About terciofilho

Computer engineer.

Samba Standalone + Windows ACLs on Debian Stretch

A customer needed a simple File Server, without AD and all it’s complexity. A plain simple File Server. Of course, I choose Samba(as I write this, 4.5.8-Debian).

But, there is always a but, I wanted to manage ACLs(Permissions) using Windows GUI.

Here is a simple how-to on how to accomplish that straightforward. I’m using Debian Stretch.

First things first, install packages:

$ sudo apt install acl attr samba smbclient samba-vfs-modules

This will install samba and ACL and Extended attributes, needed by Windows ACls.

Next, we need to configure samba, /etc/samba/smb.conf:

# Global parameters
     workgroup = YOUR-WORKGROUP-NAME
     security = USER
     server role = standalone server

     log file = /var/log/samba/log.%m
     max log size = 1000
     panic action = /usr/share/samba/panic-action %d

     map to guest = Bad User
     passdb backend = tdbsam

     # Disable Usershares
     usershare path =

     # Disable Printing
     disable spoolss = Yes
     load printers = No
     printcap name = /dev/null
     printing = bsd

     # Name Resolution
     dns proxy = No
     name resolve order = host
     disable netbios = no

     # Enable Windows ACLs
     store dos attributes = Yes
     map acl inherit = Yes
     vfs objects = acl_xattr

# Shares parameters
     path = /srv/samba/MyShare
     read only = No

In this example, the shares are located at /src/samba/, which looks like:

drwxrws--- 2 root it 4.0K Oct 6 10:40 MyShare

I chmod 2770 MyShare as stated in the samba wiki:

Setting the SGID bit (2770) automatically inherits the directory’s group to all new files and directories created, instead setting it to the user’s primary group.

After that, we need to add the users to samba:

smbpasswd -a USERNAME, where USERNAME is the user you want to add to samba.

For users that you want to allow changing permissions in Windows, run:

net rpc rights grant "USERNAME" SeDiskOperatorPrivilege -U "root"

If you want to map a group:

net groupmap add ntgroup="NT_GROUP_NAME" unixgroup=UNIX_GROUP_NAME type=d -U root

To list samba users:

pdbedit -w -L

To access a share from command line:

smbclient -U USERNAME //SMB/MyShare

Hope it helps!


How to read a SLE4442/32 SmartCard using PCSC

Recently, I had to read bytes from a SLE4442 SmartCard in a Linux server(Ubuntu, as usual).

There are some alternatives to read/write these SmartCards, the most widespread is PC/SC-lite. In the PC/SC tools there is a valuable program called “scriptor”, which will allow you to send commands from STDIN to the card reader and get direct feedback from your card. This is useful when you are debugging, but in production I needed a small executable(Scriptor is a perl script) to run in the ramdisk(initrd) and print the card’s content to STDOUT.

Here is a small C program I created that will connect to the card reader, send two commands(Detailed below) and print the card’s content to STDOUT.
Commands(Hex notation):

  • Select Card Type, in this case SLE4432 or SLE4442 or SLE5532 or SLE5542.
    • Command: “FF A4 00 00 01 06”, this command powers down and powers up the selected card and performs a card reset.
  • Read card content
    • Command: “FF B0 00 XX YY”, this command reads the card memory at address XX, YY bytes long.

You can provide 2 parameters to the program, the first address to be read, and how many bytes. eg:

# Will read 128 bytes starting at the 32th byte.
$ ./smartCardRead 20 80
# Will read 16 bytes starting at the first byte.
$ ./smartCardRead 00 10

By default, it will read from the first address, 256 bytes.

Before trying to compile the program below, you need to install some packages:

apt-get install build-essential pcscd pcsc-tools libpcsclite1 libpcsclite-dev
  • build-essential – Basic packages needed to compile a program
  • pcscd – Daemon that will allow libpcsclite connect to card readers
  • pcsc-tools – Tools, like scriptor, pcsc_scan, etc.
  • libpcsclite1 – Library PC/SC-lite
  • libpcsclite-dev – Library headers files

After installing these packages, just create the two files below and run make.


CFLAGS=-pthread -I/usr/include/PCSC -c

all: main.o main

main: main.o
	$(CC) main.o $(LDFLAGS) -o readSmartCard

main.o: main.c
	$(CC) $(CFLAGS) main.c

	rm -rf *.o readSmartCard


#include <stdio.h>
#include <stdlib.h>
#include <winscard.h>

#define CHECK(f, rv) \
	if (SCARD_S_SUCCESS != rv) \
	{ \
		fprintf(stderr, f ": %s\n", pcsc_stringify_error(rv)); \
		return -1; \
#define CHECK_RESPONSE(buffer, bufferLength) \
	if(buffer[bufferLength-2] != 0x90 || buffer[bufferLength-1] != 0x00) { \
		fprintf(stderr, "Invalid response!\n"); \
		return -2; \

int main(int argc, char *argv[]) {
	LONG rv;
	DWORD dwReaders, dwActiveProtocol, dwRecvLength;
	LPTSTR mszReaders;
	BYTE pbRecvBuffer[266];
	unsigned int i;

	fprintf(stderr, "Smart Card reader - terciofilho - hashtips.wordpress.com\n");

	BYTE cmdDefineCardType[] = { 0xFF, 0xA4, 0x00, 0x00, 0x01, 0x06 };
	BYTE cmdReadCard[] = { 0xFF, 0xB0, 0x00, 0x20, 0xC0 };

	if(argc != 3)
		fprintf(stderr, "Usage: %s FIRST_ADDRESS READ_LENGTH\nNo parameters provided, default values:\nFIRST_ADDRESS = 0x%X\nREAD_LENGTH = 0x%X\n", argv[0], cmdReadCard[3], cmdReadCard[4]);
		if(strtol(argv[2], NULL, 16) > 256)
			fprintf(stderr, "Invalid READ_LENGTH. Must be < 256.\n");
			return -3;
		cmdReadCard[3] = strtol(argv[1], NULL, 16);
		cmdReadCard[4] = strtol(argv[2], NULL, 16);
		fprintf(stderr, "FIRST_ADDRESS = 0x%02x\nREAD_LENGTH = 0x%02x\n", cmdReadCard[3], cmdReadCard[4]);

	rv = SCardEstablishContext(SCARD_SCOPE_SYSTEM, NULL, NULL, &hContext);
	CHECK("SCardEstablishContext", rv);

	rv = SCardListReaders(hContext, NULL, (LPTSTR)&mszReaders, &dwReaders);
	CHECK("SCardListReaders", rv)
	fprintf(stderr, "Reader name: %s\n", mszReaders);

	rv = SCardConnect(hContext, mszReaders, SCARD_SHARE_SHARED, SCARD_PROTOCOL_T0 | SCARD_PROTOCOL_T1, &hCard, &dwActiveProtocol);
	CHECK("SCardConnect", rv)

			pioSendPci = *SCARD_PCI_T0;

			pioSendPci = *SCARD_PCI_T1;
	dwRecvLength = sizeof(pbRecvBuffer);

	rv = SCardTransmit(hCard, &pioSendPci, cmdDefineCardType, sizeof(cmdDefineCardType), NULL, pbRecvBuffer, &dwRecvLength);
	CHECK("SCardTransmit", rv)
	CHECK_RESPONSE(pbRecvBuffer, dwRecvLength);

	dwRecvLength = sizeof(pbRecvBuffer);
	rv = SCardTransmit(hCard, &pioSendPci, cmdReadCard, sizeof(cmdReadCard), NULL, pbRecvBuffer, &dwRecvLength);
	CHECK("SCardTransmit", rv)
	CHECK_RESPONSE(pbRecvBuffer, dwRecvLength);

	for(i=0; i<dwRecvLength-2; i++)
		printf("%c", pbRecvBuffer[i]);

	rv = SCardDisconnect(hCard, SCARD_LEAVE_CARD);
	CHECK("SCardDisconnect", rv);

	rv = SCardFreeMemory(hContext, mszReaders);
	CHECK("SCardFreeMemory", rv);

	rv = SCardReleaseContext(hContext);
	CHECK("SCardReleaseContext", rv);

There is a manual out there, that is VERY helpful when sending commands to these cards, PMA-ACR38x(CCID)-6.02.

DISCLAIMER: I cannot guarantee that this code is bug free or will work in your setup. I’m not a C guru, I didn’t check all possible failure points.

How to cross compile libvpx for Windows in a Mac OS X


Here I’m again.

I’m working a secret project that needs to link agains libvpx in a Windows environment.

There is almost no information on how to compile libvpx, imagine cross compile in a Mac, well, none.

I successfully compiled it for Windows in a very simple fashion.


  • Xcode
  • MacPorts
  • git
  • mingw32 port installed
  • yasm assembler
  • Git clone of libvpx repository
  • 5 minutes of your time

I’ll not cover how to install XCode neither MacPorts, as it’s straightforward. Xcode can be installed via Mac AppStore, and MacPorts you just need to follow the instructions here. All commands above are intended to be copied and pasted in the Terminal window.

After MacPorts installed, run this command, just in case you already have MacPorts installed(It’ll update your port catalog and upgrade all installed ports):

$ sudo port selfupdate && sudo port upgradeoutdated

Then, we need to install the ports we need:

$ sudo port install i386-mingw32-binutils i386-mingw32-gcc i386-mingw32-runtime i386-mingw32-w32api yasm git-core

This will take some time, just rest and relax.

The next step you must run in a folder that you know, for example, ~/Code/, it’s up to you. Now, let’s clone the libvpx repository:

$ git clone http://git.chromium.org/webm/libvpx.git
cd libvpx

This will create a folder called libvpx in the current folder.

In the configure script of libvpx there is a check that is broken in mingw, apply this patch to allow it to run smoothly:

$ patch -p1 << 'EOF'
diff --git a/configure b/configure
index 297cec4..196583a 100755
--- a/configure
+++ b/configure
@@ -555,9 +555,6 @@ process_detect() {
     check_header stdio.h || die "Unable to invoke compiler: ${CC} ${CFLAGS}"
-    check_ld <<EOF || die "Toolchain is unable to link executables"
-int main(void) {return 0;}
     # check system headers
     check_header stdint.h
     check_header pthread.h

It must print a line saying: “patching file configure”.

For the sake of simplicity, I created a script that will configure the toolchain to mingw, here it is:

$ cat > mingw32.sh << 'EOF'
export CC=i386-mingw32-gcc
export CXX=i386-mingw32-g++
export CPP=i386-mingw32-cpp
export AR=i386-mingw32-ar
export RANLIB=i386-mingw32-ranlib
export ADD2LINE=i386-mingw32-addr2line
export AS=yasm
export LD=i386-mingw32-ld
export NM=i386-mingw32-nm
export STRIP=i386-mingw32-strip
exec "$@"

Make this script executable:

$ chmod +x mingw32.sh

Well, all setup! Let’s configure:

$ ./mingw32.sh ./configure --disable-examples --disable-ssse3 --disable-multithread --enable-vp8 --target=x86-win32-gcc

You must see something like this:

Configuring selected codecs
  enabling vp8_encoder
  enabling vp8_decoder
  enabling vp9_encoder
  enabling vp9_decoder
Configuring for target 'x86-win32-gcc'
  enabling x86
  enabling runtime_cpu_detect
  enabling mmx
  enabling sse
  enabling sse2
  enabling sse3
  using yasm
  checking here for x86inc "x86" "" 
  enabling use_x86inc
  enabling postproc
  enabling unit_tests
Creating makefiles for x86-win32-gcc libs
Creating makefiles for x86-win32-gcc docs

Then, make the lib:

$ ./mingw32.sh make

Well, you will see some warnings, but if there is no errors, you are done!

Search for a libvpx.a file, use it to link against your application!

See ya!

Ps.: I couldn’t build it using multithreading. My project doesn’t need it, but I’m working on it…

– Update October, 25 2013 –

Added missing chmod in mingw32.sh.

Send SMS using a USB Modem and Ubuntu 12.04

I developed a Java ERP system for a customer and he asked me if the system could send SMS messages. My first thought was to pay a SMS Gateway, the internet has thousands of them, easy to use, relatively cheap and fast to integrate.

But, there is always a but, I discovered that my customer has several Huawei E173 GSM USB modems with a SMS plan! They have the hardware, they already pay for SMS, so why not use these modems?!.

So here it is, a simple way to send SMS using a Huawei E173 GSM USB modem in a Ubuntu Server 12.04.

The E173 modem that I’m using, when plugged in, will emulate a CD-ROM driver containing the software needed by this modem. The modem device will not be available unless we “switch mode” the USB device, this is called a “flip flop” USB device. To handle that we need to install the usb_modeswitch(usb_modeswitch) if it isn’t already.

This command will install the usb-modeswitch and the gsm-utils that will do the magic:

apt-get install usb-modeswitch gsm-utils

Before connecting you modem to the USB port, run this command:

tail -f /var/log/syslog

Go ahead, connect the modem, wait some seconds(+5) and you will see something like this:

Apr 12 11:26:00 server kernel: [ 1862.731001] usb 1-1: new high-speed USB device number 3 using ehci_hcd
Apr 12 11:26:01 server kernel: [ 1863.381742] option 1-1:1.0: GSM modem (1-port) converter detected
Apr 12 11:26:01 server kernel: [ 1863.382231] usb 1-1: GSM modem (1-port) converter now attached to ttyUSB0
Apr 12 11:26:01 server kernel: [ 1863.382279] option 1-1:1.1: GSM modem (1-port) converter detected
Apr 12 11:26:01 server kernel: [ 1863.382321] usb 1-1: GSM modem (1-port) converter now attached to ttyUSB1
Apr 12 11:26:01 server kernel: [ 1863.385510] scsi4 : usb-storage 1-1:1.2
Apr 12 11:26:02 server kernel: [ 1864.386423] scsi 4:0:0:0: CD-ROM            HUAWEI   Mass Storage     2.31 PQ: 0 ANSI: 2
Apr 12 11:26:02 server kernel: [ 1864.398748] sr1: scsi-1 drive
Apr 12 11:26:02 server kernel: [ 1864.399381] sr 4:0:0:0: Attached scsi CD-ROM sr1
Apr 12 11:26:02 server kernel: [ 1864.400494] sr 4:0:0:0: Attached scsi generic sg2 type 5

Press Ctrl+C to exit tail.

If you see a line like this "GSM modem (1-port) converter now attached to ttyUSBX" means that your modem is ready to use.

And finally, how to send a SMS message(In my case my modem is in /dev/ttyUSB0 and the baudrate is 19200, change according to your setup):

echo "SMS Test Message!" | gsmsendsms -d /dev/ttyUSB0 -b 19200 PHONE_NUMBER

There should be no output. The exit code is 0 if everything is OK, greater than 0 if fail.

Great, I already can send SMS using the console, but I need to integrate into my application. The fastest and easiest way is to call the same command I ran in the console.

	public static boolean sendSmsSynchronous(final String phone, final String message)
		final ProcessBuilder processBuilder = new ProcessBuilder().command("/usr/bin/gsmsendsms", "-d", "/dev/ttyUSB0", "-b", "19200", phone, message);
		Process gsmsendsmsProcess;
			gsmsendsmsProcess = processBuilder.start();
		catch (final Exception e)
			return false;

		return gsmsendsmsProcess.exitValue() == 0;

That’s it, have fun!

Ps.: All the commands above must be run by root, if you aren’t root, just add sudo before.

Shutdown Windows KVM Virtual Machine

All my servers usually are Ubuntu Linux boxes. But sometimes I have to manage some Windows servers (2003, 2008, …) running in a KVM setup.

Every time that the host KVM server needs to be restarted, my Windows instances aren’t shutdown cleanly. If I open the virt-manager and open the Console, the screen is resumed(As when it is sleeping) and if I shutdown the host it will show that the Windows is shutting down and everything is perfect, but, there is always a but, if I do the shutdown by ssh without interacting with the Windows machine, it doesn’t “accept” the ACPI Shutdown command and just stand still.

Just for information, I already setup all the ACPI stuff in the KVM and in the Windows boxes.

To avoid this behavior I changed my libvirt script to send a mouse movement before the shutdown command, awaking the Windows before, so it can shutdown properly. 

Edit the upstart-job script:

vim /etc/init/libvirt-bin.conf

Add these 2 lines:

run_virsh -c "$uri" qemu-monitor-command "$domain" mouse_move 100 100 --hmp > /dev/null
sleep 2

Between the log message and the shutdown command:

log_msg "libvirt-bin: attempting clean shutdown of $domain at $(date)"
run_virsh -c "$uri" shutdown "$domain" > /dev/null

This will “awake” the Windows machine and shutdown it cleanly.

Hope it helps!

— Update June, 19 2013 —

Also you need to disable some dialogs in the Windows GPO and Registry to enable your machine shutdown unattended.


— Update September, 12 2013 —

As noted by user infernix, the link I provided in the last update is offline. So I’ll write here what need to be done instead link to another page.

We need to disable a policy that in Windows Server machines will disallow shutdown if the administrator(Or other authorized user) is not logged in.

First, open the Group Policy Editor, press “Win + R” or open “Run” in the Start Menu, write “gpedit.msc”, hit Enter:


This will open the GP Editor, navigate to:

Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options

In the right panel, will be a option that says: “Shutdown: Allow system to be shut down without having to log on”. Double click it and select “Enabled”.


Secondly, we need to disable the “Shutdown Event Tracker”, which is the dialog that will be presented to the user when a shutdown is requested.

Navigate to:

Local Computer Policy -> Computer Configuration -> Administrative Templates -> System

In the right panel, disable the option “Display Shutdown Event Tracker”, the same way you did in the last step, but this time, “Disabled”.


An optional step is to disable monitor sleep, which will not change the power consumption as this is a virtual machine, with a virtual console and will avoid any other issues with shutdown.

Open Control Panel and select Power Options. I use “High performance” option, but you need to click on “Change plan settings” to disable monitor sleep, see images above.



Well, this is all folks.