--- lbbs/src/net_server.c 2025/11/21 10:34:10 1.96 +++ lbbs/src/net_server.c 2025/12/18 14:47:00 1.111 @@ -40,6 +40,7 @@ #include #include #include +#include #include #include @@ -114,6 +115,11 @@ static int auth_password(ssh_session ses else { ret = check_user(user, password); + if (ret == 2) // Enforce update user agreement + { + BBS_update_eula = 1; + ret = 0; + } } if (ret == 0) @@ -385,9 +391,7 @@ static int fork_server(void) ret = ssh_event_dopoll(event, 100); // 0.1 second if (ret == SSH_ERROR) { -#ifdef _DEBUG - log_error("ssh_event_dopoll() error: %s\n", ssh_get_error(SSH_session)); -#endif + log_debug("ssh_event_dopoll() error: %s\n", ssh_get_error(SSH_session)); goto cleanup; } } @@ -422,6 +426,8 @@ static int fork_server(void) log_error("Error setting SSH options: %s\n", ssh_get_error(SSH_session)); goto cleanup; } + + ssh_set_blocking(SSH_session, 0); } // Redirect Input @@ -507,6 +513,7 @@ cleanup: int net_server(const char *hostaddr, in_port_t port[]) { + struct stat file_stat; unsigned int addrlen; int ret; int flags_server[2]; @@ -521,8 +528,8 @@ int net_server(const char *hostaddr, in_ int nfds; int notify_child_exit = 0; time_t tm_notify_child_exit = time(NULL); - int i, j; pid_t pid; + int ssh_key_valid = 0; int ssh_log_level = SSH_LOG_NOLOG; #ifdef HAVE_SYSTEMD_SD_DAEMON_H @@ -533,10 +540,41 @@ int net_server(const char *hostaddr, in_ sshbind = ssh_bind_new(); + if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, SSH_HOST_RSA_KEY_FILE) < 0) + { + log_error("Error loading SSH RSA key: %s\n", SSH_HOST_RSA_KEY_FILE); + } + else + { + ssh_key_valid = 1; + } + if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, SSH_HOST_ED25519_KEY_FILE) < 0) + { + log_error("Error loading SSH ED25519 key: %s\n", SSH_HOST_ED25519_KEY_FILE); + } + else + { + ssh_key_valid = 1; + } + if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, SSH_HOST_ECDSA_KEY_FILE) < 0) + { + log_error("Error loading SSH ECDSA key: %s\n", SSH_HOST_ECDSA_KEY_FILE); + } + else + { + ssh_key_valid = 1; + } + + if (!ssh_key_valid) + { + log_error("Error: no valid SSH host key\n"); + ssh_bind_free(sshbind); + return -1; + } + if (ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDADDR, hostaddr) < 0 || ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_BINDPORT, &port) < 0 || - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY, SSH_HOST_KEYFILE) < 0 || - ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, "ssh-rsa,rsa-sha2-512,rsa-sha2-256") < 0 || + ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_HOSTKEY_ALGORITHMS, "+ssh-ed25519,ecdsa-sha2-nistp256,ssh-rsa") < 0 || ssh_bind_options_set(sshbind, SSH_BIND_OPTIONS_LOG_VERBOSITY, &ssh_log_level) < 0) { log_error("Error setting SSH bind options: %s\n", ssh_get_error(sshbind)); @@ -554,7 +592,7 @@ int net_server(const char *hostaddr, in_ #endif // Server socket - for (i = 0; i < 2; i++) + for (int i = 0; i < 2; i++) { socket_server[i] = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); @@ -614,6 +652,8 @@ int net_server(const char *hostaddr, in_ fcntl(socket_server[i], F_SETFL, flags_server[i] | O_NONBLOCK); } + ssh_bind_set_blocking(sshbind, 0); + hash_dict_pid_sockaddr = hash_dict_create(MAX_CLIENT_LIMIT); if (hash_dict_pid_sockaddr == NULL) { @@ -670,24 +710,24 @@ int net_server(const char *hostaddr, in_ if (pid != section_list_loader_pid) { - j = 0; - ret = hash_dict_get(hash_dict_pid_sockaddr, (uint64_t)pid, (int64_t *)&j); + int64_t j = 0; + ret = hash_dict_get(hash_dict_pid_sockaddr, (uint64_t)pid, &j); if (ret < 0) { log_error("hash_dict_get(hash_dict_pid_sockaddr, %d) error\n", pid); } else { - ret = hash_dict_inc(hash_dict_sockaddr_count, (uint64_t)j, -1); - if (ret < 0) + ret = hash_dict_inc(hash_dict_sockaddr_count, (in_addr_t)j, -1); + if (ret <= 0) { - log_error("hash_dict_inc(hash_dict_sockaddr_count, %d, -1) error\n", j); + log_error("hash_dict_inc(hash_dict_sockaddr_count, %lu, -1) error: %d\n", (in_addr_t)j, ret); } ret = hash_dict_del(hash_dict_pid_sockaddr, (uint64_t)pid); if (ret < 0) { - log_error("hash_dict_del(hash_dict_pid_sockaddr, %d) error\n", pid); + log_error("hash_dict_del(hash_dict_pid_sockaddr, %lu) error\n", (uint64_t)pid); } } } @@ -749,6 +789,8 @@ int net_server(const char *hostaddr, in_ sd_notify(0, "RELOADING=1"); #endif + log_common("Reload configuration\n"); + // Restart log if (log_restart() < 0) { @@ -767,6 +809,16 @@ int net_server(const char *hostaddr, in_ log_error("Reload BWF conf failed\n"); } + // Get EULA modification tm + if (stat(DATA_EULA, &file_stat) == -1) + { + log_error("stat(%s) error\n", DATA_EULA, errno); + } + else + { + BBS_eula_tm = file_stat.st_mtim.tv_sec; + } + if (detach_menu_shm(&bbs_menu) < 0) { log_error("detach_menu_shm(bbs_menu) error\n"); @@ -786,6 +838,7 @@ int net_server(const char *hostaddr, in_ log_error("load_menu(top10_menu) error\n"); unload_menu(&top10_menu); } + top10_menu.allow_exit = 1; for (int i = 0; i < data_files_load_startup_count; i++) { @@ -883,12 +936,10 @@ int net_server(const char *hostaddr, in_ port_client = ntohs(sin.sin_port); - log_common("Accept %s connection from %s:%d\n", (SSH_v2 ? "SSH" : "telnet"), hostaddr_client, port_client); - if (SYS_child_process_count - 1 < BBS_max_client) { - j = 0; - ret = hash_dict_get(hash_dict_sockaddr_count, (uint64_t)sin.sin_addr.s_addr, (int64_t *)&j); + int64_t j = 0; + ret = hash_dict_get(hash_dict_sockaddr_count, sin.sin_addr.s_addr, &j); if (ret < 0) { log_error("hash_dict_get(hash_dict_sockaddr_count, %s) error\n", hostaddr_client); @@ -905,24 +956,45 @@ int net_server(const char *hostaddr, in_ ret = hash_dict_set(hash_dict_pid_sockaddr, (uint64_t)pid, sin.sin_addr.s_addr); if (ret < 0) { - log_error("hash_dict_set(hash_dict_pid_sockaddr, %d, %s) error\n", pid, hostaddr_client); + log_error("hash_dict_set(hash_dict_pid_sockaddr, %lu, %s) error\n", (uint64_t)pid, hostaddr_client); } - ret = hash_dict_inc(hash_dict_sockaddr_count, (uint64_t)sin.sin_addr.s_addr, 1); - if (ret < 0) + if (j == 0) + { + // First connection from this IP + log_common("Accept %s connection from %s:%d\n", + (SSH_v2 ? "SSH" : "telnet"), hostaddr_client, port_client); + + ret = hash_dict_set(hash_dict_sockaddr_count, (uint64_t)sin.sin_addr.s_addr, 1); + if (ret < 0) + { + log_error("hash_dict_set(hash_dict_sockaddr_count, %s, 1) error\n", hostaddr_client); + } + } + else { - log_error("hash_dict_inc(hash_dict_sockaddr_count, %s, %d) error\n", hostaddr_client, 1); + // Increase connection count from this IP + log_common("Accept %s connection from %s:%d, already have %d connections\n", + (SSH_v2 ? "SSH" : "telnet"), hostaddr_client, port_client, j); + + ret = hash_dict_inc(hash_dict_sockaddr_count, (uint64_t)sin.sin_addr.s_addr, 1); + if (ret <= 0) + { + log_error("hash_dict_inc(hash_dict_sockaddr_count, %s, 1) error: %d\n", hostaddr_client, ret); + } } } } else { - log_error("Rejected client connection from %s over limit per IP (%d)\n", hostaddr_client, BBS_max_client_per_ip); + log_error("Rejected %s connection from %s:%d over limit per IP (%d >= %d)\n", + (SSH_v2 ? "SSH" : "telnet"), hostaddr_client, port_client, j, BBS_max_client_per_ip); } } else { - log_error("Rejected client connection over limit (%d)\n", SYS_child_process_count - 1); + log_error("Rejected %s connection from %s:%d over limit (%d >= %d)\n", + (SSH_v2 ? "SSH" : "telnet"), hostaddr_client, port_client, SYS_child_process_count - 1, BBS_max_client); } if (close(socket_client) == -1) @@ -941,7 +1013,7 @@ int net_server(const char *hostaddr, in_ } #endif - for (i = 0; i < 2; i++) + for (int i = 0; i < 2; i++) { if (close(socket_server[i]) == -1) {