1. 06 Feb, 2022 1 commit
    • Rob Swindell's avatar
      Fix access-control by terminal cap issue introduced a week ago · f5fed0b2
      Rob Swindell authored
      In commit 3f17c245, I was addressing the issue reported by Nelgin via IRC:
      <nelgin> If you login using a term that doesn't support ansi, it changes your settings - can you set 'em back when done?
      <DigitalMan> if you have auto-term enabled, it doesn't actually change your settings, just what's in use during that session
      <nelgin> I logged in using my BBC emulator which doesn't do ansi, then when I logged in through syncterm, I got the display like it was on the BBC. All my characters replaced with #'s and stuff.
      <nelgin> I had to go back into the user menu to fix it. That is going to confuse users.
      
      However, the chk_ar() function in userdat.c which is used to populate JS objects (e.g. xtrn_area.sec_list[].prog_list[]) uses the user.misc value (cannot call term_supports()), so the current user terminal flags need to be reflected in user.misc always. So the real fix for the originally reported problem is to clear the charset-related terminal settings when logging in with auto-terminal settings enabled (and before the auto-detected charset flags are OR'd in).
      
      I toyed with the idea of storing a copy of the term_supports() result in client_t, which is passed to chk_ar() when appropriate, but decided that was a bit overkill and there were issues with servers that don't have term_supports (e.g. the web server) and properly populating access-controlled areas in the JS object model (e.g. door games that require ANSI). Better to use the last-auto-detected terminal caps than assuming "no" terminal capabilities in that scenario.
      f5fed0b2
  2. 05 Feb, 2022 2 commits
    • Rob Swindell's avatar
      O-restriction forces sent netmail to come from user's alias too · b35a9907
      Rob Swindell authored
      Users with the 'O' restriction (automatically set if a new user has the same "real name" as another account, and that's allowed by the sysop) will send netmail from their alias and not their real name to prevent impersonation of another user.
      b35a9907
    • Rob Swindell's avatar
      Detect and reject duplicate internal code prefixes · 5fcc9090
      Rob Swindell authored
      Don't let (or at least try to prevent) a sysop create a duplicate message group or file library internal code prefix (which could lead to duplicate internal codes for subs and dirs, pretty easily and accidentally).
      5fcc9090
  3. 04 Feb, 2022 3 commits
  4. 02 Feb, 2022 1 commit
  5. 01 Feb, 2022 5 commits
    • Rob Swindell's avatar
      Fix (loss of) carrier detect reporting in Virtual UART driver · 5f2881f2
      Rob Swindell authored
      So Hobo and I have noticed that Global War was leaving game lock (*.LOK) files behind when he disconnected while in the game (e.g. due to the game not responding or something). 
      This was happening because GWAR was not recognizing the loss of connection ("carrier detect" or DCD) and SBBS would ungracefully terminate the process after 5 seconds of being disconnected, thus the game lock files would remain and requiring manual clean-up.
      
      I discovered that if I changed the WAR.CFG file to use FOSSIL instead of UART, Global War would then correctly recognize the loss of carrier and exit gracefully (and not leave any .LOK files behind). So... I suspected an issue with the Virtual UART driver. It turns out, that a program that relies on the modem status register change interrupt (and doesn't "poll" the UART MSR register) might never know that the "carrier" was lost. This is fixed by waiting on the hungup_event in the interrupt_thread and deasserting DCD in the "virtual" MSR register and asserting the MSR change interrupt to notify the program that it has in fact changed. Good thing for WaitForMultipleObjects(). Uh huh.
      5f2881f2
    • Rob Swindell's avatar
      Implement the sbbsfile.nam and sbbsfile.des post-processing in v3.19 · bc7030d3
      Rob Swindell authored
      This one was one of the last TODO items for the new filebase implementation: It's been supported (for a *long* time) that a file tester/upload processor could change the uploaded file's name or description by modifying the contents of the sbbsfile.nam and sbbsfile.des files in the node's directory (I know, great names, eh?). These files were not read-back into sbbs to apply any changes in v3.19b and that's now "fixed" though I'm not sure any file upload tester/processor actually ever made use of this feature.
      
      Also as part of this change, the '%s' specifier for the tester command-line will now be replaced with the path to the sbbsfile.des file and not the file's description itself (which could easily have been problematic for a command-line).
      
      Updated SCFG help text to suit.
      bc7030d3
    • Rob Swindell's avatar
      Call clearline() after displaying "working strings" for file processors · 735f9ac8
      Rob Swindell authored
      Testable File Types and Download Events support working strings (display before/while the command-line executes). Clear the current line (displaying this working string) when the execution completes.
      735f9ac8
    • Rob Swindell's avatar
      Fix "Testable Files" file extension comparison · 099c5fa5
      Rob Swindell authored
      Issue introduced in v3.19: Testable Files (a.k.a. upload processors) with a specified file extension/type (e.g. "ZIP" and not "*") would never run because the file extension comparison logic was "off by one". Testable Files with an extension of "*" (all files/types) would still run however.
      
      This fixes issue #331 reported by Nightfox.
      099c5fa5
    • Rob Swindell's avatar
      By default, don't recognize filebase virtual path prefix for vhosts · a999e510
      Rob Swindell authored
      If the request is to a virtual web host, don't recognize the filebase vpath prefix (FileVPathPrefix setting) unless FileVPathForVHosts is set to "true" (in the [web] section of sbbs.ini).
      
      This addresses another of Deuce's concerns about this feature.
      a999e510
  6. 31 Jan, 2022 2 commits
  7. 30 Jan, 2022 1 commit
    • Rob Swindell's avatar
      Fix HTTP-requests for files >= 2GB in size · d8c099db
      Rob Swindell authored
      An int is 32-bits on all supported platforms, so this has always been broken. The actual file size/request-length sent would depend on fun 2's complement math (a 32GB file was being truncated to 433MB).
      
      Also fixed some wrong uses of PRIuOFF: off_t is a signed integer, so technically the maximum file size you can request now is 2^63 bytes, which is "big enough".
      d8c099db
  8. 29 Jan, 2022 1 commit
  9. 28 Jan, 2022 5 commits
    • Rob Swindell's avatar
      Use sbbs.ini [web] FileVPathPrefix to configure web filebase prefix · acd808d3
      Rob Swindell authored
      It bothered Deuce having a web server setting in scfg_t/SCFG->File Options, so I moved this setting to [web_]startup_t and the sbbs.ini file.
      
      The downside is that file_area.web_file_prefix is no longer available to JS environments outside of the web server and terminal server, but meh, probably not going to use it elsewhere anyway? I can imagine use cases for JSexec scripts to want to generate URLs to filebase files. If that ends up being a need, they'll have to find and parse the "right" sbbs.ini file to determine the vpath prefix. 
      acd808d3
    • Rob Swindell's avatar
    • Rob Swindell's avatar
      fc3addb6
    • Rob Swindell's avatar
      Add 'vdir' (virtual directory name) member to lib_t and dir_t · 51ab0a7f
      Rob Swindell authored
      This change is just for internal consistency and convenience right now: the lib_t.vdir is a "sanitized" copy of the lib's short name (spaces are converted to dots or underscores based on the logic that the FTP server used in dotname()) and the dir_t.vdir is just a pointer to the dir's code_suffix. No other permutations are made (e.g. lower-casing the strings). Although the virtual directory names of libraries will now appear in mixed case in the FTP server (previously, they were all lowercase), the directory names are actually treated case-insensitively, so it should not make any difference. If forced-lowercase is preferred for some reason, please speak up.
      
      This change leads the way to eventually, possibly, making these virtual path elements sysop-configurable. For now, it's just better to have a *copy* of the lib's short name that is appropriately modified to make a suitable directory name and have that vpath element available globally (to all servers and services) in a consistent manner.
      
      So Nelgin asked (about filebase access via http), what if the library short name has a space in it? The answer now is, the spaces are replaced with a '.' or '_' (if there's already dots in the name).
      51ab0a7f
    • Rob Swindell's avatar
      Fix up the directory internal code suffix help text · 19fbeaea
      Rob Swindell authored
      ... more aligned with a sub-board's internal code help text.
      19fbeaea
  10. 27 Jan, 2022 2 commits
    • Rob Swindell's avatar
      Allow files to be removed from batch queues by number · 86e39e82
      Rob Swindell authored
      This fixes issue #328.
      
      The user actually *can* remove files from the batch queues in v3.19b, but you have to type the filenames which is not obvious from the prompt which implies you need to type the file index position (e.g. '1' for the first file in the queue). In all Synchronet versions prior, you could only remove by number (and not by name).
      
      The fix is to allow either the number or the name of the file to be entered at the RemoveWhich prompt and the file is removed from the queue successfully.
      
      Thanks Ragnarok!
      86e39e82
    • Rob Swindell's avatar
      Ignore VDD WriteFile() failures if the child process has terminated · 9445866c
      Rob Swindell authored
      If the child process (e.g. door game) has terminated, don't log errors if/when WriteFile() to the mailslot fails. This would be expected as the mailslot is created/owen-by sbbsexec.dll which would also terminate along with the process, thus closing the mailslot. 
      
      Hopefully resolves the errors reported by DesotoFireflite (VALHALLA).
      9445866c
  11. 26 Jan, 2022 2 commits
  12. 23 Jan, 2022 4 commits
    • Rob Swindell's avatar
      create_archive() will skip directories in supplied file_list · 77e2d88e
      Rob Swindell authored
      The file_list[] parameter was expected to contain only files, but the directory() function (used to create that file_list[]) returns a list of all directory entries, including sub-directories. I could (and maybe will) add an option to directory() to only include files or dirs, but this seemed the more direct fix for the problem reported by DesotoFireflite (VALHALLA):
      
      TickIT's nodelist_handler.js appears to be creating and leaving behind a sub-directory of the temp directory, triggering this error:
       1/23  11:36:56a  QNET libarchive error -1 (13 opening c:\SBBS\temp\event\nodelist_handler/) creating c:\SBBS\data\VERT.REP 
      
      Why isn't the temp directory fully cleaned up after/between events? That's another thing to look into.
      77e2d88e
    • Rob Swindell's avatar
    • Rob Swindell's avatar
      Add case fall-through comment · ca9bac80
      Rob Swindell authored
      To address CID 345626
      ca9bac80
    • Rob Swindell's avatar
      Basic PETSCII output column/line counting in putmsg() · 09a32c0d
      Rob Swindell authored
      When printing a PETSCII Sequence (.seq) file, count the lines/rows and columns similar to how we would if we were using outchar() (but we don't, we use the lower-level outcom() to bypass any translations).
      
      This is related to issue #325:
      PETSCII seq files seem to display just fine, the problem I saw was with the auto-pausing (e.g. before a screen-clear) after displaying them.
      09a32c0d
  13. 22 Jan, 2022 3 commits
    • Rob Swindell's avatar
      Handle duplicate names and aliases better · 55be2129
      Rob Swindell authored
      So some cute user (mine@demon.com) created a new user account on Vertrauen with the alias and real name of "Rob Swindell". Funny.
      
      Now, duplicate user aliases are already and always forbidden (even those that just vaguely match an existing alias) - everyone expects those to be unique. And we already forbid new user real names to match an existing user alias (check_name() enforces this and we use that when checking new user real names too), however, nothing prevented a new user account's alias from matching another existing user's real name. And this is a problem:
      
      1. This new/fake user could post a message or send an email/netmail and it would appear to possibly come from the other/original user (we do have options to send mail and post messages using real names)
      
      2. Received email for real names is supported and if enabled, this second account could be used to intercept mail for the original/first account if it was receiving mail for the original/real user's real name.
      
      So disallowing a new user's real name to match an existing alias fixes one problem. 
      However, systems *can* be configured to allow duplicate real names (which is convenient for QWKnet accounts, for example) and so we needed another solution for that problem: meet the 'O' restriction. This restriction flag will prevent a user account from posting messages no sub-boards that require real names. New user accounts that have a duplicate real name (the same as another user account's real name), will automatically be assigned the 'O' restriction flag. Systems that don't allow duplicate real names wouldn't have this issue in the first place.
      
      Scripts that allow the creation of new user accounts might need some updating to match this security logic.
      55be2129
    • Rob Swindell's avatar
      Call can_user_post() rather than manual checks · 9ae0448c
      Rob Swindell authored
      Eliminate some redundant code. Use the userdat lib function provided for this purpose.
      9ae0448c
    • Rob Swindell's avatar
      Remove some commented-out code · cac09153
      Rob Swindell authored
      Posting restrictions are handled one QWK-message at a time (and have been for a long time). No actual change here.
      cac09153
  14. 20 Jan, 2022 4 commits
  15. 19 Jan, 2022 2 commits
  16. 18 Jan, 2022 2 commits