Wire NCP 0x16/0x17 Extract a Base Handle and NCP 0x16/0x18 Restore an
Extracted Base Handle to connection-local directory-handle state.
The WebSDK documents NCP 0x2222/22/23 as taking a DirectoryHandle and
returning a 14-byte save buffer composed of a 10-byte ServerNetworkAddress
plus a 4-byte HandleID. The same documentation describes NCP 0x2222/22/24 as
taking that saved ServerNetworkAddress/HandleID pair and returning a
NewDirectoryHandle plus AccessRightsMask.
The SDK headers expose these calls as NWSaveDirectoryHandle() and
NWRestoreDirectoryHandle(), with the save buffer explicitly documented as 14
bytes. The Rust nwserver and lwared references do not implement this older
save/restore pair, and newer clients typically use the normal allocate/set
directory-handle calls instead, so keep the MARS-NWE HandleID opaque and
connection-local rather than guessing a global NetWare directory-base number.
Store extracted base-handle IDs in a small per-connection table that records
the saved volume/path tuple. Extract requires a live permanent directory
handle, and Restore validates the saved server address against this server
before allocating a new permanent directory handle for the saved path.
Add the SDK request/reply semantics to the inline endpoint comments and remove
the corresponding TODO entry.
This enables the documented endpoint path while keeping the saved HandleID
conservative and private to MARS-NWE.
Update TODO.md after the recently enabled synchronization and extended volume
information endpoints.
The file/logical-record/physical-record synchronization entries no longer need
to list NCP 0x04, 0x0c, and 0x1f as disabled or dummy endpoints. Keep the
remaining work focused on requester/NWTESTS coverage plus timeout and
error-code verification for set-oriented locking calls.
Also track follow-up work for fields that are currently returned as zero by
Get Extended Volume Information because MARS-NWE does not yet model them. The
endpoint now returns the documented NWVolExtendedInfo reply, but NetWare-
specific counters such as suballocation, deleted-file/limbo, compression,
migration, EA, Directory Services, and timestamp fields should only be filled
once reliable backing filesystem or MARS-NWE metadata is available.
This is documentation-only and does not change NCP behavior.
Wire NCP 0x16/0x33 Get Extended Volume Information to a real reply instead of
returning 0xfb.
The WebSDK documents NCP 0x2222/22/51 as taking a VolumeNumber and returning a
low-high VolInfoReplyLen, an NWVolExtendedInfo structure, and a
length-prefixed volume name. The SDK headers define NWVolExtendedInfo as 33
32-bit fields covering volume type, status flags, sector and cluster geometry,
free-space counters, suballocation/limbo/compression/migration counters,
directory counters, EA counters, a Directory Services object id, and a
last-modified timestamp.
Map the Unix filesystem data already used by the older volume-information
calls to the core extended-volume fields: report a NetWare 386 v3.1 style
volume type, 512-byte sectors, 8 sectors per cluster, total/free clusters, and
directory-entry counters derived from fs_usage. Report NetWare-specific
suballocation, limbo, compression, migration, EA, Directory Services, and
timestamp fields as zero for now.
Add the SDK request/reply semantics to the inline endpoint comment and remove
the corresponding TODO entry.
This enables the documented endpoint path while keeping the mapping
conservative; fields MARS-NWE cannot currently model remain zero rather than
guessed.
Wire the physical-record set endpoints to the shared synchronization-set
handler.
The Novell SDK documents NCP 0x2222/27 Lock Physical Record Set (old) and NCP
0x2222/110 Lock Physical Record Set as locking all byte ranges logged by the
calling client. The request carries a one-byte Lock Flag plus a 2-byte Lock
Timeout in 1/18 second units. Bit 1 of the Lock Flag selects shareable/read-only
locking; otherwise the set is locked exclusive/read-write.
The SDK documents NCP 0x2222/29 Release Physical Record Set as releasing all
locked byte ranges while leaving them in the client data byte range table, and
NCP 0x2222/31 Clear Physical Record Set as releasing all locked ranges and
clearing that table. The set calls return no reply data and report success,
timeout, or lock errors through the completion code.
Maintain the physical-record set table from the individual Log/Release/Clear
Physical Record path: successful 0x1a calls add the range, 0x1c leaves it
logged, and 0x1e removes the matching range after a successful unlock. Then
route 0x1b/0x6e, 0x1d, and 0x1f through share_handle_lock_sets() with type 4.
Remove the old Clear Physical Record Set dummy and the corresponding TODO
entry.
This enables the documented endpoint paths; timeout handling remains limited to
the existing underlying share implementation.
Add physical-record entries to the shared synchronization set table.
The Novell SDK documents the physical-record set calls as operating on the
caller's logged data byte range table: Log Physical Record adds byte ranges,
Lock Physical Record Set locks all logged ranges, Release Physical Record Set
unlocks them while keeping them logged, and Clear Physical Record Set unlocks
and removes them.
MARS-NWE already used the shared set handler for file and logical-record sets.
Extend the same table with type 4 entries for physical records, storing the
NetWare file handle, start offset, record length, timeout, lock directive, and
current locked state.
Add a type 4 handler that reuses nw_log_physical_record() for set lock and
release operations, and export share_set_physrec_add_rm() so nwconn can
maintain the set table when individual physical-record calls log or clear
ranges.
This prepares the documented Physical Record Set endpoints to use the existing
byte-range lock implementation.
Wire NCP 0x1c Release Physical Record to the existing physical-record unlock
path.
The Novell SDK documents NCP 0x2222/28 as releasing one byte range held by the
calling client without removing it from the client data byte range table. The
byte range remains logged and may be relocked by a later Lock Physical Record
Set call. The request carries a reserved byte, a 6-byte NetWare file handle, a
start offset, and a record length; the reply carries no data and reports
Unlock Error through the completion code.
The neighboring handler already supported NCP 0x1a Log Physical Record and NCP
0x1e Clear Physical Record. Reuse the same request layout and distinguish
release from clear by passing lock_flag -1 for release/unlock only and
lock_flag -2 for clear/unlock plus unlog.
Add the SDK request/reply semantics to the inline endpoint comment and make
the previously missing 0x1c endpoint reachable.
This only enables the documented endpoint path; the underlying physical-record
locking implementation is unchanged.
Keep synchronization set entries linked while handling Lock, Release, and Clear
Set operations.
The Novell SDK documents the set-oriented synchronization calls as operating on
the caller task table: Log File and Log Logical Record add entries, Lock Set
locks the logged entries, Release Set unlocks them while keeping them logged
for future Lock Set calls, and Clear Set unlocks and removes them.
share_handle_lock_sets() already encoded that semantic split with lock_flag -1
for release and -2 for clear, but its iterator unlinked each entry before
checking whether it should be removed. That meant even Lock Set and Release Set
walked the table destructively, and non-matching set types could be lost while
operating on another set family.
Only unlink entries when processing a matching Clear Set operation. Leave
entries in place for Lock Set and Release Set, and advance the list normally
for non-matching entries.
This fixes the shared set iterator used by the documented File Set and Logical
Record Set endpoints; it does not change the low-level locking primitives.
Wire NCP 0x04 Lock File Set and NCP 0x6a Lock File Set to the existing
file-set lock path.
The Novell SDK documents NCP 0x2222/04 as the old Lock File Set call and NCP
0x2222/106 as its replacement. Both calls lock all files logged by the calling
client's current task. The request carries a 2-byte Lock Timeout in 1/18
second units, the reply carries no data, and completion reports success,
timeout, or lock error.
MARS-NWE already records file-set members through Log File and already routes
Release File Set and Clear File Set through share_handle_lock_sets(). Use the
same set handler for Lock File Set with lock_flag 0 so the handler locks the
logged entries using each entry's recorded lock directive, defaulting to
exclusive when no directive was logged.
Enable the previously disabled old endpoint, add support for the SDK
replacement endpoint, add the SDK request/reply semantics to the inline
endpoint comment, and remove the corresponding TODO entry.
This enables the documented endpoint path; timeout handling remains limited to
the existing underlying share implementation.
Store the set-entry type when files and logical records are added to a
connection's synchronization set.
The Novell SDK documents the set-oriented synchronization calls as operating
on the caller's current task file/logical-record set: Log File and Log Logical
Record add entries, while Lock/Release/Clear Set calls later operate on those
logged entries.
MARS-NWE already had type-specific handling in share_handle_lock_sets(), using
type 1 for file sets and type 2 for logical-record sets, but newly allocated
SHARESET entries were left with the zero-filled default type. That meant the
type filter could not reliably match entries for set operations.
Assign type 1 in share_set_file_add_rm() and type 2 in
share_set_logrec_add_rm() so the existing set handlers can find the entries
they are supposed to lock, release, or clear.
This prepares the documented Lock File Set endpoint to use the existing set
path and also fixes the already-wired release/clear set handlers.
Wire NCP 0x0c Release Logical Record to the existing logical-record release
path.
The Novell SDK documents NCP 0x2222/12 as releasing one synchronization string
held by the calling client without removing it from the client's
synchronization string table. The string remains logged and may be relocked by
a later Lock Logical Record Set call.
The handler already distinguished this from NCP 0x0b Clear Logical Record:
0x0b uses lock_flag -2 to unlock and unlog the record, while 0x0c uses
lock_flag -1 to unlock only.
Enable the previously disabled case label, add the SDK request/reply semantics
to the inline endpoint comment, and remove the corresponding TODO entry.
This only enables the documented endpoint path; the underlying locking
implementation is unchanged.
Use the bounded printable formatter for two remaining debug paths that can
log protocol-derived byte fields directly.
The SAP route suppression log can print SAP-derived server names, including
non-printable bytes advertised by newer NetWare service types. The namespace
search diagnostic can also contain DOS wildcard bytes such as 0xff padding.
Format both fields through visable_data() so diagnostics stay readable and do
not emit raw control or high-bit bytes.
This is logging-only and does not change SAP, routing, or namespace behavior.
Bindery object names are fixed-size NetWare protocol fields and may contain
non-printable bytes when they originate from SAP service advertisements.
Use the existing bounded printable formatter for bindery object names in debug
output so nwbind logs do not emit raw high-bit/control bytes for SAP-derived
objects. This keeps diagnostics readable after SAP name logging was made
bounded in nwserv.
This is logging-only and does not change bindery or SAP/RIP behavior.
SAP service names are fixed-size 48-byte fields and are not guaranteed to be
safe C strings in diagnostics. Some NetWare 6.5 SAP service types advertise
non-printable or high-bit bytes in the name field, which made the debug log
hard to read and could run past the intended protocol field if logged with a
plain %s.
Add bounded formatting for SAP names used in debug output. Stop at NUL within
the fixed field, keep printable ASCII unchanged, and escape other bytes as
\\xNN.
This is logging-only and does not change SAP/RIP protocol behavior.
Add SDK/protocol context comments for the remaining known nwconn.c endpoint
stubs and partial implementations.
Document the intended behavior and follow-up work for Lock File Set, Release
Logical Record, Restore Directory Handle, Get Extended Volume Information, and
Clear Physical Record Set. Also add matching TODO.md entries so these
compatibility gaps are tracked outside inline source comments.
This is documentation-only and does not change NCP behavior.
Packet Burst is no longer merely optional follow-up work for DOS tool
compatibility.
A diagnostics-enabled DOS client run verified real Packet Burst negotiation
and READ/WRITE data-path usage, and ENABLE_BURSTMODE now defaults to ON at
build time while runtime use remains controlled by nwserv.conf.
Keep Packet Burst/NDS fragmentation listed as deferred optional work.
Build Packet Burst support by default.
The feature is still controlled at runtime by the server configuration, so
enabling the CMake option does not force Packet Burst usage for deployments
that have not enabled it in nwserv.conf.
A diagnostics-enabled DOS client test confirmed real Packet Burst negotiation
and READ/WRITE data-path usage, so the optional code path is now suitable to
ship in normal builds.
Packet Burst/NDS fragmentation support remains deferred.
Add explicit debug logging around the existing Packet Burst code paths.
Log burst buffer negotiation, connection setup, incoming burst data packets,
read/write burst requests and replies, response packets, and missing-list
requests. This makes it possible to distinguish normal NCP file transfers from
actual Packet Burst data-path usage when ENABLE_BURSTMODE is enabled.
No protocol behavior change.
Expose the existing experimental Packet Burst code through a CMake option.
Generate ENABLE_BURSTMODE in config.h from -DENABLE_BURSTMODE instead of
keeping it hard-coded to 0, and print the selected state during configuration.
Also fix the existing nwconn burst dispatch conditional so the source compiles
when ENABLE_BURSTMODE is enabled.
This only makes the existing Packet Burst code build-selectable; it does not
change the default behavior, which remains disabled.
Add a top-level TODO.md for follow-up work that should not remain as scattered
inline source comments.
Document the current Check Console Privileges limitation, where console rights
are mapped to supervisor equivalence for now, and track the need for a real
console privilege map. Also record follow-ups for queue spool path case
handling, direct NCP 17/4c test coverage, Q_UNIX_PRINT backend improvements,
and deferred optional protocol work.
Reference TODO.md from the main README.
Replace the old Check Console Privileges TODO with the documented NCP 23/200
behavior.
The call has no reply data and reports authorization solely through the
completion code. Return success for supervisor-equivalent connections and
0xc6 for callers without console operator privileges instead of accepting all
callers.
MARS-NWE does not currently maintain a separate console-operator list, so map
console privileges to the existing supervisor-equivalence flag computed at
login time.
No queue or file service behavior change.
Replace the old "Get connection ??" TODO for NCP function 0x13 with the
documented old Get Station Number semantics.
This simple legacy call returns the current station/connection number as a
single byte and is used by old DOS requesters before the richer NCP 23
connection services. Keep the existing one-byte reply for normal connections,
but reject invalid or unrepresentable connection numbers instead of silently
truncating them.
No queue or file service behavior change.
Implement the Queue Change Job Entry endpoint for both the old NCP 17/6d
and newer NCP 17/7b variants.
Parse the queue job structure, look up the selected job by its job number,
and update the mutable job metadata fields while preserving server-managed
state such as client identity, entry time, job number, queue position, file
name/handle and servicing information.
Allow the job creator to update the standard user-changeable fields and allow
SUPERVISOR or Q_OPERATORS members to update the operator hold flag as well.
Return the documented queue/job/right/servicing completion codes for missing
queues, missing jobs, insufficient rights and jobs already being serviced.
This only updates NetWare queue metadata. It does not change the existing
Q_UNIX_PRINT/lp backend behavior and adds no CUPS dependency.
Implement the Bindery "List Relations of an Object" endpoint.
Parse the NCP 17 subfunction 0x4c request, look up the requested bindery
object and set property, and return up to 32 related object IDs from the set
property value segments. Support the Novell last-seen cursor convention where
0xffffffff starts a new scan and subsequent calls continue after the last
returned object ID.
Add a small nwdbm helper for listing set-property members while preserving the
existing bindery property read-right checks. Reject wildcard object names with
the documented illegal-wildcard completion code.
Stop logging the build_base NW_HPATH component buffer as a raw C string.
The path buffer is length-prefixed and not NUL-terminated. Printing it with %s
can over-read into following packet or process memory and pollute unrelated
client/test output, for example ZIP output appearing inside MAPDEBUG lines.
Use the safe NW_HPATH component formatter for the build_base ENTER log line as
well as individual component debug output.
No protocol behavior change.
Stop logging NW_HPATH path component buffers with %s in MAPDEBUG output.
The namespace path buffer is not a NUL-terminated C string. It contains a list
of length-prefixed components, so printing it directly can over-read into
following packet or process memory and pollute unrelated client/test output.
Add small debug formatters for complete NW_HPATH component lists and individual
components, and use them in build_base/add_hpath_to_nwpath debug messages.
No protocol behavior change.
Add the missing NCP 21 message service endpoints for disabling/enabling
broadcast reception and for the newer send/get broadcast message calls.
Track a per-connection broadcast_disabled flag and use a shared helper for
storing pending broadcast messages and notifying the target nwconn process.
The old NCP 21/00 send path now uses the same helper as the newer NCP 21/10
path.
Also improve UNKNOWN FUNCTION logging in nwconn.c by including the NCP type,
function and, where available, subfunction. This makes future missing-endpoint
logs easier to map back to SDK/NCP documentation.
Based on the existing MARS-NWE message handling, the old lwared broadcast
implementation, and the Novell WebSDK message service layouts.
Novell NCOPY can allocate temporary directory handles while checking
effective directory rights before copying. On long-running test runs the
temporary directory handle table may already contain stale entries, causing
Allocate Temporary Directory Handle to fail with -0x9d / "no directory
handles". NCOPY then falls back to relative GetEffectiveRights requests that
fail and reports:
NWGetEffectiveDirectoryRights returned an error.
Restore recycling of stale temporary directory handles in xinsert_new_dir().
Free slots are still preferred. If none are available and the caller requests
a temporary handle, recycle the oldest temporary handle for the same task first,
then the oldest temporary handle globally. Permanent directory handles are not
recycled.
This matches the expected NetWare-style behaviour for temporary handles and
allows NCOPY-style allocate-temp-handle / get-effective-rights flows to keep
working after repeated tests.
Keep the server information fields semantically distinct after replacing
the legacy KOAN/14-Jun-03 strings.
The revision string now reports the Mars NWE release version, for
example:
Mars NWE 0.99.pl28
and the separate revision-date field is populated from a CMake-provided
build date in the traditional NetWare-style format, for example:
27-May-26
The build date can be overridden through CMake for reproducible builds;
otherwise it defaults to the current UTC build date.
Replace the old hard-coded server description date with a Mars NWE
version string built from the existing _VERS_H_, _VERS_L_ and _VERS_P_
build macros.
WHOAMI and similar clients display this value in the line:
Server <name> is running <description>.
Instead of reporting the legacy fixed value "14-Jun-03", the server now
reports a stable release-style description such as:
mars-nwe-0.99.pl28
Also advance the response buffer after writing the revision string so the
description field does not overwrite the previous field.
Add a shared MAINTAINER_BUILD CMake option for maintainer-only helpers
and diagnostics.
The option is disabled by default and is intended for development and
compatibility testing only. When enabled, it defines MAINTAINER_BUILD for
the build so server-side diagnostic code can be guarded behind the same
switch used by the DOS tools submodule.
This keeps extra NCP tracing and test-only support out of normal builds
while allowing both mars_nwe and dostools to use one common maintainer
mode.
Keep the Supervisor trustee bit when converting rights between the
internal v3 representation and the NCP22 wire format.
Mars calculated effective rights with the Supervisor bit set, for
example 0x01ff, but the NCP22 conversion collapsed the result to
0x00ff before returning it to DOS clients. As a result Novell RIGHTS
showed only:
[ RWCEMFA]
instead of the expected:
[SRWCEMFA]
Map the old Open right to bit 0x0004 and keep Supervisor on bit 0x0100
in both conversion directions so NCP22/3 and NCP22/42 preserve the full
effective rights mask.
Update the default net$log.dat template to map the standard search
drives with explicit DOS drive letters, matching the visible layout of
a Novell login more closely.
The default login script now maps:
F: -> SYS:SYSTEM
S1: -> Z:SYS:PUBLIC
S2: -> Y:SYS:
This makes MAP show the network search drives as Z: and Y: entries
instead of only adding SYS:PUBLIC and SYS: as unnamed search mappings.
Apply the ignore-case volume option when preparing the SYS:LOGIN
directory path during connection setup.
With SYS configured as `itO`, the installed tree may use lowercase
Unix directories such as `login/`, but the connection code still tried
to stat the hard-coded uppercase `LOGIN/` path. This caused new client
connections to abort with:
Stat error LOGIN Directory, Abort !!: No such file or directory
UnixPath=`.../SYS/LOGIN/`
Treat `VOL_OPTION_IGNCASE` like `VOL_OPTION_DOWNSHIFT` for this path so
the login directory is resolved as `login/` on ignore-case volumes.
Update the default net$log.dat template to use the same basic drive
layout as a standard Novell login script.
The default login now maps:
F: -> SYS:SYSTEM
S1: -> SYS:PUBLIC
S2: -> SYS:
This keeps the visible login result closer to Novell NetWare while
leaving the surrounding sample/login text intact.
Treat the `i` volume option like `k` when choosing the Unix-side
case for the automatically created SYS directories.
With a volume configured as `itO` (ignore case, trustees, OS/2 LFN),
the server currently recreates uppercase directories such as LOGIN,
PUBLIC, SYSTEM and MAIL on startup, even when the installed tree uses
lowercase login/public/system/mail. This leaves duplicate host
directories that appear as ambiguous entries from DOS clients.
Use lowercase Unix names for the auto-created SYS directories when
the volume is configured either as downshift (`k`) or ignore-case (`i`).
NCP22 uses bit 0x80 for Modify. MARS internally uses the same bit for
TRUSTEE_M, while Supervisor is represented internally as TRUSTEE_S at 0x100.
Only the Supervisor/Open bit needs translation.
The previous conversion mapped NCP22 0x80 incorrectly, causing GRANT M from
Novell tools to be stored without TRUSTEE_M internally. As a result, users with
directory Modify rights could not rename files even though NDIR/RIGHTS displayed
the rights as expected.
Align rename permission checks with NetWare trustee semantics. A same-directory
rename should be controlled by the Modify right instead of requiring a broader
R/W/M combination. For moves to another parent directory, require Create rights
on the destination parent.
Also invalidate the trustee rights cache after adding or deleting trustee
assignments so newly granted rights are visible immediately to subsequent
operations.
This fixes the MARIO trustee test where rename failed with R/W/M/F and even
R/W/C/E/M/F, while the same operation succeeded only with the broader all-rights
set.
Handle failures from seteuid(0) in su_quotactl() before calling
quotactl(). This fixes the warn_unused_result compiler warning and
returns an error to the quota caller if privilege elevation fails.
Keep the existing MARS debug logging switch separate from compiler
debug flags. ENABLE_DEBUG still controls the legacy DO_DEBUG/XDPRINTF
code paths, while the new ENABLE_DEBUG_BUILD option enables a real
debug build with -g3, -O0 and -fno-omit-frame-pointer.
When ENABLE_DEBUG_BUILD is set on single-config generators, CMake also
forces CMAKE_BUILD_TYPE=Debug so gdb/valgrind builds can be enabled
without manually passing compiler flags.
Add a FindQuota.cmake module that checks for the Linux quota headers and
symbols required by the MARS NWE quota backend. Prefer modern
<sys/quota.h> with quotactl(), and keep <linux/quota.h> as fallback for
older systems.
Enable quota support by default, but only compile it in when the required
headers and quota symbols are available. Also move the QTAINSYS define to
the detected sys/quota.h path so modern Linux builds use the correct
header automatically.
SYSCON reads volume/disk restrictions before opening the edit dialog.
For volumes that do not map to a quota-capable block device, such as
HOME on /home, the old code returned an error during the read path.
This made SYSCON abort with error -30312 before the user could even see
the restriction state.
Treat read requests on volumes without a quota backend as unrestricted:
return success with an unlimited quota and zero usage. Removing a
restriction on such a volume is also treated as a successful no-op.
Setting a non-zero restriction still fails, so admin tools do not report
a quota as enforced when no Linux quota backend exists.
