- There was a bug in the first implementation that would cause subsequent
  connections from a non-exempt IP address to be rejected: client_on() is
  called multiple times for a single connection - oops.
- Successfully logged in clients are now *not* counted against the concurrent
  connection limit. This way if a node hangs, the user at that IP can still
  connect/login to another node. The client has to be fully logged-in to be
  excluded from the connection count.

MaxConcurrentConnections (in the [BBS] section)
The default value is 0 (unlmiited).
If set to a non-zero value (e.g. 1), incoming connections will be limited to
this maximum number of simultaneous connections from a single IP address.
Hosts listed in the ctrl/ipfilter_exempt.cfg file are exempt from this
limitation.

temp-ban (was logging the total number of login attempts, including dupes).

so use shorter thread names.

How did startup->sem_chk_freq get set (back) to 0 in the first place?
The reason: the startup struct sanitization only occured when the various
server threads were first started. When recycled, the server would call back to
the original caller (e.g. sbbscon) which may (and did) re-read the sbbs.ini
file, which could have SemCheckFrequency set to 0 (or missing) and the
sanitization did not happen again (so a 0 value was used in select() calls,
resuilting in high CPU utilization for several threads).

So now, all startup struct sanitization occurs inside the init/recycle loop
and sem_chk_freq should never revert to 0 again. This was the main bug.

value is missing or set to 0 in the sbbs.ini file, the sanity checking this
value (setting it to 2 seconds) will not occur after a server recycle and the
sbbs.ini is re-parsed. So if for any reason, the sem_chk_freq value becomes
0, these server threads won't hog the CPU because they all YIELD at the
top of thier main loops.

Also, changed all the thread names (e.g. adding "sbbs/" prefix), so they're
more sensible in the Linux 'top' output.

Also, started adding 'vi' modelines to auto-set tabstops when using vi/vim.

it just calls the (newer) functions readuserdat() and parseuserdat() in a easy
replacement for getuserdat() for places where all users are read in a loop
(the file is only opened one time, dramatically reducing the amount of time).
Added an argument to openuserdat() so it can be used in more situations
(i.e. where the file needs to be opened for modify/create acces).

clients:
1. The host_name is not known at the time loginBanned() is called, so that was
    a bogus value (left over from the previous connection) being used in the
    ipfilter_exempt.cfg file check.
2. Sometimes, getnameinfo() would fail, but still return 0, so previous
    host_name value would be erroneously stored as the current client hostname.

they don't fill your error.log file up.

file (in .can file format) which lists IP addresses or hostnames which will
be exempt from temporary bans or permanent filters.

- Never ban the server's own address
- Log the login attempt and last name attempted
- Use a compressed version of the HH:MM:SS "time remaining" portion of the log
  message

By default, after 20 consecutive (unique) failed login attempts, *or*
a failed login attempt wtih a name from the name.can filter file.
The default temporary ban duration is 10 minutes.
The temporary ban thershold is configurable via LoginAttemptTempBanThreshold
in sbbs.ini and the ban duration is configurable via LoginAttemptTempBanDuration
(in seconds).

cryptlib.key).
Log timed event return values as an error (when non-zero).

the constructor things.  This allows TLS-enabled services to work correctly,
and removes an ugly hack from the web server.

There's still an odd issue with the NNTP service when using TLS though.

lock across things with timeouts in them, but since if another thread has
the file locked we shouldn't be fillding with it anyway, this should be
fine.

Fixes weird (and relatively rare) timing issues with node.dab accesses on a
many core host.

version of configured time zone, e.g. "PST").

time zone.

directory.  This is the beginnings of the ability to write a door in JS for
all BBSes, not just Synchronet (door kit pending).

This requires moving js_CreateCommonObjects() into main.cpp, which requires
constifying the name parameter to js_CreateClientObject() due to C++ being
more paranoid about using a string literal as a char * parameter
(warning fix).

Mutex protect certificate loading/creation.

(display no string), just like it is documented and implemented in jsexec.

rather than send the zero bytes.

warning: warning: '&&' within '||' [-Wlogical-op-parentheses]

log entries.

addresses specified in the Interface line of sbbs.ini for the server.

before re-reading them.

xpms_add_chararray_list instead.  Prevents having to free string lists
in the sbbs.ini parsing code.

New Features:
- Multiple bindings for each service
  Use comma-separated interfaces on Interface= lines in the ini file.
  Default is now "0.0.0.0,::"
- IPv6 support
- TLS support for the webserver and (non-static) services
  New TLS option in services.ini (ie: Options=TLS)
- Decrease LEN_SCAN_CMD to 35 chars, increase the CID field to 45 chars,
  and rename the MAIL_CMD string to IPADDR.  I think this frees up the
  note field for SysOp use.

(previously, uninitialized values).

connection, just incase there's any stale data in the input or output buffers.
Added a comment regarding the rioctl() function to decree that it's crazy
minimalistic API be left alone in tribute to Steve Deppe.

Optionally, external modules may be executed in place of "built-in" operations
for:
- reading mail (email or netmail)
- scanning posts (searching/scanning/reading a single sub-board)
- scanning sub-boards (all, one, or a group)

Each of these may be configured (in SCFG->System->Loadable Modules)
with command-line options for a total length of up to 63 characters.

Note to module programmers: each module here will be passed additional
command-line arguments to indicate how or why the user operation was invoked.

For the Reading Mail module, the 'which' value (in decimal) and the user-number
is passed (in decimal). Usually the user-number will be the current user logged
in, but not always (e.g. if the user is a sysop and reading other user's mail).
The 'which' values (defined in load/sbbsdefs.js) of MAIL_YOUR, MAIL_SENT,
and MAIL_ALL must be handled (MAIL_ANY won't be used).

For the Scan Posts module, the sub-board number and scan mode (both in decimal)
and the 'find' string (text being searched for) are passed as arguments
(in that order). The scan mode values (defined in sbbsdefs.js) are the same as
those supported by bbs.scan_posts(). All of the values should be supported
and they can be combined (e.g. SCAN_CONST|SCAN_NEW
and SCAN_NEW|SCAN_TOYOU). The 'find' string is only used if the SCAN_FIND mode
bit is set. It is the responsibilty of the module (if configured) to enforce
sub-board read access restrictions.

For the Scan Subs module, the first argument is 1 if "all subs" are being
scanned, 0 otherwise (normally the user is prompted for the breadth of the
scan in this case, but that's up to the module author), and the scan 'mode' is
passed in decimal, in that order. If the SCAN_FIND mode flag is passed in, this
module should prompt the user for the text string to search for. If this module
is not configured, the Scan Posts module will be executed for each sub-board
scanned.

Recursion protection was added, so it is actually possible for the Read Mail
module, for example, to call bbs.read_mail() and it'll work, but why would you?

If any of these user operations are initiated during logon, at the request of
Baja or JavaScript module, or whatever, and if the module is actually
configured (and not already executing to handle the operation), the module
will be executed in-place-of the built-in functionality. Feedback welcome,

ID is a pointer on at least FreeBSD, cast to uintmax_t instead of DWORD.

this read() call will block indefinitely. Fall-through to pseudo-random seeding
if read() fails. Fix for FozzTexx-reported problem on reddit.

destroy the ssh_mutex (which was not initialized).