this version of netatalk represents changes i have made to incorporate AFP 2.2 (AppleShare TCP/IP) support. it is based upon 1.4b2 and is not currently supported by umich. i hope to eventually get it incorporated into a future version. i hope you find this code useful. as such, i am releasing my changes under a copyright similar to the rest of the netatalk code. i would appreciate users of my patches letting me know of any problems or difficulties they have with it. i can only tested it on a limited number of machines. as a result, improved compatability and fixes can only come if i hear of problems. you can find my patches at . the patches currently include the following features: AFP/TCP 64-bit clean large volume support -- you'll need at least 3.7.2seed3 and os > 7.6.1 for this to to be used. If your compiler can't generate 64-bit ints, you'll need to disable this feature. add -DNO_LARGE_VOL_SUPPORT to the DEFS line in your system's Makefile. NOTE: gcc can generate 64-bit ints. ADDITIONAL NOTE: gcc sometimes has problems with 64-bit ints. i already have a workaround in the code to deal with this issue. server messages -- at this point, there is no mechanism to send an arbitrary server message. all of AFP 2.2. All of AFP 2.1 except for FPCatSearch is is implemented if fixed id support is compiled in. tcp wrapper support. if TCPWRAPDIR is uncommented in the main Makefile, tcp wrapper support will get built. i recommend building w/ it to enable host restrictions. a number of bug fixes (SO_BROADCAST, server info, file/dir case insensitive comparisons, and more probably) working quota support for linux and bsd4.4. nfs rquota support is also available. it hasn't been extensively tested on all the platforms yet. NOTE: there's bug in the linux kernel code pre-2.2.8 and pre-2.0.37 that prevents quota support from working properly under linux. you can now specify server options in an afpd.conf file. it's pretty useless unless you want to start multiple servers up. anyways, look at config/afpd.conf to see what's available. in addition, you can use kill -HUP to force a re-read of afpd.conf. as the first kill -HUP turns off connections, you'll have to send another one to force a re-read. i've also merged a slightly modified version of redhat's pam patches. you need to make sure that the PAMDIR entry in the main Makefile is uncommented and pointing to the right directory for this to work. in case you don't know what pam is, it stands for pluggable authentication modules. for more information, here's a web page: i've merged in 's apple II ProDOS support. i've added Randnum and 2-Way Randnum support. part of the code is compliments of. as afp doesn't do the fallback thing in case of failure, Randnum and 2-Way Randnum are only available via afpd.conf. To get them to work, each user must have a ~/.passwd file (not read-/writeable by anyone else) with a password. this is a potential security problem as root can read the password. this may be compensated, to some extent, by the fact that your password never goes onto the wire when mounting a volume. NOTE: you will need to get a copy of the des library if you don't already have one for this option to work. i got mine from A Diffie-Hellman-based UAM is also available. This requires libcrypto from either the SSLeay package (available at the above site) or OpenSSL (ftp.openssl.org). ADDITIONAL NOTE: the absence of a /dev/urandom or running out of entropy will result a non truly-random number being used as the challenge. you have been warned. for all intents and purposes, however, linux' /dev/urandom should provide a sufficiently random number to be considered secure even when the entropy pool gets drained. it certainly does a much better job than gettimeofday(); random(). the bad file descriptor bug should now be fixed. thanks to bsmith@h-e.com for tracking this down. this patchset should not have a problem with "dancing icons." if you are still having a problem with this, it's highly likely that files in your .AppleDouble directory have gotten corrupted. you can now login in with your "real" user name as specified in your password entry. if you don't want to do this, just add -DNO_REAL_USER_NAME to your DEFS line. byte locks should now work. if you want to enable the old way of doing things, add -DUSE_FLOCK_LOCKS. you can now specify whether or not you want uservolume files to be read. add -nouservol to afpd.conf if you don't want user- specified .AppleVolumes files to be read. afpd now will report the number of kilobytes read/written during a session (from the server's perspective). i have merged against netatalk-990130. this includes an improved STREAMS driver and some changes to libatalk. the STREAMS driver still doesn't do setsockopt correctly, but it's supposed to be much more stable. contact the folks at umich if you have questions about it. fixed a problem with sys/netatalk/ddp_input.c reported by . AppleVolumes.* now has many more configuration options. You can specify newline translation (crlf) on a per-volume basis, utilize a codepage translation file for compatibility with other file serving programs, and restrict access to particular volumes. Please read config/AppleVolumes.default for more information. platforms compiled on: linux/intel,sparc linux/axp *bsd sunos4.1.4/sparc ultrix/mips solaris 2.5.x, 2.6, and 2.7. problems with appletalk: certain ethernet card/drivers don't deal well with the fact that appletalk aggressively uses hardware multicast. here are a few ones that may cause problems: ne2000 clones 3Com501 cards (maybe others) intel etherexpress/pro set multicast_filter_limit=3 in linux if you're having problems with this card. to do that, add the following line to /etc/conf.modules: options eepro100 multicast_filter_limit=3 Acknowledgements: i would like to thank leland wallace at apple for a lot of helpful advice on interpreting the appleshare ip documentation. i would also like to thank the numerous people who have helped test this program. they greatly improved the compatability of the code. REALM Information provided financial support for the AppleDouble v2 and CNID database work. adrian sun asun@cobaltnet.com