Our ctype.h mistakenly ommitted isblank. Add it in.
While we're here, the make the 'isfoo()' functions
are broken: they're offsetting into the array, and
don't work with negative character values.
Sync the function bodies with the macros, and make
them produce correct results.
The putc macro is specified as returning an int, but our
type conversion rules turned it into a uint. Put in the
appropriate cast to make the type what we want.
The current date and time APIs on Plan 9 are not good. They're
inflexible, non-threadsafe, and don't expose timezone information.
This commit adds new time APIs that allow parsing arbitrary
dates, work from multiple threads, and can handle timezones
effectively.
When calling putc, we need to return either EOF
or the character returned. To distinguish the
two, we need to avoid sign extending 0xff. The
code attempted to do this, but the order of
operations was wrong, so we ended up masking,
setting a character, and then sign extending
the character.
This fixes things so we mask after assignment.
this breaks the sample from the seconds manpage, and overall
produces funky results. this needs alot more testing.
term% seconds '23 may 2011'
seconds: tmparse: invalid date 23 may 2011 near 'may 2011'
term% seconds '2019-01-01 00:00:00'
-118370073600
Redo date handling in libc almost entirely. This allows
handling dates and times from outside your timezones,
fixes timezone loading in multithreaded applications,
and allows parsing and formatting using custom format
strings.
As a test of the APIs, we replace the formatting code in
seconds(1), shrinking it massively.
The last commit missed a few removals, and made it
unnecessarily hard to do an update.
Redo date handling in libc almost entirely. This allows
handling dates and times from outside your timezones,
fixes timezone loading in multithreaded applications,
and allows parsing and formatting using custom format
strings.
As a test of the APIs, we replace the formatting code in
seconds(1), shrinking it massively.
We're missing type flags for:
hh: char
ll: vlong
z: size_t
t: ptrdiff_t
j: intmax_t
The lack of '%lld' was causing us to fail when parsing
timezone files. This brings us in line with the specifiers
in the C99 standard, section 7.19.6.2p11
C99 requires that if intXX_t types are defined, int_fastxx_t and
int_leastxx_t types are defined as well. We define all three to
be identical (intXX_t == int_fastXX_t == int_leastXX_t).
while technically a 32 bit ptrdiff_t is in spec on
systems with 64 bit ponters as long as we guarantee
that individual objects are small enough, this can
confuse legitimate code, so lets fix this.
with the latest changes to shr(3), we can use ORCLOSE on
the control file to get the mount in the share automatically
removed when the server exits or something goes wrong during
postsharesrv().
do not expose postfd() and sharefd() functions. they where
undocumented and leak the control file descriptors.
it is unclear how Srv.nopipe flag should work inside
postmountserv(). if a server wants to serve on stdio
descriptors, he can just call srv() after initializing
Srv.infd and Srv.outfd.
The Srv.leavefdsopen hack can be removed now that acme
win has been fixed.
kvik writes:
I needed to convert the RSA private key that was laying around in
secstore into a format understood by UNIX® tools like SSH.
With asn12rsa(8) we can go from the ASN.1/DER to Plan 9 format, but not
back - so I wrote the libsec function asn1encodeRSApriv(2) and used it in
rsa2asn1(8) by adding the -a flag which causes the full private key to be
encoded and output.
between being commited to a machno and having acquired the lock, the
scheduler could come in an schedule us on a different processor. the
solution is to have dtmachlock() take a special -1 argument to mean
"current mach" and return the actual mach number after the lock has
been acquired and interrupts being disabled.
we want to accept V4 subnets in CIDR notation consistently which
means we need to interpret the mask in context of the IP address.
so parseipmask() now has an additional v4 flag argument which
offsets the prefixlength by 96 so a /24 will be interpreted
as a /120.
parseipandmask() is the new function which handles this automatically
depending on the ip address type.
v4parsecidr() is now obsolete.
due to linux omiting the final Z(4) in the NTLMv2 reply, and
the need for the windom for LMv2 authentication, here is a new
AuthNTLM ticket request now with length and dom fields.
we now update /net/ndb with the following information gathered
from router advertisements (rfc6106 and plan9 specific options):
- recursive dns servers (option 25, ndb: dns=)
- dns search list (option 31, ndb: dnsdomain=)
- plan9 fileserver (option 250, ndb: fs=)
- plan9 authserver (option 251, ndb: auth=)
note the plan9 specific options can be disabled with the -G flag.
for ndbconfig (-N flag), we now collect all ip addresses in ndb
belonging to the devices mac address and configue them all. v6
addresses are getting added when a link local address exists
or the -6 flag has been specified to automatically configure one.
move the dhcp code in its own dhcp.c file and make symbols static
that are not used across modules.
in a statement such as:
if(expr)
assert(a);
else
assert(b);
the previous definition of assert would fail to compile, as the else
would be dangling. with a ternary expression, this construct works
fine.
this adds new rpc for mschapv2 authentication (21)
deliver the MPPE secret not after the ticket/authenticator
response as cheartext, but include it in the first 128 bit
of the ticket key. and the authenticator in the first 160 bit
of the authenticator random field.
the string encoding functions touch secret key material
in a bunch of places (devtls, devcap), so make sure we do
not leak information by cache timing side channels, making
the encoding and decoding routines constant time.
we also expose the alphabets through encXchr()/decXchr()
functions so caller can find the end of a encoded string
before calling decode function (for libmp).
the base32 encoding was broken in several ways. inputs
lengths of len%5 == [2,3,4] had output truncated and
it was using non-standard alphabet. documenting the alphabet
change in the manpage.
Instead of only using a hash over the whole certificate for
white/black-listing, now we can also use a hash over the
Subject Public Key Info (SPKI) field of the certificate which
contians the public key algorithm and the public key itself.
This allows certificates to be renewed independendtly of the
public key.
X509dump() now prints the public key thumbprint in addition
to the certificate thumbprint.
tlsclient will print the certificate when run with -D flag.
okCertificate() will print the public key thumbprint in its
error string when no match has been found.
Add assembler versions for aes_encrypt/aes_decrypt and the key
setup using AES-NI instruction set. This makes aes_encrypt and
aes_decrypt into function pointers which get initialized by
the first call to setupAESstate().
Note that the expanded round key words are *NOT* stored in big
endian order as with the portable implementation. For that reason
the AESstate.ekey and AESstate.dkey fields have been changed to
void* forcing an error when someone is accessing the roundkey
words. One offender was aesXCBmac, which doesnt appear to be
used and the code looks horrible so it has been deleted.
The AES-NI implementation is for amd64 only as it requires the
kernel to save/restore the FPU state across syscalls and
pagefaults.
the previous implementation was not portable at all, assuming
little endian in gf_mulx() and that one can cast unaligned
pointers to ulong in xor128(). also the error code is likely
to be ignored, so better abort() when the length is not a
multiple of the AES block size.
we also pass in full AESstate structures now instead of
the expanded key longs, so that we do not need to hardcode
the number of rounds. this allows each indiviaul keys to
be bigger than 128 bit.
the QLp structure used to occupy 24 bytes on amd64.
with some rearranging the fields we can get it to 16 bytes,
saving 8K in the data section for the 1024 preallocated
structs in the ql arena.
the rest of the changes are of cosmetic nature:
- getqlp() zeros the next pointer, so there is no need to set
it when queueing the entry.
- always explicitely compare pointers to nil.
- delete unused code from ape's qlock.c
initThumbprints() now takes an application tag argument
so x509 and ssh can coexist.
the thumbprint entries can now hold both sha1 and sha256
hashes. okThumbprint() now takes a len argument for the
hash length used.
the new function okCertificate() hashes the certificate
with both and checks for any matches.
on failure, okCertificate() returns 0 and sets error string.
we also check for include loops now in thumbfiles, limiting
the number of includes to 8.
drawterm, factotum, secstore and the auth commands
all had ther own implementation of readcons. we
want to have one common function for this to avoid
the duplication, so putting that in libauthsrv.
introduce PASSWDLEN which makes the use more explicit
than ANAMELEN.
