1. 21 Feb, 2022 1 commit
    • Rob Swindell's avatar
      Change the semantics of the "Allow Sysop Logins" setting in SCFG->System · 3632b9c3
      Rob Swindell authored
      As Andre pointed out while documenting this setting on the wiki, the option seemed confusing: if a sysop could not login with "system operator access", how could they login at all? Answer: they could not.
      
      This setting used to be called "Allow Remote Sysop Logins", back when there was the concept of a "local login", so setting this option to "No" would mean that user accounts with sysop access could only be used for *local* login. But in Synchronet v3, there's really no such concept as a "local login", so it was changed to just "Allow Sysop Logins" (period) and not a lot of thought given to how/why a sysop would actually set to this "No" or what the implications would be (presumably, nobody ever sets this to "No").
      
      So rather than just get rid if the option altogether, I changed it to mean: an account with sysop access (i.e. level 90+) can still login, but any action that normally requires the system password will not be allowed. This includes the sysop-actions available in the FTP server when authenticating with <user-pass>:<system-pass> as the password. The sysop-user can still authenticate (and login), but none of those sysop-actions will be available to them.
      3632b9c3
  2. 31 Jan, 2022 2 commits
  3. 28 Jan, 2022 1 commit
    • Rob Swindell's avatar
      Add 'vdir' (virtual directory name) member to lib_t and dir_t · 51ab0a7f
      Rob Swindell authored
      This change is just for internal consistency and convenience right now: the lib_t.vdir is a "sanitized" copy of the lib's short name (spaces are converted to dots or underscores based on the logic that the FTP server used in dotname()) and the dir_t.vdir is just a pointer to the dir's code_suffix. No other permutations are made (e.g. lower-casing the strings). Although the virtual directory names of libraries will now appear in mixed case in the FTP server (previously, they were all lowercase), the directory names are actually treated case-insensitively, so it should not make any difference. If forced-lowercase is preferred for some reason, please speak up.
      
      This change leads the way to eventually, possibly, making these virtual path elements sysop-configurable. For now, it's just better to have a *copy* of the lib's short name that is appropriately modified to make a suitable directory name and have that vpath element available globally (to all servers and services) in a consistent manner.
      
      So Nelgin asked (about filebase access via http), what if the library short name has a space in it? The answer now is, the spaces are replaced with a '.' or '_' (if there's already dots in the name).
      51ab0a7f
  4. 16 Jan, 2022 1 commit
    • Rob Swindell's avatar
      Add direct filebase access from the web server (optional) · 1ab2956b
      Rob Swindell authored
      By setting SCFG->File Options->Web File Virtual Path Prefix to something (e.g. "/files/"), all HTTP or HTTPS requests to the Synchronet Web Server with request paths beginning with this prefix will be interpreted as filebase access requests (with full access control enforcement). This is configured here (in SCFG) rather than, say, the [web] section of sbbs.ini, because I have plans for the terminal server to use this prefix to generate Web-URLs for files to display or email to users.
      
      Currently, only requests to *files* (for download) are supported (no index generation, file information, etc. and definitely no upload support). Full access control (using HTTP auth, not cookies) is used for libraries and directories with controlled access. Credits are deducted and awarded and uploaders are notified of downloads, as one would expect. Requests to any dynamic-web-content files (e.g. .SSJS, .XJS, etc.) will be treated as static file download requests (no script will be executed).
      
      I'm reusing the same virtual path parsing logic from the FTP server (moved to the userdat lib), so the virtual path to a file for download would be, for example, http://yourdomain/files/lib/dir-code/filename.ext
      
      The main motivation for this feature is: FTP-links in email and web pages are just not useful to many users these days and I don't think that sysops should have to rely on a SSJS web UI (e.g. ecWebv4, cool as it is), to provide web-access to the filebases. Using this feature, you can share simpler/shorter web links to your files that will be more enduring.
      1ab2956b
  5. 11 Jan, 2022 1 commit
  6. 06 Dec, 2021 1 commit
    • Rob Swindell's avatar
      Fix FTPS upload failure: !DATA ERROR 0 receiving on data socket · 17a67ee9
      Rob Swindell authored
      Don't treat CRYPT_ERROR_COMPLETE (-24) as a socket error during upload since it's an indication that the remote closed the connection and is the normal "end of file/transfer" indicator, not an error. 'rd' is already 0 in this case, so no need to set at all (since recv() returns 0 upon disconnect and that's what we're emulating here).
      
      Fixes issue #309 reported by Jas Hud.
      17a67ee9
  7. 19 Sep, 2021 1 commit
  8. 18 Sep, 2021 1 commit
    • Rob Swindell's avatar
      Fix segfault reported with ftpalias.cfg support in some cases · bb1ee459
      Rob Swindell authored
      ftpalias() can return true even when the directory is not set to a valid
      directory index (i.e. set to -1), so using as an array index would definitely
      segfault. Part of commit 8ad30b6c by Deuce 3 years ago.
      
      I didn't test this as I'm not sure exactly the combination of ftpalias.cfg
      content and FTP command received that would trigger this, but it's most
      definitely a bug.
      
      So should fix the segfault reported in issue #288.
      bb1ee459
  9. 10 Jun, 2021 1 commit
    • Rob Swindell's avatar
      Standardize on "metadata" as the description of a file's "tail" dfield · 3549be9f
      Rob Swindell authored
      It's anticipated that this will be used for JS-populated file metadata in JSON format in the future (and not just "archive contents" in .ini format).
      
      Also, fix the double-free issue that was occurring when moving files with extended file descriptions (sbbs_t::movefile()). This was actually the primary problem I was fixing here, but noticed the metadata issue: metadata would not have been moved along with the other file info between bases.
      3549be9f
  10. 08 Jun, 2021 1 commit
    • Rob Swindell's avatar
      Detect TLS startup errors correct/fully · 6fee1956
      Rob Swindell authored
      We can't (apparently) only rely on the return value of start_tls(), we have to check the value of the crypt session too.
      This fix the possibility of this happening:
      Jun  7 18:07:26 sbbs synchronet: ftp  0058 TLS ERROR 'No permiss.to perform this operation' (-21) opening keyset
      Jun  7 18:07:26 sbbs synchronet: ftp  0058 <192.168.1.25> initialized TLS successfully
      
      Instead, we'll detect the failure and disable FTPS support, logging "failed to initialize TLS successfully".
      6fee1956
  11. 06 Jun, 2021 2 commits
    • Rob Swindell's avatar
      Give sysop more control over characters allowed in uploaded filenames · 755452d7
      Rob Swindell authored
      5 options:
      - Safest Subset
      - Most ASCII, Excluding Spaces (the default)
      - Most ASCII, Including Spaces
      - Most CP437, Excluding Spaces
      - Most CP437, Including Spaces
      755452d7
    • Rob Swindell's avatar
      More uniform safe/illegal/allowed filename (for upload) determination · 06fff14d
      Rob Swindell authored
      sbbs_t::checkfname() now checks the file.can too.
      new filedat.c functions:
      - safest_filename() - not currently used
      - illegal_filename() - returns true for a highly-suspicious (e.g. hack attempt) filename
      - allowed_filename() - returns true if the filename is good for upload (assumed to be already checked to be legal as well).
      
      Importantly, filenames beginning or ending in a '.' are now unallowed:
      - 'dot files' are hidden (by default) on *nix
      - files ending in a '.' are problematic on Windows
      06fff14d
  12. 24 Apr, 2021 1 commit
    • Rob Swindell's avatar
      DIZ enhancements: Read/use SAUCE data, support ANSI, increase max 1->4K · 2a8e1c11
      Rob Swindell authored
      Inspired by Blocktronics (and other ANSI art group) packs' FILE_ID.DIZ/ANS files:
      * Support (and prioritize) FILE_ID.ANS
      * Convert ANSI color/attribute sequences in DIZ files to Ctrl-A equivalent (uses SAUCE width and ICE color, if specified)
      * Don't treat DIZ as a series of lines, they're not always nowadays.
      * New putmsg() mode: P_INDENT to print files indented by current column
      * Display full (up to 64-char) filenames in lists when using 132+ column terminal.
      * Use the Author, Group, and Title fields from the SAUCE if present/non-blank
      * 2 new text.dat strings: 301 (FiAuthor) and 302 (FiGroup)
      * Also fix bug with repeated Cost header field on bulk-uploaded files.
      
      I know this'll break the *nix build (sauce.c dependency), but I'll fix that next.
      2a8e1c11
  13. 22 Apr, 2021 2 commits
  14. 19 Apr, 2021 1 commit
    • Rob Swindell's avatar
      Control sound-mute via semfile (ctrl/sound.muted) rather than sbbs.ini · a88cce19
      Rob Swindell authored
      There was a bug with reloading the configuration files in sbbsctrl where the sound button no longer reflected the truth and the sysop's previous click-state of the button was lost. Rather than going through writing the OPT_MUTE flag to the Options fields of all the sections of the sbbs.ini and then re-loading that file as a result, just do like we did with the sysop chat availability: use a semfile. So much simpler.
      
      If anyone ever needs instance-specific muting, we can create/check instance/host-specific mute semfiles then. Doubt that'll happen though.
      
      Also, removed the old sysavail control methods of ntsvcs too.
      a88cce19
  15. 18 Apr, 2021 1 commit
    • Rob Swindell's avatar
      Update sound (WAV) file play-on-event support in Windows build · f26a82b0
      Rob Swindell authored
      A "hack attempt" sound file is now supported in the Terminal Server, Mail Server,  and Services.
      
      "login" and "logoff" sound files are now supported in the Terminal Server, FTP Server, Web Server, Mail Server, and Services.
      This enhancement fixes Issue #157
      
      The following sound files may now be configured in the [Global] section of the ctrl/sbbs.ini file, if desired to set the default sound files for all servers/services in on place:
      - AnswerSound
      - LoginSound
      - LogoutSound
      - HangupSound
      - HackAttemptSound
      f26a82b0
  16. 04 Apr, 2021 2 commits
  17. 30 Mar, 2021 1 commit
    • Deucе's avatar
      Initial poll() work · af30c430
      Deucе authored
      Still needs updates in services_thread(), CGI stuff in websrvr.c,
      and sbbs_t::external()
      af30c430
  18. 08 Mar, 2021 1 commit
    • Rob Swindell's avatar
      Remove extraneous (void) typedefs · b62505ad
      Rob Swindell authored
      See if this resolves rjwboys reported error:
      threadwrap.h:204:42: error: expected expression before ‘do’
       #define protected_uint32_init(pval, val) atomic_init(pval, val)
      b62505ad
  19. 22 Feb, 2021 1 commit
  20. 19 Feb, 2021 1 commit
  21. 18 Feb, 2021 3 commits
  22. 15 Feb, 2021 2 commits
    • Rob Swindell's avatar
      Disable FTP Bounce (FXP) support by default · 635fad77
      Rob Swindell authored
      The Synchronet FTP server has (since 2001) disallowed PORT/EPRT/LPRT commands with a "reserved" port number (i.e. < 1024) as recommended by RFC2577 and when attempted, would log a "SUSPECTED FTP BOUNCE HACK ATTEMPT" in the data/hack.log file.
      
      However, as Karloch (HISPAMSX) pointed out recently, an FTP Bounce Attack to other TCP ports was still possible (and detected/reported by some security scans as a potential vulnerability).
      
      So, reject all PORT/EPRT/LPRT commands that specify an IP address other than that used for the control TCP connection unless the sysop specifically enables the new "ALLOW_BOUNCE" option flag (in the [ftp] section of sbbs.ini) and the user is an authenticated non-guest/anonymous user. And as before, log the attempt as a suspected hack attempt.
      
      This change also removes the "Directory File Access" checkbox from the Synchronet Control Panel for Windows as that feature is "going away" soon (or at least, it won't be an FTP-specific option/feature if it remains).
      635fad77
    • Rob Swindell's avatar
      Disable FTP Bounce (FXP) support by default · ebece39d
      Rob Swindell authored
      The Synchronet FTP server has (since 2001) disallowed PORT/EPRT/LPRT commands with a "reserved" port number (i.e. < 1024) as recommended by RFC2577 and when attempted, would log a "SUSPECTED FTP BOUNCE HACK ATTEMPT" in the data/hack.log file.
      
      However, as Karloch (HISPAMSX) pointed out recently, an FTP Bounce Attack to other TCP ports was still possible (and detected/reported by some security scans as a potential vulnerability).
      
      So, reject all PORT/EPRT/LPRT commands that specify an IP address other than that used for the control TCP connection unless the sysop specifically enables the new "ALLOW_BOUNCE" option flag (in the [ftp] section of sbbs.ini) and the user is an authenticated non-guest/anonymous user. And as before, log the attempt as a suspected hack attempt.
      
      This change also removes the "Directory File Access" checkbox from the Synchronet Control Panel for Windows as that feature is "going away" soon (or at least, it won't be an FTP-specific option/feature if it remains).
      ebece39d
  23. 14 Feb, 2021 1 commit
  24. 18 Jan, 2021 1 commit
    • Rob Swindell's avatar
      Safe string handling with config-load error messages · 99dbeb14
      Rob Swindell authored
      We were just trusting that the error strings would be shorter than 256 (usually), but since we're including paths and strerror() results, we really have no control over the length of the error strings. So enforce some healthy boundaries. This could explain the crashes that Divarin of Mutiny is seeing with SCFG on WinXP or maybe it was the truncsp(strerror()) stuff that was just removed as well. We'll see...
      99dbeb14
  25. 09 Jan, 2021 1 commit
    • Rob Swindell's avatar
      Don't delete pack####.now upon FTP-logoff · 3ead8a4d
      Rob Swindell authored
      When a user logins to the FTP server concurrently, this creates a
      race condition with an/the other FTP session that may be creating/
      downloading a QWK packet. On Vertrauen, this results in the
      occasional error removing the file since it was removed unexpectedly:
      !ERROR 2 (No such file or directory) in main.cpp line 2747 (event_thread) removing "/sbbs/data/pack1111.now" access=0
      3ead8a4d
  26. 31 Dec, 2020 1 commit
  27. 30 Dec, 2020 2 commits
    • Rob Swindell's avatar
      Remove 3 second delay before disconnecting when max clients reached · 31d07482
      Rob Swindell authored
      This seems to be misguided and would only increase the chances of a DoS-type attack on TCP session resources.
      
      A second 3-second delay upon malloc failure is also removed.
      31d07482
    • Rob Swindell's avatar
      Implement max concurrent connections for FTP · 8b2b02e1
      Rob Swindell authored
      Support optional limit on concurrent connections from the same IP address to the FTP server by setting MaxConcurrentConnections in the [ftp] section of sbbs.ini. Unlike the mail server and the terminal server, this concurrent-connection count is not discounted by the number of authenticated logins. The default value is 0 (unlimited).
      
      This closes issue #156
      8b2b02e1
  28. 22 Dec, 2020 1 commit
    • Rob Swindell's avatar
      Remove dynamic HTML index support from FTP server · 0d01544d
      Rob Swindell authored
      The days of browsers rendering HTML served-up via FTP are over, so remove this feature. This also removes all JavaScript support from the FTP server and that is a bit odd as it was one of the first Synchronet components for which I added JS support.
      
      Removing this feature was pretty painless; much easier than adding it was. The main motivation was less cruft to port to the file base in the works. There should be no more references to 00index.html anywhere at this point. Bye bye cool feature, we'll miss you.
      0d01544d
  29. 13 Dec, 2020 1 commit
  30. 24 Nov, 2020 1 commit
    • Rob Swindell's avatar
      Stop pretending to configure the JavaScript Context stack · c0cd8686
      Rob Swindell authored
      The argument to JS_NewContext that we were allowing to be configured was not the contest stack size, but rather:
      "The size, in bytes, of each "stack chunk". This is a memory management tuning parameter which most users should not adjust. 8192 is a good default value." - per Mozilla.
      
      So we're just going to use the suggested default, hard-coded.
      c0cd8686
  31. 20 Nov, 2020 1 commit
  32. 19 Nov, 2020 1 commit