View Single Post
 04-26-2011, 04:51 PM Yil Too much time...   Join Date: May 2005 Posts: 1,184 v7.7.0 Changelog Code: v7.7.0 Release Notes: 1) Files in \System: Changed : ioFTPD.[exe,pdb] - Version 7.7.0.0 Changed : tcl85t.[dll,pdb] - Version 8.5.2.9 Changed : libeay32.dll, ssleay32.dll - Version 1.0.0.4 Added : libeay32.pdb, ssleay32.pdb - Version 1.0.0.4 Changed : Help-SiteCmds.ini Changed : ioFTPD.ini - summary of changes by section... [FTP_Service] : OpenSSL_Options options and comments changed. [VFS] : Default_Directory_Attributes = 777 0:0 [FTP_SITE_Permissions] : Rename "sectionnum" to "sectionums" stat = * [Ftp] : Single_Closed_Exempt_Name added Who_Sort_Output added Who_Hidden_Users comment changed Banned_User_Flag added Quiet_Login_Flag [Threads] : Io_Threads = 4 Remove Encryption_Threads option. Section commands changed. 2) Directories in \lib: Replace entire reg1.2 directory. Replace entire dde1.3 directory. Replace entire tcl8 directory. The tcl8.5 directory is a bit trickier. Probably the easiest thing to do is copy and overwrite all the files from the new directory into your existing dir. For the record, here's some info on the subdirs: TCL: http1.0, msgs, opt0.4, tzdata (encoding not shipped w/ioFTPD) ioNinja-v0.8.9.6-2009-06-29: encoding, http, http2.5, twapi, zlib1.1 *** nxHelper shipped with ioNinja is v2.3 but you need the v2.4 one from nxTools else you get package require errors! *** opt0.4 is part of TCL, use the one shipped with ioFTPD *** reg1.1 is old, ioFTPD includes lib/reg1.2 which is better lib/nxHelper and lib/sqlite3 are part of nxTools 3) Files in \text\ftp: Changed : GroupList.[Header, Body] Changed : MyInfo.[Sections, Totals] Changed : UserInfo.[Sections, Totals] Changed : UserList.Footer 4) Files in \Doc: Changed : Cookies.txt Changed : Events.txt Changed : iTCL.txt Changed : Site-cmds.txt 5) Files in \Source Changed : Site-cmds.help *** New Features: 6) New site command (site stat). Displays all the information normally displayed after a file transfer including server close / shutdown notifications, any personal messages, and the TransferComplete file with the statline(s) which usually contains things like section, ratio, credits stats, freespace, etc for the current dir. The speed will be from the last data channel transfer be it from a file transfer or a directory listing. 7) Modified site command (site users [ -errors ] [ -- | -+ ] [ ]). Previously this command just listed users matching the pattern or returned a list of all known users if no arguments were given. That still works the same, however the list of matching users is now remembered and called the 'matching' list. You can then refer to the users in the matching list via the '--' and '-+' syntax: '--' => start with the current matching list, but remove users from it who don't match the new . '-+' => add previously non-matching users to the list who match the new . Because all negative search terms in are processed first the ability to iteratively include / exclude users is much more powerful. Consider the command 'SITE USERS !V .1 -Bob' which will find all SiteOps and the user Bob provided they aren't also VFS Admins. Now compare that to 'SITE USERS !V .1" followed by 'SITE USERS -+ Bob' which will match all SiteOps who aren't also VFS Admins and the user Bob. You can see that if Bob happened to be a VFS Admin you would get different results. In fact ONLY by using the matching list could you get the results you probably wanted. Now for the really cool bit. The '--' and '-+' prefixes that refer to the matching list are now valid arguments to these other site commands: 'SITE [S]WHO', 'SITE STATS', and 'SITE CHANGE'. This is really useful because it's sometimes tricky to craft a 'site change' command to modify just the users you wanted. At the minimum it has always been a good idea to use 'SITE USERS ' to see who would be effected, but with the new matching list feature you can view the list of users, make sure it's correct, and use 'site change --' to modify only the users you just verified. If there are any users records who couldn't be accessed the command will report a count of them if the caller has the Master flag. You can then use the '-error' option to see what usernames had problems. Errors should only be possible with the use of a 3rd party shared user module like nxMyDB. 8) Modified site change commands (site change { homedir | vfsfile | tagline | opaque | groupvfsfile | groupdescription } ). You can now specify "" as the new value to any of the above change commands and the field will be cleared. This is important because some commands like 'site change tagline' had no way to clear a user's tagline once set. Some commands like site change vfsfile and groupvfsfile still accept "default" to clear the field, and site change groupdescription will allow "none" to do the same thing, but "" is now standardized across them all. 9) By default the server will no longer accept logins (except from a single exempt user defined in the .ini file) until all OnServerStart events have finished. I'm not aware of any 3rd party scripts except NxMyDB who currently use this event and the new guarantee should be useful to it. 10) Modified site command (site close [ -single ] [ { -kick | -new } ] []). Site close now accepts the '-single' option (available only to 'M' flagged accounts) which puts the server into "single user" or "administrative" mode. This mode doesn't exempt the users defined by the 'Close_Exempt' .ini option, so the only users allowed to stay logged in is the user issuing the command and the user defined by the new 'Single_Closed_Exempt_Name' .ini option. Ordinary users will see the normal site close message, users who would normally be exempt from site closure will now see this additional line when trying to login: 530-ADMIN MODE CLOSURE BY ''. This new option can be useful if you have a bunch of siteops and you want to close the site but they are all normally exempt. It also provides a way to perform actions best done without any active transfers. 11) New ioFTPD.ini option (Single_Closed_Exempt_Name under [FTP]). The single username defined here can always login to the server even if the server is in single-user / administrative mode or if the startup scripts are still running. WARNING: ioGUI uses the ioFTPD account and probably should NOT be running if single user mode is entered to do things like renumbering sections, mass modification of userfiles, etc because it won't pickup the changes so just disconnect and reconnect when done. 12) New ioFTPD.ini option (Banned_User_Flag under [FTP]). This defines a single user flag character to indicate a user has been banned from logging in. By default, the user will see the message 'Account has been temporarily banned' if they try to login, however the actual text may be different if using an OnBannedLogin event. Default is 'B'. Leave undefined to disable. NOTE: The ability to set a ban time for users is not currently provided because it would require a change to the userfile or some tricks with overloading a field and that could cause issues with nxMyDB and/or 3rd party scripts. However a very simple script and a new scheduler event should be able to add the ability while also showing the reason for the ban when the user tries to log in. In the future, when there are enough changes to make it worth modifying the userfile, these features will be supported by ioFTPD itself. NOTE: Banning a user doesn't automatically kick them if already connected. 13) New event (OnBannedLogin). This event is run whenever a user tries to login and has the Banned_User_Flag as one of their user flags. Treated the same as OnExpiredLogin and OnDeletedLogin which means if the event returns an error code the generic 'Invalid password' error is displayed instead. 14) New ioFTPD.ini option (Quiet_Login_Flag under [FTP]). This defines a single user flag character to indicate that normal LOGIN: and LOGOUT: log entries to ioFTPD.log should not be made. This flag is very useful to prevent BNC log spam. Default is 'Q'. Leave undefined to disable. 15) New ioFTPD.ini option (Who_Sort_Output under [FTP]). If set to True then the 'site who' output is case-insensitive sorted rather than shown in connection-id-slot (like site swho) since this is more useful to users. 16) Site Who for 1M flagged users no longer obscures the arguments to site commands, or hides paths. It will, however, apply the Who_Hidden_Users attribute provided the hidden user isn't actively transferring a file. This still allows you to filter out sitebots, ioGUI, etc. from listings provided they aren't consuming bandwidth in which case you probably want to know about it as a SiteOp. 17) Site Who is a even more restrictive about hiding a user's actions if the user is determined to be in or transferring from a hidden path. 18) If the user has logged in with a '-' password prefix indicating they are a bot/script and wish for only single line command responses the server will no longer display the .ioFTPD.cwd and .ioFTPD.messages files when the bot CWD's into a directory and it will disable theme support. 19) The server will now return more descriptive login failure messages in a couple of cases if a valid username and password has been supplied. In particular, if the VFS file specified by the groupfile, userfile, or the system default .vfs file is unable to be opened you will now see: 530 Login failed: Error with VFS file. and if the VFS file was able to be loaded but the user's home directory or the '/' directory were unable to be resolved you will see: 530 Login failed: Error with home directory. This should favorably resolve one of the most common issues new ioFTPD administrators have since lots of people seem to forget to setup the .vfs file and the 'Invalid password' error was misleading. 20) The server will now verify that the default TCL initialization script can be run successfully, or it will fail to start with an error message and a logfile entry. This is particularly important because someone (including me!) will forget which version of TCL libraries is in the /lib directory and won't figure out why scripts are failing in weird ways. The most common indication you had a TCL dll/lib mismatch is with the [clock] command not working. 21) Initialization errors with TCL will still report that the 'Event' module failed, but will now mention it was a TCL version issue. 22) ioFTPD error messages to the logfile during initialization will now record the textual error message if the log system has been initialized. 23) New super cookies (%[Max]). Valid when processing UserList.Footer this is the total number of users found. %[Pos] holds the total matching users. 24) %[Ratio(999)] now returns the LeechName setting from [Ftp] section in the .ini file, i.e. Leech, Unlimited, etc. 25) When processing [UserInfo,MyInfo].Totals the %[CreditSection] cookie will be set to -1 if per-section stats shown, else 0 and %[ShareSection] will be the total number of sections defined. 26) Added a "safety" word to all AllocateShared() memory allocations and to all FileInfo's that is checked prior to decrementing the reference count. If corruption is detected an entry is made to the Error log and details about the callstack are made to the Debug log. If this does get triggered perhaps a pattern will emerge so we can find the problem. 27) Updated OpenSSL to v1.0.0d. *** iTCL Changes 28) Updated TCL to v8.5.9. 29) New TCL command (ioServer { open | closedfor | close ... }). open : Returns -1 if server already open, else the time the server was originally closed. closedfor : Returns -1 if the server is not closed, else a tuple like { time-server-closed close-msg-reason } close [ -single ] [ -new ] [ ] Returns 0 if the server was just closed else the time it was previously closed. The -single option enables single user mode for the given username. The -new option prevents logging non-exempt users off and just prohibits new users. Unlike 'site close' this command doesn't offer a way to immediately kick users, just use [client kill] after the server has been closed. NOTE: The open/close commands generate ioFTPD.log events just like site open/close would. The user/group names displayed in the log are based upon the currently active userfile, else "" if not available. With programmatic access to the site open / close command and the new guarantee that all OnServerStart events will be executed before the server accepts connections you can now start a server up closed to logins and keep it that way while performing operations that are best done without anyone online. 30) New TCL command option ([user SingleLineResponse]). Returns 1 if the '-' prefix was used on password during login indicating a bot/script, else 0. *** Bug Fixes: 31) Fixed a bug with "Invalid symbolic path (pwd was )." lines showing up in the error log improperly. This created a lot of log spam when scripts like nxAutoNuke would run as the [resolve pwd] calls would trigger the bug. 32) Fixed a bug where the individual directory lock for cached dirs wasn't handling all cases correctly. If the directory was locked and there were 2+ other threads waiting on the event created to hold waiters and then the directory was release by the original owner and another waiter was added a new event would be created to hold waiters even though there were threads waiting on the original event still! I'm not sure exactly what happens besides the event handle being leaked, but it's possible users could get stuck on the abandoned event, multiple users could "own" the lock, etc... 33) Fixed a bug where the RETR command was decreasing the active download count immediately as well as after the download finished. This meant that the active download count goes increasing negative and rendered the max concurrent download setting for the user ineffective. 34) Fixed a bug where the STOR command could leave the active upload count incremented if the server had trouble creating / appending the file. 35) Fixed a bug with the STOR command where the data channel could be reset twice if the download failed in certain situations like not enough credits, etc. 36) Fixed a bug with AllocateBuffer() that always doubled the size of the buffer even if the minimum size requested was met. 37) Fixed a bug where invalid login attempts may leave the mountfile open. 38) Fixed a race condition with newly registered connections. 39) Fixed a bug where Login_Attempts = 1 under [FTP] would prevent users from logging in. Default is 3. 40) Fixed a bug in determining if a path is a mountpoint or not. 41) Fixed a bug with message files not ending with \r\n generating an extra blank line. 42) Fixed a race condition on counting total logins for a user. 43) Fixed a race condition on the device share count. 44) Fixed a bug in PWD_Copy() that didn't handle pure virtual directories properly and could result in the server crashing in some cases. 45) Fixed a bug where the virtual event field associated with an item that resolved to a real path in a pure virtual directory wasn't being updated. 46) Fixed a bug if both sides of the %[IF] super cookie were zero length. 47) Fixed a bug in PWD_CWD2() which didn't close an open FileInfo which would lead to a memory leak if the directory was later updated or flushed from the cache. 48) Fixed a bug where the data channel socket might not be initialized before its first use if the first data transfer command failed. 49) Fixed a bug where it might be possible to close the wrong socket if the server ran out of passive/active local ports. 50) Fixed a memory leak when displaying a list of users for site re-add/purge. 51) Fixed two memory leaks with 'site grpdel'. 52) Fixed a memory leak in 'site help'. 53) Fixed a bug in DeleteLockObject() not marking the 2nd handle as invalid. 54) Fixed a memory reference count issue in 'site devices|services'. 55) Fixed a memory leak in 'site ioverify'. 56) Fixed a bug in 'site perms' which didn't close an open FileInfo, and fixed a pathname memory leak. 57) Fixed a bug with 'site perms -' which would improperly update your userfile reference count. 58) Fixed a bug in 'site chattr' which wasn't closeing the FileInfo. 59) Worked around a bug in TCL during shutdown after TCL_FinalizeThread() had been called and returned in each thread with a TCL interpreter, but when TCL_Finalize was called on the main thread it would crash because not all the threads had actually cleaned up completely. From the manual I fail to see how ioFTPD did anything wrong, but I've added code to mitigate the problem. 60) Fixed a bug in 'site who' which would call Free() on NULL if no excluded paths were defined. 61) Fixed a bug in 'site refresh' which wouldn't free all paths when dealing with merged directories. 62) Added a workaround for WinSock returning an odd error that resulted in: 426 Connection closed: The semaphore timeout period has expired. and changed it to more accurately reflect what was going on: 426 Connection closed: Data transfer timeout.