pamiętnik programisty

There are many articles describing how to setup GMail as a relayhost in Postfix mail server. Most of them involve creating local CA certificate and generation of client certificate. There is absolutely no need to! Just think, how GMail would be able to validate your own certificate created by your own CA available only on your local drive? What would be a purpose?

To make Postfix work with GMail you just need to add these lines to main.cf:

relayhost = [smtp.gmail.com]:587

# TLS
smtp_use_tls = yes
smtp_tls_CAfile=/etc/pki/tls/cert.pem # CentOS path
smtp_tls_loglevel=2
smtp_sasl_tls_security_options = noanonymous
tls_random_source = dev:/dev/urandom


And put just one line in sasl_passwd

[smtp.gmail.com]:587 username@gmail.com:password


After issuing following commands a connection between GMail and Postfix should work fine. You can test it using mail or sendmail program:

$ postmap hash:/etc/postfix/sasl_passwd
$ /etc/init.d/postfix restart
$ mail test@example.com
Subject: Test main
Test message
.
Cc:


You should have something like this in your /var/log/maillog file:

Dec 29 00:49:48 localhost postfix/smtp[5942]: setting up TLS connection to smtp.gmail.com
Dec 29 00:49:48 localhost postfix/smtp[5942]: certificate verification depth=2 subject=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
Dec 29 00:49:48 localhost postfix/smtp[5942]: verify return: 1
Dec 29 00:49:48 localhost postfix/smtp[5942]: certificate verification depth=1 subject=/C=US/O=Google Inc/CN=Google Internet Authority
Dec 29 00:49:48 localhost postfix/smtp[5942]: verify return: 1
Dec 29 00:49:48 localhost postfix/smtp[5942]: certificate verification depth=0 subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp.gmail.com
Dec 29 00:49:48 localhost postfix/smtp[5942]: verify return: 1
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 read server certificate A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:error in SSLv3 read server key exchange A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:error in SSLv3 read server key exchange A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 read server done A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 write client key exchange A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 write change cipher spec A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 write finished A
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 flush data
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:error in SSLv3 read finished A
Dec 29 00:49:48 localhost last message repeated 3 times
Dec 29 00:49:48 localhost postfix/smtp[5942]: SSL_connect:SSLv3 read finished A
Dec 29 00:49:48 localhost postfix/smtp[5942]: Verified: subject_CN=smtp.gmail.com, issuer=Google Internet Authority
Dec 29 00:49:48 localhost postfix/smtp[5942]: TLS connection established to smtp.gmail.com: TLSv1 with cipher RC4-SHA (128/128 bits)
Dec 29 00:49:50 localhost postfix/smtp[5942]: 955CE3D48A06: to= , relay=smtp.gmail.com[74.125.79.108]:587, delay=2.2, delays=0.12/0.03/0.9/1.2, dsn=2.0.0, status=sent (250 2.0.0 OK 1325116190 t59sm126911139eeh.10)
Dec 29 00:49:50 localhost postfix/qmgr[5923]: 955CE3D48A06: removed


GIT

Today I used git cherry-pick command for the first time, and I am really impressed. In my current project I’ve few branches, just for fixing/delopment. There are also a few common files like documentation, TODO – simple text files. Sometimes I came up with a genius idea and I want to put it in TODO file just not to forget. The problem is that I can’t guarantee that I will be working on 'master' branch at that time. Using cherry-pick I was able to update ‘master’ branch just with this one commit from other branch.
One might say that instead of using cherry-pickI could first switch to ‘master’ and made a change. But this have to be done immediatly, while cherry-picking can be deferred in time:

$ git checkout master
$ git cherry-pick -x aac5f43

where „aac5f43″ is a part of commit SHA1 that should be picked. Commits information can be retrived using git log command.

AwesomeWM is so called „tiling window manager”. It aranges windows using certain policy. Usually windows are organized in a such way that none of them overlapped another one. Most of the commands can be invoked directly from keybord, there is no need to use a mouse at all. Screen is organized into tags, on each tag there can be diffrent set of windows, and this tag can have a small graphicall icon. It took me some time to figure out how to use a graphical image instead of font with embedded icons, but it is possible with just a single line of script per tag added to section where tags are created:

-- {{{ Tags
-- Define a tag table which hold all screen tags.
tags = {}
for s = 1, screen.count() do
    -- Each screen has its own tag table.
    tags[s] = awful.tag({ "WEB", "MAIL/IM", "TERM", "DEV", "NOTES", "WORK", 7, 8, 9 }, s, layouts[1])

    awful.tag.seticon("/home/pejotr/awesomeicons/INTERNET_16x16-32_b.png", tags[s][1])
    awful.tag.seticon("/home/pejotr/awesomeicons/CHAT_16x16-32_b.png", tags[s][2])
    awful.tag.seticon("/home/pejotr/awesomeicons/SHELL_16x16_b.png", tags[s][3])
    awful.tag.seticon("/home/pejotr/awesomeicons/BUG_16x16_b.png", tags[s][4])
    awful.tag.seticon("/home/pejotr/awesomeicons/ADDRESSBOOK_16x16-32_b.png", tags[s][5])
    awful.tag.seticon("/home/pejotr/awesomeicons/TOOLS_16x16-32_b.png", tags[s][6])
end
-- }}}

And the result is:

Funkcja scanf z biblioteki standardowej C umożliwia odczyt i parsowanie danych z stdin zgodnie z określonym formatem. Większość modyfikatorów jest opisana na stronie cppreference, która nomen omen pojawia się jako pierwsza po wpisaniu „scanf” w wyszukiwarce. Jak się jednak okazuje nie są to wszystkie dostępne modyfikatory. Brakuje jednego istotnego, który umożliwia np. czytanie standardowego wejścia póki składa się z prawidłowych/dozwolonych znaków – tym modyfikatorem jest „[ ]„. W nawiasach należy umieścić wszystkie znaki które sanf może odczytać. W przypadku napotkania znaku niewystępującego w zbiorze, scanf zaprzestaje dalszego działania.
Możliwe jest również zdefiniowanie zakresu poprzez wykluczenie niektórych znaków, do tego celu należy użyć „^”. Dzięki temu przy wykorzystaniu scanf można odczytać całe zdanie ignorując białe znaki za wyjątkiem znaku końca linii:

char str[512];
scanf(" [^\n]", &str);

Recently I got more interested in Android platform. I was wondering what are methods to obtain „root” rights. After few minutes of googling I found two possible solutions.
First method make use of udev bug. Basically this service does not check source of message, so it is possible to run code on behalf of root user. Second method is a bit more sophisticated in my opinion. It purpose is to block adb from dropping root privileges to normal user. It is done by creating maximum number of processes and then restarting adb.
More detailed information an sample code can be found here: http://intrepidusgroup.com/insight/2010/09/android-root-source-code-looking-at-the-c-skills/

My task was to migrate database from Mambo 4.5.1 to newest Joomla version which is now 1.6. I didn’t have to migrate any additional components data, just core functionality. At first I thought I will be an easy task, but then a few difficulties showed. Below I provide step which took me to happy end.
Przeczytaj resztę tego wpisu »

My BSc Thesis is to implement steganography algorithm that use VoIP packets as a transport. The main aim is to modify delay of RTP packets without noticeable impact on transmission quality. I create hidden channel by sending two packets that average delay is 20ms. For example if we send 1 packet 10ms after previous and second 30ms after first the average delay is 20ms. Calling parties will not notice so small difference, but software should recognize such situation as sending the bit with value 1. When we want to send bit 0 we can just switch delays, then first packet will be sent after 30ms and another 10ms later. The time the packet was received is very important for Receiver. The network can add a random delay but Receiver should still be able to collect all sent bits.
For implementation I used libnetfilter_queue and iptables. This two powerful tools are more than enough for my need. Everything was fine until and got to point where I had to read packet delay. Although libnetfilter_queue provide function for reading timestamp when packet was queued (nfq_get_timestamp) it’s not working without additional tweaks. For kernel performance reason timestamping network packets is by default disabled. After digging through kernel source I found functions responsible from toggling this setting, it’s a net_enable_timestamp() and net_disable_timestamp(). I had no idea how to execute each of them but MarkR from stackoverflow.org helped me. There is no need to enable timestamping globally for all packets instead it can be enabled for particular socket by using setsockopt. The call sequence is then setsockopt() -> sock_setsockopt() -> sock_enable_timestamp(…) -> net_enable_timestamp(). It is possible to get file descriptor connected with particular queue and treat it as it would be socket. This means that following code is valid and can be used to enable timestamping incoming packets:

int ena = 1;
if( setsockopt(queuefd, SOL_SOCKET, SO_TIMESTAMP, &ena, sizeof(ena)) )
{
    SYS_LOG(E_WARNING, "Unable to enable timestamping");
}

and then in queue handle function:

int handle_queue(struct nfq_q_handle *pQh, struct nfgenmsg *pNfmsg, struct nfq_data *pNfa, void *pData)
{
    struct nfqnl_msg_packet_hdr *ph;
    struct timeval tv;
    int id;

    ph = nfq_get_msg_packet_hdr(pNfa);
    if(ph)
    {
        id = ntohl(ph->packet_id);
    }

    nfq_get_timestamp(pNfa, &tv);
    /* do sth. with read timestamp */

    return nfq_set_verdict(pQh, id, NF_ACCEPT, 0, NULL);
}

This is a solution for a issue, that as far as i know, have not been solved since this post:
„So far the biggest issues I’ve run into are that marking doesn’t work in 2.6.15 (I think it should in 2.6.16), and I can’t seem to ever read the timestamp for a packet, no matter hat hook it comes in on. I’ve just been using gettimeofday for that for now.”
http://lists.netfilter.org/pipermail/netfilter-devel/2006-February/023490.html

Korzystając z okazji że pozbywam się Oracle VirtualBox na rzecz VM Player’a wrzucam stworzony przeze mnie dawno dawno filmik pokazujący w jaki sposób stworzyć sieć wewnętrzną w VirtualBox wraz z automatycznym przydzielaniem adresów. Przedstawiona przykładzie systemu Windows XP i QNX. Enjoy.

Wrednie podchwytliwe zadanie czasami w tej czy innej postaci spotykane na różnych testach ze znajomości języka.
Jaki będzie efekt wykonania poniższego programu:

#include <iostream>

int foo(int x, int y)
{
    return x + y;
}

int main()
{
    int z, k;
    z = 10;
    k = foo(z = 20, z += 1);
    std::cout << k << std::endl;
}

Najłatwiej zweryfikować korzystając z kompilatora. Na rozważanie przyczyna takie czy innego wyniku nie warto poświęcać zbyt wiele czasu, ponieważ dodanie flagi -Wall rozwiewa wszystkie wątpliwości:

zadanie.cpp: In function ‘int main()’:
zadanie.cpp:14: warning: operation on ‘z’ may be undefined

Zatem poprawna odpowiedź na pytanie: „to zależy od kompilatora, sprzętu, systemu”

Mając przedstawioną poniżej strukturę danych i kontener zawierający wskaźniki, wykonać operację/metodę methodA na rzecz obiektu obj_ posługując się iteratorem:

class Foo {
public:
  methodA() {
    printf("Wykonano...\n");
  }
}

struct data_t {
  int i_;
  Foo* obj_;
}

std::list<data_t*> data_;

for(std::list<data_t*>::iterator i  = data_.begin(); i != data_.end(); i++ ) {
   // operacje
}

W jaki sposób wykonać blok operacji ? Możliwości mamy kilka:

/* 1 */ i->obj_->methodA();
/* 2 */ *i->obj_->methodA();
/* 3 */ (*i)->obj_->methodA();

Rozwiązanie zagadki jest proste, ale wymaga znajomości priorytetów operatorów. Pierwsze wywołania jest całkowicie błędne, ponieważ lista przecowuje wskaźniki do strkutury, a nie samą strukturę. Zatem należy najpier wyłuskać strukturę znajdującą się pod wskazywanym adresem i dopiero wtedy wykonać metodę. Okazuje się że rowiązania 2 również jest nie poprawne, właśnie ze względu na priorytety operatorów. Dopiero numer 3 daje zamierzony efekt. Na szczęście błąd ujawnia się na etapie kompilacji…