Implementation of unified privileges checking for CLI commands

dnf5-plugins/builddep_plugin/builddep.cpp

@@ -88,6 +88,7 @@ void BuildDepCommand::set_argument_parser() {
     allow_erasing = std::make_unique<AllowErasingOption>(*this);
     auto skip_unavailable = std::make_unique<SkipUnavailableOption>(*this);
     create_allow_downgrade_options(*this);
+    create_store_option(*this);
 }
 
 void BuildDepCommand::configure() {

dnf5/commands/clean/clean.cpp

@@ -127,7 +127,6 @@ void CleanCommand::set_argument_parser() {
     });
 
     cmd.register_positional_arg(cache_types);
-    create_store_option(*this);
 }
 
 void CleanCommand::run() {

dnf5/commands/distro-sync/distro-sync.cpp

@@ -52,6 +52,7 @@ void DistroSyncCommand::set_argument_parser() {
     allow_erasing = std::make_unique<AllowErasingOption>(*this);
     auto skip_broken = std::make_unique<SkipBrokenOption>(*this);
     auto skip_unavailable = std::make_unique<SkipUnavailableOption>(*this);
+    create_downloadonly_option(*this);
     create_offline_option(*this);
     create_store_option(*this);
 }

dnf5/main.cpp

@@ -63,13 +63,15 @@ along with libdnf.  If not, see <https://www.gnu.org/licenses/>.
 #include <libdnf5-cli/utils/userconfirm.hpp>
 #include <libdnf5/base/base.hpp>
 #include <libdnf5/common/xdg.hpp>
+#include <libdnf5/conf/const.hpp>
 #include <libdnf5/logger/factory.hpp>
 #include <libdnf5/logger/global_logger.hpp>
 #include <libdnf5/logger/memory_buffer_logger.hpp>
 #include <libdnf5/repo/repo_cache.hpp>
 #include <libdnf5/rpm/arch.hpp>
 #include <libdnf5/rpm/package_query.hpp>
 #include <libdnf5/utils/bgettext/bgettext-mark-domain.h>
+#include <libdnf5/utils/locker.hpp>
 #include <libdnf5/version.hpp>
 #include <locale.h>
 #include <string.h>
@@ -1081,6 +1083,63 @@ static void print_no_match_libdnf_plugin_patterns(dnf5::Context & context) {
     }
 }
 
+static bool cmd_requires_privileges(dnf5::Context & context) {
+    // the main, dnf5 command, is allowed
+    auto cmd = context.get_selected_command();
+    auto arg_cmd = cmd->get_argument_parser_command();
+    if (arg_cmd->get_parent() == nullptr) {
+        return false;
+    }
+
+    // first a hard-coded list of commands that always need to be run with elevated privileges
+    auto main_arg_cmd = cmd->get_parent_command() != context.get_root_command() ? arg_cmd->get_parent() : arg_cmd;
+    std::vector<std::string> privileged_cmds = {"automatic", "offline", "system-upgrade"};
+    if (std::find(privileged_cmds.begin(), privileged_cmds.end(), main_arg_cmd->get_id()) != privileged_cmds.end()) {
+        return true;
+    }
+
+    // when assumeno is set, system should not be modified
+    auto & config = context.get_base().get_config();
+    if (config.get_assumeno_option().get_value()) {
+        return false;
+    }
+
+    auto all_cmd_args = arg_cmd->get_named_args();
+    if (main_arg_cmd != arg_cmd) {
+        all_cmd_args.insert(
+            all_cmd_args.end(), main_arg_cmd->get_named_args().begin(), main_arg_cmd->get_named_args().end());
+    }
+
+    // when downloadonly is defined and set, system should not be modified
+    auto it_downloadonly = std::find_if(
+        all_cmd_args.begin(), all_cmd_args.end(), [](auto arg) { return arg->get_long_name() == "downloadonly"; });
+    if (it_downloadonly != all_cmd_args.end() &&
+        ((libdnf5::OptionBool *)(*it_downloadonly)->get_linked_value())->get_value()) {
+        return false;
+    }
+
+    // otherwise, transactional cmds with store option defined are expected to modify the system
+    auto it_store = std::find_if(
+        all_cmd_args.begin(), all_cmd_args.end(), [](auto arg) { return arg->get_long_name() == "store"; });
+    return it_store != all_cmd_args.end();
+}
+
+static bool user_has_privileges(dnf5::Context & context) {
+    std::filesystem::path lock_file_path = context.get_base().get_config().get_installroot_option().get_value();
+    lock_file_path /= std::filesystem::path(libdnf5::TRANSACTION_LOCK_FILEPATH).relative_path();
+    lock_file_path += ".tmp";
+
+    try {
+        std::filesystem::create_directories(lock_file_path.parent_path());
+        libdnf5::utils::Locker locker(lock_file_path);
+        return locker.write_lock();
+    } catch (libdnf5::SystemError & ex) {
+        return false;
+    } catch (std::filesystem::filesystem_error & ex) {
+        return false;
+    }
+}
+
 int main(int argc, char * argv[]) try {
     dnf5::set_locale();
 
@@ -1257,6 +1316,13 @@ int main(int argc, char * argv[]) try {
                 dump_repository_configuration(context, repo_id_list);
             }
 
+            if (cmd_requires_privileges(context) && !user_has_privileges(context)) {
+                throw libdnf5::cli::InsufficientPrivilegesError(
+                    M_("The requested operation requires superuser privileges. Please log in as a user with elevated "
+                       "rights, or use the \"--assumeno\" or \"--downloadonly\" options to run the command without "
+                       "modifying the system state."));
+            }
+
             {
                 if (context.get_load_available_repos() != dnf5::Context::LoadAvailableRepos::NONE) {
                     context.load_repos(context.get_load_system_repo());

doc/commands/distro-sync.8.rst

@@ -50,6 +50,9 @@ Options
 ``--skip-unavailable``
     | Allow skipping packages that are not possible to synchronize. All remaining packages will be synchronized.
 
+``--downloadonly``
+    | Download the resolved package set without executing an RPM transaction.
+
 ``--offline``
     | Store the transaction to be performed offline. See :manpage:`dnf5-offline(8)`, :ref:`Offline command <offline_command_ref-label>`.
 

include/libdnf5-cli/exception.hpp

@@ -44,6 +44,14 @@ class AbortedByUserError : public Error {
 };
 
 
+/// Exception is thrown when the user does not have enough privileges to perform requested operation.
+class InsufficientPrivilegesError : public Error {
+public:
+    using Error::Error;
+    const char * get_name() const noexcept override { return "InsufficientPrivilegesError"; }
+};
+
+
 /// Exception is thrown when libdnf5 fails to resolve the transaction.
 class GoalResolveError : public Error {
 public:

include/libdnf5/conf/const.hpp

@@ -42,6 +42,8 @@ const std::vector<std::string> REPOSITORY_CONF_DIRS{
     "/etc/yum.repos.d", "/etc/distro.repos.d", "/usr/share/dnf5/repos.d"};
 constexpr const char * REPOS_OVERRIDE_DIR = "/etc/dnf/repos.override.d";
 
+constexpr const char * TRANSACTION_LOCK_FILEPATH = "/run/dnf/rpmtransaction.lock";
+
 // More important varsdirs must be on the end of vector
 const std::vector<std::string> VARS_DIRS{"/usr/share/dnf5/vars.d", "/etc/dnf/vars"};
 

libdnf5/utils/locker.hpp → include/libdnf5/utils/locker.hpp

@@ -24,12 +24,26 @@ along with libdnf.  If not, see <https://www.gnu.org/licenses/>.
 
 namespace libdnf5::utils {
 
+/// Object for implementing a simple file mutex mechanism
+/// or checking read/write access on a given path.
 class Locker {
 public:
-    explicit Locker(const std::string & path) : path(path){};
+    /// Create a Locker object at a given path
+    explicit Locker(const std::string & path);
     ~Locker();
+
+    /// @brief Try to acquire read lock on a given file path
+    /// @return True if lock acquisition was successful, otherwise false
+    /// @throws libdnf5::SystemError if an unexpected error occurs when checking the lock state, like insufficient privileges
     bool read_lock();
+
+    /// @brief Try to acquire write lock on a given file path
+    /// @return True if lock acquisition was successful, otherwise false
+    /// @throws libdnf5::SystemError if an unexpected error occurs when checking the lock state, like insufficient privileges
     bool write_lock();
+
+    /// @brief Unlock the existing lock and remove the underlying lock file
+    /// @throws libdnf5::SystemError if an unexpected error occurs when unlocking
     void unlock();
 
 private:

libdnf5/base/transaction.cpp

@@ -31,19 +31,20 @@ along with libdnf.  If not, see <https://www.gnu.org/licenses/>.
 #include "transaction_impl.hpp"
 #include "transaction_module_impl.hpp"
 #include "transaction_package_impl.hpp"
-#include "utils/locker.hpp"
 #include "utils/string.hpp"
 
 #include "libdnf5/base/base.hpp"
 #include "libdnf5/common/exception.hpp"
 #include "libdnf5/common/sack/exclude_flags.hpp"
 #include "libdnf5/common/sack/query_cmp.hpp"
 #include "libdnf5/comps/group/query.hpp"
+#include "libdnf5/conf/const.hpp"
 #include "libdnf5/repo/package_downloader.hpp"
 #include "libdnf5/rpm/package_query.hpp"
 #include "libdnf5/utils/bgettext/bgettext-lib.h"
 #include "libdnf5/utils/bgettext/bgettext-mark-domain.h"
 #include "libdnf5/utils/format.hpp"
+#include "libdnf5/utils/locker.hpp"
 
 #include <fmt/format.h>
 #include <unistd.h>
@@ -853,7 +854,7 @@ Transaction::TransactionRunResult Transaction::Impl::_run(
 
     // acquire the lock
     std::filesystem::path lock_file_path = config.get_installroot_option().get_value();
-    lock_file_path /= "run/dnf/rpmtransaction.lock";
+    lock_file_path /= std::filesystem::path(libdnf5::TRANSACTION_LOCK_FILEPATH).relative_path();
     std::filesystem::create_directories(lock_file_path.parent_path());
 
     libdnf5::utils::Locker locker(lock_file_path);

libdnf5/utils/locker.cpp

@@ -18,7 +18,7 @@ along with libdnf.  If not, see <https://www.gnu.org/licenses/>.
 */
 
 
-#include "locker.hpp"
+#include "libdnf5/utils/locker.hpp"
 
 #include "libdnf5/common/exception.hpp"
 #include "libdnf5/utils/bgettext/bgettext-mark-domain.h"
@@ -29,6 +29,8 @@ along with libdnf.  If not, see <https://www.gnu.org/licenses/>.
 
 namespace libdnf5::utils {
 
+Locker::Locker(const std::string & path) : path(path){};
+
 bool Locker::read_lock() {
     return lock(F_RDLCK);
 }