You can then access Wumpus' over TCP on the given port. TCP connections are different from the command-line interface in that the results to a query depend on your user ID. The original reason for this is Wumpus' file system search capability, but it is useful in many other applications. After you connect to the system, you are logged in as user NOBODY. Results to any of your queries will only refer to files that can be read by every user in the system (S_IROTH for the particular file and a complete S_IROTH+S_IXOTH directory chain from the root directory down to the file in question).# If this is greater than zero, we will have a TCP server accepting unauthenticated # connections on the port specified. If less than zero, the TCP server will not # be started. TCP_PORT = 1234
If you know the password, Wumpus will respond "@0-Authenticated." instead. You can change your identity by sending new @login commands any time during a session. Query results will always depend on your current identity and not reveal any information about files that may not be read by you.@login stefan mysecretpassword @1-Authentication failed.
The password file itself contains (uid, username, password) triples and looks like this:# We use an internal username/password file in order to check whether @uid requests # over TCP connections shall be accepted; this is the position of the password file. # In addition to the password file, ordinary /etc/shadow authentication is provided. # The password file given here should only be used if you don't want users to # authenticate with their real Unix accounts. PASSWORD_FILE = ./wumpus.passwd
# This is an example Wumpus password file. The format of a password line is: # uid:username:password 9999:stefan:stefansrealpassword