1 files changed, 37 insertions, 7 deletions

diff --git a/tools/boca-auth-runs b/tools/boca-auth-runs
index b6f7881..488e65b 100755
--- a/tools/boca-auth-runs
+++ b/tools/boca-auth-runs
@@ -5,6 +5,14 @@ if [ "`id -u`" != "0" ]; then
   exit 1
 fi
 
+if [ ! -f "/root/.uid.txt" ]; then
+	touch /root/.uid.txt
+	head -c30 /dev/urandom > /root/.uid.tmp
+	dmidecode >>/root/.uid.tmp
+	blkid >>/root/.uid.tmp
+	sha256sum /root/.uid.tmp | cut -d' ' -f1 >/root/.uid.txt
+fi
+
 user="$1"
 if [ "$user" == "" ]; then
   echo "parameter user missing. Usage: $0 <user> [<optional-server-address>]"
@@ -56,16 +64,38 @@ if [ "$?" == "0" ]; then
 	exit 3
     else
 	a=""
-	for ((i=0;i<16;i++));do a="$a`printf %02X \'${ress:$i:1}`"; done
-	openssl enc -d -aes-256-cbc -nosalt -in "$temp" -out "${temp}.1" -K $a -iv 31323334353637383132333435363738
-	rm -f "$temp"
-	/bin/bash "${temp}.1"
-	rm -f "${temp}.1"
+	ivv=""
+	iv=$(head -n1 "$temp" | cut -d':' -f1)
+	clen=$(head -n1 "$temp" | cut -d':' -f2)
+	if [ "$clen" -eq "$clen" ] 2>/dev/null; then
+	    tail -n +2 "$temp" > "${temp}.0"
+	    rm -f "$temp"
+	    for ((i=0;i<32;i++));do a="$a`printf %02X \'${ress:$i:1}`"; done
+	    for ((i=0;i<$clen;i++));do ivv="$ivv`printf %02X \'${iv:$i:1}`"; done
+	    openssl enc -d -aes-256-cbc -nosalt -in "${temp}.0" -out "${temp}.1" -K $a -iv $ivv
+	    rm -f "${temp}.0"
+	    grep -q "$iv" "${temp}.1"
+	    if [ "$?" == "0" ]; then
+  		/bin/bash "${temp}.1"
+	    else
+		echo ""
+		echo "$BOCASERVER: downloaded content is corrupted"
+		rm -f "${temp}.1"
+		rm -f "${temp}.cookie.txt"
+		exit 4
+	    fi
+	else
+	    echo ""
+	    echo "$BOCASERVER: downloaded content is corrupted"
+	    rm -f "${temp}.1"
+	    rm -f "${temp}.cookie.txt"
+	    exit 4
+	fi
     fi
     [ -f "$temp" ] && rm -f "$temp"
-    rm -f ${temp}.cookie.txt
+    rm -f "${temp}.cookie.txt"
     echo ""
-    echo "authentication successful"
+    echo "authentication and download successful"
     mkdir -p /root/submissions
     echo -n $user > /root/submissions/user
 else