diff --git a/AI.md b/AI.md index 7686190..4d7949e 100644 --- a/AI.md +++ b/AI.md @@ -657,4 +657,19 @@ Latest endpoint audit checkpoint from patch 0227: targeted behavior/security/provider review rather than another broad endpoint-presence pass. -Next patch number should be `0228`. + +Latest endpoint audit checkpoint from patch 0228: + +- SDK `0x2222/131` / wire `0x83` RPC / server-control is now source-stub-audited + as a NetWare-4.x server-control planning family. No active top-level handler + exists in `src/nwconn.c`. +- Patch `0228` records disabled `MARS_NWE_4` selector slots for `131/01` RPC + Load an NLM, `131/02` RPC Unload an NLM, `131/03` RPC Mount Volume, `131/04` + RPC Dismount Volume, `131/05` RPC Add Name Space To Volume, `131/06` RPC Set + Set Command Value, and `131/07` RPC Execute NCF File. +- Future ownership belongs to the `servermgmt`/RPC provider boundary. Do not + wire these calls to fake success: the real operations can change server state + and the documented reply carries an `RPCccode`. `nwserv` may supervise or + register providers, but must not become a data-plane broker for RPC payloads. + +Next patch number should be `0229`. diff --git a/REDESIGN.md b/REDESIGN.md index 71a3302..e5debab 100644 --- a/REDESIGN.md +++ b/REDESIGN.md @@ -922,9 +922,13 @@ ordering and error handling harder. Simple management and information calls should not become their own process. Examples include login-status queries, server description strings, server time, -console-privilege checks, and small broadcast/control helpers. These can be -represented as a `servermgmt` provider for dispatch clarity, but they should stay -in-process unless a specific call requires an existing backend service. +console-privilege checks, and small broadcast/control helpers. NetWare-4.x RPC +server-control calls such as load/unload NLM, mount/dismount volume, SET command +changes, and NCF execution also belong to this provider boundary, but they are +not simple information calls and must remain disabled until there is a real +privilege model and backend behavior. These can be represented as a +`servermgmt` provider for dispatch clarity, but they should stay in-process +unless a specific call requires an existing backend service. ### Suggested provider map @@ -937,7 +941,7 @@ queue queue objects, jobs, queue servers, print queues, direct-spool br filesystem file, directory, volume, namespace, trustee, salvage helpers semaphore semaphore state and old 0x2222/32 calls message station messaging and broadcast helpers -servermgmt small server-management and information calls +servermgmt server-management, information, and guarded RPC/control calls accounting account status, charges, holds, notes AFP AFP namespace and metadata helpers unknown documented but not yet mapped diff --git a/TODO.md b/TODO.md index 7335863..1bd2f16 100644 --- a/TODO.md +++ b/TODO.md @@ -258,11 +258,10 @@ SDK-listed blocks that do not currently show a top-level handler in found in the audited source, and no source stub should be added under the current 1.x/2.x/3.x plus planned-4.x rule. It remains prose-only/out of the current compatibility target. -- SDK `0x2222/123` / wire `0x7b` service-address enumeration and SDK - `0x2222/131` / wire `0x83` RPC/NLM-control style calls appear in the - PDF/WebSDK index but do not currently show top-level handlers in - `src/nwconn.c`. These are likely later-generation buckets, but each must be - confirmed against the includes/WebSDK before adding guarded stubs. Only +- SDK `0x2222/123` / wire `0x7b` service-address enumeration appears in the + PDF/WebSDK index but does not currently show a top-level handler in + `src/nwconn.c`. It is likely a later server-information bucket, but it must + be confirmed against the includes/WebSDK before adding guarded stubs. Only endpoints bucketed as 1.x/2.x/3.x compatibility or planned 4.x work should receive disabled source stubs. @@ -914,6 +913,33 @@ Follow-up: as complete local implementations. +### RPC / server-control group 0x2222/131 + +Current status: + +- `NCP 0x2222/131` / wire `0x83` is source-stub-audited as a NetWare-4.x/5.x + RPC server-control family. No active top-level handler exists in + `src/nwconn.c`, so patch `0228` records the documented NetWare-4.x selectors + behind `MARS_NWE_4` without changing the default build. +- The audited selectors are `131/01` RPC Load an NLM, `131/02` RPC Unload an + NLM, `131/03` RPC Mount Volume, `131/04` RPC Dismount Volume, `131/05` RPC + Add Name Space To Volume, `131/06` RPC Set Set Command Value, and `131/07` + RPC Execute NCF File. +- These calls are server-management/RPC control operations. They must not be + implemented as fake success because clients may expect real NLM, volume, SET, + or NCF side effects and the SDK reply includes an `RPCccode` result field. +- Future owner is the `servermgmt`/RPC provider boundary. `nwserv` may remain + the control-plane supervisor/registry, but normal RPC payloads must not be + routed through `nwserv` as a data-plane broker. + +Follow-up: + +- Keep these stubs disabled until there is a real privilege model and backend + behavior for server-control operations. +- If any RPC call is implemented, add tests for supervisor-equivalent + authentication, request string parsing, `RPCccode` mapping, and failure paths. + + ### Extended volume information field mapping Current status: diff --git a/src/nwconn.c b/src/nwconn.c index d46d052..932794e 100644 --- a/src/nwconn.c +++ b/src/nwconn.c @@ -7474,6 +7474,70 @@ static int handle_ncp_serv(void) break; #endif +#if MARS_NWE_4 + case 0x83 : { /* SDK 131 / wire 0x83 RPC / server-control group. + * Source outcome: no active top-level implementation exists + * for this NetWare-4.x server-control family. This disabled + * stub records the selector coverage without changing the + * default compatibility build. + * + * SDK group request header: + * word SubFunctionStrucLen (Hi-Lo) + * byte SubFuncCode + * ... subfunction-specific RPC payload + * + * Common reply layout for these RPC calls: + * long RPCccode + * long reserved[4] + * + * Future owner: server-management/RPC provider. These calls + * can load/unload NLMs, mount/dismount volumes, change SET + * commands, and execute NCF files, so they must not be wired + * to fake success. They also must not turn nwserv into a + * data-plane payload broker; nwserv should remain the control + * plane/supervisor. + */ + uint8 rpc_subfunc = (requestlen > sizeof(NCPREQUEST) + 2) + ? requestdata[2] + : 0xff; + switch (rpc_subfunc) { + case 0x01: /* 131/01 RPC Load an NLM. + * Request: NLMLoadOptions long, reserved[3], + * reservedFlags[4], ASCIIZ PathAndName. + */ + case 0x02: /* 131/02 RPC Unload an NLM. + * Request: reserved[4], reservedFlags[4], + * ASCIIZ NLMName. + */ + case 0x03: /* 131/03 RPC Mount Volume. + * Request: reserved[4], reservedFlags[4], + * ASCIIZ VolumeName. + */ + case 0x04: /* 131/04 RPC Dismount Volume. + * Request: reserved[4], reservedFlags[4], + * ASCIIZ VolumeName. + */ + case 0x05: /* 131/05 RPC Add Name Space To Volume. + * Request: reserved[4], reservedFlags[4], + * ASCIIZ "NameSpaceName {TO} {VOLUME} Volume". + */ + case 0x06: /* 131/06 RPC Set Set Command Value. + * Request: set-command type/value payload plus + * ASCIIZ SetCmdName and optional ASCIIZ value. + */ + case 0x07: /* 131/07 RPC Execute NCF File. + * Request: reserved[4], reservedFlags[4], + * ASCIIZ NCF file path/name. + */ + completition = 0xfb; + break; + default: completition = 0xfb; + break; + } + } + break; +#endif + default : completition = 0xfb; /* unknown request */ break;