From 3a9803bc325fc015a7dddaafc1b731b196378206 Mon Sep 17 00:00:00 2001 From: xfnw Date: Sun, 24 Oct 2021 18:08:23 -0400 Subject: [PATCH] stay open leaving key unlocked for multiple challenges --- Makefile.in | 9 +- configure | 22 ---- install-sh | 270 ----------------------------------------------- makekeypair | 25 +++++ ratbox-respond.c | 9 +- 5 files changed, 36 insertions(+), 299 deletions(-) delete mode 100755 install-sh create mode 100755 makekeypair diff --git a/Makefile.in b/Makefile.in index 51b6373..7925ad0 100644 --- a/Makefile.in +++ b/Makefile.in @@ -3,9 +3,9 @@ # Copyright (C) 2005 ircd-ratbox development team # This code is in the public domain. -prefix = @prefix@ -exec_prefix = @exec_prefix@ -bindir = @bindir@ +prefix ?= @prefix@ +exec_prefix ?= @exec_prefix@ +bindir ?= @bindir@ CFLAGS = @CFLAGS@ CPPFLAGS = @CPPFLAGS@ @@ -22,6 +22,9 @@ all: build build: ratbox-respond.c ${CC} ${CFLAGS} ${CPPFLAGS} ${SSL_INCLUDES} -o ratbox-respond ratbox-respond.c ${LDFLAGS} ${LIBS} ${SSL_LIBS} +install: ratbox-respond + install ratbox-respond ${bindir} + clean: ${RM} -f ratbox-respond *~ diff --git a/configure b/configure index 053ecca..a6cdb76 100755 --- a/configure +++ b/configure @@ -273,7 +273,6 @@ PACKAGE_VERSION='stable' PACKAGE_STRING='ratbox-respond stable' PACKAGE_BUGREPORT='' -ac_default_prefix=. ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA RM CP MV TOUCH CPP EGREP SSL_SRCS_ENABLE SSL_INCLUDES SSL_LIBS LIBOBJS LTLIBOBJS' ac_subst_files='' @@ -2203,27 +2202,6 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu -ac_aux_dir= -for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do - if test -f $ac_dir/install-sh; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install-sh -c" - break - elif test -f $ac_dir/install.sh; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/install.sh -c" - break - elif test -f $ac_dir/shtool; then - ac_aux_dir=$ac_dir - ac_install_sh="$ac_aux_dir/shtool install -c" - break - fi -done -if test -z "$ac_aux_dir"; then - { { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5 -echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;} - { (exit 1); exit 1; }; } -fi ac_config_guess="$SHELL $ac_aux_dir/config.guess" ac_config_sub="$SHELL $ac_aux_dir/config.sub" ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure. diff --git a/install-sh b/install-sh deleted file mode 100755 index dd83eb6..0000000 --- a/install-sh +++ /dev/null @@ -1,270 +0,0 @@ -#!/bin/sh -# $Id: install-sh 21587 2006-01-06 18:12:17Z leeh $ -# -# install - install a program, script, or datafile -# -# This originates from X11R5 (mit/util/scripts/install.sh), which was -# later released in X11R6 (xc/config/util/install.sh) with the -# following copyright and license. -# -# Copyright (C) 1994 X Consortium -# -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to -# deal in the Software without restriction, including without limitation the -# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -# sell copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: -# -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. -# -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN -# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- -# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. -# -# Except as contained in this notice, the name of the X Consortium shall not -# be used in advertising or otherwise to promote the sale, use or other deal- -# ings in this Software without prior written authorization from the X Consor- -# tium. -# -# -# FSF changes to this file are in the public domain. -# -# Calling this script install-sh is preferred over install.sh, to prevent -# `make' implicit rules from creating a file called install from it -# when there is no Makefile. -# -# This script is compatible with the BSD install script, but was written -# from scratch. It can only install one file at a time, a restriction -# shared with many OS's install programs. - - -# set DOITPROG to echo to test this script - -# Don't use :- since 4.3BSD and earlier shells don't like it. -doit="${DOITPROG-}" - - -# put in absolute paths if you don't have them in your path; or use env. vars. - -mvprog="${MVPROG-mv}" -cpprog="${CPPROG-cp}" -chmodprog="${CHMODPROG-chmod}" -chownprog="${CHOWNPROG-chown}" -chgrpprog="${CHGRPPROG-chgrp}" -stripprog="${STRIPPROG-strip}" -rmprog="${RMPROG-rm}" -mkdirprog="${MKDIRPROG-mkdir}" - -transformbasename="" -transform_arg="" -instcmd="$mvprog" -chmodcmd="$chmodprog 0755" -chowncmd="" -chgrpcmd="" -stripcmd="" -rmcmd="$rmprog -f" -mvcmd="$mvprog" -src="" -dst="" -dir_arg="" - -while [ x"$1" != x ]; do - case $1 in - -c) instcmd="$cpprog" - shift - continue;; - - -d) dir_arg=true - shift - continue;; - - -m) chmodcmd="$chmodprog $2" - shift - shift - continue;; - - -o) chowncmd="$chownprog $2" - shift - shift - continue;; - - -g) chgrpcmd="$chgrpprog $2" - shift - shift - continue;; - - -s) stripcmd="$stripprog" - shift - continue;; - - -t=*) transformarg=`echo $1 | sed 's/-t=//'` - shift - continue;; - - -b=*) transformbasename=`echo $1 | sed 's/-b=//'` - shift - continue;; - - *) if [ x"$src" = x ] - then - src=$1 - else - # this colon is to work around a 386BSD /bin/sh bug - : - dst=$1 - fi - shift - continue;; - esac -done - -if [ x"$src" = x ] -then - echo "install: no input file specified" - exit 1 -else - true -fi - -if [ x"$dir_arg" != x ]; then - dst=$src - src="" - - if [ -d $dst ]; then - instcmd=: - chmodcmd="" - else - instcmd=mkdir - fi -else - -# Waiting for this to be detected by the "$instcmd $src $dsttmp" command -# might cause directories to be created, which would be especially bad -# if $src (and thus $dsttmp) contains '*'. - - if [ -f $src -o -d $src ] - then - true - else - echo "install: $src does not exist" - exit 1 - fi - - if [ x"$dst" = x ] - then - echo "install: no destination specified" - exit 1 - else - true - fi - -# If destination is a directory, append the input filename; if your system -# does not like double slashes in filenames, you may need to add some logic - - if [ -d $dst ] - then - dst="$dst"/`basename $src` - else - true - fi -fi - -## this sed command emulates the dirname command -dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` - -# Make sure that the destination directory exists. -# this part is taken from Noah Friedman's mkinstalldirs script - -# Skip lots of stat calls in the usual case. -if [ ! -d "$dstdir" ]; then -defaultIFS=' -' -IFS="${IFS-${defaultIFS}}" - -oIFS="${IFS}" -# Some sh's can't handle IFS=/ for some reason. -IFS='%' -set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` -IFS="${oIFS}" - -pathcomp='' - -while [ $# -ne 0 ] ; do - pathcomp="${pathcomp}${1}" - shift - - if [ ! -d "${pathcomp}" ] ; - then - $mkdirprog "${pathcomp}" - else - true - fi - - pathcomp="${pathcomp}/" -done -fi - -if [ x"$dir_arg" != x ] -then - $doit $instcmd $dst && - - if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && - if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && - if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && - if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi -else - -# If we're going to rename the final executable, determine the name now. - - if [ x"$transformarg" = x ] - then - dstfile=`basename $dst` - else - dstfile=`basename $dst $transformbasename | - sed $transformarg`$transformbasename - fi - -# don't allow the sed command to completely eliminate the filename - - if [ x"$dstfile" = x ] - then - dstfile=`basename $dst` - else - true - fi - -# Make a temp file name in the proper directory. - - dsttmp=$dstdir/#inst.$$# - -# Move or copy the file name to the temp name - - $doit $instcmd $src $dsttmp && - - trap "rm -f ${dsttmp}" 0 && - -# and set any options; do chmod last to preserve setuid bits - -# If any of these fail, we abort the whole thing. If we want to -# ignore errors from any of these, just make sure not to ignore -# errors from the above "$doit $instcmd $src $dsttmp" command. - - if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && - if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && - if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && - if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && - -# Now rename the file to the real destination. - - $doit $rmcmd -f $dstdir/$dstfile && - $doit $mvcmd $dsttmp $dstdir/$dstfile - -fi && - - -exit 0 diff --git a/makekeypair b/makekeypair new file mode 100755 index 0000000..517d490 --- /dev/null +++ b/makekeypair @@ -0,0 +1,25 @@ +#!/bin/sh +# +# Copyright (C) 2006 ircd-ratbox development team +# This code is in the public domain. + +openssl "no-aes256-cbc" >/dev/null +if [ $? != 1 ]; then + openssl "no-des3" >/dev/null + if [ $? != 1 ]; then + echo "Unable to find a suitable encryption for assigning a password to the key" + echo "If you wish to generate a key without a passphrase, run:" + echo " openssl genrsa -out private.key 2048" + echo " openssl rsa -in private.key -out public.key -pubout" + echo "Though this is NOT recommended for security reasons." + exit + fi + enc="-des3" +else + enc="-aes256" +fi + +openssl genrsa -out private.key $enc 4096 + +echo "Generating RSA public key..." +openssl rsa -in private.key -out public.key -pubout diff --git a/ratbox-respond.c b/ratbox-respond.c index c1a9bdd..62f45ab 100644 --- a/ratbox-respond.c +++ b/ratbox-respond.c @@ -235,7 +235,7 @@ main(int argc, char **argv) return -1; } - SSLeay_add_all_ciphers(); + OpenSSL_add_all_ciphers(); rsa = PEM_read_RSAPrivateKey(kfile, NULL,pass_cb, NULL); if(!rsa) @@ -246,19 +246,19 @@ main(int argc, char **argv) fclose(kfile); - ptr = read_challenge(stdin); + while ((ptr = read_challenge(stdin))[0] != '\0') { ndata = base64_decode(ptr, strlen((char *)ptr), &len); if (ndata == NULL) { puts("Error: Bad challenge."); - return -1; + continue; } if ((len = RSA_private_decrypt(len, (unsigned char*)ndata, (unsigned char*)ddata, rsa, RSA_PKCS1_OAEP_PADDING)) == -1) { puts("Error: Decryption error."); - return -1; + continue; } SHA1_Init(&ctx); @@ -271,5 +271,6 @@ main(int argc, char **argv) } puts((char *)ndata); fflush(NULL); + } return 0; }