io, external, scripts, core: Better handle edge cases, update log lev…

…els. * io_tls: Don't prevent module from loading if server initialization fails, since client functionality can still be used. * modman.c: Fix detection of include dir for sys include files. * gen_rootfs.sh: Install curl if needed, and remove Docker after creating container filesystem. * backup.sh: Don't backup MySQL if database isn't running locally. * socket.c: Convert warning for potentially legitimate event to debug message. * string.c: Increase debug level of noisy and low-level log message.
InterLinked1 · Dec 16, 2024 · 9f5fed6 · 9f5fed6
1 parent 0623bf8
commit 9f5fed6
Show file tree

Hide file tree

Showing 6 changed files with 72 additions and 18 deletions.
diff --git a/bbs/socket.c b/bbs/socket.c
@@ -2497,7 +2497,7 @@ ssize_t bbs_timed_write(int fd, const char *buf, size_t len, int ms)
 			bbs_error("write(%d) failed (%ld): %s\n", fd, res, strerror(errno));
 		}
 	} else if (res != (ssize_t) len) {
-		bbs_warning("Wanted to write %lu bytes to fd %d, only wrote %ld\n", len, fd, res);
+		bbs_debug(1, "Wanted to write %lu bytes to fd %d, only wrote %ld\n", len, fd, res);
 	}
 
 	bbs_block_fd(fd); /* Restore */

diff --git a/bbs/string.c b/bbs/string.c
@@ -620,10 +620,10 @@ int bbs_quoted_printable_decode(char *restrict s, size_t *restrict len, int prin
 				if (!printonly || isprint((char) hex)) { /* XXX isprint check only works for single-byte UTF-8 characters */
 					*d++ = (char) hex;
 					*len += 1;
-					bbs_debug(5, "Decoded quoted printable[%lu] %s -> %d (%c)\n", index, hexcode, hex, hex);
+					bbs_debug(10, "Decoded quoted printable[%lu] %s -> %d (%c)\n", index, hexcode, hex, isprint(hex) ? hex : '.');
 				} else {
 					/* Don't add invalid UTF-8 characters in the first place */
-					bbs_warning("Invalid quoted printable[%lu] %s -> %d (%c)\n", index, hexcode, hex, hex);
+					bbs_warning("Invalid quoted printable[%lu] %s -> %d (%c)\n", index, hexcode, hex, isprint(hex) ? hex : '.');
 				}
 			}
 			s++;

diff --git a/external/modman.c b/external/modman.c
@@ -301,6 +301,7 @@ static int load_header_file_locations(void)
 {
 	FILE *pfp;
 	char buf[512];
+	int bytes;
 	int paths_detected = 0;
 	char *pos = sys_include_paths;
 	size_t len = sizeof(sys_include_paths);
@@ -314,7 +315,6 @@ static int load_header_file_locations(void)
 		return -1;
 	}
 	while (len > 0 && fgets(buf, sizeof(buf), pfp)) {
-		int bytes;
 		if (strncmp(buf, " /", 2)) {
 			continue;
 		}
@@ -324,10 +324,25 @@ static int load_header_file_locations(void)
 		paths_detected++;
 		modman_log(7, "  System include path: %s", buf + 1); /* Already ends in LF */
 		bytes = snprintf(pos, len, "%s", buf + 1);
+		pos[bytes - 1] = '\0'; /* Temporarily null terminate */
+		if (access(pos, R_OK)) {
+			modman_warning("Can't access directory '%s'\n", pos);
+		}
+		pos[bytes - 1] = '\n'; /* Restore LF */
 		pos += bytes;
 		len -= bytes;
 	}
 	pclose(pfp);
+#define SYS_INCLUDE_DIR "/usr/include/x86_64-linux-gnu"
+	if (!strstr(buf, SYS_INCLUDE_DIR) && !access(SYS_INCLUDE_DIR, R_OK)) {
+		/* This directory is not explicitly returned by the gcc output, but all the <sys/...> header files live here: */
+		modman_log(7, "  System include path: %s\n", SYS_INCLUDE_DIR);
+		bytes = snprintf(pos, len, SYS_INCLUDE_DIR "\n");
+#undef SYS_INCLUDE_DIR
+		pos += bytes;
+		len -= bytes;
+		paths_detected++;
+	}
 	if (!paths_detected) {
 		modman_error("Failed to determine what the system include paths are\n");
 		return -1;
@@ -396,6 +411,10 @@ static int check_header_file(const char *dirname, const char *modname, const cha
 	while ((path = strsep(&paths, "\n"))) {
 		char *includedir;
 
+		if (!*path) {
+			continue;
+		}
+
 		includedir = strchr(path, '/'); /* Skip leading whitespace, and strchr cannot return NULL. */
 		TERMINATE_AT(path, '\n');
 		num_incpaths++;

diff --git a/io/io_tls.c b/io/io_tls.c
@@ -1175,7 +1175,7 @@ static int tlsreload(int fd)
 	struct ssl_fd *sfd;
 
 	if (!locks_initialized) {
-		bbs_dprintf(fd, "TLS may only be reloaded if it initialized during startup. Restart the BBS to load new configuration.\n");
+		bbs_dprintf(fd, "TLS may only be reloaded if it initialized during startup. Completely unload and load (/reload) the TLS module to load new configuration.\n");
 		return -1;
 	}
 
@@ -1215,7 +1215,7 @@ static int tlsreload(int fd)
 
 	if (ssl_load_config(1)) {
 		bbs_rwlock_unlock(&ssl_cert_lock);
-		bbs_debug(5, "Failed to reload TLS configuration, TLS will now be disabled.\n");
+		bbs_debug(5, "Failed to reload TLS configuration, TLS server will now be disabled.\n");
 		return -1;
 	}
 
@@ -1256,16 +1256,16 @@ static int ssl_server_init(void)
 	}
 
 	if (ssl_load_config(0)) {
-		bbs_debug(5, "TLS will not be available\n");
-		return -1;
+		bbs_debug(5, "TLS server will not be available\n");
+	} else {
+		ssl_is_available = 1;
 	}
 	if (lock_init()) {
 		bbs_error("lock_init failed, TLS disabled\n");
 		return -1;
 	}
 
 	locks_initialized = 1;
-	ssl_is_available = 1;
 	return 0;
 }
 
@@ -1303,12 +1303,11 @@ static int setup(int *rfd, int *wfd, enum bbs_io_transform_dir dir, void **restr
 		return -1;
 	}
 
-	if (!ssl_is_available) {
-		bbs_warning("Declining TLS setup\n");
-		return -1;
-	}
-
 	if (dir & TRANSFORM_SERVER) {
+		if (!ssl_is_available) {
+			bbs_error("Declining TLS setup\n"); /* Shouldn't happen since we didn't register the SERVER I/O callback... */
+			return -1;
+		}
 		ssl = ssl_new_accept(fd, rfd, wfd);
 	} else if (dir & TRANSFORM_CLIENT) {
 		const char *snihostname = arg;
@@ -1349,10 +1348,12 @@ static int query(struct bbs_io_transformation *tran, int query, void *data)
 static int load_module(void)
 {
 	if (ssl_server_init()) {
+		bbs_error("Failed to initialize TLS\n");
 		ssl_server_shutdown();
 		return -1;
 	}
-	if (bbs_io_transformer_register("TLS", setup, query, cleanup, TRANSFORM_TLS_ENCRYPTION, TRANSFORM_SERVER_CLIENT_TX_RX)) {
+	/* If we loaded server configuration, allow TLS as both server/client. Otherwise, just client. */
+	if (bbs_io_transformer_register("TLS", setup, query, cleanup, TRANSFORM_TLS_ENCRYPTION, ssl_is_available ? TRANSFORM_SERVER_CLIENT_TX_RX : (TRANSFORM_CLIENT_TX | TRANSFORM_CLIENT_RX))) {
 		ssl_server_shutdown();
 		return -1;
 	}

diff --git a/scripts/backup.sh b/scripts/backup.sh
@@ -126,7 +126,11 @@ FILES=""
 
 # Backup databases
 BACKUP_DBS=""
-ALL_DBS=$( mysql -N -e "show databases like '%';" )
+
+# Only backup the database if it's on the same server. If it's not local, skip it.
+if which "mysql" > /dev/null; then
+	ALL_DBS=$( mysql -N -e "show databases like '%';" )
+fi
 
 # $1 = database to check
 database_exists() {

diff --git a/scripts/gen_rootfs.sh b/scripts/gen_rootfs.sh
@@ -4,6 +4,12 @@
 # must be run as root (or sudo)
 # Helpful resources: https://github.com/sharadg/containers_basics ; https://stackoverflow.com/questions/30379381/docker-command-not-found-even-though-installed-with-apt-get
 
+# WARNING: This script installs Docker temporarily to create the filesystem, which can be detrimental to your system.
+# Although the script attempts to remove Docker after running and clean up the system, artifacts from the Docker installation may linger.
+# It is recommended to run this script on a development or throwaway system, to avoid causing issues to a production system.
+
+apt-get install -y curl
+
 # Install Docker
 curl -sSL https://get.docker.com/ | sh
 
@@ -40,12 +46,36 @@ rm ./rootfs/.dockerenv
 # to administer the container, since $BBS_USER is only defined within the BBS.
 sed -i 's/\\u/${BBS_USER:-\\u}/' ./rootfs/etc/bash.bashrc
 
-# Disable the apt sandbox so we can run apt-get update using isoroot -n:
+# Disable the apt sandbox so we can run apt-get update using external/isoroot -n:
 # Adapted from 2nd answer here: https://stackoverflow.com/a/71096036/
-sed -i 's/_apt/root/' ./rootfs/etc/apt/apt.conf.d/sandbox-disable
+if [ -f /rootfs/etc/apt/apt.conf.d/sandbox-disable ]; then
+	sed -i 's/_apt/root/' ./rootfs/etc/apt/apt.conf.d/sandbox-disable
+else
+	printf "Couldn't find file in container filesystem: %s\n" "/etc/apt/apt.conf.d/sandbox-disable"
+	printf "apt-get update will not work inside the container!\n"
+fi
 
 # Copy added terminfo definitions from /etc/terminfo
 cp -r /etc/terminfo/* ./rootfs/etc/terminfo
 
 # Add binaries that are useful inside the BBS
 cp /var/lib/lbbs/external/filemgr ./rootfs/bin
+
+# Stop Docker and clean up. We only needed it to conveniently create the container file system for us, the BBS itself doesn't use it while running.
+service docker stop
+systemctl disable docker.service
+systemctl disable docker.socket
+
+apt-get purge -y docker-engine docker docker.io docker-ce docker-ce-cli docker-compose-plugin docker-buildx-plugin docker-ce-rootless-extras # Remove all the docker junk
+dpkg -l | grep -i docker # Hopefully it's all gone?
+
+# Docker installs a bunch of iptable rules that will break the system. For exmaple, it changes FORWARD to DROP by default rather than ALLOW.
+# Even after uninstalling, this rules persist (ugh, why?), which can cause problems with other programs.
+# Assuming this is a new system, it should be safe to clear out all the rules to start fresh.
+iptables -P INPUT ACCEPT
+iptables -P FORWARD ACCEPT
+iptables -P OUTPUT ACCEPT
+iptables -t nat -F
+iptables -t mangle -F
+iptables -F
+iptables -X