From 9f5fed6e8c90553f6fa9bb0510975f665ffae229 Mon Sep 17 00:00:00 2001 From: InterLinked1 <24227567+InterLinked1@users.noreply.github.com> Date: Mon, 16 Dec 2024 08:14:00 -0500 Subject: [PATCH] io, external, scripts, core: Better handle edge cases, update log levels. * io_tls: Don't prevent module from loading if server initialization fails, since client functionality can still be used. * modman.c: Fix detection of include dir for sys include files. * gen_rootfs.sh: Install curl if needed, and remove Docker after creating container filesystem. * backup.sh: Don't backup MySQL if database isn't running locally. * socket.c: Convert warning for potentially legitimate event to debug message. * string.c: Increase debug level of noisy and low-level log message. --- bbs/socket.c | 2 +- bbs/string.c | 4 ++-- external/modman.c | 21 ++++++++++++++++++++- io/io_tls.c | 23 ++++++++++++----------- scripts/backup.sh | 6 +++++- scripts/gen_rootfs.sh | 34 ++++++++++++++++++++++++++++++++-- 6 files changed, 72 insertions(+), 18 deletions(-) diff --git a/bbs/socket.c b/bbs/socket.c index 3287a24..5f5c420 100644 --- a/bbs/socket.c +++ b/bbs/socket.c @@ -2497,7 +2497,7 @@ ssize_t bbs_timed_write(int fd, const char *buf, size_t len, int ms) bbs_error("write(%d) failed (%ld): %s\n", fd, res, strerror(errno)); } } else if (res != (ssize_t) len) { - bbs_warning("Wanted to write %lu bytes to fd %d, only wrote %ld\n", len, fd, res); + bbs_debug(1, "Wanted to write %lu bytes to fd %d, only wrote %ld\n", len, fd, res); } bbs_block_fd(fd); /* Restore */ diff --git a/bbs/string.c b/bbs/string.c index 6af8e98..0263657 100644 --- a/bbs/string.c +++ b/bbs/string.c @@ -620,10 +620,10 @@ int bbs_quoted_printable_decode(char *restrict s, size_t *restrict len, int prin if (!printonly || isprint((char) hex)) { /* XXX isprint check only works for single-byte UTF-8 characters */ *d++ = (char) hex; *len += 1; - bbs_debug(5, "Decoded quoted printable[%lu] %s -> %d (%c)\n", index, hexcode, hex, hex); + bbs_debug(10, "Decoded quoted printable[%lu] %s -> %d (%c)\n", index, hexcode, hex, isprint(hex) ? hex : '.'); } else { /* Don't add invalid UTF-8 characters in the first place */ - bbs_warning("Invalid quoted printable[%lu] %s -> %d (%c)\n", index, hexcode, hex, hex); + bbs_warning("Invalid quoted printable[%lu] %s -> %d (%c)\n", index, hexcode, hex, isprint(hex) ? hex : '.'); } } s++; diff --git a/external/modman.c b/external/modman.c index 176fa72..441bd17 100644 --- a/external/modman.c +++ b/external/modman.c @@ -301,6 +301,7 @@ static int load_header_file_locations(void) { FILE *pfp; char buf[512]; + int bytes; int paths_detected = 0; char *pos = sys_include_paths; size_t len = sizeof(sys_include_paths); @@ -314,7 +315,6 @@ static int load_header_file_locations(void) return -1; } while (len > 0 && fgets(buf, sizeof(buf), pfp)) { - int bytes; if (strncmp(buf, " /", 2)) { continue; } @@ -324,10 +324,25 @@ static int load_header_file_locations(void) paths_detected++; modman_log(7, " System include path: %s", buf + 1); /* Already ends in LF */ bytes = snprintf(pos, len, "%s", buf + 1); + pos[bytes - 1] = '\0'; /* Temporarily null terminate */ + if (access(pos, R_OK)) { + modman_warning("Can't access directory '%s'\n", pos); + } + pos[bytes - 1] = '\n'; /* Restore LF */ pos += bytes; len -= bytes; } pclose(pfp); +#define SYS_INCLUDE_DIR "/usr/include/x86_64-linux-gnu" + if (!strstr(buf, SYS_INCLUDE_DIR) && !access(SYS_INCLUDE_DIR, R_OK)) { + /* This directory is not explicitly returned by the gcc output, but all the header files live here: */ + modman_log(7, " System include path: %s\n", SYS_INCLUDE_DIR); + bytes = snprintf(pos, len, SYS_INCLUDE_DIR "\n"); +#undef SYS_INCLUDE_DIR + pos += bytes; + len -= bytes; + paths_detected++; + } if (!paths_detected) { modman_error("Failed to determine what the system include paths are\n"); return -1; @@ -396,6 +411,10 @@ static int check_header_file(const char *dirname, const char *modname, const cha while ((path = strsep(&paths, "\n"))) { char *includedir; + if (!*path) { + continue; + } + includedir = strchr(path, '/'); /* Skip leading whitespace, and strchr cannot return NULL. */ TERMINATE_AT(path, '\n'); num_incpaths++; diff --git a/io/io_tls.c b/io/io_tls.c index 0477501..e7c1da9 100644 --- a/io/io_tls.c +++ b/io/io_tls.c @@ -1175,7 +1175,7 @@ static int tlsreload(int fd) struct ssl_fd *sfd; if (!locks_initialized) { - bbs_dprintf(fd, "TLS may only be reloaded if it initialized during startup. Restart the BBS to load new configuration.\n"); + bbs_dprintf(fd, "TLS may only be reloaded if it initialized during startup. Completely unload and load (/reload) the TLS module to load new configuration.\n"); return -1; } @@ -1215,7 +1215,7 @@ static int tlsreload(int fd) if (ssl_load_config(1)) { bbs_rwlock_unlock(&ssl_cert_lock); - bbs_debug(5, "Failed to reload TLS configuration, TLS will now be disabled.\n"); + bbs_debug(5, "Failed to reload TLS configuration, TLS server will now be disabled.\n"); return -1; } @@ -1256,8 +1256,9 @@ static int ssl_server_init(void) } if (ssl_load_config(0)) { - bbs_debug(5, "TLS will not be available\n"); - return -1; + bbs_debug(5, "TLS server will not be available\n"); + } else { + ssl_is_available = 1; } if (lock_init()) { bbs_error("lock_init failed, TLS disabled\n"); @@ -1265,7 +1266,6 @@ static int ssl_server_init(void) } locks_initialized = 1; - ssl_is_available = 1; return 0; } @@ -1303,12 +1303,11 @@ static int setup(int *rfd, int *wfd, enum bbs_io_transform_dir dir, void **restr return -1; } - if (!ssl_is_available) { - bbs_warning("Declining TLS setup\n"); - return -1; - } - if (dir & TRANSFORM_SERVER) { + if (!ssl_is_available) { + bbs_error("Declining TLS setup\n"); /* Shouldn't happen since we didn't register the SERVER I/O callback... */ + return -1; + } ssl = ssl_new_accept(fd, rfd, wfd); } else if (dir & TRANSFORM_CLIENT) { const char *snihostname = arg; @@ -1349,10 +1348,12 @@ static int query(struct bbs_io_transformation *tran, int query, void *data) static int load_module(void) { if (ssl_server_init()) { + bbs_error("Failed to initialize TLS\n"); ssl_server_shutdown(); return -1; } - if (bbs_io_transformer_register("TLS", setup, query, cleanup, TRANSFORM_TLS_ENCRYPTION, TRANSFORM_SERVER_CLIENT_TX_RX)) { + /* If we loaded server configuration, allow TLS as both server/client. Otherwise, just client. */ + if (bbs_io_transformer_register("TLS", setup, query, cleanup, TRANSFORM_TLS_ENCRYPTION, ssl_is_available ? TRANSFORM_SERVER_CLIENT_TX_RX : (TRANSFORM_CLIENT_TX | TRANSFORM_CLIENT_RX))) { ssl_server_shutdown(); return -1; } diff --git a/scripts/backup.sh b/scripts/backup.sh index e3d302d..4787ba7 100755 --- a/scripts/backup.sh +++ b/scripts/backup.sh @@ -126,7 +126,11 @@ FILES="" # Backup databases BACKUP_DBS="" -ALL_DBS=$( mysql -N -e "show databases like '%';" ) + +# Only backup the database if it's on the same server. If it's not local, skip it. +if which "mysql" > /dev/null; then + ALL_DBS=$( mysql -N -e "show databases like '%';" ) +fi # $1 = database to check database_exists() { diff --git a/scripts/gen_rootfs.sh b/scripts/gen_rootfs.sh index 1b8bd14..d83cadf 100755 --- a/scripts/gen_rootfs.sh +++ b/scripts/gen_rootfs.sh @@ -4,6 +4,12 @@ # must be run as root (or sudo) # Helpful resources: https://github.com/sharadg/containers_basics ; https://stackoverflow.com/questions/30379381/docker-command-not-found-even-though-installed-with-apt-get +# WARNING: This script installs Docker temporarily to create the filesystem, which can be detrimental to your system. +# Although the script attempts to remove Docker after running and clean up the system, artifacts from the Docker installation may linger. +# It is recommended to run this script on a development or throwaway system, to avoid causing issues to a production system. + +apt-get install -y curl + # Install Docker curl -sSL https://get.docker.com/ | sh @@ -40,12 +46,36 @@ rm ./rootfs/.dockerenv # to administer the container, since $BBS_USER is only defined within the BBS. sed -i 's/\\u/${BBS_USER:-\\u}/' ./rootfs/etc/bash.bashrc -# Disable the apt sandbox so we can run apt-get update using isoroot -n: +# Disable the apt sandbox so we can run apt-get update using external/isoroot -n: # Adapted from 2nd answer here: https://stackoverflow.com/a/71096036/ -sed -i 's/_apt/root/' ./rootfs/etc/apt/apt.conf.d/sandbox-disable +if [ -f /rootfs/etc/apt/apt.conf.d/sandbox-disable ]; then + sed -i 's/_apt/root/' ./rootfs/etc/apt/apt.conf.d/sandbox-disable +else + printf "Couldn't find file in container filesystem: %s\n" "/etc/apt/apt.conf.d/sandbox-disable" + printf "apt-get update will not work inside the container!\n" +fi # Copy added terminfo definitions from /etc/terminfo cp -r /etc/terminfo/* ./rootfs/etc/terminfo # Add binaries that are useful inside the BBS cp /var/lib/lbbs/external/filemgr ./rootfs/bin + +# Stop Docker and clean up. We only needed it to conveniently create the container file system for us, the BBS itself doesn't use it while running. +service docker stop +systemctl disable docker.service +systemctl disable docker.socket + +apt-get purge -y docker-engine docker docker.io docker-ce docker-ce-cli docker-compose-plugin docker-buildx-plugin docker-ce-rootless-extras # Remove all the docker junk +dpkg -l | grep -i docker # Hopefully it's all gone? + +# Docker installs a bunch of iptable rules that will break the system. For exmaple, it changes FORWARD to DROP by default rather than ALLOW. +# Even after uninstalling, this rules persist (ugh, why?), which can cause problems with other programs. +# Assuming this is a new system, it should be safe to clear out all the rules to start fresh. +iptables -P INPUT ACCEPT +iptables -P FORWARD ACCEPT +iptables -P OUTPUT ACCEPT +iptables -t nat -F +iptables -t mangle -F +iptables -F +iptables -X