similar to: [PATCH nbdkit] server: Allow file descriptors to be passed to nbdkit_read_password.

On 10/17/19 4:38 PM, Richard W.M. Jones wrote: > Allow password parameters such as ‘password=-FD’ where FD is a file > descriptor number inherited by nbdkit from the parent process. This > is another way to allow programs to hand passwords to nbdkit in a very > secure way, for example over a pipe so they never touch the > filesystem. > > Previously nbdkit allowed you to use

Trying to read a password or inline script from stdin when the -s option was used to connect to our client over stdin is not going to work. It would be nice to fail such usage as soon as possible, by giving plugins a means to decide if it is safe to use stdio during .config. Update nbdkit_read_password and the sh plugin to take advantage of the new entry point. Signed-off-by: Eric Blake

Trying to read a password or inline script from stdin when the -s option was used to connect to our client over stdin is not going to work. It would be nice to fail such usage as soon as possible, by giving plugins a means to decide if it is safe to use stdio during .config. Update nbdkit_read_password and the sh plugin to take advantage of the new entry point. Also, treat 'nbdkit -s

--- lib/Makefile.am | 27 ++ server/Makefile.am | 24 -- server/nbdkit.syms | 28 +-- server/public.c | 459 +--------------------------------- {server => lib}/extents.c | 4 +- lib/parse.c | 341 +++++++++++++++++++++++++ lib/password.c | 152 +++++++++++ lib/path.c | 97 +++++++

This command fails with an incorrect error message: $ nbdkit ssh host=localhost /nosuchfile password=- --run 'qemu-img info $nbd' </dev/null password: nbdkit: error: could not read password from stdin: Inappropriate ioctl for device The error (ENOTTY Inappropriate ioctl for device) is actually a leftover errno from the previous isatty call. This happens because getline(3) can

Rails 3: I have a view books/:id/show.html.erb - in the view, I have a form with a select tag to pick a template, that on dropdown should submit the form which rerenders the page based on the selection: <%= form_tag book_path(@book) do %> > > <%= select_tag "template[]", >> options_for_select([["Template1","template1"], ["Template2",

Introduce a new helper function to resolve a path name, calling nbdkit_error on failure: other than doing what nbdkit_absolute_path does, it also checks that the file exists (and thus avoids errors later on). To help distinguish it from nbdkit_absolute_path, improve the documentation of the latter. Apply it where an existing path is required, both in nbdkit itself and in plugins. Related to:

See this thread: https://www.redhat.com/archives/libguestfs/2020-June/thread.html#00012 This commit also adds a regression test of vddk password=- and password=-FD. --- tests/Makefile.am | 4 ++ plugins/vddk/vddk.h | 1 + plugins/vddk/reexec.c | 43 ++++++++++++- plugins/vddk/vddk.c | 2 +-

Introduce a new helper function to resolve a path name, calling nbdkit_error on failure: other than doing what nbdkit_absolute_path does, it also checks that the file exist (and thus avoid errors later on). Apply it where an existing path is required, both in nbdkit itself and in plugins. Related to: https://bugzilla.redhat.com/show_bug.cgi?id=1527334 --- docs/nbdkit-plugin.pod | 13

There's enough here to need a review; some of it probably needs backporting to stable-1.12. This probably breaks tests on Haiku or other platforms that have not been as on-the-ball about atomic CLOEXEC; feel free to report issues that arise, and I'll help come up with workarounds (even if we end up leaving a rare fd leak on less-capable systems). Meanwhile, I'm still working on my

This has been broken since we added the reexec code (commit 155af3107292c351d54ed42c732f4a67bb9aa910) because it tried to read the password twice (before and after the reexec) failing the second time because stdin had already been reopened on /dev/null. Virt-v2v used this feature, but I will change virt-v2v instead. --- plugins/vddk/nbdkit-vddk-plugin.pod | 7 +------ plugins/vddk/vddk.c

$ ./nbdkit ssh host=localhost /nosuchfile password=-0 --run 'qemu-img info $nbd' abc fcntl: Bad file descriptor The reason for this is that we close the file descriptor after reading the password. Closing stdin causes bad stuff to happen. --- docs/nbdkit-plugin.pod | 5 +++++ server/public.c | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git

On Mon, Sep 23, 2019 at 01:23:28PM -0500, Eric Blake wrote: > > Hopefully it will warn us if uid_t stops being int. (Also > > we're assuming pid_t == int). > > 64-bit mingw has had a long-standing bug that pid_t was declared as > 64-bit, even though getpid() returns a 32-bit 'int'; I wish they'd fix > their headers, but it violates the assumption of pid_t

I'm pleased to announce the release of nbdkit 1.22, a high performance plugin-based Network Block Device (NBD) server. https://en.wikipedia.org/wiki/Network_block_device Key features of nbdkit: * Multithreaded NBD server written in C with good performance. * Minimal dependencies for the basic server. * Liberal license (BSD) allows nbdkit to be linked to proprietary libraries or

nbdkit is an NBD server toolkit with stable ABI and permissive license. "Non-traditional" disk images can be served to anything that can consume disk images over NBD (qemu, libguestfs, etc.) More information: https://github.com/libguestfs/nbdkit Source download: http://download.libguestfs.org/nbdkit/ I'm pleased to announce the first new release in over a year. New in this

Currently implemented as guestfish commands, provide them instead as single source -> destination functions for the library, so they can be used also in other places. These functions are not added to guestfish, since guestfish has its own implementation (which will soon switch to call copy-in and copy-out for multiple paths). --- generator/actions.ml | 28 ++++++ po/POTFILES | 1 +

Add a new 'excludes' optional argument to copy-out, passing it straight to tar-out: this way it is possible to exclude files when extracting a directory from the guest. --- generator/actions.ml | 16 ++++++++++++++-- gobject/Makefile.inc | 2 ++ lib/copy-in-out.c | 13 ++++++++++--- 3 files changed, 26 insertions(+), 5 deletions(-) diff --git a/generator/actions.ml

On Mon, Jan 26, 2015 at 05:04:10PM +0100, Pino Toscano wrote: > Currently implemented as guestfish commands, provide them instead as > single source -> destination functions for the library, so they can be > used also in other places. > > These functions are not added to guestfish, since guestfish has its own > implementation (which will soon switch to call copy-in and

Add new optional argument to copy-out: 'numericowner', 'excludes', 'xattrs', 'selinux', and 'acls'. Pass them straight to tar-out, so it is possible to tweak how the files are extracted from the guest, and locally saved. --- generator/actions.ml | 37 +++++++++++++++++++++++++++++++++++-- gobject/Makefile.inc | 2 ++ lib/copy-in-out.c | 29

sscanf is sadly not safe (because it doesn't handle integer overflow correctly), and strto*l functions are a pain to use correctly. Therefore add some functions to hide the pain of parsing integers from the command line. The simpler uses of sscanf and strto*l are replaced. There are still a few where we are using advanced features of sscanf. --- docs/nbdkit-plugin.pod | 48