1 this version of netatalk represents changes i have made to incorporate
2 AFP 2.2 (AppleShare TCP/IP) support. it is based upon 1.4b2 and is not
3 currently supported by umich. i hope to eventually get it incorporated
6 i hope you find this code useful. as such, i am releasing my changes
7 under a copyright similar to the rest of the netatalk code.
9 i would appreciate users of my patches letting me know of any problems
10 or difficulties they have with it. i can only tested it on a limited
11 number of machines. as a result, improved compatability and fixes can
12 only come if i hear of problems. you can find my patches at
13 <ftp://ftp.cobaltnet.com/pub/users/asun>.
15 the patches currently include the following features:
18 large volume support -- you'll need at least 3.7.2seed3
19 and os > 7.6.1 for this to to be used.
21 If your compiler can't generate 64-bit
22 ints, you'll need to disable this
23 feature. add -DNO_LARGE_VOL_SUPPORT to
24 the DEFS line in your system's
25 Makefile. NOTE: gcc can generate
28 ADDITIONAL NOTE: gcc sometimes has
29 problems with 64-bit ints. i already
30 have a workaround in the code to deal
33 server messages -- at this point, there is no mechanism to send
34 an arbitrary server message.
36 all of AFP 2.2. All of AFP 2.1 except for FPCatSearch is
37 is implemented if fixed id support is compiled in.
39 tcp wrapper support. if TCPWRAPDIR is uncommented in the
40 main Makefile, tcp wrapper support will get built.
41 i recommend building w/ it to enable host restrictions.
43 a number of bug fixes (SO_BROADCAST, server info, file/dir
44 case insensitive comparisons, and more probably)
46 working quota support for linux and bsd4.4. nfs rquota support
47 is also available. it hasn't been extensively tested on all
48 the platforms yet. NOTE: there's bug in the linux kernel code
49 pre-2.2.8 and pre-2.0.37 that prevents quota support from working
52 you can now specify server options in an afpd.conf file. it's
53 pretty useless unless you want to start multiple servers up.
54 anyways, look at config/afpd.conf to see what's available.
55 in addition, you can use kill -HUP to force a re-read of
56 afpd.conf. as the first kill -HUP turns off connections,
57 you'll have to send another one to force a re-read.
59 i've also merged a slightly modified version of redhat's pam
60 patches. you need to make sure that the PAMDIR entry in the main
61 Makefile is uncommented and pointing to the right directory for
62 this to work. in case you don't know what pam is, it stands for
63 pluggable authentication modules. for more information, here's
64 a web page: <http://www.redhat.com/linux-info/pam/>
66 i've merged in <shirsch@ibm.net>'s apple II ProDOS support.
68 i've added Randnum and 2-Way Randnum support. part of the code is
69 compliments of<shirsch@ibm.net>. as afp doesn't do the
70 fallback thing in case of failure, Randnum and 2-Way Randnum
71 are only available via afpd.conf. To get them to work, each
72 user must have a ~/.passwd file (not read-/writeable by anyone
73 else) with a password. this is a potential security problem as
74 root can read the password. this may be compensated, to some
75 extent, by the fact that your password never goes onto the wire
76 when mounting a volume.
78 NOTE: you will need to get a copy of the des library if you
79 don't already have one for this option to work. i got mine
80 from <ftp://ftp.psy.uq.oz.au/pub/Crypto/DES/libdes-x.xx.tar.gz>
82 A Diffie-Hellman-based UAM is also available. This requires
83 libcrypto from either the SSLeay package (available at the
84 above site) or OpenSSL (ftp.openssl.org).
86 ADDITIONAL NOTE: the absence of a /dev/urandom or running out
87 of entropy will result a non truly-random number being used as
88 the challenge. you have been warned. for all intents and
89 purposes, however, linux' /dev/urandom should provide a
90 sufficiently random number to be considered secure even when
91 the entropy pool gets drained. it certainly does a much better
92 job than gettimeofday(); random().
94 the bad file descriptor bug should now be fixed. thanks to
95 bsmith@h-e.com for tracking this down.
97 this patchset should not have a problem with "dancing icons."
98 if you are still having a problem with this, it's highly
99 likely that files in your .AppleDouble directory have gotten
102 you can now login in with your "real" user name as specified
103 in your password entry. if you don't want to do this, just add
104 -DNO_REAL_USER_NAME to your DEFS line.
106 byte locks should now work. if you want to enable the old way
107 of doing things, add -DUSE_FLOCK_LOCKS.
109 you can now specify whether or not you want uservolume files
110 to be read. add -nouservol to afpd.conf if you don't want user-
111 specified .AppleVolumes files to be read.
113 afpd now will report the number of kilobytes read/written during
114 a session (from the server's perspective).
116 i have merged against netatalk-990130. this includes an
117 improved STREAMS driver and some changes to libatalk. the
118 STREAMS driver still doesn't do setsockopt correctly, but it's
119 supposed to be much more stable. contact the folks at umich if
120 you have questions about it.
122 fixed a problem with sys/netatalk/ddp_input.c reported by
123 <abs@anim.dreamworks.com>.
125 AppleVolumes.* now has many more configuration options. You
126 can specify newline translation (crlf) on a per-volume basis,
127 utilize a codepage translation file for compatibility with
128 other file serving programs, and restrict access to particular
129 volumes. Please read config/AppleVolumes.default for more
132 platforms compiled on:
138 solaris 2.5.x, 2.6, and 2.7.
140 problems with appletalk:
141 certain ethernet card/drivers don't deal well with the fact
142 that appletalk aggressively uses hardware multicast. here are
143 a few ones that may cause problems:
145 3Com501 cards (maybe others)
146 intel etherexpress/pro
147 set multicast_filter_limit=3 in linux if you're having
148 problems with this card. to do that, add the following
149 line to /etc/conf.modules:
150 options eepro100 multicast_filter_limit=3
153 i would like to thank leland wallace at apple for a lot of
154 helpful advice on interpreting the appleshare ip documentation.
156 i would also like to thank the numerous people who have helped
157 test this program. they greatly improved the compatability of
160 REALM Information provided financial support for the
161 AppleDouble v2 and CNID database work.