OS

Hmac

HMAC

HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup – HMAC message
authentication code

SYNOPSIS

#include (openssl/hmac.h)

unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
int key_len, const unsigned char *d, int n,
unsigned char *md, unsigned int *md_len);

void HMAC_CTX_init(HMAC_CTX *ctx);

void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
const EVP_MD *md);
void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
const EVP_MD *md);
void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);

void HMAC_CTX_cleanup(HMAC_CTX *ctx);
void HMAC_cleanup(HMAC_CTX *ctx);

DESCRIPTION

HMAC is a MAC (message authentication code), i.e. a keyed hash function
used for message authentication, which is based on a hash function.

HMAC() computes the message authentication code of the n bytes at d
using the hash function evp_md and the key key which is key_len bytes
long.

It places the result in md (which must have space for the output of the
hash function, which is no more than EVP_MAX_MD_SIZE bytes). If md is
NULL, the digest is placed in a static array. The size of the output
is placed in md_len, unless it is NULL.

evp_md can be EVP_sha1(), EVP_ripemd160() etc. key and evp_md may be
NULL if a key and hash function have been set in a previous call to
HMAC_Init() for that HMAC_CTX.

HMAC_CTX_init() initialises a HMAC_CTX before first use. It must be
called.

HMAC_CTX_cleanup() erases the key and other data from the HMAC_CTX and
releases any associated resources. It must be called when an HMAC_CTX
is no longer required.

HMAC_cleanup() is an alias for HMAC_CTX_cleanup() included for back
compatibility with 0.9.6b, it is deprecated.

The following functions may be used if the message is not completely
stored in memory:

HMAC_Init() initializes a HMAC_CTX structure to use the hash function
evp_md and the key key which is key_len bytes long. It is deprecated
and only included for backward compatibility with OpenSSL 0.9.6b.

HMAC_Init_ex() initializes or reuses a HMAC_CTX structure to use the
function evp_md and key key. Either can be NULL, in which case the
existing one will be reused. HMAC_CTX_init() must have been called
before the first use of an HMAC_CTX in this function. N.B. HHMMAACC_IInniitt(())
had this undocumented behaviour in previous versions of OpenSSL – fail-
ure to switch to HHMMAACC_IInniitt_eexx(()) in programs that expect it will cause
them to stop working.

HMAC_Update() can be called repeatedly with chunks of the message to be
authenticated (len bytes at data).

HMAC_Final() places the message authentication code in md, which must
have space for the hash function output.

RETURN VALUES

HMAC() returns a pointer to the message authentication code.
HMAC_CTX_init(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
HMAC_CTX_cleanup() do not return values.

EOF

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

FDISK

fdisk – Partition table manipulator for Linux

SYNOPSIS

fdisk [-u] [device]
fdisk -l [-u] [device …]
fdisk -s partition …
fdisk -v

DESCRIPTION

Hard disks can be divided into one or more logical disks
called partitions. This division is described in the par-
tition table found in sector 0 of the disk.

In the BSD world one talks about `disk slices’ and a
`disklabel’.

Linux needs at least one partition, namely for its root
file system. It can use swap files and/or swap parti-
tions, but the latter are more efficient. So, usually one
will want a second Linux partition dedicated as swap par-
tition. On Intel compatible hardware, the BIOS that boots
the system can often only access the first 1024 cylinders
of the disk. For this reason people with large disks
often create a third partition, just a few MB large, typi-
cally mounted on /boot, to store the kernel image and a
few auxiliary files needed at boot time, so as to make
sure that this stuff is accessible to the BIOS. There may
be reasons of security, ease of administration and backup,
or testing, to use more than the minimum number of parti-
tions.

fdisk (in the first form of invocation) is a menu driven
program for creation and manipulation of partition tables.
It understands DOS type partition tables and BSD or SUN
type disklabels.

The device is usually one of the following:

/dev/hda
/dev/hdb
/dev/sda
/dev/sdb

(/dev/hd[a-h] for IDE disks, /dev/sd[a-p] for SCSI disks,
/dev/ed[a-d] for ESDI disks, /dev/xd[ab] for XT disks). A
device name refers to the entire disk.

The partition is a device name followed by a partition
number. For example, /dev/hda1 is the first partition on
the first IDE hard disk in the system. IDE disks can have
up to 63 partitions, SCSI disks up to 15. See also
/usr/src/linux/Documentation/devices.txt.

A BSD/SUN type disklabel can describe 8 partitions, the
third of which should be a `whole disk’ partition. Do not
start a partition that actually uses its first sector
(like a swap partition) at cylinder 0, since that will
destroy the disklabel.

An IRIX/SGI type disklabel can describe 16 partitions, the
eleventh of which should be an entire `volume’ partition,
while the ninth should be labeled `volume header’. The
volume header will also cover the partition table, i.e.,
it starts at block zero and extends by default over five
cylinders. The remaining space in the volume header may
be used by header directory entries. No partitions may
overlap with the volume header. Also do not change its
type and make some file system on it, since you will lose
the partition table. Use this type of label only when
working with Linux on IRIX/SGI machines or IRIX/SGI disks
under Linux.

A DOS type partition table can describe an unlimited num-
ber of partitions. In sector 0 there is room for the
description of 4 partitions (called `primary’). One of
these may be an extended partition; this is a box holding
logical partitions, with descriptors found in a linked
list of sectors, each preceding the corresponding logical
partitions. The four primary partitions, present or not,
get numbers 1-4. Logical partitions start numbering from
5.

In a DOS type partition table the starting offset and the
size of each partition is stored in two ways: as an abso-
lute number of sectors (given in 32 bits) and as a Cylin-
ders/Heads/Sectors triple (given in 10+8+6 bits). The for-
mer is OK – with 512-byte sectors this will work up to 2
TB. The latter has two different problems. First of all,
these C/H/S fields can be filled only when the number of
heads and the number of sectors per track are known. Sec-
ondly, even if we know what these numbers should be, the
24 bits that are available do not suffice. DOS uses C/H/S
only, Windows uses both, Linux never uses C/H/S.

If possible, fdisk will obtain the disk geometry automati-
cally. This is not necessarily the physical disk geometry
(indeed, modern disks do not really have anything like a
physical geometry, certainly not something that can be
described in simplistic Cylinders/Heads/Sectors form), but
is the disk geometry that MS-DOS uses for the partition
table.

Usually all goes well by default, and there are no prob-
lems if Linux is the only system on the disk. However, if
the disk has to be shared with other operating systems, it
is often a good idea to let an fdisk from another operat-
ing system make at least one partition. When Linux boots
it looks at the partition table, and tries to deduce what
(fake) geometry is required for good cooperation with
other systems.

Whenever a partition table is printed out, a consistency
check is performed on the partition table entries. This
check verifies that the physical and logical start and end
points are identical, and that the partition starts and
ends on a cylinder boundary (except for the first parti-
tion).

Some versions of MS-DOS create a first partition which
does not begin on a cylinder boundary, but on sector 2 of
the first cylinder. Partitions beginning in cylinder 1
cannot begin on a cylinder boundary, but this is unlikely
to cause difficulty unless you have OS/2 on your machine.

A sync() and a BLKRRPART ioctl() (reread partition table
from disk) are performed before exiting when the partition
table has been updated. Long ago it used to be necessary
to reboot after the use of fdisk. I do not think this is
the case anymore – indeed, rebooting too quickly might
cause loss of not-yet-written data. Note that both the
kernel and the disk hardware may buffer data.

DOS 6.x WARNING

The DOS 6.x FORMAT command looks for some information in
the first sector of the data area of the partition, and
treats this information as more reliable than the informa-
tion in the partition table. DOS FORMAT expects DOS FDISK
to clear the first 512 bytes of the data area of a parti-
tion whenever a size change occurs. DOS FORMAT will look
at this extra information even if the /U flag is given —
we consider this a bug in DOS FORMAT and DOS FDISK.

The bottom line is that if you use cfdisk or fdisk to
change the size of a DOS partition table entry, then you
must also use dd to zero the first 512 bytes of that par-
tition before using DOS FORMAT to format the partition.
For example, if you were using cfdisk to make a DOS parti-
tion table entry for /dev/hda1, then (after exiting fdisk
or cfdisk and rebooting Linux so that the partition table
information is valid) you would use the command « dd
if=/dev/zero of=/dev/hda1 bs=512 count=1 » to zero the
first 512 bytes of the partition.

BE EXTREMELY CAREFUL if you use the dd command, since a
small typo can make all of the data on your disk useless.

For best results, you should always use an OS-specific
partition table program. For example, you should make DOS
partitions with the DOS FDISK program and Linux partitions
with the Linux fdisk or Linux cfdisk program.

OPTIONS

-v Print version number of fdisk program and exit.

-l List the partition tables for /dev/hd[a-d],
/dev/sd[a-h], /dev/ed[a-d], and then exit.

-u When listing partition tables, give sizes in sec-
tors instead of cylinders.

-s partition
The size of the partition (in blocks) is printed on
the standard output. This value is normally used
as an argument to the mkfs(8) program to specify
the size of the partition which will be formatted.
(Older versions of fdisk would do this only if the
partition id is greater than 10, in an attempt to
refuse DOS partitions; this test has been deleted.)
Note that sfdisk -s gives different (namely, cor-
rect) answers. Reasons for the difference are that
the kernel and fdisk need not have the same idea
about partition numbering (e.g., in case you have
BSD slices), and have different ideas about the
size of an extended partition.

BUGS

There are several *fdisk programs around. Each has its
problems and strengths. Try them in the order cfdisk,
fdisk, sfdisk.

The IRIX/SGI type disklabel is currently not supported by
the kernel. Moreover, IRIX/SGI header directories are not
fully supported yet.

The option `dump partition table to file’ is missing.

EOF

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

EVP digest

EVP

EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUp-
date, EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy,
EVP_MAX_MD_SIZE, EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type,
EVP_MD_pkey_type, EVP_MD_size, EVP_MD_block_size, EVP_MD_CTX_md,
EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, EVP_md_null,
EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2,
EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid,
EVP_get_digestbyobj – EVP digest routines

SYNOPSIS

#include (openssl/evp.h)

void EVP_MD_CTX_init(EVP_MD_CTX *ctx);
EVP_MD_CTX *EVP_MD_CTX_create(void);

int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl);
int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt);
int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md,
unsigned int *s);

int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx);
void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx);

int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in);

int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type);
int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md,
unsigned int *s);

int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in);

#define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */

#define EVP_MD_type(e) ((e)->type)
#define EVP_MD_pkey_type(e) ((e)->pkey_type)
#define EVP_MD_size(e) ((e)->md_size)
#define EVP_MD_block_size(e) ((e)->block_size)

#define EVP_MD_CTX_md(e) (e)->digest)
#define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest)
#define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest)
#define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest)

const EVP_MD *EVP_md_null(void);
const EVP_MD *EVP_md2(void);
const EVP_MD *EVP_md5(void);
const EVP_MD *EVP_sha(void);
const EVP_MD *EVP_sha1(void);
const EVP_MD *EVP_dss(void);
const EVP_MD *EVP_dss1(void);
const EVP_MD *EVP_mdc2(void);
const EVP_MD *EVP_ripemd160(void);

const EVP_MD *EVP_get_digestbyname(const char *name);
#define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a))
#define EVP_get_digestbyobj(a) EVP_get_digestbynid(OBJ_obj2nid(a))

DESCRIPTION

The EVP digest routines are a high level interface to message digests.

EVP_MD_CTX_init() initializes digest contet ctx.

EVP_MD_CTX_create() allocates, initializes and returns a digest contet.

EVP_DigestInit_ex() sets up digest context ctx to use a digest type
from ENGINE impl. ctx must be initialized before calling this function.
type will typically be supplied by a functionsuch as EVP_sha1(). If
impl is NULL then the default implementation of digest type is used.

EVP_DigestUpdate() hashes cnt bytes of data at d into the digest con-
text ctx. This function can be called several times on the same ctx to
hash additional data.

EVP_DigestFinal_ex() retrieves the digest value from ctx and places it
in md. If the s parameter is not NULL then the number of bytes of data
written (i.e. the length of the digest) will be written to the integer
at s, at most EVP_MAX_MD_SIZE bytes will be written. After calling
EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate() can be
made, but EVP_DigestInit_ex() can be called to initialize a new digest
operation.

EVP_MD_CTX_cleanup() cleans up digest context ctx, it should be called
after a digest context is no longer needed.

EVP_MD_CTX_destroy() cleans up digest context ctx and frees up the
space allocated to it, it should be called only on a context created
using EVP_MD_CTX_create().

EVP_MD_CTX_copy_ex() can be used to copy the message digest state from
in to out. This is useful if large amounts of data are to be hashed
which only differ in the last few bytes. out must be initialized before
calling this function.

EVP_DigestInit() behaves in the same way as EVP_DigestInit_ex() except
the passed context ctx does not have to be initialized, and it always
uses the default digest implementation.

EVP_DigestFinal() is similar to EVP_DigestFinal_ex() except the digest
contet ctx is automatically cleaned up.

EVP_MD_CTX_copy() is similar to EVP_MD_CTX_copy_ex() except the desti-
nation out does not have to be initialized.

EVP_MD_size() and EVP_MD_CTX_size() return the size of the message
digest when passed an EVP_MD or an EVP_MD_CTX structure, i.e. the size
of the hash.

EVP_MD_block_size() and EVP_MD_CTX_block_size() return the block size
of the message digest when passed an EVP_MD or an EVP_MD_CTX structure.

EVP_MD_type() and EVP_MD_CTX_type() return the NID of the OBJECT IDEN-
TIFIER representing the given message digest when passed an EVP_MD
structure. For example EVP_MD_type(EVP_sha1()) returns NID_sha1. This
function is normally used when setting ASN1 OIDs.

EVP_MD_CTX_md() returns the EVP_MD structure corresponding to the
passed EVP_MD_CTX.

EVP_MD_pkey_type() returns the NID of the public key signing algorithm
associated with this digest. For example EVP_sha1() is associated with
RSA so this will return NID_sha1WithRSAEncryption. This « link » between
digests and signature algorithms may not be retained in future versions
of OpenSSL.

EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_mdc2() and
EVP_ripemd160() return EVP_MD structures for the MD2, MD5, SHA, SHA1,
MDC2 and RIPEMD160 digest algorithms respectively. The associated sig-
nature algorithm is RSA in each case.

EVP_dss() and EVP_dss1() return EVP_MD structures for SHA and SHA1
digest algorithms but using DSS (DSA) for the signature algorithm.

EVP_md_null() is a « null » message digest that does nothing: i.e. the
hash it returns is of zero length.

EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
return an EVP_MD structure when passed a digest name, a digest NID or
an ASN1_OBJECT structure respectively. The digest table must be ini-
tialized using, for example, OpenSSL_add_all_digests() for these func-
tions to work.

RETURN VALUES

EVP_DigestInit_ex(), EVP_DigestUpdate() and EVP_DigestFinal_ex() return
1 for success and 0 for failure.

EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure.

EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of
the corresponding OBJECT IDENTIFIER or NID_undef if none exists.

EVP_MD_size(), EVP_MD_block_size(), EVP_MD_CTX_size(e), EVP_MD_size(),
EVP_MD_CTX_block_size() and EVP_MD_block_size() return the digest or
block size in bytes.

EVP_md_null(), EVP_md2(), EVP_md5(), EVP_sha(), EVP_sha1(), EVP_dss(),
EVP_dss1(), EVP_mdc2() and EVP_ripemd160() return pointers to the cor-
responding EVP_MD structures.

EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj()
return either an EVP_MD structure or NULL if an error occurs.

NOTES

The EVP interface to message digests should almost always be used in
preference to the low level interfaces. This is because the code then
becomes transparent to the digest used and much more flexible.

SHA1 is the digest of choice for new applications. The other digest
algorithms are still in common use.

For most applications the impl parameter to EVP_DigestInit_ex() will be
set to NULL to use the default digest implementation.

The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy()
are obsolete but are retained to maintain compatibility with existing
code. New applications should use EVP_DigestInit_ex(), EVP_DigestFi-
nal_ex() and EVP_MD_CTX_copy_ex() because they can efficiently reuse a
digest context instead of initializing and cleaning it up on each call
and allow non default implementations of digests to be specified.

In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after
use memory leaks will occur.

EXAMPLE

This example digests the data « Test Message\n » and « Hello World\n »,
using the digest name passed on the command line.

#include (stdio .h)
#include (openssl/evp.h)

main(int argc, char *argv[])
{
EVP_MD_CTX mdctx;
const EVP_MD *md;
char mess1[] = « Test Message\n »;
char mess2[] = « Hello World\n »;
unsigned char md_value[EVP_MAX_MD_SIZE];
int md_len, i;

OpenSSL_add_all_digests();

if(!argv[1]) {
printf(« Usage: mdtest digestname\n »);
exit(1);
}

md = EVP_get_digestbyname(argv[1]);

if(!md) {
printf(« Unknown message digest %s\n », argv[1]);
exit(1);
}

EVP_MD_CTX_init(&mdctx);
EVP_DigestInit_ex(&mdctx, md, NULL);
EVP_DigestUpdate(&mdctx, mess1, strlen(mess1));
EVP_DigestUpdate(&mdctx, mess2, strlen(mess2));
EVP_DigestFinal_ex(&mdctx, md_value, &md_len);
EVP_MD_CTX_cleanup(&mdctx);

printf(« Digest is: « );
for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); printf("\n"); }BUGSThe link between digests and signing algorithms results in a situation where EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS even though they are identical digests.EOF

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

Evp

Evp

evp – high-level cryptographic functions

SYNOPSIS

#include (openssl/evp.h)

DESCRIPTION

The EVP library provides a high-level interface to cryptographic func-
tions.

EVP_Seal… and EVP_Open… provide public key encryption and decryp-
tion to implement digital « envelopes ».

The EVP_Sign… and EVP_Verify… functions implement digital signa-
tures.

Symmetric encryption is available with the EVP_Encrypt… functions.
The EVP_Digest… functions provide message digests.

Algorithms are loaded with OpenSSL_add_all_algorithms(3).

All the symmetric algorithms (ciphers) and digests can be replaced by
ENGINE modules providing alternative implementations. If ENGINE imple-
mentations of ciphers or digests are registered as defaults, then the
various EVP functions will automatically use those implementations
automatically in preference to built in software implementations. For
more information, consult the engine(3) man page.

EOF

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

Dynamic_pager

Dynamic_pager

dynamic_pager — dynamic pager external storage manager

SYNOPSIS

dynamic_pager [-E] [-F filename] [-S filesize] [-H high-water-trigger]
[-L low-water-trigger] [-P priority]

DESCRIPTION

The dynamic_pager daemon manages a pool of external swap files which the
kernel uses to support demand paging. This pool is expanded with new
swap files as load on the system increases, and contracted when the swap-
ping resources are no longer needed. The dynamic_pager daemon also pro-
vides a notification service for those applications which wish to receive
notices when the external paging pool expands or contracts.

OPTIONS

-E Encrypt the data in the swap files.

-F The base name of the filename to use for the external paging
files. By default this is /private/var/vm/swapfile.

-S The fixed filesize [in bytes] to use for the paging files. By
default dynamic_pager uses variable sized paging files, using
larger sized files as paging demands increase. The -S, -H and -L
options disable that default and cause dynamic_pager to use a
series of fixed sized external paging files.

-H If there are less than high-water-trigger bytes free in the
external paging files, the kernel will signal dynamic_pager to
add a new external paging file.

-L If there are more than low-water-trigger bytes free in the exter-
nal paging files, the kernel will coalese in-use pages and signal
dynamic_pager to discard an external paging file.
Low-water-trigger must be greater than high-water-trigger +
filesize.

-P This option is currently unimplemented.

FILES

/private/var/vm/swapfile* Default external paging files.

EOF

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

Diskarbitrationd

Diskarbitrationd

diskarbitrationd — disk arbitration daemon

SYNOPSIS

diskarbitrationd [-d]

DESCRIPTION

diskarbitrationd listens for connections from clients, notifies clients
of the appearance of disks and filesystems, and governs the mounting of
filesystems and the claiming of disks amongst clients.

diskarbitrationd is accessed via the Disk Arbitration framework.

Options:

-d Report detailed information in /var/log/diskarbitrationd.log.
This option forces diskarbitrationd to run in the foreground.

The file /etc/fstab is consulted for user-defined mount points, indexed
by filesystem, in the mount point determination for a filesystem. Each
filesystem can be identified by its UUID or by its label, using the con-
structs « UUID » or « LABEL », respectively. For example:

UUID=DF000C7E-AE0C-3B15-B730-DFD2EF15CB91 /export ufs ro
UUID=FAB060E9-79F7-33FF-BE85-E1D3ABD3EDEA none hfs rw,noauto
LABEL=The\040Volume\040Name\040Is\040This none msdos ro

FILES

/etc/fstab
/etc/mach_init.d/diskarbitrationd.plist
/var/log/diskarbitrationd.log
/var/run/diskarbitrationd.pid

EOF

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

Cupsd

Cupsd

cupsd.conf – server configuration file for cups

DESCRIPTION

The cupsd.conf file configures the CUPS scheduler, cupsd(8). It is
normally located in the /etc/cups directory.

Each line in the file can be a configuration directive, a blank line,
or a comment. Comment lines start with the # character. The configura-
tion directives are intentionally similar to those used by the popular
Apache web server software and are described below.

DIRECTIVES

The following directives are understood by cupsd. Consult the CUPS
Software Administrators Manual for a detailed description:

AccessLog
Defines the access log filename.

Allow
Allows access from the named hosts or addresses.

AuthClass
Specifies the authentication class (User, Group, System)

AuthGroupName
Specifies the authentication group.

AuthType
Specifies the authentication type (None, Basic, Digest)

AutoPurgeJobs
Specifies whether to purge job history data automatically when it
is no longer required for quotas.

BrowseAddress
Specifies a broadcast address for outgoing printer information
packets.

BrowseAllow
Allows incoming printer information packets from the named host or
address.

BrowseDeny
Denies incoming printer information packets from the named host or
address.

BrowseInterval
Specifies the maximum interval between printer information broad-
casts.

BrowseOrder
Specifies the order of printer information access control
(allow,deny or deny,allow)

BrowsePoll
Specifies a server to poll for printer information.

BrowsePort
Specifies the port to listen to for printer information packets.

BrowseProtocols
Specifies the protocols to use for printer registration and dis-
covery. Using BrowseProtocols sets the BrowseLocalProtocols and
BrowseRemoteProtocols directives to the specified value.

BrowseLocalProtocols
Specifies the protocols to use for the sending or registration of
local printers.

BrowseRemoteProtocols
Specifies the protocols to use for printer discovery of remote
printers.

BrowseRelay
Specifies that printer information packets should be relayed from
one host or network to another.

BrowseShortNames
Specifies whether remote printers will use short names (« printer »)
or not (« printer@server »). This option is ignored if more than one
remote printer exists with the same name.

BrowseTimeout
Specifies the maximum interval between printer information updates
before remote printers will be removed from the list of available
printers.

Browsing
Specifies whether or not remote printer browsing should be
enabled.

Classification
Specifies the security classification of the server.

ClassifyOverride
Specifies whether to allow users to override the classification of
individual print jobs.

ConfigFilePerm
Specifies the permissions for all configuration files that the
scheduler writes.

DataDir
Specified the directory where data files can be found.

DefaultCharset
Specifies the default character set to use for text.

DefaultLanguage
Specifies the default language to use for text and web content.

Deny
Denies access to the named host or address.

DocumentRoot
Specifies the root directory for the internal web server docu-
ments.

Encryption
Specifies the level of encryption that is required for a particu-
lar location.

ErrorLog
Specifies the error log filename.

FaxRetryInterval
Specifies the interval between retries of fax jobs in seconds.

FaxRetryLimit
Specifies the number of retries that are done for fax jobs.

FileDevice
Specifies whether the file pseudo-device can be used for new
printer queues.

FilterLimit
Specifies the maximum cost of filters that are run concurrently.

FilterNice
Specifies the scheduling priority (« nice » value) of filters that
are run to print a job.

FontPath
Specifies the search path for fonts.

Group
Specifies the group name or ID that will be used when executing
external programs.

HideImplicitMembers
Specifies whether to hide members of implicit classes.

HostNameLookups
Specifies whether or not to do reverse lookups on client
addresses.

ImplicitAnyClasses
Specifies whether or not to create implicit classes for local and
remote printers, e.g. « AnyPrinter » from « Printer »,
« Printer@server1 », and « Printer@server2 ».

ImplicitClasses
Specifies whether or not to create implicit classes from identical
remote printers.

Include
Includes the named file.

KeepAlive
Specifies whether or not to support HTTP Keep-Alive.

KeepAliveTimeout
Specifies the connection timeout for HTTP Keep-Alive.


Specifies the HTTP methods that are being limited inside a loca-
tion.

LimitRequestBody
Specifies the maximum size of any print job request.

Listen
Listens to the specified address and port.


Specifies access control for the named location.

LogFilePerm
Specifies the permissions for all log files that the scheduler
writes.

LogLevel
Specifies the logging level (none, warn, error, info, debug, or
debug2)

MaxClients
Specifies the maximum number of simultaneous clients to support.

MaxClientsPerHost
Specifies the maximum number of simultaneous clients to support
from a single address.

MaxCopies
Specifies the maximum number of copies that a user can print of
each job.

MaxJobs
Specifies the maximum number of simultaneous jobs to support.

MaxJobsPerPrinter
Specifies the maximum number of simultaneous jobs per printer to
support.

MaxJobsPerUser
Specifies the maximum number of simultaneous jobs per user to sup-
port.

MaxLogSize
Specifies the maximum size of the log files before they are
rotated (0 to disable rotation)

MaxRequestSize
Specifies the maximum request/file size in bytes (0 for no limit)

Order
Specifies the order of HTTP access control (allow,deny or
deny,allow)

PageLog
Specifies the page log filename.

Port
Specifies a port number to listen to for HTTP requests.

PreserveJobFiles
Specifies whether or not to preserve job files after they are
printed.

PreserveJobHistory
Specifies whether or not to preserve the job history after they
are printed.

Printcap
Specifies the filename for a printcap file that is updated auto-
matically with a list of available printers (needed for legacy
applications)

PrintcapFormat
Specifies the format of the printcap file.

PrintcapGUI
Specifies whether to generate option panel definition files on
some operating systems.

RemoteRoot
Specifies the username that is associated with unauthenticated
root accesses.

RequestRoot
Specifies the directory to store print jobs and other HTTP request
data.

Require
Specifies that user or group authentication is required.

RIPCache
Specifies the maximum amount of memory to use when converting
images and PostScript files to bitmaps for a printer.

RunAsUser
Specifies that the scheduler should run as the unpriviledged user
set with the User directive.

Satisfy
Specifies whether all or any limits set for a Location must be
satisfied to allow access.

ServerAdmin
Specifies the email address of the server administrator.

ServerBin
Specifies the directory where backends, CGIs, daemons, and filters
may be found.

ServerCertificate
Specifies the encryption certificate to use.

ServerKey
Specifies the encryption key to use.

ServerName
Specifies the fully-qualified hostname of the server.

ServerRoot
Specifies the directory where the server configuration files can
be found.

SSLListen
Listens on the specified address and port for encrypted connec-
tions.

SSLPort
Listens on the specified port for encrypted connections.

SystemGroup
Specifies the group to use for System class authentication.

TempDir
Specifies the directory where temporary files are stored.

Timeout
Specifies the HTTP request timeout in seconds.

User
Specifies the user name or ID that is used when running external
programs.

EOF

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

Crypt

Crypt

crypt, setkey, encrypt, des_setkey, des_cipher, — DES encryption

SYNOPSIS

#include

char
*crypt(const char *key, const char *setting);

void
setkey(char *key);

void
encrypt(char *block, int flag);

int
des_setkey(const char *key);

int
des_cipher(const char *in, char *out, long salt, int count);

DESCRIPTION

The crypt() function performs password encryption, based on the NBS Data
Encryption Standard (DES). Additional code has been added to deter key
search attempts. The first argument to crypt() is a null-terminated
string, typically a user’s typed password. The second is in one of two
forms: if it begins with an underscore (« _ ») then an extended format is
used in interpreting both the key and the setting, as outlined below.

Extended crypt:

The key is divided into groups of 8 characters (the last group is null-
padded) and the low-order 7 bits of each each character (56 bits per
group) are used to form the DES key as follows: the first group of 56
bits becomes the initial DES key. For each additional group, the XOR of
the encryption of the current DES key with itself and the group bits
becomes the next DES key.

The setting is a 9-character array consisting of an underscore followed
by 4 bytes of iteration count and 4 bytes of salt. These are encoded as
printable characters, 6 bits per character, least significant character
first. The values 0 to 63 are encoded as « ./0-9A-Za-z ». This allows
24 bits for both count and salt.

Traditional crypt:

The first 8 bytes of the key are null-padded, and the low-order 7 bits of
each character is used to form the 56-bit DES key.

The setting is a 2-character array of the ASCII-encoded salt. Thus only
12 bits of salt are used. count is set to 25.

Algorithm:

The salt introduces disorder in the DES algorithm in one of 16777216 or
4096 possible ways (ie. with 24 or 12 bits: if bit i of the salt is set,
then bits i and i+24 are swapped in the DES E-box output).

The DES key is used to encrypt a 64-bit constant using count iterations
of DES. The value returned is a null-terminated string, 20 or 13 bytes
(plus null) in length, consisting of the setting followed by the encoded
64-bit encryption.

The functions, encrypt(), setkey(), des_setkey() and des_cipher() provide
access to the DES algorithm itself. setkey() is passed a 64-byte array
of binary values (numeric 0 or 1). A 56-bit key is extracted from this
array by dividing the array into groups of 8, and ignoring the last bit
in each group. That bit is reserved for a byte parity check by DES, but
is ignored by these functions.

The block argument to encrypt() is also a 64-byte array of binary values.
If the value of flag is 0, block is encrypted otherwise it is decrypted.
The result is returned in the original array block after using the key
specified by setkey() to process it.

The argument to des_setkey() is a character array of length 8. The least
significant bit (the parity bit) in each character is ignored, and the
remaining bits are concatenated to form a 56-bit key. The function
des_cipher() encrypts (or decrypts if count is negative) the 64-bits
stored in the 8 characters at in using abs(3) of count iterations of DES
and stores the 64-bit result in the 8 characters at out (which may be the
same as in ). The salt specifies perturbations to the DES E-box output
as described above.

The function crypt() returns a pointer to the encrypted value on success,
and NULL on failure. The functions setkey(), encrypt(), des_setkey(),
and des_cipher() return 0 on success and 1 on failure.

The crypt(), setkey() and des_setkey() functions all manipulate the same
key space.

EOF

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter

Configd

Configd

configd — System Configuration Daemon

SYNOPSIS

configd [-bdv] [-B bundleID] [-V bundleID] [-t bundle-path]

DESCRIPTION

The configd daemon is responsible for many configuration aspects of the
local system. configd maintains data reflecting the desired and current
state of the system, provides notifications to applications when this
data changes, and hosts a number of configuration agents in the form of
loadable bundles.

Each configuration agent is responsible for a well-defined aspect of con-
figuration management. The agents look to one or more input sources
(preferences, low-level kernel events, configd notifications, etc) and,
through a set of policy modules, interacts with the system to establish
the desired operational configuration.

Access to the data maintained by configd is via the SystemConfigura-
tion.framework SCDynamicStore APIs.

OPTIONS

The command line options are as follows:

-b Don’t actually load any bundles.
-B bundleID Prevents the loading of the bundle with the specified bundleID.
-d Run configd in the foreground without forking. This is useful for debugging.
-v Puts configd into verbose mode. Displays debugging information about bundles as they are being loaded.
-V bundleID Turns verbose mode on for the bundle with the specified bundleID.
-t bundle-path Loads only the bundle specified by bundle-path.

BUNDLES

At the present time, the majority of the configuration agents (or bun-
dles) hosted by configd are used to establish and maintain the network
configuration. These agents include:

ATconfig

This bundle is responsible for establishing and maintaining the AppleTalk
network configuration on the system.

KernelEventMonitor

This bundle is responsible for monitoring kernel events and conveying
changes to the network state (e.g. link status) to other configuration
agents and interested applications.

InterfaceNamer

This bundle provides a name to each of the system’s network interfaces.
The bundle queries the IOKit Registry for a list of network devices
attached to the system and gives them BSD style names such as « en0 ».

IPConfiguration

This agent is responsible for establishing and maintaining IPv4 addresses
on the system. These addresses may be manually specified in the network
preferences or acquired using DHCP (or BOOTP).

IP6Configuration

This agent is responsible for establishing and maintaining IPv6 addresses
on the system.

IPMonitor

This agent is responsible for establishing and maintaining the primary
network service, the default route, the active DNS configuration, and the
active network proxies on the system.

LinkConfiguration

This agent is responsible for establishing and maintaining the media
type, media options, and MTU for ethernet interfaces.

PreferencesMonitor

This agent is responsible for conveying the network configuration prefer-
ences specified by the administrator to the various configuration agents
(AppleTalk, IPv4, IPv6, …).

PPPController

This agent is responsible for establishing and maintaining PPP connec-
tions on the system.

FILES

/System/Library/SystemConfiguration/Directory of configd bundles
/Library/Preferences/SystemConfiguration/Default directory for system configuration persistent store files.
…/preferences.plist System configuration
…/NetworkInterfaces.plist Network interface –> BSD interface mappings
…/VirtualNetworkInterfaces.plist Virtual network interface (VLAN) configuration

ERRORS

Log messages generated by configd and any configuration agents will are
sent to the system log daemon by syslog(3). The syslog facility used is
LOG_DAEMON. If the -d option is specified, log messages with written to
stdout (or stderr if the priority is greater than LOG_NOTICE).

SIGNALS

configd was designed to run without any intervention but if you insist on
sending a signal to the daemon then the following are available:

SIGHUP This signal, typically used to tell a daemon to reload it’s con-
figuration, is ignored (there is no configuration).

SIGTERM This signal initiates a « graceful » shutdown of the daemon.

SEE ALSO

scutil(8), scselect(8)

HISTORY

The configd daemon appeared in Mac OS X Public Beta.

NOTES

Unless started with the -d option, configd will register with
mach_init(8) such that the daemon will be restarted in the event of a
crash. This registration will be removed during « graceful » shutdowns of
the daemon.

This daemon and its current behavior may change without notice. Do not
rely on its existence or its behavior. Consider it an unsupported com-
mand.

EOF

Share this post from Rbcafe :
Share on FacebookShare on Google+Share on LinkedInTweet about this on Twitter
Page 5 sur 6123456
Rbcafe © 2004- | Rb Cafe 1.3 | Contacter Rbcafe | Rbcafe sur Twitter | Rbcafe sur Facebook | Politique de confidentialité