date:20211023

anoncvs2.ca.openbsd.org ssh key fingerprint != OpenBSD website

2021-10-23 Thread Jonathan Thornburg

anoncvs2.ca.openbsd.org is reporting a different ssh key fingerprint
than that listed in https://www.openbsd.org/anoncvs.html.

That is, https://www.openbsd.org/anoncvs.html says that one of OpenBSD's
anoncvs servers is
>  * CVSROOT=anon...@anoncvs2.ca.openbsd.org:/cvs
>Location: Alberta, Canada.
>Maintained by Bob Beck.
>Protocols: ssh.
>SSH fingerprints:
>(RSA) SHA256:VfzLrOeqzIfWiNdJ0SpHvk3JU4a+VpNzwjxzZ7lWaNY
>(ECDSA) SHA256:IQrHoNZPHmhnR1R3qMURVH3e83f95IZXdkNjFZCnKfw
>(ED25519) SHA256:7grIp6jKgas/PLrVqaSwLh60k626+iaGw/BBFSfr7ck

but this machine reports a different key signature when I connect to it:

% setenv CVSROOT anon...@anoncvs2.ca.openbsd.org:/cvs
% cvs -d $CVSROOT update -Pd www
The authenticity of host 'anoncvs2.ca.openbsd.org (129.128.5.194)' can't be 
established.
ED25519 key fingerprint is SHA256:c9tOA7pOlwaGCRCkjqOn6ba0d7G6EAqJkwtXMCu5Hts.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?

--
-- "Jonathan Thornburg [remove color- to reply]" 
   on the west coast of Canada, eh?
   "There was of course no way of knowing whether you were being watched
at any given moment.  How often, or on what system, the Thought Police
plugged in on any individual wire was guesswork.  It was even conceivable
that they watched everybody all the time."  -- George Orwell, "1984"

Re: USB devices power control

2021-10-23 Thread Adam Thompson

The simplest could be something like these,
https://www.amazon.ca/Powered-USB-Hub/s?k=Powered+USB+Hub.
11 (of the first 12) products are USB 3 hubs with individual port power
controls.
I have seen single-port USB cables with power switches, too, although I
don't remember where.

Your idea could be better, but these already exist.

Only some (although, *most* AFAIK) USB hub chipsets support turning
power on and off for individual ports. Under Linux you can use
https://github.com/mvp/uhubctl to control it. Nothing exists (that I
know of) under OpenBSD today.

You might also use a "smart" hub like those seen at
https://electronics.stackexchange.com/questions/393468/efficient-way-to-selectively-unpower-usb-ports
and port the necessary software to OpenBSD. (The ugen device driver
would probably be adequate, but it might be more of a rewrite than a
port. No idea how painful that would wind up being, I've never
programmed anything using ugen.)

Options exist, but it's possible none of them are *exactly* what you
want.

-Adam

On 2021-10-07 11:57, jeanfrancois wrote:

Ok thank both,

I might develop such device then, if other people interested I'd share
the product.

I'll be used to have backup / spare drives online for the work time
only;

Jean-François

Le 06/10/2021 à 16:36, m...@josuah.net a écrit :

If nothing can be found software-side, a dedicated hardware
could possibly do it.

If it exists driver side, some tool like this could give a
hint for finding it on other operating system, and then comparing
with OpenBSD as well as getting the actual standard names for
that feature: https://github.com/mvp/uhubctl

Not really a solution, but rather a way to get a little
closer.

Re: httpd(8) - Internal Server error (500) on invalid request

2021-10-23 Thread Sebastian Benoit

Matthias Pressfreund(m...@fn.de) on 2021.10.23 17:16:18 +0200:
> On 2021-10-21 16:38, Sebastian Benoit wrote:
> > 
> > This diff makes httpd return "505 HTTP Version Not Supported"
> > for < 0.9 and > 1.9 http versions. Anything from 1.1 to 1.9 is
> > interpreted as 1.1. This is what nginx does too.
> 
> 
> I don't understand why an invalid HTTP version sent by the client
> should result in a server error while the problem actually is on
> the other side, isn't it? Wouldn't a "400 Bad Request" response
> instead of a "505 HTTP Version Not Supported" be more appropriate?

because 

 505 HTTP Version Not Supported

means

 The server does not support the HTTP protocol version used in the request.

I think its appropiate, nginx responds the same.

> Second, the latest version correctly detects "HTTP/4.0" (for
> example) as an unsupported version while "HTTP/123" wrongly is
> accepted as "HTTP/1.1".

i might add that indeed, thx.

> 
> The suggestion below changes both of the above.
> 
> Index: usr.sbin/httpd/server_http.c
> ===
> RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
> retrieving revision 1.145
> diff -u -p -r1.145 server_http.c
> --- usr.sbin/httpd/server_http.c  22 Oct 2021 08:51:50 -  1.145
> +++ usr.sbin/httpd/server_http.c  23 Oct 2021 14:39:50 -
> @@ -206,8 +206,12 @@ http_version_num(char *version)
>   return (9);
>   if (strcmp(version, "HTTP/1.0") == 0)
>   return (10);
> + /* version strings other than 8 chars long are invalid */
> + if (strlen(version) != 8)
> + return (0);
>   /* any other version 1.x gets downgraded to 1.1 */
> - if (strncmp(version, "HTTP/1", 6) == 0)
> + if (strncmp(version, "HTTP/1.", 7) == 0 &&
> + version[7] >= '1' && version[7] <= '9')
>   return (11);
>  
>   return (0);
> @@ -350,13 +354,13 @@ server_read_http(struct bufferevent *bev
>* be changed independently by the filters later.
>* Allow HTTP version 0.9 to 1.1.
>* Downgrade http version > 1.1 <= 1.9 to version 1.1.
> -  * Return HTTP Version Not Supported for anything else.
> +  * Anything else is a client error (malformed version).
>*/
>  
>   version = http_version_num(http_version);
>  
>   if (version == 0) {
> - server_abort_http(clt, 505, "bad http version");
> + server_abort_http(clt, 400, "malformed");
>   goto abort;
>   } else if (version == 11) {
>   if ((desc->http_version =
> 
> 
> 
> > 
> > ok?
> > 
> > diff --git usr.sbin/httpd/server_http.c usr.sbin/httpd/server_http.c
> > index 6a74f3e45c5..52aaf3711c2 100644
> > --- usr.sbin/httpd/server_http.c
> > +++ usr.sbin/httpd/server_http.c
> > @@ -51,6 +51,7 @@ intserver_http_authenticate(struct 
> > server_config *,
> > struct client *);
> >  char   *server_expand_http(struct client *, const char *,
> > char *, size_t);
> > +int http_version_num(char *);
> >  
> >  static struct http_method   http_methods[] = HTTP_METHODS;
> >  static struct http_errorhttp_errors[] = HTTP_ERRORS;
> > @@ -198,6 +199,19 @@ done:
> > return (ret);
> >  }
> >  
> > +int http_version_num(char *version)
> > +{
> > +   if (strcmp(version, "HTTP/0.9") == 0)
> > +   return (9);
> > +   if (strcmp(version, "HTTP/1.0") == 0)
> > +   return (10);
> > +   /* any other version 1.x gets downgraded to 1.1 */
> > +   if (strncmp(version, "HTTP/1", 6) == 0)
> > +   return (11);
> > +
> > +   return (0);
> > +}
> > +
> >  void
> >  server_read_http(struct bufferevent *bev, void *arg)
> >  {
> > @@ -207,6 +221,7 @@ server_read_http(struct bufferevent *bev, void *arg)
> > char*line = NULL, *key, *value;
> > const char  *errstr;
> > size_t   size, linelen;
> > +   int  version;
> > struct kv   *hdr = NULL;
> >  
> > getmonotime(>clt_tv_last);
> > @@ -329,12 +344,29 @@ server_read_http(struct bufferevent *bev, void *arg)
> > *desc->http_query++ = '\0';
> >  
> > /*
> > -* Have to allocate the strings because they could
> > +* We have to allocate the strings because they could
> >  * be changed independently by the filters later.
> > +* Allow HTTP version 0.9 to 1.1.
> > +* Downgrade http version > 1.1 <= 1.9 to version 1.1.
> > +* Return HTTP Version Not Supported for anything else.
> >  */
> > -   if

Re: httpd(8) - Internal Server error (500) on invalid request

2021-10-23 Thread Matthias Pressfreund

On 2021-10-21 16:38, Sebastian Benoit wrote:
> 
> This diff makes httpd return "505 HTTP Version Not Supported"
> for < 0.9 and > 1.9 http versions. Anything from 1.1 to 1.9 is
> interpreted as 1.1. This is what nginx does too.


I don't understand why an invalid HTTP version sent by the client
should result in a server error while the problem actually is on
the other side, isn't it? Wouldn't a "400 Bad Request" response
instead of a "505 HTTP Version Not Supported" be more appropriate?

Second, the latest version correctly detects "HTTP/4.0" (for
example) as an unsupported version while "HTTP/123" wrongly is
accepted as "HTTP/1.1".

The suggestion below changes both of the above.

Index: usr.sbin/httpd/server_http.c
===
RCS file: /cvs/src/usr.sbin/httpd/server_http.c,v
retrieving revision 1.145
diff -u -p -r1.145 server_http.c
--- usr.sbin/httpd/server_http.c22 Oct 2021 08:51:50 -  1.145
+++ usr.sbin/httpd/server_http.c23 Oct 2021 14:39:50 -
@@ -206,8 +206,12 @@ http_version_num(char *version)
return (9);
if (strcmp(version, "HTTP/1.0") == 0)
return (10);
+   /* version strings other than 8 chars long are invalid */
+   if (strlen(version) != 8)
+   return (0);
/* any other version 1.x gets downgraded to 1.1 */
-   if (strncmp(version, "HTTP/1", 6) == 0)
+   if (strncmp(version, "HTTP/1.", 7) == 0 &&
+   version[7] >= '1' && version[7] <= '9')
return (11);
 
return (0);
@@ -350,13 +354,13 @@ server_read_http(struct bufferevent *bev
 * be changed independently by the filters later.
 * Allow HTTP version 0.9 to 1.1.
 * Downgrade http version > 1.1 <= 1.9 to version 1.1.
-* Return HTTP Version Not Supported for anything else.
+* Anything else is a client error (malformed version).
 */
 
version = http_version_num(http_version);
 
if (version == 0) {
-   server_abort_http(clt, 505, "bad http version");
+   server_abort_http(clt, 400, "malformed");
goto abort;
} else if (version == 11) {
if ((desc->http_version =



> 
> ok?
> 
> diff --git usr.sbin/httpd/server_http.c usr.sbin/httpd/server_http.c
> index 6a74f3e45c5..52aaf3711c2 100644
> --- usr.sbin/httpd/server_http.c
> +++ usr.sbin/httpd/server_http.c
> @@ -51,6 +51,7 @@ int  server_http_authenticate(struct server_config 
> *,
>   struct client *);
>  char *server_expand_http(struct client *, const char *,
>   char *, size_t);
> +int   http_version_num(char *);
>  
>  static struct http_method http_methods[] = HTTP_METHODS;
>  static struct http_error  http_errors[] = HTTP_ERRORS;
> @@ -198,6 +199,19 @@ done:
>   return (ret);
>  }
>  
> +int http_version_num(char *version)
> +{
> + if (strcmp(version, "HTTP/0.9") == 0)
> + return (9);
> + if (strcmp(version, "HTTP/1.0") == 0)
> + return (10);
> + /* any other version 1.x gets downgraded to 1.1 */
> + if (strncmp(version, "HTTP/1", 6) == 0)
> + return (11);
> +
> + return (0);
> +}
> +
>  void
>  server_read_http(struct bufferevent *bev, void *arg)
>  {
> @@ -207,6 +221,7 @@ server_read_http(struct bufferevent *bev, void *arg)
>   char*line = NULL, *key, *value;
>   const char  *errstr;
>   size_t   size, linelen;
> + int  version;
>   struct kv   *hdr = NULL;
>  
>   getmonotime(>clt_tv_last);
> @@ -329,12 +344,29 @@ server_read_http(struct bufferevent *bev, void *arg)
>   *desc->http_query++ = '\0';
>  
>   /*
> -  * Have to allocate the strings because they could
> +  * We have to allocate the strings because they could
>* be changed independently by the filters later.
> +  * Allow HTTP version 0.9 to 1.1.
> +  * Downgrade http version > 1.1 <= 1.9 to version 1.1.
> +  * Return HTTP Version Not Supported for anything else.
>*/
> - if ((desc->http_version =
> - strdup(desc->http_version)) == NULL)
> - goto fail;
> +
> + version = http_version_num(desc->http_version);
> + if (version == 11) {
> + if ((desc->http_version =
> + strdup("HTTP/1.1")) == NULL)
> +

Re: USB athn0 issue in AP mode (AR9280+AR7010) no DHCP leases to modern portable devices

2021-10-23 Thread Stefan Sperling

On Fri, Oct 22, 2021 at 06:53:17PM +, Martin wrote:
> Hi there!
> 
> I have an issue with athn USB stick with modern wifi devices like Android 
> phones etc.
> 
> I've set up athn0 as previous athn miniPCI-e cards (/etc/hostname.athn0, 
> /etc/dhcpd.conf, /etc/pf.conf). No IP address given by OpenBSD7.0amd64 host's 
> DHCP for certain device once client has been connected to AP based on athn 
> USB stick.
> 
> Tested only with portable devices, not PCs currently.
> 
> Looking forward to resolve this!
> 
> Martin
> 
> 
> 

No idea, sorry.

Re: Sony UWA-BR100 patch to recognize AR9280+AR7010 Atheros based USB card

2021-10-23 Thread Stefan Sperling

On Fri, Oct 22, 2021 at 07:02:20PM +, Martin wrote:
> Hi Stefan,
> 
> Dev. patches to implement into source tree to recognize automatically Sony 
> UWA-BR100 devices based on AR9280+AR7010.

This patch is changing the wrong files.
It should change the files 'usbdevs' and if_athn_usb.c only.

usbdevs.h is a generated file, it should not be patched.
It can be re-generated by running 'make' in the sys/dev/usb directory.

> 
> --- if_athn_usb.c.origTue Jun  8 15:29:31 2021
> +++ if_athn_usb.c Tue Jun  8 15:34:11 2021
> @@ -91,6 +91,8 @@
>  ATHN_USB_FLAG_AR7010 },
>   {{ USB_VENDOR_PANASONIC, USB_PRODUCT_PANASONIC_N5HBZ055 },
>  ATHN_USB_FLAG_AR7010 },
> + {{ USB_VENDOR_MELCO, USB_PRODUCT_MELCO_UWABR100 },
> +ATHN_USB_FLAG_AR7010 },
>   {{ USB_VENDOR_VIA, USB_PRODUCT_VIA_AR9271 }}
>  };
>  #define athn_usb_lookup(v, p)\
> 
> --- usbdevs.h.origTue Jun  1 09:40:48 2021
> +++ usbdevs.h Tue Jun  8 15:30:51 2021
> @@ -3077,6 +3077,7 @@
>  #define  USB_PRODUCT_MELCO_WLIUCGNHP 0x0158  /* WLI-UC-GNHP 
> */
>  #define  USB_PRODUCT_MELCO_WLIUCGN   0x015d  /* WLI-UC-GN */
>  #define  USB_PRODUCT_MELCO_WLIUCG301N0x016f  /* WLI-UC-G301N 
> */
> +#define  USB_PRODUCT_MELCO_UWABR100  0x017f  /* SONY 
> UWA-BR100 */
>  #define  USB_PRODUCT_MELCO_WLIUCGNM  0x01a2  /* WLI-UC-GNM */
>  #define  USB_PRODUCT_MELCO_WLIUCGNM2 0x01ee  /* WLI-UC-GNM2 
> */
> 
> 
> Thanks for your attention.
> 
> Martin
> 
>

anoncvs2.ca.openbsd.org ssh key fingerprint != OpenBSD website

Re: USB devices power control

Re: httpd(8) - Internal Server error (500) on invalid request

Re: httpd(8) - Internal Server error (500) on invalid request

Re: USB athn0 issue in AP mode (AR9280+AR7010) no DHCP leases to modern portable devices

Re: Sony UWA-BR100 patch to recognize AR9280+AR7010 Atheros based USB card

6 matches

Site Navigation

Mail list logo

Footer information