diff --git a/connect.c b/connect.c index c41301c..7c24e82 100644 --- a/connect.c +++ b/connect.c @@ -165,6 +165,7 @@ static int free_dir_handle(int dhandle) void set_default_guid(void) { seteuid(0); + setgroups(0, NULL); if (setegid(default_gid) < 0 || seteuid(default_uid) < 0) { errorp(1, "set_default_guid, !! Abort !!", "Cannot set default gid=%d and uid=%d" , default_gid, default_uid); @@ -174,13 +175,25 @@ void set_default_guid(void) void set_guid(int gid, int uid) { + char aktname[100]; + if (gid > -1 && uid > -1) { + seteuid(uid); + cuserid(aktname); + } else aktname[0] = '\0'; if ( gid < 0 || uid < 0 || seteuid(0) || setegid(gid) == -1 || seteuid(uid) == -1 ) { DPRINTF(("SET GID=%d, UID=%d failed\n", gid, uid)); set_default_guid(); - } else XDPRINTF((5,0,"SET GID=%d, UID=%d OK", gid, uid)); + } else { + if (aktname[0]) { + seteuid(0); + initgroups(aktname, gid); + if (seteuid(uid) == -1) set_default_guid(); + } + XDPRINTF((5,0,"SET GID=%d, UID=%d OK", gid, uid)); + } } static char *conn_get_nwpath_name(NW_PATH *p) diff --git a/doc/CHANGES b/doc/CHANGES index 48f7dda..3a27fd5 100644 --- a/doc/CHANGES +++ b/doc/CHANGES @@ -126,6 +126,9 @@ Erste 'oeffentliche' Version - falls internal net = 0 wird nun die IP Nummer als internal net verwendet. - Zugriffsrechte Bindery erweitert und korrigiert. - Volume option -r fuer readonly eingebaut. +<----- ^^^^^^^^^^ pl4 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + + diff --git a/doc/CREDITS b/doc/CREDITS new file mode 100644 index 0000000..8cf5579 --- /dev/null +++ b/doc/CREDITS @@ -0,0 +1,23 @@ +Sorry, but this list will *never* be complete. +----------------------------------------------- +Michael Beddow + translated doc for PIPE-FS + +Uwe Bonnes + many testings+notes + +Hardy Buchholz + wrote HOWTO.ger + +Ales Dryak + his linware gives the kick + +Volker Lendecke + helps distributing + +James B. MacLean + many testings+notes + +Winfried Truemper : + re-wrote `INSTALL' and added explanations to `nw.ini' + diff --git a/doc/HOWTO.ger b/doc/HOWTO.ger index 87493e0..f821997 100644 --- a/doc/HOWTO.ger +++ b/doc/HOWTO.ger @@ -3,16 +3,57 @@ Dieses HowTo ist noch unfertig. Aktuelle Version erhaeltlich bei: Hardy Buchholz - ALLGEMEINES ^^^^^^^^^^^ -MARS_NWE ist ein frei erhaeltlicher Netware-Emulator fuer Linux. -(auch fuer Unixware) -IPX -^^^ +MARS_NWE (Martin Stovers Netware-Emulator) ist ein Netware-Emulator +fuer Linux (und auch fuer Unixware). Entstanden ist der MARS_NWE +zuerst 1993 auf einer USL1.1 und wurde spaeter (1994) nach Linux +portiert. Die Anregung MARS_NWE allgemein zugaenglich zu machen, kam +durch LINWARE (von A.Dryak). Problematisch bei der Entwicklung vom +MARS_NWE ist der Umstand, dass das NCP (Netware-Core-Protokoll) keine +oeffentliche Spezifikation hat, sondern zu den Novell-Interna gehoert. +Daher sind viele Funktionen eines "echten" Netware-Servers nur schwer +realisierbar, und vieles beruht auf Vermutungen und ausprobieren. + +Was kann MARS_NWE? +Inzwischen realisiert der MARS_NWE die wichtigsten Services eines +echten Netware-Servers. Im Einzelnen heisst dies: + +File-Services: +Natuerlich steht an erster Stelle das zur Verfuegung stellen von +Massenspeicher und Dateien fuer verschiedene Clients. Hier hat der +MARS_NWE gerade im heterogenen Netzwerk einiges zu bieten. Als Volumes +koennen saemtliche unter Linux mountbare Filesysteme freigegeben +werden. Interessant sind dabei natuerlich vor allem auch NFS-mounted +directorys, CDROMS, selbst mit Volker Lendeckes NCPFS gemountete +Netware-Volumes eines anderen Servers koennen wieder exportiert +werden, sowie selbverstaendlich alle auf dem Host lokal vorhandenen +File-system-varianten. + +Print-Services: +sind im MARS_NWE ebenfalls realisiert, allerdings in anderer Form, als +bei Netware, d.h. es existieren keine Printqueues, die mit den +Netware-Tools verwaltet werden koennen, sondern der Druckauftrag wird +mittels Uebergabe-Vezeichnissen an den Linux-Spooler weitergereicht. + +Routing: +Als Router ist der MARS_NWE besonders geeignet, da er weitesgehend +automatisch zwischen den verschiedensten Welten als Router vermittelt +(u.a. auch ueber ISDN). + +PIPE-Volumes: +Eine Besonderheit des MARS_NWE sind die sogenannten PIPE-Volumes, die +im Detail weiter unten erklaert werden. Hiermit kann man z.B. von +einem Dos-Client auf Unix-Shellscripte lesend und schreibend +zugreifen. + + +Schwachstellen, Probleme und TODO's + + QUICKINST (fuer alle Ungeduldigen und Wiederholungstaeter ;-) @@ -34,17 +75,19 @@ INSTALLATION Kernel ^^^^^^ Voraussetzung um MARS_NWE laufen zu lassen ist ein Kernel mit -IPX-Option. Grundsaetzlich sollte der MARS_NWE unter allen neueren -Kernelversionen nutzbar sein. Die Kernelpatches aus dem Verzeichniss -"mars_mwe/examples" sind keine Vorraussetzung, steigern die -Performance des Servers aber ganz erheblich (ca. 30-40%). Weiter wird -dringend empfohlen, die Option FULL_INTERNAL_NET in der -Kernel-Konfiguration auf NEIN zu setzen. Sind die genannten -Bedingungen erfuellt, steht der Installation vom MARS_NWE von der -Linux-Seite nichts mehr im Weg, andernfalls sollte zuerst ein neuer -Kernel erzeugt (IPX = Y, FULL_INTERNAL_NET = N, Patch eingespielt?) -und Linux neu gebootet werden. - +IPX-Option. Grundsaetzlich sollte der MARS_NWE unter allen neueren +(<=1.3.60) Kernelversionen nutzbar sein. 1.3.57 und 1.2.13 ist +ebenfalls eine fuer MARS_NWE geeignete Kernelversion, aeltere (1.3.x) +sind zum Teil problematisch, wegen Bug's im IPX-Code. Die +Kernelpatches aus dem Verzeichniss "mars_mwe/examples" sind keine +Vorraussetzung, steigern die Performance des Servers aber ganz +erheblich (ca. 30-40%). Weiter wird dringend empfohlen, die Option +FULL_INTERNAL_NET in der Kernel-Konfiguration auf NEIN zu setzen. Sind +die genannten Bedingungen erfuellt, steht der Installation vom +MARS_NWE von der Linux-Seite nichts mehr im Weg, andernfalls sollte +zuerst ein neuer Kernel erzeugt (IPX = Y, FULL_INTERNAL_NET = N, Patch +eingespielt?) und Linux neu gebootet werden (mehr dazu im +KERNEL-HOWTO). Novell ^^^^^^ @@ -329,11 +372,11 @@ Netware-Netzen ist meist 802.3, 802.2 ist bei einigen neueren (Netware 3.12 ..) zu finden. Neuerdings kann in der "nwserv.conf" auch ein Autodetect der Net-Devices eingestellt werden. Dies kann natuerlich nur -funktionieren, wenn an diesem Device mindestens ein anderer -Netware-Server haengt, der korrekt eingerichtet ist, damit vom -MARS_NWE die externe Netzwerknummer und der Frame-Typ vom laufenden -Datenverkehr abgeleitet werden kann. -Eintraege 7 - 13 legen die Securety- und Login-Details fest. Als +funktionieren, wenn an diesem Device mindestens ein anderer +Netware-Server haengt, der korrekt eingerichtet ist, damit vom +MARS_NWE die externe Netzwerknummer und der Frame-Typ vom laufenden +Datenverkehr abgeleitet werden kann. +Eintraege 7 - 13 legen die Security- und Login-Details fest. Als Besonderheit bei Eintrag 7 gilt: auch wenn die 8 (allow empty passwds) eingetragen ist, muss der Supervisor ein Passwort haben (zumindest, wenn der Root auf dem Linux-Rechner eines hat). Die Optionen fuer @@ -366,6 +409,7 @@ FAQ's TIPS UND LESESTOFF ^^^^^^^^^^^^^^^^^^ + EMAIL-ADRESSEN ^^^^^^^^^^^^^^ diff --git a/doc/mars_nwe.lsm b/doc/mars_nwe.lsm index 5d260a1..3659cf4 100644 --- a/doc/mars_nwe.lsm +++ b/doc/mars_nwe.lsm @@ -1,7 +1,7 @@ Begin3 Title: mars_nwe -Version: 0.97.pl4 -Entered-date: 11-May-96 +Version: 0.97.pl5 +Entered-date: 17-May-96 Description: Full netware-emulator (src), beta. Supports file-services, bindery-services, printing-services, routing-services. @@ -9,7 +9,7 @@ Keywords: novell, netware, server, ipx, ncp, tli Author: mstover@freeway.de (Martin Stover) Maintained-by: mstover@freeway.de (Martin Stover) Primary-site: ftp.gwdg.de:/pub/linux/misc/ncpfs - 140kB mars_nwe-0.97.pl4.tgz + 140kB mars_nwe-0.97.pl5.tgz Alternate-site: ftp.uni-duisburg.de /pub/linux/ipxware Platforms: Linux (1.2.xx, 1.3.xx), UnixWare 2.0x Copying-policy: GNU diff --git a/examples/nw.ini b/examples/nw.ini index e7b7168..f38ec55 100644 --- a/examples/nw.ini +++ b/examples/nw.ini @@ -1,30 +1,46 @@ # -# This is the configuration-file for "mars_nwe", the free netware-emulator +# This is the configuration-file for "mars_nwe", a free netware-emulator # for Linux. # -# last change: 13-May-96 -# +# last change: 16-May-96 + +# This file specifies which Linux-resources (printers, users, directories) +# should be accessible to the DOS-clients via "mars_nwe". Furthermore +# some general parameters are configured here. +# Some options of "mars_nwe" can only be altered by editing the the file +# `config.h' and re-compiling "mars_nwe", please see there for more +# information. + + # Syntax of this config-file: -# - everything after the "#" is ignored, so it is used to -# make comment-lines -# - entries _must_ begin with a number, indicating the section -# they belong to -# - hexadecimal values are prepended with "0x" +# - everything after a "#" is not treated as a comment (particularly +# it does never belong to the values themselves) +# - entries _must_ begin with a number, indicating the section +# they belong to +# - hexadecimal values are prepended by "0x" # # All examples are verbatim. +# +# The term "DOS-client" does not refer to the special operating-system +# "DOS" in _this_ file. "DOS-client" is only a synomym for all possible +# ipx-clients (it's choosen for the people who are confused by the +# meaning of "client" and "server"). +# The "Linux-side" of the game is always the "mars_nwe"-server. +# ========================================================================= # Section 1: volumes (required) # -# In this section you list all directories accessible via "mars_nwe". -# To be more specific: a mapping from Linux-directories to mars_nwe-volumes +# In this section you list all Linux-directories accessible via "mars_nwe". +# +# To be more precise: a mapping from Linux-directories to mars_nwe-volumes # is done. (Volumes are the beasts you can map to drive letters under DOS # using "map.exe"). # -# Linux-directory mars_nwe-volume map.exe DOS-Drive -# /var/local/nwe/SYS -------> SYS -------------> W: +# Linux-directory mars_nwe-volume map.exe DOS-Drive +# /var/local/nwe/SYS -------> SYS -------------> W: # -# More than one entry is possible in this section. +# More than one entry is allowed in this section. # The maximum number of volumes is a compile-time option that must be # specified in `config.h' before compiling mars_nwe. # @@ -32,33 +48,40 @@ # contain the following sub-directories: LOGIN, PUBLIC, SYSTEM, MAIL. # See the installation-instructions in the doc-directory for more infos. # +# +# ------------------------------------------------------------------------- # Syntax: -# 1 VOLUMENAME DIRECTORY OPTIONS +# 1 VOLUMENAME DIRECTORY OPTIONS # -# VOLUMENAME: the name of the mars_nwe-volume (max. 8 characters) -# DIRECTORY: the directory on your Linux-system associated with that -# volume; use the special name "~" to refer to the users -# individual home-directory +# VOLUMENAME: the name of the mars_nwe-volume (max. 8 characters) +# DIRECTORY: the directory on your Linux-system associated with that +# volume; use the special name "~" to refer to the users +# individual home-directory # -# OPTIONS: none or some of the following characters (without a seperator) -# k allow lowercase-filenames (if you don't set this, all -# files _must_ be upper-case) -# m removable volume (e.g. cd-roms) -# o volume has only one filesystem/device/namespace -# this is for filesystems with high inode > 0xFFFFFFF. -# because for namespace services mars_nwe normally use the -# first 4 bit of 32 bit inode to distinguish -# between several devices/namespaces for one volume. -# p "PIPE"-filesystem. All files are pipe commands. -# See `doc/PIPE-FS'. -# r readonly volume. Free disk space will also return 0. +# OPTIONS: none or some of the following characters (without a seperator) +# k allow lowercase-filenames (if you don't set this, all +# files _must_ be upper-case) +# m removable volume (e.g. cd-roms) +# r volume is read-only and always reports "0 byte free" +# (this is intended for copies of CD-ROMs on harddisks) +# o volume has only one filesystem/device/namespace +# this is for filesystems with high inode > 0xFFFFFFF. +# because for namespace services mars_nwe normally use the +# first 4 bit of 32 bit inode for distinguish +# between several devices/namespaces for one volume. +# p "PIPE"-filesystem. All files are pipe commands. +# See `doc/PIPE-FS'. +# ------------------------------------------------------------------------- # -# examples: -1 SYS /u3/SYS/ # SYS upper-case filenames -1 CDROM /cdrom km # lowercase filenames, removable -1 HOME ~ k # users HOME directory, lowercase +# Examples: +# 1 SYS /var/local/nwe/SYS k +# 1 CDROM /cdrom kmr +# 1 HOME ~ k + + 1 SYS /u3/SYS/ k +# ========================================================================= # Section 2: servername (optional) # # The servername is the name under which this server will show up when @@ -67,81 +90,147 @@ # If you don't supply an entry for this section, the hostname of your # Linux-machine will be converted to all-uppercase and used as the servername. # +# ------------------------------------------------------------------------- # Syntax: -# 2 SERVERNAME +# 2 SERVERNAME # -# SERVERNAME: a name for this nw-server +# SERVERNAME: a name for this nw-server +# ------------------------------------------------------------------------- # # Example: -# 2 MARS +# 2 MARS # name of the server would be "MARS" -# Section 3: Number of the internal network -# If you have mars_nwe V > 0.96pl5 and a kernel >= 1.3.60 -# or the small ipx-kpatch from the examples dir you should use -# internal net and routing. +# ========================================================================= +# Section 3: Number of the internal network (required) # -# NOTE: the internal net number must be _unique_ in your IPX-environment! +# If have dealt with the TCP/IP-configuration of your Linux-Box, the term +# "ip-address" may be familiar to you. It's a numer that uniquely +# identifies your machine in the internet. +# As you might already expect, even the IPX-people use a unique number to +# identify each other. Addresses in the IPX-world always consist of a +# 4-byte "network-number" plus a 6-byte "node-number" (remember the +# ip-addresses also use 4-bytes). # +# The numbering-rule for ipx-clients is easy: their "address" is the +# external-network of the server they are connected to plus the +# hardware-address of their own ethernet-card (6 byte). As a result of this +# rule, the clients can determine their address automatically (by listening +# to the server and looking at their own ethernet-hardware) and no +# configuration-files on the clients-side have to be maintained. (It would +# really be a nasty thing if you think of very many DOS-clients [remember: +# DOS is an OS where ordinary users can screw up the configuration files].) +# +# For internal routing purposes, a netware-server has an "internal network" +# +# As there is no organisation which regulates the use of network-numbers +# in the IPX-world, you have to run "slist" (under DOS or Linux) to +# determine a number that isn't already used by another server on your +# net. You better double-check and ask the other network administrators +# before using a random value because not all servers might be on-line when +# you "listen" to the net. +# +# A reasonable choice for the internal net-number of your mars_nwe-server +# could be the ip-address of your Linux-Box. It is reasonable because +# ip-addresse are unique and if every nw-administrator uses only this uniqe +# value, potential conflicts will be minimized. Of course this choice is +# no guarantee. +# +# Please note that you have to specify the address of your "internal +# ipx-network" in hexadecimal format (the leading "0x" indicates it). +# +# +# ------------------------------------------------------------------------- # Syntax: -# 3 INTERNAL_NET [NODE] +# 3 INTERNAL_NET [NODE] # -# INTERNAL_NET: AUTO or 0 for using the ip number as INTERNAL_NET +# INTERNAL_NET: the hexadecimal value of your "internal ipx-network". Use +# "0x0" or "auto" to refer to your ip-addresse (it's a kind of +# automagically setup) +# NODE: use "1" if you don't know what this entry is for (optional) +# ------------------------------------------------------------------------- # -# NODE: 1 (optional) +# Example: +# 3 auto 1 # automatic setup + + 3 auto + + +# ========================================================================= +# Section 4: IPX-devices (strongly recommended) +# +# This section contains information for the ipx-router built into mars_nwe +# and/or the external program "ipxrouted". +# Both processes exchange the ipx-packets between your machine and the rest +# of the world (in other words: their functionallity is essential). Of +# course, to use one of both is already sufficient. +# +# Note for people with other IPX/NCP servers on the net: +# - choose the same frame-type as the other servers use +# - make sure your network-number is not already in use by another +# server (see the output of "slist" under Linux or DOS) +# +# Under Linux, it is possible to let the kernel detect all values +# automatically for you. This is only possible (and only makes sense then) +# if there are other IXP/NCP servers on the same net which are setup +# correctly. +# +# +# ------------------------------------------------------------------------- +# Syntax: +# 4 NET_NUMBER DEVICE FRAME TICKS +# +# NET_NUMBER: this number is determined by the router of the physical +# network you're attached to. Use "0x0" to let the +# linux-kernel determine your network number by listening +# on the local network +# DEVICE: the network-interface associated with the NET_NUMBER. Use +# a "*" (star) to automatically setup all devices at once. +# FRAME: the frame-type of the data-packets on your local network. +# Possible values are: +# ethernet_ii +# 802.2 +# 802.3 (default) +# snap +# token +# auto automatic detection of the frame-type used +# in your ipx-environment +# TICKS: the time data-packets need to get delivered over a +# certain interface. If your connection goes through several +# routers, the shortest path can be determined by summing up +# all ticks for every route and compare the results. +# (1 tick = 1/18th second) +# ------------------------------------------------------------------------- # # Examples: -# 3 0xABCDEF99 # use a unique number -3 AUTO # use ip number as INTERNAL_NET +# 4 0x0 * AUTO 1 # automatic setup +# 4 0x10 eth0 802.3 1 # manual setup + + 4 0x10 eth0 802.3 1 + 4 0x0 * AUTO 1 -# Section 4: IPX-devices (optional) -# -# NOTE for people with other IPX/NCP servers on the net: -# Your network numbers, frames must be the same as at your -# other servers on the same net. -# -# Syntax: -# 4 NET_NUMBER DEVICE FRAME TICKS -# -# NET_NUMBER: -# DEVICE: the network-interface associated with the NET_NUMBER -# FRAME: -# ethernet_ii -# 802.2 -# 802.3 (default) -# snap -# token -# auto -# TICKS: ethernet: 1, isdn: 7 -# -# Examples: -4 0x10 eth0 802.3 1 -# Automatic setup: -4 0x0 * AUTO 1 -# -# NOTE: autosetup only works if there are other IXP/NCP servers on -# the same net which are setup correctly, that means: tells us the required -# information about netnumber and frame. - - -# Section 5: Saving of ipx-routes (optional) +# ========================================================================= +# Section 5: Saving of ipx-routes (required) # # This entry controls if the information regarding the ipx-routes should be -# saved beyond the livetime of the server. -# You can achieve a small speedup when starting mars_nwe by using this entry. +# saved beyond the lifetime of the server. # +# ------------------------------------------------------------------------- # Syntax: -# 5 SAVE_FLAG +# 5 SAVE_FLAG # # SAVE_FLAG: -# 0 don't save routes (default) -# 1 do save routes -# Example: -5 0 +# 0 don't save routes (default) +# 1 do save routes +# ------------------------------------------------------------------------- +# + +5 0 -# Section 6: version-spoofing +# ========================================================================= +# Section 6: version-"spoofing" # # Some clients work better if the server tells that it is a 3.11 Server, # although many calls (namespace services) of a real 3.11 Server are @@ -149,46 +238,59 @@ # To test the namespace calls, this entry must be set to > 0 and `config.h' # must be altered before compiling "mars_nwe". # +# ------------------------------------------------------------------------- # Syntax: -# 6 SERVER_VERSION +# 6 SERVER_VERSION # -# SERVER_VERSION: -# 0 Version 2.15 -# 1 Version 3.11 -# 2 Version 3.12 (not implemented yet) -6 0 +# SERVER_VERSION: the version-number reported to DOS-clients +# 0 Version 2.15 (default) +# 1 Version 3.11 +# 2 Version 3.12 (not implemented yet) +# ------------------------------------------------------------------------- +# + +6 0 -# Section 7: password handling (required) +# ========================================================================= +# Section 7: password handling of DOS-clients (required) +# # When changing your "mars_nwe"-password from a DOS-client, this client # (think of "LOGIN.EXE", "SYSCON.EXE" or "SETPASS.EXE") can encrypt your # password before sending it to the "mars_nwe"-server (this improves # security a little bit). # In this section you can enforce encryption of user-passwords or allow # not-encrypted sending of passwords over the net. +# +# # On the Linux-side, passwords will only be stored in encrypted format. # +# +# ------------------------------------------------------------------------- # Syntax: -# 7 FLAG +# 7 FLAG # # FLAG: -# 0 use only encrypted passwords stuff. -# the encrypted change password call is not -# implemented till now, so if you choose this option -# you will not be able to change passwords from -# client size. -# 1 allow the unencrypted change password routine (default). -# You can use mars_dosutils or an old 2.15 setpass program. -# -# 7 allow all unencrypted stuff, no empty nwe passwords. -# 8 allow all unencrypted stuff, allow empty nwe passwords. -# 9 use all unencryted calls + get crypt key will allways fail -# so the login program will use the old unencryted calls. -# this will *not* work with all clients !! (OS2/client) -7 1 +# 0 enforce encryption of _all_ passwords by the DOS-client +# (disables changing of password from the clients) +# 1 as "0", but allow the non-encrypted version of the +# "change password"-routine. (default) +# 7 allow all non-encrypted stuff but no empty nwe passwords. +# 8 allow all non-encrypted stuff and also allow empty +# nwe-passwords. +# 9 use all non-encryted calls + "get crypt key" will allways fail +# so the login program will use the old unencryted calls. +# this will *not* work with all clients !! (OS2/client) +# ------------------------------------------------------------------------- + +7 1 -# Section 10 + 11 : UID and GID with minimal rights +# Section 8: currently not used +# Section 9: currently not used + +# Section 10: UID and GID with minimal rights +# ========================================================================= # # When loading the netware-drivers in the "autoexec.bat" of your # DOS-client, you automatically "attach" to a netware-server. @@ -206,152 +308,238 @@ # `/etc/passwd' and `/etc/group'. Use the number of that user/group # for the following entries. # +# ------------------------------------------------------------------------- # Syntax: -# 10 GID -# 11 UID -# Example: -# 10 65534 -# 11 65534 +# 10 GID +# 11 UID # -# GID numeric number of the group -# UID numeric number of the user -10 65534 -11 65534 +# GID numeric number of the group +# UID numeric number of the user +# ------------------------------------------------------------------------- +# +# Example: +# 10 65534 +# 11 65534 + + 10 65534 + 11 65534 +# ========================================================================= # Section 12: supervisor-login (required) # # The "supervisor" of a nw-server is much like "root" on the Linux-side. # -# Syntax: -# 12 NW_LOGIN LINUX_LOGIN [PASSWORD] +# Specify a Linux-user that should be mapped to the supervisor of this +# mars_nwe-server. +# To improve security, don't use "root" for this purpose but create a +# seperate administrative account (under Linux) called "nw-adm" or similar. # -# NW_LOGIN: the login-name for the "mars_nwe"-server (traditionally, -# this is "SUPERVISOR") -# LINUX_LOGIN: the account on the Linux-side associated with the NW_LOGIN -# (to improve security, don't use "root" here) -# PASSWORD: the password for the NW_LOGIN. It must be clear-text but -# will be encrypted and permanent stored in the -# bindery-files, so it can be deleted after the first start -# of "nwserv". +# The nw-user defined in this section will have the mars_nwe internal UID +# "1" (remember even under Linux "root" must have the special UID "0"), so +# it is not possible to define a supervisor in section 13 (the users +# defined there will get random UIDs). +# You _can_ define a user with name "SUPERVISOR" in section 13, but he +# won't really be the "local god" on the "mars_nwe"-server. +# And of course you _can_ define a supervisor with name "GOD" or "ROOT" +# in _this_ section, which would only break the traditional naming-scheme +# of the netware-world. +# +# +# ------------------------------------------------------------------------- +# Syntax: +# 12 NW_LOGIN LINUX_LOGIN [PASSWORD] +# +# NW_LOGIN: the login-name for the "mars_nwe"-server (traditionally, +# this is "SUPERVISOR") +# LINUX_LOGIN: the account on the Linux-side associated with the NW_LOGIN +# PASSWORD: the password for the NW_LOGIN. It must be clear-text but +# will be encrypted and permanent stored in the +# bindery-files, so it (the password or the whole section, at +# your option) can be deleted after the first start of + "nwserv". +# +# Make sure this file is not world-readable as long +# as the password stands here. +# +# If you leave this field blank when starting "mars_nwe" the +# first time, the supervisor-login will be completely +# disabled. In other words: there is no way to supply the +# supervisor with no password ("null-password"). +# ------------------------------------------------------------------------- # # Example: -12 SUPERVISOR root top-secret +# 12 SUPERVISOR nw-adm top-secret + +12 SUPERVISOR root +# ========================================================================= # Section 13: user-logins (optional) # -# See section 12 for the syntax. +# You can provide mappings from the regular login-names of your Linux-Box +# to "mars_nwe"-logins here. +# Every "mars_nwe"-user _must_ have a login-name on the Linux side (even +# if he can't log in into the account associated with the login-name, +# because you locked it with a "*") in order to "own" files. +# If you specify a Linux-login that doesn't exist (one could think of a +# typo), the user will only have the minimal rights defined in +# sections 10/11. # -# Examples: -13 MAR mar mypw -13 ALF mar - # no password +# See section 12 for a description of the syntax. +# +# Unlike in section 12, you can define users with no password. +# +# Example: +# 13 MARTIN martin -# Section 15: read unix users automaticly from passwd into bindery +# Section 14: currently not used + +# ========================================================================= +# Section 15: automatic mapping of logins (decision required) # +# If you have a large number of accounts on your Linux-machine, you may +# want to map all Linux-logins automatically to "mars_nwe"-logins. +# +# At this stage this section is only a quick hack to make life a bit +# easier for the administrator. +# +# WARNING: as there is no algorithm to convert the encrypted +# "Linux-passwords" into the encrypted format used by the DOS-clients (and +# therefore "mars_nwe"), you have to supply a common password for all +# automatically mapped users. This is a big security concern and you +# should never make this common password public (and, of course you +# should choose a sufficient "secure" (read: difficult) password). +# Type the common password to grant access to the users login and the +# command "setpass" instead of telling the password to the user. +# +# Only those Linux-logins will handled automatically that don't have a +# "x" or "*" as their encrypted password. +# +# +# ------------------------------------------------------------------------- # Syntax: -# 15 FLAG DEFAULT_PASSWORD +# 15 FLAG DEFAULT_PASSWORD # # FLAG: -# 0 off -# 1 on -# 99 overwrite existing users. -# -# DEFAULT_PASSWORD: password for every new inserted user. +# 0 DON'T map the Linux-logins automatically to +# "mars_nwe"-logins (default) +# 1 YES, DO the automatic mapping and provide every login +# created this way with the common password given with +# "DEFAULT_PASSWORD" +# 99 re-read the logins from /etc/passwd and overwrite even the +# already existing logins from the bindery (this will also +# reset all the passwords to "DEFAULT_PASSWORD") # +# DEFAULT_PASSWORD: the common password for all automatically created +# logins (only needed if FLAG is not "0"); everything about +# password in section 12 applies to this. +# ------------------------------------------------------------------------- + 15 0 top-secret -# -# !!! IMPORTANT !!! -# If you enable this feature you should chose a secure -# password for the users, because all not existent -# mars_nwe users will be inserted into bindery with this password. + +# ========================================================================= # Section 16: Tests on startup # -16 1 # enable some bindery and sys dir tests/creats after starting. -# default = 1 +# If you want some sanity checks at startup, set this flag to 1. +# "mars_nwe" will try to create missing directories (with the "right" +# permissions, of course) if you enable this. +# + +16 1 +# Section 17-20: currently not used + + +# ========================================================================= # Section 21: print queues (optional) # -# Make the printers connected to your Linux-box accessible from the -# DOS-clients. +# Which of the printers connected to your Linux-box should be accessible +# from the DOS-clients? # Multiple entries are allowed. # +# ------------------------------------------------------------------------- # Syntax: -# 21 QUEUE_NAME QUEUE_DIR PRINT_COMMAND +# 21 QUEUE_NAME QUEUE_DIR PRINT_COMMAND # -# QUEUE_NAME: the name of the print queue -# QUEUE_DIR: spooling directory for the print-jobs; this directory must -# exist before printing +# QUEUE_NAME: the name of the print queue on client-side (to make it +# perfectly clear: _not_ the Linux-queue) +# QUEUE_DIR: spooling directory for the print-jobs; this directory must +# exist before printing (_not_ the spooling-directories of +# the Linux-lpd) # PRINT_COMMAND: command used for serving the print-jobs under Linux -# (see "man lpr" and "man magicfilter" for details) +# (see "man lpr" and "man magicfilter" for details) # # Examples: -# 21 LASER SYS:/PRINT/L lpr -Plaser -# 21 OCTOPUSS SYS:/PRINT/O lpr -Php_deskjet +# 21 LASER SYS:/PRINT/L lpr -Plaser +# 21 OCTOPUSS SYS:/PRINT/O lpr -Php_deskjet +# ------------------------------------------------------------------------- + # -------------------------------------------------------- # You usally don't want to change anything below this line # -------------------------------------------------------- + # Sections 100-106: amount of debug-information # # FLAG: -# 0 no debug messages -# 1 errors and notes are reported -# .. -# 99 maximum debug level -100 0 # debug IPX KERNEL (0 | 1) -101 1 # debug NWSERV -102 0 # debug NCPSERV -103 0 # debug NWCONN -104 0 # debug (start) NWCLIENT -105 0 # debug NWBIND -106 1 # debug NWROUTED +# 0 no debug messages +# 1 errors and notes are reported +# 99 maximum debug levels +100 0 # debug IPX KERNEL (0 | 1) +101 1 # debug NWSERV +102 0 # debug NCPSERV +103 0 # debug NWCONN +104 0 # debug (start) NWCLIENT +105 0 # debug NWBIND +106 1 # debug NWROUTED # Sections 200-202: logging of "nwserv" # -200 1 # 0 = no logfile and dont daemonize nwserv/nwrouted -# # 1 = daemonize nwserv/nwrouted and use logfile -201 /tmp/nw.log # filename of logfile -202 1 # 1=creat new logfile, 0=append to logfile +200 1 # 0 = no logfile and dont daemonize nwserv/nwrouted + # 1 = daemonize nwserv/nwrouted and use logfile +201 /tmp/nw.log # filename of logfile +202 1 # 1=creat new logfile, 0=append to logfile # Sections 210,211: timing -# -210 10 # 1 .. 600 (default 10) seconds after server -# # really goes down after a down command -211 60 # 10 .. 600 (default 60) broadcasts every x seconds + +210 10 # 1 .. 600 (default 10) seconds after server + # really goes down after a down command +211 60 # 10 .. 600 (default 60) broadcasts every x seconds # Sections 300-302: loging of routing-information -# -300 1 # > 0 print routing info to file every x broadcasts. -# # ( normally minutes ) -301 /tmp/nw.routes # filename of logfile -302 1 # 1 = creat new routing info file -# # 0 = append to this file + +300 1 # > 0 print routing info to file every x broadcasts. + # ( normally minutes ) +301 /tmp/nw.routes # filename of logfile +302 1 # 1 = creat new routing info file + # 0 = append to this file # Section 310: watchdogs -# -310 7 # send wdog's only to device net < x ticks. -# 0 = allways send wdogs. < 0 = never send wdogs -# + +310 7 # send wdog's only to device net < x ticks. + # 0 = allways send wdogs. < 0 = never send wdogs + # Section 400: # station file for special handling of stations. -# + 400 /etc/nwserv.stations # for syntax see file in the examples directory. # Section 401: nearest server # # for special handling of the 'get nearest server request'. -401 0 # 0 = ignore entry 400, get nearest response ever enabled. -# 1 = 400 are excludes, get nearest response normally enabled. -# 2 = 400 are includes, get nearest response normally disabled. +401 0 # 0 = ignore entry 400, get nearest response ever enabled. + # 1 = 400 are excludes, get nearest response normally enabled. + # 2 = 400 are includes, get nearest response normally disabled. + diff --git a/examples/nw.ini.old b/examples/nw.ini.old new file mode 100644 index 0000000..e7b7168 --- /dev/null +++ b/examples/nw.ini.old @@ -0,0 +1,357 @@ +# +# This is the configuration-file for "mars_nwe", the free netware-emulator +# for Linux. +# +# last change: 13-May-96 +# +# Syntax of this config-file: +# - everything after the "#" is ignored, so it is used to +# make comment-lines +# - entries _must_ begin with a number, indicating the section +# they belong to +# - hexadecimal values are prepended with "0x" +# +# All examples are verbatim. + + +# Section 1: volumes (required) +# +# In this section you list all directories accessible via "mars_nwe". +# To be more specific: a mapping from Linux-directories to mars_nwe-volumes +# is done. (Volumes are the beasts you can map to drive letters under DOS +# using "map.exe"). +# +# Linux-directory mars_nwe-volume map.exe DOS-Drive +# /var/local/nwe/SYS -------> SYS -------------> W: +# +# More than one entry is possible in this section. +# The maximum number of volumes is a compile-time option that must be +# specified in `config.h' before compiling mars_nwe. +# +# Please note that at least the volume "SYS" must be defined and it must +# contain the following sub-directories: LOGIN, PUBLIC, SYSTEM, MAIL. +# See the installation-instructions in the doc-directory for more infos. +# +# Syntax: +# 1 VOLUMENAME DIRECTORY OPTIONS +# +# VOLUMENAME: the name of the mars_nwe-volume (max. 8 characters) +# DIRECTORY: the directory on your Linux-system associated with that +# volume; use the special name "~" to refer to the users +# individual home-directory +# +# OPTIONS: none or some of the following characters (without a seperator) +# k allow lowercase-filenames (if you don't set this, all +# files _must_ be upper-case) +# m removable volume (e.g. cd-roms) +# o volume has only one filesystem/device/namespace +# this is for filesystems with high inode > 0xFFFFFFF. +# because for namespace services mars_nwe normally use the +# first 4 bit of 32 bit inode to distinguish +# between several devices/namespaces for one volume. +# p "PIPE"-filesystem. All files are pipe commands. +# See `doc/PIPE-FS'. +# r readonly volume. Free disk space will also return 0. +# +# examples: +1 SYS /u3/SYS/ # SYS upper-case filenames +1 CDROM /cdrom km # lowercase filenames, removable +1 HOME ~ k # users HOME directory, lowercase + + +# Section 2: servername (optional) +# +# The servername is the name under which this server will show up when +# using tools like "slist" (server-list). +# +# If you don't supply an entry for this section, the hostname of your +# Linux-machine will be converted to all-uppercase and used as the servername. +# +# Syntax: +# 2 SERVERNAME +# +# SERVERNAME: a name for this nw-server +# +# Example: +# 2 MARS + + +# Section 3: Number of the internal network +# If you have mars_nwe V > 0.96pl5 and a kernel >= 1.3.60 +# or the small ipx-kpatch from the examples dir you should use +# internal net and routing. +# +# NOTE: the internal net number must be _unique_ in your IPX-environment! +# +# Syntax: +# 3 INTERNAL_NET [NODE] +# +# INTERNAL_NET: AUTO or 0 for using the ip number as INTERNAL_NET +# +# NODE: 1 (optional) +# +# Examples: +# 3 0xABCDEF99 # use a unique number +3 AUTO # use ip number as INTERNAL_NET + + +# Section 4: IPX-devices (optional) +# +# NOTE for people with other IPX/NCP servers on the net: +# Your network numbers, frames must be the same as at your +# other servers on the same net. +# +# Syntax: +# 4 NET_NUMBER DEVICE FRAME TICKS +# +# NET_NUMBER: +# DEVICE: the network-interface associated with the NET_NUMBER +# FRAME: +# ethernet_ii +# 802.2 +# 802.3 (default) +# snap +# token +# auto +# TICKS: ethernet: 1, isdn: 7 +# +# Examples: +4 0x10 eth0 802.3 1 +# Automatic setup: +4 0x0 * AUTO 1 +# +# NOTE: autosetup only works if there are other IXP/NCP servers on +# the same net which are setup correctly, that means: tells us the required +# information about netnumber and frame. + + +# Section 5: Saving of ipx-routes (optional) +# +# This entry controls if the information regarding the ipx-routes should be +# saved beyond the livetime of the server. +# You can achieve a small speedup when starting mars_nwe by using this entry. +# +# Syntax: +# 5 SAVE_FLAG +# +# SAVE_FLAG: +# 0 don't save routes (default) +# 1 do save routes +# Example: +5 0 + + +# Section 6: version-spoofing +# +# Some clients work better if the server tells that it is a 3.11 Server, +# although many calls (namespace services) of a real 3.11 Server are +# missing yet. +# To test the namespace calls, this entry must be set to > 0 and `config.h' +# must be altered before compiling "mars_nwe". +# +# Syntax: +# 6 SERVER_VERSION +# +# SERVER_VERSION: +# 0 Version 2.15 +# 1 Version 3.11 +# 2 Version 3.12 (not implemented yet) +6 0 + + +# Section 7: password handling (required) +# When changing your "mars_nwe"-password from a DOS-client, this client +# (think of "LOGIN.EXE", "SYSCON.EXE" or "SETPASS.EXE") can encrypt your +# password before sending it to the "mars_nwe"-server (this improves +# security a little bit). +# In this section you can enforce encryption of user-passwords or allow +# not-encrypted sending of passwords over the net. +# On the Linux-side, passwords will only be stored in encrypted format. +# +# Syntax: +# 7 FLAG +# +# FLAG: +# 0 use only encrypted passwords stuff. +# the encrypted change password call is not +# implemented till now, so if you choose this option +# you will not be able to change passwords from +# client size. +# 1 allow the unencrypted change password routine (default). +# You can use mars_dosutils or an old 2.15 setpass program. +# +# 7 allow all unencrypted stuff, no empty nwe passwords. +# 8 allow all unencrypted stuff, allow empty nwe passwords. +# 9 use all unencryted calls + get crypt key will allways fail +# so the login program will use the old unencryted calls. +# this will *not* work with all clients !! (OS2/client) +7 1 + + +# Section 10 + 11 : UID and GID with minimal rights +# +# When loading the netware-drivers in the "autoexec.bat" of your +# DOS-client, you automatically "attach" to a netware-server. +# As a result, a new drive-letter is accessible under DOS, usally +# containing the programs "login.exe" and "slist.exe". +# Because you haven't logged in, nothing else of the netware-server +# will be visible to you. All actions requested from the DOS-client +# will be done with the following UID and GID on the Linux-side in this +# case. +# To achieve some level of security, the user/group asscociated with +# the UID and GID should only have _read_ rights on the files visible, +# _nothing_ else. +# +# On most Linux-systems, there is a user and group "nobody" defined in +# `/etc/passwd' and `/etc/group'. Use the number of that user/group +# for the following entries. +# +# Syntax: +# 10 GID +# 11 UID +# Example: +# 10 65534 +# 11 65534 +# +# GID numeric number of the group +# UID numeric number of the user +10 65534 +11 65534 + + +# Section 12: supervisor-login (required) +# +# The "supervisor" of a nw-server is much like "root" on the Linux-side. +# +# Syntax: +# 12 NW_LOGIN LINUX_LOGIN [PASSWORD] +# +# NW_LOGIN: the login-name for the "mars_nwe"-server (traditionally, +# this is "SUPERVISOR") +# LINUX_LOGIN: the account on the Linux-side associated with the NW_LOGIN +# (to improve security, don't use "root" here) +# PASSWORD: the password for the NW_LOGIN. It must be clear-text but +# will be encrypted and permanent stored in the +# bindery-files, so it can be deleted after the first start +# of "nwserv". +# +# Example: +12 SUPERVISOR root top-secret + + +# Section 13: user-logins (optional) +# +# See section 12 for the syntax. +# +# Examples: +13 MAR mar mypw +13 ALF mar - # no password + + +# Section 15: read unix users automaticly from passwd into bindery +# +# Syntax: +# 15 FLAG DEFAULT_PASSWORD +# +# FLAG: +# 0 off +# 1 on +# 99 overwrite existing users. +# +# DEFAULT_PASSWORD: password for every new inserted user. +# +15 0 top-secret +# +# !!! IMPORTANT !!! +# If you enable this feature you should chose a secure +# password for the users, because all not existent +# mars_nwe users will be inserted into bindery with this password. + + +# Section 16: Tests on startup +# +16 1 # enable some bindery and sys dir tests/creats after starting. +# default = 1 + + +# Section 21: print queues (optional) +# +# Make the printers connected to your Linux-box accessible from the +# DOS-clients. +# Multiple entries are allowed. +# +# Syntax: +# 21 QUEUE_NAME QUEUE_DIR PRINT_COMMAND +# +# QUEUE_NAME: the name of the print queue +# QUEUE_DIR: spooling directory for the print-jobs; this directory must +# exist before printing +# PRINT_COMMAND: command used for serving the print-jobs under Linux +# (see "man lpr" and "man magicfilter" for details) +# +# Examples: +# 21 LASER SYS:/PRINT/L lpr -Plaser +# 21 OCTOPUSS SYS:/PRINT/O lpr -Php_deskjet + + +# -------------------------------------------------------- +# You usally don't want to change anything below this line +# -------------------------------------------------------- + +# Sections 100-106: amount of debug-information +# +# FLAG: +# 0 no debug messages +# 1 errors and notes are reported +# .. +# 99 maximum debug level +100 0 # debug IPX KERNEL (0 | 1) +101 1 # debug NWSERV +102 0 # debug NCPSERV +103 0 # debug NWCONN +104 0 # debug (start) NWCLIENT +105 0 # debug NWBIND +106 1 # debug NWROUTED + + +# Sections 200-202: logging of "nwserv" +# +200 1 # 0 = no logfile and dont daemonize nwserv/nwrouted +# # 1 = daemonize nwserv/nwrouted and use logfile +201 /tmp/nw.log # filename of logfile +202 1 # 1=creat new logfile, 0=append to logfile + + +# Sections 210,211: timing +# +210 10 # 1 .. 600 (default 10) seconds after server +# # really goes down after a down command +211 60 # 10 .. 600 (default 60) broadcasts every x seconds + + +# Sections 300-302: loging of routing-information +# +300 1 # > 0 print routing info to file every x broadcasts. +# # ( normally minutes ) +301 /tmp/nw.routes # filename of logfile +302 1 # 1 = creat new routing info file +# # 0 = append to this file + + +# Section 310: watchdogs +# +310 7 # send wdog's only to device net < x ticks. +# 0 = allways send wdogs. < 0 = never send wdogs +# +# Section 400: +# station file for special handling of stations. +# +400 /etc/nwserv.stations # for syntax see file in the examples directory. + + +# Section 401: nearest server +# +# for special handling of the 'get nearest server request'. +401 0 # 0 = ignore entry 400, get nearest response ever enabled. +# 1 = 400 are excludes, get nearest response normally enabled. +# 2 = 400 are includes, get nearest response normally disabled. diff --git a/makefile.unx b/makefile.unx index 19f512d..2b98eae 100644 --- a/makefile.unx +++ b/makefile.unx @@ -1,5 +1,5 @@ #if 0 -#makefile.unx 22-Mar-96 +#makefile.unx 16-May-96 #endif VPATH=$(V_VPATH) @@ -9,7 +9,7 @@ C=.c V_H=0 V_L=97 -P_L=4 +P_L=5 #define D_P_L 1 DISTRIB=mars_nwe diff --git a/nwroute.c b/nwroute.c index 91c8b89..b67f0f4 100644 --- a/nwroute.c +++ b/nwroute.c @@ -460,9 +460,11 @@ void send_server_response(int respond_typ, int ticks=99; int hops=15; int entry = -1; + int to_internal = (!no_internal) && (GET_BE32(to_addr->net) == internal_net) && (GET_BE16(to_addr->sock) != SOCK_SAP); + while (++j < anz_servers) { NW_SERVERS *nw=nw_servers[j]; if (nw->typ == styp && nw->name && *(nw->name)) { @@ -480,7 +482,9 @@ void send_server_response(int respond_typ, } } } +#if 0 /* removed: 16-May-96 */ if (!to_internal) +#endif send_sap_to_addr(entry, hops+1, ticks, respond_typ, to_addr); } diff --git a/tools.c b/tools.c index 9491f15..06471df 100644 --- a/tools.c +++ b/tools.c @@ -164,14 +164,22 @@ int get_ini_entry(FILE *f, int entry, uint8 *str, int strsize) int do_open = ((FILE*) NULL == f); if (do_open) f = open_nw_ini(); if ((FILE*) NULL != f) { - while (fgets((char*)buff, sizeof(buff), f) != NULL){ - int len = strlen(buff); - char *ppi = NULL; - char *ppe = NULL; - int se = 0; - int j = -1; + while (fgets(buff, sizeof(buff), f) != NULL){ + int len = strlen(buff); + char *ppi = NULL; + char *ppe = NULL; + char *p_buff = buff; + int se = 0; + int j = -1; + char *pp; + + while (len && (*p_buff == '\t' || *p_buff == 32)) { + --len; + p_buff++; + } + pp = p_buff; + while (++j < len){ - char *pp=(buff+j); if (*pp == '#' || *pp == '\r' || *pp == '\n') { *pp = '\0'; len = j; @@ -182,11 +190,13 @@ int get_ini_entry(FILE *f, int entry, uint8 *str, int strsize) if ((!ppi) && se) ppi = pp; ppe=pp; } + pp++; } + if (len > se+1 && se > 0 && se < 4 && ppi){ char sx[10]; int fentry; - strmaxcpy((uint8*)sx, (uint8*)buff, se); + strmaxcpy((uint8*)sx, (uint8*)p_buff, se); fentry = atoi(sx); if (fentry > 0 && ((!entry) || entry == fentry)) { if (ppe) *(ppe+1) = '\0';