ssh terminal settings
I am doing some automation stuff with freebsd. on my local machine I am using Net::SSH::Expect (perl library) to run commands on FreeBSD machine. The problem is when I execute commands on FreeBSD, I am not able to get the output of that command on my local machine. All I am getting is remote shell as a output. Same script work perfectly if I run it against linux target. my $ssh = Net::SSH::Expect-new ( host=172.18.28.104, user=root, password= root, timeout=5, raw_pty=1 ); $ssh-login(); my $out = $ssh-exec(ps -aux); print $out; //Here I expect complete ps output, which is not working for FreeBSD. Is there any terminal setting that I have to do to achieve this? How does shell gets allocated when we start ssh session? --Ashish ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Fwd: linking part of openssl into a kernel ?
Hi! I am working on a piece of kernel software, that needs to use publc key cryptography, especially RSA. As far as i know, no RSA related in-kernel functionality is currently implemented. Writing a new implementation of key management, and the algorithm itself, and making it stable and efficent is rather long and slippery road, so i started to look shy on openssl. Porting just RSA and key-related stuff is again, a tiresome work. I am rather lazy, and i thought, that maybe I could force linker to to the job for me, i.e. link kernel against openssl library to get just some function that i am interested in. My question is: how to achieve this ? Second: Any better idea ? Is it totally stupid idea ? regards, ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
linking part of openssl into a kernel ?
Hi! I am working on a piece of kernel software, that needs to use publc key cryptography, especially RSA. As far as i know, no RSA related in-kernel functionality is currently implemented. Writing a new implementation of key management, and the algorithm itself, and making it stable and efficent is rather long and slippery road, so i started to look shy on openssl. Porting just RSA and key-related stuff is again, a tiresome work. I am rather lazy, and i thought, that maybe I could force linker to to the job for me, i.e. link kernel against openssl library to get just some function that i am interested in. My question is: how to achieve this ? Second: Any better idea ? Is it totally stupid idea ? regards, ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: CFR: FEATURE macros for AUDIT/CAM/IPC/KTR/MAC/NFS/NTP/PMC/SYSV/...
Quoting Robert Watson rwat...@freebsd.org (from Sat, 12 Feb 2011 19:08:59 + (GMT)): On Sat, 12 Feb 2011, Alexander Leidinger wrote: On Sat, 12 Feb 2011 00:52:48 + (GMT) Robert Watson rwat...@freebsd.org wrote: The one comment I'd make is that the MAC case should indicate that The MAC Framework is supported, rather than mandatory access controls being present -- the presence of the framework doesn't imply the presence of mandatory access control policies. Does FEATURE(mac, Mandatory Access Control Framework support); look better? Alternatively/additionally we could use mac_framework as the name of the feature. The above seems fine -- while I've been moving to names like mac_framework.h, it's still options MAC and security/mac, etc, and think that mac is the most consistent options. Committed. If you want you can modify some userland applications to check for it now with feature_present(3). When every feature macro of the GSoC project is committed, I will commit a change to this function (being able to administratively tell a feature is not there when it is there), and a corresponding userland app to be able to use it in scripts. Bye, Alexander. -- One place where you're sure to find the perfect driver is in the back seat. http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Basic UTF-8 support for sh(1)
Here is a patch that adds basic UTF-8 support to sh(1). This is enabled if the locale is set appropriately. Features: * ${#var} counts codepoints. (Really, bytes with (b 0xc0) != 0x80.) * ?, [...] patterns match codepoints instead of bytes. They do not match invalid sequences. This is so that ${var#?} removes the first codepoint, not the first byte. However, * continues to match any string and an invalid sequence matches an identical invalid sequence. (This differs from fnmatch(3).) Internal: * CTL* bytes are moved to bytes that cannot occur in UTF-8 so that mbrtowc(3) can be used directly. The new locations do occur in iso-8859-* encodings. Limitations: * Only UTF-8 support is added, not any other multibyte encodings. I do not want to bloat up sh with mbrtowc(3) and similar everywhere. * Invalid sequences may not be handled as desired. It seems aborting on invalid UTF-8 sequences would break things, so they are let through. This also avoids bloating the code up with checking everywhere. * There is no special treatment for combining characters, accented letters may match ? or ?? or even more depending on normalization form. This matches other code in FreeBSD and is usually good enough because normalization forms that use as few codepoints as possible tend to be used. * IFS remains byte-based as in ksh93 (but unlike bash and zsh). * Our version of libedit does not support UTF-8 so sh will still be rather unpleasant to use interactively with characters not in us-ascii. Is this useful and worth the (small) bloat? A somewhat related feature is support for \u and \U sequences in $'...' (this will be added to POSIX, see http://austingroupbugs.net/view.php?id=249 and I plan to add it to sh). Ideally, these are converted using iconv(3) but as long as it is not unconditionally available in base or if it is not supposed to be used, the codepoints can be encoded in UTF-8 for UTF-8 locales, leaving other locales with question marks. -- Jilles Tjoelker Index: parser.h === --- parser.h (revision 218371) +++ parser.h (working copy) @@ -34,16 +34,16 @@ */ /* control characters in argument strings */ -#define CTLESC '\201' -#define CTLVAR '\202' -#define CTLENDVAR '\203' -#define CTLBACKQ '\204' +#define CTLESC '\300' +#define CTLVAR '\301' +#define CTLENDVAR '\371' +#define CTLBACKQ '\372' #define CTLQUOTE 01 /* ored with CTLBACKQ code if in quotes */ /* CTLBACKQ | CTLQUOTE == '\205' */ -#define CTLARI '\206' -#define CTLENDARI '\207' -#define CTLQUOTEMARK '\210' -#define CTLQUOTEEND '\211' /* only for ${v+-...} */ +#define CTLARI '\374' +#define CTLENDARI '\375' +#define CTLQUOTEMARK '\376' +#define CTLQUOTEEND '\377' /* only for ${v+-...} */ /* variable substitution byte (follows CTLVAR) */ #define VSTYPE 0x0f /* type of variable substitution */ Index: sh.1 === --- sh.1 (revision 218467) +++ sh.1 (working copy) @@ -2510,4 +2510,7 @@ was originally written by .Sh BUGS The .Nm -utility does not recognize multibyte characters. +utility does not recognize multibyte characters other than UTF-8. +The line editing library +.Xr editline 3 +does not recognize multibyte characters. Index: expand.c === --- expand.c (revision 218371) +++ expand.c (working copy) @@ -52,6 +52,7 @@ __FBSDID($FreeBSD$); #include stdlib.h #include string.h #include unistd.h +#include wchar.h /* * Routines to expand arguments to commands. We have to deal with @@ -111,16 +112,16 @@ static void addfname(char *); static struct strlist *expsort(struct strlist *); static struct strlist *msort(struct strlist *, int); static char *cvtnum(int, char *); -static int collate_range_cmp(int, int); +static int collate_range_cmp(wchar_t, wchar_t); static int -collate_range_cmp(int c1, int c2) +collate_range_cmp(wchar_t c1, wchar_t c2) { - static char s1[2], s2[2]; + static wchar_t s1[2], s2[2]; s1[0] = c1; s2[0] = c2; - return (strcoll(s1, s2)); + return (wcscoll(s1, s2)); } /* @@ -665,6 +666,7 @@ evalvar(char *p, int flag) int special; int startloc; int varlen; + int varlenb; int easy; int quotes = flag (EXP_FULL | EXP_CASE | EXP_REDIR); @@ -712,8 +714,15 @@ again: /* jump here after setting a variable with if (special) { varvalue(var, varflags VSQUOTE, subtype, flag); if (subtype == VSLENGTH) { -varlen = expdest - stackblock() - startloc; -STADJUST(-varlen, expdest); +varlenb = expdest - stackblock() - startloc; +varlen = varlenb; +if (localeisutf8) { + val = stackblock() + startloc; + for (;val != expdest; val++) + if ((*val 0xC0) == 0x80) + varlen--; +} +STADJUST(-varlenb, expdest); } } else { char const *syntax = (varflags VSQUOTE) ? DQSYNTAX @@ -721,7 +730,9 @@ again: /* jump here after setting a
Re: Why FreeBSD fetch does not download a file via a proxy for HTTPS URLS (the same works fine for HTTP urls)
Hi RW, Thanks alot for your reply. Do you mean to say curl also not using a CONNECT to tunnel through to the actual server? How can I achieve downloading files HTTPS over a proxy? Thanks %20http://permalink.gmane.org/gmane.os.freebsd.devel.hackers/42588 -Chandra Hi All, I am working on a project where i need to download a file via a proxy server using HTTPS protocol. I found that fetch does not work/support HTTPS requests over a proxy. I just checked and neither do wget nor curl. I could overcome the above problem if I do the following change. 1375: 1.58 http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.58 des 1376:if (purl) { 1.51 http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.51 des 1377:URL = purl; I don't think that would work, presumably it would just cause an attempt at an ssl connection to the proxy, followed by a GET request for an https URL. https through a proxy is supposed to use a CONNECT to tunnel through to the actual server. On Thu, Feb 24, 2011 at 12:49 PM, chandra reddy cred...@gmail.com wrote: Hi All, I am working on a project where i need to download a file via a proxy server using HTTPS protocol. I found that fetch does not work/support HTTPS requests over a proxy. My setup would be like this: Intranet Internet --- | https or http | https | Client m/cs - Porxy Server --- Destination Server (or Download server) | | --- I can use https or http protocol between Client and Proxy but only HTTPS is used between proxy and Destination server(or Download server) . I tried to use squid proxy as my proxy server and tried to download a file from my download server to Client m/c using FreeBSD fetch command. It fails to download a file via proxy for HTTPS requests Please note that Proxy setup is 100% correct and a web server (Apache) running fine. [I have tested it using my Mozilla browser on my PC]. I have done the following: 1. *Download a file using HTTPS over a proxy server* #env HTTP_PROXY=http://proxy-server-ip:3128/ /usr/sbin/fetch -v -o /tmp/download.out 'https://destination-server-ip/index.htm' looking up destination-server-ip connecting todestination-server-ip:443 connection established fetch: https://destination-server-ip/index.htm Authentication error Even I have tried this also and found the same error. #env HTTP_PROXY=https://proxy-server-ip:3128/ /usr/sbin/fetch -v -o /tmp/download.out 'https://destination-serve-ip/index.htm' My question is why it is not connected via Proxy sever. It tries to connect directly. I could see that if I use HTTP protocol then it connects via proxy. Please see the logs here. 2. *Download a file using HTTP over a proxy server* #env HTTP_PROXY=http://proxy-server-ip:3128/ /usr/sbin/fetch -v -o /tmp/download.out 'http://destination-server-ip/index.htm' looking up proxy-server-ip connecting to proxy-server-ip:3128 connection established requesting http://destination-server-ip/index.htm Even I have tried this also and found that works fine. #env HTTP_PROXY=https://proxy-server-ip:3128/ /usr/sbin/fetch -v -o /tmp/download.out 'http://destination-serve-ip/index.htm' I have debugged fetch and found that the following check is stopping HTTPS requests over a proxy. *http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c .OR. http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c?annotate=1.78.2.5.4.1 * 1375: 1.58 http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.58 des 1376:if (purl strcasecmp(URL-scheme, SCHEME_HTTPS) != 0) { 1.51 http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.51 des 1377:URL = purl; I could overcome the above problem if I do the following change. 1375: 1.58 http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.58 des 1376:if (purl) { 1.51 http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.51 des 1377:URL = purl; I want to know why HTTPS over proxy is not working with libfetch. I want to make it work how can do it? Thanks -Chandra -- Thanks, cr(); -- Remote debugging a buggy debugger with a cross buggy debugger is a funny thing
quotas an essential feature? (was: svn commit: r218953 - stable/8/usr.sbin/sysinstall)
I promise to enable UFS quotas in GENERIC in one week unless anybody objects now. Huh? I thought GENERIC was supposed to include everything you needed to boot, not every possible feature that someone might desire? But requests to include things required to boot get rejected and nonessential features like quotas get added. WTF? ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: quotas an essential feature? (was: svn commit: r218953 - stable/8/usr.sbin/sysinstall)
Actually, GENERIC is there to provide the most features for the most uses. A large percentage of users don't config new kernels, and FreeBSD has not elected the approach Digital Unix (aka DUH) took about installs which required a reconfig as one of the last steps of an installation. I can't speak to your required to boot case- not sure what you're referring to. I also have been sometimes unhappy about things that can't be added for booting, but that's really more of a need a driver disk or options disk kind of case that was more during the FreeBSD delivered on floppy which is long ago and far away and a country now pushing up daisies. On 2/25/2011 11:02 AM, dieter...@engineer.com wrote: I promise to enable UFS quotas in GENERIC in one week unless anybody objects now. Huh? I thought GENERIC was supposed to include everything you needed to boot, not every possible feature that someone might desire? But requests to include things required to boot get rejected and nonessential features like quotas get added. WTF? ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: quotas an essential feature? (was: svn commit: r218953 - stable/8/usr.sbin/sysinstall)
While I can understand some may want its not something we use on any of our machines, and I suspect that's the case for many others. Given adding it means the kernel will be doing extra work and hence a drop in performance for a feature most will never use, I'm guessing here, I would say just leave it out of generic unless there is a real pressing requirement for it? Regards Steve This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmas...@multiplay.co.uk. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: quotas an essential feature? (was: svn commit: r218953 - stable/8/usr.sbin/sysinstall)
On Feb 25, 2011, at 3:46 PM, Steven Hartland wrote: While I can understand some may want its not something we use on any of our machines, and I suspect that's the case for many others. Given adding it means the kernel will be doing extra work and hence a drop in performance... Does anyone have benchmark results to measure the performance hit? Tim ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org