Commit graph

311 commits

Author SHA1 Message Date
cinap_lenrek 85216d3d95 auth/rsa2asn1: implement private key export with -a flag (thanks kvik)
kvik writes:

I needed to convert the RSA private key that was laying around in
secstore into a format understood by UNIX® tools like SSH.

With asn12rsa(8) we can go from the ASN.1/DER to Plan 9 format, but not
back - so I wrote the libsec function asn1encodeRSApriv(2) and used it in
rsa2asn1(8) by adding the -a flag which causes the full private key to be
encoded and output.
2019-08-30 07:34:35 +02:00
Alex Musolino 32a2737823 tinc(8): add history section 2019-07-02 22:24:10 +09:30
cinap_lenrek fe1f6c1b3d plan9.ini(8), boot(8): clarify the use of $rootdir and $rootspec 2019-05-07 11:41:33 +02:00
cinap_lenrek 4d3367d11f plan9.ini(8): add USB section, documenting various usb options 2019-03-27 14:31:45 +01:00
cinap_lenrek 8d9f3906fa plan9.ini: add nora6= option to disable automatic ipv6 configuration 2019-03-27 14:11:25 +01:00
cinap_lenrek 63a0d519bc dhcpd(8), ndb(6): group related ndb attributes together 2019-01-24 20:30:14 +01:00
cinap_lenrek d1a0091b56 dhcpd(8), ndb(6): update documentation (thanks k0ga) 2019-01-23 20:58:52 +01:00
cinap_lenrek f464b7ff16 rsa(8): add example for tinc(8) (thanks k0ga, qwx) 2018-12-28 11:46:15 +01:00
cinap_lenrek 615f43b76e ip/dhcpd: Add swap server support in dhcpd (thanks k0ga) 2018-11-08 21:15:07 +01:00
qwx d74fdfc022 misc small manpage fixes 2018-10-28 00:05:05 +02:00
mischief 717fa414af kbdfs(8): fix nit 2018-10-16 12:53:34 -07:00
cinap_lenrek 7ddda493c0 ndb/dnstcp: restrict DNS zone transfers to clients listed as dnsslave=
initial idea from Steve Simon, but doesnt require reverse
lookup of the callers ip address.
2018-10-09 06:02:36 +02:00
cinap_lenrek 065c3557af ip/dhcpd, ip/tftpd: change default for tftp homedir to / 2018-10-08 02:11:36 +02:00
cinap_lenrek e619a03c28 boot(8): document tls and reboot methods 2018-09-17 18:09:33 +02:00
cinap_lenrek 08385e6681 ip/tftpd: remove sunkernel hack 2018-09-13 22:15:42 +02:00
mischief 8c513a0740 atazz(8): fix probe formatting 2018-09-10 23:39:58 -07:00
cinap_lenrek 4596959f3b ndb(8): ndb/inform also publishes ipv6 address now 2018-09-01 15:11:46 +02:00
cinap_lenrek 43636dbb7f ip/ipconfig: make ra6 daemon less chatty, log to /sys/log/ipconfig instead of /sys/log/v6routeradv 2018-08-15 21:54:42 -04:00
23hiro b989e691cf plan9.ini(8) iwlwifi essid/bssid misleading 2018-08-08 18:47:48 +02:00
cinap_lenrek 24611cf5ed ndb/cs: add -6 flag for v6 only lookups and "ipv4" control message to toggle v4 lookups. 2018-07-10 19:57:55 +02:00
mischief f554155ed0 stats(8): document -z flag (thanks xcko) 2018-06-22 02:02:46 +00:00
cinap_lenrek a3f3e31b20 dhcp6d: add minimal stateless DHCPv6 server for network boot and DNS configuration 2018-06-10 22:08:57 +02:00
cinap_lenrek 16c87febd3 sdram: properly support multiple ramdisks, so that ramdiskX corresponds to sdZX 2018-05-29 22:50:04 +02:00
cinap_lenrek 5da4f0fc0f sdram: experimental ramdisk driver
this driver makes regions of physical memory accessible as a disk.

to use it, ramdiskinit() has to be called before confinit(), so
that conf.mem[] banks can be reserved. currently, only pc and pc64
kernel use it, but otherwise the implementation is portable.

ramdisks are not zeroed when allocated, so that the contents are
preserved across warm reboots.

to not waste memory, physical segments do not allocate Page structures
or populate the segment pte's anymore. theres also a new SG_CHACHED
attribute.
2018-05-27 22:59:19 +02:00
cinap_lenrek 03ced8cca1 ndb/dnsquery: handle .ip6.arpa names, don't mount the dns service 2018-05-23 19:43:45 +02:00
cinap_lenrek 4c9cbe484d fix manpage cross references 2018-05-11 16:15:08 +02:00
cinap_lenrek eb3951bcd4 ppp: set source specific default route regardless of primary flag, set link speed thru new ctl message when -b is specified 2018-05-10 19:36:14 +02:00
cinap_lenrek b2599999be ipconfig(8): clarify -p and -P options 2018-05-03 09:09:39 +02:00
cinap_lenrek 0c7a3ad1c9 remove ipv6on, update ipconfig(8) 2018-05-02 20:29:29 +02:00
cinap_lenrek 4354c401c1 cpurc: remove obsolete device binds, run diskparts after $sysname is known. remove /env/boottime. document. 2018-04-12 21:30:28 +02:00
khm 891a8c4f2c manpages: shut up about tex (1) 2018-02-28 12:55:48 -08:00
cinap_lenrek d06196ab87 auth/asn12rsa: also convert ASN.1 encoded public key to plan9 format 2018-02-05 03:21:51 +01:00
cinap_lenrek 218e61f80f ppp(8): remove BUGS section, client auth has been fixed. 2018-01-21 22:58:30 +01:00
23hiro 87c2d23c8f ipconfig(8): remove dhcp mention from -6 example 2018-01-14 23:58:25 +01:00
cinap_lenrek 84e67ffa88 listen(8): add -a option to restrict announce address, document tcp17019 and tcp17020 2018-01-14 19:32:13 +01:00
cinap_lenrek d4a830e2e1 tlsclient: allow dumping the server's certificate with new -d flag
usefull for debugging, like:

./8.tlsclient -d /fd/3 tcp!code.9front.org!https |[0=3] auth/asn1dump
2018-01-06 07:43:08 +01:00
cinap_lenrek b437065950 stats: show amount of reclaimable pages (add -r flag)
reclaimable pages are user pages that are used for
caches like the image cache, mount cache and swap cache.
2018-01-05 00:52:14 +01:00
cinap_lenrek 57f8b6ec75 libsec: implement SPKI fingerprinting for okCertificate()
Instead of only using a hash over the whole certificate for
white/black-listing, now we can also use a hash over the
Subject Public Key Info (SPKI) field of the certificate which
contians the public key algorithm and the public key itself.

This allows certificates to be renewed independendtly of the
public key.

X509dump() now prints the public key thumbprint in addition
to the certificate thumbprint.

tlsclient will print the certificate when run with -D flag.

okCertificate() will print the public key thumbprint in its
error string when no match has been found.
2017-12-30 03:07:47 +01:00
cinap_lenrek 19419329b2 auth(8): auth/debug tests both dp9ik and p9sk1 2017-12-23 03:21:01 +01:00
stanley lieber e35616cb66 /sys/man/*/*: fix perms (sorry) 2017-12-11 19:58:06 -05:00
stanley lieber d057d67bed /sys/lib/rootstub 2017-12-11 19:34:15 -05:00
cinap_lenrek d850c60121 plan9.ini(8): 9boot(8) is not a DOS program, remove outdated BUGS section 2017-12-03 19:23:55 +01:00
cinap_lenrek 4a684fc627 6in4: add -m mtu option to specify outer MTU
instead of hardcoding the tunnel interface MTU to 1280,
we calculate the tunnel MTU from the outside MTU, which
can now be specified with the -m mtu option. The deault
outside MTU is 1500 - 8 (PPPoE).
2017-11-18 16:03:44 +01:00
cinap_lenrek 04ce485f1b tinc(8): mash -> mesh 2017-11-02 09:05:03 +01:00
cinap_lenrek efdd6afcd6 tinc(8): more spelling spam 2017-11-01 18:40:17 +01:00
cinap_lenrek ce89017481 tinc(8): spelling, thanks jpm 2017-11-01 18:34:58 +01:00
cinap_lenrek 736c31882f tinc(8): outout -> output 2017-10-31 22:58:55 +01:00
cinap_lenrek daf292ac9d tinc: implement experimental mash peer to peer VPN from http://www.tinc-vpn.org/ 2017-10-31 22:44:25 +01:00
cinap_lenrek f3f9392517 kernel: introduce devswap #¶ to serve /dev/swap and handle swapfile encryption 2017-10-29 23:09:54 +01:00
cinap_lenrek 0a3695ba84 rsa: add auth/rsa2asn1, check write error in auth/rsa2x509 and auth/rsa2pub, document in rsa(8) 2017-10-06 20:55:57 +02:00
cinap_lenrek be7f3fb5e4 rename pcf kernel to pc, remove pcf, pccpuf, pccpu64 kernels, update documentation
there isnt much of a point in keep maintaining separate
kernel configurations for terminal and cpu kernels as
the role can be switched with service=cpu boot parameter.

to make stuff cosistent, we will just have one "pc" kernel
and one "pc64" kernel configuration now.
2017-09-10 22:35:23 +02:00
cinap_lenrek befdd7d755 kernel: pass bootargs also in multiboot command line, retire the bootline mechanism to pass arguments to /boot/boot 2017-06-28 18:56:16 +02:00
aiju 3b123799ab add vmx documentation 2017-06-13 14:19:42 +00:00
aiju 04b8539ee2 plan9.ini(8): document netconsole 2017-06-01 07:07:55 +00:00
cinap_lenrek 9b33c34e9b rsa(8): fix description of rsa2ssh (now, ssh2 format only) 2017-04-21 00:23:46 +02:00
cinap_lenrek 242274f733 rsa2ssh: drop support for version 1 key format 2017-04-17 05:13:46 +02:00
cinap_lenrek 1da795f327 diskparts(8), prep(8): add edisk in NAME section 2017-03-18 18:08:30 +01:00
cinap_lenrek 8046225c9d send(8): document new reject behaviour with -r flag 2017-03-12 17:36:04 +01:00
cinap_lenrek c172881606 add mdir(6), splitmbox(8) and update upasfs(4) 2017-03-12 17:32:01 +01:00
cinap_lenrek 963cfc9a6f merging erik quanstros nupas 2017-03-12 17:15:03 +01:00
cinap_lenrek 2aa42aee31 auth(8): document authsrv -N flag 2017-01-26 11:23:46 +01:00
cinap_lenrek b7103d1517 listen(8): remove tcp22 section 2017-01-13 19:46:04 +01:00
cinap_lenrek 67fb680508 listen(8): remove reference to ssh(1) 2017-01-13 19:31:41 +01:00
cinap_lenrek 04b200f59b rsa(8): remove reference to ssh(1) 2017-01-13 19:30:12 +01:00
cinap_lenrek 3a7146f8bf stub(8): remove reference to sshnet 2017-01-13 19:15:50 +01:00
cinap_lenrek 82bf19941e auth/as, auth/none, auth/newns: consistent handling of command arguments, cleanup 2016-12-22 21:39:59 +01:00
cinap_lenrek 234137bce3 fix bugs and cleanup cryptsetup code
devfs:

- fix memory leak in devfs leaking the aes key
- allocate aes-xts cipher state in secure memory
- actually check if the hexkey got fully parsed

cryptsetup:

- get rid of stupid "type YES" prompt
- use genrandom() to generate salts and keys
- rewrite cryptsetup to use common pbkdf2 and readcons routines
- fix alot of error handling and simplify the code
- move cryptsetup command to disk/cryptsetup
- update cryptsetup(8) manual page
2016-10-24 20:56:11 +02:00
cinap_lenrek 9adaf2e7f8 9boot(8): third time's the charm (thanks archeus) 2016-05-20 09:56:45 +02:00
cinap_lenrek 669468dcae 9boot(8): fix typo 2016-05-19 19:51:45 +02:00
cinap_lenrek 31d509d7a4 9boot(8): document 9boothyb 2016-05-19 19:49:04 +02:00
cinap_lenrek 67158d5b05 auth/rsa2x509, auth/rsa2csr: allow appending SubjectAlternativeNames (SAN) to multi-domain certificate generation 2016-05-12 03:17:15 +02:00
cinap_lenrek a584d9eb96 remove references to dec alpha from the manual 2016-05-04 16:21:53 +02:00
cinap_lenrek 1cf3c46669 rsa: rename getkey() to getrsakey(), document rsa2csr in rsa(8) 2016-04-22 03:41:06 +02:00
cinap_lenrek 0d6a188dde rsagen: increase default key size to 2048 bits 2016-04-21 21:25:33 +02:00
cinap_lenrek 93a86cea66 rsa(8): provide example for converting OpenSSL generated PEM file to factotum 2016-04-17 07:33:35 +02:00
cinap_lenrek c53d521508 listen(8): fix html rendering 2016-04-08 22:00:16 +02:00
cinap_lenrek 225a80cf61 listen(8): document tcp17019 rcpu service 2016-04-08 21:53:48 +02:00
cinap_lenrek 84e16f5b5c kbdfs(8): document new /dev/kbd behaviour 2016-04-03 23:16:08 +02:00
cinap_lenrek 137533bd69 6in4: allow setting the local IPv4 address with -i flag (thanks k0ga) 2016-03-31 20:35:02 +02:00
cinap_lenrek 74d4d8a26e pppoe: Add support for -c and -C to enable/disable header compression (thanks k0ga) 2016-03-15 22:10:54 +01:00
cinap_lenrek a9b1e990b8 tlsclient: add -o option to establish connection over a file, free the AuthInfo structure to avoid leaking secrets 2016-02-14 02:06:08 +01:00
cinap_lenrek 24150b1171 tlssrv: add -A flag to skip changing user after authentication (usefull for aan) 2016-02-13 17:24:59 +01:00
cinap_lenrek cc8e8c978c tlssrv: p9any authentication support using TLS-PSK cipher suits 2016-02-01 22:49:20 +01:00
cinap_lenrek 36d2092a33 fix manpage references 2016-01-12 08:43:36 +01:00
cinap_lenrek ccfb9118a3 bootrc: remove usbwait hack, usbd/nusbrc are now synchronous by previous commit 2015-11-22 03:19:27 +01:00
cinap_lenrek 47682ee42a aux/listen1: allow alternative namespace when running as user none with -n option 2015-10-10 00:09:02 +02:00
stanley lieber f9244d433a qer(8): correct man page example (thanks, kenji) 2015-09-26 19:07:05 -04:00
cinap_lenrek 54a91861df remove convkeys2 2015-08-22 00:21:11 +02:00
cinap_lenrek cb474632d3 remove kfs references from manual 2015-08-21 19:51:03 +02:00
cinap_lenrek 3db2012126 fshalt: remove kfs support 2015-08-21 19:40:29 +02:00
cinap_lenrek 985b2457cd mkfs(8): dont mention kfs 2015-08-21 19:35:56 +02:00
cinap_lenrek 46a7876d32 disk/mkfs: rmeove kfs support 2015-08-21 19:32:48 +02:00
cinap_lenrek 63b18e7925 introduce AES key into nvram and keyfs 2015-08-21 02:43:31 +02:00
cinap_lenrek ed238e7ef8 etherwpi: Intel PRO Wireless 3945abg driver based on openbsd's if_wpi (thanks aap) 2015-06-28 18:32:54 +02:00
stanley lieber e6658c55af dhcpd(8): the fs attribute refers to the file server, not the name server (thanks, pena) 2015-06-18 14:28:25 -04:00
cinap_lenrek 921aa0a6c3 stats: add kernel malloc and kernel draw allocation size graphs 2015-06-16 08:08:42 +02:00
cinap_lenrek 4be3300e98 prep(8): edisk also adds a EFI system partition (esp) when not already exists. 2015-06-06 02:13:01 +02:00
cinap_lenrek 8278f6e34c prep(8): document disk/edisk 2015-05-31 14:15:49 +02:00
stanley lieber d009b0013d nintendo(1), qer(8): fix typos 2015-04-11 23:34:25 -04:00
cinap_lenrek c1717aebf7 rsa(8): recommend secstore(1) for Plan 9 RSA private key storage 2015-03-15 21:24:03 +01:00