Commit graph

324 commits

Author SHA1 Message Date
cinap_lenrek
57f8b6ec75 libsec: implement SPKI fingerprinting for okCertificate()
Instead of only using a hash over the whole certificate for
white/black-listing, now we can also use a hash over the
Subject Public Key Info (SPKI) field of the certificate which
contians the public key algorithm and the public key itself.

This allows certificates to be renewed independendtly of the
public key.

X509dump() now prints the public key thumbprint in addition
to the certificate thumbprint.

tlsclient will print the certificate when run with -D flag.

okCertificate() will print the public key thumbprint in its
error string when no match has been found.
2017-12-30 03:07:47 +01:00
cinap_lenrek
19419329b2 auth(8): auth/debug tests both dp9ik and p9sk1 2017-12-23 03:21:01 +01:00
stanley lieber
e35616cb66 /sys/man/*/*: fix perms (sorry) 2017-12-11 19:58:06 -05:00
stanley lieber
d057d67bed /sys/lib/rootstub 2017-12-11 19:34:15 -05:00
cinap_lenrek
d850c60121 plan9.ini(8): 9boot(8) is not a DOS program, remove outdated BUGS section 2017-12-03 19:23:55 +01:00
cinap_lenrek
4a684fc627 6in4: add -m mtu option to specify outer MTU
instead of hardcoding the tunnel interface MTU to 1280,
we calculate the tunnel MTU from the outside MTU, which
can now be specified with the -m mtu option. The deault
outside MTU is 1500 - 8 (PPPoE).
2017-11-18 16:03:44 +01:00
cinap_lenrek
04ce485f1b tinc(8): mash -> mesh 2017-11-02 09:05:03 +01:00
cinap_lenrek
efdd6afcd6 tinc(8): more spelling spam 2017-11-01 18:40:17 +01:00
cinap_lenrek
ce89017481 tinc(8): spelling, thanks jpm 2017-11-01 18:34:58 +01:00
cinap_lenrek
736c31882f tinc(8): outout -> output 2017-10-31 22:58:55 +01:00
cinap_lenrek
daf292ac9d tinc: implement experimental mash peer to peer VPN from http://www.tinc-vpn.org/ 2017-10-31 22:44:25 +01:00
cinap_lenrek
f3f9392517 kernel: introduce devswap #¶ to serve /dev/swap and handle swapfile encryption 2017-10-29 23:09:54 +01:00
cinap_lenrek
0a3695ba84 rsa: add auth/rsa2asn1, check write error in auth/rsa2x509 and auth/rsa2pub, document in rsa(8) 2017-10-06 20:55:57 +02:00
cinap_lenrek
be7f3fb5e4 rename pcf kernel to pc, remove pcf, pccpuf, pccpu64 kernels, update documentation
there isnt much of a point in keep maintaining separate
kernel configurations for terminal and cpu kernels as
the role can be switched with service=cpu boot parameter.

to make stuff cosistent, we will just have one "pc" kernel
and one "pc64" kernel configuration now.
2017-09-10 22:35:23 +02:00
cinap_lenrek
befdd7d755 kernel: pass bootargs also in multiboot command line, retire the bootline mechanism to pass arguments to /boot/boot 2017-06-28 18:56:16 +02:00
aiju
3b123799ab add vmx documentation 2017-06-13 14:19:42 +00:00
aiju
04b8539ee2 plan9.ini(8): document netconsole 2017-06-01 07:07:55 +00:00
cinap_lenrek
9b33c34e9b rsa(8): fix description of rsa2ssh (now, ssh2 format only) 2017-04-21 00:23:46 +02:00
cinap_lenrek
242274f733 rsa2ssh: drop support for version 1 key format 2017-04-17 05:13:46 +02:00
cinap_lenrek
1da795f327 diskparts(8), prep(8): add edisk in NAME section 2017-03-18 18:08:30 +01:00
cinap_lenrek
8046225c9d send(8): document new reject behaviour with -r flag 2017-03-12 17:36:04 +01:00
cinap_lenrek
c172881606 add mdir(6), splitmbox(8) and update upasfs(4) 2017-03-12 17:32:01 +01:00
cinap_lenrek
963cfc9a6f merging erik quanstros nupas 2017-03-12 17:15:03 +01:00
cinap_lenrek
2aa42aee31 auth(8): document authsrv -N flag 2017-01-26 11:23:46 +01:00
cinap_lenrek
b7103d1517 listen(8): remove tcp22 section 2017-01-13 19:46:04 +01:00
cinap_lenrek
67fb680508 listen(8): remove reference to ssh(1) 2017-01-13 19:31:41 +01:00
cinap_lenrek
04b200f59b rsa(8): remove reference to ssh(1) 2017-01-13 19:30:12 +01:00
cinap_lenrek
3a7146f8bf stub(8): remove reference to sshnet 2017-01-13 19:15:50 +01:00
cinap_lenrek
82bf19941e auth/as, auth/none, auth/newns: consistent handling of command arguments, cleanup 2016-12-22 21:39:59 +01:00
cinap_lenrek
234137bce3 fix bugs and cleanup cryptsetup code
devfs:

- fix memory leak in devfs leaking the aes key
- allocate aes-xts cipher state in secure memory
- actually check if the hexkey got fully parsed

cryptsetup:

- get rid of stupid "type YES" prompt
- use genrandom() to generate salts and keys
- rewrite cryptsetup to use common pbkdf2 and readcons routines
- fix alot of error handling and simplify the code
- move cryptsetup command to disk/cryptsetup
- update cryptsetup(8) manual page
2016-10-24 20:56:11 +02:00
cinap_lenrek
9adaf2e7f8 9boot(8): third time's the charm (thanks archeus) 2016-05-20 09:56:45 +02:00
cinap_lenrek
669468dcae 9boot(8): fix typo 2016-05-19 19:51:45 +02:00
cinap_lenrek
31d509d7a4 9boot(8): document 9boothyb 2016-05-19 19:49:04 +02:00
cinap_lenrek
67158d5b05 auth/rsa2x509, auth/rsa2csr: allow appending SubjectAlternativeNames (SAN) to multi-domain certificate generation 2016-05-12 03:17:15 +02:00
cinap_lenrek
a584d9eb96 remove references to dec alpha from the manual 2016-05-04 16:21:53 +02:00
cinap_lenrek
1cf3c46669 rsa: rename getkey() to getrsakey(), document rsa2csr in rsa(8) 2016-04-22 03:41:06 +02:00
cinap_lenrek
0d6a188dde rsagen: increase default key size to 2048 bits 2016-04-21 21:25:33 +02:00
cinap_lenrek
93a86cea66 rsa(8): provide example for converting OpenSSL generated PEM file to factotum 2016-04-17 07:33:35 +02:00
cinap_lenrek
c53d521508 listen(8): fix html rendering 2016-04-08 22:00:16 +02:00
cinap_lenrek
225a80cf61 listen(8): document tcp17019 rcpu service 2016-04-08 21:53:48 +02:00
cinap_lenrek
84e16f5b5c kbdfs(8): document new /dev/kbd behaviour 2016-04-03 23:16:08 +02:00
cinap_lenrek
137533bd69 6in4: allow setting the local IPv4 address with -i flag (thanks k0ga) 2016-03-31 20:35:02 +02:00
cinap_lenrek
74d4d8a26e pppoe: Add support for -c and -C to enable/disable header compression (thanks k0ga) 2016-03-15 22:10:54 +01:00
cinap_lenrek
a9b1e990b8 tlsclient: add -o option to establish connection over a file, free the AuthInfo structure to avoid leaking secrets 2016-02-14 02:06:08 +01:00
cinap_lenrek
24150b1171 tlssrv: add -A flag to skip changing user after authentication (usefull for aan) 2016-02-13 17:24:59 +01:00
cinap_lenrek
cc8e8c978c tlssrv: p9any authentication support using TLS-PSK cipher suits 2016-02-01 22:49:20 +01:00
cinap_lenrek
36d2092a33 fix manpage references 2016-01-12 08:43:36 +01:00
cinap_lenrek
ccfb9118a3 bootrc: remove usbwait hack, usbd/nusbrc are now synchronous by previous commit 2015-11-22 03:19:27 +01:00
cinap_lenrek
47682ee42a aux/listen1: allow alternative namespace when running as user none with -n option 2015-10-10 00:09:02 +02:00
stanley lieber
f9244d433a qer(8): correct man page example (thanks, kenji) 2015-09-26 19:07:05 -04:00
cinap_lenrek
54a91861df remove convkeys2 2015-08-22 00:21:11 +02:00
cinap_lenrek
cb474632d3 remove kfs references from manual 2015-08-21 19:51:03 +02:00
cinap_lenrek
3db2012126 fshalt: remove kfs support 2015-08-21 19:40:29 +02:00
cinap_lenrek
985b2457cd mkfs(8): dont mention kfs 2015-08-21 19:35:56 +02:00
cinap_lenrek
46a7876d32 disk/mkfs: rmeove kfs support 2015-08-21 19:32:48 +02:00
cinap_lenrek
63b18e7925 introduce AES key into nvram and keyfs 2015-08-21 02:43:31 +02:00
cinap_lenrek
ed238e7ef8 etherwpi: Intel PRO Wireless 3945abg driver based on openbsd's if_wpi (thanks aap) 2015-06-28 18:32:54 +02:00
stanley lieber
e6658c55af dhcpd(8): the fs attribute refers to the file server, not the name server (thanks, pena) 2015-06-18 14:28:25 -04:00
cinap_lenrek
921aa0a6c3 stats: add kernel malloc and kernel draw allocation size graphs 2015-06-16 08:08:42 +02:00
cinap_lenrek
4be3300e98 prep(8): edisk also adds a EFI system partition (esp) when not already exists. 2015-06-06 02:13:01 +02:00
cinap_lenrek
8278f6e34c prep(8): document disk/edisk 2015-05-31 14:15:49 +02:00
stanley lieber
d009b0013d nintendo(1), qer(8): fix typos 2015-04-11 23:34:25 -04:00
cinap_lenrek
c1717aebf7 rsa(8): recommend secstore(1) for Plan 9 RSA private key storage 2015-03-15 21:24:03 +01:00
cinap_lenrek
5639d1e5fc wpa(8): the -p flag will also prompt for user/password on wpa enterprise 2015-03-10 00:44:17 +01:00
cinap_lenrek
6f9d8697f6 6in4(8): document ayiya 2015-01-29 13:16:08 +01:00
cinap_lenrek
a535870669 ircrc(8), ndb(8): fix manpage reference 2015-01-29 12:36:14 +01:00
stanley lieber
fff822849f plan9.ini(8) man page: update links to iwn and ral firmware blobs 2015-01-12 14:23:32 -05:00
mischief
a4650bdf83 ip/ipconfig: set ndb database file with -f argument 2015-01-10 11:27:45 -08:00
ftrvxmtrx
f1b1e0d637 aux/vga: display switching for Intel adapters
Magic was discovered by abusing INT 10 on several machines
while switching cables back and forth and watching the end result.
2015-01-01 16:19:24 +01:00
ftrvxmtrx
d908aff72f aux/vga: remove -s option, move scaling to the size string itself 2014-12-28 17:42:38 +01:00
ftrvxmtrx
0d5b33a9e8 aux/vga: scaling modes for VESA 2014-12-26 17:01:58 +01:00
stanley lieber
4581be5180 rc-httpd(8): add HISTORY to man page 2014-12-23 12:03:42 -05:00
mischief
bf049ebdb1 pci(8): document vid/did argument 2014-12-20 22:32:51 -08:00
mischief
3f4e84292c pci(8): fix usage 2014-12-20 21:56:06 -08:00
cinap_lenrek
6379939642 add erik quanstros vblade utility 2014-12-19 02:50:22 +01:00
cinap_lenrek
b9f23248c5 boot(8): the method!server notation isnt usefull anymore...
- in 9front, the bootargs are in the form: method!device args
- remove redundant and wrong paragraphs regarding tcp booting
- document il boot method
- fix boot and bootrc confusions
2014-12-17 11:18:05 +01:00
cinap_lenrek
5c1803e1ad disk/mkfs: add -o flag to list source files 2014-12-15 00:52:22 +01:00
cinap_lenrek
ffa761beae plan9.ini(8): fix typo (thanks ftrvxmtrx) 2014-12-11 17:03:01 +01:00
cinap_lenrek
5ae58296a9 plan9.ini(8): etheryuk 2014-12-10 19:38:44 +01:00
cinap_lenrek
ec495f37ec plan9.ini(8): document bcm and virtio ethernet and hda and ac97 audio. 2014-12-10 19:29:46 +01:00
cinap_lenrek
6357ff0e7b plan9.ini(8): remove factotumopts= (not implemented), add secstore=, clarify domain name use for fs= and auth= 2014-12-10 18:34:08 +01:00
mischief
23d6c796cd ndb(8): document ndb/dnsgetip 2014-12-09 17:33:09 -08:00
cinap_lenrek
964dafbdf0 9boot(8): -from 2014-12-07 14:34:15 +01:00
cinap_lenrek
a1066aa992 hjfs(8): theres no chown in plan9, link to chgrp(1) manpage. 2014-11-19 01:31:20 +01:00
cinap_lenrek
32b5b2f42d 9boot(8): remove redundant "the" 2014-11-02 21:25:37 +01:00
cinap_lenrek
9916e03947 9boot(8): improve efi documentation 2014-11-02 21:22:03 +01:00
cinap_lenrek
634c55543a efi: generate /386/efiboot.fat for generating efi bootable cd images (see -E option of mk9660) 2014-10-31 20:07:54 +01:00
cinap_lenrek
2cfbc3c1cb mk9660: add -E option to create EFI boot entry 2014-10-31 03:06:09 +01:00
cinap_lenrek
dfe8c8bffb 9boot(8): document efi booting 2014-10-19 21:55:19 +02:00
cinap_lenrek
b52f0c884e pc: add *bootscreen= variable to pass pre-initialized framebuffer info to kernel
EFI system has no cga or vesa anymore, so it becomes neccesary to
pass GOP framebuffer info to the kernel to get some output on the
screen.
2014-10-13 23:02:53 +02:00
stanley lieber
443b046bff fs(8): correct spelling 2014-08-10 19:00:55 -04:00
cinap_lenrek
427e925eea cwfs: add optional uid argument to allow command, unify permission override code
the allow command now takes an optional uid argument for the user
to be granted temporary god status on the fileserver for maintenance.

this was kenji okomotos idea, so thanks :)

remove wstatallow and writeallow flags. instead, we have global:

int allowed;

that contains the uid of the currently allowed user id or -1
if permission checking is globally disabled for the fileserver.
when zero, normal permission checking takes place.

added int isallowed(File*) function that returns non-zero when the
context is the console, or the allowed user. this is also used internally
by iaccess(), so all the extra code of in the callers of iaccess()
is gone now.

dont conflate allowed user with noauth flag and auto-allow on ream.
the installer already knows about noauth and allow flags so theres no
problem with bootstraping.
2014-08-11 22:36:59 +02:00
cinap_lenrek
4ad63a4c56 nusb: fix spelling, sorry 2014-06-28 19:55:14 +02:00
cinap_lenrek
4275c49e72 nusb: implement aijus stable uniqueue device names
instead of naming devices by ther dynamically assigned device address,
we hash device uniqueue fields from the device descriptor and produce
a 5 digit hex string that will identify the device across machines.

when there is a collision (less than 1% chance with 100 devices),
usbd will append the device address to the name to make it uniqueue
for this machine.

the hname is passed to drivers in the devid argument, which now has
the form addr:hname, where the colon and hname can be omited (for backwards
compatibility).

when the new behaviour isnt desired, nousbhname= environment variable
can be defined giving the old behaviour.
2014-06-28 18:09:43 +02:00
ftrvxmtrx
a2f0fdbfa0 aan(8): fix aanuke synopsis 2014-04-29 23:17:06 +02:00
ftrvxmtrx
b4fa1e617b man pages: fix duplicate words 2014-04-26 13:22:15 +02:00
ftrvxmtrx
244bb0038d man pages: the the wich 2014-04-26 01:47:36 +02:00
stanley lieber
1c3e6a3e5a aan(8): add HISTORY 2014-04-14 19:09:33 -04:00
stanley lieber
0812a26f00 add /rc/bin/aanuke 2014-04-14 19:05:57 -04:00
cinap_lenrek
ffb120199a auth/login: find authdom instead of using hardcoded cs.bell-labs.com (thanks erik) 2014-03-23 18:10:04 +01:00
cinap_lenrek
af13b1a147 plan9.ini(8): document service= boot parameter 2014-03-15 01:06:11 +01:00
cinap_lenrek
bbe797c3d0 ndb(8): the truth is too hard to explain, so theres a nice lie. 2014-03-05 20:13:03 +01:00
cinap_lenrek
f894ab740f ndb(8): document -x option of ndb/dnsquery (thanks mischief) 2014-03-05 19:50:34 +01:00
Matthew Veety
c54271a588 documented usbwait in plan9.ini(8) 2014-02-15 17:18:58 -05:00
stanley lieber
066ef28390 cifs(4), cifsd(8): add HISTORY 2013-12-27 16:32:37 -05:00
stanley lieber
459f018d0d add HISTORY to various man pages 2013-12-27 16:22:05 -05:00
cinap_lenrek
2f9ae0f8ac removing (outdated) drawterm
drawterm is much better maintained by russ cox,
so removing this outdated copy.

for a more recent version, go to:

http://swtch.com/drawterm/
2013-11-23 01:05:33 +01:00
mischief
8c9e7ded17 auth/rsa2ssh: add SSH2 RSA output format (from plan9port) 2013-10-27 18:50:14 -07:00
cinap_lenrek
e4942b78fd mkfs(8): also list -U option in table 2013-09-22 03:30:04 +02:00
stanley lieber
8aeb7a926e rc-httpd(8): fix typo (thanks, _trav) 2013-09-20 03:09:40 -04:00
stanley lieber
1556afae40 2c(1), torrent(1), uhtml(1), kbd(3), cwfs(4), hgfs(4), cifsd(8), cryptsetup(8), hjfs(8), kbdfs(8), realemu(8), wpa(8): fix spelling, typos 2013-08-23 15:48:52 -04:00
cinap_lenrek
24e8c78cb2 cwfs: add rtmp flag for check command to remove temporary files after recover 2013-07-18 15:04:37 +02:00
Alexander Polakov
efe1c9087a Add rt2860 to plan9.ini(8) 2013-07-09 17:41:25 +04:00
cinap_lenrek
b76142bfef hjfs: add users command, fix newuser ? documentation 2013-07-05 15:17:32 +02:00
ppatience0
e0f1e9e715 plan9.ini(8): typo 2013-07-03 21:28:49 -04:00
cinap_lenrek
cf38ab75fc reintroduce *notsc= option
the issues with the previous tsc change where not related to the tsc
but where problems with timesync using an old frequency file. a
patch to fix timesync was commited, so so we reintroduce the *notsc=
again.
2013-06-25 20:32:43 +02:00
cinap_lenrek
a8cc5cff0e wifi: allow selecting specific access point with bssid= parameter and wifictl command 2013-06-23 23:54:15 +02:00
cinap_lenrek
49c9955aea reverting *notsc= option, this needs another revision 2013-06-21 02:49:08 +02:00
cinap_lenrek
8da4c8dcde plan9.ini: add *notsc= option to disable use of TSC as righ resolution clock
we previously used tsc only on cpu kernel. now that
we use it on terminal kernel too, there might be some
surprises ahead.

so make it possible to disable tsc for machines where
the tsc rate is not kept constant across cores or is
dynamically adjusted by power management.
2013-06-19 20:56:01 +02:00
cinap_lenrek
646eb150e1 smtp: add SMTPS support (-t) 2013-06-12 23:39:41 +02:00
ppatience0
a5488ad1e6 plan9.ini(8): typo 2013-06-05 19:11:41 -04:00
cinap_lenrek
e8efd0a242 mkpaqfs(8): correct maximum block size (from erik quanstros mkpaqfsman patch) 2013-05-03 13:57:00 +02:00
cinap_lenrek
33d00fce10 wpa(8) document -1 and -2 options 2013-03-24 02:30:11 +01:00
ppatience0
39eaaaf07d wpa(8): fix typos 2013-03-10 19:25:01 -04:00
cinap_lenrek
cc02f96ed9 provide wpa(8) manual page 2013-03-09 19:18:00 +01:00
cinap_lenrek
3da5b76c0b 9boot: preserve configuration on boot error, add show command 2013-02-17 09:30:02 +01:00
cinap_lenrek
0ef41a6718 boot(8): manpage correction $objtype vs. $cputype (from /n/sources/patch/boot-cputype-objtype)
boot(8) claims that boot will launch /$objtype/init;
that is incorrect. It launches /$cputype/init (so says
both boot.c and cpurc(8)). That's the more sensible
choice. This patch fixes the man page to resolve the
mismatch.
2013-02-16 23:38:58 +01:00
cinap_lenrek
3c3808b280 plan9.ini(8): make more clear what firmware file to get for iwl 2013-02-13 11:03:19 +01:00
cinap_lenrek
42fc57d543 plan9.ini(8): document iwl options 2013-02-13 10:57:47 +01:00
stanley lieber
c877493fb0 add rc-httpd 2013-02-04 16:40:05 -06:00
cinap_lenrek
245355f719 document tcp445 (CIFS/SMB) listener 2013-01-28 16:41:25 +01:00
cinap_lenrek
f2f2c8687a 6in4: add -o option to make it possible to use different nets for ipv6 and ipv4 interface 2013-01-14 07:09:25 +01:00
cinap_lenrek
33768d90bf Four shall be the number thou shalt count, and the number of the counting shall be four. 2013-01-13 15:38:21 +01:00
cinap_lenrek
bad3007bd6 plan9.ini(8): isa uarts 2013-01-13 11:04:24 +01:00
cinap_lenrek
1c69f9c023 vac(1), ec(2), usb(3), hjfs(8): fix source reference 2013-01-09 08:17:09 +01:00
cinap_lenrek
6d6138fbd8 tlssrv(8): fix bad cross reference 2013-01-09 07:55:58 +01:00
cinap_lenrek
23b6f7ffcc aan(8): add cpu(1) remark as it also support -p iption 2012-12-30 18:47:32 +01:00
cinap_lenrek
7a99d3c6a6 ipconfig(8): better way to say it :) 2012-12-06 07:34:56 +01:00
cinap_lenrek
df8c55ec71 ipconfig(8): document new default behaviour for finding ethernet device 2012-12-06 07:30:16 +01:00
cinap_lenrek
b28f60cdd3 add C-Keens tls-client-auth
This patch adds client TLS authentication to libsec in compliance with
rfc 4346.

A new -c flag has been introduced for tlsclient allowing the user to
specify a certificate in pem(8) format which will be provided to the
server upon request.

A -D debug flag has been introduced to enable debugging output.

The patch has been tested against OpenSSL 0.9.7j 04 May 2006.

It exists today because of the great (debugging) help and insight
provided by Matthias Bauer.

TODOs:

- specification of a certain client key in factotum is not possible at
	the moment
- tlssrv should support this too

These will get added in another patch.

The first try to submit this patch failed due to a network error.
Sorry for the duplication!

Kind regards,

Christian
2012-11-15 19:32:53 +01:00
cinap_lenrek
fef6ff96ad update fshalt(8) manpage 2012-10-14 13:33:10 +02:00
stanley lieber
8b24e40e29 netaudit(8): english 2012-10-07 22:06:47 -05:00
cinap_lenrek
df66638fb5 netaudit changes and manual page 2012-10-08 00:56:00 +02:00
stanley lieber
e598b6dd31 hjfs(8): fix wording 2012-10-07 15:09:04 -05:00
stanley lieber
c2881f43fb add /sys/man/8/hjfs 2012-10-07 14:39:45 -05:00
stanley lieber
fa08484d47 cpuid(8): fix spelling 2012-09-28 21:49:12 -05:00
cinap_lenrek
cd9ac26eb7 cpuid(8) manpage improments 2012-09-29 04:12:42 +02:00
cinap_lenrek
934442ace2 cpuid(8) manpage 2012-09-29 03:57:59 +02:00
google
2c4947656f Add manpages for atazz and smart 2012-09-20 22:51:20 +12:00
cinap_lenrek
20b4f55603 9bootpxe: try /cfg/pxe/default if /cfg/pxe/$ether fails before breaking to the prompt. 2012-08-21 14:23:52 +02:00