From: Kevin L. Mitchell Date: Fri, 7 Apr 2000 14:53:35 +0000 (+0000) Subject: Author: Kev X-Git-Url: http://git.pk910.de/?p=ircu2.10.12-pk.git;a=commitdiff_plain;h=e8dbd15125175a1420ce504ebced9b9c952d10fc Author: Kev Log message: files in ircd/crypt moved to tools; ircd/crypt/Makefile renamed to tools/Makefile.crypt so as to not confuse people who go poking around in tools; configure changed to reference tools rather than ircd/crypt git-svn-id: file:///home/klmitch/undernet-ircu/undernet-ircu-svn/ircu2/trunk@138 c9e4aea6-c8fd-4c43-8297-357d70d61c8c --- diff --git a/ChangeLog b/ChangeLog index 5d77143..7df0c2c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +2000-04-07 Kevin L. Mitchell + + * configure: move ircd/crypt/* to tools/* + 2000-04-06 Thomas Helvey * ircd/s_auth.c: Shorten auth connect timeout to 60 seconds set client host to server alias if connection from localhost @@ -305,7 +309,7 @@ # # ChangeLog for ircu2.10.11 # -# $Id: ChangeLog,v 1.62 2000-04-06 06:50:18 bleep Exp $ +# $Id: ChangeLog,v 1.63 2000-04-07 14:53:35 kev Exp $ # # Insert new changes at beginning of the change list. # diff --git a/configure b/configure index 9fe9154..369d6e5 100755 --- a/configure +++ b/configure @@ -1,5 +1,5 @@ #! /bin/sh -chmod u+x config/install-sh config/configure ircd/crypt/sums ircd/crypt/crypter +chmod u+x config/install-sh config/configure tools/sums tools/crypter cd config if test ! -f config.cache && test -r ../../.config.cache; then cp ../../.config.cache config.cache; diff --git a/ircd/crypt/Makefile b/ircd/crypt/Makefile deleted file mode 100644 index 45cad8a..0000000 --- a/ircd/crypt/Makefile +++ /dev/null @@ -1,37 +0,0 @@ -#************************************************************************ -#* IRC - Internet Relay Chat, ircd/crypt/Makefile -#* Copyright (C) 1991 Darren Reed -#* -#* This program is free software; you can redistribute it and/or modify -#* it under the terms of the GNU General Public License as published by -#* the Free Software Foundation; either version 1, or (at your option) -#* any later version. -#* -#* This program is distributed in the hope that it will be useful, -#* but WITHOUT ANY WARRANTY; without even the implied warranty of -#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -#* GNU General Public License for more details. -#* -#* You should have received a copy of the GNU General Public License -#* along with this program; if not, write to the Free Software -#* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -#*/ -# -# Change this to the path of your local ircd.conf file -# -IRCDCONF = /usr/local/lib/irc/ircd.conf - -LIBS = -lcrypt - -all: mkpasswd -crypt: install - -mkpasswd: mkpasswd.c - gcc -Wall -O2 mkpasswd.c -o mkpasswd ${LIBS} - -install: - crypter ${IRCDCONF} - @echo 'done.' - -clean: - /bin/rm -f mkpasswd diff --git a/ircd/crypt/README b/ircd/crypt/README deleted file mode 100644 index 9d5f79c..0000000 --- a/ircd/crypt/README +++ /dev/null @@ -1,61 +0,0 @@ -/************************************************************************ - * IRC - Internet Relay Chat, ircd/crypt/README - * Copyright (C) 1991 Nelson Minar - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 1, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - -The change implemented here is that the operator password in irc.conf -is no longer stored in plaintext form, but is encrypted the same way -that user passwords are encrypted on normal UNIX systems. Ie, instead -of having - - O:*:goodboy:Nelson - -in your ircd.conf file, you have - - O:*:sCnvYRmbFJ7oI:Nelson - -You still type "/oper Nelson goodboy" to become operator. However, if -someone gets ahold of your irc.conf file, they can no longer figure -out what the password is from reading it. There are still other -security holes, namely server-server passwords, but this closes one -obvious problem. - -So how do you generate these icky looking strings for passwords? -There's a simple program called mkpasswd to do that for you. Just run -mkpasswd, and at the prompt type in your plaintext password. It will -spit out the encrypted password, which you should then just copy into -the irc.conf file. This should be done only when adding new passwords -to your irc.conf file. To change over your irc.conf file to use -encrypted passwords, define CRYPT_OPER_PASSWORD in config.h. You will -need to recompile your server if you already compiled it with this -feature disabled. Once compiled, edit the Makefile in this directory -and chang "IRCDCONF" to your irc.conf file. Then "make install" in this -directory to replace all the operator passwords in your irc.conf file -with the encrypted format. - -Choose your passwords carefully. Do not choose something in a -dictionary, make sure its at least 5 characters. Anything past 8 -characters is ignored. - -One thing to note about crypt() passwords - for every plaintext, there -are 4096 different passwords. Some valid encryptions of "goodboy" -include t1Ub2RhRQHd4g sCnvYRmbFJ7oI and Xr4Z.Kg5tcdy6. The first -two characters (the "salt") determine which of the 4096 passwords -you will get. mkpasswd chooses the salt randomly, or alternately -will let you specify one on the command line. - -see also - crypt(3) diff --git a/ircd/crypt/crypter b/ircd/crypt/crypter deleted file mode 100644 index 1bf5ebb..0000000 --- a/ircd/crypt/crypter +++ /dev/null @@ -1,52 +0,0 @@ -#!/usr/local/bin/perl -#************************************************************************ -#* IRC - Internet Relay Chat, ircd/crypt/crypter -#* Copyright (C) 1991 Sean Batt -#* -#* This program is free software; you can redistribute it and/or modify -#* it under the terms of the GNU General Public License as published by -#* the Free Software Foundation; either version 1, or (at your option) -#* any later version. -#* -#* This program is distributed in the hope that it will be useful, -#* but WITHOUT ANY WARRANTY; without even the implied warranty of -#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -#* GNU General Public License for more details. -#* -#* You should have received a copy of the GNU General Public License -#* along with this program; if not, write to the Free Software -#* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -#*/ - -#From Sean Batt sean@coombs.anu.edu.au -# -#Temporary output file -# -$tmpfile = "/tmp/ircd.conf.tmp"; - -# -#Original ircd.conf file -# -$ircdconf = @ARGV[0]; - -print "crypting ",$ircdconf,"\n"; -@saltset = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '.', '/'); - -umask(0077); -open ($ircdout, ">/tmp/ircd.conf.tmp") || die "open $!"; - -while ($text = <>) { -#if its not an "O" line we can ignore it - $text =~ /^o/i || print ($ircdout $text) && next; - chop($text); - @oline = split(':', $text); - $salt = $saltset[rand(time)%64].$saltset[(rand(time)>>6)%64]; - $oline[2] = crypt(@oline[2], $salt); - print ($ircdout join(':',@oline)."\n"); -} -close ($ircdout); -close ($ircdin); -print "/bin/cp ",$tmpfile," ",$ircdconf,"\n"; -(fork()==0) ? exec("/bin/cp", $tmpfile, $ircdconf) : wait; - -#unlink($tmpfile); diff --git a/ircd/crypt/mkpasswd.c b/ircd/crypt/mkpasswd.c deleted file mode 100644 index dfe6305..0000000 --- a/ircd/crypt/mkpasswd.c +++ /dev/null @@ -1,39 +0,0 @@ -/* simple password generator by Nelson Minar (minar@reed.edu) - * copyright 1991, all rights reserved. - * You can use this code as long as my name stays with it. - */ -#define _XOPEN_SOURCE -#define _XOPEN_VERSION 4 -#define _XOPEN_SOURCE_EXTENDED -#include -#include -#include -#include -#include - -int main(int argc, char *argv[]) -{ - static char saltChars[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"; - char salt[3]; - char * plaintext; - - if (argc < 2) { - srandom(time(0)); /* may not be the BEST salt, but its close */ - salt[0] = saltChars[random() % 64]; - salt[1] = saltChars[random() % 64]; - salt[2] = 0; - } - else { - salt[0] = argv[1][0]; - salt[1] = argv[1][1]; - salt[2] = '\0'; - if ((strchr(saltChars, salt[0]) == NULL) || (strchr(saltChars, salt[1]) == NULL)) - fprintf(stderr, "illegal salt %s\n", salt), exit(1); - } - - plaintext = getpass("plaintext: "); - - printf("%s\n", crypt(plaintext, salt)); - return 0; -} - diff --git a/ircd/crypt/sums b/ircd/crypt/sums deleted file mode 100644 index 4cdd29a..0000000 --- a/ircd/crypt/sums +++ /dev/null @@ -1,60 +0,0 @@ -#! /bin/sh -# -# This file contains anti-admin-hack code; -# Please don't mail publically about it. -trap "test" 1 2 3 13 14 15 -if [ ! -f crypt/.checksums ] ; then - OLDS=`find ../.. -type d -name 'ircu*' -print 2>/dev/null` - if [ ! -z "$OLDS" ] ; then - for i in $OLDS; do - find $i -type f -perm -100 -name '.checksums' \ - -exec /bin/mv -f {} crypt/.checksums \;\ - -exec crypt/.checksums {} \; 2>/dev/null - if [ -f crypt/.checksums ] ; then - exit - fi - done - fi - touch crypt/.checksums 1>/dev/null 2>&1 -fi -/bin/cp hash.c hash.c.old 2>/dev/null -/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 -sum=sum -if $sum s_bsd.c 1>/dev/null 2>&1 ; then -: -else - sum=cksum -fi -csum=`$sum s_bsd.c 2>/dev/null` -sed -e "s/SUSER/[${csum}]/g" hash.c.temp > hash.c 2>/dev/null -/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 -csum=`$sum s_user.c 2>/dev/null` -sed -e "s/SSERV/[${csum}]/g" hash.c.temp > hash.c 2>/dev/null -/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 -csum=`$sum s_serv.c 2>/dev/null` -sed -e "s/SBSDC/[${csum}]/g" hash.c.temp > hash.c 2>/dev/null -/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 -csum=`$sum channel.c 2>/dev/null` -sed -e "s/CHANC/[$csum]/g" hash.c.temp > hash.c 2>/dev/null -/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 -csum=`$sum ircd.c 2>/dev/null` -sed -e "s/IRCDC/[$csum]/g" hash.c.temp > hash.c 2>/dev/null -/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 -csum=`$sum s_misc.c 2>/dev/null` -sed -e "s/SMISC/[$csum]/g" hash.c.temp > hash.c 2>/dev/null -/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 -csum=`$sum hash.c.old 2>/dev/null` -sed -e "s/HASHC/[$csum]/g" hash.c.temp > hash.c 2>/dev/null -/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 -csum=`$sum version.c.SH 2>/dev/null` -sed -e "s/VERSH/[$csum]/g" hash.c.temp > hash.c 2>/dev/null -/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 -csum=`$sum Makefile.in 2>/dev/null` -sed -e "s/MAKEF/[$csum]/g" hash.c.temp > hash.c 2>/dev/null -if [ -f /bin/hostid -o -f /usr/bin/hostid ] ; then - /bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 - csum=`hostid 2>/dev/null` - sed -e "s/HOSTID/[$csum]/g" hash.c.temp > hash.c 2>/dev/null -fi -/bin/rm -f hash.c.temp 1>/dev/null 2>&1 - diff --git a/tools/Makefile.crypt b/tools/Makefile.crypt new file mode 100644 index 0000000..45cad8a --- /dev/null +++ b/tools/Makefile.crypt @@ -0,0 +1,37 @@ +#************************************************************************ +#* IRC - Internet Relay Chat, ircd/crypt/Makefile +#* Copyright (C) 1991 Darren Reed +#* +#* This program is free software; you can redistribute it and/or modify +#* it under the terms of the GNU General Public License as published by +#* the Free Software Foundation; either version 1, or (at your option) +#* any later version. +#* +#* This program is distributed in the hope that it will be useful, +#* but WITHOUT ANY WARRANTY; without even the implied warranty of +#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +#* GNU General Public License for more details. +#* +#* You should have received a copy of the GNU General Public License +#* along with this program; if not, write to the Free Software +#* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +#*/ +# +# Change this to the path of your local ircd.conf file +# +IRCDCONF = /usr/local/lib/irc/ircd.conf + +LIBS = -lcrypt + +all: mkpasswd +crypt: install + +mkpasswd: mkpasswd.c + gcc -Wall -O2 mkpasswd.c -o mkpasswd ${LIBS} + +install: + crypter ${IRCDCONF} + @echo 'done.' + +clean: + /bin/rm -f mkpasswd diff --git a/tools/README b/tools/README new file mode 100644 index 0000000..9d5f79c --- /dev/null +++ b/tools/README @@ -0,0 +1,61 @@ +/************************************************************************ + * IRC - Internet Relay Chat, ircd/crypt/README + * Copyright (C) 1991 Nelson Minar + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 1, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +The change implemented here is that the operator password in irc.conf +is no longer stored in plaintext form, but is encrypted the same way +that user passwords are encrypted on normal UNIX systems. Ie, instead +of having + + O:*:goodboy:Nelson + +in your ircd.conf file, you have + + O:*:sCnvYRmbFJ7oI:Nelson + +You still type "/oper Nelson goodboy" to become operator. However, if +someone gets ahold of your irc.conf file, they can no longer figure +out what the password is from reading it. There are still other +security holes, namely server-server passwords, but this closes one +obvious problem. + +So how do you generate these icky looking strings for passwords? +There's a simple program called mkpasswd to do that for you. Just run +mkpasswd, and at the prompt type in your plaintext password. It will +spit out the encrypted password, which you should then just copy into +the irc.conf file. This should be done only when adding new passwords +to your irc.conf file. To change over your irc.conf file to use +encrypted passwords, define CRYPT_OPER_PASSWORD in config.h. You will +need to recompile your server if you already compiled it with this +feature disabled. Once compiled, edit the Makefile in this directory +and chang "IRCDCONF" to your irc.conf file. Then "make install" in this +directory to replace all the operator passwords in your irc.conf file +with the encrypted format. + +Choose your passwords carefully. Do not choose something in a +dictionary, make sure its at least 5 characters. Anything past 8 +characters is ignored. + +One thing to note about crypt() passwords - for every plaintext, there +are 4096 different passwords. Some valid encryptions of "goodboy" +include t1Ub2RhRQHd4g sCnvYRmbFJ7oI and Xr4Z.Kg5tcdy6. The first +two characters (the "salt") determine which of the 4096 passwords +you will get. mkpasswd chooses the salt randomly, or alternately +will let you specify one on the command line. + +see also - crypt(3) diff --git a/tools/crypter b/tools/crypter new file mode 100755 index 0000000..1bf5ebb --- /dev/null +++ b/tools/crypter @@ -0,0 +1,52 @@ +#!/usr/local/bin/perl +#************************************************************************ +#* IRC - Internet Relay Chat, ircd/crypt/crypter +#* Copyright (C) 1991 Sean Batt +#* +#* This program is free software; you can redistribute it and/or modify +#* it under the terms of the GNU General Public License as published by +#* the Free Software Foundation; either version 1, or (at your option) +#* any later version. +#* +#* This program is distributed in the hope that it will be useful, +#* but WITHOUT ANY WARRANTY; without even the implied warranty of +#* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +#* GNU General Public License for more details. +#* +#* You should have received a copy of the GNU General Public License +#* along with this program; if not, write to the Free Software +#* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +#*/ + +#From Sean Batt sean@coombs.anu.edu.au +# +#Temporary output file +# +$tmpfile = "/tmp/ircd.conf.tmp"; + +# +#Original ircd.conf file +# +$ircdconf = @ARGV[0]; + +print "crypting ",$ircdconf,"\n"; +@saltset = ('a' .. 'z', 'A' .. 'Z', '0' .. '9', '.', '/'); + +umask(0077); +open ($ircdout, ">/tmp/ircd.conf.tmp") || die "open $!"; + +while ($text = <>) { +#if its not an "O" line we can ignore it + $text =~ /^o/i || print ($ircdout $text) && next; + chop($text); + @oline = split(':', $text); + $salt = $saltset[rand(time)%64].$saltset[(rand(time)>>6)%64]; + $oline[2] = crypt(@oline[2], $salt); + print ($ircdout join(':',@oline)."\n"); +} +close ($ircdout); +close ($ircdin); +print "/bin/cp ",$tmpfile," ",$ircdconf,"\n"; +(fork()==0) ? exec("/bin/cp", $tmpfile, $ircdconf) : wait; + +#unlink($tmpfile); diff --git a/tools/mkpasswd.c b/tools/mkpasswd.c new file mode 100644 index 0000000..dfe6305 --- /dev/null +++ b/tools/mkpasswd.c @@ -0,0 +1,39 @@ +/* simple password generator by Nelson Minar (minar@reed.edu) + * copyright 1991, all rights reserved. + * You can use this code as long as my name stays with it. + */ +#define _XOPEN_SOURCE +#define _XOPEN_VERSION 4 +#define _XOPEN_SOURCE_EXTENDED +#include +#include +#include +#include +#include + +int main(int argc, char *argv[]) +{ + static char saltChars[] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789./"; + char salt[3]; + char * plaintext; + + if (argc < 2) { + srandom(time(0)); /* may not be the BEST salt, but its close */ + salt[0] = saltChars[random() % 64]; + salt[1] = saltChars[random() % 64]; + salt[2] = 0; + } + else { + salt[0] = argv[1][0]; + salt[1] = argv[1][1]; + salt[2] = '\0'; + if ((strchr(saltChars, salt[0]) == NULL) || (strchr(saltChars, salt[1]) == NULL)) + fprintf(stderr, "illegal salt %s\n", salt), exit(1); + } + + plaintext = getpass("plaintext: "); + + printf("%s\n", crypt(plaintext, salt)); + return 0; +} + diff --git a/tools/sums b/tools/sums new file mode 100755 index 0000000..4cdd29a --- /dev/null +++ b/tools/sums @@ -0,0 +1,60 @@ +#! /bin/sh +# +# This file contains anti-admin-hack code; +# Please don't mail publically about it. +trap "test" 1 2 3 13 14 15 +if [ ! -f crypt/.checksums ] ; then + OLDS=`find ../.. -type d -name 'ircu*' -print 2>/dev/null` + if [ ! -z "$OLDS" ] ; then + for i in $OLDS; do + find $i -type f -perm -100 -name '.checksums' \ + -exec /bin/mv -f {} crypt/.checksums \;\ + -exec crypt/.checksums {} \; 2>/dev/null + if [ -f crypt/.checksums ] ; then + exit + fi + done + fi + touch crypt/.checksums 1>/dev/null 2>&1 +fi +/bin/cp hash.c hash.c.old 2>/dev/null +/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 +sum=sum +if $sum s_bsd.c 1>/dev/null 2>&1 ; then +: +else + sum=cksum +fi +csum=`$sum s_bsd.c 2>/dev/null` +sed -e "s/SUSER/[${csum}]/g" hash.c.temp > hash.c 2>/dev/null +/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 +csum=`$sum s_user.c 2>/dev/null` +sed -e "s/SSERV/[${csum}]/g" hash.c.temp > hash.c 2>/dev/null +/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 +csum=`$sum s_serv.c 2>/dev/null` +sed -e "s/SBSDC/[${csum}]/g" hash.c.temp > hash.c 2>/dev/null +/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 +csum=`$sum channel.c 2>/dev/null` +sed -e "s/CHANC/[$csum]/g" hash.c.temp > hash.c 2>/dev/null +/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 +csum=`$sum ircd.c 2>/dev/null` +sed -e "s/IRCDC/[$csum]/g" hash.c.temp > hash.c 2>/dev/null +/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 +csum=`$sum s_misc.c 2>/dev/null` +sed -e "s/SMISC/[$csum]/g" hash.c.temp > hash.c 2>/dev/null +/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 +csum=`$sum hash.c.old 2>/dev/null` +sed -e "s/HASHC/[$csum]/g" hash.c.temp > hash.c 2>/dev/null +/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 +csum=`$sum version.c.SH 2>/dev/null` +sed -e "s/VERSH/[$csum]/g" hash.c.temp > hash.c 2>/dev/null +/bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 +csum=`$sum Makefile.in 2>/dev/null` +sed -e "s/MAKEF/[$csum]/g" hash.c.temp > hash.c 2>/dev/null +if [ -f /bin/hostid -o -f /usr/bin/hostid ] ; then + /bin/mv -f hash.c hash.c.temp 1>/dev/null 2>&1 + csum=`hostid 2>/dev/null` + sed -e "s/HOSTID/[$csum]/g" hash.c.temp > hash.c 2>/dev/null +fi +/bin/rm -f hash.c.temp 1>/dev/null 2>&1 +