From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 18 Jul 2022 08:16:31 +0000 (+0000)
Subject: pakfire: Store UID of running user
X-Git-Tag: 0.9.28~687
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aceb3b71b2fff624c975262e7f8b6d93477c5584;p=pakfire.git

pakfire: Store UID of running user

This patch also moves the root permission check into the safety check
function.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/libpakfire/pakfire.c b/src/libpakfire/pakfire.c
index f1a94c359..a0facdbae 100644
--- a/src/libpakfire/pakfire.c
+++ b/src/libpakfire/pakfire.c
@@ -74,6 +74,7 @@ struct pakfire {
 	char arch[ARCH_MAX];
 	char keystore_path[PATH_MAX];
 
+	uid_t uid;
 	int flags;
 
 	// Lock
@@ -314,6 +315,13 @@ static int pakfire_safety_checks(struct pakfire* pakfire) {
 	if (!pakfire_on_root(pakfire))
 		return 0;
 
+	// We must be root in order to operate in /
+	if (pakfire->uid) {
+		ERROR(pakfire, "Must be running as root on /\n");
+		errno = EPERM;
+		return 1;
+	}
+
 	if (strcmp(pakfire->distro.id, "ipfire") != 0) {
 		ERROR(pakfire, "Not an IPFire system\n");
 		errno = EPERM;
@@ -611,13 +619,6 @@ PAKFIRE_EXPORT int pakfire_create(struct pakfire** pakfire, const char* path,
 		return 1;
 	}
 
-	// Check if we are running as root
-	uid_t uid = getuid();
-	if (uid != 0) {
-		errno = EPERM;
-		return 1;
-	}
-
 	struct pakfire* p = calloc(1, sizeof(*p));
 	if (!p)
 		return 1;
@@ -625,6 +626,9 @@ PAKFIRE_EXPORT int pakfire_create(struct pakfire** pakfire, const char* path,
 	p->nrefs = 1;
 	p->flags = flags;
 
+	// Store the UID we are running as
+	p->uid = getuid();
+
 	// Set architecture
 	pakfire_string_set(p->arch, arch);