1. Forum
  2. DOVE-Net
  3. Synchronet Programming

  • src/sbbs3/ftpsrvr.cpp log

    From Rob Swindell (on Windows@VERT to Git commit to main/sbbs/m on Saturday, May 02, 2026 21:57:00
    https://gitlab.synchro.net/main/sbbs/-/commit/809479e95df12b20674658d5
    Modified Files:
    src/sbbs3/ftpsrvr.cpp login.cpp mailsrvr.cpp main.cpp mqtt.c mqtt.h services.cpp websrvr.cpp
    Log Message:
    sbbs3 servers: publish per-IP login_attempts and max_concurrent on MQTT

    Each TCP server publishes a retained per-IP entry on every loginFailure
    to sbbs/<sysid>/host/<host>/login_attempts/<ip>, clears it on
    loginSuccess, and deletes the retained payload on semfile / clear-topic
    sysop clears. The terminal server also publishes max-concurrent strike
    counts to <server>/term/max_concurrent/<ip> and clears them on
    filter-trip / login-success.

    Payload follows the in-tree MQTT convention: tab-delimited fields with
    ISO-8601 timestamps, no JSON. The plaintext password from login_attempt_t
    is intentionally omitted since MQTT can be off-host.

    The five servers' full-clear branches are deduplicated through a new mqtt_clear_login_attempt_list() helper in mqtt.c that gates per-entry
    publishes on mqtt->connected and falls through to plain
    loginAttemptListClear() when MQTT isn't publishing, so systems running
    with MQTT disabled pay no measurable overhead.

    Addresses gitlab issue #1124 and Nelgin's "room for improvement" remark
    on the same.

    Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian L@VERT to Git commit to main/sbbs/m on Thursday, May 21, 2026 20:23:00
    https://gitlab.synchro.net/main/sbbs/-/commit/f17cc3607e02f7735f2cf5ae
    Modified Files:
    src/sbbs3/ftpsrvr.cpp login.cpp mailsrvr.cpp main.cpp services.cpp websrvr.cpp
    Log Message:
    Log a consistent !BLOCKING IP ADDRESS notice when auto-filtering IPs

    filter_ip() (trash.c) is a libsbbs function with no logger, so logging
    the IP-filter addition is the caller's responsibility. Coverage and
    format were inconsistent: only the max-concurrent (main.cpp) and
    SPAM-bait (mailsrvr.cpp) paths logged anything, and those two disagreed
    on whether the filter file was shown as a basename or a full path.

    The auto-filter-on-failed-logins path in every server (login.cpp,
    services.cpp, ftpsrvr.cpp, mailsrvr.cpp, websrvr.cpp) added the abuser's
    IP to ip.can silently, with no log line marking the moment.

    Emit a uniform "!BLOCKING IP ADDRESS: <ip> in <file>" NOTICE at all of
    these sites, using the full filter-file path everywhere (drop the
    getfname() basename in main.cpp) to match the existing
    "!CLIENT BLOCKED in %s" messages. Each site follows its file's local
    lprintf prefix convention; login.cpp derives the ip.can path via trashcan_fname() rather than hardcoding it.

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net
  • From Rob Swindell (on Debian L@VERT to Git commit to main/sbbs/m on Thursday, May 21, 2026 20:23:00
    https://gitlab.synchro.net/main/sbbs/-/commit/be8ba77c24df2405a8e6c5c4
    Modified Files:
    src/sbbs3/ftpsrvr.cpp login.cpp mailsrvr.cpp main.cpp services.cpp websrvr.cpp
    Log Message:
    Only log !BLOCKING IP ADDRESS when filter_ip() actually filters the IP

    filter_ip() returns false when the IP/host is exempt (listed in ipfilter_exempt.cfg), when ip_addr is NULL, or when the filter file
    can't be opened -- in none of those cases is the address actually added
    to the filter. The "!BLOCKING IP ADDRESS" notices were logged
    unconditionally before the call, so an exempt IP in the auto-filter
    paths would still produce a misleading "BLOCKING" log line even though filter_ip() then declined to add it.

    Gate each notice on filter_ip() returning true. In the SMTP SPAM-bait
    path, also fold the call into the condition so the " and BLOCKED" tag is
    only appended on an actual block.

    Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

    ---
    þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net