Security fix by trolltech

6 files changed, 227 insertions, 116 deletions

diff --git a/core/launcher/desktop.cpp b/core/launcher/desktop.cpp
index 24dce73..541b4be 100644
--- a/core/launcher/desktop.cpp
+++ b/core/launcher/desktop.cpp
@@ -566,8 +566,8 @@ void Desktop::execAutoStart() {
     if ( suspendTime.secsTo(now) >= (delay*60) ) {
         QCopEnvelope e("QPE/System", "execute(QString)");
         e << QString(appName);
-    } else {
-    }
+    } //else {
+    //}
 }
 
 #if defined(QPE_HAVE_TOGGLELIGHT)
diff --git a/core/launcher/launcher.pro b/core/launcher/launcher.pro
index ccf8231..169edc1 100644
--- a/core/launcher/launcher.pro
+++ b/core/launcher/launcher.pro
@@ -99,7 +99,7 @@ DEPENDPATH	+= $(OPIEDIR)/core/apps/calibrate
 INCLUDEPATH += $(OPIEDIR)/rsync
         DEPENDPATH+= $(OPIEDIR)/rsync
         TARGET  = qpe
-        LIBS    += -lqpe -lcrypt -lopie
+        LIBS    += -lqpe -lcrypt -lopie -luuid
 
 TRANSLATIONS = ../../i18n/de/qpe.ts \
          ../../i18n/en/qpe.ts \
diff --git a/core/launcher/qcopbridge.cpp b/core/launcher/qcopbridge.cpp
index 2d084fc..85993ee 100644
--- a/core/launcher/qcopbridge.cpp
+++ b/core/launcher/qcopbridge.cpp
@@ -1,7 +1,7 @@
 /**********************************************************************
-** Copyright (C) 2000 Trolltech AS.  All rights reserved.
+** Copyright (C) 2000-2002 Trolltech AS.  All rights reserved.
 **
-** This file is part of Qtopia Environment.
+** This file is part of the Qtopia Environment.
 **
 ** This file may be distributed and/or modified under the terms of the
 ** GNU General Public License version 2 as published by the Free Software
@@ -21,8 +21,11 @@
 #include "qcopbridge.h"
 #include "transferserver.h"
 
+#ifdef QWS
 #include <qpe/qcopenvelope_qws.h>
+#endif
 #include <qpe/qpeapplication.h>
+#include <qpe/version.h>
 
 #include <qdir.h>
 #include <qfile.h>
@@ -31,13 +34,11 @@
 #include <qstringlist.h>
 #include <qfileinfo.h>
 #include <qregexp.h>
+#ifdef QWS
 #include <qcopchannel_qws.h>
+#endif
 
-// actually this is wrong, _XOPEN_SOURCE should get defined on the commandline
-// and it should have a proper value assigned. (Simon)
-#if !defined(_XOPEN_SOURCE)
 #define _XOPEN_SOURCE
-#endif
 #include <pwd.h>
 #include <sys/types.h>
 #include <unistd.h>
@@ -59,19 +60,23 @@ QCopBridge::QCopBridge( Q_UINT16 port, QObject *parent,
     if ( !ok() )
   qWarning( "Failed to bind to port %d", port );
     else {
+#ifndef QT_NO_COP
   desktopChannel = new QCopChannel( "QPE/Desktop", this );
   connect( desktopChannel, SIGNAL(received(const QCString &, const QByteArray &)),
      this, SLOT(desktopMessage( const QCString &, const QByteArray &)) );
   cardChannel = new QCopChannel( "QPE/Card", this );
   connect( cardChannel, SIGNAL(received(const QCString &, const QByteArray &)),
      this, SLOT(desktopMessage( const QCString &, const QByteArray &)) );
+#endif
     }
     sendSync = FALSE;
 }
 
 QCopBridge::~QCopBridge()
 {
+#ifndef QT_NO_COP
     delete desktopChannel;
+#endif
 }
 
 void QCopBridge::newConnection( int socket )
@@ -79,7 +84,9 @@ void QCopBridge::newConnection( int socket )
     QCopBridgePI *pi = new QCopBridgePI( socket, this );
     openConnections.append( pi );
     connect ( pi, SIGNAL( connectionClosed( QCopBridgePI *) ), this, SLOT( connectionClosed( QCopBridgePI *) ) );
+#ifndef QT_NO_COP
     QCopEnvelope( "QPE/System", "setScreenSaverMode(int)" ) << QPEApplication::DisableSuspend;
+#endif
     
     if ( sendSync ) {
   pi ->startSync();
@@ -91,7 +98,9 @@ void QCopBridge::connectionClosed( QCopBridgePI *pi )
 {
     openConnections.remove( pi );
     if ( openConnections.count() == 0 ) {
+#ifndef QT_NO_COP
   QCopEnvelope( "QPE/System", "setScreenSaverMode(int)" ) << QPEApplication::Enable;
+#endif
     }
 }    
 
@@ -142,14 +151,32 @@ void QCopBridge::desktopMessage( const QCString &command, const QByteArray &args
     stream >> i;
     str = QString::number( i );
       } else {
-    qDebug(" cannot route the argument type %s through the qcop bridge", (*it).latin1() );
+                qDebug(" cannot route the argument type %s throught the qcop bridge", (*it).latin1() );
     return;
       }
-      str.replace( QRegExp("&"), "&amp;" );
-      str.replace( QRegExp(" "), "&0x20;" );
-      str.replace( QRegExp("\n"), "&0x0d;" );
-      str.replace( QRegExp("\r"), "&0x0a;" );
-      data += " " + str;
+            QString estr;
+            for (int i=0; i<(int)str.length(); i++) {
+                QChar ch = str[i];
+                if ( ch.row() )
+                    goto quick;
+                switch (ch.cell()) {
+                    case '&':
+                        estr.append( "&amp;" );
+                        break;
+                    case ' ':
+                        estr.append( "&0x20;" );
+                        break;
+                    case '\n':
+                        estr.append( "&0x0d;" );
+                        break;
+                    case '\r':
+                        estr.append( "&0x0a;" );
+                        break;
+                    default: quick:
+                        estr.append(ch);
+                }
+            }
+            data += " " + estr;
   }
     }
     QString sendCommand = QString(command.data()) + data;
@@ -182,7 +209,7 @@ QCopBridgePI::QCopBridgePI( int socket, QObject *parent, const char* name )
     peeraddress = peerAddress();
 
 #ifndef INSECURE
-    if ( !accessAuthorized(peeraddress) ) {
+    if ( !SyncAuthentication::isAuthorized(peeraddress) ) {
   state = Forbidden;
   startTimer( 0 );
     } else 
@@ -193,7 +220,12 @@ QCopBridgePI::QCopBridgePI( int socket, QObject *parent, const char* name )
   connect( this, SIGNAL( readyRead() ), SLOT( read() ) );
   connect( this, SIGNAL( connectionClosed() ), SLOT( connectionClosed() ) );
 
-  send( "220 Qtopia QCop bridge ready!" );
+        QString intro="220 Qtopia ";
+        intro += QPE_VERSION; intro += ";";
+        intro += "challenge="; intro += SyncAuthentication::serverId(); intro += ";";
+        intro += "loginname="; intro += SyncAuthentication::loginName(); intro += ";";
+        intro += "displayname="; intro += SyncAuthentication::ownerName(); intro += ";";
+        send( intro );
   state = Wait_USER;
 
   // idle timer to close connections when not used anymore
@@ -235,37 +267,6 @@ void QCopBridgePI::read()
   process( readLine().stripWhiteSpace() );
 }
 
-bool QCopBridgePI::checkUser( const QString& user )
-{
-    if ( user.isEmpty() ) return FALSE;
-
-    struct passwd *pw;
-    pw = getpwuid( geteuid() );
-    QString euser = QString::fromLocal8Bit( pw->pw_name );
-    return user == euser;
-}
-
-bool QCopBridgePI::checkPassword( const QString& password )
-{
-    // ### HACK for testing on local host
-    return true;
-
-    /*
-    struct passwd *pw = 0;
-    struct spwd *spw = 0;
-
-    pw = getpwuid( geteuid() );
-    spw = getspnam( pw->pw_name );
-
-    QString cpwd = QString::fromLocal8Bit( pw->pw_passwd );
-    if ( cpwd == "x" && spw )
-  cpwd = QString::fromLocal8Bit( spw->sp_pwdp );
-
-    QString cpassword = QString::fromLocal8Bit( crypt( password.local8Bit(), cpwd.local8Bit() ) );
-    return cpwd == cpassword;
-*/
-}
-
 void QCopBridgePI::process( const QString& message )
 {
     //qDebug( "Command: %s", message.latin1() );
@@ -296,7 +297,7 @@ void QCopBridgePI::process( const QString& message )
     // waiting for user name
     if ( Wait_USER == state ) {
 
-  if ( cmd != "USER" || msg.count() < 2 || !checkUser( arg ) ) {
+        if ( cmd != "USER" || msg.count() < 2 || !SyncAuthentication::checkUser( arg ) ) {
       send( "530 Please login with USER and PASS" );
       return;
   }
@@ -308,8 +309,7 @@ void QCopBridgePI::process( const QString& message )
     // waiting for password
     if ( Wait_PASS == state ) {
 
-  if ( cmd != "PASS" || !checkPassword( arg ) ) {
-  //if ( cmd != "PASS" || msg.count() < 2 || !checkPassword( arg ) ) {
+        if ( cmd != "PASS" || !SyncAuthentication::checkPassword( arg ) ) {
       send( "530 Please login with USER and PASS" );
       return;
   }
@@ -389,19 +389,23 @@ void QCopBridgePI::process( const QString& message )
     msgId++;
       }
 
+#ifndef QT_NO_COP
       if ( !QCopChannel::isRegistered( channel.latin1() ) ) {
     // send message back about it
     QString answer = "599 ChannelNotRegistered " + channel;
     send( answer );
     return;
       }
+#endif
       
+#ifndef QT_NO_COP
       if ( paramList.count() )
     QCopChannel::send( channel.latin1(), command.latin1(), buffer );
       else
     QCopChannel::send( channel.latin1(), command.latin1() );
 
       send( "200 Command okay" );
+#endif
   }
     }
     // not implemented
diff --git a/core/launcher/qcopbridge.h b/core/launcher/qcopbridge.h
index 114b3ee..408d10d 100644
--- a/core/launcher/qcopbridge.h
+++ b/core/launcher/qcopbridge.h
@@ -1,7 +1,7 @@
 /**********************************************************************
-** Copyright (C) 2000 Trolltech AS.  All rights reserved.
+** Copyright (C) 2000-2002 Trolltech AS.  All rights reserved.
 **
-** This file is part of Qtopia Environment.
+** This file is part of the Qtopia Environment.
 **
 ** This file may be distributed and/or modified under the terms of the
 ** GNU General Public License version 2 as published by the Free Software
@@ -79,9 +79,6 @@ protected slots:
     void connectionClosed();
 
 protected:
-    bool checkUser( const QString& user );
-    bool checkPassword( const QString& pw );
-
     void timerEvent( QTimerEvent *e );
 
 private:
diff --git a/core/launcher/transferserver.cpp b/core/launcher/transferserver.cpp
index 7294f9c..a6dab07 100644
--- a/core/launcher/transferserver.cpp
+++ b/core/launcher/transferserver.cpp
@@ -1,7 +1,7 @@
 /**********************************************************************
-** Copyright (C) 2000 Trolltech AS.  All rights reserved.
+** Copyright (C) 2000-2002 Trolltech AS.  All rights reserved.
 **
-** This file is part of Qtopia Environment.
+** This file is part of the Qtopia Environment.
 **
 ** This file may be distributed and/or modified under the terms of the
 ** GNU General Public License version 2 as published by the Free Software
@@ -22,6 +22,13 @@
 #include <sys/types.h>
 #include <unistd.h>
 #include <stdlib.h>
+#include <time.h>
+#include <shadow.h>
+
+extern "C" {
+#include <uuid/uuid.h>
+#define UUID_H_INCLUDED
+}
 
 #if defined(_OS_LINUX_)
 #include <shadow.h>
@@ -37,8 +44,14 @@
 #include <qregexp.h>
 //#include <qpe/qcopchannel_qws.h>
 #include <qpe/process.h>
+#include <qpe/global.h>
 #include <qpe/config.h>
+#include <qpe/contact.h>
+#include <qpe/quuid.h>
+#include <qpe/version.h>
+#ifdef QWS
 #include <qpe/qcopenvelope_qws.h>
+#endif
 
 #include "transferserver.h"
 #include "qprocess.h"
@@ -63,24 +76,130 @@ void TransferServer::newConnection( int socket )
     (void) new ServerPI( socket, this );
 }
 
-bool accessAuthorized(QHostAddress peeraddress)
+QString SyncAuthentication::serverId()
+{
+    Config cfg("Security");
+    cfg.setGroup("Sync");
+    QString r=cfg.readEntry("serverid");
+    if ( r.isEmpty() ) {
+        uuid_t uuid;
+        uuid_generate( uuid );
+        cfg.writeEntry("serverid",(r = QUuid( uuid ).toString()));
+    }
+    return r;
+}
+
+QString SyncAuthentication::ownerName()
+{
+    QString vfilename = Global::applicationFileName("addressbook",
+                "businesscard.vcf");
+    if (QFile::exists(vfilename)) {
+        Contact c;
+        c = Contact::readVCard( vfilename )[0];
+        return c.fullName();
+    }
+
+    return "";
+}
+
+QString SyncAuthentication::loginName()
+{
+    struct passwd *pw;
+    pw = getpwuid( geteuid() );
+    return QString::fromLocal8Bit( pw->pw_name );
+}
+
+int SyncAuthentication::isAuthorized(QHostAddress peeraddress)
 {
     Config cfg("Security");
     cfg.setGroup("Sync");
-    uint auth_peer = cfg.readNumEntry("auth_peer",0xc0a80100);
+    QString allowedstr = cfg.readEntry("auth_peer","192.168.1.0");
+    QHostAddress allowed;
+    allowed.setAddress(allowedstr);
+    uint auth_peer = allowed.ip4Addr();
     uint auth_peer_bits = cfg.readNumEntry("auth_peer_bits",24);
-    bool ok = (peeraddress.ip4Addr() & (((1<<auth_peer_bits)-1)<<(32-auth_peer_bits)))
-                    == auth_peer;
-    /* Allows denial-of-service attack.
-    if ( !ok ) {
-        QMessageBox::warning(0,tr("Security"),
-            tr("<p>An attempt to access this device from %1 has been denied.")
-                .arg(peeraddress.toString()));
+    uint mask = auth_peer_bits >= 32 // shifting by 32 is not defined
+        ? 0xffffffff : (((1<<auth_peer_bits)-1)<<(32-auth_peer_bits));
+    return (peeraddress.ip4Addr() & mask) == auth_peer;
+}
+
+bool SyncAuthentication::checkUser( const QString& user )
+{
+    if ( user.isEmpty() ) return FALSE;
+    QString euser = loginName();
+    return user == euser;
+}
+
+bool SyncAuthentication::checkPassword( const QString& password )
+{
+#ifdef ALLOW_UNIX_USER_FTP
+    // First, check system password...
+
+    struct passwd *pw = 0;
+    struct spwd *spw = 0;
+
+    pw = getpwuid( geteuid() );
+    spw = getspnam( pw->pw_name );
+
+    QString cpwd = QString::fromLocal8Bit( pw->pw_passwd );
+    if ( cpwd == "x" && spw )
+        cpwd = QString::fromLocal8Bit( spw->sp_pwdp );
+
+    // Note: some systems use more than crypt for passwords.
+    QString cpassword = QString::fromLocal8Bit( crypt( password.local8Bit(), cpwd.local8Bit() ) );
+    if ( cpwd == cpassword )
+        return TRUE;
+#endif
+
+    static int lastdenial=0;
+    static int denials=0;
+    int now = time(0);
+
+    // Detect old Qtopia Desktop (no password)
+    if ( password.isEmpty() ) {
+        if ( denials < 1 || now > lastdenial+600 ) {
+            QMessageBox::warning( 0,tr("Sync Connection"),
+                tr("<p>An unauthorized system is requesting access to this device."
+                    "<p>If you are using a version of Qtopia Desktop older than 1.5.1, "
+                    "please upgrade."),
+                tr("Deny") );
+            denials++;
+            lastdenial=now;
     }
-    */
-    return ok;
+        return FALSE;
 }
 
+    // Second, check sync password...
+    if ( password.left(6) == "Qtopia" ) {
+        QString cpassword = QString::fromLocal8Bit( crypt( password.mid(8).local8Bit(), "qp" ) );
+        Config cfg("Security");
+        cfg.setGroup("Sync");
+        QString pwds = cfg.readEntry("Passwords");
+        if ( QStringList::split(QChar(' '),pwds).contains(cpassword) )
+            return TRUE;
+
+        // Unrecognized system. Be careful...
+
+        if ( (denials > 2 && now < lastdenial+600)
+            || QMessageBox::warning(0,tr("Sync Connection"),
+                tr("<p>An unrecognized system is requesting access to this device."
+                    "<p>If you have just initiated a Sync for the first time, this is normal."),
+                tr("Allow"),tr("Deny"))==1 )
+        {
+            denials++;
+            lastdenial=now;
+            return FALSE;
+        } else {
+            denials=0;
+            cfg.writeEntry("Passwords",pwds+" "+cpassword);
+            return TRUE;
+        }
+    }
+
+    return FALSE;
+}
+
+
 ServerPI::ServerPI( int socket, QObject *parent, const char* name )
     : QSocket( parent, name ) , dtp( 0 ), serversocket( 0 ), waitsocket( 0 )
 {
@@ -92,7 +211,7 @@ ServerPI::ServerPI( int socket, QObject *parent, const char* name )
     peeraddress = peerAddress();
 
 #ifndef INSECURE
-    if ( !accessAuthorized(peeraddress) ) {
+    if ( !SyncAuthentication::isAuthorized(peeraddress) ) {
         state = Forbidden;
         startTimer( 0 );
     } else
@@ -105,7 +224,7 @@ ServerPI::ServerPI( int socket, QObject *parent, const char* name )
         for( int i = 0; i < 4; i++ )
             wait[i] = FALSE;
 
-        send( "220 Qtopia transfer service ready!" );
+        send( "220 Qtopia " QPE_VERSION " FTP Server" );
         state = Wait_USER;
 
         dtp = new ServerDTP( this );
@@ -151,37 +270,6 @@ void ServerPI::read()
         process( readLine().stripWhiteSpace() );
 }
 
-bool ServerPI::checkUser( const QString& user )
-{
-    if ( user.isEmpty() ) return FALSE;
-
-    struct passwd *pw;
-    pw = getpwuid( geteuid() );
-    QString euser = QString::fromLocal8Bit( pw->pw_name );
-    return user == euser;
-}
-
-bool ServerPI::checkPassword( const QString& /* password */ )
-{
-    // ### HACK for testing on local host
-    return true;
-
-    /*
-    struct passwd *pw = 0;
-    struct spwd *spw = 0;
-
-    pw = getpwuid( geteuid() );
-    spw = getspnam( pw->pw_name );
-
-    QString cpwd = QString::fromLocal8Bit( pw->pw_passwd );
-    if ( cpwd == "x" && spw )
-        cpwd = QString::fromLocal8Bit( spw->sp_pwdp );
-
-    QString cpassword = QString::fromLocal8Bit( crypt( password.local8Bit(), cpwd.local8Bit() ) );
-    return cpwd == cpassword;
-*/
-}
-
 bool ServerPI::checkReadFile( const QString& file )
 {
     QString filename;
@@ -254,7 +342,7 @@ void ServerPI::process( const QString& message )
     // waiting for user name
     if ( Wait_USER == state ) {
 
-        if ( cmd != "USER" || msg.count() < 2 || !checkUser( arg ) ) {
+        if ( cmd != "USER" || msg.count() < 2 || !SyncAuthentication::checkUser( arg ) ) {
             send( "530 Please login with USER and PASS" );
             return;
         }
@@ -266,8 +354,7 @@ void ServerPI::process( const QString& message )
     // waiting for password
     if ( Wait_PASS == state ) {
 
-        if ( cmd != "PASS" || !checkPassword( arg ) ) {
-        //if ( cmd != "PASS" || msg.count() < 2 || !checkPassword( arg ) ) {
+        if ( cmd != "PASS" || !SyncAuthentication::checkPassword( arg ) ) {
             send( "530 Please login with USER and PASS" );
             return;
         }
@@ -454,12 +541,15 @@ void ServerPI::process( const QString& message )
             send( "500 Syntax error, command unrecognized" );
         else {
             QFile file( absFilePath( args ) ) ;
-            if ( file.remove() )
+            if ( file.remove() ) {
                 send( "250 Requested file action okay, completed" );
-            else
+                QCopEnvelope e("QPE/System", "linkChanged(QString)" );
+                e << file.name();
+            } else {
                 send( "550 Requested action not taken" );
         }
     }
+    }
 
     // remove directory (RMD)
     else if ( cmd == "RMD" ) {
@@ -634,9 +724,16 @@ bool ServerPI::parsePort( const QString& pp )
 
 void ServerPI::dtpCompleted()
 {
-    dtp->close();
-    waitsocket = 0;
     send( "226 Closing data connection, file transfer successful" );
+    if ( dtp->dtpMode() == ServerDTP::RetrieveFile ) {
+        QString fn = dtp->fileName();
+        if ( fn.right(8)==".desktop" && fn.find("/Documents/")>=0 ) {
+            QCopEnvelope e("QPE/System", "linkChanged(QString)" );
+            e << fn;
+        }
+    }
+    waitsocket = 0;
+    dtp->close();
 }
 
 void ServerPI::dtpFailed()
@@ -852,7 +949,7 @@ void ServerPI::timerEvent( QTimerEvent * )
 }
 
 
-ServerDTP::ServerDTP( QObject *parent, const char* name )
+ServerDTP::ServerDTP( QObject *parent = 0, const char* name = 0)
   : QSocket( parent, name ), mode( Idle ), createTargzProc( 0 ),
 retrieveTargzProc( 0 ), gzipProc( 0 )
 {
@@ -891,8 +988,10 @@ ServerDTP::~ServerDTP()
 void ServerDTP::extractTarDone()
 {
     qDebug("extract done");
+#ifndef QT_NO_COP
     QCopEnvelope e( "QPE/Desktop", "restoreDone(QString)" );
     e << file.name();
+#endif
 }
 
 void ServerDTP::connected()
diff --git a/core/launcher/transferserver.h b/core/launcher/transferserver.h
index 076e460..a3bb060 100644
--- a/core/launcher/transferserver.h
+++ b/core/launcher/transferserver.h
@@ -1,7 +1,7 @@
 /**********************************************************************
-** Copyright (C) 2000 Trolltech AS.  All rights reserved.
+** Copyright (C) 2000-2002 Trolltech AS.  All rights reserved.
 **
-** This file is part of Qtopia Environment.
+** This file is part of the Qtopia Environment.
 **
 ** This file may be distributed and/or modified under the terms of the
 ** GNU General Public License version 2 as published by the Free Software
@@ -36,6 +36,20 @@ public:
     void newConnection( int socket );
 };
 
+class SyncAuthentication : QObject
+{
+    Q_OBJECT
+
+public:
+    static int isAuthorized(QHostAddress peeraddress);
+    static bool checkPassword(const QString& pw);
+    static bool checkUser(const QString& user);
+
+    static QString serverId();
+    static QString loginName();
+    static QString ownerName();
+};
+
 
 class ServerDTP : public QSocket
 {
@@ -65,6 +79,7 @@ public:
 
     Mode dtpMode() { return mode; }
     QByteArray buffer() { return buf.buffer(); }
+    QString fileName() const { return file.name(); }
 
     void setSocket( int socket );
 
@@ -131,8 +146,6 @@ protected slots:
     void newConnection( int socket );
 
 protected:
-    bool checkUser( const QString& user );
-    bool checkPassword( const QString& pw );
     bool checkReadFile( const QString& file );
     bool checkWriteFile( const QString& file );
     bool parsePort( const QString& pw );
@@ -164,5 +177,3 @@ private:
     QString lastCommand;
     int waitsocket;
 };
-
-bool accessAuthorized(QHostAddress peeraddress);