search for: libnbd_connect_uri_require_tl

Add an extra parameter to nbd_connect_uri to control what URIs are permitted, in case the caller wants to pass in user-controlled URIs but have some control over who/what/how the connection happens. For example: nbd_connect_uri (nbd, "nbd://localhost", LIBNBD_CONNECT_URI_REQUIRE_TLS) => error: URI must specify an encrypted connection: Permission denied This obviously breaks the existing C API. --- TODO | 1 - docs/libnbd.pod | 2 +- examples/batched-read-write.c | 2 +- examples/strict-structured-reads.c...

...e: > Add an extra parameter to nbd_connect_uri to control what URIs are > permitted, in case the caller wants to pass in user-controlled URIs > but have some control over who/what/how the connection happens. For > example: > > nbd_connect_uri (nbd, "nbd://localhost", LIBNBD_CONNECT_URI_REQUIRE_TLS) > => error: URI must specify an encrypted connection: Permission denied > > This obviously breaks the existing C API. Alternative: we could leave nbd_connect_uri() alone, and make it forward to a new API nbd_connect_uri_flags(, default_flags). > +++ b/docs/libnbd.pod > @@...

This largish series adds several new features to the generator. Enum maps to enumerated types (like enum in C). The only current use for this is replacing the nbd_set_tls (nbd, 0/1/2) parameter with LIBNBD_TLS_DISABLE, LIBNBD_TLS_ALLOW, LIBNBD_TLS_REQUIRE (and natural equivalents in other programming languages). Flags maps to any uint32_t bitmask. It is basically a non-optional, generalized

...t;); > > + goto cleanup; > > + } > > + if (tls && !(allow & LIBNBD_CONNECT_URI_ALLOW_TLS)) { > > + set_error (EPERM, "TLS encrypted URIs are not allowed"); > > + goto cleanup; > > + } > > + if (!tls && (allow & LIBNBD_CONNECT_URI_REQUIRE_TLS)) { > > + set_error (EPERM, "URI must specify an encrypted connection " > > + "(use nbds: or nbds+unix:)"); > > + goto cleanup; > > + } > > + > > Are there any other flags we might want to support, such as permitting &gt...