bool sbbs_t::answer()
{
char str[MAX_PATH+1],str2[MAX_PATH+1],c;
char tmp[(MAX_PATH > CRYPT_MAX_TEXTSIZE ? MAX_PATH:CRYPT_MAX_TEXTSIZE)+1];
char tmpname[CRYPT_MAX_TEXTSIZE+1];
char path[MAX_PATH+1];
int i,l,in;
struct tm tm;
useron.number=0;
answertime=logontime=starttime=now=time(NULL);
/* Caller ID is IP address */
SAFECOPY(cid,client_ipaddr);
memset(&tm,0,sizeof(tm));
localtime_r(&now,&tm);
safe_snprintf(str,sizeof(str),"%s %s %s %02d %u Node %3u"
,hhmmtostr(&cfg,&tm,str2)
,wday[tm.tm_wday]
,mon[tm.tm_mon],tm.tm_mday,tm.tm_year+1900,cfg.node_num);
logline("@ ",str);
safe_snprintf(str,sizeof(str),"%s %s [%s]", connection, client_name, cid);
logline("@+:",str);
if(client_ident[0]) {
safe_snprintf(str,sizeof(str),"Identity: %s",client_ident);
logline("@*",str);
}
online=ON_REMOTE;
if(sys_status&SS_RLOGIN) {
if(incom(1000)==0) {
for(i=0;i<(int)sizeof(str)-1;i++) {
in=incom(1000);
if(in==0 || in==NOINP)
break;
str[i]=in;
}
str[i]=0;
for(i=0;i<(int)sizeof(str2)-1;i++) {
in=incom(1000);
if(in==0 || in==NOINP)
break;
str2[i]=in;
}
str2[i]=0;
for(i=0;i<(int)sizeof(terminal)-1;i++) {
in=incom(1000);
if(in==0 || in==NOINP)
break;
terminal[i]=in;
}
terminal[i]=0;
lprintf(LOG_DEBUG,"Node %d RLogin: '******' / '%.*s' / '%s'"
,cfg.node_num
,LEN_ALIAS*2,str
,LEN_ALIAS*2,str2
,terminal);
SAFECOPY(rlogin_term, terminal);
SAFECOPY(rlogin_name, str2);
SAFECOPY(rlogin_pass, str);
/* Truncate terminal speed (e.g. "/57600") from terminal-type string
(but keep full terminal type/speed string in rlogin_term): */
truncstr(terminal,"/");
useron.number=userdatdupe(0, U_ALIAS, LEN_ALIAS, rlogin_name);
if(useron.number) {
getuserdat(&cfg,&useron);
useron.misc&=~TERM_FLAGS;
SAFEPRINTF(path,"%srlogin.cfg",cfg.ctrl_dir);
if(!findstr(client.addr,path)) {
SAFECOPY(tmp, rlogin_pass);
for(i=0;i<3;i++) {
if(stricmp(tmp,useron.pass)) {
badlogin(useron.alias, tmp);
rioctl(IOFI); /* flush input buffer */
bputs(text[InvalidLogon]);
if(cfg.sys_misc&SM_ECHO_PW)
safe_snprintf(str,sizeof(str),"(%04u) %-25s FAILED Password attempt: '%s'"
,0,useron.alias,tmp);
else
safe_snprintf(str,sizeof(str),"(%04u) %-25s FAILED Password attempt"
,0,useron.alias);
logline(LOG_NOTICE,"+!",str);
bputs(text[PasswordPrompt]);
console|=CON_R_ECHOX;
getstr(tmp,LEN_PASS*2,K_UPPER|K_LOWPRIO|K_TAB);
console&=~(CON_R_ECHOX|CON_L_ECHOX);
}
else {
if(REALSYSOP) {
rioctl(IOFI); /* flush input buffer */
if(!chksyspass())
bputs(text[InvalidLogon]);
else {
i=0;
break;
}
}
else
break;
}
}
if(i) {
if(stricmp(tmp,useron.pass)) {
badlogin(useron.alias, tmp);
bputs(text[InvalidLogon]);
if(cfg.sys_misc&SM_ECHO_PW)
safe_snprintf(str,sizeof(str),"(%04u) %-25s FAILED Password attempt: '%s'"
,0,useron.alias,tmp);
else
safe_snprintf(str,sizeof(str),"(%04u) %-25s FAILED Password attempt"
,0,useron.alias);
logline(LOG_NOTICE,"+!",str);
}
lprintf(LOG_WARNING,"Node %d !CLIENT IP NOT LISTED in %s"
,cfg.node_num,path);
useron.number=0;
hangup();
}
}
}
else
lprintf(LOG_INFO,"Node %d RLogin: Unknown user: %s",cfg.node_num,rlogin_name);
}
if(rlogin_name[0]==0) {
lprintf(LOG_NOTICE,"Node %d !RLogin: No user name received",cfg.node_num);
sys_status&=~SS_RLOGIN;
}
}
if(!(telnet_mode&TELNET_MODE_OFF)) {
/* Disable Telnet Terminal Echo */
request_telnet_opt(TELNET_WILL,TELNET_ECHO);
/* Will suppress Go Ahead */
request_telnet_opt(TELNET_WILL,TELNET_SUP_GA);
/* Retrieve terminal type and speed from telnet client --RS */
request_telnet_opt(TELNET_DO,TELNET_TERM_TYPE);
request_telnet_opt(TELNET_DO,TELNET_TERM_SPEED);
request_telnet_opt(TELNET_DO,TELNET_SEND_LOCATION);
request_telnet_opt(TELNET_DO,TELNET_NEGOTIATE_WINDOW_SIZE);
request_telnet_opt(TELNET_DO,TELNET_NEW_ENVIRON);
}
#ifdef USE_CRYPTLIB
if(sys_status&SS_SSH) {
pthread_mutex_lock(&ssh_mutex);
cryptGetAttributeString(ssh_session, CRYPT_SESSINFO_USERNAME, tmpname, &i);
tmpname[i]=0;
SAFECOPY(rlogin_name, tmpname);
cryptGetAttributeString(ssh_session, CRYPT_SESSINFO_PASSWORD, tmp, &i);
tmp[i]=0;
SAFECOPY(rlogin_pass, tmp);
pthread_mutex_unlock(&ssh_mutex);
lprintf(LOG_DEBUG,"Node %d SSH login: '******'"
,cfg.node_num, tmpname);
useron.number=userdatdupe(0, U_ALIAS, LEN_ALIAS, tmpname);
if(useron.number) {
getuserdat(&cfg,&useron);
useron.misc&=~TERM_FLAGS;
for(i=0;i<3;i++) {
if(stricmp(tmp,useron.pass)) {
badlogin(useron.alias, tmp);
rioctl(IOFI); /* flush input buffer */
bputs(text[InvalidLogon]);
if(cfg.sys_misc&SM_ECHO_PW)
safe_snprintf(str,sizeof(str),"(%04u) %-25s FAILED Password attempt: '%s'"
,0,useron.alias,tmp);
else
safe_snprintf(str,sizeof(str),"(%04u) %-25s FAILED Password attempt"
,0,useron.alias);
/* crash here Sept-12-2010
str 0x06b3fc4c "(0000) Guest FAILED Password attempt: '*****@*****.**'"
and Oct-6-2010
str 0x070ffc4c "(0000) Woot903 FAILED Password attempt: 'p67890pppsdsjhsdfhhfhnhnfhfhfdhjksdjkfdskw3902391=`'" char [261]
*/
logline(LOG_NOTICE,"+!",str);
bputs(text[PasswordPrompt]);
console|=CON_R_ECHOX;
getstr(tmp,LEN_PASS*2,K_UPPER|K_LOWPRIO|K_TAB);
console&=~(CON_R_ECHOX|CON_L_ECHOX);
}
else {
if(REALSYSOP) {
rioctl(IOFI); /* flush input buffer */
if(!chksyspass())
bputs(text[InvalidLogon]);
else {
i=0;
break;
}
}
else
break;
}
}
if(i) {
if(stricmp(tmp,useron.pass)) {
badlogin(useron.alias, tmp);
bputs(text[InvalidLogon]);
if(cfg.sys_misc&SM_ECHO_PW)
safe_snprintf(str,sizeof(str),"(%04u) %-25s FAILED Password attempt: '%s'"
,0,useron.alias,tmp);
else
safe_snprintf(str,sizeof(str),"(%04u) %-25s FAILED Password attempt"
,0,useron.alias);
logline(LOG_NOTICE,"+!",str);
}
useron.number=0;
hangup();
}
}
else
lprintf(LOG_INFO,"Node %d SSH: Unknown user: %s",cfg.node_num,rlogin_name);
}
#endif
/* Detect terminal type */
mswait(200);
rioctl(IOFI); /* flush input buffer */
putcom( "\r\n" /* locate cursor at column 1 */
"\x1b[s" /* save cursor position (necessary for HyperTerm auto-ANSI) */
"\x1b[255B" /* locate cursor as far down as possible */
"\x1b[255C" /* locate cursor as far right as possible */
"\b_" /* need a printable at this location to actually move cursor */
"\x1b[6n" /* Get cursor position */
"\x1b[u" /* restore cursor position */
"\x1b[!_" /* RIP? */
"\x1b[30;40m\xc2\x9f""Zuul.connection.write('\\x1b""Are you the gatekeeper?')\xc2\x9c" /* ZuulTerm? */
"\x1b[0m_" /* "Normal" colors */
"\x1b[2J" /* clear screen */
"\x1b[H" /* home cursor */
"\xC" /* clear screen (in case not ANSI) */
"\r" /* Move cursor left (in case previous char printed) */
);
i=l=0;
tos=1;
lncntr=0;
safe_snprintf(str, sizeof(str), "%s %s", VERSION_NOTICE, COPYRIGHT_NOTICE);
strip_ctrl(str, str);
center(str);
while(i++<50 && l<(int)sizeof(str)-1) { /* wait up to 5 seconds for response */
c=incom(100)&0x7f;
if(c==0)
continue;
i=0;
if(l==0 && c!=ESC) // response must begin with escape char
continue;
str[l++]=c;
if(c=='R') { /* break immediately if ANSI response */
mswait(500);
break;
}
}
while((c=(incom(100)&0x7f))!=0 && l<(int)sizeof(str)-1)
str[l++]=c;
str[l]=0;
if(l) {
c_escape_str(str,tmp,sizeof(tmp),TRUE);
lprintf(LOG_DEBUG,"Node %d received terminal auto-detection response: '%s'"
,cfg.node_num,tmp);
if(str[0]==ESC && str[1]=='[' && str[l-1]=='R') {
int x,y;
if(terminal[0]==0)
SAFECOPY(terminal,"ANSI");
autoterm|=(ANSI|COLOR);
if(sscanf(str+2,"%u;%u",&y,&x)==2) {
lprintf(LOG_DEBUG,"Node %d received ANSI cursor position report: %ux%u"
,cfg.node_num, x, y);
/* Sanity check the coordinates in the response: */
if(x>=40 && x<=255) cols=x;
if(y>=10 && y<=255) rows=y;
}
}
truncsp(str);
if(strstr(str,"RIPSCRIP")) {
if(terminal[0]==0)
SAFECOPY(terminal,"RIP");
logline("@R",strstr(str,"RIPSCRIP"));
autoterm|=(RIP|COLOR|ANSI); }
else if(strstr(str,"Are you the gatekeeper?")) {
if(terminal[0]==0)
SAFECOPY(terminal,"HTML");
logline("@H",strstr(str,"Are you the gatekeeper?"));
autoterm|=HTML;
}
}
else if(terminal[0]==0)
SAFECOPY(terminal,"DUMB");
rioctl(IOFI); /* flush left-over or late response chars */
if(!autoterm && str[0]) {
c_escape_str(str,tmp,sizeof(tmp),TRUE);
lprintf(LOG_NOTICE,"Node %d terminal auto-detection failed, response: '%s'"
,cfg.node_num, tmp);
}
/* AutoLogon via IP or Caller ID here */
if(!useron.number && !(sys_status&SS_RLOGIN)
&& (startup->options&BBS_OPT_AUTO_LOGON) && cid[0]) {
useron.number=userdatdupe(0, U_NOTE, LEN_NOTE, cid);
if(useron.number) {
getuserdat(&cfg, &useron);
if(!(useron.misc&AUTOLOGON) || !(useron.exempt&FLAG('V')))
useron.number=0;
}
}
if(!online)
return(false);
if(stricmp(terminal,"sexpots")==0) { /* dial-up connection (via SexPOTS) */
SAFEPRINTF2(str,"%s connection detected at %lu bps", terminal, cur_rate);
logline("@S",str);
node_connection = (ushort)cur_rate;
SAFEPRINTF(connection,"%lu",cur_rate);
SAFECOPY(cid,"Unknown");
SAFECOPY(client_name,"Unknown");
if(telnet_location[0]) { /* Caller-ID info provided */
SAFEPRINTF(str, "CID: %s", telnet_location);
logline("@*",str);
SAFECOPY(cid,telnet_location);
truncstr(cid," "); /* Only include phone number in CID */
char* p=telnet_location;
FIND_WHITESPACE(p);
SKIP_WHITESPACE(p);
if(*p) {
SAFECOPY(client_name,p); /* CID name, if provided (maybe 'P' or 'O' if private or out-of-area) */
}
}
SAFECOPY(client.addr,cid);
SAFECOPY(client.host,client_name);
client_on(client_socket,&client,TRUE /* update */);
} else {
if(telnet_location[0]) { /* Telnet Location info provided */
SAFEPRINTF(str, "Telnet Location: %s", telnet_location);
logline("@*",str);
}
}
useron.misc&=~TERM_FLAGS;
useron.misc|=autoterm;
SAFECOPY(useron.comp,client_name);
if(!useron.number && rlogin_name[0]!=0 && !(cfg.sys_misc&SM_CLOSED) && !matchuser(&cfg, rlogin_name, /* Sysop alias: */FALSE)) {
lprintf(LOG_INFO,"Node %d UNKNOWN %s-specified USERNAME: %s, starting new user signup",cfg.node_num,client.protocol,rlogin_name);
bprintf("%s: %s\r\n", text[UNKNOWN_USER], rlogin_name);
newuser();
}
if(!useron.number) { /* manual/regular logon */
/* Display ANSWER screen */
rioctl(IOSM|PAUSE);
sys_status|=SS_PAUSEON;
SAFEPRINTF(str,"%sanswer",cfg.text_dir);
SAFEPRINTF(path,"%s.rip",str);
if((autoterm&RIP) && fexistcase(path))
printfile(path,P_NOABORT);
else {
SAFEPRINTF(path,"%s.html",str);
if((autoterm&HTML) && fexistcase(path))
printfile(path,P_NOABORT);
else {
SAFEPRINTF(path,"%s.ans",str);
if((autoterm&ANSI) && fexistcase(path))
printfile(path,P_NOABORT);
else {
SAFEPRINTF(path,"%s.asc",str);
if(fexistcase(path))
printfile(path, P_NOABORT);
}
}
}
sys_status&=~SS_PAUSEON;
exec_bin(cfg.login_mod,&main_csi);
} else /* auto logon here */
if(logon()==false)
return(false);
if(!useron.number)
hangup();
/* Save the IP to the user's note */
if(cid[0]) {
SAFECOPY(useron.note,cid);
putuserrec(&cfg,useron.number,U_NOTE,LEN_NOTE,useron.note);
}
/* Save host name to the user's computer description */
if(client_name[0]) {
SAFECOPY(useron.comp,client_name);
putuserrec(&cfg,useron.number,U_COMP,LEN_COMP,useron.comp);
}
if(!online)
return(false);
if(!(sys_status&SS_USERON)) {
errormsg(WHERE,ERR_CHK,"User not logged on",0);
hangup();
return(false);
}
if(useron.pass[0])
loginSuccess(startup->login_attempt_list, &client_addr);
return(true);
}
bool sbbs_t::spy(uint i /* node_num */)
{
char ch;
char ansi_seq[32];
int ansi_len;
int in;
if(!i || i>MAX_NODES) {
bprintf("Invalid node number: %d\r\n",i);
return(false);
}
if(i==cfg.node_num) {
bprintf("Can't spy on yourself.\r\n");
return(false);
}
if(spy_socket[i-1]!=INVALID_SOCKET) {
bprintf("Node %d already being spied (%lx)\r\n",i,spy_socket[i-1]);
return(false);
}
bprintf("*** Synchronet Remote Spy on Node %d: Ctrl-C to Abort ***"
"\r\n\r\n",i);
spy_socket[i-1]=client_socket;
ansi_len=0;
while(online
&& client_socket!=INVALID_SOCKET
&& spy_socket[i-1]!=INVALID_SOCKET
&& !msgabort()) {
in=incom(1000);
if(in==NOINP) {
gettimeleft();
continue;
}
ch=in;
if(ch==ESC) {
if(!ansi_len) {
ansi_seq[ansi_len++]=ch;
continue;
}
ansi_len=0;
}
if(ansi_len && ansi_len<(int)sizeof(ansi_seq)-2) {
if(ansi_len==1) {
if(ch=='[') {
ansi_seq[ansi_len++]=ch;
continue;
}
ansi_len=0;
}
if(ch=='R') { /* throw-away cursor position report */
ansi_len=0;
continue;
}
ansi_seq[ansi_len++]=ch;
if(isalpha(ch)) {
RingBufWrite(node_inbuf[i-1],(uchar*)ansi_seq,ansi_len);
ansi_len=0;
}
continue;
}
if(ch<' ') {
lncntr=0; /* defeat pause */
spy_socket[i-1]=INVALID_SOCKET; /* disable spy output */
ch=handle_ctrlkey(ch,K_NONE);
spy_socket[i-1]=client_socket; /* enable spy output */
if(ch==0)
continue;
}
if(node_inbuf[i-1]!=NULL)
RingBufWrite(node_inbuf[i-1],(uchar*)&ch,1);
}
spy_socket[i-1]=INVALID_SOCKET;
return(true);
}
