Skip to content
Snippets Groups Projects
Commit a5d827d5 authored by rswindell's avatar rswindell
Browse files

inbound_auth_cb(): report a "Password mismatch" error (over BinkP) if 

one of the configured linked-nodes matching the remote address(es) is set for
CRAM-MD5 passwords only and a plain-text password was provided by the remote.
Previously, the function would log a warning:
"CRAM-MD5 required (and not provided) by <addr>" but succeeed (the actual
password value was not check) and it woudl flag the session as "non-secure"
(sending M_OK non-secure), looking like this on the remote side:
  Authentication successful: non-secure
and any received files would go into the configured non-secure inbound.
This may explain why some sysops sometimes get unexplained files in their
non-secure inbound (looking for "non-secure" in the logs should confirm).
Now, you should still see (on the answering side) the log message:
"CRAM-MD5 required (and not provided) ...", but it'll also send a M_ERR
Passowrd mismatch error to the remote, thus ending the session.
parent 6606f4c3
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 1 deletion
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment