1 files changed, 286 insertions, 1 deletions
diff --git a/src/eyefiworker.cc b/src/eyefiworker.cc
index 450661a..ac75fc1 100644
--- a/src/eyefiworker.cc
+++ b/src/eyefiworker.cc
@@ -1,54 +1,339 @@
 #include <signal.h>
 #ifndef NDEBUG
 # include <sys/resource.h>
 #endif
 #include <syslog.h>
+#include <cassert>
+#include <iostream>
+#include <fstream>
 #include <stdexcept>
+#include <iterator>
+#include <algorithm>
+#include <sys/wait.h>
+#include <autosprintf.h>
+#include "eyekinfig.h"
+#include "eyetil.h"
 #include "eyefiworker.h"
 #ifdef HAVE_SQLITE
-# include "sqlite3.h"
+# include "iiidb.h"
 #endif
 eyefiworker::eyefiworker()
    : eyefiService(SOAP_IO_STORE|SOAP_IO_KEEPALIVE) {
        bind_flags = SO_REUSEADDR; max_keep_alive = 0;
        socket_flags =
 #if defined(MSG_NOSIGNAL)
            MSG_NOSIGNAL
 #elif defined(SO_NOSIGPIPE)
            SO_NOSIGPIPE
 #else
 #error Something is wrong with sigpipe prevention on the platform
 #endif
            ;
    }
 int eyefiworker::run(int bindport) {
 #ifdef HAVE_SQLITE
    sqlite3_initialize();
 #endif
    if(!soap_valid_socket(bind(0,bindport,64)))
        throw std::runtime_error("failed to bind()");
    signal(SIGCHLD,SIG_IGN);
    while(true) {
        if(!soap_valid_socket(accept()))
            throw std::runtime_error("failed to accept()");
        pid_t p = fork();
        if(p<0) throw std::runtime_error("failed to fork()");
        if(!p) {
            recv_timeout = 600; send_timeout = 120;
            (void)serve();
            soap_destroy(this); soap_end(this); soap_done(this);
 #ifndef NDEBUG
            struct rusage ru;
            if(getrusage(RUSAGE_SELF,&ru)) {
                syslog(LOG_NOTICE,"Failed to getrusage(): %d",errno);
            }else{
                syslog(LOG_INFO,"maxrss: %ld\n",ru.ru_maxrss);
            }
 #endif /* NDEBUG */
            _exit(0);
        }
        close(socket); socket = SOAP_INVALID_SOCKET;
    }
 }
+static binary_t session_nonce;
+#ifdef HAVE_SQLITE
+    static struct {
+        std::string filesignature;
+        long filesize;
+        std::string filename;
+        inline void reset() { filesignature.erase(); filename.erase(); filesize=0; }
+        inline void set(const std::string n,const std::string sig,long siz) {
+            filename = n; filesignature = sig; filesize = siz;
+        }
+        inline bool is(const std::string n,const std::string sig,long siz) {
+            return filesize==siz && filename==n && filesignature==sig;
+        }
+    }   already;
+#endif /* HAVE_SQLITE */
+static bool detached_child() {
+    pid_t p = fork();
+    if(p<0) {
+        syslog(LOG_ERR,"Failed to fork away for hook execution");
+        _exit(-1);
+    }
+    if(!p) {
+        setsid();
+        for(int i=getdtablesize();i>=0;--i) close(i);
+        int i=open("/dev/null",O_RDWR); assert(i==0);
+        i = dup(i); assert(i==1);
+        i = dup(i); assert(i==2);
+        return true;
+    }
+    return false;
+}
+static int E(eyefiworker* efs,const char *c,const std::exception& e) {
+    efs->keep_alive=0;
+    syslog(LOG_ERR,"error while processing %s: %s",c,e.what());
+    return soap_sender_fault(efs,gnu::autosprintf("error processing %s",c),0);
+}
+int eyefiworker::StartSession(
+        std::string macaddress,std::string cnonce,
+        int transfermode,long transfermodetimestamp,
+        struct rns__StartSessionResponse &r ) try {
+    syslog(LOG_INFO,
+            "StartSession request from %s with cnonce=%s, transfermode=%d, transfermodetimestamp=%ld",
+            macaddress.c_str(), cnonce.c_str(), transfermode, transfermodetimestamp );
+    eyekinfig_t eyekinfig(macaddress);
+    r.credential = binary_t(macaddress+cnonce+eyekinfig.get_upload_key()).md5().hex();
+    r.snonce = session_nonce.make_nonce().hex();
+    r.transfermode=transfermode;
+    r.transfermodetimestamp=transfermodetimestamp;
+    r.upsyncallowed=false;
+    std::string cmd = eyekinfig.get_on_start_session();
+    if(!cmd.empty()) {
+        if(detached_child()) {
+            putenv( gnu::autosprintf("EYEFI_MACADDRESS=%s",macaddress.c_str()) );
+            putenv( gnu::autosprintf("EYEFI_TRANSFERMODE=%d",transfermode) );
+            putenv( gnu::autosprintf("EYEFI_TRANSFERMODETIMESTAMP=%ld",transfermodetimestamp) );
+            char *argv[] = { (char*)"/bin/sh", (char*)"-c", (char*)cmd.c_str(), 0 };
+            execv("/bin/sh",argv);
+            syslog(LOG_ERR,"Failed to execute '%s'",cmd.c_str());
+            _exit(-1);
+        }
+    }
+    return SOAP_OK;
+}catch(const std::exception& e) { return E(this,"StartSession",e); }
+int eyefiworker::GetPhotoStatus(
+        std::string credential, std::string macaddress,
+        std::string filename, long filesize, std::string filesignature,
+        int flags,
+        struct rns__GetPhotoStatusResponse &r ) try {
+    syslog(LOG_INFO,
+            "GetPhotoStatus request from %s with credential=%s, filename=%s, filesize=%ld, filesignature=%s, flags=%d; session nonce=%s",
+            macaddress.c_str(), credential.c_str(), filename.c_str(), filesize, filesignature.c_str(), flags,
+            session_nonce.hex().c_str() );
+    eyekinfig_t eyekinfig(macaddress);
+    std::string computed_credential = binary_t(macaddress+eyekinfig.get_upload_key()+session_nonce.hex()).md5().hex();
+#ifndef NDEBUG
+    syslog(LOG_DEBUG, " computed credential=%s", computed_credential.c_str());
+#endif
+    if (credential != computed_credential) throw std::runtime_error("card authentication failed");
+#ifdef HAVE_SQLITE
+    iiidb_t D(eyekinfig);
+    seclude::stmt_t S = D.prepare(
+            "SELECT fileid FROM photo"
+            " WHERE mac=:mac AND filename=:filename"
+            "  AND filesize=:filesize AND filesignature=:filesignature"
+    ).bind(":mac",macaddress)
+     .bind(":filename",filename).bind(":filesize",filesize)
+     .bind(":filesignature",filesignature);
+    if(!S.step()) {
+        r.fileid = 1; r.offset = 0;
+    }else{
+        r.fileid = S.column<long>(0);
+        r.offset = filesize;
+        already.set(filename,filesignature,filesize);
+    }
+#else /* HAVE_SQLITE */
+    r.fileid=1, r.offset=0;
+#endif /* HAVE_SQLITE */
+    return SOAP_OK;
+}catch(const std::exception& e) { return E(this,"GetPhotoStatus",e); }
+int eyefiworker::MarkLastPhotoInRoll(
+        std::string macaddress, int mergedelta,
+        struct rns__MarkLastPhotoInRollResponse&/* r */ ) try {
+    syslog(LOG_INFO,
+            "MarkLastPhotoInRoll request from %s with mergedelta=%d",
+            macaddress.c_str(), mergedelta );
+    std::string cmd = eyekinfig_t(macaddress).get_on_mark_last_photo_in_roll();
+    if(!cmd.empty()) {
+        if(detached_child()) {
+            putenv( gnu::autosprintf("EYEFI_MACADDRESS=%s",macaddress.c_str()) );
+            putenv( gnu::autosprintf("EYEFI_MERGEDELTA=%d",mergedelta) );
+            char *argv[] = { (char*)"/bin/sh", (char*)"-c", (char*)cmd.c_str(), 0 };
+            execv("/bin/sh",argv);
+            syslog(LOG_ERR,"Failed to execute '%s'",cmd.c_str());
+            _exit(-1);
+        }
+    }
+    keep_alive = 0;
+    return SOAP_OK;
+}catch(const std::exception& e) { return E(this,"MarkLastPhotoInRoll",e); }
+int eyefiworker::UploadPhoto(
+        int fileid, std::string macaddress,
+        std::string filename, long filesize, std::string filesignature,
+        std::string encryption, int flags,
+        struct rns__UploadPhotoResponse& r ) try {
+    syslog(LOG_INFO,
+            "UploadPhoto request from %s with fileid=%d, filename=%s, filesize=%ld,"
+            " filesignature=%s, encryption=%s, flags=%04X",
+            macaddress.c_str(), fileid, filename.c_str(), filesize,
+            filesignature.c_str(), encryption.c_str(), flags );
+    std::string::size_type fnl=filename.length();
+    if(fnl<sizeof(".tar") || strncmp(filename.c_str()+fnl-sizeof(".tar")+sizeof(""),".tar",sizeof(".tar")))
+        throw std::runtime_error(gnu::autosprintf("honestly, I expected the tarball coming here, not '%s'",filename.c_str()));
+    std::string the_file(filename,0,fnl-sizeof(".tar")+sizeof(""));
+    std::string the_log = the_file+".log";
+    eyekinfig_t eyekinfig(macaddress);
+    umask(eyekinfig.get_umask());
+    std::string td = eyekinfig.get_targetdir();
+    tmpdir_t indir(td+"/.incoming.XXXXXX");
+    std::string tf,lf;
+    binary_t digest, idigest;
+#ifdef HAVE_SQLITE
+    bool beenthere = false;
+#endif
+    for(soap_multipart::iterator i=mime.begin(),ie=mime.end();i!=ie;++i) {
+#ifndef NDEBUG
+        syslog(LOG_DEBUG,
+                " MIME attachment with id=%s, type=%s, size=%ld",
+                (*i).id, (*i).type, (long)(*i).size );
+#endif
+        if((*i).id && !strcmp((*i).id,"INTEGRITYDIGEST")) {
+            std::string idigestr((*i).ptr,(*i).size);
+#ifndef NDEBUG
+            syslog(LOG_DEBUG, " INTEGRITYDIGEST=%s", idigestr.c_str());
+#endif
+            idigest.from_hex(idigestr);
+        }
+        if( (*i).id && !strcmp((*i).id,"FILENAME") ) {
+            assert( (*i).type && !strcmp((*i).type,"application/x-tar") );
+#ifdef III_SAVE_TARS
+            std::string tarfile = indir.get_file(filename);
+            {
+                std::ofstream(tarfile.c_str(),std::ios::out|std::ios::binary).write((*i).ptr,(*i).size);
+            }
+#endif
+            if(!tf.empty()) throw std::runtime_error("already seen tarball");
+            if(!digest.empty()) throw std::runtime_error("already have integrity digest");
+            digest = integrity_digest((*i).ptr,(*i).size,eyekinfig.get_upload_key());
+#ifndef NDEBUG
+            syslog(LOG_DEBUG," computed integrity digest=%s", digest.hex().c_str());
+#endif
+#ifdef HAVE_SQLITE
+            if(!(*i).size) {
+                if(!already.is(filename,filesignature,filesize))
+                    throw std::runtime_error("got zero-length upload for unknown file");
+                beenthere = true; continue;
+            }
+#endif
+            tarchive_t a((*i).ptr,(*i).size);
+            while(a.read_next_header()) {
+                std::string ep = a.entry_pathname(), f = indir.get_file(ep);
+                if(ep==the_file) tf = f;
+                else if(ep==the_log) lf = f;
+                else continue;
+                int fd=open(f.c_str(),O_CREAT|O_WRONLY,0666);
+                if(fd<0)
+                    throw std::runtime_error(gnu::autosprintf("failed to create output file '%s'",f.c_str()));
+                if(!a.read_data_into_fd(fd))
+                    throw std::runtime_error(gnu::autosprintf("failed to untar file into '%s'",f.c_str()));
+                close(fd);
+            }
+        }
+    }
+#ifdef HAVE_SQLITE
+    if(beenthere) {
+        r.success=true;
+        return SOAP_OK;
+    }
+#endif
+    if(tf.empty()) throw std::runtime_error("haven't seen THE file");
+    if(digest!=idigest) throw std::runtime_error("integrity digest verification failed");
+    std::string::size_type ls = tf.rfind('/');
+    // XXX: actually, lack of '/' signifies error here
+    std::string tbn = (ls==std::string::npos)?tf:tf.substr(ls+1);
+    ls = lf.rfind('/');
+    std::string lbn = (ls==std::string::npos)?lf:lf.substr(ls+1);
+    std::string ttf,tlf;
+    bool success = false;
+    for(int i=0;i<32767;++i) {
+        const char *fmt = i ? "%1$s/(%3$05d)%2$s" : "%1$s/%2$s";
+        ttf = (const char*)gnu::autosprintf(fmt,td.c_str(),tbn.c_str(),i);
+        if(!lf.empty()) tlf = (const char*)gnu::autosprintf(fmt,td.c_str(),lbn.c_str(),i);
+        if( (!link(tf.c_str(),ttf.c_str())) && (lf.empty() || !link(lf.c_str(),tlf.c_str())) ) {
+            unlink(tf.c_str());
+            if(!lf.empty()) unlink(lf.c_str());
+            success=true;
+            break;
+        }
+    }
+    std::string cmd = eyekinfig.get_on_upload_photo();
+    if(success) {
+#ifdef HAVE_SQLITE
+        {
+            iiidb_t D(eyekinfig);
+            D.prepare(
+                    "INSERT INTO photo"
+                    " (ctime,mac,fileid,filename,filesize,filesignature,encryption,flags)"
+                    " VALUES"
+                    " (:ctime,:mac,:fileid,:filename,:filesize,:filesignature,:encryption,:flags)"
+            ).bind(":ctime",time(0))
+             .bind(":mac",macaddress)
+             .bind(":fileid",fileid).bind(":filename",filename)
+             .bind(":filesize",filesize).bind(":filesignature",filesignature)
+             .bind(":encryption",encryption).bind(":flags",flags)
+             .step();
+        }
+#endif /* HAVE_SQLITE */
+        if((!cmd.empty()) && detached_child()) {
+            putenv( gnu::autosprintf("EYEFI_UPLOADED_ORIG=%s",tbn.c_str()) );
+            putenv( gnu::autosprintf("EYEFI_MACADDRESS=%s",macaddress.c_str()) );
+            putenv( gnu::autosprintf("EYEFI_UPLOADED=%s",ttf.c_str()) );
+            if(!lf.empty()) putenv( gnu::autosprintf("EYEFI_LOG=%s",tlf.c_str()) );
+            char *argv[] = { (char*)"/bin/sh", (char*)"-c", (char*)cmd.c_str(), 0 };
+            execv("/bin/sh",argv);
+            syslog(LOG_ERR,"Failed to execute '%s'",cmd.c_str());
+            _exit(-1);
+        }
+    }
+    r.success = true;
+    return SOAP_OK;
+}catch(const std::exception& e) { return E(this,"UploadPhoto",e); }

diff --git a/src/eyefiworker.cc b/src/eyefiworker.cc index 450661a..ac75fc1 100644 --- a/src/eyefiworker.cc +++ b/src/eyefiworker.cc
@@ -1,54 +1,339 @@
1	#include <signal.h>	1	#include <signal.h>
2	#ifndef NDEBUG	2	#ifndef NDEBUG
3	# include <sys/resource.h>	3	# include <sys/resource.h>
4	#endif	4	#endif
5	#include <syslog.h>	5	#include <syslog.h>
		6	#include <cassert>
		7	#include <iostream>
		8	#include <fstream>
6	#include <stdexcept>	9	#include <stdexcept>
		10	#include <iterator>
		11	#include <algorithm>
		12	#include <sys/wait.h>
		13	#include <autosprintf.h>
		14	#include "eyekinfig.h"
		15	#include "eyetil.h"
7	#include "eyefiworker.h"	16	#include "eyefiworker.h"
8	#ifdef HAVE_SQLITE	17	#ifdef HAVE_SQLITE
9	# include "sqlite3.h"	18	# include "iiidb.h"
10	#endif	19	#endif
11		20
12	eyefiworker::eyefiworker()	21	eyefiworker::eyefiworker()
13	: eyefiService(SOAP_IO_STORE\|SOAP_IO_KEEPALIVE) {	22	: eyefiService(SOAP_IO_STORE\|SOAP_IO_KEEPALIVE) {
14	bind_flags = SO_REUSEADDR; max_keep_alive = 0;	23	bind_flags = SO_REUSEADDR; max_keep_alive = 0;
15	socket_flags =	24	socket_flags =
16	#if defined(MSG_NOSIGNAL)	25	#if defined(MSG_NOSIGNAL)
17	MSG_NOSIGNAL	26	MSG_NOSIGNAL
18	#elif defined(SO_NOSIGPIPE)	27	#elif defined(SO_NOSIGPIPE)
19	SO_NOSIGPIPE	28	SO_NOSIGPIPE
20	#else	29	#else
21	#error Something is wrong with sigpipe prevention on the platform	30	#error Something is wrong with sigpipe prevention on the platform
22	#endif	31	#endif
23	;	32	;
24	}	33	}
25		34
26	int eyefiworker::run(int bindport) {	35	int eyefiworker::run(int bindport) {
27	#ifdef HAVE_SQLITE	36	#ifdef HAVE_SQLITE
28	sqlite3_initialize();	37	sqlite3_initialize();
29	#endif	38	#endif
30	if(!soap_valid_socket(bind(0,bindport,64)))	39	if(!soap_valid_socket(bind(0,bindport,64)))
31	throw std::runtime_error("failed to bind()");	40	throw std::runtime_error("failed to bind()");
32	signal(SIGCHLD,SIG_IGN);	41	signal(SIGCHLD,SIG_IGN);
33	while(true) {	42	while(true) {
34	if(!soap_valid_socket(accept()))	43	if(!soap_valid_socket(accept()))
35	throw std::runtime_error("failed to accept()");	44	throw std::runtime_error("failed to accept()");
36	pid_t p = fork();	45	pid_t p = fork();
37	if(p<0) throw std::runtime_error("failed to fork()");	46	if(p<0) throw std::runtime_error("failed to fork()");
38	if(!p) {	47	if(!p) {
39	recv_timeout = 600; send_timeout = 120;	48	recv_timeout = 600; send_timeout = 120;
40	(void)serve();	49	(void)serve();
41	soap_destroy(this); soap_end(this); soap_done(this);	50	soap_destroy(this); soap_end(this); soap_done(this);
42	#ifndef NDEBUG	51	#ifndef NDEBUG
43	struct rusage ru;	52	struct rusage ru;
44	if(getrusage(RUSAGE_SELF,&ru)) {	53	if(getrusage(RUSAGE_SELF,&ru)) {
45	syslog(LOG_NOTICE,"Failed to getrusage(): %d",errno);	54	syslog(LOG_NOTICE,"Failed to getrusage(): %d",errno);
46	}else{	55	}else{
47	syslog(LOG_INFO,"maxrss: %ld\n",ru.ru_maxrss);	56	syslog(LOG_INFO,"maxrss: %ld\n",ru.ru_maxrss);
48	}	57	}
49	#endif /* NDEBUG */	58	#endif /* NDEBUG */
50	_exit(0);	59	_exit(0);
51	}	60	}
52	close(socket); socket = SOAP_INVALID_SOCKET;	61	close(socket); socket = SOAP_INVALID_SOCKET;
53	}	62	}
54	}	63	}
		64
		65	static binary_t session_nonce;
		66	#ifdef HAVE_SQLITE
		67	static struct {
		68	std::string filesignature;
		69	long filesize;
		70	std::string filename;
		71	inline void reset() { filesignature.erase(); filename.erase(); filesize=0; }
		72	inline void set(const std::string n,const std::string sig,long siz) {
		73	filename = n; filesignature = sig; filesize = siz;
		74	}
		75	inline bool is(const std::string n,const std::string sig,long siz) {
		76	return filesize==siz && filename==n && filesignature==sig;
		77	}
		78	} already;
		79	#endif /* HAVE_SQLITE */
		80
		81	static bool detached_child() {
		82	pid_t p = fork();
		83	if(p<0) {
		84	syslog(LOG_ERR,"Failed to fork away for hook execution");
		85	_exit(-1);
		86	}
		87	if(!p) {
		88	setsid();
		89	for(int i=getdtablesize();i>=0;--i) close(i);
		90	int i=open("/dev/null",O_RDWR); assert(i==0);
		91	i = dup(i); assert(i==1);
		92	i = dup(i); assert(i==2);
		93	return true;
		94	}
		95	return false;
		96	}
		97
		98	static int E(eyefiworker* efs,const char *c,const std::exception& e) {
		99	efs->keep_alive=0;
		100	syslog(LOG_ERR,"error while processing %s: %s",c,e.what());
		101	return soap_sender_fault(efs,gnu::autosprintf("error processing %s",c),0);
		102	}
		103
		104	int eyefiworker::StartSession(
		105	std::string macaddress,std::string cnonce,
		106	int transfermode,long transfermodetimestamp,
		107	struct rns__StartSessionResponse &r ) try {
		108	syslog(LOG_INFO,
		109	"StartSession request from %s with cnonce=%s, transfermode=%d, transfermodetimestamp=%ld",
		110	macaddress.c_str(), cnonce.c_str(), transfermode, transfermodetimestamp );
		111	eyekinfig_t eyekinfig(macaddress);
		112	r.credential = binary_t(macaddress+cnonce+eyekinfig.get_upload_key()).md5().hex();
		113
		114	r.snonce = session_nonce.make_nonce().hex();
		115	r.transfermode=transfermode;
		116	r.transfermodetimestamp=transfermodetimestamp;
		117	r.upsyncallowed=false;
		118
		119	std::string cmd = eyekinfig.get_on_start_session();
		120	if(!cmd.empty()) {
		121	if(detached_child()) {
		122	putenv( gnu::autosprintf("EYEFI_MACADDRESS=%s",macaddress.c_str()) );
		123	putenv( gnu::autosprintf("EYEFI_TRANSFERMODE=%d",transfermode) );
		124	putenv( gnu::autosprintf("EYEFI_TRANSFERMODETIMESTAMP=%ld",transfermodetimestamp) );
		125	char argv[] = { (char)"/bin/sh", (char)"-c", (char)cmd.c_str(), 0 };
		126	execv("/bin/sh",argv);
		127	syslog(LOG_ERR,"Failed to execute '%s'",cmd.c_str());
		128	_exit(-1);
		129	}
		130	}
		131	return SOAP_OK;
		132	}catch(const std::exception& e) { return E(this,"StartSession",e); }
		133
		134	int eyefiworker::GetPhotoStatus(
		135	std::string credential, std::string macaddress,
		136	std::string filename, long filesize, std::string filesignature,
		137	int flags,
		138	struct rns__GetPhotoStatusResponse &r ) try {
		139	syslog(LOG_INFO,
		140	"GetPhotoStatus request from %s with credential=%s, filename=%s, filesize=%ld, filesignature=%s, flags=%d; session nonce=%s",
		141	macaddress.c_str(), credential.c_str(), filename.c_str(), filesize, filesignature.c_str(), flags,
		142	session_nonce.hex().c_str() );
		143
		144	eyekinfig_t eyekinfig(macaddress);
		145	std::string computed_credential = binary_t(macaddress+eyekinfig.get_upload_key()+session_nonce.hex()).md5().hex();
		146
		147	#ifndef NDEBUG
		148	syslog(LOG_DEBUG, " computed credential=%s", computed_credential.c_str());
		149	#endif
		150
		151	if (credential != computed_credential) throw std::runtime_error("card authentication failed");
		152
		153	#ifdef HAVE_SQLITE
		154	iiidb_t D(eyekinfig);
		155	seclude::stmt_t S = D.prepare(
		156	"SELECT fileid FROM photo"
		157	" WHERE mac=:mac AND filename=:filename"
		158	" AND filesize=:filesize AND filesignature=:filesignature"
		159	).bind(":mac",macaddress)
		160	.bind(":filename",filename).bind(":filesize",filesize)
		161	.bind(":filesignature",filesignature);
		162	if(!S.step()) {
		163	r.fileid = 1; r.offset = 0;
		164	}else{
		165	r.fileid = S.column<long>(0);
		166	r.offset = filesize;
		167	already.set(filename,filesignature,filesize);
		168	}
		169	#else /* HAVE_SQLITE */
		170	r.fileid=1, r.offset=0;
		171	#endif /* HAVE_SQLITE */
		172	return SOAP_OK;
		173	}catch(const std::exception& e) { return E(this,"GetPhotoStatus",e); }
		174
		175	int eyefiworker::MarkLastPhotoInRoll(
		176	std::string macaddress, int mergedelta,
		177	struct rns__MarkLastPhotoInRollResponse&/* r */ ) try {
		178	syslog(LOG_INFO,
		179	"MarkLastPhotoInRoll request from %s with mergedelta=%d",
		180	macaddress.c_str(), mergedelta );
		181	std::string cmd = eyekinfig_t(macaddress).get_on_mark_last_photo_in_roll();
		182	if(!cmd.empty()) {
		183	if(detached_child()) {
		184	putenv( gnu::autosprintf("EYEFI_MACADDRESS=%s",macaddress.c_str()) );
		185	putenv( gnu::autosprintf("EYEFI_MERGEDELTA=%d",mergedelta) );
		186	char argv[] = { (char)"/bin/sh", (char)"-c", (char)cmd.c_str(), 0 };
		187	execv("/bin/sh",argv);
		188	syslog(LOG_ERR,"Failed to execute '%s'",cmd.c_str());
		189	_exit(-1);
		190	}
		191	}
		192	keep_alive = 0;
		193	return SOAP_OK;
		194	}catch(const std::exception& e) { return E(this,"MarkLastPhotoInRoll",e); }
		195
		196	int eyefiworker::UploadPhoto(
		197	int fileid, std::string macaddress,
		198	std::string filename, long filesize, std::string filesignature,
		199	std::string encryption, int flags,
		200	struct rns__UploadPhotoResponse& r ) try {
		201	syslog(LOG_INFO,
		202	"UploadPhoto request from %s with fileid=%d, filename=%s, filesize=%ld,"
		203	" filesignature=%s, encryption=%s, flags=%04X",
		204	macaddress.c_str(), fileid, filename.c_str(), filesize,
		205	filesignature.c_str(), encryption.c_str(), flags );
		206	std::string::size_type fnl=filename.length();
		207	if(fnl<sizeof(".tar") \|\| strncmp(filename.c_str()+fnl-sizeof(".tar")+sizeof(""),".tar",sizeof(".tar")))
		208	throw std::runtime_error(gnu::autosprintf("honestly, I expected the tarball coming here, not '%s'",filename.c_str()));
		209	std::string the_file(filename,0,fnl-sizeof(".tar")+sizeof(""));
		210	std::string the_log = the_file+".log";
		211
		212	eyekinfig_t eyekinfig(macaddress);
		213
		214	umask(eyekinfig.get_umask());
		215
		216	std::string td = eyekinfig.get_targetdir();
		217	tmpdir_t indir(td+"/.incoming.XXXXXX");
		218
		219	std::string tf,lf;
		220	binary_t digest, idigest;
		221	#ifdef HAVE_SQLITE
		222	bool beenthere = false;
		223	#endif
		224
		225	for(soap_multipart::iterator i=mime.begin(),ie=mime.end();i!=ie;++i) {
		226	#ifndef NDEBUG
		227	syslog(LOG_DEBUG,
		228	" MIME attachment with id=%s, type=%s, size=%ld",
		229	(i).id, (i).type, (long)(*i).size );
		230	#endif
		231
		232	if((i).id && !strcmp((i).id,"INTEGRITYDIGEST")) {
		233	std::string idigestr((i).ptr,(i).size);
		234	#ifndef NDEBUG
		235	syslog(LOG_DEBUG, " INTEGRITYDIGEST=%s", idigestr.c_str());
		236	#endif
		237	idigest.from_hex(idigestr);
		238	}
		239	if( (i).id && !strcmp((i).id,"FILENAME") ) {
		240	assert( (i).type && !strcmp((i).type,"application/x-tar") );
		241	#ifdef III_SAVE_TARS
		242	std::string tarfile = indir.get_file(filename);
		243	{
		244	std::ofstream(tarfile.c_str(),std::ios::out\|std::ios::binary).write((i).ptr,(i).size);
		245	}
		246	#endif
		247
		248	if(!tf.empty()) throw std::runtime_error("already seen tarball");
		249	if(!digest.empty()) throw std::runtime_error("already have integrity digest");
		250	digest = integrity_digest((i).ptr,(i).size,eyekinfig.get_upload_key());
		251	#ifndef NDEBUG
		252	syslog(LOG_DEBUG," computed integrity digest=%s", digest.hex().c_str());
		253	#endif
		254	#ifdef HAVE_SQLITE
		255	if(!(*i).size) {
		256	if(!already.is(filename,filesignature,filesize))
		257	throw std::runtime_error("got zero-length upload for unknown file");
		258	beenthere = true; continue;
		259	}
		260	#endif
		261
		262	tarchive_t a((i).ptr,(i).size);
		263	while(a.read_next_header()) {
		264	std::string ep = a.entry_pathname(), f = indir.get_file(ep);
		265	if(ep==the_file) tf = f;
		266	else if(ep==the_log) lf = f;
		267	else continue;
		268	int fd=open(f.c_str(),O_CREAT\|O_WRONLY,0666);
		269	if(fd<0)
		270	throw std::runtime_error(gnu::autosprintf("failed to create output file '%s'",f.c_str()));
		271	if(!a.read_data_into_fd(fd))
		272	throw std::runtime_error(gnu::autosprintf("failed to untar file into '%s'",f.c_str()));
		273	close(fd);
		274	}
		275	}
		276	}
		277
		278	#ifdef HAVE_SQLITE
		279	if(beenthere) {
		280	r.success=true;
		281	return SOAP_OK;
		282	}
		283	#endif
		284
		285	if(tf.empty()) throw std::runtime_error("haven't seen THE file");
		286	if(digest!=idigest) throw std::runtime_error("integrity digest verification failed");
		287
		288	std::string::size_type ls = tf.rfind('/');
		289	// XXX: actually, lack of '/' signifies error here
		290	std::string tbn = (ls==std::string::npos)?tf:tf.substr(ls+1);
		291	ls = lf.rfind('/');
		292	std::string lbn = (ls==std::string::npos)?lf:lf.substr(ls+1);
		293	std::string ttf,tlf;
		294	bool success = false;
		295	for(int i=0;i<32767;++i) {
		296	const char *fmt = i ? "%1$s/(%3$05d)%2$s" : "%1$s/%2$s";
		297	ttf = (const char*)gnu::autosprintf(fmt,td.c_str(),tbn.c_str(),i);
		298	if(!lf.empty()) tlf = (const char*)gnu::autosprintf(fmt,td.c_str(),lbn.c_str(),i);
		299	if( (!link(tf.c_str(),ttf.c_str())) && (lf.empty() \|\| !link(lf.c_str(),tlf.c_str())) ) {
		300	unlink(tf.c_str());
		301	if(!lf.empty()) unlink(lf.c_str());
		302	success=true;
		303	break;
		304	}
		305	}
		306	std::string cmd = eyekinfig.get_on_upload_photo();
		307	if(success) {
		308	#ifdef HAVE_SQLITE
		309	{
		310	iiidb_t D(eyekinfig);
		311	D.prepare(
		312	"INSERT INTO photo"
		313	" (ctime,mac,fileid,filename,filesize,filesignature,encryption,flags)"
		314	" VALUES"
		315	" (:ctime,:mac,:fileid,:filename,:filesize,:filesignature,:encryption,:flags)"
		316	).bind(":ctime",time(0))
		317	.bind(":mac",macaddress)
		318	.bind(":fileid",fileid).bind(":filename",filename)
		319	.bind(":filesize",filesize).bind(":filesignature",filesignature)
		320	.bind(":encryption",encryption).bind(":flags",flags)
		321	.step();
		322	}
		323	#endif /* HAVE_SQLITE */
		324	if((!cmd.empty()) && detached_child()) {
		325	putenv( gnu::autosprintf("EYEFI_UPLOADED_ORIG=%s",tbn.c_str()) );
		326	putenv( gnu::autosprintf("EYEFI_MACADDRESS=%s",macaddress.c_str()) );
		327	putenv( gnu::autosprintf("EYEFI_UPLOADED=%s",ttf.c_str()) );
		328	if(!lf.empty()) putenv( gnu::autosprintf("EYEFI_LOG=%s",tlf.c_str()) );
		329	char argv[] = { (char)"/bin/sh", (char)"-c", (char)cmd.c_str(), 0 };
		330	execv("/bin/sh",argv);
		331	syslog(LOG_ERR,"Failed to execute '%s'",cmd.c_str());
		332	_exit(-1);
		333	}
		334	}
		335
		336	r.success = true;
		337	return SOAP_OK;
		338	}catch(const std::exception& e) { return E(this,"UploadPhoto",e); }
		339