Displaying 20 results from an estimated 46 matches for "nbdkit_peer_name".
2019 Sep 15
0
[PATCH nbdkit 3/4] server: Add nbdkit_peer_name() to return the client address.
...r improvements
name(s) that a plugin might want to support. Probably we should
deprecate the -e option entirely since it does nothing useful.
+* Add plugin "connect" method. This would be called on a connection
+ before handshaking or TLS negotiation, and could be used (with
+ nbdkit_peer_name) to accept or reject connections based on IP
+ address, rather like a poor man's TCP wrappers. See also commit
+ c05686f9577f.
+
Suggestions for plugins
-----------------------
diff --git a/docs/nbdkit-plugin.pod b/docs/nbdkit-plugin.pod
index 39fa643..70d2d64 100644
--- a/docs/nbdkit-pl...
2020 Oct 03
0
[PATCH nbdkit v2 1/3] server: Add new APIs for reading the client’s SO_PEERCRED.
...@ -656,9 +656,10 @@ B<not> been negotiated at this point.
For security reasons (to avoid denial of service attacks) this
callback should be written to be as fast and take as few resources as
possible. If you use this callback, only use it to do basic access
-control, such as checking C<nbdkit_peer_name> against a list of
-permitted IP addresses (see L</PEER NAME> and L<nbdkit-ip-filter(1)>).
-It may be better to do access control outside the server, for example
+control, such as checking C<nbdkit_peer_name>, C<nbdkit_peer_pid>,
+C<nbdkit_peer_uid>, C<nbdkit_pee...
2019 Sep 18
1
[PATCH nbdkit] server: Remove useless thread local sockaddr.
...no reason because it was never used anywhere. Since
we were only allocating a ‘struct sockaddr’ (rather than a ‘struct
sockaddr_storage’) it's likely that some peer addresses would have
been truncated.
Remove all this code, it had no effect.
Plugins that want to get the peer address can use nbdkit_peer_name()
which was added in commit 03a2cc3d766e and doesn't suffer from the
above truncation problem.
(I considered an alternative where we use the saved address to answer
nbdkit_peer_name but since that call will in general be used very
rarely it doesn't make sense to do the extra work for all c...
2020 Mar 26
0
[PATCH nbdkit 5/9 patch split 5/5] server: Indirect slow path, non-self-contained functions through the server.
...d *threadlocal_buffer (size_t size);
extern void threadlocal_set_conn (struct connection *conn);
extern struct connection *threadlocal_get_conn (void);
+/* public.c */
+extern int do_nbdkit_nanosleep (unsigned sec, unsigned nsec);
+extern const char *do_nbdkit_export_name (void);
+extern int do_nbdkit_peer_name (struct sockaddr *addr, socklen_t *addrlen);
+
/* Macro which sets local variable struct connection *conn from
* thread-local storage, asserting that it is non-NULL. If you want
* to check if conn could be NULL (eg. outside a connection context)
diff --git a/server/main.c b/server/main.c
inde...
2020 Mar 22
2
Re: nbdkit / mingw support
...st MSVC runtime, and I don't want to bind users to MSYS2.
Now this causes a potential ABI incompatibility: MSYS2 socket definitions
are provided by sys/socket.h, but mingw-64 / MSVC socket definitions are
usually provided by winsock.h or winsock2.h. To prevent possible issues,
I removed nbdkit_peer_name. This function is not defined in the include
headers if Windows is detected, so it will cause a compile time error if
someone attempts to use it.
On Sat, Mar 21, 2020 at 1:20 PM Richard W.M. Jones <rjones@redhat.com>
wrote:
> On Sat, Mar 21, 2020 at 12:06:15PM +0000, Richard W.M. Jo...
2020 Oct 03
2
[PATCH nbdkit 0/2] ip: Add filtering by process ID, user ID and group ID.
These two commits add new APIs and enhance nbdkit-ip-filter to allow
filtering of Unix domain sockets by the client's PID, UID or GID. eg:
nbdkit -U sock --filter=ip ... allow=uid:`id -u` deny=all
Rich.
2020 Mar 24
2
Re: nbdkit / mingw support
On 3/24/20 3:12 PM, Eric Blake wrote:
>> (For non-mingw platforms) this breaks the source API promises rather
>> seriously, so if I understand your proposal correctly I don't think
>> this is a good idea. It's possibly something we can consider for
>> internal plugins, or for the V3 API.
>
> How does it break API to request that someone link against a
2020 Mar 25
2
Re: nbdkit / mingw support
...nt libnbdkit.so. Some functions
> are obviously self-contained (eg. nbdkit_parse_*, nbdkit_realpath,
> nbdkit_debug, nbdkit_error, nbdkit_*extents).
>
> Unfortunately some functions depend themselves on internals
> of the server:
>
> * nbdkit_nanosleep, nbdkit_export_name, nbdkit_peer_name call
> threadlocal_get_conn
> * nbdkit_set_error calls threadlocal_set_error
> * nbdkit_shutdown must set the quit global (or call a server function)
Yeah, there's some awkward dependencies to figure out. It's obvious the
library has to export public nbdkit_* interfaces f...
2020 Mar 23
0
[PATCH nbdkit 2/3] server: Inject API functions for Windows
From: Yifan Gu <gyf304@gmail.com>
Windows PE DLL needs function indirection, this patch injects API
functions for plugins / filters if on Windows.
Note that nbdkit_peer_name is explicitly disabled due to potential ABI
incompatibilities.
---
server/main.c | 73 +++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 73 insertions(+)
diff --git a/server/main.c b/server/main.c
index b303146c..373918cf 100644
--- a/server/main.c
+++ b/server/main.c
@@ -104,6...
2020 Mar 25
0
Re: nbdkit / mingw support
...had a look into how we might implement libnbdkit.so. Some functions
are obviously self-contained (eg. nbdkit_parse_*, nbdkit_realpath,
nbdkit_debug, nbdkit_error, nbdkit_*extents).
Unfortunately some functions depend themselves on internals
of the server:
* nbdkit_nanosleep, nbdkit_export_name, nbdkit_peer_name call
threadlocal_get_conn
* nbdkit_set_error calls threadlocal_set_error
* nbdkit_shutdown must set the quit global (or call a server function)
I guess we can deal with the first ones by moving threadlocal.c into
the same library, although it's a bit awkward. The quit flag is still
more...
2020 Mar 21
4
nbdkit / mingw support
Eric:
Yifan Gu has posted a few patches for mingw support. My comments
below.
https://github.com/gyf304/nbdkit/commit/a37c4ca6546dfc4e96e305af97b62e5a9d6174ca
* I think the SHARED_LDFLAGS idea is good. I pushed a slightly
different take on the idea here:
https://github.com/libguestfs/nbdkit/commit/1d634009ab8e43592065ec469df6312400525cc8
It's slightly different from what Yifan
2019 Sep 15
13
[PATCH nbdkit 0/4] Reflection plugin, peer name.
...uld push these
without review, but in this particular case there's a specific danger
that sending back data under control of the client might lead to a
security problem. I _believe_ I have avoided that pitfall, but my
belief isn't as good as having experts review it :-)
The new feature is nbdkit_peer_name() which returns the sockaddr of
the peer. It's essentially a wrapper around getpeername(2). This
would allow several features to be implemented in future:
- Plugins could accept or reject connections based on IP address.
- Plugins could change content based on client. (The fourth patch i...
2020 Oct 05
4
[PATCH nbdkit v3 0/4] ip: Add filtering by process ID, user ID and group ID.
v2 was here:
https://www.redhat.com/archives/libguestfs/2020-October/msg00019.html
v3:
* defence -> defense
* Use int64_t instead of int. This compiles on Windows.
* Add GC wrappers to OCaml bindings.
* New FreeBSD patch.
* Removed "pid:" example from the ip filter manual, and added a warning
beside the pid documentation.
Rich.
2020 Oct 03
7
[PATCH nbdkit v2 0/3] ip: Add filtering by process ID, user ID and group ID.
This is just a simple update to:
https://www.redhat.com/archives/libguestfs/2020-October/msg00015.html
rebased on top of current nbdkit master because I pushed a few simple
refactorings.
Rich.
2020 Aug 18
0
[PATCH nbdkit 8/9] include: Prefix all exports with NBDKIT_DLLEXPORT.
...t, const char *str,
- uint64_t *r);
-extern int nbdkit_stdio_safe (void);
-extern int nbdkit_read_password (const char *value, char **password);
-extern char *nbdkit_realpath (const char *path);
-extern int nbdkit_nanosleep (unsigned sec, unsigned nsec);
-extern int nbdkit_peer_name (struct sockaddr *addr, socklen_t *addrlen);
-extern void nbdkit_shutdown (void);
+extern NBDKIT_DLLEXPORT char *nbdkit_absolute_path (const char *path);
+extern NBDKIT_DLLEXPORT int64_t nbdkit_parse_size (const char *str);
+extern NBDKIT_DLLEXPORT int nbdkit_parse_bool (const char *str);
+extern N...
2020 Mar 23
6
[PATCH nbdkit 0/3] msys2 support for review
I pushed a few of the msys2 patches upstream. I changed the way that
$(SHARED_LDFLAGS) works so it's more to my liking, and the others were
pushed unchanged. Three patches remain which I'm posting on the
mailing list for proper review.
Rich.
2020 Apr 15
2
Re: [PATCH nbdkit 9/9] eval, sh: Define $nbdkit_safe_stdio = 0|1 in scripts.
On 4/15/20 11:16 AM, Richard W.M. Jones wrote:
In the subject, you describe $nbdkit_safe_stdio, but in the patch body...
> ---
> plugins/eval/nbdkit-eval-plugin.pod | 11 +++--------
> plugins/sh/nbdkit-sh-plugin.pod | 18 +++++++++++++++++-
> plugins/sh/call.c | 8 ++++++--
> tests/test-single-sh.sh | 4 ++++
> 4 files changed, 30
2020 Mar 23
0
[PATCH nbdkit 1/3] include: Function indirection for PE DLL
...NBDKIT_INTERNAL) || !defined(WINDOWS_COMPAT)
extern void nbdkit_error (const char *msg, ...) ATTRIBUTE_FORMAT_PRINTF (1, 2);
extern void nbdkit_verror (const char *msg, va_list args)
ATTRIBUTE_FORMAT_PRINTF (1, 0);
@@ -113,9 +118,133 @@ extern const char *nbdkit_export_name (void);
extern int nbdkit_peer_name (struct sockaddr *addr, socklen_t *addrlen);
extern void nbdkit_shutdown (void);
-struct nbdkit_extents;
extern int nbdkit_add_extent (struct nbdkit_extents *,
uint64_t offset, uint64_t length, uint32_t type);
+#else
+static void nbdkit_error (const char *msg, ......
2020 Feb 11
0
[PATCH nbdkit 1/3] server: Add GET_CONN macro, alias for threadlocal_get_conn ().
...(unsigned sec, unsigned nsec)
const char *
nbdkit_export_name (void)
{
- struct connection *conn = threadlocal_get_conn ();
+ struct connection *conn = GET_CONN;
if (!conn) {
nbdkit_error ("no connection in this thread");
@@ -608,7 +608,7 @@ nbdkit_export_name (void)
int
nbdkit_peer_name (struct sockaddr *addr, socklen_t *addrlen)
{
- struct connection *conn = threadlocal_get_conn ();
+ struct connection *conn = GET_CONN;
int s;
if (!conn) {
--
2.25.0
2020 Mar 21
0
Re: nbdkit / mingw support
...888fbb8ccf33f0975a070df0d8e3d929b71f8
>
> * Is there no way to get the socket peer on Windows?
And assuming there's no way to get the socket peer, then the function
shouldn't be NULL (which will cause a segfault), but instead you
should make the function return an error. eg:
int
nbdkit_peer_name (struct sockaddr *addr, socklen_t *addrlen)
{
+#ifndef WINDOWS
[... existing code unchanged ...]
+#else
+ nbdkit_error ("returning peer name is not supported on Windows");
+ return -1;
+#endif
}
If the problem is that msys doesn't have struct sockaddr or socklen_t,
then I gues...