Enable binkp non-secure mode

This commit is contained in:
Deon George 2023-09-06 09:32:04 +12:00
parent 005aa88514
commit 485d67b366
3 changed files with 48 additions and 11 deletions

View File

@ -128,7 +128,7 @@ class Node
{ {
switch ($key) { switch ($key) {
case 'ftn': case 'ftn':
if (! is_object($value) OR ! $value instanceof Address) if ((! is_object($value)) || (! $value instanceof Address))
throw new Exception('Not an Address object: '.(is_object($value) ? get_class($value) : serialize($value))); throw new Exception('Not an Address object: '.(is_object($value) ? get_class($value) : serialize($value)));
// Ignore any duplicate FTNs that we get // Ignore any duplicate FTNs that we get

View File

@ -686,6 +686,7 @@ final class Binkp extends BaseProtocol
while ($rem_aka=$this->strsep($buf,' ')) { while ($rem_aka=$this->strsep($buf,' ')) {
try { try {
if (! ($o=Address::findFTN($rem_aka,FALSE,NULL,TRUE))) { if (! ($o=Address::findFTN($rem_aka,FALSE,NULL,TRUE))) {
// @todo when we have multiple inactive records, this returns more than 1, so pluck the active record if there is one
Log::alert(sprintf('%s:? AKA is UNKNOWN [%s]',self::LOGKEY,$rem_aka)); Log::alert(sprintf('%s:? AKA is UNKNOWN [%s]',self::LOGKEY,$rem_aka));
$this->node->ftn_other = $rem_aka; $this->node->ftn_other = $rem_aka;
@ -746,6 +747,11 @@ final class Binkp extends BaseProtocol
// Add our mail to the queue if we have authenticated // Add our mail to the queue if we have authenticated
if ($this->node->aka_authed) if ($this->node->aka_authed)
foreach ($this->node->aka_remote_authed as $ao) { foreach ($this->node->aka_remote_authed as $ao) {
if (! $ao->validated) {
Log::alert(sprintf('%s:! Address [%s] is not validated, so we wont bundle mail for it',self::LOGKEY,$ao->ftn));
continue;
}
$this->send->mail($ao); $this->send->mail($ao);
$this->send->files($ao); $this->send->files($ao);
} }
@ -815,6 +821,12 @@ final class Binkp extends BaseProtocol
if ($this->node->aka_authed) if ($this->node->aka_authed)
foreach ($this->node->aka_remote_authed as $ao) { foreach ($this->node->aka_remote_authed as $ao) {
Log::debug(sprintf('%s:- Checking for any new mail and files to [%s]',self::LOGKEY,$ao->ftn)); Log::debug(sprintf('%s:- Checking for any new mail and files to [%s]',self::LOGKEY,$ao->ftn));
if (! $ao->validated) {
Log::alert(sprintf('%s:! Address [%s] is not validated, so we wont bundle mail for it',self::LOGKEY,$ao->ftn));
continue;
}
$this->send->mail($ao); $this->send->mail($ao);
$this->send->files($ao); $this->send->files($ao);
} }
@ -1177,15 +1189,21 @@ final class Binkp extends BaseProtocol
if ($this->optionGet(self::O_PWD) && $buf) { if ($this->optionGet(self::O_PWD) && $buf) {
while (($t=$this->strsep($buf," \t"))) while (($t=$this->strsep($buf," \t")))
if (strcmp($t,'non-secure') === 0) { if (strcmp($t,'non-secure') === 0) {
Log::debug(sprintf('%s:- NOT secure',self::LOGKEY)); Log::info(sprintf('%s:- NOT secure',self::LOGKEY));
$this->capSet(self::F_CRYPT,self::O_NO); $this->capSet(self::F_CRYPT,self::O_NO);
$this->optionClear(self::O_PWD); $this->optionClear(self::O_PWD);
break; break;
} else {
Log::debug(sprintf('%s:? Got unknown string from M_ok [%s]',self::LOGKEY,$t));
} }
} }
if ($this->optionGet(self::O_PWD))
Log::info(sprintf('%s:- SECURE',self::LOGKEY));
return $this->binkp_hsdone(); return $this->binkp_hsdone();
} }
@ -1208,9 +1226,11 @@ final class Binkp extends BaseProtocol
if ($this->md_challenge) { if ($this->md_challenge) {
if ($have_CRAM) { if ($have_CRAM) {
// Loop to match passwords // Loop to match passwords
$this->node->auth(substr($buf,9),$this->md_challenge); $x = $this->node->auth(substr($buf,9),$this->md_challenge);
$this->capSet(self::F_MD,self::O_THEY); $this->capSet(self::F_MD,self::O_THEY);
Log::info(sprintf('%s:- We authed [%d] akas',self::LOGKEY,$x));
} elseif ($this->capGet(self::F_MD,self::O_NEED)) { } elseif ($this->capGet(self::F_MD,self::O_NEED)) {
Log::error(sprintf('%s:! Remote doesnt support MD5, but we want it',self::LOGKEY)); Log::error(sprintf('%s:! Remote doesnt support MD5, but we want it',self::LOGKEY));
@ -1223,15 +1243,16 @@ final class Binkp extends BaseProtocol
if (! $this->md_challenge || (! $have_CRAM && (! $this->capGet(self::F_MD,self::O_NEED)))) { if (! $this->md_challenge || (! $have_CRAM && (! $this->capGet(self::F_MD,self::O_NEED)))) {
// Loop to match passwords // Loop to match passwords
$this->node->auth($buf); $x = $this->node->auth($buf);
Log::info(sprintf('%s:- We authed [%d] akas',self::LOGKEY,$x));
} }
if ($have_pwd) { if ($have_pwd) {
// If no passwords matched (ie: aka_authed is 0) // If no passwords matched (ie: aka_authed is 0), but we know this system
if (! $this->node->aka_authed) { if ((! $this->node->aka_authed) && ($this->node->aka_remote->count())) {
Log::error(sprintf('%s:! Bad password [%s]',self::LOGKEY,$buf)); Log::error(sprintf('%s:! Bad password [%s]',self::LOGKEY,$buf));
$this->msgs(self::BPM_ERR,'Security violation');
$this->optionSet(self::O_BAD); $this->optionSet(self::O_BAD);
$this->rc = self::S_FAILURE; $this->rc = self::S_FAILURE;
@ -1274,8 +1295,13 @@ final class Binkp extends BaseProtocol
$this->msgs(self::BPM_NUL,sprintf('OPT%s',$opt)); $this->msgs(self::BPM_NUL,sprintf('OPT%s',$opt));
// Add our mail to the queue if we have authenticated // Add our mail to the queue if we have authenticated
if ($this->node->aka_authed) if ($this->node->aka_authed) {
foreach ($this->node->aka_remote_authed as $ao) { foreach ($this->node->aka_remote_authed as $ao) {
if (! $ao->validated) {
Log::alert(sprintf('%s:! Address [%s] is not validated, so we wont bundle mail for it',self::LOGKEY,$ao->ftn));
continue;
}
$this->send->mail($ao); $this->send->mail($ao);
$this->send->files($ao); $this->send->files($ao);
} }
@ -1283,6 +1309,12 @@ final class Binkp extends BaseProtocol
$this->msgs(self::BPM_NUL,sprintf('TRF %lu %lu',$this->send->mail_size,$this->send->files_size)); $this->msgs(self::BPM_NUL,sprintf('TRF %lu %lu',$this->send->mail_size,$this->send->files_size));
$this->msgs(self::BPM_OK,sprintf('%ssecure',$have_pwd ? '' : 'non-')); $this->msgs(self::BPM_OK,sprintf('%ssecure',$have_pwd ? '' : 'non-'));
} else {
// @todo Send any direct netmail to this node, if that node is unknown to us
$this->msgs(self::BPM_NUL,sprintf('TRF %lu %lu',$this->send->mail_size,$this->send->files_size));
$this->msgs(self::OK,'non-secure');
}
return $this->binkp_hsdone(); return $this->binkp_hsdone();
} }

View File

@ -1206,6 +1206,11 @@ final class EMSI extends BaseProtocol implements CRCInterface,ZmodemInterface
// Add our mail to the queue if we have authenticated // Add our mail to the queue if we have authenticated
if ($this->node->aka_authed) if ($this->node->aka_authed)
foreach ($this->node->aka_remote_authed as $ao) { foreach ($this->node->aka_remote_authed as $ao) {
if (! $ao->validated) {
Log::alert(sprintf('%s:! Address [%s] is not validated, so we wont bundle mail for it',self::LOGKEY,$ao->ftn));
continue;
}
// Send mail // Send mail
while ($this->send->mail($ao)) { while ($this->send->mail($ao)) {
$z = new Zmodem; $z = new Zmodem;