Previously, 403 was only returned if they existed, and 404 if they
didn't.

No need to get time() here since it's never checked.

Resolves CID 174292

Are you tired of getting TLS-related error log messages that you can't do anything about? e.g.
web  0139 TLS ERROR 'Received TLS alert message: Unexpected message' (-15) setting session active

The new sbbs.ini [web] TLSErrorLevel option (defaults to 0 / "Emergency") allows the sysop to set a cap (maximum severity) on TLS-related log messages in the web server (e.g. TLSErrorLevel=Warning).

Reverted the SAFECOPY() NULL source-pointer magic "(null)" string thing as that caused a different Coverity issue. Explicitly check for NULL at the call-sites instead.

Reverted the SAFECOPY() NULL source-pointer magic "(null)" string thing as that caused a different Coverity issue. Explicitly check for NULL at the call-sites instead.

Hopefully not introducing any bugs in the process.

Hopefully not introducing any bugs in the process.

Don't return an error if the node#/node.cnf file can't be opened for all uses of load_cfg() except from the terminal server. This fixes #214 for Tracker1

We were just trusting that the error strings would be shorter than 256 (usually), but since we're including paths and strerror() results, we really have no control over the length of the error strings. So enforce some healthy boundaries. This could explain the crashes that Divarin of Mutiny is seeing with SCFG on WinXP or maybe it was the truncsp(strerror()) stuff that was just removed as well. We'll see...

Recompiling ver.cpp only now, so need link ver.obj/o with the various targets now. I'll need to update the objects.mk for the *nix builds, next.

The argument to JS_NewContext that we were allowing to be configured was not the contest stack size, but rather:
"The size, in bytes, of each "stack chunk". This is a memory management tuning parameter which most users should not adjust. 8192 is a good default value." - per Mozilla.

So we're just going to use the suggested default, hard-coded.

QUERY_STRING is defined (even if blank).

Always define it.

I'm fed-up with MSVC assertions in ctype functions (e.g. isdigit, isprint, isspace, etc.) when called with out-of-range (e.g. negative) values.

This problem only affects MSVC debug builds, but if you run them (like I do), these things are like little time bombs that can drive you crazy (knocking your board out of service).

The new macros names are bit more descriptive as well.

format '%ld' expects argument of type 'long int', but argument 7 has type '__off64_t'

At least on Windows, when realloc() is used to allocate a new buffer,
guess what's in that buffer initially? undefined values. So you can't
strcat() onto the end of that! Ouch. This was a fun one to track down.

The host portion contains ":" after split_port_part(), resulting in a 400
error.
Renaming is_legal_hostname() to is_legal_host(), since requests to webservers are to
"hosts" not "hostnames".

active_clients is destroyed in cleanup(), so it must be re-initialized inside
the server init/recycle loop.

Fix reported and observed crash in cleanup() (in ftp, mail, websrvr)
when failing to create the temp directory. This was due to cleanup()
being called before the protected integer "active_clients" was
initialized.

Also, md() needs to return the errno value (not a BOOL) since the
caller may be in another DLL with a different errno (which likely
has a value of 0/no error).

... in other non sbbs.dll modules (e.g. *srvr.dll).

So now log error messages elsewhere where appropriate.

DLL-exported and optimized md() a bit.

Eliminate the hack in each server where it will over-write startup host_name
(with the configured Internet email address), if it's blank. This hack was
subject to a race condition where the parent app (e.g. sbbsctrl.exe) would
clear or re-initialize the host_name after the sever threads had initialized.
Instead, just use a function which will return either the startup->host_name
or (fallback to) scfg.inet_addr.

The problem: the sysop (me) is not notified of critical errors (e.g. synchro.net zone file problems) in a timely manner.
Part of the solution: notify a configured user (e.g. user #1) via short-message/telegram and email/netmail logged-errors when messages of a configured severity (e.g. "Critical") are logged.
The second part of the solution (coming next) will be allowing timed events to log a message of a configurable severity logged when the event fails (returns a non-zero error level to sbbs).

I'm saving the error-notification-user-number and log-severity as part of the node.cnf file because:
- that's where the validation user number is already set
- I can conceive of a large system were certain node ranges (different instances of sbbs) might want different operators to be notified of logged-errors

This also means I eliminated all the legacy com port/modem stuff from the end of the node.cnf file. None of that is used in sbbs v3.

Also included in this commit are improvements around logging:
- reduce the severity of UDP recvfrom failures in services
- a more detailed log message when the mail server successfully delivers an email (via SMTP) - easier to answer the question: was that email you/they sent delivered successfully?

has type 'long int'

Improve send-file performance on Windows (over Gb Ethernet LAN) from about 1 MBytes/second to 25+ MBytes/second by increasing the size of the ringbuffer (from 20 -> 256 KBytes) and the size of the file-read buffer in sock_sendfile().
Also log the through-put (in cps) when a file is sent.

(64-bit off_t), e.g. 64-bit Linux. Issue reported by plt via irc.

SCFG for Win32 is linked against a load_cfg lib that builds withOUT SCFG defined, so these compiled AR elements were allocated and then many SCFG operations (e.g. copy/paste, create new) would copy the allocated ARs to another configuration and then be subjected to double-free upon exit/clean-up (resulting in exception or crash).
Just get rid of this cruft and some other related RAM-byte-saving hold-overs from the MS-DOS days.

MSS for the packet size.

Fixes problem with telnet server where large transfers were full packets
followed by a 12 byte packet.  Also removes hack in webserver that always
assumed timestamps were enabled.

The Win32 code has not been tested, but is assumed to work perfectly.

(new) scfg_t.text member. This will make it much easier for non-Terminal Server
JS modules (and the functions they execute) make use of the text.dat strings.

a body.  Broken by HSTS enhancement.

There's a (small) possibility that the HSTS enhancement is now broken.

While the FastCGI read_wait_timeout function should never return
CGI_*_READY with CGI_PROCESS_TERMINATED, it looks like somehow on some
systems, there's an additional select() happening after the process is
done.

Explicitly track this, and try to prevent it.

Should fix the POST/GET hangs on the wiki once DigitalMan updates.

is actually an authenticated local user (when usernum != 0).

msg_client_hfields() no longer saves the client->user as the SMB SENDERUSERID
hfield when the client hasn't been authenticated (as is the case with normal
SMTP). The SENDUSERIDs were redundant and misleading for unauthenticated
SMTP-received mail messages, so that's now fixed.

mutexes are undefined in children.

it before redirecting stdout to the pipe.

Likely fixes CGI errors seen by alterego (and has been broken for almost
fifteen years).