inbound_auth_cb(): report a "Password mismatch" error (over BinkP) if

one of the configured linked-nodes matching the remote address(es) is set for CRAM-MD5 passwords only and a plain-text password was provided by the remote. Previously, the function would log a warning: "CRAM-MD5 required (and not provided) by <addr>" but succeeed (the actual password value was not check) and it woudl flag the session as "non-secure" (sending M_OK non-secure), looking like this on the remote side: Authentication successful: non-secure and any received files would go into the configured non-secure inbound. This may explain why some sysops sometimes get unexplained files in their non-secure inbound (looking for "non-secure" in the logs should confirm). Now, you should still see (on the answering side) the log message: "CRAM-MD5 required (and not provided) ...", but it'll also send a M_ERR Passowrd mismatch error to the remote, thus ending the session.

inbound_auth_cb(): report a "Password mismatch" error (over BinkP) if
a5d827d5 · rswindell · 6606f4c3 · a5d827d5
Commit a5d827d5 authored 5 years ago by rswindell
--- a/exec/binkit.js
+++ b/exec/binkit.js
@@ -1014,8 +1014,10 @@ function inbound_auth_cb(pwd, bp)
 			}
 			else {
 				// TODO: Deal with arrays of passwords?
-				if (!bp.cb_data.binkitcfg.node[addr].nomd5)	// BinkpAllowPlainAuth=false
+				if (!bp.cb_data.binkitcfg.node[addr].nomd5) {	// BinkpAllowPlainAuth=false
 					log(LOG_WARNING, "CRAM-MD5 required (and not provided) by " + addr);
+					invalid = true;
+				}
 				else if (bp.cb_data.binkitcfg.node[addr].pass === pwd[0]) {
 					log(LOG_INFO, "Plain-text password match for " + addr);
 					addrs.push(addr);