Commit 75c5c9e5 was initially to address server termination (sisue #236), but
expanded in scope to include server recycling (e.g. due to semaphore/config
file touch) and that turns out to not be what most sysops want.

If you want an immediate/ungraceful recycle, do a restart (shutdown/stop and
then start) instead.

Immediate/ungraceful server shutdown/termination is still in effect however.

No change to the "server pause" feature either, so combining pause with
recycle would be effective to prevent *new* client connections while waiting
for existing clients to disconnect and allow a recycle to happen.

value that's not an off_t as one.

These should've been static to begin with, like the other servers. Explains why FTP error message are with "term" as the server.

TLS 1.2.  For static services and JS sockets, add a new tls_minver
socket property which can be set to use a lower minver (down to the
wildly insecure TLS 1.0).

TLS 1.0 and 1.1 have been not reccomended since 2015, and deprecated
since 2021.

Use cryptDestroySession() instead.

Reported by Max (WESTLINE)...

Introduced in commit 75c5c9e5, since we are now calling the set_state()
callback periodically, and in sbbsctrl, it sets/resets the pause button
checked (depressed) state in response to this callback (should it?), this was
resetting the pause button checked/depressed state peridically (at the
configured sem file check interval, default 2 seconds).

The fix: if the new server state is the same as the previously set server
state, don't call the set_state() callback. I considered this as a potential
optimization when I first wrote that commit, but didn't see any obvious
downside to calling the set_state() callback redundantly. Now that I see a
downside, let's implement this saving/checking of the state to avoid
redundant "set" calls.

We have checks/loops/timeouts waiting for active clients to disconnect and
child thread threads to terminate whenever shutting down or recycling already,
so this should be safe. This pretty simple change fixes issue #236 (can't
terminate server under heavy load).

Also as part of this commit, introduced the ability to "pause" a server
(prevent it from accepting new connections) with the ctrl/pause semaphore
file or via the MQTT server/pause (and resume) topics. This feature is useful
when debugging server issues where you don't necessarily want to fully
shutdown/terminate the server, but don't want any new connections to be
accepted (the listen backlog will fill up with incoming connections though).
Unlike a server shutdown, a server pause can be "undone" via MQTT (by
publishing a message to the "resume" topic).

The "pause" semaphore file is just an "existence" semaphore file - its
date/time stamp doesn't matter. If the file exists, the server will enter
a paused state (and periodically log messages to that fact) until the semfile
is deleted.

This server pause feature is not the same as the pause button function in
sbbsctrl, which just pauses server log output.

Support was accidentally removed as part of commit 22e8d2e3, meaning
the ftpalias.cfg wasn't used at all in responses to the MLSx commands as
reported by Max (WESTLINE) using Total Commander, FileZilla and Directory
opus. The traditional "LIST" commands still worked fine with ftpalias.cfg
contents just fine.

The reason this code was accidentally removed was due to the errant
copy/pasted comparison with startup->html_index_file that did not belong here
and made the block appear related to HTML index file generation. It was not.
This was just a bug in the initial implementation of MLSx support in
commit d4deb4b3.

Also included in this commit:
- Return the date/size of the user's QWK packet file, if it exists, in MLSx
  response.
- send_mlsx_entry() won't report negative time_t values as file modify dates
 (flength returns -1 upon failure/file-not-found).
- get_owner_name() returns the string, making it easier to use in function
  calls.

There appears to still be some work to do to make the MLSx commands fully
compliant with RFC 3659 (e.g. "mlst filename" from ftpalias.cfg should work
but does not), but at least FileZilla displays ftpalias.cfg files and
directories correctly now.

Reusing the variable 'str' here for multiple purposes meant the QWK packet
filename was overwritten by the owner name (the system's BBS-ID):

 ftp> mlsd
 229 Entering Extended Passive Mode (|||2001|)
 150 Opening ASCII mode data connection for MLSD.
 Type=file;Perm=r;UNIX.ownername=VERT; 00index
 Type=cdir;Perm=elc;UNIX.ownername=VERT; /
 Type=file;Perm=r;UNIX.ownername=VERT; VERT

That last file there should have been "VERT.qwk"

The Global Login Requirements (default: blank) are used for any sever that doesn't have it explicitly set.

This resolves issue #666 (the issue of the beast) for Keyop

e.g. User.downlaoded_file() will now publish to the appropriate MQTT topic and changes to system.node_list[] will get published to MQTT.

The JS objects will still log to the terminal server (regardless of which server created/used the objects) however - so that's still a TODO.
Change do_cryptInit() to return bool, since it does.
Log detailed error if pthread_once() call fails.
Lowered-severity (to DEBUG) the log messages related to TLS private key and cert creation and destruction.

FIrst commit from within MSVS, so this might look weird.

Private key objects in cryptlib are not copied into sessions when
they're added, only the refcount is incremented.  These objects
contain a bignum context, which therefore ends up shared across all
instances of the private key.  Unfortunately, the locking is on the
session context, not the private key objects, so shared bignum contexts
can cause memory corruption.

Further, even if the locking issue was fixed, the performance handbrake
would still exists... activating sessions that use the same private key
would be serialized, with the results we've been seeing lately.

With this, each session gets a unique private key, which is loaded
from the file.  When a session is finished with the key, it is cached
in a list with an epoch, so when the date on the key file changes, old
private keys will be eliminated.

While this solves a lot of issues, logging of certificate generation
and loading issues has regressed to the point where it's effectively
not done at all. Logging was previously passed back to the caller,
but given the much longer call chain to get to where a cert is created,
the extra parameters was just too much. Something better should be
done here at some point.

We'll hold a reader lock under the session is established, which
should prevent blocking other threads unless something is beating
on get_ssl_cert() (which would be a different bug).

This still needs to be figured out, but at least this should fix
the immediate issue.

Holding the lock around session establishment should not be needed,
but we need to protect tls_certificate read and usage.  Since we
don't have rwlocks in xpdev (yet?), hack together a crappy rwlock
that does what we need.

Also, remove "CONSECUTIVE", which doesn't really make sense when the number
of login attempts in 1.

More readable/friendly log messages and ip.can reason strings

Now a sysop can "perm block" a client (IP address) for a limited amount of
time rather than always forever.

Add more displays of the ip.can details when actively blocking a client.

Moved twit/trash functions from userdat.c to trash.c

... especially around incoming connection acceptance, blocked-IPs/hostnames

Using "Warning" log levels more for things that the sysop might be able to do
something about. If it's just an input data validation (from a random TCP/IP
client), use "Notice" log level instead.

The terminal server log output is still the odd ball.

The time span over which consecutive failed logins are attempted is important

The log format and details might need some adjustment, but this is a start.

Also, don't delay 3 seconds before disconnecting socket when mail server has
reached maximum number of clients - we should immediately release resources
(the socket) and be able to accept another connection ASAP instead.

Deal with new CID 470557 and 470554 in mail server: resource (file*)
leaks in error paths (corner case).

Set minimum severity of TLS messages in web sever to INFO. Debug-level would
hide some common TLS session errors.

The user name is better to log than the user number. Include user name in
brackets.

This macro hasn't done anything meaningful since we stopped using really old
versions of Borland compilers (and std libraries) where strerror() returned a
string terminated with a line-feed (\n) character.

Or even weirder, u_long?

And dereffing a ulong/u_long pointer where you expect to find an IPv4 address?
Yet even weirder still.

Fix that spit: It appears in_addr_t is defined on all platforms (?), so use
that type instead.

No known sightings of these sites actually being the location of a segfault,
but as we learned from the segfaults in rblchk(), the first entry in the
h_addr_list can be NULL in some cases.

This bug only impacted non-passive FTP connections. Using an FTP client
with active (not passive) data connections over an IPv6 connection would
false-trigger the "bounce attack" detection and the FTP server responded with
"504 Bad port number" and logged a hack attempt in data/hack.log.

The issue was that we were comparing the socket address structure (which
contains other fields besides the address itself) between the control and
proposed-data connections. While this logic worked okay for IPv4,
it did not for IPv6 (the 2 structs contained some non-address differences).
Rather than modify the socket address structures to match where needed, I'm
just comparing the string representation of the addresses, since that's
what we really care about anyway.

Thank to "mark i" of Truck Stop BBS for alerting me to this issue

The lower of the configured maximum file size (for the FTP server) and
the available disk space minus the configured minimum free disk space
is used as the maximum file size to allow upload. Appended files
are accounted for too.

Disallow uploads when free disk space falls below minimum configured
minimum free disk space.

This fixes issue #535

Handles integer overflow in the summing of user's credits and remaining daily
free credits.