src/syncterm/conn_mqtt.c conn_mqtt.hsrc/conio/cterm.c cterm.h src/sbbs

BBS: TELESC.NET.BR
Assunto: src/syncterm/conn_mqtt.c conn_mqtt.hsrc/conio/cterm.c cterm.h src/sbbs
De: Deuc¨
Data: Sat, 9 May 2026 22:50:36 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/519c6b1d13a046e254faa853
Added Files:
src/syncterm/conn_mqtt.c conn_mqtt.h
Modified Files:
src/conio/cterm.c cterm.h src/sbbs3/umonitor/spyon.c src/syncterm/CMakeLists.txt GNUmakefile Manual.txt conn.c conn.h syncterm.c syncterm.man.in term.c src/xptls/xp_tls.h xp_tls_botan3.cpp xp_tls_none.c xp_tls_openssl.c
Log Message:
SyncTERM: MQTT spy connection type via Synchronet internal broker

Adds CONN_TYPE_MQTT, a sysop-spy connection that subscribes to a node's
sbbs/{BBSID}/node/{N}/output topic and publishes keystrokes to the
matching .../input. Authenticates to the broker via TLS-PSK using the
bbslist entry's user (PSK identity), password (PSK secret), and syspass
(MQTT-level password). BBSID and node number are auto-discovered from
retained broker topics, with manual fallback prompts.

If the PSK handshake fails the connect logic reopens the socket and
retries with a plain cert handshake, which lets the same connection
type also reach external brokers (mosquitto, EMQX, ...) that re-host
Synchronet-shape topics. On the cert leg the MQTT-level password is
just bbs->password (the operator's broker-side credentials), and the
syspass slot is left alone since it isn't used.

Reachable from the command line as mqtts://user:password@host.
mqtts:// is the IANA scheme for MQTT-over-TLS; plain mqtt:// is
intentionally not accepted because the broker doesn't speak plaintext.
URL invocations with no matching dialing-directory entry prompt for
the system password before the MQTT CONNECT (PSK leg only).

main() ignores SIGPIPE so a peer hanging up mid-write returns EPIPE
to the caller instead of killing the process; the connection layer
then cleans up like any other I/O error.

Includes the supporting plumbing the connection needed:

- xptls: TLS-PSK client API (xp_tls_client_open_psk) + server-cert
policy that pins TLS 1.2, restricts kex to PSK variants, and offers
AES-128/256 in CBC + GCM with SHA-1/256/384. Adds xp_tls_has_pending
so callers gating reads on socket-readability don't sit on already-
decoded plaintext, and xp_tls_used_psk so the caller can tell which
leg authenticated. Skips the close-time close_notify send when the
socket isn't writable, avoiding SIGPIPE on a peer-closed or locally-
shut-down session.

- conio/cterm: split keystroke output (cterm_encode_key) from parser
auto-responses (cterm_respond) so a spy can mute DSR/DECRQM/etc. host
replies (the BBS is already serving the real client) while still
delivering the local user's keystrokes.

- sbbs3/umonitor/spyon: switch the keystroke send path to
cterm_encode_key so arrow keys, F-keys, etc. are encoded for the
active emulation (the old raw-byte path silently dropped them) and
routes the encoded bytes to the spy socket via the new
keystroke_cb.

Manual.txt and the manpage list the new mqtts:// scheme and the SBBS
MQTT Spy connection type.
n
---
mSynchronetn hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]