; WHEEL.ASM - Password access for ZCPR/ZCMD systems - 05/20/86 ; ; copyrighted by Irv Hoff W6FFC ; ; ASEG ; For M80 and RMAC ignore error with MAC ; ; This program permits the SYSOP to activate the WHEEL byte. This kicks ; in the drives and user areas set for the Sysop in place of those set ; for the remote user. ; ; There are several ways to change these allocations: ; ; 1) Using ZCMD or ZCPR without BYE5 for remote use ; 2) Using ZCMD or ZCPR with BYE5 for remote use ; 3) Using ZCMD or ZCPR with/without BYE5 with external flow path ; ; All of these cases are covered. In the case of an external flow path ; be sure to set the EXTPATH equate below. ; ; This program is placed in A0: so the Sysop can request it without the ; WHEEL byte being activated. Since any user could do the same, several ; levels of security are included: ; ; 1) Go to the 'special attention' area below and: ; a) add your own password at PSSWD (use only upper-case) ; b) select remote user's max drive/user ; c) select Sysop's max drive/user ; d) select external path (if used in ZCMD or ZCPR) ; ; 2) Assemble and load to get WHEEL.COM ; 3) Rename program for additional security, instead of WHEEL.COM ; 4) Place on A0: and 'hide' with STAT.COM as a .SYS file ; ; A0>STAT IRV.COM $SYS ; (So the name can't be seen) ; ; 5) Assuming for the example "HOFF" was chosen for a password: ; ; A0>IRV HOFF ; To enable the wheel byte mode ; A0>IRV - ; Resets for remote user, types msg. ; A0>IRV ; Password: ; Requests password, which is not ; ; displayed so nobody can see what you ; ; are using ; ;----------------------------------------------------------------------- ; ; IRV.COM would be the first level of security. Hiding it as a system ; file on A0: prevents others from knowing the initial program's name. ; HOFF in this case would be the second level of security. Even if you ; type: A0>IRV when some remote user is watching, and they see ; the request for a password, they will not see your answer. If it is ; wrong, it wipes out the 'Password: ' and replaces it with the name of ; the program with a '?' as though CP/M doesn't know what you are asking ; for and there is no such program - another mild form of security. ; ; If some twit does attempt to find your initial password (name of pgm) ; and uses the correct name (IRV in this case), it resets for remote ; user (without displaying any message) and then shows IRV? indicating ; no such file exists. (It really does, but this is an additional level ; of security to discourage twits.) ; ; SUMMARY: ; ======= ; There may be other programs existing with similar features but ; none I ran across have as much security as this program, which ; is why I wrote it. I use it with ZCMD2x, BYE5 and KMD on two ; different systems, one having a BBS and one without. This is ; also useful for giving friends access to your system when you ; do not have a BBS that automatically asks their name and kicks ; them in as a Sysop. The primary use though, is so the Sysop ; can kick in his own capability whenever he wishes, perhaps on ; some occasion a particular user is on his system and the Sysop ; needs more capability than the remote user is normally given. ; ; - Notes by Irv Hoff ORG 0100H ; JMP START ; ; ;======================================================================= ; (start of special attention area) ; ; NOTE: Set the following four values for your system's normal use: ; RDRIVE EQU 2 ; Number of drives available to user RUSER EQU 12 ; # of highest area for remote users SDRIVE EQU 2 ; Number of drives available to SYSOP SUSER EQU 15 ; # of highest area for SYSOP (0-15) ;..... ; ; ; Put your password here, end it with a '0', can be 15 characters or ; less, not including the 0. ; PSSWRD: DB 'PASS' ; Up to 15 characters, end with 0 below DB 0 ; ; ; If using an external path, set the following equate YES and check the ; address of the external path in the line following that, usually 40h. ; EXTPATH EQU 0 ; 0 = NO, 1 = YES PATHADR EQU 40H ; Change if needed ; ; (end of special attention items) ;======================================================================= ; ; Tells the SYSOP the WHEEL byte is now activated ; WHLMSG: DB 0DH,0AH,' WHEEL is on',0DH,0AH,'$' WHLOFF: DB 0DH,0AH,' WHEEL is off',0DH,0AH,'$' ;..... ; ; ; Equates ; BDOS EQU 0005H ; BDOS location CR EQU 0DH ; Carriage return character DIRCON EQU 0006H ; Direct console call LF EQU 0AH ; Line feed character FCB EQU 005CH ; File control block DRVMAX EQU 003DH ; Location of MAXDRV byte PRINT EQU 09H ; BDOS print a string USRMAX EQU 003FH ; Location of MAXUSER byte WHEEL EQU 003EH ; Location of wheel byte WRCON EQU 02H ; Display a character on CRT ; ; START: LDA FCB+1 ; See what we are supposed to do CPI ' ' JZ ASKFOR ; Nothing typed, ignore request CPI '-' ; Disable wheel mode JZ DISABLE ; CHECK: LXI H,FCB+1 ; Set up all the pointers LXI D,PSSWRD ; Location of password buffer ; CHECK1: LDAX D ; Actual password in 'A' register ORA A JZ OK ; If zero, checks ok CMP M ; Characters match? JNZ ABORT ; No check, exit with no changes INX H ; Address of next password address INX D ; Address of next password typed entry JMP CHECK1 ; If not zero, check another character ; OK: JMP ENABLE ; ; ;----------------------------------------------------------------------- ; subroutines ;----------------------------------------------------------------------- ; ; Aborts if a person happens to type to correct filename, reprints the ; name to throw him off, then resets the system for a remote user, as an ; added level of security. ; ABORT: MVI C,PRINT LXI D,ABTCLR CALL BDOS ; LDA 0002H ; MSP of BIOS address SUI 22 MOV H,A MVI L,8 ; Index into buffer ; ABORT1: MOV A,M ; Get the character there ORA A ; See if finished JZ ABORT2 CPI ' ' JZ ABORT2 CALL SHOW INX H ; Next location JMP ABORT1 ; ABORT2: MVI A,'?' CALL SHOW MVI A,LF CALL SHOW ; ABORT3: JMP DISAB0 ; Go disable the drives ;... ; ; ABTCLR: DB CR,' ',CR,'$' ; wipes out 'Password: ' ;..... ; ; ; Asks for a password if none was given, allows typing so nobody can ; see what it is. (Just the local typist.) ; ASKFOR: MVI C,PRINT LXI D,ASKPAS CALL BDOS LXI D,FCB+1 ; Location to put password for compare ; ASK1: PUSH D MVI C,6 ; Direct console I/O MVI E,0FFH ; Ask for character CALL BDOS POP D ; Get the address back ORA A JZ ASK1 ; CPI 'a' ; Make sure character is upper case JC ASK2 CPI 'z'+1 JNC ASK2 ANI 5FH ; Change to upper-case ; ASK2: CPI CR JZ CHECK STAX D INX D JMP ASK1 ;... ; ; ASKPAS: DB ' Password is: ','$' ;..... ; ; ; Change the external path from Sysop to remote or vice versa ; CHANGE: MVI C,7 ; CHANG1: LDAX D MOV M,A INX D INX H DCR C JNZ CHANG1 RET ;..... ; ; ; See if BYE5 is active ; CKBYE: MVI C,32 MVI E,0F1H CALL BDOS CPI 4DH RET ;..... ; ; ; Intentional disable shows the WHEEL is off, then resets the system ; for a normal remote user again. ; DISABLE:MVI C,PRINT ; WHEEL "OFF" message LXI D,WHLOFF CALL BDOS ; DISAB0: XRA A ; Turn the WHEEL byte off STA WHEEL CALL CKBYE ; See if BYE5 is active JNZ DISAB1 ; If yes exit ;... ; ; ; BYE5 is in use, so set things through it. First get the BYE5 address ; and then increment into the program to the location of max user (+12_ ; and max drive (+13). ; CALL SETBYE ; ; Now have the max user address ; LDA RUSER+1 MOV M,A INX H ; Address of max drive LDA RDRIVE MOV M,A ; ; ; No BYE5 in use, assume ZCMD or ZCPR is setting max drive and max user. ; DISAB1: MVI A,RUSER+1 ; Sysop maximum user area STA USRMAX MVI A,RDRIVE-1 ; Sysop number of drives STA DRVMAX STA DRVMAX ; IF EXTPATH LXI D,RPATH ; Remote user external path, prevents LXI H,PATHADR ; his using A15: CALL CHANGE ENDIF ; EXTPATH ; JMP EXIT ;..... ; ; ; Set the WHEEL, max user, max drive but first check to see if BYE is ; active and handle accordingly. ; ENABLE: MVI A,0FFH ; Turn the WHEEL byte on STA WHEEL ; MVI C,PRINT ; WHEEL in use message LXI D,WHLMSG CALL BDOS CALL CKBYE ; See if BYE5 is active JNZ ENAB1 ; Exit if BYE5 is in use ; ; ; BYE5 is in use, so set things through it. First get the BYE5 address ; and then increment into the program to the location of max user (+12_ ; and max drive (+13). ; CALL SETBYE ; ; Now have the max user address ; LDA SUSER+1 MOV M,A INX H ; Address of max drive LDA SDRIVE MOV M,A ; ; ; No BYE5 in use, assume ZCMD or ZCPR is setting max drive and max user. ; ENAB1: MVI A,SUSER+1 ; Sysop maximum user area STA USRMAX MVI A,SDRIVE-1 ; Sysop number of drives STA DRVMAX ; IF EXTPATH LXI D,SPATH ; Sysop external path (includes user 15) LXI H,PATHADR CALL CHANGE ENDIF ; EXTPATH ;... ; ; EXIT: RET ; Jump back to original address ;..... ; ; ; Remote user's external path flow - WHEEL off - if any paths are added, ; alter the value at CHANGE: above. ; RPATH: DB '$','$' ; Current drive, user area DB 1,0 ; 'A' drive, 0 user area DB 0,0 ; Skips additional checks DB 0 ; Finished ;..... ; ; ; Sysop's external path flow - WHEEL off - if any paths are added, ; alter the value at CHANGE: above. ; SPATH: DB '$','$' ; Current drive, user area DB 1,0 ; 'A' drive, 0 user area DB 1,15 ; 'A' drive, 15 user area DB 0 ; Finished ;..... ; ; SETBYE: LHLD 0000H+1 ; Warm boot vector address DCX H ; MSP of cold boot vector MOV D,M ; Put into 'D' register DCX H ; LSP of cold boot vector MOV E,M ; Put into the 'E' register ; ; Now have the BYE5 MCBOOT location, add 6 to find max user location. ; LXI H,6 DAD D ; Add to MCBOOT location RET ;..... ; ; SHOW: PUSH H MOV E,A MVI C,WRCON CALL BDOS POP H RET ;..... ; ; END