGE:
-				mutable = false;
-				xbps_dictionary_get_bool(obj,
-				    "mutable", &mutable);
 				if (!mutable) {
-					xbps_error_printf("%s: hash mismatch "
-					    "for %s.\n", pkgname, file);
+					xbps_error_printf("%s: hash mismatch for %s.\n", pkgname, file);
 					test_broken = true;
 				}
-				free(path);
 				break;
 			default:
-				xbps_error_printf(
-				    "%s: can't check `%s' (%s)\n",
-				    pkgname, file, strerror(rv));
-				free(path);
+				xbps_error_printf("%s: can't check `%s' (%s)\n", pkgname, file, strerror(rv));
 				break;
 			}
-                }
-                xbps_object_iterator_release(iter);
+
+			if (noexist) {
+				free(path);
+				continue;
+			}
+
+			/* check mode */
+			mode = 0;
+			if (xbps_dictionary_get_uint32(obj, "mode", &mode)) {
+				rv = xbps_file_mode_check(path, mode);
+				switch (rv) {
+					case 0:
+						break;
+					case ERANGE:
+						if (!mutable) {
+							xbps_error_printf("%s: mode mismatch for %s.\n", pkgname, file);
+							test_broken = true;
+						}
+						break;
+					default:
+						xbps_error_printf("%s: can't check `%s' (%s)\n", pkgname, file, strerror(rv));
+						break;
+				}
+			}
+
+			/* check owner */
+			owner = NULL;
+			if (xbps_dictionary_get_cstring_nocopy(obj, "owner", &owner)) {
+				rv = xbps_file_owner_check(path, owner);
+				switch (rv) {
+					case 0:
+						break;
+					case ERANGE:
+						if (!mutable) {
+							xbps_error_printf("%s: owner mismatch for %s.\n", pkgname, file);
+							test_broken = true;
+						}
+						break;
+					default:
+						xbps_error_printf("%s: can't check `%s' (%s)\n", pkgname, file, strerror(rv));
+						break;
+				}
+			}
+
+			/* check group */
+			group = NULL;
+			if (xbps_dictionary_get_cstring_nocopy(obj, "group", &group)) {
+				rv = xbps_file_group_check(path, group);
+				switch (rv) {
+					case 0:
+						break;
+					case ERANGE:
+						if (!mutable) {
+							xbps_error_printf("%s: group mismatch for %s.\n", pkgname, file);
+							test_broken = true;
+						}
+						break;
+					default:
+						xbps_error_printf("%s: can't check `%s' (%s)\n", pkgname, file, strerror(rv));
+						break;
+				}
+			}
+
+			free(path);
+		}
+		xbps_object_iterator_release(iter);
 	}
 	if (test_broken) {
 		xbps_error_printf("%s: files check FAILED.\n", pkgname);
diff --git a/bin/xbps-pkgdb/check_pkg_symlinks.c b/bin/xbps-pkgdb/check_pkg_symlinks.c
@@ -41,9 +41,11 @@
  * The following task is accomplished in this file:
  *
  * 	o Check for target file in symlinks, so that we can check that
- * 	  they have not been modified.
+ * 	  they have not been modified or broken.
  *
- * returns 0 if test ran successfully, 1 otherwise and -1 on error.
+ * 	o Check for symlink ownership.
+ *
+ * returns 0 if test ran successfully and -1 on error.
  */
 
 int
@@ -52,14 +54,15 @@ check_pkg_symlinks(struct xbps_handle *xhp, const char *pkgname, void *arg)
 	xbps_array_t array;
 	xbps_object_t obj;
 	xbps_dictionary_t filesd = arg;
+	bool test_broken = false;
 	int rv = 0;
 
 	array = xbps_dictionary_get(filesd, "links");
 	if (array == NULL)
 		return 0;
 
 	for (unsigned int i = 0; i < xbps_array_count(array); i++) {
-		const char *file = NULL, *tgt = NULL;
+		const char *file = NULL, *tgt = NULL, *owner = NULL, *group = NULL;
 		char path[PATH_MAX], *lnk = NULL;
 
 		obj = xbps_array_get(array, i);
@@ -83,16 +86,47 @@ check_pkg_symlinks(struct xbps_handle *xhp, const char *pkgname, void *arg)
 		snprintf(path, sizeof(path), "%s/%s", xhp->rootdir, file);
 		if ((lnk = xbps_symlink_target(xhp, path, tgt)) == NULL) {
 			xbps_error_printf("%s: broken symlink %s (target: %s)\n", pkgname, file, tgt);
-			rv = -1;
+			test_broken = true;
 			continue;
 		}
 		if (strcmp(lnk, tgt)) {
 			xbps_warn_printf("%s: modified symlink %s "
 			    "points to %s (shall be %s)\n",
 			    pkgname, file, lnk, tgt);
-			rv = -1;
+			test_broken = true;
+		}
+
+		if (xbps_dictionary_get_cstring_nocopy(obj, "owner", &owner)) {
+			rv = xbps_file_owner_check(path, owner);
+			switch (rv) {
+				case 0:
+					break;
+				case ERANGE:
+					xbps_error_printf("%s: owner mismatch for %s.\n", pkgname, file);
+					test_broken = true;
+					break;
+				default:
+					xbps_error_printf("%s: can't check `%s' (%s)\n", pkgname, file, strerror(rv));
+					break;
+			}
 		}
+
+		if (xbps_dictionary_get_cstring_nocopy(obj, "group", &group)) {
+			rv = xbps_file_group_check(path, group);
+			switch (rv) {
+				case 0:
+					break;
+				case ERANGE:
+					xbps_error_printf("%s: group mismatch for %s.\n", pkgname, file);
+					test_broken = true;
+					break;
+				default:
+					xbps_error_printf("%s: can't check `%s' (%s)\n", pkgname, file, strerror(rv));
+					break;
+			}
+		}
+
 		free(lnk);
 	}
-	return rv;
+	return test_broken ? -1 : 0;
 }
