GitLab

CID 174223
CID 174227
CID 174461
CID 174519
CID 229602
CID 319040
CID 319137
CID 319159

If the request is to a virtual web host, don't recognize the filebase vpath prefix (FileVPathPrefix setting) unless FileVPathForVHosts is set to "true" (in the [web] section of sbbs.ini).

This addresses another of Deuce's concerns about this feature.

An int is 32-bits on all supported platforms, so this has always been broken. The actual file size/request-length sent would depend on fun 2's complement math (a 32GB file was being truncated to 433MB).

Also fixed some wrong uses of PRIuOFF: off_t is a signed integer, so technically the maximum file size you can request now is 2^63 bytes, which is "big enough".

It bothered Deuce having a web server setting in scfg_t/SCFG->File Options, so I moved this setting to [web_]startup_t and the sbbs.ini file.

The downside is that file_area.web_file_prefix is no longer available to JS environments outside of the web server and terminal server, but meh, probably not going to use it elsewhere anyway? I can imagine use cases for JSexec scripts to want to generate URLs to filebase files. If that ends up being a need, they'll have to find and parse the "right" sbbs.ini file to determine the vpath prefix. 

"Request for x is outside of the web root" was already logged (with a "NOTICE" log level), but would not sound the hack attempt alarm (on Windows) or log to the hack.log. Now it does.

Similar to the ctrl/ftpalias.cfg file, the new ctrl/web_alias.ini file (optional) can be used to map a portion (the first portion, only) of a web request path to a different physical or virtual path. For example, I'm using it to map:
/Synchronet/ = /files/main/sbbs/
for filebase access to my main->sbbs directory of Vertrauen's filebase using a /Synchronet/* web request (i.e. for slightly prettier or shorter custom URLs, if desired).

By setting SCFG->File Options->Web File Virtual Path Prefix to something (e.g. "/files/"), all HTTP or HTTPS requests to the Synchronet Web Server with request paths beginning with this prefix will be interpreted as filebase access requests (with full access control enforcement). This is configured here (in SCFG) rather than, say, the [web] section of sbbs.ini, because I have plans for the terminal server to use this prefix to generate Web-URLs for files to display or email to users.

Currently, only requests to *files* (for download) are supported (no index generation, file information, etc. and definitely no upload support). Full access control (using HTTP auth, not cookies) is used for libraries and directories with controlled access. Credits are deducted and awarded and uploaders are notified of downloads, as one would expect. Requests to any dynamic-web-content files (e.g. .SSJS, .XJS, etc.) will be treated as static file download requests (no script will be executed).

I'm reusing the same virtual path parsing logic from the FTP server (moved to the userdat lib), so the virtual path to a file for download would be, for example, http://yourdomain/files/lib/dir-code/filename.ext

The main motivation for this feature is: FTP-links in email and web pages are just not useful to many users these days and I don't think that sysops should have to rely on a SSJS web UI (e.g. ecWebv4, cool as it is), to provide web-access to the filebases. Using this feature, you can share simpler/shorter web links to your files that will be more enduring.

What took down cvs/sbbs yesterday:
Program terminated with signal SIGSEGV, Segmentation fault.
6203                    session->req.post_data[session->req.post_len]=0;
[Current thread is 1 (Thread 0x7f2b989ff700 (LWP 17031))]
(gdb) print post_len
No symbol "post_len" in current context.
(gdb) print session->req.post_len
$1 = 0
(gdb) print session->req.post_data
$2 = 0x0

This fixes issue #269 (NTFS Alternate Data Stream vulnerability) and other
potential pathname issues on Windows involving colons.

There are other illegal filename characters on Windows (e.g. <>|"?*), but
filenames with these characters aren't expected to pass the later stat() test,
so should fail with a 404 error.

The requested path was being URL-decoded with unescape(), but that function does a '+' to ' ' (space) conversion.
The '+' to space decoding is supposed to occur for the "query" portion of the URL only, not the "path" portion.
Use the new hex_decode() function instead of unescape() for "path" decoding.

There was a bug with reloading the configuration files in sbbsctrl where the sound button no longer reflected the truth and the sysop's previous click-state of the button was lost. Rather than going through writing the OPT_MUTE flag to the Options fields of all the sections of the sbbs.ini and then re-loading that file as a result, just do like we did with the sysop chat availability: use a semfile. So much simpler.

If anyone ever needs instance-specific muting, we can create/check instance/host-specific mute semfiles then. Doubt that'll happen though.

Also, removed the old sysavail control methods of ntsvcs too.

A "hack attempt" sound file is now supported in the Terminal Server, Mail Server,  and Services.

"login" and "logoff" sound files are now supported in the Terminal Server, FTP Server, Web Server, Mail Server, and Services.
This enhancement fixes Issue #157

The following sound files may now be configured in the [Global] section of the ctrl/sbbs.ini file, if desired to set the default sound files for all servers/services in on place:
- AnswerSound
- LoginSound
- LogoutSound
- HangupSound
- HackAttemptSound

Specifically, have errors mean the fd is "ready".

Also, fix some extra revent clearing and a spy socket issue while
we're looking at this code.

Should fix issues with CGI scripts that close stdin/stdout but do
not terminate, and maybe deal with some other corner cases at the
same time.

This macro has expanded to nothing for a while now and even before, the usage was misguided and unnecessary as explained in this video: https://www.youtube.com/watch?v=cjotPqQxxAY

IdArray returned by JS_Enumerate() was never freed.

Caught by Coverity-scan, CID 319627.

Found by Coverity-scan (CID 330051)

@Deuce should review this.

This won't impact Synchronet as it has a separate signal handling
thread, but we still need to behave properly for processes that
don't.  I'm also saying that ENOMEM does not indicate a disconnection,
though it may be better to pretend it was disconnected...

This appears to work and the event handler *should* work on other
event types already.

Note, this is *nix-only due to the use of poll().  select() will
need to be used for Windows to keep XP compatability.

Still needs updates in services_thread(), CGI stuff in websrvr.c,
and sbbs_t::external()

Could be useful for knowing if you need to increase MaxClients for typical
usage.

It fixed an issue in js_socket.c, no reason to expect better
behaviour with TLS.  This may fix SZ YModem-G transfers on
cvs.synchro.net...

JavaScriptOptions bit-field can be set in sbbs.ini and jsexec.ini to over-ride the default JS compiler options which have been changed from 0 to (options previously only used by JSDoor):
JIT | METHODJIT | COMPILE_N_GO | PROFILING

* JIT - TraceMonkey
* METHODJIT - JägerMonkey
* COMPILE_N_GO - compile-time scope chain resolution of consts
* PROFILING - Choose between TraceMonkey and JägerMonkey at compile-time based on profiling results

Other options available but not enabled by default:
* STRICT - warn on debious practice (i.e. similar to "use strict")
* WERROR - convert warnings to errors
* VAROBJFIX -  use last object on scope chain as the ECMA 'variables object'
* RELIMIT - Throw exception on any regular expression which backtracks more than n^3 times, where n is length of the input string
* ANONFUNFIX - Disallow function () {} in statement context per ECMA-262 Edition 3.
* METHODJIT_ALWAYS - Always whole-method JIT, don't tune at run-time.

Also:
- Fixed JS warning string formatting (missing space separator).
- Removed an extraneous new-line in lprintf() call in mailsrvr.
- Added basic assertEq() global method to jsexec, required when running SpiderMonkey test scripts.

Nobody's checking the return values anyway.

Fixes last commit, which could cause infinite hangs on certain requests.

Should fix #223
Introduced in d56ba01f which likely fixed some stuff on the wiki.

protected_*_adjust() only adjusts now.

Deal with the resulting warnings (using (void)).
Deal with the incorrect integer to protected_int* assignment in services.c
(just don't support server.clients property reading in service scripts).

Also, the strcpy()->SAFECOPY() change in ftpsrvr.c was wrong, caught
by GCC warning - oops.

Also, fix things that incorrectly reach into the protected_*_t to
incorrectly access values.

Previously, 403 was only returned if they existed, and 404 if they
didn't.

No need to get time() here since it's never checked.

Resolves CID 174292

Are you tired of getting TLS-related error log messages that you can't do anything about? e.g.
web  0139 TLS ERROR 'Received TLS alert message: Unexpected message' (-15) setting session active

The new sbbs.ini [web] TLSErrorLevel option (defaults to 0 / "Emergency") allows the sysop to set a cap (maximum severity) on TLS-related log messages in the web server (e.g. TLSErrorLevel=Warning).

Reverted the SAFECOPY() NULL source-pointer magic "(null)" string thing as that caused a different Coverity issue. Explicitly check for NULL at the call-sites instead.

Reverted the SAFECOPY() NULL source-pointer magic "(null)" string thing as that caused a different Coverity issue. Explicitly check for NULL at the call-sites instead.

Hopefully not introducing any bugs in the process.

Hopefully not introducing any bugs in the process.