From d9904bee6809e71b8e5eb1637cc09bc67911fcf4 Mon Sep 17 00:00:00 2001 From: scrappy Date: Mon, 14 Aug 2006 13:08:01 +0000 Subject: Ensure that data returned from server on initial challenge is, in fact, only the data that we expect. Submitted by: Matthew Seaman --- sysutils/bsdstats/Makefile | 1 + sysutils/bsdstats/files/300.statistics | 34 +++++++++++++++++++++++++++---- sysutils/bsdstats/files/300.statistics.in | 34 +++++++++++++++++++++++++++---- 3 files changed, 61 insertions(+), 8 deletions(-) (limited to 'sysutils/bsdstats') diff --git a/sysutils/bsdstats/Makefile b/sysutils/bsdstats/Makefile index a4580149c1e3..ec5394905910 100644 --- a/sysutils/bsdstats/Makefile +++ b/sysutils/bsdstats/Makefile @@ -7,6 +7,7 @@ PORTNAME= bsdstats PORTVERSION= 3.0 +PORTREVISION= 1 CATEGORIES= sysutils DISTFILES= diff --git a/sysutils/bsdstats/files/300.statistics b/sysutils/bsdstats/files/300.statistics index 303e3807b99f..0bc1cd2b07b6 100644 --- a/sysutils/bsdstats/files/300.statistics +++ b/sysutils/bsdstats/files/300.statistics @@ -1,6 +1,6 @@ #!/bin/sh - # -# $FreeBSD: /tmp/pcvs/ports/sysutils/bsdstats/files/Attic/300.statistics,v 1.11 2006-08-14 07:35:09 scrappy Exp $ +# $FreeBSD: /tmp/pcvs/ports/sysutils/bsdstats/files/Attic/300.statistics,v 1.12 2006-08-14 13:08:01 scrappy Exp $ # # If there is a global system configuration file, suck it in. @@ -33,12 +33,38 @@ send_devices () { } get_id_token () { + local IFS + + IFS='= +' + if [ ! -f $id_token_file ] ; then IDTOKEN=$( /usr/bin/openssl rand -base64 16 ) - /usr/bin/fetch -qo $id_token_file "http://$checkin_server/scripts/getid.php?key=$IDTOKEN" - /usr/sbin/chown root:wheel $id_token_file - /bin/chmod 600 $id_token_file + + idf=$( mktemp "$id_token_file.XXXXXX" ) && \ + /usr/sbin/chown root:wheel $id_token_file && \ + /bin/chmod 600 $id_token_file && \ + + /usr/bin/fetch -qo - \ + "http://$checkin_server/scripts/getid.php?key=$IDTOKEN" | { + while read var val + do + case $var in + KEY) + echo "KEY=$val" + ;; + TOKEN) + echo "TOKEN=$val" + ;; + *) + ;; + esac + done + } > $idf && \ + + mv $idf $id_token_file + echo "To protect against abuse, the initial challenge/response phase" echo "contains a 15 minute pause. Please be patient while this time" echo "limit elapses" diff --git a/sysutils/bsdstats/files/300.statistics.in b/sysutils/bsdstats/files/300.statistics.in index 9a7a7be5992b..07eb7326c384 100644 --- a/sysutils/bsdstats/files/300.statistics.in +++ b/sysutils/bsdstats/files/300.statistics.in @@ -1,6 +1,6 @@ #!/bin/sh - # -# $FreeBSD: /tmp/pcvs/ports/sysutils/bsdstats/files/300.statistics.in,v 1.11 2006-08-14 07:35:09 scrappy Exp $ +# $FreeBSD: /tmp/pcvs/ports/sysutils/bsdstats/files/300.statistics.in,v 1.12 2006-08-14 13:08:01 scrappy Exp $ # # If there is a global system configuration file, suck it in. @@ -33,12 +33,38 @@ send_devices () { } get_id_token () { + local IFS + + IFS='= +' + if [ ! -f $id_token_file ] ; then IDTOKEN=$( /usr/bin/openssl rand -base64 16 ) - /usr/bin/fetch -qo $id_token_file "http://$checkin_server/scripts/getid.php?key=$IDTOKEN" - /usr/sbin/chown root:wheel $id_token_file - /bin/chmod 600 $id_token_file + + idf=$( mktemp "$id_token_file.XXXXXX" ) && \ + /usr/sbin/chown root:wheel $id_token_file && \ + /bin/chmod 600 $id_token_file && \ + + /usr/bin/fetch -qo - \ + "http://$checkin_server/scripts/getid.php?key=$IDTOKEN" | { + while read var val + do + case $var in + KEY) + echo "KEY=$val" + ;; + TOKEN) + echo "TOKEN=$val" + ;; + *) + ;; + esac + done + } > $idf && \ + + mv $idf $id_token_file + echo "To protect against abuse, the initial challenge/response phase" echo "contains a 15 minute pause. Please be patient while this time" echo "limit elapses" -- cgit