- I decided to remove the entire concept of a root user.
Instead, the host initializes as a blank slate and it
will be up to the host admin to create a rank 1 user via
the new command line option "-add_admin" to do initial
setup with.
- There is no longer such a concept as a protected user.
Meaning even the last rank 1 user in the host database
is allowed to delete or modify the rank of their own
account. To prevent permanent "admin lock out" in this
scenario the "-elevate" command line option was created.
- Host settings are no longer stored in the database.
Instead, host settings are now stored in a conf.json file
in /etc/mrci/conf.json if running on a linux based OS or
in %Programdata%\mrci\conf.json if running on Windows.
- Email templates are no longer stored in the database.
Instead, the templates can be any file formatted in UTF-8
text stored in the host file system. The files they point
to can be modified in the conf.json file.
- The conf file also replaced all use env variables so
MRCI_DB_PATH, MRCI_WORK_DIR, MRCI_PRIV_KEY and
MRCI_PUB_KEY are no longer in use. SSL/TLS cert paths can
be modified in the conf file.
- Removed email template cmds set_email_template and
preview_email.
- Also removed cmds close_host, host_config and
restart_host. The actions these commands could do is best
left to the host system command line.
- The database class will now explicitly check for write
permissions to the database and throw an appropriate
error message if the check fails. "DROP TABLE" SQL
abilities were added to make this happen.
- Removed async cmds exit(3), maxses(5) and restart(11).
changed the TEXT type id format from UTF16LE to UTF8 (no BOM). this
included all displayable text used throughout this project. doing
this reduced overhead because UTF16 strings required 2 bytes per
char while UTF8 runs on 1 byte for char. this string format also
expands support for QTs built in Postgresql driver or any driver
that supports UTF8 unicode only.
added "mod_instructions" to the client header format so the client
applications themselves can send direct command line args to the
modules loaded by the host. note: main.cpp needed to be modified
to check for core module parameters before checking the additional
parameters sent by the client; doing this protects against possible
unintentional core parameters being sent by the client.
added a Q_OS_WINDOWS check to applink.c so this file is completely
ignored when compiling on a Linux platform.
all commands that send emails will now return an appropriate error
message if the internal email client fails for any reason.
added a db_settings.json file that the host will now check for to
get database parameters such as hostname, username, driver and
password. doing this opens up the host to other database drivers
other than SQLITE. if not present, the host will create a default
db_settings file that uses SQLITE.
added the -ls_sql_drvs command line arg that will list all of the
SQL drivers that the host currently has installed and can be used
in the db_settings file.
- SSL certs are no longer stored in the host database. This was
done not only for security reasons but there is simply no need
to do such thing anymore.
- The host will longer support multiple SSL certs and will instead
have just a single cert for all TCP connections. This required a
change to the client header format that simply replaced the the
common name with padding. The host will also no longer send the
HOST_CERT type id during session initialization. HOST_CERT was
also removed as a type id.
- The cert and privite key are now pointed to files in the local
file system by the environment variables: MRCI_PRIV_KEY and
MRCI_PUB_KEY.
- The host will still create a default self-signed cert if a valid
cert and private key is not defined in the above environmental
vars. Since the host only support single certs now, the default
cert needed to be expanded to include subject alternative names.
The host will try to detect it's WAN ip address using ipify.org
and then assign SANs for all detected local LAN interfaces.
- Since the cert is now handled by environmental vars and nothing
related to it stored in the database, all the core commands
related to cert management were removed.
Changed the versioning system to a 4 number system that have the first 2
numbers as major.minor for the host application itself and the next 2
numbers (tcp_rev.mod_rev) used by clients and modules to determine
compatibility. A full description of this new system has been edited
into protocol.md. This new system offically starts at v3.0.0.0.
Added the PROMPT data type id that will work exactly like PRIV_TEXT except
it tells the client that the command is asking for non-private information
from the user.
Added PROG and PROG_LAST type ids that can be used by commands to notify
the client of the progress of the command if it is long running. The
long running fs_* commands were updated to use these instead of TEXT for
progress updates.
PUB_IPC, PRIV_IPC and PUB_IPC_WITH_FEEDBACK have all been combined into
one: ASYNC_PAYLOAD. This type id is now the only means at which module
commands can now run async commands. The command process object will
now determine where to direct the async payload (public, private or
public with feedback) based on the async command id being requested.
A description for TERM_CMD was missing in data_types.md so it was added.
Refactored HALT_CMD to YIELD_CMD. The new name just seems more appropriate
or the effect it has on the command.
Module commands can now do input hooking using the new ASYNC_HOOK_INPUT
and ASYNC_UNHOOK async commands. input hooking basically makes it so all
client data gets redirected to the module command that initiated the hook.
This can be used to implement something like a EULA agreement that blocks
all actions that can place during the session until the user accepts or
anything else to that effect.
The command process object will now check the open sub-channels list
being sent by ASYNC_CAST or ASYNC_LIMITED_CAST in any order and will not
be required match exactly to open sub-channels list in the session object.
It however cannot contain sub-channels not already listed in session's
list or else the async payload will be blocked.
Fixed the CmdProcess::validAsync() function that was comparing the input
aysnc command id with the process's command id in some places which is
invalid logic for this function.
Fixed the 'cast' core command that was outputting a malformed async
payload that didn't include the open writable sub-channels list.
Fixed a bug that caused all casted payloads to be forwared to the clients
even when the sub-channel(s) are closed.
Fixed the 'set_disp_name' core command so it can now see the -new_name
argument properly.
fixed some errors found in the documentation and fully updated the internal
commands docs as well.
also updated the internal module to now respond to KILL_CMD so it can now be
signaled to terminate gracefully.
-the add_mod command now requires the -mod_path argument as it should.
-the session now filter out bad NEW_CMD frames based on bad command names and incorrect
frame sizes.
-modules running in list mode can now send ERR frames to the session to log error
messages to the host database.