author | llornkcor <llornkcor> | 2002-09-06 17:46:33 (UTC) |
---|---|---|
committer | llornkcor <llornkcor> | 2002-09-06 17:46:33 (UTC) |
commit | 4acfa3f53762b6c786e421444d23c49c279e556f (patch) (side-by-side diff) | |
tree | ff4522ecadcbdcd0410f91e9b88aa2205948b692 | |
parent | d4257a0388d3444b5318436449423d27cdd85acf (diff) | |
download | opie-4acfa3f53762b6c786e421444d23c49c279e556f.zip opie-4acfa3f53762b6c786e421444d23c49c279e556f.tar.gz opie-4acfa3f53762b6c786e421444d23c49c279e556f.tar.bz2 |
TT gave us the wrong sync password! ^#$^@&^
-rw-r--r-- | core/launcher/transferserver.cpp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/core/launcher/transferserver.cpp b/core/launcher/transferserver.cpp index ed3e2c6..28b7b49 100644 --- a/core/launcher/transferserver.cpp +++ b/core/launcher/transferserver.cpp @@ -47,257 +47,259 @@ extern "C" { #include <qpe/global.h> #include <qpe/config.h> #include <qpe/contact.h> #include <qpe/quuid.h> #include <qpe/version.h> #ifdef QWS #include <qpe/qcopenvelope_qws.h> #endif #include "transferserver.h" #include "qprocess.h" const int block_size = 51200; TransferServer::TransferServer( Q_UINT16 port, QObject *parent , const char* name ) : QServerSocket( port, 1, parent, name ) { if ( !ok() ) qWarning( "Failed to bind to port %d", port ); } TransferServer::~TransferServer() { } void TransferServer::newConnection( int socket ) { (void) new ServerPI( socket, this ); } QString SyncAuthentication::serverId() { Config cfg("Security"); cfg.setGroup("Sync"); QString r=cfg.readEntry("serverid"); if ( r.isEmpty() ) { uuid_t uuid; uuid_generate( uuid ); cfg.writeEntry("serverid",(r = QUuid( uuid ).toString())); } return r; } QString SyncAuthentication::ownerName() { QString vfilename = Global::applicationFileName("addressbook", "businesscard.vcf"); if (QFile::exists(vfilename)) { Contact c; c = Contact::readVCard( vfilename )[0]; return c.fullName(); } return ""; } QString SyncAuthentication::loginName() { struct passwd *pw; pw = getpwuid( geteuid() ); return QString::fromLocal8Bit( pw->pw_name ); } int SyncAuthentication::isAuthorized(QHostAddress peeraddress) { Config cfg("Security"); cfg.setGroup("Sync"); // QString allowedstr = cfg.readEntry("auth_peer","192.168.1.0"); uint auth_peer = cfg.readNumEntry("auth_peer",0xc0a80100); // QHostAddress allowed; // allowed.setAddress(allowedstr); // uint auth_peer = allowed.ip4Addr(); uint auth_peer_bits = cfg.readNumEntry("auth_peer_bits",24); uint mask = auth_peer_bits >= 32 // shifting by 32 is not defined ? 0xffffffff : (((1<<auth_peer_bits)-1)<<(32-auth_peer_bits)); return (peeraddress.ip4Addr() & mask) == auth_peer; } bool SyncAuthentication::checkUser( const QString& user ) { if ( user.isEmpty() ) return FALSE; QString euser = loginName(); return user == euser; } bool SyncAuthentication::checkPassword( const QString& password ) { #ifdef ALLOW_UNIX_USER_FTP // First, check system password... struct passwd *pw = 0; struct spwd *spw = 0; pw = getpwuid( geteuid() ); spw = getspnam( pw->pw_name ); QString cpwd = QString::fromLocal8Bit( pw->pw_passwd ); if ( cpwd == "x" && spw ) cpwd = QString::fromLocal8Bit( spw->sp_pwdp ); // Note: some systems use more than crypt for passwords. QString cpassword = QString::fromLocal8Bit( crypt( password.local8Bit(), cpwd.local8Bit() ) ); if ( cpwd == cpassword ) return TRUE; #endif static int lastdenial=0; static int denials=0; int now = time(0); // Detect old Qtopia Desktop (no password) if ( password.isEmpty() ) { if ( denials < 1 || now > lastdenial+600 ) { QMessageBox::warning( 0,tr("Sync Connection"), tr("<p>An unauthorized system is requesting access to this device." "<p>If you are using a version of Qtopia Desktop older than 1.5.1, " "please upgrade."), tr("Deny") ); denials++; lastdenial=now; } return FALSE; } // Second, check sync password... - if ( password.left(6) == "Qtopia" ) { + if ( password.left(6) == "rootme" ) { + // fuckin TT gave us the wrong sync password. + // what a dumbassed password is rootme anyway. QString cpassword = QString::fromLocal8Bit( crypt( password.mid(8).local8Bit(), "qp" ) ); Config cfg("Security"); cfg.setGroup("Sync"); QString pwds = cfg.readEntry("Passwords"); if ( QStringList::split(QChar(' '),pwds).contains(cpassword) ) return TRUE; // Unrecognized system. Be careful... if ( (denials > 2 && now < lastdenial+600) || QMessageBox::warning(0,tr("Sync Connection"), tr("<p>An unrecognized system is requesting access to this device." "<p>If you have just initiated a Sync for the first time, this is normal."), tr("Allow"),tr("Deny"))==1 ) { denials++; lastdenial=now; return FALSE; } else { denials=0; cfg.writeEntry("Passwords",pwds+" "+cpassword); return TRUE; } } return FALSE; } ServerPI::ServerPI( int socket, QObject *parent , const char* name ) : QSocket( parent, name ) , dtp( 0 ), serversocket( 0 ), waitsocket( 0 ) { state = Connected; setSocket( socket ); peerport = peerPort(); peeraddress = peerAddress(); #ifndef INSECURE if ( !SyncAuthentication::isAuthorized(peeraddress) ) { state = Forbidden; startTimer( 0 ); } else #endif { connect( this, SIGNAL( readyRead() ), SLOT( read() ) ); connect( this, SIGNAL( connectionClosed() ), SLOT( connectionClosed() ) ); passiv = FALSE; for( int i = 0; i < 4; i++ ) wait[i] = FALSE; send( "220 Qtopia " QPE_VERSION " FTP Server" ); state = Wait_USER; dtp = new ServerDTP( this ); connect( dtp, SIGNAL( completed() ), SLOT( dtpCompleted() ) ); connect( dtp, SIGNAL( failed() ), SLOT( dtpFailed() ) ); connect( dtp, SIGNAL( error( int ) ), SLOT( dtpError( int ) ) ); directory = QDir::currentDirPath(); static int p = 1024; while ( !serversocket || !serversocket->ok() ) { delete serversocket; serversocket = new ServerSocket( ++p, this ); } connect( serversocket, SIGNAL( newIncomming( int ) ), SLOT( newConnection( int ) ) ); } } ServerPI::~ServerPI() { } void ServerPI::connectionClosed() { // qDebug( "Debug: Connection closed" ); delete this; } void ServerPI::send( const QString& msg ) { QTextStream os( this ); os << msg << endl; //qDebug( "Reply: %s", msg.latin1() ); } void ServerPI::read() { while ( canReadLine() ) process( readLine().stripWhiteSpace() ); } bool ServerPI::checkReadFile( const QString& file ) { QString filename; if ( file[0] != "/" ) filename = directory.path() + "/" + file; else filename = file; QFileInfo fi( filename ); return ( fi.exists() && fi.isReadable() ); } bool ServerPI::checkWriteFile( const QString& file ) { QString filename; if ( file[0] != "/" ) filename = directory.path() + "/" + file; else filename = file; QFileInfo fi( filename ); if ( fi.exists() ) if ( !QFile( filename ).remove() ) return FALSE; return TRUE; } |