Send M_ERR instead of M_OK when a link's password doesn't match.

I'm probably doing something wrong here, since I didn't write this code (particularly if there are multiple advertised addresses in the session which we have configured links for) - but this should at least give Al something to test.

Send M_ERR instead of M_OK when a link's password doesn't match.
01176238 · rswindell · 9fbd7049 · 01176238 · 01176238
Commit 01176238 authored 7 years ago by rswindell
--- a/exec/binkit.js
+++ b/exec/binkit.js
@@ -827,8 +827,10 @@ function inbound_auth_cb(pwd, bp)
 					addrs.push(addr);
 					check_nocrypt(bp.cb_data.binkitcfg.node[addr]);
 					ret = cpw;
-				} else
+				} else {
 					log(LOG_WARNING, "CRAM-MD5 of password does not match");
+					ret = false;	// How do we break out of this forEach loop?!?
+				}
 			}
 			else {
 				// TODO: Deal with arrays of passwords?

--- a/exec/load/binkp.js
+++ b/exec/load/binkp.js
@@ -395,7 +395,7 @@ BinkP.prototype.connect = function(addr, password, auth_cb, port, inet_host)

 	if(!this.sock.connect(inet_host, port)) {
 		this.sock = undefined;
-		log(LOG_INFO, "Connection to "+inet_host+":"+port+" failed.");
+		log(LOG_WARNING, "Connection to "+inet_host+":"+port+" failed.");
 		return false;
 	}

@@ -404,11 +404,11 @@ BinkP.prototype.connect = function(addr, password, auth_cb, port, inet_host)
 		this.sendCmd(this.command.M_NUL, "OPT CRYPT");
 	else {
 		/*
-		 * TODO: This is to work around an apparent incompatability with
+		 * TODO: This is to work around an apparent incompatibility with
 		 * Radius.  I thought this worked with binkd, but it would need
 		 * to be tested again.
 		 * 
-		 * Not super-important since using encrpytion without a password
+		 * Not super-important since using encryption without a password
 		 * is about as "secure" as rot13.
 		 */
 		this.wont_crypt = true;
@@ -462,7 +462,7 @@ BinkP.prototype.connect = function(addr, password, auth_cb, port, inet_host)
 		if (this.cram === undefined || this.cram.algo !== 'MD5')
 			this.sendCmd(this.command.M_ERR, "Encryption requires CRAM-MD5 auth");
 		else {
-			log(LOG_INFO, "Initializing crypt keys.");
+			log(LOG_DEBUG, "Initializing crypt keys.");
 			this.out_keys = [0, 0, 0];
 			this.in_keys = [0, 0, 0];
    		this.crypt.init_keys(this.out_keys, password);
@@ -483,7 +483,7 @@ BinkP.prototype.connect = function(addr, password, auth_cb, port, inet_host)
 	return this.session();
 };
 /*
- * sock can be either a lisening socket or a connected socket.
+ * sock can be either a listening socket or a connected socket.
 *
 * auth_cb(passwds, this) is called to accept and add
 * files if it returns a password, the session is considered secure.  auth_cb()
@@ -553,6 +553,10 @@ BinkP.prototype.accept = function(sock, auth_cb)
 							this.sendCmd(this.command.M_ERR, "Encryption requires CRAM-MD5 auth");
 					}
 					pwd = auth_cb(args, this);
+					if (pwd === false) {
+						this.sendCmd(this.command.M_ERR, "Password mismatch");
+						break;
+					}
 					if (pwd === undefined)
 						pwd = '-';
 					if (pwd === '-') {
@@ -573,7 +577,7 @@ BinkP.prototype.accept = function(sock, auth_cb)
 	}

 	if (this.will_crypt) {
-		log(LOG_INFO, "Initializing crypt keys.");
+		log(LOG_DEBUG, "Initializing crypt keys.");
 		this.out_keys = [0, 0, 0];
 		this.in_keys = [0, 0, 0];
    	this.crypt.init_keys(this.in_keys, pwd);