The following text contains an extract of notes taken during my porting of Samba for Unix to MPE/iX. I'm making them available to the public, hoping that they might be helpful to others who are trying to port Unix software to MPE/iX (or spending some more work on the Samba/iX source).
The whole story started when Neil Harvey (neil@nha.co.za) and Jens von Bulow (jens@nha.co.za) [note: being a native German I should write Jens' name with a proper Umlaut in place of the u but I always try to stick with 7bit ASCII] mentioned Samba and the Australian web site on HP3000-L in December 1996. It made me curious because this seemed to be an ideal means to develop a new CD Extension/iX based on current PC clients.
doc/INSTALL.txt
also gives hints for optimizing locking and fast_share_mode
doc/Passwords.txt
hints re password level tries and security=server for NT validator
doc/Printing.txt
hints re spooler access
doc/Speed.txt
hints for tuning Samba, does TCP_NODELAY socket option exist on MPE?
doc/Consulting.txt
hints for contacts if newsgroup comp.protocols.smb not sufficient
doc/UNIX-SMB.txt
several good general hints and differences UNIX vs DOS file systems
Makefile has been copied to makefile and adjusted for MPE as
the original one passes a lot of -D_defines to the compiler
but MPE only likes 279 characters per command line. Moved
many of those #defines to the includes.h file as they pass
defaults like CONFIGFILE.
Pulled LIBBSD from Jazz as Samba is not purely Posix but needs
several BSD Unix routines and thus got unresolved externals
when compiled with C89 in the Posix Shell.
Added MPEIX entry to the makefile (using -DMPEIX) and setup
some reasonable include paths and compiler switches. The MPEIX
token helps finding adjustments in makefile and source codes.
Examined the HPUX specific locations in makefile and source code
to find out which stuff might have to be adjusted for MPE/iX.
Did this mainly because I have access to HPUX and its man pages
and thus can find out what missing pieces were intended to do.
become_daemon() does not easily apply to MPE, there is no setsid()
routine available and the process management concepts are quite
different in the MPE area. Might use DETACH process but I think
using a server job similar to JFTPSTRT.ARPA.SYS will be easier to
implement and easier to understand for Samba users on MPE. With
MPE/iX 5.5 the INETD is also an option.
chroot() is not available on MPE but fortunately the Samba source
offers some #ifdef NO_CHROOT. It just gives warnings in log.smb.
bind() to "low port numbers" (less than 1024) needs GETPRIVMODE on
MPE whereas it requires being root (superuser) on Unix. With INETD
this is not an issue as an open connection is passed to SMBD.
bsd/sys/wait.h creates annoying compile time warning re w_termsig.
Created a "local" copy under /usr/local/samba/include and adjusted
makefile to include these first (allows to fix without having to
modify the original LIBBSD distribution).
password_check uses crypt and getpwent() or getpwnam() which on MPE
does not deliver a proper pw_passwd field (pointer). Adjusted this
by creating an mpe_getpwnam() which calls getpwnam() and uses AIF
to lookup user and account passwords to "fake" a crypted pw_passwd
field (using userpass,acctpass combination like e.g. FTP/iX does).
Note as of 11/97: Finally using AIF to validate passwords given
by the client (instead of extracting them to fake pw_passwd field
with the help of crypt() call; the latter caused pw truncation)
Using 5.5 TAR instead of MOVER has the great adavantage that it does
preserve file timestamps and thus allows tracking last modifications
or modifications at all (ls -lt shows few files had to be adjusted).
STORE-to-DISK on MPE might be even more useful (with COMPRESS).
preexec and postexec directives in smb.conf can be used with tellop
te create connect/disconnect console messages. Trick from Michael
Gueterman of EditCorp. Also found on 3000 News Wire Feb 1997.
Socket reads/writes from Samba hit an MPE specific limitation when
passing more than 30 KBytes with a single call. This caused SMBD
to disconnect with an error message. Fixed by adding code to split
large send/recv operations to multiple socket calls.
Is #define USE_WAITPID reasonable? It seems to me that wait3()
is not available on MPE but I am no process handling guru under
Posix so far.
No setres() on MPE, will setuid() and/or seteuid() work ok? Similar
for setresgid(), setfsgid() or setgid(). Even worse, it is not
possible to setgid() on MPE as gid is not independent from uid.
Is SIGCHLD_IGNORE okay on MPE? May need to check KDB for hints.
setgroups() and initgroups() are not available on MPE as MPE does
not (yet) support supplemental group IDs. getgroups() properly
returns 0. Hopefully Samba can handle this ok.
Share Level or User Level security is still somewhat confusing to
me. It seems that a User ID is only passed once and that "tree
connects" seem to only pass a password (and Samba tries to find
the matching User ID by trying...)
ReadMe file should mention PH user capability, PM capability needs
and tips on tar -xvof if using 5.5 tar to package the fileset.
It also should discuss the differences of INETD or standalone job.
map_username and lp_username_map might be useful on MPE as the
User IDs are different from Unix (LARS.APPEL vs lappel). What
about getpwnam() or getpwuid() on MPE -- special adjustments?
uid.c checks for initial uid 0 to decide whether to setuid() to
switch to another uid but this is not appropriate for MPE as it
does not need superuser but GETPRIVMODE for setuid(). Simply
disable the tests or replace by something different?
Note as of 11/97: Solved the above issue by calling WHO intrinsic
during initialization to check for PM user capability. While the
setuid() calls would be happy with PM program capability, I did
prefer to give the system manager somewhat more control... The
checks for initial uid 0 are now for PM user cap (ifdef MPEIX).
SMB Monitor job gets lots of OP/CL records (suspect fork). Is this
okay or better redirect to JOBLOG file similar to Web Starter Kit?
Would a different UserID/Password mapping scheme be more appropriate?
E.g. creating an /etc/passwd file which maps unix-like UID to the
MPE User (either numeric UID or USER.ACCT) which might even supply
an additional crypted unix-like password (allowing special chars
and making unix-like logon possible). Samba should enforce that the
/etc/passwd belongs to MANAGER.SYS and is read-only to not create
a potential security hole here (GETPRIVMODE)... Feedback HP3000-L?
Alternative user mapping might be adding .SAMBA as default account
if the UID passed by client does not have a dot (indicating MPE).
How to handle passwords in this case? Ignore SAMBA account pass?
send_one_packet() seems to awake NMBD if #define PRIME_NMBD is set.
What purpose? Support browsing by creating a browse.dat file?
Why does client send so many chkpth requests? Same on HPUX samba?
In general comparing Samba/iX to Samba/UX should be a useful means
to check out suspected bugs if MPE or Samba specific or "feature".
dir.c has OpenDir(), ReadDir(), CloseDir() etc and might possibly
be a good point for adding CDROM intercept routines (if not using
AIF PE or lower-level Posix intercept XL).
server.c has open_file(), close_file() etc. but system.c only seems
to offer sys_open() but no sys_close() -- CD intercept difficult.
Might use stacktraces from GET, PUT or DIR client actions by running
SMBD -D with ;DEBUG and setting breakpoint on Posix routine level.
Is share-level security or user-level security default/appropriate?
Password encryption seems to truncate to 8 characters somehow, i.e.
combo passwords like userpass,acctpass are only "significant" in
the first few positions -- this is pretty unacceptable to me!
statfs() not available on MPE. Using #define NO_STATFS helps but
does create an annoying warning in log.smb and moreover the client
does not see non-zero values for free space on server.
Note as of 11/97: The samba config file provides some workaround
in this area by offering a dfree script. I have created a sample
script but it is not yet sophisticated (for example, what if the
share lives under an MPE group with FILESpace limit or in a user
volume set?). Also some clients seem to have trouble if the free
space in KB gets a fairly large number (like a few GB ;-)
filename mapping DOS to MPE is a problem as DOS allows many characters
that are simply illegal on MPE (HFS). Results in Windows Write failing
to save files on Samba share because temp file ~WRIxxxx.TMP illegal.
Note as of 11/97: Implemented first mapping methods with version 0.7
of Samba/iX. Guess this area still needs some work altough it seems
to have helped a lot of people/usages already.
CRLF versus LF as line terminator in text files is a general issue with
Samba, regardless of Unix or MPE platform. Editors like PFE should help
here (according to Neil Harvey). But some people even tried to edit the
Samba config files using a PC editor... and got problems...