| Age | Commit message (Collapse) | Author |
|---|
|
|
|
This is intended for the secrmem pool in the kernel,
but could also be used for temporary pools to
recover the memory used by the arenas.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
repeat/delay; fix a race condition
|
|
This change adds support for dkim signing to upas.
It has2 pieces:
1. Adding support for different asn1 formats to auth/rsa2asn1;
we can now generate SubjectPublicKeyInfo RSA keys, which
wrap the keys up with an algorithm identifier.
2. Adding a upas/dkim command which filters a message and signs
it using dkim.
To configure dkim, you need to generate a (small-ish) rsa key;
large keys do not fit into DNS text records:
# generate the private key and add it to factotum
ramfs -p
cd /tmp
auth/rsagen -b 2048 -t 'service=dkim role=sign hash=sha256 domain=orib.dev owner=*' > dkim.key
cat dkim.key > factotum.ctl
# extract the public key, encode it, and strip out the junk
pubkey=`{
<dkim.key auth/rsa2asn1 -f spki | \
auth/pemencode WHATEVER | \
grep -v 'WHATEVER' | \
ssam 'x/\n/d'
}
domain=example.org
# then add it to /lib/ndb.local
echo 'dom=dkim._domainkey.'$domain' soa=
ip=144.202.1.203
refresh=600 ttl=600
ns=ns.orib.dev
txt="k=rsa; v='$pubkey \
>> /lib/ndb/local
Then, finally, insert it into your outgoing mail pipeline. One
thing to be careful of is that upas will do some outgoing 'From:'
rewriting, so you may need to make sure that either '$upasname'
is set, or 'upas/dkim' is inserted after the rewrite stage.
A good place is in /mail/lib/qmail, in place of upas/vf:
% cat /mail/lib/qmail
rfork s
upas/dkim -d example.com | upas/qer /mail/queue mail $* || exit 'qer failed'
upas/runq -n 10 /mail/queue /mail/lib/remotemail </dev/null >/dev/null >[2=1] &
|
|
when reading a long line such as a dkim key in a
txt record, ndb calls Brdstr, which is limited
to the size of the buffer. This means we would
fail to parse the line from NDB, and bail out
early.
Increasing the buffer size allows us to read and
parse longer lines.
|
|
|
|
SSL is implemented by devssl. It's extremely
obsolete by now, and is not used anywhere but
cpu, import, and oexportfs.
This change strips out the devssl bits, but
does not (yet) remove the code from libsec.
|
|
|
|
|
|
|
|
|
|
use usize
|
|
X509to*pub() name buffer
We need a way to parse a rsa certificate request and return the public
key and subject names. The new function X509reqtoRSApub() works the
same way as X509toRSApub() but on a certificate request.
We also need to support certificates that are valid for multiple domain
names (as tlshand does not support certificate selection). For this
reason, a comma separated list is returned as the certificate subject,
making it symmetric to X509rsareq() handling.
A little helper is provided with this change (auth/x5092pub) that takes
a certificate (or a certificate request when -r flag is provided) and
outputs the RSA public key in plan 9 format appended with the subject
attribute.
|
|
There are a number of alphabets in common use for base32
and base64 encoding, such as url-safe encodings.
This adds support for passing a function to encode into
arbitary alphabets.
|
|
|
|
As checking for all zero has to be done in a timing-safe
way to avoid a side channel, it is best todo this here
instead of letting the caller deal with it.
This adds a return type of int to curve25519_dh_finish()
where returning 0 means we got a all zero shared key.
RFC7748 states:
The check for the all-zero value results from the fact
that the X25519 function produces that value if it
operates on an input corresponding to a point with small
order, where the order divides the cofactor of the curve.
|
|
mountable file descriptor, update documentation
Now that we have these new functions,
we can also make them return an error
instead of calling sysfatal() like
postmountsrv().
Remove the confusing Srv.srvfd, as it
is only temporarily used and return
it from postsrv() instead.
|
|
threadsrv() functions
To use srvrease()/srvaquire() we need to have a way to spawn
new processes to handle the service loop. This functionality
was provided by the internal _forker() function which was
eigther rfork or libthread based implementation depending on
if postmountsrv() or threadpostmountsrv() where called.
For servers who want to use srv() directly, _forker would not
be initialized so srvrelease() could not be used.
To untangle this, we get rid of the global _forker handler
and put the handler in the Srv structure. Which will get
initialized (when nil) to eigther srvforker() or threadsrvforker()
depending on if the thread or non-thread entry points where used.
For symmetry, we provde new threadsrv() and threadpostsrv()
functions which handle the default initialization of Srv.forker.
This also allows a user to provide his own forker function,
maybe to conserve stack space.
To avoid dead code, we put each of these function in their
own object file. Note, this also allows a user to define its
own srvforker() symbol.
|
|
Fd2path is a useful call for the netsurf plan9 frontend,
so we should expose it.
|
|
|
|
inttypes.h was added to C99, and this is the only header that used
_SUSV2_SOURCE.
Also, remove now unneeded _SUSV2_SOURCE from python mkfile.
|
|
This patch exposes the bezierpts function,
providing a way to get the points on a path,
similar how bezsplinepts gives them for b
splines.
|
|
/$objtype/include/ape/math.h contained an almost
identical copy of math.h for each architecture.
The only difference between them architectures
was that some had an incorrect version of isinf
defined.
This change picks one of the versions of math.h
with a correct definition, moves it to /sys/include,
and removes the redundant versions.
|
|
Provide a central function to change the user id
of the calling process.
This is mostly used by programs to become the none
user, followed by a call to newns().
|
|
strndup is part of POSIX.1, so APE should provide it.
This patch adds it, so need to patch it out of fewer
programs going forward.
|
|
This allows us to attach additional context
to the biobuf so can read from some sort of
data structure without a global variable.
|
|
Fix missing 'L' in the size suffix, so we were overflowing the
maximum size.
|
|
Our ctype.h mistakenly ommitted isblank. Add it in.
While we're here, the make the 'isfoo()' functions
are broken: they're offsetting into the array, and
don't work with negative character values.
Sync the function bodies with the macros, and make
them produce correct results.
|
|
The putc macro is specified as returning an int, but our
type conversion rules turned it into a uint. Put in the
appropriate cast to make the type what we want.
|
|
The current date and time APIs on Plan 9 are not good. They're
inflexible, non-threadsafe, and don't expose timezone information.
This commit adds new time APIs that allow parsing arbitrary
dates, work from multiple threads, and can handle timezones
effectively.
|
|
Masking with _IO_CHMASK after the assignment causes a warning.
We're better off masking before, but casting the assignment to
prevent sign extension.
|
|
When calling putc, we need to return either EOF
or the character returned. To distinguish the
two, we need to avoid sign extending 0xff. The
code attempted to do this, but the order of
operations was wrong, so we ended up masking,
setting a character, and then sign extending
the character.
This fixes things so we mask after assignment.
|
|
this breaks the sample from the seconds manpage, and overall
produces funky results. this needs alot more testing.
term% seconds '23 may 2011'
seconds: tmparse: invalid date 23 may 2011 near 'may 2011'
term% seconds '2019-01-01 00:00:00'
-118370073600
|
|
Redo date handling in libc almost entirely. This allows
handling dates and times from outside your timezones,
fixes timezone loading in multithreaded applications,
and allows parsing and formatting using custom format
strings.
As a test of the APIs, we replace the formatting code in
seconds(1), shrinking it massively.
The last commit missed a few removals, and made it
unnecessarily hard to do an update.
|
|
|
|
Redo date handling in libc almost entirely. This allows
handling dates and times from outside your timezones,
fixes timezone loading in multithreaded applications,
and allows parsing and formatting using custom format
strings.
As a test of the APIs, we replace the formatting code in
seconds(1), shrinking it massively.
|
|
This adds the mkfiles and plumb.h to ape,
similar to how libdraw is made available.
This is used for ports such as netsurf.
|
|
in accordance with c99:7.16. Used by perl, trivial enough
that I feel ok with adding it before the port is fully done.
|
|
We're missing type flags for:
hh: char
ll: vlong
z: size_t
t: ptrdiff_t
j: intmax_t
The lack of '%lld' was causing us to fail when parsing
timezone files. This brings us in line with the specifiers
in the C99 standard, section 7.19.6.2p11
|
|
C99 requires that if intXX_t types are defined, int_fastxx_t and
int_leastxx_t types are defined as well. We define all three to
be identical (intXX_t == int_fastXX_t == int_leastXX_t).
|
|
This makes it easier to figure out what's going wrong when
we forget to define _POSIX_SOURCE.
|
|
|
|
|
