Re: Minor clarifications for bioctl.8 and softraid.4

[Chris Palmer]

Jason McIntyre writes:

> ok, my diff below tries to collect the various bits of feedback. stuff i
> haven't taken:

Thanks for doing this.

> - delete -> detach, for reasons given by marco

I'd still like to reconsider this.

> - `` -> "; i don't think it's worth changing

But it looks silly with the other style of quotes right next to it in the
page:

 ``Unused'', promote it to being a ``Hot Spare''.

 -h  Where necessary, produce "human-readable" output.  Use unit suffix-

I like all my bike sheds to be painted a single consistent color. :)

> feel free to argue. anyway, here's what i have. ok?

It's ok by me, even if I wasn't able to convince you on the above points.


-- 
http://noncombatant.org/

Re: Minor clarifications for bioctl.8 and softraid.4

[Chris Palmer]

Claudio Jeker writes:

> Delete is a strong word. Does it mean that the RAID meta information is
> deleted (and with it all data on the softraid volume) or does it just mean
> that the softraid volume is removed from the kernel?
> IMO the use of delete here is not a good choice.

Right, exactly.


-- 
http://noncombatant.org/

Re: Minor clarifications for bioctl.8 and softraid.4

[Claudio Jeker]

On Sun, Sep 12, 2010 at 06:45:17PM -0500, Marco Peereboom wrote:
> On Sun, Sep 12, 2010 at 09:21:31PM +0100, Jason McIntyre wrote:
> > On Sun, Sep 12, 2010 at 12:22:25PM -0700, Chris Palmer wrote:
> > > I recently set up a CRYPTO volume with softraid(4) and enjoyed it. Thanks!
> > > 
> > > Here are some hopefully-clarifying diffs to the man pages.
> > > 
> > 
> > feedback from softraid people please...
> 
> Inline where I don't agree.
> 
> > 
> > > 
> > > --- bioctl.8.orig Sat Sep 11 19:55:27 2010
> > > +++ bioctl.8  Sun Sep 12 12:17:30 2010
> > > @@ -119,7 +119,7 @@
> > >  promote it to being a
> > >  .Dq Hot Spare .
> > >  .It Fl h
> > > -Where necessary, produce "human-readable" output.
> > > +Where necessary, produce ``human-readable'' output.
> > 
> > er, ...
> > 
> > >  Use unit suffixes: Byte, Kilobyte, Megabyte,
> > >  Gigabyte, Terabyte, Petabyte, Exabyte in order to reduce the number of
> > >  digits to four or less.
> > > @@ -202,7 +202,7 @@
> > >  RAID 4 and RAID 5 require at least three devices,
> > >  and the CRYPTO discipline requires exactly one.
> > >  .It Fl d
> > > -Delete volume specified by device.
> > > +Detach volume specified by device.
> > 
> > softraid people?
> 
> Nope; technically it is a delete.  Detaching is a side-effect.
> 

Delete is a strong word. Does it mean that the RAID meta information is
deleted (and with it all data on the softraid volume) or does it just mean
that the softraid volume is removed from the kernel?
IMO the use of delete here is not a good choice.

-- 
:wq Claudio

Re: Minor clarifications for bioctl.8 and softraid.4

[Jason McIntyre]

On Sun, Sep 12, 2010 at 12:22:25PM -0700, Chris Palmer wrote:
> I recently set up a CRYPTO volume with softraid(4) and enjoyed it. Thanks!
> 
> Here are some hopefully-clarifying diffs to the man pages.
> 

ok, my diff below tries to collect the various bits of feedback. stuff i
haven't taken:

- delete -> detach, for reasons given by marco
- `` -> "; i don't think it's worth changing
- sd2 -> sd3; ditto
- the softraid(4) tweak, for reasons i gave earlier

feel free to argue. anyway, here's what i have. ok?
jmc

Index: bioctl.8
===
RCS file: /cvs/src/sbin/bioctl/bioctl.8,v
retrieving revision 1.80
diff -u -r1.80 bioctl.8
--- bioctl.831 Dec 2009 14:00:45 -  1.80
+++ bioctl.813 Sep 2010 05:09:59 -
@@ -223,7 +223,7 @@
 It cannot be used during the initial creation of the crypto volume.
 .It Fl r Ar rounds
 When creating an encrypted volume, specifies the number of iterations of
-the algorithm used to convert a passphrase into a key.
+the PBKDF2 algorithm used to convert a passphrase into a key.
 Higher iteration counts take more time, but offer more resistance to key
 guessing attacks.
 The minimum is 1000 rounds and the default is 8192.
@@ -245,7 +245,7 @@
 .Ed
 .Pp
 .Nm
-will ask for a passphrase, that will be needed to unlock the encrypted
+will ask for a passphrase, which will be needed to unlock the encrypted
 disk.
 After creating a newly encrypted disk, the first megabyte of it should be
 zeroed, so tools like
@@ -267,6 +267,11 @@
 .Xr bio 4 ,
 .Xr scsi 4 ,
 .Xr softraid 4
+.Rs
+.%R RFC 2898
+.%T "PKCS #5: Password-Based Cryptography Specification Version 2.0"
+.%D 2000
+.Re
 .Sh HISTORY
 The
 .Nm
@@ -278,4 +283,4 @@
 interface was written by
 .An Marco Peereboom Aq ma...@openbsd.org .
 .Sh CAVEATS
-Use of the crypto & RAID 4/5 disciplines are currently considered experimental.
+Use of the CRYPTO & RAID 4/5 disciplines are currently considered experimental.

A tiny feature for mg(1): beginning-of-line

[Chris Palmer]

I have found this feature useful in other text editors. Maybe you will too?


--- mg.1.orig   Sun Sep 12 20:23:21 2010
+++ mg.1Sun Sep 12 20:24:36 2010
@@ -320,7 +320,8 @@ Move cursor backwards by the specified number of words
 .It beginning-of-buffer
 Move cursor to the top of the buffer.
 .It beginning-of-line
-Move cursor to the beginning of the line.
+Move cursor to the beginning of the line. Calling this function again moves
+the cursor to the first non-whitespace character of the line.
 .It blink-and-insert
 Self-insert a character, then search backwards and blink its
 matching delimeter.


--- basic.c.origSun Sep 12 20:01:41 2010
+++ basic.c Sun Sep 12 20:18:56 2010
@@ -22,7 +22,21 @@
 int
 gotobol(int f, int n)
 {
-   curwp->w_doto = 0;
+   if (0 != curwp->w_doto)
+   curwp->w_doto = 0;
+   else {
+   char * ln = curwp->w_dotp->l_text;
+   int i = 0;
+
+   if (ln)
+   while (*ln && isspace(*ln)) {
+   i++;
+   ln++;
+   }
+
+   curwp->w_doto = i;
+   }
+
return (TRUE);
 }


-- 
http://noncombatant.org/

Enable no-tab-mode in mg(1)

[Chris Palmer]

Although documented in the man page, mg is not compiled with -DNOTAB, so it
isn't actually available. This patch fixes that.


--- Makefile.orig   Sun Sep 12 18:03:23 2010
+++ MakefileSun Sep 12 18:03:54 2010
@@ -12,8 +12,9 @@ DPADD+=   ${LIBCURSES}
 #  STARTUP -- look for and handle initialization file.
 #  XKEYS   -- use termcap function key definitions.
 #  note: XKEYS and bsmap mode do _not_ get along.
+#  NOTAB   -- enable no-tab-mode
 #
-CFLAGS+=-Wall -DFKEYS -DREGEX -DXKEYS
+CFLAGS+=-Wall -DFKEYS -DREGEX -DXKEYS -DNOTAB
 
 SRCS=  autoexec.c basic.c buffer.c cinfo.c dir.c dired.c display.c \
echo.c extend.c file.c fileio.c funmap.c help.c kbd.c keymap.c \


--- cmode.c.origSun Sep 12 17:59:10 2010
+++ cmode.c Sun Sep 12 17:59:48 2010
@@ -242,7 +242,7 @@ getindent(const struct line *lp, int *curi)
break;
if (c == '\t'
 #ifdef NOTAB
-   && !(curbp-b_flag & BFNOTAB)
+   && !(curbp->b_flag & BFNOTAB)
 #endif /* NOTAB */
) {
nicol |= 0x07;


--- random.c.orig   Sun Sep 12 17:57:56 2010
+++ random.cSun Sep 12 17:58:39 2010
@@ -367,7 +367,7 @@ indent(int f, int n)
(void)gotobol(FFRAND, 1);
if (
 #ifdef NOTAB
-   curbp->b_flag & BFNOTAB) ? linsert(n, ' ') == FALSE :
+   (curbp->b_flag & BFNOTAB) ? linsert(n, ' ') == FALSE :
 #endif /* NOTAB */
(((i = n / 8) != 0 && linsert(i, '\t') == FALSE) ||
((i = n % 8) != 0 && linsert(i, ' ') == FALSE)))



-- 
http://noncombatant.org/

Re: bioctl patch (inline) diff -uNp

[Marco Peereboom]

I am not a fan of this.  Why wouldn't you do this in the wrapping
script?

I added some style nits too for future reference

On Sun, Sep 12, 2010 at 11:42:26PM +0200, Merlyn wrote:
> Index: bioctl.c
> ===
> RCS file: /cvs/src/sbin/bioctl/bioctl.c,v
> retrieving revision 1.97
> diff -u -p -r1.97 bioctl.c
> --- bioctl.c  10 Jul 2010 02:56:16 -  1.97
> +++ bioctl.c  12 Sep 2010 21:40:23 -
> @@ -71,7 +71,7 @@ int bio_getvolbyname(char *);
>  void bio_setstate(char *, int, char *);
>  void bio_setblink(char *, char *, int);
>  void bio_blink(char *, int, int);
> -void bio_createraid(u_int16_t, char *, char *);
> +int  bio_createraid(u_int16_t, char *, char *);
>  void bio_deleteraid(char *);
>  void bio_changepass(char *);
>  u_int32_tbio_createflags(char *);
> @@ -102,11 +102,14 @@ main(int argc, char *argv[])
>   int ss_func = 0;
>   u_int16_t   cr_level = 0;
>   int biodev = 0;
> + int success = 0;
> + int more_tries = 0;
> + int retries = 0;
> 
>   if (argc < 2)
>   usage();
> 
> - while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:vu:")) !=
> + while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:t:vu:")) !=
>   -1) {
>   switch (ch) {
>   case 'a': /* alarm */
> @@ -132,6 +135,14 @@ main(int argc, char *argv[])
>   /* delete volume */
>   func |= BIOC_DELETERAID;
>   break;
> + case 't':
> + /* ask for password retries-times */
> + more_tries = 1;
> + retries = strtonum(optarg, 0, 1000, &errstr);
> + if (errstr != NULL)
> + errx(1, "Number of retries is %s: %s",
> + errstr, optarg);
> + break;
>   case 'u': /* unblink */
>   func |= BIOC_BLINK;
>   blink = BIOC_SBUNBLINK;
> @@ -234,7 +245,17 @@ main(int argc, char *argv[])
>   errx(1, "need -l parameter");
>   if (!biodev)
>   errx(1, "must use bio device");
> - bio_createraid(cr_level, dev_list, key_disk);
> + if (more_tries == 1)
> + if ( retries == 0 )
> + do
> + success=bio_createraid(cr_level, 
> dev_list, key_disk);
> + while ( success == -1 );
   ^ no space^
> + else
> + do
> + success=bio_createraid(cr_level, 
> dev_list, key_disk);
> + while ( --retries > 0 && success == -1 );
   ^ no space there   ^
> + else
> + bio_createraid(cr_level, dev_list, key_disk);
>   }
> 
>   return (0);
> @@ -255,7 +276,8 @@ usage(void)
>  "   %s [-dhiPqv] "
>  "[-C flag[,flag,...]] [-c raidlevel] [-k keydisk]\n"
>  "\t[-l special[,special,...]] [-p passfile]\n"
> -"\t[-R device | channel:target[.lun] [-r rounds] "
> +"\t[-R device | channel:target[.lun] [-r rounds]\n"
> + "\t[-t retries] "
>   "device\n", __progname, __progname);
>   
>   exit(1);
> @@ -685,7 +707,7 @@ bio_blink(char *enclosure, int target, i
>   close(bioh);
>  }
> 
> -void
> +int
>  bio_createraid(u_int16_t level, char *dev_list, char *key_disk)
>  {
>   struct bioc_createraid  create;
> @@ -798,8 +820,10 @@ bio_createraid(u_int16_t level, char *de
>   memset(&kdfinfo, 0, sizeof(kdfinfo));
>   memset(&create, 0, sizeof(create));
>   if (rv == -1) {
> - if (errno == EPERM)
> - errx(1, "Incorrect passphrase");
> + if (errno == EPERM) {
> + fprintf(stderr,"Incorrect passphrase\n");
> + return -1;
> + }
>   err(1, "BIOCCREATERAID");
>   }

Re: patch_bioctl_F.patch (inline)

[Marco Peereboom]

We want patches done with diff -uNp please.

On Sun, Sep 12, 2010 at 10:56:22PM +0200, Merlyn wrote:
> sending the patch fot bioctl
> I'm quite a newbie, so if you find some problem (and you certainly will),
> could you please explain it for me?
> there is a little change from the previous patch - parameter
> has been renamed to -t and expects the number of retries (0 means infinitely).
> 
> 
> *** /usr/src/sbin/bioctl/bioctl.c Sun Sep 12 00:15:18 2010
> --- /usr/src/sbin/bioctl/bioctl.c Sun Sep 12 23:41:27 2010
> ***
> *** 71,77 
>   voidbio_setstate(char *, int, char *);
>   voidbio_setblink(char *, char *, int);
>   voidbio_blink(char *, int, int);
> ! voidbio_createraid(u_int16_t, char *, char *);
>   voidbio_deleteraid(char *);
>   voidbio_changepass(char *);
>   u_int32_t   bio_createflags(char *);
> --- 71,77 
>   voidbio_setstate(char *, int, char *);
>   voidbio_setblink(char *, char *, int);
>   voidbio_blink(char *, int, int);
> ! int bio_createraid(u_int16_t, char *, char *);
>   voidbio_deleteraid(char *);
>   voidbio_changepass(char *);
>   u_int32_t   bio_createflags(char *);
> ***
> *** 102,112 
>   int ss_func = 0;
>   u_int16_t   cr_level = 0;
>   int biodev = 0;
> 
>   if (argc < 2)
>   usage();
> 
> ! while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:vu:")) !=
>   -1) {
>   switch (ch) {
>   case 'a': /* alarm */
> --- 102,115 
>   int ss_func = 0;
>   u_int16_t   cr_level = 0;
>   int biodev = 0;
> + int success = 0;
> + int more_tries = 0;
> + int retries = 0;
> 
>   if (argc < 2)
>   usage();
> 
> ! while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:t:vu:")) !=
>   -1) {
>   switch (ch) {
>   case 'a': /* alarm */
> ***
> *** 132,137 
> --- 135,148 
>   /* delete volume */
>   func |= BIOC_DELETERAID;
>   break;
> + case 't':
> + /* ask for password retries-times */
> + more_tries = 1;
> + retries = strtonum(optarg, 0, 1000, &errstr);
> + if (errstr != NULL)
> + errx(1, "Number of retries is %s: %s",
> + errstr, optarg);
> + break;
>   case 'u': /* unblink */
>   func |= BIOC_BLINK;
>   blink = BIOC_SBUNBLINK;
> ***
> *** 234,240 
>   errx(1, "need -l parameter");
>   if (!biodev)
>   errx(1, "must use bio device");
> ! bio_createraid(cr_level, dev_list, key_disk);
>   }
> 
>   return (0);
> --- 245,264 
>   errx(1, "need -l parameter");
>   if (!biodev)
>   errx(1, "must use bio device");
> ! if (more_tries == 1){
> ! if ( retries == 0 ){
> ! do {
> ! success=bio_createraid(cr_level, 
> dev_list, key_disk);
> ! } while ( success == -1 );
> ! } else {
> ! do {
> ! success=bio_createraid(cr_level, 
> dev_list, key_disk);
> ! } while ( --retries > 0 && success == -1 );
> ! }
> ! } else {
> ! bio_createraid(cr_level, dev_list, key_disk);
> ! }
> ! 
>   }
> 
>   return (0);
> ***
> *** 685,691 
>   close(bioh);
>   }
> 
> ! void
>   bio_createraid(u_int16_t level, char *dev_list, char *key_disk)
>   {
>   struct bioc_createraid  create;
> --- 709,715 
>   close(bioh);
>   }
> 
> ! int
>   bio_createraid(u_int16_t level, char *dev_list, char *key_disk)
>   {
>   struct bioc_createraid  create;
> ***
> *** 798,805 
>   memset(&kdfinfo, 0, sizeof(kdfinfo));
>   memset(&create, 0, sizeof(create));
>   if (rv == -1) {
> ! if (errno == EPERM)
> ! errx(1, "Incorrect passphrase");
>   err(1, "BIOCCREATERAID");
>   }
> 
> --- 822,831 
>   memset(&kdfinfo, 0, sizeof(kdfinfo));
>   memset(&create, 0, sizeof(create));
>   if (rv == -1) {
> ! if (errno == EPERM) {

Re: bioctl.c and /etc/rc patches

[Marco Peereboom]

Thib is right.  I for one can't be bothered to look at patches I need to
do special stuff to.  mutt or pine work just fine when using a real text
editor.

On Sun, Sep 12, 2010 at 07:04:01PM +, Thordur I Bjornsson wrote:
> On Sun, Sep 12, 2010 at 11:44:12AM +0200, merlyn wrote:
> > I found out (thanks Stuart Henderson), that kmail replaces tabs with 
> > spaces, so patch is not appliable, so I've uploaded the patches here:
> This is the complication.
> 
> When looking at diffs, people want them _in the message body_ not because
> they are lazy and don't want to jump through hoops to see the diffs (well
> people are lazy and will not jump through the hoops so...) but because it
> makes talking about the diffs easier, e.g. inline comments.
> 
> If you can't be bothered to spend some time to fix your mailer or switch
> a mailer that doesn't fuck up your outgoing mails, why should people and
> specially developers bother jumping through hoops trying to read your diffs ?
> 
> I'm not throwing dirt, but fix your mailer and don't demand an exception
> to a process that has been in use for years. Diffs go inline into the body
> of your mail.
> 
> From the looks of the name of the diffs, this could be neat, but I'm lazy.
> 
> Nice to see people taking an interest in bioctl though! :)
> 
> Ciao, thib.
> 
> > http://merlyn.cz/patch_bioctl_F.patch
> > http://merlyn.cz/patch_rc.patch
> > And example softraid.conf
> > http://merlyn.cz/softraid.conf
> > 
> > Sorry for complications
> > 
> > 
> > -- 
> > merlyn 
> > OpenBSD ufo.merlyn.cz 4.8 GENERIC#1 i386

Re: Minor clarifications for bioctl.8 and softraid.4

[Marco Peereboom]

On Sun, Sep 12, 2010 at 09:21:31PM +0100, Jason McIntyre wrote:
> On Sun, Sep 12, 2010 at 12:22:25PM -0700, Chris Palmer wrote:
> > I recently set up a CRYPTO volume with softraid(4) and enjoyed it. Thanks!
> > 
> > Here are some hopefully-clarifying diffs to the man pages.
> > 
> 
> feedback from softraid people please...

Inline where I don't agree.

> 
> > 
> > --- bioctl.8.orig   Sat Sep 11 19:55:27 2010
> > +++ bioctl.8Sun Sep 12 12:17:30 2010
> > @@ -119,7 +119,7 @@
> >  promote it to being a
> >  .Dq Hot Spare .
> >  .It Fl h
> > -Where necessary, produce "human-readable" output.
> > +Where necessary, produce ``human-readable'' output.
> 
> er, ...
> 
> >  Use unit suffixes: Byte, Kilobyte, Megabyte,
> >  Gigabyte, Terabyte, Petabyte, Exabyte in order to reduce the number of
> >  digits to four or less.
> > @@ -202,7 +202,7 @@
> >  RAID 4 and RAID 5 require at least three devices,
> >  and the CRYPTO discipline requires exactly one.
> >  .It Fl d
> > -Delete volume specified by device.
> > +Detach volume specified by device.
> 
> softraid people?

Nope; technically it is a delete.  Detaching is a side-effect.

> 
> >  .It Fl k Ar keydisk
> >  Use special device
> >  .Ar keydisk
> > @@ -224,6 +224,7 @@
> >  .It Fl r Ar rounds
> >  When creating an encrypted volume, specifies the number of iterations of
> >  the algorithm used to convert a passphrase into a key.
> > +(The algorithm is PBKDF2.)
> 
> if correct, we can probably say:
> 
> ...the algorithm used (PBKDF2) to convert...
> but someone confirm, please.
> 
> >  Higher iteration counts take more time, but offer more resistance to key
> >  guessing attacks.
> >  The minimum is 1000 rounds and the default is 8192.
> > @@ -245,20 +246,19 @@
> >  .Ed
> >  .Pp
> >  .Nm
> > -will ask for a passphrase, that will be needed to unlock the encrypted
> > -disk.
> > +will ask for the passphrase needed to unlock the encrypted disk.
> >  After creating a newly encrypted disk, the first megabyte of it should be
> >  zeroed, so tools like
> >  .Xr fdisk 8
> >  or
> >  .Xr disklabel 8
> >  don't get confused by the random data that appears on the new disk.
> > -This can be done with the following command (assuming the new disk is sd3):
> > +This can be done with the following command (assuming the new disk is sd2):
> >  .Bd -literal -offset 3n
> > -# dd if=/dev/zero of=/dev/rsd3c bs=1m count=1
> > +# dd if=/dev/zero of=/dev/rsd2c bs=1m count=1
> 
> er, ...
> 
> >  .Ed
> >  .Pp
> > -Deleting a softraid volume requires the exact volume name.
> > +Detaching a softraid volume requires the exact volume name.
> 
> softraid people, please.

Same as previous.

> 
> >  For example:
> >  .Bd -literal -offset 3n
> >  # bioctl -d sd2
> > @@ -267,6 +267,8 @@
> >  .Xr bio 4 ,
> >  .Xr scsi 4 ,
> >  .Xr softraid 4
> > +.Pp
> > +RFC 2898 describes PBKDF2.
> 
> we can probably expand this.
> 
> >  .Sh HISTORY
> >  The
> >  .Nm
> > @@ -278,4 +280,4 @@
> >  interface was written by
> >  .An Marco Peereboom Aq ma...@openbsd.org .
> >  .Sh CAVEATS
> > -Use of the crypto & RAID 4/5 disciplines are currently considered 
> > experimental.
> > +Use of the CRYPTO and RAID 4/5 disciplines are currently considered 
> > experimental.
> > 
> > 
> > --- softraid.4.orig Sun Sep 12 12:13:10 2010
> > +++ softraid.4  Sun Sep 12 12:14:50 2010
> > @@ -119,6 +119,9 @@
> >  # printf "a\en\en\en\enRAID\enw\enq\en\en" | disklabel -E wd3
> >  .Ed
> >  .Pp
> > +(Note that RAID is also the correct partition type when using the CRYPTO
> > +discipline.)
> > +.Pp
> 
> this page already states:
> 
>   A chunk is a partition or storage area of fstype ``RAID''.
>   disklabel(8) is used to alter the fstype.
> 
> this is pretty clear, no?
> 
> jmc

bioctl patch (inline) diff -uNp

[Merlyn]

Index: bioctl.c
===
RCS file: /cvs/src/sbin/bioctl/bioctl.c,v
retrieving revision 1.97
diff -u -p -r1.97 bioctl.c
--- bioctl.c10 Jul 2010 02:56:16 -  1.97
+++ bioctl.c12 Sep 2010 21:40:23 -
@@ -71,7 +71,7 @@ int   bio_getvolbyname(char *);
 void   bio_setstate(char *, int, char *);
 void   bio_setblink(char *, char *, int);
 void   bio_blink(char *, int, int);
-void   bio_createraid(u_int16_t, char *, char *);
+intbio_createraid(u_int16_t, char *, char *);
 void   bio_deleteraid(char *);
 void   bio_changepass(char *);
 u_int32_t  bio_createflags(char *);
@@ -102,11 +102,14 @@ main(int argc, char *argv[])
int ss_func = 0;
u_int16_t   cr_level = 0;
int biodev = 0;
+   int success = 0;
+   int more_tries = 0;
+   int retries = 0;

if (argc < 2)
usage();

-   while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:vu:")) !=
+   while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:t:vu:")) !=
-1) {
switch (ch) {
case 'a': /* alarm */
@@ -132,6 +135,14 @@ main(int argc, char *argv[])
/* delete volume */
func |= BIOC_DELETERAID;
break;
+   case 't':
+   /* ask for password retries-times */
+   more_tries = 1;
+   retries = strtonum(optarg, 0, 1000, &errstr);
+   if (errstr != NULL)
+   errx(1, "Number of retries is %s: %s",
+   errstr, optarg);
+   break;
case 'u': /* unblink */
func |= BIOC_BLINK;
blink = BIOC_SBUNBLINK;
@@ -234,7 +245,17 @@ main(int argc, char *argv[])
errx(1, "need -l parameter");
if (!biodev)
errx(1, "must use bio device");
-   bio_createraid(cr_level, dev_list, key_disk);
+   if (more_tries == 1)
+   if ( retries == 0 )
+   do
+   success=bio_createraid(cr_level, 
dev_list, key_disk);
+   while ( success == -1 );
+   else
+   do
+   success=bio_createraid(cr_level, 
dev_list, key_disk);
+   while ( --retries > 0 && success == -1 );
+   else
+   bio_createraid(cr_level, dev_list, key_disk);
}

return (0);
@@ -255,7 +276,8 @@ usage(void)
 "   %s [-dhiPqv] "
 "[-C flag[,flag,...]] [-c raidlevel] [-k keydisk]\n"
 "\t[-l special[,special,...]] [-p passfile]\n"
-"\t[-R device | channel:target[.lun] [-r rounds] "
+"\t[-R device | channel:target[.lun] [-r rounds]\n"
+   "\t[-t retries] "
"device\n", __progname, __progname);

exit(1);
@@ -685,7 +707,7 @@ bio_blink(char *enclosure, int target, i
close(bioh);
 }

-void
+int
 bio_createraid(u_int16_t level, char *dev_list, char *key_disk)
 {
struct bioc_createraid  create;
@@ -798,8 +820,10 @@ bio_createraid(u_int16_t level, char *de
memset(&kdfinfo, 0, sizeof(kdfinfo));
memset(&create, 0, sizeof(create));
if (rv == -1) {
-   if (errno == EPERM)
-   errx(1, "Incorrect passphrase");
+   if (errno == EPERM) {
+   fprintf(stderr,"Incorrect passphrase\n");
+   return -1;
+   }
err(1, "BIOCCREATERAID");
}

Re: Minor clarifications for bioctl.8 and softraid.4

[Chris Palmer]

Jason McIntyre writes:

> if correct, we can probably say:
> 
> ...the algorithm used (PBKDF2) to convert...
> but someone confirm, please.

It's correct. Look at the bioctl source code, e.g. pbkdf2.[ch]. From bioctl.c:

if (kdfhint->len != sizeof(*kdfhint))
errx(1, "KDF hint has invalid size");
if (kdfhint->type != SR_CRYPTOKDFT_PBKDF2)
errx(1, "unknown KDF type %d", kdfhint->type);
if (kdfhint->rounds < 1000)  
errx(1, "number of KDF rounds too low: %d", kdfhint->rounds);


-- 
http://noncombatant.org/

Re: patch_bioctl_F.patch (inline)

[Owain Ainsworth]

On Sun, Sep 12, 2010 at 10:56:22PM +0200, Merlyn wrote:
> sending the patch fot bioctl
> I'm quite a newbie, so if you find some problem (and you certainly will),
> could you please explain it for me?
> there is a little change from the previous patch - parameter
> has been renamed to -t and expects the number of retries (0 means infinitely).

cvs diff -uNp, please.

-0-
-- 
Those who do not understand Unix are condemned to reinvent it, poorly.
-- Henry Spencer

patch_bioctl_F.patch (inline)

[Merlyn]

sending the patch fot bioctl
I'm quite a newbie, so if you find some problem (and you certainly will),
could you please explain it for me?
there is a little change from the previous patch - parameter
has been renamed to -t and expects the number of retries (0 means infinitely).


*** /usr/src/sbin/bioctl/bioctl.c   Sun Sep 12 00:15:18 2010
--- /usr/src/sbin/bioctl/bioctl.c   Sun Sep 12 23:41:27 2010
***
*** 71,77 
  void  bio_setstate(char *, int, char *);
  void  bio_setblink(char *, char *, int);
  void  bio_blink(char *, int, int);
! void  bio_createraid(u_int16_t, char *, char *);
  void  bio_deleteraid(char *);
  void  bio_changepass(char *);
  u_int32_t bio_createflags(char *);
--- 71,77 
  void  bio_setstate(char *, int, char *);
  void  bio_setblink(char *, char *, int);
  void  bio_blink(char *, int, int);
! int   bio_createraid(u_int16_t, char *, char *);
  void  bio_deleteraid(char *);
  void  bio_changepass(char *);
  u_int32_t bio_createflags(char *);
***
*** 102,112 
int ss_func = 0;
u_int16_t   cr_level = 0;
int biodev = 0;

if (argc < 2)
usage();

!   while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:vu:")) !=
-1) {
switch (ch) {
case 'a': /* alarm */
--- 102,115 
int ss_func = 0;
u_int16_t   cr_level = 0;
int biodev = 0;
+   int success = 0;
+   int more_tries = 0;
+   int retries = 0;

if (argc < 2)
usage();

!   while ((ch = getopt(argc, argv, "a:b:C:c:dH:hik:l:Pp:qr:R:t:vu:")) !=
-1) {
switch (ch) {
case 'a': /* alarm */
***
*** 132,137 
--- 135,148 
/* delete volume */
func |= BIOC_DELETERAID;
break;
+   case 't':
+   /* ask for password retries-times */
+   more_tries = 1;
+   retries = strtonum(optarg, 0, 1000, &errstr);
+   if (errstr != NULL)
+   errx(1, "Number of retries is %s: %s",
+   errstr, optarg);
+   break;
case 'u': /* unblink */
func |= BIOC_BLINK;
blink = BIOC_SBUNBLINK;
***
*** 234,240 
errx(1, "need -l parameter");
if (!biodev)
errx(1, "must use bio device");
!   bio_createraid(cr_level, dev_list, key_disk);
}

return (0);
--- 245,264 
errx(1, "need -l parameter");
if (!biodev)
errx(1, "must use bio device");
!   if (more_tries == 1){
!   if ( retries == 0 ){
!   do {
!   success=bio_createraid(cr_level, 
dev_list, key_disk);
!   } while ( success == -1 );
!   } else {
!   do {
!   success=bio_createraid(cr_level, 
dev_list, key_disk);
!   } while ( --retries > 0 && success == -1 );
!   }
!   } else {
!   bio_createraid(cr_level, dev_list, key_disk);
!   }
!   
}

return (0);
***
*** 685,691 
close(bioh);
  }

! void
  bio_createraid(u_int16_t level, char *dev_list, char *key_disk)
  {
struct bioc_createraid  create;
--- 709,715 
close(bioh);
  }

! int
  bio_createraid(u_int16_t level, char *dev_list, char *key_disk)
  {
struct bioc_createraid  create;
***
*** 798,805 
memset(&kdfinfo, 0, sizeof(kdfinfo));
memset(&create, 0, sizeof(create));
if (rv == -1) {
!   if (errno == EPERM)
!   errx(1, "Incorrect passphrase");
err(1, "BIOCCREATERAID");
}

--- 822,831 
memset(&kdfinfo, 0, sizeof(kdfinfo));
memset(&create, 0, sizeof(create));
if (rv == -1) {
!   if (errno == EPERM) {
!   fprintf(stderr,"Incorrect passphrase\n");
!   return -1;
!   }
err(1, "BIOCCREATERAID");
}

Re: Minor clarifications for bioctl.8 and softraid.4

[Jason McIntyre]

On Sun, Sep 12, 2010 at 12:22:25PM -0700, Chris Palmer wrote:
> I recently set up a CRYPTO volume with softraid(4) and enjoyed it. Thanks!
> 
> Here are some hopefully-clarifying diffs to the man pages.
> 

feedback from softraid people please...

> 
> --- bioctl.8.orig Sat Sep 11 19:55:27 2010
> +++ bioctl.8  Sun Sep 12 12:17:30 2010
> @@ -119,7 +119,7 @@
>  promote it to being a
>  .Dq Hot Spare .
>  .It Fl h
> -Where necessary, produce "human-readable" output.
> +Where necessary, produce ``human-readable'' output.

er, ...

>  Use unit suffixes: Byte, Kilobyte, Megabyte,
>  Gigabyte, Terabyte, Petabyte, Exabyte in order to reduce the number of
>  digits to four or less.
> @@ -202,7 +202,7 @@
>  RAID 4 and RAID 5 require at least three devices,
>  and the CRYPTO discipline requires exactly one.
>  .It Fl d
> -Delete volume specified by device.
> +Detach volume specified by device.

softraid people?

>  .It Fl k Ar keydisk
>  Use special device
>  .Ar keydisk
> @@ -224,6 +224,7 @@
>  .It Fl r Ar rounds
>  When creating an encrypted volume, specifies the number of iterations of
>  the algorithm used to convert a passphrase into a key.
> +(The algorithm is PBKDF2.)

if correct, we can probably say:

...the algorithm used (PBKDF2) to convert...
but someone confirm, please.

>  Higher iteration counts take more time, but offer more resistance to key
>  guessing attacks.
>  The minimum is 1000 rounds and the default is 8192.
> @@ -245,20 +246,19 @@
>  .Ed
>  .Pp
>  .Nm
> -will ask for a passphrase, that will be needed to unlock the encrypted
> -disk.
> +will ask for the passphrase needed to unlock the encrypted disk.
>  After creating a newly encrypted disk, the first megabyte of it should be
>  zeroed, so tools like
>  .Xr fdisk 8
>  or
>  .Xr disklabel 8
>  don't get confused by the random data that appears on the new disk.
> -This can be done with the following command (assuming the new disk is sd3):
> +This can be done with the following command (assuming the new disk is sd2):
>  .Bd -literal -offset 3n
> -# dd if=/dev/zero of=/dev/rsd3c bs=1m count=1
> +# dd if=/dev/zero of=/dev/rsd2c bs=1m count=1

er, ...

>  .Ed
>  .Pp
> -Deleting a softraid volume requires the exact volume name.
> +Detaching a softraid volume requires the exact volume name.

softraid people, please.

>  For example:
>  .Bd -literal -offset 3n
>  # bioctl -d sd2
> @@ -267,6 +267,8 @@
>  .Xr bio 4 ,
>  .Xr scsi 4 ,
>  .Xr softraid 4
> +.Pp
> +RFC 2898 describes PBKDF2.

we can probably expand this.

>  .Sh HISTORY
>  The
>  .Nm
> @@ -278,4 +280,4 @@
>  interface was written by
>  .An Marco Peereboom Aq ma...@openbsd.org .
>  .Sh CAVEATS
> -Use of the crypto & RAID 4/5 disciplines are currently considered 
> experimental.
> +Use of the CRYPTO and RAID 4/5 disciplines are currently considered 
> experimental.
> 
> 
> --- softraid.4.orig   Sun Sep 12 12:13:10 2010
> +++ softraid.4Sun Sep 12 12:14:50 2010
> @@ -119,6 +119,9 @@
>  # printf "a\en\en\en\enRAID\enw\enq\en\en" | disklabel -E wd3
>  .Ed
>  .Pp
> +(Note that RAID is also the correct partition type when using the CRYPTO
> +discipline.)
> +.Pp

this page already states:

A chunk is a partition or storage area of fstype ``RAID''.
disklabel(8) is used to alter the fstype.

this is pretty clear, no?

jmc

Re: Minor clarifications for bioctl.8 and softraid.4

[Chris Palmer]

Thordur I Bjornsson writes:

> > -Where necessary, produce "human-readable" output.
> > +Where necessary, produce ``human-readable'' output.
>
> Why is this better ? (I'm not a native english speaker, so I'm genuinely 
> asking)

It's not better per se; it's just consistent with the quote style in the
rest of the man page.

> > -# dd if=/dev/zero of=/dev/rsd3c bs=1m count=1
> > +# dd if=/dev/zero of=/dev/rsd2c bs=1m count=1
>
> This is probably done on purpose to prevent people from copy/pasting
> commands out of the man page.

Sure. I don't feel strongly about this change. But, I thought that it is
better to be consistent with the immediately preceding and postceding
examples, which operate on sd2. The three examples, when they all use the
same device, could potentially be part of a realistic command sequence: set
it up with CRYPTO discipline... zero out the beginning... do stuff with
it... detach it.

Also, especially with sd* devices, there is a tricky thing where if you plug
in a USB disk (e.g. sd0) when you put a softraid on it, you'll newfs and
mount it as sd1*. I imagined that people might confuse this sd2 -> sd3
example with the increment-device-id-by-1 behavior that is natural to
putting softraid devices on sd devices. That particular thing didn't trip me
up, but I imagined that it could trip someone else up.

Another possible change would be to consistently use completely different
devices, like wd5, sd7, sd0, et c.

> > +(Note that RAID is also the correct partition type when using the CRYPTO
> > +discipline.)
>
> Having this note in parentheses is pretty ugly IMO.

Removing the parens would be fine by me.


-- 
http://noncombatant.org/

Re: DNS advertisement in RA - rtadvd(8) part

[Stefan Sperling]

On Sun, Sep 12, 2010 at 08:39:59PM +0200, Martin Pelikan wrote:
> 2010/9/12, Stefan Sperling :
> > I think we'll need a way to configure nameserver addresses from rtadvd.conf.
> > Reading nameserver information from resolv.conf may be useful in certain
> > setups, but it won't make everyone happy.
> > What if the nameserver in resolv.conf is a loopback address?
> > I run named on my router so resolv.conf points to localhost.
> 
> I know, but it's actually quite simple. I'll post it along with other stuff.

Great, thanks!

> > Your diff introduces yet another copy of code parsing the resolv.conf file.
> > Others are in libc and named. But I guess there's no way around that short
> > of moving it into some library, which is out of scope for this diff.
> 
> Sorry, but where in libc would I find a thing for reading configured
> resolvers? res_init() claims to do so, but I can't see any arguments
> going in or out. The rumors say named is being replaced by nsd and
> personally I don't want to mess with named code...

I didn't mean to imply that you should change your patch.
Yes, you have no other choice but to parse it yourself.
The other parsers in libc (res_init) and named aren't reusable.
Just saying that we might want to have a single resolv.conf parser
implementation instead of adding new ones, but that's a problem for
another day. Maybe it's not even a problem.

> > RFC 5006 is "experimental". Do you know which operating systems have
> > already implemented it?
> 
> AFAIK newer Windows, Linux in radvd and FreeBSD through radns on the
> client side. Michael said the earlier versions of radns worked even on
> Mac OS X...

OK, so I guess there's value in supporting this.

Re: patch to add RequestHeader directive to httpd mod_headers.c

[Alexander Hall]

On 09/12/10 18:20, Sebastian Reitenbach wrote:

> -table *tbl = (hdr->do_err ? r->err_headers_out : r->headers_out);
> +table *tbl;
> +switch (hdr->inout) {
> +case hdrs_out:
> +  tbl = r->headers_out;
> +  break;
> +case hdrs_in:
> +  tbl = r->headers_in;
> +  break;
> +}
> +tbl = (hdr->do_err ? r->err_headers_out : r->headers_out);

Err... Set tbl above and then set it again?

Also, what's with the indentation?

>  switch (hdr->action) {
>  case hdr_add:
>  ap_table_addn(tbl, hdr->header, hdr->value);

Re: Minor clarifications for bioctl.8 and softraid.4

[Thordur I Bjornsson]

On Sun, Sep 12, 2010 at 12:22:25PM -0700, Chris Palmer wrote:
> -Where necessary, produce "human-readable" output.
> +Where necessary, produce ``human-readable'' output.
Why is this better ? (I'm not a native english speaker, so I'm genuinely asking)

> -# dd if=/dev/zero of=/dev/rsd3c bs=1m count=1
> +# dd if=/dev/zero of=/dev/rsd2c bs=1m count=1
This is probably done on purpose to prevent people from copy/pasting
commands out of the man page.

>  .Pp
> +(Note that RAID is also the correct partition type when using the CRYPTO
> +discipline.)
> +.Pp
Having this note in parentheses is pretty ugly IMO.

Minor clarifications for bioctl.8 and softraid.4

[Chris Palmer]

I recently set up a CRYPTO volume with softraid(4) and enjoyed it. Thanks!

Here are some hopefully-clarifying diffs to the man pages.


--- bioctl.8.orig   Sat Sep 11 19:55:27 2010
+++ bioctl.8Sun Sep 12 12:17:30 2010
@@ -119,7 +119,7 @@
 promote it to being a
 .Dq Hot Spare .
 .It Fl h
-Where necessary, produce "human-readable" output.
+Where necessary, produce ``human-readable'' output.
 Use unit suffixes: Byte, Kilobyte, Megabyte,
 Gigabyte, Terabyte, Petabyte, Exabyte in order to reduce the number of
 digits to four or less.
@@ -202,7 +202,7 @@
 RAID 4 and RAID 5 require at least three devices,
 and the CRYPTO discipline requires exactly one.
 .It Fl d
-Delete volume specified by device.
+Detach volume specified by device.
 .It Fl k Ar keydisk
 Use special device
 .Ar keydisk
@@ -224,6 +224,7 @@
 .It Fl r Ar rounds
 When creating an encrypted volume, specifies the number of iterations of
 the algorithm used to convert a passphrase into a key.
+(The algorithm is PBKDF2.)
 Higher iteration counts take more time, but offer more resistance to key
 guessing attacks.
 The minimum is 1000 rounds and the default is 8192.
@@ -245,20 +246,19 @@
 .Ed
 .Pp
 .Nm
-will ask for a passphrase, that will be needed to unlock the encrypted
-disk.
+will ask for the passphrase needed to unlock the encrypted disk.
 After creating a newly encrypted disk, the first megabyte of it should be
 zeroed, so tools like
 .Xr fdisk 8
 or
 .Xr disklabel 8
 don't get confused by the random data that appears on the new disk.
-This can be done with the following command (assuming the new disk is sd3):
+This can be done with the following command (assuming the new disk is sd2):
 .Bd -literal -offset 3n
-# dd if=/dev/zero of=/dev/rsd3c bs=1m count=1
+# dd if=/dev/zero of=/dev/rsd2c bs=1m count=1
 .Ed
 .Pp
-Deleting a softraid volume requires the exact volume name.
+Detaching a softraid volume requires the exact volume name.
 For example:
 .Bd -literal -offset 3n
 # bioctl -d sd2
@@ -267,6 +267,8 @@
 .Xr bio 4 ,
 .Xr scsi 4 ,
 .Xr softraid 4
+.Pp
+RFC 2898 describes PBKDF2.
 .Sh HISTORY
 The
 .Nm
@@ -278,4 +280,4 @@
 interface was written by
 .An Marco Peereboom Aq ma...@openbsd.org .
 .Sh CAVEATS
-Use of the crypto & RAID 4/5 disciplines are currently considered experimental.
+Use of the CRYPTO and RAID 4/5 disciplines are currently considered 
experimental.


--- softraid.4.orig Sun Sep 12 12:13:10 2010
+++ softraid.4  Sun Sep 12 12:14:50 2010
@@ -119,6 +119,9 @@
 # printf "a\en\en\en\enRAID\enw\enq\en\en" | disklabel -E wd3
 .Ed
 .Pp
+(Note that RAID is also the correct partition type when using the CRYPTO
+discipline.)
+.Pp
 Assemble the RAID volume:
 .Bd -literal -offset indent
 # bioctl -c 1 -l /dev/wd1a,/dev/wd2a,/dev/wd3a softraid0


-- 
http://noncombatant.org/

Re: bioctl.c and /etc/rc patches

[Thordur I Bjornsson]

On Sun, Sep 12, 2010 at 11:44:12AM +0200, merlyn wrote:
> I found out (thanks Stuart Henderson), that kmail replaces tabs with 
> spaces, so patch is not appliable, so I've uploaded the patches here:
This is the complication.

When looking at diffs, people want them _in the message body_ not because
they are lazy and don't want to jump through hoops to see the diffs (well
people are lazy and will not jump through the hoops so...) but because it
makes talking about the diffs easier, e.g. inline comments.

If you can't be bothered to spend some time to fix your mailer or switch
a mailer that doesn't fuck up your outgoing mails, why should people and
specially developers bother jumping through hoops trying to read your diffs ?

I'm not throwing dirt, but fix your mailer and don't demand an exception
to a process that has been in use for years. Diffs go inline into the body
of your mail.

>From the looks of the name of the diffs, this could be neat, but I'm lazy.

Nice to see people taking an interest in bioctl though! :)

Ciao, thib.

> http://merlyn.cz/patch_bioctl_F.patch
> http://merlyn.cz/patch_rc.patch
> And example softraid.conf
> http://merlyn.cz/softraid.conf
> 
> Sorry for complications
> 
> 
> -- 
> merlyn 
> OpenBSD ufo.merlyn.cz 4.8 GENERIC#1 i386

Re: DNS advertisement in RA - rtadvd(8) part

[Martin Pelikán]

2010/9/12, Stefan Sperling :
> I think we'll need a way to configure nameserver addresses from rtadvd.conf.
> Reading nameserver information from resolv.conf may be useful in certain
> setups, but it won't make everyone happy.
> What if the nameserver in resolv.conf is a loopback address?
> I run named on my router so resolv.conf points to localhost.

I know, but it's actually quite simple. I'll post it along with other stuff.

> Your diff introduces yet another copy of code parsing the resolv.conf file.
> Others are in libc and named. But I guess there's no way around that short
> of moving it into some library, which is out of scope for this diff.

Sorry, but where in libc would I find a thing for reading configured
resolvers? res_init() claims to do so, but I can't see any arguments
going in or out. The rumors say named is being replaced by nsd and
personally I don't want to mess with named code...
I also thought about it, and Michael Cardell Widerkrantz, the author
of radns, the userland daemon made just for this purpose, informed me
about the openresolv library, the BSD-licensed solution of proper
resolv.conf handling. But that's for OpenBSD devs to decide.

> RFC 5006 is "experimental". Do you know which operating systems have
> already implemented it?

AFAIK newer Windows, Linux in radvd and FreeBSD through radns on the
client side. Michael said the earlier versions of radns worked even on
Mac OS X...

-- 
Martin Pelikan

Re: merging wpa-psk info ifconfig

[Stuart Henderson]

On 2010/09/12 14:14, Alexander Hall wrote:

> > I agree. I think it might also make sense to clear wpapsk if the nwid
> > is changed to a different value as they key can't possibly be correct
> > as-is, and doing this makes it marginally easier if you move from a WPA
> > network to an open network (no more need to "ifconfig ral0 -wpapsk").
> 
> I was thinking about that, but reckoned you don't really _have_ to use a
> key hashed from the nwid, do you?

I suppose it's possible you might not, but I don't recall seeing any
user interface allowing you to do this on any commercial gear.

> Also, one might want to set the psk before the nwid (for any reason).

Between 3 and 4 you won't be able to do this.

> >>> 3. An nwid is required prior to supplying a passphrase to wpapsk.
> >>> 4. If the nwid is changed afterwards, the passphrase is not adjusted.

> I don't think leaving the psk behind could hurt much.

Just a bit of head-scratching when you try and connect to an open
network after having used a WPA network for a while and forgotten
to do -wpapsk. Usually one works out the mistake within a minute
or two though (at least in my experience :)

patch to add RequestHeader directive to httpd mod_headers.c

[Sebastian Reitenbach]

Hi,

my first time I submit a patch which not goes to the ports.

I have a web based groupware port in the queue, that would benefit from 
the patch below. The patch is against mod_headers.c and adds handling of
RequestHeader directive in the apache configuration, in order to 
manipulate the request header instead of the header.


The patch is based one the one I found here:
http://mail-archives.apache.org/mod_mbox/httpd-bugs/200207.mbox/%3c20020713122353.23227.qm...@nagoya.betaversion.org%3e
There are only some style changes, and at the end some small tweaks, 
since the original patch was against a mod_headers.c file unaware of 
ErrorHeader.


Without this patch, it would be necessary to use apache2 from ports.
Patch tested to compile and works for me as expected on i386.

Is this sth. that can go in, needs some tweaks, more testing, or is a 
stupid idea? Any comment welcome.



cheers,
Sebastian

? mod_headers.c.save
Index: mod_headers.c
===
RCS file: /cvs/src/usr.sbin/httpd/src/modules/standard/mod_headers.c,v
retrieving revision 1.8
diff -u -r1.8 mod_headers.c
--- mod_headers.c   21 Aug 2003 13:11:36 -  1.8
+++ mod_headers.c   12 Sep 2010 15:36:01 -
@@ -59,13 +59,19 @@
 /*
  * mod_headers.c: Add/append/remove HTTP response headers
  * Written by Paul Sutton, p...@ukweb.com, 1 Oct 1996
+ * Updated with RequestHeader by Martin Algesten,
+ *   puck...@taglab.com, 13 Jul 2002.
  *
  * New directive, Header, can be used to add/replace/remove HTTP headers.
  * Valid in both per-server and per-dir configurations.
+ * In addition directive, RequestHeader, can be used exactly as Header but
+ * with the difference that the header is added to the request headers 
rather

+ * than the response.
  *
  * Syntax is:
  *
- *   Header action header value
+ *   Headeraction header value
+ *   RequestHeader action header value
  *
  * Where action is one of:
  * set- set this header, replacing any old value
@@ -77,7 +83,7 @@
  * Where action is unset, the third argument (value) should not be given.
  * The header name can include the colon, or not.
  *
- * The Header directive can only be used where allowed by the FileInfo
+ * The directives can only be used where allowed by the FileInfo
  * override.
  *
  * When the request is processed, the header directives are processed in
@@ -112,7 +118,15 @@
 hdr_unset = 'u' /* unset header */
 } hdr_actions;

+
+typedef enum {
+hdrs_in  = 'i', /* Add header to incoming (request) 
headers */
+hdrs_out = 'o'  /* Add header to outgoing (response) 
headers */

+} hdrs_inout;
+
+
 typedef struct {
+hdrs_inout inout;
 hdr_actions action;
 char *header;
 char *value;
@@ -154,7 +168,7 @@
 return a;
 }

-static const char *header_cmd(cmd_parms *cmd, headers_conf * dirconf, 
char *action, char *hdr, char *value)
+static const char *header_cmd(cmd_parms *cmd, headers_conf * dirconf, 
char *action, char *hdr, char *value, hdrs_inout inout )

 {
 header_entry *new;
 server_rec *s = cmd->server;
@@ -175,6 +189,8 @@
new->do_err = 0;
 }

+new->inout = inout;
+
 if (!strcasecmp(action, "set"))
 new->action = hdr_set;
 else if (!strcasecmp(action, "add"))
@@ -202,9 +218,21 @@
 return NULL;
 }

+static const char *outheader_cmd(cmd_parms *cmd, headers_conf * 
dirconf, char *action, char *hdr, char *value)

+{
+header_cmd( cmd, dirconf, action, hdr, value, hdrs_out );
+}
+
+static const char *inheader_cmd(cmd_parms *cmd, headers_conf * dirconf, 
char *action, char *hdr, char *value)

+{
+header_cmd( cmd, dirconf, action, hdr, value, hdrs_in );
+}
+
 static const command_rec headers_cmds[] =
 {
-{"Header", header_cmd, (void *)0, OR_FILEINFO, TAKE23,
+{"Header", outheader_cmd, NULL, OR_FILEINFO, TAKE23,
+ "an action, header and value"},
+{"RequestHeader", inheader_cmd, NULL, OR_FILEINFO, TAKE23,
  "an action, header and value"},
 {"ErrorHeader", header_cmd, (void *)1, OR_FILEINFO, TAKE23,
  "an action, header and value"},
@@ -217,7 +245,16 @@

 for (i = 0; i < headers->nelts; ++i) {
 header_entry *hdr = &((header_entry *) (headers->elts))[i];
-   table *tbl = (hdr->do_err ? r->err_headers_out : r->headers_out);
+   table *tbl;
+   switch (hdr->inout) {
+   case hdrs_out:
+ tbl = r->headers_out;
+ break;
+   case hdrs_in:
+ tbl = r->headers_in;
+ break;
+   }
+   tbl = (hdr->do_err ? r->err_headers_out : r->headers_out);
 switch (hdr->action) {
 case hdr_add:
 ap_table_addn(tbl, hdr->header, hdr->value);

Everything You've Ever Learned About Marketing Is WRONG

[Rich Harshaw]

Dear Business Owner and Marketer, You're constantly on the lookout for new
ideas to make your marketing more powerful, right? Well then I have just the
thing for you an innovative marketing audio CD program called "The 5 Biggest
Marketing Mistakes Businesses Make" that claims that "Everything you've ever
learned about marketing is WRONG." You can download a copy of the $24.95 audio
CD program for FREE by clicking here (http://mym411.com/)As audacious as that
claim sounds, I can make you an iron-clad promise: if you'll invest a couple
hours listening to the CD program, you'll agree that there's a whole new way
to look at marketing-regardless of how long you've been doing it. Monopolize
Your Marketplace has been implemented in thousands of companies-from local
chiropractors, plumbers, and restaurants all the way up to Fortune 500
companies like Dell, Apple, and Caterpillar. Any further explanation here
would be a waste of time. You'll just need to download the program and hear
for yourself. To download the audio CD program for FREE, click here
(http://mym411.com) or call (888) 777-4886. Warmest Regards, Rich Harshaw P.S.
When you click through to request the CD program (http://mym411.com/), you can
also see several examples of before & after ads, as well as some testimonials
I've gathered over the last 15 years.




Monopolize Your Marketplace
2555 SW Grapevine Pkwy Ste 300 - Grapevine, TX 76051
817-416-4333 - i...@mym411.com (mailto:i...@mym411.com)


Exclude me from future mailings
(http://go.emaildir3.com/_p_ga4z28tsgart6mtsyafw2jwxbjfubuwx6dfe6kqxrjrv6kyxn
avubutxrd4z2nqxraruza5n_p_/exclude.htm)
Report abuse
(http://go.emaildir3.com/_p_ga4z28tsgart6mtsyafw2jwxbjfubuwx6dfe6kqxrjrv6kyxn
avubutxrd4z2nqxraruza5n_p_/abuse.htm)



Monopolize Your Marketplace, 2555 SW Grapevine Parkway, St 300 Grapevine, TX
76051
This email was intended for: tech@openbsd.org
Remove:
http://go.emaildir3.com/_p_ga4z28tsgart6mtsyafw2jwxbjfubuwx6dfe6kqxrjrv6kyxna
vubutxrd4z2nqxraruza5n_p_/exclude.htm

(Report Abuse) -Only if you feel this email was repeatedly sent to you without
your permission.
http://go.emaildir3.com/_p_ga4z28tsgart6mtsyafw2jwxbjfubuwx6dfe6kqxrjrv6kyxna
vubutxrd4z2nqxraruza5n_p_/abuse.htm

Re: DNS advertisement in RA - rtadvd(8) part

[Stefan Sperling]

On Sat, Sep 11, 2010 at 06:44:33PM +0200, Martin Pelikan wrote:
> Hello tech@,
> this is the first part of implenting RFC 5006 a.k.a. support for
> learning and advertising DNS servers through IPv6 Router Advertisement.
> The next part will probably be in rtsol and rtsold on the client side.
> So far it loads DNS servers from resolv.conf and does so only after
> start, as DNS server addresses are not likely to be changed often.
> Any comments or suggestions are welcome.

I think we'll need a way to configure nameserver addresses from rtadvd.conf.
Reading nameserver information from resolv.conf may be useful in certain
setups, but it won't make everyone happy.
What if the nameserver in resolv.conf is a loopback address?
I run named on my router so resolv.conf points to localhost.

Your diff introduces yet another copy of code parsing the resolv.conf file.
Others are in libc and named. But I guess there's no way around that short
of moving it into some library, which is out of scope for this diff.

RFC 5006 is "experimental". Do you know which operating systems have
already implemented it?

Thanks,
Stefan

Re: merging wpa-psk info ifconfig

[Alexander Hall]

On 09/12/10 11:58, Stuart Henderson wrote:
> On 2010/09/12 19:28, Damien Miller wrote:
>> On Sun, 12 Sep 2010, Alexander Hall wrote:
>>
>>> For upcoming changes to the installer.
>>>
>>> PRE:  # ifconfig wpi0 nwid mynet wpa wpapsk `wpa-psk mynet "my secret 
>>> passphrase"`
>>>
>>> POST: # ifconfig wpi0 nwid mynet wpa wpapsk "my secret passphrase"
>>>
>>>
>>> A few conflicts arises;
>>>
>>> 1. You cannot have a passphrase starting with "0x"
>>> 2. You cannot, as in -current, enter a 32-char string as the key (for
>>>those of you even aware of that possibility, I sure wasn't :)
>>
>> Are you saying it won't be possible to use a pre-generated wpa-psk key?
>> (i.e. the output of wpa-psk(8)) If not then this might break existing
>> configs.
> 
> No, that is still ok. What doesn't work with this diff is a _passphrase_
> rather than a key starting 0x. (Though you can still do this if you use the
> wpa-psk tool to generate it..)

Yes.

>>> 3. An nwid is required prior to supplying a passphrase to wpapsk.
>>> 4. If the nwid is changed afterwards, the passphrase is not adjusted.
>>>
>>> 1 and 2) These can be taken care of by breaking this out into a new
>>>  "wpapass" option or so, if seen as real problems.
>>
>> I think that is a good idea.
>>
>>> 3 and 4) I don't see these as real problems.
>>
>> IMO it would be a good idea to warn for these cases.

The diff makes ifconfig bail out if no nwid can be determined, since it
needs one to do the hashing.

> I agree. I think it might also make sense to clear wpapsk if the nwid
> is changed to a different value as they key can't possibly be correct
> as-is, and doing this makes it marginally easier if you move from a WPA
> network to an open network (no more need to "ifconfig ral0 -wpapsk").

I was thinking about that, but reckoned you don't really _have_ to use a
key hashed from the nwid, do you? Also, one might want to set the psk
before the nwid (for any reason). I don't think leaving the psk behind
could hurt much.

/Alexander

-X option for mtree

[Teemu Rinta-aho]

Hello,

here is a patch that adds the -X option to /usr/sbin/mtree. This
option is described in the man page as follows:

"The specified file contains fnmatch(3) patterns matching
files to be excluded from the specification, one to a line."

The code is taken from NetBSD's mtree. Also at least FreeBSD
and Mac OS X have the same option available.

I have been using the patch in 4.7 and it seems to work
fine for me. I hope one of you can check that it is OK
and commit into OpenBSD CVS. I did not touch licenses etc.

If you have further questions or want to say how it should
have been done, cc me, as I don't subscribe to tech.

Thanks,
Teemu

Here it is, 260 lines between the tags:


--- /dev/null   Sun Sep 12 01:52:21 2010
+++ excludes.c  Wed Jun 30 01:12:51 2010
@@ -0,0 +1,114 @@
+/*  $NetBSD: excludes.c,v 1.13 2004/06/20 22:20:18 jmc Exp $*/
+
+/*
+ * Copyright 2000 Massachusetts Institute of Technology
+ *
+ * Permission to use, copy, modify, and distribute this software and
+ * its documentation for any purpose and without fee is hereby
+ * granted, provided that both the above copyright notice and this
+ * permission notice appear in all copies, that both the above
+ * copyright notice and this permission notice appear in all
+ * supporting documentation, and that the name of M.I.T. not be used
+ * in advertising or publicity pertaining to distribution of the
+ * software without specific, written prior permission.  M.I.T. makes
+ * no representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied
+ * warranty.
+ *
+ * THIS SOFTWARE IS PROVIDED BY M.I.T. ``AS IS''.  M.I.T. DISCLAIMS
+ * ALL EXPRESS OR IMPLIED WARRANTIES WITH REGARD TO THIS SOFTWARE,
+ * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
+ * SHALL M.I.T. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include 
+
+#if defined(__RCSID) && !defined(lint)
+__RCSID("$NetBSD: excludes.c,v 1.13 2004/06/20 22:20:18 jmc Exp $");
+#endif
+
+#include 
+#include 
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include "extern.h"
+
+/*
+ * We're assuming that there won't be a whole lot of excludes,
+ * so it's OK to use a stupid algorithm.
+ */
+struct exclude {
+LIST_ENTRY(exclude) link;
+const char *glob;
+int pathname;
+};
+static LIST_HEAD(, exclude) excludes;
+
+void
+init_excludes(void)
+{
+LIST_INIT(&excludes);
+}
+
+void
+read_excludes_file(const char *name)
+{
+FILE *fp;
+char *line;
+struct exclude *e;
+
+fp = fopen(name, "r");
+if (fp == 0)
+err(1, "%s", name);
+
+while ((line = fparseln(fp, NULL, NULL, NULL,
+FPARSELN_UNESCCOMM | FPARSELN_UNESCCONT | FPARSELN_UNESCESC))
+!= NULL) {
+if (line[0] == '\0')
+continue;
+
+if ((e = malloc(sizeof *e)) == NULL)
+error("memory allocation error");
+
+e->glob = line;
+if (strchr(e->glob, '/') != NULL)
+e->pathname = 1;
+else
+e->pathname = 0;
+LIST_INSERT_HEAD(&excludes, e, link);
+}
+fclose(fp);
+}
+
+int
+check_excludes(const char *fname, const char *path)
+{
+struct exclude *e;
+
+/* fnmatch(3) has a funny return value convention... */
+#define MATCH(g, n) (fnmatch((g), (n), FNM_PATHNAME) == 0)
+
+e = LIST_FIRST(&excludes);
+while (e) {
+if ((e->pathname && MATCH(e->glob, path))
+|| MATCH(e->glob, fname)) {
+return (1);
+}
+e = LIST_NEXT(e, link);
+}
+return (0);
+}
Index: Makefile
===
RCS file: /cvs/src/usr.sbin/mtree/Makefile,v
retrieving revision 1.7
diff -u -r1.7 Makefile
--- Makefile2 May 2004 17:55:53 -   1.7
+++ Makefile11 Sep 2010 22:52:42 -
@@ -2,7 +2,8 @@
 
 PROG=  mtree
 #CFLAGS+=-DDEBUG
+LDFLAGS+=-O2 -pipe -lutil
 MAN=   mtree.8
-SRCS=  compare.c crc.c create.c misc.c mtree.c spec.c verify.c
+SRCS=  compare.c crc.c create.c excludes.c misc.c mtree.c spec.c verify.c
 
 .include 
Index: create.c
===
RCS file: /cvs/src/usr.sbin/mtree/create.c,v
retrieving revision 1.26
d

Re: merging wpa-psk info ifconfig

[Stuart Henderson]

On 2010/09/12 19:28, Damien Miller wrote:
> On Sun, 12 Sep 2010, Alexander Hall wrote:
> 
> > For upcoming changes to the installer.
> > 
> > PRE:  # ifconfig wpi0 nwid mynet wpa wpapsk `wpa-psk mynet "my secret 
> > passphrase"`
> > 
> > POST: # ifconfig wpi0 nwid mynet wpa wpapsk "my secret passphrase"
> > 
> > 
> > A few conflicts arises;
> > 
> > 1. You cannot have a passphrase starting with "0x"
> > 2. You cannot, as in -current, enter a 32-char string as the key (for
> >those of you even aware of that possibility, I sure wasn't :)
> 
> Are you saying it won't be possible to use a pre-generated wpa-psk key?
> (i.e. the output of wpa-psk(8)) If not then this might break existing
> configs.

No, that is still ok. What doesn't work with this diff is a _passphrase_
rather than a key starting 0x. (Though you can still do this if you use the
wpa-psk tool to generate it..)

> > 3. An nwid is required prior to supplying a passphrase to wpapsk.
> > 4. If the nwid is changed afterwards, the passphrase is not adjusted.
> > 
> > 1 and 2) These can be taken care of by breaking this out into a new
> >  "wpapass" option or so, if seen as real problems.
> 
> I think that is a good idea.
> 
> > 3 and 4) I don't see these as real problems.
> 
> IMO it would be a good idea to warn for these cases.

I agree. I think it might also make sense to clear wpapsk if the nwid
is changed to a different value as they key can't possibly be correct
as-is, and doing this makes it marginally easier if you move from a WPA
network to an open network (no more need to "ifconfig ral0 -wpapsk").

Re: merging wpa-psk info ifconfig

[Damien Miller]

On Sun, 12 Sep 2010, Alexander Hall wrote:

> For upcoming changes to the installer.
> 
> PRE:  # ifconfig wpi0 nwid mynet wpa wpapsk `wpa-psk mynet "my secret 
> passphrase"`
> 
> POST: # ifconfig wpi0 nwid mynet wpa wpapsk "my secret passphrase"
> 
> 
> A few conflicts arises;
> 
> 1. You cannot have a passphrase starting with "0x"
> 2. You cannot, as in -current, enter a 32-char string as the key (for
>those of you even aware of that possibility, I sure wasn't :)

Are you saying it won't be possible to use a pre-generated wpa-psk key?
(i.e. the output of wpa-psk(8)) If not then this might break existing
configs.

> 3. An nwid is required prior to supplying a passphrase to wpapsk.
> 4. If the nwid is changed afterwards, the passphrase is not adjusted.
> 
> 1 and 2) These can be taken care of by breaking this out into a new
>  "wpapass" option or so, if seen as real problems.

I think that is a good idea.

> 3 and 4) I don't see these as real problems.

IMO it would be a good idea to warn for these cases.

-d

bioctl.c and /etc/rc patches

[merlyn]

I found out (thanks Stuart Henderson), that kmail replaces tabs with 
spaces, so patch is not appliable, so I've uploaded the patches here:

http://merlyn.cz/patch_bioctl_F.patch
http://merlyn.cz/patch_rc.patch
And example softraid.conf
http://merlyn.cz/softraid.conf

Sorry for complications


-- 
merlyn 
OpenBSD ufo.merlyn.cz 4.8 GENERIC#1 i386

autri(4): more ac97/audio suspend/resume

[Jacob Meuser]

I've no autri(4) either.

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Index: autri.c
===
RCS file: /cvs/src/sys/dev/pci/autri.c,v
retrieving revision 1.27
diff -u -p autri.c
--- autri.c 7 Sep 2010 16:21:44 -   1.27
+++ autri.c 12 Sep 2010 07:23:11 -
@@ -622,17 +622,25 @@ int
 autri_activate(struct device *self, int act)
 {
struct autri_softc *sc = (struct autri_softc *)self;
+   int rv = 0;
 
switch (act) {
+   case DVACT_ACTIVATE:
+   break;
+   case DVACT_QUIESCE:
+   rv = config_activate_children(self, act);
+   break;
case DVACT_SUSPEND:
break;
case DVACT_RESUME:
autri_init(sc);
-   /*autri_reset_codec(&sc->sc_codec);*/
-   
(sc->sc_codec.codec_if->vtbl->restore_ports)(sc->sc_codec.codec_if);
+   ac97_resume(&sc->sc_codec.host_if, sc->sc_codec.codec_if);
+   rv = config_activate_children(self, act);
break;
+   case DVACT_DEACTIVATE:
+   break;
}
-   return 0;
+   return (rv);
 }
 
 int

auacer(4): another ac97(4)/audio(4) suspend/resume diff

[Jacob Meuser]

I have no auacer(4), testing appreciated.

-- 
jake...@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Index: auacer.c
===
RCS file: /cvs/src/sys/dev/pci/auacer.c,v
retrieving revision 1.9
diff -u -p auacer.c
--- auacer.c7 Sep 2010 16:21:44 -   1.9
+++ auacer.c12 Sep 2010 07:09:53 -
@@ -1079,15 +1079,22 @@ int
 auacer_activate(struct device *self, int act)
 {
struct auacer_softc *sc = (struct auacer_softc *)self;
+   int rv = 0;
 
switch (act) {
+   case DVACT_ACTIVATE:
+   break;
+   case DVACT_QUIESCE:
+   rv = config_activate_children(self, act);
+   break;
case DVACT_SUSPEND:
break;
case DVACT_RESUME:
-   auacer_reset_codec(sc);
-   delay(1000);
-   (sc->codec_if->vtbl->restore_ports)(sc->codec_if);
+   ac97_resume(&sc->host_if, sc->codec_if);
+   rv = config_activate_children(self, act);
break;
+   case DVACT_DEACTIVATE:
+   break;
}
-   return 0;
+   return (rv);
 }