Displaying 5 results from an estimated 5 matches for "nbd_unlocked_set_tls_psk_fil".
Did you mean:
nbd_unlocked_set_tls_psk_file
2019 Oct 20
0
[PATCH libnbd] api: Allow NBD URIs to be restricted.
...socket") == 0)
@@ -239,9 +257,16 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri)
/* Look for some tls-* parameters. XXX More to come. */
for (i = 0; i < nqueries; i++) {
- if (strcmp (queries[i].name, "tls-psk-file") == 0 &&
- nbd_unlocked_set_tls_psk_file (h, queries[i].value) == -1)
- goto cleanup;
+ if (strcmp (queries[i].name, "tls-psk-file") == 0) {
+ if (! h->uri_allow_local_file) {
+ set_error (EPERM,
+ "local file access (tls-psk-file) is not allowed, "
+ "ca...
2019 Oct 20
2
[PATCH libnbd] api: Allow NBD URIs to be restricted.
Previous discussion:
https://www.redhat.com/archives/libguestfs/2019-August/msg00102.html
Last night I experimentally added support for URIs that contain the
query parameter tls-psk-file, as part of rewriting the tests to cover
more of the URI code. So you can now have a URI like:
nbds://alice@localhost/?tls-psk-file=keys.psk
However there's an obvious security problem here because now
2019 Jun 03
0
[PATCH libnbd discussion only 3/5] lib: Pass handle to socket recv and send calls.
...ops->send (h, h->sock, h->wbuf, h->wlen);
if (r == -1) {
if (errno == EAGAIN || errno == EWOULDBLOCK)
return 1; /* more data */
diff --git a/lib/crypto.c b/lib/crypto.c
index c437788..aba2e27 100644
--- a/lib/crypto.c
+++ b/lib/crypto.c
@@ -145,7 +145,7 @@ nbd_unlocked_set_tls_psk_file (struct nbd_handle *h, const char *filename)
#ifdef HAVE_GNUTLS
static ssize_t
-tls_recv (struct socket *sock, void *buf, size_t len)
+tls_recv (struct nbd_handle *h, struct socket *sock, void *buf, size_t len)
{
ssize_t r;
@@ -163,7 +163,8 @@ tls_recv (struct socket *sock, void *buf, si...
2020 Oct 27
6
[PATCH libnbd 0/5] info: --map: Coalesce adjacent extents of the same type.
This adds coalescing of adjacent extents of the same type, as
mentioned by Eric Blake in the commit message here:
https://github.com/libguestfs/libnbd/commit/46072f6611f80245846a445766da071e457b00cd
The patch series is rather long because it detours through adding the
<vector.h> library from nbdkit into libnbd and replacing ad hoc uses
of realloc, char ** etc in various places.
Rich.
2019 Jun 03
10
[PATCH libnbd discussion only 0/5] api: Implement concurrent writer.
This works, but there's no time saving and I'm still investigating
whether it does what I think it does. Nevertheless I thought I would
post it because it (probably) implements the idea I had last night
outlined in:
https://www.redhat.com/archives/libguestfs/2019-June/msg00010.html
The meat of the change is patch 4. Patch 5 is an example which I
would probably fold into patch 4 for