[ previous ] [ next ] [ threads ]
 
 From:  Jean Everson Martina <everson at inf dot ufsc dot br>
 To:  m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Patches on M0n0wall
 Date:  Mon, 13 Sep 2004 15:15:11 -0300
Hi all,

	I'm currently working with m0n0wall on some projects.  To accomplish 
some tasks I need to change a little bit the way monowall boot. I need 
to ask a password before the user have access to the console. I wrote a 
little patch to do this. The patch is attached.

	I'm having problems with the authentication scheme used by m0n0wall. 
When I run the function checkPass outside monowall everything is OK, but 
inside monowall this function don't work at all. I opened a Shell to 
test the function, and its returning the wrong value inside monowall.

	This is one of our tasks to improve m0n0wall to our needs, but I think 
it could help anybody else.

	Another thing wre need to change in m0n0wall is the automatic starting 
of the webGUI. We need to disable it, as we do with console. Some of our 
clients think that keeping the admin web port open is a security flaw. 
How can we start to do this? is there some documentation about the 
m0n0wall XML Schema to us to include this setting there?

	For last, we are planning here an effort to internationalize m0n0wall. 
We have people here experienced in internationalization of programs and 
we think that monowall could be much more attractive it was 
internationalized. Do you have any suggestions/comment about this issue?



Jean
diff -urN /root/monowall/etc/inc/system.inc /mnt/etc/inc/system.inc
--- /root/monowall/etc/inc/system.inc	Sun Aug 22 06:41:15 2004
+++ /mnt/etc/inc/system.inc	Mon Sep 13 13:44:02 2004
@@ -517,4 +517,27 @@
 	return 0;
 }
 
+function checkPass ($User,$Pass)
+{
+	$filename="/var/run/htpasswd";
+        $fd = fopen($filename, "r");
+        $file_contents = fread( $fd, filesize( $filename ) );
+        fclose( $fd );
+        $lines = explode ( "\n", $file_contents );
+        $line = $lines[0];
+                list( $username, $password ) = explode( ':', $line );
+                if ($username == $User ){
+                        $salt = substr( $password , 0 , 12 );
+                        $enc_pw = crypt( $Pass, $salt );
+                        if ($password == $enc_pw ) {
+        	                return True;
+                        }else{
+                	        return False;
+                        }
+                }else{
+                	return False;
+                }
+}
+
+
 ?>
diff -urN /root/monowall/etc/rc.initial /mnt/etc/rc.initial
--- /root/monowall/etc/rc.initial	Fri Jan 23 14:19:57 2004
+++ /mnt/etc/rc.initial	Mon Sep 13 13:53:25 2004
@@ -28,6 +28,18 @@
 
 else 
 
+auth=0
+ 
+while [ $auth -eq 0 ] ; do
+sleep 5s
+echo
+echo
+read -p "Username: " user
+read -p "Password: " pass
+auth=`/etc/rc.initial.auth ${user} ${pass}`
+done
+
+
 # endless loop
 while : ; do
 
@@ -41,6 +53,7 @@
 echo "3) Reset webGUI password"
 echo "4) Reset to factory defaults"
 echo "5) Reboot system"
+echo "6) System Shell"
 echo
 
 read -p "Enter a number: " opmode
@@ -61,6 +74,9 @@
 	;;
 5)
 	/etc/rc.initial.reboot
+	;;
+6)	
+	/bin/sh
 	;;
 esac
 
diff -urN /root/monowall/etc/rc.initial.auth /mnt/etc/rc.initial.auth
--- /root/monowall/etc/rc.initial.auth	Wed Dec 31 21:00:00 1969
+++ /mnt/etc/rc.initial.auth	Mon Sep 13 13:47:37 2004
@@ -0,0 +1,47 @@
+#!/usr/local/bin/php -f
+<?php
+/*
+        rc.initial.auth
+        part of m0n0wall (http://m0n0.ch/wall)
+                                                                                                   
                                                         
+        Copyright (C) 2003-2004 Manuel Kasper <mk at neon1 dot net>.
+        All rights reserved.
+                                                                                                   
                                                         
+        Redistribution and use in source and binary forms, with or without
+        modification, are permitted provided that the following conditions are met:
+                                                                                                   
                                                         
+        1. Redistributions of source code must retain the above copyright notice,
+           this list of conditions and the following disclaimer.
+                                                                                                   
                                                         
+        2. Redistributions in binary form must reproduce the above copyright
+           notice, this list of conditions and the following disclaimer in the
+           documentation and/or other materials provided with the distribution.
+                                                                                                   
                                                         
+        THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+        INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+        AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+        AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+        OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+        SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+        INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+        CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+        ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+        POSSIBILITY OF SUCH DAMAGE.
+*/
+                                                                                                   
                                                         
+        require_once("globals.inc");
+                                                                                                   
                                                         
+        /* parse the configuration and include all functions used below */
+        require_once("config.inc");
+        require_once("functions.inc");
+
+	$user=$_SERVER['argv'][1];
+ 	$pass=$_SERVER['argv'][2];
+
+	if (checkPass($user,$pass)) {
+		echo "1";
+	}else{
+		echo "0";
+	}
+
+?>
smime.p7s (5.8 KB, application/x-pkcs7-signature)