OS

Crypt

Crypt

crypt, setkey, encrypt, des_setkey, des_cipher, — DES encryption

SYNOPSIS

#include

char
*crypt(const char *key, const char *setting);

void
setkey(char *key);

void
encrypt(char *block, int flag);

int
des_setkey(const char *key);

int
des_cipher(const char *in, char *out, long salt, int count);

DESCRIPTION

The crypt() function performs password encryption, based on the NBS Data
Encryption Standard (DES). Additional code has been added to deter key
search attempts. The first argument to crypt() is a null-terminated
string, typically a user’s typed password. The second is in one of two
forms: if it begins with an underscore (« _ ») then an extended format is
used in interpreting both the key and the setting, as outlined below.

Extended crypt:

The key is divided into groups of 8 characters (the last group is null-
padded) and the low-order 7 bits of each each character (56 bits per
group) are used to form the DES key as follows: the first group of 56
bits becomes the initial DES key. For each additional group, the XOR of
the encryption of the current DES key with itself and the group bits
becomes the next DES key.

The setting is a 9-character array consisting of an underscore followed
by 4 bytes of iteration count and 4 bytes of salt. These are encoded as
printable characters, 6 bits per character, least significant character
first. The values 0 to 63 are encoded as « ./0-9A-Za-z ». This allows
24 bits for both count and salt.

Traditional crypt:

The first 8 bytes of the key are null-padded, and the low-order 7 bits of
each character is used to form the 56-bit DES key.

The setting is a 2-character array of the ASCII-encoded salt. Thus only
12 bits of salt are used. count is set to 25.

Algorithm:

The salt introduces disorder in the DES algorithm in one of 16777216 or
4096 possible ways (ie. with 24 or 12 bits: if bit i of the salt is set,
then bits i and i+24 are swapped in the DES E-box output).

The DES key is used to encrypt a 64-bit constant using count iterations
of DES. The value returned is a null-terminated string, 20 or 13 bytes
(plus null) in length, consisting of the setting followed by the encoded
64-bit encryption.

The functions, encrypt(), setkey(), des_setkey() and des_cipher() provide
access to the DES algorithm itself. setkey() is passed a 64-byte array
of binary values (numeric 0 or 1). A 56-bit key is extracted from this
array by dividing the array into groups of 8, and ignoring the last bit
in each group. That bit is reserved for a byte parity check by DES, but
is ignored by these functions.

The block argument to encrypt() is also a 64-byte array of binary values.
If the value of flag is 0, block is encrypted otherwise it is decrypted.
The result is returned in the original array block after using the key
specified by setkey() to process it.

The argument to des_setkey() is a character array of length 8. The least
significant bit (the parity bit) in each character is ignored, and the
remaining bits are concatenated to form a 56-bit key. The function
des_cipher() encrypts (or decrypts if count is negative) the 64-bits
stored in the 8 characters at in using abs(3) of count iterations of DES
and stores the 64-bit result in the 8 characters at out (which may be the
same as in ). The salt specifies perturbations to the DES E-box output
as described above.

The function crypt() returns a pointer to the encrypted value on success,
and NULL on failure. The functions setkey(), encrypt(), des_setkey(),
and des_cipher() return 0 on success and 1 on failure.

The crypt(), setkey() and des_setkey() functions all manipulate the same
key space.

EOF

Share this post from Rbcafe :
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on LinkedInEmail this to someoneShare on RedditBuffer this page

Configd

Configd

configd — System Configuration Daemon

SYNOPSIS

configd [-bdv] [-B bundleID] [-V bundleID] [-t bundle-path]

DESCRIPTION

The configd daemon is responsible for many configuration aspects of the
local system. configd maintains data reflecting the desired and current
state of the system, provides notifications to applications when this
data changes, and hosts a number of configuration agents in the form of
loadable bundles.

Each configuration agent is responsible for a well-defined aspect of con-
figuration management. The agents look to one or more input sources
(preferences, low-level kernel events, configd notifications, etc) and,
through a set of policy modules, interacts with the system to establish
the desired operational configuration.

Access to the data maintained by configd is via the SystemConfigura-
tion.framework SCDynamicStore APIs.

OPTIONS

The command line options are as follows:

-b Don’t actually load any bundles.
-B bundleID Prevents the loading of the bundle with the specified bundleID.
-d Run configd in the foreground without forking. This is useful for debugging.
-v Puts configd into verbose mode. Displays debugging information about bundles as they are being loaded.
-V bundleID Turns verbose mode on for the bundle with the specified bundleID.
-t bundle-path Loads only the bundle specified by bundle-path.

BUNDLES

At the present time, the majority of the configuration agents (or bun-
dles) hosted by configd are used to establish and maintain the network
configuration. These agents include:

ATconfig

This bundle is responsible for establishing and maintaining the AppleTalk
network configuration on the system.

KernelEventMonitor

This bundle is responsible for monitoring kernel events and conveying
changes to the network state (e.g. link status) to other configuration
agents and interested applications.

InterfaceNamer

This bundle provides a name to each of the system’s network interfaces.
The bundle queries the IOKit Registry for a list of network devices
attached to the system and gives them BSD style names such as « en0 ».

IPConfiguration

This agent is responsible for establishing and maintaining IPv4 addresses
on the system. These addresses may be manually specified in the network
preferences or acquired using DHCP (or BOOTP).

IP6Configuration

This agent is responsible for establishing and maintaining IPv6 addresses
on the system.

IPMonitor

This agent is responsible for establishing and maintaining the primary
network service, the default route, the active DNS configuration, and the
active network proxies on the system.

LinkConfiguration

This agent is responsible for establishing and maintaining the media
type, media options, and MTU for ethernet interfaces.

PreferencesMonitor

This agent is responsible for conveying the network configuration prefer-
ences specified by the administrator to the various configuration agents
(AppleTalk, IPv4, IPv6, …).

PPPController

This agent is responsible for establishing and maintaining PPP connec-
tions on the system.

FILES

/System/Library/SystemConfiguration/Directory of configd bundles
/Library/Preferences/SystemConfiguration/Default directory for system configuration persistent store files.
…/preferences.plist System configuration
…/NetworkInterfaces.plist Network interface –> BSD interface mappings
…/VirtualNetworkInterfaces.plist Virtual network interface (VLAN) configuration

ERRORS

Log messages generated by configd and any configuration agents will are
sent to the system log daemon by syslog(3). The syslog facility used is
LOG_DAEMON. If the -d option is specified, log messages with written to
stdout (or stderr if the priority is greater than LOG_NOTICE).

SIGNALS

configd was designed to run without any intervention but if you insist on
sending a signal to the daemon then the following are available:

SIGHUP This signal, typically used to tell a daemon to reload it’s con-
figuration, is ignored (there is no configuration).

SIGTERM This signal initiates a « graceful » shutdown of the daemon.

SEE ALSO

scutil(8), scselect(8)

HISTORY

The configd daemon appeared in Mac OS X Public Beta.

NOTES

Unless started with the -d option, configd will register with
mach_init(8) such that the daemon will be restarted in the event of a
crash. This registration will be removed during « graceful » shutdowns of
the daemon.

This daemon and its current behavior may change without notice. Do not
rely on its existence or its behavior. Consider it an unsupported com-
mand.

EOF

Share this post from Rbcafe :
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on LinkedInEmail this to someoneShare on RedditBuffer this page

Cksum

Cksum

cksum – checksum and count the bytes in a file

SYNOPSIS

cksum [–help] [–version] [file…]

DESCRIPTION

This manual page documents the GNU version of cksum.
cksum computes a cyclic redundancy check (CRC) for each
named file, or the standard input if none are given or
when a file named `-‘ is given. It prints the CRC for
each file along with the number of bytes in the file, and
the file name unless no arguments were given.

cksum is typically used to make sure that files have been
transferred by unreliable means (such as netnews) have not
been corrupted, by comparing the cksum output for the
received files with the cksum output for the original
files. The CRC algorithm is specified by the POSIX.2
standard. It is not compatible with the BSD or System V
sum programs; it is more robust.

–help Print a usage message and exit with a status code
indicating success.

–version
Print version information on standard output then
exit.

EOF

Share this post from Rbcafe :
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on LinkedInEmail this to someoneShare on RedditBuffer this page

Charset

Charset

charset – Set an ACM for use in one of the G0/G1 charset
slots.

SYNOPSIS

charset [-v] G0|G1 [cp437|iso01|vt100|user|]

DESCRIPTION

The linux console has 2 slots for charsets, labeled G0 and
G1. charset changes the slot in use by the current VT to
either G0 or G1, and fills the slot either with one of the
3 predefined ACMs (cp437, iso01, vt100) or with a user-
defined ACM.

You can ask for the current user-defined ACM by specifying
user, or ask a new ACM to be loaded from a file into the
user slot, by specifying a filename.

You will note that, although each VT has its own slot set-
tings, there is only one user-defined ACM for all the VTs.
That is, whereas you can have tty1 using G0=cp437 and
G1=vt100, at the same time as tty2 using G0=iso01 and
G1=iso02 (user-defined), you cannot have at the same time
tty1 using iso02 and tty2 using iso03. This is a limita-
tion of the linux kernel.

Note that you can emulate such a setting using the fil-
term(1) utility, with your console in UTF8-mode, by
telling filterm to translate screen output on-the-fly to
UTF8.

You’ll find filterm(1) in the konwert(1) package, by
Marcin Kowalczyk, which is available from
.

OPTIONS

-v be verbose. charset will then print what it does
as it does it.

BUGS

charset cannot determine which of the 2 slots is in use at
a given time, so you have to tell him which one you want,
even if you don’t want to change to the other one. This
is a limitation of the console driver.

SEE ALSO

consolechars(8), unicode_start(1), filterm(1).

EOF

Share this post from Rbcafe :
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on LinkedInEmail this to someoneShare on RedditBuffer this page

Blowfish

Blowfish

blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt,
BF_cbc_encrypt, BF_cfb64_encrypt, BF_ofb64_encrypt, BF_options – Blow-
fish encryption

SYNOPSIS

#include (openssl/blowfish.h)

void BF_set_key(BF_KEY *key, int len, const unsigned char *data);

void BF_ecb_encrypt(const unsigned char *in, unsigned char *out,
BF_KEY *key, int enc);
void BF_cbc_encrypt(const unsigned char *in, unsigned char *out,
long length, BF_KEY *schedule, unsigned char *ivec, int enc);
void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
long length, BF_KEY *schedule, unsigned char *ivec, int *num,
int enc);
void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
long length, BF_KEY *schedule, unsigned char *ivec, int *num);
const char *BF_options(void);

void BF_encrypt(BF_LONG *data,const BF_KEY *key);
void BF_decrypt(BF_LONG *data,const BF_KEY *key);

DESCRIPTION

This library implements the Blowfish cipher, which was invented and
described by Counterpane.

Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of
data. It uses a variable size key, but typically, 128 bit (16 byte)
keys are a considered good for strong encryption. Blowfish can be used
in the same modes as DES (see des_modes(7)). Blowfish is currently one
of the faster block ciphers. It is quite a bit faster than DES, and
much faster than IDEA or RC2.

Blowfish consists of a key setup phase and the actual encryption or
decryption phase.

BF_set_key() sets up the BF_KEY key using the len bytes long key at
data.

BF_ecb_encrypt() is the basic Blowfish encryption and decryption func-
tion. It encrypts or decrypts the first 64 bits of in using the key
key, putting the result in out. enc decides if encryption (BF_ENCRYPT)
or decryption (BF_DECRYPT) shall be performed. The vector pointed at
by in and out must be 64 bits in length, no less. If they are larger,
everything after the first 64 bits is ignored.

The mode functions BF_cbc_encrypt(), BF_cfb64_encrypt() and
BF_ofb64_encrypt() all operate on variable length data. They all take
an initialization vector ivec which needs to be passed along into the
next call of the same function for the same message. ivec may be ini-
tialized with anything, but the recipient needs to know what it was
initialized with, or it won’t be able to decrypt. Some programs and
protocols simplify this, like SSH, where ivec is simply initialized to
zero. BF_cbc_encrypt() operates on data that is a multiple of 8 bytes
long, while BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to
encrypt an variable number of bytes (the amount does not have to be an
exact multiple of 8 ). The purpose of the latter two is to simulate
stream ciphers, and therefore, they need the parameter num, which is a
pointer to an integer where the current offset in ivec is stored
between calls. This integer must be initialized to zero when ivec is
initialized.

BF_cbc_encrypt() is the Cipher Block Chaining function for Blowfish.
It encrypts or decrypts the 64 bits chunks of in using the key sched-
ule, putting the result in out. enc decides if encryption (BF_ENCRYPT)
or decryption (BF_DECRYPT) shall be performed. ivec must point at an 8
byte long initialization vector.

BF_cfb64_encrypt() is the CFB mode for Blowfish with 64 bit feedback.
It encrypts or decrypts the bytes in in using the key schedule, putting
the result in out. enc decides if encryption (BF_ENCRYPT) or decryp-
tion (BF_DECRYPT) shall be performed. ivec must point at an 8 byte
long initialization vector. num must point at an integer which must be
initially zero.

BF_ofb64_encrypt() is the OFB mode for Blowfish with 64 bit feedback.
It uses the same parameters as BF_cfb64_encrypt(), which must be ini-
tialized the same way.

BF_encrypt() and BF_decrypt() are the lowest level functions for Blow-
fish encryption. They encrypt/decrypt the first 64 bits of the vector
pointed by data, using the key key. These functions should not be used
unless you implement ‘modes’ of Blowfish. The alternative is to use
BF_ecb_encrypt(). If you still want to use these functions, you should
be aware that they take each 32-bit chunk in host-byte order, which is
little-endian on little-endian platforms and big-endian on big-endian
ones.

RETURN VALUES

None of the functions presented here return any value.

NOTE

Applications should use the higher level functions EVP_EncryptInit(3)
etc. instead of calling the blowfish functions directly.

EOF

Share this post from Rbcafe :
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on LinkedInEmail this to someoneShare on RedditBuffer this page

Base64

Base64

base64 – Encoding « base64 »

SYNOPSIS

package require Tcl 8.2
package require Trf 2.1p2
base64 options… data

DESCRIPTION

The command base64 is one of several data encodings provided by the
package trf. See trf-intro for an overview of the whole package.

This encoding transforms every block of three bytes into a block of
four bytes, each of which is printable, i.e. 7bit ASCII. This implies
that the result is valid UTF-8 too. The command uses essentially the
same algorithm as for uuencode, except for a different mapping from
6-bit fragments to printable bytes.

base64 options… data

-mode encode|decode

This option has to be present and is always understood by
the encoding.

For immediate mode the argument value specifies the oper-
ation to use. For an attached encoding it specifies the
operation to use for writing. Reading will automatically
use the reverse operation. See section IMMEDIATE versus
ATTACHED for explanations of these two terms.

Beyond the argument values listed above all unique abbre-
viations are recognized too.

Encode converts from arbitrary (most likely binary) data
into the described representation, decode does the
reverse .

-attach channel

The presence/absence of this option determines the main
operation mode of the transformation.

If present the transformation will be stacked onto the
channel whose handle was given to the option and run in
attached mode. More about this in section IMMEDIATE ver-
sus ATTACHED.

If the option is absent the transformation is used in
immediate mode and the options listed below are recog-
nized. More about this in section IMMEDIATE versus
ATTACHED.

-in channel

This options is legal if and only if the transformation
is used in immediate mode. It provides the handle of the
channel the data to transform has to be read from.

If the transformation is in immediate mode and this
option is absent the data to transform is expected as the
last argument to the transformation.

-out channel

This options is legal if and only if the transformation
is used in immediate mode. It provides the handle of the
channel the generated transformation result is written
to.

If the transformation is in immediate mode and this
option is absent the generated data is returned as the
result of the command itself.

NOTES

[1] The encoding is equivalent to PGP’s ASCII armor and was also
accepted as one of the MIME encodings for encapsulation of
binary data. See RFC 2045
tor.org/rfc/rfc2045.txt) for details and the specification of
this encoding.

[2] The encoding buffers 2 bytes.

IMMEDIATE versus ATTACHED

The transformation distinguishes between two main ways of using it.
These are the immediate and attached operation modes.

For the attached mode the option -attach is used to associate the
transformation with an existing channel. During the execution of the
command no transformation is performed, instead the channel is changed
in such a way, that from then on all data written to or read from it
passes through the transformation and is modified by it according to
the definition above. This attachment can be revoked by executing the
command unstack for the chosen channel. This is the only way to do this
at the Tcl level.

In the second mode, which can be detected by the absence of option
-attach, the transformation immediately takes data from either its com-
mandline or a channel, transforms it, and returns the result either as
result of the command, or writes it into a channel. The mode is named
after the immediate nature of its execution.

Where the data is taken from, and delivered to, is governed by the
presence and absence of the options -in and -out. It should be noted
that this ability to immediately read from and/or write to a channel is
an historic artifact which was introduced at the beginning of Trf’s
life when Tcl version 7.6 was current as this and earlier versions have
trouble to deal with \0 characters embedded into either input or out-
put.

EOF

Share this post from Rbcafe :
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on LinkedInEmail this to someoneShare on RedditBuffer this page

Automount

Automount

automount — automatic server mount / unmount daemon

SYNOPSIS

automount [-V] [-d] [-D type] [-1] [-tm secs] [-tl secs] [-s] [-tcp]
[-m directory map -mnt directory] …

DESCRIPTION

automount is a daemon that automatically mounts network filesystems when
they are first accessed and later unmounts them when they are idle.

automount creates a virtual filesystem mounted at one or more places in
the client’s file and directory hierarchy. Potential server mount points
within this virtual filesystem appear as symbolic links. Reading a sym-
bolic link causes automount to mount the associated remote filesystem in
a separate hierarchy and to return the path to the real mount point as
the target of the symlink.

To make the « trigger » symbolic links used by automount distinguishable
from normal symbolic links, the sticky bit is set in the mode flags for
the link. Programs which would normally traverse symbolic links can test
for this bit and avoid triggering the mount. Various parts of the sys-
tem, including ls(1), have been modified in this way.

Each virtual filesystem created by automount is governed by a correspond-
ing map. One or more maps and the location in the hierarchy where they
are to appear may be specified on the command line with -m and -mnt:

-m directory map

is followed by a specification of the private mount directory where the
actual mounts are to be established:

-mnt actual_root

Each map’s hierarchy is rooted at the directory specified.

FILE MAPS

A map may be file or a special map. A file map is a file containing a
list of entries of the form:

location mount_options server:path

mount_options must be a comma-separated list of options drawn from the
options known to mount(8) and mount_nfs(8). automount will automatically
make available at the map’s mount point the directory specified by
server:path (as a symlink). When the symlink is traversed, it will mount
the server in the directory specified with -mnt and return the real mount
point as the result of the symlink resolution.

SPECIAL MAPS

In addition to reading files specifying mount maps, automount supports
the « -fstab », « -static », and « -nsl » maps. The « -fstab » and
« -static » maps are derived from fstab(5) data (as provided by
getfsent(3)).

All mounts in fstab(5) without the « net » option will be made to appear
at the fstab(5)-specified location in the form of a symlink into the
directory where the « -static » map is actually mounted (itself a direc-
tory of symlinks). For example, the entry:

server:/Network/Applications /Network/Applications nfs nosuid 0 0

and automount invocation

automount -m /automount/static -static -mnt /private/var/automount

result in a non-trigger symlink /Network/Applications pointing to /auto-
mount/static/Network/Applications which, when traversed, causes
server:/Network/Applications to be mounted on /private/var/automount/Net-
work/Applications (which would then be returned from reading the link).

All mounts with the « net » option will be mounted within the « -fstab »
map’s filesystem using a path of the form:

server/path

For such mounts, the path specified in the fstab(5) entry will be
ignored. For example, if the fstab(5) database contained an entry for

polaris:/Library/Fonts

and automount was started as follows:

automount -m /Useful -fstab -mnt /private/Useful

then a symlink would appear in /Useful, /Useful/polaris/Library/Fonts,
and link to /private/Useful/polaris/Library/Fonts where the filesystem is
actually mounted when the symlink is traversed.

The « -nsl » map generates its filesystem hierarchy from information gen-
erated by NSL. NSL « neighborhoods » are presented as directories, popu-
lated by server entries.

Accessing servers in the NSL hierarchy may prompt the user for authenti-
cation.

OPTIONS

-V Print version and host information, then quit

-m directory map
Associate the specified map with the given directory. The direc-
tory will be created if it doesn’t exist. map may be the name of
a file, or it may be the name of a special map. See the FILE
MAPS and SPECIAL MAPS sections above.

-d Run automount in debug mode. The program remains in the fore-
ground and sends debugging information to standard output.

-D type
Log debug messages for type. type may be « mount », « proc »,
« mount », « select », « options », « nsl », or « all ». Multiple -D
options may be specified.

-1 (The numeric digit « one ».) Modifies the « -fstab » and
« -static » maps to do mounts « one at a time », when an actual
mount point is traversed rather than mounting all mounts from a
given server when the first of its mounts is referenced and
mounted.

-tm secs
Set the timeout for NFS mounts to secs seconds. The default
value is 20 seconds. The « mnttimeo=n » mount option overrides
this default.

-tl secs
Set the time-to-live for NFS mounts to secs seconds. The default
value is 3600 seconds. The « ttl=n » mount option overrides this
default.

automount periodically checks all its mounted filesystems. If it
finds any filesystems that have been idle for their associated
time-to-live value, it will attempt to unmount them. An unmount
will only be successful if there are no processes with open files
in that filesystem. Unless -1 is specified, if one or more
mounts from a given server are found to be active, any mounts
from that server that were successfully unmounted will be immea-
diately remounted.

Supplying a ttl value of 0 will disable this behavior and allow
servers to remain mounted forever.

-s Force all mounts at startup and never expire any mounts.

-tcp Mount servers using TCP if possible, otherwise using UDP (the
default is to try UDP first, then TCP). Per mount_nfs(8), « -T »,
« TCP », or « tcp » mount options have the same effect as specifying
-tcp; « -U », « UDP », or « udp » mount options force the default
behavior of trying UDP first even if -tcp is specified.

EOF

Share this post from Rbcafe :
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on LinkedInEmail this to someoneShare on RedditBuffer this page
Page 6 sur 71234567
Rbcafe © 2004- | Rb Cafe 1.3 | Contacter Rbcafe | Rbcafe sur Twitter | Rbcafe sur Facebook | Politique de confidentialité