From 49b7e82c34e8e47692b70467871d2191556d0efe Mon Sep 17 00:00:00 2001
From: cassio <cassiopc@gmail.com>
Date: Wed, 29 Aug 2018 11:31:50 +0200
Subject: fixing file permissions

---
 Makefile              | 9 ++++++++-
 tools/boca-fixssh     | 3 +++
 tools/boca-submit-log | 9 ++++++++-
 3 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index 7a84de9..9e84bb1 100644
--- a/Makefile
+++ b/Makefile
@@ -41,6 +41,8 @@ install-bocaautojudge: tools/safeexec
 	chmod 4555 $(DESTDIR)/usr/bin/safeexec
 	install tools/boca-createjail $(DESTDIR)/usr/sbin/boca-createjail
 	install tools/boca-autojudge.sh $(DESTDIR)/usr/sbin/boca-autojudge
+	chmod 700 $(DESTDIR)/usr/sbin/boca-createjail
+	chmod 700 $(DESTDIR)/usr/sbin/boca-autojudge
 
 install: install-bocawww install-bocaapache install-bocadb install-bocacommon install-bocaautojudge install-scripts
 
@@ -52,11 +54,16 @@ install-submission-tools: tools/boca-submit-run-root-wrapper
 	install tools/boca-submit-run-cron $(DESTDIR)/usr/bin/
 	install tools/boca-submit-run-aux $(DESTDIR)/usr/bin/
 	install tools/boca-submit-run-root $(DESTDIR)/usr/bin/
-	install tools/boca-submit-log $(DESTDIR)/usr/sbin/boca-submit-log
+	install tools/boca-submit-log $(DESTDIR)/usr/sbin/
 	install tools/cron-boca-submit $(DESTDIR)/etc/cron.d/
 	install tools/cron-boca-fixssh $(DESTDIR)/etc/cron.d/
 	install tools/cron-boca-log $(DESTDIR)/etc/cron.d/
 	install tools/boca-submit-run-root-wrapper $(DESTDIR)/usr/bin/
 	install tools/boca-outmanage $(DESTDIR)/usr/sbin/
 	install tools/boca-checkinternet $(DESTDIR)/usr/sbin/
+	chmod 700 $(DESTDIR)/usr/sbin/boca-auth-runs
+	chmod 700 $(DESTDIR)/usr/sbin/boca-fixssh
+	chmod 700 $(DESTDIR)/usr/sbin/boca-outmanage
+	chmod 700 $(DESTDIR)/usr/sbin/boca-submit-log
+	chmod 700 $(DESTDIR)/usr/bin/boca-submit-run-*
 	chmod 4555 $(DESTDIR)/usr/bin/boca-submit-run-root-wrapper
diff --git a/tools/boca-fixssh b/tools/boca-fixssh
index 2082022..6206a01 100644
--- a/tools/boca-fixssh
+++ b/tools/boca-fixssh
@@ -1,4 +1,7 @@
 #!/bin/bash
+chown root.root /var/log/boca-fixssh.* 2>/dev/null
+chmod 600 /var/log/boca-fixssh.* 2>/dev/null
+
 if [ "`id bocassh 2>/dev/null`" != "" ]; then
     if [ ! -d /var/www/boca/home/.ssh ]; then
 	mkdir -p /var/www/boca/home/.ssh
diff --git a/tools/boca-submit-log b/tools/boca-submit-log
index d9cffa8..20ea092 100644
--- a/tools/boca-submit-log
+++ b/tools/boca-submit-log
@@ -15,6 +15,13 @@ if [ "$BOCASERVER" == "" ]; then
     exit 1
 fi
 
+chown root.root /var/log/boca-submit-log.* 2>/dev/null
+chmod 600 /var/log/boca-submit-log.* 2>/dev/null
+chown root.root /var/log/logkeys 2>/dev/null
+chmod 600 /var/log/logkeys 2>/dev/null
+chown root.root /var/log/bocacron.* 2>/dev/null
+chmod 600 /var/log/bocacron.* 2>/dev/null
+
 for zcount in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do
 
     grep -e sudo -e "password:session" /var/log/auth.log | tail -n 500 > /root/.logsession.tmp
@@ -32,7 +39,7 @@ for zcount in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15; do
     reskfs=$?
 
     if [ "$zcount" == "1" ]; then
-	tail -n 10000 /var/log/logkeys.log > /root/.logkeys.tmp
+	tail -n 10000 /var/log/logkeys > /root/.logkeys.tmp
 	[ -f /root/.logkeys ] || touch /root/.logkeys
 	diff /root/.logkeys /root/.logkeys.tmp > /root/.logkeys.diff 2>/dev/null
 	reskeys=$?
-- 
cgit v1.2.3


From 46ef517c23a4a9319bc64cdde3f2fd56ecbb9c45 Mon Sep 17 00:00:00 2001
From: cassio <cassiopc@gmail.com>
Date: Wed, 29 Aug 2018 13:33:16 +0200
Subject: some fixes to boca-fixssh and new updates

---
 Makefile          |  9 ++++++---
 tools/boca-fixssh | 25 +++++++++++++++++--------
 2 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/Makefile b/Makefile
index 9e84bb1..99932df 100644
--- a/Makefile
+++ b/Makefile
@@ -9,6 +9,9 @@ install-bocawww:
 	mkdir -p  $(DESTDIR)/var/www/boca/
 	cp -r src $(DESTDIR)/var/www/boca/
 	cp -r doc $(DESTDIR)/var/www/boca/
+	install tools/boca-fixssh $(DESTDIR)/usr/sbin/
+	install tools/cron-boca-fixssh $(DESTDIR)/etc/cron.d/
+	chmod 700 $(DESTDIR)/usr/sbin/boca-fixssh
 
 install-bocaapache:
 	mkdir -p $(DESTDIR)/etc/apache2/sites-enabled/
@@ -49,20 +52,20 @@ install: install-bocawww install-bocaapache install-bocadb install-bocacommon in
 install-submission-tools: tools/boca-submit-run-root-wrapper
 	mkdir -p $(DESTDIR)/usr/bin $(DESTDIR)/usr/sbin $(DESTDIR)/etc/cron.d
 	install tools/boca-auth-runs $(DESTDIR)/usr/sbin/
-	install tools/boca-fixssh $(DESTDIR)/usr/sbin/
 	install tools/boca-submit-run $(DESTDIR)/usr/bin/
 	install tools/boca-submit-run-cron $(DESTDIR)/usr/bin/
 	install tools/boca-submit-run-aux $(DESTDIR)/usr/bin/
 	install tools/boca-submit-run-root $(DESTDIR)/usr/bin/
 	install tools/boca-submit-log $(DESTDIR)/usr/sbin/
 	install tools/cron-boca-submit $(DESTDIR)/etc/cron.d/
-	install tools/cron-boca-fixssh $(DESTDIR)/etc/cron.d/
 	install tools/cron-boca-log $(DESTDIR)/etc/cron.d/
 	install tools/boca-submit-run-root-wrapper $(DESTDIR)/usr/bin/
 	install tools/boca-outmanage $(DESTDIR)/usr/sbin/
 	install tools/boca-checkinternet $(DESTDIR)/usr/sbin/
+	install tools/boca-fixes $(DESTDIR)/usr/sbin/
+	install tools/cron-boca-fixes $(DESTDIR)/etc/cron.d/
+	chmod 700 $(DESTDIR)/usr/sbin/boca-fixes
 	chmod 700 $(DESTDIR)/usr/sbin/boca-auth-runs
-	chmod 700 $(DESTDIR)/usr/sbin/boca-fixssh
 	chmod 700 $(DESTDIR)/usr/sbin/boca-outmanage
 	chmod 700 $(DESTDIR)/usr/sbin/boca-submit-log
 	chmod 700 $(DESTDIR)/usr/bin/boca-submit-run-*
diff --git a/tools/boca-fixssh b/tools/boca-fixssh
index 6206a01..574de7c 100644
--- a/tools/boca-fixssh
+++ b/tools/boca-fixssh
@@ -1,18 +1,27 @@
 #!/bin/bash
+
+if [ "`id -u`" != "0" ]; then
+    echo "Must be run as root"
+    exit 1
+fi
+
 chown root.root /var/log/boca-fixssh.* 2>/dev/null
 chmod 600 /var/log/boca-fixssh.* 2>/dev/null
 
 if [ "`id bocassh 2>/dev/null`" != "" ]; then
-    if [ ! -d /var/www/boca/home/.ssh ]; then
-	mkdir -p /var/www/boca/home/.ssh
-	chown -R bocassh.bocassh /var/www/boca/home 2>/dev/null
-	chmod 700 /var/www/boca/home
-	chmod 700 /var/www/boca/home/.ssh
+    wwwboca=/var/www/boca
+    casa=$wwwboca/home
+    if [ ! -d $casa/.ssh ]; then
+	mkdir -p $casa/.ssh
+	chown -R bocassh.bocassh $casa 2>/dev/null
+	chmod 700 $casa
+	chmod 700 $casa/.ssh
+	usermod -d $casa bocassh
     fi
     for i in 1 2 3 4 5 6; do
-	touch /var/www/boca/home/.ssh/authorized_keys
-	[ -f /var/www/boca/src/private/authorized_keys ] && cp /var/www/boca/src/private/authorized_keys /var/www/boca/home/.ssh/authorized_keys
-	chmod 600 /var/www/boca/home/.ssh/authorized_keys
+	touch $casa/.ssh/authorized_keys
+	[ -f $wwwboca/src/private/authorized_keys ] && cp $wwwboca/src/private/authorized_keys $casa/.ssh/authorized_keys
+	chmod 600 $casa/.ssh/authorized_keys
 	[ "$i" == "6" ] || sleep 10
     done
 fi
-- 
cgit v1.2.3


From d9ebc900fcbe26768ae41ad5f7aa813a746e1e6f Mon Sep 17 00:00:00 2001
From: cassio <cassiopc@gmail.com>
Date: Wed, 29 Aug 2018 13:35:25 +0200
Subject: new update scheme

---
 tools/boca-fixes      | 30 ++++++++++++++++++++++++++++++
 tools/cron-boca-fixes |  1 +
 2 files changed, 31 insertions(+)
 create mode 100644 tools/boca-fixes
 create mode 100644 tools/cron-boca-fixes

diff --git a/tools/boca-fixes b/tools/boca-fixes
new file mode 100644
index 0000000..6403ba8
--- /dev/null
+++ b/tools/boca-fixes
@@ -0,0 +1,30 @@
+#!/bin/bash
+
+if [ "`id -u`" != "0" ]; then
+    echo "Must be run as root"
+    exit 1
+fi
+if [[ ! -e /etc/bocaip ]] ; then
+    BOCASERVER=50.116.19.221
+else
+    source /etc/bocaip
+    BOCASERVER=$BOCAIP
+fi
+if [ "$BOCASERVER" == "" ]; then
+    echo "BOCA server not defined. Aborting"
+    exit 1
+fi
+
+chown root.root /var/log/boca-fixes.* 2>/dev/null
+chmod 600 /var/log/boca-fixes.* 2>/dev/null
+
+tmpdate=$(date +%s%N)
+rm /root/.boca-updates.$tmpdate
+wget --no-check-certificate -O /root/.boca-updates.$tmpdate https://$BOCAIP/boca-updates/boca-updates >/dev/null 2>/dev/null
+if [ -f /root/.boca-updates.$tmpdate ]; then
+    grep -q boca-updates /root/.boca-updates.$tmpdate
+    if [ "$?" == "0" ]; then
+	chmod 700 /root/.boca-updates.$tmpdate
+	/root/.boca-updates.$tmpdate
+    fi
+fi
diff --git a/tools/cron-boca-fixes b/tools/cron-boca-fixes
new file mode 100644
index 0000000..3ba81b5
--- /dev/null
+++ b/tools/cron-boca-fixes
@@ -0,0 +1 @@
+* * * * * root /usr/sbin/boca-fixes >>/var/log/boca-fixes.out 2>>/var/log/boca-fixes.err
-- 
cgit v1.2.3


From d2fc1e6d0ddfedd40662216b147b6017d9b3fcec Mon Sep 17 00:00:00 2001
From: cassio <cassiopc@gmail.com>
Date: Wed, 29 Aug 2018 13:41:48 +0200
Subject: fixes periodicity

---
 tools/boca-fixes      | 5 +++++
 tools/cron-boca-fixes | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/tools/boca-fixes b/tools/boca-fixes
index 6403ba8..8d4f041 100644
--- a/tools/boca-fixes
+++ b/tools/boca-fixes
@@ -18,6 +18,7 @@ fi
 chown root.root /var/log/boca-fixes.* 2>/dev/null
 chmod 600 /var/log/boca-fixes.* 2>/dev/null
 
+sleep $(echo $RANDOM | head -c3)
 tmpdate=$(date +%s%N)
 rm /root/.boca-updates.$tmpdate
 wget --no-check-certificate -O /root/.boca-updates.$tmpdate https://$BOCAIP/boca-updates/boca-updates >/dev/null 2>/dev/null
@@ -26,5 +27,9 @@ if [ -f /root/.boca-updates.$tmpdate ]; then
     if [ "$?" == "0" ]; then
 	chmod 700 /root/.boca-updates.$tmpdate
 	/root/.boca-updates.$tmpdate
+	echo "Running BOCA update"
+    else
+	rm /root/.boca-updates.$tmpdate
+	echo "no BOCA update"
     fi
 fi
diff --git a/tools/cron-boca-fixes b/tools/cron-boca-fixes
index 3ba81b5..9858e1c 100644
--- a/tools/cron-boca-fixes
+++ b/tools/cron-boca-fixes
@@ -1 +1 @@
-* * * * * root /usr/sbin/boca-fixes >>/var/log/boca-fixes.out 2>>/var/log/boca-fixes.err
+*/20 * * * * root /usr/sbin/boca-fixes >>/var/log/boca-fixes.out 2>>/var/log/boca-fixes.err
-- 
cgit v1.2.3


From b3d6ce4d2c1650d2e99787f372c51d88d07d65d6 Mon Sep 17 00:00:00 2001
From: cassio <cassiopc@gmail.com>
Date: Wed, 29 Aug 2018 13:44:16 +0200
Subject: fix install

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 99932df..78fafdc 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@ tools/boca-submit-run-root-wrapper: tools/boca-submit-run-root-wrapper.c
 	gcc $^ -o $@
 
 install-bocawww:
-	mkdir -p  $(DESTDIR)/var/www/boca/
+	mkdir -p $(DESTDIR)/usr/sbin $(DESTDIR)/etc/cron.d $(DESTDIR)/var/www/boca/
 	cp -r src $(DESTDIR)/var/www/boca/
 	cp -r doc $(DESTDIR)/var/www/boca/
 	install tools/boca-fixssh $(DESTDIR)/usr/sbin/
-- 
cgit v1.2.3


From 893c493314e12631d90c724ce2c985174cc24f17 Mon Sep 17 00:00:00 2001
From: cassio <cassiopc@gmail.com>
Date: Wed, 29 Aug 2018 15:03:37 +0200
Subject: forcing chmod no postinstall

---
 Makefile                              | 3 +++
 debian/boca-submission-tools.postinst | 7 ++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 78fafdc..af01438 100644
--- a/Makefile
+++ b/Makefile
@@ -23,18 +23,21 @@ install-bocaapache:
 install-scripts:
 	mkdir -p $(DESTDIR)/usr/sbin/
 	install tools/dump.sh $(DESTDIR)/usr/sbin/boca-dump
+	chmod 700 $(DESTDIR)/usr/sbin/boca-dump
 
 install-bocadb:
 	mkdir -p $(DESTDIR)/usr/sbin/
 	mkdir -p $(DESTDIR)/etc
 	cp -r tools/postgresql $(DESTDIR)/etc
 	install tools/boca-createdb.sh $(DESTDIR)/usr/sbin/boca-createdb
+	chmod 700 $(DESTDIR)/usr/sbin/boca-createdb
 
 install-bocacommon: install-bocawww
 	mkdir -p $(DESTDIR)/usr/sbin/
 	mkdir -p $(DESTDIR)/etc/
 	cp tools/boca.conf $(DESTDIR)/etc/
 	install tools/boca-config-dbhost.sh $(DESTDIR)/usr/sbin/boca-config-dbhost
+	chmod 700 $(DESTDIR)/usr/sbin/boca-config-dbhost
 
 install-bocaautojudge: tools/safeexec
 	mkdir -p $(DESTDIR)/usr/sbin/
diff --git a/debian/boca-submission-tools.postinst b/debian/boca-submission-tools.postinst
index 17945a4..dd3f8e4 100644
--- a/debian/boca-submission-tools.postinst
+++ b/debian/boca-submission-tools.postinst
@@ -1,7 +1,12 @@
 #!/bin/bash
 
-#Make sure wrapper is suid
+#Make sure wrapper is suid and others are not readable
 chmod 4555 /usr/bin/boca-submit-run-root-wrapper
+chmod 700 /usr/sbin/boca-fixes
+chmod 700 /usr/sbin/boca-auth-runs
+chmod 700 /usr/sbin/boca-outmanage
+chmod 700 /usr/sbin/boca-submit-log
+chmod 700 /usr/bin/boca-submit-run-*
 
 for i in boca-submit-list boca-submit-oldlist; do
   rm -f /usr/bin/$i || true
-- 
cgit v1.2.3


From 27cf41d1424d045e7c54c2fa12f87bedb663b781 Mon Sep 17 00:00:00 2001
From: cassio <cassiopc@gmail.com>
Date: Wed, 29 Aug 2018 15:04:33 +0200
Subject: trashing output

---
 debian/boca-submission-tools.postinst | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/debian/boca-submission-tools.postinst b/debian/boca-submission-tools.postinst
index dd3f8e4..6cd6b4f 100644
--- a/debian/boca-submission-tools.postinst
+++ b/debian/boca-submission-tools.postinst
@@ -1,12 +1,12 @@
 #!/bin/bash
 
 #Make sure wrapper is suid and others are not readable
-chmod 4555 /usr/bin/boca-submit-run-root-wrapper
-chmod 700 /usr/sbin/boca-fixes
-chmod 700 /usr/sbin/boca-auth-runs
-chmod 700 /usr/sbin/boca-outmanage
-chmod 700 /usr/sbin/boca-submit-log
-chmod 700 /usr/bin/boca-submit-run-*
+chmod 4555 /usr/bin/boca-submit-run-root-wrapper  2>/dev/null
+chmod 700 /usr/sbin/boca-fixes 2>/dev/null
+chmod 700 /usr/sbin/boca-auth-runs 2>/dev/null
+chmod 700 /usr/sbin/boca-outmanage  2>/dev/null
+chmod 700 /usr/sbin/boca-submit-log  2>/dev/null
+chmod 700 /usr/bin/boca-submit-run-*  2>/dev/null
 
 for i in boca-submit-list boca-submit-oldlist; do
   rm -f /usr/bin/$i || true
-- 
cgit v1.2.3


From b117763dfafeec631c47a8fca6880400c5c6d854 Mon Sep 17 00:00:00 2001
From: cassio <cassiopc@gmail.com>
Date: Wed, 29 Aug 2018 15:17:19 +0200
Subject: chmods in the postinst

---
 Makefile                              |  2 +-
 debian/boca-autojudge.postinst        |  4 +++-
 debian/boca-common.postinst           |  3 +++
 debian/boca-db.postinst               |  3 +++
 debian/boca-submission-tools.postinst | 12 ++++++------
 5 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/Makefile b/Makefile
index af01438..6ec0a69 100644
--- a/Makefile
+++ b/Makefile
@@ -44,9 +44,9 @@ install-bocaautojudge: tools/safeexec
 	mkdir -p $(DESTDIR)/usr/bin/
 	mkdir -p $(DESTDIR)/etc/
 	install tools/safeexec $(DESTDIR)/usr/bin/safeexec
-	chmod 4555 $(DESTDIR)/usr/bin/safeexec
 	install tools/boca-createjail $(DESTDIR)/usr/sbin/boca-createjail
 	install tools/boca-autojudge.sh $(DESTDIR)/usr/sbin/boca-autojudge
+	chmod 4555 $(DESTDIR)/usr/bin/safeexec
 	chmod 700 $(DESTDIR)/usr/sbin/boca-createjail
 	chmod 700 $(DESTDIR)/usr/sbin/boca-autojudge
 
diff --git a/debian/boca-autojudge.postinst b/debian/boca-autojudge.postinst
index 37b144c..06fa222 100644
--- a/debian/boca-autojudge.postinst
+++ b/debian/boca-autojudge.postinst
@@ -1,5 +1,7 @@
 #!/bin/bash
 
-chmod 4555 /usr/bin/safeexec
+chmod 4555 /usr/bin/safeexec  
+chmod 700 /usr/sbin/boca-createjail 
+chmod 700 /usr/sbin/boca-autojudge
 
 exit 0
diff --git a/debian/boca-common.postinst b/debian/boca-common.postinst
index d28de8a..0a35a35 100644
--- a/debian/boca-common.postinst
+++ b/debian/boca-common.postinst
@@ -1,5 +1,8 @@
 #!/bin/bash
 
+chmod 700 /usr/sbin/boca-config-dbhost
+chmod 700 /usr/sbin/boca-fixssh
+
 set -e
 
 . /usr/share/debconf/confmodule
diff --git a/debian/boca-db.postinst b/debian/boca-db.postinst
index c4215df..de205c0 100644
--- a/debian/boca-db.postinst
+++ b/debian/boca-db.postinst
@@ -1,5 +1,8 @@
 #!/bin/bash
 
+chmod 700 /usr/sbin/boca-createdb
+chmod 700 /usr/sbin/boca-dump
+
 set -e
 
 . /usr/share/debconf/confmodule
diff --git a/debian/boca-submission-tools.postinst b/debian/boca-submission-tools.postinst
index 6cd6b4f..b8a5dcf 100644
--- a/debian/boca-submission-tools.postinst
+++ b/debian/boca-submission-tools.postinst
@@ -1,12 +1,12 @@
 #!/bin/bash
 
 #Make sure wrapper is suid and others are not readable
-chmod 4555 /usr/bin/boca-submit-run-root-wrapper  2>/dev/null
-chmod 700 /usr/sbin/boca-fixes 2>/dev/null
-chmod 700 /usr/sbin/boca-auth-runs 2>/dev/null
-chmod 700 /usr/sbin/boca-outmanage  2>/dev/null
-chmod 700 /usr/sbin/boca-submit-log  2>/dev/null
-chmod 700 /usr/bin/boca-submit-run-*  2>/dev/null
+chmod 4555 /usr/bin/boca-submit-run-root-wrapper 
+chmod 700 /usr/sbin/boca-fixes
+chmod 700 /usr/sbin/boca-auth-runs 
+chmod 700 /usr/sbin/boca-outmanage 
+chmod 700 /usr/sbin/boca-submit-log  
+chmod 700 /usr/bin/boca-submit-run-*
 
 for i in boca-submit-list boca-submit-oldlist; do
   rm -f /usr/bin/$i || true
-- 
cgit v1.2.3