search for: raw_uri

Displaying 10 results from an estimated 10 matches for "raw_uri".

2019 Aug 10
0
[PATCH libnbd 9/9] FOR DISCUSSION ONLY: api: Add ‘allow’ parameter to nbd_connect_uri to control permitted URIs.
...ar *uri, uint32_t allow) { - if (nbd_unlocked_aio_connect_uri (h, uri) == -1) + if (nbd_unlocked_aio_connect_uri (h, uri, allow) == -1) return -1; return wait_until_connected (h); @@ -228,7 +229,8 @@ error: #endif int -nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri) +nbd_unlocked_aio_connect_uri (struct nbd_handle *h, + const char *raw_uri, uint32_t allow) { #ifdef HAVE_LIBXML2 xmlURIPtr uri = NULL; @@ -276,6 +278,31 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri) goto cleanup; } + /* If...
2019 Jun 26
5
[libnbd PATCH 0/2] Tighten URI parser
I'm not sure whether we want to go with just the first patch (reject nbd:unix:/path but still accept nbd:/path), or squash the two in order to go with the second (reject both abbreviated forms, and require scheme://...). Either way, though, nbdkit -U - --run '$nbd' will now error out rather than inadvertently connect over TCP to localhost:10809 instead of the intended Unix connection
2019 Aug 10
2
Re: [PATCH libnbd 9/9] FOR DISCUSSION ONLY: api: Add ‘allow’ parameter to nbd_connect_uri to control permitted URIs.
...compiled. Later features added to libnbd > +will not be allowed unless you recompile your program. This probably needs to call more attention to the fact that all flags means encryption will be required. > @@ -276,6 +278,31 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri) > goto cleanup; > } > > + /* If the user specified the REQUIRE_TLS flag, we assume they must > + * also mean to ALLOW_TLS. > + */ > + if ((allow & LIBNBD_CONNECT_URI_REQUIRE_TLS) != 0) > + allow |= LIBNBD_CONNECT_URI_ALLOW_TLS; > + > + /* Check...
2019 Oct 20
0
[PATCH libnbd] api: Allow NBD URIs to be restricted.
...s; + int uri_allow_tls; + bool uri_allow_local_file; + /* Global flags from the server. */ uint16_t gflags; diff --git a/lib/uri.c b/lib/uri.c index b3dfe7d..704641c 100644 --- a/lib/uri.c +++ b/lib/uri.c @@ -216,6 +216,24 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri) goto cleanup; } + /* Check the transport is allowed. */ + if ((transport == tcp && + (h->uri_allow_transports & LIBNBD_ALLOW_TRANSPORT_TCP) == 0) || + (transport == unix_sock && + (h->uri_allow_transports & LIBNBD_ALLOW_TRANSPORT_UNIX) ==...
2019 Oct 20
2
[PATCH libnbd] api: Allow NBD URIs to be restricted.
Previous discussion: https://www.redhat.com/archives/libguestfs/2019-August/msg00102.html Last night I experimentally added support for URIs that contain the query parameter tls-psk-file, as part of rewriting the tests to cover more of the URI code. So you can now have a URI like: nbds://alice@localhost/?tls-psk-file=keys.psk However there's an obvious security problem here because now
2020 Oct 27
6
[PATCH libnbd 0/5] info: --map: Coalesce adjacent extents of the same type.
This adds coalescing of adjacent extents of the same type, as mentioned by Eric Blake in the commit message here: https://github.com/libguestfs/libnbd/commit/46072f6611f80245846a445766da071e457b00cd The patch series is rather long because it detours through adding the <vector.h> library from nbdkit into libnbd and replacing ad hoc uses of realloc, char ** etc in various places. Rich.
2019 Aug 10
0
[PATCH libnbd 4/9] api: Change nbd_set_tls (, 2) -> nbd_set_tls (, LIBNBD_TLS_REQUIRE).
...RE) == -1) { fprintf (stderr, "%s\n", nbd_get_error ()); exit (EXIT_FAILURE); } diff --git a/lib/connect.c b/lib/connect.c index 5e760c6..f98bcdb 100644 --- a/lib/connect.c +++ b/lib/connect.c @@ -292,7 +292,7 @@ nbd_unlocked_aio_connect_uri (struct nbd_handle *h, const char *raw_uri) } /* TLS */ - if (tls && nbd_unlocked_set_tls (h, 2) == -1) + if (tls && nbd_unlocked_set_tls (h, LIBNBD_TLS_REQUIRE) == -1) goto cleanup; /* XXX If uri->query_raw includes TLS parameters, we should call * nbd_unlocked_set_tls_* to match... diff --git a/tes...
2019 Aug 11
0
Re: [PATCH libnbd 9/9] FOR DISCUSSION ONLY: api: Add ‘allow’ parameter to nbd_connect_uri to control permitted URIs.
...this problem is that we leave it up to the caller to sort it out. We might offer some help such as some functions to parse fields out of NBD URIs, but leave the details of validating to them. > > /* Insist on the scheme://[authority][/absname][?queries] form. */ > > if (strncmp (raw_uri + strlen (uri->scheme), "://", 3)) { > > set_error (EINVAL, "URI must begin with '%s://'", uri->scheme); > > diff --git a/tests/aio-parallel-load.c b/tests/aio-parallel-load.c > > index 614c22b..16c2aa2 100644 > > --- a/tests/aio-parall...
2019 Aug 10
17
[PATCH libnbd 0/9] Add Enum and Flags types.
This largish series adds several new features to the generator. Enum maps to enumerated types (like enum in C). The only current use for this is replacing the nbd_set_tls (nbd, 0/1/2) parameter with LIBNBD_TLS_DISABLE, LIBNBD_TLS_ALLOW, LIBNBD_TLS_REQUIRE (and natural equivalents in other programming languages). Flags maps to any uint32_t bitmask. It is basically a non-optional, generalized
2010 Jul 30
0
Wine release 1.3.0
...floats. wined3d: Use the correct type in device_unit_free_for_vs. Sven Baars (3): kernel32: Update the Dutch translation. user32: Fix the Dutch translation. shdocvw: Add the Dutch translation. Thomas Mullaly (33): urlmon: Implemented functionality for retrieving the RAW_URI property of a IUri. include: Updated the URL_SCHEME enum. urlmon: Added a scheme name parser for the IUri interface. urlmon: Added a parser function to determine the scheme type of a URI. urlmon: Added a canonicalization function for the scheme of a URI. urlmon: Implem...