search for: nbd_supports_tls

Displaying 20 results from an estimated 23 matches for "nbd_supports_tls".

2019 Jun 05
1
[libnbd PATCH] api: Add nbd_supports_tls
...t;). For now, when using C<nbd_connect_uri>, any URI query parameters related to -TLS are not handled automatically. +TLS are not handled automatically. Setting the level higher than +zero will fail if libnbd was not compiled against gnutls; you can +test whether this is the case with C<nbd_supports_tls>. For more information see L<libnbd(3)/ENCRYPTION AND AUTHENTICATION>."; }; @@ -995,7 +997,11 @@ set and TLS is used then a compiled in default is used. For root this is C</etc/pki/libnbd/>. For non-root this is C<$HOME/.pki/libnbd> and C<$HOME/.config/pki/libnb...
2019 Aug 14
3
[libnbd PATCH 0/2] Drop generated file from git
Rich recently patched things to generate one man page per function rather than libnbd-api.3 (nice), but in doing so got stumped by a problem with a fresh git clone (automake fails for any 'include' directive that does not already exist). I've figured out how to hack around it, but the hack requires GNU make. We already use GNU make constructs elsewhere (such as $(wildcard)), but
2019 Sep 18
1
Re: [PATCH libnbd 4/5] interop: Add -DTLS_MODE to the test.
...gt; int > main (int argc, char *argv[]) > { > @@ -73,15 +80,12 @@ main (int argc, char *argv[]) > } > #endif > > -#if CERTS || PSK > - /* Require TLS on the handle and fail if not available or if the > - * handshake fails. > - */ > +#if TLS > if (nbd_supports_tls (nbd) != 1) { > fprintf (stderr, "skip: compiled without TLS support\n"); > exit (77); > } This skips the test if we are compiled without TLS support, even if TLS_ALLOW was requested. What behavior do we really want there? Is TLS_ALLOW unconditionally falling back...
2019 Aug 10
0
[PATCH libnbd 9/9] FOR DISCUSSION ONLY: api: Add ‘allow’ parameter to nbd_connect_uri to control permitted URIs.
...@ the connection has been made. This call will fail if libnbd was not compiled with libxml2; you can test whether this is the case with C<nbd_supports_uri>. Support for URIs that require TLS will fail if libnbd was not compiled with -gnutls; you can test whether this is the case with C<nbd_supports_tls>."; +gnutls; you can test whether this is the case with C<nbd_supports_tls>. + +The C<allow> parameter lets you choose which NBD URI features +are enabled, in case for example you don't want to allow +remote connections. Currently defined flags are: + +=over 4 + +=item C&lt...
2019 Sep 17
0
[PATCH libnbd 4/5] interop: Add -DTLS_MODE to the test.
...must be defined when using CERTS || PSK" +#endif +#endif + int main (int argc, char *argv[]) { @@ -73,15 +80,12 @@ main (int argc, char *argv[]) } #endif -#if CERTS || PSK - /* Require TLS on the handle and fail if not available or if the - * handshake fails. - */ +#if TLS if (nbd_supports_tls (nbd) != 1) { fprintf (stderr, "skip: compiled without TLS support\n"); exit (77); } - if (nbd_set_tls (nbd, LIBNBD_TLS_REQUIRE) == -1) { + if (nbd_set_tls (nbd, TLS_MODE) == -1) { fprintf (stderr, "%s\n", nbd_get_error ()); exit (EXIT_FAILURE); } @@...
2019 Aug 10
2
Re: [PATCH libnbd 9/9] FOR DISCUSSION ONLY: api: Add ‘allow’ parameter to nbd_connect_uri to control permitted URIs.
...been made. > This call will fail if libnbd was not compiled with libxml2; you can > test whether this is the case with C<nbd_supports_uri>. Support for > URIs that require TLS will fail if libnbd was not compiled with > -gnutls; you can test whether this is the case with C<nbd_supports_tls>."; > +gnutls; you can test whether this is the case with C<nbd_supports_tls>. > + > +The C<allow> parameter lets you choose which NBD URI features > +are enabled, in case for example you don't want to allow > +remote connections. Currently defined flags are:...
2019 Sep 17
7
[PATCH libnbd 0/5] interop: Check that LIBNBD_TLS_ALLOW works against nbdkit.
I was a little surprised to find that LIBNBD_TLS_ALLOW worked out of the box, so I had to examine the logs whereupon I saw the magic message ... libnbd: debug: nbd1: nbd_connect_command: server refused TLS (policy), continuing with unencrypted connection I don't believe this path has ever been tested before. It's possible the tests could be improved if they actually checked for this
2019 Aug 14
0
[libnbd PATCH 2/2] docs: Drop docs/Makefile.inc from git
...ed \ - nbd_aio_is_connecting \ - nbd_aio_is_ready \ - nbd_aio_is_processing \ - nbd_aio_is_dead \ - nbd_aio_is_closed \ - nbd_aio_command_completed \ - nbd_aio_peek_command_completed \ - nbd_aio_in_flight \ - nbd_connection_state \ - nbd_get_package_name \ - nbd_get_version \ - nbd_kill_command \ - nbd_supports_tls \ - nbd_supports_uri \ - $(NULL) diff --git a/generator/generator b/generator/generator index 257303f..9fe98f5 100755 --- a/generator/generator +++ b/generator/generator @@ -3733,9 +3733,10 @@ let generate_lib_api_c () = pr "\n"; List.iter print_wrapper handle_calls -(* We generate...
2019 Aug 15
1
[PATCH libnbd] docs: Change docs/Makefile.inc back to a regular include, readd to git.
...\ + nbd_aio_is_connecting \ + nbd_aio_is_ready \ + nbd_aio_is_processing \ + nbd_aio_is_dead \ + nbd_aio_is_closed \ + nbd_aio_command_completed \ + nbd_aio_peek_command_completed \ + nbd_aio_in_flight \ + nbd_connection_state \ + nbd_get_package_name \ + nbd_get_version \ + nbd_kill_subprocess \ + nbd_supports_tls \ + nbd_supports_uri \ + $(NULL) diff --git a/generator/generator b/generator/generator index 6cc06cc..437f432 100755 --- a/generator/generator +++ b/generator/generator @@ -3766,7 +3766,7 @@ let generate_lib_api_c () = let generate_docs_Makefile_inc () = generate_header HashStyle; - pr &quo...
2019 Nov 22
1
[nbdkit PATCH] nbd: Add vsock_cid= transport option
...on up to N seconds (default 0).\n" \ "shared=<BOOL> True to share one server connection among all clients,\n" \ @@ -294,6 +324,7 @@ nbdplug_dump_plugin (void) printf ("libnbd_version=%s\n", nbd_get_version (nbd)); printf ("libnbd_tls=%d\n", nbd_supports_tls (nbd)); printf ("libnbd_uri=%d\n", nbd_supports_uri (nbd)); + printf ("libnbd_vsock=%d\n", USE_VSOCK); nbd_close (nbd); } @@ -484,6 +515,12 @@ nbdplug_open_handle (int readonly) r = nbd_connect_uri (h->nbd, uri); else if (sockname) r = nbd_connect_unix (...
2020 Jul 07
2
[nbdkit PATCH] nbd: Add vsock-cid= transport option
...<ARG> Parameters for command.\n" \ "socket-fd=<FD> Socket file descriptor to connect to.\n" \ @@ -346,6 +376,7 @@ nbdplug_dump_plugin (void) printf ("libnbd_version=%s\n", nbd_get_version (nbd)); printf ("libnbd_tls=%d\n", nbd_supports_tls (nbd)); printf ("libnbd_uri=%d\n", nbd_supports_uri (nbd)); + printf ("libnbd_vsock=%d\n", USE_VSOCK); nbd_close (nbd); } @@ -545,6 +576,12 @@ nbdplug_open_handle (int readonly) r = nbd_connect_unix (h->nbd, sockname); else if (hostname) r = nbd_connect_...
2020 Sep 06
0
[libnbd PATCH 1/3] generator: Introduce REnum/RFlags return types
.../API.ml index 962b787..bf6030f 100644 --- a/generator/API.ml +++ b/generator/API.ml @@ -66,6 +66,8 @@ and ret = | RCookie | RString | RUInt +| REnum of enum +| RFlags of flags and closure = { cbname : string; cbargs : cbarg list; @@ -442,7 +444,7 @@ test whether this is the case with L<nbd_supports_tls(3)>."; "get_tls", { default_call with - args = []; ret = RInt; + args = []; ret = REnum (tls_enum); may_set_error = false; shortdesc = "get the TLS request setting"; longdesc = "\ @@ -678,7 +680,7 @@ Future NBD extensions may add furthe...
2019 Aug 10
17
[PATCH libnbd 0/9] Add Enum and Flags types.
This largish series adds several new features to the generator. Enum maps to enumerated types (like enum in C). The only current use for this is replacing the nbd_set_tls (nbd, 0/1/2) parameter with LIBNBD_TLS_DISABLE, LIBNBD_TLS_ALLOW, LIBNBD_TLS_REQUIRE (and natural equivalents in other programming languages). Flags maps to any uint32_t bitmask. It is basically a non-optional, generalized
2020 Jul 07
0
Re: [nbdkit PATCH] nbd: Add vsock-cid= transport option
...Parameters for command.\n" \ > "socket-fd=<FD> Socket file descriptor to connect to.\n" \ > @@ -346,6 +376,7 @@ nbdplug_dump_plugin (void) > printf ("libnbd_version=%s\n", nbd_get_version (nbd)); > printf ("libnbd_tls=%d\n", nbd_supports_tls (nbd)); > printf ("libnbd_uri=%d\n", nbd_supports_uri (nbd)); > + printf ("libnbd_vsock=%d\n", USE_VSOCK); > nbd_close (nbd); > } > > @@ -545,6 +576,12 @@ nbdplug_open_handle (int readonly) > r = nbd_connect_unix (h->nbd, sockname); >...
2020 Aug 28
0
[nbdkit PATCH 3/3] nbd: Implement .list_exports
...amic-list.sh \ test-nbd-extents.sh \ test-nbd-qcow2.sh \ test-nbd-tls.sh \ diff --git a/plugins/nbd/nbd.c b/plugins/nbd/nbd.c index 7389b6d9..c2d2d166 100644 --- a/plugins/nbd/nbd.c +++ b/plugins/nbd/nbd.c @@ -407,6 +407,11 @@ nbdplug_dump_plugin (void) printf ("libnbd_tls=%d\n", nbd_supports_tls (nbd)); printf ("libnbd_uri=%d\n", nbd_supports_uri (nbd)); printf ("libnbd_vsock=%d\n", USE_VSOCK); +#if LIBNBD_HAVE_NBD_OPT_LIST + printf ("libnbd_dynamic_list=1\n"); +#else + printf ("libnbd_dynamic_list=0\n"); +#endif nbd_close (nbd); } @@ -6...
2019 Sep 17
3
[PATCH libnbd 1/2] api: Add new API to read whether TLS was negotiated.
...generator/generator index 87a8cdf..28248ed 100755 --- a/generator/generator +++ b/generator/generator @@ -1132,17 +1132,42 @@ TLS are not handled automatically. Setting the level higher than zero will fail if libnbd was not compiled against gnutls; you can test whether this is the case with L<nbd_supports_tls(3)>."; example = Some "examples/encryption.c"; - see_also = ["L<libnbd(3)/ENCRYPTION AND AUTHENTICATION>"]; + see_also = ["L<libnbd(3)/ENCRYPTION AND AUTHENTICATION>"; + "L<nbd_get_tls(3)>"; "L<nbd_g...
2020 Sep 11
0
[libnbd PATCH v2 3/5] api: Add nbd_set_strict_mode
...handshake_flags; strict_flags; + allow_transport_flags; shutdown_flags ] let default_call = { args = []; optargs = []; ret = RErr; shortdesc = ""; longdesc = ""; example = None; @@ -451,7 +464,7 @@ test whether this is the case with L<nbd_supports_tls(3)>."; "get_tls", { default_call with - args = []; ret = REnum (tls_enum); + args = []; ret = REnum tls_enum; may_set_error = false; shortdesc = "get the TLS request setting"; longdesc = "\ @@ -610,7 +623,7 @@ for integration testing, i...
2020 Aug 28
4
[nbdkit PATCH 0/3] .list_exports in nbd plugin
Another series on top of my exportname filter, marking off another todo bullet point. With this, you can now use the NBD plugin as a transparent passthrough of all export names served by the remote server in both directions (list advertisement server to client, and export name from client to server). Eric Blake (3): nbd: Implement .default_export, .export_description nbd: Add
2020 Sep 06
8
[libnbd PATCH 0/3] Improve type-safety of ocaml/golang getters
Natural fallout after my recent testsuite additions that fixed a couple of ocaml bugs in the setters. However, on at least the OCaml code, I'm not sure what we should do if a newer libnbd ever returns a bit that an older NBD.mli was not expecting at the time the OCaml compiler ran (see below). I'm also not sure if there is a more efficient way to avoid outputting Val_FOO() converters for
2020 Sep 11
10
[libnbd PATCH v2 0/5] Add knobs for client- vs. server-side validation
In v2: - now based on my proposal to add LIBNBD_SHUTDOWN_IMMEDIATE - four flags instead of two: STRICT_FLAGS is new (patch 4), and STRICT_BOUNDS is separate from STRICT_ZERO_SIZE (patch 5) - various refactorings for more shared code and less duplication Eric Blake (5): api: Add xxx_MASK constant for each Flags type generator: Refactor filtering of accepted OFlags api: Add