Displaying 20 results from an estimated 26 matches for "set_tls".
2020 Sep 07
4
[libnbd PATCH v2 0/3] Improve type-safety of ocaml/golang getters
Well, the golang changes (patch 1 and 2/3 of v1) were already
committed, all that was left was the OCaml changes. I'm a lot happier
with how things turned out with an UNKNOWN constructor in the OCaml
variants.
Eric Blake (3):
tests: Enhance coverage of enum/flag range checking
ocaml: Support unknown values for Enum/Flags
ocaml: Typesafe returns for REnum/RFlags
generator/OCaml.ml
2019 Sep 05
1
Re: [PATCH libnbd] generator: Move first_version fields to a single table.
...(1, 0);
> + "set_debug_callback", (1, 0);
> + "clear_debug_callback", (1, 0);
> + "set_handle_name", (1, 0);
> + "get_handle_name", (1, 0);
> + "set_export_name", (1, 0);
> + "get_export_name", (1, 0);
> + "set_tls", (1, 0);
> + "get_tls", (1, 0);
> + "set_tls_certificates", (1, 0);
> + (*"get_tls_certificates", (1, 0);*)
If we ever do implement this (and any other commented out for various
reasons), it won't be a 1.0 version...
> +
> + (* Added in 1...
2019 Sep 05
3
[PATCH libnbd] generator: Move first_version fields to a single table.
This doesn't include Eric's new APIs, but if you push those
then I can rebase this one on top.
Rich.
2019 Sep 16
2
[LIBNBD SECURITY PATCH 0/1] NBD Protocol Downgrade Attack in libnbd
...Reported: 2019-09-14 Fixed: 2019-09-16 Published: 2019-09-16
There is no CVE number assigned for this issue yet, but the bug is
being categorized and processed by Red Hat's security team which may
result in a CVE being published later.
Description
-----------
Libnbd includes the method nbd_set_tls(h, LIBNBD_TLS_REQUIRE) which is
documented to let a client refuse to connect to a server that is not
using TLS encryption. However, if the server uses the oldstyle
protocol, a flaw in libnbd meant that the client would proceed with an
unencrypted connection without warning.
An attacker, perhaps ac...
2016 Aug 30
1
UPS shutdown
...LY) = 3
fstat(3, {st_mode=S_IFREG|0755, st_size=614076, ...}) = 0
close(3) = 0
stat("/lib/ld-uClibc.so.0", {st_mode=S_IFREG|0755, st_size=25412, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS|0x4000000, -1, 0) = 0x76f86000
set_tls(0x76f86320, 0x76f869c0, 0x76f869c8, 0x76f86320, 0x76f88f7c) = 0
mprotect(0x76f79000, 4096, PROT_READ) = 0
mprotect(0x76f65000, 4096, PROT_READ) = 0
mprotect(0x76f46000, 4096, PROT_READ) = 0
mprotect(0x76ea8000, 4096, PROT_READ) = 0
mprotect(0x76f88000, 4096, PROT_READ) = 0
set_tid_address...
2019 Jun 27
1
[libnbd PATCH] python: Fix bindings for Path parameters
...erver over
a Unix socket (using a pending patch on the qemu list), coupled with
a python connection to that socket:
$ ~/qemu/qemu-nbd -r -k /tmp/nbdsock --object \
tls-creds-psk,id=tls0,endpoint=server,dir=/home/eblake/libnbd/tests \
--tls-creds tls0 -f raw -x / tmpfile
$ ./run nbdsh
nbd> h.set_tls_psk_file('tests/keys.psk')
nbd> h.set_tls(2)
nbd> h.set_export_name('/')
nbd> h.connect_unix('/tmp/nbdsock')
instead of getting a segfault.
---
generator/generator | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/generator/generato...
2020 Sep 05
1
Re: libnbd completion callback question
...al _other_ bugs, now fixed: Python.ml
was mapping Bool incorrectly (so that
h.set_request_structured_replies(False) was often setting things to true
instead); which warranted testsuite coverage of functions previously
uncalled under Python or Ocaml testsuites, and flushed out bugs in ocaml
NBD.set_tls and NBD.set_handshake_flags.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
2019 Sep 05
0
[PATCH libnbd] generator: Move first_version fields to a single table.
...(1, 0);
+ "get_debug", (1, 0);
+ "set_debug_callback", (1, 0);
+ "clear_debug_callback", (1, 0);
+ "set_handle_name", (1, 0);
+ "get_handle_name", (1, 0);
+ "set_export_name", (1, 0);
+ "get_export_name", (1, 0);
+ "set_tls", (1, 0);
+ "get_tls", (1, 0);
+ "set_tls_certificates", (1, 0);
+ (*"get_tls_certificates", (1, 0);*)
+ "set_tls_verify_peer", (1, 0);
+ "get_tls_verify_peer", (1, 0);
+ "set_tls_username", (1, 0);
+ "get_tls_username&quo...
2020 Aug 08
1
Re: [nbdkit PATCH 3/3] tlsdummy: New filter
...-c '
+import os
+h.set_export_name ("hello")
+h.connect_unix (os.environ["sock"])
+assert h.get_size () == 512
+assert h.pread (5, 0) == b"dummy"
+'
+
+# Encrypted client sees desired volumes
+nbdsh -c '
+import os
+h.set_export_name ("hello")
+h.set_tls (nbd.TLS_REQUIRE)
+h.set_tls_psk_file ("keys.psk")
+h.set_tls_username ("qemu")
+h.connect_unix (os.environ["sock"])
+assert h.get_size () == 6
+assert h.pread (5, 0) == b"hello"
+'
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-...
2020 Sep 06
0
[libnbd PATCH 3/3] ocaml: Typesafe returns for REnum/RFlags
...alse)
diff --git a/ocaml/tests/test_120_set_non_defaults.ml b/ocaml/tests/test_120_set_non_defaults.ml
index bd41e37..df3d479 100644
--- a/ocaml/tests/test_120_set_non_defaults.ml
+++ b/ocaml/tests/test_120_set_non_defaults.ml
@@ -28,14 +28,14 @@ let () =
if NBD.supports_tls nbd then (
NBD.set_tls nbd NBD.TLS.ALLOW;
let tls = NBD.get_tls nbd in
- assert (tls = 1); (* XXX Add REnum *)
+ assert (tls = NBD.TLS.ALLOW);
);
NBD.set_request_structured_replies nbd false;
let sr = NBD.get_request_structured_replies nbd in
assert (sr = false);
NBD.set_handshake_flags nbd [];...
2020 Sep 07
0
[libnbd PATCH v2 3/3] ocaml: Typesafe returns for REnum/RFlags
...efaults.ml
+++ b/ocaml/tests/test_120_set_non_defaults.ml
@@ -31,11 +31,11 @@ let () =
with
NBD.Error _ -> ();
let tls = NBD.get_tls nbd in
- assert (tls = 0); (* XXX Add REnum, to get NBD.TLS.DISABLE? *)
+ assert (tls = NBD.TLS.DISABLE);
if NBD.supports_tls nbd then (
NBD.set_tls nbd NBD.TLS.ALLOW;
let tls = NBD.get_tls nbd in
- assert (tls = 1); (* XXX Add REnum *)
+ assert (tls = NBD.TLS.ALLOW);
);
NBD.set_request_structured_replies nbd false;
let sr = NBD.get_request_structured_replies nbd in
@@ -46,10 +46,11 @@ let () =
with
NBD.Error _ ->...
2020 Sep 05
2
libnbd completion callback question
I noticed while reading the code that we have a documentation hole that
may cause memory leaks for clients that are unaware, in relation to
completion callbacks.
The situation arises as follows: for all commands with a completion
callback, I checked that the code has clean semantics: either
nbd_aio_FOO() returns -1 and we never call the callback cleanup, or
nbd_aio_FOO() returns a cookie and
2019 Aug 10
0
[PATCH libnbd 3/9] generator: Add Enum type for enumerated types / unions.
Previously nbd_set_tls had an integer argument which was 0 for
disable, 1 for allow and 2 for require. This commit adds a proper
enumerated type to describe this, defining LIBNBD_TLS_DISABLE = 0,
LIBNBD_TLS_ALLOW = 1 and LIBNBD_TLS_REQUIRE = 2. (Note the C API
doesn't change).
In C the enumerated type is still def...
2015 Jan 03
2
Samba4 Kerberos kinit does not resolve kdc hostname
...8, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6bea000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f34000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f33000
set_tls(0xb6f334c0, 0xb6f33bb8, 0xb6f3b048, 0xb6f334c0, 0xb6f3b048) = 0
mprotect(0xb6be8000, 4096, PROT_READ) = 0
mprotect(0xb6d3e000, 8192, PROT_READ) = 0
mprotect(0xb6d4d000, 4096, PROT_READ) = 0
mprotect(0xb6d5f000, 4096, PROT_READ) = 0
mprotect(0xb6d6c000, 4096, PROT_READ) = 0
mprotect(0xb6d7...
2015 Jan 03
2
Samba4 Kerberos kinit does not resolve kdc hostname
...MOUS, -1, 0) = 0xb6bea000
>> close(3) = 0
>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
>> -1, 0) = 0xb6f34000
>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
>> -1, 0) = 0xb6f33000
>> set_tls(0xb6f334c0, 0xb6f33bb8, 0xb6f3b048, 0xb6f334c0, 0xb6f3b048) = 0
>> mprotect(0xb6be8000, 4096, PROT_READ) = 0
>> mprotect(0xb6d3e000, 8192, PROT_READ) = 0
>> mprotect(0xb6d4d000, 4096, PROT_READ) = 0
>> mprotect(0xb6d5f000, 4096, PROT_READ) = 0
>> mprotect(0xb6d...
2015 Jan 03
1
Samba4 Kerberos kinit does not resolve kdc hostname
...(3) = 0
>>>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
>>>> -1, 0) = 0xb6f34000
>>>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
>>>> -1, 0) = 0xb6f33000
>>>> set_tls(0xb6f334c0, 0xb6f33bb8, 0xb6f3b048, 0xb6f334c0, 0xb6f3b048)
>>>> = 0
>>>> mprotect(0xb6be8000, 4096, PROT_READ) = 0
>>>> mprotect(0xb6d3e000, 8192, PROT_READ) = 0
>>>> mprotect(0xb6d4d000, 4096, PROT_READ) = 0
>>>> mprotect(0xb6d5f0...
2015 Jan 03
0
Samba4 Kerberos kinit does not resolve kdc hostname
...VATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6bea000
> close(3) = 0
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb6f34000
> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
> 0) = 0xb6f33000
> set_tls(0xb6f334c0, 0xb6f33bb8, 0xb6f3b048, 0xb6f334c0, 0xb6f3b048) = 0
> mprotect(0xb6be8000, 4096, PROT_READ) = 0
> mprotect(0xb6d3e000, 8192, PROT_READ) = 0
> mprotect(0xb6d4d000, 4096, PROT_READ) = 0
> mprotect(0xb6d5f000, 4096, PROT_READ) = 0
> mprotect(0xb6d6c000, 4096, PROT_RE...
2015 Jan 03
0
Samba4 Kerberos kinit does not resolve kdc hostname
...0
>>> close(3) = 0
>>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
>>> -1, 0) = 0xb6f34000
>>> mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
>>> -1, 0) = 0xb6f33000
>>> set_tls(0xb6f334c0, 0xb6f33bb8, 0xb6f3b048, 0xb6f334c0, 0xb6f3b048) = 0
>>> mprotect(0xb6be8000, 4096, PROT_READ) = 0
>>> mprotect(0xb6d3e000, 8192, PROT_READ) = 0
>>> mprotect(0xb6d4d000, 4096, PROT_READ) = 0
>>> mprotect(0xb6d5f000, 4096, PROT_READ) = 0
>>...
2020 Sep 06
8
[libnbd PATCH 0/3] Improve type-safety of ocaml/golang getters
Natural fallout after my recent testsuite additions that fixed a
couple of ocaml bugs in the setters. However, on at least the OCaml
code, I'm not sure what we should do if a newer libnbd ever returns a
bit that an older NBD.mli was not expecting at the time the OCaml
compiler ran (see below). I'm also not sure if there is a more
efficient way to avoid outputting Val_FOO() converters for
2020 Aug 14
18
[libnbd PATCH v2 00/13] Adding nbd_set_opt_mode to improve nbdinfo
Well, I'm not quite done (I still want to get nbdinfo to work on a
single nbd connection for all cases when reading the heads of the
file is not required), but I'm happy with patches 1-11, and 12-13
show where I'm headed for getting NBD_OPT_INFO to work. Posting
now to see if some of the earlier patches are ready to commit while
I continue working on the latter half.
Eric Blake (13):