From 3cecde776b35069432d8b22443eda24ba8790829 Mon Sep 17 00:00:00 2001
From: Rom Walton <romw@romwnet.org>
Date: Wed, 18 Nov 2015 13:30:57 -0500
Subject: [PATCH] server: Refine 153f660 so that it reverts back to the
 original behavior by default.

Introduce a new template macro <RANDFILE_*/>.  This will inject a random number into the result file names making them hard to guess.
---
 tools/backend_lib.cpp             | 10 +---------
 tools/process_result_template.cpp | 31 +++++++++++++++++++++++++++++--
 2 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/tools/backend_lib.cpp b/tools/backend_lib.cpp
index edee36a90f..be982b0eff 100644
--- a/tools/backend_lib.cpp
+++ b/tools/backend_lib.cpp
@@ -51,14 +51,6 @@
 
 using std::string;
 
-// the random part of output filenames needs to be hard to guess
-//
-static struct random_init {
-    random_init() {
-        srand48(getpid() + time(0));
-    }
-} random_init;
-
 int read_file(FILE* f, char* buf, int len) {
     int n = fread(buf, 1, len, f);
     buf[n] = 0;
@@ -164,7 +156,7 @@ int create_result(
 
     result.priority += priority_increase;
     sprintf(result.name, "%s_%s", wu.name, result_name_suffix);
-    sprintf(base_outfile_name, "%s_%ld", result.name, lrand48());
+    sprintf(base_outfile_name, "%s_", result.name);
     retval = read_filename(
         result_template_filename, result_template, sizeof(result_template)
     );
diff --git a/tools/process_result_template.cpp b/tools/process_result_template.cpp
index bd55dd619f..5b163f3ce9 100644
--- a/tools/process_result_template.cpp
+++ b/tools/process_result_template.cpp
@@ -32,9 +32,18 @@
 #include "fcgi_stdio.h"
 #endif
 
-#define OUTFILE_MACRO   "<OUTFILE_"
+#define OUTFILE_MACRO         "<OUTFILE_"
+#define RANDFILE_MACRO        "<RANDFILE_"
 #define UPLOAD_URL_MACRO      "<UPLOAD_URL/>"
 
+// the random part of output filenames needs to be hard to guess
+//
+static struct random_init {
+    random_init() {
+        srand48(getpid() + time(0));
+    }
+} random_init;
+
 // Add a signature at the end of every <file_info> element,
 //
 int add_signatures(char* xml, R_RSA_PRIVATE_KEY& key) {
@@ -107,6 +116,8 @@ int remove_signatures(char* xml) {
 
 // macro-substitute a result template:
 // - replace OUTFILE_x with base_filename_x, etc.
+// - replace RANDFILE_x with base_filename_r_x, etc., where r is a
+//   large random number
 // - add signatures for file uploads
 // - strip enclosing <output_template> tags
 //
@@ -120,7 +131,7 @@ int process_result_template(
     SCHED_CONFIG& config_loc
 ) {
     char* p,*q;
-    char temp[BLOB_SIZE], buf[256];
+    char temp[BLOB_SIZE], buf[256], buf2[256];
     int retval;
 
     while (1) {
@@ -138,6 +149,22 @@ int process_result_template(
             strcat(p, temp);
             continue;
         }
+        p = strstr(result_template, RANDFILE_MACRO);
+        if (p) {
+            q = p+strlen(RANDFILE_MACRO);
+            char* endptr = strstr(q, "/>");
+            if (!endptr) return ERR_XML_PARSE;
+            if (strchr(q, '>') != endptr+1) return ERR_XML_PARSE;
+            *endptr = 0;
+            strcpy(buf, q);
+            sprintf(buf2, "%ld_", lrand48());
+            strcpy(temp, endptr+2);
+            strcpy(p, base_filename);
+            strcpy(p, buf2);
+            strcat(p, buf);
+            strcat(p, temp);
+            continue;
+        }
         p = strstr(result_template, UPLOAD_URL_MACRO);
         if (p) {
             strcpy(temp, p+strlen(UPLOAD_URL_MACRO));