Diffstat (limited to 'core/launcher/transferserver.cpp') (more/less context) (show whitespace changes)
-rw-r--r-- | core/launcher/transferserver.cpp | 207 |
1 files changed, 153 insertions, 54 deletions
diff --git a/core/launcher/transferserver.cpp b/core/launcher/transferserver.cpp index 7294f9c..a6dab07 100644 --- a/core/launcher/transferserver.cpp +++ b/core/launcher/transferserver.cpp | |||
@@ -1,6 +1,6 @@ | |||
1 | /********************************************************************** | 1 | /********************************************************************** |
2 | ** Copyright (C) 2000 Trolltech AS. All rights reserved. | 2 | ** Copyright (C) 2000-2002 Trolltech AS. All rights reserved. |
3 | ** | 3 | ** |
4 | ** This file is part of Qtopia Environment. | 4 | ** This file is part of the Qtopia Environment. |
5 | ** | 5 | ** |
6 | ** This file may be distributed and/or modified under the terms of the | 6 | ** This file may be distributed and/or modified under the terms of the |
@@ -23,4 +23,11 @@ | |||
23 | #include <unistd.h> | 23 | #include <unistd.h> |
24 | #include <stdlib.h> | 24 | #include <stdlib.h> |
25 | #include <time.h> | ||
26 | #include <shadow.h> | ||
27 | |||
28 | extern "C" { | ||
29 | #include <uuid/uuid.h> | ||
30 | #define UUID_H_INCLUDED | ||
31 | } | ||
25 | 32 | ||
26 | #if defined(_OS_LINUX_) | 33 | #if defined(_OS_LINUX_) |
@@ -38,6 +45,12 @@ | |||
38 | //#include <qpe/qcopchannel_qws.h> | 45 | //#include <qpe/qcopchannel_qws.h> |
39 | #include <qpe/process.h> | 46 | #include <qpe/process.h> |
47 | #include <qpe/global.h> | ||
40 | #include <qpe/config.h> | 48 | #include <qpe/config.h> |
49 | #include <qpe/contact.h> | ||
50 | #include <qpe/quuid.h> | ||
51 | #include <qpe/version.h> | ||
52 | #ifdef QWS | ||
41 | #include <qpe/qcopenvelope_qws.h> | 53 | #include <qpe/qcopenvelope_qws.h> |
54 | #endif | ||
42 | 55 | ||
43 | #include "transferserver.h" | 56 | #include "transferserver.h" |
@@ -64,22 +77,128 @@ void TransferServer::newConnection( int socket ) | |||
64 | } | 77 | } |
65 | 78 | ||
66 | bool accessAuthorized(QHostAddress peeraddress) | 79 | QString SyncAuthentication::serverId() |
80 | { | ||
81 | Config cfg("Security"); | ||
82 | cfg.setGroup("Sync"); | ||
83 | QString r=cfg.readEntry("serverid"); | ||
84 | if ( r.isEmpty() ) { | ||
85 | uuid_t uuid; | ||
86 | uuid_generate( uuid ); | ||
87 | cfg.writeEntry("serverid",(r = QUuid( uuid ).toString())); | ||
88 | } | ||
89 | return r; | ||
90 | } | ||
91 | |||
92 | QString SyncAuthentication::ownerName() | ||
93 | { | ||
94 | QString vfilename = Global::applicationFileName("addressbook", | ||
95 | "businesscard.vcf"); | ||
96 | if (QFile::exists(vfilename)) { | ||
97 | Contact c; | ||
98 | c = Contact::readVCard( vfilename )[0]; | ||
99 | return c.fullName(); | ||
100 | } | ||
101 | |||
102 | return ""; | ||
103 | } | ||
104 | |||
105 | QString SyncAuthentication::loginName() | ||
106 | { | ||
107 | struct passwd *pw; | ||
108 | pw = getpwuid( geteuid() ); | ||
109 | return QString::fromLocal8Bit( pw->pw_name ); | ||
110 | } | ||
111 | |||
112 | int SyncAuthentication::isAuthorized(QHostAddress peeraddress) | ||
67 | { | 113 | { |
68 | Config cfg("Security"); | 114 | Config cfg("Security"); |
69 | cfg.setGroup("Sync"); | 115 | cfg.setGroup("Sync"); |
70 | uint auth_peer = cfg.readNumEntry("auth_peer",0xc0a80100); | 116 | QString allowedstr = cfg.readEntry("auth_peer","192.168.1.0"); |
117 | QHostAddress allowed; | ||
118 | allowed.setAddress(allowedstr); | ||
119 | uint auth_peer = allowed.ip4Addr(); | ||
71 | uint auth_peer_bits = cfg.readNumEntry("auth_peer_bits",24); | 120 | uint auth_peer_bits = cfg.readNumEntry("auth_peer_bits",24); |
72 | bool ok = (peeraddress.ip4Addr() & (((1<<auth_peer_bits)-1)<<(32-auth_peer_bits))) | 121 | uint mask = auth_peer_bits >= 32 // shifting by 32 is not defined |
73 | == auth_peer; | 122 | ? 0xffffffff : (((1<<auth_peer_bits)-1)<<(32-auth_peer_bits)); |
74 | /* Allows denial-of-service attack. | 123 | return (peeraddress.ip4Addr() & mask) == auth_peer; |
75 | if ( !ok ) { | 124 | } |
76 | QMessageBox::warning(0,tr("Security"), | 125 | |
77 | tr("<p>An attempt to access this device from %1 has been denied.") | 126 | bool SyncAuthentication::checkUser( const QString& user ) |
78 | .arg(peeraddress.toString())); | 127 | { |
128 | if ( user.isEmpty() ) return FALSE; | ||
129 | QString euser = loginName(); | ||
130 | return user == euser; | ||
131 | } | ||
132 | |||
133 | bool SyncAuthentication::checkPassword( const QString& password ) | ||
134 | { | ||
135 | #ifdef ALLOW_UNIX_USER_FTP | ||
136 | // First, check system password... | ||
137 | |||
138 | struct passwd *pw = 0; | ||
139 | struct spwd *spw = 0; | ||
140 | |||
141 | pw = getpwuid( geteuid() ); | ||
142 | spw = getspnam( pw->pw_name ); | ||
143 | |||
144 | QString cpwd = QString::fromLocal8Bit( pw->pw_passwd ); | ||
145 | if ( cpwd == "x" && spw ) | ||
146 | cpwd = QString::fromLocal8Bit( spw->sp_pwdp ); | ||
147 | |||
148 | // Note: some systems use more than crypt for passwords. | ||
149 | QString cpassword = QString::fromLocal8Bit( crypt( password.local8Bit(), cpwd.local8Bit() ) ); | ||
150 | if ( cpwd == cpassword ) | ||
151 | return TRUE; | ||
152 | #endif | ||
153 | |||
154 | static int lastdenial=0; | ||
155 | static int denials=0; | ||
156 | int now = time(0); | ||
157 | |||
158 | // Detect old Qtopia Desktop (no password) | ||
159 | if ( password.isEmpty() ) { | ||
160 | if ( denials < 1 || now > lastdenial+600 ) { | ||
161 | QMessageBox::warning( 0,tr("Sync Connection"), | ||
162 | tr("<p>An unauthorized system is requesting access to this device." | ||
163 | "<p>If you are using a version of Qtopia Desktop older than 1.5.1, " | ||
164 | "please upgrade."), | ||
165 | tr("Deny") ); | ||
166 | denials++; | ||
167 | lastdenial=now; | ||
79 | } | 168 | } |
80 | */ | 169 | return FALSE; |
81 | return ok; | ||
82 | } | 170 | } |
83 | 171 | ||
172 | // Second, check sync password... | ||
173 | if ( password.left(6) == "Qtopia" ) { | ||
174 | QString cpassword = QString::fromLocal8Bit( crypt( password.mid(8).local8Bit(), "qp" ) ); | ||
175 | Config cfg("Security"); | ||
176 | cfg.setGroup("Sync"); | ||
177 | QString pwds = cfg.readEntry("Passwords"); | ||
178 | if ( QStringList::split(QChar(' '),pwds).contains(cpassword) ) | ||
179 | return TRUE; | ||
180 | |||
181 | // Unrecognized system. Be careful... | ||
182 | |||
183 | if ( (denials > 2 && now < lastdenial+600) | ||
184 | || QMessageBox::warning(0,tr("Sync Connection"), | ||
185 | tr("<p>An unrecognized system is requesting access to this device." | ||
186 | "<p>If you have just initiated a Sync for the first time, this is normal."), | ||
187 | tr("Allow"),tr("Deny"))==1 ) | ||
188 | { | ||
189 | denials++; | ||
190 | lastdenial=now; | ||
191 | return FALSE; | ||
192 | } else { | ||
193 | denials=0; | ||
194 | cfg.writeEntry("Passwords",pwds+" "+cpassword); | ||
195 | return TRUE; | ||
196 | } | ||
197 | } | ||
198 | |||
199 | return FALSE; | ||
200 | } | ||
201 | |||
202 | |||
84 | ServerPI::ServerPI( int socket, QObject *parent, const char* name ) | 203 | ServerPI::ServerPI( int socket, QObject *parent, const char* name ) |
85 | : QSocket( parent, name ) , dtp( 0 ), serversocket( 0 ), waitsocket( 0 ) | 204 | : QSocket( parent, name ) , dtp( 0 ), serversocket( 0 ), waitsocket( 0 ) |
@@ -93,5 +212,5 @@ ServerPI::ServerPI( int socket, QObject *parent, const char* name ) | |||
93 | 212 | ||
94 | #ifndef INSECURE | 213 | #ifndef INSECURE |
95 | if ( !accessAuthorized(peeraddress) ) { | 214 | if ( !SyncAuthentication::isAuthorized(peeraddress) ) { |
96 | state = Forbidden; | 215 | state = Forbidden; |
97 | startTimer( 0 ); | 216 | startTimer( 0 ); |
@@ -106,5 +225,5 @@ ServerPI::ServerPI( int socket, QObject *parent, const char* name ) | |||
106 | wait[i] = FALSE; | 225 | wait[i] = FALSE; |
107 | 226 | ||
108 | send( "220 Qtopia transfer service ready!" ); | 227 | send( "220 Qtopia " QPE_VERSION " FTP Server" ); |
109 | state = Wait_USER; | 228 | state = Wait_USER; |
110 | 229 | ||
@@ -152,35 +271,4 @@ void ServerPI::read() | |||
152 | } | 271 | } |
153 | 272 | ||
154 | bool ServerPI::checkUser( const QString& user ) | ||
155 | { | ||
156 | if ( user.isEmpty() ) return FALSE; | ||
157 | |||
158 | struct passwd *pw; | ||
159 | pw = getpwuid( geteuid() ); | ||
160 | QString euser = QString::fromLocal8Bit( pw->pw_name ); | ||
161 | return user == euser; | ||
162 | } | ||
163 | |||
164 | bool ServerPI::checkPassword( const QString& /* password */ ) | ||
165 | { | ||
166 | // ### HACK for testing on local host | ||
167 | return true; | ||
168 | |||
169 | /* | ||
170 | struct passwd *pw = 0; | ||
171 | struct spwd *spw = 0; | ||
172 | |||
173 | pw = getpwuid( geteuid() ); | ||
174 | spw = getspnam( pw->pw_name ); | ||
175 | |||
176 | QString cpwd = QString::fromLocal8Bit( pw->pw_passwd ); | ||
177 | if ( cpwd == "x" && spw ) | ||
178 | cpwd = QString::fromLocal8Bit( spw->sp_pwdp ); | ||
179 | |||
180 | QString cpassword = QString::fromLocal8Bit( crypt( password.local8Bit(), cpwd.local8Bit() ) ); | ||
181 | return cpwd == cpassword; | ||
182 | */ | ||
183 | } | ||
184 | |||
185 | bool ServerPI::checkReadFile( const QString& file ) | 273 | bool ServerPI::checkReadFile( const QString& file ) |
186 | { | 274 | { |
@@ -255,5 +343,5 @@ void ServerPI::process( const QString& message ) | |||
255 | if ( Wait_USER == state ) { | 343 | if ( Wait_USER == state ) { |
256 | 344 | ||
257 | if ( cmd != "USER" || msg.count() < 2 || !checkUser( arg ) ) { | 345 | if ( cmd != "USER" || msg.count() < 2 || !SyncAuthentication::checkUser( arg ) ) { |
258 | send( "530 Please login with USER and PASS" ); | 346 | send( "530 Please login with USER and PASS" ); |
259 | return; | 347 | return; |
@@ -267,6 +355,5 @@ void ServerPI::process( const QString& message ) | |||
267 | if ( Wait_PASS == state ) { | 355 | if ( Wait_PASS == state ) { |
268 | 356 | ||
269 | if ( cmd != "PASS" || !checkPassword( arg ) ) { | 357 | if ( cmd != "PASS" || !SyncAuthentication::checkPassword( arg ) ) { |
270 | //if ( cmd != "PASS" || msg.count() < 2 || !checkPassword( arg ) ) { | ||
271 | send( "530 Please login with USER and PASS" ); | 358 | send( "530 Please login with USER and PASS" ); |
272 | return; | 359 | return; |
@@ -455,10 +542,13 @@ void ServerPI::process( const QString& message ) | |||
455 | else { | 542 | else { |
456 | QFile file( absFilePath( args ) ) ; | 543 | QFile file( absFilePath( args ) ) ; |
457 | if ( file.remove() ) | 544 | if ( file.remove() ) { |
458 | send( "250 Requested file action okay, completed" ); | 545 | send( "250 Requested file action okay, completed" ); |
459 | else | 546 | QCopEnvelope e("QPE/System", "linkChanged(QString)" ); |
547 | e << file.name(); | ||
548 | } else { | ||
460 | send( "550 Requested action not taken" ); | 549 | send( "550 Requested action not taken" ); |
461 | } | 550 | } |
462 | } | 551 | } |
552 | } | ||
463 | 553 | ||
464 | // remove directory (RMD) | 554 | // remove directory (RMD) |
@@ -635,7 +725,14 @@ bool ServerPI::parsePort( const QString& pp ) | |||
635 | void ServerPI::dtpCompleted() | 725 | void ServerPI::dtpCompleted() |
636 | { | 726 | { |
637 | dtp->close(); | ||
638 | waitsocket = 0; | ||
639 | send( "226 Closing data connection, file transfer successful" ); | 727 | send( "226 Closing data connection, file transfer successful" ); |
728 | if ( dtp->dtpMode() == ServerDTP::RetrieveFile ) { | ||
729 | QString fn = dtp->fileName(); | ||
730 | if ( fn.right(8)==".desktop" && fn.find("/Documents/")>=0 ) { | ||
731 | QCopEnvelope e("QPE/System", "linkChanged(QString)" ); | ||
732 | e << fn; | ||
733 | } | ||
734 | } | ||
735 | waitsocket = 0; | ||
736 | dtp->close(); | ||
640 | } | 737 | } |
641 | 738 | ||
@@ -853,5 +950,5 @@ void ServerPI::timerEvent( QTimerEvent * ) | |||
853 | 950 | ||
854 | 951 | ||
855 | ServerDTP::ServerDTP( QObject *parent, const char* name ) | 952 | ServerDTP::ServerDTP( QObject *parent = 0, const char* name = 0) |
856 | : QSocket( parent, name ), mode( Idle ), createTargzProc( 0 ), | 953 | : QSocket( parent, name ), mode( Idle ), createTargzProc( 0 ), |
857 | retrieveTargzProc( 0 ), gzipProc( 0 ) | 954 | retrieveTargzProc( 0 ), gzipProc( 0 ) |
@@ -892,6 +989,8 @@ void ServerDTP::extractTarDone() | |||
892 | { | 989 | { |
893 | qDebug("extract done"); | 990 | qDebug("extract done"); |
991 | #ifndef QT_NO_COP | ||
894 | QCopEnvelope e( "QPE/Desktop", "restoreDone(QString)" ); | 992 | QCopEnvelope e( "QPE/Desktop", "restoreDone(QString)" ); |
895 | e << file.name(); | 993 | e << file.name(); |
994 | #endif | ||
896 | } | 995 | } |
897 | 996 | ||