search for: nbdkit_read_password

...r/public.c b/server/public.c index 9a3aa31..418945f 100644 --- a/server/public.c +++ b/server/public.c @@ -405,6 +405,8 @@ nbdkit_parse_bool (const char *str) } /* Read a password from configuration value. */ +static int read_password_from_fd (const char *what, int fd, char **password); + int nbdkit_read_password (const char *value, char **password) { @@ -412,7 +414,6 @@ nbdkit_read_password (const char *value, char **password) struct termios orig, temp; ssize_t r; size_t n; - FILE *fp; *password = NULL; @@ -448,6 +449,16 @@ nbdkit_read_password (const char *value, char **password)...

...rd from %s: %m", what); > + return -1; > + } > + > + if (*password && r > 0 && (*password)[r-1] == '\n') > + (*password)[r-1] = '\0'; > + > + return 0; > +} > + > +++ b/server/test-public.c > @@ -335,6 +335,8 @@ test_nbdkit_read_password (void) > { > bool pass = true; > char template[] = "+/tmp/nbdkit_testpw_XXXXXX"; > + char template2[] = "/tmp/nbdkit_testpw2_XXXXXX"; > + char fdbuf[16]; > char *pw = template; > int fd; > > @@ -391,6 +393,35 @@ test_nbdkit_read_...

Trying to read a password or inline script from stdin when the -s option was used to connect to our client over stdin is not going to work. It would be nice to fail such usage as soon as possible, by giving plugins a means to decide if it is safe to use stdio during .config. Update nbdkit_read_password and the sh plugin to take advantage of the new entry point. Signed-off-by: Eric Blake <eblake@redhat.com> --- docs/nbdkit-plugin.pod | 23 ++++++++++++++++++++++- plugins/sh/nbdkit-sh-plugin.pod | 4 +++- include/nbdkit-common.h | 1 + server/nbdkit.syms | 1...

Trying to read a password or inline script from stdin when the -s option was used to connect to our client over stdin is not going to work. It would be nice to fail such usage as soon as possible, by giving plugins a means to decide if it is safe to use stdio during .config. Update nbdkit_read_password and the sh plugin to take advantage of the new entry point. Also, treat 'nbdkit -s --dump-plugin' as an error, as .dump_plugin is supposed to interact with stdout. Signed-off-by: Eric Blake <eblake@redhat.com> --- docs/nbdkit-plugin.pod | 23 ++++++++++++++++++++++- plugin...

...here it currently waits for a full delay to expire before exiting. (Nothing like finding several other pre-requisite bugs to fix first before getting to my real goal...) Eric Blake (8): rate: Pass through delay failures server: Don't leave uninit variable on failure server: Add test for nbdkit_read_password Revert "RHEL 5: Define O_CLOEXEC and SOCK_CLOEXEC." cow, cache: Better mkostemp fallback server: Atomically set CLOEXEC on all fds filters: Set CLOEXEC on files opened during .config rate: Atomically set CLOEXEC on fds server/internal.h | 8 ---- filters/cache/blk...

...kit-common.h index 5e69579..693213f 100644 --- a/include/nbdkit-common.h +++ b/include/nbdkit-common.h @@ -60,6 +60,7 @@ extern void nbdkit_vdebug (const char *msg, va_list args); extern char *nbdkit_absolute_path (const char *path); extern int64_t nbdkit_parse_size (const char *str); extern int nbdkit_read_password (const char *value, char **password); +extern char *nbdkit_realpath (const char *path); #ifdef __cplusplus } diff --git a/plugins/example2/example2.c b/plugins/example2/example2.c index 5bc4f94..a2d6fca 100644 --- a/plugins/example2/example2.c +++ b/plugins/example2/example2.c @@ -78,7 +78,7 @@...

...ipt). I wonder if we want to say "returns 1" rather than true, to give ourselves wiggle room in future in case we suddenly decided that we needed this to return an error indication? On the other hand, maybe errors can never happen in any conceivable situation. > @@ -455,6 +467,10 @@ nbdkit_read_password (const char *value, char **password) > > if (nbdkit_parse_int ("password file descriptor", &value[1], &fd) == -1) > return -1; > + if (!nbdkit_stdio_safe () && fd < STDERR_FILENO) { I think this could be clearer written the other way around:...

...kit-common.h index acf0abd..aac63fb 100644 --- a/include/nbdkit-common.h +++ b/include/nbdkit-common.h @@ -40,6 +40,7 @@ #include <stdarg.h> #include <stdint.h> #include <errno.h> +#include <sys/socket.h> #include <nbdkit-version.h> @@ -87,6 +88,7 @@ extern int nbdkit_read_password (const char *value, char **password); extern char *nbdkit_realpath (const char *path); extern int nbdkit_nanosleep (unsigned sec, unsigned nsec); extern const char *nbdkit_export_name (void); +extern int nbdkit_peer_name (struct sockaddr *addr, socklen_t *addrlen); struct nbdkit_extents; ext...

In v2: - use int instead of bool in the public header - split the tests from the code - don't overload test-layers; instead, add new tests - add a missing fflush exposed by the new tests - other minor cleanups Eric Blake (3): server: Add nbdkit_stdio_safe server: Sanitize stdin/out before running plugin code server: More tests of stdin/out handling docs/nbdkit-plugin.pod |

https://bugzilla.redhat.com/show_bug.cgi?id=1842440 Patches 1 and 2 address fairly obvious bugs in how we handle reading passwords from stdin. There are other ways we may consider fixing these bugs: - Should password=- always open /dev/tty and ignore stdin entirely? - Should we make password=-0/-1/-2 work by skipping the close? Or perhaps reopen the file descriptors on /dev/null after

This is what I've been playing with in response to my earlier question about what to do with 'nbdkit -s sh -' (https://www.redhat.com/archives/libguestfs/2020-April/msg00032.html) I'm still open to ideas on a better name, and/or whether adding <stdbool.h> to our public include files is a good idea (if not, returning int instead of bool is tolerable). Eric Blake (2):

...bae 100644 --- a/server/public.c +++ b/server/public.c @@ -413,53 +413,18 @@ nbdkit_stdio_safe (void) } /* Read a password from configuration value. */ +static int read_password_interactive (char **password); static int read_password_from_fd (const char *what, int fd, char **password); int nbdkit_read_password (const char *value, char **password) { - int tty, err; - struct termios orig, temp; - ssize_t r; - size_t n; - *password = NULL; - /* Read from stdin. */ + /* Read from stdin interactively. */ if (strcmp (value, "-") == 0) { - if (!nbdkit_stdio_safe ()) { - nbdkit_e...

...tation of the latter. > > > > Apply it where an existing path is required, both in nbdkit itself and > > in plugins. > > > > Related to: https://bugzilla.redhat.com/show_bug.cgi?id=1527334 > > --- > > > +++ b/src/utils.c > > @@ -228,3 +228,22 @@ nbdkit_read_password (const char *value, char **password) > > > > return 0; > > } > > + > > +char * > > +nbdkit_realpath (const char *path) > > +{ > > + char *ret; > > + > > + if (path == NULL || *path == '\0') { > > + nbdkit_error...

...uint32_t *r); -extern int nbdkit_parse_int64_t (const char *what, const char *str, - int64_t *r); -extern int nbdkit_parse_uint64_t (const char *what, const char *str, - uint64_t *r); -extern int nbdkit_stdio_safe (void); -extern int nbdkit_read_password (const char *value, char **password); -extern char *nbdkit_realpath (const char *path); -extern int nbdkit_nanosleep (unsigned sec, unsigned nsec); -extern int nbdkit_peer_name (struct sockaddr *addr, socklen_t *addrlen); -extern void nbdkit_shutdown (void); +extern NBDKIT_DLLEXPORT char *nbdkit_ab...

Hi, this is the v3 of my series for nbdkit_realpath; this series adds an extra documentation update to nbdkit_absolute_path, documenting when it can only be used, and then adds nbdkit_realpath. Thanks, Pino Toscano (2): docs: improve documentation of nbdkit_absolute_path plugin: add and use nbdkit_realpath docs/nbdkit-plugin.pod | 24 +++++++++++++++++++++++- include/nbdkit-common.h

v2 turned out to be much more involved, as I ended up fixing several things along the way that I noticed while debugging a feature addition. Eric Blake (5): maint: Improve ./nbdkit option parsing main: Saner newline printing during --help utils: Add nbdkit_parse_bool main: Use new bool parser for --tls log: Allow user option of appending to log docs/nbdkit-plugin.pod | 11

...") works diff --git a/include/nbdkit-common.h b/include/nbdkit-common.h index 5257d992..e004aa18 100644 --- a/include/nbdkit-common.h +++ b/include/nbdkit-common.h @@ -82,6 +82,7 @@ extern int64_t nbdkit_parse_size (const char *str); extern int nbdkit_parse_bool (const char *str); extern int nbdkit_read_password (const char *value, char **password); extern char *nbdkit_realpath (const char *path); +extern int nbdkit_nanosleep (unsigned sec, unsigned nsec); struct nbdkit_extents; extern int nbdkit_add_extent (struct nbdkit_extents *, diff --git a/filters/delay/delay.c b/filters/delay/delay.c index 498ab...

...kit-common.h index 5e69579..693213f 100644 --- a/include/nbdkit-common.h +++ b/include/nbdkit-common.h @@ -60,6 +60,7 @@ extern void nbdkit_vdebug (const char *msg, va_list args); extern char *nbdkit_absolute_path (const char *path); extern int64_t nbdkit_parse_size (const char *str); extern int nbdkit_read_password (const char *value, char **password); +extern char *nbdkit_realpath (const char *path); #ifdef __cplusplus } diff --git a/plugins/example2/example2.c b/plugins/example2/example2.c index 5bc4f94..a2d6fca 100644 --- a/plugins/example2/example2.c +++ b/plugins/example2/example2.c @@ -78,7 +78,7 @@...

...8_t; - nbdkit_parse_int16_t; - nbdkit_parse_int32_t; - nbdkit_parse_int64_t; - nbdkit_parse_int; - nbdkit_parse_size; - nbdkit_parse_uint8_t; - nbdkit_parse_uint16_t; - nbdkit_parse_uint32_t; - nbdkit_parse_uint64_t; - nbdkit_parse_unsigned; nbdkit_peer_name; - nbdkit_read_password; - nbdkit_realpath; nbdkit_set_error; nbdkit_shutdown; nbdkit_vdebug; nbdkit_verror; - + # -D server.* flags must be visible to nbdkit itself. nbdkit_debug_*; # Everything else is hidden. diff --git a/server/public.c b/server/public.c index 3fd11253..33d40688 100...

...STRICT LIABILITY, +# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT +# OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +# SUCH DAMAGE. + +# password=-FD was broken in the VDDK plugin in nbdkit 1.18 through +# 1.20.2. This was because the reexec code caused +# nbdkit_read_password to be called twice, second time with stdin +# reopened on /dev/null. Since we have now fixed this bug, this is a +# regression test. + +source ./functions.sh +set -e +set -x + +# Setting LD_LIBRARY_PATH breaks valgrind. +if [ "x$NBDKIT_VALGRIND" = "x1" ]; then + echo "$...