bin/xbps-pkgdb: check file and symlink owners & perms

Author: classabbyamp

bin/xbps-pkgdb/check_pkg_files.c

@@ -57,8 +57,12 @@ check_pkg_files(struct xbps_handle *xhp, const char *pkgname, void *arg)
 	xbps_dictionary_t pkg_filesd = arg;
 	const char *file = NULL, *sha256 = NULL;
 	char *path;
-	bool mutable, test_broken = false;
+	bool mutable, test_broken = false, noexist = false;
 	int rv = 0, errors = 0;
+	struct stat st;
+	mode_t mode;
+	uid_t uid;
+	gid_t gid;
 
 	array = xbps_dictionary_get(pkg_filesd, "files");
 	if (array != NULL && xbps_array_count(array) > 0) {
@@ -67,6 +71,7 @@ check_pkg_files(struct xbps_handle *xhp, const char *pkgname, void *arg)
 			return -1;
 
 		while ((obj = xbps_object_iterator_next(iter))) {
+			noexist = false;
 			xbps_dictionary_get_cstring_nocopy(obj, "file", &file);
 			/* skip noextract files */
 			if (xhp->noextract && xbps_patterns_match(xhp->noextract, file))
@@ -77,13 +82,11 @@ check_pkg_files(struct xbps_handle *xhp, const char *pkgname, void *arg)
 			rv = xbps_file_sha256_check(path, sha256);
 			switch (rv) {
 			case 0:
-				free(path);
 				break;
 			case ENOENT:
 				xbps_error_printf("%s: unexistent file %s.\n",
 				    pkgname, file);
-				free(path);
-				test_broken = true;
+				test_broken = noexist = true;
 				break;
 			case ERANGE:
 				mutable = false;
@@ -94,17 +97,47 @@ check_pkg_files(struct xbps_handle *xhp, const char *pkgname, void *arg)
 					    "for %s.\n", pkgname, file);
 					test_broken = true;
 				}
-				free(path);
 				break;
 			default:
 				xbps_error_printf(
 				    "%s: can't check `%s' (%s)\n",
 				    pkgname, file, strerror(rv));
-				free(path);
 				break;
 			}
-                }
-                xbps_object_iterator_release(iter);
+			if (!noexist) {
+				mode = uid = gid = 0;
+				if (stat(path, &st) == -1) {
+					rv = errno;
+					xbps_error_printf(
+						"%s: can't check `%s' (%s)\n",
+						pkgname, file, strerror(rv));
+				} else {
+					if (xbps_dictionary_get_uint32(obj, "mode", &mode)) {
+						if (st.st_mode != mode) {
+							xbps_error_printf("%s: mode mismatch "
+								"for %s.\n", pkgname, file);
+							test_broken = true;
+						}
+					}
+					if (xbps_dictionary_get_uint32(obj, "uid", &uid)) {
+						if (st.st_uid != uid) {
+							xbps_error_printf("%s: owner mismatch "
+								"for %s.\n", pkgname, file);
+							test_broken = true;
+						}
+					}
+					if (xbps_dictionary_get_uint32(obj, "gid", &gid)) {
+						if (st.st_gid != gid) {
+							xbps_error_printf("%s: group mismatch "
+								"for %s.\n", pkgname, file);
+							test_broken = true;
+						}
+					}
+				}
+			}
+			free(path);
+		}
+		xbps_object_iterator_release(iter);
 	}
 	if (test_broken) {
 		xbps_error_printf("%s: files check FAILED.\n", pkgname);

bin/xbps-pkgdb/check_pkg_symlinks.c

@@ -53,6 +53,10 @@ check_pkg_symlinks(struct xbps_handle *xhp, const char *pkgname, void *arg)
 	xbps_object_t obj;
 	xbps_dictionary_t filesd = arg;
 	int rv = 0;
+	struct stat st;
+	mode_t mode;
+	uid_t uid;
+	gid_t gid;
 
 	array = xbps_dictionary_get(filesd, "links");
 	if (array == NULL)
@@ -92,6 +96,34 @@ check_pkg_symlinks(struct xbps_handle *xhp, const char *pkgname, void *arg)
 			    pkgname, file, lnk, tgt);
 			rv = -1;
 		}
+		if (lstat(path, &st) == -1) {
+			rv = errno;
+			xbps_error_printf(
+				"%s: can't check `%s' (%s)\n",
+				pkgname, file, strerror(rv));
+		} else {
+			if (xbps_dictionary_get_uint32(obj, "mode", &mode)) {
+				if (st.st_mode != mode) {
+					xbps_error_printf("%s: mode mismatch "
+						"for %s.\n", pkgname, file);
+					rv = -1;
+				}
+			}
+			if (xbps_dictionary_get_uint32(obj, "uid", &uid)) {
+				if (st.st_uid != uid) {
+					xbps_error_printf("%s: owner mismatch "
+						"for %s.\n", pkgname, file);
+					rv = -1;
+				}
+			}
+			if (xbps_dictionary_get_uint32(obj, "gid", &gid)) {
+				if (st.st_gid != gid) {
+					xbps_error_printf("%s: group mismatch "
+						"for %s.\n", pkgname, file);
+					rv = -1;
+				}
+			}
+		}
 		free(lnk);
 	}
 	return rv;