; WHEEL.Z80 - Password access for ZCPR/ZCMD systems - 04/17/88 ; ; copyrighted (c) 1988 by Irv Hoff W6FFC ; ; This program permits the SYSOP to activate the WHEEL byte. This kicks ; in the drives and user areas set for the Sysop in place of those set ; for the remote user. ; ; There are several ways to change these allocations: ; ; 1) Using ZCMD or ZCPR without BYE5 for remote use ; 2) Using ZCMD or ZCPR with BYE5 for remote use ; 3) Using ZCMD or ZCPR with/without BYE5 with external flow path ; 4) Using CCP10n+ for CP/M+ with any of the above conditions ; ; All of these cases are covered. In the case of an external flow path ; be sure to set the EXTPATH equate below. ; ; This program is placed in A0: so the Sysop can request it without the ; WHEEL byte being activated. Since any user could do the same, several ; levels of security are included. To use: ; ; 1) Go to the 'special attention' area below and: ; a) add your own password at PSSWD (use only upper-case) ; b) select remote user's max drive/user ; c) select Sysop's max drive/user ; d) select external path (if used in ZCMD or ZCPR) ; ; 2) Assemble and load to get WHEEL.COM ; 3) Rename program for additional security, instead of WHEEL.COM ; 4) Place on A0: and 'hide' with STAT.COM as a .SYS file: ; ; A0>STAT IRV.COM $SYS ; (So the name can't be seen) ; ; 5) Assuming for the example "HOFF" was chosen for a password: ; ; A0>IRV HOFF ; Turns on wheel, displays password ; A0>IRV - ; Resets for remote user, types msg. ; A0>IRV ; Password: ; Requests password, which is not ; ; displayed - nobody can see what you ; ; are using ; ;----------------------------------------------------------------------- ; ; IRV.COM would be the first level of security. Hiding it as a system ; file on A0: prevents others from knowing the initial program's name. ; HOFF in this case would be the second level of security. Even if you ; type: A0>IRV when some remote user is watching, they do not see ; anything further until you are finished, at which time they see the ; next CP/M prompt. If you type the wrong password, that line is wiped ; and replaced with a '?' as though CP/M doesn't know what you are ask- ; ing for and there is no such program - another mild form of security. ; ; If some twit does attempt to find your initial password (name of pgm) ; and uses the correct name (IRV in this case), it resets for remote ; user (without displaying any message) and then shows IRV? indicating ; no such file exists. (It really does, but this is an additional level ; of security to discourage twits.) ; ; SUMMARY: ; ======= ; There may be other programs existing with similar features but ; none I ran across have as much security as this program, which ; is why I wrote it. I use it with ZCMD2x, BYE5 and KMD on two ; different systems, one having a BBS and one without. This is ; also useful for giving friends access to your system when you ; do not have a BBS that automatically asks their name and kicks ; them in as a Sysop. The primary use though, is so the Sysop ; can kick in his own capability whenever he wishes, perhaps on ; some occasion a particular user is on his system and the Sysop ; needs more capability than the remote user is normally given. ; ; - Notes by Irv Hoff ; ;======================================================================= ; (start of special attention area) ; ; NOTE: Set the following four values for your system's normal use: ; RDRIVE EQU 4 ; Number of drives available to user RUSER EQU 11 ; # of highest area for remote users SDRIVE EQU 4 ; Number of drives available to SYSOP SUSER EQU 15 ; # of highest area for SYSOP ;..... ; ; .Z80 ASEG ; For M80 and RMAC ignore error with MAC ORG 0100H ; JP START ; ; ; Put your password here, end it with a '0', can be 15 characters or ; less, not including the 0. ; PSSWRD: DEFB 'PASS' ; Up to 15 characters, end with 0 below DEFB 0 ; ; If using an external path, set the following equate YES and check the ; address of the external path in the line following that, usually 40h. ; EXTPATH EQU 0 ; 0 = NO, 1 = YES PATHADR EQU 40H ; Change if needed ; ; (end of special attention items) ;======================================================================= ; ; Tells the SYSOP the WHEEL byte is now activated ; WHLMSG: DEFB 0DH,0AH,' WHEEL is on',0DH,0AH,'$' WHLOFF: DEFB 0DH,0AH,' WHEEL is off',0DH,0AH,'$' ;..... ; ; Equates ; BDOS EQU 0005H ; BDOS location CR EQU 0DH ; Carriage return character DIRCON EQU 0006H ; Direct console call LF EQU 0AH ; Line feed character FCB EQU 005CH ; File control block DRVMAX EQU 003DH ; Location of MAXDRV byte PRINT EQU 09H ; BDOS print a string USRMAX EQU 003FH ; Location of MAXUSER byte WHEEL EQU 003EH ; Location of wheel byte WRCON EQU 02H ; Display a character on CRT ; ; START: LD HL,0 ADD HL,SP LD (STACK),HL ; LD A,(FCB+1) ; See what we are supposed to do CP ' ' JP Z,ASKFOR ; Nothing typed, ignore request CP '-' ; Disable wheel mode JP Z,DISABLE ; CHECK: LD HL,FCB+1 ; Set up all the pointers LD DE,PSSWRD ; Location of password buffer ; CHECK1: LD A,(DE) ; Actual password in 'A' register OR A JP Z,ALLOK ; If zero, checks ok CP (HL) ; Characters match? JP NZ,ABORT ; No check, exit with no changes INC HL ; Address of next password address INC DE ; Address of next password typed entry JP CHECK1 ; If not zero, check another character ; ALLOK: JP ENABLE ; ;----------------------------------------------------------------------- ; subroutines ;----------------------------------------------------------------------- ; ; Aborts if a person happens to type to correct filename, reprints the ; name to throw him off, then resets the system for a remote user, as an ; added level of security. ; ABORT: LD C,PRINT LD DE,ABTCLR CALL BBDOS ; LD A,(0002H) ; MSP of BIOS address SUB 22 LD H,A LD L,8 ; Index into buffer ; ABORT1: LD A,(HL) ; Get the character there OR A ; See if finished JP Z,ABORT2 CP ' ' JP Z,ABORT2 CALL SHOW INC HL ; Next location JP ABORT1 ; ABORT2: LD A,'?' CALL SHOW LD A,LF CALL SHOW ; ABORT3: JP DISAB0 ; Go disable the drives ;... ; ABTCLR: DEFB CR,' ',CR,'$' ; wipes out 'Password: ' ;..... ; ; Asks for a password if none was given, allows typing so nobody can ; see what it is. (Just the local typist.) ; ASKFOR: LD C,PRINT LD DE,ASKPAS CALL BBDOS LD DE,FCB+1 ; Location to put password for compare ; ASK1: PUSH DE LD C,6 ; Direct console I/O LD E,0FFH ; Ask for character CALL BDOS POP DE ; Get the address back OR A JP Z,ASK1 ; CP 'a' ; Make sure character is upper case JP C,ASK2 CP 'z'+1 JP NC,ASK2 AND 5FH ; Change to upper-case ; ASK2: CP CR JP Z,CHECK LD (DE),A INC DE JP ASK1 ;... ; ASKPAS: DEFB ' Password is: ','$' ;..... ; BBDOS: PUSH BC PUSH DE PUSH HL CALL CKBYE ; Using BYE5? JP NZ,BBDOS1 ; If not, exit LD A,(WHEEL) ; See if wheel is on OR A JP NZ,BBDOS1 ; If yes, ok to show results CALL MDM LD (HL),0FFH ; Stop output to the modem ; BBDOS1: POP HL POP DE POP BC CALL BDOS CALL CKBYE ; Using BYE5? RET NZ ; If not, all done CALL MDM LD (HL),0 ; Resume output to the modem RET ;..... ; ; Change the external path from Sysop to remote or vice versa ; CHANGE: LD C,7 ; CHANG1: LD A,(DE) LD (HL),A INC DE INC HL DEC C JP NZ,CHANG1 RET ;..... ; ; See if BYE5 is active ; CKBYE: LD C,32 LD E,241 CALL BDOS CP 77 RET ;..... ; ; Intentional disable shows the WHEEL is off, then resets the system ; for a normal remote user again. ; DISABLE:LD C,PRINT ; WHEEL "OFF" message LD DE,WHLOFF CALL BBDOS ; DISAB0: XOR A ; Turn the WHEEL byte off LD (WHEEL),A CALL CKBYE ; See if BYE5 is active JP NZ,DISAB1 ; If not, skip next section ;... ; ; BYE5 is in use, so set things through it. First get the BYE5 address ; and then increment into the program to the location of max user (+12_ ; and max drive (+13). ; CALL SETBYE ; ; Now have the max user address ; LD A,RUSER LD (HL),A INC HL ; Address of max drive LD A,RDRIVE LD (HL),A ; ; No BYE5 in use, assume ZCMD or ZCPR is setting max drive and max user. ; DISAB1: LD A,RUSER+1 ; Sysop maximum user area LD (USRMAX),A LD A,RDRIVE-1 ; Sysop number of drives LD (DRVMAX),A LD (DRVMAX),A ; IF EXTPATH LD DE,RPATH ; Remote user external path, prevents LD HL,PATHADR ; his using A15: CALL CHANGE ENDIF ; EXTPATH ; JP EXIT ;..... ; ; Set the WHEEL, max user, max drive but first check to see if BYE is ; active and handle accordingly. ; ENABLE: LD A,0FFH ; Turn the WHEEL byte on LD (WHEEL),A ; LD C,PRINT ; WHEEL in use message LD DE,WHLMSG CALL BBDOS CALL CKBYE ; See if BYE5 is active JP NZ,ENAB1 ; If not, skip next section ; ; BYE5 is in use, so set things through it. First get the BYE5 address ; and then increment into the program to the location of max user (+12_ ; and max drive (+13). ; CALL SETBYE ; ; Now have the max user address ; LD A,SUSER LD (HL),A INC HL ; Address of max drive LD A,SDRIVE LD (HL),A ; ; No BYE5 in use, assume ZCMD or ZCPR is setting max drive and max user. ; ENAB1: LD A,SUSER+1 ; Sysop maximum user area LD (USRMAX),A LD A,SDRIVE-1 ; Sysop number of drives LD (DRVMAX),A ; IF EXTPATH LD DE,SPATH ; Sysop external path (includes user 15) LD HL,PATHADR CALL CHANGE ENDIF ; EXTPATH ;... ; EXIT: LD HL,(STACK) LD SP,HL RET ; Jump back to original address ;..... ; MDM: CALL SETBYE LD DE,8 ; Jump to MDMOFF to turn modem off ADD HL,DE RET ;..... ; ; Remote user's external path flow - WHEEL off - if any paths are added, ; alter the value at CHANGE: above. ; RPATH: DEFB '$','$' ; Current drive, user area DEFB 1,0 ; 'A' drive, 0 user area DEFB 0,0 ; Skips additional checks DEFB 0 ; Finished ;..... ; ; Sysop's external path flow - WHEEL off - if any paths are added, ; alter the value at CHANGE: above. ; SPATH: DEFB '$','$' ; Current drive, user area DEFB 1,0 ; 'A' drive, 0 user area DEFB 1,15 ; 'A' drive, 15 user area DEFB 0 ; Finished ;..... ; SETBYE: LD HL,(0000H+1) ; Warm boot vector address DEC HL ; MSP of cold boot vector LD D,(HL) ; Put into 'D' register DEC HL ; LSP of cold boot vector LD E,(HL) ; Put into the 'E' register ; ; Now have the BYE5 MCBOOT location, add 6 to find max user location. ; LD HL,6 ADD HL,DE ; Add to MCBOOT location RET ;..... ; SHOW: PUSH HL LD E,A LD C,WRCON CALL BDOS POP HL RET ;..... ; STACK: DEFS 0 ; END