1. 13 Aug, 2022 2 commits
  2. 03 Jun, 2022 1 commit
  3. 31 Mar, 2022 3 commits
  4. 29 Mar, 2022 1 commit
  5. 28 Mar, 2022 1 commit
  6. 02 Jan, 2022 1 commit
  7. 01 Jan, 2022 1 commit
  8. 19 Apr, 2021 1 commit
    • Rob Swindell's avatar
      Control sound-mute via semfile (ctrl/sound.muted) rather than sbbs.ini · a88cce19
      Rob Swindell authored
      There was a bug with reloading the configuration files in sbbsctrl where the sound button no longer reflected the truth and the sysop's previous click-state of the button was lost. Rather than going through writing the OPT_MUTE flag to the Options fields of all the sections of the sbbs.ini and then re-loading that file as a result, just do like we did with the sysop chat availability: use a semfile. So much simpler.
      
      If anyone ever needs instance-specific muting, we can create/check instance/host-specific mute semfiles then. Doubt that'll happen though.
      
      Also, removed the old sysavail control methods of ntsvcs too.
      a88cce19
  9. 18 Apr, 2021 5 commits
  10. 04 Apr, 2021 1 commit
    • Rob Swindell's avatar
      A poll() failure with EINTR does not mean a socket is closed. · fcf58640
      Rob Swindell authored
      This won't impact Synchronet as it has a separate signal handling
      thread, but we still need to behave properly for processes that
      don't.  I'm also saying that ENOMEM does not indicate a disconnection,
      though it may be better to pretend it was disconnected...
      fcf58640
  11. 15 Feb, 2021 2 commits
    • Rob Swindell's avatar
      Disable FTP Bounce (FXP) support by default · 635fad77
      Rob Swindell authored
      The Synchronet FTP server has (since 2001) disallowed PORT/EPRT/LPRT commands with a "reserved" port number (i.e. < 1024) as recommended by RFC2577 and when attempted, would log a "SUSPECTED FTP BOUNCE HACK ATTEMPT" in the data/hack.log file.
      
      However, as Karloch (HISPAMSX) pointed out recently, an FTP Bounce Attack to other TCP ports was still possible (and detected/reported by some security scans as a potential vulnerability).
      
      So, reject all PORT/EPRT/LPRT commands that specify an IP address other than that used for the control TCP connection unless the sysop specifically enables the new "ALLOW_BOUNCE" option flag (in the [ftp] section of sbbs.ini) and the user is an authenticated non-guest/anonymous user. And as before, log the attempt as a suspected hack attempt.
      
      This change also removes the "Directory File Access" checkbox from the Synchronet Control Panel for Windows as that feature is "going away" soon (or at least, it won't be an FTP-specific option/feature if it remains).
      635fad77
    • Rob Swindell's avatar
      Disable FTP Bounce (FXP) support by default · ebece39d
      Rob Swindell authored
      The Synchronet FTP server has (since 2001) disallowed PORT/EPRT/LPRT commands with a "reserved" port number (i.e. < 1024) as recommended by RFC2577 and when attempted, would log a "SUSPECTED FTP BOUNCE HACK ATTEMPT" in the data/hack.log file.
      
      However, as Karloch (HISPAMSX) pointed out recently, an FTP Bounce Attack to other TCP ports was still possible (and detected/reported by some security scans as a potential vulnerability).
      
      So, reject all PORT/EPRT/LPRT commands that specify an IP address other than that used for the control TCP connection unless the sysop specifically enables the new "ALLOW_BOUNCE" option flag (in the [ftp] section of sbbs.ini) and the user is an authenticated non-guest/anonymous user. And as before, log the attempt as a suspected hack attempt.
      
      This change also removes the "Directory File Access" checkbox from the Synchronet Control Panel for Windows as that feature is "going away" soon (or at least, it won't be an FTP-specific option/feature if it remains).
      ebece39d
  12. 14 Feb, 2021 1 commit
  13. 24 Jan, 2021 1 commit
    • Rob Swindell's avatar
      Better charset handling of outbound mail · 9c8d7588
      Rob Swindell authored
      The default character set for outbound mail is now auto-determined (when not explicitly specified for a message) between UTF-8, ASCII, and CP437. The [mail] DefaultCharset setting (which fell-back to iso-8859-1 if blank) is no longer "a thing".
      
      Also: specify 8-bit content-transfer-encoding for the (potentially UTF-8 or CP-437) plain text portion of a MIME-encoded message with file attachment (7-bit was wrong) and pass down the text sub-type (e.g. could be "html") for inclusion in the mime-part header (don't assume text/plain, but still use that as default).
      
      Also: log an error when failing to delete an attached file (e.g. from data/file/*.out).
      9c8d7588
  14. 18 Jan, 2021 2 commits
  15. 30 Dec, 2020 1 commit
  16. 22 Dec, 2020 1 commit
    • Rob Swindell's avatar
      Remove dynamic HTML index support from FTP server · 0d01544d
      Rob Swindell authored
      The days of browsers rendering HTML served-up via FTP are over, so remove this feature. This also removes all JavaScript support from the FTP server and that is a bit odd as it was one of the first Synchronet components for which I added JS support.
      
      Removing this feature was pretty painless; much easier than adding it was. The main motivation was less cruft to port to the file base in the works. There should be no more references to 00index.html anywhere at this point. Bye bye cool feature, we'll miss you.
      0d01544d
  17. 24 Nov, 2020 1 commit
    • Rob Swindell's avatar
      Stop pretending to configure the JavaScript Context stack · c0cd8686
      Rob Swindell authored
      The argument to JS_NewContext that we were allowing to be configured was not the contest stack size, but rather:
      "The size, in bytes, of each "stack chunk". This is a memory management tuning parameter which most users should not adjust. 8192 is a good default value." - per Mozilla.
      
      So we're just going to use the suggested default, hard-coded.
      c0cd8686
  18. 21 Oct, 2020 1 commit
  19. 15 Sep, 2020 2 commits
  20. 14 Sep, 2020 1 commit
  21. 13 Sep, 2020 3 commits
  22. 12 Sep, 2020 1 commit
    • Rob Swindell's avatar
      Improve startup w/Config Wizard reliability · 351cf95a
      Rob Swindell authored
      I noticed on one particular system that Canceling or Completing
      the configuration wizard on a fresh install, sbbsctrl.exe would
      just shut down (no error dialog or anything, likely a crash of
      some kind). Instrumenting StartupTimerTick() didn't reveal anything
      useful (it ran to completion).
      
      By changing the method of launching the Configuration Wizard,
      I was able to eliminate this observed problem. Now, the StartupTimer
      runs twice on a fresh install (just once for a normal startup),
      and the second run of the StartupTimerTick starts the configuration
      wizard.
      
      I also reverted to the previous behavior of dynamically creating
      and destroying the wizard for each use. There's just too much state
      information to restore if the config wizard is run a second time.
      
      Also, removed a bunch of old Registry settings readings (v3.10/11
      upgrade support) and commented out code.
      351cf95a
  23. 11 Sep, 2020 1 commit
  24. 08 Sep, 2020 3 commits
  25. 07 Sep, 2020 1 commit
  26. 16 Aug, 2020 1 commit