Subject: AREAFIX allowing all areas?
@MSGID: <566F8EFA.12629.dove.sync@realitycheckbbs.org>
@TZ: 41e0
I have a new-ish version of SBBS, downloaded from the dev builds a few months back. I just noticed that 2 new downlinks sent an areafix request for %ALL and were added to all areas in my AREAS.BBS file, not just the areas they should have had access to based on the areafix flags.

I have areafix flags set for all of my downlinks, and have the echo list flags defined under "additional echo lists" in ECHOCFG.

Is this a bug or am I missing something?

Thanks!

Kurt

---
þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org

Subject: AREAFIX allowing all areas?
@MSGID: <56703483.68635.sync@vert.synchro.net>
@REPLY: <566F8EFA.12629.dove.sync@realitycheckbbs.org>
@TZ: 41e0
Re: AREAFIX allowing all areas?
By: Poindexter Fortran to All on Mon Dec 14 2015 07:54 pm

I have a new-ish version of SBBS, downloaded from the dev builds a few months back. I just noticed that 2 new downlinks sent an areafix request for %ALL and were added to all areas in my AREAS.BBS file, not just the areas they should have had access to based on the areafix flags.

I have areafix flags set for all of my downlinks, and have the echo list flags defined under "additional echo lists" in ECHOCFG.

Is this a bug or am I missing something?

Sounds like you have EchoCfg->Toggle Options->Allow Nodes to Add Areas in the AREAS.BBS List set to "Yes".

digital man

Synchronet "Real Fact" #23:
1584 Synchronet BBS Software registrations were sold between 1992 and 1996. Norco, CA WX: 44.9øF, 42.0% humidity, 1 mph NNW wind, 0.00 inches rain/24hrs ---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Subject: AREAFIX allowing all areas?
@MSGID: <56704569.12635.dove.sync@realitycheckbbs.org>
@REPLY: <56703483.68635.sync@vert.synchro.net>
@TZ: 41e0
Re: AREAFIX allowing all areas?
By: Digital Man to Poindexter Fortran on Tue Dec 15 2015 07:40 am

Sounds like you have EchoCfg->Toggle Options->Allow Nodes to Add Areas in the AREAS.BBS List set to "Yes".

Yep, I didn't realize that setting would override the area flags/area lists functionality. Makes sense now. Thanks for pointing me in the right direction.

--pF

---
þ Synchronet þ realitycheckBBS -- http://realitycheckBBS.org

Subject: AREAFIX allowing all areas?
@MSGID: <56707FC9.68639.sync@vert.synchro.net>
@REPLY: <56703483.68635.sync@vert.synchro.net>
@TZ: 412c

15 Dec 15 07:40, you wrote to Poindexter Fortran:

Sounds like you have EchoCfg->Toggle Options->Allow Nodes to Add Areas
in the AREAS.BBS List set to "Yes".

we've always read that as meaning "without this option set to 'yes', links cannot add/remove areas on their own"... that they would have to message the operator to ask for areas to be added or removed... apparently this is not a proper understanding of this option?

)\/(ark

"So let me ask you a question about this brave new world of yours. When you've killed all the bad guys, and when it's all perfect, and just and fair, and when
you have finally got it exactly the way you want it, what are you going to do with the people like you? The trouble makers. How are you going to protect your
glorious revolution from the next one?" - The twelfth Doctor

... Wait. That's been done...
---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Subject: AREAFIX allowing all areas?
@MSGID: <5670A799.3861.sync@bbses.info>
@REPLY: <56707FC9.68639.sync@vert.synchro.net>
@TZ: 4168
Re: AREAFIX allowing all areas?
By: mark lewis to Digital Man on Tue Dec 15 2015 02:39 pm

15 Dec 15 07:40, you wrote to Poindexter Fortran:

Sounds like you have EchoCfg->Toggle Options->Allow Nodes to Add Areas in the AREAS.BBS List set to "Yes".

we've always read that as meaning "without this option set to 'yes', links cannot add/remove areas on their own"... that they would have to message
the operator to ask for areas to be added or removed... apparently this is not a proper understanding of this option?

)\/(ark

"So let me ask you a question about this brave new world of yours. When you've killed all the bad guys, and when it's all perfect, and just and fair, and when you have finally got it exactly the way you want it, what
are you going to do with the people like you? The trouble makers. How are you going to protect your glorious revolution from the next one?" - The twelfth Doctor

... Wait. That's been done...

when your tagline is longer than what you write!
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Subject: AREAFIX allowing all areas?
@MSGID: <5671067E.68653.sync@vert.synchro.net>
@REPLY: <56707FC9.68639.sync@vert.synchro.net>
@TZ: 41e0
Re: AREAFIX allowing all areas?
By: mark lewis to Digital Man on Tue Dec 15 2015 02:39 pm

15 Dec 15 07:40, you wrote to Poindexter Fortran:

Sounds like you have EchoCfg->Toggle Options->Allow Nodes to Add Areas in the AREAS.BBS List set to "Yes".

we've always read that as meaning "without this option set to 'yes', links cannot add/remove areas on their own"... that they would have to message the operator to ask for areas to be added or removed... apparently this is not a proper understanding of this option?

That's only the correct understanding if you do not have any additional echolists configured. http://wiki.synchro.net/util:sbbsecho#toggle_options

digital man

Synchronet "Real Fact" #65:
Synchronet was conceived of and mostly developed in southern California.
Norco, CA WX: 50.1øF, 26.0% humidity, 10 mph SW wind, 0.00 inches rain/24hrs ---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Subject: AREAFIX allowing all areas?
@MSGID: <567128A1.68656.sync@vert.synchro.net>
@TZ: 412c

15 Dec 15 17:51, you wrote to me:

when your tagline is longer than what you write!

ummm... really? you're a smart guy and you've been around long enough that you should know the difference between a tag line and a signature block... my posts
currently have both... hint: tag lines start with three dots ;)

)\/(ark

"So let me ask you a question about this brave new world of yours. When you've killed all the bad guys, and when it's all perfect, and just and fair, and when
you have finally got it exactly the way you want it, what are you going to do with the people like you? The trouble makers. How are you going to protect your
glorious revolution from the next one?" - The twelfth Doctor

... Catch and release is great for trout - NOT for criminals!
---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Subject: AREAFIX allowing all areas?
@MSGID: <56717EAF.7484.sync@bbs.kd3.us>
@REPLY: <567128A1.68656.sync@vert.synchro.net>
@TZ: 412c
Re: AREAFIX allowing all areas?
By: mark lewis to Mro on Wed Dec 16 2015 02:42 am

ummm... really? you're a smart guy and you've been around long enough that you should know the difference between a tag line and a signature block... my posts currently have both... hint: tag lines start with three dots ;)

)\/(ark

"So let me ask you a question about this brave new world of yours. When you've killed all the bad guys, and when it's all perfect, and just and fair, and when you have finally got it exactly the way you want it, what are you going to do with the people like you? The trouble makers. How are you going to protect your glorious revolution from the next one?" - The twelfth Doctor

Great quote by the by! Great episode.

~KenDB3

---
þ Synchronet þ KD3net-Rhode Island's only BBS about nothing.

Subject: AREAFIX allowing all areas?
@MSGID: <56718B0E.68660.sync@vert.synchro.net>
@REPLY: <5671067E.68653.sync@vert.synchro.net>
@TZ: 412c

15 Dec 15 22:36, you wrote to me:

Sounds like you have EchoCfg->Toggle Options->Allow Nodes to Add
Areas in the AREAS.BBS List set to "Yes".

we've always read that as meaning "without this option set to 'yes',
links cannot add/remove areas on their own"... that they would have
to message the operator to ask for areas to be added or removed...
apparently this is not a proper understanding of this option?

That's only the correct understanding if you do not have any additional echolists configured.

ahhhh... fairly positive that we're not the only ones to have made this mistake... especially with certain restricted echos that have been leaked to other networks and systems over the years...

http://wiki.synchro.net/util:sbbsecho#toggle_options

thanks... we'll take a read of this... we know that there have been numerous changes in this area but we've lost track of when they came into being... Max's
last update from the repo was May 25th 2015 if i'm reading the archives correctly... do you foresee any problems doing an update from the repo and building new binaries since that was before the release and now it is another new alpha/beta cycle?

)\/(ark

"So let me ask you a question about this brave new world of yours. When you've killed all the bad guys, and when it's all perfect, and just and fair, and when
you have finally got it exactly the way you want it, what are you going to do with the people like you? The trouble makers. How are you going to protect your
glorious revolution from the next one?" - The twelfth Doctor

... Two wrongs don't make a right but, two Wrights made an aeroplane
---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Subject: AREAFIX allowing all areas?
@MSGID: <5671DF64.68661.sync@vert.synchro.net>
@TZ: 412c

16 Dec 15 10:09, you wrote to me:

"So let me ask you a question about this brave new world of yours.
When you've killed all the bad guys, and when it's all perfect, and
just and fair, and when you have finally got it exactly the way you
want it, what are you going to do with the people like you? The
trouble makers. How are you going to protect your glorious revolution
from the next one?" - The twelfth Doctor

Great quote by the by! Great episode.

yep to both statements... i carry it as my sig now because it is specifically aimed at certain individuals who are hellbent on forcing their ways on others in the network rather than letting things be done as they have been being done for 20-30 years...

)\/(ark

"So let me ask you a question about this brave new world of yours. When you've killed all the bad guys, and when it's all perfect, and just and fair, and when
you have finally got it exactly the way you want it, what are you going to do with the people like you? The trouble makers. How are you going to protect your
glorious revolution from the next one?" - The twelfth Doctor

... If I had a hammer, I'd get hammered in the morning.
---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Subject: AREAFIX allowing all areas?
@MSGID: <56724BE9.68662.sync@vert.synchro.net>
@REPLY: <56718B0E.68660.sync@vert.synchro.net>
@TZ: 41e0
Re: AREAFIX allowing all areas?
By: mark lewis to Digital Man on Wed Dec 16 2015 09:33 am

That's only the correct understanding if you do not have any additional echolists configured.

ahhhh... fairly positive that we're not the only ones to have made this mistake... especially with certain restricted echos that have been leaked to other networks and systems over the years...

http://wiki.synchro.net/util:sbbsecho#toggle_options

thanks... we'll take a read of this... we know that there have been numerous changes in this area but we've lost track of when they came into being...

No change with regards to that SBBSecho option. Not in many years at least.

Max's
last update from the repo was May 25th 2015 if i'm reading the archives correctly... do you foresee any problems doing an update from the repo and building new binaries since that was before the release and now it is another new alpha/beta cycle?

I don't know of any problems. I'm running the current dev builds.

digital man

Synchronet "Real Fact" #43:
Synchronet added JavaScript suppport with v3.10a (2001).
Norco, CA WX: 46.0øF, 43.0% humidity, 0 mph NW wind, 0.00 inches rain/24hrs
---
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Subject: AREAFIX allowing all areas?
@MSGID: <567306E8.68663.sync@vert.synchro.net>
@REPLY: <56724BE9.68662.sync@vert.synchro.net>
@TZ: 412c

16 Dec 15 21:45, you wrote to me:

Max's last update from the repo was May 25th 2015 if i'm reading the
archives correctly... do you foresee any problems doing an update from
the repo and building new binaries since that was before the release
and now it is another new alpha/beta cycle?

I don't know of any problems. I'm running the current dev builds.

thanks... i ran Max's update script earlier today... everything seemed to go ok
but it took a bit longer to start up than we've seen before...

now if we can just figure out how to fix the links generated by "additional_services" in the web template stuffs that we were talking about in IRC yesterday... here's a hopefully clearer picture of the flow...

internet -> front line apache server reverse proxy -> to backend server using internal domain name

from the internal network, we use the WAN domain name which gets hairpinned (aka u-turned) in the router and sent to the front line apache server on the internal network... the server sees the request is for foo.my.domain and knows that those requests are reverse-proxied to foo.internal for servicing... so yes, sbbs, being the backend server, sees the request coming in to its foo.internal name instead of to its external name... in other web apps (php based forums, gallery and genealogy) we have to make an edit in their session code so as to get the $_SERVER[HTTP_X_FORWARDED_FOR] or $_SERVER[HTTP_X_FORWARDED_SERVER] value and use that... at least one of those web apps needed the same edit in two places because the second one was for the cookies...

in php, the edit generally looks like

// (empty($_SERVER['SERVER_NAME']) ? '' : $_SERVER['SERVER_NAME']) .
(empty($_SERVER['HTTP_X_FORWARDED_SERVER']) ? (empty($_SERVER['SERVER_NAME']) ? '' : $_SERVER['SERVER_NAME']) : $_SERVER['HTTP_X_FORWARDED_SERVER']) .


we don't know how to gain access to the headers and do this in ssjs...

)\/(ark

"So let me ask you a question about this brave new world of yours. When you've killed all the bad guys, and when it's all perfect, and just and fair, and when
you have finally got it exactly the way you want it, what are you going to do with the people like you? The trouble makers. How are you going to protect your
glorious revolution from the next one?" - The twelfth Doctor

... There's no gift like the present.
---
* Origin: (1:3634/12.73)
þ Synchronet þ Vertrauen þ Home of Synchronet þ telnet://vert.synchro.net

Subject: AREAFIX allowing all areas?
@MSGID: <56730B3A.22190.sync@bbs.electronicchicken.com>
@REPLY: <567306E8.68663.sync@vert.synchro.net>
@TZ: 412c

in php, the edit generally looks like

// (empty($_SERVER['SERVER_NAME']) ? '' : $_SERVER['SERVER_NAME']) .
(empty($_SERVER['HTTP_X_FORWARDED_SERVER']) ? (empty($_SERVER['SERVER_NAME']) ? '' : $_SERVER['SERVER_NAME']) : $_SERVER['HTTP_X_FORWARDED_SERVER']) .

we don't know how to gain access to the headers and do this in ssjs...

I believe I shared this link on IRC:

http://wiki.synchro.net/server:web#http_request_object

You should be able to get at those headers like so:

http_request.header['HTTP_X_FORWARDED_SERVER'] http_request.header['HTTP_X_FORWARDED_FOR']

---
ech

Subject: AREAFIX allowing all areas?
@MSGID: <567343CB.3878.sync@bbses.info>
@REPLY: <567128A1.68656.sync@vert.synchro.net>
@TZ: 4168
Re: AREAFIX allowing all areas?
By: mark lewis to Mro on Wed Dec 16 2015 02:42 am

when your tagline is longer than what you write!

ummm... really? you're a smart guy and you've been around long enough that you should know the difference between a tag line and a signature block...

either way, it's way too much.
---
þ Synchronet þ ::: BBS

Subject: AREAFIX allowing all areas?
@MSGID: <56734413.3879.sync@bbses.info>
@REPLY: <5671DF64.68661.sync@vert.synchro.net>
@TZ: 4168
Re: AREAFIX allowing all areas?
By: mark lewis to KenDB3 on Wed Dec 16 2015 03:46 pm

yep to both statements... i carry it as my sig now because it is specifically aimed at certain individuals who are hellbent on forcing their ways on others in the network rather than letting things be done as they have been being done for 20-30 years...

it's just annoying.

and dont be using this 20-30 year bullshit. i'm old too :D
---
þ Synchronet þ ::: BBSES.info - free BBS services :::

Subject: AREAFIX allowing all areas?
@MSGID: <56736043.39879.sync@nix.synchro.net>
@REPLY: <567306E8.68663.sync@vert.synchro.net>
@TZ: 41e0
Re: AREAFIX allowing all areas?
By: mark lewis to Digital Man on Thu Dec 17 2015 11:48 am

we don't know how to gain access to the headers and do this in ssjs...

They are in the http_request.header object. But this is pretty much guaranteed to not be the source of the value used in the SSJS links.

---
http://DuckDuckGo.com/ a better search engin

Subject: AREAFIX allowing all areas?
@MSGID: <5673766A.22194.sync@bbs.electronicchicken.com>
@REPLY: <56736043.39879.sync@nix.synchro.net>
@TZ: 412c

They are in the http_request.header object. But this is pretty much guaranteed to not be the source of the value used in the SSJS links.

I'm not so sure. The only place that I see these 'additional_service' links that he's talking about is in lib/nightshade/siteutils.ssjs. It appears to try to set var 'host' to http_request.vhost, then http_request.host, then system.host_name as a last resort. Then 'host' is used when building the links.

---
echicken
electronic chicken bbs - bbs.electronicchicken.com - 416-273-7230
þ Synchronet þ electronic chicken bbs - bbs.electronicchicken.com

Subject: AREAFIX allowing all areas?
@MSGID: <5674BFB0.68676.sync@vert.synchro.net>
@TZ: 41e0
Re: AREAFIX allowing all areas?
By: echicken to Deuce on Thu Dec 17 2015 09:58 pm

They are in the http_request.header object. But this is pretty much guaranteed to not be the source of the value used in the SSJS links.

I'm not so sure. The only place that I see these 'additional_service' links that he's talking about is in lib/nightshade/siteutils.ssjs. It appears to try to set var 'host' to http_request.vhost, then http_request.host, then system.host_name as a last resort. Then 'host' is used when building the links.

Ah, in that case yeah, he'll want to find where that var is set and tweak it some.

I was misled by the IRC conversation which was chasing setting the web servers idea of the host name.

---
http://DuckDuckGo.com/ a better search engine that respects your privacy.
Mro is an idiot. Please ignore him, we keep hoping he'll go away.
* Origin: