shima

Here I am!

Homepage: http://vacmf.org

Jabber/GTalk: shima@jabber.linux.it


Posts by shima

Embedding Lua script into a C program

Dec 5th

Posted by shima in Coding

1 comment

Just for curiosity I wanted to try embedding a Lua script into a little C program and surprisingly it resulted in a pretty quick and easy task.

Lua provides C API and everything is done within a few lines of code.

Let’s assume that our Lua script just prints “hello world” once it is executed and contains also a function to be called later.

Save a file as “hello.lua” and fill in with:

print("Hello world!");

function foo()
 print("Hi I am the foo function!");
end

Then create the C program that will run Lua ans save it as “embed_hello.c” with the following content:

#include <stdio.h>
#include "lua.h"
#include "lualib.h"
#include "lauxlib.h"

/* lua interpreter */
lua_State* l;

int main () {
  int dofile;

  /* initialize lua */
  l = lua_open();

  /* load lua libraries */
  luaL_openlibs(l);

  /* run the hello.lua script */
  dofile = luaL_dofile(l, "hello.lua");

  if (dofile == 0) {
    /* call foo */
    lua_getglobal(l,"foo");
    lua_call(l,0,0);
  }
  else {
    printf("Error, unable to run hello.lua\n");
  }

  /* cleanup Lua */
  lua_close(l);

  return 0;
}

Compile:

$ gcc -o embed_hello -Wall -L/opt/local/lib -I/opt/local/include \
-llua embed_hello.c

That’s all. This example works for OS X and Lua installed from macports. For other OSs and configurations just adapt the gcc command.

Execute it

$ ./embed_hello
Hello world!
Hi I am the foo function!


References:

, , , ,

Macbook 13″ and Slackware 13 dual boot

Sep 12th

Posted by shima in Linux

No comments

Important: the procedure can destroy all your system’s data if you don’t pay attention. First of all create a full backup. Time machine could be a good choice.

There are plenty of HOW-TOs to help in making a Macbook dual bootable with pictures and screenshot how to use disk utility and bootcamp so please refer to those documents, I’ll give a short overview and focus the attention on the installation process.
This covers the Slackware 13 but it’s applicable to any otherĀ  distro I guess.

Initial condition:

  • Macbook white, 2007 series with standard Leopard installation and some free space on the disk;
  • Slackware 13 installation disks (are sufficient the first and second CD or the DVD).

Reserve space for Slackware

The first step is to create a bootcamp partition. The process is quite simple and straightforward with the above mentioned bootcamp.

GNU/Linux Slackware installation

It’s time to play. Insert the first Slack CD and boot the Mac holding the “Command” key (left Alt) to start from the CD and begin a normal installation.

Partitioning disk

Use fdisk or cfdisk to partition the disk (I’m an fdisk’s fan since old time)

# fdisk /dev/sda

The “b” type labeled W95 FAT32 partition should be shown. It’s bootcamp.

Delete it and create the “Swap partition” and the “Linux root” partition (simplest way), save, and start the normal setup.

Be careful with the disk partitioning tool to not delete OS X!

After the packages are installed, it’s time to set a minimum configuration.

Follow some settings that worked for me:

Console framebuffer: 1024×768 256 colors

Lilo installed in the MBR

Slackware logo: yes, of course!

Reboot

After the reboot I was surprised by the impossibility to hold down “Command” and choose the OS I’d like to boot.

Now it’s time to install rEFIt

Reboot again and… surprise surprise, you don’t se rEFIt menu’. Shutdown the Mac and boot again.

Now rEFIt boot menu’ should show up, choose Linux and hopefully it boots. My way was a bit harder and got the message: “no bootable disk”.

After some additional shutdown and boot up, it started working.

Running Slackware 13 on Macbook

Ethernet and WiFi cards seem to work perfectly just after the first boot.

The keyboard has few problem:

  • Function keys need to press fn;
  • Scrolling up and down is possible with the combination of fn + shift + up/down arrow

Other devices to be checked:
- graphic card
- cd/dvd
- iSight cam
- soundcard
- mouse pad

The rest works quite fine.

, , , ,

Postfix with relayhost and SASL client

Jun 11th

Posted by shima in Linux

No comments

I wrote a simple document to help in configuring Postfix mail server with a relay host that require SASL authentication.

It’s a common situation when you have an MTA at home or at your office with a dynamic IP adrress.

You can find it im my wiki with the Postfix with relayhost and SASL client

, , , , ,

italia.it XSS

Feb 26th

Posted by shima in Security

No comments

Il nuovo portale italiano sul turismo italia.it fa un po’ acqua da tutte le parti inquanto a sicurezza.
Chi vuole un esempio, provi a sostituire il valore del parametro “scope” passato sulla URI del sito con:

"><script>alert('YaBaDaBaDoOoO');</script>
<"input type="hidden" value="

cosi facendo si inserisce lo script nella:

<input type=...
http://www.italia.it/it/scout/text/5,it,SCH1,2005/objectId,
RGN8it,modulId,scout,s,0,season,at1,selectedEntry,
home/result.html?rgnCMP=RGN8it&scope=">
<script>alert('YaBaDaBaDoOoO');<
/script><input type="hidden"
value="&Submit2.x=12&Submit2.y=10

Con piu’ fantasia, si puo’ aggiungere un sondaggio :)

http://www.italia.it/it/scout/text/5,it,SCH1,2005/objectId,
RGN8it,modulId,scout,s,0,season,at1,selectedEntry,
home/result.html?rgnCMP=RGN8it&scope=
"><script>alert('YaBaDaBaDoOoO');
</script><br><br>Come sono stati spesi i
soldi?<select><option>Male<option>
Malissimo</select><input type="submit"
value="Sei daccordo?" class="button">
<input type="hidden"
value="&Submit2.x=12&Submit2.y=10

o meglio: http://tinyurl.com/2h49x8

In parole povere, possiamo piu’ o meno ridefinire il sito abbastanza a piacere. E questo e’ un grave problema di sicurezza ponendo il sito al centro dell’attenzione di chi fa del phishing
la sua professione.

,

Reverse SSH tunnelling (exit by the door and come back from the window)

Dec 20th

Posted by shima in Linux

No comments

Draft

What to do when you have a server behind a natted internet connection whitout public IP and you want to access it from your home or somewhere?
SSH is your best friend. So you can enable a reverse ssh tunnel that allow a connection from above the intranet.
server “S0″ in the intranet —-> Router (without access) —-> (OoOo Internet oOoO) <---- router (my CISCO 803) <---- "C1" remote computer (my.example.cxm)
In the server S0 I use ssh to create a tunnel that allow my C1 to connect it.

On S0
ssh -R 5000:localhost:22 my.example.cxm

On Router CISCO

ip nat inside source static tcp 10.1.1.1 5000 interface Dialer 1 5000

On C1

simply launch: ssh -p 5000 localhost

and you are connected to your server in the office intranet.

What appen if the connection goes down?

we can assure that the tunnel back up again. So we must consider the idea to insert a cron job which check periodically the tunnel status.

next: example shell script

, , ,

How to prevent DHCP server to override your resolv.conf script

Dec 20th

Posted by shima in Linux

6 comments

Draft

The “problem” is caused by dhcp server that overwrite our resolv.conf script and we lose this personalization during the IP release session. Not even is a good idea to replace the dns configuration proposed by the dhcp server, if it push that to you, probably there is a reason. But some time you want to use your own configuration such as when you use your broadband router and you want your /etc/resolv.conf has been preserved fron updates.

To prevent this nasty situation we can operate in two ways, determined by which dhcp client you are using: dhcpcd ord dhclient.

In the first case, dhcpcd (as in my Slackware laptop), prevent overriding can be obtained simply add the -R option to the dhcpcd command:

# dhcpcd -R eth0

In the second case, we must read the man page about dhclient-script which is invoked any time you use dhclient.
In:

man 8 dhclient-script

at the HOOKS section we can read:

HOOKS

When it starts, the client script first defines a shell function, make_resolv_conf , which is later used to create the /etc/resolv.conf file. To override the default behaviour, redefine this function in the enter hook script.

This means that we must to create /etc/dhclient-enter-hooks and redefine the make_resolv_conf function to satisfy our needs.
If we simply wants to prevent resolv.conf updates only, the fastest way is to redefine the function to do nothing:

# cat /etc/dhclient-enter-hooks
make_resolv_conf() {
exit 0
}

Then save the file and ensure it is executable:

# chmod a+x /etc/dhclient-enter-hooks

Note that, as explained in the man page, the dhclient-script is not standard so if this configuration doesn’t work, please read the man page.

Next: How to merge dns addresses pushed by the dhcp server and my own dns.

, , ,

whois and .eu domain name

Jun 21st

Posted by shima in Linux

3 comments

If you launch the command

whois eurid.eu

I returned the following message:

No whois server is known for this kind of object.

So you can simply use:

whois -h whois.eu eurid

but from `man whois` I read:

If the /etc/whois.conf config file exists, it will be consulted to find
a server before applying the normal rules. Each line of the file should
contain a regular expression to be matched against the query text and
the whois server to use, separated by white space.

So I created the /etc/whois.conf file and filled it with:

.eu whois.eu

but it doesn’t work. From the output of:

strace /usb/bin/whois  eurid.eu

we can see that the program doesn’t search /etc/whois.conf file so the “problem” is in the source.
To get whois read his config file you must download the program source from his developer web site

http://www.linux.it/~md/software/

then you need to extract the files from the archive and modify config.h simply to uncomment the line regarding /etc/whois.conf as reported:

#define CONFIG_FILE "/etc/whois.conf"

finally you have to recompile the program with make and install it.
Now that whois read his config files you can create it

# echo ".eu whois.eu" > /etc/whois.conf

and launch the program

whois  eurid.eu

Now in the output you have the whois search result.

,