mars_nwe/mars-nwe
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases 2 Wiki Activity
Files
7c4fc690fa982cf92abbb9963f1c0bd53fa8dcd8
mars-nwe/AI.md
OpenAI bd859420b7
Some checks failed
Source release / source-package (push) Failing after 1m15s
Details
docs: add GPL and LGPL only license files
2026-06-12 23:36:48 +02:00

2765 lines
159 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# AI working notes for mars-nwe
## Current handoff status after NSS low-level imports 0404-0423
Current accepted MARS-NWE server line in this work session includes the NSS
low-level libnwcore imports through `0423`:
- `0404` imports NSS `bitmap.c` directly as `src/core/bitmap.c`.
- `0405` moves the imported bitmap/NSS base headers directly into
`include/core/`.
- `0406` removes trailing whitespace from the imported NSS headers.
- `0407` imports NSS `crc.c`/`crc.h`; Unicode folding still uses the local
ASCII-compatible fallback until `xUnicode`/`NSSUniToLower` is imported.
- `0408` imports NSS `que.h` directly as `include/core/que.h`.
- `0409` imports NSS `bit.h`, `hash.h`, and `hash.c` into libnwcore. The
supplied NSS archives expose `LB_CountBits`, `LB_findHighBit`,
`LB_findLowBit`, `LB_RotateLeft`, and `LB_RotateRight` in `libNSS.imp`, but
do not include a `bit.c`; MARS-NWE therefore provides `src/core/bit.c` as a
small compatibility implementation that preserves the original NSS public
API names so imported `hash.c` links cleanly.
- `0410` imports NSS `xUnicode.h`, `unitolower.c`, and `utf_tolower.c` directly
into libnwcore and removes the private `crc.c` lowercase fallback. The
exported `NSSUniToLower[]` table is now present in libnwcore with the same
ASCII-compatible initialization as the old fallback.
- `0411` extends the direct NSS Unicode helper import with `unitoupper.c`,
`unilwr.c`, `uniupr.c`, `uniicmp.c`, `uniicmpmac.c`, and `uninicmp.c` in
libnwcore; `unicodeInit.c` now exports both `NSSUniToLower[]` and
`NSSUniToUpper[]` with the same ASCII-compatible bootstrap.
- `0412` imports the NSS Unicode string helper block into libnwcore:
`componentUnicpy.c`, `componentUnilen.c`, `unicat.c`, `unicmp.c`, `unicpy.c`,
`unilen.c`, and `unimcpy.c`, with their matching sharedsrc implementation
headers kept local to `src/core/`. This keeps the original NSS `LB_*` API
names available before replacing older MARS Unicode/string helpers. The full
NSS Unicode converter/table startup from `public_core/library/unicode/unicodeInit.c`
is still a separate follow-up because it pulls in the NetWare/libc converter
runtime.
- `0413` switches the `NSSUniToLower[]`/`NSSUniToUpper[]` definitions from the
temporary ASCII-compatible `unicodeInit.c` bootstrap to generated BMP tables
from the external `third_party/unicodeTables` submodule. That submodule is
tracked on `master` in the project-owned `mars-unicode-tables` repository and
generates `TAB/unicodeTables.c` from Unicode Character Database 17.0.0, not
from Novell NSS `shared/sdk/unitables/*.tab` files. `unicodeInit.c` now keeps only the NSS
startup wrapper entry points; no MARS-private Unicode table is authoritative.
- `0414` imports NSS UTF-8 single-character decode helpers into libnwcore:
`utf8ToUniChar.c`, `utf8LenToUniChar.c`, plus the matching `unicodeInit.h`,
`xError.h`, and `zError.h` headers. No MARS callsites are switched yet; this
just makes the NSS UTF-8 conversion API available for later replacement work.
- `0415` imports the NSS whole-string UTF-8 conversion helpers into libnwcore:
`uni2utf.c` and `utf2uni.c`, derived from the GPL-2 NSS
`public_core/sharedsrc/uni2utf.c.h` and `utf2uni.c.h` implementation
sources. This keeps the original NSS `uni2utf()` / `utf2uni()` APIs
available without switching MARS callsites yet.
- `0416` imports NSS Unicode wildcard/raw override parser helpers into
libnwcore via `unicodeParse.c` and exposes `LB_GetNssUnicodeVersion()` from
`getNssUnicodeVersion.c`. `unicodeInit.c` now defines `NSSUnicodeFF` and
`NSSUnicodeMacFF` sentinels so the imported parser helpers link without the
full NSS codepage converter runtime. No new Unicode/codepage tables are
introduced; any future table data still belongs in the external
`mars-unicode-tables` submodule.
- `0417` imports NSS `getMacCodePageName.c` and fills out the remaining
lightweight Unicode init symbols (`LB_UnicodeStartup()`,
`LB_UnicodeShutdown()`, `MacintoshCodePageName`) needed by imported NSS
converter entry points. The Macintosh codepage name stays NULL until the
real codepage table/runtime layer is imported, so no new Unicode/codepage
tables are introduced in this patch.
- `0418` imports the NSS byte/Unicode and Mac byte/Unicode conversion entry
points (`ByteToUnicode.c`, `LenByteToUnicode.c`, `MacByteToUnicode.c`,
`LenMacByteToUnicode.c`, `UnicodeToByte.c`, `UnicodeToMacByte.c`,
`UnicodeToUntermByte.c`, `UnicodeToUntermMacByte.c`) into libnwcore. The
converter state globals are exported but intentionally empty until DOS/Mac
codepage tables/runtime are added from `mars-unicode-tables`.
- `0419` imports NSS stdlib allocation compatibility (`xStdlib.h`, `zalloc.c`,
`zrealloc.c`) into libnwcore. The original NSS public-core allocator files
depend on NSS OS memory tracking (`nssOSAPIs.h`, `intmem.h`, `MKL_*`), so the
active libnwcore import preserves the NSS API names (`LB_zalloc`, `zalloc`,
`LB_zrealloc`, `zrealloc`) while mapping them to libc userland allocation.
The old private `bitmap.c` `zalloc` macro fallback is removed.
- `0420` imports the NSS UTC/DOS/MS time conversion helper library from
`public_core/library/utc` into libnwcore (`utc2dos.c`, `dos2utc.c`,
`utc2sec.c`, `sec2utc.c`, `utc2msTime.c`, `msTime2utc.c`, string formatting
and parsing helpers, `utcdata.c`). Supporting headers `utc.h`, `utcData.h`,
and `enable.h` are imported directly under `include/core/`; `procdefs.h` is
provided as a libnwcore userland compatibility wrapper because the original
NSS header is a NetWare/kernel lock assertion shim. `utcUserland.c` backs the
NSS UTC globals and `GetUTCTime()` with libc `time(3)` while preserving the
original NSS API names.
- `0421` cleans trailing whitespace from the imported NSS UTC files and fills
the remaining UTC userland glue symbols (`IgnoreTimeZone`, `ResetTimeCache`,
`BEASTHASH_InvalidateDOSTimesPtr`) when `zLINUX` is not provided by the
imported NSS compatibility headers. This fixes downstream links against
`libnwcore` after `0420` without changing UTC conversion semantics.
- `0422` imports the NSS Unicode converter registration entry points
(`RegisterUnicodeConverter.c`, `UnRegisterUnicodeConverter.c`) and adds the
initial `unicodeTableBuild.c` runtime builder. At that stage it still used
identity single-byte tables plus NSS wildcard/raw overrides until real
codepage data was available.
- `0423` wires generated Unicode.org codepage descriptors from the
`third_party/unicodeTables` submodule into `libnwcore`. The submodule now
generates `TAB/codepageTables.c`/`.h` from `MAPPINGS/` and excludes
`WindowsBestFit/` plus historical `DatedVersions/` from direct byte-to-Unicode
output. `unicodeTableBuild.c` builds NSS single-byte, double-byte, reverse
Unicode-to-byte, wildcard, and mappability tables from the configured default
DOS codepage (`VENDORS/MICSFT/PC/CP850`) and Mac codepage
(`VENDORS/APPLE/ROMAN`). The data is compiled into `libnwcore`; no runtime
`.tab`/`.txt` files are loaded.
Keep future NSS low-level imports directly under `src/core/<original>.c` and
`include/core/<original>.h`. Do not add a new `nwcore/nss/` or
`src/core/nss/` path for the active libnwcore imports.
## Current handoff status after quota completion
This file may keep patch chronology because it is the ChatGPT handoff document.
`TODO.md` and `REDESIGN.md` should stay topic-sorted and should not carry patch
stack listings.
Current accepted MARS-NWE server line in this work session is expected to include
quota patches through `0384`:
- `0381` keeps NSS-shaped userquota metadata while computing live usage without
a private usage xattr.
- `0382` and `0383` make the all-quota smoke collect uploadable logs and continue
past ctest.
- `0384` avoids misleading NWQUOTA fallback on Linuxquota set failures.
- `0380` was rejected and must not be used.
Current DOSUTILS quota smoke line is expected to include patches through `0395`:
- DOS writes prove quota deny-before-data on both `QUOTA` and `SYS`.
- `DLYSTRT` is used for the DOS handoff/relogin flow.
- `0395` adds `test/quota/dqt_linux_handoff.sh`, which reads `inuse4k` and sets
`limit4k=inuse4k+12` for both volumes before the DOS helper continues.
Green validation seen before this documentation update:
- MARS-NWE all-quota smoke: ctest, QUOTA dirquota, QUOTA Linuxquota userquota,
SYS metadata, SYS NWQUOTA userquota all passed.
- DOS quota smoke: QUOTA and SYS both wrote 12 4K files and denied the next 4K
write.
Next functional line: move on from quota to DOS namespace compatibility unless
the user reports a regression.
Patch 0366 status: corrected Linux project-quota directory quota ownership.
For Linux quota-capable volumes, Linux project quota is now the authoritative
live directory-quota backend; `netware.metadata` is only a backup/restore
mirror. Decimal 22/35 = wire/code 0x23 first reads Linux project quota. If
Linux has no active project quota yet but `netware.metadata` still contains an
active `nwm_quota_limit`/`zMOD_DIR_QUOTA` mirror from backup/restore, that
metadata value is used once to seed Linux project quota; after that Linux is
authoritative again. If neither Linux nor metadata has a limit, decimal 22/35
returns `entries=0`. Decimal 22/36 = wire/code 0x24 sets/clears Linux project
quota first and mirrors the result to `netware.metadata`. For metadata-only or
NWQUOTA volumes, `netware.metadata` remains authoritative.
Patch 0357 status: live NetWare 3.x directory-quota set/get/clear is audited.
Mario retested `tests/nwfs/nwfs_ncpfs_dirquota_smoke.sh` after the 0357
validator fix: decimal 22/36 = wire/code 0x24 set a finite limit, decimal
22/35 = wire/code 0x23 read one entry, decimal 22/36 = wire/code 0x24 with
limit 0 cleared it, and the follow-up decimal 22/35 = wire/code 0x23 read
returned `entries=0`. The host dump after clear correctly showed
`modify_mask=0x0000000000000000` and
`dirQuotaLimit=9223372036854775807 inactive`. This confirms the earlier
failure was smoke-side parsing of `inactive`, not server-side clear semantics.
The separate dual userquota live smoke also remained green on QUOTA/Linuxquota
and SYS/NWQUOTA.
Patch 0356 status: fixed 3.x directory-quota clear semantics. Decimal 22/36 =
wire/code 0x24 with limit 0 now clears `zMOD_DIR_QUOTA` in
`netware.metadata` instead of leaving an active unlimited `dirQuotaLimit`, and
`nwfs_metadata_get_quota_limit()` treats an inactive directory-quota bit as
`zDIR_NO_QUOTA`. Local full CMake build completed with a locally built GDBM
and local test-only PAM shim; CTest passed (`nwfs_xattr_roundtrip_test`,
`nwfs_dirquota_test`, `nwfs_metadata_xattr_file_test`).
Patch 0353 status: added live NCPFS directory-quota smoke for 3.x endpoints.
`nwfs_ncpfs_dirquota` drives decimal 22/36 = wire/code 0x24 and decimal
22/35 = wire/code 0x23 directly through libncp `NCPC_SFN`, with
readback/expect modes. `nwfs_ncpfs_dirquota_smoke.sh` sets a limit, reads it
back over NCP, verifies `netware.metadata`, clears it, and verifies that
decimal 22/35 = wire/code 0x23 reports no entries.
Patch 0351 status: started closing the MARS-NWE 3.x directory-quota block
before namespace work. Added libnwfs `dirquota.c/h`, CTest
`nwfs_dirquota_test`, active NCP decimal 22/35 = wire/code 0x23 get and
decimal 22/36 = wire/code 0x24 set backed by
`netware.metadata.nwm_quota_limit`, and fixed decimal 22/40 = wire/code 0x28
Sequence parsing to Lo-Hi. Code comments name both decimal NCP numbers and
wire/code hex bytes. Remaining directory-quota work is enforcement/adjustment
on file growth/create/delete/rename and fuller decimal 22/40 = wire/code 0x28
scan-reply validation; later 87/39 stays behind the 4.x line.
# AI working notes for mars-nwe
This file is for future ChatGPT sessions. It records general working rules and
local build/test notes only. It should not be used as the current project
status log; the current patch stack and task context should be pasted into a new
chat separately.
## Start of a new chat
When the user says this is a new chat or asks to continue mars-nwe work, first
read this file before proposing patches or making assumptions. Then ask for, or
use, the current project status that the user pasted into the chat.
## Current handoff update after quota completion and salvage audit
Quota has been moved out of the active TODO path. The functional state to
preserve is: Linuxquota volumes are authoritative/enforcing through kernel quota
state, NWQUOTA volumes are authoritative/enforcing through NetWare metadata, and
NSS-shaped mirrors (`netware.metadata`, `netware.userquota.0`, `netware.quota`)
remain for backup/restore/offline tools. The all-quota smoke and DOS board-tool
quota smoke both passed after the live retests.
Do not use the rejected private usage-xattr idea (`netware.userquota.mars_usage.*`).
Live userquota enforcement must compute effective usage from the selected backend
and current host state.
NSS salvage audit notes for the next filesystem/metadata line:
- MARS-NWE already has a Samba-friendly `.recycle` payload repository and
`.salvage` JSON sidecar backend. Keep that layout; do not replace it with an
NSS purge tree.
- The NSS code worth adapting is the metadata model around deleted objects, not
the full ZLSS purge-tree/purge-log implementation. Important reference files
inspected: `shared/sdk/public/zParams.h`, `shared/sdk/public/zXattr.h`,
`shared/sdk/include/comnBeasts.h`, `public_core/zlss/purgeTree*.c`,
`public_core/zlss/purgeLog.*`, `public_core/zlss/zfsVol.c`, and
`public_core/comn/common/beastDelete.c`.
- NSS exposes deleted info through `zGET_DELETED_INFO` / `zMOD_DELETED_INFO`:
deleted time and deleted-by user ID. NSS stores deleted name type metadata as
`zNTYPE_DELETED_FILE` plus `DeletedPersistentParentEntry_s { time, ID }` next
to the parent/name identity.
- NSS volume salvage reporting uses purgeable bytes, non-purgeable bytes, deleted
file count, oldest deleted time, min/max keep seconds, and low/high watermarks.
These are useful future reporting fields even if MARS computes them by scanning
`.salvage` sidecars.
- Next MARS step should be a shared libnwcore/libnwfs snapshot/builder layer for
salvage metadata: collect source path, recycle path, sidecar path, original
parent entry ID, original name, deleted time, deleted-by ID/name, attributes,
timestamps, trustees, IRM, AFP hints and size once, then use that structure to
write JSON sidecars, NSS-shaped `netware.metadata`, and NCP salvage replies.
- External backup tools that read NetWare xattrs should see NSS-shaped metadata
on salvaged content as well as on live content. Add tests that dump xattrs on
salvaged payloads/sidecars and verify the `netware.metadata` fields.
## Current handoff status after docs/quota patches 0342-0358
The latest patch produced in this work session is `0358-quota-document-audited-netware-3x-quota-status.patch`. Build the next patch on top of the `0358` bundle unless the user says a later patch was applied.
Recent green runtime baseline:
- `0344` split quota into backend-neutral `quota.c/h`, NetWare metadata `nwquota.c/h`, and Linux `lnxquota.c/h`.
- `0345` added the Linuxquota -> `netware.userquota` restore mirror while keeping Linux `quotactl()` primary whenever a kernel quota entry is available.
- The dual NCPFS userquota smoke passed after `0345` and remained green after the 0357 directory-quota retest on both tested volumes:
- `QUOTA`/Linuxquota denied the next 4K write before data and reported `inuse4k=11` after the 11 allowed 4K files.
- `SYS`/NWQUOTA denied the next 4K write before data and reported `inuse4k=184` after rebasing from baseline `173` and writing 11 allowed 4K files.
- `0346` is docs-only and reorganizes the `doc/` tree into topic directories.
- `0347`..`0349` are docs-only and record the NSS namespace path, NSS feature scoping, and the MARS-NWE 3.x compatibility roadmap.
- `0351`..`0357` add and live-smoke the classic NetWare 3.x directory-quota set/get/clear path.
- `0358` is docs/audit only and records the audited quota status after the live 0357 retest.
Clean quota model to preserve:
- `quota.c/h`: backend-neutral helpers only (`nwfs_quota_*`).
- `nwquota.c/h`: NetWare metadata/NWQUOTA storage and accounting only (`nwfs_nwquota_*`).
- `lnxquota.c/h`: Linux kernel `quotactl()` backend only (`nwfs_lnxquota_*`).
- Future BSD quota support must get a separate `bsdquota.c/h` and `nwfs_bsdquota_*` names.
- Linuxquota is authoritative while available. `netware.userquota` is mirrored by Linuxquota only as backup/restore metadata; if restored metadata is used to seed Linuxquota, the kernel quota backend becomes primary again.
- Metadata/NWQUOTA-backed volumes store restriction and used 4K blocks in the volume-root `netware.userquota` xattr and access that xattr as effective uid 0.
- Growth must be denied before data when the projected 4K usage reaches or exceeds the user restriction; the NCP completion remains `0xff`.
- Namespace create of a new regular file performs a one-block precheck so a create/write sequence cannot bypass user restrictions before the file-handle growth path runs.
Do not reintroduce the removed quota experiments unless there is a new failing test that proves they are needed. Removed/obsolete ideas include `FH_CREATED_NEW`, `FH_QUOTA_PRECHARGED`, `nw_mark_file_quota_precharged()`, fchown/chown-only quota accounting fixes, namespace precharge bookkeeping, creator-xattr quota scanning, quota-only file-info stamping, and temporary `nwarchive.c` linkage into `ftrustee` solely for quota scan support.
## Next NSS work: namespace first, then the rest of the useful NSS pieces
The user wants the next functional line to start with namespace compatibility, not more quota work. Do not build another wrapper layer around untouched NSS sources. Continue the existing approach used for `lsaComn.c`, `zXattr.h`, and quota: directly adapt the useful NSS source into normal mars-nwe/libnwfs files, remove NSS runtime/VFS dependencies, and then delete or shrink the old mars-nwe duplicate logic.
Source status inspected after `0346`:
- Current mars-nwe namespace implementation is spread across `src/namspace.c`, `src/namedos.c`, `src/nameos2.c`, `src/connect.c`, and selected `src/nwconn.c` paths.
- `src/namspace.c` is not only namespace logic; it also owns NCP path parsing, base handles, search sequences, create/open/delete/rename/trustee dispatch, salvage helpers, and reply formatting. Do not replace it wholesale in one patch.
- Current DOS 8.3 aliasing in `src/namedos.c` is simplified and is called directly from `src/connect.c`, `src/namspace.c`, and `src/nwconn.c`.
- `src/nwfs/nameSpaceModel.c` and the top-level `src/nwfs/*NSpace.c` files currently provide only NSS-derived namespace registration metadata, not real lookup/mangling/wildcard behaviour.
- The complete NSS reference files are already present under `src/nwfs/nss/namespace/` and `src/nwfs/nss/common/`; no further bulk import is needed.
Namespace adaptation order:
1. DOS namespace first. Adapt from `src/nwfs/nss/namespace/dosNSpace.c` and `dosNSWild.c` into the normal `src/nwfs/` build area. Preserve the useful Novell names/headers where practical, but expose clearly separated libnwfs entry points for DOS legal-name checks, uppercase/casefold, reserved names, wildcard matching, and unique 8.3 alias generation. The NSS `mangleChars` table and `DOSNS_generateUniqueName()` behaviour are the main compatibility target.
2. Replace mars-nwe DOS alias users with the libnwfs DOS namespace implementation and then remove the duplicated logic from `src/namedos.c` instead of keeping it as a permanent wrapper.
3. LONG/OS2 namespace second. Adapt `longNSpace.c` legal-name, reserved-name, compare, wildcard and unique-name logic, then shrink `src/nameos2.c` and OS2-specific branches in `src/namspace.c`.
4. Only after DOS/LONG are stable, adapt UNIX/NFS, MAC, Extended Attribute and data-stream namespace split points from `unixNSpace.c`, `macNSpace.c`, `extAttrNSpace.c`, `dataStreamNSpace.c`, and `nameSpace.c`.
5. Mine `nameLookup.c`, `nameScan.c`, `nameCache.c`, `comnWild.c`, and `comnUnicode.c` only as concrete consumers appear. They are useful for lookup/search/wildcard/casefold semantics, but their NSS Beast/cache model must not be imported wholesale.
Release-target rule after the 0348/0349 discussion: the next real version line should be a **MARS-NWE 3.x compatibility target**. `0.99plxx` is not yet complete NetWare 3.x, so finish the 1.x/2.x/3.x-compatible filesystem/NCP work first. NetWare 4.x work remains planned and may stay documented or behind `#if MARS_NWE_4`, but it is not the active default target. Do not add NetWare 5.x/OES/MOAB/newer runtime endpoints during the 3.x push.
After the 0357 live retest, the 3.x quota block has enough set/get/clear
coverage to move on to DOS namespace work. Keep directory-quota follow-ups
narrow: enforcement/adjustment on file growth/create/delete/rename and fuller
decimal 22/40 = wire/code 0x28 scan semantics. Then continue with
`netware.metadata`/trustee effective rights, data streams and extended
attributes where the NDK/PDF show 3.x relevance, then object IDs/search
maps/salvage follow-ups needed by those calls. NetWare-4.x-only pieces such as namespace-aware variants, compression status/control families, and later directory/NDS identity work stay in the 4.x planning bucket and should remain guarded by `MARS_NWE_4` if source stubs are useful.
NCP scope note after checking `ncp__enu.pdf`: directory disk-space restrictions are not only a NetWare 5.x feature. The old file-system-extension calls are in the NetWare 3.x/4.x scope
(decimal 22/35 = wire/code 0x23 Get Directory Disk Space Restriction, decimal
22/36 = wire/code 0x24 Set Directory Disk Space Restriction, decimal 22/40 =
wire/code 0x28 Scan Directory Disk Space), so directory quotas belong on the
MARS-NWE 3.x roadmap. The namespace-aware 87/39 Get Directory Disk Space
Restriction is NetWare 4.x/5.x scope and belongs to the later `MARS_NWE_4`
line. Patches 0351..0357 changed that from planning into an audited 3.x
set/get/clear implementation: libnwfs owns portable `dirquota.c` helpers,
decimal 22/35 = wire/code 0x23 and decimal 22/36 = wire/code 0x24 are wired to
`netware.metadata.nwm_quota_limit`, and decimal 22/40 = wire/code 0x28 now
reads its documented Lo-Hi sequence value while continuing to use the existing
MARS DOS scan reply shape until resource-fork/MAC_RF work can fill the remaining
extended disk-space fields.
For NSS pieces that are outside the current NetWare 1.x/2.x/3.x target or that require a real backend, keep the adapted code dormant and covered by compile/link/logic CTests only. For planned 4.x features, source stubs may be placed behind `MARS_NWE_4`; for 5.x/OES/newer features, keep notes/tests only unless the user explicitly changes the target scope. Do not expose fake NCP data for any feature without a real backend state.
## Full NSS/nss-common source audit after 0349
The user supplied the full Novell/OES NSS Linux kernel module source archives
`nss.tar(2).bz2` and `nss-common.tar(2).bz2`. These are more authoritative for
NSS layout than the reduced mars-nwe copy under `src/nwfs/nss/`. When changing
filesystem metadata, namespace, AFP/Mac, salvage, directory quota, compression,
EA or data-stream behavior, inspect the full archives again and keep the
Novell/GPL provenance in adapted files.
Important paths seen in the full NSS tree:
- `public_core/comn/namespace/dosNSpace.c`, `dosNSWild.c`, `longNSpace.c`,
`macNSpace.c`, `extAttrNSpace.c`, `dataStreamNSpace.c`, and `nameSpace.c` are
the namespace reference set.
- `public_core/comn/common/dirQuotas.c` plus `shared/sdk/internal/dirQuotas.h`
are the directory quota reference set.
- `shared/sdk/public/zParams.h` defines `zMacInfo_s`:
`finderInfo[32]`, `proDOSInfo[6]`, `filler[2]`, `dirRightsMask`.
- `shared/sdk/internal/macNSpace.h` defines `PackedMacInfo_s` with `rvdID`,
`rvdLayout`, and `zMacInfo_s`; `MAC_METADATA_LAYOUT` is `1`.
- `shared/sdk/include/comnBeasts.h` defines `RVD_MAC_META_DATA` as the root
variable-data ID used for packed Mac metadata.
- `public_core/comn/namespace/macNSpace.c` registers that root variable-data
type, packs/unpacks `PackedMacInfo_s`, zeroes the two filler bytes on disk,
and treats missing Mac metadata as a zeroed `zMacInfo_s` with special default
finder-info behaviour.
- `public_core/comn/common/comnMacintosh.c` uses the data-stream name `MAC_RF`
for the Mac resource fork.
- `public_core/comn/common/comnDataStream.c` and
`public_core/comn/namespace/dataStreamNSpace.c` are the data-stream reference
points. Do not invent a mars-nwe-only fork format if the NSS stream model can
be adapted.
- `public_core/zlss/salvageLog.c` and related ZLSS repair/salvage files are the
salvage reference points for later metadata preservation work.
- `public_core/comn/compression/` contains the NSS compression implementation;
keep it as a later 4.x/planned-library study until the NCP/PDF scope requires
active runtime support.
AFP/Mac metadata decision after comparing mars-nwe and full NSS:
- Current mars-nwe AFP code in `src/nwatalk.c` stores private xattrs:
`org.mars-nwe.afp.entry-id`, `org.mars-nwe.afp.finder-info`,
`org.mars-nwe.afp.prodos-info`, and `org.mars-nwe.afp.attributes`.
- Because there has been no public server release of this work since the pl27
line, do **not** add fallback, migration, or mirror code for those private
AFP xattrs. Replace them.
- New AFP/Mac metadata work must follow the NSS model as far as possible: pack
FinderInfo/ProDOSInfo/dirRightsMask as the NSS `zMacInfo_s`/
`PackedMacInfo_s` root-variable-data layout, not as a new mars-specific side
database and not as a separate convenience `netware.macmetadata` xattr unless
later full-source evidence proves NSS stores it separately at the Linux xattr
boundary.
- If that requires improving the existing `netware.metadata` writer, trustee
variable-length handling, or root-variable-data packing, do that rather than
keeping a second metadata world.
- Salvage must preserve and restore the NSS-style Mac metadata and, later, the
`MAC_RF` resource-fork data stream. Do not expose `.recycle` or `.salvage`
paths through normal AFP/NCP opens.
- Existing AFP NCP handlers `35/01`..`35/19` remain useful, but their backend
state should be moved from private mars-nwe xattrs to the NSS-style metadata
and data-stream provider.
Directory quota scope after the 0349 discussion:
- Directory quotas are part of the future MARS-NWE 3.x compatibility target,
not only NetWare 5.x work. The 3.x calls are decimal `22/35`, `22/36`, and
`22/40`; code comments should also show the wire hex selectors `0x23`,
`0x24`, and `0x28`.
- It is acceptable to adapt `dirQuotas.c` into libnwfs before the NCP endpoints
are fully wired, but only with CTests that link the library and check the
quota math/data model. Runtime NCP integration should not be claimed done
until those 3.x endpoints behave against real filesystem state.
Version targeting:
- The active release push is MARS-NWE 3.x compatibility. Finish documented
NetWare 1.x/2.x/3.x filesystem and NCP behaviour before enabling new default
NetWare 4.x runtime endpoints.
- Keep NetWare 4.x work behind `MARS_NWE_4` or in documentation/tests until the
3.x line is complete. 5.x/OES/newer source can be studied and dormant code
can be compile/link/logic-tested, but should not become live endpoints without
a deliberate target change.
## Current handoff status after patch 0222
The current accepted patch line in this chat is expected to include:
- endpoint-audit/documentation patches through `0176-docs-audit-direct-lifecycle-buffer-endpoints.patch`;
- redesign documentation patches `0177` through `0198`;
- endpoint-audit/documentation patches `0199` through `0219`;
- redesign clarification patch `0220-docs-record-print-queue-redesign-link.patch`;
- endpoint-audit patch `0221-docs-audit-ncp-extension-stubs.patch`;
- endpoint-audit patch `0222-docs-audit-direct-file-metadata-stubs.patch`;
- latest expected patch name: `0222-docs-audit-direct-file-metadata-stubs.patch`.
When continuing in a new chat, first ask the user which patch was actually last
applied. If they confirm `0222`, build the next patch as `0223-...` against a
tree that already contains `0222`. If they only applied through `0221`, apply or
rebuild `0222` before continuing endpoint work. If any patch failed or was skipped, rebuild
against the last confirmed applied patch instead of assuming the file in
`/mnt/data` was accepted.
Known numbering/patch-history notes from this chat:
- `0190-docs-clarify-imported-nwlog-backend-layout.patch` was superseded because
patch number `0189` was accidentally skipped and the old `0190` failed after
`0188`. Do not reuse that old file.
- Use `0189-docs-clarify-imported-nwlog-backend-layout.patch` instead.
- Then use `0190-docs-clarify-simple-syslog-nwlog-backends.patch`, followed by
`0191` ... `0203`.
The user prefers patch verification snippets to contain only:
```sh
git am patchname.patch
```
Do not include `git diff --check HEAD^..HEAD` in the final summary unless the
user asks for it.
## Current redesign decisions to preserve
`REDESIGN.md` is now the place for broad architecture notes. Do not keep
growing `TODO.md` with long-term redesign material. `TODO.md` should remain
for concrete endpoint/test/fix follow-ups.
High-level NCP architecture direction:
- Add a small internal NCP dispatch/handoff layer over time; avoid a large
message-bus rewrite.
- Provider boundary is not the same as process boundary.
- `nwbind` remains legacy bindery provider/service.
- Queue is a strong candidate for a future `nwqueue` provider/process, but first
split it logically from bindery.
NCP Extension note from patch `0221`:
- SDK `0x2222/36` / wire `0x24` NCP Extension information and SDK
`0x2222/37` / wire `0x25` Execute NCP Extension are source-stub-audited as
planned NetWare 4.x extension-registration work.
- `src/nwconn.c` now contains disabled `MARS_NWE_4` stubs for `36/00` through
`36/06` and direct `37`. They intentionally return `0xfb` if ever enabled
without a real extension registry/provider.
- Future owner is an extension registry/provider. Do not route extension
payloads through `nwserv` as a data-plane broker; `nwserv` remains only
control-plane/supervision/registry.
- Patch `0222` audits the remaining old direct file-metadata/open-create
compatibility slots SDK `0x2222/79`, `0x2222/84`, and `0x2222/85` / wire
`0x4f`, `0x54`, and `0x55`. No active top-level handlers existed; the patch
records disabled `#if 0` stubs in `src/nwconn.c`. Future owner is the
filesystem/namespace provider, not NDS.
- The next patch number should be `0223` if `0222` was applied.
Print/queue redesign note from patch `0220`:
- Do not describe printing as entirely absent. Queue-backed printing already
exists in the project through the queue/job printing paths.
- The old direct `0x2222/17` Print/Spool NCP family is a separate compatibility
surface and currently remains documented as disabled stubs.
- Future direct `17/xx` implementation should bridge to existing queue printing
mechanics rather than creating a separate print subsystem.
- Logical owner: queue/print-spool provider area, possible future `nwqueue`; not
`nwnds`, not `nwdirectory`.
- Filesystem/volume/namespace should become a provider/module boundary first; a
separate process would be risky and later only.
- Semaphore, server-management, and most small call families should remain
modules/providers, not separate processes.
- `nwserv` is the control plane/supervisor/provider registry, not a data-plane
payload router. Normal requests should flow `client -> nwconn -> provider ->
nwconn -> client`, not through `nwserv` as broker.
- Provider processes must always return one formal internal handoff reply.
`NO_REPLY` is an explicit reply kind, not silence. `nwconn` owns the final
client NCP reply envelope and send.
Transport direction:
- TCP/IP support is a transport split below `nwconn`/`nwserv`, not a new daemon.
- Planned code layout: `src/nwtransport.c`, `src/nwipx.c`, `src/nwtcp.c`.
- `nwtransport` is a code/library boundary, not a process.
- Higher providers must not depend on raw `ipxAddr_t` long-term.
- IPX SAP/RIP/watchdog/broadcast behavior remains isolated as IPX-specific.
Secure IPC/TLS direction:
- Client-facing NetWare 4.x/NCP/NDS compatibility must not require TLS by
default. Keep historical clients compatible.
- LDAP/LDAPS/StartTLS for `nwdirectory` should use the `nwtls` facade with the selected GPL-2.0-compatible backend; MatrixSSL is the current preferred candidate.
- Internal provider IPC over TCP, if added later, must always use backend-backed
TLS with mutual authentication through `nwtls`. MatrixSSL is the current
preferred candidate; no plaintext fallback for TCP provider IPC.
- Local IPC may remain Unix-domain sockets, pipes, socketpairs, or inherited FDs
with strict permissions; still avoid logging decoded secrets.
- Add `nwtls` as the internal TLS facade if/when TLS is wired into runtime:
`include/nwtls.h`, `src/nwtls.c`, `src/nwtls_matrixssl.c`.
Directory/NetWare 4.x direction:
- `libdirectory` is the shared internal C API/library used by `nwbind`, future
`nwnds`, `nwdirectory`, and `nwsetup`. These components should not talk LDAP
internally just to reach the directory store.
- `libflaim` is the planned persistent store under `libdirectory`. FLAIM is C++;
keep its C++ API behind `libdirectory` so old mars-nwe C code does not include
FLAIM C++ headers directly.
- `nwdirectory` is the mars-nwe integration name for the tinyldap-derived
LDAP/LDAPS service. Standalone/upstream identity remains `tinyldap`; inside
mars-nwe it builds the `nwdirectory` service.
- Future `nwnds` is the NetWare 4.x/NDS compatibility layer and should use
`libdirectory`, not LDAP protocol calls, as its internal backend path.
- `nwbind` should eventually become a legacy bindery adapter over
`libdirectory`/`libflaim`, not maintain a second persistent truth.
- Do not mention or design Kerberos for the current NetWare 4.x target.
Configuration and setup direction:
- Move toward a real typed, documented INI format. Do not use JSON as the admin
config format.
- The generated INI is also user documentation. Writers must preserve comments
where possible or regenerate from a full documented template; never rewrite it
into an undocumented minimal key/value dump.
- `nwsetup` is the provisioning/setup tool. It should initialize the
`libdirectory`/`libflaim` store, create initial schema/tree/admin/server
objects, migrate bindery data later, and edit config atomically.
- No reusable Admin/Supervisor/NDS/LDAP plaintext passwords in the new typed INI.
Initial passwords and recovery resets belong to explicit `nwsetup` commands
and only hashes/verifiers go into the store.
- Legacy bindery config-password reset may remain only as deprecated compatibility
behavior; Directory/NDS mode uses `nwsetup` recovery commands.
Logging direction:
- Add a small internal `nwlog` facade instead of direct zlog/log.c calls in
handlers/providers. Project layout: `include/nwlog.h`, `src/nwlog.c`.
- Category wrappers should exist for normal code: `nwlog_ncp()`,
`nwlog_handoff()`, `nwlog_bindery()`, `nwlog_queue()`, `nwlog_directory()`,
`nwlog_nds()`, `nwlog_ldap()`, `nwlog_auth()`, `nwlog_acl()`,
`nwlog_recovery()`, `nwlog_security()`. They populate an internal
`nwlog_event` and call `nwlog_emit()`.
- `rxi/log.c` may be vendored/adapted as `nwlog_simple`, not exposed directly:
`include/nwlog_simple.h`, `src/nwlog_simple.c`. It is a simple
stderr/stdout/file/callback basis and is a good default for systemd/journald.
- `nwlog_syslog` may later be derived/cloned from the simple backend for classic
`syslog(3)` explicitly: `src/nwlog_syslog.c`.
- `zlog` is the preferred optional advanced routing backend behind the facade:
`src/nwlog_zlog.c`. It may live as a `third_party/zlog` submodule.
- Never route raw decoded NCP/handoff/auth payloads to remote loggers. Only
redacted structured events should leave the host.
Third-party/fork policy:
- Fixed third-party libraries live under `third_party/`, such as existing
`yyjson`, planned `matrixssl`, planned `libflaim`, and optional `zlog`.
- `MatrixSSL` is the preferred GPL-2.0-compatible crypto/TLS candidate and should
be imported as a maintained fork with a native CMake build if selected. Do
not design a first-pass OpenSSL/LibreSSL backend matrix.
- `libflaim` should live under `third_party/libflaim` as a mars-nwe-maintained
import/fork/mirror. Source may come from SourceForge/SVN and/or a distro
source package such as openSUSE `libflaim-4.9.1046`. Document exact import,
revision/version, license files, distro patches, and local patches in
`third_party/libflaim/README.mars-nwe.md`.
- FLAIM r1112 has Autotools (`configure.ac`, `Makefile.am`, libtool, `config.h`,
subprojects `ftk`, `flaim`, `sql`, `xflaim`). Do not wrap Autotools from
CMake; replace it with a real CMake build. First required targets are
`FLAIM::ftk` and `FLAIM::flaim`; SQL/XFLAIM/tools/tests/docs can come later.
- FLAIM source license observed by the user: library sources LGPL-2.1; helper
files like `svn2cl.xsl` may have separate licenses such as BSD-3-Clause.
Keep these separated in import docs.
- Forked/integrated mars components that become project services live in the
repository root, matching existing style such as `mail`, `admin`, and
`dosutils`. `mars-tinyldap` belongs in the root, not `third_party`, because it
will be heavily adapted into `nwdirectory`.
- tinyldap currently has a hand-written Makefile and flat-file/mmap storage.
It needs a real CMake build, not a Makefile wrapper. Standalone remains
`tinyldap`; mars-nwe integration builds `nwdirectory`.
- For tinyldap/nwdirectory, first CMake split can expose internal targets such as
`tinyldap::asn1`, `tinyldap::ldap`, `tinyldap::ldif`, `tinyldap::auth`,
`tinyldap::storage`, and `tinyldap::server`. Replace flat-file storage with
`libdirectory -> libflaim` later.
- Old tinyldap TLS code can remain reference/legacy/standalone-only; mars-nwe
`nwdirectory` TLS should go through `nwtls`/MatrixSSL once the backend is selected.
Schema/import direction:
- Do not invent NetWare 4.11 schema by hand if a real source can be obtained.
The user expects the complete schema to be hidden in NetWare 4.11 installation
material such as `install.dat`; a real 4.11 install may be needed to extract
it.
- `.SCH` files such as uploaded `NLS.SCH` are useful format examples/fragments.
They contain readable ASN.1-like `ATTRIBUTE` and `OBJECT-CLASS` blocks, but
are not the full schema truth.
- `nwsetup` should eventually support native NetWare 4.11 schema import, `.SCH`
fragment import, and LDIF import/export. LDIF remains human-readable,
diffable, and testable, but the canonical runtime representation is
`libdirectory` schema objects stored in `libflaim`.
- tinyldap has useful ASN.1 BER/DER and LDIF code (`scan_asn1*`, `fmt_asn1*`,
`asn1dump`, `ldif_parse.c`), but it does not appear to be an NDS `.SCH` or
NetWare schema importer. Reuse ideas/code carefully through the
`nwdirectory` fork, but plan a dedicated schema import layer.
- Samba `source4/dsdb/schema` and setup schema conversion code are useful
references for OID/prefixMap/schema-loading ideas, but Samba is GPL-family; do
not blindly copy code into mars-nwe. Use as a reference and implement a
mars-nwe-native importer/OID module.
Latest endpoint audit note:
- Patch `0221` audits SDK `0x2222/36` / wire `0x24` NCP Extension
information and SDK `0x2222/37` / wire `0x25` Execute NCP Extension as
planned NetWare 4.x extension-registration work.
- `src/nwconn.c` contains disabled `MARS_NWE_4` stubs for `36/00` through
`36/06` and direct `37`; they are documentation/source markers only and do
not change the default runtime.
- Future implementation needs an extension registry/provider. `nwserv` may
supervise/register providers but must not become the data-plane broker for
extension payloads.
- Patch `0222` audits SDK `0x2222/79`, `0x2222/84`, and `0x2222/85` / wire
`0x4f`, `0x54`, and `0x55` as old direct file-metadata/open-create and
sparse-data compatibility gaps. It adds disabled `#if 0` stubs next to the
old direct file-I/O switch in `src/nwconn.c`; future owner is the
filesystem/namespace provider.
- Previous print note still applies: direct `17/xx` spool NCPs are only the
old direct-spool compatibility surface; queue-backed printing already exists.
The next patch number should be `0223` if `0222` was applied. Likely next
blocks are deeper `0x2222/23` bindery/property/admin subfunction coverage,
SDK `0x2222/90` scope, or another user-selected endpoint family.
## Patch workflow
- Produce patches that apply with exactly:
```sh
git am patchname.patch
```
- Assume the user has already applied and committed accepted earlier patches.
Build every new patch against the current tree the user provides.
- Do not ask the user to apply a long patch chain unless they explicitly say
earlier patches were not committed.
- Keep follow-up patches small and reviewable. Do not mix functional changes,
cleanup, and logging refactors unless the user asks for that.
- If a patch is only documentation or test cleanup, keep it that way.
## Current protocol audit scope
- The current endpoint documentation/audit pass is scoped to compatibility NCPs through NetWare 3.x by default, including NetWare 1.x/2.x legacy calls where they are documented. Bucket endpoints by the oldest NetWare generation that documents them: put 1.x/2.x legacy calls in their own sections, keep the remaining through-3.x compatibility calls in the 3.x/default section, and put endpoints introduced in NetWare 4.x in a separate planning/stub section. Do not create stub work merely for NetWare 5.x/OES/MOAB/newer endpoints.
- NetWare 4.x-only endpoints are not part of the default implementation target yet, but they are the current forward-planning target. Already implemented compatibility code must not be removed or wrapped just because it is 4.x-era; only new, not-yet-implemented 4.x stubs should be placed behind `#if MARS_NWE_4`. Do not add disabled stubs for 5.x/OES/MOAB/newer calls unless the user explicitly changes the target scope later. `MARS_NWE_4` is currently hard-disabled in `include/config.h.cmake` and should stay `0` unless the user explicitly asks to start that work.
- When a `0x2222` group or subfunction is forwarded out of `nwconn.c`, follow the handoff before declaring the endpoint documented. `nwconn.c` should document the handoff and the exact header/payload bytes that are preserved or rewritten before forwarding; the destination file (for example `nwbind.c`) must document the concrete subfunction request/reply layout at the real handler. Do not stop at a comment such as `nwbind must do prehandling`, `nwbind must do the rest`, or `handled by nwbind`.
- For forwarded paths, document any nwconn-side payload mutation as part of the audit. Examples in the current tree include queue create path expansion, queue job file-handle insertion, quota bindery prehandling, and semaphore/message group forwarding. If a forwarded subfunction is not audited yet, record it as a target-file follow-up rather than only documenting the nwconn dispatcher.
- For documentation-only endpoint patches, do not change parser offsets, byte order, reply layout, or completion behavior. Always compare the code parser/reply layout against the applicable SDK/WebSDK/PDF request format and, when available, the uploaded SDK include prototypes. If the code differs from the SDK layout, document the concrete difference inline and mirror it in `TODO.md` for later testing. If it matches, say so in the patch summary so the audit trail is clear.
- When an SDK/WebSDK/PDF endpoint number is written in decimal notation, convert it carefully to the wire `case` value before adding inline documentation. Example: Directory Services `0x2222/22/12` in the PDF means SubFunctionCode decimal 12, i.e. wire `case 0x0c`; it is not the existing `case 0x12` / decimal 18 Allocate Permanent Directory Handle. Place disabled stubs directly at the correct numeric slot inside the dispatcher, never appended at the end of the function. For implemented endpoints, keep the detailed documentation inside the relevant `case` block, immediately after the `case` label/opening brace, matching the local style; do not leave a large endpoint block before the `case` label.
- If a PDF/WebSDK page title and an internal table row disagree, prefer the endpoint title plus include/WebSDK cross-checks and record the mismatch instead of inventing a new wire case. Example: `0x2222/23 Verify Serialization` is titled SDK decimal `23/12` / wire `0x0c`, even though one PDF table row prints `SubFunctionCode (212)`; do not add a wire `0xd4` case without a packet trace or include-level confirmation.
- In `TODO.md` and endpoint summaries, avoid ambiguous mixed notation for grouped subfunctions. Write SDK/PDF numbers as decimal and include the wire byte explicitly when it differs or could be confused, for example `SDK 22/18 / wire 0x12` or `SDK 22/12 / wire 0x0c`. Do not write `22/12` for a wire `case 0x12` unless the SDK number is actually decimal 12.
- Do not assume every `0x2222` endpoint key is only `request_type/function/subfunction`. Some SDK/PDF/WebSDK families have deeper selectors inside the subfunction payload, such as NDS `0x2222/104/02` with a 32-bit NDS `Verb`, statistical `0x2222/123/34` with `InfoLevelNumber`, NCP extension `0x2222/36`/`37` with dynamic extension numbers, or reply layouts selected by an information type. When auditing such a family, document the selector path explicitly, for example `0x2222/104/02 verb=<n>` or `0x2222/123/34 level=<n>`, and distinguish true wire dispatch bytes from payload fields that merely select a structure or backend operation.
- Keep `TODO.md` endpoint audit notes grouped by endpoint family and NetWare generation instead of as one long flat list.
- Before starting the next detailed endpoint block, maintain a coverage index for SDK/WebSDK-listed `0x2222` groups that are not yet audited. Classify each group as present in code but not audited, missing a top-level handler, or likely later-generation/unclear. This index is only a planning aid: do not add active TODO work or source stubs until the specific block has been checked for handoffs and bucketed by oldest documented NetWare generation.
- Before every new endpoint-family patch, first do a missing-endpoint pass for that family: enumerate the SDK/PDF/WebSDK/include endpoint list, compare it against actual `case` labels and forwarded destination handlers, then document implemented, disabled-stub, and absent slots separately. Do this retroactively for already documented families when touching them again.
- Always document both the request handoff/parser and the reply builder. For forwarded calls, the `nwconn.c` comment should explain exactly why `return(-1)` or `return(-2)` is used; the destination handler should explain the concrete request bytes and response payload. Do not treat `return(-1)` inside disabled `#if 0` snippets in `nwbind.c` as a forwarding mechanism.
- For SDK-listed groups that appear missing from `nwconn.c`, also search destination files such as `nwbind.c`, queue helpers, salvage helpers, AFP/name-space dispatchers, and any prehandler path before declaring the endpoint absent.
- The rejected `0152-docs-note-message-control-subfunction.patch` must not be applied: it documented `0x2222/21/0x0c Connection Message Control`, which is outside the default NetWare 1.x/2.x/3.x MARS-NWE target scope.
## mars-nwe coding style rules
- Prefer existing mars_nwe / NetWare functions over new helper code.
- Before adding a helper, search the tree for an existing equivalent.
- Do not introduce parallel mechanisms for paths, trustees, xattrs, AFP
metadata, copy/write/restore, u16/u32 packing, or logging.
- Use existing integer and wire-format macros such as `GET_16`, `GET_32`,
`U16_TO_16`, `U32_TO_32`, and related mars_nwe helpers instead of open-coded
byte parsing/serialization.
- Use existing namespace/path conversion and basehandle logic instead of parsing
NetWare paths by hand.
- For file restore/copy/write behavior, prefer the existing Novell/mars_nwe file
functions over direct POSIX operations. Use POSIX only where there is no
suitable internal mechanism, and keep it clearly isolated.
- Do not add a new trustee or xattr database. Salvage JSON is a snapshot; real
restore should feed existing mars_nwe trustee/xattr/AFP mechanisms.
## NCP path and hidden repository notes
- Normal NCP path resolution intentionally treats Unix dot path components as
hidden/special. In the classic path resolver (`build_dir_name()` in
`connect.c`), a component beginning with `.` is accepted only for `.`/`..`
semantics; a component such as `.recycle` or `.salvage` returns invalid path
(`0x899c`).
- `nwattrib.c` also marks Unix dot files/directories hidden by default when no
explicit NetWare attributes are stored.
- Therefore `.recycle` and `.salvage` are backend repositories, not user-visible
NCP paths. Tests must not expect `SYS:.recycle/...` or `SYS:.salvage/...` to
open through ordinary NCP file calls.
- Use the official salvage endpoints (`87/16` scan, `87/17` recover, `87/18`
purge, and old `22/27`-`22/29`) to observe or operate on salvage entries.
Verify recovered payload content by reading the restored live file through
NCP, not by opening backend repository paths through NCP.
## Salvage endpoint rules
- `NCP 0x2222 / 87 / 16` is decimal 87/16, implemented as function `0x57`,
subfunction `0x10`.
- `NCP 0x2222 / 87 / 17` is decimal 87/17, function `0x57`, subfunction
`0x11`.
- `NCP 0x2222 / 87 / 18` is decimal 87/18, function `0x57`, subfunction
`0x12`.
- Legacy salvage endpoints are old function `22` decimal / `0x16`:
`22/27` scan, `22/28` recover, and `22/29` purge. They should remain thin
adapters over the same shared salvage backend, not a second implementation.
- Keep `0x57` subfunction dispatch in `handle_func_0x57()` / namespace code,
not as a second subfunction switch in `nwconn.c`.
- Old `0x16` calls need a minimal bridge in namespace code because short
directory handles must be resolved through existing `build_base()` /
`dir_base[]` internals before reaching the shared backend.
- Versioned backend payload names follow Samba `vfs_recycle` literally:
`Copy #1 of NAME`, `Copy #2 of NAME`, ... . Do not localize this string and
do not run it through gettext; the NCP scan reply still reports the original
deleted filename for every version.
- Versioned salvage entries may have different `.recycle`/`.salvage` names but
`87/16` returns the original deleted filename for every version. Do not match
recover/purge by display name alone.
- Scan must treat `.salvage` JSON as a sidecar for the matching `.recycle`
payload. If an external tool such as Samba or an administrator removes the
payload, `87/16` must not return the stale sidecar and should remove the JSON.
The server log should contain a greppable line like
`WARN SALVAGE 87/16 STALE ...` for this cleanup.
- Scan, recover, and purge should share the same scan/sequence/basehandle view
so that a sequence returned by scan identifies the exact sidecar used later.
- The combined salvage smoke suite now covers NCP write/read payloads, 87/18
purge pre-clean, hidden backend repository behavior, stale sidecar cleanup
with a manual payload-removal pause, three version captures, and recovering
the oldest version via sequence 0.
- Append salvage endpoint tests to `tests/salvage/salvage_smoke_suite.sh` rather
than creating unrelated top-level scripts, unless a helper binary is needed
and then started by the suite.
## AFP 0x13 deleted-file info notes
- AFP `0x13 Get Macintosh Info On Deleted File` is NCP `0x2222 / 35 / 19`
(wire subfunction byte `0x13`). The Micro Focus / Novell WebSDK request is
`VolumeNumber` plus `DOSDirectoryNumber`; the reply is FinderInfo[32],
ProDOSInfo[6], ResourceForkSize, FileNameLen, FileName.
- Implement it only as an adapter over the shared mars_nwe salvage/deleted-entry
record. Do not expose or normally open `.recycle` or `.salvage` through AFP
code; those remain hidden backend repositories.
- The implementation returns FinderInfo[32], ProDOSInfo[6], resource fork size,
and deleted original name from the Salvage JSON snapshot. FinderInfo and
ProDOSInfo are captured through the existing nwatalk xattr-backed AFP
metadata store, not through a parallel AFP metadata database.
- The AFP smoke suite has a dedicated `afp_deleted_info_smoke` helper. It
pre-cleans salvage entries in the tested directory through NCP purge, creates
a temporary AFP file, writes FinderInfo and ProDOSInfo, deletes it, verifies
AFP `0x13`, and purges the tested deleted entry afterwards.
- Verified AFP smoke status: the full suite completed with `failures=0` after
AFP 35/19 and ProDOSInfo work. It verifies live FinderInfo and ProDOSInfo
xattrs on `SYS:PUBLIC/pmdflts.ini`, verifies AFP 35/19 returns
`prodos=010203040506` from the deleted-file Salvage snapshot, and leaves
normal AFP-only attributes absent when Hidden/System/Archive map through the
NetWare attribute path.
- Reuse existing AFP/nwatalk metadata mechanisms for FinderInfo, AFP
attributes, entry ids, resource fork state, and related restore/lookup
behavior. Do not add a parallel AFP metadata database.
## Logging rules
Desired future server log format:
```text
<LVL4> <AREA> <DEC-CODE> <EVENT> key=value ...
```
- `LVL4` is exactly four characters: `INFO`, `DBUG`, `WARN`, `ERRR`.
- `AREA` examples: `NCP`, `SALVAGE`, `AFP`, `MAP`, `BIND`, `TRUST`, `AUTH`,
`CONN`, `FILE`, `QUEUE`.
- The front code should be human/protocol decimal where applicable, for example
`87/16`, `87/17`, `87/18`.
- Exact wire values should still be logged later as key/value hex fields, for
example `fn=0x57 sub=0x10 seq=0x00000000 base=0x00000004 result=0x89ff`.
- Unknown or unimplemented endpoints should be easy to grep, for example:
```text
INFO NCP 87/18 UNKNOWN fn=0x57 sub=0x12 msg="not implemented"
INFO NCP 87/255 UNKNOWN fn=0x57 sub=0xff msg="unknown subfunction"
INFO NCP 136 UNKNOWN fn=0x88 msg="unknown function"
```
- Do not invent a parallel logger casually. Reuse existing mars_nwe logging
functions/macros and normalize message format gradually.
## 2026-06-06 - handoff for next chat: redesign plus FLAIM/directory foundation
This is the latest working handoff from the long FLAIM/MatrixSSL/nwssl session.
If a new chat starts, ask the user for the current root bundle and the current
bundles or pushed refs for all submodules before constructing a build tree. Do
not assume the bundles named in the old chat are still current.
There are now two active work streams. Keep them separate in patches and in
commit messages:
1. **mars-nwe redesign / future-proofing of existing code.** This is the
`REDESIGN.md` track. The next intended first task is small: add a typed
enum/type layer for internal operations/request kinds/schema-facing IDs so
old magic strings and magic numbers can be translated at one boundary before
moving larger logic. Read `REDESIGN.md`, `TODO.md`, and this file before
proposing the first enum patch. Do not start with a large rewrite.
2. **vendored storage/crypto/directory infrastructure.** This is the track
that introduced `libnwowfat`, `libnwsodium`, `libnwmatrixssl`, `libnwssl`,
`libnwflaim*`, and `libnwdirectory`/tinyldap integration. The purpose is to
later replace old local helper code and, more importantly, to move
tinyldap/nwdirectory away from flat files toward a FLAIM-backed store.
Current green test state reached in the previous chat:
```sh
ctest -L flaim --output-on-failure
# nwflaim.database.create-and-check ......... Passed
# mars_nwe.flaim.api-create-query-encrypt ... Passed
# mars_nwe.xflaim.api-alloc ................. Passed
ctest -L nwflaim --output-on-failure
# nwflaim.database.create-and-check ... Passed
```
Meaning of the green tests:
- FLAIM tools can create and check a database through CTest.
- mars-nwe root tests can create a classic FLAIM database, add a dictionary
`EncDef` through the dictionary API, write/read/query records, close/reopen
the database, and verify the test secret is not visible as plaintext on disk.
- `libnwssl` now has a functional NICI/CCS compatibility layer sufficient for
classic FLAIM at-rest encryption tests.
- XFLAIM stays build-covered but does **not** use the classic FLAIM NICI compat
path; NICI support is scoped to classic FLAIM targets only.
- FlaimSQL is experimental and must be default `OFF`; do not let default
mars-nwe builds link hard against `libnwflaimsql`.
Important FLAIM/nwssl fixes that were part of the green state:
- `libnwssl` owns `include/nwssl/private/nici/*` and the NICI/CCS compatibility
implementation used by FLAIM.
- `CCS_Init()` / `CCS_Shutdown()` exist for FLAIM startup/cleanup.
- NICI handle types must match FLAIM `FLMUINT` width on 64-bit builds.
- MatrixSSL must export the same AES-related compiler options/defines to
consumers that it used for `libnwmatrixssl`, otherwise `psCryptoOpen()` fails
with a crypto config mismatch.
- FLAIM dictionary code had EOF-as-not-found / EOF-as-end-of-base64 decode cases
that needed to be treated as success in the relevant paths.
- The encrypted root test must create `EncDef` through the dictionary API; do not
put `encdef` as a child of a `field` record.
Known remaining FLAIM follow-up:
- Manual `nwflmgigatest -b` with default 100000 records still hit a
`Gleitkomma-Ausnahme` / SIGFPE even though the CTest DB smoke passes. The
divisions in `gigaUpdateLoadTimes()` were already guarded. The likely bug is
shutdown ordering in `flaim/util/gigatest.cpp`: the code stops the screen
thread, then later calls `gigaUpdateLoadTimes()` and stops the screen thread
again. The next small mars-flaim patch should move final stats before the
first `gigaStopScreenThread()` and stop the screen thread only once. Verify
with:
```sh
cd <build>/third_party/flaim
./nwflmgigatest -b
echo $?
ctest -L nwflaim --output-on-failure
ctest -L flaim --output-on-failure
```
At-rest encryption/key policy notes:
- FLAIM encryption uses a database wrapping key plus EncDef keys. The EncDef
key is stored in FLAIM metadata in wrapped/encrypted form; records use the
EncDef key for encrypted field/blob storage.
- The current `nwssl` NICI/CCS layer is a functional compatibility layer for
tests and initial directory storage work. Before storing real production
directory secrets, define a key policy: where the server/tree master key lives,
how it is created, how backups/restores work, and how rotation will later be
handled.
- Candidate future key locations are root-only files such as
`/etc/mars_nwe/nwssl.key` or `/var/lib/mars_nwe/keys/...` with mode `0600`.
Do not hard-code a production master key into the database or source.
TinyLDAP / directory follow-up test ideas before replacing flat-file storage:
- Create/open/reopen a directory database.
- Add user object, group object, and user-to-group membership.
- Lookup by DN/name and by indexed common attributes.
- Authenticate user/password; password material must not appear plaintext in the
FLAIM database files.
- Duplicate object/name conflict, delete, rename/move, restart/reopen recovery.
- Once the user extracts real NetWare 4.11 schema data, add schema tests for
object classes, mandatory/optional attributes, attribute syntax,
single/multi-value rules, naming attributes, inheritance, and default indexes.
NetWare 4.11 LDAP compatibility baseline:
- Treat stock NetWare 4.11 LDAP as the primary compatibility target for the
directory service. The stock LDAP.NLM generation is LDAPv2-only, not LDAPv3.
- LDAPv2 simple bind, search, and unbind must be first-class, intentional, and
covered by tests. LDAPv3 support may remain or be added, but it is additive
and must not become the default assumption for the NetWare 4.11 baseline.
- Baseline references for the stock target are RFC 1777 (LDAPv2 core protocol)
and RFC 1778 (LDAPv2 string representation of standard attribute syntaxes).
- Do not require LDAPv3-only features for the stock 4.11 target: no referrals,
no SASL, no controls, no extended operations, and no mandatory LDAPv3 UTF-8 DN
behavior.
- NetWare 4.11 with NDS 8 / eDirectory and newer LDAP.NLM versions is a later
optional compatibility profile. That profile may cover LDAPv3-era RFCs such
as 2251, 2252, 2253, 2255, and SASL RFC 2222, but it should not drive the
initial directory design.
- The user has started importing real NetWare schema files under `opt/schema/`
after lower-casing filenames and converting CRLF line endings. Treat these
as input for the directory/schema enum/type-layer work.
- Historical LDAPv2 server reference material inspected in this chat:
`openldap-1.0.3.tgz` is useful because it is still close to the UMich LDAP
lineage and contains LDAPv2-era `slapd`, `liblber`, RFC 1777/1778 text, and
simple backend code. Use it as protocol-behavior reference only; do not
import its large server architecture into tinyldap.
- Samba 2.2.12 and Samba 3.0.37 were inspected for a small embedded LDAPv2
server. They do not contain one. Their LDAP code is primarily client/backend
code (`pdb_ldap`, `smbldap`, `idmap_ldap`, ADS/CLDAP client pieces). Do not
use Samba 2/3 as the LDAPv2 server model.
- For LDAPv2 protocol behavior, prefer: RFC 1777/RFC 1778, TinyLDAP's current
small C implementation, and UMich/OpenLDAP 1.x as historical C reference.
Add tests first, then adjust tinyldap behavior in small patches.
NetWare/NSS xattr and trustee metadata baseline:
- The corrected compatibility target for NetWare file metadata is the Novell/OES
NSS `netware.*` Linux xattr interface. Use OES/NSS as the primary reference
for names, binary layouts, trustee rights constants and inherited-rights
behavior.
- The relevant GPL-2.0 source references are `zXattr.h`, `zParams.h`,
`lsaXattr.c`, `lsaSuper.c`, `zasAuthModel.c`, `zasAuthSpace.c`, and
`sharedsrc/manage.c.h`. mars-nwe is GPL-2.0-only, so exact structures/code may
be adapted directly when the original copyright/license notices are preserved.
- Active NSS xattr names include `netware.ncpstat`, `netware.quota`,
`netware.volumeinfo`, `netware.metadata`, and `netware.userquota`. The first
mars-nwe xattr ABI target is still `ncpstat`, `metadata`, `quota`, and
`userquota`; keep `volumeinfo` as a later volume/tooling target.
- `netware.trustee` has helper functions in `lsaXattr.c`, but its registration
entry is disabled/commented in the NSS source; trustees should be represented
through `netware.metadata` first.
- `netware.metadata` contains the high-value fields for backup/migration and
compatibility: file attributes, timestamps, owner/archiver/modifier/metadata
modifier GUIDs, directory quota, inherited rights mask, and trustee array.
- NSS trustee rights are positive NetWare/NSS rights: R/W/C/E/A/F/M/S plus NSS
salvage/secure bits. The baseline is not the Linux `trustees-3.0`
allow/deny/clear model. The current mars-nwe `netware.metadata` trustee
rights encoding uses the NSS/NCP bit assignments, so the rights masks are
layout-compatible with Novell/OES readers.
- Trustee identity compatibility mode: for the NetWare 3.x/4.x target, keep the
classic 32-bit bindery/NDS object ID as the authoritative trustee identity and
embed it deterministically in the NSS `GUID_t` `timeLow` field with the rest of
the GUID zeroed. This preserves the classic NCP/SYSCON/FILER/GRANT/REVOKE
object-ID model while using the NSS `netware.metadata` binary layout. Do not
treat these values as real OES/eDirectory authorizer GUIDs.
- Open directory-identity follow-up: real OES/NSS trustee entries carry
GUID-style NSS/eDirectory authorizer identifiers. A real OES/NSS server might
not resolve mars-nwe's embedded bindery object ID to the same object. Keep
real eDirectory/NDS/AuthID GUID mapping as a later Directory task rather than
changing the NetWare 3.x/4.x trustee rights patch.
- Inheritance model to preserve: only entries marked inherit-down propagate;
child inherited rights are filtered by `inheritedRightsMask` and
`zVALID_TRUSTEE_RIGHTS`; supervisor is preserved in the mask and expands to all
valid trustee rights when effective.
- `netware.metadata` should be hidden from normal `listxattr()` by default, like
NSS does, unless an explicit admin/backup mode is enabled.
- NSS maps the same internal metadata into normal Linux attributes too, not only
into xattrs. Mode/chmod, owner/chown, timestamps and logical size must stay
connected to the same state that serializes as `netware.ncpstat` and
`netware.metadata`.
- Current source-tree status: selected NSS/OES GPL-2.0 sources have already been
imported into the mars-nwe tree under `include/nwfs/nss/`, `src/nwfs/nss/`, and
`src/core/nss/`. `trustees-3.0` has been imported under
`src/nwfs/trustees3/`, and `nwfs1201/FENRIS` has been imported under
`src/nwfs/nwfs1201/`. These are source material for direct adaptation, not
build targets yet.
- First implementation target after the docs: create `libnwfs.so` from adapted
NSS/OES source files, not a wrapper around untouched NSS code. Start by
moving/copying the relevant imported files out of `src/nwfs/nss/` into the
normal `src/nwfs/` and `include/nwfs/` build area, preserving original Novell
headers and function/structure names where they remain useful.
- The initial `libnwfs.so` cut should adapt `zXattr.h`, `lsaXattr.c`,
`lsaComn.c`, and `lsaPrivate.h` into mars-nwe-ready sources, removing NSS
kernel/VFS/runtime dependencies that mars-nwe does not need while keeping the
NSS `netware.*` names, metadata layout, trustee array, inherited-rights-mask,
byteorder/version checks, and modify-mask semantics.
- Add tests that link directly against `libnwfs.so` for `netware.ncpstat`,
`netware.metadata` with trustees, inherited-rights filtering, supervisor
expansion, quota/userquota validation, and metadata list visibility. The
library tests come before wiring the code into live NCP operations.
- Move existing trustee storage toward `netware.metadata` so trustee arrays and
inherited-rights-mask are not duplicated in a disconnected `.trustees`-only
path. The existing `trustee.c` API can stay while its backend migrates to
`libnwfs`.
- Additional NSS references to keep for later, not the first xattr ABI patch:
`lsaComn.c` for inherited-rights/metadata/quota assembly,
`public_core/comn/namespace/*` for DOS/LONG/UNIX/MAC/EA/data-stream namespace
split points, `public_core/comn/compression/*` for compressed-file policy, and
eDir/GUID/ID helper sources for owner/trustee/modifier mapping.
- Follow-on NSS/OES NCP reference note: the same source drop also contains
NCP-adjacent structure definitions in `nss/shared/support/lnxmbINC/encp.h`,
the NSS-to-NCP IPC envelope in `nss/shared/sdk/public/ipc2ncp.h`, and identity
mapping prototypes in `nss/shared/sdk/include/ncpIDAPI.h`. These are not a
complete `ncpserv` implementation, but they are useful GPL-2.0-compatible
structural references for mars-nwe's existing file, namespace, trustee,
effective-rights, salvage, and quota NCP handlers. Use them after the xattr
layout work so NCP obtain/modify/trustee/effective-rights paths read and write
the same metadata that backs `netware.ncpstat` and `netware.metadata`.
- Quota model decision: `libnwfs`/`netware.*` is the compatibility metadata
model, but quota enforcement is selectable per volume. The planned config key
is `NWFS_QUOTA_BACKEND` with values `LINUXQUOTA`, `METADATAONLY`, and `NSS`.
Default must be `LINUXQUOTA` so normal ext4/xfs/btrfs-style Linux volumes keep
the existing host quota enforcement path.
- `LINUXQUOTA`: store/serve NSS-compatible `netware.quota`, `netware.userquota`,
and `metadata.nwm_quota_limit`, while using Linux `quotactl()` as the user quota
enforcement backend where available. Directory quota still needs mars-nwe-side
checks because Linux user quotas do not represent NSS directory quotas 1:1.
- `METADATAONLY`: store and roundtrip NSS-compatible quota metadata, but perform
no hard host filesystem enforcement. Use this for tests, migration/import,
debug volumes, and setups where an external layer handles enforcement.
- `NSS`: for real NSS/OES-style volumes, treat NSS itself as the enforcement
backend. mars-nwe should consume/export the same `netware.*` metadata view and
avoid trying to mirror NSS enforcement through Linux `quotactl()`.
- Existing `nwvolume.c` quota APIs and NCP quota endpoints should stay as stable
callers initially. Their backend should migrate from direct Linux `quotactl()`
as the data model toward `libnwfs` quota metadata plus the selected enforcement
backend.
- Re-check result: the inspected OES/NSS source tree does not provide a reusable
non-NSS quota enforcement backend for ordinary Linux filesystems. Its quota
enforcement is tied to the NSS internal `File_s`/Volume/DirectoryQuota/UserSpace
model. Keep the existing mars-nwe Linux `quotactl()` path for the
`LINUXQUOTA` backend, and implement directory-quota checks in mars-nwe/libnwfs
for non-NSS volumes.
- Source-tree status after the expanded imports: the additional NSS authsys,
common, main command, compression support, and SDK/header support files are now
present under `src/nwfs/nss/` and `include/nwfs/nss/` as raw GPL-2.0 source
material. They are intentionally not build targets yet.
- Additional NSS areas now available for later direct adaptation include the
directory quota engine (`src/nwfs/nss/common/dirQuotas.c`), file/create/IO
paths that call quota checks (`comnFile.c`, `comnIO.c`, `comnRename.c`), name
lookup/scan/wildcard helpers, data-stream and extended-attribute beasts,
authsys/effective-rights sources, and `src/nwfs/nss/main/comnCmdline.c`
quota/namespace commands. Adapt them only after a concrete `libnwfs`, tool,
or NCP handler consumer exists; do not use them as a replacement for the host
Linux quota backend.
- No more NSS bulk-import work is planned before coding starts. The next step is
still `0270`: build the first small `libnwfs.so` from the adapted metadata
sources and add unit tests.
`nwsetup` direction:
- ncurses is already needed for FLAIM tools and should also support a future
`nwsetup` tool. The user wants a NetWare-like phase-2 setup flow for
provisioning the Directory tree. Later `nwsetup` should initialize the
FLAIM-backed directory store, create tree/server/org/user/admin objects, set
the admin password, create default SYS/volume/config state, and avoid writing
reusable plaintext secrets to config files.
## 2026-06-05 - current superbuild / storage / TLS handoff
This chat switched from documentation-only endpoint audit work back to build and
integration work around the mars-nwe superbuild. The old patch-number guidance
below remains useful historical context for the endpoint-audit series, but the
current accepted work in this chat is a separate functional/build patch stack.
Do not assume the next patch after this point is an endpoint-audit `0269` patch
unless the user explicitly returns to that series.
Current root/superbuild direction implemented or in progress:
- `update-submodules.sh` is now the normal helper for keeping mars-nwe's
submodules reproducible. Private mars-owned submodules are updated to their
configured latest branch, while external upstream snapshots are pinned by a
single editable `EXTERNAL_TAG_PINS` block near the top of the script.
- Current external pins are `third_party/yyjson=0.12.0`,
`third_party/zlog=1.2.18`, and
`third_party/libsodium/libsodium=1.0.20-FINAL`.
- The helper must not run a root-level `git submodule update --init --recursive`
after updating top-level private submodules, because that can reset updated
gitlinks such as `third_party/matrixssl` back to the parent commit. Nested
submodules are initialized inside the owning top-level submodule instead.
- The helper prints recursive submodule status on success and failure and can
auto-commit root gitlink/script changes. Root gitlinks must only reference
commits that exist in the respective submodule remotes; a parent gitlink to an
unpushed submodule commit will make later `git submodule update` fail with
`upload-pack: not our ref`.
- `yyjson` is being folded into the mars-nwe core library path. Consumers should
include it through the `nwcore` include namespace and link `mars_nwe::core`,
not link an independent public yyjson target directly.
- FLAIM is currently only needed when the directory service is enabled. The root
CMake should therefore add/build `third_party/flaim` only when
`ENABLE_DIRECTORY=ON`.
- Namespace rule: keep historical mars-nwe binaries with their established names
(`nwserv`, `ncpserv`, `nwclient`, `dbmtool`, `ftrustee`, etc.), but give
vendored libraries, vendored headers, CMake packages, and imported helper tools
an `nw` namespace when they could collide with system packages or upstream tool
names.
- Current library namespace examples: `libnwowfat`, `libnwsodium`,
`libnwmatrixssl`, `libnwflaimtk`, `libnwflaim`, `libnwflaimsql`,
`libnwxflaim`, `libnwcore`, `libnwssl`, and `libnwdirectory`.
- Current header namespace examples: `include/nwlibowfat/`, `include/nwsodium/`,
`include/nwmatrixssl/`, `include/nwflaim/`, `include/nwssl/`,
`include/nwcore/`, and `include/nwdirectory/`.
- TinyLDAP/directory tools and FLAIM/XFLAIM tools should install with `nw`
prefixes (`nwt2`, `nwparse`, `nwldapclient`, `nwx`, `nwflmcheckdb`,
`nwxflmdbshell`, etc.) because their upstream names are generic or
collision-prone.
Current `libnwssl` / MatrixSSL / OpenSSL-compat direction:
- MatrixSSL owns only the renamed low-level backend library (`libnwmatrixssl`).
Temporary OpenSSL-compat test headers/sources that were placed in the
MatrixSSL fork must move out of MatrixSSL.
- `libnwssl` owns the mars-nwe crypto/TLS facade plus the narrow compatibility
surfaces needed by FLAIM: OpenSSL-style FTK/network headers and NICI/CCS-style
private headers.
- OpenSSL-compat headers should live under the `nwssl` include subtree, e.g.
`include/nwssl/openssl/*.h`, not as a root-level `include/openssl` directory
that could conflict with system OpenSSL headers.
- Private FLAIM/NICI compatibility headers should also live under the `nwssl`
subtree, e.g. `include/nwssl/private/nici/...`. They are private build
compatibility headers, not the public TLS API for normal mars-nwe code.
- `smart`, `directory`, and FLAIM should link against `libnwssl` / the
`mars_nwe::ssl` target when they need TLS/crypto compatibility. They should
not include MatrixSSL headers directly and should not link OpenSSL directly.
Current FLAIM import/build direction:
- The imported FLAIM tree is kept under `third_party/flaim` and should remain as
close to upstream source as practical. Prefer CMake/build glue, include paths,
and tiny compile fixes over broad C/C++ rewrites.
- The mars-nwe build currently wants `libnwflaimtk`, `libnwflaim`,
`libnwflaimsql`, and `libnwxflaim`. XFLAIM is now included even though it is
not immediately required, so it stays build-covered.
- FLAIM library versions should come from the public headers when those disagree
with `configure.ac`, because the headers are the ABI-facing version source in
this import. Current expected shared-object versions are:
`libnwflaimtk.so.1.2`, `libnwflaim.so.4.62`,
`libnwflaimsql.so.6.00`, and `libnwxflaim.so.5.12`.
- All installed FLAIM public headers should go below one mars-nwe namespace
directory: `include/nwflaim/`. Do not make `xflaim.h` a special
`include/nwxflaim/` exception.
- FLAIM command-line utilities should be built and installed with `nw`-prefixed
binary names, for example `nwflmcheckdb`, `nwflmrebuild`, `nwflmview`,
`nwflmdbshell`, `nwflmgigatest`, and the matching `nwxflm...` utilities.
- FLAIM tools require curses/ncurses. CMake should report clearly whether
curses/ncurses was found and whether the curses-backed tools will be built.
- The uploaded `ncurses-stable.tar.gz` is a valid current upstream ncurses/stable
source snapshot for local build testing even if the top-level extracted name
does not look like a conventional ncurses release tarball.
- The CMake conversion should keep translating the old `Makefile.am` source
inventories. Recent build fixes added missing result-set sources and fixed
XFLAIM tool include ordering so `xflaim/util` code includes the XFLAIM
`flaimsys.h` rather than the classic FLAIM one.
- Minimal FLAIM C++ compile fixes are acceptable when required by modern
compilers, for example replacing pointer assignments/comparisons using
character `\0` with `NULL`/null-pointer checks. Keep those patches small and
separate from build-system changes where possible.
Current local dependency policy for build checks:
- Build GDBM locally from the uploaded `gdbm-1.26.tar.gz` when testing in an
isolated prefix.
- Build ncurses locally from the uploaded `ncurses-stable.tar.gz` when testing
FLAIM tools in an isolated prefix.
- Use the uploaded `Linux-PAM-1.7.2.tar.xz` for PAM headers if needed, but link
against the system PAM library. Do not vendor PAM as a mars-nwe library.
- These local dependency builds are for verification; they are not new vendored
submodules unless a later explicit import decision says otherwise.
When continuing this work, expect more incremental compile/build patches rather
than one large redesign patch. Build after each FLAIM/CMake change, record the
next concrete compiler/linker error, and keep generated patches per repository
or submodule so the user can apply them with `git am` at the correct path.
## Build and test notes
Dependencies used during local checks in this conversation:
- `gdbm-1.26.tar.gz`
- `Linux-PAM-1.7.2.tar.xz` for PAM headers; link against system PAM if present
- `ncpfs-master.zip` for the salvage smoke helper client build
- `yyjson` under `third_party/yyjson`
If CMake finds GDBM but a target still cannot see `gdbm.h`, pass include paths
explicitly for local verification, for example:
```sh
CFLAGS="-I/path/to/gdbm/include -I/path/to/Linux-PAM-1.7.2/libpam/include" \
cmake -S . -B build
cmake --build build --target nwconn ncp_salvage_scan_smoke ncp_salvage_recover_smoke
```
Useful quick checks:
```sh
bash -n tests/salvage/salvage_smoke_suite.sh
cc -DLINUX -fsyntax-only -Iinclude -Isrc -Ithird_party/yyjson/src src/nwsalvage.c src/namspace.c
```
When server-side code or smoke helper clients change, rebuild both the server
and the helper targets so the runtime test is not using stale binaries:
```sh
cmake --build build --target nwserv ncpserv
cmake --build build --target \
ncp_delete_smoke \
ncp_read_smoke \
ncp_salvage_scan_smoke \
ncp_salvage_recover_smoke \
ncp_salvage_purge_smoke \
afp_entry_id_smoke \
afp_file_info_smoke \
afp_scan_info_smoke \
afp_set_file_info_smoke \
afp_deleted_info_smoke
```
Runtime smoke suites:
```sh
tests/salvage/salvage_smoke_suite.sh --out /tmp/mars-salvage-report.txt
tests/afp/afp_smoke_suite.sh --out /tmp/mars-afp-smoke.txt
```
The suite streams the report to `--out` while running, so a failure before the
end should still leave useful output. It has a manual stale-payload pause: the
script prints a `sudo rm -f .../.recycle/...` command; remove that payload in a
second shell and press Enter. The next scan should remove the stale sidecar and
`grep` `/var/log/mars_nwe/nw.log` for `WARN SALVAGE 87/16 STALE`.
Normal NCP reads of `.recycle` or `.salvage` are expected to fail with invalid
path. Verify payload data through the visible live file after NCP write or
recover, using `ncp_read_smoke`. Treat the final summary (`failures=0`,
`ncp_warnings=0`) as the important signal.
### AFP ProDOSInfo storage
ProDOSInfo is AFP/NCP per-entry metadata. Store it in the existing nwatalk
AFP metadata layer, not in nwarchive/nwxattr directly and not in a parallel DB.
The xattr key is `user.org.mars-nwe.afp.prodos-info` via the mars_nwe xattr
wrapper name `org.mars-nwe.afp.prodos-info`; it is a raw 6-byte value, analogous
to FinderInfo's 32-byte `org.mars-nwe.afp.finder-info`.
Salvage captures this as `prodos_info_hex` (12 hex characters) beside
`finder_info_hex`. AFP 35/19 Get Macintosh Info On Deleted File returns
FinderInfo[32] followed by ProDOSInfo[6] from the Salvage snapshot. The
verified smoke value is `010203040506` and the Linux xattr dump should show:
```text
user.org.mars-nwe.afp.prodos-info=0x010203040506
```
## Latest endpoint audit checkpoint
As of patch `0212-docs-audit-namespace-lock-salvage-stubs.patch`,
the latest audited endpoint block is the Name Space lock/quota/search/salvage-rights
subset of `NCP 0x2222/87` / wire `0x57` in `src/namspace.c`.
`nwconn.c` still forwards requestdata starting at the Name Space `SubFunction`
byte to `handle_func_0x57()`, and the handler return convention remains
unchanged: non-negative values are reply payload lengths, negative values are
Completion codes.
The previous `87/16`..`87/29` block contains active source cases for:
- `87/16` Scan Salvageable Files;
- `87/17` Recover Salvageable File;
- `87/18` Purge Salvageable File;
- `87/20` Search for File or Subdirectory Set;
- `87/21` Get Path String from Short Directory Handle;
- `87/22` Generate Directory Base and Volume Number;
- `87/24` Get Name Spaces Loaded List from Volume Number;
- `87/26` Get Huge NS Information;
- `87/28` Get Full Path String;
- `87/29` Get Effective Directory Rights.
Disabled source stubs exist for eligible 3.x/4.x metadata gaps from that range:
- `87/19` Get NS Information;
- `87/23` Query NS Information Format;
- `87/25` Set NS Information;
- `87/27` Get Name Space Directory Entry.
Patch `0212` added the next set of disabled source stubs for eligible
1.x/2.x/3.x and planned-4.x namespace/file gaps that were missing from the
active switch range:
- `87/36` Log File;
- `87/37` Release File;
- `87/38` Clear File;
- `87/39` Get Directory Disk Space Restriction;
- `87/40` Search for File or Subdirectory Set (Extended Errors);
- `87/41` Scan Salvageable File List;
- `87/42` Purge Salvageable File List;
- `87/43` Revoke File Handle Rights.
These stubs are under `#if 0`, document selector path/request/reply/provider
intent, and do not change runtime behavior. `87/44` Update File Handle Rights
is NetWare 5.x in the NDK material and was not stubbed under the current scope.
The existing `87/26` source slot is still effectively unimplemented and returns
the default `0xfb` completion.
The next endpoint block can continue with `87/64`..`87/69`, the matching `89`
long-name-space family, or another unaudited top-level family such as AFP
`0x2222/35`, packet burst `0x2222/97`/`101`, or deeper `0x2222/23`
bindery/property/admin subfunction coverage, unless the user requests a
specific family first.
The next patch number should follow the latest applied patch; after patch `0223`, use `0224`.
Retro source-stub checkpoint from patch 0207:
- Already documented eligible gaps in Directory Services `22/12`, `22/35`, and
`22/36` have disabled source stubs at the correct `src/nwconn.c` dispatch
slots. Do not rewrite those stubs unless implementing the endpoint.
- Already documented File Server Environment `23` queue/server-management gaps
have disabled source stubs at the appropriate `src/nwbind.c` switch slots.
Some pre-existing disabled stubs still contain legacy placeholder control flow;
leave existing stubs alone unless implementing or explicitly cleaning that
exact block.
- Message `21/04`..`21/08` were not SDK/PDF server endpoints in the default
audit set, so no stubs are required. Message `21/12` is later-generation
only and remains prose-only/out-of-scope under the current rules.
- Physical-record `26`..`31` plus `110`, TTS `34/00`..`34/10`, and direct file
`59`, `61`..`77` do not have additional eligible missing slots in the audited
ranges; no new source stubs were needed.
- Future retro-audits must distinguish three cases: add a disabled source stub
for an eligible missing endpoint, leave an already-present stub unchanged and
only document that it exists, or keep non-endpoints / 5.x+ endpoints out of
source.
Remember: for every new endpoint-audit patch, also update this AI handoff file
with the latest audited block and expected next patch number. Put detailed
Coverage/Request/Reply/Known-difference notes inline at each endpoint case rather
than as one large audit block before the switch range.
Missing-endpoint rule: when an audited SDK/PDF/WebSDK/Header endpoint is not
implemented but belongs to the compatibility scope, document it at the
appropriate dispatch location as a disabled `#if 0` stub instead of only
mentioning it in prose. The compatibility scope for stubs is NetWare 1.x/2.x
legacy calls, NetWare 3.x/default compatibility calls, and explicitly planned
NetWare 4.x/NDS work. Do not add stubs merely for NetWare 5.x/OES/MOAB/newer
endpoints: those are outside the current target unless the user explicitly asks
for that later generation. A 3.x-compatible server should remain compatible
with documented 1.x/2.x calls, and the current forward plan is only through
4.x. Disabled stubs should include selector path, name, request/reply sketch,
provider/out-of-scope reason, and no active behavior change. Disabled stubs
must not use misleading control flow such as `return(-1)` where that return
value has no local handoff meaning.
Latest endpoint audit checkpoint from patch 0223:
- Direct `NCP 0x2222/111` / wire `0x6f` Semaphore is now source-stub-audited
in `src/nwconn.c`. There is no active top-level handler for this newer
NetWare 3.x/4.x semaphore family.
- Patch `0223` records disabled `#if 0` selector slots for `111/00`
Open/Create a Semaphore, `111/01` Examine Semaphore, `111/02` Wait On (P)
Semaphore, `111/03` Signal (V) Semaphore, and `111/04` Close Semaphore.
- The old `32/xx` semaphore implementation in `src/sema.c` remains the active
compatibility path. Future work should bridge both families through one
semaphore provider/state table and verify the documented Lo-Hi handle order
against existing MARS-NWE big-endian handle helpers before changing behavior.
- This block is local synchronization, not `nwnds`/directory work.
Next patch number should be `0224`.
Latest endpoint audit checkpoint from patch 0224:
- SDK `0x2222/90` / wire `0x5a` Data Migration / parse-tree / compression
metadata is now source-stub-audited as planned NetWare-4.x filesystem and
namespace work. There was no active top-level handler in `src/nwconn.c`.
- Patch `0224` records the selector map behind `MARS_NWE_4`: `90/00` Parse
Tree, `90/10` Get Reference Count from Dir Entry Number, `90/11` Get
Reference Count from Dir Handle, `90/12` Set Compressed File Size,
`90/128` Move File Data To DM, `90/129` DM File Information, `90/130`
Volume DM Status, `90/131` Migrator Status Info, `90/132` DM Support Module
Information, `90/133` Move File Data From DM, `90/134` Get/Set Default
Read-Write Support Module ID, `90/135` DM Support Module Capacity Request,
`90/136` RTDM Request, and `90/150` File Migration Request.
- The future owner is the filesystem/namespace provider, not `nwnds`. There
is no active Data Migration support module, parse-tree engine, compressed
file-size backend, or RTDM provider yet. Keep this as unsupported `0xfb`
unless the filesystem provider grows real backing state.
Next patch number should be `0225`.
Latest endpoint audit checkpoint from patch 0225:
- SDK `0x2222/92` / wire `0x5c` SecretStore is now scope-audited as
later-generation and out of the current source-stub target. The NDK PDF marks
SecretStore Services as NetWare Server 5.x and eDirectory 8.5 or later, with
subverbs `0` Query Server through `9` Get Service Information.
- No active top-level `case 0x5c` exists in `src/nwconn.c`, and no indirect
handler/provider path was found during this audit. Do not add a disabled
source stub for SecretStore while the target remains 1.x/2.x/3.x plus planned
4.x only.
- SecretStore is not the same as the planned 4.x `libdirectory`/`nwnds` work.
If a future post-4.x/eDirectory target is ever added, it should be designed as
a separate secure secret-storage provider with strict no-secret logging rules.
Next patch number should be `0226`.
Latest endpoint audit checkpoint from patch 0227:
- After Accounting, the next relevant block checked was the already-present
bindery property/password/set/access portion of SDK `0x2222/23` / wire
`0x17`, especially SDK `23/57`..`23/76` in `src/nwbind.c`.
- The source already contains per-endpoint comments for the property calls
(`23/57`..`23/62`) and the set/password/access calls (`23/63`..`23/76`),
including the disabled `23/63` Verify Bindery Object Password stub and the
`23/71` note that trustee-path scanning is handled in `nwconn.c`.
- Patch `0227` only updates the coverage index: this is no longer a
missing-stub/source-change target. Further work in the `23` family should be
targeted behavior/security/provider review rather than another broad
endpoint-presence pass.
Latest endpoint audit checkpoint from patch 0228:
- SDK `0x2222/131` / wire `0x83` RPC / server-control is now source-stub-audited
as a NetWare-4.x server-control planning family. No active top-level handler
exists in `src/nwconn.c`.
- Patch `0228` records disabled `MARS_NWE_4` selector slots for `131/01` RPC
Load an NLM, `131/02` RPC Unload an NLM, `131/03` RPC Mount Volume, `131/04`
RPC Dismount Volume, `131/05` RPC Add Name Space To Volume, `131/06` RPC Set
Set Command Value, and `131/07` RPC Execute NCF File.
- Future ownership belongs to the `servermgmt`/RPC provider boundary. Do not
wire these calls to fake success: the real operations can change server state
and the documented reply carries an `RPCccode`. `nwserv` may supervise or
register providers, but must not become a data-plane broker for RPC payloads.
Latest endpoint audit checkpoint from patch 0231:
- SDK `0x2222/123` / wire `0x7b` server information/statistics is now partially
source-stub-audited as planned NetWare-4.x server-management work. There is
no active top-level handler in `src/nwconn.c`.
- Patch `0231` records the first core selector block behind `MARS_NWE_4`:
`123/01` Get Cache Information, `123/02` Get File Server Information,
`123/03` NetWare File Systems Information, `123/04` User Information,
`123/05` Packet Burst Information, `123/06` IPX SPX Information, `123/07`
Garbage Collection Information, `123/08` CPU Information, `123/09` Volume
Switch Information, `123/10` Get NLM Loaded List, `123/11` NLM Information,
`123/12` Get Directory Cache Information, `123/13` Get Operating System
Version Information, `123/14` Get Active Connection List by Type, `123/15`
Get NLM Resource Tag List, `123/16` Enumerate Connection Information from
Connection List, and `123/17` Enumerate NCP Service Network Addresses.
- The common SDK 123 request wrapper is `SubFuncStrucLen` Hi-Lo, `SubFuncCode`,
`VersionNumber`, `RevisionNumber`, plus selector-specific payload. Replies
commonly start with `CurrentServerTime` Lo-Hi, `VConsoleVersion`,
`VConsoleRevision`, and reserved fields, then selector-specific structures.
- Future ownership belongs to the `servermgmt`/information provider boundary.
It should adapt existing mars-nwe/host/transport/filesystem state and must
not grow a second management database or return fake success for detailed
information that is not modeled.
Latest redesign checkpoint from patch 0232:
- `REDESIGN.md` now records `nwservermgmt` as a possible future process for the
`servermgmt` provider once multiple NetWare-4.x management families become
real: `123/xx` server information/statistics, `114/xx` TimeSync adapter,
selected `23/200+` console/server-management calls, and guarded `131/xx` RPC
server-control requests.
- This does not make `nwserv` a data-plane router. `nwserv` remains supervisor,
provider registry, and control plane. If `nwservermgmt` exists later, `nwconn`
sends normalized handoff requests directly to it; `nwservermgmt` may query
`nwserv` only for control-plane state such as provider status/capabilities.
- Small static/status calls may stay in-process until a dedicated process is
justified. RPC/server-control calls must not fake success and require a real
privilege model before activation.
Next patch number should be `0233`.
Latest endpoint audit checkpoint from patch 0233:
- SDK `0x2222/123` / wire `0x7b` server information/statistics now has a
second source-stub-audited selector block behind `MARS_NWE_4` in
`src/nwconn.c`: `123/20` Active LAN Board List, `123/21` LAN Configuration
Information, `123/22` LAN Common Counters Information, `123/23` LAN Custom
Counters Information, `123/25` LSL Information, and `123/26` LSL Logical
Board Statistics.
- This audit was checked against the local NDK/Core Protocols PDF plus the
uploaded WebSDK/include `nwfse` material. Patch 0234 corrects the adjacent
LAN/LSL coverage by adding the PDF-listed `123/24` LAN Name Information and
`123/27` MLID Board Information selector slots.
- Future ownership remains the `servermgmt`/information provider boundary,
adapting real transport/IPX/adapter/LSL state. Do not synthesize fake LAN
boards, expose raw Linux-interface details directly, or route this data plane
through `nwserv`; `nwserv` remains supervisor/provider registry/control plane.
- Remaining `123/30` and higher Media Manager, volume, protocol-stack,
router/SAP, server/set-command, and compression information selectors still
need later follow-up auditing.
Latest endpoint audit checkpoint from patch 0234:
- SDK `0x2222/123` / wire `0x7b` LAN/LSL source-stub coverage now also includes
the adjacent local-PDF selectors `123/24` LAN Name Information and `123/27`
MLID Board Information behind `MARS_NWE_4` in `src/nwconn.c`.
- `123/27` is documented with a NetWare 4.x versus NetWare 5.x reply-layout
difference: the current guarded mars-nwe planning scope should model only the
4.x semantics if this slot is later activated.
- The earlier note that `123/24` was not listed is superseded by this correction;
it was present in the local NDK/Core Protocols PDF even though the uploaded
include/WebSDK material surfaced the surrounding `nwfse` structs more clearly.
Next patch number should be `0235`.
Latest endpoint audit checkpoint from patch 0235:
- SDK `0x2222/123` / wire `0x7b` server information/statistics now records the
next Media Manager / volume selector run behind `MARS_NWE_4` in
`src/nwconn.c`: `123/30` Get Media Manager Object Information, `123/31` Get
Media Manager Objects List, `123/32` Get Media Manager Object Children's List,
`123/33` Get Volume Segment List, and `123/34` Get Volume Information by
Level.
- This block was checked against the local NDK/Core Protocols PDF plus the
uploaded WebSDK/include `nwfse` material. `123/34` has an internal
`InfoLevelNumber` payload selector for the returned volume-information
structure; do not treat those levels as separate wire subfunctions.
- Future ownership remains the `servermgmt`/information provider boundary, with
filesystem/namespace/volume-provider input for real volume/media state. Do
not invent a separate NetWare Media Manager database and do not route these
data-plane requests through `nwserv`.
- Remaining `123/40` and higher protocol-stack, router/SAP, server/set-command,
and compression information selectors still need later follow-up auditing.
Latest endpoint audit checkpoint from patch 0237:
- SDK `0x2222/123` / wire `0x7b` server information/statistics now records the
router/SAP/server/source selector run behind `MARS_NWE_4` in `src/nwconn.c`:
`123/50` Get General Router and SAP Information, `123/51` Get Network
Router Information, `123/52` Get Network Routers Information, `123/53` Get
Known Networks Information, `123/54` Get Server Information, `123/55` Get
Server Sources Information, and `123/56` Get Known Servers Information.
- This block was checked against the local NDK/Core Protocols PDF plus the
uploaded WebSDK/include `nwfse` material. PDF/WebSDK/includes jump from
`123/56` to the server set-command group at `123/60`; do not invent
`123/57`..`123/59` selector slots unless a new primary source is found.
- Future ownership remains the `servermgmt`/information provider boundary with
IPX/SAP/RIP transport/provider input for real routing and advertised-server
state. Do not synthesize fake routers, known networks, SAP server lists, or
server-source records, and do not route these read-only data-plane requests
through `nwserv`.
- Remaining `123/60` and higher server set-command and compression information
selectors still need later follow-up auditing.
Latest endpoint audit checkpoint from patch 0238:
- SDK `0x2222/123` / wire `0x7b` server information/statistics now records the
NetWare-4.x server SET query selector run behind `MARS_NWE_4` in
`src/nwconn.c`: `123/60` Get Server Set Commands Information and `123/61`
Get Server Set Categories.
- This block was checked against the local NDK/Core Protocols PDF plus the
uploaded WebSDK/include `nwfse` material. The PDF also documents `123/62`
Get Server Set Commands Information By Name, but marks it as NetWare 5.x; do
not add a source stub for `123/62` under the current through-4.x planning
scope unless the target scope changes.
- Future ownership remains the `servermgmt`/configuration provider boundary.
The SET command/category views should expose real mars-nwe configuration and
runtime state once modeled; do not synthesize a fake NetWare SET database or
route these read-only data-plane requests through `nwserv`.
- Patch 0239 records the final in-scope compression/decompression selector run:
`123/70` Get Current Compressing File, `123/71` Get Current DeCompressing
File Info List, and `123/72` Get Compression and Decompression Time and
Counts.
Latest endpoint audit checkpoint from patch 0239:
- SDK `0x2222/123` / wire `0x7b` server information/statistics now records the
NetWare-4.x compression/decompression information selector run behind
`MARS_NWE_4` in `src/nwconn.c`: `123/70` Get Current Compressing File,
`123/71` Get Current DeCompressing File Info List, and `123/72` Get
Compression and Decompression Time and Counts.
- This block was checked against the local NDK/Core Protocols PDF plus the
uploaded WebSDK/include `nwfse` material. The PDF/WebSDK/include material
jumps from the NetWare-5.x-only `123/62` SET-by-name selector to the
compression group at `123/70`; do not invent `123/63`..`123/69` selector
slots unless a new primary source is found.
- Future ownership remains the `servermgmt`/information provider boundary with
filesystem/volume compression state as the source of truth. Do not
synthesize fake current-compression files, decompression file lists, or
compression byte/tick counters, and do not route these read-only data-plane
requests through `nwserv`.
- This completes the currently identified in-scope `123/xx` NetWare-4.x
server-information/statistics source-stub audit. The next endpoint-audit
block should be selected from a different SDK family after rechecking active
dispatch and handoff paths.
Latest endpoint audit checkpoint from patch 0240:
- After completing the `123/xx` SDK server-information audit, the next adjacent
source block checked was the disabled `_MAR_TESTS_XX` wire `0x5f` UNIX-client
probe in `src/nwconn.c`. It is documented as local/test-only, not an SDK
`0x2222/95` endpoint family.
- The local NDK/Core Protocols NCP-by-number table does not list a documented
`0x2222/95` group, and the original source comment records that a NetWare 4.1
server also did not know this call. Do not promote it to a normal default
handler or add compatibility stubs without a real client trace and explicit
provider ownership.
- The observed disabled branch shape is FunctionCode `0x5f` followed by four
unknown bytes, historically seen as `0x10 00 00 00`; its old success reply is
not exposed outside `_MAR_TESTS_XX`.
Next patch number should be `0241`.
Latest endpoint audit checkpoint from patch 0241:
- Direction corrected back to NDK-first endpoint selection: choose the next
documented NetWare 1.x/2.x/3.x endpoint gap or planned NetWare 4.x endpoint
from the local NDK/Core Protocols PDF first, then compare mars-nwe dispatch.
Local/test-only source probes such as the disabled wire `0x5f` branch are not
endpoint-audit candidates unless an in-scope NDK entry exists.
- SDK `0x2222/22` / wire `0x16` directory-services source-stub coverage now
records two NDK-first gaps in `src/nwconn.c`: `22/49` Open Data Stream and
`22/52` Get Mount Volume List.
- `22/49` is a NetWare 3.x/4.x data-stream open endpoint. It remains disabled
until the filesystem/namespace/datastream provider can open real alternate
data streams and return real file handles; do not synthesize fake stream
handles.
- `22/52` is a NetWare 4.x mounted-volume-list endpoint. It remains disabled
behind `MARS_NWE_4` until mounted-volume and namespace-specific volume-list
state is modeled by the servermgmt/information provider with volume-provider
input. Do not route this read-only data plane through `nwserv`.
Latest endpoint audit checkpoint from patch 0242:
- Continuing the corrected NDK-first pass, SDK `0x2222/23` / wire `0x17`
File Server Environment now records the NetWare-2.x server statistics block
`23/212` through `23/217` as disabled source stubs in `src/nwbind.c`: Get
File System Statistics, Get Transaction Tracking Statistics, Read Disk Cache
Statistics, Get Drive Mapping Table, Read Physical Disk Statistics, and Get
Disk Channel Statistics.
- These selectors are reached through the normal `nwconn.c` File Server
Environment forward path into `nwbind.c`. There was no active implementation
for the wire `0xd4`..`0xd9` subfunction slots before this documentation
marker.
- Do not synthesize fake NetWare FAT/cache, TTS, SFT mirror, physical-disk, or
disk-channel counter blocks. Future ownership belongs to a servermgmt/
statistics provider backed by real filesystem, volume, and backend state.
- The next NDK-first `23/xx` statistics/monitoring audit block should continue
with the nearby open-file/lock/semaphore/usage selectors such as `23/219`
through `23/242`, keeping small reviewable sub-blocks.
Latest endpoint audit checkpoint from patch 0243:
- Continuing the corrected NDK-first pass, SDK `0x2222/23` / wire `0x17`
File Server Environment now records the NetWare-2.x/3.x legacy monitor scan
block `23/219` through `23/226` as disabled source stubs in `src/nwbind.c`:
Get Connection's Open Files (old), Get Connection Using A File (old), Get
Physical Record Locks By Connection And File (old), Get Physical Record Locks
By File (old), Get Logical Records By Connection (old), Get Logical Record
Information (old), Get Connection's Semaphores (old), and Get Semaphore
Information (old).
- These selectors are reached through the normal `nwconn.c` File Server
Environment forward path into `nwbind.c`. There was no active implementation
for the wire `0xdb`..`0xe2` subfunction slots before this documentation
marker.
- Do not synthesize fake open-file, file-user, physical-lock, logical-lock, or
semaphore lists from partial state. Future ownership belongs to servermgmt/
statistics with real file-handle, byte-range-lock, logical-lock, and semaphore
provider input.
- The next NDK-first `23/xx` statistics/monitoring audit block should continue
with the nearby LAN-driver, connection-usage, disk-space, LAN-I/O,
misc/volume, and newer open-file/lock/semaphore selectors such as `23/227`,
`23/229`..`23/242`, keeping the patch scope small.
Next patch number should be `0244`.
Endpoint audit formatting requirement from patch 0244:
- Disabled source stubs for audited NDK endpoints must not group multiple
selectors under one shared explanatory block. Each `switch` `case` must be
documented as its own case.
- Active fall-through handlers do not need control-flow rewrites only for
documentation. It is acceptable to keep adjacent `case` labels sharing one
handler, as long as each label has its own adjacent concise `Request:` and
`Response:` summary before the shared implementation block.
- Each audited case comment must include a concise `Request:` summary and a
concise `Response:` summary from NDK/PDF/WebSDK/include sources.
- Keep provider ownership and "do not fake" constraints in the same case block
when relevant, so future implementers do not need to infer requirements from
a surrounding grouped comment.
- Endpoint selection remains NDK-first: NetWare 1.x/2.x/3.x plus planned 4.x;
ignore 5.x+ only endpoints unless the project scope is explicitly changed.
- Final verification snippets should show only the new patch, using
`git am patchname.patch` with no path prefix.
Latest endpoint audit checkpoint from patch 0244:
- Corrects the previously applied `23/212` through `23/217` and `23/219`
through `23/226` source stubs in `src/nwbind.c` from grouped cases into one
documented disabled case per selector.
- The request/response details are now adjacent to each wire case: `0xd4`
through `0xd9` for statistics and `0xdb` through `0xe2` for old monitor scan
calls.
- The next NDK-first `23/xx` audit block can continue with the nearby LAN-driver,
connection-usage, disk-space, LAN-I/O, misc/volume, and newer open-file/lock/
semaphore selectors such as `23/227`, `23/229`..`23/242`.
Next patch number should be `0245`.
Latest endpoint audit checkpoint from patch 0245:
- Continued the NDK-first File Server Environment pass with `23/227` and
`23/229` through `23/236` at wire `0xe3` and `0xe5` through `0xec`.
`23/228` is not listed in the NDK table and no wire `0xe4` marker was added.
- Added/split individual disabled `src/nwbind.c` cases for LAN driver
configuration, connection usage statistics, object remaining disk space, LAN
I/O statistics, file-server misc information, volume information, connection
task information, connection open files, and connection-using-a-file scans.
- The old grouped `23/232`/`23/235` placeholder is gone. Each audited selector
now has its own case-local `Request:` and `Response:` summary.
- Do not implement these from approximations. They need real LAN binding,
NCP byte/request counter, bindery quota, volume/free-space, routing/LAN I/O,
server memory/utilization, volume-table, task/lock-wait, open-file/share/deny,
and file-user provider state.
Next patch number should be `0246`.
Latest endpoint audit checkpoint from patch 0246:
- Continued the NDK-first File Server Environment pass with the newer NetWare
3.x/4.x monitor selectors `23/237` through `23/242` at wire `0xed` through
`0xf2`: physical record locks by connection/file, physical record locks by
file, logical records by connection, logical record information, connection
semaphores, and semaphore information.
- Each selector is documented as its own disabled `#if 0` `src/nwbind.c` case
with a case-local `Request:` and `Response:` summary, matching the post-0244
endpoint-audit formatting rule.
- These endpoints must not be implemented from approximations. They require
real byte-range lock state, namespace/data-stream mapping, logical-record
lock/log state, and semaphore open/value/wait provider state.
- The next NDK-first `23/xx` pass should skip unlisted gaps and continue with
the next documented NetWare 1.x/2.x/3.x selector or planned 4.x selector after
`23/242`.
Next patch number should be `0247`.
Latest endpoint audit checkpoint from patch 0247:
- Continued the NDK-first File Server Environment pass after `23/242` by
skipping the already implemented `23/243` Map Directory Number to Path and
`23/244` Convert Path to Dir Entry helpers, then tightening the existing
disabled `23/253` and `23/254` tail cases in `src/nwbind.c`.
- `23/253` / wire `0xfd` Send Console Broadcast now has a case-local Request
summary for NumberOfStations, StationList long[] and BroadcastMessage, plus a
Response summary covering status-only success/error returns.
- `23/254` / wire `0xfe` Clear Connection Number now has a case-local Request
summary for the long ConnectionNumber variant and a Response summary covering
status-only success/error returns.
- These endpoints must not be implemented from approximations. They require
real console/supervisor privilege checks, broadcast disabled/delivery state,
valid target connection handling, and full logout/resource-release semantics.
- The next NDK-first pass should continue outside this `23/xx` tail with the
next documented NetWare 1.x/2.x/3.x endpoint or planned 4.x endpoint, while
skipping unlisted gaps and ignoring 5.x-only endpoints.
Next patch number should be `0248`.
Latest endpoint audit checkpoint from patch 0248:
- Continued NDK-first outside the `23/xx` tail with the in-scope Transaction
Tracking System family `34/00` through `34/10` in `src/nwconn.c`.
- Replaced the old grouped TTS documentation block with an explicit
`switch (ufunc)` so every NDK selector has its own `case` and adjacent
`Request:`/`Response:` summary:
`34/00` availability, `34/01` begin, `34/02` end, `34/03` abort,
`34/04` status, `34/05`/`34/06` application thresholds,
`34/07`/`34/08` workstation thresholds, and `34/09`/`34/10`
transaction control bits.
- Runtime behavior is preserved: `34/00` reports TTS unavailable and all other
TTS selectors return `0xfb`. Do not return synthetic success without real
transaction files, transaction status tracking, lock integration, threshold
state, control-bit state, and rollback/backout logic.
- The next NDK-first pass should continue with the next documented NetWare
1.x/2.x/3.x endpoint or planned 4.x endpoint after the TTS family, skipping
unlisted gaps and ignoring 5.x-only endpoints.
Next patch number should be `0249`.
Latest endpoint audit checkpoint from patch 0249:
- Continued NDK-first after the TTS family with the in-scope AFP/Mac namespace
family `35/01` through `35/19` in `src/nwconn.c`. The NDK lists these AFP
calls for NetWare 2.x/3.x/4.x, so they remain relevant even though the same
pages also mention 5.x.
- Converted the AFP dispatcher from grouped `if`/`else` pairs into an explicit
`switch (ufunc)` with one case per NDK selector: create directory/file,
delete, entry-ID lookup by name/handle/path, rename, open file fork,
get/set/scan file information, AFP 2.0 create/get/set/scan variants, DOS-name
lookup, and deleted-file Macintosh-info lookup.
- Runtime behavior is unchanged. Some selectors still share the same helper,
but each selector now has its own case-local `Request:` and `Response:`
summary matching the endpoint-audit rule. Do not regroup these cases in a
later cleanup.
- Future AFP work must keep stable AFP entry IDs/CNIDs, FinderInfo/ProDOSInfo,
data/resource fork identity, directory enumeration state, and Salvage metadata
grounded in real provider state. Do not fake AFP replies from plain Unix path
names when the NDK requires namespace identity or metadata persistence.
- The next NDK-first pass should continue with the next documented NetWare
1.x/2.x/3.x endpoint or planned 4.x endpoint after the AFP family, skipping
unlisted gaps and ignoring 5.x-only endpoints.
## 2026-06-02 - Patch 0250 NCP Extension selector notes 36/00..06 and 37
- Continued NDK-first after AFP with the NetWare-4.x planned-scope NCP
Extension family: `0x2222/36` selectors `36/00` through `36/06`, plus
`0x2222/37` Execute NCP Extension.
- The source already carried an explicit `switch` for the NCP Extension
selectors. Patch `0250` tightens each selector-local comment so every case
has concrete NDK Request/Response fields rather than a generic extension
summary:
- `36/00` Get NCP Extension Information old
- `36/01` Get NCP Extension Maximum Data Size
- `36/02` Get NCP Extension Information by Name
- `36/03` Get Number of Registered NCP Extensions
- `36/04` Get NCP Extension Registered Verbs List
- `36/05` Return NCP Extension Information
- `36/06` Return NCP Extension Maximum Data Size
- `37` Execute NCP Extension
- Runtime behavior is unchanged: all extension-registration and execution
requests still return `0xfb` until a real extension registry/provider exists.
- Future NCP Extension work must model a real registered-extension table,
version/name/custom-data records, maximum data-size policy, registered verb
enumeration, and provider-owned execute payload dispatch. Do not route
extension payloads through `nwserv` as a generic data-plane broker.
- Continue NDK-first with the next documented NetWare 1.x/2.x/3.x endpoint or
planned 4.x endpoint after the NCP Extension family, skipping 5.x-only NDS
unless explicitly brought into scope.
## 2026-06-02 - Patch 0251 old direct create-file selector split 67/77
- Continued NDK-first after the NCP Extension checkpoint by returning to the
in-scope old direct file-I/O calls in `src/nwconn.c`. The NDK lists both
`0x2222/67` Create File and `0x2222/77` Create New File for NetWare
2.x/3.x/4.x, so they remain relevant even though the same pages also mention
5.x.
- Split the old grouped `case 0x43` / `case 0x4d` implementation into two
explicit case bodies. Each case now has its own adjacent `Request:` and
`Response:` notes:
- `67` / wire `0x43` Create File: replace-if-existing semantics when the
caller has sufficient create/delete rights.
- `77` / wire `0x4d` Create New File: no-replace semantics; fail if the
target already exists.
- Runtime behavior is intentionally unchanged. Both cases still use the
existing `nw_creat_open_file()` path and return the old six-byte file-handle
plus `NW_FILE_INFO` reply layout, but they no longer rely on a grouped case
label or a `function == 0x43` mode selector inside a shared block.
- Do not regroup these two direct create-file cases in a later cleanup; keep the
per-case Request/Response audit rule intact.
## 2026-06-02 - Patch 0252 SDK 90 tree/reference/compression selector notes
- Continued NDK-first after the direct create-file split. The NDK Enhanced
NCP `89/xx` chapter is not taken as the next implementation target here
because the `89/01` page is marked `NetWare Servers: 6.5, SP2 and later`;
keep those 5.x+/6.x-only enhanced namespace endpoints out of this 1.x-4.x
audit unless project scope changes.
- Audited the first NetWare-4.x-relevant SDK `90/xx` block in `src/nwconn.c`:
- `90/00` Parse Tree
- `90/10` Get Reference Count from Dir Entry Number
- `90/11` Get Reference Count from Dir Handle
- `90/12` Set Compressed File Size
- Each selector already had its own `switch` case; patch `0252` tightens those
case-local comments with exact NDK `SubFuncStrucLen`, request fields and
response fields.
- Runtime behavior remains unchanged: all four selectors still return `0xfb`
until a real namespace tree/reference-count/compression metadata provider
exists.
- Do not synthesize reference counts or compressed-size replies from partial
Unix `stat(2)` state. These replies require NetWare directory-base identity,
namespace handles, reference tracking and compression metadata.
Next patch number should be `0253`.
## 2026-06-02 - Patch 0253 SDK 90 data-migration selector notes
- Continued NDK-first after the first SDK `90/xx` tree/reference/compression
selector pass with the planned NetWare-4.x Data Migration selector block in
`src/nwconn.c`:
- `90/128` Move File Data To DM
- `90/129` DM File Information
- `90/130` Volume DM Status
- `90/131` Migrator Status Info
- `90/132` DM Support Module Information
- `90/133` Move File Data From DM
- `90/134` Get/Set Default Read-Write Support Module ID
- `90/135` DM Support Module Capacity Request
- `90/136` RTDM Request
- `90/150` File Migration Request
- Each selector already had its own `switch` case. Patch `0253` tightens the
case-local comments with exact NDK `SubFuncStrucLen`, request fields, and
response fields so the Data Migration block follows the current endpoint
audit rule.
- Runtime behavior remains unchanged: all Data Migration selectors still return
`0xfb` until a real filesystem/data-migration provider exists.
- Do not fake Data Migration replies from ordinary Unix file metadata. These
endpoints require NetWare volume/directory-entry identity, namespace-aware
migrated-file state, support-module registration, capacity accounting,
migrator status, RTDM verbs, and file-migration attribute persistence.
## 2026-06-02 - Patch 0254 TimeSync selector split 114/01..12
- Continued NDK-first after SDK `90` Data Migration with the planned NetWare-4.x
Time Synchronization family in `src/nwconn.c`:
- `114/01` Timesync Get Time
- `114/02` Timesync Exchange Time
- `114/05` Timesync Get Server List
- `114/06` Timesync Set Server List
- `114/12` Timesync Get Version
- The source already had selector coverage behind `MARS_NWE_4`, but the cases
were grouped with fall-through to one shared unsupported return. Patch `0254`
splits them so each selector has its own `case`, own `Request:` summary, own
`Response:` summary, and own `0xfb` return.
- Runtime behavior remains unchanged: TimeSync remains unsupported until a real
server-management/time provider exists.
- Do not emulate the NDK note that `114/06` returns success in all cases until
there is an explicit TimeSync compatibility policy and real server-list state.
## 2026-06-02 - Patch 0255 RPC selector split 131/01..07
- Continued NDK-first after Time Synchronization by revisiting the planned
NetWare-4.x RPC/server-control family in `src/nwconn.c`:
- `131/01` RPC Load an NLM
- `131/02` RPC Unload an NLM
- `131/03` RPC Mount Volume
- `131/04` RPC Dismount Volume
- `131/05` RPC Add Name Space To Volume
- `131/06` RPC Set Set Command Value
- `131/07` RPC Execute NCF File
- The source already had selector coverage behind `MARS_NWE_4`, but the cases
were grouped through fall-through to one shared unsupported return. Patch
`0255` splits them so each selector has its own `case`, own `Request:`
summary, own `Reply:` summary, and own `0xfb` return.
- Runtime behavior remains unchanged. RPC/server-control remains unsupported
until a real server-management/RPC provider exists.
- Do not fake RPC success. These calls can load/unload NLMs, mount/dismount
volumes, add name spaces, change SET commands, and execute NCF files; they
require supervisor-equivalent authentication, real provider state, and
documented `RPCccode` mapping.
- Keep `nwserv` as control-plane supervisor/registry only; do not route these
RPC payloads through `nwserv` as a generic data-plane broker.
## 2026-06-02 - Patch 0256 Physical-record selector notes without control-flow split
- Continued NDK-first after RPC/server-control with the implemented physical
record lock family in `src/nwconn.c`:
- `26` Log Physical Record (old)
- `27` Lock Physical Record Set (old)
- `28` Release Physical Record
- `29` Release Physical Record Set
- `30` Clear Physical Record
- `31` Clear Physical Record Set
- `110` Lock Physical Record Set
- Patch `0256` is documentation-only and intentionally keeps the existing
fall-through handler structure. Adjacent cases may remain adjacent when they
share parser/handler logic; the requirement is that each wire case has its
own nearby `Request:` and `Response:` notes, not that active control flow be
split for documentation.
- Keep the known parser audit notes unchanged: old `27` is documented as Lo-Hi
timeout while the shared handler reads Hi-Lo, and the current LockFlag mapping
differs from the NDK/Core-Protocols text until real requester traces justify a
behavior change.
## 2026-06-02 - Patch 0257 Clear Lock Wait Node stub 112
- Continued NDK-first after the implemented physical-record family with the
direct NetWare-3.x/4.x asynchronous-lock cleanup endpoint:
- `112` Clear Lock Wait Node
- Patch `0257` adds a disabled source stub in `src/nwconn.c` for wire `0x70`.
The stub records the NDK request as `FunctionCode=112` plus a `WaitNode`
structure and the response as completion-only: success, `ERR_LOCK_WAITING`,
or lock error.
- The endpoint must not fake success from the current synchronous lock tables.
It requires real asynchronous wait-node state allocated by Log/Lock File,
Logical Record, and Physical Record async requests (`105` through `110`).
- This is synchronization/lock-provider state, not server-management or
directory state.
## 2026-06-02 - Patch 0258 async synchronization direct stubs 105/107/108/109
- Continued NDK-first after Clear Lock Wait Node with the missing direct
asynchronous synchronization endpoints in `src/nwconn.c`:
- `105` / wire `0x69` Log File (old)
- `107` / wire `0x6b` Log Logical Record
- `108` / wire `0x6c` Lock Logical Record Set
- `109` / wire `0x6d` Log Physical Record
- These are NetWare-3.x/4.x-relevant endpoints. The NDK also lists 5.x, but
this audit keeps only the 3.x/4.x contract.
- Patch `0258` adds disabled source stubs only. Runtime behavior is unchanged.
- Do not map these direct async-capable calls onto the existing old
synchronous handlers (`03`, `09`, `10`, `26`) or namespace handlers
(`87/36`, `87/67`) without a real provider design. The request encodings and
async wait-node semantics differ.
- These calls share state requirements with `112` Clear Lock Wait Node: pending
lock allocation, async wait-node lifetime, and correct completion-code
mapping.
## 2026-06-02 - Patch 0259 fall-through synchronization selector notes
- Continued NDK-first after the direct async synchronization stubs by tightening
the implemented old file/logical synchronization fall-through handlers in
`src/nwconn.c`:
- `04` Lock File Set (old) and `106` Lock File Set
- `05` Release File (old) and `07` Clear File (old)
- `06` Release File Set and `08` Clear File Set
- `11` Clear Logical Record and `12` Release Logical Record
- `14` Clear Logical Record Set and `13` Release Logical Record Set
- This is documentation-only. The active fall-through control flow remains
unchanged: shared parser/handler branches stay shared, but each wire `case`
label now has its own nearby `Request:` and `Response:` notes.
- Keep the parser audit items unchanged: old `04` documents Lo-Hi timeout while
the shared handler uses `GET_BE16()`, and the set release/clear handlers for
file and logical records still ignore the documented `LockFlag` byte until
direct requester traces justify changing behavior.
## 2026-06-02 - Patch 0260 final NDK/WebSDK/include endpoint-audit closure
- Re-ran the endpoint-audit inventory NDK-first against the local Core Protocols
PDF text, uploaded WebSDK HTML, and uploaded SDK includes after patches
`0255` through `0259`.
- No additional in-scope NetWare 1.x/2.x/3.x endpoint family or planned
NetWare-4.x endpoint family was found that still needs a new source-dispatch
stub in this documentation pass.
- Current coverage state is considered documentation-complete for this audit:
each in-scope family is either actively handled, forwarded to the file that
parses it, represented by a disabled source stub with request/reply notes, or
explicitly documented as out of scope because it is NetWare 5.x/OES/MOAB/newer
or requires a future provider.
- This does not mean all endpoints are behaviorally complete. It only closes
the NDK/WebSDK/include source-stub inventory. Remaining work should be driven
by tests, requester traces, and provider implementation tasks, not by adding
more placeholder endpoint stubs.
- Keep using the corrected documentation rule from patches `0256` and `0259`:
do not split active fall-through control flow merely for documentation;
instead keep shared parser/handler branches shared and place the appropriate
`Request:`/`Response:` notes next to the relevant case labels.
## 2026-06-02 - Patch 0261 source/header subtree layout rules
- Documented the planned large-source-file split as a module-subtree layout,
not a semantic provider change. Source files should move under
`src/<module>/` while headers mirror the same hierarchy under
`include/<module>/`.
- Keep ownership names explicit: `nwconn` code stays under `src/nwconn/`,
`nwbind` code under `src/nwbind/`, `nwqueue` code under `src/nwqueue/`,
`nwnds` code under `src/nwnds/`, and directory code under
`src/nwdirectory/`.
- Flat headers remain umbrella headers. For example, `include/nwbind.h` should
include public headers from `include/nwbind/*.h`; do the same later for
`nwconn.h`, `nwqueue.h`, `nwnds.h`, and `nwdirectory.h`.
- Private implementation headers should be named `include/<module>/internal.h`
and may only be included by files in the matching `src/<module>/` subtree.
- Mechanical move/split patches must not change runtime behavior and must not be
combined with endpoint semantics, provider IPC changes, or switch cleanup.
- Start with build-system support for `src/<module>/*.c` plus
`include/<module>/*.h`, then move smaller modules such as `nwdirectory` before
splitting very large files such as `nwconn.c` and `nwbind.c`.
## 2026-06-02 - Patch 0262 libowfat hard dependency policy
- Reviewed the uploaded `libowfat-0.34.tar.xz` archive as the dependency used
by tinyldap-style code. Its README states that libowfat provides general
purpose APIs extracted from Dan Bernstein's software and reimplemented under
GNU GPL version 2 only, with no later-version grant.
- Treat libowfat as a planned hard third-party dependency for the
tinyldap-derived `mars-tinyldap`/`nwdirectory` work, similar to how yyjson is
a required bundled dependency for salvage metadata.
- The planned import path is `third_party/libowfat`. Do not keep it merely as a
reference archive and do not place it at the repository root.
- The pinned initial source should be libowfat 0.34 unless a later explicit
dependency bump patch chooses a different version. The import must carry a
mars-nwe note documenting source/version, GPL-2.0-only license, local CMake
changes, and how `mars-tinyldap`/`nwdirectory` links it.
- The first integration should expose a normal CMake target, for example
`OWFAT::owfat`, and should be usable from both standalone `mars-tinyldap` and
the mars-nwe superbuild. Do not wrap libowfat's original Makefile as the
long-term build path.
- Scope the first direct libowfat dependency to the tinyldap-derived
directory-service build so the initial import remains reviewable.
- It is also acceptable for mars-nwe core code to use libowfat later when a
concrete call site benefits from it, for example `byte`, `buffer`, `fmt`,
`scan`, `stralloc`, `uint`, `socket`, or `io` helpers. Do that deliberately
in follow-up patches with an explicit consumer and without scattering
convenience includes through unrelated dispatch code.
- Prefer a small mars-nwe facade when multiple modules need the same libowfat
helper pattern, but do not invent wrappers merely to hide a useful hard
dependency.
- Keep GPLv3 code out of this dependency path.
## 2026-06-02 - Patch 0263 libowfat consumer scope clarification
- Relaxed the `0262` wording that made libowfat sound restricted to only
tinyldap/nwdirectory compatibility code.
- libowfat remains a hard bundled GPL-2.0-only dependency under
`third_party/libowfat`, exposed as `OWFAT::owfat`.
- The first consumer should still be the tinyldap-derived `mars-tinyldap` /
`nwdirectory` work, but mars-nwe core code may use libowfat later when the
helper is technically useful and the patch names the concrete consumer.
- Keep direct includes deliberate: do not add libowfat to unrelated switch
dispatch code only because it is available, and prefer a small mars-nwe facade
if several modules need the same helper pattern.
## 2026-06-02 - Patch 0264 GPL-2.0-only source/header normalization
- Normalize mars-nwe-owned `.c` and `.h` files to GPL-2.0-only. Existing
GPL-2-or-later text should be rewritten to version 2 only, and files without
a license header should gain a project header.
- C/header files should carry `SPDX-License-Identifier: GPL-2.0-only` at the
top.
- Preserve/restore copyright attribution for Martin Stover and add current
maintenance attribution for Mario Fetka where missing.
- Root `COPYING.md` should state the project-level GPL-2.0-only policy before the
full GNU GPL version 2 text, and `COPYING.LGPL-2.1.md` should carry the
LGPL-2.1-only library license notice and full text.
- `README` and `README.md` should describe the GPL-2.0-only/LGPL-2.1-only
split and point to `COPYING.md` plus `COPYING.LGPL-2.1.md`.
- Do not introduce GPLv3-or-later wording in mars-nwe-owned source/header files
or dependency documentation unless a separate explicit relicensing decision is
made.
## 2026-06-02 - Patch 0265 MatrixSSL fork/CMake policy
- MatrixSSL is now the preferred GPL-2.0-compatible crypto/TLS candidate to
evaluate for the FLAIM CCS/NICI compatibility layer and possible future TLS
needs, instead of pulling OpenSSL into the tree.
- Treat MatrixSSL as a mars-nwe-maintained fork/import under
`third_party/matrixssl`, not as an opaque system probe and not as a source tree
built by its original Makefiles.
- The import must document the exact upstream/fork URL, revision, license terms,
any local patches, and the reason it is GPL-2.0-compatible with mars-nwe.
- Add a native CMake build in the MatrixSSL fork. It must work standalone and as
a mars-nwe subdirectory, and should expose normal targets such as
`MATRIXSSL::crypto` and, if TLS is built, `MATRIXSSL::tls`.
- FLAIM must not call MatrixSSL directly. FLAIM still talks to the future
CCS/NICI compatibility layer; that layer may use MatrixSSL crypto primitives
underneath.
- Keep old OpenSSL-facing FLAIM/FTK code disabled by default. Do not introduce
OpenSSL as a default mars-nwe dependency.
- Do not mix MatrixSSL import/CMake work with FLAIM CCS/NICI implementation or
source tree layout changes in the same patch.
## 2026-06-02 - Patch 0266 shared library layering for MatrixSSL, FLAIM, and directory services
- The third-party storage/crypto plan now uses mars-nwe-named shared library
layers, not raw upstream target names as public project interfaces.
- `libnwmatrixssl` is the patched MatrixSSL fork/library. It exists only to make
the GPL-2.0-compatible MatrixSSL source build cleanly under mars-nwe CMake and
to avoid collisions with any system MatrixSSL package. Keep local changes
limited to portability, naming, CMake, and build hygiene unless a later
security/compatibility patch explicitly says otherwise.
- `libnwssl` is the mars-nwe SSL/crypto facade. It owns the MatrixSSL-facing
wrappers, future TLS abstraction used by apps/services, and the CCS/NICI
compatibility layer that FLAIM needs. Application code should include/use
`libnwssl`, not raw MatrixSSL headers.
- `libnwflaimtk` and `libnwflaim` are the renamed mars-nwe FLAIM libraries built
from the imported FLAIM sources. The rename is intentional so mars-nwe never
accidentally links against, or conflicts with, a system `libflaim`/FTK install.
- `libnwdirectory` is the directory abstraction library above the FLAIM store. It
is the API used by `nwdirectory`, future `nwnds`, setup/import tooling, and
later Bindery/NDS integration; those consumers should not call `libnwflaim`
directly.
- Keep the layering explicit:
```text
apps/services/setup/nwnds -> libnwdirectory -> libnwflaim -> libnwflaimtk
-> libnwssl CCS/NICI -> libnwmatrixssl
apps/services TLS -> libnwssl TLS -> libnwmatrixssl
```
- FLAIM source import, MatrixSSL fork/CMake work, `libnwssl` facade work,
CCS/NICI implementation, and `libnwdirectory` API work should remain separate
patches.
## 2026-06-02 - Patch 0267 libnwssl FLAIM OpenSSL-compat boundary
- The inspected `flaim-code-r1112-trunk` uses OpenSSL-style APIs only in the FTK
network/TLS helper code, not as the primary FLAIM database-at-rest encryption
API. FLAIM storage encryption still goes through NICI/CCS-style `CCS_*`
calls.
- `libnwssl` should therefore own two separate compatibility surfaces:
- a CCS/NICI compatibility API for FLAIM encrypted storage, backed by
`libnwmatrixssl` crypto primitives; and
- a narrow OpenSSL-compatibility facade for the legacy FLAIM/FTK network code,
backed by `libnwmatrixssl` TLS/crypto when that code cannot be disabled.
- Do not expose OpenSSL-compatible types outside the FLAIM/FTK import boundary.
If wrappers are needed, they should be private to `libnwssl` plus the
`libnwflaimtk` build glue.
- The FTK OpenSSL-compat surface should be limited to the symbols actually seen
in r1112 (`SSL_*`, `SSL_CTX_*`, `BIO_*`, `X509_*`, `EVP_PKEY_*`, and error
initialization helpers). Do not implement a general OpenSSL replacement API
unless a later source audit proves it is required.
- Keep the FLAIM network/TLS compatibility path separate from mars-nwe LDAP,
provider IPC, and application TLS policy. Those consumers use the native
`libnwssl` TLS facade, not the OpenSSL-compat shim.
## 2026-06-02 - Patch 0268 third-party compat-header boundary
- Keep imported third-party code as third-party code. FLAIM, MatrixSSL, and
libowfat imports may receive build fixes, CMake integration, portability
fixes, local library naming, and documented minimal compatibility fixes, but
they must not grow mars-nwe-specific public APIs or be edited merely to call
mars-nwe wrappers directly.
- Prefer include-path compatibility over source edits for old FLAIM dependencies:
`libnwssl` should provide private compatibility headers under
`include/nwssl/private/`, for example:
- `include/nwssl/private/nici.h` for NICI/CCS declarations expected by FLAIM;
and
- `include/nwssl/private/openssl/*.h` for the narrow OpenSSL-style headers
required by the FTK network/TLS code.
- The `libnwflaimtk`/`libnwflaim` CMake targets may add
`include/nwssl/private` to their private include path so legacy includes such
as `<openssl/ssl.h>` resolve to the `libnwssl` compatibility headers without
patching FLAIM call sites.
- The compatibility headers are private to the FLAIM build. mars-nwe modules,
LDAP, provider IPC, `nwconn`, `nwbind`, and `libnwdirectory` consumers must use
the normal `libnwssl` and `libnwdirectory` public headers instead.
- MatrixSSL remains a renamed third-party backend producing `libnwmatrixssl` and
must not expose mars-nwe-specific APIs. `libnwssl` owns the public TLS/crypto
facade and bridges to MatrixSSL underneath.
- libowfat remains a renamed/bundled hard dependency with its own mars-nwe build
target/library, including the planned `libnwowfat` shared library name. Keep
libowfat changes limited to import/build/CMake/portability work in the same
spirit as MatrixSSL and FLAIM.
## 2026-06-05 - Current handoff for next chat: redesign + FLAIM/directory storage track
This section is the current working handoff for the next mars-nwe chat. It is
newer than the old patch-number notes above. If the user starts a fresh chat,
ask for the current bundles/commits of all submodules first and rebuild the tree
from those, because the live work has moved beyond the old `0269` documentation
line.
Current repositories used in this work:
- `mars-nwe`: `https://gitea.disconnected-by-peer.at/mars_nwe/mars-nwe`
- `mars-flaim`: `https://gitea.disconnected-by-peer.at/mars_nwe/mars-flaim`
There are now two separate workstreams. Keep patches and tests separated by
workstream.
### Workstream A: mars-nwe redesign of existing code
Goal: make the existing mars-nwe codebase more future-proof without doing a big
rewrite.
Near-term first redesign task:
- introduce small enum/type layers before moving logic;
- reduce magic strings / magic numbers at provider and directory boundaries;
- centralize string-to-enum mapping at the edges;
- add smoke/CTest coverage for known mappings;
- do not move large chunks of logic in the first enum patch.
Likely first targets:
- operation/request enums for internal handoff/provider dispatch;
- directory/NDS object and attribute identifiers once the real NetWare 4.11
schema is available;
- typed config/setup enums for future `nwsetup`.
Keep the redesign direction from `REDESIGN.md`: `nwserv` is control plane and
provider registry, not a data-plane payload broker; `nwconn` owns client reply
envelopes; providers/modules get clearer boundaries over time.
### Workstream B: vendored infrastructure for future directory/storage rewrite
Todays integrated infrastructure work is not the redesign itself. It prepares
the replacement of old ad-hoc/self-built functions and flat-file directory
storage with maintained, namespaced libraries:
- `libnwowfat`
- `libnwsodium`
- `libnwmatrixssl`
- `libnwssl`
- `libnwflaimtk`, `libnwflaim`, `libnwxflaim`
- `libnwdirectory` / `nwdirectory` from the tinyldap-derived tree
Namespace policy:
- historical mars-nwe programs keep their established names: `nwserv`,
`ncpserv`, `nwclient`, `dbmtool`, `ftrustee`;
- vendored/system-colliding libraries, headers, CMake packages, and imported
helper tools use the `nw` namespace/prefix;
- TinyLDAP/directory tools and FLAIM/XFLAIM tools install with `nw` prefixes;
- vendored headers stay below namespaced include directories such as
`nwcore/`, `nwssl/`, `nwflaim/`, `nwmatrixssl/`, `nwsodium/`,
`nwlibowfat/`, and `nwdirectory/`.
FLAIM/MatrixSSL/NWSSL status at this handoff:
- MatrixSSL is built as `libnwmatrixssl` and must export CPU/compiler feature
options such as AES flags to consumers so `PSCRYPTO_CONFIG` matches between
library and consumer.
- `yyjson` is built into `libnwcore`; public header is installed under
`include/nwcore/yyjson.h`.
- `nwssl` owns OpenSSL-compat headers under `include/nwssl/openssl/*.h` and
private NICI/CCS headers under `include/nwssl/private/nici/*.h`.
- The temporary OpenSSL-compat code was removed from MatrixSSL; OpenSSL-style
compatibility belongs in `nwssl`, not MatrixSSL.
- `nwssl` now has a functional NICI/CCS compatibility layer used by classic
FLAIM at-rest encryption.
- NICI support must be scoped to classic FLAIM targets only. Do not define
`FLM_USE_NICI` globally for XFLAIM; XFLAIM has a different NICI path and will
not compile against the classic FLAIM compat API.
- FLAIMSQL remains experimental and default-OFF. Do not make the default build
depend on `libnwflaimsql`; keep SQLFLAIM work separate.
- FLAIM is currently required only when directory support is enabled.
Current green tests at the end of the 2026-06-05 session:
```sh
ctest -L nwflaim --output-on-failure
# nwflaim.database.create-and-check ... Passed
ctest -L flaim --output-on-failure
# nwflaim.database.create-and-check ......... Passed
# mars_nwe.flaim.api-create-query-encrypt ... Passed
# mars_nwe.xflaim.api-alloc ................. Passed
```
These tests confirm:
- FLAIM tools can create and check a database;
- mars-nwe can use classic FLAIM API from the root test tree;
- classic FLAIM at-rest encryption works through `nwssl` NICI/CCS compat;
- XFLAIM still builds/runs its allocation smoke test without the incompatible
classic NICI path.
Known important FLAIM fixes from this session:
- GigaTest final rate calculation had a divide-by-zero/SIGFPE when elapsed time
was zero; this was fixed in `mars-flaim` source, not hidden in CTest.
- FLAIM dictionary add path needed to treat missing dictionary-name lookup EOF as
no-conflict.
- FLAIM base64 key decode needed to treat EOF after successful decode as
successful completion.
- FLAIM EncDef test dictionary syntax: `encdef` is valid on index definitions;
encrypted data fields in the root API test are created by adding an EncDef
dictionary record and using the API with that EncDef ID, not by putting
`encdef` below a field record.
Planned directory/storage direction:
- tinyldap/nwdirectory currently has flat-file/mmap storage. Long term it
should write through `libdirectory -> libnwflaim`, not directly to flat files.
- At-rest encryption was tested hard now because the future directory store will
contain keys, password verifiers, and other sensitive objects.
- When the user extracts the real NetWare 4.11 Directory/NDS schema, use it as
truth rather than inventing schema by hand. Important data to capture:
object classes, numeric IDs if available, attributes, syntax types,
single/multi-value flags, mandatory/optional attributes, naming attributes,
inheritance/superclasses, and index expectations.
Useful future TinyLDAP/Directory tests:
- initialize an empty directory database;
- add organization/container/user/group objects;
- authenticate a user/password;
- ensure password/secret material is not plaintext in the FLAIM files;
- close/reopen and verify all objects still exist;
- duplicate-name/object conflict handling;
- rename/move/delete object behavior;
- group membership add/remove lookup;
- indexed lookup for common attributes;
- schema validation once the real NetWare 4.11 schema is available.
Future `nwsetup` direction:
- Add a curses/ncurses `nwsetup` tool after the directory foundation exists.
- It should mimic the NetWare setup flow from installation phase 2 enough to
provision a mars-nwe directory: tree/server/org/O/user/admin password,
defaults, config files, and initial storage.
- `nwsetup` should write only hashes/verifiers/sealed keys to the store; no
reusable plaintext passwords in config.
- The user referenced the NetWare 6.5 Proxmox installation article as UI/setup
inspiration, not as an implementation dependency.
When tomorrows chat starts, ask the user for the current bundles of `mars-nwe`
and all submodules, then rebuild a clean tree before producing new patches.
Next patch number should be `0271`.
### 0343 quota file/name split handoff note
0343 keeps the quota backends deliberately distinguishable. The generic quota
frontend helpers live in `include/nwfs/quota.h` and `src/nwfs/quota/quota.c`
with `nwfs_quota_*` names only. The NetWare metadata backend lives in
`include/nwfs/nwquota.h` and `src/nwfs/quota/nwquota.c` with
`nwfs_nwquota_*` public names and `nwfs_nwquota_*` private helpers.
Do not merge Linux quota and NWQUOTA back into one source file. Future Linux
`quotactl()` relocation should get a separate backend implementation while
keeping the generic `quota.c` file backend-neutral.
### 0342 quota relocation handoff note
0342 starts the planned quota move into `libnwfs`. It moves the
metadata/NWQUOTA backend helpers from `src/nwvolume.c` into
`src/nwfs/quota/quota.c` and `src/nwfs/quota/nwquota.c` with public declarations in
`include/nwfs/quota.h` and `include/nwfs/nwquota.h`. `src/nwvolume.c` remains the mars-nwe volume/NCP
entry point and still handles Linux `quotactl()` probing, but now calls libnwfs
for NWQUOTA restriction, usage, and adjust operations.
Do not reintroduce the removed precharge/fchown/creator-xattr experiments while
working on this area. If 0342 regresses, inspect the libnwfs xattr name mapping
and temporary euid-0 access first, because those preserve the 0339/0340 green
behavior.
### 0344 quota backend naming
Quota code is split by backend so future BSD quota support does not get mixed
with Linux-specific quotactl code:
- `include/nwfs/quota.h`, `src/nwfs/quota/quota.c`: backend-neutral helpers only (`nwfs_quota_*`).
- `include/nwfs/nwquota.h`, `src/nwfs/quota/nwquota.c`: NetWare metadata/NWQUOTA backend only (`nwfs_nwquota_*`).
- `include/nwfs/lnxquota.h`, `src/nwfs/quota/lnxquota.c`: Linux kernel quotactl backend only (`nwfs_lnxquota_*`).
Do not merge these back together; a later BSD backend should use its own
`bsdquota.c/h` and `nwfs_bsdquota_*` names.
### 0345 Linuxquota restore mirror handoff note
0345 keeps Linuxquota authoritative while adding a backup/restore mirror in
`netware.userquota`:
- `nw_set_vol_restrictions()` writes Linux `quotactl()` first when Linuxquota is
available, then mirrors the same restriction to the NWQUOTA metadata backend.
- `nw_get_vol_restrictions()` reads Linuxquota first. If Linux reports that the
per-user quota entry is missing but `netware.userquota` has a restriction, the
value is treated as restored metadata: mars-nwe tries to write it back to
Linuxquota and then reads Linuxquota again.
- If the restore write succeeds, Linuxquota is again the primary source. If it
cannot be written, the metadata value is returned as fallback so NetWare
clients still see the restored restriction.
- `nwquota.c` and `lnxquota.c` remain separate backend files. The restore mirror
is coordinated by the volume/NCP layer and documented in `doc/quota/README.md`.
### 0381 quota state for future AI/debug sessions
- Do not resurrect 0380's `netware.userquota.mars_usage.0`; it was rejected as
a private persistent parallel accounting store.
- Linuxquota volumes: Linux quota remains authoritative for limits and kernel
enforcement. The NetWare/NSS userquota xattr is a mirror only.
- NWQUOTA/metadata volumes: `netware.userquota.0` is authoritative for the
restriction and the runtime enforcement usage is computed from the host tree;
`nwur_reserved_2` must stay zero for NSS-shaped backup/restore compatibility.
- The combined live evidence collector is `nwfs_ncpfs_all_quota_smoke.sh`; use
it before asking for scattered logs. It captures QUOTA.log, SYS.log, optional
CTest output, an `nw.log` slice from test start, and a compressed bundle.
### 2026-06-12 all-smoke log access note
The all-in-one quota smoke keeps its temporary evidence directory world-readable
and traversable immediately after creation, matching the dual userquota smoke.
This is intentional because the live smokes are commonly run as root but their
logs/archives are usually copied or uploaded later by a normal desktop user.
### 0383 all-smoke finalization fix
- The all-quota wrapper must never `exit` from inside `run_logged`; doing so
stops the script after the first subtest (typically CTest) and prevents the
later live smokes, `nw.log` slice, tar.gz and zip from being emitted.
- Keep the archive outside the output directory (`/tmp/<timestamp>-quota-all-smoke.*`)
so tar/zip do not recursively include their own output file.
### 0384 Linuxquota clear/log cleanup note
- Linuxquota set/clear must not echo a broad `dqb_valid` mask from `Q_GETQUOTA`
back into `Q_SETQUOTA`. Set only block-limit fields for NetWare user-volume
restrictions; usage and inode fields remain kernel-owned.
- AUTO fallback to NWQUOTA is for genuinely unavailable Linux quota devices
(`no-device`, `unsupported`, `probe-failed`). A real Linuxquota `set-failed`
on a QUOTA-style volume is an error to fix, not a reason to create a parallel
metadata-authoritative state.
## NSS low-level library import policy
- Keep original NSS file names and public API names when importing small GPL-2 NSS library helpers.
- Do not hide imported helpers under an artificial `nss/` public API/source path in `libnwcore`; imported core helpers live directly in `src/core/` and expose the original header/API names so their NSS origin remains recognizable.
- First imported compiled helper: NSS `public_core/nss/lib/bitmap.c` -> MARS-NWE `src/core/bitmap.c`, linked into `libnwcore` with original `bitmap.h` API (`BitMap_s`, `newBitMap`, `findBits`, etc.).
- The existing NSS SDK include layout under `include/nwfs/nss/sdk/...` remains available for compatibility and provenance; the compiled library source is what moves into `src/core/`.
- NSS runtime-only dependencies may be reduced only as needed to compile outside NSS; for bitmap this only maps NSS `zalloc()` to libc `calloc()`.
- Future candidates to import with original names: CRC/hash helpers after Unicode dependency review, queue macros, bit helpers, and media/type helpers already represented by the SDK headers.
- `0411` extends the direct NSS Unicode helper import with `unitoupper.c`,
`unilwr.c`, `uniupr.c`, `uniicmp.c`, `uniicmpmac.c`, and `uninicmp.c` in
`libnwcore`; `unicodeInit.c` now exports both `NSSUniToLower[]` and
`NSSUniToUpper[]` with the same ASCII-compatible bootstrap until the full NSS
converter/table startup is imported.
- `0412` imports the next safe NSS Unicode library block into `libnwcore`: the
component/string helpers `componentUnicpy.c`, `componentUnilen.c`, `unicat.c`,
`unicmp.c`, `unicpy.c`, `unilen.c`, and `unimcpy.c`. Their sharedsrc
implementation headers (`*.c.h`) are kept local under `src/core/` and are not
installed as public API. No MARS callsites are switched yet; this is a
prerequisite for replacing the older hand-written MARS Unicode/string code
piece by piece with NSS-compatible primitives.
- `0413` switches the NSS case-map globals to the external
`third_party/unicodeTables` submodule (`TAB/unicodeTables.c`). That submodule
is project-managed and currently tracks master; it generates `NSSUniToLower[]`
and `NSSUniToUpper[]` from Unicode UCD data instead of copying Novell
`shared/sdk/unitables/*.tab` files. Any future Unicode/codepage tables belong
there first, then MARS-NWE consumes the generated output.
- `0414` and `0415` import NSS UTF-8 conversion helpers that need no tables:
single-character UTF-8 decode (`utf8ToUniChar.c`, `utf8LenToUniChar.c`) and
whole-string UTF-8/Unicode conversion (`uni2utf.c`, `utf2uni.c`).
- `0416` imports NSS Unicode parser/override helpers (`unicodeParse.c`) and
`getNssUnicodeVersion.c`. It also exports `NSSUnicodeFF` and
`NSSUnicodeMacFF` as temporary 0xff sentinel values. Keep those on the same
table/runtime watchlist as the case maps; the final values should come from
DOS/Mac codepage tables or derived converter startup, not from private MARS
conversion state.
- `0417` imports `getMacCodePageName.c` and exports NSS Unicode startup/shutdown
entry points plus `MacintoshCodePageName`. The name remains NULL until real
Mac/DOS codepage table/runtime support is imported via the Unicode tables
submodule.
- `0418` imports the NSS byte/Unicode and Mac byte/Unicode conversion entry
points (`ByteToUnicode.c`, `LenByteToUnicode.c`, `MacByteToUnicode.c`,
`LenMacByteToUnicode.c`, `UnicodeToByte.c`, `UnicodeToMacByte.c`,
`UnicodeToUntermByte.c`, `UnicodeToUntermMacByte.c`) directly into
`libnwcore`. The NSS converter state globals are present but intentionally
empty, so these APIs return `zERR_UNICODE_INVALID_CONVERSION_TYPE` until the
real codepage tables/runtime are added from `mars-unicode-tables`.
- `0419` imports NSS stdlib allocation compatibility (`xStdlib.h`, `zalloc.c`,
`zrealloc.c`) and removes the private `bitmap.c` `zalloc` macro fallback.
Original NSS public-core allocator sources exist under
`public_core/library/stdlib`, but they depend on NSS OS memory tracking;
libnwcore therefore preserves the NSS API names with libc userland allocation
until the full NSS memory runtime is imported.
- `0420` imports NSS UTC/DOS/MS timestamp helpers from
`public_core/library/utc` into `libnwcore`. The active import keeps original
NSS function names and public headers, with only small userland glue for
current time/timezone globals where the NSS public source expects NetWare or
Linux-kernel state.
- `0421` follows up `0420` by whitespace-cleaning the imported UTC block and
defining the missing cache-control globals in `utcUserland.c` for userland
builds where `zLINUX` is unset.
- `0422` imports the NSS Unicode converter registration entry points
(`RegisterUnicodeConverter.c`, `UnRegisterUnicodeConverter.c`) and adds a
small `unicodeTableBuild.c` userland builder for the NSS byte/unicode table
shapes. The builder intentionally only provides identity single-byte tables
plus the already imported NSS wildcard overrides; full DOS/Mac codepage
tables still belong in the external `mars-unicode-tables` submodule before
MARS-NWE enables NetWare-codepage-accurate conversions.
- `0423` consumes the external `mars-unicode-tables` codepage output and builds
NSS-shaped byte/unicode converter tables from compiled-in Unicode.org mapping
descriptors. Runtime does not load `.tab`/`.txt` files; the submodule is a
source/build dependency only.
- `0424` imports NSS GUID/ID helpers into `libnwcore` (`guid.h`, `guid.c`,
local `guid.c.h`, `id.h`, `id.c`). The import keeps NSS GUID/ID API names but
deliberately excludes eDir/DDC/NDS runtime pieces; userland GUID generation is
adapted with libc time and `/dev/urandom` fallback glue. Namespace DOS/LONG/MAC
replacement remains the next larger planned block after parse/xCtype/string
review.
## 0425 NSS xCtype/xString import
- Imported NSS xCtype/xString API headers into `include/core/`:
- `xCtype.h`
- `xString.h`
- Added `libnwcore` userland implementations for exported NSS `LB_*` symbols in:
- `src/core/xCtype.c`
- `src/core/xString.c`
- Source NSS tree only exposes these routines through headers/`libNSS.imp`, so the
implementations use libc-compatible byte/string operations while preserving the
NSS API names.
- Did not import `parse/pcmdline.c` yet: it depends on `setparms`, `errPrintf`,
message/category plumbing, and is not a clean lowlevel block.
- No MARS callsites were changed. Namespace DOS/LONG/MAC remains the next planned
larger audit/import track after this lowlevel helper pass.
## 0426 NSS namespace audit / replacement plan
- Audited NSS namespace sources under `public_core/comn/namespace` and recorded
the migration plan in `doc/NSS_NAMESPACE_AUDIT.md`.
- NSS provides the target replacement set for old MARS namespace code:
- DOS namespace
- LONG namespace
- MAC namespace
- UNIX namespace
- Data Stream namespace
- Extended Attribute namespace
- Do not expand old MARS `namedos`/`nameos2`; they are now replacement targets.
- Namespace is not a simple helper import like `crc`/`unicode`/`utc`: the NSS
sources depend on common-layer beasts, AdminVolume registration, variable-data
hooks, message plumbing, and name-cache structures.
- Follow-up 0427 corrects this plan: do not build a permanent wrapper layer. The
namespace path is direct NSS source import/adaptation followed by removal of
old MARS `namedos`/`nameos2` logic.
## 0427 namespace plan correction and libnwfs follow-ups
- Corrected `doc/NSS_NAMESPACE_AUDIT.md` to remove the earlier wrapper-oriented
wording. The target is direct import/adaptation of NSS namespace sources,
then retirement of old MARS `namedos`/`nameos2` code after DOS behavior is
covered by tests.
- Recorded `_ADMIN` as future `libnwfs` work, not `libnwcore` and not pure
`libnwnds`. Preserve the NSS/OES volume-ID convention in later code:
- `SYS` => volume ID 0
- `_ADMIN` => reserved virtual admin volume ID 1
- `_ADMIN` must remain hidden/admin-only and should not be enabled by default on
the NetWare 3.x path. Its eDirectory-backed views can later call into
`libnwnds`, but the virtual filesystem/runtime belongs to `libnwfs`.
- Added NSS compression to the `libnwfs` follow-up list. The lowlevel algorithm
sources live in `public_core/comn/compression/` (`cdcomp.c`, `cduncomp.c`,
`nwAlgo.c`, `copyAlgo.c`, etc.); the larger compression manager/runtime should
wait until namespace/data-stream/volume metadata is present.
- Compression-related NCP endpoints remain guarded/stubbed until real `libnwfs`
state exists:
- decimal 90/12 == wire/code `0x5a/0x0c`
- decimal 123/70 == wire/code `0x7b/0x46`
- decimal 123/71 == wire/code `0x7b/0x47`
- decimal 123/72 == wire/code `0x7b/0x48`
- decimal 22/51 == wire/code `0x16/0x33` compression counters
## 0428 NSS public_core audit and authsys boundary notes
- Added `doc/NSS_PUBLIC_CORE_AUDIT.md` to classify the top-level NSS
`public_core` tree before more large imports.
- Kept the namespace policy strict: no permanent wrapper over old MARS
`namedos`/`nameos2`; import/adapt NSS namespace directly and retire the old
files after tests cover DOS/LONG behavior.
- Clarified `comn/authsys`: do not wrap old MARS auth logic as the target.
Import/adapt useful NSS authsys logic directly, but adapt only at real
platform/backend boundaries:
- AES/crypto/RNG => existing MatrixSSL/libsodium/libc layers
- Bindery identity/storage => future `libnwbind`
- NDS/eDir identity => future `libnwnds`
- filesystem hooks/Beasts => future `libnwfs`
- Classified useful `public_core` areas:
- `library/`, `nss/lib`, `sharedsrc` => selective `libnwcore` helpers
- `comn/namespace`, `comn/common`, `lsa`, `zlss`, compression => future
`libnwfs` path
- `manage`/`_ADMIN` => later management/libnwfs-admin path
- `ndpmod`, `library/eDir` => future `libnwnds`
- `comn/authsys` identity bridge pieces => future `libnwbind`/`libnwfs` split
- `admindrv`, `nebdrv`, `nsslnxlib`, `library/os` => platform glue only,
import narrow userland-compatible pieces when concrete consumers need them.
## 0429 salvage/compression/tool roadmap documentation
- Added `doc/NWFS_SALVAGE_COMPRESSION_TOOLS.md` as the current storage-backend
roadmap for salvage, `.nwfs_streams`, compression and host tools.
- Salvage direction changed from permanent `.salvage` JSON sidecars to
authoritative `netware.metadata` on the recycled payload:
- `.recycle` remains the payload backend for Samba compatibility.
- `netware.metadata` carries NSS-shaped deleted-file metadata.
- `.salvage` JSON is legacy transition/debug data only and should stop being
written after the metadata path is implemented.
- Samba 4.23.6 `vfs_recycle` was inspected: the normal recycle path uses rename
into the repository, so existing Linux xattrs remain attached to the recycled
inode. Do not add automatic synthetic metadata fallback for files manually
copied into `.recycle`; those are not valid NetWare salvage objects unless an
explicit admin repair command marks them.
- Long-term yyjson target: remove `third_party/yyjson` after new deletes no
longer write `.salvage` JSON, old sidecars are migrated/retired, and no other
required code uses yyjson.
- `.nwfs_streams` scope clarified:
- use it for internal streams, EA, compression blobs and related future state;
- do not move primary Samba-compatible salvage payloads there;
- key entries by a stable MARS/NWFS/NSS-shaped file ID from `netware.metadata`,
not by Linux inode and not by visible filename.
- Compression direction documented: Linux ext3/XFS do not provide a portable
NSS-compatible compression model. Compression belongs to future `libnwfs`
stream/metadata work and must feed real state to decimal 90/12 == wire/code
`0x5a/0x0c`, decimal 123/70..72 == wire/code `0x7b/0x46`..`0x48`, and decimal
22/51 == wire/code `0x16/0x33`.
- Tool roadmap recorded:
- `nwsalvage` for list/info/restore/finaldelete/purge/verify/explicit repair;
- `nwmetadata` for metadata dump/verify/set-deleted/clear-deleted;
- `nwcompress` for compression info/compress/uncompress/verify/list;
- `nwstreams` for stream list/dump/extract/remove;
- `nwea` for EA list/dump/set/remove.
- No runtime code changed in 0429.
## 0430 compression stream layout and recycled payload clarification
- Clarified the future `.nwfs_streams` layout in
`doc/NWFS_SALVAGE_COMPRESSION_TOOLS.md`:
- key internal stream/compression backends by a stable MARS/NWFS/NSS-shaped
file ID from `netware.metadata`;
- do not use Linux inode numbers;
- do not use visible DOS/LONG/MAC/UNIX filenames;
- do not encode compression state in a `compressed_` filename prefix.
- Future compressed stream backend shape:
- `/export/SYS/.nwfs_streams/<stable-file-id>/compression/primary`
- compression state/algorithm/logical size/compressed size live in
`netware.metadata` or stream descriptors.
- If a compressed file is recycled, the `.recycle` payload must be a normal
uncompressed Linux file so Samba and host-side tools can read it. Store the
previous compression descriptor in `netware.metadata`; NCP recover may later
recreate/recompress according to volume policy.
- `.recycle` remains the Samba-compatible deleted-payload backend.
`.nwfs_streams` remains private NWFS state for live/future streams, EA and
compression.
- No runtime code changed in 0430.
## 2026-06-12 - Patch 0431 license files for GPL/LGPL-only split
- Root license files are Markdown now:
- `COPYING.md` for MARS-NWE GPL-2.0-only programs/tools/non-library code.
- `COPYING.LGPL-2.1.md` for explicitly LGPL-covered MARS-NWE libraries.
- Both policies are "only", not "or later": use `GPL-2.0-only` and
`LGPL-2.1-only` SPDX identifiers.
- Adding LGPL-2.1-only license text does not relicense the whole tree; individual
files/libraries must opt in explicitly.
Reference in New Issue View Git Blame Copy Permalink