From 4b7ead3d374837b36c11ca22c824c09eb1b5399d Mon Sep 17 00:00:00 2001 From: "psyc://loupsycedyglgamf.onion/~lynX" Date: Sun, 17 Jul 2016 18:43:34 +0000 Subject: [PATCH 1/5] CHANGESTODO: how to handle privacy of native psyc clients --- CHANGESTODO | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/CHANGESTODO b/CHANGESTODO index b48985a..c16674e 100644 --- a/CHANGESTODO +++ b/CHANGESTODO @@ -1570,6 +1570,23 @@ ________________________________________________________________________ (later people called this technique 'CERTIFICATE PINNING') == PSYC CLIENTS ======================================================== + +- PSYC clients are currently not detected as being secure even if they + connect by Tor, TLS or localhost. This is because the net/psyc/user object + as such isn't connected and the attempt to find the corresponding circuit + opens up the question: what if the user has several clients linked? Does + a secure one qualify for the entire user object to be trustworthy? What if + there is another client that isn't secure? Possible approach to solve the + issue: Disallow any password-protected user to be logged in over insecure + channels at any time. This is probably a good idea anyway as it respects + the civil rights of *other* users that interact with this user in the + expectation that conversations be private. This has the side effect that + PSYC users are forced to register before entering @welcome, unless we also + do the refactoring described in MULTIPLE CLIENT INTERFACES and somehow fix + that aspect in the process. Or we just walk through all the links and make + sure all of them are secure, but that raises the problem of dealing with a + new insecure client connecting. + - tg runs into trouble using _do_enter and _do_leave. apparently the enter-echo is not accepted by the UNI and thus does not make it into _list_places - _do_leave does not forward the echo from remote places back to the client @@ -1582,8 +1599,6 @@ ________________________________________________________________________ ? psyc clients haben uferlose idle times und sie altern nicht -? cryptochat raum? - ? how to improve _request_store and _retrieve? look at http://asg.web.cmu.edu/acap/ for ideas From 4176e267d816202625aa0b22a68dfb6c4a455745 Mon Sep 17 00:00:00 2001 From: "psyc://loupsycedyglgamf.onion/~lynX" Date: Wed, 20 Jul 2016 18:50:52 +0200 Subject: [PATCH 2/5] one mud per child.. unfinished integration --- place/nemesis.c | 8 ++++- world/default/en/jabber.textdb | 5 +++ world/net/tn/outgoing.c | 58 ++++++++++++++++++++++++++-------- world/net/usercmd.i | 36 +++++++++++++++++++++ 4 files changed, 92 insertions(+), 15 deletions(-) diff --git a/place/nemesis.c b/place/nemesis.c index 4e5a3ec..832b36b 100644 --- a/place/nemesis.c +++ b/place/nemesis.c @@ -1,11 +1,17 @@ #include -#define CONNECT_TELNET "nemesis.de", 2000 +//#ifdef BRAIN +# define CONNECT_TELNET "nemesis.de", 2000 +//#else +//# define CONNECT_TELNET "nemesis.de", 2001 // NemTest +//#endif + #define ON_CONNECT emit("guest\n"); #define ON_ANY NET_PATH "tn/outgoing"::msg(source, mc, data, vars); #include +// to do this properly, we need a systematic way to redo prompts FIXME parse(all) { // remove Nemesis' guest prompt.. why was i so funny // back then to implement several prompt chars? diff --git a/world/default/en/jabber.textdb b/world/default/en/jabber.textdb index f8618c3..effe189 100644 --- a/world/default/en/jabber.textdb +++ b/world/default/en/jabber.textdb @@ -363,6 +363,11 @@ _notice_typing_active _notice_typing_gone | +_notice_telnet_verbatim +| +| [_text_verbatim] +| + _notice_place | | [_data] diff --git a/world/net/tn/outgoing.c b/world/net/tn/outgoing.c index 9b4c30a..12df5a2 100644 --- a/world/net/tn/outgoing.c +++ b/world/net/tn/outgoing.c @@ -1,43 +1,73 @@ // vim:syntax=lpc +// DEBUG: FIXME +#define _flag_log_sockets_telnet_outgoing + #include -//#include #include -#include -//#include +//#include + +// this outgoing "telnet" socket thing implements both '/set mudlink' +// for users as MUD chatrooms such as @nemesis. would be cool if it +// actually was capable of handling telnet protocol, but the mud in +// question isn't, either. +// +// for a tighter integration between psyced and MUD it would also be +// cool to either have a native PSYC side channel, or to embed crypto- +// graphically signed PSYC packets (using a shared secret hash) into +// this stream. // message queueing and automatic reconnect mgmt inherit NET_PATH "circuit"; -//inherit NET_PATH "place/public"; +virtual inherit NET_PATH "output"; +static string connectstring; +static object owner; + +send(all) { + // if this doesn't work, then maybe you just forgot + // to /set charset in your test user + iconv(all, SYSTEM_CHARSET, "ASCII//TRANSLIT"); // should be configurable #ifdef _flag_log_sockets_telnet_outgoing -emit(all, source) { - log_file("RAW_TN_OUT", "%d %O\t-> %s", time(), ME, all); - return ::emit(all); -} + log_file("RAW_TN_OUT", "%O > %O\n", ME, all); #endif + //if (function_exists("emit")) return emit(all); + return emit(all); +} parse(all) { next_input_to(#'parse); #ifdef _flag_log_sockets_telnet_outgoing - log_file("RAW_TN_OUT", "%d %O\t<- %s", time(), ME, all); + log_file("RAW_TN_OUT", "%O < %O\n", ME, all); #endif - // assumes multicaster.. fix later - castmsg(ME, "_notice_telnet_verbatim", "[_text_verbatim]", + iconv(all, "ASCII//TRANSLIT", SYSTEM_CHARSET); + if (owner) sendmsg(owner, + "_notice_telnet_verbatim", "[_text_verbatim]", + ([ "_text_verbatim": all ])); + else if (function_exists("castmsg")) castmsg(ME, + "_notice_telnet_verbatim", "[_text_verbatim]", ([ "_text_verbatim": all ])); } link(ho, po) { - sTextPath(0, 0, "tn"); + //sTextPath(0, 0, "tn"); return ::circuit(ho, po || TELNET_SERVICE); } +config(host, port, justdoit) { + connectstring = replace(justdoit, " ", "\n") + "\n"; + owner = previous_object(); + link(host, port); +} + logon(failure) { int rc = ::logon(failure); unless (rc) return 0; next_input_to(#'parse); parse("[connected]"); // hack to maintain logon ascii graphics intact + // could have queued this instead: + if (connectstring) call_out(#'send, 1, connectstring); call_out(#'runQ, 3); // deliver the queue of messages in circuit.c return rc; } @@ -78,7 +108,7 @@ msg(source, mc, data, mapping vars, showingLog, target) { if (abbrev("_message_public", mc)) { // FIXME: should we handle the disconnect instead? if (data == "quit") return 1; - return emit(data + "\n"); + return send(data + "\n"); } #endif } @@ -99,7 +129,7 @@ render(string mc, string data, mapping vars, mixed source) { output = psyctext( template, vars, data, source); if (!output || output=="") return D2(D("tn/out: empty output\n")); if (template == "") output += "\n"; - emit(output); + send(output); } #endif diff --git a/world/net/usercmd.i b/world/net/usercmd.i index 1c8fd34..17beef5 100644 --- a/world/net/usercmd.i +++ b/world/net/usercmd.i @@ -143,6 +143,27 @@ input(a, dest) { #endif } +#define MUDLINK //FIXME + +#ifdef MUDLINK +object mudlink; + +mudlink(config) { + string connectstring, host; int port; + // should have mud nicknames instead, so that charsets, prompts + // and login procedures can be automated.. + if (sscanf(config, "%s %d %s", host, port, connectstring)) { + // FIXME L8R: + //unless (objectp(mudlink)) mudlink = named_clone(NET_PATH "tn/outgoing", MYNICK); + unless (objectp(mudlink)) mudlink = clone_object(NET_PATH "tn/outgoing"); + if (objectp(mudlink)) mudlink -> config(host, port, connectstring); + return 1; + } + // could produce a dedicated syntax warning here.. default is okay + return 0; +} +#endif + parsecmd(command, dest) { array(string) args; string a; @@ -1393,6 +1414,14 @@ cmd(a, args, dest, command) { w("_echo_save", "[_amount_lines] lines of log saved.", (["_amount_lines": t])); break; +#ifdef MUDLINK + case "mud": + unless (objectp(mudlink) && interactive(mudlink)) mudlink(v("mudlink")); + // nicer UI using simulated query with $mud TBD.. FIXME + // also, this send() is not doing the translit!?!! + if (objectp(mudlink)) mudlink -> send(ARGS(1) +"\n"); + break; +#endif // MUDLINK #endif /* USER_PROGRAM */ default: #ifdef USER_PROGRAM @@ -2664,6 +2693,7 @@ checkVar(key, value) { string a, b; array(string) t; + P3(("%O checkVar(%O, %O)\n", ME, key, value)) // aliases for variable names switch(key) { case "befehlszeichen": @@ -2969,6 +2999,12 @@ checkVar(key, value) { // case "popstarfave": // case "musicfave": break; // always valid +#ifdef MUDLINK + case "mudlink": + P0(("mudlink %O\n", value)) + if (value && !mudlink(value)) value = 0; + break; +#endif case "encoding": key = "charset"; // fall thru case "charset": From 484b6440dc7a082d3da4bdc6313727dc74e616ba Mon Sep 17 00:00:00 2001 From: "psyc://loupsycedyglgamf.onion/~lynX" Date: Thu, 21 Jul 2016 00:45:09 +0200 Subject: [PATCH 3/5] use /query $mud instead of /mud --- world/net/tn/outgoing.c | 2 +- world/net/usercmd.i | 15 +++++++-------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/world/net/tn/outgoing.c b/world/net/tn/outgoing.c index 12df5a2..d290dd4 100644 --- a/world/net/tn/outgoing.c +++ b/world/net/tn/outgoing.c @@ -41,7 +41,7 @@ parse(all) { #ifdef _flag_log_sockets_telnet_outgoing log_file("RAW_TN_OUT", "%O < %O\n", ME, all); #endif - iconv(all, "ASCII//TRANSLIT", SYSTEM_CHARSET); + if (all && all != "") iconv(all, "ASCII//TRANSLIT", SYSTEM_CHARSET); if (owner) sendmsg(owner, "_notice_telnet_verbatim", "[_text_verbatim]", ([ "_text_verbatim": all ])); diff --git a/world/net/usercmd.i b/world/net/usercmd.i index 17beef5..236bc37 100644 --- a/world/net/usercmd.i +++ b/world/net/usercmd.i @@ -1414,14 +1414,6 @@ cmd(a, args, dest, command) { w("_echo_save", "[_amount_lines] lines of log saved.", (["_amount_lines": t])); break; -#ifdef MUDLINK - case "mud": - unless (objectp(mudlink) && interactive(mudlink)) mudlink(v("mudlink")); - // nicer UI using simulated query with $mud TBD.. FIXME - // also, this send() is not doing the translit!?!! - if (objectp(mudlink)) mudlink -> send(ARGS(1) +"\n"); - break; -#endif // MUDLINK #endif /* USER_PROGRAM */ default: #ifdef USER_PROGRAM @@ -2040,6 +2032,13 @@ tell(pal, what, palo, how, mc, tv) { return; } #endif +#ifdef MUDLINK + if (pal == "$mud") { + unless (objectp(mudlink) && interactive(mudlink)) mudlink(v("mudlink")); + if (objectp(mudlink)) mudlink -> send(what +"\n"); + return; + } +#endif // MUDLINK #ifdef ALIASES // this also allows for /alias MEP MunichElectropunk deaPal = aliases[lower_case(pal)] || pal; From 12c74b4910f4e217c66bf3a2c46f0dac74553605 Mon Sep 17 00:00:00 2001 From: "psyc://loupsycedyglgamf.onion/~lynX" Date: Wed, 4 Apr 1984 00:44:05 +0000 Subject: [PATCH 4/5] ircs: rfc7194 says to use port 6697, not 9999 --- bin/psyconf | 2 +- config/blueprint/ports.h | 2 +- config/openwrt/ports.h | 2 +- config/psyced.ini | 6 +++++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/bin/psyconf b/bin/psyconf index 4a9f358..aeb611c 100755 --- a/bin/psyconf +++ b/bin/psyconf @@ -613,7 +613,7 @@ X # TODO: generate a psyced.gdb file kind of like this print < Date: Wed, 4 Apr 1984 00:44:06 +0000 Subject: [PATCH 5/5] updates for install.sh, thx ng0 --- install.sh | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/install.sh b/install.sh index 86974f2..aa98899 100755 --- a/install.sh +++ b/install.sh @@ -22,10 +22,11 @@ # # psyclpc as obtained from http://lpc.psyc.eu driver="psyclpc" -driverver="20111122" +driverver="20160417" +driversha256="ad403ad4243fea52d79b1d89d9ad30e2f6a89b4263cf13f329386d03cb6d4fbf" lpcbaseurl="http://www.psyced.org/files/" -zip="bz2" -zipcmd="bzip2" +zip="xz" +zipcmd="xz" # useful for debugging - see what files it would produce exit="exit 1" @@ -47,8 +48,14 @@ then !!${hi} HEY YOU, PORTAGE USER ${lo}!! If you are running gentoo/portage you should try out our beautiful ebuilds -at http://www.psyced.org/files/gentoo.tar.bz2 instead of this installation -script. Stop it now. +in the youbroketheinternet-overlay instead of this installation script. +Stop it now and do this... + +torify git clone git://git.cheettyiapsyciew.onion/youbroketheinternet-overlay + +or this instead: + +git clone git://git.psyced.org/youbroketheinternet-overlay ${hi}Warning: OLD-SCHOOL install.sh STARTING${lo} ... @@ -193,6 +200,8 @@ if ! test `ls -1 ${driver}-*tar.${zip} 2>/dev/null` if wget "${lpcbaseurl}/${driver}-${driverver}.tar.${zip}" then echo "${driver} successfully retrieved." + echo "Expect this checksum:\n\n${driversha256}" + sha256sum ${driver} else echo "${hi}ATTENTION: Unable to download ${driver}" echo "${hi}ATTENTION: ${lo}You have no ${driver}-*.tar.${zip} in this directory."