the allow command now takes an optional uid argument for the user
to be granted temporary god status on the fileserver for maintenance.
this was kenji okomotos idea, so thanks :)
remove wstatallow and writeallow flags. instead, we have global:
int allowed;
that contains the uid of the currently allowed user id or -1
if permission checking is globally disabled for the fileserver.
when zero, normal permission checking takes place.
added int isallowed(File*) function that returns non-zero when the
context is the console, or the allowed user. this is also used internally
by iaccess(), so all the extra code of in the callers of iaccess()
is gone now.
dont conflate allowed user with noauth flag and auto-allow on ream.
the installer already knows about noauth and allow flags so theres no
problem with bootstraping.
instead of naming devices by ther dynamically assigned device address,
we hash device uniqueue fields from the device descriptor and produce
a 5 digit hex string that will identify the device across machines.
when there is a collision (less than 1% chance with 100 devices),
usbd will append the device address to the name to make it uniqueue
for this machine.
the hname is passed to drivers in the devid argument, which now has
the form addr:hname, where the colon and hname can be omited (for backwards
compatibility).
when the new behaviour isnt desired, nousbhname= environment variable
can be defined giving the old behaviour.
the issues with the previous tsc change where not related to the tsc
but where problems with timesync using an old frequency file. a
patch to fix timesync was commited, so so we reintroduce the *notsc=
again.
we previously used tsc only on cpu kernel. now that
we use it on terminal kernel too, there might be some
surprises ahead.
so make it possible to disable tsc for machines where
the tsc rate is not kept constant across cores or is
dynamically adjusted by power management.
boot(8) claims that boot will launch /$objtype/init;
that is incorrect. It launches /$cputype/init (so says
both boot.c and cpurc(8)). That's the more sensible
choice. This patch fixes the man page to resolve the
mismatch.
This patch adds client TLS authentication to libsec in compliance with
rfc 4346.
A new -c flag has been introduced for tlsclient allowing the user to
specify a certificate in pem(8) format which will be provided to the
server upon request.
A -D debug flag has been introduced to enable debugging output.
The patch has been tested against OpenSSL 0.9.7j 04 May 2006.
It exists today because of the great (debugging) help and insight
provided by Matthias Bauer.
TODOs:
- specification of a certain client key in factotum is not possible at
the moment
- tlssrv should support this too
These will get added in another patch.
The first try to submit this patch failed due to a network error.
Sorry for the duplication!
Kind regards,
Christian
