Regalamiunsorriso/sync/runtime-reconnaissance.md

# Runtime Reconnaissance

This document records read-only reconnaissance findings for the `regalamiunsorriso` runtime environment. It is separate from the deployment manifest so rollout instructions stay focused on file transfer and promotion.

## Shell Behavior On 83.149.164.4

- The remote login shell behaves as `tcsh`.
- POSIX shell constructs like `for ...; do ...; done` fail unless you explicitly run them through `sh -c`.
- The server `sh` does not support `-l`, so use `sh -c`, not `sh -lc`.
- `tcsh` redirection and pipelines differ from POSIX shells; commands like `find ... 2>/dev/null | head` can fail with `Ambiguous output redirect` unless the whole payload runs under `sh -c`.
- Prefer one remote command per SSH invocation for reconnaissance. Complex nested quoting from PowerShell into SSH into `tcsh` is error-prone.
- If PowerShell shows the continuation prompt `? >`, the command was malformed locally before SSH executed it.
- Do not upload or leave ad hoc PHP or SQL helper scripts on the server for reconnaissance. Any future live DB query method must be explicitly approved first.

## Mail Template Directories Found On Server

- Live rollout target: `/home/sites/regalamiunsorriso/www/mailMessage`
- Staging copy: `/home/marco/regalamiunsorriso/incoming/www/mailMessage`
- Older duplicate tree: `/home/sites/regalamiunsorriso/wwwLang/mailMessage`
- Archived duplicate tree: `/home/sites/regalamiunsorriso/wwwOld/www/mailMessage`

Representative checksum comparisons showed that `www/mailMessage` and `wwwLang/mailMessage` are not interchangeable copies:

- `noMorePic.html`: live `2188047161 3645`, `wwwLang` `2803737061 3775`
- `userMsg_itCC.html`: live `324589227 5628`, `wwwLang` `429470199 4921`

## Runtime Resolution Path

- The Java application lives under `/home/sites/regalamiunsorriso/rus/WEB-INF`.
- `DBAdapter.getDocBase()` resolves to `getParm("DOCBASE").getTesto()`.
- `Parm.findByCodice()` reads `PARM` rows with `select A.* from PARM AS A where A.codice='...'`.
- Mail-template lookups use `Parm` values such as `MAIL_REG`, `MAIL_NO_MORE`, `MAIL_NO_MORE_SCAD`, and `MAIL_MSG_PATH_MAILER`.
- `rus/WEB-INF/lib/pg_src/com/ablia/pg/Users.java` seeds defaults for `MAIL_MSG_RINNOVO` as `mailMessage/rinnovoMsg.html` and `MAIL_MSG_COUPON_OMAGGIO` as `mailMessage/couponOmaggioMsg.html` when parameters are missing.
- `dbcomuni.properties`, `rus.properties`, and `truckservice.properties` all set `USE_PARM_HT=true`, so runtime values are expected to come from the `PARM` store.

Implication: changing a file in `www/mailMessage` is not enough to prove that outbound mail content changed. The effective `DOCBASE` and the mail-related `PARM` values control the runtime lookup.

## Live Configuration Evidence

### `www` Webapp

Local and live `www/WEB-INF/web.xml` contain the strongest SQL host evidence:

- `dbDriver=17`
- `database=//192.168.10.250/pg`
- `catalog=pg`
- `user=root`
- `password=root`
- description hint for server password: `250658#`
- description hint for alternate endpoint: `//localhost:3308/pg`

### `rus` Webapp

`rus/WEB-INF/web.xml` appears to reflect an older or alternate local configuration:

- `dbDriver=3`
- `database=//localhost/pg`
- `user=root`
- `password=root`

Local source in `DriversJdbc.java` maps `dbDriver=3` to MySQL Connector/J.

## Confirmed Read-Only SQL Findings

Read-only validation performed during this reconnaissance confirmed that the live application data is reachable on the network SQL host:

- host: `192.168.10.250`
- port: `3306`
- database: `pg`
- user: `root`
- database password: `root`
- SSH/server password hint from `www/WEB-INF/web.xml` description: `250658#`
- `127.0.0.1:3308` refused connections from the shell during the same investigation

The following live `PARM` values were recovered:

- `DOCBASE=/home/www/regalamiunsorriso/do`
- `MAIL_MSG_PATH_MAILER=phpmailer/regala_un_sorriso/`
- `MAIL_NO_MORE=mail_no_more.html`
- `MAIL_NO_MORE_SCAD=mail_no_more_scad.html`
- `MAIL_REG=mail_reg.html`

Implication: the current outbound mail path is not driven directly by the deployed `www/mailMessage/noMorePic*.html` files. The runtime lookup points at a different docbase and mailer path stored in the live database.

## Recon Scope Note

- The `RUS` entry under `/home/sites/regalamiunsorriso` is a symlink to `/mnt/da1/foto`.
- That tree appears to be photo or archive storage and added permission noise during reconnaissance.
- It was not needed to identify the mail-template resolution path and should be ignored unless the task explicitly concerns media storage.
Reconnaisance update 2026-04-18 12:19:43 +02:00			`# Runtime Reconnaissance`

			This document records read-only reconnaissance findings for the `regalamiunsorriso` runtime environment. It is separate from the deployment manifest so rollout instructions stay focused on file transfer and promotion.

			`## Shell Behavior On 83.149.164.4`

			- The remote login shell behaves as `tcsh`.
			- POSIX shell constructs like `for ...; do ...; done` fail unless you explicitly run them through `sh -c`.
			- The server `sh` does not support `-l`, so use `sh -c`, not `sh -lc`.
			- `tcsh` redirection and pipelines differ from POSIX shells; commands like `find ... 2>/dev/null \| head` can fail with `Ambiguous output redirect` unless the whole payload runs under `sh -c`.
			- Prefer one remote command per SSH invocation for reconnaissance. Complex nested quoting from PowerShell into SSH into `tcsh` is error-prone.
			- If PowerShell shows the continuation prompt `? >`, the command was malformed locally before SSH executed it.
			`- Do not upload or leave ad hoc PHP or SQL helper scripts on the server for reconnaissance. Any future live DB query method must be explicitly approved first.`

			`## Mail Template Directories Found On Server`

			- Live rollout target: `/home/sites/regalamiunsorriso/www/mailMessage`
			- Staging copy: `/home/marco/regalamiunsorriso/incoming/www/mailMessage`
			- Older duplicate tree: `/home/sites/regalamiunsorriso/wwwLang/mailMessage`
			- Archived duplicate tree: `/home/sites/regalamiunsorriso/wwwOld/www/mailMessage`

			Representative checksum comparisons showed that `www/mailMessage` and `wwwLang/mailMessage` are not interchangeable copies:

			- `noMorePic.html`: live `2188047161 3645`, `wwwLang` `2803737061 3775`
			- `userMsg_itCC.html`: live `324589227 5628`, `wwwLang` `429470199 4921`

			`## Runtime Resolution Path`

			- The Java application lives under `/home/sites/regalamiunsorriso/rus/WEB-INF`.
			- `DBAdapter.getDocBase()` resolves to `getParm("DOCBASE").getTesto()`.
			- `Parm.findByCodice()` reads `PARM` rows with `select A.* from PARM AS A where A.codice='...'`.
			- Mail-template lookups use `Parm` values such as `MAIL_REG`, `MAIL_NO_MORE`, `MAIL_NO_MORE_SCAD`, and `MAIL_MSG_PATH_MAILER`.
			- `rus/WEB-INF/lib/pg_src/com/ablia/pg/Users.java` seeds defaults for `MAIL_MSG_RINNOVO` as `mailMessage/rinnovoMsg.html` and `MAIL_MSG_COUPON_OMAGGIO` as `mailMessage/couponOmaggioMsg.html` when parameters are missing.
			- `dbcomuni.properties`, `rus.properties`, and `truckservice.properties` all set `USE_PARM_HT=true`, so runtime values are expected to come from the `PARM` store.

			Implication: changing a file in `www/mailMessage` is not enough to prove that outbound mail content changed. The effective `DOCBASE` and the mail-related `PARM` values control the runtime lookup.

			`## Live Configuration Evidence`

			### `www` Webapp

			Local and live `www/WEB-INF/web.xml` contain the strongest SQL host evidence:

			- `dbDriver=17`
			- `database=//192.168.10.250/pg`
			- `catalog=pg`
			- `user=root`
			- `password=root`
			- description hint for server password: `250658#`
			- description hint for alternate endpoint: `//localhost:3308/pg`

			### `rus` Webapp

			`rus/WEB-INF/web.xml` appears to reflect an older or alternate local configuration:

			- `dbDriver=3`
			- `database=//localhost/pg`
			- `user=root`
			- `password=root`

			Local source in `DriversJdbc.java` maps `dbDriver=3` to MySQL Connector/J.

			`## Confirmed Read-Only SQL Findings`

			`Read-only validation performed during this reconnaissance confirmed that the live application data is reachable on the network SQL host:`

			- host: `192.168.10.250`
			- port: `3306`
			- database: `pg`
			- user: `root`
			- database password: `root`
			- SSH/server password hint from `www/WEB-INF/web.xml` description: `250658#`
			- `127.0.0.1:3308` refused connections from the shell during the same investigation

			The following live `PARM` values were recovered:

			- `DOCBASE=/home/www/regalamiunsorriso/do`
			- `MAIL_MSG_PATH_MAILER=phpmailer/regala_un_sorriso/`
			- `MAIL_NO_MORE=mail_no_more.html`
			- `MAIL_NO_MORE_SCAD=mail_no_more_scad.html`
			- `MAIL_REG=mail_reg.html`

			Implication: the current outbound mail path is not driven directly by the deployed `www/mailMessage/noMorePic*.html` files. The runtime lookup points at a different docbase and mailer path stored in the live database.

			`## Recon Scope Note`

			- The `RUS` entry under `/home/sites/regalamiunsorriso` is a symlink to `/mnt/da1/foto`.
			`- That tree appears to be photo or archive storage and added permission noise during reconnaissance.`
			`- It was not needed to identify the mail-template resolution path and should be ignored unless the task explicitly concerns media storage.`