search for: nbd_set_tls

...tions(+), 8 deletions(-) diff --git a/docs/libnbd.pod b/docs/libnbd.pod index b42d000..01964de 100644 --- a/docs/libnbd.pod +++ b/docs/libnbd.pod @@ -522,8 +522,10 @@ and servers. Libnbd defaults to TLS I<disabled> for maximum interoperability. To enable it on a handle you must call C<nbd_set_tls> before connecting: - nbd_set_tls (nbd, 1); // to allow TLS, but fall back to unencrypted - nbd_set_tls (nbd, 2); // to require TLS, and fail otherwise + // to allow TLS, but fall back to unencrypted + nbd_set_tls (nbd, LIBNBD_TLS_ALLOW); + // to require TLS, and fail otherwise + nbd_set_t...

This is slightly redundant with just trying nbd_set_tls(nbd, 2) then checking for failure; however, this function does not set errors and looks more similar to nbd_supports_uri. --- This is borderline enough that I figured I'd post it to check if we want it. generator/generator | 45 ++++++++++++++++++++++++++++++++++++++------- interop/interop.c...

This largish series adds several new features to the generator. Enum maps to enumerated types (like enum in C). The only current use for this is replacing the nbd_set_tls (nbd, 0/1/2) parameter with LIBNBD_TLS_DISABLE, LIBNBD_TLS_ALLOW, LIBNBD_TLS_REQUIRE (and natural equivalents in other programming languages). Flags maps to any uint32_t bitmask. It is basically a non-optional, generalized variation on OFlags with some nice features. Two commits also add checkin...

...et_tls", { default_call with args = []; ret = RInt; may_set_error = false; - shortdesc = "get the current TLS setting"; + shortdesc = "get the TLS request setting"; longdesc = "\ -Get the current TLS setting."; - see_also = ["L<nbd_set_tls(3)>"]; +Get the TLS request setting. + +B<Note:> If you want to find out if TLS was actually negotiated +on a particular connection use L<nbd_get_tls_negotiated(3)> instead."; + see_also = ["L<nbd_set_tls(3)>"; "L<nbd_get_tls_negotiated(3)>&quo...

Rich recently patched things to generate one man page per function rather than libnbd-api.3 (nice), but in doing so got stumped by a problem with a fresh git clone (automake fails for any 'include' directive that does not already exist). I've figured out how to hack around it, but the hack requires GNU make. We already use GNU make constructs elsewhere (such as $(wildcard)), but

In the generated wrapper code this adds checks for all Enum parameters. Since only nbd_set_tls uses an Enum parameter, the only extra code generated by this change is: int nbd_set_tls (struct nbd_handle *h, int tls) { // ... switch (tls) { case LIBNBD_TLS_DISABLE: case LIBNBD_TLS_ALLOW: case LIBNBD_TLS_REQUIRE: break; default: set_error (EINVAL, &quot...

...argc, char *argv[]) } #endif -#if CERTS || PSK - /* Require TLS on the handle and fail if not available or if the - * handshake fails. - */ +#if TLS if (nbd_supports_tls (nbd) != 1) { fprintf (stderr, "skip: compiled without TLS support\n"); exit (77); } - if (nbd_set_tls (nbd, LIBNBD_TLS_REQUIRE) == -1) { + if (nbd_set_tls (nbd, TLS_MODE) == -1) { fprintf (stderr, "%s\n", nbd_get_error ()); exit (EXIT_FAILURE); } @@ -142,6 +146,16 @@ main (int argc, char *argv[]) #endif +#if TLS + if (TLS_MODE == LIBNBD_TLS_REQUIRE && + nb...

When we moved to an enum instead of raw int for nbd_set_tls(), we should have also updated our code to prefer the enum values. While at it, improve the grammar of error messages (confusing since 632196ec, and copy-and-pasted into more locations since then). Fixes: 4488cf2a Thanks: Rich Jones --- Rich noticed this while reviewing the patch for today's...

...-- Reported: 2019-09-14 Fixed: 2019-09-16 Published: 2019-09-16 There is no CVE number assigned for this issue yet, but the bug is being categorized and processed by Red Hat's security team which may result in a CVE being published later. Description ----------- Libnbd includes the method nbd_set_tls(h, LIBNBD_TLS_REQUIRE) which is documented to let a client refuse to connect to a server that is not using TLS encryption. However, if the server uses the oldstyle protocol, a flaw in libnbd meant that the client would proceed with an unencrypted connection without warning. An attacker, perhaps ac...

Previously nbd_set_tls had an integer argument which was 0 for disable, 1 for allow and 2 for require. This commit adds a proper enumerated type to describe this, defining LIBNBD_TLS_DISABLE = 0, LIBNBD_TLS_ALLOW = 1 and LIBNBD_TLS_REQUIRE = 2. (Note the C API doesn't change). In C the enumerated type is still def...

...ld usually lead to arbitrary code execution. Test if libnbd is vulnerable ---------------------------- (There is no simple test for this vulnerability) Workarounds ----------- It is highly recommended to apply the fix or upgrade to a fixed version. If you cannot do this, then you could use: nbd_set_tls (h, LIBNBD_TLS_REQUIRE) to only connect to trusted servers over TLS. Fixes ----- This affects all versions of libnbd. A fix is available for 1.0, and the current development branch. * development branch (1.1) https://github.com/libguestfs/libnbd/commit/f75f602a6361c0c5f42debfeea6980f698ce7f0...

I'm easily able to provoke NBD_REP_ERR_TLS_REQD (use nbd_set_tls(0) to talk to a server that requires encryption) and NBD_REP_ERR_UNKNOWN (forget to use nbd_set_export_name for qemu-nbd); it's nice to display a useful error for these rather than "unknown reply from NBD_OPT_GO: 0x80000005" or similar. Other errors are less common, but as long as we...

I was a little surprised to find that LIBNBD_TLS_ALLOW worked out of the box, so I had to examine the logs whereupon I saw the magic message ... libnbd: debug: nbd1: nbd_connect_command: server refused TLS (policy), continuing with unencrypted connection I don't believe this path has ever been tested before. It's possible the tests could be improved if they actually checked for this

...ee Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - -api_built += \ - nbd_set_debug \ - nbd_get_debug \ - nbd_set_debug_callback \ - nbd_clear_debug_callback \ - nbd_set_handle_name \ - nbd_get_handle_name \ - nbd_set_export_name \ - nbd_get_export_name \ - nbd_set_tls \ - nbd_get_tls \ - nbd_set_tls_certificates \ - nbd_set_tls_verify_peer \ - nbd_get_tls_verify_peer \ - nbd_set_tls_username \ - nbd_get_tls_username \ - nbd_set_tls_psk_file \ - nbd_add_meta_context \ - nbd_connect_uri \ - nbd_connect_unix \ - nbd_connect_tcp \ - nbd_connect_command \ - nbd_is_re...

...ree Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +api_built = \ + nbd_set_debug \ + nbd_get_debug \ + nbd_set_debug_callback \ + nbd_clear_debug_callback \ + nbd_set_handle_name \ + nbd_get_handle_name \ + nbd_set_export_name \ + nbd_get_export_name \ + nbd_set_tls \ + nbd_get_tls \ + nbd_set_tls_certificates \ + nbd_set_tls_verify_peer \ + nbd_get_tls_verify_peer \ + nbd_set_tls_username \ + nbd_get_tls_username \ + nbd_set_tls_psk_file \ + nbd_add_meta_context \ + nbd_connect_uri \ + nbd_connect_unix \ + nbd_connect_tcp \ + nbd_connect_command \ + nbd_is_re...

Well, the golang changes (patch 1 and 2/3 of v1) were already committed, all that was left was the OCaml changes. I'm a lot happier with how things turned out with an UNKNOWN constructor in the OCaml variants. Eric Blake (3): tests: Enhance coverage of enum/flag range checking ocaml: Support unknown values for Enum/Flags ocaml: Typesafe returns for REnum/RFlags generator/OCaml.ml

Another series on top of my exportname filter, marking off another todo bullet point. With this, you can now use the NBD plugin as a transparent passthrough of all export names served by the remote server in both directions (list advertisement server to client, and export name from client to server). Eric Blake (3): nbd: Implement .default_export, .export_description nbd: Add

...@@ nbdplug_open_handle (int readonly) goto err; if (nbd_set_export_name (h->nbd, export) == -1) goto err; - if (nbd_add_meta_context (h->nbd, "base:allocation") == -1) + if (nbd_add_meta_context (h->nbd, LIBNBD_CONTEXT_BASE_ALLOCATION) == -1) goto err; if (nbd_set_tls (h->nbd, tls) == -1) goto err; @@ -570,7 +572,7 @@ static int nbdplug_can_write (void *handle) { struct handle *h = handle; - int i = nbd_read_only (h->nbd); + int i = nbd_is_read_only (h->nbd); if (i == -1) { nbdkit_error ("failure to check readonly flag: %s&quot...

Well, I'm not quite done (I still want to get nbdinfo to work on a single nbd connection for all cases when reading the heads of the file is not required), but I'm happy with patches 1-11, and 12-13 show where I'm headed for getting NBD_OPT_INFO to work. Posting now to see if some of the earlier patches are ready to commit while I continue working on the latter half. Eric Blake (13):

It's been several weeks since I posted v2 (I got distracted by improving libnbd to better test things, which in turn surfaced some major memory leak problems in nbdsh that are now fixed). Many of the patches are minor rebases from v2, with the biggest changes being fallout from: - patch 2: rename nbdkit_add_default_export to nbdkit_use_default_export - overall: this missed 1.22, so update