Quickly configuring an LDAP + NFS client in Fedora

Recently I needed to configure 6 PCs for a central workplace. I needed central authentication as well as Network File System(NFS) on all those machines. All this was to facilitate the people of my technical club (the “Delta Force” Webteam) to use those machines for working on collaborative projects. The central authentication assured that I can easily manage user accounts from say, an LDAP server i.e. I can disable login of a user in a client machine or create a new user without having to touch the client machine at all. Similarly, NFS assured that no matter in which of those 6 machines the user logs in, he will always see the same files in his home directory and same configurations like his background-image, firefox addons, etc on that machine as if he always used the same computer for all his work. This eliminates the problem of people complaining that the machine in which their files resides are being used by someone else.

So my overall network configuration has the following prototype :

1) 6 client machines in which user will be able to login (Subnet of the machines : 10.1.39.0/24)
2) An LDAP server ( IP : 10.0.0.163 ) to take care of authentication when user logs into a client machine
3) The LDAP base DN which has the list of all users is ou=people,ou=delta,dc=ldap.delta.nitt,dc=edu
4) An NFS server ( IP : 10.0.0.126 ) which has the user home-directories of all users inside /webteam folder.
Overall working : When a user (say “jereme”) logs into a client machine, his username and password are checked from the LDAP server at 10.0.0.163. If authentication is successful, he’s logged into the machine and his home directory is actually mounted from /webteam/jereme in the NFS server at 10.0.0.126.

I assume you already have the fully configured LDAP and NFS servers since this article is only about configuring the “clients”. So here we go. Pick any of your client machines and do the following :

First we will configure NFS client. For this purpose, we will use the autofs package.

Continue reading

Advertisements

29-May-2010

Wow, did any one had such a blog statistics graph in WordPress ever ? I have no idea about the reason behind it. Remember the day, 29 May 2010 !

Defending against SQL Injection Attack in PHP any version

Internet Security is a very sensitive issue and many websites have vulnerabilities which are easily exploitable. One such vulnerability is SQL Injection, in which the attacker can literally execute any kind of query in your database, even gain administrator privileges and if things are even worse, then he may also gain access to your system and execute any command. No wonder how dangerous this vulnerability is, but it has a very easy fix. I’d like to introduce you with a small function escape(), I’ve written for sanitizing data while querying the database, which will disable SQL Injection attacks in PHP, irrespective of the PHP version you use.

function escape($input)
{
if (!get_magic_quotes_gpc()) {
$input = addslashes($input);
}
return $input;

}

By default the Magic GPC Quotes feature of PHP is turned ON. So it will automatically sanitize any data it receives from $_GET and $_POST by placing slashes before any ‘, ” or \ characters. However, as of PHP 5.0+, this feature is deprecated and hence relying on it is highly discouraged. Instead, use the addslashes() function which does the same thing. So the function I wrote will basically identify whether the Magic GPC feature is turned ON, if it is, then it will simply return the query as it is, else it will call the addslashes() method on the query. So simple !
However, there’s a more “secure” version of it. But this one is not suitable for large-scale systems as it requires an extra-connection to the MySQL server.

function escape($input)
{
if (get_magic_quotes_gpc()) {
$input = stripslashes($input);
}
return mysql_real_escape_string($input);

}

You can use the above function as follows :

Find out all the form variables that you receive in your PHP code i.e. all the occurrences of $_GET and $_POST and whenever you use then, use

escape($_POST[‘var’])

instead of just $_POST[‘var’]. Similary for $_GET variables also.

For example, suppose you have stored the mysql query like :

$username=$_GET[‘username’];
$password=$_POST[‘password’];
$query=”SELECT * FROM `users` WHERE `username`=’$username’ AND `password`=’$password'”;

To secure the above code, use this code instead :

$username=escape($_GET[‘username’]);
$password=escape($_POST[‘password’]);
$query=”SELECT * FROM `users` WHERE `username`=’$username’ AND `password`=’$password'”;

or, by writing it in a single line only :

$query=”SELECT * FROM `users` WHERE `username`='”.escape($username).”‘ AND `password`='”.escape($password).”‘”;

This simple thing will completely disable any kind of SQL Injection attacks in your website or web-application, irrespective of the PHP version you use. However, beware of other attacks ! 🙂

Connecting MTS Mblaze USB Modem in Ubuntu

I recently bought myself an MTS Mblaze wireless USB Modem. Connecting it on Linux was difficult because there was practically no tutorial for MTS USB Modem, while many were available for Reliance and Tata Indicom Modems. So here is what I did to finally get it connected (Note : Execute all commands as ROOT )

i) You’d have to install the package USB-ModeSwitch. It is available here : http://packages.debian.org/sid/usb-modeswitch

Note : When you open the above link, you should check out its dependencies and also install the dependency package ” usb-modeswitch-data”.

Just download and double-click on it to install the package.

ii) After you’ve installed usb-modeswitch and usb-modeswitch-data packages, reboot your computer.

iii) Connect the Mblaze Modem and wait for 30 seconds. While you’re waiting, the usb-modeswitch package is doing magic in the background, you can check the status through the following command :

dmesg

iv) I hope you have “wvdial” pre-installed on your system. You can check that by typing “wvdial” and see if the computer recognises it. If it doesn’t then you’d have to install it. Its easy, refer this link.

v) Now edit the file /etc/wvdial.conf (If it doesn’t exists, then create it) as Root and copy paste the following code :

[Dialer cdma]
Stupid Mode = 1
Inherits = Modem0
Password = mts
Username = internet@internet.mtsindia.in
Phone = #777

[Modem0]
Init1 = ATZ
SetVolume = 0
Modem = /dev/ttyUSB0
Baud = 115200
FlowControl = Hardware (CRTSCTS)
Dial Command = ATDT

Note that ttyUSB0 may be different for your system. However, first try with the above code, if it doesn’t works and says some error like “ttyUSB0 doesn’t exists” or something similar to it, then find out the actual one by going through the output of following command :

dmesg | grep -e “modem” -e “tty”

vi) That’s it, you’re done. Now start browsing with the following command :

wvdial cdma

As soon as you start seeing some IP addresses, you’re online! DO NOT close the terminal in which you executed the command, otherwise you will get disconnected.

And from next time, you don’t have to it all over again. Simply connect your modem, wait for 30 seconds and type the last command. To disconnect, goto the terminal, and press Ctrl + C.

Hope it worked for you, if any problems occured, you can leave a reply !

Nokia E63 Review

Its been a long time since I made a post on wordpress, specifically a ‘review’. My last review about Dell Inspiron 1525 is still fetching me close to 50% of the traffic I get every day in my blog. So here’s something to add up, my new Nokia E63 mobile. Actually, its been 4 months since I bought it, but well, nevermind, its still new to me!

I’m really really impressed with my Nokia E63. Needless to say, its an ‘E’ – series class, which explains it all. Its actually made for business-minded people who use their mobile phone as their personal organizer, calender, emailer and lots more. But nevertheless, it has great features better than most of the ‘N’ – series mobiles, which makes it even more popular among normal users. Following the protocol, I will first point out the Pros and then the not-so-significant Cons of E63.

Pros :

1) It is a smartphone with a Symbian OS v9.2 ( the latest one being 9.3). So, what exactly is a ‘smartphone’ ? As the name tells, its ‘smart’ and you have to do very little to convey your intentions to your phone. For something which will take you 10-12 button clicks in a ‘non-smart’ phone, may take you just ‘2-3 clicks’ in a smart one! For an example, consider the process of sending an SMS to a friend ‘Jereme’ . I won’t count the message writing part in button clicks.

In a non-smart Nokia 6070 (my ex-phone), here are the steps (each arrow representing a button click) : Home -> Menu -> -> -> Messaging  -> Create Message -> Text Message ->Write Message ->Send -> -> To phone number -> Search -> J -> E -> R-> Jereme -> OK. ( Button Clicks = 16 )

In a smart E63, here’s what I’d do : Home -> New Message -> Text Message -> To : Jereme and Write Message -> Options -> Send. ( Button Clicks = 5 ). Surprised ? Well the 2 important user-friendly features because of which it was possible are Shortcut Key for ‘New Message’ and Auto-recognition of Recipient. For the shortcut key, the ‘New Message’ option is not fixed but infact, you can configure 4 shortcut keys in E63 for both ‘one-click’ mode and ‘press-and-hold’ mode to run ANY application you want. So total you have 8 shortcut applications on home. Even more, in the home screen of E63 you can create upto 6 application shortcuts just like you do in Windows + 5 notice options. All in all, it looks something like this :

Continue reading

Basics of IRC : Internet Relay Chat

IRC or Internet Relay Chat is a widely used chat protocol over the Internet. From a birds-eye view, its just like any other chat application you use like Yahoo or Gtalk. It lets you talk to other people using text messages over the Internet. So then what’s so different about it?

Lets have a more closer look. IRC is a “protocol” like HTTP,FTP and not an “application” like Yahoo or Gtalk. Speaking in a technical way, IRC is a well-defined Application Layer Chat Protocol (RFC 1459) that uses port 6667 over TCP connection while chat messengers like Yahoo are applications that uses their own proprietary protocols. There are many advantages and some disadvantages of using IRC. Advantages being its an open-protocol means anyone can design his own IRC client. Its very simple, there are just list of rules which you have to follow to talk. Disadvantage is that it doesn’t support features like Video or Audio chat and other real-time multimedia applications. It can, at most, share text and files.

Also IRC is not meant for individual chat (although it is supported). Its developed for groups discussing development of open-source softwares, contribute to research-based discussions and take part in online debates, or just spend time fooling around and see other people talk! IRC have “nodes” or “channels” similar to “chat rooms”. As soon as you join a channel, you start receiving real-time conversations going on. You can just hop in then and say what you have to say to all the members in that channel. Be aware though, the @admin can kick you out anytime if he doesn’t like what you’re saying!

So as I said, its basically for chat related to open-source, discussions and debates, between people with great minds and less time, between old-fashioned geeks who hates twitter and facebook and between people who take inspiration from secretly hearing others talk. To be frank, I myself never used it before the Google Summer of Code 2010 which widely advertise the use of IRC with mentors. Since I’m participating in it, I had to talk to my mentor and for that I needed to learn IRC. It was very difficult to find a nice tutorial especially which deals with making a linux-based IRC client work behind the combo of a proxy and NAT firewall in my college, which blocks the port 6667 with extra-pleasure 😦 .

After some googling I found a solution to my problem. Since I needed to chat mostly in the freenode server, the web-based IRC chat client offered by freenode.net was perfect. Check it out here : http://webchat.freenode.net . You can pick any name and login to any channel. However, if that name is registered, you have to change it within 2 minutes or you will be automatically renamed to some random number. So lets start my actual tutorial on using IRC :

Continue reading

Agate CMS

Agate CMS is my Free and Open Source Software which I have hosted up on sourceforge.net. Its a Content Management System, which means it lets you create your fully functional website in just a few clicks ! All you need to do is work out a template for your website and all the coding part, including user-registration/login, user-management, website content, forms, etc will be taken care by the CMS.

First, I want to tell you a little about why I started this project. I actually never thought of coding a CMS of my own from scratch. What I actually wanted to do is to change the core-architecture of the Pragyan CMS v2, which is developed by the members of the “Delta Force” (the Central Webteam of NIT Trichy), of which I’m a part of. Pragyan CMS has been contributed to by dozens of students from my college and so when I started going through that huge number of PHP files each having some 4 to 5 hundred lines of codes, I didnt felt like actually trying to understand those thousands of lines of codes which were written by a dozen webteam members, the result of which is a code with no fixed convention for “pretty printing”, with many bugs&unnecessary codes, and absence of any single person who knows every single line of the CMS. This is what I call a “loose” software, and it needs to be filled up with lots of patches to remove all the bugs. This is what which encouraged me to write a CMS myself, with strict organization of files and structured code. This took some time but it wasn’t that hard.Finally, when I was halfway through I started implementing new ideas for the core architecture which were very different than what was there in Pragyan CMS. Till that point, Agate CMS was very similar to Pragyan CMS, but after that point, its my own ideas which I implemented which I thought were better than Pragyan’s. Finally I ended up writing a working CMS with an entirely different architecture and new features. I won’t go to the technical details now.

Continue reading

Setting up Reliance/TataIndicom Wireless Internet in Ubuntu

It is very easy to setup a wireless internet connection using your Reliance or Tata Indicom DataCard on your Ubuntu running PC. I’ve myself faced a lot of problems and finally here I am with a well-researched solution. I’ll try to simplify it as much as I can but it is not an easy job. Its going to be a little scary, but don’t lose hope and try finishing steps 1 to 6. Now start following the steps :

Step 1 : (Optional) I’ll strongly recommend you to upgrade your Ubuntu to latest Ubuntu 9.10. If you have not done it yet, I assure you that this will make your life much easier.

Step 2: Download the package ‘wvdial’. If you have an internet connection (may be DSL on ubuntu),  execute the following command :

sudo apt-get install wvdial

However, if you can’t connect your Ubuntu PC to internet for some reason then you’d have to install wvdial manually. This may take some of your time, patience and skill. Refer this article.

After you’ve downloaded and installed wvdial, tighten your seat-belts because its going to be a hell of a ride now!

Step 3 (Don’t Panic!): Now, plug in your Reliance or Tata Indicom data card into one of your USB slots.

TARGET : Determine the name of the port you connected it to. Seems easy, doesn’t it? You’ll see …

There are 3 ways to do that – (a),(b) and (c). Start with (a) and go to the next one only if the previous one fails.

Continue reading