• src/sbbs3/userdat.c

    From rswindell to CVS commit on Sun Apr 12 22:05:08 2020
    src/sbbs3 userdat.c 1.224 1.225
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv22402

    Modified Files:
    userdat.c
    Log Message:
    Include the protocol and the IP address (if hostname is "<no name>") in the download notification short-mesage (telegram) sent to an uploader from user_downloaded_file().

  • From rswindell to CVS commit on Tue Apr 14 01:57:19 2020
    src/sbbs3 userdat.c 1.225 1.226
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/home/rswindell/sbbs/src/sbbs3

    Modified Files:
    userdat.c
    Log Message:
    Resolve gcc warning: braces around scalar initializer


  • From rswindell to CVS commit on Fri Apr 24 16:00:04 2020
    src/sbbs3 userdat.c 1.226 1.227
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv14335

    Modified Files:
    userdat.c
    Log Message:
    Added over/underflow protection of 16-bit user fields (e.g. timeon, posts, etc) in adjustuserrec() - as reported by Nelgin, the finder and reporter of bugs. 32-bit fields were protected, but not 16-bit fields, so they could/would
    "wrap around" (e.g. after exceed 65535).
    I did not add protection for 8-bit integer wrap as there's only one (leech) and that's not relevant/used these days.

  • From rswindell to CVS commit on Sat May 2 15:51:32 2020
    src/sbbs3 userdat.c 1.227 1.228
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv18787

    Modified Files:
    userdat.c
    Log Message:
    Check if client->host is not-blank, not non-NULL.
    Resolve warning: comparison of array 'client->host' not equal to a null pointer is always true in Clang

  • From rswindell to CVS commit on Sat Aug 15 17:47:36 2020
    src/sbbs3 userdat.c 1.229 1.230
    Update of /cvsroot/sbbs/src/sbbs3
    In directory cvs:/tmp/cvs-serv27150

    Modified Files:
    userdat.c
    Log Message:
    Recognize the "quiet" directory setting (no download notifications) for
    the JS User.downloaded_file() method (used by ecWeb's file download stuff). Thanks Coz.


  • From Rob to Git commit to sbbs/master on Tue Oct 20 20:24:09 2020
    https://gitlab.synchro.net/sbbs/sbbs/-/commit/1e9d5c2cc05ee318ab629bce
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Treat every login failure with no password available as unique

    When loginFailure() is called with NULL for the password argument, that indicates there was no password available (e.g. an aborted login attempt) - treat each of these as a unique (not duplicate) failed-login attempt. This'll trigger ban/filter thresholds sooner for clients that hammer servers and disconnect mid-login.
  • From Rob Swindell to Git commit to sbbs/master on Sun Nov 22 16:33:59 2020
    https://gitlab.synchro.net/sbbs/sbbs/-/commit/5168429f4fae5bfda1fa9976
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    My first opportunity to use IS_ALPHANUMERIC ()instead of isalnum()

    and I blew it. Here's to learning new tricks.
  • From Rob Swindell to Git commit to Main/master on Mon Nov 23 22:12:10 2020
    https://gitlab.synchro.net/main/sbbs/-/commit/0f76860d6b42af92589f6fa2
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Include the [F] (forced chat) flag for help in debugging forced-chat.
  • From Rob Swindell to Git commit to main/sbbs/master on Wed Dec 2 00:09:17 2020
    https://gitlab.synchro.net/main/sbbs/-/commit/3eaf57fe30820f5b0f232328
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    C version of chk_ar() now supports the DOS keyword...

    The "DOS" ARS keyword was always evaluating to false, on all platforms, for the C version of chk_ar(), which is used for populating JS *_area objects and for the User.compare_ars() implementation.

    Unfortunately, the startup (sbbs.ini) "NO_DOS" option is not recognized here (yet), so it'll report true (e.g. for Win64 or Linux systems with DOSemu) even if/when the NO_DOS option is set.
  • From Rob Swindell to Git commit to main/sbbs/master on Wed Apr 14 19:19:52 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/0b3804ff58b0611e544fb932
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Don't compare array against NULL

    Addresses CID 319116 and 319090
  • From Rob Swindell to Git commit to main/sbbs/master on Sun Apr 18 20:25:04 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/9c1594949415dda47210ad23
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Let's make that semfile just sound.mute
  • From Rob Swindell to Git commit to main/sbbs/master on Sun Apr 25 19:36:21 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/55d6d6b8c0c8e92522a45c42
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Get rid of an unnecessary strcat() call

    CID 33567
  • From Rob Swindell to Git commit to main/sbbs/master on Mon Sep 20 23:33:38 2021
    https://gitlab.synchro.net/main/sbbs/-/commit/e6bc098025fb9ffb263f8ce4
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Ignore trailing non-alpha-numeric characters in matchusername()

    A name ending in a symbol (e.g. "Erich B.") would cause problems with this matching logic.
  • From Rob Swindell to Git commit to main/sbbs/master on Thu Jan 27 22:49:50 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/fc3addb6b31e44b593986432
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Use new 'vdir' elements in getdir_from_vpath()
  • From Rob Swindell to Git commit to main/sbbs/master on Thu Feb 24 12:42:58 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/b1bb5630000e4065a9377f1b
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Handle filelength() possibly returning negative value

    CID 349724
  • From Rob Swindell to Git commit to main/sbbs/master on Tue Mar 1 20:30:39 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/d43068225eab3fd62b66f1b2
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Address Coverity-scan reported issues

    Could use more long->off_t conversions, but this is a start.
  • From Rob Swindell to Git commit to main/sbbs/master on Tue Mar 1 22:43:08 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/169c6dcc8956ff86294071d7
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Added NULL argument checking
  • From Rob Swindell to Git commit to main/sbbs/master on Tue Mar 29 01:16:22 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/40eec7fa665daee9c365e43f
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Posts from QWKnet users don't count as "posts" for local stats

    Might add some other statistic for these relayed posts at some point.
  • From Rob Swindell to Git commit to main/sbbs/master on Mon Apr 25 14:21:49 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/14940b8a7f261cb137b69035
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Fix possible underflow conditions in gettimeleft()

    If a non-'T' exempt user had already used more time today than their security level allows, their timeleft would be computed as a negative value due to integer underflow. Since the return value of this function is assigned to a ulong (timeleft), this becomes a large positive number. Cap the floor of the computed time left at 0.

    Also fix the potential for underflow that could occur if the system clock changes while a user is online and 'now' becomes greater than 'starttime'.
  • From Rob Swindell to Git commit to main/sbbs/master on Thu Aug 11 12:21:54 2022
    https://gitlab.synchro.net/main/sbbs/-/commit/8ad5e191568032ec2d91c79f
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    matchuser() now always returns 0 when passed an empty 'name'

    Also, don't match against deleted (blank) usernames in name.dat
    (e.g. when 'name' value consists of a single ETX character).
  • From Rob Swindell to Git commit to main/sbbs/master on Sat Jan 21 19:51:15 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/6c0e423a38920f64abfb7013
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Don't truncate a user's record if the default download protocol or gender are '\0'

    A blank download protocol field in a user.dat, when parsed, sets the 'prot' field
    of user_t to 0. When writing the record back to the user.dat, this would prematurely
    truncate all other fields off the user record (since strings in C are NUL terminated
    and we're using sprintf() to format the record and %c specifier for that field).

    The fix is to write a ' ' character instead of '\0' if the user_t.prot is '\0'. As part of this fix, I'm writing a '?' if a user_t.sex is '\0' (not sure if this
    is actually possible, but just as insurance). Those are the only 2 single-character
    user properties/fields today.

    Bug reported/debugged by Al of The Rusty Mailbox (1:153/757.2) - thank you!
  • From Rob Swindell (in GitKraken) to Git commit to main/sbbs/master on Thu Mar 2 18:56:50 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/14125aa4b0aa0bf027f77361
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    The NoAccess* text.dat strings are not appropriate 'reason' codes

    These text.dat strings require an argument (and normally used with the NOACCESS @-code which uses the noaccess_str and noaccess_val member variables), so not appropriate to use as a reason code here. Use more generic (no argument) text.dat item numbers instead.
  • From Rob Swindell (in GitKraken) to Git commit to main/sbbs/master on Fri Mar 10 19:59:26 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/edc931be6282acafdf043532
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    More strict login-by-user-number support (parsing logic)

    Before now, if the sysop enabled login-by-user-number and the specified login ID *started* with a decimal digit, it'd be treated as a user number and converted to a 32-bit integer. This could result in weird stuff, like this error I got today:
    SMTP ... !ERROR -2 getting data on user (7000401005.gc7gg@synchro.net)

    7,000,401,005 is clearly greater than the number of users in my user base
    on Vert, but since 7B is > 2.1B (0x7fffffff), the number would be parsed as
    a *negative* integer value and thus less than the total number of users in my userbase.

    An obvious solution would be to just turn of login-by-user-number, and for
    most systems, I suggest doing that (a system is less secure with it enabled).

    However, I want to leave the option for sysops (at least for now) and don't want this weird behavior so, a login by user number now requires that the entire login ID is just decimal numbers, nothing else, and the number is
    parsed as an unsigned integer. So yes, roll-over can happen for very high numbers (>4.2B), but in no instance will the number be parsed as negative and thus lead to an invalid user record look-up attempt.
  • From Rob Swindell (on Debian Linux) to Git commit to main/sbbs/master on Mon Apr 3 14:07:29 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/e0979e270d947bc8a9e64e70
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Fix GCC 9.4.0 warning reported by Nelgin

    warning: format not a string literal and no format arguments

    Weird this warning is happening for me with GCC 12.2 (debug or release build)
  • From Rob Swindell (on Windows) to Git commit to main/sbbs/master on Mon May 8 18:07:50 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/c1d6e2c764781b0400578600
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    The "user" directory is special: you don't need "access" to download from it.

    When sending a user-to-user file transfer, SBBS (since v3.19) will check that the file recipient will be able to download it (e.g. doesn't have restrictions preventing it) and this was failing for most (non-sysop) recipient users since they wouldn't normally meet the "access restrictions" of the user directory
    (by design).
  • From Rob Swindell (on Windows 11) to Git commit to main/sbbs/master on Thu Dec 14 22:07:43 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/68d9c3265f981c3579115177
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Truncate attempted user-name at '@' before comparing against name.can file

    '@' is in the name.can by default and the mail server recognizes user@addr formatted logins/attempts, so truncate at the '@' before comparing against
    the name.can file to prevent false !TEMPORARY BAN (1 login attempts, ... occurences.
  • From Rob Swindell (on Windows 11) to Git commit to main/sbbs/master on Sun Dec 17 01:37:48 2023
    https://gitlab.synchro.net/main/sbbs/-/commit/39b718dd3ea96ef9f70b5575
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Fix typos in comments
  • From Rob Swindell (on Windows 11) to Git commit to main/sbbs/master on Mon Jan 1 16:13:36 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/e675cd6612c6723d40063f44
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Fix bug with parse_birthdate() in year-first format

    The year is 4 digits, so the offsets aren't the same as the other 2 supported formats. Doh!

    Thanks Max for testing!
  • From Rob Swindell (on Windows 11) to Git commit to main/sbbs/master on Sat Feb 10 17:13:02 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/3bf7380f569eababc753e3fc
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    nodestatus() print internal code rather than xtrn number, if possible

    (as a fall back to the full external program name).
  • From Rob Swindell (on Windows 11) to Git commit to main/sbbs/master on Mon Mar 18 21:22:06 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/d6293e05bccdff9ff8fbb1c8
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Fix logic to add the "partially" prefix to download notification messages

    The file_t struct may not have the size of the file pre-poulated, so we needed to call getfilesize() here.
  • From Rob Swindell (on Windows 11) to Git commit to main/sbbs/master on Fri Jun 21 12:44:51 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/e7642321545ef80fb73fe183
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Fix getnodedat() error handling and usage

    If a file descriptor is passed to getnodedat() and the lock retry counter was reached, the file would be closed, but the passed file descriptor reference would not be set to -1. This could result in exceptions (from subsequent read attempts on the referenced file descriptor) in cases where the node.dab could not be locked or read by getnodedat() and was thus closed.

    The set/get_node_* helper functions (used by MQTT) were not initializing the node.dab file descriptor (i.e. to -1), so it's possible getnodedat() could
    try to read from and close an invalid/wrong open file descriptor. If the local variable happened to be initialized to a value <= 0, then, no problem, but
    this is undefined behavior (UB).
  • From Rob Swindell (on Debian Linux) to Git commit to main/sbbs/master on Thu Aug 22 19:54:56 2024
    https://gitlab.synchro.net/main/sbbs/-/commit/69fc70ab9e59914f5bfceb9f
    Modified Files:
    src/sbbs3/userdat.c
    Log Message:
    Extend (and back-off) the user.tab record lock attempts

    I'v been getting errors locking user.tab (for read) for a while (over samba), so hopefully this helps. The lockuserdat() total timeout duration extends from about 5 seconds to about 45 seconds (with an incremental back-off).

    Implement the same lock-retry logic/limit in putuserdat().