use crypto/rand to generate random password on windows sandbox account

Author: leafo

fuji/check.go

@@ -35,9 +35,12 @@ func (i *instance) Check(consumer *state.Consumer) error {
 				// Some Windows versions (10 for example) expire password automatically.
 				// Thankfully, we can renew it without administrator access, simply by using the old one.
 				consumer.Opf("Password has expired, setting new password...")
-				newPassword := generatePassword()
+				newPassword, err := generatePassword()
+				if err != nil {
+					return fmt.Errorf("generating new password: %w", err)
+				}
 
-				err := syscallex.NetUserChangePassword(
+				err = syscallex.NetUserChangePassword(
 					nil, // domainname
 					syscall.StringToUTF16Ptr(creds.Username),
 					syscall.StringToUTF16Ptr(creds.Password),

fuji/password.go

@@ -3,10 +3,10 @@
 package fuji
 
 import (
-	"math/rand"
+	"crypto/rand"
+	"fmt"
+	"math/big"
 	"strings"
-	"sync"
-	"time"
 )
 
 /** Letters used when generating a random password */
@@ -18,38 +18,47 @@ const kNumbers = "0123456789"
 /** Special characters used when generating a random password */
 const kSpecial = "!_?-.;+/()=&"
 
-func randomCharFromSet(prng *rand.Rand, set string) string {
-	index := prng.Intn(len(set))
-	return set[index : index+1]
+func randomCharFromSet(set string) (string, error) {
+	index, err := randomInt(len(set))
+	if err != nil {
+		return "", err
+	}
+	return set[index : index+1], nil
+}
+
+func randomInt(max int) (int, error) {
+	if max <= 0 {
+		return 0, fmt.Errorf("max must be positive")
+	}
+	n, err := rand.Int(rand.Reader, big.NewInt(int64(max)))
+	if err != nil {
+		return 0, fmt.Errorf("could not generate secure random integer: %w", err)
+	}
+	return int(n.Int64()), nil
 }
 
-func generatePassword() string {
+func generatePassword() (string, error) {
 	pwd := ""
-	prng := getPrng()
 
 	for i := 0; i < 16; i++ {
 		var token string
+		var err error
 		switch i % 4 {
 		case 0:
-			token = randomCharFromSet(prng, kLetters)
+			token, err = randomCharFromSet(kLetters)
 		case 1:
-			token = randomCharFromSet(prng, kNumbers)
+			token, err = randomCharFromSet(kNumbers)
 		case 2:
-			token = randomCharFromSet(prng, kSpecial)
+			token, err = randomCharFromSet(kSpecial)
 		case 3:
-			token = strings.ToUpper(randomCharFromSet(prng, kLetters))
+			var letter string
+			letter, err = randomCharFromSet(kLetters)
+			token = strings.ToUpper(letter)
+		}
+		if err != nil {
+			return "", err
 		}
 		pwd += token
 	}
-	return pwd
-}
-
-var _prng *rand.Rand
-var _initPrngOnce sync.Once
-
-func getPrng() *rand.Rand {
-	_initPrngOnce.Do(func() {
-		_prng = rand.New(rand.NewSource(time.Now().UnixNano()))
-	})
-	return _prng
+	return pwd, nil
 }

fuji/password_test.go

@@ -13,7 +13,8 @@ func Test_GeneratePassword(t *testing.T) {
 	previousPasswords := make(map[string]bool)
 
 	for i := 0; i < 100; i++ {
-		pass := generatePassword()
+		pass, err := generatePassword()
+		assert.NoError(t, err)
 		assert.True(t, strings.ContainsAny(pass, kLetters), "password has letters")
 		assert.True(t, strings.ContainsAny(pass, kNumbers), "password has numbers")
 		assert.True(t, strings.ContainsAny(pass, kSpecial), "password has special characters")

fuji/setup.go

@@ -41,7 +41,10 @@ func (i *instance) Setup(consumer *state.Consumer) error {
 	username = existingCreds.Username
 	if username != "" {
 		consumer.Opf("Trying to salvage existing account (%s)....", username)
-		password = generatePassword()
+		password, err = generatePassword()
+		if err != nil {
+			return fmt.Errorf("generating password: %w", err)
+		}
 		err = winox.ForceSetPassword(username, password)
 		if err != nil {
 			consumer.Warnf("Could not force password: %+v", err)
@@ -55,7 +58,10 @@ func (i *instance) Setup(consumer *state.Consumer) error {
 		username = fmt.Sprintf("itch-player-%x", time.Now().Unix())
 		consumer.Opf("Generated username (%s)", username)
 
-		password = generatePassword()
+		password, err = generatePassword()
+		if err != nil {
+			return fmt.Errorf("generating password: %w", err)
+		}
 		consumer.Opf("Generated password (%s)", password)
 
 		comment := "itch.io sandbox user"

runner/fuji_windows.go

@@ -48,6 +48,10 @@ func (wr *fujiRunner) Prepare() error {
 	if err != nil {
 		consumer.Warnf("Sandbox check failed: %s", err.Error())
 
+		if wr.params.FujiParams.PerformElevatedSetup == nil {
+			return fmt.Errorf("sandbox setup callback is not configured")
+		}
+
 		err := wr.params.FujiParams.PerformElevatedSetup()
 		if err != nil {
 			return err