1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/syncterm/conn_mqtt.c conn_mqtt.hsrc/conio/cterm.c cterm.h src/sbbs

    From Deucе@VERT to Git commit to main/sbbs/master on Sat May 9 22:50:36 2026
    https://gitlab.synchro.net/main/sbbs/-/commit/519c6b1d13a046e254faa853
    Added Files:
    src/syncterm/conn_mqtt.c conn_mqtt.h
    Modified Files:
    src/conio/cterm.c cterm.h src/sbbs3/umonitor/spyon.c src/syncterm/CMakeLists.txt GNUmakefile Manual.txt conn.c conn.h syncterm.c syncterm.man.in term.c src/xptls/xp_tls.h xp_tls_botan3.cpp xp_tls_none.c xp_tls_openssl.c
    Log Message:
    SyncTERM: MQTT spy connection type via Synchronet internal broker

    Adds CONN_TYPE_MQTT, a sysop-spy connection that subscribes to a node's sbbs/{BBSID}/node/{N}/output topic and publishes keystrokes to the
    matching .../input. Authenticates to the broker via TLS-PSK using the
    bbslist entry's user (PSK identity), password (PSK secret), and syspass (MQTT-level password). BBSID and node number are auto-discovered from
    retained broker topics, with manual fallback prompts.

    If the PSK handshake fails the connect logic reopens the socket and
    retries with a plain cert handshake, which lets the same connection
    type also reach external brokers (mosquitto, EMQX, ...) that re-host Synchronet-shape topics. On the cert leg the MQTT-level password is
    just bbs->password (the operator's broker-side credentials), and the
    syspass slot is left alone since it isn't used.

    Reachable from the command line as mqtts://user:password@host.
    mqtts:// is the IANA scheme for MQTT-over-TLS; plain mqtt:// is
    intentionally not accepted because the broker doesn't speak plaintext.
    URL invocations with no matching dialing-directory entry prompt for
    the system password before the MQTT CONNECT (PSK leg only).

    main() ignores SIGPIPE so a peer hanging up mid-write returns EPIPE
    to the caller instead of killing the process; the connection layer
    then cleans up like any other I/O error.

    Includes the supporting plumbing the connection needed:

    - xptls: TLS-PSK client API (xp_tls_client_open_psk) + server-cert
    policy that pins TLS 1.2, restricts kex to PSK variants, and offers
    AES-128/256 in CBC + GCM with SHA-1/256/384. Adds xp_tls_has_pending
    so callers gating reads on socket-readability don't sit on already-
    decoded plaintext, and xp_tls_used_psk so the caller can tell which
    leg authenticated. Skips the close-time close_notify send when the
    socket isn't writable, avoiding SIGPIPE on a peer-closed or locally-
    shut-down session.

    - conio/cterm: split keystroke output (cterm_encode_key) from parser
    auto-responses (cterm_respond) so a spy can mute DSR/DECRQM/etc. host
    replies (the BBS is already serving the real client) while still
    delivering the local user's keystrokes.

    - sbbs3/umonitor/spyon: switch the keystroke send path to
    cterm_encode_key so arrow keys, F-keys, etc. are encoded for the
    active emulation (the old raw-byte path silently dropped them) and
    routes the encoded bytes to the spy socket via the new
    keystroke_cb.

    Manual.txt and the manpage list the new mqtts:// scheme and the SBBS
    MQTT Spy connection type.

    ---
    ■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net