stay open leaving key unlocked for multiple challenges

This commit is contained in:
xfnw 2021-10-24 18:08:23 -04:00
parent 971b19fb99
commit 3a9803bc32
5 changed files with 36 additions and 299 deletions

View file

@ -3,9 +3,9 @@
# Copyright (C) 2005 ircd-ratbox development team # Copyright (C) 2005 ircd-ratbox development team
# This code is in the public domain. # This code is in the public domain.
prefix = @prefix@ prefix ?= @prefix@
exec_prefix = @exec_prefix@ exec_prefix ?= @exec_prefix@
bindir = @bindir@ bindir ?= @bindir@
CFLAGS = @CFLAGS@ CFLAGS = @CFLAGS@
CPPFLAGS = @CPPFLAGS@ CPPFLAGS = @CPPFLAGS@
@ -22,6 +22,9 @@ all: build
build: ratbox-respond.c build: ratbox-respond.c
${CC} ${CFLAGS} ${CPPFLAGS} ${SSL_INCLUDES} -o ratbox-respond ratbox-respond.c ${LDFLAGS} ${LIBS} ${SSL_LIBS} ${CC} ${CFLAGS} ${CPPFLAGS} ${SSL_INCLUDES} -o ratbox-respond ratbox-respond.c ${LDFLAGS} ${LIBS} ${SSL_LIBS}
install: ratbox-respond
install ratbox-respond ${bindir}
clean: clean:
${RM} -f ratbox-respond *~ ${RM} -f ratbox-respond *~

22
configure vendored
View file

@ -273,7 +273,6 @@ PACKAGE_VERSION='stable'
PACKAGE_STRING='ratbox-respond stable' PACKAGE_STRING='ratbox-respond stable'
PACKAGE_BUGREPORT='' PACKAGE_BUGREPORT=''
ac_default_prefix=.
ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA RM CP MV TOUCH CPP EGREP SSL_SRCS_ENABLE SSL_INCLUDES SSL_LIBS LIBOBJS LTLIBOBJS' ac_subst_vars='SHELL PATH_SEPARATOR PACKAGE_NAME PACKAGE_TARNAME PACKAGE_VERSION PACKAGE_STRING PACKAGE_BUGREPORT exec_prefix prefix program_transform_name bindir sbindir libexecdir datadir sysconfdir sharedstatedir localstatedir libdir includedir oldincludedir infodir mandir build_alias host_alias target_alias DEFS ECHO_C ECHO_N ECHO_T LIBS CC CFLAGS LDFLAGS CPPFLAGS ac_ct_CC EXEEXT OBJEXT INSTALL_PROGRAM INSTALL_SCRIPT INSTALL_DATA RM CP MV TOUCH CPP EGREP SSL_SRCS_ENABLE SSL_INCLUDES SSL_LIBS LIBOBJS LTLIBOBJS'
ac_subst_files='' ac_subst_files=''
@ -2203,27 +2202,6 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu ac_compiler_gnu=$ac_cv_c_compiler_gnu
ac_aux_dir=
for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do
if test -f $ac_dir/install-sh; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/install-sh -c"
break
elif test -f $ac_dir/install.sh; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/install.sh -c"
break
elif test -f $ac_dir/shtool; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/shtool install -c"
break
fi
done
if test -z "$ac_aux_dir"; then
{ { echo "$as_me:$LINENO: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&5
echo "$as_me: error: cannot find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." >&2;}
{ (exit 1); exit 1; }; }
fi
ac_config_guess="$SHELL $ac_aux_dir/config.guess" ac_config_guess="$SHELL $ac_aux_dir/config.guess"
ac_config_sub="$SHELL $ac_aux_dir/config.sub" ac_config_sub="$SHELL $ac_aux_dir/config.sub"
ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure. ac_configure="$SHELL $ac_aux_dir/configure" # This should be Cygnus configure.

View file

@ -1,270 +0,0 @@
#!/bin/sh
# $Id: install-sh 21587 2006-01-06 18:12:17Z leeh $
#
# install - install a program, script, or datafile
#
# This originates from X11R5 (mit/util/scripts/install.sh), which was
# later released in X11R6 (xc/config/util/install.sh) with the
# following copyright and license.
#
# Copyright (C) 1994 X Consortium
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
#
# Except as contained in this notice, the name of the X Consortium shall not
# be used in advertising or otherwise to promote the sale, use or other deal-
# ings in this Software without prior written authorization from the X Consor-
# tium.
#
#
# FSF changes to this file are in the public domain.
#
# Calling this script install-sh is preferred over install.sh, to prevent
# `make' implicit rules from creating a file called install from it
# when there is no Makefile.
#
# This script is compatible with the BSD install script, but was written
# from scratch. It can only install one file at a time, a restriction
# shared with many OS's install programs.
# set DOITPROG to echo to test this script
# Don't use :- since 4.3BSD and earlier shells don't like it.
doit="${DOITPROG-}"
# put in absolute paths if you don't have them in your path; or use env. vars.
mvprog="${MVPROG-mv}"
cpprog="${CPPROG-cp}"
chmodprog="${CHMODPROG-chmod}"
chownprog="${CHOWNPROG-chown}"
chgrpprog="${CHGRPPROG-chgrp}"
stripprog="${STRIPPROG-strip}"
rmprog="${RMPROG-rm}"
mkdirprog="${MKDIRPROG-mkdir}"
transformbasename=""
transform_arg=""
instcmd="$mvprog"
chmodcmd="$chmodprog 0755"
chowncmd=""
chgrpcmd=""
stripcmd=""
rmcmd="$rmprog -f"
mvcmd="$mvprog"
src=""
dst=""
dir_arg=""
while [ x"$1" != x ]; do
case $1 in
-c) instcmd="$cpprog"
shift
continue;;
-d) dir_arg=true
shift
continue;;
-m) chmodcmd="$chmodprog $2"
shift
shift
continue;;
-o) chowncmd="$chownprog $2"
shift
shift
continue;;
-g) chgrpcmd="$chgrpprog $2"
shift
shift
continue;;
-s) stripcmd="$stripprog"
shift
continue;;
-t=*) transformarg=`echo $1 | sed 's/-t=//'`
shift
continue;;
-b=*) transformbasename=`echo $1 | sed 's/-b=//'`
shift
continue;;
*) if [ x"$src" = x ]
then
src=$1
else
# this colon is to work around a 386BSD /bin/sh bug
:
dst=$1
fi
shift
continue;;
esac
done
if [ x"$src" = x ]
then
echo "install: no input file specified"
exit 1
else
true
fi
if [ x"$dir_arg" != x ]; then
dst=$src
src=""
if [ -d $dst ]; then
instcmd=:
chmodcmd=""
else
instcmd=mkdir
fi
else
# Waiting for this to be detected by the "$instcmd $src $dsttmp" command
# might cause directories to be created, which would be especially bad
# if $src (and thus $dsttmp) contains '*'.
if [ -f $src -o -d $src ]
then
true
else
echo "install: $src does not exist"
exit 1
fi
if [ x"$dst" = x ]
then
echo "install: no destination specified"
exit 1
else
true
fi
# If destination is a directory, append the input filename; if your system
# does not like double slashes in filenames, you may need to add some logic
if [ -d $dst ]
then
dst="$dst"/`basename $src`
else
true
fi
fi
## this sed command emulates the dirname command
dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'`
# Make sure that the destination directory exists.
# this part is taken from Noah Friedman's mkinstalldirs script
# Skip lots of stat calls in the usual case.
if [ ! -d "$dstdir" ]; then
defaultIFS='
'
IFS="${IFS-${defaultIFS}}"
oIFS="${IFS}"
# Some sh's can't handle IFS=/ for some reason.
IFS='%'
set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'`
IFS="${oIFS}"
pathcomp=''
while [ $# -ne 0 ] ; do
pathcomp="${pathcomp}${1}"
shift
if [ ! -d "${pathcomp}" ] ;
then
$mkdirprog "${pathcomp}"
else
true
fi
pathcomp="${pathcomp}/"
done
fi
if [ x"$dir_arg" != x ]
then
$doit $instcmd $dst &&
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi &&
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi &&
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi &&
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi
else
# If we're going to rename the final executable, determine the name now.
if [ x"$transformarg" = x ]
then
dstfile=`basename $dst`
else
dstfile=`basename $dst $transformbasename |
sed $transformarg`$transformbasename
fi
# don't allow the sed command to completely eliminate the filename
if [ x"$dstfile" = x ]
then
dstfile=`basename $dst`
else
true
fi
# Make a temp file name in the proper directory.
dsttmp=$dstdir/#inst.$$#
# Move or copy the file name to the temp name
$doit $instcmd $src $dsttmp &&
trap "rm -f ${dsttmp}" 0 &&
# and set any options; do chmod last to preserve setuid bits
# If any of these fail, we abort the whole thing. If we want to
# ignore errors from any of these, just make sure not to ignore
# errors from the above "$doit $instcmd $src $dsttmp" command.
if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi &&
if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi &&
if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi &&
if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi &&
# Now rename the file to the real destination.
$doit $rmcmd -f $dstdir/$dstfile &&
$doit $mvcmd $dsttmp $dstdir/$dstfile
fi &&
exit 0

25
makekeypair Executable file
View file

@ -0,0 +1,25 @@
#!/bin/sh
#
# Copyright (C) 2006 ircd-ratbox development team
# This code is in the public domain.
openssl "no-aes256-cbc" >/dev/null
if [ $? != 1 ]; then
openssl "no-des3" >/dev/null
if [ $? != 1 ]; then
echo "Unable to find a suitable encryption for assigning a password to the key"
echo "If you wish to generate a key without a passphrase, run:"
echo " openssl genrsa -out private.key 2048"
echo " openssl rsa -in private.key -out public.key -pubout"
echo "Though this is NOT recommended for security reasons."
exit
fi
enc="-des3"
else
enc="-aes256"
fi
openssl genrsa -out private.key $enc 4096
echo "Generating RSA public key..."
openssl rsa -in private.key -out public.key -pubout

View file

@ -235,7 +235,7 @@ main(int argc, char **argv)
return -1; return -1;
} }
SSLeay_add_all_ciphers(); OpenSSL_add_all_ciphers();
rsa = PEM_read_RSAPrivateKey(kfile, NULL,pass_cb, NULL); rsa = PEM_read_RSAPrivateKey(kfile, NULL,pass_cb, NULL);
if(!rsa) if(!rsa)
@ -246,19 +246,19 @@ main(int argc, char **argv)
fclose(kfile); fclose(kfile);
ptr = read_challenge(stdin); while ((ptr = read_challenge(stdin))[0] != '\0') {
ndata = base64_decode(ptr, strlen((char *)ptr), &len); ndata = base64_decode(ptr, strlen((char *)ptr), &len);
if (ndata == NULL) if (ndata == NULL)
{ {
puts("Error: Bad challenge."); puts("Error: Bad challenge.");
return -1; continue;
} }
if ((len = RSA_private_decrypt(len, (unsigned char*)ndata, if ((len = RSA_private_decrypt(len, (unsigned char*)ndata,
(unsigned char*)ddata, rsa, RSA_PKCS1_OAEP_PADDING)) == -1) (unsigned char*)ddata, rsa, RSA_PKCS1_OAEP_PADDING)) == -1)
{ {
puts("Error: Decryption error."); puts("Error: Decryption error.");
return -1; continue;
} }
SHA1_Init(&ctx); SHA1_Init(&ctx);
@ -271,5 +271,6 @@ main(int argc, char **argv)
} }
puts((char *)ndata); puts((char *)ndata);
fflush(NULL); fflush(NULL);
}
return 0; return 0;
} }