- Feb 14, 2024
-
-
Rob Swindell authored
Commit 75c5c9e5 was initially to address server termination (sisue #236), but expanded in scope to include server recycling (e.g. due to semaphore/config file touch) and that turns out to not be what most sysops want. If you want an immediate/ungraceful recycle, do a restart (shutdown/stop and then start) instead. Immediate/ungraceful server shutdown/termination is still in effect however. No change to the "server pause" feature either, so combining pause with recycle would be effective to prevent *new* client connections while waiting for existing clients to disconnect and allow a recycle to happen.
-
- Feb 07, 2024
-
-
Deucе authored
value that's not an off_t as one.
-
- Jan 22, 2024
-
-
Rob Swindell authored
These should've been static to begin with, like the other servers. Explains why FTP error message are with "term" as the server.
-
- Jan 21, 2024
- Jan 20, 2024
-
-
Deucе authored
Use cryptDestroySession() instead.
-
- Jan 16, 2024
-
-
Rob Swindell authored
Reported by Max (WESTLINE)... Introduced in commit 75c5c9e5, since we are now calling the set_state() callback periodically, and in sbbsctrl, it sets/resets the pause button checked (depressed) state in response to this callback (should it?), this was resetting the pause button checked/depressed state peridically (at the configured sem file check interval, default 2 seconds). The fix: if the new server state is the same as the previously set server state, don't call the set_state() callback. I considered this as a potential optimization when I first wrote that commit, but didn't see any obvious downside to calling the set_state() callback redundantly. Now that I see a downside, let's implement this saving/checking of the state to avoid redundant "set" calls.
-
- Jan 13, 2024
-
-
Rob Swindell authored
We have checks/loops/timeouts waiting for active clients to disconnect and child thread threads to terminate whenever shutting down or recycling already, so this should be safe. This pretty simple change fixes issue #236 (can't terminate server under heavy load). Also as part of this commit, introduced the ability to "pause" a server (prevent it from accepting new connections) with the ctrl/pause semaphore file or via the MQTT server/pause (and resume) topics. This feature is useful when debugging server issues where you don't necessarily want to fully shutdown/terminate the server, but don't want any new connections to be accepted (the listen backlog will fill up with incoming connections though). Unlike a server shutdown, a server pause can be "undone" via MQTT (by publishing a message to the "resume" topic). The "pause" semaphore file is just an "existence" semaphore file - its date/time stamp doesn't matter. If the file exists, the server will enter a paused state (and periodically log messages to that fact) until the semfile is deleted. This server pause feature is not the same as the pause button function in sbbsctrl, which just pauses server log output.
-
- Jan 10, 2024
-
-
Rob Swindell authored
Support was accidentally removed as part of commit 22e8d2e3, meaning the ftpalias.cfg wasn't used at all in responses to the MLSx commands as reported by Max (WESTLINE) using Total Commander, FileZilla and Directory opus. The traditional "LIST" commands still worked fine with ftpalias.cfg contents just fine. The reason this code was accidentally removed was due to the errant copy/pasted comparison with startup->html_index_file that did not belong here and made the block appear related to HTML index file generation. It was not. This was just a bug in the initial implementation of MLSx support in commit d4deb4b3. Also included in this commit: - Return the date/size of the user's QWK packet file, if it exists, in MLSx response. - send_mlsx_entry() won't report negative time_t values as file modify dates (flength returns -1 upon failure/file-not-found). - get_owner_name() returns the string, making it easier to use in function calls. There appears to still be some work to do to make the MLSx commands fully compliant with RFC 3659 (e.g. "mlst filename" from ftpalias.cfg should work but does not), but at least FileZilla displays ftpalias.cfg files and directories correctly now.
-
- Jan 09, 2024
-
-
Rob Swindell authored
-
Rob Swindell authored
Reusing the variable 'str' here for multiple purposes meant the QWK packet filename was overwritten by the owner name (the system's BBS-ID): ftp> mlsd 229 Entering Extended Passive Mode (|||2001|) 150 Opening ASCII mode data connection for MLSD. Type=file;Perm=r;UNIX.ownername=VERT; 00index Type=cdir;Perm=elc;UNIX.ownername=VERT; / Type=file;Perm=r;UNIX.ownername=VERT; VERT That last file there should have been "VERT.qwk"
-
- Jan 08, 2024
-
-
Rob Swindell authored
-
- Dec 29, 2023
-
-
Rob Swindell authored
The Global Login Requirements (default: blank) are used for any sever that doesn't have it explicitly set. This resolves issue #666 (the issue of the beast) for Keyop
-
Rob Swindell authored
e.g. User.downlaoded_file() will now publish to the appropriate MQTT topic and changes to system.node_list[] will get published to MQTT.
-
- Dec 21, 2023
-
-
Rob Swindell authored
The JS objects will still log to the terminal server (regardless of which server created/used the objects) however - so that's still a TODO. Change do_cryptInit() to return bool, since it does. Log detailed error if pthread_once() call fails. Lowered-severity (to DEBUG) the log messages related to TLS private key and cert creation and destruction. FIrst commit from within MSVS, so this might look weird.
-
- Dec 20, 2023
-
-
Deucе authored
Private key objects in cryptlib are not copied into sessions when they're added, only the refcount is incremented. These objects contain a bignum context, which therefore ends up shared across all instances of the private key. Unfortunately, the locking is on the session context, not the private key objects, so shared bignum contexts can cause memory corruption. Further, even if the locking issue was fixed, the performance handbrake would still exists... activating sessions that use the same private key would be serialized, with the results we've been seeing lately. With this, each session gets a unique private key, which is loaded from the file. When a session is finished with the key, it is cached in a list with an epoch, so when the date on the key file changes, old private keys will be eliminated. While this solves a lot of issues, logging of certificate generation and loading issues has regressed to the point where it's effectively not done at all. Logging was previously passed back to the caller, but given the much longer call chain to get to where a cert is created, the extra parameters was just too much. Something better should be done here at some point.
-
- Dec 19, 2023
-
-
Deucе authored
We'll hold a reader lock under the session is established, which should prevent blocking other threads unless something is beating on get_ssl_cert() (which would be a different bug). This still needs to be figured out, but at least this should fix the immediate issue.
-
Deucе authored
Holding the lock around session establishment should not be needed, but we need to protect tls_certificate read and usage. Since we don't have rwlocks in xpdev (yet?), hack together a crappy rwlock that does what we need.
-
Rob Swindell authored
Also, remove "CONSECUTIVE", which doesn't really make sense when the number of login attempts in 1.
-
- Dec 18, 2023
-
-
Rob Swindell authored
More readable/friendly log messages and ip.can reason strings
-
Rob Swindell authored
-
Rob Swindell authored
Now a sysop can "perm block" a client (IP address) for a limited amount of time rather than always forever. Add more displays of the ip.can details when actively blocking a client. Moved twit/trash functions from userdat.c to trash.c
-
- Dec 17, 2023
-
-
Rob Swindell authored
-
Rob Swindell authored
... especially around incoming connection acceptance, blocked-IPs/hostnames
-
- Dec 15, 2023
-
-
Rob Swindell authored
Using "Warning" log levels more for things that the sysop might be able to do something about. If it's just an input data validation (from a random TCP/IP client), use "Notice" log level instead. The terminal server log output is still the odd ball.
-
Rob Swindell authored
-
Rob Swindell authored
-
Rob Swindell authored
The time span over which consecutive failed logins are attempted is important
-
Rob Swindell authored
The log format and details might need some adjustment, but this is a start. Also, don't delay 3 seconds before disconnecting socket when mail server has reached maximum number of clients - we should immediately release resources (the socket) and be able to accept another connection ASAP instead. Deal with new CID 470557 and 470554 in mail server: resource (file*) leaks in error paths (corner case). Set minimum severity of TLS messages in web sever to INFO. Debug-level would hide some common TLS session errors.
-
- Nov 26, 2023
-
-
Rob Swindell authored
The user name is better to log than the user number. Include user name in brackets.
-
- Nov 13, 2023
-
-
Rob Swindell authored
-
- Jun 26, 2023
-
-
Rob Swindell authored
This macro hasn't done anything meaningful since we stopped using really old versions of Borland compilers (and std libraries) where strerror() returned a string terminated with a line-feed (\n) character.
-
- Jun 04, 2023
-
-
Rob Swindell authored
Or even weirder, u_long? And dereffing a ulong/u_long pointer where you expect to find an IPv4 address? Yet even weirder still. Fix that spit: It appears in_addr_t is defined on all platforms (?), so use that type instead.
-
Rob Swindell authored
No known sightings of these sites actually being the location of a segfault, but as we learned from the segfaults in rblchk(), the first entry in the h_addr_list can be NULL in some cases.
-
- Apr 13, 2023
-
-
Rob Swindell authored
This bug only impacted non-passive FTP connections. Using an FTP client with active (not passive) data connections over an IPv6 connection would false-trigger the "bounce attack" detection and the FTP server responded with "504 Bad port number" and logged a hack attempt in data/hack.log. The issue was that we were comparing the socket address structure (which contains other fields besides the address itself) between the control and proposed-data connections. While this logic worked okay for IPv4, it did not for IPv6 (the 2 structs contained some non-address differences). Rather than modify the socket address structures to match where needed, I'm just comparing the string representation of the addresses, since that's what we really care about anyway. Thank to "mark i" of Truck Stop BBS for alerting me to this issue
-
- Mar 24, 2023
-
-
Rob Swindell authored
-
- Mar 19, 2023
-
-
Rob Swindell authored
The lower of the configured maximum file size (for the FTP server) and the available disk space minus the configured minimum free disk space is used as the maximum file size to allow upload. Appended files are accounted for too.
-
Rob Swindell authored
Disallow uploads when free disk space falls below minimum configured minimum free disk space. This fixes issue #535
-
- Mar 04, 2023
-
-
Rob Swindell authored
Handles integer overflow in the summing of user's credits and remaining daily free credits.
-