X-Git-Url: http://andersk.mit.edu/gitweb/moira.git/blobdiff_plain/7b18e95b393c4e88e931f84b335997085e117c63..2796e83d397f9351ee28ccaf9db28ef2e4ac2510:/update/get_file.c

diff --git a/update/get_file.c b/update/get_file.c
index 0f40252f..17a2f97b 100644
--- a/update/get_file.c
+++ b/update/get_file.c
@@ -14,8 +14,12 @@ static char *rcsid_get_file_c = "$Header$";
 #include <stdio.h>
 #include <gdb.h>
 #include <ctype.h>
+#include <string.h>
 #include <sys/param.h>
 #include <sys/file.h>
+#include <fcntl.h>
+#include <des.h>
+#include <krb.h>
 #include <moira.h>
 #include "update.h"
 
@@ -26,9 +30,12 @@ static char *rcsid_get_file_c = "$Header$";
 extern CONNECTION conn;
 char buf[BUFSIZ];
 
-extern int code, errno;
+extern int code, errno, uid;
 
 extern int have_authorization, have_file, done;
+extern C_Block session;
+static des_key_schedule sched;
+static des_cblock ivec;
 
 int get_block();
 
@@ -65,10 +72,12 @@ int get_block();
  */
 
 int
-get_file(pathname, file_size, checksum)
+get_file(pathname, file_size, checksum, mode, encrypt)
     char *pathname;
     int file_size;
     int checksum;
+    int mode;
+    int encrypt;
 {
     int fd, n_written;
     int found_checksum;
@@ -79,16 +88,29 @@ get_file(pathname, file_size, checksum)
     }
     if (done)			/* re-initialize data */
 	initialize();
+#ifdef POSIX
+    if (setuid(uid) < 0) {
+#else
+    if (setreuid(0, uid) < 0) {
+#endif
+	com_err(whoami, errno, "Unable to setuid to %d\n", uid);
+	exit(1);
+    }
     /* unlink old file */
-    (void) unlink(pathname);
+    if (!config_lookup("noclobber"))
+      (void) unlink(pathname);
     /* open file descriptor */
-    fd = open(pathname, O_CREAT|O_EXCL|O_WRONLY, 0700);
+    fd = open(pathname, O_CREAT|O_EXCL|O_WRONLY, mode);
     if (fd == -1) {
 	code = errno;
 	sprintf(buf, "%s: creating file %s (get_file)",
 		error_message(code), pathname);
 	mr_log_error(buf);
 	report_error("reporting file creation error (get_file)");
+	if (setuid(0) < 0) {
+	    com_err(whoami, errno, "Unable to setuid back to %d\n", 0);
+	    exit(1);
+	}
 	return(1);
     }
     /* check to see if we've got the disk space */
@@ -106,6 +128,10 @@ get_file(pathname, file_size, checksum)
 	    (void) ftruncate(fd, 0);
 	    (void) close(fd);
 	    report_error("reporting test-write error (get_file)");
+	    if (setuid(0) < 0) {
+		com_err(whoami, errno, "Unable to setuid back to %d\n", 0);
+		exit(1);
+	    }
 	    return(1);
 	}
 	n_written += n_wrote;
@@ -113,12 +139,25 @@ get_file(pathname, file_size, checksum)
     lseek(fd, 0, L_SET);
     if (send_ok())
 	lose("sending okay for file transfer (get_file)");
+    if (encrypt) {
+#ifdef DEBUG
+	com_err(whoami, 0, "Session %02x %02x %02x %02x  %02x %02x %02x %02x",
+		session[0], session[1], session[2], session[3], 
+		session[4], session[5], session[6], session[7]);
+#endif /* DEBUG */
+	des_key_sched(session, sched);
+	memcpy(ivec, session, sizeof(ivec));
+    }
     n_written = 0;
     while (n_written < file_size && code == 0) {
-	int n_got = get_block(fd, file_size - n_written);
+	int n_got = get_block(fd, file_size - n_written, encrypt);
 	if (n_got == -1) {
 	    /* get_block has already printed a message */
 	    unlink(pathname);
+	    if (setuid(0) < 0) {
+		com_err(whoami, errno, "Unable to setuid back to %d\n", 0);
+		exit(1);
+	    }
 	    return(1);
 	}
 	n_written += n_got;
@@ -129,12 +168,20 @@ get_file(pathname, file_size, checksum)
     if (code) {
 	code = connection_errno(conn);
 	report_error("reading file (get_file)");
+	if (setuid(0) < 0) {
+	    com_err(whoami, errno, "Unable to setuid back to %d\n", 0);
+	    exit(1);
+	}
 	return(1);
     }
     fsync(fd);
     ftruncate(fd, file_size);
     fsync(fd);
     close(fd);
+    if (setuid(0) < 0) {
+	com_err(whoami, errno, "Unable to setuid back to %d\n", 0);
+	exit(1);
+    }
     /* validate checksum */
     found_checksum = checksum_file(pathname);
     if (checksum != found_checksum) {
@@ -156,18 +203,30 @@ get_file(pathname, file_size, checksum)
 }
 
 static int
-get_block(fd, max_size)
+get_block(fd, max_size, encrypt)
     int fd;
     int max_size;
+    int encrypt;
 {
     STRING data;
-    int n_read, n;
+    unsigned char dst[UPDATE_BUFSIZ + 8], *src;
+    int n_read, n, i;
 
     code = receive_object(conn, (char *)&data, STRING_T);
     if (code) {
 	code = connection_errno(conn);
 	lose("receiving data file (get_file)");
     }
+
+    if (encrypt) {
+	src = (unsigned char *)STRING_DATA(data);
+	n = MAX_STRING_SIZE(data);
+	des_pcbc_encrypt(src, dst, n, sched, ivec, 1);
+	for (i = 0; i < 8; i++)
+	  ivec[i] = src[n - 8 + i] ^ dst[n - 8 + i];
+	memcpy(STRING_DATA(data), dst, n);
+    }
+
     n_read = MIN(MAX_STRING_SIZE(data), max_size);
     n = 0;
     while (n < n_read) {