#!/usr/bin/bash ############################################################################## # This file is part of the CRYPTO BONE # File : safewebdropgettarball (server) # Version : 2.0 (ALL-IN-ONE) # License : BSD-3-Clause # Date : 19 Apr 2025 # Contact : Please send enquiries and bug-reports to innovation@senderek.ie # # Copyright (c) 2015-2025 # Ralf Senderek, Ireland. All rights reserved. (https://senderek.ie) # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. All advertising materials mentioning features or use of this software # must display the following acknowledgement: # This product includes software developed by Ralf Senderek. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR # IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES # OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; # OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. ############################################################################## #----------------------------------------------------# # load functions and global variables . ./safewebdrop-functions function clean { rm -f ${DEST}/${ID}/attachrequest 2> /dev/null rm -f ${DEST}/${ID}/received 2> /dev/null rm -f ${DEST}/${ID}/signedrequest 2> /dev/null rm -f ${DEST}/${ID}/verified 2> /dev/null rm -f ${DEST}/${ID}/delete 2> /dev/null rm -f ${DEST}/${ID}/tarfiles 2> /dev/null } #----------------------------------------------------# /usr/bin/echo Content-type: text/html /usr/bin/echo ID="" REQ="" # extract ID and REQ OLDIFS="${IFS}" IFS=\& set -- $QUERY_STRING ID=$1 REQ=$2 HASHSIG=$3 IFS=${OLDIFS} # get the IP IP=$REMOTE_ADDR # check if a valid user exists check_userid ${ID} LOG=${DEST}/${ID}/log FILE=${DEST}/${ID}/attachrequest TARFILES=${DEST}/${ID}/tarfiles # request=NEW or it consists of signed data if [[ ${REQ} = "NEW" ]]; then # phase 1 log "--- tarball request" generate_challenge return_challenge exit 0 fi if [[ ${REQ} != "NEW" ]] && [[ ${REQ} ]] ; then # phase 2 log "signed tarball request" # load the stored credentials if [[ -r ${FILE} ]] ; then . ${FILE} fi # check if new request has same ADDR if [[ ${IP} != ${ADDR} ]] ; then # dismiss this request clean exit 4 fi # verify the signature verify_request # signature is OK # split the request OLDIFS="${IFS}" IFS=\: set -- ${REQ} WID=$1 WCHL=$2 WREQ=$3 # WREQ is "ALL" or "hash(tarball)" IFS=${OLDIFS} check_user_and_challenge if [[ ${WREQ} = "ALL" ]] ; then # check if webdrops and/or attachments are present LIST=$(/usr/bin/ls ${DEST}/${ID}/file-* ${DEST}/${ID}/drop-* 2>/dev/null) if (( ${#LIST} == 0 )) ; then # no safewebdrops or attachments for this user log "EMPTY" /usr/bin/echo -n EMPTY clean exit 0 else # store the list for deletion RES=$(cd ${DEST}/${ID}; /usr/bin/ls drop-* file-* 2>/dev/null) /usr/bin/echo -n $RES > ${DEST}/${ID}/deletefiles RES=$(cd ${DEST}/${ID}; /usr/bin/tar czf ${TARFILES} $(/usr/bin/cat ${DEST}/${ID}/deletefiles) 2>&1 ) if (( $? == 0 )) ; then HASH=$(filehash ${TARFILES}) /usr/bin/echo -n "HASH=${HASH}" >> $FILE /usr/bin/cat ${TARFILES} log "tarball sent back ..." exit 0 else log "Error: building a tarball." fi fi else # check hash(tarball) if [[ ${WREQ} = ${HASH} ]] ; then # remove transferred files RES=$(cd ${DEST}/${ID}; /usr/bin/rm -f $(/usr/bin/cat ${DEST}/${ID}/deletefiles) > /dev/null 2> /dev/null) clean log "transferred tarfile deleted" /usr/bin/echo -n "OK" else clean /usr/bin/echo -n "hash failed." log "hash failed - files remain" fi fi exit 0 fi exit 0