'@' is in the name.can by default and the mail server recognizes user@addr
formatted logins/attempts, so truncate at the '@' before comparing against
the name.can file to prevent false !TEMPORARY BAN (1 login attempts, ...
occurences.

The log format and details might need some adjustment, but this is a start.

Also, don't delay 3 seconds before disconnecting socket when mail server has
reached maximum number of clients - we should immediately release resources
(the socket) and be able to accept another connection ASAP instead.

Deal with new CID 470557 and 470554 in mail server: resource (file*)
leaks in error paths (corner case).

Set minimum severity of TLS messages in web sever to INFO. Debug-level would
hide some common TLS session errors.

That's percent minus, to go with percent plus (user's real name).

The string is auto-quoted if it contains a space.

For Keyop's use with rlogin.js, maybe.

When a JS environment (e.g. server, jsexec) is terminated, it's possible
that a require() script was being evaluated. But since termination would
abort that evaluation, it's not unexpected if a symbol ends up not being
defined before the require() script was terminated, so don't report an
error in that case.

Fix issue #681

The base64-encoded credentials can either be supplied with the AUTH PLAIN
command or in response to a 334 server-challenge. We only supported the
former form and logged a warning ("Missing AUTH PLAIN argument") when we
received the latter. No warning is logged now and the appropriate
server-challege is sent and the response accepted and base64-decoded and
parsed as before.

And fix some use of CRYPT_UNUSED instead of cryptlib session ID.

Attempt to fix issue #680

This probably will need some llvm or other exceptional handling for
non GNU build systems.

Since we're logging at INFO level when the connect is attempted, we can assume
success when we start logging additional init messages.

These can always be revived from the attic if there's some need or purpose.

My mail server was suddenly and inexplicably creating thousands of SMTPS
client threads, each with a unique remote IP address, and each eventually
failing with the rather obscure log message (from cryptlib):
 dbg 'Cannot read item from object' (-41) setting session active

Eventually (after not long, really), the server would run out of resources
and fail in weird and wonderful ways (can't malloc, can't create JS runtime
or context, etc.). The max_clients limit (100, as I have it set) wasn't being
effectively-imposed on SMTPS connections.

The root-cause: the active_clients (counter) wasn't incremented until *after*
the cryptlib/TLS setup for SMTPS connections and SMTPS/TLS connections can
take a long time to fail, resulting in a vulnerability to an effective denial
of service attack.

Raise the minimum severity of all cryptlib/TLS log messages from Debug to
Info.

Create wrappers for smtp_thread() [now smtp_client_thread()] and pop3_thread
[now pop3_client_thread()] that handle basic resource management (thread
counters, active client counters, the client socket).

... in malloc error reporting messages

We need to call mqtt_shutdown() instead of mqtt_close() to have the mosquitto
(loop) thread stopped.

Upon connect failure, call the mqtt_shutdown() *before* calling lprintf->lputs,
which would eventually try to MQTT-publish the log message.

The call to mqtt_connect() can block for a while, so raise the log severity
of the "connecting to broker" message from DEBUG to INFO. Otherwise, a bad
MQTT broker address or port would make the servers just appear to hang during
initialization, for no reason.

Fixes issue #679

CryptCert.export_cert(CryptCert.FORMAT.TEXT_CERTIFICATE) should
now work properly instead of always returning an error.

That doesn't trigger a Coverity defect this time (CID 470457)

Actually tested myself this time, needed a lot more than first appearances.

Also includes a security/safety enhancement where the @-code expanded string
is *not* used as an sprintf format string. Supporting both format specifiers
and @-codes in a single text.dat string is tricky (always has been).

For Accession.

resulting from commit 5f1c39f0

Fix for issue #678

The first word of the message recipient or author's name.

For Accession.

Expected to use the MSG_* @-codes in this context. This allows more freedom
of ordering the message header fields reused in this expanded string. The %s
specifiers can be eliminated altogether when using @-codes.

For Accession to play with.

With 0xE0 being used for ciolib "super-extended scancodes", a literal
0xe0 can't pass through the input path.  This is an issue in CP866 (р)
and KOI8-U (Ю) as well as CP437 α.

Should fix SyncTERM SF bug 123.

of sbbs_t::external()

The startup directory for DOS doors might not be a valid Unix (case-sensitive)
path, so let's just do that check in the native block here.

Also, removed a bunch of redundant startup_dir ==/!= NULL checks. It can't be
NULL here.

The '-l' (loop) option would cause the JS runtime to be destroyed and
recreated for each new execution of the script, which resulted in memory
leaks in Windows builds (see issue #672 for details). So instead, just
use a single JS runtime here when the -l option is used to prevent that
from happening, though truth be told, that's likely not a normal/common
occurrence. Other apparent JS-related memory leaks (e.g. in the web
server) appear to be of a common concern.

Likely upgrading to a modern libmozjs would also fix this issue, but
we're far short of being able to do that right now.

This reverts commit cfcff881

... to de-clutter the log

Also, don't log the packet passwords. Folks copy and post sbbsecho.log lines
and that could seriously compromise the security of the Interwebs if those
super-secret passwords were ever leaked!

Previously, any packets created for unlinked nodes, would always be Type-2
packets and the packet type for newly created nodes (in echocfg->Linked Nodes)
would be Type-2+.

The new DefaultPacketType setting default is 2+, so the only observed
change in behavior will be that packets created for unlinked nodes will also
be type 2+ (by default).

Some additional log detail/adjustment around created/detected packet types.

Introduced in commit 0e38cb0f (9 months ago), the first linked-node config
(including packet password!) for the first packed netmail message would be
reused for subsequent packed netmail messages.

Thank you to Wilfred van Velzen (2:280/464) for reporting this problem!

Additional debug-level log message when using a packet password for a newly
created packet.

Since SYMLINK=1 is valid/suggested for install/GNUmakefile, this is a common
mistake that we can catch here.

'T' command from the reading messages (O)perator menu

Abstraction the twit-list usage.

The user name is better to log than the user number. Include user name in
brackets.

Colons are not legal filename characters on Windows and when virtual hosts are
enabled, the IPv6 address of the server may be used in the access-log filename
so we need to clean that up or errors opening/creating the access-log files
occur.

"HTTP Logging" replaced in log messages with "Web Server access-logging".

Using new FCLOSE_OPEN_FILE macro to close and NULify open FILE*'s.

Change CLOSE_OPEN_FILE to a do/while(0) to eliminate extraneous semicolon

The first write to a the temporary SBBS_SSJS.*.html file will open the file.
This should reduce the number of 0-byte files left laying around in the the
temp directory, which shouldn't be happening in the first place.

Also:
Fixed bug noticed in temp file clean up loop:  POST data files would *also*
be retained when the DEBUG_SSJS option flag is set.

Also:
Replace some unsafe string operations with safe equivalents.

Happy Thanksgiving Nelgin!

Default: Warning

I'm tired of SSH-related errors that I can't do anything about, filling
my error.log file and mail inbox.

error: expected ‘)’ before string constant

Harumph.

std::atomic's need to be brace-initialized, or else we fail with
"use of deleted function" errors

Odd that MSVC built it just fine.