-
src/sbbs3/answer.cpp
From
deuce@VERT to
CVS commit on Thursday, February 27, 2014 20:57:57
src/sbbs3 answer.cpp 1.77 1.78
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv21473
Modified Files:
answer.cpp
Log Message:
Fix potential buffer overruns in SSH user name and password.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
deuce@VERT to
CVS commit on Friday, February 28, 2014 11:25:49
src/sbbs3 answer.cpp 1.78 1.79
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv2254
Modified Files:
answer.cpp
Log Message:
Remove bit of IPv6 patch that snuck in.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Friday, March 07, 2014 23:42:35
src/sbbs3 answer.cpp 1.81 1.82
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv31577
Modified Files:
answer.cpp
Log Message:
Log message and display warning to user when protocol-specified user name does not match database and beginning new user sing-up.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Tuesday, October 28, 2014 23:55:12
src/sbbs3 answer.cpp 1.83 1.84
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv4168
Modified Files:
answer.cpp
Log Message:
Bug-fix: when SSH or RLogin supplied username is not a valid user, the new user signup process would be started without the current client IP address being added to the 'failed login attempt' list. This means that brute force login attempts using SSH or RLogin would usually not be subject to the loginAttempt delays and logging/filtering settings (in sbbs.ini), since the usernames attempted (e.g. root, admin) are usually not valid usernames.
More:
- Log failed password attempts before calling badlogin() -which can delay.
- Stop RLogin and SSH password prompt loop immediately if disconnected.
- Log RLogin and SSH passwords used for invalid usernames (when password
logging is enabled in SCFG).
- Log attempted usernames in quotes (so prepenned or trailing whitespace is more
obvious)
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Sunday, January 18, 2015 21:10:47
src/sbbs3 answer.cpp 1.84 1.85
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv23360
Modified Files:
answer.cpp
Log Message:
Fix off-by-one stack smash of memory past the 'tmp' var as caught
by msvc debug build and reported via assertion.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Wednesday, August 26, 2015 17:35:52
src/sbbs3 answer.cpp 1.87 1.88
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv22435
Modified Files:
answer.cpp
Log Message:
Updated comments only (no functional change).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Thursday, December 03, 2015 02:30:33
src/sbbs3 answer.cpp 1.88 1.89
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv26624
Modified Files:
answer.cpp
Log Message:
Make absolutely sure that useron.number is 0 if answer() returns without logging in a user. Apparently it's possible to disconnect during an SSH login and have this function return with useron.number set to a valid user number even though there was no successful login, leading to undesireable things happening in logout().
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Friday, December 18, 2015 19:35:19
src/sbbs3 answer.cpp 1.90 1.91
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv13226
Modified Files:
answer.cpp
Log Message:
Fix uninitialized SSH password logging bug.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ
telnet://vert.synchro.net
-
From
rswindell@VERT to
CVS commit on Sunday, January 21, 2018 20:01:47
src/sbbs3 answer.cpp 1.92 1.93
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv30186
Modified Files:
answer.cpp
Log Message:
#define SUPPORT_ZUULTERM if you want this Zuul/HTML terminal support
code included. As far as I know, no one is using one.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Sunday, April 01, 2018 00:51:09
src/sbbs3 answer.cpp 1.94 1.95
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv14832
Modified Files:
answer.cpp
Log Message:
If the SSH or RLogin-supplied username is in the name.can, don't start the
new user signup process with that name (just fall-through to a normal login prompt).
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Tuesday, April 24, 2018 00:02:12
src/sbbs3 answer.cpp 1.95 1.96
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/home/rswindell/sbbs/src/sbbs3
Modified Files:
answer.cpp
Log Message:
Make the "UNKNOWN USER" log messages more consistent:
- Using NOTCICE (not INFO) log level.
- Move the protocol name after Node X and remove the colon.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Saturday, July 07, 2018 00:52:08
src/sbbs3 answer.cpp 1.96 1.97
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv930
Modified Files:
answer.cpp
Log Message:
For SSH and RLogin 'logins', use the mastchuser() function rather than userdatdupe() to match the passed login-id (username):
* This allows more permissive username matching, e.g. if your user name
is "Analog Kid", you could login with "analogkid", "analog.kid" or
"analog_kid", which is handy when passing a user name on the command
line (e.g. to an ssh client) for example.
* This is the same function used for Telnet logins via exec/login.js
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Sunday, October 21, 2018 21:22:25
src/sbbs3 answer.cpp 1.99 1.100
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/home/rswindell/sbbs/src/sbbs3
Modified Files:
answer.cpp
Log Message:
Address new GCC printf warnings.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Thursday, July 11, 2019 19:10:42
src/sbbs3 answer.cpp 1.102 1.103
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv14360
Modified Files:
answer.cpp
Log Message:
Don't change useron.misc during logon. This could cause a user's account
to have the NO_EXASCII (plain-ASCII only) set if the logged in without a successful auto-terminal-type detection.
And with sbbs_t::term_supports(), we don't need useron.misc to reflect the auto-detected-terminal-type any longer.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Tuesday, August 13, 2019 13:22:19
src/sbbs3 answer.cpp 1.105 1.106
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv16920
Modified Files:
answer.cpp
Log Message:
If a telnet location was provided by the client, copy it to the caller-ID
(CID) variable, even when the client isn't SEXPOTS.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Friday, September 27, 2019 13:58:38
src/sbbs3 answer.cpp 1.107 1.108
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv17296
Modified Files:
answer.cpp
Log Message:
Support UTF-8 auto-detection for MacOS Terminal v2.8.3 (404.1):
Unexpectedly, a ZWNBSP (U+FEFF) received/echoed by the MacOS Terminal while in the first column causes a subsequent cursor position report to indicate the 2nd column as the current only. I suppose in some weird world a zero-width character can can't as a column position. So if the cursor position has moved less than 2 columns (not exactly 0 columns), then consider it a UTF-8 terminal. Non-UTF-8 terminals normally move the cursor 3 columns when echoing a UTF-8 encoded ZWNBSP. So to summarize, when echoing a ZWNBSP:
- Non-UTF-8 terminals: moves 3 columns
- MacOS terminal: moves 1 columns
- Other UTF-8 terminals: moves 0 columns
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Tuesday, April 07, 2020 19:14:03
src/sbbs3 answer.cpp 1.109 1.110
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv20278
Modified Files:
answer.cpp
Log Message:
RLogin fix: if no username supplied, don't prompt for a password and then log an invalid login for a random (the last read?) user account with a user number of 0.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Tuesday, April 07, 2020 19:21:44
src/sbbs3 answer.cpp 1.110 1.111
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv21452
Modified Files:
answer.cpp
Log Message:
Log the actual user number for "FAILED Password attempt" log messages for SSH and RLogin attempts.
It looks like someone copy/pasted the wrong lines from login.cpp.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Tuesday, April 07, 2020 19:34:26
src/sbbs3 answer.cpp 1.111 1.112
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv23193
Modified Files:
answer.cpp
Log Message:
Allow non-sysops a password re-attempt for SSH and RLogin.
Fixed bug: for RLogin and SSH, if an invalid (e.g. blank) passsword was provided during the handshake, an "Invalid Logon" would be displayed followed by a "Passowrord: " prompt, giving the user an opportunity to reenter the correct password. Only problem: this only worked for sysop accounts. Normal users would just be disconnected after they entere (any) password, correct
or not.
This bug is very old in the RLogin support and appears to have been copy/pasted for the SSH Login bit too.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Wednesday, May 27, 2020 01:22:52
src/sbbs3 answer.cpp 1.113 1.114
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv29982
Modified Files:
answer.cpp
Log Message:
Include a non-zero info value for "User not loggon on" error message.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
rswindell@VERT to
CVS commit on Saturday, August 01, 2020 20:37:24
src/sbbs3 answer.cpp 1.115 1.116
Update of /cvsroot/sbbs/src/sbbs3
In directory cvs:/tmp/cvs-serv24536
Modified Files:
answer.cpp
Log Message:
Fix typo (missing closing quote) in previous commit as pointed out by Coz via irc. Thanks.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell@VERT to
Git commit to sbbs/master on Wednesday, September 16, 2020 20:37:29
-
From
Rob Swindell@VERT to
Git commit to sbbs/master on Friday, October 23, 2020 01:51:57
https://gitlab.synchro.net/sbbs/sbbs/-/commit/1a51ac2cf81b9497d52cb924
Modified Files:
src/sbbs3/answer.cpp
Log Message:
This "!CLIENT IP NOT LIST in /path/to/rlogin.cfg" message is weird
This message can be logged when a sysop is prompted for the system password and enters it incorrectly or just disconnects.
So lower the log level to DEBUG. And include the IP address that we searched for too.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell@VERT to
Git commit to sbbs/master on Monday, November 02, 2020 01:34:31
https://gitlab.synchro.net/sbbs/sbbs/-/commit/2df371fe01859b77a1c69afc
Modified Files:
src/sbbs3/answer.cpp
Log Message:
Manual terminal settings were cleared when logging in via SSH or RLogin
This appears to go back to a change Deuce made in 2004 (rev 1.41) where ANSI, COLOR, RIP and WIP user terminal settings were always cleared when logging in via RLogin.
I happened to notice that manually enabling iCE color support wasn't working when logging in via RLogin (the iCE color flag would be cleared every login, but worked fine when logging in via Telnet). Upon investigation, I found that *all* user's manual terminal settings were cleared for either RLogin or SSH logins (copy/pasted bug). So... stop doing that. The method of dynamic terminal capability detection/checking has changed since 2004, so we should not need to mess with the user's misc flags.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Wednesday, February 10, 2021 21:18:22
https://gitlab.synchro.net/main/sbbs/-/commit/838f67529b17611dd63d48b7
Modified Files:
src/sbbs3/answer.cpp
Log Message:
Apply IP filters to address reported via Telnet Location command
Feature requested (?) by u/jumbotronjim on
https://www.reddit.com/r/synchronet/:
If the client connection is from a blocked IP address (in ip[-silent].can), but still manages to get through the web server and websocketservice and have their correct IP address reported via Telnet Location, terminate the connection. Seems dubious.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Friday, December 30, 2022 02:26:51
-
From
Rob Swindell@VERT to
Git commit to main/sbbs/master on Tuesday, January 03, 2023 21:41:33
-
From
Rob Swindell (on Windows)@VERT to
Git commit to main/sbbs/master on Sunday, September 24, 2023 01:57:53
-
From
Rob Swindell (on Windows 11)@VERT to
Git commit to main/sbbs/master on Wednesday, December 27, 2023 17:11:05
https://gitlab.synchro.net/main/sbbs/-/commit/becf01f28860535195705e43
Modified Files:
src/sbbs3/answer.cpp
Log Message:
Address new GCC build warning in new ssh related code
comparison of integer expressions of different signedness: `int' and `long unsigned int' [-Wsign-compare]
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Wednesday, January 17, 2024 17:37:50
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Saturday, January 20, 2024 22:41:53
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Saturday, January 20, 2024 22:42:59
-
From
Rob Swindell (on Debian Linux)@VERT to
Git commit to main/sbbs/master on Sunday, January 21, 2024 01:13:24
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Sunday, January 21, 2024 12:12:26
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Monday, January 22, 2024 18:20:28
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Monday, January 22, 2024 18:24:16
-
From
Rob Swindell (on Windows 11)@VERT to
Git commit to main/sbbs/master on Friday, February 16, 2024 18:17:02
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Tuesday, February 27, 2024 14:56:09
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Wednesday, February 28, 2024 08:52:16
https://gitlab.synchro.net/main/sbbs/-/commit/7bfb1ef12e482ecfb30a9648
Modified Files:
src/sbbs3/answer.cpp
Log Message:
Guard against answer() being called before the first channel is created.
In this case, just accept whatever we get info on as the "first" one.
Likely fixes #728
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Wednesday, February 28, 2024 11:00:41
https://gitlab.synchro.net/main/sbbs/-/commit/dc04dba2dd1317000fcbc79e
Modified Files:
src/sbbs3/answer.cpp
Log Message:
Early-out of the channel type loop for channel errors.
If there's an error setting the channel or getting the channel
type, give up on the session immediately.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Rob Swindell (on Windows 11)@VERT to
Git commit to main/sbbs/master on Saturday, March 02, 2024 15:48:30
-
From
Rob Swindell (on Windows 11)@VERT to
Git commit to main/sbbs/master on Saturday, March 02, 2024 15:48:30
-
From
Rob Swindell (on Windows 11)@VERT to
Git commit to main/sbbs/master on Saturday, March 02, 2024 15:48:30
https://gitlab.synchro.net/main/sbbs/-/commit/ccce5a7c40c325f3e0628fe1
Modified Files:
src/sbbs3/answer.cpp
Log Message:
Initialize sbbs_t::client and call client_on() as expected for logins
See sbbs_t::logon() for example
Note: the client.protocol is still "SSH" here (not "SFTP"). Perhaps that
should be changed?
Does any client actually support simultaneous "SSH" and "SFTP" sessions over the same socket?
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
-
From
Deuc¨@VERT to
Git commit to main/sbbs/master on Sunday, March 03, 2024 10:36:45
https://gitlab.synchro.net/main/sbbs/-/commit/479c00be08fcee60913272a4
Modified Files:
src/sbbs3/answer.cpp
Log Message:
Fix issue when third SSH authentication attempt succeeds
Because the session is activated on the *next* time through the
loop, if the third attempt to authenticate (including public key)
fails, it would leave the session inactive and fail to log in with
a confusing error about an obsolete cryptlib.
On success, decrement ssh_failed to ensure another pass through
the loop.
Also, add more debug logging around the auth so you can clearly
see each failure, and log client_socket each time so it's clearly
grouped.
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net