I wasn't expecting to do this, since SFTP is often viewed as "better", but
SFTP doesn't have a specification, the implementations don't follow the
specification drafts that are out there, and the whole sharing a port between
file transfer and terminal server thing is irritating.

This has only been tested with lftp, but it seems to work.

it's non-zero.

HANDLE_PENDING() contains a return, so it's theoretically possible that the
memory allocated by the previous JSVALUE/STRING_TO_... allocation could
be leaked. So now we pass an optional pointer to HANDLE_PENDING() which will
call free() on it if it's not NULL, and then sets it to NULL for good measure.

Lower likelihood that ftp_remove() will log a false error.

accepted (e.g. "EPSV 2"). For now at least, accept any arguments after EPSV
(and treat them all the same).

(currently only via FTP) - simiilar to the global FTP option: DIR_FILES.
I intend to extend this option to the terminal server as well.

globally (using a new macro in sbbbsdefs.h: STR_UNKNOWN_USER). "<unknown>"
in some contexts was too vague (e.g. the 'c' command output from the sbbs
console).

temp-ban (was logging the total number of login attempts, including dupes).

so use shorter thread names.

How did startup->sem_chk_freq get set (back) to 0 in the first place?
The reason: the startup struct sanitization only occured when the various
server threads were first started. When recycled, the server would call back to
the original caller (e.g. sbbscon) which may (and did) re-read the sbbs.ini
file, which could have SemCheckFrequency set to 0 (or missing) and the
sanitization did not happen again (so a 0 value was used in select() calls,
resuilting in high CPU utilization for several threads).

So now, all startup struct sanitization occurs inside the init/recycle loop
and sem_chk_freq should never revert to 0 again. This was the main bug.

value is missing or set to 0 in the sbbs.ini file, the sanity checking this
value (setting it to 2 seconds) will not occur after a server recycle and the
sbbs.ini is re-parsed. So if for any reason, the sem_chk_freq value becomes
0, these server threads won't hog the CPU because they all YIELD at the
top of thier main loops.

Also, changed all the thread names (e.g. adding "sbbs/" prefix), so they're
more sensible in the Linux 'top' output.

Also, started adding 'vi' modelines to auto-set tabstops when using vi/vim.

file (in .can file format) which lists IP addresses or hostnames which will
be exempt from temporary bans or permanent filters.

- Never ban the server's own address
- Log the login attempt and last name attempted
- Use a compressed version of the HH:MM:SS "time remaining" portion of the log
  message

By default, after 20 consecutive (unique) failed login attempts, *or*
a failed login attempt wtih a name from the name.can filter file.
The default temporary ban duration is 10 minutes.
The temporary ban thershold is configurable via LoginAttemptTempBanThreshold
in sbbs.ini and the ban duration is configurable via LoginAttemptTempBanDuration
(in seconds).

the constructor things.  This allows TLS-enabled services to work correctly,
and removes an ugly hack from the web server.

There's still an odd issue with the NNTP service when using TLS though.

to errorlog() so the data/error.log is less ambiguous about where an error
occurred.

addresses specified in the Interface line of sbbs.ini for the server.

before re-reading them.

xpms_add_chararray_list instead.  Prevents having to free string lists
in the sbbs.ini parsing code.

leaving the |<port>| in the string causes inet_addr() to fail, breaking
active FTP transfers.

New Features:
- Multiple bindings for each service
  Use comma-separated interfaces on Interface= lines in the ini file.
  Default is now "0.0.0.0,::"
- IPv6 support
- TLS support for the webserver and (non-static) services
  New TLS option in services.ini (ie: Options=TLS)
- Decrease LEN_SCAN_CMD to 35 chars, increase the CID field to 45 chars,
  and rename the MAIL_CMD string to IPADDR.  I think this frees up the
  note field for SysOp use.

MinFileSize and MaxFileSize keys in the [ftp] section of the ctrl/sbbs.ini file
these values default to 0 which effectively applies no min/max to uploaded
files. Set MinFileSize to 11 to defeat the recent penetration testing seen
uploading 10 byte files with random filenames (8 alpha cars ending in ".txt")
with 8 alpha chars in the file, followed by a CRLF pair for a total size of 10
bytes.
Fixed bug whereby failed/aborted uploaded files would be left (not deleted).
Log errors when any file deletion fails in the FTP server.

scripts global scope (as opposed to js.global which is the instance global
scope), and having exit() define exit_code in js.scope instead of js.global.

This also sets exit_code in js.scope to null when preparing to execute a new
script.  If a new script starts in the same scope as an old one, the old
exit_code value will be destroyed.

This should only impact scripts where js.global != js.scope (bbs.exec()ed,
and mailsrvr)

logged in via FTP. This affected: posts_today, emails_today, free_credits,
timeon_today, and extra time values (e.g. posts_today would contnue to
accumulate potentially affecting the users ability to post via FTP-uploaded REP
packet). getuserdat() does the necessary value resets, we just needed to write
the entire user record back to disk upon successfull login, rather than just
updating specific fields in the user record on disk. The HTTP server looks like
it might have the same/similar bug.

clients, timeouts, etc.) into the various *srvr.h files and use them instead of
hard-coded constants sprinkled through-out the .c files.
If the web server "max_clients" key isn't specified in the sbbs.ini file,
use 0 (unlimited) for the max_clients value.

  obvious)

FTP passive port range, and all ports would fail to bind, the logged error
would report failure for the last port+1 I(rather thant the last port).

related crashes (mainly due to null pointer dereferences of scfg_t members
freed in cleanup()).
Use of new protected_int_value()  for extra paranoia (but can't use it on
destroyed protected-int's).

*before* calling _beginthread().
The active_clients is exactly perfect here either (since it's incrementing in
the ctrl_thread), todo later, but shouldn't cause a crash like the above issue.