From 4d981756ce026e0e6dd6e553e6c2367c936f2ece Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Thu, 16 Sep 2010 23:18:16 -0600 Subject: [PATCH 1/5] Move from xxtea to arc4 arc4 has known attacks, but you need a lot of data first. More data that we'll have tokens. --- src/Makefile | 2 +- src/arc4.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++ src/arc4.h | 19 +++++++++++++++++ src/claim.cgi.c | 2 +- src/in.tokend.c | 43 ++++++++++++++++++------------------- src/puzzler.cgi.c | 2 +- src/puzzles.cgi.c | 5 ++--- src/xxtea.c | 51 -------------------------------------------- src/xxtea.h | 2 -- 9 files changed, 98 insertions(+), 82 deletions(-) create mode 100644 src/arc4.c create mode 100644 src/arc4.h delete mode 100644 src/xxtea.c delete mode 100644 src/xxtea.h diff --git a/src/Makefile b/src/Makefile index 06e35b5..8d5b537 100644 --- a/src/Makefile +++ b/src/Makefile @@ -5,7 +5,7 @@ all: build build: $(TARGETS) -in.tokend: in.tokend.o xxtea.o common.o +in.tokend: in.tokend.o arc4.o common.o pointscli: pointscli.o common.o puzzles.cgi: puzzles.cgi.o common.o diff --git a/src/arc4.c b/src/arc4.c new file mode 100644 index 0000000..2a2ec84 --- /dev/null +++ b/src/arc4.c @@ -0,0 +1,54 @@ +#include +#include +#include "arc4.h" + +#define swap(a, b) do {int _swap=a; a=b, b=_swap;} while (0) + +void +arc4_init(struct arc4_ctx *ctx, uint8_t const *key, size_t keylen) +{ + int i; + int j = 0; + + for (i = 0; i < 256; i += 1) { + ctx->S[i] = i; + } + + for (i = 0; i < 256; i += 1) { + j = (j + ctx->S[i] + key[i % keylen]) % 256; + swap(ctx->S[i], ctx->S[j]); + } + ctx->i = 0; + ctx->j = 0; +} + +void +arc4_crypt(struct arc4_ctx *ctx, + uint8_t *obuf, uint8_t const *ibuf, size_t buflen) +{ + int i = ctx->i; + int j = ctx->j; + size_t k; + + for (k = 0; k < buflen; k += 1) { + uint8_t mask; + + i = (i + 1) % 256; + j = (j + ctx->S[i]) % 256; + swap(ctx->S[i], ctx->S[j]); + mask = ctx->S[(ctx->S[i] + ctx->S[j]) % 256]; + obuf[k] = ibuf[k] ^ mask; + } + ctx->i = i; + ctx->j = j; +} + +void +arc4_crypt_buffer(uint8_t const *key, size_t keylen, + uint8_t *buf, size_t buflen) +{ + struct arc4_ctx ctx; + + arc4_init(&ctx, key, keylen); + arc4_crypt(&ctx, buf, buf, buflen); +} diff --git a/src/arc4.h b/src/arc4.h new file mode 100644 index 0000000..b8f41fb --- /dev/null +++ b/src/arc4.h @@ -0,0 +1,19 @@ +#ifndef __ARC4_H__ +#define __ARC4_H__ + +#include +#include + +struct arc4_ctx { + uint8_t S[256]; + uint8_t i; + uint8_t j; +}; + +void arc4_init(struct arc4_ctx *ctx, uint8_t const *key, size_t keylen); +void arc4_crypt(struct arc4_ctx *ctx, + uint8_t *obuf, uint8_t const *ibuf, size_t buflen); +void arc4_crypt_buffer(uint8_t const *key, size_t keylen, + uint8_t *buf, size_t buflen); + +#endif diff --git a/src/claim.cgi.c b/src/claim.cgi.c index d684da3..928fa89 100644 --- a/src/claim.cgi.c +++ b/src/claim.cgi.c @@ -64,7 +64,7 @@ main(int argc, char *argv[]) category[i] = '\0'; { - char line[TEAM_MAX + TOKEN_MAX + 1]; + char line[200]; my_snprintf(line, sizeof(line), "%s %s", team, token); diff --git a/src/in.tokend.c b/src/in.tokend.c index f86a626..94a9605 100644 --- a/src/in.tokend.c +++ b/src/in.tokend.c @@ -10,7 +10,7 @@ #include #include #include "common.h" -#include "xxtea.h" +#include "arc4.h" #define itokenlen 3 @@ -69,11 +69,12 @@ bubblebabble(char *out, char const *in, const size_t inlen) int main(int argc, char *argv[]) { - char service[50]; - size_t servicelen; - char token[80]; - size_t tokenlen; - uint32_t key[4]; + char service[50]; + size_t servicelen; + char token[80]; + size_t tokenlen; + uint8_t key[256]; + size_t keylen; /* Seed the random number generator. This ought to be unpredictable enough for a contest. */ @@ -83,7 +84,7 @@ main(int argc, char *argv[]) { ssize_t len; - len = read(0, service, sizeof(service) - 1); + len = read(0, service, sizeof(service)); for (servicelen = 0; (servicelen < len) && isalnum(service[servicelen]); servicelen += 1); @@ -91,22 +92,23 @@ main(int argc, char *argv[]) /* Read in that service's key. */ { - int fd; - size_t len; + int fd; + int ret; - fd = open(srv_path("token.keys/%s", service), O_RDONLY); + fd = open(srv_path("token.keys/%*s", servicelen, service), O_RDONLY); if (-1 == fd) { write(1, "!nosvc", 6); return 0; } - len = read(fd, &key, 16); - close(fd); - - if (16 != len) { - write(1, "!shortkey", 9); + ret = read(fd, &key, sizeof(key)); + if (-1 == ret) { + write(1, "!read", 5); return 0; } + keylen = (size_t)ret; + + close(fd); } /* Create the token. */ @@ -158,19 +160,14 @@ main(int argc, char *argv[]) } } - /* Encrypt the token. Note that now tokenlen is in uint32_ts, not - chars! Also remember that token must be big enough to hold a - multiple of 4 chars, since tea will go ahead and jumble them up for - you. If the compiler aligns words this shouldn't be a problem. */ + /* Encrypt the token. */ { - tokenlen = (tokenlen + (tokenlen % sizeof(uint32_t))) / sizeof(uint32_t); - - tea_encode(key, (uint32_t *)token, tokenlen); + arc4_crypt_buffer(key, keylen, (uint8_t *)token, tokenlen); } /* Send it back. If there's an error here, it's okay. Better to have unclaimed tokens than unclaimable ones. */ - write(1, token, tokenlen * sizeof(uint32_t)); + write(1, token, tokenlen); return 0; } diff --git a/src/puzzler.cgi.c b/src/puzzler.cgi.c index 235a110..cf986c5 100644 --- a/src/puzzler.cgi.c +++ b/src/puzzler.cgi.c @@ -68,7 +68,7 @@ main(int argc, char *argv[]) } { - char line[TEAM_MAX + CAT_MAX + sizeof(points_str) + 2]; + char line[200]; my_snprintf(line, sizeof(line), "%s %s %ld", team, category, points); diff --git a/src/puzzles.cgi.c b/src/puzzles.cgi.c index 9f07af2..f12bec8 100644 --- a/src/puzzles.cgi.c +++ b/src/puzzles.cgi.c @@ -19,11 +19,12 @@ longcmp(long *a, long *b) #define PUZZLES_MAX 100 /** Keeps track of the most points yet awarded in each category */ +int ncats = 0; struct { char cat[CAT_MAX]; long points; } points_by_cat[PUZZLES_MAX]; -int ncats = 0; + size_t read_until_char(FILE *f, char *buf, size_t buflen, char delim) @@ -70,8 +71,6 @@ main(int argc, char *argv[]) read_until_char(f, points_str, sizeof(points_str), '\n'); points = atol(points_str); - printf("%s %ld\n", cat, points); - for (i = 0; i < ncats; i += 1) { if (0 == strcmp(cat, points_by_cat[i].cat)) break; } diff --git a/src/xxtea.c b/src/xxtea.c deleted file mode 100644 index df121b2..0000000 --- a/src/xxtea.c +++ /dev/null @@ -1,51 +0,0 @@ -#include -#include - -#define DELTA 0x9e3779b9 -#define MX ((z>>5^y<<2) + (y>>3^z<<4)) ^ ((sum^y) + (k[(p&3)^e] ^ z)); - -void -btea(uint32_t *v, int n, uint32_t const k[4]) -{ - uint32_t y, z, sum; - unsigned p, rounds, e; - - if (n > 1) { /* Coding Part */ - rounds = 6 + 52/n; - sum = 0; - z = v[n-1]; - do { - sum += DELTA; - e = (sum >> 2) & 3; - for (p=0; p> 2) & 3; - for (p=n-1; p>0; p--) - z = v[p-1], y = v[p] -= MX; - z = v[n-1]; - y = v[0] -= MX; - } while ((sum -= DELTA) != 0); - } -} - -void -tea_encode(uint32_t const key[4], uint32_t *buf, size_t buflen) -{ - btea(buf, buflen, key); -} - -void -tea_decode(uint32_t const key[4], uint32_t *buf, size_t buflen) -{ - btea(buf, -buflen, key); -} - diff --git a/src/xxtea.h b/src/xxtea.h deleted file mode 100644 index 071a1ec..0000000 --- a/src/xxtea.h +++ /dev/null @@ -1,2 +0,0 @@ -void tea_encode(uint32_t const key[4], uint32_t *buf, size_t buflen); -void tea_decode(uint32_t const key[4], uint32_t *buf, size_t buflen); From 2f3634167bf20225cdd5a12235e010b8b6a23a77 Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Thu, 16 Sep 2010 23:53:31 -0600 Subject: [PATCH 2/5] I misread man sprintf; corrected --- src/in.tokend.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/in.tokend.c b/src/in.tokend.c index 94a9605..712b92d 100644 --- a/src/in.tokend.c +++ b/src/in.tokend.c @@ -95,7 +95,7 @@ main(int argc, char *argv[]) int fd; int ret; - fd = open(srv_path("token.keys/%*s", servicelen, service), O_RDONLY); + fd = open(srv_path("token.keys/%.*s", servicelen, service), O_RDONLY); if (-1 == fd) { write(1, "!nosvc", 6); return 0; @@ -125,7 +125,7 @@ main(int argc, char *argv[]) /* Append digest to service name. */ tokenlen = (size_t)snprintf(token, sizeof(token), - "%*s:%s", + "%.*s:%s", servicelen, service, digest); } From e730b0766d51256ddaecb6f75fd93b151fd4c784 Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Sat, 18 Sep 2010 21:56:57 -0600 Subject: [PATCH 3/5] Add tokencli, add nonce to token protocol --- doc/ideas.txt | 20 ++++++----- src/Makefile | 5 ++- src/common.c | 23 +++++++++++++ src/common.h | 2 ++ src/in.tokend.c | 32 ++++++++++------- src/tokencli.c | 92 +++++++++++++++++++++++++++++++++++++++++++++++++ test.sh | 8 ++--- 7 files changed, 157 insertions(+), 25 deletions(-) create mode 100644 src/tokencli.c diff --git a/doc/ideas.txt b/doc/ideas.txt index debae61..0bf82e9 100644 --- a/doc/ideas.txt +++ b/doc/ideas.txt @@ -1,11 +1,15 @@ Ideas for puzzles ================= * Hide something in a .docx zip file - - -Network treasure hunt ---------------------- -* DHCP option -* Single TCP RST with token in payload -* Multiple TCP RST with different payloads -* +* Bootable image with FreeDOS, Linux, Inferno? HURD? + * Bury puzzles in various weird locations within each OS + * Maybe put some in the boot loader, too + * Perhaps have some sort of network puzzle as well +* Network treasure hunt + * DHCP option + * Single TCP RST with token in payload + * Multiple TCP RST with different payloads +* PXE boot some sort of points-gathering client + * Init asks for a team hash, and starts awarding points + * Broken startup scripts, when fixed award more points + * Lots of remote exploits diff --git a/src/Makefile b/src/Makefile index 8d5b537..43cd59b 100644 --- a/src/Makefile +++ b/src/Makefile @@ -1,11 +1,14 @@ CFLAGS = -Wall -Werror -TARGETS = in.tokend pointscli claim.cgi puzzler.cgi puzzles.cgi +TARGETS = in.tokend tokencli claim.cgi +TARGETS += puzzler.cgi puzzles.cgi +TARGETS += pointscli all: build build: $(TARGETS) in.tokend: in.tokend.o arc4.o common.o +tokencli: tokencli.o arc4.o pointscli: pointscli.o common.o puzzles.cgi: puzzles.cgi.o common.o diff --git a/src/common.c b/src/common.c index 878c447..0bfc2db 100644 --- a/src/common.c +++ b/src/common.c @@ -282,6 +282,29 @@ fgrepx(char const *needle, char const *filename) return found; } +int32_t +my_random() +{ + static int urandom = -2; + int len; + int32_t ret; + + if (-2 == urandom) { + urandom = open("/dev/urandom", O_RDONLY); + srandom(time(NULL) * getpid()); + } + if (-1 == urandom) { + return (int32_t)random(); + } + + len = read(urandom, &ret, sizeof(ret)); + if (len != sizeof(ret)) { + return (int32_t)random(); + } + + return ret; +} + int my_snprintf(char *buf, size_t buflen, char *fmt, ...) { diff --git a/src/common.h b/src/common.h index 8488271..d045893 100644 --- a/src/common.h +++ b/src/common.h @@ -2,6 +2,7 @@ #define __COMMON_H__ #include +#include #define TEAM_MAX 40 #define CAT_MAX 40 @@ -16,6 +17,7 @@ void cgi_error(char *fmt, ...); int fgrepx(char const *needle, char const *filename); +int32_t my_random(); int my_snprintf(char *buf, size_t buflen, char *fmt, ...); char *srv_path(char const *fmt, ...); int team_exists(char const *teamhash); diff --git a/src/in.tokend.c b/src/in.tokend.c index 712b92d..543866e 100644 --- a/src/in.tokend.c +++ b/src/in.tokend.c @@ -9,6 +9,7 @@ #include #include #include +#include #include "common.h" #include "arc4.h" @@ -76,15 +77,12 @@ main(int argc, char *argv[]) uint8_t key[256]; size_t keylen; - /* Seed the random number generator. This ought to be unpredictable - enough for a contest. */ - srand((int)time(NULL) * (int)getpid()); - /* Read service name. */ { ssize_t len; len = read(0, service, sizeof(service)); + if (0 >= len) return 0; for (servicelen = 0; (servicelen < len) && isalnum(service[servicelen]); servicelen += 1); @@ -97,13 +95,13 @@ main(int argc, char *argv[]) fd = open(srv_path("token.keys/%.*s", servicelen, service), O_RDONLY); if (-1 == fd) { - write(1, "!nosvc", 6); + perror("Open key"); return 0; } ret = read(fd, &key, sizeof(key)); if (-1 == ret) { - write(1, "!read", 5); + perror("Read key"); return 0; } keylen = (size_t)ret; @@ -111,17 +109,27 @@ main(int argc, char *argv[]) close(fd); } + /* Send a nonce, expect it back encrypted */ + { + int32_t nonce = my_random(); + int32_t enonce = 0; + + write(1, &nonce, sizeof(nonce)); + arc4_crypt_buffer(key, keylen, (uint8_t *)&nonce, sizeof(nonce)); + read(0, &enonce, sizeof(enonce)); + if (nonce != enonce) { + write(1, ":<", 2); + return 0; + } + } + /* Create the token. */ { - uint8_t crap[itokenlen]; + int32_t crap = my_random(); char digest[bubblebabble_len(itokenlen)]; - int i; /* Digest some random junk. */ - for (i = 0; i < itokenlen; i += 1) { - crap[i] = (uint8_t)random(); - } - bubblebabble(digest, (char *)crap, itokenlen); + bubblebabble(digest, (char *)&crap, itokenlen); /* Append digest to service name. */ tokenlen = (size_t)snprintf(token, sizeof(token), diff --git a/src/tokencli.c b/src/tokencli.c new file mode 100644 index 0000000..8cbbf5c --- /dev/null +++ b/src/tokencli.c @@ -0,0 +1,92 @@ +#include +#include +#include +#include +#include +#include +#include +#include "arc4.h" + +/* I don't feel compelled to put all the TCP client code in here + * when it's so simple to run this with netcat or ucspi. Plus, using + * stdin and stdout makes it simpler to test. + */ + +int +read_key(char *filename, uint8_t *key, size_t *keylen) +{ + int fd = open(filename, O_RDONLY); + int len; + + if (-1 == fd) { + perror("open"); + return EX_NOINPUT; + } + + len = read(fd, key, *keylen); + if (-1 == len) { + perror("read"); + return EX_NOINPUT; + } + *keylen = (size_t)len; + + return 0; +} + +int +main(int argc, char *argv[]) { + uint8_t skey[200]; + size_t skeylen = sizeof(skey); + char token[200]; + size_t tokenlen; + int ret; + + if (argc != 3) { + fprintf(stderr, "Usage: %s SERVICE SERVICEKEY 3>TOKENFILE\n", argv[0]); + fprintf(stderr, "\n"); + fprintf(stderr, "SERVICEKEY is a filenames.\n"); + fprintf(stderr, "Tokens are written to file descriptor 3.\n"); + return EX_USAGE; + } + + /* read in keys */ + ret = read_key(argv[2], skey, &skeylen); + if (0 != ret) return ret; + + /* write service name */ + write(1, argv[1], strlen(argv[1])); + + /* read nonce, send back encrypted version */ + { + uint8_t nonce[80]; + int noncelen; + + noncelen = read(0, nonce, sizeof(nonce)); + if (0 >= noncelen) { + perror("read"); + return EX_IOERR; + } + arc4_crypt_buffer(skey, skeylen, nonce, (size_t)noncelen); + write(1, nonce, (size_t)noncelen); + } + + /* read token */ + { + int len; + + len = read(0, token, sizeof(token)); + if (0 >= len) { + perror("read"); + return EX_IOERR; + } + tokenlen = (size_t)len; + } + + /* decrypt it */ + arc4_crypt_buffer(skey, skeylen, (uint8_t *)token, tokenlen); + + /* write it to fd 3 */ + write(3, token, tokenlen); + + return 0; +} diff --git a/test.sh b/test.sh index c8dba07..f299d32 100755 --- a/test.sh +++ b/test.sh @@ -88,8 +88,8 @@ fi mkdir -p $CTF_BASE/token.keys echo -n '0123456789abcdef' > $CTF_BASE/token.keys/tokencat -# in.tokend uses a random number generator -echo -n 'tokencat' | src/in.tokend > /dev/null +mkfifo $CTF_BASE/nancy +src/tokencli tokencat $CTF_BASE/token.keys/tokencat < $CTF_BASE/nancy 3>$CTF_BASE/t | src/in.tokend > $CTF_BASE/nancy if ! grep -q 'tokencat:x....-....x' $CTF_BASE/tokens.db; then die "in.tokend didn't write to database" @@ -103,11 +103,11 @@ if src/claim.cgi t=$hash k=tokencat:xanax-xanax | grep -q success; then die "claim.cgi gave points for a bogus token" fi -if ! src/claim.cgi t=$hash k=$(cat $CTF_BASE/tokens.db) | grep -q success; then +if ! src/claim.cgi t=$hash k=$(cat $CTF_BASE/t) | grep -q success; then die "claim.cgi didn't give me any points" fi -if src/claim.cgi t=$hash k=$(cat $CTF_BASE/tokens.db) | grep -q success; then +if src/claim.cgi t=$hash k=$(cat $CTF_BASE/t) | grep -q success; then die "claim.cgi gave me points twice for the same token" fi From edf695a35ea537189a9d6ebace32d71feec3b73d Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Tue, 21 Sep 2010 21:59:49 -0600 Subject: [PATCH 4/5] Make arc4 more streamy --- src/arc4.c | 27 ++++++++++++++++----------- src/arc4.h | 7 ++----- 2 files changed, 18 insertions(+), 16 deletions(-) diff --git a/src/arc4.c b/src/arc4.c index 2a2ec84..641d46d 100644 --- a/src/arc4.c +++ b/src/arc4.c @@ -4,6 +4,12 @@ #define swap(a, b) do {int _swap=a; a=b, b=_swap;} while (0) +struct arc4_ctx { + uint8_t S[256]; + uint8_t i; + uint8_t j; +}; + void arc4_init(struct arc4_ctx *ctx, uint8_t const *key, size_t keylen) { @@ -22,25 +28,24 @@ arc4_init(struct arc4_ctx *ctx, uint8_t const *key, size_t keylen) ctx->j = 0; } +uint8_t +arc4_pad(struct arc4_ctx *ctx) +{ + ctx->i = (ctx->i + 1) % 256; + ctx->j = (ctx->j + ctx->S[ctx->i]) % 256; + swap(ctx->S[ctx->i], ctx->S[ctx->j]); + return ctx->S[(ctx->S[ctx->i] + ctx->S[ctx->j]) % 256]; +} + void arc4_crypt(struct arc4_ctx *ctx, uint8_t *obuf, uint8_t const *ibuf, size_t buflen) { - int i = ctx->i; - int j = ctx->j; size_t k; for (k = 0; k < buflen; k += 1) { - uint8_t mask; - - i = (i + 1) % 256; - j = (j + ctx->S[i]) % 256; - swap(ctx->S[i], ctx->S[j]); - mask = ctx->S[(ctx->S[i] + ctx->S[j]) % 256]; - obuf[k] = ibuf[k] ^ mask; + obuf[k] = ibuf[k] ^ arc4_pad(ctx); } - ctx->i = i; - ctx->j = j; } void diff --git a/src/arc4.h b/src/arc4.h index b8f41fb..5ae3bd7 100644 --- a/src/arc4.h +++ b/src/arc4.h @@ -4,13 +4,10 @@ #include #include -struct arc4_ctx { - uint8_t S[256]; - uint8_t i; - uint8_t j; -}; +struct arc4_ctx; void arc4_init(struct arc4_ctx *ctx, uint8_t const *key, size_t keylen); +uint8_t arc4_pad(struct arc4_ctx *ctx); void arc4_crypt(struct arc4_ctx *ctx, uint8_t *obuf, uint8_t const *ibuf, size_t buflen); void arc4_crypt_buffer(uint8_t const *key, size_t keylen, From 8d8ea212502cede5767379a97aa33654bf95bfc6 Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Wed, 22 Sep 2010 21:12:24 -0600 Subject: [PATCH 5/5] Another tweak to FS structure --- src/claim.cgi.c | 4 ++-- src/common.c | 4 ++-- src/in.tokend.c | 4 ++-- src/puzzler.cgi.c | 2 +- src/puzzles.cgi.c | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/src/claim.cgi.c b/src/claim.cgi.c index 928fa89..e9a1f2a 100644 --- a/src/claim.cgi.c +++ b/src/claim.cgi.c @@ -48,7 +48,7 @@ main(int argc, char *argv[]) /* Does the token exist? */ - if (! fgrepx(token, srv_path("tokens.db"))) { + if (! fgrepx(token, srv_path("var/tokens.db"))) { cgi_page("Token does not exist", ""); } @@ -69,7 +69,7 @@ main(int argc, char *argv[]) my_snprintf(line, sizeof(line), "%s %s", team, token); award_and_log_uniquely(team, category, 1, - "tokens.db", line); + "var/tokens.db", line); } } diff --git a/src/common.c b/src/common.c index 0bfc2db..5807e64 100644 --- a/src/common.c +++ b/src/common.c @@ -364,7 +364,7 @@ team_exists(char const *teamhash) } /* stat seems to be the preferred way to check for existence. */ - ret = stat(srv_path("teams/names/%s", teamhash), &buf); + ret = stat(srv_path("var/teams/names/%s", teamhash), &buf); if (-1 == ret) { return 0; } @@ -420,7 +420,7 @@ award_points(char const *teamhash, token log. */ - filename = srv_path("points.new/%d.%d.%s.%s.%ld", + filename = srv_path("var/points.new/%d.%d.%s.%s.%ld", now, getpid(), teamhash, category, points); diff --git a/src/in.tokend.c b/src/in.tokend.c index 543866e..04c8f49 100644 --- a/src/in.tokend.c +++ b/src/in.tokend.c @@ -93,7 +93,7 @@ main(int argc, char *argv[]) int fd; int ret; - fd = open(srv_path("token.keys/%.*s", servicelen, service), O_RDONLY); + fd = open(srv_path("var/token.keys/%.*s", servicelen, service), O_RDONLY); if (-1 == fd) { perror("Open key"); return 0; @@ -143,7 +143,7 @@ main(int argc, char *argv[]) int ret; do { - fd = open(srv_path("tokens.db"), O_WRONLY | O_CREAT, 0666); + fd = open(srv_path("var/tokens.db"), O_WRONLY | O_CREAT, 0666); if (-1 == fd) break; ret = lockf(fd, F_LOCK, 0); diff --git a/src/puzzler.cgi.c b/src/puzzler.cgi.c index cf986c5..4a67af5 100644 --- a/src/puzzler.cgi.c +++ b/src/puzzler.cgi.c @@ -73,7 +73,7 @@ main(int argc, char *argv[]) my_snprintf(line, sizeof(line), "%s %s %ld", team, category, points); award_and_log_uniquely(team, category, points, - "puzzler.db", line); + "var/puzzler.db", line); } cgi_page("Points awarded", diff --git a/src/puzzles.cgi.c b/src/puzzles.cgi.c index f12bec8..d2fbb90 100644 --- a/src/puzzles.cgi.c +++ b/src/puzzles.cgi.c @@ -59,7 +59,7 @@ main(int argc, char *argv[]) } { - FILE *f = fopen(srv_path("puzzler.db"), "r"); + FILE *f = fopen(srv_path("var/puzzler.db"), "r"); char cat[CAT_MAX]; char points_str[11]; long points;