1. 15 Feb, 2021 1 commit
    • Rob Swindell's avatar
      Disable FTP Bounce (FXP) support by default · ebece39d
      Rob Swindell authored
      The Synchronet FTP server has (since 2001) disallowed PORT/EPRT/LPRT commands with a "reserved" port number (i.e. < 1024) as recommended by RFC2577 and when attempted, would log a "SUSPECTED FTP BOUNCE HACK ATTEMPT" in the data/hack.log file.
      However, as Karloch (HISPAMSX) pointed out recently, an FTP Bounce Attack to other TCP ports was still possible (and detected/reported by some security scans as a potential vulnerability).
      So, reject all PORT/EPRT/LPRT commands that specify an IP address other than that used for the control TCP connection unless the sysop specifically enables the new "ALLOW_BOUNCE" option flag (in the [ftp] section of sbbs.ini) and the user is an authenticated non-guest/anonymous user. And as before, log the attempt as a suspected hack attempt.
      This change also removes the "Directory File Access" checkbox from the Synchronet Control Panel for Windows as that feature is "going away" soon (or at least, it won't be an FTP-specific option/feature if it remains).
  2. 14 Feb, 2021 1 commit
  3. 18 Jan, 2021 1 commit
    • Rob Swindell's avatar
      Safe string handling with config-load error messages · 99dbeb14
      Rob Swindell authored
      We were just trusting that the error strings would be shorter than 256 (usually), but since we're including paths and strerror() results, we really have no control over the length of the error strings. So enforce some healthy boundaries. This could explain the crashes that Divarin of Mutiny is seeing with SCFG on WinXP or maybe it was the truncsp(strerror()) stuff that was just removed as well. We'll see...
  4. 09 Jan, 2021 1 commit
    • Rob Swindell's avatar
      Don't delete pack####.now upon FTP-logoff · 3ead8a4d
      Rob Swindell authored
      When a user logins to the FTP server concurrently, this creates a
      race condition with an/the other FTP session that may be creating/
      downloading a QWK packet. On Vertrauen, this results in the
      occasional error removing the file since it was removed unexpectedly:
      !ERROR 2 (No such file or directory) in main.cpp line 2747 (event_thread) removing "/sbbs/data/pack1111.now" access=0
  5. 31 Dec, 2020 1 commit
  6. 30 Dec, 2020 2 commits
    • Rob Swindell's avatar
      Remove 3 second delay before disconnecting when max clients reached · 31d07482
      Rob Swindell authored
      This seems to be misguided and would only increase the chances of a DoS-type attack on TCP session resources.
      A second 3-second delay upon malloc failure is also removed.
    • Rob Swindell's avatar
      Implement max concurrent connections for FTP · 8b2b02e1
      Rob Swindell authored
      Support optional limit on concurrent connections from the same IP address to the FTP server by setting MaxConcurrentConnections in the [ftp] section of sbbs.ini. Unlike the mail server and the terminal server, this concurrent-connection count is not discounted by the number of authenticated logins. The default value is 0 (unlimited).
      This closes issue #156
  7. 22 Dec, 2020 1 commit
    • Rob Swindell's avatar
      Remove dynamic HTML index support from FTP server · 0d01544d
      Rob Swindell authored
      The days of browsers rendering HTML served-up via FTP are over, so remove this feature. This also removes all JavaScript support from the FTP server and that is a bit odd as it was one of the first Synchronet components for which I added JS support.
      Removing this feature was pretty painless; much easier than adding it was. The main motivation was less cruft to port to the file base in the works. There should be no more references to 00index.html anywhere at this point. Bye bye cool feature, we'll miss you.
  8. 13 Dec, 2020 1 commit
  9. 24 Nov, 2020 1 commit
    • Rob Swindell's avatar
      Stop pretending to configure the JavaScript Context stack · c0cd8686
      Rob Swindell authored
      The argument to JS_NewContext that we were allowing to be configured was not the contest stack size, but rather:
      "The size, in bytes, of each "stack chunk". This is a memory management tuning parameter which most users should not adjust. 8192 is a good default value." - per Mozilla.
      So we're just going to use the suggested default, hard-coded.
  10. 20 Nov, 2020 1 commit
  11. 19 Nov, 2020 1 commit
  12. 06 Nov, 2020 1 commit
    • Rob Swindell's avatar
      Replace ctype.h function calls with new MSVC-safe XPDEV macros · 8a7b7308
      Rob Swindell authored
      I'm fed-up with MSVC assertions in ctype functions (e.g. isdigit, isprint, isspace, etc.) when called with out-of-range (e.g. negative) values.
      This problem only affects MSVC debug builds, but if you run them (like I do), these things are like little time bombs that can drive you crazy (knocking your board out of service).
      The new macros names are bit more descriptive as well.
  13. 25 Oct, 2020 1 commit
    • Rob Swindell's avatar
      Create the pack*.now with fmutex() to prevent simultaneous QWK packs · 10477fe2
      Rob Swindell authored
      Probably only a problem on Vertrauen, but some QWKnet nodes, for some unknown reason, like to FTP-connect multiple times concurrently and request to download a QWK packet. This creates a race condition where the QWK packet gets created/downloaded/deleted before the second FTP connection can successfully download the same file, thus logging an error "opening file " on the server (VERT). So if the pack*.now file already exists, reject the download request. "What are doing?" is what I really want to ask these nodes, but better just throw them an error response and quietly move on.
  14. 13 Sep, 2020 4 commits
  15. 07 Sep, 2020 1 commit
    • Rob Swindell's avatar
      Fix observed race-condition resulting in the HOSTNAME @-code being blank. · dee21ed6
      Rob Swindell authored
      Eliminate the hack in each server where it will over-write startup host_name
      (with the configured Internet email address), if it's blank. This hack was
      subject to a race condition where the parent app (e.g. sbbsctrl.exe) would
      clear or re-initialize the host_name after the sever threads had initialized.
      Instead, just use a function which will return either the startup->host_name
      or (fallback to) scfg.inet_addr.
  16. 16 Aug, 2020 1 commit
  17. 15 Aug, 2020 1 commit
    • rswindell's avatar
      More file existence/length checks, with only a WARNING log level (not error)... · f94d2132
      rswindell authored
      More file existence/length checks, with only a WARNING log level (not error) since some QWKnet nodes apparently like to start concurrent QWK packet downloads and inevitably one finishes first, deleting the file, and the second transfer logs and error. Examples:
        8/14  08:10:06p  2296 <EPHRAM> downloading QWK packet (1320 bytes) in passive mode
        8/14  08:10:06p  3792 <EPHRAM> downloading QWK packet (1320 bytes) in passive mode
        8/14  08:10:06p  2296 <EPHRAM> DATA Transfer successful: 1320 bytes sent in 0 seconds (2640 cps)
        8/14  08:10:06p  3792 <EPHRAM> !DATA ERROR 2 (No such file or directory) line 1376 opening s:\sbbs\data\file/0888.qwk
        8/14  11:28:55p  2576 <POTOGOLD> downloading QWK packet (27129 bytes) in passive mode
        8/14  11:28:55p  2576 <POTOGOLD> DATA Transfer successful: 27129 bytes sent in 0 seconds (54258 cps)
        8/14  11:28:55p  1924 <POTOGOLD> downloading QWK packet (4294967295 bytes) in passive mode
        8/14  11:28:56p  1924 <POTOGOLD> !DATA ERROR 2 (No such file or directory) line 1376 opening s:\sbbs\data\file/0168.qwk
      Also some more 64-bit file length support (flength returns an off_t now, not a ulong).
      And ftell() returns a long (not a ulong).
  18. 08 Aug, 2020 1 commit
    • rswindell's avatar
      The problem: the sysop (me) is not notified of critical errors (e.g.... · 5899a303
      rswindell authored
      The problem: the sysop (me) is not notified of critical errors (e.g. synchro.net zone file problems) in a timely manner.
      Part of the solution: notify a configured user (e.g. user #1) via short-message/telegram and email/netmail logged-errors when messages of a configured severity (e.g. "Critical") are logged.
      The second part of the solution (coming next) will be allowing timed events to log a message of a configurable severity logged when the event fails (returns a non-zero error level to sbbs).
      I'm saving the error-notification-user-number and log-severity as part of the node.cnf file because:
      - that's where the validation user number is already set
      - I can conceive of a large system were certain node ranges (different instances of sbbs) might want different operators to be notified of logged-errors
      This also means I eliminated all the legacy com port/modem stuff from the end of the node.cnf file. None of that is used in sbbs v3.
      Also included in this commit are improvements around logging:
      - reduce the severity of UDP recvfrom failures in services
      - a more detailed log message when the mail server successfully delivers an email (via SMTP) - easier to answer the question: was that email you/they sent delivered successfully?
  19. 27 May, 2020 1 commit
  20. 17 Apr, 2020 1 commit
  21. 11 Apr, 2020 1 commit
    • rswindell's avatar
      Two unrelated changes, but since they touched sbbs.h, I'm committing them · 0d73dbc4
      rswindell authored
      together to keep things atomic:
      1. Eliminate eprintf() as sbbs_t::lputs() and sbbs_t::lprintf() do the
         "right thing" (e.g. log to the event log when called from the event_thread).
      2. Moved upload_stats() and download_stats() from ftpsrvr.c to getstats.c where
          I plan to make use of them for JS-based upload/download file support.
  22. 31 Mar, 2020 1 commit
  23. 19 Mar, 2020 1 commit
    • rswindell's avatar
      Added usernum member to client_t which tracks if the client_t.user (name) · 570a9466
      rswindell authored
      is actually an authenticated local user (when usernum != 0).
      msg_client_hfields() no longer saves the client->user as the SMB SENDERUSERID
      hfield when the client hasn't been authenticated (as is the case with normal
      SMTP). The SENDUSERIDs were redundant and misleading for unauthenticated
      SMTP-received mail messages, so that's now fixed.
  24. 31 Aug, 2019 1 commit
    • rswindell's avatar
      Update the C getnodedat/putnodedat API to not require that the node file · 4c8482c9
      rswindell authored
      (ctrl/node.dab) is constantly closed and re-opened for every non-locking read.
      This is really slow across network file systems and unnecessary, so use a
      similar optimization as the C++ sbbs_t class where the file can (and normally
      is) left open across multiple consecutive reads.
      Create/use opennodedat() function.
      Uses the new CLOSE_OPEN_FILE() macro from xpdev/filewrap.h.
  25. 20 Jun, 2019 1 commit
  26. 31 May, 2019 2 commits
  27. 07 May, 2019 1 commit
  28. 23 Apr, 2019 1 commit
    • rswindell's avatar
      Clean up the hostname look-up stuff: · 60f996f9
      rswindell authored
      - getnameinfo() was being called with NI_NUMERICHOST in the mail server and
        web server (but nowhere else)
      - use a singly-defined macro (STR_NO_HOSTNAME) for the "<no name>" string
        rather than copying it about
      - the webserver apparently assumes that session->host_name will always have
        *some* unique value (e.g. the IP address when no hostname is available) - so
        account for that special need <grumble>
  29. 07 Mar, 2019 1 commit
    • deuce's avatar
      There appears to be data corruption in cryptlib if a private key is added · 211a2a1a
      deuce authored
      to a second thread before the first has the session set active.  Add calls
      to lock/unlock the certificate to prevent this.
      The better options is likely to have a function that adds the key and socket
      and sets the session active in one call and handles the locking internally.
      But I'm lazy, so we get the lock functions.
  30. 18 Jan, 2019 1 commit
  31. 12 Jan, 2019 2 commits
    • rswindell's avatar
      Fix some new issues due to use of GLOB_MARK: · c683fd1d
      rswindell authored
      getfname() on a path that ends in a slash, returns an empty string pointer.
      Fixed-up some logging output around listing creations.
    • rswindell's avatar
      Optimized all directory listings and index generation: · 6906257d
      rswindell authored
      - use GLOB_MARK to eliminate calls to isdir() in loops
      - use stat() rather than calls to flength() and fdate()
      - don't call getfiledat() if getfileixb() failed
      - profiling info-level log msgs added for index/listing generation, e.g.
        "detailed listing (3459 bytes) of /main/SBBS (45 files) created in 2 seconds"
      Fixed bug with indexes generated for directories with the
      "Access Files Not In Database" option enabled, files not in database were
      excluded from the generated index (e.g. 00index, 00index.html).
  32. 04 Jan, 2019 1 commit
  33. 12 Dec, 2018 1 commit
  34. 18 Nov, 2018 1 commit
    • rswindell's avatar
      Hackety-hack-hack... hack · 6473f58a
      rswindell authored
      So I tested the following cases, which all pass:
      cwd diralias -> 250 CWD command successful.
      cwd /diralias -> 250 CWD command successful.
      cwd /diralias/ -> 250 CWD command successful.
      cwd /diralias/filename -> 550 filename: No such directory.
      cwd /filealias -> 550 filealias: No such diretory.
      cwd /filealias/ -> 550 : No such diretory.
      retr filealias -> 150 Opening BINARY mode data connection for file transfer.
      retr /filealias -> 150 Opening BINARY mode data connection for file transfer.
      Hopefully is the end of the fixes for Chrome browser ftp weirdness
      (tries to "CWD" to anything/everything to determine if it's a file or not).