ssh terminal settings
I am doing some automation stuff with freebsd. on my local machine I am using Net::SSH::Expect (perl library) to run commands on FreeBSD machine. The problem is when I execute commands on FreeBSD, I am not able to get the output of that command on my local machine. All I am getting is remote shell as a output. Same script work perfectly if I run it against linux target. my $ssh = Net::SSH::Expect-new ( host=172.18.28.104, user=root, password= root, timeout=5, raw_pty=1 ); $ssh-login(); my $out = $ssh-exec(ps -aux); print $out; //Here I expect complete ps output, which is not working for FreeBSD. Is there any terminal setting that I have to do to achieve this? How does shell gets allocated when we start ssh session? --Ashish ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Fwd: linking part of openssl into a kernel ?
Hi! I am working on a piece of kernel software, that needs to use publc key cryptography, especially RSA. As far as i know, no RSA related in-kernel functionality is currently implemented. Writing a new implementation of key management, and the algorithm itself, and making it stable and efficent is rather long and slippery road, so i started to look shy on openssl. Porting just RSA and key-related stuff is again, a tiresome work. I am rather lazy, and i thought, that maybe I could force linker to to the job for me, i.e. link kernel against openssl library to get just some function that i am interested in. My question is: how to achieve this ? Second: Any better idea ? Is it totally stupid idea ? regards, ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
linking part of openssl into a kernel ?
Hi! I am working on a piece of kernel software, that needs to use publc key cryptography, especially RSA. As far as i know, no RSA related in-kernel functionality is currently implemented. Writing a new implementation of key management, and the algorithm itself, and making it stable and efficent is rather long and slippery road, so i started to look shy on openssl. Porting just RSA and key-related stuff is again, a tiresome work. I am rather lazy, and i thought, that maybe I could force linker to to the job for me, i.e. link kernel against openssl library to get just some function that i am interested in. My question is: how to achieve this ? Second: Any better idea ? Is it totally stupid idea ? regards, ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: CFR: FEATURE macros for AUDIT/CAM/IPC/KTR/MAC/NFS/NTP/PMC/SYSV/...
Quoting Robert Watson rwat...@freebsd.org (from Sat, 12 Feb 2011 19:08:59 + (GMT)): On Sat, 12 Feb 2011, Alexander Leidinger wrote: On Sat, 12 Feb 2011 00:52:48 + (GMT) Robert Watson rwat...@freebsd.org wrote: The one comment I'd make is that the MAC case should indicate that The MAC Framework is supported, rather than mandatory access controls being present -- the presence of the framework doesn't imply the presence of mandatory access control policies. Does FEATURE(mac, Mandatory Access Control Framework support); look better? Alternatively/additionally we could use mac_framework as the name of the feature. The above seems fine -- while I've been moving to names like mac_framework.h, it's still options MAC and security/mac, etc, and think that mac is the most consistent options. Committed. If you want you can modify some userland applications to check for it now with feature_present(3). When every feature macro of the GSoC project is committed, I will commit a change to this function (being able to administratively tell a feature is not there when it is there), and a corresponding userland app to be able to use it in scripts. Bye, Alexander. -- One place where you're sure to find the perfect driver is in the back seat. http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Basic UTF-8 support for sh(1)
Here is a patch that adds basic UTF-8 support to sh(1). This is enabled
if the locale is set appropriately.
Features:
* ${#var} counts codepoints. (Really, bytes with (b 0xc0) != 0x80.)
* ?, [...] patterns match codepoints instead of bytes. They do not match
invalid sequences. This is so that ${var#?} removes the first
codepoint, not the first byte. However, * continues to match any
string and an invalid sequence matches an identical invalid sequence.
(This differs from fnmatch(3).)
Internal:
* CTL* bytes are moved to bytes that cannot occur in UTF-8 so that
mbrtowc(3) can be used directly. The new locations do occur in
iso-8859-* encodings.
Limitations:
* Only UTF-8 support is added, not any other multibyte encodings. I do
not want to bloat up sh with mbrtowc(3) and similar everywhere.
* Invalid sequences may not be handled as desired. It seems aborting on
invalid UTF-8 sequences would break things, so they are let through.
This also avoids bloating the code up with checking everywhere.
* There is no special treatment for combining characters, accented
letters may match ? or ?? or even more depending on normalization
form. This matches other code in FreeBSD and is usually good enough
because normalization forms that use as few codepoints as possible
tend to be used.
* IFS remains byte-based as in ksh93 (but unlike bash and zsh).
* Our version of libedit does not support UTF-8 so sh will still be
rather unpleasant to use interactively with characters not in
us-ascii.
Is this useful and worth the (small) bloat?
A somewhat related feature is support for \u and \U
sequences in $'...' (this will be added to POSIX, see
http://austingroupbugs.net/view.php?id=249 and I plan to add it to sh).
Ideally, these are converted using iconv(3) but as long as it is not
unconditionally available in base or if it is not supposed to be used,
the codepoints can be encoded in UTF-8 for UTF-8 locales, leaving other
locales with question marks.
--
Jilles Tjoelker
Index: parser.h
===
--- parser.h (revision 218371)
+++ parser.h (working copy)
@@ -34,16 +34,16 @@
*/
/* control characters in argument strings */
-#define CTLESC '\201'
-#define CTLVAR '\202'
-#define CTLENDVAR '\203'
-#define CTLBACKQ '\204'
+#define CTLESC '\300'
+#define CTLVAR '\301'
+#define CTLENDVAR '\371'
+#define CTLBACKQ '\372'
#define CTLQUOTE 01 /* ored with CTLBACKQ code if in quotes */
/* CTLBACKQ | CTLQUOTE == '\205' */
-#define CTLARI '\206'
-#define CTLENDARI '\207'
-#define CTLQUOTEMARK '\210'
-#define CTLQUOTEEND '\211' /* only for ${v+-...} */
+#define CTLARI '\374'
+#define CTLENDARI '\375'
+#define CTLQUOTEMARK '\376'
+#define CTLQUOTEEND '\377' /* only for ${v+-...} */
/* variable substitution byte (follows CTLVAR) */
#define VSTYPE 0x0f /* type of variable substitution */
Index: sh.1
===
--- sh.1 (revision 218467)
+++ sh.1 (working copy)
@@ -2510,4 +2510,7 @@ was originally written by
.Sh BUGS
The
.Nm
-utility does not recognize multibyte characters.
+utility does not recognize multibyte characters other than UTF-8.
+The line editing library
+.Xr editline 3
+does not recognize multibyte characters.
Index: expand.c
===
--- expand.c (revision 218371)
+++ expand.c (working copy)
@@ -52,6 +52,7 @@ __FBSDID($FreeBSD$);
#include stdlib.h
#include string.h
#include unistd.h
+#include wchar.h
/*
* Routines to expand arguments to commands. We have to deal with
@@ -111,16 +112,16 @@ static void addfname(char *);
static struct strlist *expsort(struct strlist *);
static struct strlist *msort(struct strlist *, int);
static char *cvtnum(int, char *);
-static int collate_range_cmp(int, int);
+static int collate_range_cmp(wchar_t, wchar_t);
static int
-collate_range_cmp(int c1, int c2)
+collate_range_cmp(wchar_t c1, wchar_t c2)
{
- static char s1[2], s2[2];
+ static wchar_t s1[2], s2[2];
s1[0] = c1;
s2[0] = c2;
- return (strcoll(s1, s2));
+ return (wcscoll(s1, s2));
}
/*
@@ -665,6 +666,7 @@ evalvar(char *p, int flag)
int special;
int startloc;
int varlen;
+ int varlenb;
int easy;
int quotes = flag (EXP_FULL | EXP_CASE | EXP_REDIR);
@@ -712,8 +714,15 @@ again: /* jump here after setting a variable with
if (special) {
varvalue(var, varflags VSQUOTE, subtype, flag);
if (subtype == VSLENGTH) {
-varlen = expdest - stackblock() - startloc;
-STADJUST(-varlen, expdest);
+varlenb = expdest - stackblock() - startloc;
+varlen = varlenb;
+if (localeisutf8) {
+ val = stackblock() + startloc;
+ for (;val != expdest; val++)
+ if ((*val 0xC0) == 0x80)
+ varlen--;
+}
+STADJUST(-varlenb, expdest);
}
} else {
char const *syntax = (varflags VSQUOTE) ? DQSYNTAX
@@ -721,7 +730,9 @@ again: /* jump here after setting a
Re: Why FreeBSD fetch does not download a file via a proxy for HTTPS URLS (the same works fine for HTTP urls)
Hi RW,
Thanks alot for your reply.
Do you mean to say curl also not using a CONNECT to tunnel through to the
actual server?
How can I achieve downloading files HTTPS over a proxy?
Thanks
%20http://permalink.gmane.org/gmane.os.freebsd.devel.hackers/42588
-Chandra
Hi All,
I am working on a project where i need to download a file via a proxy
server using HTTPS protocol. I found that fetch does not work/support
HTTPS requests over a proxy.
I just checked and neither do wget nor curl.
I could overcome the above problem if I do the following change.
1375:
1.58
http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.58
des 1376:if (purl) { 1.51
http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.51
des 1377:URL = purl;
I don't think that would work, presumably it would just cause an
attempt at an ssl connection to the proxy, followed by a GET request
for an https URL. https through a proxy is supposed to use a CONNECT to
tunnel through to the actual server.
On Thu, Feb 24, 2011 at 12:49 PM, chandra reddy cred...@gmail.com wrote:
Hi All,
I am working on a project where i need to download a file via a proxy
server using HTTPS protocol. I found that fetch does not work/support HTTPS
requests over a proxy.
My setup would be like this:
Intranet
Internet
---
| https or http |
https
| Client m/cs - Porxy Server
--- Destination Server (or Download server)
| |
---
I can use https or http protocol between Client and Proxy but only HTTPS
is used between proxy and Destination server(or Download server) .
I tried to use squid proxy as my proxy server and tried to download a
file from my download server to Client m/c using FreeBSD fetch command.
It fails to download a file via proxy for HTTPS requests Please note that
Proxy setup is 100% correct and a web server (Apache) running fine.
[I have tested it using my Mozilla browser on my PC].
I have done the following:
1. *Download a file using HTTPS over a proxy server*
#env HTTP_PROXY=http://proxy-server-ip:3128/ /usr/sbin/fetch -v -o
/tmp/download.out 'https://destination-server-ip/index.htm'
looking up destination-server-ip
connecting todestination-server-ip:443
connection established
fetch: https://destination-server-ip/index.htm Authentication error
Even I have tried this also and found the same error.
#env HTTP_PROXY=https://proxy-server-ip:3128/ /usr/sbin/fetch -v -o
/tmp/download.out 'https://destination-serve-ip/index.htm'
My question is why it is not connected via Proxy sever. It tries to
connect directly. I could see that if I use HTTP protocol then it connects
via proxy.
Please see the logs here.
2. *Download a file using HTTP over a proxy server*
#env HTTP_PROXY=http://proxy-server-ip:3128/ /usr/sbin/fetch -v -o
/tmp/download.out 'http://destination-server-ip/index.htm'
looking up proxy-server-ip
connecting to proxy-server-ip:3128
connection established
requesting http://destination-server-ip/index.htm
Even I have tried this also and found that works fine.
#env HTTP_PROXY=https://proxy-server-ip:3128/ /usr/sbin/fetch -v -o
/tmp/download.out 'http://destination-serve-ip/index.htm'
I have debugged fetch and found that the following check is stopping
HTTPS requests over a proxy.
*http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c
.OR.
http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c?annotate=1.78.2.5.4.1
*
1375:
1.58 http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.58
des 1376:if (purl strcasecmp(URL-scheme, SCHEME_HTTPS)
!= 0) {
1.51 http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.51
des 1377:URL = purl;
I could overcome the above problem if I do the following change.
1375:
1.58 http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.58
des 1376:if (purl) {
1.51 http://www.freebsd.org/cgi/cvsweb.cgi/src/lib/libfetch/http.c#rev1.51
des 1377:URL = purl;
I want to know why HTTPS over proxy is not working with libfetch. I want
to make it work how can do it?
Thanks
-Chandra
--
Thanks,
cr();
--
Remote debugging a buggy debugger with a cross buggy debugger is a funny
thing
quotas an essential feature? (was: svn commit: r218953 - stable/8/usr.sbin/sysinstall)
I promise to enable UFS quotas in GENERIC in one week unless anybody objects now. Huh? I thought GENERIC was supposed to include everything you needed to boot, not every possible feature that someone might desire? But requests to include things required to boot get rejected and nonessential features like quotas get added. WTF? ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: quotas an essential feature? (was: svn commit: r218953 - stable/8/usr.sbin/sysinstall)
Actually, GENERIC is there to provide the most features for the most uses. A large percentage of users don't config new kernels, and FreeBSD has not elected the approach Digital Unix (aka DUH) took about installs which required a reconfig as one of the last steps of an installation. I can't speak to your required to boot case- not sure what you're referring to. I also have been sometimes unhappy about things that can't be added for booting, but that's really more of a need a driver disk or options disk kind of case that was more during the FreeBSD delivered on floppy which is long ago and far away and a country now pushing up daisies. On 2/25/2011 11:02 AM, dieter...@engineer.com wrote: I promise to enable UFS quotas in GENERIC in one week unless anybody objects now. Huh? I thought GENERIC was supposed to include everything you needed to boot, not every possible feature that someone might desire? But requests to include things required to boot get rejected and nonessential features like quotas get added. WTF? ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: quotas an essential feature? (was: svn commit: r218953 - stable/8/usr.sbin/sysinstall)
While I can understand some may want its not something we use on any of our machines, and I suspect that's the case for many others. Given adding it means the kernel will be doing extra work and hence a drop in performance for a feature most will never use, I'm guessing here, I would say just leave it out of generic unless there is a real pressing requirement for it? Regards Steve This e.mail is private and confidential between Multiplay (UK) Ltd. and the person or entity to whom it is addressed. In the event of misdirection, the recipient is prohibited from using, copying, printing or otherwise disseminating it or any information contained in it. In the event of misdirection, illegible or incomplete transmission please telephone +44 845 868 1337 or return the E.mail to postmas...@multiplay.co.uk. ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
Re: quotas an essential feature? (was: svn commit: r218953 - stable/8/usr.sbin/sysinstall)
On Feb 25, 2011, at 3:46 PM, Steven Hartland wrote: While I can understand some may want its not something we use on any of our machines, and I suspect that's the case for many others. Given adding it means the kernel will be doing extra work and hence a drop in performance... Does anyone have benchmark results to measure the performance hit? Tim ___ freebsd-hackers@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-hackers To unsubscribe, send any mail to freebsd-hackers-unsubscr...@freebsd.org
