/* Make a password, 10-15 random letters and digits
*/
void makepass(char *s)
{
int i;
i = 10 + randint(6);
make_rand_str(s, i);
}
char *salted_sha1(const char *in, const char* saltin)
{
char *tmp = NULL, buf[101] = "", *ret = NULL;
size_t ret_size = 0;
/* Create a 5 byte salt */
char salt[SHA1_SALT_LEN + 1] = "";
if (saltin) {
strlcpy(salt, saltin, sizeof(salt));
} else {
make_rand_str(salt, sizeof(salt) - 1);
}
/* SHA1 the salt+password */
simple_snprintf(buf, sizeof(buf), STR("%s%s"), salt, in);
tmp = SHA1(buf);
ret_size = SHA1_SALTED_LEN + 1;
ret = (char *) my_calloc(1, ret_size);
simple_snprintf(ret, ret_size, STR("+%s$%s"), salt, tmp);
/* Wipe cleartext pass from sha1 buffers/tmp */
SHA1(NULL);
return ret;
}
static char *mktempfile(char *filename)
{
char rands[8], *tempname, *fn = filename;
int l;
make_rand_str(rands, 7);
l = strlen(filename);
if ((l + MKTEMPFILE_TOT) > NAME_MAX) {
fn[NAME_MAX - MKTEMPFILE_TOT] = 0;
l = NAME_MAX - MKTEMPFILE_TOT;
fn = nmalloc(l + 1);
strncpy(fn, filename, l);
fn[l] = 0;
}
tempname = nmalloc(l + MKTEMPFILE_TOT + 1);
sprintf(tempname, "%u-%s-%s", getpid(), rands, fn);
if (fn != filename)
my_free(fn);
return tempname;
}
/* Uncompresses a file `filename' and saves it as `filename'.
*/
static int uncompress_file(char *filename)
{
char *temp_fn, randstr[5];
int ret;
/* Create temporary filename. */
temp_fn = nmalloc(strlen(filename) + 5);
make_rand_str(randstr, 4);
strcpy(temp_fn, filename);
strcat(temp_fn, randstr);
/* Uncompress file. */
ret = uncompress_to_file(filename, temp_fn);
/* Overwrite old file with uncompressed version. Only do so
* if the uncompression routine succeeded.
*/
if (ret == COMPF_SUCCESS)
movefile(temp_fn, filename);
nfree(temp_fn);
return ret;
}
/* Compresses a file `filename' and saves it as `filename'.
*/
int compress_file(char *filename, int mode_num)
{
char *temp_fn = NULL, randstr[5] = "";
int ret;
/* Create temporary filename. */
temp_fn = (char *) my_calloc(1, strlen(filename) + 5);
make_rand_str(randstr, 4);
strcpy(temp_fn, filename);
strcat(temp_fn, randstr);
/* Compress file. */
ret = compress_to_file(filename, temp_fn, mode_num);
/* Overwrite old file with compressed version. Only do so
* if the compression routine succeeded.
*/
if (ret == COMPF_SUCCESS)
movefile(temp_fn, filename);
free(temp_fn);
return ret;
}
void chanprog()
{
int i;
FILE *f;
char s[161], rands[8];
admin[0] = 0;
helpdir[0] = 0;
tempdir[0] = 0;
conmask = 0;
for (i = 0; i < max_logs; i++)
logs[i].flags |= LF_EXPIRING;
/* Turn off read-only variables (make them write-able) for rehash */
protect_readonly = 0;
/* Now read it */
if (!readtclprog(configfile))
fatal(MISC_NOCONFIGFILE, 0);
for (i = 0; i < max_logs; i++) {
if (logs[i].flags & LF_EXPIRING) {
if (logs[i].filename != NULL) {
nfree(logs[i].filename);
logs[i].filename = NULL;
}
if (logs[i].chname != NULL) {
nfree(logs[i].chname);
logs[i].chname = NULL;
}
if (logs[i].f != NULL) {
fclose(logs[i].f);
logs[i].f = NULL;
}
logs[i].mask = 0;
logs[i].flags = 0;
}
}
/* We should be safe now */
call_hook(HOOK_REHASH);
protect_readonly = 1;
if (!botnetnick[0])
strncpyz(botnetnick, origbotname, HANDLEN + 1);
if (!botnetnick[0])
fatal("I don't have a botnet nick!!\n", 0);
if (!userfile[0])
fatal(MISC_NOUSERFILE2, 0);
if (!readuserfile(userfile, &userlist)) {
if (!make_userfile) {
char tmp[178];
egg_snprintf(tmp, sizeof tmp, MISC_NOUSERFILE, configfile);
fatal(tmp, 0);
}
printf("\n\n%s\n", MISC_NOUSERFILE2);
if (module_find("server", 0, 0))
printf(MISC_USERFCREATE1, origbotname);
printf("%s\n\n", MISC_USERFCREATE2);
} else if (make_userfile) {
make_userfile = 0;
printf("%s\n", MISC_USERFEXISTS);
}
if (helpdir[0])
if (helpdir[strlen(helpdir) - 1] != '/')
strcat(helpdir, "/");
if (tempdir[0])
if (tempdir[strlen(tempdir) - 1] != '/')
strcat(tempdir, "/");
/* Test tempdir: it's vital. */
/* Possible file race condition solved by using a random string
* and the process id in the filename.
* FIXME: This race is only partitially fixed. We could still be
* overwriting an existing file / following a malicious
* link.
*/
make_rand_str(rands, 7); /* create random string */
sprintf(s, "%s.test-%u-%s", tempdir, getpid(), rands);
f = fopen(s, "w");
if (f == NULL)
fatal(MISC_CANTWRITETEMP, 0);
fclose(f);
unlink(s);
reaffirm_owners();
check_tcl_event("userfile-loaded");
}
