Skip to content
Snippets Groups Projects
Select Git revision
  • dailybuild_linux-x64
  • dailybuild_win32
  • master default protected
  • dd_msg_reader_use_dd_msg_area_chooser_and_area_sort_update
  • sqlite
  • rip_abstraction
  • dailybuild_macos-armv8
  • dd_file_lister_filanem_in_desc_color
  • mode7
  • dd_msg_reader_are_you_there_warning_improvement
  • c23-playing
  • syncterm-1.3
  • syncterm-1.2
  • test-build
  • hide_remote_connection_with_telgate
  • 638-can-t-control-c-during-a-file-search
  • add_body_to_pager_email
  • mingw32-build
  • cryptlib-3.4.7
  • ree/mastermind
  • sbbs320d
  • syncterm-1.6
  • syncterm-1.5
  • syncterm-1.4
  • sbbs320b
  • syncterm-1.3
  • syncterm-1.2
  • syncterm-1.2rc6
  • syncterm-1.2rc5
  • push
  • syncterm-1.2rc4
  • syncterm-1.2rc2
  • syncterm-1.2rc1
  • sbbs319b
  • sbbs318b
  • goodbuild_linux-x64_Sep-01-2020
  • goodbuild_win32_Sep-01-2020
  • goodbuild_linux-x64_Aug-31-2020
  • goodbuild_win32_Aug-31-2020
  • goodbuild_win32_Aug-30-2020
40 results

rlogin.js

Blame
    • Rob Swindell's avatar
      0b011cc8
      Add '-h' option to send a salted and hashed password to the server · 0b011cc8
      Rob Swindell authored
      Like the -p option, except the server won't get a copy of the client BBS
      user's password or be able to decode it.
      
      The user's password, user number and account creation date are used to generate
      the password hash (along with the salt), so changing any of these will change
      the resulting hashed password sent (and presumably logged/stored) on the
      server. The resulting SHA-1 hash is sent as 40 hexadecimal digits.
      
      The default salt is the system's QWK-ID, but the sysop can specify their own
      salt (e.g. random number or secret passphrase) via the "salt" key in the
      [rlogin] section of modopts.ini or root section of ctrl/modopts/rlogin.ini
      0b011cc8
      History
      Add '-h' option to send a salted and hashed password to the server
      Rob Swindell authored
      Like the -p option, except the server won't get a copy of the client BBS
      user's password or be able to decode it.
      
      The user's password, user number and account creation date are used to generate
      the password hash (along with the salt), so changing any of these will change
      the resulting hashed password sent (and presumably logged/stored) on the
      server. The resulting SHA-1 hash is sent as 40 hexadecimal digits.
      
      The default salt is the system's QWK-ID, but the sysop can specify their own
      salt (e.g. random number or secret passphrase) via the "salt" key in the
      [rlogin] section of modopts.ini or root section of ctrl/modopts/rlogin.ini
    rlogin.js 3.78 KiB
    // Synchronet RLogin Gateway v2.0
    
    // usage: ?rlogin address[:port] [options]
    // options:
    //   -c <client-name> (default: user alias) - may be specified multiple
    //   -s <server-name> (default: user real name) - may be specified multiple
    //   -t <terminal-type> (e.g. "xtrn=doorcode" to auto-exec door on server)
    //   -T <connect-timeout-seconds> (default: 10 seconds)
    //   -m <telnet-gateway-mode> (Number or TG_* vars OR'd together, default: 0)
    //   -p send current user alias and password as server and client-name values
    //   -h send current user alias and hashed-password as server and client-name
    //   -q don't display banner or pause prompt (quiet)
    //   -v increase verbosity (display remote host name/address/port in messages)
    //   -P don't pause for user key-press
    //   -C don't clear screen after successful session
    
    // legacy usage (still supported, but deprecated):
    // ?rlogin address[:port] [telnet-gateway-mode] [client-name] [server-name] [terminal-type]
    
    // See http://wiki.synchro.net/module:rlogin for details
    
    "use strict";
    
    require("sbbsdefs.js", 'TG_RLOGINSWAP');
    
    var mode = 0;
    var addr;
    var client_name = '';
    var server_name = '';
    var term_type;
    var options;
    if((options = load({}, "modopts.js","rlogin")) == null) {
    	if((options = load({}, "modopts.js","telgate")) == null)
    		options = {};
    }
    var quiet = options.quiet === undefined ? false : options.quiet;
    var pause = options.pause === undefined ? true : options.pause;
    var clear = options.clear === undefined ? true : options.clear;
    var timeout = options.timeout === undefined ? 10 : options.timeout;
    var verbosity = options.verbosity === undefined ? 0 : options.verbosity;
    
    function hashed_user_password()
    {
    	return sha1_calc(user.security.password
    		+ user.number
    		+ user.stats.firston_date
    		+ (options.salt || system.qwk_id)
    		, /* hex: */true);
    }
    
    for(var i = 0; i < argv.length; i++) {
    	var arg = argv[i];
    	if(arg[0] != '-') {
    		if(!addr)
    			addr = arg;
    		else if(!mode)
    			mode = eval(arg);
    		else if(!client_name)
    			client_name = arg;
    		else if(!server_name)
    			server_name = arg;
    		else if(!term_type)
    			term_type = arg;
    		else {
    			alert(js.exec_file + ": Unexpected argument: " + arg);
    			exit(1);
    		}
    		continue;
    	}
    	switch(arg[1]) { // non-value options
    		case 'q':
    			quiet = true;
    			continue;
    		case 'P':
    			pause = false;
    			continue;
    		case 'C':
    			clear = false;
    			continue;
    		case 'v':
    			++verbosity;
    			continue;
    		case 'h': // send alias and hashed-password
    			client_name = hashed_user_password();
    			server_name = user.alias;
    			continue;
    		case 'p': // send alias and password as expected by Synchronet
    			client_name = user.security.password;
    			server_name = user.alias;
    			continue;
    	}
    	var value = arg.length > 2 ? arg.substring(2) : argv[++i];
    	switch(arg[1]) { // value options
    		case 'c':
    			client_name += value;
    			break;
    		case 's':
    			server_name += value;
    			break;
    		case 't':
    			term_type = value;
    			break;
    		case 'T':
    			timeout = Number(value);
    			break;
    		case 'm':
    			mode = eval(value);
    			break;
    		default:
    			alert(js.exec_file + ": Unrecognized option: " + arg);
    			exit(1);
    	}
    }
    if(!addr) {
    	alert(js.exec_file + ": No destination address specified");
    	exit(1);
    }
    var remote_host = (verbosity > 0 ? addr : "remote host");
    if(!quiet) {
    	write(options.help_msg || "\r\n\x01h\x01hPress \x01yCtrl-]\x01w for a control menu anytime.\r\n\r\n");
    	if(pause)
    		console.pause();
    	write(format(options.connecting_msg || "\x01h\x01yConnecting to \x01w%s \x01n...\r\n", remote_host));
    }
    var result = bbs.rlogin_gate(
    	 addr // address[:port]
    	,client_name || (mode & TG_RLOGINSWAP ? user.name : user.alias)
    	,server_name || (mode & TG_RLOGINSWAP ? user.alias : user.name)
    	,term_type
    	,mode
    	,timeout
    	);
    if(result === false)
    	alert(options.failed_connect_msg || (js.exec_file + ": Failed to connect to " + remote_host));
    else if(clear)
    	console.clear();