From 9ac8d8710229315b2e481fb99cec3ebc1852ea4f Mon Sep 17 00:00:00 2001
From: Timo Teräs <timo.teras@iki.fi>
Date: Fri, 10 Feb 2012 16:40:01 +0200
Subject: db, fix: more secure way to choose effective directory permissions

And implement --directory-permissions for fix-applet to reset all
directory uid, gid and modes.
---
 src/fix.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'src/fix.c')

diff --git a/src/fix.c b/src/fix.c
index 4798ebe..e3fea11 100644
--- a/src/fix.c
+++ b/src/fix.c
@@ -21,6 +21,7 @@
 struct fix_ctx {
 	unsigned short solver_flags;
 	int fix_depends : 1;
+	int fix_directory_permissions : 1;
 };
 
 static int fix_parse(void *pctx, struct apk_db_options *dbopts,
@@ -37,12 +38,22 @@ static int fix_parse(void *pctx, struct apk_db_options *dbopts,
 	case 'r':
 		ctx->solver_flags |= APK_SOLVERF_REINSTALL;
 		break;
+	case 0x10000:
+		ctx->fix_directory_permissions = 1;
+		break;
 	default:
 		return -1;
 	}
 	return 0;
 }
 
+static int mark_recalculate(apk_hash_item item, void *ctx)
+{
+	struct apk_db_dir *dir = (struct apk_db_dir *) item;
+	dir->flags |= APK_DBDIRF_RECALC_MODE;
+	return 0;
+}
+
 static int fix_main(void *pctx, struct apk_database *db, int argc, char **argv)
 {
 	struct fix_ctx *ctx = (struct fix_ctx *) pctx;
@@ -53,6 +64,9 @@ static int fix_main(void *pctx, struct apk_database *db, int argc, char **argv)
 	if (!ctx->solver_flags)
 		ctx->solver_flags = APK_SOLVERF_REINSTALL;
 
+	if (ctx->fix_directory_permissions)
+		apk_hash_foreach(&db->installed.dirs, mark_recalculate, db);
+
 	for (i = 0; i < argc; i++) {
 		pkg = NULL;
 		if (strstr(argv[i], ".apk") != NULL) {
@@ -95,6 +109,7 @@ static struct apk_option fix_options[] = {
 	{ 'd',		"depends",	"Fix all dependencies too" },
 	{ 'u',		"upgrade",	"Upgrade package if possible" },
 	{ 'r',		"reinstall",	"Reinstall the package" },
+	{ 0x10000,	"directory-permissions", "Reset all directory permissions" },
 };
 
 static struct apk_applet apk_fix = {
-- 
cgit v1.2.3-70-g09d2