search for: nbd_unlocked_get_protocol

...+ h->protocol = "newstyle-fixed"; Should work whether this lands before or after my set_handshake_flags patch. > +++ b/lib/handle.c > @@ -315,3 +315,15 @@ nbd_unlocked_supports_uri (struct nbd_handle *h) > return 0; > #endif > } > + > +const char * > +nbd_unlocked_get_protocol (struct nbd_handle *h) > +{ > + /* I believe that if we reach the Connected or Closed permitted > + * states, then the state machine must have set h->protocol. So if > + * this assertion is hit then it indicates a bug in libnbd. > + */ > + assert (h->protocol); Sou...

When LIBNBD_TLS_ALLOW is used we don't have a way to find out if TLS was really negotiated. This adds a flag and a way to read it back. Unfortunately there is no test yet, because LIBNBD_TLS_ALLOW is not tested -- it really should be but requires quite a complicated set of tests because ideally we'd like to find out whether it falls back correctly for all supported servers. --- TODO

...;protocol = "oldstyle"; + SET_NEXT_STATE (%.READY); return 0; diff --git a/lib/handle.c b/lib/handle.c index bc4206c..85d10cd 100644 --- a/lib/handle.c +++ b/lib/handle.c @@ -315,3 +315,15 @@ nbd_unlocked_supports_uri (struct nbd_handle *h) return 0; #endif } + +const char * +nbd_unlocked_get_protocol (struct nbd_handle *h) +{ + /* I believe that if we reach the Connected or Closed permitted + * states, then the state machine must have set h->protocol. So if + * this assertion is hit then it indicates a bug in libnbd. + */ + assert (h->protocol); + + return h->protocol; +} dif...

...= true; h->request_sr = true; + + h->uri_allow_transports = (uint32_t) -1; + h->uri_allow_tls = LIBNBD_TLS_ALLOW; + h->uri_allow_local_file = false; + h->gflags = (LIBNBD_HANDSHAKE_FLAG_FIXED_NEWSTYLE | LIBNBD_HANDSHAKE_FLAG_NO_ZEROES); @@ -360,3 +365,24 @@ nbd_unlocked_get_protocol (struct nbd_handle *h) return h->protocol; } + +int +nbd_unlocked_set_uri_allow_transports (struct nbd_handle *h, uint32_t mask) +{ + h->uri_allow_transports = mask; + return 0; +} + +int +nbd_unlocked_set_uri_allow_tls (struct nbd_handle *h, int tls) +{ + h->uri_allow_tls = tls;...

Previous discussion: https://www.redhat.com/archives/libguestfs/2019-August/msg00102.html Last night I experimentally added support for URIs that contain the query parameter tls-psk-file, as part of rewriting the tests to cover more of the URI code. So you can now have a URI like: nbds://alice@localhost/?tls-psk-file=keys.psk However there's an obvious security problem here because now