problems with security routines...
Posted: Wed Sep 28, 2005 2:44 pm
As you can read I'm having some problems with my security routines... Can someone take a look at it and check it out?
Code: Select all
' ' qbinux/tools/secure/secure.qs0 ' ' Copyright (C) 2005 Sebastian McClouth ' 'Modification history tools/secure/secure.sq0 ' '15 Sep 05 Sebastian McClouth ' 1st build attempt. Code based upon the login-routine by Z!re. ' Qbinux is currently single-tasking and single-user, so Getty supports ' to load only one user per login. '$DYNAMIC DEFINT A-Z '$INCLUDE: 'include/b4g.ql0' '$INCLUDE: 'include/qbinux.ql0' '$INCLUDE: 'include/handle.err' REM $STATIC SUB Getty DIM ProcInfo AS ProcInfoType 'In future release 'etc/getty.cfg' will be opened here. 'Version message 'Additional information: in future release 'etc/issue' will be openend to 'show the login-message. Currently, this file doesn't exist yet. Until the 'NVXFS is inplented in Qbinux Setup this file won't exist. 'Here comes the routine that checks if 'etc/issue' exist. PRINT PRINT McClouthLabel GetProcInfo ProcInfo PRINT CoreVersion + " on an " + lcase$(left$(GetVendorName$(ProcInfo.CpuVendor),1))+STRIM$(ProcInfo.CpuFamily)+"86" CurUser = CHR$(BITS2NUM("00000000")) 't$ = WorkPath(".../etc/passwd") 'Will be created at a later time. 'AlreadyHere& = GetID(t$, 0) 'R=Read 'W=Write 'H=Hidden 'D=Delete Protected ' 'RWHD PriPub = CHR$(BITS2NUM("001100000")) IsSystem = CHR$(BITS2NUM("10000000")) 'MkFile ".../etc/passwd" 't$=WorkPath(".../etc/passwd") 't&=GetID(t$,0) 'ulist$=string$(8-len(hex$(t&)),0)+hex$(t&) 'ff=freefile 'open "NVXFS/"+ulist$+".nff" for append as #ff 'l&=lof(ff) 'close #ff 'if l&= 0 and AlreadyHere& <> 0 then 'Will activate this later again. 'print 'color 4 'print "Warning: There seems to be a problem with the userlist." 'print " You must reinstall Qbinux in order to fix this." 'print 'print " This error is the direct consequence of someone deleting" 'print " the Qbinux userlist file, usually to try and gain access" 'print " to files and folders that are hidden/locked." 'print : color 7 'print " Press any key to end" 't$=input$(1) 'end 'elseif l& = 0 and Already& = 0 then 'This is for useradd, so no code needed here. 'else Enter: 'for a=0 to 2 'I don't know what this is for. pwd$ = "" print "login:";: ly = CSRLIN print:print "Password:" DO LOCATE ly - 2, 8: PRINT dspl$;" " 'Display storing variable press$ = INKEY$ IF press$ <> "" THEN 'On press 'Filter Backspace, subtract variable IF press$ = CHR$(8) AND LEN (dspl$) > 0 THEN sb = LEN(dspl$) Ndspl$ = MID$(dspl$, 1, (sb - 1)) dspl$ = Ndspl$ 'Filter Enter, Exit for checking ELSEIF press$ = CHR$(13) THEN EXIT DO 'Add up user input to variable ELSE dspl$ = dspl$ + press$ END IF END IF LOOP T!=Timer Flag = Login(dspl$, T!) locate ly + 2, 1 'next if flag = 0 then 'Should be able to get the flag from 'failed login, display message, and goto enter 'login. print "Login incorrect" print goto Enter elseif flag = 1 then exit sub end if 'end if END SUB 'Former SUB (Usr$, y%, x%, t!) '----------------------------- 'Only username 'root' and password 'toor' are supported. FUNCTION Login (Usr$, t!) dspl$ = "" DO press$ = INKEY$ IF press$ <> "" THEN IF press$ = CHR$(8) AND LEN (dspl$) > 0 THEN sb = LEN(dspl$) Ndspl$ = MID$(dspl$, 1, (sb - 1)) dspl$ = Ndspl$ ELSEIF press$ = CHR$(13) THEN IF Usr$ = "root" AND dspl$="toor" THEN Login = 1 ELSE Login = 0 END IF EXIT DO ELSE dspl$ = dspl$ + press$ END IF END IF 'IF timer -t! >=.075 THEN ' togg = (togg + 1) MOD 2 ' LOCATE y%-1, 12 ' IF togg = 0 THEN PRINT "_"; ELSE PRINT " "; ' t! = TIMER 'END IF LOOP END FUNCTION