1 files changed, 9 insertions, 3 deletions

diff --git a/core/launcher/transferserver.cpp b/core/launcher/transferserver.cpp
index 28b7b49..9d18b7b 100644
--- a/core/launcher/transferserver.cpp
+++ b/core/launcher/transferserver.cpp
@@ -1,369 +1,375 @@
 /**********************************************************************
 ** Copyright (C) 2000-2002 Trolltech AS.  All rights reserved.
 **
 ** This file is part of the Qtopia Environment.
 **
 ** This file may be distributed and/or modified under the terms of the
 ** GNU General Public License version 2 as published by the Free Software
 ** Foundation and appearing in the file LICENSE.GPL included in the
 ** packaging of this file.
 **
 ** This file is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE
 ** WARRANTY OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
 **
 ** See http://www.trolltech.com/gpl/ for GPL licensing information.
 **
 ** Contact info@trolltech.com if any conditions of this licensing are
 ** not clear to you.
 **
 **********************************************************************/
 #define _XOPEN_SOURCE
 #include <pwd.h>
 #include <sys/types.h>
 #include <unistd.h>
 #include <stdlib.h>
 #include <time.h>
 #include <shadow.h>
 
 extern "C" {
 #include <uuid/uuid.h>
 #define UUID_H_INCLUDED
 }
 
 #if defined(_OS_LINUX_)
 #include <shadow.h>
 #endif
 
 #include <qdir.h>
 #include <qfile.h>
 #include <qtextstream.h>
 #include <qdatastream.h>
 #include <qmessagebox.h>
 #include <qstringlist.h>
 #include <qfileinfo.h>
 #include <qregexp.h>
 //#include <qpe/qcopchannel_qws.h>
 #include <qpe/process.h>
 #include <qpe/global.h>
 #include <qpe/config.h>
 #include <qpe/contact.h>
 #include <qpe/quuid.h>
 #include <qpe/version.h>
 #ifdef QWS
 #include <qpe/qcopenvelope_qws.h>
 #endif
 
 #include "transferserver.h"
 #include "qprocess.h"
 
 const int block_size = 51200;
 
 TransferServer::TransferServer( Q_UINT16 port, QObject *parent ,
         const char* name )
     : QServerSocket( port, 1, parent, name )
 {
     if ( !ok() )
   qWarning( "Failed to bind to port %d", port );
 }
 
 TransferServer::~TransferServer()
 {
 
 }
 
 void TransferServer::newConnection( int socket )
 {
     (void) new ServerPI( socket, this );
 }
 
 QString SyncAuthentication::serverId()
 {
     Config cfg("Security");
     cfg.setGroup("Sync");
     QString r=cfg.readEntry("serverid");
     if ( r.isEmpty() ) {
   uuid_t uuid;
   uuid_generate( uuid );
   cfg.writeEntry("serverid",(r = QUuid( uuid ).toString()));
     }
     return r;
 }
 
 QString SyncAuthentication::ownerName()
 {
     QString vfilename = Global::applicationFileName("addressbook",
                 "businesscard.vcf");
     if (QFile::exists(vfilename)) {
   Contact c;
   c = Contact::readVCard( vfilename )[0];
   return c.fullName();
     }
 
     return "";
 }
 
 QString SyncAuthentication::loginName()
 {
     struct passwd *pw;
     pw = getpwuid( geteuid() );
     return QString::fromLocal8Bit( pw->pw_name );
 }
 
 int SyncAuthentication::isAuthorized(QHostAddress peeraddress)
 {
     Config cfg("Security");
     cfg.setGroup("Sync");
 //    QString allowedstr = cfg.readEntry("auth_peer","192.168.1.0");
      uint auth_peer = cfg.readNumEntry("auth_peer",0xc0a80100);
     
 //    QHostAddress allowed;
 //    allowed.setAddress(allowedstr);
 //    uint auth_peer = allowed.ip4Addr();
     uint auth_peer_bits = cfg.readNumEntry("auth_peer_bits",24);
     uint mask = auth_peer_bits >= 32 // shifting by 32 is not defined
   ? 0xffffffff : (((1<<auth_peer_bits)-1)<<(32-auth_peer_bits));
     return (peeraddress.ip4Addr() & mask) == auth_peer;
 }
 
 bool SyncAuthentication::checkUser( const QString& user )
 {
     if ( user.isEmpty() ) return FALSE;
     QString euser = loginName();
     return user == euser;
 }
 
 bool SyncAuthentication::checkPassword( const QString& password )
 {
 #ifdef ALLOW_UNIX_USER_FTP
     // First, check system password...
 
     struct passwd *pw = 0;
     struct spwd *spw = 0;
 
     pw = getpwuid( geteuid() );
     spw = getspnam( pw->pw_name );
 
     QString cpwd = QString::fromLocal8Bit( pw->pw_passwd );
     if ( cpwd == "x" && spw )
   cpwd = QString::fromLocal8Bit( spw->sp_pwdp );
 
     // Note: some systems use more than crypt for passwords.
     QString cpassword = QString::fromLocal8Bit( crypt( password.local8Bit(), cpwd.local8Bit() ) );
     if ( cpwd == cpassword )
   return TRUE;
 #endif
 
     static int lastdenial=0;
     static int denials=0;
     int now = time(0);
 
     // Detect old Qtopia Desktop (no password)
     if ( password.isEmpty() ) {
   if ( denials < 1 || now > lastdenial+600 ) {
       QMessageBox::warning( 0,tr("Sync Connection"),
     tr("<p>An unauthorized system is requesting access to this device."
         "<p>If you are using a version of Qtopia Desktop older than 1.5.1, "
         "please upgrade."),
     tr("Deny") );
       denials++;
       lastdenial=now;
   }
   return FALSE;
     }
 
     // Second, check sync password...
-    if ( password.left(6) == "rootme" ) {
-          // fuckin TT gave us the wrong sync password.
-          // what a dumbassed password is rootme anyway.
+    QString pass = password.left(6);
+    /* old QtopiaDesktops are sending 
+     * rootme newer versions got a Qtopia
+     * prefixed. Qtopia prefix will suceed
+     * until the sync software syncs up
+     * FIXME
+     */
+    if ( pass == "rootme" || pass == "Qtopia") {
+          
   QString cpassword = QString::fromLocal8Bit( crypt( password.mid(8).local8Bit(), "qp" ) );
   Config cfg("Security");
   cfg.setGroup("Sync");
   QString pwds = cfg.readEntry("Passwords");
   if ( QStringList::split(QChar(' '),pwds).contains(cpassword) )
       return TRUE;
 
   // Unrecognized system. Be careful...
 
   if ( (denials > 2 && now < lastdenial+600)
       || QMessageBox::warning(0,tr("Sync Connection"),
     tr("<p>An unrecognized system is requesting access to this device."
         "<p>If you have just initiated a Sync for the first time, this is normal."),
     tr("Allow"),tr("Deny"))==1 )
   {
       denials++;
       lastdenial=now;
       return FALSE;
   } else {
       denials=0;
       cfg.writeEntry("Passwords",pwds+" "+cpassword);
       return TRUE;
   }
     }
 
     return FALSE;
 }
 
 ServerPI::ServerPI( int socket, QObject *parent , const char* name  )
     : QSocket( parent, name ) , dtp( 0 ), serversocket( 0 ), waitsocket( 0 )
 {
     state = Connected;
 
     setSocket( socket );
 
     peerport = peerPort();
     peeraddress = peerAddress();
 
 #ifndef INSECURE
     if ( !SyncAuthentication::isAuthorized(peeraddress) ) {
   state = Forbidden;
   startTimer( 0 );
     } else
 #endif  
     {
   connect( this, SIGNAL( readyRead() ), SLOT( read() ) );
   connect( this, SIGNAL( connectionClosed() ), SLOT( connectionClosed() ) );
   
   passiv = FALSE;
   for( int i = 0; i < 4; i++ )
       wait[i] = FALSE;
 
   send( "220 Qtopia " QPE_VERSION " FTP Server" );
   state = Wait_USER;
 
   dtp = new ServerDTP( this );
   connect( dtp, SIGNAL( completed() ), SLOT( dtpCompleted() ) );
   connect( dtp, SIGNAL( failed() ), SLOT( dtpFailed() ) );
   connect( dtp, SIGNAL( error( int ) ), SLOT( dtpError( int ) ) );
 
 
   directory = QDir::currentDirPath();
 
   static int p = 1024;
 
   while ( !serversocket || !serversocket->ok() ) {
       delete serversocket;
       serversocket = new ServerSocket( ++p, this );
   }
   connect( serversocket, SIGNAL( newIncomming( int ) ),
      SLOT( newConnection( int ) ) );
     }
 }
 
 ServerPI::~ServerPI()
 {
 
 }
 
 void ServerPI::connectionClosed()
 {
     // qDebug( "Debug: Connection closed" );
     delete this;
 }
 
 void ServerPI::send( const QString& msg )
 {
     QTextStream os( this );
     os << msg << endl;
     //qDebug( "Reply: %s", msg.latin1() );
 }
 
 void ServerPI::read()
 {
     while ( canReadLine() )
   process( readLine().stripWhiteSpace() );
 }
 
 bool ServerPI::checkReadFile( const QString& file )
 {
     QString filename;
 
     if ( file[0] != "/" )
   filename = directory.path() + "/" + file;
     else
   filename = file;
 
     QFileInfo fi( filename );
     return ( fi.exists() && fi.isReadable() );
 }
 
 bool ServerPI::checkWriteFile( const QString& file )
 {
     QString filename;
 
     if ( file[0] != "/" )
   filename = directory.path() + "/" + file;
     else
   filename = file;
 
     QFileInfo fi( filename );
 
     if ( fi.exists() )
   if ( !QFile( filename ).remove() )
       return FALSE;
     return TRUE;
 }
 
 void ServerPI::process( const QString& message )
 {
     //qDebug( "Command: %s", message.latin1() );
 
     // split message using "," as separator
     QStringList msg = QStringList::split( " ", message );
     if ( msg.isEmpty() ) return;
 
     // command token
     QString cmd = msg[0].upper();
 
     // argument token
     QString arg;
     if ( msg.count() >= 2 )
   arg = msg[1];
 
     // full argument string
     QString args;
     if ( msg.count() >= 2 ) {
         QStringList copy( msg );
         // FIXME: for Qt3
         // copy.pop_front()
         copy.remove( copy.begin() );
         args = copy.join( " " );
     }
 
     //qDebug( "args: %s", args.latin1() );
 
     // we always respond to QUIT, regardless of state
     if ( cmd == "QUIT" ) {
   send( "211 Good bye!" );
   delete this;
   return;
     }
 
     // connected to client
     if ( Connected == state )
   return;
 
     // waiting for user name
     if ( Wait_USER == state ) {
 
   if ( cmd != "USER" || msg.count() < 2 || !SyncAuthentication::checkUser( arg ) ) {
       send( "530 Please login with USER and PASS" );
       return;
   }
   send( "331 User name ok, need password" );
   state = Wait_PASS;
   return;
     }
 
     // waiting for password
     if ( Wait_PASS == state ) {
 
   if ( cmd != "PASS" || !SyncAuthentication::checkPassword( arg ) ) {
       send( "530 Please login with USER and PASS" );
       return;
   }
   send( "230 User logged in, proceed" );
   state = Ready;
   return;
     }
 
     // ACCESS CONTROL COMMANDS