/* Make a password, 10-15 random letters and digits */ void makepass(char *s) { int i; i = 10 + randint(6); make_rand_str(s, i); }
char *salted_sha1(const char *in, const char* saltin) { char *tmp = NULL, buf[101] = "", *ret = NULL; size_t ret_size = 0; /* Create a 5 byte salt */ char salt[SHA1_SALT_LEN + 1] = ""; if (saltin) { strlcpy(salt, saltin, sizeof(salt)); } else { make_rand_str(salt, sizeof(salt) - 1); } /* SHA1 the salt+password */ simple_snprintf(buf, sizeof(buf), STR("%s%s"), salt, in); tmp = SHA1(buf); ret_size = SHA1_SALTED_LEN + 1; ret = (char *) my_calloc(1, ret_size); simple_snprintf(ret, ret_size, STR("+%s$%s"), salt, tmp); /* Wipe cleartext pass from sha1 buffers/tmp */ SHA1(NULL); return ret; }
static char *mktempfile(char *filename) { char rands[8], *tempname, *fn = filename; int l; make_rand_str(rands, 7); l = strlen(filename); if ((l + MKTEMPFILE_TOT) > NAME_MAX) { fn[NAME_MAX - MKTEMPFILE_TOT] = 0; l = NAME_MAX - MKTEMPFILE_TOT; fn = nmalloc(l + 1); strncpy(fn, filename, l); fn[l] = 0; } tempname = nmalloc(l + MKTEMPFILE_TOT + 1); sprintf(tempname, "%u-%s-%s", getpid(), rands, fn); if (fn != filename) my_free(fn); return tempname; }
/* Uncompresses a file `filename' and saves it as `filename'. */ static int uncompress_file(char *filename) { char *temp_fn, randstr[5]; int ret; /* Create temporary filename. */ temp_fn = nmalloc(strlen(filename) + 5); make_rand_str(randstr, 4); strcpy(temp_fn, filename); strcat(temp_fn, randstr); /* Uncompress file. */ ret = uncompress_to_file(filename, temp_fn); /* Overwrite old file with uncompressed version. Only do so * if the uncompression routine succeeded. */ if (ret == COMPF_SUCCESS) movefile(temp_fn, filename); nfree(temp_fn); return ret; }
/* Compresses a file `filename' and saves it as `filename'. */ int compress_file(char *filename, int mode_num) { char *temp_fn = NULL, randstr[5] = ""; int ret; /* Create temporary filename. */ temp_fn = (char *) my_calloc(1, strlen(filename) + 5); make_rand_str(randstr, 4); strcpy(temp_fn, filename); strcat(temp_fn, randstr); /* Compress file. */ ret = compress_to_file(filename, temp_fn, mode_num); /* Overwrite old file with compressed version. Only do so * if the compression routine succeeded. */ if (ret == COMPF_SUCCESS) movefile(temp_fn, filename); free(temp_fn); return ret; }
void chanprog() { int i; FILE *f; char s[161], rands[8]; admin[0] = 0; helpdir[0] = 0; tempdir[0] = 0; conmask = 0; for (i = 0; i < max_logs; i++) logs[i].flags |= LF_EXPIRING; /* Turn off read-only variables (make them write-able) for rehash */ protect_readonly = 0; /* Now read it */ if (!readtclprog(configfile)) fatal(MISC_NOCONFIGFILE, 0); for (i = 0; i < max_logs; i++) { if (logs[i].flags & LF_EXPIRING) { if (logs[i].filename != NULL) { nfree(logs[i].filename); logs[i].filename = NULL; } if (logs[i].chname != NULL) { nfree(logs[i].chname); logs[i].chname = NULL; } if (logs[i].f != NULL) { fclose(logs[i].f); logs[i].f = NULL; } logs[i].mask = 0; logs[i].flags = 0; } } /* We should be safe now */ call_hook(HOOK_REHASH); protect_readonly = 1; if (!botnetnick[0]) strncpyz(botnetnick, origbotname, HANDLEN + 1); if (!botnetnick[0]) fatal("I don't have a botnet nick!!\n", 0); if (!userfile[0]) fatal(MISC_NOUSERFILE2, 0); if (!readuserfile(userfile, &userlist)) { if (!make_userfile) { char tmp[178]; egg_snprintf(tmp, sizeof tmp, MISC_NOUSERFILE, configfile); fatal(tmp, 0); } printf("\n\n%s\n", MISC_NOUSERFILE2); if (module_find("server", 0, 0)) printf(MISC_USERFCREATE1, origbotname); printf("%s\n\n", MISC_USERFCREATE2); } else if (make_userfile) { make_userfile = 0; printf("%s\n", MISC_USERFEXISTS); } if (helpdir[0]) if (helpdir[strlen(helpdir) - 1] != '/') strcat(helpdir, "/"); if (tempdir[0]) if (tempdir[strlen(tempdir) - 1] != '/') strcat(tempdir, "/"); /* Test tempdir: it's vital. */ /* Possible file race condition solved by using a random string * and the process id in the filename. * FIXME: This race is only partitially fixed. We could still be * overwriting an existing file / following a malicious * link. */ make_rand_str(rands, 7); /* create random string */ sprintf(s, "%s.test-%u-%s", tempdir, getpid(), rands); f = fopen(s, "w"); if (f == NULL) fatal(MISC_CANTWRITETEMP, 0); fclose(f); unlink(s); reaffirm_owners(); check_tcl_event("userfile-loaded"); }