From 485d67b366455cc2eec1de6cba69ea2f54fc05d0 Mon Sep 17 00:00:00 2001 From: Deon George Date: Wed, 6 Sep 2023 09:32:04 +1200 Subject: [PATCH] Enable binkp non-secure mode --- app/Classes/Node.php | 2 +- app/Classes/Protocol/Binkp.php | 52 +++++++++++++++++++++++++++------- app/Classes/Protocol/EMSI.php | 5 ++++ 3 files changed, 48 insertions(+), 11 deletions(-) diff --git a/app/Classes/Node.php b/app/Classes/Node.php index 18a5a24..92e16bb 100644 --- a/app/Classes/Node.php +++ b/app/Classes/Node.php @@ -128,7 +128,7 @@ class Node { switch ($key) { case 'ftn': - if (! is_object($value) OR ! $value instanceof Address) + if ((! is_object($value)) || (! $value instanceof Address)) throw new Exception('Not an Address object: '.(is_object($value) ? get_class($value) : serialize($value))); // Ignore any duplicate FTNs that we get diff --git a/app/Classes/Protocol/Binkp.php b/app/Classes/Protocol/Binkp.php index ffcdcdb..bca78fa 100644 --- a/app/Classes/Protocol/Binkp.php +++ b/app/Classes/Protocol/Binkp.php @@ -686,6 +686,7 @@ final class Binkp extends BaseProtocol while ($rem_aka=$this->strsep($buf,' ')) { try { if (! ($o=Address::findFTN($rem_aka,FALSE,NULL,TRUE))) { + // @todo when we have multiple inactive records, this returns more than 1, so pluck the active record if there is one Log::alert(sprintf('%s:? AKA is UNKNOWN [%s]',self::LOGKEY,$rem_aka)); $this->node->ftn_other = $rem_aka; @@ -746,6 +747,11 @@ final class Binkp extends BaseProtocol // Add our mail to the queue if we have authenticated if ($this->node->aka_authed) foreach ($this->node->aka_remote_authed as $ao) { + if (! $ao->validated) { + Log::alert(sprintf('%s:! Address [%s] is not validated, so we wont bundle mail for it',self::LOGKEY,$ao->ftn)); + continue; + } + $this->send->mail($ao); $this->send->files($ao); } @@ -815,6 +821,12 @@ final class Binkp extends BaseProtocol if ($this->node->aka_authed) foreach ($this->node->aka_remote_authed as $ao) { Log::debug(sprintf('%s:- Checking for any new mail and files to [%s]',self::LOGKEY,$ao->ftn)); + + if (! $ao->validated) { + Log::alert(sprintf('%s:! Address [%s] is not validated, so we wont bundle mail for it',self::LOGKEY,$ao->ftn)); + continue; + } + $this->send->mail($ao); $this->send->files($ao); } @@ -1175,17 +1187,23 @@ final class Binkp extends BaseProtocol $buf = $this->skip_blanks($buf); if ($this->optionGet(self::O_PWD) && $buf) { - while (($t = $this->strsep($buf," \t"))) + while (($t=$this->strsep($buf," \t"))) if (strcmp($t,'non-secure') === 0) { - Log::debug(sprintf('%s:- NOT secure',self::LOGKEY)); + Log::info(sprintf('%s:- NOT secure',self::LOGKEY)); $this->capSet(self::F_CRYPT,self::O_NO); $this->optionClear(self::O_PWD); break; + + } else { + Log::debug(sprintf('%s:? Got unknown string from M_ok [%s]',self::LOGKEY,$t)); } } + if ($this->optionGet(self::O_PWD)) + Log::info(sprintf('%s:- SECURE',self::LOGKEY)); + return $this->binkp_hsdone(); } @@ -1208,9 +1226,11 @@ final class Binkp extends BaseProtocol if ($this->md_challenge) { if ($have_CRAM) { // Loop to match passwords - $this->node->auth(substr($buf,9),$this->md_challenge); + $x = $this->node->auth(substr($buf,9),$this->md_challenge); $this->capSet(self::F_MD,self::O_THEY); + Log::info(sprintf('%s:- We authed [%d] akas',self::LOGKEY,$x)); + } elseif ($this->capGet(self::F_MD,self::O_NEED)) { Log::error(sprintf('%s:! Remote doesnt support MD5, but we want it',self::LOGKEY)); @@ -1223,15 +1243,16 @@ final class Binkp extends BaseProtocol if (! $this->md_challenge || (! $have_CRAM && (! $this->capGet(self::F_MD,self::O_NEED)))) { // Loop to match passwords - $this->node->auth($buf); + $x = $this->node->auth($buf); + + Log::info(sprintf('%s:- We authed [%d] akas',self::LOGKEY,$x)); } if ($have_pwd) { - // If no passwords matched (ie: aka_authed is 0) - if (! $this->node->aka_authed) { + // If no passwords matched (ie: aka_authed is 0), but we know this system + if ((! $this->node->aka_authed) && ($this->node->aka_remote->count())) { Log::error(sprintf('%s:! Bad password [%s]',self::LOGKEY,$buf)); - $this->msgs(self::BPM_ERR,'Security violation'); $this->optionSet(self::O_BAD); $this->rc = self::S_FAILURE; @@ -1274,14 +1295,25 @@ final class Binkp extends BaseProtocol $this->msgs(self::BPM_NUL,sprintf('OPT%s',$opt)); // Add our mail to the queue if we have authenticated - if ($this->node->aka_authed) + if ($this->node->aka_authed) { foreach ($this->node->aka_remote_authed as $ao) { + if (! $ao->validated) { + Log::alert(sprintf('%s:! Address [%s] is not validated, so we wont bundle mail for it',self::LOGKEY,$ao->ftn)); + continue; + } + $this->send->mail($ao); $this->send->files($ao); } - $this->msgs(self::BPM_NUL,sprintf('TRF %lu %lu',$this->send->mail_size,$this->send->files_size)); - $this->msgs(self::BPM_OK,sprintf('%ssecure',$have_pwd ? '' : 'non-')); + $this->msgs(self::BPM_NUL,sprintf('TRF %lu %lu',$this->send->mail_size,$this->send->files_size)); + $this->msgs(self::BPM_OK,sprintf('%ssecure',$have_pwd ? '' : 'non-')); + + } else { + // @todo Send any direct netmail to this node, if that node is unknown to us + $this->msgs(self::BPM_NUL,sprintf('TRF %lu %lu',$this->send->mail_size,$this->send->files_size)); + $this->msgs(self::OK,'non-secure'); + } return $this->binkp_hsdone(); } diff --git a/app/Classes/Protocol/EMSI.php b/app/Classes/Protocol/EMSI.php index f6c1f24..4e45f4e 100644 --- a/app/Classes/Protocol/EMSI.php +++ b/app/Classes/Protocol/EMSI.php @@ -1206,6 +1206,11 @@ final class EMSI extends BaseProtocol implements CRCInterface,ZmodemInterface // Add our mail to the queue if we have authenticated if ($this->node->aka_authed) foreach ($this->node->aka_remote_authed as $ao) { + if (! $ao->validated) { + Log::alert(sprintf('%s:! Address [%s] is not validated, so we wont bundle mail for it',self::LOGKEY,$ao->ftn)); + continue; + } + // Send mail while ($this->send->mail($ao)) { $z = new Zmodem;